File manager - Edit - /home/matthif/www/wp-content/plugins/wordpress-seo/block-supports.tar
Back
aria-label.php 0000666 00000003113 15225166143 0007255 0 ustar 00 <?php /** * Aria label block support flag. * * @package WordPress * @since 6.8.0 */ /** * Registers the aria-label block attribute for block types that support it. * * @since 6.8.0 * @access private * * @param WP_Block_Type $block_type Block Type. */ function wp_register_aria_label_support( $block_type ) { $has_aria_label_support = block_has_support( $block_type, array( 'ariaLabel' ), false ); if ( ! $has_aria_label_support ) { return; } if ( ! $block_type->attributes ) { $block_type->attributes = array(); } if ( ! array_key_exists( 'ariaLabel', $block_type->attributes ) ) { $block_type->attributes['ariaLabel'] = array( 'type' => 'string', ); } } /** * Add the aria-label to the output. * * @since 6.8.0 * @access private * * @param WP_Block_Type $block_type Block Type. * @param array $block_attributes Block attributes. * * @return array Block aria-label. */ function wp_apply_aria_label_support( $block_type, $block_attributes ) { if ( ! $block_attributes ) { return array(); } $has_aria_label_support = block_has_support( $block_type, array( 'ariaLabel' ), false ); if ( ! $has_aria_label_support ) { return array(); } $has_aria_label = array_key_exists( 'ariaLabel', $block_attributes ); if ( ! $has_aria_label ) { return array(); } return array( 'aria-label' => $block_attributes['ariaLabel'] ); } // Register the block support. WP_Block_Supports::get_instance()->register( 'aria-label', array( 'register_attribute' => 'wp_register_aria_label_support', 'apply' => 'wp_apply_aria_label_support', ) ); block-visibility.php 0000666 00000001526 15225166143 0010551 0 ustar 00 <?php /** * Block visibility block support flag. * * @package WordPress * @since 6.9.0 */ /** * Render nothing if the block is hidden. * * @since 6.9.0 * @access private * * @param string $block_content Rendered block content. * @param array $block Block object. * @return string Filtered block content. */ function wp_render_block_visibility_support( $block_content, $block ) { $block_type = WP_Block_Type_Registry::get_instance()->get_registered( $block['blockName'] ); if ( ! $block_type || ! block_has_support( $block_type, 'visibility', true ) ) { return $block_content; } if ( isset( $block['attrs']['metadata']['blockVisibility'] ) && false === $block['attrs']['metadata']['blockVisibility'] ) { return ''; } return $block_content; } add_filter( 'render_block', 'wp_render_block_visibility_support', 10, 2 ); widgets.php 0000666 00000212731 15225166143 0006742 0 ustar 00 <?php /** * Core Widgets API * * This API is used for creating dynamic sidebar without hardcoding functionality into * themes. * * Includes both internal WordPress routines and theme-use routines. * * This functionality was found in a plugin before the WordPress 2.2 release, which * included it in the core from that point on. * * @link https://wordpress.org/documentation/article/manage-wordpress-widgets/ * @link https://developer.wordpress.org/themes/functionality/widgets/ * * @package WordPress * @subpackage Widgets * @since 2.2.0 */ // // Global Variables. // /** @ignore */ global $wp_registered_sidebars, $wp_registered_widgets, $wp_registered_widget_controls, $wp_registered_widget_updates; /** * Stores the sidebars, since many themes can have more than one. * * @since 2.2.0 * * @global array $wp_registered_sidebars The registered sidebars. */ $wp_registered_sidebars = array(); /** * Stores the registered widgets. * * @since 2.2.0 * * @global array $wp_registered_widgets The registered widgets. */ $wp_registered_widgets = array(); /** * Stores the registered widget controls (options). * * @since 2.2.0 * * @global array $wp_registered_widget_controls The registered widget controls. */ $wp_registered_widget_controls = array(); /** * Stores the registered widget updates. * * @since 2.8.0 * * @global array $wp_registered_widget_updates The registered widget updates. */ $wp_registered_widget_updates = array(); /** * Private * * @global array $_wp_sidebars_widgets */ $_wp_sidebars_widgets = array(); /** * Private * * @global array $_wp_deprecated_widgets_callbacks */ $GLOBALS['_wp_deprecated_widgets_callbacks'] = array( 'wp_widget_pages', 'wp_widget_pages_control', 'wp_widget_calendar', 'wp_widget_calendar_control', 'wp_widget_archives', 'wp_widget_archives_control', 'wp_widget_links', 'wp_widget_meta', 'wp_widget_meta_control', 'wp_widget_search', 'wp_widget_recent_entries', 'wp_widget_recent_entries_control', 'wp_widget_tag_cloud', 'wp_widget_tag_cloud_control', 'wp_widget_categories', 'wp_widget_categories_control', 'wp_widget_text', 'wp_widget_text_control', 'wp_widget_rss', 'wp_widget_rss_control', 'wp_widget_recent_comments', 'wp_widget_recent_comments_control', ); // // Template tags & API functions. // /** * Registers a widget. * * Registers a WP_Widget widget * * @since 2.8.0 * @since 4.6.0 Updated the `$widget` parameter to also accept a WP_Widget instance object * instead of simply a `WP_Widget` subclass name. * * @see WP_Widget * * @global WP_Widget_Factory $wp_widget_factory * * @param string|WP_Widget $widget Either the name of a `WP_Widget` subclass or an instance of a `WP_Widget` subclass. */ function register_widget( $widget ) { global $wp_widget_factory; $wp_widget_factory->register( $widget ); } /** * Unregisters a widget. * * Unregisters a WP_Widget widget. Useful for un-registering default widgets. * Run within a function hooked to the {@see 'widgets_init'} action. * * @since 2.8.0 * @since 4.6.0 Updated the `$widget` parameter to also accept a WP_Widget instance object * instead of simply a `WP_Widget` subclass name. * * @see WP_Widget * * @global WP_Widget_Factory $wp_widget_factory * * @param string|WP_Widget $widget Either the name of a `WP_Widget` subclass or an instance of a `WP_Widget` subclass. */ function unregister_widget( $widget ) { global $wp_widget_factory; $wp_widget_factory->unregister( $widget ); } /** * Creates multiple sidebars. * * If you wanted to quickly create multiple sidebars for a theme or internally. * This function will allow you to do so. If you don't pass the 'name' and/or * 'id' in `$args`, then they will be built for you. * * @since 2.2.0 * * @see register_sidebar() The second parameter is documented by register_sidebar() and is the same here. * * @global array $wp_registered_sidebars The new sidebars are stored in this array by sidebar ID. * * @param int $number Optional. Number of sidebars to create. Default 1. * @param array|string $args { * Optional. Array or string of arguments for building a sidebar. * * @type string $id The base string of the unique identifier for each sidebar. If provided, and multiple * sidebars are being defined, the ID will have "-2" appended, and so on. * Default 'sidebar-' followed by the number the sidebar creation is currently at. * @type string $name The name or title for the sidebars displayed in the admin dashboard. If registering * more than one sidebar, include '%d' in the string as a placeholder for the uniquely * assigned number for each sidebar. * Default 'Sidebar' for the first sidebar, otherwise 'Sidebar %d'. * } */ function register_sidebars( $number = 1, $args = array() ) { global $wp_registered_sidebars; $number = (int) $number; if ( is_string( $args ) ) { parse_str( $args, $args ); } for ( $i = 1; $i <= $number; $i++ ) { $_args = $args; if ( $number > 1 ) { if ( isset( $args['name'] ) ) { $_args['name'] = sprintf( $args['name'], $i ); } else { /* translators: %d: Sidebar number. */ $_args['name'] = sprintf( __( 'Sidebar %d' ), $i ); } } else { $_args['name'] = isset( $args['name'] ) ? $args['name'] : __( 'Sidebar' ); } /* * Custom specified ID's are suffixed if they exist already. * Automatically generated sidebar names need to be suffixed regardless starting at -0. */ if ( isset( $args['id'] ) ) { $_args['id'] = $args['id']; $n = 2; // Start at -2 for conflicting custom IDs. while ( is_registered_sidebar( $_args['id'] ) ) { $_args['id'] = $args['id'] . '-' . $n++; } } else { $n = count( $wp_registered_sidebars ); do { $_args['id'] = 'sidebar-' . ++$n; } while ( is_registered_sidebar( $_args['id'] ) ); } register_sidebar( $_args ); } } /** * Builds the definition for a single sidebar and returns the ID. * * Accepts either a string or an array and then parses that against a set * of default arguments for the new sidebar. WordPress will automatically * generate a sidebar ID and name based on the current number of registered * sidebars if those arguments are not included. * * When allowing for automatic generation of the name and ID parameters, keep * in mind that the incrementor for your sidebar can change over time depending * on what other plugins and themes are installed. * * If theme support for 'widgets' has not yet been added when this function is * called, it will be automatically enabled through the use of add_theme_support(). * * @since 2.2.0 * @since 5.6.0 Added the `before_sidebar` and `after_sidebar` arguments. * @since 5.9.0 Added the `show_in_rest` argument. * * @global array $wp_registered_sidebars The registered sidebars. * * @param array|string $args { * Optional. Array or string of arguments for the sidebar being registered. * * @type string $name The name or title of the sidebar displayed in the Widgets * interface. Default 'Sidebar $instance'. * @type string $id The unique identifier by which the sidebar will be called. * Default 'sidebar-$instance'. * @type string $description Description of the sidebar, displayed in the Widgets interface. * Default empty string. * @type string $class Extra CSS class to assign to the sidebar in the Widgets interface. * Default empty. * @type string $before_widget HTML content to prepend to each widget's HTML output when assigned * to this sidebar. Receives the widget's ID attribute as `%1$s` * and class name as `%2$s`. Default is an opening list item element. * @type string $after_widget HTML content to append to each widget's HTML output when assigned * to this sidebar. Default is a closing list item element. * @type string $before_title HTML content to prepend to the sidebar title when displayed. * Default is an opening h2 element. * @type string $after_title HTML content to append to the sidebar title when displayed. * Default is a closing h2 element. * @type string $before_sidebar HTML content to prepend to the sidebar when displayed. * Receives the `$id` argument as `%1$s` and `$class` as `%2$s`. * Outputs after the {@see 'dynamic_sidebar_before'} action. * Default empty string. * @type string $after_sidebar HTML content to append to the sidebar when displayed. * Outputs before the {@see 'dynamic_sidebar_after'} action. * Default empty string. * @type bool $show_in_rest Whether to show this sidebar publicly in the REST API. * Defaults to only showing the sidebar to administrator users. * } * @return string Sidebar ID added to $wp_registered_sidebars global. */ function register_sidebar( $args = array() ) { global $wp_registered_sidebars; $i = count( $wp_registered_sidebars ) + 1; $id_is_empty = empty( $args['id'] ); $defaults = array( /* translators: %d: Sidebar number. */ 'name' => sprintf( __( 'Sidebar %d' ), $i ), 'id' => "sidebar-$i", 'description' => '', 'class' => '', 'before_widget' => '<li id="%1$s" class="widget %2$s">', 'after_widget' => "</li>\n", 'before_title' => '<h2 class="widgettitle">', 'after_title' => "</h2>\n", 'before_sidebar' => '', 'after_sidebar' => '', 'show_in_rest' => false, ); /** * Filters the sidebar default arguments. * * @since 5.3.0 * * @see register_sidebar() * * @param array $defaults The default sidebar arguments. */ $sidebar = wp_parse_args( $args, apply_filters( 'register_sidebar_defaults', $defaults ) ); if ( $id_is_empty ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: 1: The 'id' argument, 2: Sidebar name, 3: Recommended 'id' value. */ __( 'No %1$s was set in the arguments array for the "%2$s" sidebar. Defaulting to "%3$s". Manually set the %1$s to "%3$s" to silence this notice and keep existing sidebar content.' ), '<code>id</code>', $sidebar['name'], $sidebar['id'] ), '4.2.0' ); } $wp_registered_sidebars[ $sidebar['id'] ] = $sidebar; add_theme_support( 'widgets' ); /** * Fires once a sidebar has been registered. * * @since 3.0.0 * * @param array $sidebar Parsed arguments for the registered sidebar. */ do_action( 'register_sidebar', $sidebar ); return $sidebar['id']; } /** * Removes a sidebar from the list. * * @since 2.2.0 * * @global array $wp_registered_sidebars The registered sidebars. * * @param string|int $sidebar_id The ID of the sidebar when it was registered. */ function unregister_sidebar( $sidebar_id ) { global $wp_registered_sidebars; unset( $wp_registered_sidebars[ $sidebar_id ] ); } /** * Checks if a sidebar is registered. * * @since 4.4.0 * * @global array $wp_registered_sidebars The registered sidebars. * * @param string|int $sidebar_id The ID of the sidebar when it was registered. * @return bool True if the sidebar is registered, false otherwise. */ function is_registered_sidebar( $sidebar_id ) { global $wp_registered_sidebars; return isset( $wp_registered_sidebars[ $sidebar_id ] ); } /** * Registers an instance of a widget. * * The default widget option is 'classname' that can be overridden. * * The function can also be used to un-register widgets when `$output_callback` * parameter is an empty string. * * @since 2.2.0 * @since 5.3.0 Formalized the existing and already documented `...$params` parameter * by adding it to the function signature. * @since 5.8.0 Added show_instance_in_rest option. * * @global array $wp_registered_widgets Uses stored registered widgets. * @global array $wp_registered_widget_controls Stores the registered widget controls (options). * @global array $wp_registered_widget_updates The registered widget updates. * @global array $_wp_deprecated_widgets_callbacks * * @param int|string $id Widget ID. * @param string $name Widget display title. * @param callable $output_callback Run when widget is called. * @param array $options { * Optional. An array of supplementary widget options for the instance. * * @type string $classname Class name for the widget's HTML container. Default is a shortened * version of the output callback name. * @type string $description Widget description for display in the widget administration * panel and/or theme. * @type bool $show_instance_in_rest Whether to show the widget's instance settings in the REST API. * Only available for WP_Widget based widgets. * } * @param mixed ...$params Optional additional parameters to pass to the callback function when it's called. */ function wp_register_sidebar_widget( $id, $name, $output_callback, $options = array(), ...$params ) { global $wp_registered_widgets, $wp_registered_widget_controls, $wp_registered_widget_updates, $_wp_deprecated_widgets_callbacks; $id = strtolower( $id ); if ( empty( $output_callback ) ) { unset( $wp_registered_widgets[ $id ] ); return; } $id_base = _get_widget_id_base( $id ); if ( in_array( $output_callback, $_wp_deprecated_widgets_callbacks, true ) && ! is_callable( $output_callback ) ) { unset( $wp_registered_widget_controls[ $id ] ); unset( $wp_registered_widget_updates[ $id_base ] ); return; } $defaults = array( 'classname' => $output_callback ); $options = wp_parse_args( $options, $defaults ); $widget = array( 'name' => $name, 'id' => $id, 'callback' => $output_callback, 'params' => $params, ); $widget = array_merge( $widget, $options ); if ( is_callable( $output_callback ) && ( ! isset( $wp_registered_widgets[ $id ] ) || did_action( 'widgets_init' ) ) ) { /** * Fires once for each registered widget. * * @since 3.0.0 * * @param array $widget An array of default widget arguments. */ do_action( 'wp_register_sidebar_widget', $widget ); $wp_registered_widgets[ $id ] = $widget; } } /** * Retrieves description for widget. * * When registering widgets, the options can also include 'description' that * describes the widget for display on the widget administration panel or * in the theme. * * @since 2.5.0 * * @global array $wp_registered_widgets The registered widgets. * * @param int|string $id Widget ID. * @return string|void Widget description, if available. */ function wp_widget_description( $id ) { if ( ! is_scalar( $id ) ) { return; } global $wp_registered_widgets; if ( isset( $wp_registered_widgets[ $id ]['description'] ) ) { return esc_html( $wp_registered_widgets[ $id ]['description'] ); } } /** * Retrieves description for a sidebar. * * When registering sidebars a 'description' parameter can be included that * describes the sidebar for display on the widget administration panel. * * @since 2.9.0 * * @global array $wp_registered_sidebars The registered sidebars. * * @param string $id sidebar ID. * @return string|void Sidebar description, if available. */ function wp_sidebar_description( $id ) { if ( ! is_scalar( $id ) ) { return; } global $wp_registered_sidebars; if ( isset( $wp_registered_sidebars[ $id ]['description'] ) ) { return wp_kses( $wp_registered_sidebars[ $id ]['description'], 'sidebar_description' ); } } /** * Remove widget from sidebar. * * @since 2.2.0 * * @param int|string $id Widget ID. */ function wp_unregister_sidebar_widget( $id ) { /** * Fires just before a widget is removed from a sidebar. * * @since 3.0.0 * * @param int|string $id The widget ID. */ do_action( 'wp_unregister_sidebar_widget', $id ); wp_register_sidebar_widget( $id, '', '' ); wp_unregister_widget_control( $id ); } /** * Registers widget control callback for customizing options. * * @since 2.2.0 * @since 5.3.0 Formalized the existing and already documented `...$params` parameter * by adding it to the function signature. * * @global array $wp_registered_widget_controls The registered widget controls. * @global array $wp_registered_widget_updates The registered widget updates. * @global array $wp_registered_widgets The registered widgets. * @global array $_wp_deprecated_widgets_callbacks * * @param int|string $id Sidebar ID. * @param string $name Sidebar display name. * @param callable $control_callback Run when sidebar is displayed. * @param array $options { * Optional. Array or string of control options. Default empty array. * * @type int $height Never used. Default 200. * @type int $width Width of the fully expanded control form (but try hard to use the default width). * Default 250. * @type int|string $id_base Required for multi-widgets, i.e widgets that allow multiple instances such as the * text widget. The widget ID will end up looking like `{$id_base}-{$unique_number}`. * } * @param mixed ...$params Optional additional parameters to pass to the callback function when it's called. */ function wp_register_widget_control( $id, $name, $control_callback, $options = array(), ...$params ) { global $wp_registered_widget_controls, $wp_registered_widget_updates, $wp_registered_widgets, $_wp_deprecated_widgets_callbacks; $id = strtolower( $id ); $id_base = _get_widget_id_base( $id ); if ( empty( $control_callback ) ) { unset( $wp_registered_widget_controls[ $id ] ); unset( $wp_registered_widget_updates[ $id_base ] ); return; } if ( in_array( $control_callback, $_wp_deprecated_widgets_callbacks, true ) && ! is_callable( $control_callback ) ) { unset( $wp_registered_widgets[ $id ] ); return; } if ( isset( $wp_registered_widget_controls[ $id ] ) && ! did_action( 'widgets_init' ) ) { return; } $defaults = array( 'width' => 250, 'height' => 200, ); // Height is never used. $options = wp_parse_args( $options, $defaults ); $options['width'] = (int) $options['width']; $options['height'] = (int) $options['height']; $widget = array( 'name' => $name, 'id' => $id, 'callback' => $control_callback, 'params' => $params, ); $widget = array_merge( $widget, $options ); $wp_registered_widget_controls[ $id ] = $widget; if ( isset( $wp_registered_widget_updates[ $id_base ] ) ) { return; } if ( isset( $widget['params'][0]['number'] ) ) { $widget['params'][0]['number'] = -1; } unset( $widget['width'], $widget['height'], $widget['name'], $widget['id'] ); $wp_registered_widget_updates[ $id_base ] = $widget; } /** * Registers the update callback for a widget. * * @since 2.8.0 * @since 5.3.0 Formalized the existing and already documented `...$params` parameter * by adding it to the function signature. * * @global array $wp_registered_widget_updates The registered widget updates. * * @param string $id_base The base ID of a widget created by extending WP_Widget. * @param callable $update_callback Update callback method for the widget. * @param array $options Optional. Widget control options. See wp_register_widget_control(). * Default empty array. * @param mixed ...$params Optional additional parameters to pass to the callback function when it's called. */ function _register_widget_update_callback( $id_base, $update_callback, $options = array(), ...$params ) { global $wp_registered_widget_updates; if ( isset( $wp_registered_widget_updates[ $id_base ] ) ) { if ( empty( $update_callback ) ) { unset( $wp_registered_widget_updates[ $id_base ] ); } return; } $widget = array( 'callback' => $update_callback, 'params' => $params, ); $widget = array_merge( $widget, $options ); $wp_registered_widget_updates[ $id_base ] = $widget; } /** * Registers the form callback for a widget. * * @since 2.8.0 * @since 5.3.0 Formalized the existing and already documented `...$params` parameter * by adding it to the function signature. * * @global array $wp_registered_widget_controls The registered widget controls. * * @param int|string $id Widget ID. * @param string $name Name attribute for the widget. * @param callable $form_callback Form callback. * @param array $options Optional. Widget control options. See wp_register_widget_control(). * Default empty array. * @param mixed ...$params Optional additional parameters to pass to the callback function when it's called. */ function _register_widget_form_callback( $id, $name, $form_callback, $options = array(), ...$params ) { global $wp_registered_widget_controls; $id = strtolower( $id ); if ( empty( $form_callback ) ) { unset( $wp_registered_widget_controls[ $id ] ); return; } if ( isset( $wp_registered_widget_controls[ $id ] ) && ! did_action( 'widgets_init' ) ) { return; } $defaults = array( 'width' => 250, 'height' => 200, ); $options = wp_parse_args( $options, $defaults ); $options['width'] = (int) $options['width']; $options['height'] = (int) $options['height']; $widget = array( 'name' => $name, 'id' => $id, 'callback' => $form_callback, 'params' => $params, ); $widget = array_merge( $widget, $options ); $wp_registered_widget_controls[ $id ] = $widget; } /** * Removes control callback for widget. * * @since 2.2.0 * * @param int|string $id Widget ID. */ function wp_unregister_widget_control( $id ) { wp_register_widget_control( $id, '', '' ); } /** * Displays dynamic sidebar. * * By default this displays the default sidebar or 'sidebar-1'. If your theme specifies the 'id' or * 'name' parameter for its registered sidebars you can pass an ID or name as the $index parameter. * Otherwise, you can pass in a numerical index to display the sidebar at that index. * * @since 2.2.0 * * @global array $wp_registered_sidebars The registered sidebars. * @global array $wp_registered_widgets The registered widgets. * * @param int|string $index Optional. Index, name or ID of dynamic sidebar. Default 1. * @return bool True, if widget sidebar was found and called. False if not found or not called. */ function dynamic_sidebar( $index = 1 ) { global $wp_registered_sidebars, $wp_registered_widgets; if ( is_int( $index ) ) { $index = "sidebar-$index"; } else { $index = sanitize_title( $index ); foreach ( (array) $wp_registered_sidebars as $key => $value ) { if ( sanitize_title( $value['name'] ) === $index ) { $index = $key; break; } } } $sidebars_widgets = wp_get_sidebars_widgets(); if ( empty( $wp_registered_sidebars[ $index ] ) || empty( $sidebars_widgets[ $index ] ) || ! is_array( $sidebars_widgets[ $index ] ) ) { /** This action is documented in wp-includes/widget.php */ do_action( 'dynamic_sidebar_before', $index, false ); /** This action is documented in wp-includes/widget.php */ do_action( 'dynamic_sidebar_after', $index, false ); /** This filter is documented in wp-includes/widget.php */ return apply_filters( 'dynamic_sidebar_has_widgets', false, $index ); } $sidebar = $wp_registered_sidebars[ $index ]; $sidebar['before_sidebar'] = sprintf( $sidebar['before_sidebar'], $sidebar['id'], $sidebar['class'] ); /** * Fires before widgets are rendered in a dynamic sidebar. * * Note: The action also fires for empty sidebars, and on both the front end * and back end, including the Inactive Widgets sidebar on the Widgets screen. * * @since 3.9.0 * * @param int|string $index Index, name, or ID of the dynamic sidebar. * @param bool $has_widgets Whether the sidebar is populated with widgets. * Default true. */ do_action( 'dynamic_sidebar_before', $index, true ); if ( ! is_admin() && ! empty( $sidebar['before_sidebar'] ) ) { echo $sidebar['before_sidebar']; } $did_one = false; foreach ( (array) $sidebars_widgets[ $index ] as $id ) { if ( ! isset( $wp_registered_widgets[ $id ] ) ) { continue; } $params = array_merge( array( array_merge( $sidebar, array( 'widget_id' => $id, 'widget_name' => $wp_registered_widgets[ $id ]['name'], ) ), ), (array) $wp_registered_widgets[ $id ]['params'] ); // Substitute HTML `id` and `class` attributes into `before_widget`. $classname_ = ''; foreach ( (array) $wp_registered_widgets[ $id ]['classname'] as $cn ) { if ( is_string( $cn ) ) { $classname_ .= '_' . $cn; } elseif ( is_object( $cn ) ) { $classname_ .= '_' . get_class( $cn ); } } $classname_ = ltrim( $classname_, '_' ); $params[0]['before_widget'] = sprintf( $params[0]['before_widget'], str_replace( '\\', '_', $id ), $classname_ ); /** * Filters the parameters passed to a widget's display callback. * * Note: The filter is evaluated on both the front end and back end, * including for the Inactive Widgets sidebar on the Widgets screen. * * @since 2.5.0 * * @see register_sidebar() * * @param array $params { * @type array $args { * An array of widget display arguments. * * @type string $name Name of the sidebar the widget is assigned to. * @type string $id ID of the sidebar the widget is assigned to. * @type string $description The sidebar description. * @type string $class CSS class applied to the sidebar container. * @type string $before_widget HTML markup to prepend to each widget in the sidebar. * @type string $after_widget HTML markup to append to each widget in the sidebar. * @type string $before_title HTML markup to prepend to the widget title when displayed. * @type string $after_title HTML markup to append to the widget title when displayed. * @type string $widget_id ID of the widget. * @type string $widget_name Name of the widget. * } * @type array $widget_args { * An array of multi-widget arguments. * * @type int $number Number increment used for multiples of the same widget. * } * } */ $params = apply_filters( 'dynamic_sidebar_params', $params ); $callback = $wp_registered_widgets[ $id ]['callback']; /** * Fires before a widget's display callback is called. * * Note: The action fires on both the front end and back end, including * for widgets in the Inactive Widgets sidebar on the Widgets screen. * * The action is not fired for empty sidebars. * * @since 3.0.0 * * @param array $widget { * An associative array of widget arguments. * * @type string $name Name of the widget. * @type string $id Widget ID. * @type callable $callback When the hook is fired on the front end, `$callback` is an array * containing the widget object. Fired on the back end, `$callback` * is 'wp_widget_control', see `$_callback`. * @type array $params An associative array of multi-widget arguments. * @type string $classname CSS class applied to the widget container. * @type string $description The widget description. * @type array $_callback When the hook is fired on the back end, `$_callback` is populated * with an array containing the widget object, see `$callback`. * } */ do_action( 'dynamic_sidebar', $wp_registered_widgets[ $id ] ); if ( is_callable( $callback ) ) { call_user_func_array( $callback, $params ); $did_one = true; } } if ( ! is_admin() && ! empty( $sidebar['after_sidebar'] ) ) { echo $sidebar['after_sidebar']; } /** * Fires after widgets are rendered in a dynamic sidebar. * * Note: The action also fires for empty sidebars, and on both the front end * and back end, including the Inactive Widgets sidebar on the Widgets screen. * * @since 3.9.0 * * @param int|string $index Index, name, or ID of the dynamic sidebar. * @param bool $has_widgets Whether the sidebar is populated with widgets. * Default true. */ do_action( 'dynamic_sidebar_after', $index, true ); /** * Filters whether a sidebar has widgets. * * Note: The filter is also evaluated for empty sidebars, and on both the front end * and back end, including the Inactive Widgets sidebar on the Widgets screen. * * @since 3.9.0 * * @param bool $did_one Whether at least one widget was rendered in the sidebar. * Default false. * @param int|string $index Index, name, or ID of the dynamic sidebar. */ return apply_filters( 'dynamic_sidebar_has_widgets', $did_one, $index ); } /** * Determines whether a given widget is displayed on the front end. * * Either $callback or $id_base can be used. * $id_base is the first argument when extending WP_Widget class. * Without the optional $widget_id parameter, returns the ID of the first sidebar * in which the first instance of the widget with the given callback or $id_base is found. * With the $widget_id parameter, returns the ID of the sidebar where * the widget with that callback/$id_base AND that ID is found. * * NOTE: $widget_id and $id_base are the same for single widgets. To be effective * this function has to run after widgets have initialized, at action {@see 'init'} or later. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.2.0 * * @global array $wp_registered_widgets The registered widgets. * * @param callable|false $callback Optional. Widget callback to check. Default false. * @param string|false $widget_id Optional. Widget ID. Optional, but needed for checking. * Default false. * @param string|false $id_base Optional. The base ID of a widget created by extending WP_Widget. * Default false. * @param bool $skip_inactive Optional. Whether to check in 'wp_inactive_widgets'. * Default true. * @return string|false ID of the sidebar in which the widget is active, * false if the widget is not active. */ function is_active_widget( $callback = false, $widget_id = false, $id_base = false, $skip_inactive = true ) { global $wp_registered_widgets; $sidebars_widgets = wp_get_sidebars_widgets(); if ( is_array( $sidebars_widgets ) ) { foreach ( $sidebars_widgets as $sidebar => $widgets ) { if ( $skip_inactive && ( 'wp_inactive_widgets' === $sidebar || str_starts_with( $sidebar, 'orphaned_widgets' ) ) ) { continue; } if ( is_array( $widgets ) ) { foreach ( $widgets as $widget ) { if ( ( $callback && isset( $wp_registered_widgets[ $widget ]['callback'] ) && $wp_registered_widgets[ $widget ]['callback'] === $callback ) || ( $id_base && _get_widget_id_base( $widget ) === $id_base ) ) { if ( ! $widget_id || $widget_id === $wp_registered_widgets[ $widget ]['id'] ) { return $sidebar; } } } } } } return false; } /** * Determines whether the dynamic sidebar is enabled and used by the theme. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.2.0 * * @global array $wp_registered_widgets The registered widgets. * @global array $wp_registered_sidebars The registered sidebars. * * @return bool True if using widgets, false otherwise. */ function is_dynamic_sidebar() { global $wp_registered_widgets, $wp_registered_sidebars; $sidebars_widgets = get_option( 'sidebars_widgets' ); foreach ( (array) $wp_registered_sidebars as $index => $sidebar ) { if ( ! empty( $sidebars_widgets[ $index ] ) ) { foreach ( (array) $sidebars_widgets[ $index ] as $widget ) { if ( array_key_exists( $widget, $wp_registered_widgets ) ) { return true; } } } } return false; } /** * Determines whether a sidebar contains widgets. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.8.0 * * @param string|int $index Sidebar name, id or number to check. * @return bool True if the sidebar has widgets, false otherwise. */ function is_active_sidebar( $index ) { $index = ( is_int( $index ) ) ? "sidebar-$index" : sanitize_title( $index ); $sidebars_widgets = wp_get_sidebars_widgets(); $is_active_sidebar = ! empty( $sidebars_widgets[ $index ] ); /** * Filters whether a dynamic sidebar is considered "active". * * @since 3.9.0 * * @param bool $is_active_sidebar Whether or not the sidebar should be considered "active". * In other words, whether the sidebar contains any widgets. * @param int|string $index Index, name, or ID of the dynamic sidebar. */ return apply_filters( 'is_active_sidebar', $is_active_sidebar, $index ); } // // Internal Functions. // /** * Retrieves the full list of sidebars and their widget instance IDs. * * Will upgrade sidebar widget list, if needed. Will also save updated list, if * needed. * * @since 2.2.0 * @access private * * @global array $_wp_sidebars_widgets * @global array $sidebars_widgets * * @param bool $deprecated Not used (argument deprecated). * @return array Upgraded list of widgets to version 3 array format when called from the admin. */ function wp_get_sidebars_widgets( $deprecated = true ) { if ( true !== $deprecated ) { _deprecated_argument( __FUNCTION__, '2.8.1' ); } global $_wp_sidebars_widgets, $sidebars_widgets; /* * If loading from front page, consult $_wp_sidebars_widgets rather than options * to see if wp_convert_widget_settings() has made manipulations in memory. */ if ( ! is_admin() ) { if ( empty( $_wp_sidebars_widgets ) ) { $_wp_sidebars_widgets = get_option( 'sidebars_widgets', array() ); } $sidebars_widgets = $_wp_sidebars_widgets; } else { $sidebars_widgets = get_option( 'sidebars_widgets', array() ); } if ( is_array( $sidebars_widgets ) && isset( $sidebars_widgets['array_version'] ) ) { unset( $sidebars_widgets['array_version'] ); } /** * Filters the list of sidebars and their widgets. * * @since 2.7.0 * * @param array $sidebars_widgets An associative array of sidebars and their widgets. */ return apply_filters( 'sidebars_widgets', $sidebars_widgets ); } /** * Retrieves the registered sidebar with the given ID. * * @since 5.9.0 * * @global array $wp_registered_sidebars The registered sidebars. * * @param string $id The sidebar ID. * @return array|null The discovered sidebar, or null if it is not registered. */ function wp_get_sidebar( $id ) { global $wp_registered_sidebars; foreach ( (array) $wp_registered_sidebars as $sidebar ) { if ( $sidebar['id'] === $id ) { return $sidebar; } } if ( 'wp_inactive_widgets' === $id ) { return array( 'id' => 'wp_inactive_widgets', 'name' => __( 'Inactive widgets' ), ); } return null; } /** * Sets the sidebar widget option to update sidebars. * * @since 2.2.0 * @access private * * @global array $_wp_sidebars_widgets * @param array $sidebars_widgets Sidebar widgets and their settings. */ function wp_set_sidebars_widgets( $sidebars_widgets ) { global $_wp_sidebars_widgets; // Clear cached value used in wp_get_sidebars_widgets(). $_wp_sidebars_widgets = null; if ( ! isset( $sidebars_widgets['array_version'] ) ) { $sidebars_widgets['array_version'] = 3; } update_option( 'sidebars_widgets', $sidebars_widgets ); } /** * Retrieves default registered sidebars list. * * @since 2.2.0 * @access private * * @global array $wp_registered_sidebars The registered sidebars. * * @return array */ function wp_get_widget_defaults() { global $wp_registered_sidebars; $defaults = array(); foreach ( (array) $wp_registered_sidebars as $index => $sidebar ) { $defaults[ $index ] = array(); } return $defaults; } /** * Converts the widget settings from single to multi-widget format. * * @since 2.8.0 * * @global array $_wp_sidebars_widgets * * @param string $base_name Root ID for all widgets of this type. * @param string $option_name Option name for this widget type. * @param array $settings The array of widget instance settings. * @return array The array of widget settings converted to multi-widget format. */ function wp_convert_widget_settings( $base_name, $option_name, $settings ) { // This test may need expanding. $single = false; $changed = false; if ( empty( $settings ) ) { $single = true; } else { foreach ( array_keys( $settings ) as $number ) { if ( 'number' === $number ) { continue; } if ( ! is_numeric( $number ) ) { $single = true; break; } } } if ( $single ) { $settings = array( 2 => $settings ); // If loading from the front page, update sidebar in memory but don't save to options. if ( is_admin() ) { $sidebars_widgets = get_option( 'sidebars_widgets' ); } else { if ( empty( $GLOBALS['_wp_sidebars_widgets'] ) ) { $GLOBALS['_wp_sidebars_widgets'] = get_option( 'sidebars_widgets', array() ); } $sidebars_widgets = &$GLOBALS['_wp_sidebars_widgets']; } foreach ( (array) $sidebars_widgets as $index => $sidebar ) { if ( is_array( $sidebar ) ) { foreach ( $sidebar as $i => $name ) { if ( $base_name === $name ) { $sidebars_widgets[ $index ][ $i ] = "$name-2"; $changed = true; break 2; } } } } if ( is_admin() && $changed ) { update_option( 'sidebars_widgets', $sidebars_widgets ); } } $settings['_multiwidget'] = 1; if ( is_admin() ) { update_option( $option_name, $settings ); } return $settings; } /** * Outputs an arbitrary widget as a template tag. * * @since 2.8.0 * * @global WP_Widget_Factory $wp_widget_factory * * @param string $widget The widget's PHP class name (see class-wp-widget.php). * @param array $instance Optional. The widget's instance settings. Default empty array. * @param array $args { * Optional. Array of arguments to configure the display of the widget. * * @type string $before_widget HTML content that will be prepended to the widget's HTML output. * Default `<div class="widget %s">`, where `%s` is the widget's class name. * @type string $after_widget HTML content that will be appended to the widget's HTML output. * Default `</div>`. * @type string $before_title HTML content that will be prepended to the widget's title when displayed. * Default `<h2 class="widgettitle">`. * @type string $after_title HTML content that will be appended to the widget's title when displayed. * Default `</h2>`. * } */ function the_widget( $widget, $instance = array(), $args = array() ) { global $wp_widget_factory; if ( ! isset( $wp_widget_factory->widgets[ $widget ] ) ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: %s: register_widget() */ __( 'Widgets need to be registered using %s, before they can be displayed.' ), '<code>register_widget()</code>' ), '4.9.0' ); return; } $widget_obj = $wp_widget_factory->widgets[ $widget ]; if ( ! ( $widget_obj instanceof WP_Widget ) ) { return; } $default_args = array( 'before_widget' => '<div class="widget %s">', 'after_widget' => '</div>', 'before_title' => '<h2 class="widgettitle">', 'after_title' => '</h2>', ); $args = wp_parse_args( $args, $default_args ); $args['before_widget'] = sprintf( $args['before_widget'], $widget_obj->widget_options['classname'] ); $instance = wp_parse_args( $instance ); /** This filter is documented in wp-includes/class-wp-widget.php */ $instance = apply_filters( 'widget_display_callback', $instance, $widget_obj, $args ); if ( false === $instance ) { return; } /** * Fires before rendering the requested widget. * * @since 3.0.0 * * @param string $widget The widget's class name. * @param array $instance The current widget instance's settings. * @param array $args An array of the widget's sidebar arguments. */ do_action( 'the_widget', $widget, $instance, $args ); $widget_obj->_set( -1 ); $widget_obj->widget( $args, $instance ); } /** * Retrieves the widget ID base value. * * @since 2.8.0 * * @param string $id Widget ID. * @return string Widget ID base. */ function _get_widget_id_base( $id ) { return preg_replace( '/-[0-9]+$/', '', $id ); } /** * Handles sidebars config after theme change. * * @access private * @since 3.3.0 * * @global array $sidebars_widgets */ function _wp_sidebars_changed() { global $sidebars_widgets; if ( ! is_array( $sidebars_widgets ) ) { $sidebars_widgets = wp_get_sidebars_widgets(); } retrieve_widgets( true ); } /** * Validates and remaps any "orphaned" widgets to wp_inactive_widgets sidebar, * and saves the widget settings. This has to run at least on each theme change. * * For example, let's say theme A has a "footer" sidebar, and theme B doesn't have one. * After switching from theme A to theme B, all the widgets previously assigned * to the footer would be inaccessible. This function detects this scenario, and * moves all the widgets previously assigned to the footer under wp_inactive_widgets. * * Despite the word "retrieve" in the name, this function actually updates the database * and the global `$sidebars_widgets`. For that reason it should not be run on front end, * unless the `$theme_changed` value is 'customize' (to bypass the database write). * * @since 2.8.0 * * @global array $wp_registered_sidebars The registered sidebars. * @global array $sidebars_widgets * @global array $wp_registered_widgets The registered widgets. * * @param string|bool $theme_changed Whether the theme was changed as a boolean. A value * of 'customize' defers updates for the Customizer. * @return array Updated sidebars widgets. */ function retrieve_widgets( $theme_changed = false ) { global $wp_registered_sidebars, $sidebars_widgets, $wp_registered_widgets; $registered_sidebars_keys = array_keys( $wp_registered_sidebars ); $registered_widgets_ids = array_keys( $wp_registered_widgets ); if ( ! is_array( get_theme_mod( 'sidebars_widgets' ) ) ) { if ( empty( $sidebars_widgets ) ) { return array(); } unset( $sidebars_widgets['array_version'] ); $sidebars_widgets_keys = array_keys( $sidebars_widgets ); sort( $sidebars_widgets_keys ); sort( $registered_sidebars_keys ); if ( $sidebars_widgets_keys === $registered_sidebars_keys ) { $sidebars_widgets = _wp_remove_unregistered_widgets( $sidebars_widgets, $registered_widgets_ids ); return $sidebars_widgets; } } // Discard invalid, theme-specific widgets from sidebars. $sidebars_widgets = _wp_remove_unregistered_widgets( $sidebars_widgets, $registered_widgets_ids ); $sidebars_widgets = wp_map_sidebars_widgets( $sidebars_widgets ); // Replace non-array values inside the array with an empty array. foreach ( $sidebars_widgets as $key => $value ) { if ( ! is_array( $value ) ) { $sidebars_widgets[ $key ] = array(); } } // Find hidden/lost multi-widget instances. $shown_widgets = array_merge( ...array_values( $sidebars_widgets ) ); $lost_widgets = array_diff( $registered_widgets_ids, $shown_widgets ); foreach ( $lost_widgets as $key => $widget_id ) { $number = preg_replace( '/.+?-([0-9]+)$/', '$1', $widget_id ); // Only keep active and default widgets. if ( is_numeric( $number ) && (int) $number < 2 ) { unset( $lost_widgets[ $key ] ); } } $sidebars_widgets['wp_inactive_widgets'] = array_merge( $lost_widgets, (array) $sidebars_widgets['wp_inactive_widgets'] ); if ( 'customize' !== $theme_changed ) { // Update the widgets settings in the database. wp_set_sidebars_widgets( $sidebars_widgets ); } return $sidebars_widgets; } /** * Compares a list of sidebars with their widgets against an allowed list. * * @since 4.9.0 * @since 4.9.2 Always tries to restore widget assignments from previous data, not just if sidebars needed mapping. * * @global array $wp_registered_sidebars The registered sidebars. * * @param array $existing_sidebars_widgets List of sidebars and their widget instance IDs. * @return array Mapped sidebars widgets. */ function wp_map_sidebars_widgets( $existing_sidebars_widgets ) { global $wp_registered_sidebars; $new_sidebars_widgets = array( 'wp_inactive_widgets' => array(), ); // Short-circuit if there are no sidebars to map. if ( ! is_array( $existing_sidebars_widgets ) || empty( $existing_sidebars_widgets ) ) { return $new_sidebars_widgets; } foreach ( $existing_sidebars_widgets as $sidebar => $widgets ) { if ( 'wp_inactive_widgets' === $sidebar || str_starts_with( $sidebar, 'orphaned_widgets' ) ) { $new_sidebars_widgets['wp_inactive_widgets'] = array_merge( $new_sidebars_widgets['wp_inactive_widgets'], (array) $widgets ); unset( $existing_sidebars_widgets[ $sidebar ] ); } } // If old and new theme have just one sidebar, map it and we're done. if ( 1 === count( $existing_sidebars_widgets ) && 1 === count( $wp_registered_sidebars ) ) { $new_sidebars_widgets[ key( $wp_registered_sidebars ) ] = array_pop( $existing_sidebars_widgets ); return $new_sidebars_widgets; } // Map locations with the same slug. $existing_sidebars = array_keys( $existing_sidebars_widgets ); foreach ( $wp_registered_sidebars as $sidebar => $name ) { if ( in_array( $sidebar, $existing_sidebars, true ) ) { $new_sidebars_widgets[ $sidebar ] = $existing_sidebars_widgets[ $sidebar ]; unset( $existing_sidebars_widgets[ $sidebar ] ); } elseif ( ! array_key_exists( $sidebar, $new_sidebars_widgets ) ) { $new_sidebars_widgets[ $sidebar ] = array(); } } // If there are more sidebars, try to map them. if ( ! empty( $existing_sidebars_widgets ) ) { /* * If old and new theme both have sidebars that contain phrases * from within the same group, make an educated guess and map it. */ $common_slug_groups = array( array( 'sidebar', 'primary', 'main', 'right' ), array( 'second', 'left' ), array( 'sidebar-2', 'footer', 'bottom' ), array( 'header', 'top' ), ); // Go through each group... foreach ( $common_slug_groups as $slug_group ) { // ...and see if any of these slugs... foreach ( $slug_group as $slug ) { // ...and any of the new sidebars... foreach ( $wp_registered_sidebars as $new_sidebar => $args ) { // ...actually match! if ( false === stripos( $new_sidebar, $slug ) && false === stripos( $slug, $new_sidebar ) ) { continue; } // Then see if any of the existing sidebars... foreach ( $existing_sidebars_widgets as $sidebar => $widgets ) { // ...and any slug in the same group... foreach ( $slug_group as $slug ) { // ... have a match as well. if ( false === stripos( $sidebar, $slug ) && false === stripos( $slug, $sidebar ) ) { continue; } // Make sure this sidebar wasn't mapped and removed previously. if ( ! empty( $existing_sidebars_widgets[ $sidebar ] ) ) { // We have a match that can be mapped! $new_sidebars_widgets[ $new_sidebar ] = array_merge( $new_sidebars_widgets[ $new_sidebar ], $existing_sidebars_widgets[ $sidebar ] ); // Remove the mapped sidebar so it can't be mapped again. unset( $existing_sidebars_widgets[ $sidebar ] ); // Go back and check the next new sidebar. continue 3; } } // End foreach ( $slug_group as $slug ). } // End foreach ( $existing_sidebars_widgets as $sidebar => $widgets ). } // End foreach ( $wp_registered_sidebars as $new_sidebar => $args ). } // End foreach ( $slug_group as $slug ). } // End foreach ( $common_slug_groups as $slug_group ). } // Move any left over widgets to inactive sidebar. foreach ( $existing_sidebars_widgets as $widgets ) { if ( is_array( $widgets ) && ! empty( $widgets ) ) { $new_sidebars_widgets['wp_inactive_widgets'] = array_merge( $new_sidebars_widgets['wp_inactive_widgets'], $widgets ); } } // Sidebars_widgets settings from when this theme was previously active. $old_sidebars_widgets = get_theme_mod( 'sidebars_widgets' ); $old_sidebars_widgets = isset( $old_sidebars_widgets['data'] ) ? $old_sidebars_widgets['data'] : false; if ( is_array( $old_sidebars_widgets ) ) { // Remove empty sidebars, no need to map those. $old_sidebars_widgets = array_filter( $old_sidebars_widgets ); // Only check sidebars that are empty or have not been mapped to yet. foreach ( $new_sidebars_widgets as $new_sidebar => $new_widgets ) { if ( array_key_exists( $new_sidebar, $old_sidebars_widgets ) && ! empty( $new_widgets ) ) { unset( $old_sidebars_widgets[ $new_sidebar ] ); } } // Remove orphaned widgets, we're only interested in previously active sidebars. foreach ( $old_sidebars_widgets as $sidebar => $widgets ) { if ( str_starts_with( $sidebar, 'orphaned_widgets' ) ) { unset( $old_sidebars_widgets[ $sidebar ] ); } } $old_sidebars_widgets = _wp_remove_unregistered_widgets( $old_sidebars_widgets ); // Replace non-array values inside the array with an empty array. foreach ( $new_sidebars_widgets as $key => $value ) { if ( ! is_array( $value ) ) { $new_sidebars_widgets[ $key ] = array(); } } if ( ! empty( $old_sidebars_widgets ) ) { // Go through each remaining sidebar... foreach ( $old_sidebars_widgets as $old_sidebar => $old_widgets ) { // ...and check every new sidebar... foreach ( $new_sidebars_widgets as $new_sidebar => $new_widgets ) { // ...for every widget we're trying to revive. foreach ( $old_widgets as $key => $widget_id ) { $active_key = array_search( $widget_id, $new_widgets, true ); // If the widget is used elsewhere... if ( false !== $active_key ) { // ...and that elsewhere is inactive widgets... if ( 'wp_inactive_widgets' === $new_sidebar ) { // ...remove it from there and keep the active version... unset( $new_sidebars_widgets['wp_inactive_widgets'][ $active_key ] ); } else { // ...otherwise remove it from the old sidebar and keep it in the new one. unset( $old_sidebars_widgets[ $old_sidebar ][ $key ] ); } } // End if ( $active_key ). } // End foreach ( $old_widgets as $key => $widget_id ). } // End foreach ( $new_sidebars_widgets as $new_sidebar => $new_widgets ). } // End foreach ( $old_sidebars_widgets as $old_sidebar => $old_widgets ). } // End if ( ! empty( $old_sidebars_widgets ) ). // Restore widget settings from when theme was previously active. $new_sidebars_widgets = array_merge( $new_sidebars_widgets, $old_sidebars_widgets ); } return $new_sidebars_widgets; } /** * Compares a list of sidebars with their widgets against an allowed list. * * @since 4.9.0 * * @global array $wp_registered_widgets The registered widgets. * * @param array $sidebars_widgets List of sidebars and their widget instance IDs. * @param array $allowed_widget_ids Optional. List of widget IDs to compare against. Default: Registered widgets. * @return array Sidebars with allowed widgets. */ function _wp_remove_unregistered_widgets( $sidebars_widgets, $allowed_widget_ids = array() ) { if ( empty( $allowed_widget_ids ) ) { $allowed_widget_ids = array_keys( $GLOBALS['wp_registered_widgets'] ); } foreach ( $sidebars_widgets as $sidebar => $widgets ) { if ( is_array( $widgets ) ) { $sidebars_widgets[ $sidebar ] = array_intersect( $widgets, $allowed_widget_ids ); } } return $sidebars_widgets; } /** * Displays the RSS entries in a list. * * @since 2.5.0 * * @param string|array|object $rss RSS url. * @param array $args Widget arguments. */ function wp_widget_rss_output( $rss, $args = array() ) { if ( is_string( $rss ) ) { $rss = fetch_feed( $rss ); } elseif ( is_array( $rss ) && isset( $rss['url'] ) ) { $args = $rss; $rss = fetch_feed( $rss['url'] ); } elseif ( ! is_object( $rss ) ) { return; } if ( is_wp_error( $rss ) ) { if ( is_admin() || current_user_can( 'manage_options' ) ) { echo '<p><strong>' . __( 'RSS Error:' ) . '</strong> ' . esc_html( $rss->get_error_message() ) . '</p>'; } return; } $default_args = array( 'show_author' => 0, 'show_date' => 0, 'show_summary' => 0, 'items' => 0, ); $args = wp_parse_args( $args, $default_args ); $items = (int) $args['items']; if ( $items < 1 || 20 < $items ) { $items = 10; } $show_summary = (int) $args['show_summary']; $show_author = (int) $args['show_author']; $show_date = (int) $args['show_date']; if ( ! $rss->get_item_quantity() ) { echo '<ul><li>' . __( 'An error has occurred, which probably means the feed is down. Try again later.' ) . '</li></ul>'; $rss->__destruct(); unset( $rss ); return; } echo '<ul>'; foreach ( $rss->get_items( 0, $items ) as $item ) { $link = $item->get_link(); while ( ! empty( $link ) && stristr( $link, 'http' ) !== $link ) { $link = substr( $link, 1 ); } $link = esc_url( strip_tags( $link ) ); $title = esc_html( trim( strip_tags( $item->get_title() ) ) ); if ( empty( $title ) ) { $title = __( 'Untitled' ); } $desc = html_entity_decode( $item->get_description(), ENT_QUOTES, get_option( 'blog_charset' ) ); $desc = esc_attr( wp_trim_words( $desc, 55, ' […]' ) ); $summary = ''; if ( $show_summary ) { $summary = $desc; // Change existing [...] to […]. if ( str_ends_with( $summary, '[...]' ) ) { $summary = substr( $summary, 0, -5 ) . '[…]'; } $summary = '<div class="rssSummary">' . esc_html( $summary ) . '</div>'; } $date = ''; if ( $show_date ) { $date = $item->get_date( 'U' ); if ( $date ) { $date = ' <span class="rss-date">' . date_i18n( get_option( 'date_format' ), $date ) . '</span>'; } } $author = ''; if ( $show_author ) { $author = $item->get_author(); if ( is_object( $author ) ) { $author = $author->get_name(); $author = ' <cite>' . esc_html( strip_tags( $author ) ) . '</cite>'; } } if ( '' === $link ) { echo "<li>$title{$date}{$summary}{$author}</li>"; } elseif ( $show_summary ) { echo "<li><a class='rsswidget' href='$link'>$title</a>{$date}{$summary}{$author}</li>"; } else { echo "<li><a class='rsswidget' href='$link'>$title</a>{$date}{$author}</li>"; } } echo '</ul>'; $rss->__destruct(); unset( $rss ); } /** * Displays RSS widget options form. * * The options for what fields are displayed for the RSS form are all booleans * and are as follows: 'url', 'title', 'items', 'show_summary', 'show_author', * 'show_date'. * * @since 2.5.0 * * @param array|string $args Values for input fields. * @param array $inputs Override default display options. */ function wp_widget_rss_form( $args, $inputs = null ) { $default_inputs = array( 'url' => true, 'title' => true, 'items' => true, 'show_summary' => true, 'show_author' => true, 'show_date' => true, ); $inputs = wp_parse_args( $inputs, $default_inputs ); $args['title'] = isset( $args['title'] ) ? $args['title'] : ''; $args['url'] = isset( $args['url'] ) ? $args['url'] : ''; $args['items'] = isset( $args['items'] ) ? (int) $args['items'] : 0; if ( $args['items'] < 1 || 20 < $args['items'] ) { $args['items'] = 10; } $args['show_summary'] = isset( $args['show_summary'] ) ? (int) $args['show_summary'] : (int) $inputs['show_summary']; $args['show_author'] = isset( $args['show_author'] ) ? (int) $args['show_author'] : (int) $inputs['show_author']; $args['show_date'] = isset( $args['show_date'] ) ? (int) $args['show_date'] : (int) $inputs['show_date']; if ( ! empty( $args['error'] ) ) { echo '<p class="widget-error"><strong>' . __( 'RSS Error:' ) . '</strong> ' . esc_html( $args['error'] ) . '</p>'; } $esc_number = esc_attr( $args['number'] ); if ( $inputs['url'] ) : ?> <p><label for="rss-url-<?php echo $esc_number; ?>"><?php _e( 'Enter the RSS feed URL here:' ); ?></label> <input class="widefat" id="rss-url-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][url]" type="text" value="<?php echo esc_url( $args['url'] ); ?>" /></p> <?php endif; if ( $inputs['title'] ) : ?> <p><label for="rss-title-<?php echo $esc_number; ?>"><?php _e( 'Give the feed a title (optional):' ); ?></label> <input class="widefat" id="rss-title-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][title]" type="text" value="<?php echo esc_attr( $args['title'] ); ?>" /></p> <?php endif; if ( $inputs['items'] ) : ?> <p><label for="rss-items-<?php echo $esc_number; ?>"><?php _e( 'How many items would you like to display?' ); ?></label> <select id="rss-items-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][items]"> <?php for ( $i = 1; $i <= 20; ++$i ) { echo "<option value='$i' " . selected( $args['items'], $i, false ) . ">$i</option>"; } ?> </select></p> <?php endif; if ( $inputs['show_summary'] || $inputs['show_author'] || $inputs['show_date'] ) : ?> <p> <?php if ( $inputs['show_summary'] ) : ?> <input id="rss-show-summary-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][show_summary]" type="checkbox" value="1" <?php checked( $args['show_summary'] ); ?> /> <label for="rss-show-summary-<?php echo $esc_number; ?>"><?php _e( 'Display item content?' ); ?></label><br /> <?php endif; if ( $inputs['show_author'] ) : ?> <input id="rss-show-author-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][show_author]" type="checkbox" value="1" <?php checked( $args['show_author'] ); ?> /> <label for="rss-show-author-<?php echo $esc_number; ?>"><?php _e( 'Display item author if available?' ); ?></label><br /> <?php endif; if ( $inputs['show_date'] ) : ?> <input id="rss-show-date-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][show_date]" type="checkbox" value="1" <?php checked( $args['show_date'] ); ?> /> <label for="rss-show-date-<?php echo $esc_number; ?>"><?php _e( 'Display item date?' ); ?></label><br /> <?php endif; ?> </p> <?php endif; // End of display options. foreach ( array_keys( $default_inputs ) as $input ) : if ( 'hidden' === $inputs[ $input ] ) : $id = str_replace( '_', '-', $input ); ?> <input type="hidden" id="rss-<?php echo esc_attr( $id ); ?>-<?php echo $esc_number; ?>" name="widget-rss[<?php echo $esc_number; ?>][<?php echo esc_attr( $input ); ?>]" value="<?php echo esc_attr( $args[ $input ] ); ?>" /> <?php endif; endforeach; } /** * Processes RSS feed widget data and optionally retrieve feed items. * * The feed widget can not have more than 20 items or it will reset back to the * default, which is 10. * * The resulting array has the feed title, feed url, feed link (from channel), * feed items, error (if any), and whether to show summary, author, and date. * All respectively in the order of the array elements. * * @since 2.5.0 * * @param array $widget_rss RSS widget feed data. Expects unescaped data. * @param bool $check_feed Optional. Whether to check feed for errors. Default true. * @return array */ function wp_widget_rss_process( $widget_rss, $check_feed = true ) { $items = (int) $widget_rss['items']; if ( $items < 1 || 20 < $items ) { $items = 10; } $url = sanitize_url( strip_tags( $widget_rss['url'] ) ); $title = isset( $widget_rss['title'] ) ? trim( strip_tags( $widget_rss['title'] ) ) : ''; $show_summary = isset( $widget_rss['show_summary'] ) ? (int) $widget_rss['show_summary'] : 0; $show_author = isset( $widget_rss['show_author'] ) ? (int) $widget_rss['show_author'] : 0; $show_date = isset( $widget_rss['show_date'] ) ? (int) $widget_rss['show_date'] : 0; $error = false; $link = ''; if ( $check_feed ) { $rss = fetch_feed( $url ); if ( is_wp_error( $rss ) ) { $error = $rss->get_error_message(); } else { $link = esc_url( strip_tags( $rss->get_permalink() ) ); while ( stristr( $link, 'http' ) !== $link ) { $link = substr( $link, 1 ); } $rss->__destruct(); unset( $rss ); } } return compact( 'title', 'url', 'link', 'items', 'error', 'show_summary', 'show_author', 'show_date' ); } /** * Registers all of the default WordPress widgets on startup. * * Calls {@see 'widgets_init'} action after all of the WordPress widgets have been registered. * * @since 2.2.0 */ function wp_widgets_init() { if ( ! is_blog_installed() ) { return; } register_widget( 'WP_Widget_Pages' ); register_widget( 'WP_Widget_Calendar' ); register_widget( 'WP_Widget_Archives' ); if ( get_option( 'link_manager_enabled' ) ) { register_widget( 'WP_Widget_Links' ); } register_widget( 'WP_Widget_Media_Audio' ); register_widget( 'WP_Widget_Media_Image' ); register_widget( 'WP_Widget_Media_Gallery' ); register_widget( 'WP_Widget_Media_Video' ); register_widget( 'WP_Widget_Meta' ); register_widget( 'WP_Widget_Search' ); register_widget( 'WP_Widget_Text' ); register_widget( 'WP_Widget_Categories' ); register_widget( 'WP_Widget_Recent_Posts' ); register_widget( 'WP_Widget_Recent_Comments' ); register_widget( 'WP_Widget_RSS' ); register_widget( 'WP_Widget_Tag_Cloud' ); register_widget( 'WP_Nav_Menu_Widget' ); register_widget( 'WP_Widget_Custom_HTML' ); register_widget( 'WP_Widget_Block' ); /** * Fires after all default WordPress widgets have been registered. * * @since 2.2.0 */ do_action( 'widgets_init' ); } /** * Enables the widgets block editor. This is hooked into 'after_setup_theme' so * that the block editor is enabled by default but can be disabled by themes. * * @since 5.8.0 * * @access private */ function wp_setup_widgets_block_editor() { add_theme_support( 'widgets-block-editor' ); } /** * Determines whether or not to use the block editor to manage widgets. * Defaults to true unless a theme has removed support for widgets-block-editor * or a plugin has filtered the return value of this function. * * @since 5.8.0 * * @return bool Whether to use the block editor to manage widgets. */ function wp_use_widgets_block_editor() { /** * Filters whether to use the block editor to manage widgets. * * @since 5.8.0 * * @param bool $use_widgets_block_editor Whether to use the block editor to manage widgets. */ return apply_filters( 'use_widgets_block_editor', get_theme_support( 'widgets-block-editor' ) ); } /** * Converts a widget ID into its id_base and number components. * * @since 5.8.0 * * @param string $id Widget ID. * @return array Array containing a widget's id_base and number components. */ function wp_parse_widget_id( $id ) { $parsed = array(); if ( preg_match( '/^(.+)-(\d+)$/', $id, $matches ) ) { $parsed['id_base'] = $matches[1]; $parsed['number'] = (int) $matches[2]; } else { // Likely an old single widget. $parsed['id_base'] = $id; } return $parsed; } /** * Finds the sidebar that a given widget belongs to. * * @since 5.8.0 * * @param string $widget_id The widget ID to look for. * @return string|null The found sidebar's ID, or null if it was not found. */ function wp_find_widgets_sidebar( $widget_id ) { foreach ( wp_get_sidebars_widgets() as $sidebar_id => $widget_ids ) { foreach ( $widget_ids as $maybe_widget_id ) { if ( $maybe_widget_id === $widget_id ) { return (string) $sidebar_id; } } } return null; } /** * Assigns a widget to the given sidebar. * * @since 5.8.0 * * @param string $widget_id The widget ID to assign. * @param string $sidebar_id The sidebar ID to assign to. If empty, the widget won't be added to any sidebar. */ function wp_assign_widget_to_sidebar( $widget_id, $sidebar_id ) { $sidebars = wp_get_sidebars_widgets(); foreach ( $sidebars as $maybe_sidebar_id => $widgets ) { foreach ( $widgets as $i => $maybe_widget_id ) { if ( $widget_id === $maybe_widget_id && $sidebar_id !== $maybe_sidebar_id ) { unset( $sidebars[ $maybe_sidebar_id ][ $i ] ); // We could technically break 2 here, but continue looping in case the ID is duplicated. continue 2; } } } if ( $sidebar_id ) { $sidebars[ $sidebar_id ][] = $widget_id; } wp_set_sidebars_widgets( $sidebars ); } /** * Calls the render callback of a widget and returns the output. * * @since 5.8.0 * * @global array $wp_registered_widgets The registered widgets. * @global array $wp_registered_sidebars The registered sidebars. * * @param string $widget_id Widget ID. * @param string $sidebar_id Sidebar ID. * @return string */ function wp_render_widget( $widget_id, $sidebar_id ) { global $wp_registered_widgets, $wp_registered_sidebars; if ( ! isset( $wp_registered_widgets[ $widget_id ] ) ) { return ''; } if ( isset( $wp_registered_sidebars[ $sidebar_id ] ) ) { $sidebar = $wp_registered_sidebars[ $sidebar_id ]; } elseif ( 'wp_inactive_widgets' === $sidebar_id ) { $sidebar = array(); } else { return ''; } $params = array_merge( array( array_merge( $sidebar, array( 'widget_id' => $widget_id, 'widget_name' => $wp_registered_widgets[ $widget_id ]['name'], ) ), ), (array) $wp_registered_widgets[ $widget_id ]['params'] ); // Substitute HTML `id` and `class` attributes into `before_widget`. $classname_ = ''; foreach ( (array) $wp_registered_widgets[ $widget_id ]['classname'] as $cn ) { if ( is_string( $cn ) ) { $classname_ .= '_' . $cn; } elseif ( is_object( $cn ) ) { $classname_ .= '_' . get_class( $cn ); } } $classname_ = ltrim( $classname_, '_' ); $params[0]['before_widget'] = sprintf( $params[0]['before_widget'], $widget_id, $classname_ ); /** This filter is documented in wp-includes/widgets.php */ $params = apply_filters( 'dynamic_sidebar_params', $params ); $callback = $wp_registered_widgets[ $widget_id ]['callback']; ob_start(); /** This filter is documented in wp-includes/widgets.php */ do_action( 'dynamic_sidebar', $wp_registered_widgets[ $widget_id ] ); if ( is_callable( $callback ) ) { call_user_func_array( $callback, $params ); } return ob_get_clean(); } /** * Calls the control callback of a widget and returns the output. * * @since 5.8.0 * * @global array $wp_registered_widget_controls The registered widget controls. * * @param string $id Widget ID. * @return string|null */ function wp_render_widget_control( $id ) { global $wp_registered_widget_controls; if ( ! isset( $wp_registered_widget_controls[ $id ]['callback'] ) ) { return null; } $callback = $wp_registered_widget_controls[ $id ]['callback']; $params = $wp_registered_widget_controls[ $id ]['params']; ob_start(); if ( is_callable( $callback ) ) { call_user_func_array( $callback, $params ); } return ob_get_clean(); } /** * Displays a _doing_it_wrong() message for conflicting widget editor scripts. * * The 'wp-editor' script module is exposed as window.wp.editor. This overrides * the legacy TinyMCE editor module which is required by the widgets editor. * Because of that conflict, these two shouldn't be enqueued together. * See https://core.trac.wordpress.org/ticket/53569. * * There is also another conflict related to styles where the block widgets * editor is hidden if a block enqueues 'wp-edit-post' stylesheet. * See https://core.trac.wordpress.org/ticket/53569. * * @since 5.8.0 * @access private * * @global WP_Scripts $wp_scripts * @global WP_Styles $wp_styles */ function wp_check_widget_editor_deps() { global $wp_scripts, $wp_styles; if ( $wp_scripts->query( 'wp-edit-widgets', 'enqueued' ) || $wp_scripts->query( 'wp-customize-widgets', 'enqueued' ) ) { if ( $wp_scripts->query( 'wp-editor', 'enqueued' ) ) { _doing_it_wrong( 'wp_enqueue_script()', sprintf( /* translators: 1: 'wp-editor', 2: 'wp-edit-widgets', 3: 'wp-customize-widgets'. */ __( '"%1$s" script should not be enqueued together with the new widgets editor (%2$s or %3$s).' ), 'wp-editor', 'wp-edit-widgets', 'wp-customize-widgets' ), '5.8.0' ); } if ( $wp_styles->query( 'wp-edit-post', 'enqueued' ) ) { _doing_it_wrong( 'wp_enqueue_style()', sprintf( /* translators: 1: 'wp-edit-post', 2: 'wp-edit-widgets', 3: 'wp-customize-widgets'. */ __( '"%1$s" style should not be enqueued together with the new widgets editor (%2$s or %3$s).' ), 'wp-edit-post', 'wp-edit-widgets', 'wp-customize-widgets' ), '5.8.0' ); } } } /** * Registers the previous theme's sidebars for the block themes. * * @since 6.2.0 * @access private * * @global array $wp_registered_sidebars The registered sidebars. */ function _wp_block_theme_register_classic_sidebars() { global $wp_registered_sidebars; if ( ! wp_is_block_theme() ) { return; } $classic_sidebars = get_theme_mod( 'wp_classic_sidebars' ); if ( empty( $classic_sidebars ) ) { return; } // Don't use `register_sidebar` since it will enable the `widgets` support for a theme. foreach ( $classic_sidebars as $sidebar ) { $wp_registered_sidebars[ $sidebar['id'] ] = $sidebar; } } https-migration-20260605032501.php 0000666 00000011205 15225166143 0011773 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605135853.php 0000666 00000011205 15225166143 0012011 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } feed-rss2-comments.php 0000666 00000010050 15225166143 0010677 0 ustar 00 <?php /** * RSS2 Feed Template for displaying RSS2 Comments feed. * * @package WordPress */ header( 'Content-Type: ' . feed_content_type( 'rss2' ) . '; charset=' . get_option( 'blog_charset' ), true ); echo '<?xml version="1.0" encoding="' . get_option( 'blog_charset' ) . '"?' . '>'; /** This action is documented in wp-includes/feed-rss2.php */ do_action( 'rss_tag_pre', 'rss2-comments' ); ?> <rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" <?php /** This action is documented in wp-includes/feed-rss2.php */ do_action( 'rss2_ns' ); ?> <?php /** * Fires at the end of the RSS root to add namespaces. * * @since 2.8.0 */ do_action( 'rss2_comments_ns' ); ?> > <channel> <title> <?php if ( is_singular() ) { /* translators: Comments feed title. %s: Post title. */ printf( ent2ncr( __( 'Comments on: %s' ) ), get_the_title_rss() ); } elseif ( is_search() ) { /* translators: Comments feed title. 1: Site title, 2: Search query. */ printf( ent2ncr( __( 'Comments for %1$s searching on %2$s' ) ), get_bloginfo_rss( 'name' ), get_search_query() ); } else { /* translators: Comments feed title. %s: Site title. */ printf( ent2ncr( __( 'Comments for %s' ) ), get_wp_title_rss() ); } ?> </title> <atom:link href="<?php self_link(); ?>" rel="self" type="application/rss+xml" /> <link><?php ( is_single() ) ? the_permalink_rss() : bloginfo_rss( 'url' ); ?></link> <description><?php bloginfo_rss( 'description' ); ?></description> <lastBuildDate><?php echo get_feed_build_date( 'r' ); ?></lastBuildDate> <sy:updatePeriod> <?php /** This filter is documented in wp-includes/feed-rss2.php */ echo apply_filters( 'rss_update_period', 'hourly' ); ?> </sy:updatePeriod> <sy:updateFrequency> <?php /** This filter is documented in wp-includes/feed-rss2.php */ echo apply_filters( 'rss_update_frequency', '1' ); ?> </sy:updateFrequency> <?php /** * Fires at the end of the RSS2 comment feed header. * * @since 2.3.0 */ do_action( 'commentsrss2_head' ); while ( have_comments() ) : the_comment(); $comment_post = get_post( $comment->comment_post_ID ); /** * @global WP_Post $post Global post object. */ $GLOBALS['post'] = $comment_post; ?> <item> <title> <?php if ( ! is_singular() ) { $title = get_the_title( $comment_post->ID ); /** This filter is documented in wp-includes/feed.php */ $title = apply_filters( 'the_title_rss', $title ); /* translators: Individual comment title. 1: Post title, 2: Comment author name. */ printf( ent2ncr( __( 'Comment on %1$s by %2$s' ) ), $title, get_comment_author_rss() ); } else { /* translators: Comment author title. %s: Comment author name. */ printf( ent2ncr( __( 'By: %s' ) ), get_comment_author_rss() ); } ?> </title> <link><?php comment_link(); ?></link> <dc:creator><![CDATA[<?php echo get_comment_author_rss(); ?>]]></dc:creator> <pubDate><?php echo mysql2date( 'D, d M Y H:i:s +0000', get_comment_time( 'Y-m-d H:i:s', true, false ), false ); ?></pubDate> <guid isPermaLink="false"><?php comment_guid(); ?></guid> <?php if ( post_password_required( $comment_post ) ) : ?> <description><?php echo ent2ncr( __( 'Protected Comments: Please enter your password to view comments.' ) ); ?></description> <content:encoded><![CDATA[<?php echo get_the_password_form(); ?>]]></content:encoded> <?php else : ?> <description><![CDATA[<?php comment_text_rss(); ?>]]></description> <content:encoded><![CDATA[<?php comment_text(); ?>]]></content:encoded> <?php endif; // End if post_password_required(). ?> <?php /** * Fires at the end of each RSS2 comment feed item. * * @since 2.1.0 * * @param int $comment_id The ID of the comment being displayed. * @param int $comment_post_id The ID of the post the comment is connected to. */ do_action( 'commentrss2_item', $comment->comment_ID, $comment_post->ID ); ?> </item> <?php endwhile; ?> </channel> </rss> https-detection-20260605081605.php 0000666 00000013341 15225166143 0011774 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } session.php 0000666 00000000402 15225166143 0006745 0 ustar 00 <?php /** * Session API * * @since 4.0.0 * @deprecated 4.7.0 */ _deprecated_file( basename( __FILE__ ), '4.7.0' ); require_once ABSPATH . WPINC . '/class-wp-session-tokens.php'; require_once ABSPATH . WPINC . '/class-wp-user-meta-session-tokens.php'; wp-diff.php 0000666 00000001437 15225166143 0006627 0 ustar 00 <?php /** * WordPress Diff bastard child of old MediaWiki Diff Formatter. * * Basically all that remains is the table structure and some method names. * * @package WordPress * @subpackage Diff */ // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } if ( ! class_exists( 'Text_Diff', false ) ) { /** Text_Diff class */ require ABSPATH . WPINC . '/Text/Diff.php'; /** Text_Diff_Renderer class */ require ABSPATH . WPINC . '/Text/Diff/Renderer.php'; /** Text_Diff_Renderer_inline class */ require ABSPATH . WPINC . '/Text/Diff/Renderer/inline.php'; /** Text_Exception class */ require ABSPATH . WPINC . '/Text/Exception.php'; } require ABSPATH . WPINC . '/class-wp-text-diff-renderer-table.php'; require ABSPATH . WPINC . '/class-wp-text-diff-renderer-inline.php'; custom-classname.php 0000666 00000003213 15225166143 0010543 0 ustar 00 <?php /** * Custom classname block support flag. * * @package WordPress * @since 5.6.0 */ /** * Registers the custom classname block attribute for block types that support it. * * @since 5.6.0 * @access private * * @param WP_Block_Type $block_type Block Type. */ function wp_register_custom_classname_support( $block_type ) { $has_custom_classname_support = block_has_support( $block_type, 'customClassName', true ); if ( $has_custom_classname_support ) { if ( ! $block_type->attributes ) { $block_type->attributes = array(); } if ( ! array_key_exists( 'className', $block_type->attributes ) ) { $block_type->attributes['className'] = array( 'type' => 'string', ); } } } /** * Adds the custom classnames to the output. * * @since 5.6.0 * @access private * * @param WP_Block_Type $block_type Block Type. * @param array $block_attributes Block attributes. * * @return array Block CSS classes and inline styles. */ function wp_apply_custom_classname_support( $block_type, $block_attributes ) { $has_custom_classname_support = block_has_support( $block_type, 'customClassName', true ); $attributes = array(); if ( $has_custom_classname_support ) { $has_custom_classnames = array_key_exists( 'className', $block_attributes ); if ( $has_custom_classnames ) { $attributes['class'] = $block_attributes['className']; } } return $attributes; } // Register the block support. WP_Block_Supports::get_instance()->register( 'custom-classname', array( 'register_attribute' => 'wp_register_custom_classname_support', 'apply' => 'wp_apply_custom_classname_support', ) ); https-migration-20260605104232.php 0000666 00000011205 15225166143 0011774 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } class-wp-hook.php 0000666 00000040442 15225166143 0007761 0 ustar 00 <?php /** * Plugin API: WP_Hook class * * @package WordPress * @subpackage Plugin * @since 4.7.0 */ /** * Core class used to implement action and filter hook functionality. * * @since 4.7.0 * * @see Iterator * @see ArrayAccess */ #[AllowDynamicProperties] final class WP_Hook implements Iterator, ArrayAccess { /** * Hook callbacks. * * @since 4.7.0 * @var array */ public $callbacks = array(); /** * Priorities list. * * @since 6.4.0 * @var array */ protected $priorities = array(); /** * The priority keys of actively running iterations of a hook. * * @since 4.7.0 * @var array */ private $iterations = array(); /** * The current priority of actively running iterations of a hook. * * @since 4.7.0 * @var array */ private $current_priority = array(); /** * Number of levels this hook can be recursively called. * * @since 4.7.0 * @var int */ private $nesting_level = 0; /** * Flag for if we're currently doing an action, rather than a filter. * * @since 4.7.0 * @var bool */ private $doing_action = false; /** * Adds a callback function to a filter hook. * * @since 4.7.0 * * @param string $hook_name The name of the filter to add the callback to. * @param callable $callback The callback to be run when the filter is applied. * @param int $priority The order in which the functions associated with a particular filter * are executed. Lower numbers correspond with earlier execution, * and functions with the same priority are executed in the order * in which they were added to the filter. * @param int $accepted_args The number of arguments the function accepts. */ public function add_filter( $hook_name, $callback, $priority, $accepted_args ) { if ( null === $priority ) { $priority = 0; } $idx = _wp_filter_build_unique_id( $hook_name, $callback, $priority ); $priority_existed = isset( $this->callbacks[ $priority ] ); $this->callbacks[ $priority ][ $idx ] = array( 'function' => $callback, 'accepted_args' => (int) $accepted_args, ); // If we're adding a new priority to the list, put them back in sorted order. if ( ! $priority_existed && count( $this->callbacks ) > 1 ) { ksort( $this->callbacks, SORT_NUMERIC ); } $this->priorities = array_keys( $this->callbacks ); if ( $this->nesting_level > 0 ) { $this->resort_active_iterations( $priority, $priority_existed ); } } /** * Handles resetting callback priority keys mid-iteration. * * @since 4.7.0 * * @param false|int $new_priority Optional. The priority of the new filter being added. Default false, * for no priority being added. * @param bool $priority_existed Optional. Flag for whether the priority already existed before the new * filter was added. Default false. */ private function resort_active_iterations( $new_priority = false, $priority_existed = false ) { $new_priorities = $this->priorities; // If there are no remaining hooks, clear out all running iterations. if ( ! $new_priorities ) { foreach ( $this->iterations as $index => $iteration ) { $this->iterations[ $index ] = $new_priorities; } return; } $min = min( $new_priorities ); foreach ( $this->iterations as $index => &$iteration ) { $current = current( $iteration ); // If we're already at the end of this iteration, just leave the array pointer where it is. if ( false === $current ) { continue; } $iteration = $new_priorities; if ( $current < $min ) { array_unshift( $iteration, $current ); continue; } while ( current( $iteration ) < $current ) { if ( false === next( $iteration ) ) { break; } } // If we have a new priority that didn't exist, but ::apply_filters() or ::do_action() thinks it's the current priority... if ( $new_priority === $this->current_priority[ $index ] && ! $priority_existed ) { /* * ...and the new priority is the same as what $this->iterations thinks is the previous * priority, we need to move back to it. */ if ( false === current( $iteration ) ) { // If we've already moved off the end of the array, go back to the last element. $prev = end( $iteration ); } else { // Otherwise, just go back to the previous element. $prev = prev( $iteration ); } if ( false === $prev ) { // Start of the array. Reset, and go about our day. reset( $iteration ); } elseif ( $new_priority !== $prev ) { // Previous wasn't the same. Move forward again. next( $iteration ); } } } unset( $iteration ); } /** * Removes a callback function from a filter hook. * * @since 4.7.0 * * @param string $hook_name The filter hook to which the function to be removed is hooked. * @param callable|string|array $callback The callback to be removed from running when the filter is applied. * This method can be called unconditionally to speculatively remove * a callback that may or may not exist. * @param int $priority The exact priority used when adding the original filter callback. * @return bool Whether the callback existed before it was removed. */ public function remove_filter( $hook_name, $callback, $priority ) { if ( null === $priority ) { $priority = 0; } $function_key = _wp_filter_build_unique_id( $hook_name, $callback, $priority ); $exists = isset( $function_key, $this->callbacks[ $priority ][ $function_key ] ); if ( $exists ) { unset( $this->callbacks[ $priority ][ $function_key ] ); if ( ! $this->callbacks[ $priority ] ) { unset( $this->callbacks[ $priority ] ); $this->priorities = array_keys( $this->callbacks ); if ( $this->nesting_level > 0 ) { $this->resort_active_iterations(); } } } return $exists; } /** * Checks if a specific callback has been registered for this hook. * * When using the `$callback` argument, this function may return a non-boolean value * that evaluates to false (e.g. 0), so use the `===` operator for testing the return value. * * @since 4.7.0 * @since 6.9.0 Added the `$priority` parameter. * * @param string $hook_name Optional. The name of the filter hook. Default empty. * @param callable|string|array|false $callback Optional. The callback to check for. * This method can be called unconditionally to speculatively check * a callback that may or may not exist. Default false. * @param int|false $priority Optional. The specific priority at which to check for the callback. * Default false. * @return bool|int If `$callback` is omitted, returns boolean for whether the hook has * anything registered. When checking a specific function, the priority * of that hook is returned, or false if the function is not attached. * If `$callback` and `$priority` are both provided, a boolean is returned * for whether the specific function is registered at that priority. */ public function has_filter( $hook_name = '', $callback = false, $priority = false ) { if ( false === $callback ) { return $this->has_filters(); } $function_key = _wp_filter_build_unique_id( $hook_name, $callback, false ); if ( ! $function_key ) { return false; } if ( is_int( $priority ) ) { return isset( $this->callbacks[ $priority ][ $function_key ] ); } foreach ( $this->callbacks as $callback_priority => $callbacks ) { if ( isset( $callbacks[ $function_key ] ) ) { return $callback_priority; } } return false; } /** * Checks if any callbacks have been registered for this hook. * * @since 4.7.0 * * @return bool True if callbacks have been registered for the current hook, otherwise false. */ public function has_filters() { foreach ( $this->callbacks as $callbacks ) { if ( $callbacks ) { return true; } } return false; } /** * Removes all callbacks from the current filter. * * @since 4.7.0 * * @param int|false $priority Optional. The priority number to remove. Default false. */ public function remove_all_filters( $priority = false ) { if ( ! $this->callbacks ) { return; } if ( false === $priority ) { $this->callbacks = array(); $this->priorities = array(); } elseif ( isset( $this->callbacks[ $priority ] ) ) { unset( $this->callbacks[ $priority ] ); $this->priorities = array_keys( $this->callbacks ); } if ( $this->nesting_level > 0 ) { $this->resort_active_iterations(); } } /** * Calls the callback functions that have been added to a filter hook. * * @since 4.7.0 * * @param mixed $value The value to filter. * @param array $args Additional parameters to pass to the callback functions. * This array is expected to include $value at index 0. * @return mixed The filtered value after all hooked functions are applied to it. */ public function apply_filters( $value, $args ) { if ( ! $this->callbacks ) { return $value; } $nesting_level = $this->nesting_level++; $this->iterations[ $nesting_level ] = $this->priorities; $num_args = count( $args ); do { $this->current_priority[ $nesting_level ] = current( $this->iterations[ $nesting_level ] ); $priority = $this->current_priority[ $nesting_level ]; foreach ( $this->callbacks[ $priority ] as $the_ ) { if ( ! $this->doing_action ) { $args[0] = $value; } // Avoid the array_slice() if possible. if ( 0 === $the_['accepted_args'] ) { $value = call_user_func( $the_['function'] ); } elseif ( $the_['accepted_args'] >= $num_args ) { $value = call_user_func_array( $the_['function'], $args ); } else { $value = call_user_func_array( $the_['function'], array_slice( $args, 0, $the_['accepted_args'] ) ); } } } while ( false !== next( $this->iterations[ $nesting_level ] ) ); unset( $this->iterations[ $nesting_level ] ); unset( $this->current_priority[ $nesting_level ] ); --$this->nesting_level; return $value; } /** * Calls the callback functions that have been added to an action hook. * * @since 4.7.0 * * @param array $args Parameters to pass to the callback functions. */ public function do_action( $args ) { $this->doing_action = true; $this->apply_filters( '', $args ); // If there are recursive calls to the current action, we haven't finished it until we get to the last one. if ( ! $this->nesting_level ) { $this->doing_action = false; } } /** * Processes the functions hooked into the 'all' hook. * * @since 4.7.0 * * @param array $args Arguments to pass to the hook callbacks. Passed by reference. */ public function do_all_hook( &$args ) { $nesting_level = $this->nesting_level++; $this->iterations[ $nesting_level ] = $this->priorities; do { $priority = current( $this->iterations[ $nesting_level ] ); foreach ( $this->callbacks[ $priority ] as $the_ ) { call_user_func_array( $the_['function'], $args ); } } while ( false !== next( $this->iterations[ $nesting_level ] ) ); unset( $this->iterations[ $nesting_level ] ); --$this->nesting_level; } /** * Return the current priority level of the currently running iteration of the hook. * * @since 4.7.0 * * @return int|false If the hook is running, return the current priority level. * If it isn't running, return false. */ public function current_priority() { if ( false === current( $this->iterations ) ) { return false; } return current( current( $this->iterations ) ); } /** * Normalizes filters set up before WordPress has initialized to WP_Hook objects. * * The `$filters` parameter should be an array keyed by hook name, with values * containing either: * * - A `WP_Hook` instance * - An array of callbacks keyed by their priorities * * Examples: * * $filters = array( * 'wp_fatal_error_handler_enabled' => array( * 10 => array( * array( * 'accepted_args' => 0, * 'function' => function() { * return false; * }, * ), * ), * ), * ); * * @since 4.7.0 * * @param array $filters Filters to normalize. See documentation above for details. * @return WP_Hook[] Array of normalized filters. */ public static function build_preinitialized_hooks( $filters ) { /** @var WP_Hook[] $normalized */ $normalized = array(); foreach ( $filters as $hook_name => $callback_groups ) { if ( $callback_groups instanceof WP_Hook ) { $normalized[ $hook_name ] = $callback_groups; continue; } $hook = new WP_Hook(); // Loop through callback groups. foreach ( $callback_groups as $priority => $callbacks ) { // Loop through callbacks. foreach ( $callbacks as $cb ) { $hook->add_filter( $hook_name, $cb['function'], $priority, $cb['accepted_args'] ); } } $normalized[ $hook_name ] = $hook; } return $normalized; } /** * Determines whether an offset value exists. * * @since 4.7.0 * * @link https://www.php.net/manual/en/arrayaccess.offsetexists.php * * @param mixed $offset An offset to check for. * @return bool True if the offset exists, false otherwise. */ #[ReturnTypeWillChange] public function offsetExists( $offset ) { return isset( $this->callbacks[ $offset ] ); } /** * Retrieves a value at a specified offset. * * @since 4.7.0 * * @link https://www.php.net/manual/en/arrayaccess.offsetget.php * * @param mixed $offset The offset to retrieve. * @return mixed If set, the value at the specified offset, null otherwise. */ #[ReturnTypeWillChange] public function offsetGet( $offset ) { return isset( $this->callbacks[ $offset ] ) ? $this->callbacks[ $offset ] : null; } /** * Sets a value at a specified offset. * * @since 4.7.0 * * @link https://www.php.net/manual/en/arrayaccess.offsetset.php * * @param mixed $offset The offset to assign the value to. * @param mixed $value The value to set. */ #[ReturnTypeWillChange] public function offsetSet( $offset, $value ) { if ( is_null( $offset ) ) { $this->callbacks[] = $value; } else { $this->callbacks[ $offset ] = $value; } $this->priorities = array_keys( $this->callbacks ); } /** * Unsets a specified offset. * * @since 4.7.0 * * @link https://www.php.net/manual/en/arrayaccess.offsetunset.php * * @param mixed $offset The offset to unset. */ #[ReturnTypeWillChange] public function offsetUnset( $offset ) { unset( $this->callbacks[ $offset ] ); $this->priorities = array_keys( $this->callbacks ); } /** * Returns the current element. * * @since 4.7.0 * * @link https://www.php.net/manual/en/iterator.current.php * * @return array Of callbacks at current priority. */ #[ReturnTypeWillChange] public function current() { return current( $this->callbacks ); } /** * Moves forward to the next element. * * @since 4.7.0 * * @link https://www.php.net/manual/en/iterator.next.php * * @return array Of callbacks at next priority. */ #[ReturnTypeWillChange] public function next() { return next( $this->callbacks ); } /** * Returns the key of the current element. * * @since 4.7.0 * * @link https://www.php.net/manual/en/iterator.key.php * * @return mixed Returns current priority on success, or NULL on failure */ #[ReturnTypeWillChange] public function key() { return key( $this->callbacks ); } /** * Checks if current position is valid. * * @since 4.7.0 * * @link https://www.php.net/manual/en/iterator.valid.php * * @return bool Whether the current position is valid. */ #[ReturnTypeWillChange] public function valid() { return key( $this->callbacks ) !== null; } /** * Rewinds the Iterator to the first element. * * @since 4.7.0 * * @link https://www.php.net/manual/en/iterator.rewind.php */ #[ReturnTypeWillChange] public function rewind() { reset( $this->callbacks ); } } https-migration-20260622024947.php 0000666 00000011205 15225166143 0012011 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605052952.php 0000666 00000011205 15225166143 0012007 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } settings.php 0000666 00000011025 15225166143 0007125 0 ustar 00 <?php /** * Block level presets support. * * @package WordPress * @since 6.2.0 */ /** * Get the class name used on block level presets. * * @internal * * @since 6.2.0 * @access private * * @param array $block Block object. * @return string The unique class name. */ function _wp_get_presets_class_name( $block ) { return 'wp-settings-' . md5( serialize( $block ) ); } /** * Update the block content with block level presets class name. * * @internal * * @since 6.2.0 * @access private * * @param string $block_content Rendered block content. * @param array $block Block object. * @return string Filtered block content. */ function _wp_add_block_level_presets_class( $block_content, $block ) { if ( ! $block_content ) { return $block_content; } // return early if the block doesn't have support for settings. $block_type = WP_Block_Type_Registry::get_instance()->get_registered( $block['blockName'] ); if ( ! block_has_support( $block_type, '__experimentalSettings', false ) ) { return $block_content; } // return early if no settings are found on the block attributes. $block_settings = isset( $block['attrs']['settings'] ) ? $block['attrs']['settings'] : null; if ( empty( $block_settings ) ) { return $block_content; } // Like the layout hook this assumes the hook only applies to blocks with a single wrapper. // Add the class name to the first element, presuming it's the wrapper, if it exists. $tags = new WP_HTML_Tag_Processor( $block_content ); if ( $tags->next_tag() ) { $tags->add_class( _wp_get_presets_class_name( $block ) ); } return $tags->get_updated_html(); } /** * Render the block level presets stylesheet. * * @internal * * @since 6.2.0 * @since 6.3.0 Updated preset styles to use Selectors API. * @access private * * @param string|null $pre_render The pre-rendered content. Default null. * @param array $block The block being rendered. * * @return null */ function _wp_add_block_level_preset_styles( $pre_render, $block ) { // Return early if the block has not support for descendent block styles. $block_type = WP_Block_Type_Registry::get_instance()->get_registered( $block['blockName'] ); if ( ! block_has_support( $block_type, '__experimentalSettings', false ) ) { return null; } // return early if no settings are found on the block attributes. $block_settings = isset( $block['attrs']['settings'] ) ? $block['attrs']['settings'] : null; if ( empty( $block_settings ) ) { return null; } $class_name = '.' . _wp_get_presets_class_name( $block ); // the root selector for preset variables needs to target every possible block selector // in order for the general setting to override any bock specific setting of a parent block or // the site root. $variables_root_selector = '*,[class*="wp-block"]'; $registry = WP_Block_Type_Registry::get_instance(); $blocks = $registry->get_all_registered(); foreach ( $blocks as $block_type ) { /* * We only want to append selectors for blocks using custom selectors * i.e. not `wp-block-<name>`. */ $has_custom_selector = ( isset( $block_type->supports['__experimentalSelector'] ) && is_string( $block_type->supports['__experimentalSelector'] ) ) || ( isset( $block_type->selectors['root'] ) && is_string( $block_type->selectors['root'] ) ); if ( $has_custom_selector ) { $variables_root_selector .= ',' . wp_get_block_css_selector( $block_type ); } } $variables_root_selector = WP_Theme_JSON::scope_selector( $class_name, $variables_root_selector ); // Remove any potentially unsafe styles. $theme_json_shape = WP_Theme_JSON::remove_insecure_properties( array( 'version' => WP_Theme_JSON::LATEST_SCHEMA, 'settings' => $block_settings, ) ); $theme_json_object = new WP_Theme_JSON( $theme_json_shape ); $styles = ''; // include preset css variables declaration on the stylesheet. $styles .= $theme_json_object->get_stylesheet( array( 'variables' ), null, array( 'root_selector' => $variables_root_selector, 'scope' => $class_name, ) ); // include preset css classes on the the stylesheet. $styles .= $theme_json_object->get_stylesheet( array( 'presets' ), null, array( 'root_selector' => $class_name . ',' . $class_name . ' *', 'scope' => $class_name, ) ); if ( ! empty( $styles ) ) { wp_enqueue_block_support_styles( $styles ); } return null; } add_filter( 'render_block', '_wp_add_block_level_presets_class', 10, 2 ); add_filter( 'pre_render_block', '_wp_add_block_level_preset_styles', 10, 2 ); duotone.php 0000666 00000005253 15225166143 0006750 0 ustar 00 <?php /** * Duotone block support flag. * * Parts of this source were derived and modified from TinyColor, * released under the MIT license. * * https://github.com/bgrins/TinyColor * * Copyright (c), Brian Grinstead, http://briangrinstead.com * * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files (the * "Software"), to deal in the Software without restriction, including * without limitation the rights to use, copy, modify, merge, publish, * distribute, sublicense, and/or sell copies of the Software, and to * permit persons to whom the Software is furnished to do so, subject to * the following conditions: * * The above copyright notice and this permission notice shall be * included in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. * * @package WordPress * @since 5.8.0 */ // Register the block support. WP_Block_Supports::get_instance()->register( 'duotone', array( 'register_attribute' => array( 'WP_Duotone', 'register_duotone_support' ), ) ); // Add classnames to blocks using duotone support. add_filter( 'render_block', array( 'WP_Duotone', 'render_duotone_support' ), 10, 3 ); add_filter( 'render_block_core/image', array( 'WP_Duotone', 'restore_image_outer_container' ), 10, 1 ); // Enqueue styles. // Block styles (core-block-supports-inline-css) before the style engine (wp_enqueue_stored_styles). // Global styles (global-styles-inline-css) after the other global styles (wp_enqueue_global_styles). add_action( 'wp_enqueue_scripts', array( 'WP_Duotone', 'output_block_styles' ), 9 ); add_action( 'wp_enqueue_scripts', array( 'WP_Duotone', 'output_global_styles' ), 11 ); // Add SVG filters to the footer. Also, for classic themes, output block styles (core-block-supports-inline-css). add_action( 'wp_footer', array( 'WP_Duotone', 'output_footer_assets' ), 10 ); // Add styles and SVGs for use in the editor via the EditorStyles component. add_filter( 'block_editor_settings_all', array( 'WP_Duotone', 'add_editor_settings' ), 10 ); // Migrate the old experimental duotone support flag. add_filter( 'block_type_metadata_settings', array( 'WP_Duotone', 'migrate_experimental_duotone_support_flag' ), 10, 2 ); utils.php 0000666 00000001763 15225166143 0006435 0 ustar 00 <?php /** * Block support utility functions. * * @package WordPress * @subpackage Block Supports * @since 6.0.0 */ /** * Checks whether serialization of the current block's supported properties * should occur. * * @since 6.0.0 * @access private * * @param WP_Block_Type $block_type Block type. * @param string $feature_set Name of block support feature set.. * @param string $feature Optional name of individual feature to check. * * @return bool Whether to serialize block support styles & classes. */ function wp_should_skip_block_supports_serialization( $block_type, $feature_set, $feature = null ) { if ( ! is_object( $block_type ) || ! $feature_set ) { return false; } $path = array( $feature_set, '__experimentalSkipSerialization' ); $skip_serialization = _wp_array_get( $block_type->supports, $path, false ); if ( is_array( $skip_serialization ) ) { return in_array( $feature, $skip_serialization, true ); } return $skip_serialization; } class-wp-scripts.php 0000666 00000104060 15225166143 0010505 0 ustar 00 <?php /** * Dependencies API: WP_Scripts class * * @since 2.6.0 * * @package WordPress * @subpackage Dependencies */ /** * Core class used to register scripts. * * @since 2.1.0 * * @see WP_Dependencies */ class WP_Scripts extends WP_Dependencies { /** * Base URL for scripts. * * Full URL with trailing slash. * * @since 2.6.0 * @var string */ public $base_url; /** * URL of the content directory. * * @since 2.8.0 * @var string */ public $content_url; /** * Default version string for scripts. * * @since 2.6.0 * @var string */ public $default_version; /** * Holds handles of scripts which are enqueued in footer. * * @since 2.8.0 * @var array */ public $in_footer = array(); /** * Holds a list of script handles which will be concatenated. * * @since 2.8.0 * @var string */ public $concat = ''; /** * Holds a string which contains script handles and their version. * * @since 2.8.0 * @deprecated 3.4.0 * @var string */ public $concat_version = ''; /** * Whether to perform concatenation. * * @since 2.8.0 * @var bool */ public $do_concat = false; /** * Holds HTML markup of scripts and additional data if concatenation * is enabled. * * @since 2.8.0 * @var string */ public $print_html = ''; /** * Holds inline code if concatenation is enabled. * * @since 2.8.0 * @var string */ public $print_code = ''; /** * Holds a list of script handles which are not in the default directory * if concatenation is enabled. * * Unused in core. * * @since 2.8.0 * @var string */ public $ext_handles = ''; /** * Holds a string which contains handles and versions of scripts which * are not in the default directory if concatenation is enabled. * * Unused in core. * * @since 2.8.0 * @var string */ public $ext_version = ''; /** * List of default directories. * * @since 2.8.0 * @var array */ public $default_dirs; /** * Holds a mapping of dependents (as handles) for a given script handle. * Used to optimize recursive dependency tree checks. * * @since 6.3.0 * @var array<string, string[]> */ private $dependents_map = array(); /** * Holds a reference to the delayed (non-blocking) script loading strategies. * Used by methods that validate loading strategies. * * @since 6.3.0 * @var string[] */ private $delayed_strategies = array( 'defer', 'async' ); /** * Constructor. * * @since 2.6.0 */ public function __construct() { $this->init(); add_action( 'init', array( $this, 'init' ), 0 ); } /** * Initialize the class. * * @since 3.4.0 */ public function init() { /** * Fires when the WP_Scripts instance is initialized. * * @since 2.6.0 * * @param WP_Scripts $wp_scripts WP_Scripts instance (passed by reference). */ do_action_ref_array( 'wp_default_scripts', array( &$this ) ); } /** * Prints scripts. * * Prints the scripts passed to it or the print queue. Also prints all necessary dependencies. * * @since 2.1.0 * @since 2.8.0 Added the `$group` parameter. * * @param string|string[]|false $handles Optional. Scripts to be printed: queue (false), * single script (string), or multiple scripts (array of strings). * Default false. * @param int|false $group Optional. Group level: level (int), no groups (false). * Default false. * @return string[] Handles of scripts that have been printed. */ public function print_scripts( $handles = false, $group = false ) { return $this->do_items( $handles, $group ); } /** * Prints extra scripts of a registered script. * * @since 2.1.0 * @since 2.8.0 Added the `$display` parameter. * @deprecated 3.3.0 * * @see print_extra_script() * * @param string $handle The script's registered handle. * @param bool $display Optional. Whether to print the extra script * instead of just returning it. Default true. * @return bool|string|void Void if no data exists, extra scripts if `$display` is true, * true otherwise. */ public function print_scripts_l10n( $handle, $display = true ) { _deprecated_function( __FUNCTION__, '3.3.0', 'WP_Scripts::print_extra_script()' ); return $this->print_extra_script( $handle, $display ); } /** * Prints extra scripts of a registered script. * * @since 3.3.0 * * @param string $handle The script's registered handle. * @param bool $display Optional. Whether to print the extra script * instead of just returning it. Default true. * @return bool|string|void Void if no data exists, extra scripts if `$display` is true, * true otherwise. */ public function print_extra_script( $handle, $display = true ) { $output = $this->get_data( $handle, 'data' ); if ( ! $output ) { return; } /* * Do not print a sourceURL comment if concatenation is enabled. * * Extra scripts may be concatenated into a single script. * The line-based sourceURL comments may break concatenated scripts * and do not make sense when multiple scripts are joined together. */ if ( ! $this->do_concat ) { $output .= sprintf( "\n//# sourceURL=%s", rawurlencode( "{$handle}-js-extra" ) ); } if ( ! $display ) { return $output; } wp_print_inline_script_tag( $output, array( 'id' => "{$handle}-js-extra" ) ); return true; } /** * Checks whether all dependents of a given handle are in the footer. * * If there are no dependents, this is considered the same as if all dependents were in the footer. * * @since 6.4.0 * * @param string $handle Script handle. * @return bool Whether all dependents are in the footer. */ private function are_all_dependents_in_footer( $handle ) { foreach ( $this->get_dependents( $handle ) as $dep ) { if ( isset( $this->groups[ $dep ] ) && 0 === $this->groups[ $dep ] ) { return false; } } return true; } /** * Processes a script dependency. * * @since 2.6.0 * @since 2.8.0 Added the `$group` parameter. * * @see WP_Dependencies::do_item() * * @param string $handle The script's registered handle. * @param int|false $group Optional. Group level: level (int), no groups (false). * Default false. * @return bool True on success, false on failure. */ public function do_item( $handle, $group = false ) { if ( ! parent::do_item( $handle ) ) { return false; } if ( 0 === $group && $this->groups[ $handle ] > 0 ) { $this->in_footer[] = $handle; return false; } if ( false === $group && in_array( $handle, $this->in_footer, true ) ) { $this->in_footer = array_diff( $this->in_footer, (array) $handle ); } $obj = $this->registered[ $handle ]; if ( $obj->extra['conditional'] ?? false ) { return false; } if ( null === $obj->ver ) { $ver = ''; } else { $ver = $obj->ver ? $obj->ver : $this->default_version; } if ( isset( $this->args[ $handle ] ) ) { $ver = $ver ? $ver . '&' . $this->args[ $handle ] : $this->args[ $handle ]; } $src = $obj->src; $strategy = $this->get_eligible_loading_strategy( $handle ); $intended_strategy = (string) $this->get_data( $handle, 'strategy' ); if ( ! $this->is_delayed_strategy( $intended_strategy ) ) { $intended_strategy = ''; } /* * Move this script to the footer if: * 1. The script is in the header group. * 2. The current output is the header. * 3. The intended strategy is delayed. * 4. The actual strategy is not delayed. * 5. All dependent scripts are in the footer. */ if ( 0 === $group && 0 === $this->groups[ $handle ] && $intended_strategy && ! $this->is_delayed_strategy( $strategy ) && $this->are_all_dependents_in_footer( $handle ) ) { $this->in_footer[] = $handle; return false; } $before_script = $this->get_inline_script_tag( $handle, 'before' ); $after_script = $this->get_inline_script_tag( $handle, 'after' ); if ( $before_script || $after_script ) { $inline_script_tag = $before_script . $after_script; } else { $inline_script_tag = ''; } /* * Prevent concatenation of scripts if the text domain is defined * to ensure the dependency order is respected. */ $translations_stop_concat = ! empty( $obj->textdomain ); $translations = $this->print_translations( $handle, false ); if ( $translations ) { /* * The sourceURL comment is not included by WP_Scripts::print_translations() * when `$display` is `false` to prevent issues where the script tag contents are used * by extenders for other purposes, for example concatenated with other script content. * * Include the sourceURL comment here as it would be when printed directly. */ $source_url = rawurlencode( "{$handle}-js-translations" ); $translations .= "\n//# sourceURL={$source_url}"; $translations = wp_get_inline_script_tag( $translations, array( 'id' => "{$handle}-js-translations" ) ); } if ( $this->do_concat ) { /** * Filters the script loader source. * * @since 2.2.0 * * @param string $src Script loader source path. * @param string $handle Script handle. */ $filtered_src = apply_filters( 'script_loader_src', $src, $handle ); if ( $this->in_default_dir( $filtered_src ) && ( $before_script || $after_script || $translations_stop_concat || $this->is_delayed_strategy( $strategy ) ) ) { $this->do_concat = false; // Have to print the so-far concatenated scripts right away to maintain the right order. _print_scripts(); $this->reset(); } elseif ( $this->in_default_dir( $filtered_src ) ) { $this->print_code .= $this->print_extra_script( $handle, false ); $this->concat .= "$handle,"; $this->concat_version .= "$handle$ver"; return true; } else { $this->ext_handles .= "$handle,"; $this->ext_version .= "$handle$ver"; } } $this->print_extra_script( $handle ); // A single item may alias a set of items, by having dependencies, but no source. if ( ! $src ) { if ( $inline_script_tag ) { if ( $this->do_concat ) { $this->print_html .= $inline_script_tag; } else { echo $inline_script_tag; } } return true; } if ( ! preg_match( '|^(https?:)?//|', $src ) && ! ( $this->content_url && str_starts_with( $src, $this->content_url ) ) ) { $src = $this->base_url . $src; } if ( ! empty( $ver ) ) { $src = add_query_arg( 'ver', $ver, $src ); } /** This filter is documented in wp-includes/class-wp-scripts.php */ $src = esc_url_raw( apply_filters( 'script_loader_src', $src, $handle ) ); if ( ! $src ) { return true; } $attr = array( 'src' => $src, 'id' => "{$handle}-js", ); if ( $strategy ) { $attr[ $strategy ] = true; } if ( $intended_strategy ) { $attr['data-wp-strategy'] = $intended_strategy; } // Determine fetchpriority. $original_fetchpriority = isset( $obj->extra['fetchpriority'] ) ? $obj->extra['fetchpriority'] : null; if ( null === $original_fetchpriority || ! $this->is_valid_fetchpriority( $original_fetchpriority ) ) { $original_fetchpriority = 'auto'; } $actual_fetchpriority = $this->get_highest_fetchpriority_with_dependents( $handle ); if ( null === $actual_fetchpriority ) { // If null, it's likely this script was not explicitly enqueued, so in this case use the original priority. $actual_fetchpriority = $original_fetchpriority; } if ( is_string( $actual_fetchpriority ) && 'auto' !== $actual_fetchpriority ) { $attr['fetchpriority'] = $actual_fetchpriority; } if ( $original_fetchpriority !== $actual_fetchpriority ) { $attr['data-wp-fetchpriority'] = $original_fetchpriority; } $tag = $translations . $before_script; $tag .= wp_get_script_tag( $attr ); $tag .= $after_script; /** * Filters the HTML script tag of an enqueued script. * * @since 4.1.0 * * @param string $tag The `<script>` tag for the enqueued script. * @param string $handle The script's registered handle. * @param string $src The script's source URL. */ $tag = apply_filters( 'script_loader_tag', $tag, $handle, $src ); if ( $this->do_concat ) { $this->print_html .= $tag; } else { echo $tag; } return true; } /** * Adds extra code to a registered script. * * @since 4.5.0 * * @param string $handle Name of the script to add the inline script to. * Must be lowercase. * @param string $data String containing the JavaScript to be added. * @param string $position Optional. Whether to add the inline script * before the handle or after. Default 'after'. * @return bool True on success, false on failure. */ public function add_inline_script( $handle, $data, $position = 'after' ) { if ( ! $data ) { return false; } if ( 'after' !== $position ) { $position = 'before'; } $script = (array) $this->get_data( $handle, $position ); $script[] = $data; return $this->add_data( $handle, $position, $script ); } /** * Prints inline scripts registered for a specific handle. * * @since 4.5.0 * @deprecated 6.3.0 Use methods get_inline_script_tag() or get_inline_script_data() instead. * * @param string $handle Name of the script to print inline scripts for. * Must be lowercase. * @param string $position Optional. Whether to add the inline script * before the handle or after. Default 'after'. * @param bool $display Optional. Whether to print the script tag * instead of just returning the script data. Default true. * @return string|false Script data on success, false otherwise. */ public function print_inline_script( $handle, $position = 'after', $display = true ) { _deprecated_function( __METHOD__, '6.3.0', 'WP_Scripts::get_inline_script_data() or WP_Scripts::get_inline_script_tag()' ); $output = $this->get_inline_script_data( $handle, $position ); if ( empty( $output ) ) { return false; } if ( $display ) { echo $this->get_inline_script_tag( $handle, $position ); } return $output; } /** * Gets data for inline scripts registered for a specific handle. * * @since 6.3.0 * * @param string $handle Name of the script to get data for. * Must be lowercase. * @param string $position Optional. Whether to add the inline script * before the handle or after. Default 'after'. * @return string Inline script, which may be empty string. */ public function get_inline_script_data( $handle, $position = 'after' ) { $data = $this->get_data( $handle, $position ); if ( empty( $data ) || ! is_array( $data ) ) { return ''; } /* * Print sourceURL comment regardless of concatenation. * * Inline scripts prevent scripts from being concatenated, so * sourceURL comments are safe to print for inline scripts. */ $data[] = sprintf( '//# sourceURL=%s', rawurlencode( "{$handle}-js-{$position}" ) ); return trim( implode( "\n", $data ), "\n" ); } /** * Gets tags for inline scripts registered for a specific handle. * * @since 6.3.0 * * @param string $handle Name of the script to get associated inline script tag for. * Must be lowercase. * @param string $position Optional. Whether to get tag for inline * scripts in the before or after position. Default 'after'. * @return string Inline script, which may be empty string. */ public function get_inline_script_tag( $handle, $position = 'after' ) { $js = $this->get_inline_script_data( $handle, $position ); if ( empty( $js ) ) { return ''; } $id = "{$handle}-js-{$position}"; return wp_get_inline_script_tag( $js, compact( 'id' ) ); } /** * Localizes a script, only if the script has already been added. * * @since 2.1.0 * * @param string $handle Name of the script to attach data to. * @param string $object_name Name of the variable that will contain the data. * @param array $l10n Array of data to localize. * @return bool True on success, false on failure. */ public function localize( $handle, $object_name, $l10n ) { if ( 'jquery' === $handle ) { $handle = 'jquery-core'; } if ( is_array( $l10n ) && isset( $l10n['l10n_print_after'] ) ) { // back compat, preserve the code in 'l10n_print_after' if present. $after = $l10n['l10n_print_after']; unset( $l10n['l10n_print_after'] ); } if ( ! is_array( $l10n ) ) { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: $l10n, 2: wp_add_inline_script() */ __( 'The %1$s parameter must be an array. To pass arbitrary data to scripts, use the %2$s function instead.' ), '<code>$l10n</code>', '<code>wp_add_inline_script()</code>' ), '5.7.0' ); if ( false === $l10n ) { // This should really not be needed, but is necessary for backward compatibility. $l10n = array( $l10n ); } } if ( is_string( $l10n ) ) { $l10n = html_entity_decode( $l10n, ENT_QUOTES, 'UTF-8' ); } elseif ( is_array( $l10n ) ) { foreach ( $l10n as $key => $value ) { if ( ! is_scalar( $value ) ) { continue; } $l10n[ $key ] = html_entity_decode( (string) $value, ENT_QUOTES, 'UTF-8' ); } } $script = "var $object_name = " . wp_json_encode( $l10n, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ';'; if ( ! empty( $after ) ) { $script .= "\n$after;"; } $data = $this->get_data( $handle, 'data' ); if ( ! empty( $data ) ) { $script = "$data\n$script"; } return $this->add_data( $handle, 'data', $script ); } /** * Sets handle group. * * @since 2.8.0 * * @see WP_Dependencies::set_group() * * @param string $handle Name of the item. Should be unique. * @param bool $recursion Internal flag that calling function was called recursively. * @param int|false $group Optional. Group level: level (int), no groups (false). * Default false. * @return bool Not already in the group or a lower group. */ public function set_group( $handle, $recursion, $group = false ) { if ( isset( $this->registered[ $handle ]->args ) && 1 === $this->registered[ $handle ]->args ) { $calculated_group = 1; } else { $calculated_group = (int) $this->get_data( $handle, 'group' ); } if ( false !== $group && $calculated_group > $group ) { $calculated_group = $group; } return parent::set_group( $handle, $recursion, $calculated_group ); } /** * Sets a translation textdomain. * * @since 5.0.0 * @since 5.1.0 The `$domain` parameter was made optional. * * @param string $handle Name of the script to register a translation domain to. * @param string $domain Optional. Text domain. Default 'default'. * @param string $path Optional. The full file path to the directory containing translation files. * @return bool True if the text domain was registered, false if not. */ public function set_translations( $handle, $domain = 'default', $path = '' ) { if ( ! isset( $this->registered[ $handle ] ) ) { return false; } /** @var \_WP_Dependency $obj */ $obj = $this->registered[ $handle ]; if ( ! in_array( 'wp-i18n', $obj->deps, true ) ) { $obj->deps[] = 'wp-i18n'; } return $obj->set_translations( $domain, $path ); } /** * Prints translations set for a specific handle. * * @since 5.0.0 * * @param string $handle Name of the script to add the inline script to. * Must be lowercase. * @param bool $display Optional. Whether to print the script * instead of just returning it. Default true. * @return string|false Script on success, false otherwise. */ public function print_translations( $handle, $display = true ) { if ( ! isset( $this->registered[ $handle ] ) || empty( $this->registered[ $handle ]->textdomain ) ) { return false; } $domain = $this->registered[ $handle ]->textdomain; $path = ''; if ( isset( $this->registered[ $handle ]->translations_path ) ) { $path = $this->registered[ $handle ]->translations_path; } $json_translations = load_script_textdomain( $handle, $domain, $path ); if ( ! $json_translations ) { return false; } $output = <<<JS ( function( domain, translations ) { var localeData = translations.locale_data[ domain ] || translations.locale_data.messages; localeData[""].domain = domain; wp.i18n.setLocaleData( localeData, domain ); } )( "{$domain}", {$json_translations} ); JS; if ( $display ) { $source_url = rawurlencode( "{$handle}-js-translations" ); $output .= "\n//# sourceURL={$source_url}"; wp_print_inline_script_tag( $output, array( 'id' => "{$handle}-js-translations" ) ); } return $output; } /** * Determines script dependencies. * * @since 2.1.0 * * @see WP_Dependencies::all_deps() * * @param string|string[] $handles Item handle (string) or item handles (array of strings). * @param bool $recursion Optional. Internal flag that function is calling itself. * Default false. * @param int|false $group Optional. Group level: level (int), no groups (false). * Default false. * @return bool True on success, false on failure. */ public function all_deps( $handles, $recursion = false, $group = false ) { $result = parent::all_deps( $handles, $recursion, $group ); if ( ! $recursion ) { /** * Filters the list of script dependencies left to print. * * @since 2.3.0 * * @param string[] $to_do An array of script dependency handles. */ $this->to_do = apply_filters( 'print_scripts_array', $this->to_do ); } return $result; } /** * Processes items and dependencies for the head group. * * @since 2.8.0 * * @see WP_Dependencies::do_items() * * @return string[] Handles of items that have been processed. */ public function do_head_items() { $this->do_items( false, 0 ); return $this->done; } /** * Processes items and dependencies for the footer group. * * @since 2.8.0 * * @see WP_Dependencies::do_items() * * @return string[] Handles of items that have been processed. */ public function do_footer_items() { $this->do_items( false, 1 ); return $this->done; } /** * Whether a handle's source is in a default directory. * * @since 2.8.0 * * @param string $src The source of the enqueued script. * @return bool True if found, false if not. */ public function in_default_dir( $src ) { if ( ! $this->default_dirs ) { return true; } if ( str_starts_with( $src, '/' . WPINC . '/js/l10n' ) ) { return false; } foreach ( (array) $this->default_dirs as $test ) { if ( str_starts_with( $src, $test ) ) { return true; } } return false; } /** * This overrides the add_data method from WP_Dependencies, to support normalizing of $args. * * @since 6.3.0 * * @param string $handle Name of the item. Should be unique. * @param string $key The data key. * @param mixed $value The data value. * @return bool True on success, false on failure. */ public function add_data( $handle, $key, $value ) { if ( ! isset( $this->registered[ $handle ] ) ) { return false; } if ( 'conditional' === $key ) { // If a dependency is declared by a conditional script, remove it. $this->registered[ $handle ]->deps = array(); } if ( 'strategy' === $key ) { if ( ! empty( $value ) && ! $this->is_delayed_strategy( $value ) ) { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: $strategy, 2: $handle */ __( 'Invalid strategy `%1$s` defined for `%2$s` during script registration.' ), $value, $handle ), '6.3.0' ); return false; } elseif ( ! $this->registered[ $handle ]->src && $this->is_delayed_strategy( $value ) ) { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: $strategy, 2: $handle */ __( 'Cannot supply a strategy `%1$s` for script `%2$s` because it is an alias (it lacks a `src` value).' ), $value, $handle ), '6.3.0' ); return false; } } elseif ( 'fetchpriority' === $key ) { if ( empty( $value ) ) { $value = 'auto'; } if ( ! $this->is_valid_fetchpriority( $value ) ) { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: $fetchpriority, 2: $handle */ __( 'Invalid fetchpriority `%1$s` defined for `%2$s` during script registration.' ), is_string( $value ) ? $value : gettype( $value ), $handle ), '6.9.0' ); return false; } elseif ( ! $this->registered[ $handle ]->src ) { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: $fetchpriority, 2: $handle */ __( 'Cannot supply a fetchpriority `%1$s` for script `%2$s` because it is an alias (it lacks a `src` value).' ), is_string( $value ) ? $value : gettype( $value ), $handle ), '6.9.0' ); return false; } } return parent::add_data( $handle, $key, $value ); } /** * Gets all dependents of a script. * * This is not recursive. * * @since 6.3.0 * * @param string $handle The script handle. * @return string[] Script handles. */ private function get_dependents( $handle ) { // Check if dependents map for the handle in question is present. If so, use it. if ( isset( $this->dependents_map[ $handle ] ) ) { return $this->dependents_map[ $handle ]; } $dependents = array(); // Iterate over all registered scripts, finding dependents of the script passed to this method. foreach ( $this->registered as $registered_handle => $args ) { if ( in_array( $handle, $args->deps, true ) ) { $dependents[] = $registered_handle; } } // Add the handles dependents to the map to ease future lookups. $this->dependents_map[ $handle ] = $dependents; return $dependents; } /** * Checks if the strategy passed is a valid delayed (non-blocking) strategy. * * @since 6.3.0 * * @param string|mixed $strategy The strategy to check. * @return bool True if $strategy is one of the delayed strategies, otherwise false. */ private function is_delayed_strategy( $strategy ): bool { return in_array( $strategy, $this->delayed_strategies, true ); } /** * Checks if the provided fetchpriority is valid. * * @since 6.9.0 * * @param string|mixed $priority Fetch priority. * @return bool Whether valid fetchpriority. */ private function is_valid_fetchpriority( $priority ): bool { return in_array( $priority, array( 'auto', 'low', 'high' ), true ); } /** * Gets the best eligible loading strategy for a script. * * @since 6.3.0 * * @param string $handle The script handle. * @return string The best eligible loading strategy. */ private function get_eligible_loading_strategy( $handle ) { $intended_strategy = (string) $this->get_data( $handle, 'strategy' ); // Bail early if there is no intended strategy. if ( ! $intended_strategy ) { return ''; } /* * If the intended strategy is 'defer', limit the initial list of eligible * strategies, since 'async' can fallback to 'defer', but not vice-versa. */ $initial_strategy = ( 'defer' === $intended_strategy ) ? array( 'defer' ) : null; $eligible_strategies = $this->filter_eligible_strategies( $handle, $initial_strategy ); // Return early once we know the eligible strategy is blocking. if ( empty( $eligible_strategies ) ) { return ''; } return in_array( 'async', $eligible_strategies, true ) ? 'async' : 'defer'; } /** * Filter the list of eligible loading strategies for a script. * * @since 6.3.0 * * @param string $handle The script handle. * @param string[]|null $eligible_strategies Optional. The list of strategies to filter. Default null. * @param array<string, true> $checked Optional. An array of already checked script handles, used to avoid recursive loops. * @param array<string, string[]> $stored_results Optional. An array of already computed eligible loading strategies by handle, used to increase performance in large dependency lists. * @return string[] A list of eligible loading strategies that could be used. */ private function filter_eligible_strategies( $handle, $eligible_strategies = null, $checked = array(), array &$stored_results = array() ) { if ( isset( $stored_results[ $handle ] ) ) { return $stored_results[ $handle ]; } // If no strategies are being passed, all strategies are eligible. if ( null === $eligible_strategies ) { $eligible_strategies = $this->delayed_strategies; } // If this handle was already checked, return early. if ( isset( $checked[ $handle ] ) ) { return $eligible_strategies; } // Mark this handle as checked. $checked[ $handle ] = true; // If this handle isn't registered, don't filter anything and return. if ( ! isset( $this->registered[ $handle ] ) ) { return $eligible_strategies; } // If the handle is not enqueued, don't filter anything and return. if ( ! $this->query( $handle, 'enqueued' ) ) { return $eligible_strategies; } $is_alias = (bool) ! $this->registered[ $handle ]->src; $intended_strategy = $this->get_data( $handle, 'strategy' ); // For non-alias handles, an empty intended strategy filters all strategies. if ( ! $is_alias && empty( $intended_strategy ) ) { return array(); } // Handles with inline scripts attached in the 'after' position cannot be delayed. if ( $this->has_inline_script( $handle, 'after' ) ) { return array(); } // If the intended strategy is 'defer', filter out 'async'. if ( 'defer' === $intended_strategy ) { $eligible_strategies = array( 'defer' ); } $dependents = $this->get_dependents( $handle ); // Recursively filter eligible strategies for dependents. foreach ( $dependents as $dependent ) { // Bail early once we know the eligible strategy is blocking. if ( empty( $eligible_strategies ) ) { return array(); } $eligible_strategies = $this->filter_eligible_strategies( $dependent, $eligible_strategies, $checked, $stored_results ); } $stored_results[ $handle ] = $eligible_strategies; return $eligible_strategies; } /** * Gets the highest fetch priority for a given script and all of its dependent scripts. * * @since 6.9.0 * @see self::filter_eligible_strategies() * @see WP_Script_Modules::get_highest_fetchpriority() * * @param string $handle Script module ID. * @param array<string, true> $checked Optional. An array of already checked script handles, used to avoid recursive loops. * @param array<string, string> $stored_results Optional. An array of already computed max priority by handle, used to increase performance in large dependency lists. * @return string|null Highest fetch priority for the script and its dependents. */ private function get_highest_fetchpriority_with_dependents( string $handle, array $checked = array(), array &$stored_results = array() ): ?string { if ( isset( $stored_results[ $handle ] ) ) { return $stored_results[ $handle ]; } // If there is a recursive dependency, return early. if ( isset( $checked[ $handle ] ) ) { return null; } // Mark this handle as checked to guard against infinite recursion. $checked[ $handle ] = true; // Abort if the script is not enqueued or a dependency of an enqueued script. if ( ! $this->query( $handle, 'enqueued' ) ) { return null; } $fetchpriority = $this->get_data( $handle, 'fetchpriority' ); if ( ! $this->is_valid_fetchpriority( $fetchpriority ) ) { $fetchpriority = 'auto'; } static $priorities = array( 'low', 'auto', 'high', ); $high_priority_index = count( $priorities ) - 1; $highest_priority_index = (int) array_search( $fetchpriority, $priorities, true ); if ( $highest_priority_index !== $high_priority_index ) { foreach ( $this->get_dependents( $handle ) as $dependent_handle ) { $dependent_priority = $this->get_highest_fetchpriority_with_dependents( $dependent_handle, $checked, $stored_results ); if ( is_string( $dependent_priority ) ) { $highest_priority_index = max( $highest_priority_index, (int) array_search( $dependent_priority, $priorities, true ) ); if ( $highest_priority_index === $high_priority_index ) { break; } } } } $stored_results[ $handle ] = $priorities[ $highest_priority_index ]; // @phpstan-ignore parameterByRef.type (We know the index is valid and that this will be a string.) return $priorities[ $highest_priority_index ]; } /** * Gets data for inline scripts registered for a specific handle. * * @since 6.3.0 * * @param string $handle Name of the script to get data for. Must be lowercase. * @param string $position The position of the inline script. * @return bool Whether the handle has an inline script (either before or after). */ private function has_inline_script( $handle, $position = null ) { if ( $position && in_array( $position, array( 'before', 'after' ), true ) ) { return (bool) $this->get_data( $handle, $position ); } return (bool) ( $this->get_data( $handle, 'before' ) || $this->get_data( $handle, 'after' ) ); } /** * Resets class properties. * * @since 2.8.0 */ public function reset() { $this->do_concat = false; $this->print_code = ''; $this->concat = ''; $this->concat_version = ''; $this->print_html = ''; $this->ext_version = ''; $this->ext_handles = ''; } /** * Gets a script-specific dependency warning message. * * @since 6.9.1 * * @param string $handle Script handle with missing dependencies. * @param string[] $missing_dependency_handles Missing dependency handles. * @return string Formatted, localized warning message. */ protected function get_dependency_warning_message( $handle, $missing_dependency_handles ) { return sprintf( /* translators: 1: Script handle, 2: List of missing dependency handles. */ __( 'The script with the handle "%1$s" was enqueued with dependencies that are not registered: %2$s.' ), $handle, implode( wp_get_list_item_separator(), $missing_dependency_handles ) ); } } dimensions.php 0000666 00000012437 15225166143 0007445 0 ustar 00 <?php /** * Dimensions block support flag. * * This does not include the `spacing` block support even though that visually * appears under the "Dimensions" panel in the editor. It remains in its * original `spacing.php` file for compatibility with core. * * @package WordPress * @since 5.9.0 */ /** * Registers the style block attribute for block types that support it. * * @since 5.9.0 * @access private * * @param WP_Block_Type $block_type Block Type. */ function wp_register_dimensions_support( $block_type ) { // Setup attributes and styles within that if needed. if ( ! $block_type->attributes ) { $block_type->attributes = array(); } // Check for existing style attribute definition e.g. from block.json. if ( array_key_exists( 'style', $block_type->attributes ) ) { return; } $has_dimensions_support = block_has_support( $block_type, 'dimensions', false ); if ( $has_dimensions_support ) { $block_type->attributes['style'] = array( 'type' => 'object', ); } } /** * Adds CSS classes for block dimensions to the incoming attributes array. * This will be applied to the block markup in the front-end. * * @since 5.9.0 * @since 6.2.0 Added `minHeight` support. * @access private * * @param WP_Block_Type $block_type Block Type. * @param array $block_attributes Block attributes. * @return array Block dimensions CSS classes and inline styles. */ function wp_apply_dimensions_support( $block_type, $block_attributes ) { if ( wp_should_skip_block_supports_serialization( $block_type, 'dimensions' ) ) { return array(); } $attributes = array(); // Width support to be added in near future. $has_min_height_support = block_has_support( $block_type, array( 'dimensions', 'minHeight' ), false ); $block_styles = isset( $block_attributes['style'] ) ? $block_attributes['style'] : null; if ( ! $block_styles ) { return $attributes; } $skip_min_height = wp_should_skip_block_supports_serialization( $block_type, 'dimensions', 'minHeight' ); $dimensions_block_styles = array(); $dimensions_block_styles['minHeight'] = null; if ( $has_min_height_support && ! $skip_min_height ) { $dimensions_block_styles['minHeight'] = isset( $block_styles['dimensions']['minHeight'] ) ? $block_styles['dimensions']['minHeight'] : null; } $styles = wp_style_engine_get_styles( array( 'dimensions' => $dimensions_block_styles ) ); if ( ! empty( $styles['css'] ) ) { $attributes['style'] = $styles['css']; } return $attributes; } /** * Renders server-side dimensions styles to the block wrapper. * This block support uses the `render_block` hook to ensure that * it is also applied to non-server-rendered blocks. * * @since 6.5.0 * @access private * * @param string $block_content Rendered block content. * @param array $block Block object. * @return string Filtered block content. */ function wp_render_dimensions_support( $block_content, $block ) { $block_type = WP_Block_Type_Registry::get_instance()->get_registered( $block['blockName'] ); $block_attributes = ( isset( $block['attrs'] ) && is_array( $block['attrs'] ) ) ? $block['attrs'] : array(); $has_aspect_ratio_support = block_has_support( $block_type, array( 'dimensions', 'aspectRatio' ), false ); if ( ! $has_aspect_ratio_support || wp_should_skip_block_supports_serialization( $block_type, 'dimensions', 'aspectRatio' ) ) { return $block_content; } $dimensions_block_styles = array(); $dimensions_block_styles['aspectRatio'] = $block_attributes['style']['dimensions']['aspectRatio'] ?? null; // To ensure the aspect ratio does not get overridden by `minHeight` unset any existing rule. if ( isset( $dimensions_block_styles['aspectRatio'] ) ) { $dimensions_block_styles['minHeight'] = 'unset'; } elseif ( isset( $block_attributes['style']['dimensions']['minHeight'] ) || isset( $block_attributes['minHeight'] ) ) { $dimensions_block_styles['aspectRatio'] = 'unset'; } $styles = wp_style_engine_get_styles( array( 'dimensions' => $dimensions_block_styles ) ); if ( ! empty( $styles['css'] ) ) { // Inject dimensions styles to the first element, presuming it's the wrapper, if it exists. $tags = new WP_HTML_Tag_Processor( $block_content ); if ( $tags->next_tag() ) { $existing_style = $tags->get_attribute( 'style' ); $updated_style = ''; if ( ! empty( $existing_style ) ) { $updated_style = $existing_style; if ( ! str_ends_with( $existing_style, ';' ) ) { $updated_style .= ';'; } } $updated_style .= $styles['css']; $tags->set_attribute( 'style', $updated_style ); if ( ! empty( $styles['classnames'] ) ) { foreach ( explode( ' ', $styles['classnames'] ) as $class_name ) { if ( str_contains( $class_name, 'aspect-ratio' ) && ! isset( $block_attributes['style']['dimensions']['aspectRatio'] ) ) { continue; } $tags->add_class( $class_name ); } } } return $tags->get_updated_html(); } return $block_content; } add_filter( 'render_block', 'wp_render_dimensions_support', 10, 2 ); // Register the block support. WP_Block_Supports::get_instance()->register( 'dimensions', array( 'register_attribute' => 'wp_register_dimensions_support', 'apply' => 'wp_apply_dimensions_support', ) ); .block-supports.php 0000666 00000000000 15225166143 0010321 0 ustar 00 shadow.php 0000666 00000004055 15225166143 0006557 0 ustar 00 <?php /** * Shadow block support flag. * * @package WordPress * @since 6.3.0 */ /** * Registers the style and shadow block attributes for block types that support it. * * @since 6.3.0 * @access private * * @param WP_Block_Type $block_type Block Type. */ function wp_register_shadow_support( $block_type ) { $has_shadow_support = block_has_support( $block_type, 'shadow', false ); if ( ! $has_shadow_support ) { return; } if ( ! $block_type->attributes ) { $block_type->attributes = array(); } if ( array_key_exists( 'style', $block_type->attributes ) ) { $block_type->attributes['style'] = array( 'type' => 'object', ); } if ( array_key_exists( 'shadow', $block_type->attributes ) ) { $block_type->attributes['shadow'] = array( 'type' => 'string', ); } } /** * Add CSS classes and inline styles for shadow features to the incoming attributes array. * This will be applied to the block markup in the front-end. * * @since 6.3.0 * @since 6.6.0 Return early if __experimentalSkipSerialization is true. * @access private * * @param WP_Block_Type $block_type Block type. * @param array $block_attributes Block attributes. * @return array Shadow CSS classes and inline styles. */ function wp_apply_shadow_support( $block_type, $block_attributes ) { $has_shadow_support = block_has_support( $block_type, 'shadow', false ); if ( ! $has_shadow_support || wp_should_skip_block_supports_serialization( $block_type, 'shadow' ) ) { return array(); } $shadow_block_styles = array(); $custom_shadow = $block_attributes['style']['shadow'] ?? null; $shadow_block_styles['shadow'] = $custom_shadow; $attributes = array(); $styles = wp_style_engine_get_styles( $shadow_block_styles ); if ( ! empty( $styles['css'] ) ) { $attributes['style'] = $styles['css']; } return $attributes; } // Register the block support. WP_Block_Supports::get_instance()->register( 'shadow', array( 'register_attribute' => 'wp_register_shadow_support', 'apply' => 'wp_apply_shadow_support', ) ); theme-previews.php 0000666 00000005536 15225166143 0010243 0 ustar 00 <?php /** * Theme previews using the Site Editor for block themes. * * @package WordPress */ /** * Filters the blog option to return the path for the previewed theme. * * @since 6.3.0 * * @param string $current_stylesheet The current theme's stylesheet or template path. * @return string The previewed theme's stylesheet or template path. */ function wp_get_theme_preview_path( $current_stylesheet = null ) { if ( ! current_user_can( 'switch_themes' ) ) { return $current_stylesheet; } $preview_stylesheet = ! empty( $_GET['wp_theme_preview'] ) ? sanitize_text_field( wp_unslash( $_GET['wp_theme_preview'] ) ) : null; $wp_theme = wp_get_theme( $preview_stylesheet ); if ( ! is_wp_error( $wp_theme->errors() ) ) { if ( current_filter() === 'template' ) { $theme_path = $wp_theme->get_template(); } else { $theme_path = $wp_theme->get_stylesheet(); } return sanitize_text_field( $theme_path ); } return $current_stylesheet; } /** * Adds a middleware to `apiFetch` to set the theme for the preview. * This adds a `wp_theme_preview` URL parameter to API requests from the Site Editor, so they also respond as if the theme is set to the value of the parameter. * * @since 6.3.0 */ function wp_attach_theme_preview_middleware() { // Don't allow non-admins to preview themes. if ( ! current_user_can( 'switch_themes' ) ) { return; } wp_add_inline_script( 'wp-api-fetch', sprintf( 'wp.apiFetch.use( wp.apiFetch.createThemePreviewMiddleware( %s ) );', wp_json_encode( sanitize_text_field( wp_unslash( $_GET['wp_theme_preview'] ) ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); } /** * Set a JavaScript constant for theme activation. * * Sets the JavaScript global WP_BLOCK_THEME_ACTIVATE_NONCE containing the nonce * required to activate a theme. For use within the site editor. * * @see https://github.com/WordPress/gutenberg/pull/41836 * * @since 6.3.0 * @access private */ function wp_block_theme_activate_nonce() { $nonce_handle = 'switch-theme_' . wp_get_theme_preview_path(); ?> <script type="text/javascript"> window.WP_BLOCK_THEME_ACTIVATE_NONCE = <?php echo wp_json_encode( wp_create_nonce( $nonce_handle ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ); ?>; </script> <?php } /** * Add filters and actions to enable Block Theme Previews in the Site Editor. * * The filters and actions should be added after `pluggable.php` is included as they may * trigger code that uses `current_user_can()` which requires functionality from `pluggable.php`. * * @since 6.3.2 */ function wp_initialize_theme_preview_hooks() { if ( ! empty( $_GET['wp_theme_preview'] ) ) { add_filter( 'stylesheet', 'wp_get_theme_preview_path' ); add_filter( 'template', 'wp_get_theme_preview_path' ); add_action( 'init', 'wp_attach_theme_preview_middleware' ); add_action( 'admin_head', 'wp_block_theme_activate_nonce' ); } } https-detection-20260606162324.php 0000666 00000013341 15225166143 0011773 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260606010046.php 0000666 00000011205 15225166143 0011774 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } background.php 0000666 00000010061 15225166143 0007403 0 ustar 00 <?php /** * Background block support flag. * * @package WordPress * @since 6.4.0 */ /** * Registers the style block attribute for block types that support it. * * @since 6.4.0 * @access private * * @param WP_Block_Type $block_type Block Type. */ function wp_register_background_support( $block_type ) { // Setup attributes and styles within that if needed. if ( ! $block_type->attributes ) { $block_type->attributes = array(); } // Check for existing style attribute definition e.g. from block.json. if ( array_key_exists( 'style', $block_type->attributes ) ) { return; } $has_background_support = block_has_support( $block_type, array( 'background' ), false ); if ( $has_background_support ) { $block_type->attributes['style'] = array( 'type' => 'object', ); } } /** * Renders the background styles to the block wrapper. * This block support uses the `render_block` hook to ensure that * it is also applied to non-server-rendered blocks. * * @since 6.4.0 * @since 6.5.0 Added support for `backgroundPosition` and `backgroundRepeat` output. * @since 6.6.0 Removed requirement for `backgroundImage.source`. A file/url is the default. * @since 6.7.0 Added support for `backgroundAttachment` output. * * @access private * * @param string $block_content Rendered block content. * @param array $block Block object. * @return string Filtered block content. */ function wp_render_background_support( $block_content, $block ) { $block_type = WP_Block_Type_Registry::get_instance()->get_registered( $block['blockName'] ); $block_attributes = ( isset( $block['attrs'] ) && is_array( $block['attrs'] ) ) ? $block['attrs'] : array(); $has_background_image_support = block_has_support( $block_type, array( 'background', 'backgroundImage' ), false ); if ( ! $has_background_image_support || wp_should_skip_block_supports_serialization( $block_type, 'background', 'backgroundImage' ) || ! isset( $block_attributes['style']['background'] ) ) { return $block_content; } $background_styles = array(); $background_styles['backgroundImage'] = $block_attributes['style']['background']['backgroundImage'] ?? null; $background_styles['backgroundSize'] = $block_attributes['style']['background']['backgroundSize'] ?? null; $background_styles['backgroundPosition'] = $block_attributes['style']['background']['backgroundPosition'] ?? null; $background_styles['backgroundRepeat'] = $block_attributes['style']['background']['backgroundRepeat'] ?? null; $background_styles['backgroundAttachment'] = $block_attributes['style']['background']['backgroundAttachment'] ?? null; if ( ! empty( $background_styles['backgroundImage'] ) ) { $background_styles['backgroundSize'] = $background_styles['backgroundSize'] ?? 'cover'; // If the background size is set to `contain` and no position is set, set the position to `center`. if ( 'contain' === $background_styles['backgroundSize'] && ! $background_styles['backgroundPosition'] ) { $background_styles['backgroundPosition'] = '50% 50%'; } } $styles = wp_style_engine_get_styles( array( 'background' => $background_styles ) ); if ( ! empty( $styles['css'] ) ) { // Inject background styles to the first element, presuming it's the wrapper, if it exists. $tags = new WP_HTML_Tag_Processor( $block_content ); if ( $tags->next_tag() ) { $existing_style = $tags->get_attribute( 'style' ); if ( is_string( $existing_style ) && '' !== $existing_style ) { $separator = str_ends_with( $existing_style, ';' ) ? '' : ';'; $updated_style = "{$existing_style}{$separator}{$styles['css']}"; } else { $updated_style = $styles['css']; } $tags->set_attribute( 'style', $updated_style ); $tags->add_class( 'has-background' ); } return $tags->get_updated_html(); } return $block_content; } // Register the block support. WP_Block_Supports::get_instance()->register( 'background', array( 'register_attribute' => 'wp_register_background_support', ) ); add_filter( 'render_block', 'wp_render_background_support', 10, 2 ); https-migration-20260605043510.php 0000666 00000011205 15225166143 0011775 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } pluggable.php 0000666 00000370741 15225166143 0007244 0 ustar 00 <?php /** * These functions can be replaced via plugins. If plugins do not redefine these * functions, then these will be used instead. * * @package WordPress */ if ( ! function_exists( 'wp_set_current_user' ) ) : /** * Changes the current user by ID or name. * * Set $id to null and specify a name if you do not know a user's ID. * * Some WordPress functionality is based on the current user and not based on * the signed in user. Therefore, it opens the ability to edit and perform * actions on users who aren't signed in. * * @since 2.0.3 * * @global WP_User $current_user The current user object which holds the user data. * * @param int|null $id User ID. * @param string $name User's username. * @return WP_User Current user User object. */ function wp_set_current_user( $id, $name = '' ) { global $current_user; // If `$id` matches the current user, there is nothing to do. if ( isset( $current_user ) && ( $current_user instanceof WP_User ) && ( $id === $current_user->ID ) && ( null !== $id ) ) { return $current_user; } $current_user = new WP_User( $id, $name ); setup_userdata( $current_user->ID ); /** * Fires after the current user is set. * * @since 2.0.1 */ do_action( 'set_current_user' ); return $current_user; } endif; if ( ! function_exists( 'wp_get_current_user' ) ) : /** * Retrieves the current user object. * * Will set the current user, if the current user is not set. The current user * will be set to the logged-in person. If no user is logged-in, then it will * set the current user to 0, which is invalid and won't have any permissions. * * @since 2.0.3 * * @see _wp_get_current_user() * @global WP_User $current_user Checks if the current user is set. * * @return WP_User Current WP_User instance. */ function wp_get_current_user() { return _wp_get_current_user(); } endif; if ( ! function_exists( 'get_userdata' ) ) : /** * Retrieves user info by user ID. * * @since 0.71 * * @param int $user_id User ID * @return WP_User|false WP_User object on success, false on failure. */ function get_userdata( $user_id ) { return get_user_by( 'id', $user_id ); } endif; if ( ! function_exists( 'get_user_by' ) ) : /** * Retrieves user info by a given field. * * @since 2.8.0 * @since 4.4.0 Added 'ID' as an alias of 'id' for the `$field` parameter. * * @global WP_User $current_user The current user object which holds the user data. * * @param string $field The field to retrieve the user with. id | ID | slug | email | login. * @param int|string $value A value for $field. A user ID, slug, email address, or login name. * @return WP_User|false WP_User object on success, false on failure. */ function get_user_by( $field, $value ) { $userdata = WP_User::get_data_by( $field, $value ); if ( ! $userdata ) { return false; } $user = new WP_User(); $user->init( $userdata ); return $user; } endif; if ( ! function_exists( 'cache_users' ) ) : /** * Retrieves info for user lists to prevent multiple queries by get_userdata(). * * @since 3.0.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int[] $user_ids User ID numbers list */ function cache_users( $user_ids ) { global $wpdb; update_meta_cache( 'user', $user_ids ); $clean = _get_non_cached_ids( $user_ids, 'users' ); if ( empty( $clean ) ) { return; } $list = implode( ',', $clean ); $users = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($list)" ); foreach ( $users as $user ) { update_user_caches( $user ); } } endif; if ( ! function_exists( 'wp_mail' ) ) : /** * Sends an email, similar to PHP's mail function. * * A true return value does not automatically mean that the user received the * email successfully. It just only means that the method used was able to * process the request without any errors. * * The default content type is `text/plain` which does not allow using HTML. * However, you can set the content type of the email by using the * {@see 'wp_mail_content_type'} filter. * * The default charset is based on the charset used on the blog. The charset can * be set using the {@see 'wp_mail_charset'} filter. * * When using the `$embeds` parameter to embed images for use in HTML emails, * reference the embedded file in your HTML with a `cid:` URL whose value * matches the file's Content-ID. By default, the Content-ID (`cid`) used for * each embedded file is the key in the embeds array, unless modified via the * {@see 'wp_mail_embed_args'} filter. For example: * * `<img src="cid:0" alt="Logo">` * `<img src="cid:my-image" alt="Image">` * * You may also customize the Content-ID for each file by using the * {@see 'wp_mail_embed_args'} filter and setting the `cid` value. * * @since 1.2.1 * @since 5.5.0 is_email() is used for email validation, * instead of PHPMailer's default validator. * @since 6.9.0 Added $embeds parameter. * @since 6.9.0 Improved Content-Type header handling for multipart messages. * * @global PHPMailer\PHPMailer\PHPMailer $phpmailer * * @param string|string[] $to Array or comma-separated list of email addresses to send message. * @param string $subject Email subject. * @param string $message Message contents. * @param string|string[] $headers Optional. Additional headers. * @param string|string[] $attachments Optional. Paths to files to attach. * @param string|string[] $embeds Optional. Paths to files to embed. * @return bool Whether the email was sent successfully. */ function wp_mail( $to, $subject, $message, $headers = '', $attachments = array(), $embeds = array() ) { // Compact the input, apply the filters, and extract them back out. /** * Filters the wp_mail() arguments. * * @since 2.2.0 * * @param array $args { * Array of the `wp_mail()` arguments. * * @type string|string[] $to Array or comma-separated list of email addresses to send message. * @type string $subject Email subject. * @type string $message Message contents. * @type string|string[] $headers Additional headers. * @type string|string[] $attachments Paths to files to attach. * @type string|string[] $embeds Paths to files to embed. * } */ $atts = apply_filters( 'wp_mail', compact( 'to', 'subject', 'message', 'headers', 'attachments', 'embeds' ) ); /** * Filters whether to preempt sending an email. * * Returning a non-null value will short-circuit {@see wp_mail()}, returning * that value instead. A boolean return value should be used to indicate whether * the email was successfully sent. * * @since 5.7.0 * * @param null|bool $return Short-circuit return value. * @param array $atts { * Array of the `wp_mail()` arguments. * * @type string|string[] $to Array or comma-separated list of email addresses to send message. * @type string $subject Email subject. * @type string $message Message contents. * @type string|string[] $headers Additional headers. * @type string|string[] $attachments Paths to files to attach. * @type string|string[] $embeds Paths to files to embed. * } */ $pre_wp_mail = apply_filters( 'pre_wp_mail', null, $atts ); if ( null !== $pre_wp_mail ) { return $pre_wp_mail; } if ( isset( $atts['to'] ) ) { $to = $atts['to']; } if ( ! is_array( $to ) ) { $to = explode( ',', $to ); } if ( isset( $atts['subject'] ) ) { $subject = $atts['subject']; } if ( isset( $atts['message'] ) ) { $message = $atts['message']; } if ( isset( $atts['headers'] ) ) { $headers = $atts['headers']; } if ( isset( $atts['attachments'] ) ) { $attachments = $atts['attachments']; } if ( ! is_array( $attachments ) ) { $attachments = explode( "\n", str_replace( "\r\n", "\n", $attachments ) ); } if ( isset( $atts['embeds'] ) ) { $embeds = $atts['embeds']; } if ( ! is_array( $embeds ) ) { $embeds = explode( "\n", str_replace( "\r\n", "\n", $embeds ) ); } global $phpmailer; // (Re)create it, if it's gone missing. if ( ! ( $phpmailer instanceof PHPMailer\PHPMailer\PHPMailer ) ) { require_once ABSPATH . WPINC . '/PHPMailer/PHPMailer.php'; require_once ABSPATH . WPINC . '/PHPMailer/SMTP.php'; require_once ABSPATH . WPINC . '/PHPMailer/Exception.php'; require_once ABSPATH . WPINC . '/class-wp-phpmailer.php'; $phpmailer = new WP_PHPMailer( true ); $phpmailer::$validator = static function ( $email ) { return (bool) is_email( $email ); }; } // Headers. $cc = array(); $bcc = array(); $reply_to = array(); if ( empty( $headers ) ) { $headers = array(); } else { if ( ! is_array( $headers ) ) { /* * Explode the headers out, so this function can take * both string headers and an array of headers. */ $tempheaders = explode( "\n", str_replace( "\r\n", "\n", $headers ) ); } else { $tempheaders = $headers; } $headers = array(); // If it's actually got contents. if ( ! empty( $tempheaders ) ) { // Iterate through the raw headers. foreach ( (array) $tempheaders as $header ) { if ( ! str_contains( $header, ':' ) ) { if ( false !== stripos( $header, 'boundary=' ) ) { $parts = preg_split( '/boundary=/i', trim( $header ) ); $boundary = trim( str_replace( array( "'", '"' ), '', $parts[1] ) ); } continue; } // Explode them out. list( $name, $content ) = explode( ':', trim( $header ), 2 ); // Cleanup crew. $name = trim( $name ); $content = trim( $content ); switch ( strtolower( $name ) ) { // Mainly for legacy -- process a "From:" header if it's there. case 'from': $bracket_pos = strpos( $content, '<' ); if ( false !== $bracket_pos ) { // Text before the bracketed email is the "From" name. if ( $bracket_pos > 0 ) { $from_name = substr( $content, 0, $bracket_pos ); $from_name = str_replace( '"', '', $from_name ); $from_name = trim( $from_name ); } $from_email = substr( $content, $bracket_pos + 1 ); $from_email = str_replace( '>', '', $from_email ); $from_email = trim( $from_email ); // Avoid setting an empty $from_email. } elseif ( '' !== trim( $content ) ) { $from_email = trim( $content ); } break; case 'content-type': if ( str_contains( $content, ';' ) ) { list( $type, $charset_content ) = explode( ';', $content ); $content_type = trim( $type ); if ( false !== stripos( $charset_content, 'charset=' ) ) { $charset = trim( str_replace( array( 'charset=', '"' ), '', $charset_content ) ); } elseif ( false !== stripos( $charset_content, 'boundary=' ) ) { $boundary = trim( str_replace( array( 'BOUNDARY=', 'boundary=', '"' ), '', $charset_content ) ); $charset = ''; if ( preg_match( '~^multipart/(\S+)~', $content_type, $matches ) ) { $content_type = 'multipart/' . strtolower( $matches[1] ) . '; boundary="' . $boundary . '"'; } } // Avoid setting an empty $content_type. } elseif ( '' !== trim( $content ) ) { $content_type = trim( $content ); } break; case 'cc': $cc = array_merge( (array) $cc, explode( ',', $content ) ); break; case 'bcc': $bcc = array_merge( (array) $bcc, explode( ',', $content ) ); break; case 'reply-to': $reply_to = array_merge( (array) $reply_to, explode( ',', $content ) ); break; default: // Add it to our grand headers array. $headers[ trim( $name ) ] = trim( $content ); break; } } } } // Empty out the values that may be set. $phpmailer->clearAllRecipients(); $phpmailer->clearAttachments(); $phpmailer->clearCustomHeaders(); $phpmailer->clearReplyTos(); $phpmailer->Body = ''; $phpmailer->AltBody = ''; /* * Reset encoding to 8-bit, as it may have been automatically downgraded * to 7-bit by PHPMailer (based on the body contents) in a previous call * to wp_mail(). * * See https://core.trac.wordpress.org/ticket/33972 */ $phpmailer->Encoding = PHPMailer\PHPMailer\PHPMailer::ENCODING_8BIT; // Set "From" name and email. // If we don't have a name from the input headers. if ( ! isset( $from_name ) ) { $from_name = 'WordPress'; } /* * If we don't have an email from the input headers, default to wordpress@$sitename * Some hosts will block outgoing mail from this address if it doesn't exist, * but there's no easy alternative. Defaulting to admin_email might appear to be * another option, but some hosts may refuse to relay mail from an unknown domain. * See https://core.trac.wordpress.org/ticket/5007. */ if ( ! isset( $from_email ) ) { // Get the site domain and get rid of www. $sitename = wp_parse_url( network_home_url(), PHP_URL_HOST ); $from_email = 'wordpress@'; if ( null !== $sitename ) { if ( str_starts_with( $sitename, 'www.' ) ) { $sitename = substr( $sitename, 4 ); } $from_email .= $sitename; } } /** * Filters the email address to send from. * * @since 2.2.0 * * @param string $from_email Email address to send from. */ $from_email = apply_filters( 'wp_mail_from', $from_email ); /** * Filters the name to associate with the "from" email address. * * @since 2.3.0 * * @param string $from_name Name associated with the "from" email address. */ $from_name = apply_filters( 'wp_mail_from_name', $from_name ); try { $phpmailer->setFrom( $from_email, $from_name, false ); } catch ( PHPMailer\PHPMailer\Exception $e ) { $mail_error_data = compact( 'to', 'subject', 'message', 'headers', 'attachments' ); $mail_error_data['phpmailer_exception_code'] = $e->getCode(); /** This filter is documented in wp-includes/pluggable.php */ do_action( 'wp_mail_failed', new WP_Error( 'wp_mail_failed', $e->getMessage(), $mail_error_data ) ); return false; } // Set mail's subject and body. $phpmailer->Subject = $subject; $phpmailer->Body = $message; // Set destination addresses, using appropriate methods for handling addresses. $address_headers = compact( 'to', 'cc', 'bcc', 'reply_to' ); foreach ( $address_headers as $address_header => $addresses ) { if ( empty( $addresses ) ) { continue; } foreach ( (array) $addresses as $address ) { try { // Break $recipient into name and address parts if in the format "Foo <bar@baz.com>". $recipient_name = ''; if ( preg_match( '/(.*)<(.+)>/', $address, $matches ) ) { if ( count( $matches ) === 3 ) { $recipient_name = $matches[1]; $address = $matches[2]; } } switch ( $address_header ) { case 'to': $phpmailer->addAddress( $address, $recipient_name ); break; case 'cc': $phpmailer->addCC( $address, $recipient_name ); break; case 'bcc': $phpmailer->addBCC( $address, $recipient_name ); break; case 'reply_to': $phpmailer->addReplyTo( $address, $recipient_name ); break; } } catch ( PHPMailer\PHPMailer\Exception $e ) { continue; } } } // Set to use PHP's mail(). $phpmailer->isMail(); // Set Content-Type and charset. // If we don't have a Content-Type from the input headers. if ( ! isset( $content_type ) ) { $content_type = 'text/plain'; } /** * Filters the wp_mail() content type. * * @since 2.3.0 * * @param string $content_type Default wp_mail() content type. */ $content_type = apply_filters( 'wp_mail_content_type', $content_type ); $phpmailer->ContentType = $content_type; // Set whether it's plaintext, depending on $content_type. if ( 'text/html' === $content_type ) { $phpmailer->isHTML( true ); } // If we don't have a charset from the input headers. if ( ! isset( $charset ) ) { $charset = get_bloginfo( 'charset' ); } /** * Filters the default wp_mail() charset. * * @since 2.3.0 * * @param string $charset Default email charset. */ $phpmailer->CharSet = apply_filters( 'wp_mail_charset', $charset ); // Set custom headers. if ( ! empty( $headers ) ) { foreach ( (array) $headers as $name => $content ) { // Only add custom headers not added automatically by PHPMailer. if ( ! in_array( $name, array( 'MIME-Version', 'X-Mailer' ), true ) ) { try { $phpmailer->addCustomHeader( sprintf( '%1$s: %2$s', $name, $content ) ); } catch ( PHPMailer\PHPMailer\Exception $e ) { continue; } } } } if ( ! empty( $attachments ) ) { foreach ( $attachments as $filename => $attachment ) { $filename = is_string( $filename ) ? $filename : ''; try { $phpmailer->addAttachment( $attachment, $filename ); } catch ( PHPMailer\PHPMailer\Exception $e ) { continue; } } } if ( ! empty( $embeds ) ) { foreach ( $embeds as $key => $embed_path ) { /** * Filters the arguments for PHPMailer's addEmbeddedImage() method. * * @since 6.9.0 * * @param array $args { * An array of arguments for `addEmbeddedImage()`. * @type string $path The path to the file. * @type string $cid The Content-ID of the image. Default: The key in the embeds array. * @type string $name The filename of the image. * @type string $encoding The encoding of the image. Default: 'base64'. * @type string $type The MIME type of the image. Default: empty string, which lets PHPMailer auto-detect. * @type string $disposition The disposition of the image. Default: 'inline'. * } */ $embed_args = apply_filters( 'wp_mail_embed_args', array( 'path' => $embed_path, 'cid' => (string) $key, 'name' => basename( $embed_path ), 'encoding' => 'base64', 'type' => '', 'disposition' => 'inline', ) ); try { $phpmailer->addEmbeddedImage( $embed_args['path'], $embed_args['cid'], $embed_args['name'], $embed_args['encoding'], $embed_args['type'], $embed_args['disposition'] ); } catch ( PHPMailer\PHPMailer\Exception $e ) { continue; } } } /** * Fires after PHPMailer is initialized. * * @since 2.2.0 * * @param PHPMailer $phpmailer The PHPMailer instance (passed by reference). */ do_action_ref_array( 'phpmailer_init', array( &$phpmailer ) ); $mail_data = compact( 'to', 'subject', 'message', 'headers', 'attachments', 'embeds' ); // Send! try { $send = $phpmailer->send(); /** * Fires after PHPMailer has successfully sent an email. * * The firing of this action does not necessarily mean that the recipient(s) received the * email successfully. It only means that the `send` method above was able to * process the request without any errors. * * @since 5.9.0 * * @param array $mail_data { * An array containing the email recipient(s), subject, message, headers, and attachments. * * @type string[] $to Email addresses to send message. * @type string $subject Email subject. * @type string $message Message contents. * @type string[] $headers Additional headers. * @type string[] $attachments Paths to files to attach. * @type string[] $embeds Paths to files to embed. * } */ do_action( 'wp_mail_succeeded', $mail_data ); return $send; } catch ( PHPMailer\PHPMailer\Exception $e ) { $mail_data['phpmailer_exception_code'] = $e->getCode(); /** * Fires after a PHPMailer\PHPMailer\Exception is caught. * * @since 4.4.0 * * @param WP_Error $error A WP_Error object with the PHPMailer\PHPMailer\Exception message, and an array * containing the mail recipient, subject, message, headers, and attachments. */ do_action( 'wp_mail_failed', new WP_Error( 'wp_mail_failed', $e->getMessage(), $mail_data ) ); return false; } } endif; if ( ! function_exists( 'wp_authenticate' ) ) : /** * Authenticates a user, confirming the login credentials are valid. * * @since 2.5.0 * @since 4.5.0 `$username` now accepts an email address. * * @param string $username User's username or email address. * @param string $password User's password. * @return WP_User|WP_Error WP_User object if the credentials are valid, * otherwise WP_Error. */ function wp_authenticate( $username, #[\SensitiveParameter] $password ) { $username = sanitize_user( $username ); $password = trim( $password ); /** * Filters whether a set of user login credentials are valid. * * A WP_User object is returned if the credentials authenticate a user. * WP_Error or null otherwise. * * @since 2.8.0 * @since 4.5.0 `$username` now accepts an email address. * * @param null|WP_User|WP_Error $user WP_User if the user is authenticated. * WP_Error or null otherwise. * @param string $username Username or email address. * @param string $password User password. */ $user = apply_filters( 'authenticate', null, $username, $password ); if ( null === $user || false === $user ) { /* * TODO: What should the error message be? (Or would these even happen?) * Only needed if all authentication handlers fail to return anything. */ $user = new WP_Error( 'authentication_failed', __( '<strong>Error:</strong> Invalid username, email address or incorrect password.' ) ); } $ignore_codes = array( 'empty_username', 'empty_password' ); if ( is_wp_error( $user ) && ! in_array( $user->get_error_code(), $ignore_codes, true ) ) { $error = $user; /** * Fires after a user login has failed. * * @since 2.5.0 * @since 4.5.0 The value of `$username` can now be an email address. * @since 5.4.0 The `$error` parameter was added. * * @param string $username Username or email address. * @param WP_Error $error A WP_Error object with the authentication failure details. */ do_action( 'wp_login_failed', $username, $error ); } return $user; } endif; if ( ! function_exists( 'wp_logout' ) ) : /** * Logs the current user out. * * @since 2.5.0 */ function wp_logout() { $user_id = get_current_user_id(); wp_destroy_current_session(); wp_clear_auth_cookie(); wp_set_current_user( 0 ); /** * Fires after a user is logged out. * * @since 1.5.0 * @since 5.5.0 Added the `$user_id` parameter. * * @param int $user_id ID of the user that was logged out. */ do_action( 'wp_logout', $user_id ); } endif; if ( ! function_exists( 'wp_validate_auth_cookie' ) ) : /** * Validates authentication cookie. * * The checks include making sure that the authentication cookie is set and * pulling in the contents (if $cookie is not used). * * Makes sure the cookie is not expired. Verifies the hash in cookie is what is * should be and compares the two. * * @since 2.5.0 * * @global int $login_grace_period * * @param string $cookie Optional. If used, will validate contents instead of cookie's. * @param string $scheme Optional. The cookie scheme to use: 'auth', 'secure_auth', or 'logged_in'. * Note: This does *not* default to 'auth' like other cookie functions. * @return int|false User ID if valid cookie, false if invalid. */ function wp_validate_auth_cookie( $cookie = '', $scheme = '' ) { $cookie_elements = wp_parse_auth_cookie( $cookie, $scheme ); if ( ! $cookie_elements ) { /** * Fires if an authentication cookie is malformed. * * @since 2.7.0 * * @param string $cookie Malformed auth cookie. * @param string $scheme Authentication scheme. Values include 'auth', 'secure_auth', * or 'logged_in'. */ do_action( 'auth_cookie_malformed', $cookie, $scheme ); return false; } $scheme = $cookie_elements['scheme']; $username = $cookie_elements['username']; $hmac = $cookie_elements['hmac']; $token = $cookie_elements['token']; $expiration = $cookie_elements['expiration']; $expired = (int) $expiration; // Allow a grace period for POST and Ajax requests. if ( wp_doing_ajax() || 'POST' === $_SERVER['REQUEST_METHOD'] ) { $expired += HOUR_IN_SECONDS; } // Quick check to see if an honest cookie has expired. if ( $expired < time() ) { /** * Fires once an authentication cookie has expired. * * @since 2.7.0 * * @param string[] $cookie_elements { * Authentication cookie components. None of the components should be assumed * to be valid as they come directly from a client-provided cookie value. * * @type string $username User's username. * @type string $expiration The time the cookie expires as a UNIX timestamp. * @type string $token User's session token used. * @type string $hmac The security hash for the cookie. * @type string $scheme The cookie scheme to use. * } */ do_action( 'auth_cookie_expired', $cookie_elements ); return false; } $user = get_user_by( 'login', $username ); if ( ! $user ) { /** * Fires if a bad username is entered in the user authentication process. * * @since 2.7.0 * * @param string[] $cookie_elements { * Authentication cookie components. None of the components should be assumed * to be valid as they come directly from a client-provided cookie value. * * @type string $username User's username. * @type string $expiration The time the cookie expires as a UNIX timestamp. * @type string $token User's session token used. * @type string $hmac The security hash for the cookie. * @type string $scheme The cookie scheme to use. * } */ do_action( 'auth_cookie_bad_username', $cookie_elements ); return false; } if ( str_starts_with( $user->user_pass, '$P$' ) || str_starts_with( $user->user_pass, '$2y$' ) ) { // Retain previous behaviour of phpass or vanilla bcrypt hashed passwords. $pass_frag = substr( $user->user_pass, 8, 4 ); } else { // Otherwise, use a substring from the end of the hash to avoid dealing with potentially long hash prefixes. $pass_frag = substr( $user->user_pass, -4 ); } $key = wp_hash( $username . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme ); $hash = hash_hmac( 'sha256', $username . '|' . $expiration . '|' . $token, $key ); if ( ! hash_equals( $hash, $hmac ) ) { /** * Fires if a bad authentication cookie hash is encountered. * * @since 2.7.0 * * @param string[] $cookie_elements { * Authentication cookie components. None of the components should be assumed * to be valid as they come directly from a client-provided cookie value. * * @type string $username User's username. * @type string $expiration The time the cookie expires as a UNIX timestamp. * @type string $token User's session token used. * @type string $hmac The security hash for the cookie. * @type string $scheme The cookie scheme to use. * } */ do_action( 'auth_cookie_bad_hash', $cookie_elements ); return false; } $manager = WP_Session_Tokens::get_instance( $user->ID ); if ( ! $manager->verify( $token ) ) { /** * Fires if a bad session token is encountered. * * @since 4.0.0 * * @param string[] $cookie_elements { * Authentication cookie components. None of the components should be assumed * to be valid as they come directly from a client-provided cookie value. * * @type string $username User's username. * @type string $expiration The time the cookie expires as a UNIX timestamp. * @type string $token User's session token used. * @type string $hmac The security hash for the cookie. * @type string $scheme The cookie scheme to use. * } */ do_action( 'auth_cookie_bad_session_token', $cookie_elements ); return false; } // Ajax/POST grace period set above. if ( $expiration < time() ) { $GLOBALS['login_grace_period'] = 1; } /** * Fires once an authentication cookie has been validated. * * @since 2.7.0 * * @param string[] $cookie_elements { * Authentication cookie components. * * @type string $username User's username. * @type string $expiration The time the cookie expires as a UNIX timestamp. * @type string $token User's session token used. * @type string $hmac The security hash for the cookie. * @type string $scheme The cookie scheme to use. * } * @param WP_User $user User object. */ do_action( 'auth_cookie_valid', $cookie_elements, $user ); return $user->ID; } endif; if ( ! function_exists( 'wp_generate_auth_cookie' ) ) : /** * Generates authentication cookie contents. * * @since 2.5.0 * @since 4.0.0 The `$token` parameter was added. * * @param int $user_id User ID. * @param int $expiration The time the cookie expires as a UNIX timestamp. * @param string $scheme Optional. The cookie scheme to use: 'auth', 'secure_auth', or 'logged_in'. * Default 'auth'. * @param string $token User's session token to use for this cookie. * @return string Authentication cookie contents. Empty string if user does not exist. */ function wp_generate_auth_cookie( $user_id, $expiration, $scheme = 'auth', $token = '' ) { $user = get_userdata( $user_id ); if ( ! $user ) { return ''; } if ( ! $token ) { $manager = WP_Session_Tokens::get_instance( $user_id ); $token = $manager->create( $expiration ); } if ( str_starts_with( $user->user_pass, '$P$' ) || str_starts_with( $user->user_pass, '$2y$' ) ) { // Retain previous behaviour of phpass or vanilla bcrypt hashed passwords. $pass_frag = substr( $user->user_pass, 8, 4 ); } else { // Otherwise, use a substring from the end of the hash to avoid dealing with potentially long hash prefixes. $pass_frag = substr( $user->user_pass, -4 ); } $key = wp_hash( $user->user_login . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme ); $hash = hash_hmac( 'sha256', $user->user_login . '|' . $expiration . '|' . $token, $key ); $cookie = $user->user_login . '|' . $expiration . '|' . $token . '|' . $hash; /** * Filters the authentication cookie. * * @since 2.5.0 * @since 4.0.0 The `$token` parameter was added. * * @param string $cookie Authentication cookie. * @param int $user_id User ID. * @param int $expiration The time the cookie expires as a UNIX timestamp. * @param string $scheme Cookie scheme used. Accepts 'auth', 'secure_auth', or 'logged_in'. * @param string $token User's session token used. */ return apply_filters( 'auth_cookie', $cookie, $user_id, $expiration, $scheme, $token ); } endif; if ( ! function_exists( 'wp_parse_auth_cookie' ) ) : /** * Parses a cookie into its components. * * @since 2.7.0 * @since 4.0.0 The `$token` element was added to the return value. * * @param string $cookie Authentication cookie. * @param string $scheme Optional. The cookie scheme to use: 'auth', 'secure_auth', or 'logged_in'. * @return string[]|false { * Authentication cookie components. None of the components should be assumed * to be valid as they come directly from a client-provided cookie value. If * the cookie value is malformed, false is returned. * * @type string $username User's username. * @type string $expiration The time the cookie expires as a UNIX timestamp. * @type string $token User's session token used. * @type string $hmac The security hash for the cookie. * @type string $scheme The cookie scheme to use. * } */ function wp_parse_auth_cookie( $cookie = '', $scheme = '' ) { if ( empty( $cookie ) ) { switch ( $scheme ) { case 'auth': $cookie_name = AUTH_COOKIE; break; case 'secure_auth': $cookie_name = SECURE_AUTH_COOKIE; break; case 'logged_in': $cookie_name = LOGGED_IN_COOKIE; break; default: if ( is_ssl() ) { $cookie_name = SECURE_AUTH_COOKIE; $scheme = 'secure_auth'; } else { $cookie_name = AUTH_COOKIE; $scheme = 'auth'; } } if ( empty( $_COOKIE[ $cookie_name ] ) ) { return false; } $cookie = $_COOKIE[ $cookie_name ]; } $cookie_elements = explode( '|', $cookie ); if ( count( $cookie_elements ) !== 4 ) { return false; } list( $username, $expiration, $token, $hmac ) = $cookie_elements; return compact( 'username', 'expiration', 'token', 'hmac', 'scheme' ); } endif; if ( ! function_exists( 'wp_set_auth_cookie' ) ) : /** * Sets the authentication cookies for a given user ID. * * The `$remember` parameter controls cookie persistence: * - If true, the cookie is persistent (default 14 days, filterable via {@see 'auth_cookie_expiration'}). * - If false, the cookie is a browser session cookie (expires when the browser closes). * Internally, {@see 'auth_cookie_expiration'} is still applied, to expire the login after * two days or when the browser is closed, whichever occurs first. * * @since 2.5.0 * @since 4.3.0 Added the `$token` parameter. * * @param int $user_id User ID. * @param bool $remember Whether to remember the user. * @param bool|string $secure Whether the auth cookie should only be sent over HTTPS. Default is an empty * string which means the value of `is_ssl()` will be used. * @param string $token Optional. User's session token to use for this cookie. */ function wp_set_auth_cookie( $user_id, $remember = false, $secure = '', $token = '' ) { if ( $remember ) { /** * Filters the duration of the authentication cookie expiration period. * * @since 2.8.0 * * @param int $length Duration of the expiration period in seconds. * @param int $user_id User ID. * @param bool $remember Whether to remember the user login. Default false. */ $expiration = time() + apply_filters( 'auth_cookie_expiration', 14 * DAY_IN_SECONDS, $user_id, $remember ); /* * Ensure the browser will continue to send the cookie after the expiration time is reached. * Needed for the login grace period in wp_validate_auth_cookie(). */ $expire = $expiration + ( 12 * HOUR_IN_SECONDS ); } else { /** This filter is documented in wp-includes/pluggable.php */ $expiration = time() + apply_filters( 'auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, $remember ); $expire = 0; } if ( '' === $secure ) { $secure = is_ssl(); } // Front-end cookie is secure when the auth cookie is secure and the site's home URL uses HTTPS. $secure_logged_in_cookie = $secure && 'https' === parse_url( get_option( 'home' ), PHP_URL_SCHEME ); /** * Filters whether the auth cookie should only be sent over HTTPS. * * @since 3.1.0 * * @param bool $secure Whether the cookie should only be sent over HTTPS. * @param int $user_id User ID. */ $secure = apply_filters( 'secure_auth_cookie', $secure, $user_id ); /** * Filters whether the logged in cookie should only be sent over HTTPS. * * @since 3.1.0 * * @param bool $secure_logged_in_cookie Whether the logged in cookie should only be sent over HTTPS. * @param int $user_id User ID. * @param bool $secure Whether the auth cookie should only be sent over HTTPS. */ $secure_logged_in_cookie = apply_filters( 'secure_logged_in_cookie', $secure_logged_in_cookie, $user_id, $secure ); if ( $secure ) { $auth_cookie_name = SECURE_AUTH_COOKIE; $scheme = 'secure_auth'; } else { $auth_cookie_name = AUTH_COOKIE; $scheme = 'auth'; } if ( '' === $token ) { $manager = WP_Session_Tokens::get_instance( $user_id ); $token = $manager->create( $expiration ); } $auth_cookie = wp_generate_auth_cookie( $user_id, $expiration, $scheme, $token ); $logged_in_cookie = wp_generate_auth_cookie( $user_id, $expiration, 'logged_in', $token ); /** * Fires immediately before the authentication cookie is set. * * @since 2.5.0 * @since 4.9.0 The `$token` parameter was added. * * @param string $auth_cookie Authentication cookie value. * @param int $expire The time the login grace period expires as a UNIX timestamp. * Default is 12 hours past the cookie's expiration time. * @param int $expiration The time when the authentication cookie expires as a UNIX timestamp. * Default is 14 days from now. * @param int $user_id User ID. * @param string $scheme Authentication scheme. Values include 'auth' or 'secure_auth'. * @param string $token User's session token to use for this cookie. */ do_action( 'set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme, $token ); /** * Fires immediately before the logged-in authentication cookie is set. * * @since 2.6.0 * @since 4.9.0 The `$token` parameter was added. * * @param string $logged_in_cookie The logged-in cookie value. * @param int $expire The time the login grace period expires as a UNIX timestamp. * Default is 12 hours past the cookie's expiration time. * @param int $expiration The time when the logged-in authentication cookie expires as a UNIX timestamp. * Default is 14 days from now. * @param int $user_id User ID. * @param string $scheme Authentication scheme. Default 'logged_in'. * @param string $token User's session token to use for this cookie. */ do_action( 'set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in', $token ); /** * Allows preventing auth cookies from actually being sent to the client. * * @since 4.7.4 * @since 6.2.0 The `$expire`, `$expiration`, `$user_id`, `$scheme`, and `$token` parameters were added. * * @param bool $send Whether to send auth cookies to the client. Default true. * @param int $expire The time the login grace period expires as a UNIX timestamp. * Default is 12 hours past the cookie's expiration time. Zero when clearing cookies. * @param int $expiration The time when the logged-in authentication cookie expires as a UNIX timestamp. * Default is 14 days from now. Zero when clearing cookies. * @param int $user_id User ID. Zero when clearing cookies. * @param string $scheme Authentication scheme. Values include 'auth' or 'secure_auth'. * Empty string when clearing cookies. * @param string $token User's session token to use for this cookie. Empty string when clearing cookies. */ if ( ! apply_filters( 'send_auth_cookies', true, $expire, $expiration, $user_id, $scheme, $token ) ) { return; } setcookie( $auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true ); setcookie( $auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true ); setcookie( LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true ); if ( COOKIEPATH !== SITECOOKIEPATH ) { setcookie( LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true ); } } endif; if ( ! function_exists( 'wp_clear_auth_cookie' ) ) : /** * Removes all of the cookies associated with authentication. * * @since 2.5.0 */ function wp_clear_auth_cookie() { /** * Fires just before the authentication cookies are cleared. * * @since 2.7.0 */ do_action( 'clear_auth_cookie' ); /** This filter is documented in wp-includes/pluggable.php */ if ( ! apply_filters( 'send_auth_cookies', true, 0, 0, 0, '', '' ) ) { return; } // Auth cookies. setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN ); setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN ); setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN ); setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN ); setcookie( LOGGED_IN_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN ); setcookie( LOGGED_IN_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN ); // Settings cookies. setcookie( 'wp-settings-' . get_current_user_id(), ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH ); setcookie( 'wp-settings-time-' . get_current_user_id(), ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH ); // Old cookies. setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN ); setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN ); setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN ); setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN ); // Even older cookies. setcookie( USER_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN ); setcookie( PASS_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN ); setcookie( USER_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN ); setcookie( PASS_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN ); // Post password cookie. setcookie( 'wp-postpass_' . COOKIEHASH, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN ); } endif; if ( ! function_exists( 'is_user_logged_in' ) ) : /** * Determines whether the current visitor is a logged in user. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.0.0 * * @return bool True if user is logged in, false if not logged in. */ function is_user_logged_in() { $user = wp_get_current_user(); return $user->exists(); } endif; if ( ! function_exists( 'auth_redirect' ) ) : /** * Checks if a user is logged in, if not it redirects them to the login page. * * When this code is called from a page, it checks to see if the user viewing the page is logged in. * If the user is not logged in, they are redirected to the login page. The user is redirected * in such a way that, upon logging in, they will be sent directly to the page they were originally * trying to access. * * @since 1.5.0 */ function auth_redirect() { $secure = ( is_ssl() || force_ssl_admin() ); /** * Filters whether to use a secure authentication redirect. * * @since 3.1.0 * * @param bool $secure Whether to use a secure authentication redirect. Default false. */ $secure = apply_filters( 'secure_auth_redirect', $secure ); // If https is required and request is http, redirect. if ( $secure && ! is_ssl() && str_contains( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) { if ( str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) { wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) ); exit; } else { wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); exit; } } /** * Filters the authentication redirect scheme. * * @since 2.9.0 * * @param string $scheme Authentication redirect scheme. Default empty. */ $scheme = apply_filters( 'auth_redirect_scheme', '' ); $user_id = wp_validate_auth_cookie( '', $scheme ); if ( $user_id ) { /** * Fires before the authentication redirect. * * @since 2.8.0 * * @param int $user_id User ID. */ do_action( 'auth_redirect', $user_id ); // If the user wants ssl but the session is not ssl, redirect. if ( ! $secure && get_user_option( 'use_ssl', $user_id ) && str_contains( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) { if ( str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) { wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) ); exit; } else { wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); exit; } } return; // The cookie is good, so we're done. } // The cookie is no good, so force login. nocache_headers(); if ( str_contains( $_SERVER['REQUEST_URI'], '/options.php' ) && wp_get_referer() ) { $redirect = wp_get_referer(); } else { $redirect = set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); } $login_url = wp_login_url( $redirect, true ); wp_redirect( $login_url ); exit; } endif; if ( ! function_exists( 'check_admin_referer' ) ) : /** * Ensures intent by verifying that a user was referred from another admin page with the correct security nonce. * * This function ensures the user intends to perform a given action, which helps protect against clickjacking style * attacks. It verifies intent, not authorization, therefore it does not verify the user's capabilities. This should * be performed with `current_user_can()` or similar. * * If the nonce value is invalid, the function will exit with an "Are You Sure?" style message. * * @since 1.2.0 * @since 2.5.0 The `$query_arg` parameter was added. * * @param int|string $action The nonce action. * @param string $query_arg Optional. Key to check for nonce in `$_REQUEST`. Default '_wpnonce'. * @return int|false 1 if the nonce is valid and generated between 0-12 hours ago, * 2 if the nonce is valid and generated between 12-24 hours ago. * False if the nonce is invalid. */ function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) { if ( -1 === $action ) { _doing_it_wrong( __FUNCTION__, __( 'You should specify an action to be verified by using the first parameter.' ), '3.2.0' ); } $adminurl = strtolower( admin_url() ); $referer = strtolower( wp_get_referer() ); $result = isset( $_REQUEST[ $query_arg ] ) ? wp_verify_nonce( $_REQUEST[ $query_arg ], $action ) : false; /** * Fires once the admin request has been validated or not. * * @since 1.5.1 * * @param string $action The nonce action. * @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between * 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago. */ do_action( 'check_admin_referer', $action, $result ); if ( ! $result && ! ( -1 === $action && str_starts_with( $referer, $adminurl ) ) ) { wp_nonce_ays( $action ); die(); } return $result; } endif; if ( ! function_exists( 'check_ajax_referer' ) ) : /** * Verifies the Ajax request to prevent processing requests external of the blog. * * @since 2.0.3 * * @param int|string $action Action nonce. * @param false|string $query_arg Optional. Key to check for the nonce in `$_REQUEST` (since 2.5). If false, * `$_REQUEST` values will be evaluated for '_ajax_nonce', and '_wpnonce' * (in that order). Default false. * @param bool $stop Optional. Whether to stop early when the nonce cannot be verified. * Default true. * @return int|false 1 if the nonce is valid and generated between 0-12 hours ago, * 2 if the nonce is valid and generated between 12-24 hours ago. * False if the nonce is invalid. */ function check_ajax_referer( $action = -1, $query_arg = false, $stop = true ) { if ( -1 === $action ) { _doing_it_wrong( __FUNCTION__, __( 'You should specify an action to be verified by using the first parameter.' ), '4.7.0' ); } $nonce = ''; if ( $query_arg && isset( $_REQUEST[ $query_arg ] ) ) { $nonce = $_REQUEST[ $query_arg ]; } elseif ( isset( $_REQUEST['_ajax_nonce'] ) ) { $nonce = $_REQUEST['_ajax_nonce']; } elseif ( isset( $_REQUEST['_wpnonce'] ) ) { $nonce = $_REQUEST['_wpnonce']; } $result = wp_verify_nonce( $nonce, $action ); /** * Fires once the Ajax request has been validated or not. * * @since 2.1.0 * * @param string $action The Ajax nonce action. * @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between * 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago. */ do_action( 'check_ajax_referer', $action, $result ); if ( $stop && false === $result ) { if ( wp_doing_ajax() ) { wp_die( -1, 403 ); } else { die( '-1' ); } } return $result; } endif; if ( ! function_exists( 'wp_redirect' ) ) : /** * Redirects to another page. * * Note: wp_redirect() does not exit automatically, and should almost always be * followed by a call to `exit;`: * * wp_redirect( $url ); * exit; * * Exiting can also be selectively manipulated by using wp_redirect() as a conditional * in conjunction with the {@see 'wp_redirect'} and {@see 'wp_redirect_status'} filters: * * if ( wp_redirect( $url ) ) { * exit; * } * * @since 1.5.1 * @since 5.1.0 The `$x_redirect_by` parameter was added. * @since 5.4.0 On invalid status codes, wp_die() is called. * * @global bool $is_IIS * * @param string $location The path or URL to redirect to. * @param int $status Optional. HTTP response status code to use. Default '302' (Moved Temporarily). * @param string|false $x_redirect_by Optional. The application doing the redirect or false to omit. Default 'WordPress'. * @return bool False if the redirect was canceled, true otherwise. */ function wp_redirect( $location, $status = 302, $x_redirect_by = 'WordPress' ) { global $is_IIS; /** * Filters the redirect location. * * @since 2.1.0 * * @param string $location The path or URL to redirect to. * @param int $status The HTTP response status code to use. */ $location = apply_filters( 'wp_redirect', $location, $status ); /** * Filters the redirect HTTP response status code to use. * * @since 2.3.0 * * @param int $status The HTTP response status code to use. * @param string $location The path or URL to redirect to. */ $status = apply_filters( 'wp_redirect_status', $status, $location ); if ( ! $location ) { return false; } if ( $status < 300 || 399 < $status ) { wp_die( __( 'HTTP redirect status code must be a redirection code, 3xx.' ) ); } $location = wp_sanitize_redirect( $location ); if ( ! $is_IIS && 'cgi-fcgi' !== PHP_SAPI ) { status_header( $status ); // This causes problems on IIS and some FastCGI setups. } /** * Filters the X-Redirect-By header. * * Allows applications to identify themselves when they're doing a redirect. * * @since 5.1.0 * * @param string|false $x_redirect_by The application doing the redirect or false to omit the header. * @param int $status Status code to use. * @param string $location The path to redirect to. */ $x_redirect_by = apply_filters( 'x_redirect_by', $x_redirect_by, $status, $location ); if ( is_string( $x_redirect_by ) ) { header( "X-Redirect-By: $x_redirect_by" ); } header( "Location: $location", true, $status ); return true; } endif; if ( ! function_exists( 'wp_sanitize_redirect' ) ) : /** * Sanitizes a URL for use in a redirect. * * @since 2.3.0 * * @param string $location The path to redirect to. * @return string Redirect-sanitized URL. */ function wp_sanitize_redirect( $location ) { // Encode spaces. $location = str_replace( ' ', '%20', $location ); $regex = '/ ( (?: [\xC2-\xDF][\x80-\xBF] # double-byte sequences 110xxxxx 10xxxxxx | \xE0[\xA0-\xBF][\x80-\xBF] # triple-byte sequences 1110xxxx 10xxxxxx * 2 | [\xE1-\xEC][\x80-\xBF]{2} | \xED[\x80-\x9F][\x80-\xBF] | [\xEE-\xEF][\x80-\xBF]{2} | \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences 11110xxx 10xxxxxx * 3 | [\xF1-\xF3][\x80-\xBF]{3} | \xF4[\x80-\x8F][\x80-\xBF]{2} ){1,40} # ...one or more times )/x'; $location = preg_replace_callback( $regex, '_wp_sanitize_utf8_in_redirect', $location ); $location = preg_replace( '|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()@]|i', '', $location ); $location = wp_kses_no_null( $location ); // Remove %0D and %0A from location. $strip = array( '%0d', '%0a', '%0D', '%0A' ); return _deep_replace( $strip, $location ); } /** * URL encodes UTF-8 characters in a URL. * * @ignore * @since 4.2.0 * @access private * * @see wp_sanitize_redirect() * * @param array $matches RegEx matches against the redirect location. * @return string URL-encoded version of the first RegEx match. */ function _wp_sanitize_utf8_in_redirect( $matches ) { return urlencode( $matches[0] ); } endif; if ( ! function_exists( 'wp_safe_redirect' ) ) : /** * Performs a safe (local) redirect, using wp_redirect(). * * Checks whether the $location is using an allowed host, if it has an absolute * path. A plugin can therefore set or remove allowed host(s) to or from the * list. * * If the host is not allowed, then the redirect defaults to wp-admin on the siteurl * instead. This prevents malicious redirects which redirect to another host, * but only used in a few places. * * Note: wp_safe_redirect() does not exit automatically, and should almost always be * followed by a call to `exit;`: * * wp_safe_redirect( $url ); * exit; * * Exiting can also be selectively manipulated by using wp_safe_redirect() as a conditional * in conjunction with the {@see 'wp_redirect'} and {@see 'wp_redirect_status'} filters: * * if ( wp_safe_redirect( $url ) ) { * exit; * } * * @since 2.3.0 * @since 5.1.0 The return value from wp_redirect() is now passed on, and the `$x_redirect_by` parameter was added. * * @param string $location The path or URL to redirect to. * @param int $status Optional. HTTP response status code to use. Default '302' (Moved Temporarily). * @param string|false $x_redirect_by Optional. The application doing the redirect or false to omit. Default 'WordPress'. * @return bool False if the redirect was canceled, true otherwise. */ function wp_safe_redirect( $location, $status = 302, $x_redirect_by = 'WordPress' ) { // Need to look at the URL the way it will end up in wp_redirect(). $location = wp_sanitize_redirect( $location ); /** * Filters the redirect fallback URL for when the provided redirect is not safe (local). * * @since 4.3.0 * * @param string $fallback_url The fallback URL to use by default. * @param int $status The HTTP response status code to use. */ $fallback_url = apply_filters( 'wp_safe_redirect_fallback', admin_url(), $status ); $location = wp_validate_redirect( $location, $fallback_url ); return wp_redirect( $location, $status, $x_redirect_by ); } endif; if ( ! function_exists( 'wp_validate_redirect' ) ) : /** * Validates a URL for use in a redirect. * * Checks whether the $location is using an allowed host, if it has an absolute * path. A plugin can therefore set or remove allowed host(s) to or from the * list. * * If the host is not allowed, then the redirect is to $fallback_url supplied. * * @since 2.8.1 * * @param string $location The redirect to validate. * @param string $fallback_url The value to return if $location is not allowed. * @return string Redirect-sanitized URL. */ function wp_validate_redirect( $location, $fallback_url = '' ) { $location = wp_sanitize_redirect( trim( $location, " \t\n\r\0\x08\x0B" ) ); // Browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'. if ( str_starts_with( $location, '//' ) ) { $location = 'http:' . $location; } /* * In PHP 5 parse_url() may fail if the URL query part contains 'http://'. * See https://bugs.php.net/bug.php?id=38143 */ $cut = strpos( $location, '?' ); $test = $cut ? substr( $location, 0, $cut ) : $location; $lp = parse_url( $test ); // Give up if malformed URL. if ( false === $lp ) { return $fallback_url; } // Allow only 'http' and 'https' schemes. No 'data:', etc. if ( isset( $lp['scheme'] ) && ! ( 'http' === $lp['scheme'] || 'https' === $lp['scheme'] ) ) { return $fallback_url; } if ( ! isset( $lp['host'] ) && ! empty( $lp['path'] ) && '/' !== $lp['path'][0] ) { $path = ''; if ( ! empty( $_SERVER['REQUEST_URI'] ) ) { $path = dirname( parse_url( 'http://placeholder' . $_SERVER['REQUEST_URI'], PHP_URL_PATH ) . '?' ); $path = wp_normalize_path( $path ); } $location = '/' . ltrim( $path . '/', '/' ) . $location; } /* * Reject if certain components are set but host is not. * This catches URLs like https:host.com for which parse_url() does not set the host field. */ if ( ! isset( $lp['host'] ) && ( isset( $lp['scheme'] ) || isset( $lp['user'] ) || isset( $lp['pass'] ) || isset( $lp['port'] ) ) ) { return $fallback_url; } // Reject malformed components parse_url() can return on odd inputs. foreach ( array( 'user', 'pass', 'host' ) as $component ) { if ( isset( $lp[ $component ] ) && strpbrk( $lp[ $component ], ':/?#@' ) ) { return $fallback_url; } } $wpp = parse_url( home_url() ); /** * Filters the list of allowed hosts to redirect to. * * @since 2.3.0 * * @param string[] $hosts An array of allowed host names. * @param string $host The host name of the redirect destination; empty string if not set. */ $allowed_hosts = (array) apply_filters( 'allowed_redirect_hosts', array( $wpp['host'] ), isset( $lp['host'] ) ? $lp['host'] : '' ); if ( isset( $lp['host'] ) && ( ! in_array( $lp['host'], $allowed_hosts, true ) && strtolower( $wpp['host'] ) !== $lp['host'] ) ) { $location = $fallback_url; } return $location; } endif; if ( ! function_exists( 'wp_notify_postauthor' ) ) : /** * Notifies an author (and/or others) of a comment/trackback/pingback on a post. * * @since 1.0.0 * * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. * @param string $deprecated Not used. * @return bool True on completion. False if no email addresses were specified. */ function wp_notify_postauthor( $comment_id, $deprecated = null ) { if ( null !== $deprecated ) { _deprecated_argument( __FUNCTION__, '3.8.0' ); } $comment = get_comment( $comment_id ); if ( empty( $comment ) || empty( $comment->comment_post_ID ) ) { return false; } $post = get_post( $comment->comment_post_ID ); $author = get_userdata( $post->post_author ); // Who to notify? By default, just the post author, but others can be added. $emails = array(); if ( $author ) { $emails[] = $author->user_email; } /** * Filters the list of email addresses to receive a comment notification. * * By default, only post authors are notified of comments. This filter allows * others to be added. * * @since 3.7.0 * * @param string[] $emails An array of email addresses to receive a comment notification. * @param string $comment_id The comment ID as a numeric string. */ $emails = apply_filters( 'comment_notification_recipients', $emails, $comment->comment_ID ); $emails = array_filter( $emails ); // If there are no addresses to send the comment to, bail. if ( ! count( $emails ) ) { return false; } // Facilitate unsetting below without knowing the keys. $emails = array_flip( $emails ); /** * Filters whether to notify comment authors of their comments on their own posts. * * By default, comment authors aren't notified of their comments on their own * posts. This filter allows you to override that. * * @since 3.8.0 * * @param bool $notify Whether to notify the post author of their own comment. * Default false. * @param string $comment_id The comment ID as a numeric string. */ $notify_author = apply_filters( 'comment_notification_notify_author', false, $comment->comment_ID ); // The comment was left by the author. if ( $author && ! $notify_author && (int) $comment->user_id === (int) $post->post_author ) { unset( $emails[ $author->user_email ] ); } // The author moderated a comment on their own post. if ( $author && ! $notify_author && get_current_user_id() === (int) $post->post_author ) { unset( $emails[ $author->user_email ] ); } // The post author is no longer a member of the blog. if ( $author && ! $notify_author && ! user_can( $post->post_author, 'read_post', $post->ID ) ) { unset( $emails[ $author->user_email ] ); } // If there's no email to send the comment to, bail, otherwise flip array back around for use below. if ( ! count( $emails ) ) { return false; } else { $emails = array_flip( $emails ); } $comment_author_domain = ''; if ( WP_Http::is_ip_address( $comment->comment_author_IP ) ) { $comment_author_domain = gethostbyaddr( $comment->comment_author_IP ); } /* * The blogname option is escaped with esc_html() on the way into the database in sanitize_option(). * We want to reverse this for the plain text arena of emails. */ $blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); $comment_content = wp_specialchars_decode( $comment->comment_content ); $wp_email = 'wordpress@' . preg_replace( '#^www\.#', '', wp_parse_url( network_home_url(), PHP_URL_HOST ) ); if ( '' === $comment->comment_author ) { $from = "From: \"$blogname\" <$wp_email>"; if ( '' !== $comment->comment_author_email ) { $reply_to = "Reply-To: $comment->comment_author_email"; } } else { $from = "From: \"$comment->comment_author\" <$wp_email>"; if ( '' !== $comment->comment_author_email ) { $reply_to = "Reply-To: \"$comment->comment_author_email\" <$comment->comment_author_email>"; } } $message_headers = "$from\n" . 'Content-Type: text/plain; charset="' . get_option( 'blog_charset' ) . "\"\n"; if ( isset( $reply_to ) ) { $message_headers .= $reply_to . "\n"; } /** * Filters the comment notification email headers. * * @since 1.5.2 * * @param string $message_headers Headers for the comment notification email. * @param string $comment_id Comment ID as a numeric string. */ $message_headers = apply_filters( 'comment_notification_headers', $message_headers, $comment->comment_ID ); foreach ( $emails as $email ) { $user = get_user_by( 'email', $email ); if ( $user ) { $switched_locale = switch_to_user_locale( $user->ID ); } else { $switched_locale = switch_to_locale( get_locale() ); } switch ( $comment->comment_type ) { case 'trackback': /* translators: %s: Post title. */ $notify_message = sprintf( __( 'New trackback on your post "%s"' ), $post->post_title ) . "\r\n"; /* translators: 1: Trackback/pingback website name, 2: Website IP address, 3: Website hostname. */ $notify_message .= sprintf( __( 'Website: %1$s (IP address: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; /* translators: %s: Trackback/pingback/comment author URL. */ $notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n"; /* translators: %s: Comment text. */ $notify_message .= sprintf( __( 'Comment: %s' ), "\r\n" . $comment_content ) . "\r\n\r\n"; $notify_message .= __( 'You can see all trackbacks on this post here:' ) . "\r\n"; /* translators: Trackback notification email subject. 1: Site title, 2: Post title. */ $subject = sprintf( __( '[%1$s] Trackback: "%2$s"' ), $blogname, $post->post_title ); break; case 'pingback': /* translators: %s: Post title. */ $notify_message = sprintf( __( 'New pingback on your post "%s"' ), $post->post_title ) . "\r\n"; /* translators: 1: Trackback/pingback website name, 2: Website IP address, 3: Website hostname. */ $notify_message .= sprintf( __( 'Website: %1$s (IP address: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; /* translators: %s: Trackback/pingback/comment author URL. */ $notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n"; /* translators: %s: Comment text. */ $notify_message .= sprintf( __( 'Comment: %s' ), "\r\n" . $comment_content ) . "\r\n\r\n"; $notify_message .= __( 'You can see all pingbacks on this post here:' ) . "\r\n"; /* translators: Pingback notification email subject. 1: Site title, 2: Post title. */ $subject = sprintf( __( '[%1$s] Pingback: "%2$s"' ), $blogname, $post->post_title ); break; case 'note': /* translators: %s: Post title. */ $notify_message = sprintf( __( 'New note on your post "%s"' ), $post->post_title ) . "\r\n"; /* translators: 1: Note author's name, 2: Note author's IP address, 3: Note author's hostname. */ $notify_message .= sprintf( __( 'Author: %1$s (IP address: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; /* translators: %s: Note author email. */ $notify_message .= sprintf( __( 'Email: %s' ), $comment->comment_author_email ) . "\r\n"; /* translators: %s: Note text. */ $notify_message .= sprintf( __( 'Note: %s' ), "\r\n" . ( empty( $comment_content ) ? __( 'resolved/reopened' ) : $comment_content ) ) . "\r\n\r\n"; $notify_message .= __( 'You can see all notes on this post here:' ) . "\r\n"; /* translators: Note notification email subject. 1: Site title, 2: Post title. */ $subject = sprintf( __( '[%1$s] Note: "%2$s"' ), $blogname, $post->post_title ); break; default: // Comments. /* translators: %s: Post title. */ $notify_message = sprintf( __( 'New comment on your post "%s"' ), $post->post_title ) . "\r\n"; /* translators: 1: Comment author's name, 2: Comment author's IP address, 3: Comment author's hostname. */ $notify_message .= sprintf( __( 'Author: %1$s (IP address: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; /* translators: %s: Comment author email. */ $notify_message .= sprintf( __( 'Email: %s' ), $comment->comment_author_email ) . "\r\n"; /* translators: %s: Trackback/pingback/comment author URL. */ $notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n"; if ( $comment->comment_parent && user_can( $post->post_author, 'edit_comment', $comment->comment_parent ) ) { /* translators: Comment moderation. %s: Parent comment edit URL. */ $notify_message .= sprintf( __( 'In reply to: %s' ), admin_url( "comment.php?action=editcomment&c={$comment->comment_parent}#wpbody-content" ) ) . "\r\n"; } /* translators: %s: Comment text. */ $notify_message .= sprintf( __( 'Comment: %s' ), "\r\n" . $comment_content ) . "\r\n\r\n"; $notify_message .= __( 'You can see all comments on this post here:' ) . "\r\n"; /* translators: Comment notification email subject. 1: Site title, 2: Post title. */ $subject = sprintf( __( '[%1$s] Comment: "%2$s"' ), $blogname, $post->post_title ); break; } /* translators: %s: Comment URL. */ if ( 'note' === $comment->comment_type ) { $notify_message .= get_edit_post_link( $comment->comment_post_ID, 'url' ) . "\r\n"; } else { $notify_message .= get_permalink( $comment->comment_post_ID ) . "#comments\r\n\r\n"; $notify_message .= sprintf( __( 'Permalink: %s' ), get_comment_link( $comment ) ) . "\r\n"; } if ( 'note' !== $comment->comment_type && user_can( $post->post_author, 'edit_comment', $comment->comment_ID ) ) { if ( EMPTY_TRASH_DAYS ) { /* translators: Comment moderation. %s: Comment action URL. */ $notify_message .= sprintf( __( 'Trash it: %s' ), admin_url( "comment.php?action=trash&c={$comment->comment_ID}#wpbody-content" ) ) . "\r\n"; } else { /* translators: Comment moderation. %s: Comment action URL. */ $notify_message .= sprintf( __( 'Delete it: %s' ), admin_url( "comment.php?action=delete&c={$comment->comment_ID}#wpbody-content" ) ) . "\r\n"; } /* translators: Comment moderation. %s: Comment action URL. */ $notify_message .= sprintf( __( 'Spam it: %s' ), admin_url( "comment.php?action=spam&c={$comment->comment_ID}#wpbody-content" ) ) . "\r\n"; } /** * Filters the comment notification email text. * * @since 1.5.2 * * @param string $notify_message The comment notification email text. * @param string $comment_id Comment ID as a numeric string. */ $notify_message = apply_filters( 'comment_notification_text', $notify_message, $comment->comment_ID ); /** * Filters the comment notification email subject. * * @since 1.5.2 * * @param string $subject The comment notification email subject. * @param string $comment_id Comment ID as a numeric string. */ $subject = apply_filters( 'comment_notification_subject', $subject, $comment->comment_ID ); wp_mail( $email, wp_specialchars_decode( $subject ), $notify_message, $message_headers ); if ( $switched_locale ) { restore_previous_locale(); } } return true; } endif; if ( ! function_exists( 'wp_notify_moderator' ) ) : /** * Notifies the moderator of the site about a new comment that is awaiting approval. * * @since 1.0.0 * * @global wpdb $wpdb WordPress database abstraction object. * * Uses the {@see 'notify_moderator'} filter to determine whether the site moderator * should be notified, overriding the site setting. * * @param int $comment_id Comment ID. * @return true Always returns true. */ function wp_notify_moderator( $comment_id ) { global $wpdb; $maybe_notify = get_option( 'moderation_notify' ); /** * Filters whether to send the site moderator email notifications, overriding the site setting. * * @since 4.4.0 * * @param bool $maybe_notify Whether to notify blog moderator. * @param int $comment_id The ID of the comment for the notification. */ $maybe_notify = apply_filters( 'notify_moderator', $maybe_notify, $comment_id ); if ( ! $maybe_notify ) { return true; } $comment = get_comment( $comment_id ); $post = get_post( $comment->comment_post_ID ); $user = get_userdata( $post->post_author ); // Send to the administration and to the post author if the author can modify the comment. $emails = array( get_option( 'admin_email' ) ); if ( $user && user_can( $user->ID, 'edit_comment', $comment_id ) && ! empty( $user->user_email ) ) { if ( 0 !== strcasecmp( $user->user_email, get_option( 'admin_email' ) ) ) { $emails[] = $user->user_email; } } $comment_author_domain = ''; if ( WP_Http::is_ip_address( $comment->comment_author_IP ) ) { $comment_author_domain = gethostbyaddr( $comment->comment_author_IP ); } $comments_waiting = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_approved = '0'" ); /* * The blogname option is escaped with esc_html() on the way into the database in sanitize_option(). * We want to reverse this for the plain text arena of emails. */ $blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); $comment_content = wp_specialchars_decode( $comment->comment_content ); $message_headers = ''; /** * Filters the list of recipients for comment moderation emails. * * @since 3.7.0 * * @param string[] $emails List of email addresses to notify for comment moderation. * @param int $comment_id Comment ID. */ $emails = apply_filters( 'comment_moderation_recipients', $emails, $comment_id ); /** * Filters the comment moderation email headers. * * @since 2.8.0 * * @param string $message_headers Headers for the comment moderation email. * @param int $comment_id Comment ID. */ $message_headers = apply_filters( 'comment_moderation_headers', $message_headers, $comment_id ); foreach ( $emails as $email ) { $user = get_user_by( 'email', $email ); if ( $user ) { $switched_locale = switch_to_user_locale( $user->ID ); } else { $switched_locale = switch_to_locale( get_locale() ); } switch ( $comment->comment_type ) { case 'trackback': /* translators: %s: Post title. */ $notify_message = sprintf( __( 'A new trackback on the post "%s" is waiting for your approval' ), $post->post_title ) . "\r\n"; $notify_message .= get_permalink( $comment->comment_post_ID ) . "\r\n\r\n"; /* translators: 1: Trackback/pingback website name, 2: Website IP address, 3: Website hostname. */ $notify_message .= sprintf( __( 'Website: %1$s (IP address: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; /* translators: %s: Trackback/pingback/comment author URL. */ $notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n"; $notify_message .= __( 'Trackback excerpt: ' ) . "\r\n" . $comment_content . "\r\n\r\n"; break; case 'pingback': /* translators: %s: Post title. */ $notify_message = sprintf( __( 'A new pingback on the post "%s" is waiting for your approval' ), $post->post_title ) . "\r\n"; $notify_message .= get_permalink( $comment->comment_post_ID ) . "\r\n\r\n"; /* translators: 1: Trackback/pingback website name, 2: Website IP address, 3: Website hostname. */ $notify_message .= sprintf( __( 'Website: %1$s (IP address: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; /* translators: %s: Trackback/pingback/comment author URL. */ $notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n"; $notify_message .= __( 'Pingback excerpt: ' ) . "\r\n" . $comment_content . "\r\n\r\n"; break; default: // Comments. /* translators: %s: Post title. */ $notify_message = sprintf( __( 'A new comment on the post "%s" is waiting for your approval' ), $post->post_title ) . "\r\n"; $notify_message .= get_permalink( $comment->comment_post_ID ) . "\r\n\r\n"; /* translators: 1: Comment author's name, 2: Comment author's IP address, 3: Comment author's hostname. */ $notify_message .= sprintf( __( 'Author: %1$s (IP address: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; /* translators: %s: Comment author email. */ $notify_message .= sprintf( __( 'Email: %s' ), $comment->comment_author_email ) . "\r\n"; /* translators: %s: Trackback/pingback/comment author URL. */ $notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n"; if ( $comment->comment_parent ) { /* translators: Comment moderation. %s: Parent comment edit URL. */ $notify_message .= sprintf( __( 'In reply to: %s' ), admin_url( "comment.php?action=editcomment&c={$comment->comment_parent}#wpbody-content" ) ) . "\r\n"; } /* translators: %s: Comment text. */ $notify_message .= sprintf( __( 'Comment: %s' ), "\r\n" . $comment_content ) . "\r\n\r\n"; break; } /* translators: Comment moderation. %s: Comment action URL. */ $notify_message .= sprintf( __( 'Approve it: %s' ), admin_url( "comment.php?action=approve&c={$comment_id}#wpbody-content" ) ) . "\r\n"; if ( EMPTY_TRASH_DAYS ) { /* translators: Comment moderation. %s: Comment action URL. */ $notify_message .= sprintf( __( 'Trash it: %s' ), admin_url( "comment.php?action=trash&c={$comment_id}#wpbody-content" ) ) . "\r\n"; } else { /* translators: Comment moderation. %s: Comment action URL. */ $notify_message .= sprintf( __( 'Delete it: %s' ), admin_url( "comment.php?action=delete&c={$comment_id}#wpbody-content" ) ) . "\r\n"; } /* translators: Comment moderation. %s: Comment action URL. */ $notify_message .= sprintf( __( 'Spam it: %s' ), admin_url( "comment.php?action=spam&c={$comment_id}#wpbody-content" ) ) . "\r\n"; $notify_message .= sprintf( /* translators: Comment moderation. %s: Number of comments awaiting approval. */ _n( 'Currently %s comment is waiting for approval. Please visit the moderation panel:', 'Currently %s comments are waiting for approval. Please visit the moderation panel:', $comments_waiting ), number_format_i18n( $comments_waiting ) ) . "\r\n"; $notify_message .= admin_url( 'edit-comments.php?comment_status=moderated#wpbody-content' ) . "\r\n"; /* translators: Comment moderation notification email subject. 1: Site title, 2: Post title. */ $subject = sprintf( __( '[%1$s] Please moderate: "%2$s"' ), $blogname, $post->post_title ); /** * Filters the comment moderation email text. * * @since 1.5.2 * * @param string $notify_message Text of the comment moderation email. * @param int $comment_id Comment ID. */ $notify_message = apply_filters( 'comment_moderation_text', $notify_message, $comment_id ); /** * Filters the comment moderation email subject. * * @since 1.5.2 * * @param string $subject Subject of the comment moderation email. * @param int $comment_id Comment ID. */ $subject = apply_filters( 'comment_moderation_subject', $subject, $comment_id ); wp_mail( $email, wp_specialchars_decode( $subject ), $notify_message, $message_headers ); if ( $switched_locale ) { restore_previous_locale(); } } return true; } endif; if ( ! function_exists( 'wp_password_change_notification' ) ) : /** * Notifies the blog admin of a user changing password, normally via email. * * @since 2.7.0 * * @param WP_User $user User object. */ function wp_password_change_notification( $user ) { /* * Send a copy of password change notification to the admin, * but check to see if it's the admin whose password we're changing, and skip this. */ if ( 0 !== strcasecmp( $user->user_email, get_option( 'admin_email' ) ) ) { $admin_user = get_user_by( 'email', get_option( 'admin_email' ) ); if ( $admin_user ) { $switched_locale = switch_to_user_locale( $admin_user->ID ); } else { $switched_locale = switch_to_locale( get_locale() ); } /* translators: %s: User name. */ $message = sprintf( __( 'Password changed for user: %s' ), $user->user_login ) . "\r\n"; /* * The blogname option is escaped with esc_html() on the way into the database in sanitize_option(). * We want to reverse this for the plain text arena of emails. */ $blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); $wp_password_change_notification_email = array( 'to' => get_option( 'admin_email' ), /* translators: Password change notification email subject. %s: Site title. */ 'subject' => __( '[%s] Password Changed' ), 'message' => $message, 'headers' => '', ); /** * Filters the contents of the password change notification email sent to the site admin. * * @since 4.9.0 * * @param array $wp_password_change_notification_email { * Used to build wp_mail(). * * @type string $to The intended recipient - site admin email address. * @type string $subject The subject of the email. * @type string $message The body of the email. * @type string $headers The headers of the email. * } * @param WP_User $user User object for user whose password was changed. * @param string $blogname The site title. */ $wp_password_change_notification_email = apply_filters( 'wp_password_change_notification_email', $wp_password_change_notification_email, $user, $blogname ); wp_mail( $wp_password_change_notification_email['to'], wp_specialchars_decode( sprintf( $wp_password_change_notification_email['subject'], $blogname ) ), $wp_password_change_notification_email['message'], $wp_password_change_notification_email['headers'] ); if ( $switched_locale ) { restore_previous_locale(); } } } endif; if ( ! function_exists( 'wp_new_user_notification' ) ) : /** * Emails login credentials to a newly-registered user. * * A new user registration notification is also sent to admin email. * * @since 2.0.0 * @since 4.3.0 The `$plaintext_pass` parameter was changed to `$notify`. * @since 4.3.1 The `$plaintext_pass` parameter was deprecated. `$notify` added as a third parameter. * @since 4.6.0 The `$notify` parameter accepts 'user' for sending notification only to the user created. * * @param int $user_id User ID. * @param null $deprecated Not used (argument deprecated). * @param string $notify Optional. Type of notification that should happen. Accepts 'admin' or an empty * string (admin only), 'user', or 'both' (admin and user). Default empty. */ function wp_new_user_notification( $user_id, $deprecated = null, $notify = '' ) { if ( null !== $deprecated ) { _deprecated_argument( __FUNCTION__, '4.3.1' ); } // Accepts only 'user', 'admin' , 'both' or default '' as $notify. if ( ! in_array( $notify, array( 'user', 'admin', 'both', '' ), true ) ) { return; } $user = get_userdata( $user_id ); /* * The blogname option is escaped with esc_html() on the way into the database in sanitize_option(). * We want to reverse this for the plain text arena of emails. */ $blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); /** * Filters whether the admin is notified of a new user registration. * * @since 6.1.0 * * @param bool $send Whether to send the email. Default true. * @param WP_User $user User object for new user. */ $send_notification_to_admin = apply_filters( 'wp_send_new_user_notification_to_admin', true, $user ); if ( 'user' !== $notify && true === $send_notification_to_admin ) { $admin_user = get_user_by( 'email', get_option( 'admin_email' ) ); if ( $admin_user ) { $switched_locale = switch_to_user_locale( $admin_user->ID ); } else { $switched_locale = switch_to_locale( get_locale() ); } /* translators: %s: Site title. */ $message = sprintf( __( 'New user registration on your site %s:' ), $blogname ) . "\r\n\r\n"; /* translators: %s: User login. */ $message .= sprintf( __( 'Username: %s' ), $user->user_login ) . "\r\n\r\n"; /* translators: %s: User email address. */ $message .= sprintf( __( 'Email: %s' ), $user->user_email ) . "\r\n"; $wp_new_user_notification_email_admin = array( 'to' => get_option( 'admin_email' ), /* translators: New user registration notification email subject. %s: Site title. */ 'subject' => __( '[%s] New User Registration' ), 'message' => $message, 'headers' => '', ); /** * Filters the contents of the new user notification email sent to the site admin. * * @since 4.9.0 * * @param array $wp_new_user_notification_email_admin { * Used to build wp_mail(). * * @type string $to The intended recipient - site admin email address. * @type string $subject The subject of the email. * @type string $message The body of the email. * @type string $headers The headers of the email. * } * @param WP_User $user User object for new user. * @param string $blogname The site title. */ $wp_new_user_notification_email_admin = apply_filters( 'wp_new_user_notification_email_admin', $wp_new_user_notification_email_admin, $user, $blogname ); wp_mail( $wp_new_user_notification_email_admin['to'], wp_specialchars_decode( sprintf( $wp_new_user_notification_email_admin['subject'], $blogname ) ), $wp_new_user_notification_email_admin['message'], $wp_new_user_notification_email_admin['headers'] ); if ( $switched_locale ) { restore_previous_locale(); } } /** * Filters whether the user is notified of their new user registration. * * @since 6.1.0 * * @param bool $send Whether to send the email. Default true. * @param WP_User $user User object for new user. */ $send_notification_to_user = apply_filters( 'wp_send_new_user_notification_to_user', true, $user ); // `$deprecated` was pre-4.3 `$plaintext_pass`. An empty `$plaintext_pass` didn't sent a user notification. if ( 'admin' === $notify || true !== $send_notification_to_user || ( empty( $deprecated ) && empty( $notify ) ) ) { return; } $key = get_password_reset_key( $user ); if ( is_wp_error( $key ) ) { return; } $switched_locale = switch_to_user_locale( $user_id ); /* translators: %s: User login. */ $message = sprintf( __( 'Username: %s' ), $user->user_login ) . "\r\n\r\n"; $message .= __( 'To set your password, visit the following address:' ) . "\r\n\r\n"; /* * Since some user login names end in a period, this could produce ambiguous URLs that * end in a period. To avoid the ambiguity, ensure that the login is not the last query * arg in the URL. If moving it to the end, a trailing period will need to be escaped. * * @see https://core.trac.wordpress.org/tickets/42957 */ $message .= network_site_url( 'wp-login.php?login=' . rawurlencode( $user->user_login ) . "&key=$key&action=rp", 'login' ) . "\r\n\r\n"; $message .= wp_login_url() . "\r\n"; $wp_new_user_notification_email = array( 'to' => $user->user_email, /* translators: Login details notification email subject. %s: Site title. */ 'subject' => __( '[%s] Login Details' ), 'message' => $message, 'headers' => '', ); /** * Filters the contents of the new user notification email sent to the new user. * * @since 4.9.0 * * @param array $wp_new_user_notification_email { * Used to build wp_mail(). * * @type string $to The intended recipient - New user email address. * @type string $subject The subject of the email. * @type string $message The body of the email. * @type string $headers The headers of the email. * } * @param WP_User $user User object for new user. * @param string $blogname The site title. */ $wp_new_user_notification_email = apply_filters( 'wp_new_user_notification_email', $wp_new_user_notification_email, $user, $blogname ); wp_mail( $wp_new_user_notification_email['to'], wp_specialchars_decode( sprintf( $wp_new_user_notification_email['subject'], $blogname ) ), $wp_new_user_notification_email['message'], $wp_new_user_notification_email['headers'] ); if ( $switched_locale ) { restore_previous_locale(); } } endif; if ( ! function_exists( 'wp_nonce_tick' ) ) : /** * Returns the time-dependent variable for nonce creation. * * A nonce has a lifespan of two ticks. Nonces in their second tick may be * updated, e.g. by autosave. * * @since 2.5.0 * @since 6.1.0 Added `$action` argument. * * @param string|int $action Optional. The nonce action. Default -1. * @return float Float value rounded up to the next highest integer. */ function wp_nonce_tick( $action = -1 ) { /** * Filters the lifespan of nonces in seconds. * * @since 2.5.0 * @since 6.1.0 Added `$action` argument to allow for more targeted filters. * * @param int $lifespan Lifespan of nonces in seconds. Default 86,400 seconds, or one day. * @param string|int $action The nonce action, or -1 if none was provided. */ $nonce_life = apply_filters( 'nonce_life', DAY_IN_SECONDS, $action ); return ceil( time() / ( $nonce_life / 2 ) ); } endif; if ( ! function_exists( 'wp_verify_nonce' ) ) : /** * Verifies that a correct security nonce was used with time limit. * * A nonce is valid for between 12 and 24 hours (by default). * * @since 2.0.3 * * @param string $nonce Nonce value that was used for verification, usually via a form field. * @param string|int $action Should give context to what is taking place and be the same when nonce was created. * @return int|false 1 if the nonce is valid and generated between 0-12 hours ago, * 2 if the nonce is valid and generated between 12-24 hours ago. * False if the nonce is invalid. */ function wp_verify_nonce( $nonce, $action = -1 ) { $nonce = (string) $nonce; $user = wp_get_current_user(); $uid = (int) $user->ID; if ( ! $uid ) { /** * Filters whether the user who generated the nonce is logged out. * * @since 3.5.0 * * @param int $uid ID of the nonce-owning user. * @param string|int $action The nonce action, or -1 if none was provided. */ $uid = apply_filters( 'nonce_user_logged_out', $uid, $action ); } if ( empty( $nonce ) ) { return false; } $token = wp_get_session_token(); $i = wp_nonce_tick( $action ); // Nonce generated 0-12 hours ago. $expected = substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 ); if ( hash_equals( $expected, $nonce ) ) { return 1; } // Nonce generated 12-24 hours ago. $expected = substr( wp_hash( ( $i - 1 ) . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 ); if ( hash_equals( $expected, $nonce ) ) { return 2; } /** * Fires when nonce verification fails. * * @since 4.4.0 * * @param string $nonce The invalid nonce. * @param string|int $action The nonce action. * @param WP_User $user The current user object. * @param string $token The user's session token. */ do_action( 'wp_verify_nonce_failed', $nonce, $action, $user, $token ); // Invalid nonce. return false; } endif; if ( ! function_exists( 'wp_create_nonce' ) ) : /** * Creates a cryptographic token tied to a specific action, user, user session, * and window of time. * * @since 2.0.3 * @since 4.0.0 Session tokens were integrated with nonce creation. * * @param string|int $action Scalar value to add context to the nonce. * @return string The token. */ function wp_create_nonce( $action = -1 ) { $user = wp_get_current_user(); $uid = (int) $user->ID; if ( ! $uid ) { /** This filter is documented in wp-includes/pluggable.php */ $uid = apply_filters( 'nonce_user_logged_out', $uid, $action ); } $token = wp_get_session_token(); $i = wp_nonce_tick( $action ); return substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 ); } endif; if ( ! function_exists( 'wp_salt' ) ) : /** * Returns a salt to add to hashes. * * Salts are created using secret keys. Secret keys are located in two places: * in the database and in the wp-config.php file. The secret key in the database * is randomly generated and will be appended to the secret keys in wp-config.php. * * The secret keys in wp-config.php should be updated to strong, random keys to maximize * security. Below is an example of how the secret key constants are defined. * Do not paste this example directly into wp-config.php. Instead, have a * {@link https://api.wordpress.org/secret-key/1.1/salt/ secret key created} just * for you. * * define('AUTH_KEY', ' Xakm<o xQy rw4EMsLKM-?!T+,PFF})H4lzcW57AF0U@N@< >M%G4Yt>f`z]MON'); * define('SECURE_AUTH_KEY', 'LzJ}op]mr|6+![P}Ak:uNdJCJZd>(Hx.-Mh#Tz)pCIU#uGEnfFz|f ;;eU%/U^O~'); * define('LOGGED_IN_KEY', '|i|Ux`9<p-h$aFf(qnT:sDO:D1P^wZ$$/Ra@miTJi9G;ddp_<q}6H1)o|a +&JCM'); * define('NONCE_KEY', '%:R{[P|,s.KuMltH5}cI;/k<Gx~j!f0I)m_sIyu+&NJZ)-iO>z7X>QYR0Z_XnZ@|'); * define('AUTH_SALT', 'eZyT)-Naw]F8CwA*VaW#q*|.)g@o}||wf~@C-YSt}(dh_r6EbI#A,y|nU2{B#JBW'); * define('SECURE_AUTH_SALT', '!=oLUTXh,QW=H `}`L|9/^4-3 STz},T(w}W<I`.JjPi)<Bmf1v,HpGe}T1:Xt7n'); * define('LOGGED_IN_SALT', '+XSqHc;@Q*K_b|Z?NC[3H!!EONbh.n<+=uKR:>*c(u`g~EJBf#8u#R{mUEZrozmm'); * define('NONCE_SALT', 'h`GXHhD>SLWVfg1(1(N{;.V!MoE(SfbA_ksP@&`+AycHcAV$+?@3q+rxV{%^VyKT'); * * Salting passwords helps against tools which has stored hashed values of * common dictionary strings. The added values makes it harder to crack. * * @since 2.5.0 * * @link https://api.wordpress.org/secret-key/1.1/salt/ Create secrets for wp-config.php * * @param string $scheme Authentication scheme (auth, secure_auth, logged_in, nonce). * @return string Salt value */ function wp_salt( $scheme = 'auth' ) { static $cached_salts = array(); if ( isset( $cached_salts[ $scheme ] ) ) { /** * Filters the WordPress salt. * * @since 2.5.0 * * @param string $cached_salt Cached salt for the given scheme. * @param string $scheme Authentication scheme. Values include 'auth', * 'secure_auth', 'logged_in', and 'nonce'. */ return apply_filters( 'salt', $cached_salts[ $scheme ], $scheme ); } static $duplicated_keys; if ( null === $duplicated_keys ) { $duplicated_keys = array(); foreach ( array( 'AUTH', 'SECURE_AUTH', 'LOGGED_IN', 'NONCE', 'SECRET' ) as $first ) { foreach ( array( 'KEY', 'SALT' ) as $second ) { if ( ! defined( "{$first}_{$second}" ) ) { continue; } $value = constant( "{$first}_{$second}" ); $duplicated_keys[ $value ] = isset( $duplicated_keys[ $value ] ); } } $duplicated_keys['put your unique phrase here'] = true; /* * translators: This string should only be translated if wp-config-sample.php is localized. * You can check the localized release package or * https://i18n.svn.wordpress.org/<locale code>/branches/<wp version>/dist/wp-config-sample.php */ $duplicated_keys[ __( 'put your unique phrase here' ) ] = true; } /* * Determine which options to prime. * * If the salt keys are undefined, use a duplicate value or the * default `put your unique phrase here` value the salt will be * generated via `wp_generate_password()` and stored as a site * option. These options will be primed to avoid repeated * database requests for undefined salts. */ $options_to_prime = array(); foreach ( array( 'auth', 'secure_auth', 'logged_in', 'nonce' ) as $key ) { foreach ( array( 'key', 'salt' ) as $second ) { $const = strtoupper( "{$key}_{$second}" ); if ( ! defined( $const ) || true === $duplicated_keys[ constant( $const ) ] ) { $options_to_prime[] = "{$key}_{$second}"; } } } if ( ! empty( $options_to_prime ) ) { /* * Also prime `secret_key` used for undefined salting schemes. * * If the scheme is unknown, the default value for `secret_key` will be * used too for the salt. This should rarely happen, so the option is only * primed if other salts are undefined. * * At this point of execution it is known that a database call will be made * to prime salts, so the `secret_key` option can be primed regardless of the * constants status. */ $options_to_prime[] = 'secret_key'; wp_prime_site_option_caches( $options_to_prime ); } $values = array( 'key' => '', 'salt' => '', ); if ( defined( 'SECRET_KEY' ) && SECRET_KEY && empty( $duplicated_keys[ SECRET_KEY ] ) ) { $values['key'] = SECRET_KEY; } if ( 'auth' === $scheme && defined( 'SECRET_SALT' ) && SECRET_SALT && empty( $duplicated_keys[ SECRET_SALT ] ) ) { $values['salt'] = SECRET_SALT; } if ( in_array( $scheme, array( 'auth', 'secure_auth', 'logged_in', 'nonce' ), true ) ) { foreach ( array( 'key', 'salt' ) as $type ) { $const = strtoupper( "{$scheme}_{$type}" ); if ( defined( $const ) && constant( $const ) && empty( $duplicated_keys[ constant( $const ) ] ) ) { $values[ $type ] = constant( $const ); } elseif ( ! $values[ $type ] ) { $values[ $type ] = get_site_option( "{$scheme}_{$type}" ); if ( ! $values[ $type ] ) { $values[ $type ] = wp_generate_password( 64, true, true ); update_site_option( "{$scheme}_{$type}", $values[ $type ] ); } } } } else { if ( ! $values['key'] ) { $values['key'] = get_site_option( 'secret_key' ); if ( ! $values['key'] ) { $values['key'] = wp_generate_password( 64, true, true ); update_site_option( 'secret_key', $values['key'] ); } } $values['salt'] = hash_hmac( 'md5', $scheme, $values['key'] ); } $cached_salts[ $scheme ] = $values['key'] . $values['salt']; /** This filter is documented in wp-includes/pluggable.php */ return apply_filters( 'salt', $cached_salts[ $scheme ], $scheme ); } endif; if ( ! function_exists( 'wp_hash' ) ) : /** * Gets the hash of the given string. * * The default algorithm is md5 but can be changed to any algorithm supported by * `hash_hmac()`. Use the `hash_hmac_algos()` function to check the supported * algorithms. * * @since 2.0.3 * @since 6.8.0 The `$algo` parameter was added. * * @throws InvalidArgumentException if the hashing algorithm is not supported. * * @param string $data Plain text to hash. * @param string $scheme Authentication scheme (auth, secure_auth, logged_in, nonce). * @param string $algo Hashing algorithm to use. Default: 'md5'. * @return string Hash of $data. */ function wp_hash( $data, $scheme = 'auth', $algo = 'md5' ) { $salt = wp_salt( $scheme ); // Ensure the algorithm is supported by the hash_hmac function. if ( ! in_array( $algo, hash_hmac_algos(), true ) ) { throw new InvalidArgumentException( sprintf( /* translators: 1: Name of a cryptographic hash algorithm. 2: List of supported algorithms. */ __( 'Unsupported hashing algorithm: %1$s. Supported algorithms are: %2$s' ), $algo, implode( ', ', hash_hmac_algos() ) ) ); } return hash_hmac( $algo, $data, $salt ); } endif; if ( ! function_exists( 'wp_hash_password' ) ) : /** * Creates a hash of a plain text password. * * For integration with other applications, this function can be overwritten to * instead use the other package password hashing algorithm. * * @since 2.5.0 * @since 6.8.0 The password is now hashed using bcrypt by default instead of phpass. * * @global PasswordHash $wp_hasher phpass object. * * @param string $password Plain text user password to hash. * @return string The hash string of the password. */ function wp_hash_password( #[\SensitiveParameter] $password ) { global $wp_hasher; if ( ! empty( $wp_hasher ) ) { return $wp_hasher->HashPassword( trim( $password ) ); } if ( strlen( $password ) > 4096 ) { return '*'; } /** * Filters the hashing algorithm to use in the password_hash() and password_needs_rehash() functions. * * The default is the value of the `PASSWORD_BCRYPT` constant which means bcrypt is used. * * **Important:** The only password hashing algorithm that is guaranteed to be available across PHP * installations is bcrypt. If you use any other algorithm you must make sure that it is available on * the server. The `password_algos()` function can be used to check which hashing algorithms are available. * * The hashing options can be controlled via the {@see 'wp_hash_password_options'} filter. * * Other available constants include: * * - `PASSWORD_ARGON2I` * - `PASSWORD_ARGON2ID` * - `PASSWORD_DEFAULT` * * The values of the algorithm constants are strings in PHP 7.4+ and integers in PHP 7.3 and earlier. * * @since 6.8.0 * * @param string|int $algorithm The hashing algorithm. Default is the value of the `PASSWORD_BCRYPT` constant. */ $algorithm = apply_filters( 'wp_hash_password_algorithm', PASSWORD_BCRYPT ); /** * Filters the options passed to the password_hash() and password_needs_rehash() functions. * * The default hashing algorithm is bcrypt, but this can be changed via the {@see 'wp_hash_password_algorithm'} * filter. You must ensure that the options are appropriate for the algorithm in use. * * The values of the algorithm constants are strings in PHP 7.4+ and integers in PHP 7.3 and earlier. * * @since 6.8.0 * * @param array $options Array of options to pass to the password hashing functions. * By default this is an empty array which means the default * options will be used. * @param string|int $algorithm The hashing algorithm in use. */ $options = apply_filters( 'wp_hash_password_options', array(), $algorithm ); // Algorithms other than bcrypt don't need to use pre-hashing. if ( PASSWORD_BCRYPT !== $algorithm ) { return password_hash( $password, $algorithm, $options ); } // Use SHA-384 to retain entropy from a password that's longer than 72 bytes, and a `wp-sha384` key for domain separation. $password_to_hash = base64_encode( hash_hmac( 'sha384', trim( $password ), 'wp-sha384', true ) ); // Add a prefix to facilitate distinguishing vanilla bcrypt hashes. return '$wp' . password_hash( $password_to_hash, $algorithm, $options ); } endif; if ( ! function_exists( 'wp_check_password' ) ) : /** * Checks a plaintext password against a hashed password. * * Note that this function may be used to check a value that is not a user password. * A plugin may use this function to check a password of a different type, and there * may not always be a user ID associated with the password. * * For integration with other applications, this function can be overwritten to * instead use the other package password hashing algorithm. * * @since 2.5.0 * @since 6.8.0 Passwords in WordPress are now hashed with bcrypt by default. A * password that wasn't hashed with bcrypt will be checked with phpass. * * @global PasswordHash $wp_hasher phpass object. Used as a fallback for verifying * passwords that were hashed with phpass. * * @param string $password Plaintext password. * @param string $hash Hash of the password to check against. * @param string|int $user_id Optional. ID of a user associated with the password. * @return bool False, if the $password does not match the hashed password. */ function wp_check_password( #[\SensitiveParameter] $password, $hash, $user_id = '' ) { global $wp_hasher; if ( strlen( $hash ) <= 32 ) { // Check the hash using md5 regardless of the current hashing mechanism. $check = hash_equals( $hash, md5( $password ) ); } elseif ( ! empty( $wp_hasher ) ) { // Check the password using the overridden hasher. $check = $wp_hasher->CheckPassword( $password, $hash ); } elseif ( strlen( $password ) > 4096 ) { // Passwords longer than 4096 characters are not supported. $check = false; } elseif ( str_starts_with( $hash, '$wp' ) ) { // Check the password using the current prefixed hash. $password_to_verify = base64_encode( hash_hmac( 'sha384', $password, 'wp-sha384', true ) ); $check = password_verify( $password_to_verify, substr( $hash, 3 ) ); } elseif ( str_starts_with( $hash, '$P$' ) ) { // Check the password using phpass. require_once ABSPATH . WPINC . '/class-phpass.php'; $check = ( new PasswordHash( 8, true ) )->CheckPassword( $password, $hash ); } else { // Check the password using compat support for any non-prefixed hash. $check = password_verify( $password, $hash ); } /** * Filters whether the plaintext password matches the hashed password. * * @since 2.5.0 * @since 6.8.0 Passwords are now hashed with bcrypt by default. * Old passwords may still be hashed with phpass or md5. * * @param bool $check Whether the passwords match. * @param string $password The plaintext password. * @param string $hash The hashed password. * @param string|int $user_id Optional ID of a user associated with the password. * Can be empty. */ return apply_filters( 'check_password', $check, $password, $hash, $user_id ); } endif; if ( ! function_exists( 'wp_password_needs_rehash' ) ) : /** * Checks whether a password hash needs to be rehashed. * * Passwords are hashed with bcrypt using the default cost. A password hashed in a prior version * of WordPress may still be hashed with phpass and will need to be rehashed. If the default cost * or algorithm is changed in PHP or WordPress then a password hashed in a previous version will * need to be rehashed. * * Note that, just like wp_check_password(), this function may be used to check a value that is * not a user password. A plugin may use this function to check a password of a different type, * and there may not always be a user ID associated with the password. * * @since 6.8.0 * * @global PasswordHash $wp_hasher phpass object. * * @param string $hash Hash of a password to check. * @param string|int $user_id Optional. ID of a user associated with the password. * @return bool Whether the hash needs to be rehashed. */ function wp_password_needs_rehash( $hash, $user_id = '' ) { global $wp_hasher; if ( ! empty( $wp_hasher ) ) { return false; } /** This filter is documented in wp-includes/pluggable.php */ $algorithm = apply_filters( 'wp_hash_password_algorithm', PASSWORD_BCRYPT ); /** This filter is documented in wp-includes/pluggable.php */ $options = apply_filters( 'wp_hash_password_options', array(), $algorithm ); $prefixed = str_starts_with( $hash, '$wp' ); if ( ( PASSWORD_BCRYPT === $algorithm ) && ! $prefixed ) { // If bcrypt is in use and the hash is not prefixed then it needs to be rehashed. $needs_rehash = true; } else { // Otherwise check the hash minus its prefix if necessary. $hash_to_check = $prefixed ? substr( $hash, 3 ) : $hash; $needs_rehash = password_needs_rehash( $hash_to_check, $algorithm, $options ); } /** * Filters whether the password hash needs to be rehashed. * * @since 6.8.0 * * @param bool $needs_rehash Whether the password hash needs to be rehashed. * @param string $hash The password hash. * @param string|int $user_id Optional. ID of a user associated with the password. */ return apply_filters( 'password_needs_rehash', $needs_rehash, $hash, $user_id ); } endif; if ( ! function_exists( 'wp_generate_password' ) ) : /** * Generates a random password drawn from the defined set of characters. * * Uses wp_rand() to create passwords with far less predictability * than similar native PHP functions like `rand()` or `mt_rand()`. * * @since 2.5.0 * * @param int $length Optional. The length of password to generate. Default 12. * @param bool $special_chars Optional. Whether to include standard special characters. * Default true. * @param bool $extra_special_chars Optional. Whether to include other special characters. * Used when generating secret keys and salts. Default false. * @return string The random password. */ function wp_generate_password( $length = 12, $special_chars = true, $extra_special_chars = false ) { $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; if ( $special_chars ) { $chars .= '!@#$%^&*()'; } if ( $extra_special_chars ) { $chars .= '-_ []{}<>~`+=,.;:/?|'; } $password = ''; for ( $i = 0; $i < $length; $i++ ) { $password .= substr( $chars, wp_rand( 0, strlen( $chars ) - 1 ), 1 ); } /** * Filters the randomly-generated password. * * @since 3.0.0 * @since 5.3.0 Added the `$length`, `$special_chars`, and `$extra_special_chars` parameters. * * @param string $password The generated password. * @param int $length The length of password to generate. * @param bool $special_chars Whether to include standard special characters. * @param bool $extra_special_chars Whether to include other special characters. */ return apply_filters( 'random_password', $password, $length, $special_chars, $extra_special_chars ); } endif; if ( ! function_exists( 'wp_rand' ) ) : /** * Generates a random non-negative number. * * @since 2.6.2 * @since 4.4.0 Uses PHP7 random_int() or the random_compat library if available. * @since 6.1.0 Returns zero instead of a random number if both `$min` and `$max` are zero. * * @global string $rnd_value * * @param int $min Optional. Lower limit for the generated number. * Accepts positive integers or zero. Defaults to 0. * @param int $max Optional. Upper limit for the generated number. * Accepts positive integers. Defaults to 4294967295. * @return int A random non-negative number between min and max. */ function wp_rand( $min = null, $max = null ) { global $rnd_value; /* * Some misconfigured 32-bit environments (Entropy PHP, for example) * truncate integers larger than PHP_INT_MAX to PHP_INT_MAX rather than overflowing them to floats. */ $max_random_number = 3000000000 === 2147483647 ? (float) '4294967295' : 4294967295; // 4294967295 = 0xffffffff if ( null === $min ) { $min = 0; } if ( null === $max ) { $max = $max_random_number; } // We only handle ints, floats are truncated to their integer value. $min = (int) $min; $max = (int) $max; // Use PHP's CSPRNG, or a compatible method. static $use_random_int_functionality = true; if ( $use_random_int_functionality ) { try { // wp_rand() can accept arguments in either order, PHP cannot. $_max = max( $min, $max ); $_min = min( $min, $max ); $val = random_int( $_min, $_max ); if ( false !== $val ) { return absint( $val ); } else { $use_random_int_functionality = false; } } catch ( Error $e ) { $use_random_int_functionality = false; } catch ( Exception $e ) { $use_random_int_functionality = false; } } /* * Reset $rnd_value after 14 uses. * 32 (md5) + 40 (sha1) + 40 (sha1) / 8 = 14 random numbers from $rnd_value. */ if ( strlen( $rnd_value ) < 8 ) { if ( defined( 'WP_SETUP_CONFIG' ) ) { static $seed = ''; } else { $seed = get_transient( 'random_seed' ); } $rnd_value = md5( uniqid( microtime() . mt_rand(), true ) . $seed ); $rnd_value .= sha1( $rnd_value ); $rnd_value .= sha1( $rnd_value . $seed ); $seed = md5( $seed . $rnd_value ); if ( ! defined( 'WP_SETUP_CONFIG' ) && ! defined( 'WP_INSTALLING' ) ) { set_transient( 'random_seed', $seed ); } } // Take the first 8 digits for our value. $value = substr( $rnd_value, 0, 8 ); // Strip the first eight, leaving the remainder for the next call to wp_rand(). $rnd_value = substr( $rnd_value, 8 ); $value = abs( hexdec( $value ) ); // Reduce the value to be within the min - max range. $value = $min + ( $max - $min + 1 ) * $value / ( $max_random_number + 1 ); return abs( (int) $value ); } endif; if ( ! function_exists( 'wp_set_password' ) ) : /** * Updates the user's password with a new hashed one. * * For integration with other applications, this function can be overwritten to * instead use the other package password checking algorithm. * * Please note: This function should be used sparingly and is really only meant for single-time * application. Leveraging this improperly in a plugin or theme could result in an endless loop * of password resets if precautions are not taken to ensure it does not execute on every page load. * * @since 2.5.0 * @since 6.8.0 The password is now hashed using bcrypt by default instead of phpass. * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $password The plaintext new user password. * @param int $user_id User ID. */ function wp_set_password( #[\SensitiveParameter] $password, $user_id ) { global $wpdb; $old_user_data = get_userdata( $user_id ); $hash = wp_hash_password( $password ); $wpdb->update( $wpdb->users, array( 'user_pass' => $hash, 'user_activation_key' => '', ), array( 'ID' => $user_id ) ); clean_user_cache( $user_id ); /** * Fires after the user password is set. * * @since 6.2.0 * @since 6.7.0 The `$old_user_data` parameter was added. * * @param string $password The plaintext password just set. * @param int $user_id The ID of the user whose password was just set. * @param WP_User $old_user_data Object containing user's data prior to update. */ do_action( 'wp_set_password', $password, $user_id, $old_user_data ); } endif; if ( ! function_exists( 'get_avatar' ) ) : /** * Retrieves the avatar `<img>` tag for a user, email address, MD5 hash, comment, or post. * * @since 2.5.0 * @since 4.2.0 Added the optional `$args` parameter. * @since 5.5.0 Added the `loading` argument. * @since 6.1.0 Added the `decoding` argument. * @since 6.3.0 Added the `fetchpriority` argument. * * @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar MD5 hash, * user email, WP_User object, WP_Post object, or WP_Comment object. * @param int $size Optional. Height and width of the avatar in pixels. Default 96. * @param string $default_value URL for the default image or a default type. Accepts: * - '404' (return a 404 instead of a default image) * - 'retro' (a 8-bit arcade-style pixelated face) * - 'robohash' (a robot) * - 'monsterid' (a monster) * - 'wavatar' (a cartoon face) * - 'identicon' (the "quilt", a geometric pattern) * - 'initials' (initials based avatar with background color) * - 'color' (generated background color) * - 'mystery', 'mm', or 'mysteryman' (The Oyster Man) * - 'blank' (transparent GIF) * - 'gravatar_default' (the Gravatar logo) * Default is the value of the 'avatar_default' option, * with a fallback of 'mystery'. * @param string $alt Optional. Alternative text to use in the avatar image tag. * Default empty. * @param array $args { * Optional. Extra arguments to retrieve the avatar. * * @type int $height Display height of the avatar in pixels. Defaults to $size. * @type int $width Display width of the avatar in pixels. Defaults to $size. * @type bool $force_default Whether to always show the default image, never the Gravatar. * Default false. * @type string $rating What rating to display avatars up to. Accepts: * - 'G' (suitable for all audiences) * - 'PG' (possibly offensive, usually for audiences 13 and above) * - 'R' (intended for adult audiences above 17) * - 'X' (even more mature than above) * Default is the value of the 'avatar_rating' option. * @type string $scheme URL scheme to use. See set_url_scheme() for accepted values. * Default null. * @type array|string $class Array or string of additional classes to add to the img element. * Default null. * @type bool $force_display Whether to always show the avatar - ignores the show_avatars option. * Default false. * @type string $loading Value for the `loading` attribute. * Default null. * @type string $fetchpriority Value for the `fetchpriority` attribute. * Default null. * @type string $decoding Value for the `decoding` attribute. * Default null. * @type string $extra_attr HTML attributes to insert in the IMG element. Is not sanitized. * Default empty. * } * @return string|false `<img>` tag for the user's avatar. False on failure. */ function get_avatar( $id_or_email, $size = 96, $default_value = '', $alt = '', $args = null ) { $defaults = array( // get_avatar_data() args. 'size' => 96, 'height' => null, 'width' => null, 'default' => get_option( 'avatar_default', 'mystery' ), 'force_default' => false, 'rating' => get_option( 'avatar_rating' ), 'scheme' => null, 'alt' => '', 'class' => null, 'force_display' => false, 'loading' => null, 'fetchpriority' => null, 'decoding' => null, 'extra_attr' => '', ); if ( empty( $args ) ) { $args = array(); } $args['size'] = (int) $size; $args['default'] = $default_value; $args['alt'] = $alt; $args = wp_parse_args( $args, $defaults ); if ( empty( $args['height'] ) ) { $args['height'] = $args['size']; } if ( empty( $args['width'] ) ) { $args['width'] = $args['size']; } // Update args with loading optimized attributes. $loading_optimization_attr = wp_get_loading_optimization_attributes( 'img', $args, 'get_avatar' ); $args = array_merge( $args, $loading_optimization_attr ); if ( is_object( $id_or_email ) && isset( $id_or_email->comment_ID ) ) { $id_or_email = get_comment( $id_or_email ); } /** * Allows the HTML for a user's avatar to be returned early. * * Returning a non-null value will effectively short-circuit get_avatar(), passing * the value through the {@see 'get_avatar'} filter and returning early. * * @since 4.2.0 * * @param string|null $avatar HTML for the user's avatar. Default null. * @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar MD5 hash, * user email, WP_User object, WP_Post object, or WP_Comment object. * @param array $args Arguments passed to get_avatar_url(), after processing. */ $avatar = apply_filters( 'pre_get_avatar', null, $id_or_email, $args ); if ( ! is_null( $avatar ) ) { /** This filter is documented in wp-includes/pluggable.php */ return apply_filters( 'get_avatar', $avatar, $id_or_email, $args['size'], $args['default'], $args['alt'], $args ); } if ( ! $args['force_display'] && ! get_option( 'show_avatars' ) ) { return false; } $url2x = get_avatar_url( $id_or_email, array_merge( $args, array( 'size' => $args['size'] * 2 ) ) ); $args = get_avatar_data( $id_or_email, $args ); $url = $args['url']; if ( ! $url || is_wp_error( $url ) ) { return false; } $class = array( 'avatar', 'avatar-' . (int) $args['size'], 'photo' ); if ( ! $args['found_avatar'] || $args['force_default'] ) { $class[] = 'avatar-default'; } if ( $args['class'] ) { if ( is_array( $args['class'] ) ) { $class = array_merge( $class, $args['class'] ); } else { $class[] = $args['class']; } } // Add `loading`, `fetchpriority`, and `decoding` attributes. $extra_attr = $args['extra_attr']; if ( in_array( $args['loading'], array( 'lazy', 'eager' ), true ) && ! preg_match( '/\bloading\s*=/', $extra_attr ) ) { if ( ! empty( $extra_attr ) ) { $extra_attr .= ' '; } $extra_attr .= "loading='{$args['loading']}'"; } if ( in_array( $args['fetchpriority'], array( 'high', 'low', 'auto' ), true ) && ! preg_match( '/\bfetchpriority\s*=/', $extra_attr ) ) { if ( ! empty( $extra_attr ) ) { $extra_attr .= ' '; } $extra_attr .= "fetchpriority='{$args['fetchpriority']}'"; } if ( in_array( $args['decoding'], array( 'async', 'sync', 'auto' ), true ) && ! preg_match( '/\bdecoding\s*=/', $extra_attr ) ) { if ( ! empty( $extra_attr ) ) { $extra_attr .= ' '; } $extra_attr .= "decoding='{$args['decoding']}'"; } $avatar = sprintf( "<img alt='%s' src='%s' srcset='%s' class='%s' height='%d' width='%d' %s/>", esc_attr( $args['alt'] ), esc_url( $url ), esc_url( $url2x ) . ' 2x', esc_attr( implode( ' ', $class ) ), (int) $args['height'], (int) $args['width'], $extra_attr ); /** * Filters the HTML for a user's avatar. * * @since 2.5.0 * @since 4.2.0 Added the `$args` parameter. * * @param string $avatar HTML for the user's avatar. * @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar MD5 hash, * user email, WP_User object, WP_Post object, or WP_Comment object. * @param int $size Height and width of the avatar in pixels. * @param string $default_value URL for the default image or a default type. Accepts: * - '404' (return a 404 instead of a default image) * - 'retro' (a 8-bit arcade-style pixelated face) * - 'robohash' (a robot) * - 'monsterid' (a monster) * - 'wavatar' (a cartoon face) * - 'identicon' (the "quilt", a geometric pattern) * - 'mystery', 'mm', or 'mysteryman' (The Oyster Man) * - 'blank' (transparent GIF) * - 'gravatar_default' (the Gravatar logo) * @param string $alt Alternative text to use in the avatar image tag. * @param array $args Arguments passed to get_avatar_data(), after processing. */ return apply_filters( 'get_avatar', $avatar, $id_or_email, $args['size'], $args['default'], $args['alt'], $args ); } endif; if ( ! function_exists( 'wp_text_diff' ) ) : /** * Displays a human readable HTML representation of the difference between two strings. * * The Diff is available for getting the changes between versions. The output is * HTML, so the primary use is for displaying the changes. If the two strings * are equivalent, then an empty string will be returned. * * @since 2.6.0 * * @see wp_parse_args() Used to change defaults to user defined settings. * @uses Text_Diff * @uses WP_Text_Diff_Renderer_Table * * @param string $left_string "old" (left) version of string. * @param string $right_string "new" (right) version of string. * @param string|array $args { * Associative array of options to pass to WP_Text_Diff_Renderer_Table(). * * @type string $title Titles the diff in a manner compatible * with the output. Default empty. * @type string $title_left Change the HTML to the left of the title. * Default empty. * @type string $title_right Change the HTML to the right of the title. * Default empty. * @type bool $show_split_view True for split view (two columns), false for * un-split view (single column). Default true. * } * @return string Empty string if strings are equivalent or HTML with differences. */ function wp_text_diff( $left_string, $right_string, $args = null ) { $defaults = array( 'title' => '', 'title_left' => '', 'title_right' => '', 'show_split_view' => true, ); $args = wp_parse_args( $args, $defaults ); if ( ! class_exists( 'WP_Text_Diff_Renderer_Table', false ) ) { require ABSPATH . WPINC . '/wp-diff.php'; } $left_string = normalize_whitespace( $left_string ); $right_string = normalize_whitespace( $right_string ); $left_lines = explode( "\n", $left_string ); $right_lines = explode( "\n", $right_string ); $text_diff = new Text_Diff( $left_lines, $right_lines ); $renderer = new WP_Text_Diff_Renderer_Table( $args ); $diff = $renderer->render( $text_diff ); if ( ! $diff ) { return ''; } $is_split_view = ! empty( $args['show_split_view'] ); $is_split_view_class = $is_split_view ? ' is-split-view' : ''; $r = "<table class='diff$is_split_view_class'>\n"; if ( $args['title'] ) { $r .= "<caption class='diff-title'>$args[title]</caption>\n"; } if ( $args['title_left'] || $args['title_right'] ) { $r .= '<thead>'; } if ( $args['title_left'] || $args['title_right'] ) { $th_or_td_left = empty( $args['title_left'] ) ? 'td' : 'th'; $th_or_td_right = empty( $args['title_right'] ) ? 'td' : 'th'; $r .= "<tr class='diff-sub-title'>\n"; $r .= "\t<$th_or_td_left>$args[title_left]</$th_or_td_left>\n"; if ( $is_split_view ) { $r .= "\t<$th_or_td_right>$args[title_right]</$th_or_td_right>\n"; } $r .= "</tr>\n"; } if ( $args['title_left'] || $args['title_right'] ) { $r .= "</thead>\n"; } $r .= "<tbody>\n$diff\n</tbody>\n"; $r .= '</table>'; return $r; } endif; https-migration-20260605080319.php 0000666 00000011205 15225166143 0012005 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } class-wp-script-modules.php 0000666 00000100225 15225166143 0011767 0 ustar 00 <?php /** * Script Modules API: WP_Script_Modules class. * * Native support for ES Modules and Import Maps. * * @package WordPress * @subpackage Script Modules */ /** * Core class used to register script modules. * * @since 6.5.0 */ class WP_Script_Modules { /** * Holds the registered script modules, keyed by script module identifier. * * @since 6.5.0 * @var array<string, array<string, mixed>> */ private $registered = array(); /** * An array of IDs for queued script modules. * * @since 6.9.0 * @var string[] */ private $queue = array(); /** * Holds the script module identifiers that have been printed. * * @since 6.9.0 * @var string[] */ private $done = array(); /** * Tracks whether the @wordpress/a11y script module is available. * * Some additional HTML is required on the page for the module to work. Track * whether it's available to print at the appropriate time. * * @since 6.7.0 * @var bool */ private $a11y_available = false; /** * Holds a mapping of dependents (as IDs) for a given script ID. * Used to optimize recursive dependency tree checks. * * @since 6.9.0 * @var array<string, string[]> */ private $dependents_map = array(); /** * Holds the valid values for fetchpriority. * * @since 6.9.0 * @var string[] */ private $priorities = array( 'low', 'auto', 'high', ); /** * List of IDs for script modules encountered which have missing dependencies. * * An ID is added to this list when it is discovered to have missing dependencies. At this time, a warning is * emitted with {@see _doing_it_wrong()}. The ID is then added to this list, so that duplicate warnings don't occur. * * @since 6.9.1 * @var string[] */ private $modules_with_missing_dependencies = array(); /** * Registers the script module if no script module with that script module * identifier has already been registered. * * @since 6.5.0 * @since 6.9.0 Added the $args parameter. * * @param string $id The identifier of the script module. Should be unique. It will be used in the * final import map. * @param string $src Optional. Full URL of the script module, or path of the script module relative * to the WordPress root directory. If it is provided and the script module has * not been registered yet, it will be registered. * @param array $deps { * Optional. List of dependencies. * * @type string|array ...$0 { * An array of script module identifiers of the dependencies of this script * module. The dependencies can be strings or arrays. If they are arrays, * they need an `id` key with the script module identifier, and can contain * an `import` key with either `static` or `dynamic`. By default, * dependencies that don't contain an `import` key are considered static. * * @type string $id The script module identifier. * @type string $import Optional. Import type. May be either `static` or * `dynamic`. Defaults to `static`. * } * } * @param string|false|null $version Optional. String specifying the script module version number. Defaults to false. * It is added to the URL as a query string for cache busting purposes. If $version * is set to false, the version number is the currently installed WordPress version. * If $version is set to null, no version is added. * @param array $args { * Optional. An array of additional args. Default empty array. * * @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional. * @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional. * } */ public function register( string $id, string $src, array $deps = array(), $version = false, array $args = array() ) { if ( '' === $id ) { _doing_it_wrong( __METHOD__, __( 'Non-empty string required for id.' ), '6.9.0' ); return; } if ( ! isset( $this->registered[ $id ] ) ) { $dependencies = array(); foreach ( $deps as $dependency ) { if ( is_array( $dependency ) ) { if ( ! isset( $dependency['id'] ) || ! is_string( $dependency['id'] ) ) { _doing_it_wrong( __METHOD__, __( 'Missing required id key in entry among dependencies array.' ), '6.5.0' ); continue; } $dependencies[] = array( 'id' => $dependency['id'], 'import' => isset( $dependency['import'] ) && 'dynamic' === $dependency['import'] ? 'dynamic' : 'static', ); } elseif ( is_string( $dependency ) ) { $dependencies[] = array( 'id' => $dependency, 'import' => 'static', ); } else { _doing_it_wrong( __METHOD__, __( 'Entries in dependencies array must be either strings or arrays with an id key.' ), '6.5.0' ); } } $in_footer = isset( $args['in_footer'] ) && (bool) $args['in_footer']; $fetchpriority = 'auto'; if ( isset( $args['fetchpriority'] ) ) { if ( $this->is_valid_fetchpriority( $args['fetchpriority'] ) ) { $fetchpriority = $args['fetchpriority']; } else { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: $fetchpriority, 2: $id */ __( 'Invalid fetchpriority `%1$s` defined for `%2$s` during script registration.' ), is_string( $args['fetchpriority'] ) ? $args['fetchpriority'] : gettype( $args['fetchpriority'] ), $id ), '6.9.0' ); } } $this->registered[ $id ] = array( 'src' => $src, 'version' => $version, 'dependencies' => $dependencies, 'in_footer' => $in_footer, 'fetchpriority' => $fetchpriority, ); } } /** * Gets IDs for queued script modules. * * @since 6.9.0 * * @return string[] Script module IDs. */ public function get_queue(): array { return $this->queue; } /** * Checks if the provided fetchpriority is valid. * * @since 6.9.0 * * @param string|mixed $priority Fetch priority. * @return bool Whether valid fetchpriority. */ private function is_valid_fetchpriority( $priority ): bool { return in_array( $priority, $this->priorities, true ); } /** * Sets the fetch priority for a script module. * * @since 6.9.0 * * @param string $id Script module identifier. * @param 'auto'|'low'|'high' $priority Fetch priority for the script module. * @return bool Whether setting the fetchpriority was successful. */ public function set_fetchpriority( string $id, string $priority ): bool { if ( ! isset( $this->registered[ $id ] ) ) { return false; } if ( '' === $priority ) { $priority = 'auto'; } if ( ! $this->is_valid_fetchpriority( $priority ) ) { _doing_it_wrong( __METHOD__, /* translators: %s: Invalid fetchpriority. */ sprintf( __( 'Invalid fetchpriority: %s' ), $priority ), '6.9.0' ); return false; } $this->registered[ $id ]['fetchpriority'] = $priority; return true; } /** * Sets whether a script module should be printed in the footer. * * This is only relevant in block themes. * * @since 6.9.0 * * @param string $id Script module identifier. * @param bool $in_footer Whether to print in the footer. * @return bool Whether setting the printing location was successful. */ public function set_in_footer( string $id, bool $in_footer ): bool { if ( ! isset( $this->registered[ $id ] ) ) { return false; } $this->registered[ $id ]['in_footer'] = $in_footer; return true; } /** * Marks the script module to be enqueued in the page. * * If a src is provided and the script module has not been registered yet, it * will be registered. * * @since 6.5.0 * @since 6.9.0 Added the $args parameter. * * @param string $id The identifier of the script module. Should be unique. It will be used in the * final import map. * @param string $src Optional. Full URL of the script module, or path of the script module relative * to the WordPress root directory. If it is provided and the script module has * not been registered yet, it will be registered. * @param array $deps { * Optional. List of dependencies. * * @type string|array ...$0 { * An array of script module identifiers of the dependencies of this script * module. The dependencies can be strings or arrays. If they are arrays, * they need an `id` key with the script module identifier, and can contain * an `import` key with either `static` or `dynamic`. By default, * dependencies that don't contain an `import` key are considered static. * * @type string $id The script module identifier. * @type string $import Optional. Import type. May be either `static` or * `dynamic`. Defaults to `static`. * } * } * @param string|false|null $version Optional. String specifying the script module version number. Defaults to false. * It is added to the URL as a query string for cache busting purposes. If $version * is set to false, the version number is the currently installed WordPress version. * If $version is set to null, no version is added. * @param array $args { * Optional. An array of additional args. Default empty array. * * @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional. * @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional. * } */ public function enqueue( string $id, string $src = '', array $deps = array(), $version = false, array $args = array() ) { if ( '' === $id ) { _doing_it_wrong( __METHOD__, __( 'Non-empty string required for id.' ), '6.9.0' ); return; } if ( ! in_array( $id, $this->queue, true ) ) { $this->queue[] = $id; } if ( ! isset( $this->registered[ $id ] ) && $src ) { $this->register( $id, $src, $deps, $version, $args ); } } /** * Unmarks the script module so it will no longer be enqueued in the page. * * @since 6.5.0 * * @param string $id The identifier of the script module. */ public function dequeue( string $id ) { $this->queue = array_values( array_diff( $this->queue, array( $id ) ) ); } /** * Removes a registered script module. * * @since 6.5.0 * * @param string $id The identifier of the script module. */ public function deregister( string $id ) { $this->dequeue( $id ); unset( $this->registered[ $id ] ); } /** * Adds the hooks to print the import map, enqueued script modules and script * module preloads. * * In classic themes, the script modules used by the blocks are not yet known * when the `wp_head` actions is fired, so it needs to print everything in the * footer. * * @since 6.5.0 */ public function add_hooks() { $is_block_theme = wp_is_block_theme(); $position = $is_block_theme ? 'wp_head' : 'wp_footer'; add_action( $position, array( $this, 'print_import_map' ) ); if ( $is_block_theme ) { /* * Modules can only be printed in the head for block themes because only with * block themes will import map be fully populated by modules discovered by * rendering the block template. In classic themes, modules are enqueued during * template rendering, thus the import map must be printed in the footer, * followed by all enqueued modules. */ add_action( 'wp_head', array( $this, 'print_head_enqueued_script_modules' ) ); } add_action( 'wp_footer', array( $this, 'print_enqueued_script_modules' ) ); add_action( $position, array( $this, 'print_script_module_preloads' ) ); add_action( 'admin_print_footer_scripts', array( $this, 'print_import_map' ) ); add_action( 'admin_print_footer_scripts', array( $this, 'print_enqueued_script_modules' ) ); add_action( 'admin_print_footer_scripts', array( $this, 'print_script_module_preloads' ) ); add_action( 'wp_footer', array( $this, 'print_script_module_data' ) ); add_action( 'admin_print_footer_scripts', array( $this, 'print_script_module_data' ) ); add_action( 'wp_footer', array( $this, 'print_a11y_script_module_html' ), 20 ); add_action( 'admin_print_footer_scripts', array( $this, 'print_a11y_script_module_html' ), 20 ); } /** * Gets the highest fetch priority for the provided script IDs. * * @since 6.9.0 * * @param string[] $ids Script module IDs. * @return 'auto'|'low'|'high' Highest fetch priority for the provided script module IDs. */ private function get_highest_fetchpriority( array $ids ): string { static $high_priority_index = null; if ( null === $high_priority_index ) { $high_priority_index = count( $this->priorities ) - 1; } $highest_priority_index = 0; foreach ( $ids as $id ) { if ( isset( $this->registered[ $id ] ) ) { $highest_priority_index = (int) max( $highest_priority_index, (int) array_search( $this->registered[ $id ]['fetchpriority'], $this->priorities, true ) ); if ( $high_priority_index === $highest_priority_index ) { break; } } } return $this->priorities[ $highest_priority_index ]; } /** * Prints the enqueued script modules in head. * * This is only used in block themes. * * @since 6.9.0 */ public function print_head_enqueued_script_modules() { foreach ( $this->get_sorted_dependencies( $this->queue ) as $id ) { if ( isset( $this->registered[ $id ] ) && ! $this->registered[ $id ]['in_footer'] ) { // If any dependency is set to be printed in footer, skip printing this module in head. $dependencies = array_keys( $this->get_dependencies( array( $id ) ) ); foreach ( $dependencies as $dependency_id ) { if ( in_array( $dependency_id, $this->queue, true ) && isset( $this->registered[ $dependency_id ] ) && $this->registered[ $dependency_id ]['in_footer'] ) { continue 2; } } $this->print_script_module( $id ); } } } /** * Prints the enqueued script modules in footer. * * @since 6.5.0 */ public function print_enqueued_script_modules() { foreach ( $this->get_sorted_dependencies( $this->queue ) as $id ) { $this->print_script_module( $id ); } } /** * Prints the enqueued script module using script tags with type="module" * attributes. * * @since 6.9.0 * * @param string $id The script module identifier. */ private function print_script_module( string $id ) { if ( in_array( $id, $this->done, true ) || ! in_array( $id, $this->queue, true ) ) { return; } $this->done[] = $id; $src = $this->get_src( $id ); if ( '' === $src ) { return; } $attributes = array( 'type' => 'module', 'src' => $src, 'id' => $id . '-js-module', ); $script_module = $this->registered[ $id ]; $queued_dependents = array_intersect( $this->queue, $this->get_recursive_dependents( $id ) ); $fetchpriority = $this->get_highest_fetchpriority( array_merge( array( $id ), $queued_dependents ) ); if ( 'auto' !== $fetchpriority ) { $attributes['fetchpriority'] = $fetchpriority; } if ( $fetchpriority !== $script_module['fetchpriority'] ) { $attributes['data-wp-fetchpriority'] = $script_module['fetchpriority']; } wp_print_script_tag( $attributes ); } /** * Prints the static dependencies of the enqueued script modules using * link tags with rel="modulepreload" attributes. * * If a script module is marked for enqueue, it will not be preloaded. * * @since 6.5.0 */ public function print_script_module_preloads() { $dependency_ids = $this->get_sorted_dependencies( $this->queue, array( 'static' ) ); foreach ( $dependency_ids as $id ) { // Don't preload if it's marked for enqueue. if ( in_array( $id, $this->queue, true ) ) { continue; } $src = $this->get_src( $id ); if ( '' === $src ) { continue; } $enqueued_dependents = array_intersect( $this->get_recursive_dependents( $id ), $this->queue ); $highest_fetchpriority = $this->get_highest_fetchpriority( $enqueued_dependents ); printf( '<link rel="modulepreload" href="%s" id="%s"', esc_url( $src ), esc_attr( $id . '-js-modulepreload' ) ); if ( 'auto' !== $highest_fetchpriority ) { printf( ' fetchpriority="%s"', esc_attr( $highest_fetchpriority ) ); } if ( $highest_fetchpriority !== $this->registered[ $id ]['fetchpriority'] && 'auto' !== $this->registered[ $id ]['fetchpriority'] ) { printf( ' data-wp-fetchpriority="%s"', esc_attr( $this->registered[ $id ]['fetchpriority'] ) ); } echo ">\n"; } } /** * Prints the import map using a script tag with a type="importmap" attribute. * * @since 6.5.0 */ public function print_import_map() { $import_map = $this->get_import_map(); if ( ! empty( $import_map['imports'] ) ) { wp_print_inline_script_tag( (string) wp_json_encode( $import_map, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ), array( 'type' => 'importmap', 'id' => 'wp-importmap', ) ); } } /** * Returns the import map array. * * @since 6.5.0 * * @return array Array with an `imports` key mapping to an array of script module identifiers and their respective * URLs, including the version query. */ private function get_import_map(): array { $imports = array(); foreach ( array_keys( $this->get_dependencies( $this->queue ) ) as $id ) { $src = $this->get_src( $id ); if ( '' !== $src ) { $imports[ $id ] = $src; } } return array( 'imports' => $imports ); } /** * Retrieves the list of script modules marked for enqueue. * * Even though this is a private method and is unused in core, there are ecosystem plugins accessing it via the * Reflection API. The ecosystem should rather use {@see self::get_queue()}. * * @since 6.5.0 * * @return array<string, array> Script modules marked for enqueue, keyed by script module identifier. */ private function get_marked_for_enqueue(): array { return wp_array_slice_assoc( $this->registered, $this->queue ); } /** * Retrieves all the dependencies for the given script module identifiers, filtered by import types. * * It will consolidate an array containing a set of unique dependencies based * on the requested import types: 'static', 'dynamic', or both. This method is * recursive and also retrieves dependencies of the dependencies. * * @since 6.5.0 * * @param string[] $ids The identifiers of the script modules for which to gather dependencies. * @param string[] $import_types Optional. Import types of dependencies to retrieve: 'static', 'dynamic', or both. * Default is both. * @return array<string, array> List of dependencies, keyed by script module identifier. */ private function get_dependencies( array $ids, array $import_types = array( 'static', 'dynamic' ) ): array { $all_dependencies = array(); $id_queue = $ids; while ( ! empty( $id_queue ) ) { $id = array_shift( $id_queue ); if ( ! isset( $this->registered[ $id ] ) ) { continue; } foreach ( $this->registered[ $id ]['dependencies'] as $dependency ) { if ( ! isset( $all_dependencies[ $dependency['id'] ] ) && in_array( $dependency['import'], $import_types, true ) && isset( $this->registered[ $dependency['id'] ] ) ) { $all_dependencies[ $dependency['id'] ] = $this->registered[ $dependency['id'] ]; // Add this dependency to the list to get dependencies for. $id_queue[] = $dependency['id']; } } } return $all_dependencies; } /** * Gets all dependents of a script module. * * This is not recursive. * * @since 6.9.0 * * @see WP_Scripts::get_dependents() * * @param string $id The script ID. * @return string[] Script module IDs. */ private function get_dependents( string $id ): array { // Check if dependents map for the handle in question is present. If so, use it. if ( isset( $this->dependents_map[ $id ] ) ) { return $this->dependents_map[ $id ]; } $dependents = array(); // Iterate over all registered scripts, finding dependents of the script passed to this method. foreach ( $this->registered as $registered_id => $args ) { if ( in_array( $id, wp_list_pluck( $args['dependencies'], 'id' ), true ) ) { $dependents[] = $registered_id; } } // Add the module's dependents to the map to ease future lookups. $this->dependents_map[ $id ] = $dependents; return $dependents; } /** * Gets all recursive dependents of a script module. * * @since 6.9.0 * * @see WP_Scripts::get_dependents() * * @param string $id The script ID. * @return string[] Script module IDs. */ private function get_recursive_dependents( string $id ): array { $dependents = array(); $id_queue = array( $id ); $processed = array(); while ( ! empty( $id_queue ) ) { $current_id = array_shift( $id_queue ); // Skip unregistered or already-processed script modules. if ( ! isset( $this->registered[ $current_id ] ) || isset( $processed[ $current_id ] ) ) { continue; } // Mark as processed to guard against infinite loops from circular dependencies. $processed[ $current_id ] = true; // Find the direct dependents of the current script. foreach ( $this->get_dependents( $current_id ) as $dependent_id ) { // Only add the dependent if we haven't found it before. if ( ! isset( $dependents[ $dependent_id ] ) ) { $dependents[ $dependent_id ] = true; // Add dependency to the queue. $id_queue[] = $dependent_id; } } } return array_keys( $dependents ); } /** * Sorts the given script module identifiers based on their dependencies. * * It will return a list of script module identifiers sorted in the order * they should be printed, so that dependencies are printed before the script * modules that depend on them. * * @since 6.9.0 * * @param string[] $ids The identifiers of the script modules to sort. * @param string[] $import_types Optional. Import types of dependencies to retrieve: 'static', 'dynamic', or both. * Default is both. * @return string[] Sorted list of script module identifiers. */ private function get_sorted_dependencies( array $ids, array $import_types = array( 'static', 'dynamic' ) ): array { $sorted = array(); foreach ( $ids as $id ) { $this->sort_item_dependencies( $id, $import_types, $sorted ); } return array_unique( $sorted ); } /** * Recursively sorts the dependencies for a single script module identifier. * * @since 6.9.0 * * @param string $id The identifier of the script module to sort. * @param string[] $import_types Optional. Import types of dependencies to retrieve: 'static', 'dynamic', or both. * @param string[] &$sorted The array of sorted identifiers, passed by reference. * @return bool True on success, false on failure (e.g., missing dependency). */ private function sort_item_dependencies( string $id, array $import_types, array &$sorted ): bool { // If already processed, don't do it again. if ( in_array( $id, $sorted, true ) ) { return true; } // If the item doesn't exist, fail. if ( ! isset( $this->registered[ $id ] ) ) { return false; } $dependency_ids = array(); foreach ( $this->registered[ $id ]['dependencies'] as $dependency ) { if ( in_array( $dependency['import'], $import_types, true ) ) { $dependency_ids[] = $dependency['id']; } } // If the item requires dependencies that do not exist, fail. $missing_dependencies = array_diff( $dependency_ids, array_keys( $this->registered ) ); if ( count( $missing_dependencies ) > 0 ) { if ( ! in_array( $id, $this->modules_with_missing_dependencies, true ) ) { _doing_it_wrong( get_class( $this ) . '::register', sprintf( /* translators: 1: Script module ID, 2: List of missing dependency IDs. */ __( 'The script module with the ID "%1$s" was enqueued with dependencies that are not registered: %2$s.' ), $id, implode( wp_get_list_item_separator(), $missing_dependencies ) ), '6.9.1' ); $this->modules_with_missing_dependencies[] = $id; } return false; } // Recursively process dependencies. foreach ( $dependency_ids as $dependency_id ) { if ( ! $this->sort_item_dependencies( $dependency_id, $import_types, $sorted ) ) { // A dependency failed to resolve, so this branch fails. return false; } } // All dependencies are sorted, so we can now add the current item. $sorted[] = $id; return true; } /** * Gets the versioned URL for a script module src. * * If $version is set to false, the version number is the currently installed * WordPress version. If $version is set to null, no version is added. * Otherwise, the string passed in $version is used. * * @since 6.5.0 * * @param string $id The script module identifier. * @return string The script module src with a version if relevant. */ private function get_src( string $id ): string { if ( ! isset( $this->registered[ $id ] ) ) { return ''; } $script_module = $this->registered[ $id ]; $src = $script_module['src']; if ( '' !== $src ) { if ( false === $script_module['version'] ) { $src = add_query_arg( 'ver', get_bloginfo( 'version' ), $src ); } elseif ( null !== $script_module['version'] ) { $src = add_query_arg( 'ver', $script_module['version'], $src ); } } /** * Filters the script module source. * * @since 6.5.0 * * @param string $src Module source URL. * @param string $id Module identifier. */ $src = apply_filters( 'script_module_loader_src', $src, $id ); if ( ! is_string( $src ) ) { $src = ''; } return $src; } /** * Print data associated with Script Modules. * * The data will be embedded in the page HTML and can be read by Script Modules on page load. * * @since 6.7.0 * * Data can be associated with a Script Module via the * {@see "script_module_data_{$module_id}"} filter. * * The data for a Script Module will be serialized as JSON in a script tag with an ID of the * form `wp-script-module-data-{$module_id}`. */ public function print_script_module_data(): void { $modules = array(); foreach ( array_unique( $this->queue ) as $id ) { if ( '@wordpress/a11y' === $id ) { $this->a11y_available = true; } $modules[ $id ] = true; } foreach ( array_keys( $this->get_import_map()['imports'] ) as $id ) { if ( '@wordpress/a11y' === $id ) { $this->a11y_available = true; } $modules[ $id ] = true; } foreach ( array_keys( $modules ) as $module_id ) { /** * Filters data associated with a given Script Module. * * Script Modules may require data that is required for initialization or is essential * to have immediately available on page load. These are suitable use cases for * this data. * * The dynamic portion of the hook name, `$module_id`, refers to the Script Module ID * that the data is associated with. * * This is best suited to pass essential data that must be available to the module for * initialization or immediately on page load. It does not replace the REST API or * fetching data from the client. * * Example: * * add_filter( * 'script_module_data_MyScriptModuleID', * function ( array $data ): array { * $data['dataForClient'] = 'ok'; * return $data; * } * ); * * If the filter returns no data (an empty array), nothing will be embedded in the page. * * The data for a given Script Module, if provided, will be JSON serialized in a script * tag with an ID of the form `wp-script-module-data-{$module_id}`. * * The data can be read on the client with a pattern like this: * * Example: * * const dataContainer = document.getElementById( 'wp-script-module-data-MyScriptModuleID' ); * let data = {}; * if ( dataContainer ) { * try { * data = JSON.parse( dataContainer.textContent ); * } catch {} * } * // data.dataForClient === 'ok'; * initMyScriptModuleWithData( data ); * * @since 6.7.0 * * @param array $data The data associated with the Script Module. */ $data = apply_filters( "script_module_data_{$module_id}", array() ); if ( is_array( $data ) && array() !== $data ) { /* * This data will be printed as JSON inside a script tag like this: * <script type="application/json"></script> * * A script tag must be closed by a sequence beginning with `</`. It's impossible to * close a script tag without using `<`. We ensure that `<` is escaped and `/` can * remain unescaped, so `</script>` will be printed as `\u003C/script\u00E3`. * * - JSON_HEX_TAG: All < and > are converted to \u003C and \u003E. * - JSON_UNESCAPED_SLASHES: Don't escape /. * * If the page will use UTF-8 encoding, it's safe to print unescaped unicode: * * - JSON_UNESCAPED_UNICODE: Encode multibyte Unicode characters literally (instead of as `\uXXXX`). * - JSON_UNESCAPED_LINE_TERMINATORS: The line terminators are kept unescaped when * JSON_UNESCAPED_UNICODE is supplied. It uses the same behaviour as it was * before PHP 7.1 without this constant. Available as of PHP 7.1.0. * * The JSON specification requires encoding in UTF-8, so if the generated HTML page * is not encoded in UTF-8 then it's not safe to include those literals. They must * be escaped to avoid encoding issues. * * @see https://www.rfc-editor.org/rfc/rfc8259.html for details on encoding requirements. * @see https://www.php.net/manual/en/json.constants.php for details on these constants. * @see https://html.spec.whatwg.org/#script-data-state for details on script tag parsing. */ $json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_LINE_TERMINATORS; if ( ! is_utf8_charset() ) { $json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES; } wp_print_inline_script_tag( (string) wp_json_encode( $data, $json_encode_flags ), array( 'type' => 'application/json', 'id' => "wp-script-module-data-{$module_id}", ) ); } } } /** * @access private This is only intended to be called by the registered actions. * * @since 6.7.0 */ public function print_a11y_script_module_html() { if ( ! $this->a11y_available ) { return; } echo '<div style="position:absolute;margin:-1px;padding:0;height:1px;width:1px;overflow:hidden;clip-path:inset(50%);border:0;word-wrap:normal !important;">' . '<p id="a11y-speak-intro-text" class="a11y-speak-intro-text" hidden>' . esc_html__( 'Notifications' ) . '</p>' . '<div id="a11y-speak-assertive" class="a11y-speak-region" aria-live="assertive" aria-relevant="additions text" aria-atomic="true"></div>' . '<div id="a11y-speak-polite" class="a11y-speak-region" aria-live="polite" aria-relevant="additions text" aria-atomic="true"></div>' . '</div>'; } } https-migration-20260605132441.php 0000666 00000011205 15225166143 0011777 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } elements.php 0000666 00000020730 15225166143 0007104 0 ustar 00 <?php /** * Elements styles block support. * * @package WordPress * @since 5.8.0 */ /** * Gets the elements class names. * * @since 6.0.0 * @access private * * @param array $block Block object. * @return string The unique class name. */ function wp_get_elements_class_name( $block ) { return 'wp-elements-' . md5( serialize( $block ) ); } /** * Determines whether an elements class name should be added to the block. * * @since 6.6.0 * @access private * * @param array $block Block object. * @param array $options Per element type options e.g. whether to skip serialization. * @return boolean Whether the block needs an elements class name. */ function wp_should_add_elements_class_name( $block, $options ) { if ( ! isset( $block['attrs']['style']['elements'] ) ) { return false; } $element_color_properties = array( 'button' => array( 'skip' => isset( $options['button']['skip'] ) ? $options['button']['skip'] : false, 'paths' => array( array( 'button', 'color', 'text' ), array( 'button', 'color', 'background' ), array( 'button', 'color', 'gradient' ), ), ), 'link' => array( 'skip' => isset( $options['link']['skip'] ) ? $options['link']['skip'] : false, 'paths' => array( array( 'link', 'color', 'text' ), array( 'link', ':hover', 'color', 'text' ), ), ), 'heading' => array( 'skip' => isset( $options['heading']['skip'] ) ? $options['heading']['skip'] : false, 'paths' => array( array( 'heading', 'color', 'text' ), array( 'heading', 'color', 'background' ), array( 'heading', 'color', 'gradient' ), array( 'h1', 'color', 'text' ), array( 'h1', 'color', 'background' ), array( 'h1', 'color', 'gradient' ), array( 'h2', 'color', 'text' ), array( 'h2', 'color', 'background' ), array( 'h2', 'color', 'gradient' ), array( 'h3', 'color', 'text' ), array( 'h3', 'color', 'background' ), array( 'h3', 'color', 'gradient' ), array( 'h4', 'color', 'text' ), array( 'h4', 'color', 'background' ), array( 'h4', 'color', 'gradient' ), array( 'h5', 'color', 'text' ), array( 'h5', 'color', 'background' ), array( 'h5', 'color', 'gradient' ), array( 'h6', 'color', 'text' ), array( 'h6', 'color', 'background' ), array( 'h6', 'color', 'gradient' ), ), ), ); $elements_style_attributes = $block['attrs']['style']['elements']; foreach ( $element_color_properties as $element_config ) { if ( $element_config['skip'] ) { continue; } foreach ( $element_config['paths'] as $path ) { if ( null !== _wp_array_get( $elements_style_attributes, $path, null ) ) { return true; } } } return false; } /** * Render the elements stylesheet and adds elements class name to block as required. * * In the case of nested blocks we want the parent element styles to be rendered before their descendants. * This solves the issue of an element (e.g.: link color) being styled in both the parent and a descendant: * we want the descendant style to take priority, and this is done by loading it after, in DOM order. * * @since 6.0.0 * @since 6.1.0 Implemented the style engine to generate CSS and classnames. * @since 6.6.0 Element block support class and styles are generated via the `render_block_data` filter instead of `pre_render_block`. * @access private * * @param array $parsed_block The parsed block. * @return array The same parsed block with elements classname added if appropriate. */ function wp_render_elements_support_styles( $parsed_block ) { /* * The generation of element styles and classname were moved to the * `render_block_data` filter in 6.6.0 to avoid filtered attributes * breaking the application of the elements CSS class. * * @see https://github.com/WordPress/gutenberg/pull/59535 * * The change in filter means, the argument types for this function * have changed and require deprecating. */ if ( is_string( $parsed_block ) ) { _deprecated_argument( __FUNCTION__, '6.6.0', __( 'Use as a `pre_render_block` filter is deprecated. Use with `render_block_data` instead.' ) ); } $block_type = WP_Block_Type_Registry::get_instance()->get_registered( $parsed_block['blockName'] ); $element_block_styles = isset( $parsed_block['attrs']['style']['elements'] ) ? $parsed_block['attrs']['style']['elements'] : null; if ( ! $element_block_styles ) { return $parsed_block; } $skip_link_color_serialization = wp_should_skip_block_supports_serialization( $block_type, 'color', 'link' ); $skip_heading_color_serialization = wp_should_skip_block_supports_serialization( $block_type, 'color', 'heading' ); $skip_button_color_serialization = wp_should_skip_block_supports_serialization( $block_type, 'color', 'button' ); $skips_all_element_color_serialization = $skip_link_color_serialization && $skip_heading_color_serialization && $skip_button_color_serialization; if ( $skips_all_element_color_serialization ) { return $parsed_block; } $options = array( 'button' => array( 'skip' => $skip_button_color_serialization ), 'link' => array( 'skip' => $skip_link_color_serialization ), 'heading' => array( 'skip' => $skip_heading_color_serialization ), ); if ( ! wp_should_add_elements_class_name( $parsed_block, $options ) ) { return $parsed_block; } $class_name = wp_get_elements_class_name( $parsed_block ); $updated_class_name = isset( $parsed_block['attrs']['className'] ) ? $parsed_block['attrs']['className'] . " $class_name" : $class_name; _wp_array_set( $parsed_block, array( 'attrs', 'className' ), $updated_class_name ); // Generate element styles based on selector and store in style engine for enqueuing. $element_types = array( 'button' => array( 'selector' => ".$class_name .wp-element-button, .$class_name .wp-block-button__link", 'skip' => $skip_button_color_serialization, ), 'link' => array( 'selector' => ".$class_name a:where(:not(.wp-element-button))", 'hover_selector' => ".$class_name a:where(:not(.wp-element-button)):hover", 'skip' => $skip_link_color_serialization, ), 'heading' => array( 'selector' => ".$class_name h1, .$class_name h2, .$class_name h3, .$class_name h4, .$class_name h5, .$class_name h6", 'skip' => $skip_heading_color_serialization, 'elements' => array( 'h1', 'h2', 'h3', 'h4', 'h5', 'h6' ), ), ); foreach ( $element_types as $element_type => $element_config ) { if ( $element_config['skip'] ) { continue; } $element_style_object = isset( $element_block_styles[ $element_type ] ) ? $element_block_styles[ $element_type ] : null; // Process primary element type styles. if ( $element_style_object ) { wp_style_engine_get_styles( $element_style_object, array( 'selector' => $element_config['selector'], 'context' => 'block-supports', ) ); if ( isset( $element_style_object[':hover'] ) ) { wp_style_engine_get_styles( $element_style_object[':hover'], array( 'selector' => $element_config['hover_selector'], 'context' => 'block-supports', ) ); } } // Process related elements e.g. h1-h6 for headings. if ( isset( $element_config['elements'] ) ) { foreach ( $element_config['elements'] as $element ) { $element_style_object = isset( $element_block_styles[ $element ] ) ? $element_block_styles[ $element ] : null; if ( $element_style_object ) { wp_style_engine_get_styles( $element_style_object, array( 'selector' => ".$class_name $element", 'context' => 'block-supports', ) ); } } } } return $parsed_block; } /** * Ensure the elements block support class name generated, and added to * block attributes, in the `render_block_data` filter gets applied to the * block's markup. * * @see wp_render_elements_support_styles * @since 6.6.0 * * @param string $block_content Rendered block content. * @param array $block Block object. * @return string Filtered block content. */ function wp_render_elements_class_name( $block_content, $block ) { $class_string = $block['attrs']['className'] ?? ''; preg_match( '/\bwp-elements-\S+\b/', $class_string, $matches ); if ( empty( $matches ) ) { return $block_content; } $tags = new WP_HTML_Tag_Processor( $block_content ); if ( $tags->next_tag() ) { $tags->add_class( $matches[0] ); } return $tags->get_updated_html(); } add_filter( 'render_block', 'wp_render_elements_class_name', 10, 2 ); add_filter( 'render_block_data', 'wp_render_elements_support_styles', 10, 1 ); https-migration-20260605111908.php 0000666 00000011205 15225166143 0012004 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605130239.php 0000666 00000011205 15225166143 0012002 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } typography.php 0000666 00000072125 15225166143 0007503 0 ustar 00 <?php /** * Typography block support flag. * * @package WordPress * @since 5.6.0 */ /** * Registers the style and typography block attributes for block types that support it. * * @since 5.6.0 * @since 6.3.0 Added support for text-columns. * @access private * * @param WP_Block_Type $block_type Block Type. */ function wp_register_typography_support( $block_type ) { if ( ! ( $block_type instanceof WP_Block_Type ) ) { return; } $typography_supports = isset( $block_type->supports['typography'] ) ? $block_type->supports['typography'] : false; if ( ! $typography_supports ) { return; } $has_font_family_support = isset( $typography_supports['__experimentalFontFamily'] ) ? $typography_supports['__experimentalFontFamily'] : false; $has_font_size_support = isset( $typography_supports['fontSize'] ) ? $typography_supports['fontSize'] : false; $has_font_style_support = isset( $typography_supports['__experimentalFontStyle'] ) ? $typography_supports['__experimentalFontStyle'] : false; $has_font_weight_support = isset( $typography_supports['__experimentalFontWeight'] ) ? $typography_supports['__experimentalFontWeight'] : false; $has_letter_spacing_support = isset( $typography_supports['__experimentalLetterSpacing'] ) ? $typography_supports['__experimentalLetterSpacing'] : false; $has_line_height_support = isset( $typography_supports['lineHeight'] ) ? $typography_supports['lineHeight'] : false; $has_text_align_support = isset( $typography_supports['textAlign'] ) ? $typography_supports['textAlign'] : false; $has_text_columns_support = isset( $typography_supports['textColumns'] ) ? $typography_supports['textColumns'] : false; $has_text_decoration_support = isset( $typography_supports['__experimentalTextDecoration'] ) ? $typography_supports['__experimentalTextDecoration'] : false; $has_text_transform_support = isset( $typography_supports['__experimentalTextTransform'] ) ? $typography_supports['__experimentalTextTransform'] : false; $has_writing_mode_support = isset( $typography_supports['__experimentalWritingMode'] ) ? $typography_supports['__experimentalWritingMode'] : false; $has_typography_support = $has_font_family_support || $has_font_size_support || $has_font_style_support || $has_font_weight_support || $has_letter_spacing_support || $has_line_height_support || $has_text_align_support || $has_text_columns_support || $has_text_decoration_support || $has_text_transform_support || $has_writing_mode_support; if ( ! $block_type->attributes ) { $block_type->attributes = array(); } if ( $has_typography_support && ! array_key_exists( 'style', $block_type->attributes ) ) { $block_type->attributes['style'] = array( 'type' => 'object', ); } if ( $has_font_size_support && ! array_key_exists( 'fontSize', $block_type->attributes ) ) { $block_type->attributes['fontSize'] = array( 'type' => 'string', ); } if ( $has_font_family_support && ! array_key_exists( 'fontFamily', $block_type->attributes ) ) { $block_type->attributes['fontFamily'] = array( 'type' => 'string', ); } } /** * Adds CSS classes and inline styles for typography features such as font sizes * to the incoming attributes array. This will be applied to the block markup in * the front-end. * * @since 5.6.0 * @since 6.1.0 Used the style engine to generate CSS and classnames. * @since 6.3.0 Added support for text-columns. * @access private * * @param WP_Block_Type $block_type Block type. * @param array $block_attributes Block attributes. * @return array Typography CSS classes and inline styles. */ function wp_apply_typography_support( $block_type, $block_attributes ) { if ( ! ( $block_type instanceof WP_Block_Type ) ) { return array(); } $typography_supports = isset( $block_type->supports['typography'] ) ? $block_type->supports['typography'] : false; if ( ! $typography_supports ) { return array(); } if ( wp_should_skip_block_supports_serialization( $block_type, 'typography' ) ) { return array(); } $has_font_family_support = isset( $typography_supports['__experimentalFontFamily'] ) ? $typography_supports['__experimentalFontFamily'] : false; $has_font_size_support = isset( $typography_supports['fontSize'] ) ? $typography_supports['fontSize'] : false; $has_font_style_support = isset( $typography_supports['__experimentalFontStyle'] ) ? $typography_supports['__experimentalFontStyle'] : false; $has_font_weight_support = isset( $typography_supports['__experimentalFontWeight'] ) ? $typography_supports['__experimentalFontWeight'] : false; $has_letter_spacing_support = isset( $typography_supports['__experimentalLetterSpacing'] ) ? $typography_supports['__experimentalLetterSpacing'] : false; $has_line_height_support = isset( $typography_supports['lineHeight'] ) ? $typography_supports['lineHeight'] : false; $has_text_align_support = isset( $typography_supports['textAlign'] ) ? $typography_supports['textAlign'] : false; $has_text_columns_support = isset( $typography_supports['textColumns'] ) ? $typography_supports['textColumns'] : false; $has_text_decoration_support = isset( $typography_supports['__experimentalTextDecoration'] ) ? $typography_supports['__experimentalTextDecoration'] : false; $has_text_transform_support = isset( $typography_supports['__experimentalTextTransform'] ) ? $typography_supports['__experimentalTextTransform'] : false; $has_writing_mode_support = isset( $typography_supports['__experimentalWritingMode'] ) ? $typography_supports['__experimentalWritingMode'] : false; // Whether to skip individual block support features. $should_skip_font_size = wp_should_skip_block_supports_serialization( $block_type, 'typography', 'fontSize' ); $should_skip_font_family = wp_should_skip_block_supports_serialization( $block_type, 'typography', 'fontFamily' ); $should_skip_font_style = wp_should_skip_block_supports_serialization( $block_type, 'typography', 'fontStyle' ); $should_skip_font_weight = wp_should_skip_block_supports_serialization( $block_type, 'typography', 'fontWeight' ); $should_skip_line_height = wp_should_skip_block_supports_serialization( $block_type, 'typography', 'lineHeight' ); $should_skip_text_align = wp_should_skip_block_supports_serialization( $block_type, 'typography', 'textAlign' ); $should_skip_text_columns = wp_should_skip_block_supports_serialization( $block_type, 'typography', 'textColumns' ); $should_skip_text_decoration = wp_should_skip_block_supports_serialization( $block_type, 'typography', 'textDecoration' ); $should_skip_text_transform = wp_should_skip_block_supports_serialization( $block_type, 'typography', 'textTransform' ); $should_skip_letter_spacing = wp_should_skip_block_supports_serialization( $block_type, 'typography', 'letterSpacing' ); $should_skip_writing_mode = wp_should_skip_block_supports_serialization( $block_type, 'typography', 'writingMode' ); $typography_block_styles = array(); if ( $has_font_size_support && ! $should_skip_font_size ) { $preset_font_size = array_key_exists( 'fontSize', $block_attributes ) ? "var:preset|font-size|{$block_attributes['fontSize']}" : null; $custom_font_size = isset( $block_attributes['style']['typography']['fontSize'] ) ? $block_attributes['style']['typography']['fontSize'] : null; $typography_block_styles['fontSize'] = $preset_font_size ? $preset_font_size : wp_get_typography_font_size_value( array( 'size' => $custom_font_size, ) ); } if ( $has_font_family_support && ! $should_skip_font_family ) { $preset_font_family = array_key_exists( 'fontFamily', $block_attributes ) ? "var:preset|font-family|{$block_attributes['fontFamily']}" : null; $custom_font_family = isset( $block_attributes['style']['typography']['fontFamily'] ) ? wp_typography_get_preset_inline_style_value( $block_attributes['style']['typography']['fontFamily'], 'font-family' ) : null; $typography_block_styles['fontFamily'] = $preset_font_family ? $preset_font_family : $custom_font_family; } if ( $has_font_style_support && ! $should_skip_font_style && isset( $block_attributes['style']['typography']['fontStyle'] ) ) { $typography_block_styles['fontStyle'] = wp_typography_get_preset_inline_style_value( $block_attributes['style']['typography']['fontStyle'], 'font-style' ); } if ( $has_font_weight_support && ! $should_skip_font_weight && isset( $block_attributes['style']['typography']['fontWeight'] ) ) { $typography_block_styles['fontWeight'] = wp_typography_get_preset_inline_style_value( $block_attributes['style']['typography']['fontWeight'], 'font-weight' ); } if ( $has_line_height_support && ! $should_skip_line_height ) { $typography_block_styles['lineHeight'] = isset( $block_attributes['style']['typography']['lineHeight'] ) ? $block_attributes['style']['typography']['lineHeight'] : null; } if ( $has_text_align_support && ! $should_skip_text_align ) { $typography_block_styles['textAlign'] = isset( $block_attributes['style']['typography']['textAlign'] ) ? $block_attributes['style']['typography']['textAlign'] : null; } if ( $has_text_columns_support && ! $should_skip_text_columns && isset( $block_attributes['style']['typography']['textColumns'] ) ) { $typography_block_styles['textColumns'] = isset( $block_attributes['style']['typography']['textColumns'] ) ? $block_attributes['style']['typography']['textColumns'] : null; } if ( $has_text_decoration_support && ! $should_skip_text_decoration && isset( $block_attributes['style']['typography']['textDecoration'] ) ) { $typography_block_styles['textDecoration'] = wp_typography_get_preset_inline_style_value( $block_attributes['style']['typography']['textDecoration'], 'text-decoration' ); } if ( $has_text_transform_support && ! $should_skip_text_transform && isset( $block_attributes['style']['typography']['textTransform'] ) ) { $typography_block_styles['textTransform'] = wp_typography_get_preset_inline_style_value( $block_attributes['style']['typography']['textTransform'], 'text-transform' ); } if ( $has_letter_spacing_support && ! $should_skip_letter_spacing && isset( $block_attributes['style']['typography']['letterSpacing'] ) ) { $typography_block_styles['letterSpacing'] = wp_typography_get_preset_inline_style_value( $block_attributes['style']['typography']['letterSpacing'], 'letter-spacing' ); } if ( $has_writing_mode_support && ! $should_skip_writing_mode && isset( $block_attributes['style']['typography']['writingMode'] ) ) { $typography_block_styles['writingMode'] = isset( $block_attributes['style']['typography']['writingMode'] ) ? $block_attributes['style']['typography']['writingMode'] : null; } $attributes = array(); $classnames = array(); $styles = wp_style_engine_get_styles( array( 'typography' => $typography_block_styles ), array( 'convert_vars_to_classnames' => true ) ); if ( ! empty( $styles['classnames'] ) ) { $classnames[] = $styles['classnames']; } if ( $has_text_align_support && ! $should_skip_text_align && isset( $block_attributes['style']['typography']['textAlign'] ) ) { $classnames[] = 'has-text-align-' . $block_attributes['style']['typography']['textAlign']; } if ( ! empty( $classnames ) ) { $attributes['class'] = implode( ' ', $classnames ); } if ( ! empty( $styles['css'] ) ) { $attributes['style'] = $styles['css']; } return $attributes; } /** * Generates an inline style value for a typography feature e.g. text decoration, * text transform, and font style. * * Note: This function is for backwards compatibility. * * It is necessary to parse older blocks whose typography styles contain presets. * * It mostly replaces the deprecated `wp_typography_get_css_variable_inline_style()`, * but skips compiling a CSS declaration as the style engine takes over this role. * @link https://github.com/wordpress/gutenberg/pull/27555 * * @since 6.1.0 * * @param string $style_value A raw style value for a single typography feature from a block's style attribute. * @param string $css_property Slug for the CSS property the inline style sets. * @return string A CSS inline style value. */ function wp_typography_get_preset_inline_style_value( $style_value, $css_property ) { // If the style value is not a preset CSS variable go no further. if ( empty( $style_value ) || ! str_contains( $style_value, "var:preset|{$css_property}|" ) ) { return $style_value; } /* * For backwards compatibility. * Presets were removed in WordPress/gutenberg#27555. * A preset CSS variable is the style. * Gets the style value from the string and return CSS style. */ $index_to_splice = strrpos( $style_value, '|' ) + 1; $slug = _wp_to_kebab_case( substr( $style_value, $index_to_splice ) ); // Return the actual CSS inline style value, // e.g. `var(--wp--preset--text-decoration--underline);`. return sprintf( 'var(--wp--preset--%s--%s);', $css_property, $slug ); } /** * Renders typography styles/content to the block wrapper. * * @since 6.1.0 * * @param string $block_content Rendered block content. * @param array $block Block object. * @return string Filtered block content. */ function wp_render_typography_support( $block_content, $block ) { if ( ! empty( $block['attrs']['fitText'] ) && $block['attrs']['fitText'] && ! is_admin() ) { wp_enqueue_script_module( '@wordpress/block-editor/utils/fit-text-frontend' ); // Add Interactivity API directives for fit text to work with client-side navigation. if ( ! empty( $block_content ) ) { $processor = new WP_HTML_Tag_Processor( $block_content ); if ( $processor->next_tag() ) { if ( ! $processor->get_attribute( 'data-wp-interactive' ) ) { $processor->set_attribute( 'data-wp-interactive', true ); } $processor->set_attribute( 'data-wp-context---core-fit-text', 'core/fit-text::{"fontSize":""}' ); $processor->set_attribute( 'data-wp-init---core-fit-text', 'core/fit-text::callbacks.init' ); $processor->set_attribute( 'data-wp-style--font-size', 'core/fit-text::context.fontSize' ); $block_content = $processor->get_updated_html(); } } // fitText supersedes any other typography features return $block_content; } if ( ! isset( $block['attrs']['style']['typography']['fontSize'] ) ) { return $block_content; } $custom_font_size = $block['attrs']['style']['typography']['fontSize']; $fluid_font_size = wp_get_typography_font_size_value( array( 'size' => $custom_font_size ) ); /* * Checks that $fluid_font_size does not match $custom_font_size, * which means it's been mutated by the fluid font size functions. */ if ( ! empty( $fluid_font_size ) && $fluid_font_size !== $custom_font_size ) { // Replaces the first instance of `font-size:$custom_font_size` with `font-size:$fluid_font_size`. return preg_replace( '/font-size\s*:\s*' . preg_quote( $custom_font_size, '/' ) . '\s*;?/', 'font-size:' . esc_attr( $fluid_font_size ) . ';', $block_content, 1 ); } return $block_content; } /** * Checks a string for a unit and value and returns an array * consisting of `'value'` and `'unit'`, e.g. array( '42', 'rem' ). * * @since 6.1.0 * * @param string|int|float $raw_value Raw size value from theme.json. * @param array $options { * Optional. An associative array of options. Default is empty array. * * @type string $coerce_to Coerce the value to rem or px. Default `'rem'`. * @type int $root_size_value Value of root font size for rem|em <-> px conversion. Default `16`. * @type string[] $acceptable_units An array of font size units. Default `array( 'rem', 'px', 'em' )`; * } * @return array|null An array consisting of `'value'` and `'unit'` properties on success. * `null` on failure. */ function wp_get_typography_value_and_unit( $raw_value, $options = array() ) { if ( ! is_string( $raw_value ) && ! is_int( $raw_value ) && ! is_float( $raw_value ) ) { _doing_it_wrong( __FUNCTION__, __( 'Raw size value must be a string, integer, or float.' ), '6.1.0' ); return null; } if ( empty( $raw_value ) ) { return null; } // Converts numbers to pixel values by default. if ( is_numeric( $raw_value ) ) { $raw_value = $raw_value . 'px'; } $defaults = array( 'coerce_to' => '', 'root_size_value' => 16, 'acceptable_units' => array( 'rem', 'px', 'em' ), ); $options = wp_parse_args( $options, $defaults ); $acceptable_units_group = implode( '|', $options['acceptable_units'] ); $pattern = '/^(\d*\.?\d+)(' . $acceptable_units_group . '){1,1}$/'; preg_match( $pattern, $raw_value, $matches ); // Bails out if not a number value and a px or rem unit. if ( ! isset( $matches[1] ) || ! isset( $matches[2] ) ) { return null; } $value = $matches[1]; $unit = $matches[2]; /* * Default browser font size. Later, possibly could inject some JS to * compute this `getComputedStyle( document.querySelector( "html" ) ).fontSize`. */ if ( 'px' === $options['coerce_to'] && ( 'em' === $unit || 'rem' === $unit ) ) { $value = $value * $options['root_size_value']; $unit = $options['coerce_to']; } if ( 'px' === $unit && ( 'em' === $options['coerce_to'] || 'rem' === $options['coerce_to'] ) ) { $value = $value / $options['root_size_value']; $unit = $options['coerce_to']; } /* * No calculation is required if swapping between em and rem yet, * since we assume a root size value. Later we might like to differentiate between * :root font size (rem) and parent element font size (em) relativity. */ if ( ( 'em' === $options['coerce_to'] || 'rem' === $options['coerce_to'] ) && ( 'em' === $unit || 'rem' === $unit ) ) { $unit = $options['coerce_to']; } return array( 'value' => round( $value, 3 ), 'unit' => $unit, ); } /** * Internal implementation of CSS clamp() based on available min/max viewport * width and min/max font sizes. * * @since 6.1.0 * @since 6.3.0 Checks for unsupported min/max viewport values that cause invalid clamp values. * @since 6.5.0 Returns early when min and max viewport subtraction is zero to avoid division by zero. * @access private * * @param array $args { * Optional. An associative array of values to calculate a fluid formula * for font size. Default is empty array. * * @type string $maximum_viewport_width Maximum size up to which type will have fluidity. * @type string $minimum_viewport_width Minimum viewport size from which type will have fluidity. * @type string $maximum_font_size Maximum font size for any clamp() calculation. * @type string $minimum_font_size Minimum font size for any clamp() calculation. * @type int $scale_factor A scale factor to determine how fast a font scales within boundaries. * } * @return string|null A font-size value using clamp() on success, otherwise null. */ function wp_get_computed_fluid_typography_value( $args = array() ) { $maximum_viewport_width_raw = isset( $args['maximum_viewport_width'] ) ? $args['maximum_viewport_width'] : null; $minimum_viewport_width_raw = isset( $args['minimum_viewport_width'] ) ? $args['minimum_viewport_width'] : null; $maximum_font_size_raw = isset( $args['maximum_font_size'] ) ? $args['maximum_font_size'] : null; $minimum_font_size_raw = isset( $args['minimum_font_size'] ) ? $args['minimum_font_size'] : null; $scale_factor = isset( $args['scale_factor'] ) ? $args['scale_factor'] : null; // Normalizes the minimum font size in order to use the value for calculations. $minimum_font_size = wp_get_typography_value_and_unit( $minimum_font_size_raw ); /* * We get a 'preferred' unit to keep units consistent when calculating, * otherwise the result will not be accurate. */ $font_size_unit = isset( $minimum_font_size['unit'] ) ? $minimum_font_size['unit'] : 'rem'; // Normalizes the maximum font size in order to use the value for calculations. $maximum_font_size = wp_get_typography_value_and_unit( $maximum_font_size_raw, array( 'coerce_to' => $font_size_unit, ) ); // Checks for mandatory min and max sizes, and protects against unsupported units. if ( ! $maximum_font_size || ! $minimum_font_size ) { return null; } // Uses rem for accessible fluid target font scaling. $minimum_font_size_rem = wp_get_typography_value_and_unit( $minimum_font_size_raw, array( 'coerce_to' => 'rem', ) ); // Viewport widths defined for fluid typography. Normalize units. $maximum_viewport_width = wp_get_typography_value_and_unit( $maximum_viewport_width_raw, array( 'coerce_to' => $font_size_unit, ) ); $minimum_viewport_width = wp_get_typography_value_and_unit( $minimum_viewport_width_raw, array( 'coerce_to' => $font_size_unit, ) ); // Protects against unsupported units in min and max viewport widths. if ( ! $minimum_viewport_width || ! $maximum_viewport_width ) { return null; } // Calculates the linear factor denominator. If it's 0, we cannot calculate a fluid value. $linear_factor_denominator = $maximum_viewport_width['value'] - $minimum_viewport_width['value']; if ( empty( $linear_factor_denominator ) ) { return null; } /* * Build CSS rule. * Borrowed from https://websemantics.uk/tools/responsive-font-calculator/. */ $view_port_width_offset = round( $minimum_viewport_width['value'] / 100, 3 ) . $font_size_unit; $linear_factor = 100 * ( ( $maximum_font_size['value'] - $minimum_font_size['value'] ) / ( $linear_factor_denominator ) ); $linear_factor_scaled = round( $linear_factor * $scale_factor, 3 ); $linear_factor_scaled = empty( $linear_factor_scaled ) ? 1 : $linear_factor_scaled; $fluid_target_font_size = implode( '', $minimum_font_size_rem ) . " + ((1vw - $view_port_width_offset) * $linear_factor_scaled)"; return "clamp($minimum_font_size_raw, $fluid_target_font_size, $maximum_font_size_raw)"; } /** * Returns a font-size value based on a given font-size preset. * Takes into account fluid typography parameters and attempts to return a CSS * formula depending on available, valid values. * * @since 6.1.0 * @since 6.1.1 Adjusted rules for min and max font sizes. * @since 6.2.0 Added 'settings.typography.fluid.minFontSize' support. * @since 6.3.0 Using layout.wideSize as max viewport width, and logarithmic scale factor to calculate minimum font scale. * @since 6.4.0 Added configurable min and max viewport width values to the typography.fluid theme.json schema. * @since 6.6.0 Deprecated bool argument $should_use_fluid_typography. * @since 6.7.0 Font size presets can enable fluid typography individually, even if it’s disabled globally. * * @param array $preset { * Required. fontSizes preset value as seen in theme.json. * * @type string $name Name of the font size preset. * @type string $slug Kebab-case, unique identifier for the font size preset. * @type string|int|float $size CSS font-size value, including units if applicable. * } * @param bool|array $settings Optional Theme JSON settings array that overrides any global theme settings. * Default is false. * @return string|null Font-size value or null if a size is not passed in $preset. */ function wp_get_typography_font_size_value( $preset, $settings = array() ) { if ( ! isset( $preset['size'] ) ) { return null; } /* * Catches falsy values and 0/'0'. Fluid calculations cannot be performed on `0`. * Also returns early when a preset font size explicitly disables fluid typography with `false`. */ $fluid_font_size_settings = $preset['fluid'] ?? null; if ( false === $fluid_font_size_settings || empty( $preset['size'] ) ) { return $preset['size']; } /* * As a boolean (deprecated since 6.6), $settings acts as an override to switch fluid typography "on" (`true`) or "off" (`false`). */ if ( is_bool( $settings ) ) { _deprecated_argument( __FUNCTION__, '6.6.0', __( '`boolean` type for second argument `$settings` is deprecated. Use `array()` instead.' ) ); $settings = array( 'typography' => array( 'fluid' => $settings, ), ); } // Fallback to global settings as default. $global_settings = wp_get_global_settings(); $settings = wp_parse_args( $settings, $global_settings ); $typography_settings = $settings['typography'] ?? array(); /* * Return early when fluid typography is disabled in the settings, and there * are no local settings to enable it for the individual preset. * * If this condition isn't met, either the settings or individual preset settings * have enabled fluid typography. */ if ( empty( $typography_settings['fluid'] ) && empty( $fluid_font_size_settings ) ) { return $preset['size']; } $fluid_settings = isset( $typography_settings['fluid'] ) ? $typography_settings['fluid'] : array(); $layout_settings = isset( $settings['layout'] ) ? $settings['layout'] : array(); // Defaults. $default_maximum_viewport_width = '1600px'; $default_minimum_viewport_width = '320px'; $default_minimum_font_size_factor_max = 0.75; $default_minimum_font_size_factor_min = 0.25; $default_scale_factor = 1; $default_minimum_font_size_limit = '14px'; // Defaults overrides. $minimum_viewport_width = isset( $fluid_settings['minViewportWidth'] ) ? $fluid_settings['minViewportWidth'] : $default_minimum_viewport_width; $maximum_viewport_width = isset( $layout_settings['wideSize'] ) && ! empty( wp_get_typography_value_and_unit( $layout_settings['wideSize'] ) ) ? $layout_settings['wideSize'] : $default_maximum_viewport_width; if ( isset( $fluid_settings['maxViewportWidth'] ) ) { $maximum_viewport_width = $fluid_settings['maxViewportWidth']; } $has_min_font_size = isset( $fluid_settings['minFontSize'] ) && ! empty( wp_get_typography_value_and_unit( $fluid_settings['minFontSize'] ) ); $minimum_font_size_limit = $has_min_font_size ? $fluid_settings['minFontSize'] : $default_minimum_font_size_limit; // Try to grab explicit min and max fluid font sizes. $minimum_font_size_raw = isset( $fluid_font_size_settings['min'] ) ? $fluid_font_size_settings['min'] : null; $maximum_font_size_raw = isset( $fluid_font_size_settings['max'] ) ? $fluid_font_size_settings['max'] : null; // Font sizes. $preferred_size = wp_get_typography_value_and_unit( $preset['size'] ); // Protects against unsupported units. if ( empty( $preferred_size['unit'] ) ) { return $preset['size']; } /* * Normalizes the minimum font size limit according to the incoming unit, * in order to perform comparative checks. */ $minimum_font_size_limit = wp_get_typography_value_and_unit( $minimum_font_size_limit, array( 'coerce_to' => $preferred_size['unit'], ) ); // Don't enforce minimum font size if a font size has explicitly set a min and max value. if ( ! empty( $minimum_font_size_limit ) && ( ! $minimum_font_size_raw && ! $maximum_font_size_raw ) ) { /* * If a minimum size was not passed to this function * and the user-defined font size is lower than $minimum_font_size_limit, * do not calculate a fluid value. */ if ( $preferred_size['value'] <= $minimum_font_size_limit['value'] ) { return $preset['size']; } } // If no fluid max font size is available use the incoming value. if ( ! $maximum_font_size_raw ) { $maximum_font_size_raw = $preferred_size['value'] . $preferred_size['unit']; } /* * If no minimumFontSize is provided, create one using * the given font size multiplied by the min font size scale factor. */ if ( ! $minimum_font_size_raw ) { $preferred_font_size_in_px = 'px' === $preferred_size['unit'] ? $preferred_size['value'] : $preferred_size['value'] * 16; /* * The scale factor is a multiplier that affects how quickly the curve will move towards the minimum, * that is, how quickly the size factor reaches 0 given increasing font size values. * For a - b * log2(), lower values of b will make the curve move towards the minimum faster. * The scale factor is constrained between min and max values. */ $minimum_font_size_factor = min( max( 1 - 0.075 * log( $preferred_font_size_in_px, 2 ), $default_minimum_font_size_factor_min ), $default_minimum_font_size_factor_max ); $calculated_minimum_font_size = round( $preferred_size['value'] * $minimum_font_size_factor, 3 ); // Only use calculated min font size if it's > $minimum_font_size_limit value. if ( ! empty( $minimum_font_size_limit ) && $calculated_minimum_font_size <= $minimum_font_size_limit['value'] ) { $minimum_font_size_raw = $minimum_font_size_limit['value'] . $minimum_font_size_limit['unit']; } else { $minimum_font_size_raw = $calculated_minimum_font_size . $preferred_size['unit']; } } $fluid_font_size_value = wp_get_computed_fluid_typography_value( array( 'minimum_viewport_width' => $minimum_viewport_width, 'maximum_viewport_width' => $maximum_viewport_width, 'minimum_font_size' => $minimum_font_size_raw, 'maximum_font_size' => $maximum_font_size_raw, 'scale_factor' => $default_scale_factor, ) ); if ( ! empty( $fluid_font_size_value ) ) { return $fluid_font_size_value; } return $preset['size']; } // Register the block support. WP_Block_Supports::get_instance()->register( 'typography', array( 'register_attribute' => 'wp_register_typography_support', 'apply' => 'wp_apply_typography_support', ) ); class-wp-styles.php 0000666 00000031053 15225166143 0010342 0 ustar 00 <?php /** * Dependencies API: WP_Styles class * * @since 2.6.0 * * @package WordPress * @subpackage Dependencies */ /** * Core class used to register styles. * * @since 2.6.0 * * @see WP_Dependencies */ class WP_Styles extends WP_Dependencies { /** * Base URL for styles. * * Full URL with trailing slash. * * @since 2.6.0 * @var string */ public $base_url; /** * URL of the content directory. * * @since 2.8.0 * @var string */ public $content_url; /** * Default version string for stylesheets. * * @since 2.6.0 * @var string */ public $default_version; /** * The current text direction. * * @since 2.6.0 * @var string */ public $text_direction = 'ltr'; /** * Holds a list of style handles which will be concatenated. * * @since 2.8.0 * @var string */ public $concat = ''; /** * Holds a string which contains style handles and their version. * * @since 2.8.0 * @deprecated 3.4.0 * @var string */ public $concat_version = ''; /** * Whether to perform concatenation. * * @since 2.8.0 * @var bool */ public $do_concat = false; /** * Holds HTML markup of styles and additional data if concatenation * is enabled. * * @since 2.8.0 * @var string */ public $print_html = ''; /** * Holds inline styles if concatenation is enabled. * * @since 3.3.0 * @var string */ public $print_code = ''; /** * List of default directories. * * @since 2.8.0 * @var array */ public $default_dirs; /** * Holds a string which contains the type attribute for style tag. * * If the active theme does not declare HTML5 support for 'style', * then it initializes as `type='text/css'`. * * @since 5.3.0 * @var string */ private $type_attr = ''; /** * Constructor. * * @since 2.6.0 */ public function __construct() { if ( function_exists( 'is_admin' ) && ! is_admin() && function_exists( 'current_theme_supports' ) && ! current_theme_supports( 'html5', 'style' ) ) { $this->type_attr = " type='text/css'"; } /** * Fires when the WP_Styles instance is initialized. * * @since 2.6.0 * * @param WP_Styles $wp_styles WP_Styles instance (passed by reference). */ do_action_ref_array( 'wp_default_styles', array( &$this ) ); } /** * Processes a style dependency. * * @since 2.6.0 * @since 5.5.0 Added the `$group` parameter. * * @see WP_Dependencies::do_item() * * @param string $handle The style's registered handle. * @param int|false $group Optional. Group level: level (int), no groups (false). * Default false. * @return bool True on success, false on failure. */ public function do_item( $handle, $group = false ) { if ( ! parent::do_item( $handle ) ) { return false; } $obj = $this->registered[ $handle ]; if ( $obj->extra['conditional'] ?? false ) { return false; } if ( null === $obj->ver ) { $ver = ''; } else { $ver = $obj->ver ? $obj->ver : $this->default_version; } if ( isset( $this->args[ $handle ] ) ) { $ver = $ver ? $ver . '&' . $this->args[ $handle ] : $this->args[ $handle ]; } $src = $obj->src; $inline_style = $this->print_inline_style( $handle, false ); if ( $inline_style ) { $inline_style_tag = sprintf( "<style id='%s-inline-css'%s>\n%s\n</style>\n", esc_attr( $handle ), $this->type_attr, $inline_style ); } else { $inline_style_tag = ''; } if ( $this->do_concat ) { if ( $this->in_default_dir( $src ) && ! isset( $obj->extra['alt'] ) ) { $this->concat .= "$handle,"; $this->concat_version .= "$handle$ver"; $this->print_code .= $inline_style; return true; } } if ( isset( $obj->args ) ) { $media = $obj->args; } else { $media = 'all'; } // A single item may alias a set of items, by having dependencies, but no source. if ( ! $src ) { if ( $inline_style_tag ) { if ( $this->do_concat ) { $this->print_html .= $inline_style_tag; } else { echo $inline_style_tag; } } return true; } $href = $this->_css_href( $src, $ver, $handle ); if ( ! $href ) { return true; } $rel = isset( $obj->extra['alt'] ) && $obj->extra['alt'] ? 'alternate stylesheet' : 'stylesheet'; $title = isset( $obj->extra['title'] ) ? $obj->extra['title'] : ''; $tag = sprintf( "<link rel='%s' id='%s-css'%s href='%s'%s media='%s' />\n", $rel, esc_attr( $handle ), $title ? sprintf( " title='%s'", esc_attr( $title ) ) : '', $href, $this->type_attr, esc_attr( $media ) ); /** * Filters the HTML link tag of an enqueued style. * * @since 2.6.0 * @since 4.3.0 Introduced the `$href` parameter. * @since 4.5.0 Introduced the `$media` parameter. * * @param string $tag The link tag for the enqueued style. * @param string $handle The style's registered handle. * @param string $href The stylesheet's source URL. * @param string $media The stylesheet's media attribute. */ $tag = apply_filters( 'style_loader_tag', $tag, $handle, $href, $media ); if ( 'rtl' === $this->text_direction && isset( $obj->extra['rtl'] ) && $obj->extra['rtl'] ) { if ( is_bool( $obj->extra['rtl'] ) || 'replace' === $obj->extra['rtl'] ) { $suffix = isset( $obj->extra['suffix'] ) ? $obj->extra['suffix'] : ''; $rtl_href = str_replace( "{$suffix}.css", "-rtl{$suffix}.css", $this->_css_href( $src, $ver, "$handle-rtl" ) ); } else { $rtl_href = $this->_css_href( $obj->extra['rtl'], $ver, "$handle-rtl" ); } $rtl_tag = sprintf( "<link rel='%s' id='%s-rtl-css'%s href='%s'%s media='%s' />\n", $rel, esc_attr( $handle ), $title ? sprintf( " title='%s'", esc_attr( $title ) ) : '', $rtl_href, $this->type_attr, esc_attr( $media ) ); /** This filter is documented in wp-includes/class-wp-styles.php */ $rtl_tag = apply_filters( 'style_loader_tag', $rtl_tag, $handle, $rtl_href, $media ); if ( 'replace' === $obj->extra['rtl'] ) { $tag = $rtl_tag; } else { $tag .= $rtl_tag; } } if ( $this->do_concat ) { $this->print_html .= $tag; if ( $inline_style_tag ) { $this->print_html .= $inline_style_tag; } } else { echo $tag; $this->print_inline_style( $handle ); } return true; } /** * Adds extra CSS styles to a registered stylesheet. * * @since 3.3.0 * * @param string $handle The style's registered handle. * @param string $code String containing the CSS styles to be added. * @return bool True on success, false on failure. */ public function add_inline_style( $handle, $code ) { if ( ! $code ) { return false; } $after = $this->get_data( $handle, 'after' ); if ( ! $after ) { $after = array(); } $after[] = $code; return $this->add_data( $handle, 'after', $after ); } /** * Prints extra CSS styles of a registered stylesheet. * * @since 3.3.0 * * @param string $handle The style's registered handle. * @param bool $display Optional. Whether to print the inline style * instead of just returning it. Default true. * @return string|bool False if no data exists, inline styles if `$display` is true, * true otherwise. */ public function print_inline_style( $handle, $display = true ) { $output = $this->get_data( $handle, 'after' ); if ( empty( $output ) || ! is_array( $output ) ) { return false; } if ( ! $this->do_concat ) { // Obtain the original `src` for a stylesheet possibly inlined by wp_maybe_inline_styles(). $inlined_src = $this->get_data( $handle, 'inlined_src' ); // If there's only one `after` inline style, and that inline style had been inlined, then use the $inlined_src // as the sourceURL. Otherwise, if there is more than one inline `after` style associated with the handle, // then resort to using the handle to construct the sourceURL since there isn't a single source. if ( count( $output ) === 1 && is_string( $inlined_src ) && strlen( $inlined_src ) > 0 ) { $source_url = esc_url_raw( $inlined_src ); } else { $source_url = rawurlencode( "{$handle}-inline-css" ); } $output[] = sprintf( '/*# sourceURL=%s */', $source_url ); } $output = implode( "\n", $output ); if ( ! $display ) { return $output; } printf( "<style id='%s-inline-css'%s>\n%s\n</style>\n", esc_attr( $handle ), $this->type_attr, $output ); return true; } /** * Overrides the add_data method from WP_Dependencies, to allow unsetting dependencies for conditional styles. * * @since 6.9.0 * * @param string $handle Name of the item. Should be unique. * @param string $key The data key. * @param mixed $value The data value. * @return bool True on success, false on failure. */ public function add_data( $handle, $key, $value ) { if ( ! isset( $this->registered[ $handle ] ) ) { return false; } if ( 'conditional' === $key ) { $this->registered[ $handle ]->deps = array(); } return parent::add_data( $handle, $key, $value ); } /** * Determines style dependencies. * * @since 2.6.0 * * @see WP_Dependencies::all_deps() * * @param string|string[] $handles Item handle (string) or item handles (array of strings). * @param bool $recursion Optional. Internal flag that function is calling itself. * Default false. * @param int|false $group Optional. Group level: level (int), no groups (false). * Default false. * @return bool True on success, false on failure. */ public function all_deps( $handles, $recursion = false, $group = false ) { $result = parent::all_deps( $handles, $recursion, $group ); if ( ! $recursion ) { /** * Filters the array of enqueued styles before processing for output. * * @since 2.6.0 * * @param string[] $to_do The list of enqueued style handles about to be processed. */ $this->to_do = apply_filters( 'print_styles_array', $this->to_do ); } return $result; } /** * Generates an enqueued style's fully-qualified URL. * * @since 2.6.0 * * @param string $src The source of the enqueued style. * @param string $ver The version of the enqueued style. * @param string $handle The style's registered handle. * @return string Style's fully-qualified URL. */ public function _css_href( $src, $ver, $handle ) { if ( ! is_bool( $src ) && ! preg_match( '|^(https?:)?//|', $src ) && ! ( $this->content_url && str_starts_with( $src, $this->content_url ) ) ) { $src = $this->base_url . $src; } if ( ! empty( $ver ) ) { $src = add_query_arg( 'ver', $ver, $src ); } /** * Filters an enqueued style's fully-qualified URL. * * @since 2.6.0 * * @param string $src The source URL of the enqueued style. * @param string $handle The style's registered handle. */ $src = apply_filters( 'style_loader_src', $src, $handle ); return esc_url( $src ); } /** * Whether a handle's source is in a default directory. * * @since 2.8.0 * * @param string $src The source of the enqueued style. * @return bool True if found, false if not. */ public function in_default_dir( $src ) { if ( ! $this->default_dirs ) { return true; } foreach ( (array) $this->default_dirs as $test ) { if ( str_starts_with( $src, $test ) ) { return true; } } return false; } /** * Processes items and dependencies for the footer group. * * HTML 5 allows styles in the body, grab late enqueued items and output them in the footer. * * @since 3.3.0 * * @see WP_Dependencies::do_items() * * @return string[] Handles of items that have been processed. */ public function do_footer_items() { $this->do_items( false, 1 ); return $this->done; } /** * Resets class properties. * * @since 3.3.0 */ public function reset() { $this->do_concat = false; $this->concat = ''; $this->concat_version = ''; $this->print_html = ''; } /** * Gets a style-specific dependency warning message. * * @since 6.9.1 * * @param string $handle Style handle with missing dependencies. * @param string[] $missing_dependency_handles Missing dependency handles. * @return string Formatted, localized warning message. */ protected function get_dependency_warning_message( $handle, $missing_dependency_handles ) { return sprintf( /* translators: 1: Style handle, 2: List of missing dependency handles. */ __( 'The style with the handle "%1$s" was enqueued with dependencies that are not registered: %2$s.' ), $handle, implode( wp_get_list_item_separator(), $missing_dependency_handles ) ); } } https-detection-20260605172948.php 0000666 00000013341 15225166143 0012007 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } class-wp.php 0000666 00000063561 15225166143 0007032 0 ustar 00 <?php /** * WordPress environment setup class. * * @package WordPress * @since 2.0.0 */ #[AllowDynamicProperties] class WP { /** * Public query variables. * * Long list of public query variables. * * @since 2.0.0 * @var string[] */ public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'favicon', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' ); /** * Private query variables. * * Long list of private query variables. * * @since 2.0.0 * @var string[] */ public $private_query_vars = array( 'offset', 'posts_per_page', 'posts_per_archive_page', 'showposts', 'nopaging', 'post_type', 'post_status', 'category__in', 'category__not_in', 'category__and', 'tag__in', 'tag__not_in', 'tag__and', 'tag_slug__in', 'tag_slug__and', 'tag_id', 'post_mime_type', 'perm', 'comments_per_page', 'post__in', 'post__not_in', 'post_parent', 'post_parent__in', 'post_parent__not_in', 'title', 'fields' ); /** * Extra query variables set by the user. * * @since 2.1.0 * @var array */ public $extra_query_vars = array(); /** * Query variables for setting up the WordPress Query Loop. * * @since 2.0.0 * @var array */ public $query_vars = array(); /** * String parsed to set the query variables. * * @since 2.0.0 * @var string */ public $query_string = ''; /** * The request path, e.g. 2015/05/06. * * @since 2.0.0 * @var string */ public $request = ''; /** * Rewrite rule the request matched. * * @since 2.0.0 * @var string */ public $matched_rule = ''; /** * Rewrite query the request matched. * * @since 2.0.0 * @var string */ public $matched_query = ''; /** * Whether already did the permalink. * * @since 2.0.0 * @var bool */ public $did_permalink = false; /** * Adds a query variable to the list of public query variables. * * @since 2.1.0 * * @param string $qv Query variable name. */ public function add_query_var( $qv ) { if ( ! in_array( $qv, $this->public_query_vars, true ) ) { $this->public_query_vars[] = $qv; } } /** * Removes a query variable from a list of public query variables. * * @since 4.5.0 * * @param string $name Query variable name. */ public function remove_query_var( $name ) { $this->public_query_vars = array_diff( $this->public_query_vars, array( $name ) ); } /** * Sets the value of a query variable. * * @since 2.3.0 * * @param string $key Query variable name. * @param mixed $value Query variable value. */ public function set_query_var( $key, $value ) { $this->query_vars[ $key ] = $value; } /** * Parses the request to find the correct WordPress query. * * Sets up the query variables based on the request. There are also many * filters and actions that can be used to further manipulate the result. * * @since 2.0.0 * @since 6.0.0 A return value was added. * * @global WP_Rewrite $wp_rewrite WordPress rewrite component. * * @param array|string $extra_query_vars Set the extra query variables. * @return bool Whether the request was parsed. */ public function parse_request( $extra_query_vars = '' ) { global $wp_rewrite; /** * Filters whether to parse the request. * * @since 3.5.0 * * @param bool $bool Whether or not to parse the request. Default true. * @param WP $wp Current WordPress environment instance. * @param array|string $extra_query_vars Extra passed query variables. */ if ( ! apply_filters( 'do_parse_request', true, $this, $extra_query_vars ) ) { return false; } $this->query_vars = array(); $post_type_query_vars = array(); if ( is_array( $extra_query_vars ) ) { $this->extra_query_vars = & $extra_query_vars; } elseif ( ! empty( $extra_query_vars ) ) { parse_str( $extra_query_vars, $this->extra_query_vars ); } // Process PATH_INFO, REQUEST_URI, and 404 for permalinks. // Fetch the rewrite rules. $rewrite = $wp_rewrite->wp_rewrite_rules(); if ( ! empty( $rewrite ) ) { // If we match a rewrite rule, this will be cleared. $error = '404'; $this->did_permalink = true; $pathinfo = isset( $_SERVER['PATH_INFO'] ) ? $_SERVER['PATH_INFO'] : ''; list( $pathinfo ) = explode( '?', $pathinfo ); $pathinfo = str_replace( '%', '%25', $pathinfo ); list( $req_uri ) = explode( '?', $_SERVER['REQUEST_URI'] ); $self = $_SERVER['PHP_SELF']; $home_path = parse_url( home_url(), PHP_URL_PATH ); $home_path_regex = ''; if ( is_string( $home_path ) && '' !== $home_path ) { $home_path = trim( $home_path, '/' ); $home_path_regex = sprintf( '|^%s|i', preg_quote( $home_path, '|' ) ); } /* * Trim path info from the end and the leading home path from the front. * For path info requests, this leaves us with the requesting filename, if any. * For 404 requests, this leaves us with the requested permalink. */ $req_uri = str_replace( $pathinfo, '', $req_uri ); $req_uri = trim( $req_uri, '/' ); $pathinfo = trim( $pathinfo, '/' ); $self = trim( $self, '/' ); if ( ! empty( $home_path_regex ) ) { $req_uri = preg_replace( $home_path_regex, '', $req_uri ); $req_uri = trim( $req_uri, '/' ); $pathinfo = preg_replace( $home_path_regex, '', $pathinfo ); $pathinfo = trim( $pathinfo, '/' ); $self = preg_replace( $home_path_regex, '', $self ); $self = trim( $self, '/' ); } // The requested permalink is in $pathinfo for path info requests and $req_uri for other requests. if ( ! empty( $pathinfo ) && ! preg_match( '|^.*' . $wp_rewrite->index . '$|', $pathinfo ) ) { $requested_path = $pathinfo; } else { // If the request uri is the index, blank it out so that we don't try to match it against a rule. if ( $req_uri === $wp_rewrite->index ) { $req_uri = ''; } $requested_path = $req_uri; } $requested_file = $req_uri; $this->request = $requested_path; // Look for matches. $request_match = $requested_path; if ( empty( $request_match ) ) { // An empty request could only match against ^$ regex. if ( isset( $rewrite['$'] ) ) { $this->matched_rule = '$'; $query = $rewrite['$']; $matches = array( '' ); } } else { foreach ( (array) $rewrite as $match => $query ) { // If the requested file is the anchor of the match, prepend it to the path info. if ( ! empty( $requested_file ) && str_starts_with( $match, $requested_file ) && $requested_file !== $requested_path ) { $request_match = $requested_file . '/' . $requested_path; } if ( preg_match( "#^$match#", $request_match, $matches ) || preg_match( "#^$match#", urldecode( $request_match ), $matches ) ) { if ( $wp_rewrite->use_verbose_page_rules && preg_match( '/pagename=\$matches\[([0-9]+)\]/', $query, $varmatch ) ) { // This is a verbose page match, let's check to be sure about it. $page = get_page_by_path( $matches[ $varmatch[1] ] ); if ( ! $page ) { continue; } $post_status_obj = get_post_status_object( $page->post_status ); if ( ! $post_status_obj->public && ! $post_status_obj->protected && ! $post_status_obj->private && $post_status_obj->exclude_from_search ) { continue; } } // Got a match. $this->matched_rule = $match; break; } } } if ( ! empty( $this->matched_rule ) ) { // Trim the query of everything up to the '?'. $query = preg_replace( '!^.+\?!', '', $query ); // Substitute the substring matches into the query. $query = addslashes( WP_MatchesMapRegex::apply( $query, $matches ) ); $this->matched_query = $query; // Parse the query. parse_str( $query, $perma_query_vars ); // If we're processing a 404 request, clear the error var since we found something. if ( '404' === $error ) { unset( $error, $_GET['error'] ); } } // If req_uri is empty or if it is a request for ourself, unset error. if ( empty( $requested_path ) || $requested_file === $self || str_contains( $_SERVER['PHP_SELF'], 'wp-admin/' ) ) { unset( $error, $_GET['error'] ); if ( isset( $perma_query_vars ) && str_contains( $_SERVER['PHP_SELF'], 'wp-admin/' ) ) { unset( $perma_query_vars ); } $this->did_permalink = false; } } /** * Filters the query variables allowed before processing. * * Allows (publicly allowed) query vars to be added, removed, or changed prior * to executing the query. Needed to allow custom rewrite rules using your own arguments * to work, or any other custom query variables you want to be publicly available. * * @since 1.5.0 * * @param string[] $public_query_vars The array of allowed query variable names. */ $this->public_query_vars = apply_filters( 'query_vars', $this->public_query_vars ); foreach ( get_post_types( array(), 'objects' ) as $post_type => $t ) { if ( is_post_type_viewable( $t ) && $t->query_var ) { $post_type_query_vars[ $t->query_var ] = $post_type; } } foreach ( $this->public_query_vars as $wpvar ) { if ( isset( $this->extra_query_vars[ $wpvar ] ) ) { $this->query_vars[ $wpvar ] = $this->extra_query_vars[ $wpvar ]; } elseif ( isset( $_GET[ $wpvar ] ) && isset( $_POST[ $wpvar ] ) && $_GET[ $wpvar ] !== $_POST[ $wpvar ] ) { wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 ); } elseif ( isset( $_POST[ $wpvar ] ) ) { $this->query_vars[ $wpvar ] = $_POST[ $wpvar ]; } elseif ( isset( $_GET[ $wpvar ] ) ) { $this->query_vars[ $wpvar ] = $_GET[ $wpvar ]; } elseif ( isset( $perma_query_vars[ $wpvar ] ) ) { $this->query_vars[ $wpvar ] = $perma_query_vars[ $wpvar ]; } if ( ! empty( $this->query_vars[ $wpvar ] ) ) { if ( ! is_array( $this->query_vars[ $wpvar ] ) ) { $this->query_vars[ $wpvar ] = (string) $this->query_vars[ $wpvar ]; } else { foreach ( $this->query_vars[ $wpvar ] as $vkey => $v ) { if ( is_scalar( $v ) ) { $this->query_vars[ $wpvar ][ $vkey ] = (string) $v; } } } if ( isset( $post_type_query_vars[ $wpvar ] ) ) { $this->query_vars['post_type'] = $post_type_query_vars[ $wpvar ]; $this->query_vars['name'] = $this->query_vars[ $wpvar ]; } } } // Convert urldecoded spaces back into '+'. foreach ( get_taxonomies( array(), 'objects' ) as $taxonomy => $t ) { if ( $t->query_var && isset( $this->query_vars[ $t->query_var ] ) ) { $this->query_vars[ $t->query_var ] = str_replace( ' ', '+', $this->query_vars[ $t->query_var ] ); } } // Don't allow non-publicly queryable taxonomies to be queried from the front end. if ( ! is_admin() ) { foreach ( get_taxonomies( array( 'publicly_queryable' => false ), 'objects' ) as $taxonomy => $t ) { /* * Disallow when set to the 'taxonomy' query var. * Non-publicly queryable taxonomies cannot register custom query vars. See register_taxonomy(). */ if ( isset( $this->query_vars['taxonomy'] ) && $taxonomy === $this->query_vars['taxonomy'] ) { unset( $this->query_vars['taxonomy'], $this->query_vars['term'] ); } } } // Limit publicly queried post_types to those that are 'publicly_queryable'. if ( isset( $this->query_vars['post_type'] ) ) { $queryable_post_types = get_post_types( array( 'publicly_queryable' => true ) ); if ( ! is_array( $this->query_vars['post_type'] ) ) { if ( ! in_array( $this->query_vars['post_type'], $queryable_post_types, true ) ) { unset( $this->query_vars['post_type'] ); } } else { $this->query_vars['post_type'] = array_intersect( $this->query_vars['post_type'], $queryable_post_types ); } } // Resolve conflicts between posts with numeric slugs and date archive queries. $this->query_vars = wp_resolve_numeric_slug_conflicts( $this->query_vars ); foreach ( (array) $this->private_query_vars as $var ) { if ( isset( $this->extra_query_vars[ $var ] ) ) { $this->query_vars[ $var ] = $this->extra_query_vars[ $var ]; } } if ( isset( $error ) ) { $this->query_vars['error'] = $error; } /** * Filters the array of parsed query variables. * * @since 2.1.0 * * @param array $query_vars The array of requested query variables. */ $this->query_vars = apply_filters( 'request', $this->query_vars ); /** * Fires once all query variables for the current request have been parsed. * * @since 2.1.0 * * @param WP $wp Current WordPress environment instance (passed by reference). */ do_action_ref_array( 'parse_request', array( &$this ) ); return true; } /** * Sends additional HTTP headers for caching, content type, etc. * * Sets the Content-Type header. Sets the 'error' status (if passed) and optionally exits. * If showing a feed, it will also send Last-Modified, ETag, and 304 status if needed. * * @since 2.0.0 * @since 4.4.0 `X-Pingback` header is added conditionally for single posts that allow pings. * @since 6.1.0 Runs after posts have been queried. * * @global WP_Query $wp_query WordPress Query object. */ public function send_headers() { global $wp_query; $headers = array(); $status = null; $exit_required = false; $date_format = 'D, d M Y H:i:s'; if ( is_user_logged_in() ) { $headers = array_merge( $headers, wp_get_nocache_headers() ); } elseif ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) { // Unmoderated comments are only visible for 10 minutes via the moderation hash. $expires = 10 * MINUTE_IN_SECONDS; $headers['Expires'] = gmdate( $date_format, time() + $expires ); $headers['Cache-Control'] = sprintf( 'max-age=%d, must-revalidate', $expires ); } if ( ! empty( $this->query_vars['error'] ) ) { $status = (int) $this->query_vars['error']; if ( 404 === $status ) { if ( ! is_user_logged_in() ) { $headers = array_merge( $headers, wp_get_nocache_headers() ); } $headers['Content-Type'] = get_option( 'html_type' ) . '; charset=' . get_option( 'blog_charset' ); } elseif ( in_array( $status, array( 403, 500, 502, 503 ), true ) ) { $exit_required = true; } } elseif ( empty( $this->query_vars['feed'] ) ) { $headers['Content-Type'] = get_option( 'html_type' ) . '; charset=' . get_option( 'blog_charset' ); } else { // Set the correct content type for feeds. $type = $this->query_vars['feed']; if ( 'feed' === $this->query_vars['feed'] ) { $type = get_default_feed(); } $headers['Content-Type'] = feed_content_type( $type ) . '; charset=' . get_option( 'blog_charset' ); // We're showing a feed, so WP is indeed the only thing that last changed. if ( ! empty( $this->query_vars['withcomments'] ) || str_contains( $this->query_vars['feed'], 'comments-' ) || ( empty( $this->query_vars['withoutcomments'] ) && ( ! empty( $this->query_vars['p'] ) || ! empty( $this->query_vars['name'] ) || ! empty( $this->query_vars['page_id'] ) || ! empty( $this->query_vars['pagename'] ) || ! empty( $this->query_vars['attachment'] ) || ! empty( $this->query_vars['attachment_id'] ) ) ) ) { $wp_last_modified_post = mysql2date( $date_format, get_lastpostmodified( 'GMT' ), false ); $wp_last_modified_comment = mysql2date( $date_format, get_lastcommentmodified( 'GMT' ), false ); if ( strtotime( $wp_last_modified_post ) > strtotime( $wp_last_modified_comment ) ) { $wp_last_modified = $wp_last_modified_post; } else { $wp_last_modified = $wp_last_modified_comment; } } else { $wp_last_modified = mysql2date( $date_format, get_lastpostmodified( 'GMT' ), false ); } if ( ! $wp_last_modified ) { $wp_last_modified = gmdate( $date_format ); } $wp_last_modified .= ' GMT'; $wp_etag = '"' . md5( $wp_last_modified ) . '"'; $headers['Last-Modified'] = $wp_last_modified; $headers['ETag'] = $wp_etag; // Support for conditional GET. if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ) { $client_etag = wp_unslash( $_SERVER['HTTP_IF_NONE_MATCH'] ); } else { $client_etag = ''; } if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) { $client_last_modified = trim( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ); } else { $client_last_modified = ''; } // If string is empty, return 0. If not, attempt to parse into a timestamp. $client_modified_timestamp = $client_last_modified ? strtotime( $client_last_modified ) : 0; // Make a timestamp for our most recent modification. $wp_modified_timestamp = strtotime( $wp_last_modified ); if ( ( $client_last_modified && $client_etag ) ? ( ( $client_modified_timestamp >= $wp_modified_timestamp ) && ( $client_etag === $wp_etag ) ) : ( ( $client_modified_timestamp >= $wp_modified_timestamp ) || ( $client_etag === $wp_etag ) ) ) { $status = 304; $exit_required = true; } } if ( is_singular() ) { $post = isset( $wp_query->post ) ? $wp_query->post : null; // Only set X-Pingback for single posts that allow pings. if ( $post && pings_open( $post ) ) { $headers['X-Pingback'] = get_bloginfo( 'pingback_url', 'display' ); } // Send nocache headers for password protected posts to avoid unwanted caching. if ( ! empty( $post->post_password ) ) { $headers = array_merge( $headers, wp_get_nocache_headers() ); } } /** * Filters the HTTP headers before they're sent to the browser. * * @since 2.8.0 * * @param string[] $headers Associative array of headers to be sent. * @param WP $wp Current WordPress environment instance. */ $headers = apply_filters( 'wp_headers', $headers, $this ); if ( ! empty( $status ) ) { status_header( $status ); } // If Last-Modified is set to false, it should not be sent (no-cache situation). if ( isset( $headers['Last-Modified'] ) && false === $headers['Last-Modified'] ) { unset( $headers['Last-Modified'] ); if ( ! headers_sent() ) { header_remove( 'Last-Modified' ); } } if ( ! headers_sent() ) { foreach ( (array) $headers as $name => $field_value ) { header( "{$name}: {$field_value}" ); } } if ( $exit_required ) { exit; } /** * Fires once the requested HTTP headers for caching, content type, etc. have been sent. * * The {@see 'wp_finalized_template_enhancement_output_buffer'} action may be used to send * headers after rendering the template into an output buffer. * * @since 2.1.0 * * @param WP $wp Current WordPress environment instance (passed by reference). */ do_action_ref_array( 'send_headers', array( &$this ) ); } /** * Sets the query string property based off of the query variable property. * * The {@see 'query_string'} filter is deprecated, but still works. Plugins should * use the {@see 'request'} filter instead. * * @since 2.0.0 */ public function build_query_string() { $this->query_string = ''; foreach ( (array) array_keys( $this->query_vars ) as $wpvar ) { if ( '' !== $this->query_vars[ $wpvar ] ) { $this->query_string .= ( strlen( $this->query_string ) < 1 ) ? '' : '&'; if ( ! is_scalar( $this->query_vars[ $wpvar ] ) ) { // Discard non-scalars. continue; } $this->query_string .= $wpvar . '=' . rawurlencode( $this->query_vars[ $wpvar ] ); } } if ( has_filter( 'query_string' ) ) { // Don't bother filtering and parsing if no plugins are hooked in. /** * Filters the query string before parsing. * * @since 1.5.0 * @deprecated 2.1.0 Use {@see 'query_vars'} or {@see 'request'} filters instead. * * @param string $query_string The query string to modify. */ $this->query_string = apply_filters_deprecated( 'query_string', array( $this->query_string ), '2.1.0', 'query_vars, request' ); parse_str( $this->query_string, $this->query_vars ); } } /** * Set up the WordPress Globals. * * The query_vars property will be extracted to the GLOBALS. So care should * be taken when naming global variables that might interfere with the * WordPress environment. * * @since 2.0.0 * * @global WP_Query $wp_query WordPress Query object. * @global string $query_string Query string for the loop. * @global array $posts The found posts. * @global WP_Post|null $post The current post, if available. * @global string $request The SQL statement for the request. * @global int $more Only set, if single page or post. * @global int $single If single page or post. Only set, if single page or post. * @global WP_User $authordata Only set, if author archive. */ public function register_globals() { global $wp_query; // Extract updated query vars back into global namespace. foreach ( (array) $wp_query->query_vars as $key => $value ) { $GLOBALS[ $key ] = $value; } $GLOBALS['query_string'] = $this->query_string; $GLOBALS['posts'] = & $wp_query->posts; $GLOBALS['post'] = isset( $wp_query->post ) ? $wp_query->post : null; $GLOBALS['request'] = $wp_query->request; if ( $wp_query->is_single() || $wp_query->is_page() ) { $GLOBALS['more'] = 1; $GLOBALS['single'] = 1; } if ( $wp_query->is_author() ) { $GLOBALS['authordata'] = get_userdata( get_queried_object_id() ); } } /** * Set up the current user. * * @since 2.0.0 */ public function init() { wp_get_current_user(); } /** * Set up the Loop based on the query variables. * * @since 2.0.0 * * @global WP_Query $wp_the_query WordPress Query object. */ public function query_posts() { global $wp_the_query; $this->build_query_string(); $wp_the_query->query( $this->query_vars ); } /** * Set the Headers for 404, if nothing is found for requested URL. * * Issue a 404 if a request doesn't match any posts and doesn't match any object * (e.g. an existing-but-empty category, tag, author) and a 404 was not already issued, * and if the request was not a search or the homepage. * * Otherwise, issue a 200. * * This sets headers after posts have been queried. handle_404() really means "handle status". * By inspecting the result of querying posts, seemingly successful requests can be switched to * a 404 so that canonical redirection logic can kick in. * * @since 2.0.0 * * @global WP_Query $wp_query WordPress Query object. */ public function handle_404() { global $wp_query; /** * Filters whether to short-circuit default header status handling. * * Returning a non-false value from the filter will short-circuit the handling * and return early. * * @since 4.5.0 * * @param bool $preempt Whether to short-circuit default header status handling. Default false. * @param WP_Query $wp_query WordPress Query object. */ if ( false !== apply_filters( 'pre_handle_404', false, $wp_query ) ) { return; } // If we've already issued a 404, bail. if ( is_404() ) { return; } $set_404 = true; // Never 404 for the admin, robots, or favicon. if ( is_admin() || is_robots() || is_favicon() ) { $set_404 = false; // If posts were found, check for paged content. } elseif ( $wp_query->posts ) { $content_found = true; if ( is_singular() ) { $post = isset( $wp_query->post ) ? $wp_query->post : null; $next = '<!--nextpage-->'; // Check for paged content that exceeds the max number of pages. if ( $post && ! empty( $this->query_vars['page'] ) ) { // Check if content is actually intended to be paged. if ( str_contains( $post->post_content, $next ) ) { $page = trim( $this->query_vars['page'], '/' ); $content_found = (int) $page <= ( substr_count( $post->post_content, $next ) + 1 ); } else { $content_found = false; } } } // The posts page does not support the <!--nextpage--> pagination. if ( $wp_query->is_posts_page && ! empty( $this->query_vars['page'] ) ) { $content_found = false; } if ( $content_found ) { $set_404 = false; } // We will 404 for paged queries, as no posts were found. } elseif ( ! is_paged() ) { $author = get_query_var( 'author' ); // Don't 404 for authors without posts as long as they matched an author on this site. if ( is_author() && is_numeric( $author ) && $author > 0 && is_user_member_of_blog( $author ) // Don't 404 for these queries if they matched an object. || ( is_tag() || is_category() || is_tax() || is_post_type_archive() ) && get_queried_object() // Don't 404 for these queries either. || is_home() || is_search() || is_feed() ) { $set_404 = false; } } if ( $set_404 ) { // Guess it's time to 404. $wp_query->set_404(); status_header( 404 ); nocache_headers(); } else { status_header( 200 ); } } /** * Sets up all of the variables required by the WordPress environment. * * The action {@see 'wp'} has one parameter that references the WP object. It * allows for accessing the properties and methods to further manipulate the * object. * * @since 2.0.0 * * @param string|array $query_args Passed to parse_request(). */ public function main( $query_args = '' ) { $this->init(); $parsed = $this->parse_request( $query_args ); if ( $parsed ) { $this->query_posts(); $this->handle_404(); $this->register_globals(); } $this->send_headers(); /** * Fires once the WordPress environment has been set up. * * @since 2.1.0 * * @param WP $wp Current WordPress environment instance (passed by reference). */ do_action_ref_array( 'wp', array( &$this ) ); } } https-migration-20260605080419.php 0000666 00000011205 15225166143 0012006 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605171925.php 0000666 00000011205 15225166143 0012011 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection.php 0000666 00000013341 15225166143 0010406 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605104306.php 0000666 00000013341 15225166143 0011766 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } class-wp-feed-cache.php 0000666 00000001711 15225166143 0010761 0 ustar 00 <?php /** * Feed API: WP_Feed_Cache class * * @package WordPress * @subpackage Feed * @since 4.7.0 * @deprecated 5.6.0 */ _deprecated_file( basename( __FILE__ ), '5.6.0', '', __( 'This file is only loaded for backward compatibility with SimplePie 1.2.x. Please consider switching to a recent SimplePie version.' ) ); /** * Core class used to implement a feed cache. * * @since 2.8.0 */ #[AllowDynamicProperties] class WP_Feed_Cache extends SimplePie\Cache { /** * Creates a new SimplePie\Cache object. * * @since 2.8.0 * * @param string $location URL location (scheme is used to determine handler). * @param string $filename Unique identifier for cache object. * @param string $extension 'spi' or 'spc'. * @return WP_Feed_Cache_Transient Feed cache handler object that uses transients. */ public function create( $location, $filename, $extension ) { return new WP_Feed_Cache_Transient( $location, $filename, $extension ); } } https-detection-20260622202808.php 0000666 00000013341 15225166143 0011773 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605081330.php 0000666 00000013341 15225166143 0011767 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260614090608.php 0000666 00000013341 15225166143 0011777 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260615214753.php 0000666 00000013341 15225166143 0011777 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605134844.php 0000666 00000011205 15225166143 0012010 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605112652.php 0000666 00000013341 15225166143 0011771 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } colors.php 0000666 00000013476 15225166143 0006602 0 ustar 00 <?php /** * Colors block support flag. * * @package WordPress * @since 5.6.0 */ /** * Registers the style and colors block attributes for block types that support it. * * @since 5.6.0 * @since 6.1.0 Improved $color_support assignment optimization. * @access private * * @param WP_Block_Type $block_type Block Type. */ function wp_register_colors_support( $block_type ) { $color_support = false; if ( $block_type instanceof WP_Block_Type ) { $color_support = isset( $block_type->supports['color'] ) ? $block_type->supports['color'] : false; } $has_text_colors_support = true === $color_support || ( isset( $color_support['text'] ) && $color_support['text'] ) || ( is_array( $color_support ) && ! isset( $color_support['text'] ) ); $has_background_colors_support = true === $color_support || ( isset( $color_support['background'] ) && $color_support['background'] ) || ( is_array( $color_support ) && ! isset( $color_support['background'] ) ); $has_gradients_support = isset( $color_support['gradients'] ) ? $color_support['gradients'] : false; $has_link_colors_support = isset( $color_support['link'] ) ? $color_support['link'] : false; $has_button_colors_support = isset( $color_support['button'] ) ? $color_support['button'] : false; $has_heading_colors_support = isset( $color_support['heading'] ) ? $color_support['heading'] : false; $has_color_support = $has_text_colors_support || $has_background_colors_support || $has_gradients_support || $has_link_colors_support || $has_button_colors_support || $has_heading_colors_support; if ( ! $block_type->attributes ) { $block_type->attributes = array(); } if ( $has_color_support && ! array_key_exists( 'style', $block_type->attributes ) ) { $block_type->attributes['style'] = array( 'type' => 'object', ); } if ( $has_background_colors_support && ! array_key_exists( 'backgroundColor', $block_type->attributes ) ) { $block_type->attributes['backgroundColor'] = array( 'type' => 'string', ); } if ( $has_text_colors_support && ! array_key_exists( 'textColor', $block_type->attributes ) ) { $block_type->attributes['textColor'] = array( 'type' => 'string', ); } if ( $has_gradients_support && ! array_key_exists( 'gradient', $block_type->attributes ) ) { $block_type->attributes['gradient'] = array( 'type' => 'string', ); } } /** * Adds CSS classes and inline styles for colors to the incoming attributes array. * This will be applied to the block markup in the front-end. * * @since 5.6.0 * @since 6.1.0 Implemented the style engine to generate CSS and classnames. * @access private * * @param WP_Block_Type $block_type Block type. * @param array $block_attributes Block attributes. * * @return array Colors CSS classes and inline styles. */ function wp_apply_colors_support( $block_type, $block_attributes ) { $color_support = isset( $block_type->supports['color'] ) ? $block_type->supports['color'] : false; if ( is_array( $color_support ) && wp_should_skip_block_supports_serialization( $block_type, 'color' ) ) { return array(); } $has_text_colors_support = true === $color_support || ( isset( $color_support['text'] ) && $color_support['text'] ) || ( is_array( $color_support ) && ! isset( $color_support['text'] ) ); $has_background_colors_support = true === $color_support || ( isset( $color_support['background'] ) && $color_support['background'] ) || ( is_array( $color_support ) && ! isset( $color_support['background'] ) ); $has_gradients_support = isset( $color_support['gradients'] ) ? $color_support['gradients'] : false; $color_block_styles = array(); // Text colors. if ( $has_text_colors_support && ! wp_should_skip_block_supports_serialization( $block_type, 'color', 'text' ) ) { $preset_text_color = array_key_exists( 'textColor', $block_attributes ) ? "var:preset|color|{$block_attributes['textColor']}" : null; $custom_text_color = isset( $block_attributes['style']['color']['text'] ) ? $block_attributes['style']['color']['text'] : null; $color_block_styles['text'] = $preset_text_color ? $preset_text_color : $custom_text_color; } // Background colors. if ( $has_background_colors_support && ! wp_should_skip_block_supports_serialization( $block_type, 'color', 'background' ) ) { $preset_background_color = array_key_exists( 'backgroundColor', $block_attributes ) ? "var:preset|color|{$block_attributes['backgroundColor']}" : null; $custom_background_color = isset( $block_attributes['style']['color']['background'] ) ? $block_attributes['style']['color']['background'] : null; $color_block_styles['background'] = $preset_background_color ? $preset_background_color : $custom_background_color; } // Gradients. if ( $has_gradients_support && ! wp_should_skip_block_supports_serialization( $block_type, 'color', 'gradients' ) ) { $preset_gradient_color = array_key_exists( 'gradient', $block_attributes ) ? "var:preset|gradient|{$block_attributes['gradient']}" : null; $custom_gradient_color = isset( $block_attributes['style']['color']['gradient'] ) ? $block_attributes['style']['color']['gradient'] : null; $color_block_styles['gradient'] = $preset_gradient_color ? $preset_gradient_color : $custom_gradient_color; } $attributes = array(); $styles = wp_style_engine_get_styles( array( 'color' => $color_block_styles ), array( 'convert_vars_to_classnames' => true ) ); if ( ! empty( $styles['classnames'] ) ) { $attributes['class'] = $styles['classnames']; } if ( ! empty( $styles['css'] ) ) { $attributes['style'] = $styles['css']; } return $attributes; } // Register the block support. WP_Block_Supports::get_instance()->register( 'colors', array( 'register_attribute' => 'wp_register_colors_support', 'apply' => 'wp_apply_colors_support', ) ); https-migration-20260605140809.php 0000666 00000011205 15225166143 0012006 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } comment.php 0000666 00000405665 15225166143 0006750 0 ustar 00 <?php /** * Core Comment API * * @package WordPress * @subpackage Comment */ /** * Checks whether a comment passes internal checks to be allowed to add. * * If manual comment moderation is set in the administration, then all checks, * regardless of their type and substance, will fail and the function will * return false. * * If the number of links exceeds the amount in the administration, then the * check fails. If any of the parameter contents contain any disallowed words, * then the check fails. * * If the comment author was approved before, then the comment is automatically * approved. * * If all checks pass, the function will return true. * * @since 1.2.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $author Comment author name. * @param string $email Comment author email. * @param string $url Comment author URL. * @param string $comment Content of the comment. * @param string $user_ip Comment author IP address. * @param string $user_agent Comment author User-Agent. * @param string $comment_type Comment type, either user-submitted comment, * trackback, or pingback. * @return bool If all checks pass, true, otherwise false. */ function check_comment( $author, $email, $url, $comment, $user_ip, $user_agent, $comment_type ) { global $wpdb; // If manual moderation is enabled, skip all checks and return false. if ( '1' === get_option( 'comment_moderation' ) ) { return false; } /** This filter is documented in wp-includes/comment-template.php */ $comment = apply_filters( 'comment_text', $comment, null, array() ); // Check for the number of external links if a max allowed number is set. $max_links = get_option( 'comment_max_links' ); if ( $max_links ) { $num_links = preg_match_all( '/<a [^>]*href/i', $comment, $out ); /** * Filters the number of links found in a comment. * * @since 3.0.0 * @since 4.7.0 Added the `$comment` parameter. * * @param int $num_links The number of links found. * @param string $url Comment author's URL. Included in allowed links total. * @param string $comment Content of the comment. */ $num_links = apply_filters( 'comment_max_links_url', $num_links, $url, $comment ); /* * If the number of links in the comment exceeds the allowed amount, * fail the check by returning false. */ if ( $num_links >= $max_links ) { return false; } } $mod_keys = trim( get_option( 'moderation_keys' ) ); // If moderation 'keys' (keywords) are set, process them. if ( ! empty( $mod_keys ) ) { $words = explode( "\n", $mod_keys ); foreach ( (array) $words as $word ) { $word = trim( $word ); // Skip empty lines. if ( empty( $word ) ) { continue; } /* * Do some escaping magic so that '#' (number of) characters in the spam * words don't break things: */ $word = preg_quote( $word, '#' ); /* * Check the comment fields for moderation keywords. If any are found, * fail the check for the given field by returning false. */ $pattern = "#$word#iu"; if ( preg_match( $pattern, $author ) ) { return false; } if ( preg_match( $pattern, $email ) ) { return false; } if ( preg_match( $pattern, $url ) ) { return false; } if ( preg_match( $pattern, $comment ) ) { return false; } if ( preg_match( $pattern, $user_ip ) ) { return false; } if ( preg_match( $pattern, $user_agent ) ) { return false; } } } /* * Check if the option to approve comments by previously-approved authors is enabled. * * If it is enabled, check whether the comment author has a previously-approved comment, * as well as whether there are any moderation keywords (if set) present in the author * email address. If both checks pass, return true. Otherwise, return false. */ if ( '1' === get_option( 'comment_previously_approved' ) ) { if ( 'trackback' !== $comment_type && 'pingback' !== $comment_type && '' !== $author && '' !== $email ) { $comment_user = get_user_by( 'email', wp_unslash( $email ) ); if ( ! empty( $comment_user->ID ) ) { $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE user_id = %d AND comment_approved = '1' LIMIT 1", $comment_user->ID ) ); } else { // expected_slashed ($author, $email) $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE comment_author = %s AND comment_author_email = %s AND comment_approved = '1' LIMIT 1", $author, $email ) ); } if ( '1' === $ok_to_comment && ( empty( $mod_keys ) || ! str_contains( $email, $mod_keys ) ) ) { return true; } else { return false; } } else { return false; } } return true; } /** * Retrieves the approved comments for a post. * * @since 2.0.0 * @since 4.1.0 Refactored to leverage WP_Comment_Query over a direct query. * * @param int $post_id The ID of the post. * @param array $args { * Optional. See WP_Comment_Query::__construct() for information on accepted arguments. * * @type int $status Comment status to limit results by. Defaults to approved comments. * @type int $post_id Limit results to those affiliated with a given post ID. * @type string $order How to order retrieved comments. Default 'ASC'. * } * @return WP_Comment[]|int[]|int The approved comments, or number of comments if `$count` * argument is true. */ function get_approved_comments( $post_id, $args = array() ) { if ( ! $post_id ) { return array(); } $defaults = array( 'status' => 1, 'post_id' => $post_id, 'order' => 'ASC', ); $parsed_args = wp_parse_args( $args, $defaults ); $query = new WP_Comment_Query(); return $query->query( $parsed_args ); } /** * Retrieves comment data given a comment ID or comment object. * * If an object is passed then the comment data will be cached and then returned * after being passed through a filter. If the comment is empty, then the global * comment variable will be used, if it is set. * * @since 2.0.0 * * @global WP_Comment $comment Global comment object. * * @param WP_Comment|string|int $comment Comment to retrieve. * @param string $output Optional. The required return type. One of OBJECT, ARRAY_A, or ARRAY_N, which * correspond to a WP_Comment object, an associative array, or a numeric array, * respectively. Default OBJECT. * @return WP_Comment|array|null Depends on $output value. */ function get_comment( $comment = null, $output = OBJECT ) { if ( empty( $comment ) && isset( $GLOBALS['comment'] ) ) { $comment = $GLOBALS['comment']; } if ( $comment instanceof WP_Comment ) { $_comment = $comment; } elseif ( is_object( $comment ) ) { $_comment = new WP_Comment( $comment ); } else { $_comment = WP_Comment::get_instance( $comment ); } if ( ! $_comment ) { return null; } /** * Fires after a comment is retrieved. * * @since 2.3.0 * * @param WP_Comment $_comment Comment data. */ $_comment = apply_filters( 'get_comment', $_comment ); if ( OBJECT === $output ) { return $_comment; } elseif ( ARRAY_A === $output ) { return $_comment->to_array(); } elseif ( ARRAY_N === $output ) { return array_values( $_comment->to_array() ); } return $_comment; } /** * Retrieves a list of comments. * * The comment list can be for the blog as a whole or for an individual post. * * @since 2.7.0 * * @param string|array $args Optional. Array or string of arguments. See WP_Comment_Query::__construct() * for information on accepted arguments. Default empty string. * @return WP_Comment[]|int[]|int List of comments or number of found comments if `$count` argument is true. */ function get_comments( $args = '' ) { $query = new WP_Comment_Query(); return $query->query( $args ); } /** * Retrieves all of the WordPress supported comment statuses. * * Comments have a limited set of valid status values, this provides the comment * status values and descriptions. * * @since 2.7.0 * * @return string[] List of comment status labels keyed by status. */ function get_comment_statuses() { $status = array( 'hold' => __( 'Unapproved' ), 'approve' => _x( 'Approved', 'comment status' ), 'spam' => _x( 'Spam', 'comment status' ), 'trash' => _x( 'Trash', 'comment status' ), ); return $status; } /** * Gets the default comment status for a post type. * * @since 4.3.0 * * @param string $post_type Optional. Post type. Default 'post'. * @param string $comment_type Optional. Comment type. Default 'comment'. * @return string Either 'open' or 'closed'. */ function get_default_comment_status( $post_type = 'post', $comment_type = 'comment' ) { switch ( $comment_type ) { case 'pingback': case 'trackback': $supports = 'trackbacks'; $option = 'ping'; break; default: $supports = 'comments'; $option = 'comment'; break; } // Set the status. if ( 'page' === $post_type ) { $status = 'closed'; } elseif ( post_type_supports( $post_type, $supports ) ) { $status = get_option( "default_{$option}_status" ); } else { $status = 'closed'; } /** * Filters the default comment status for the given post type. * * @since 4.3.0 * * @param string $status Default status for the given post type, * either 'open' or 'closed'. * @param string $post_type Post type. Default is `post`. * @param string $comment_type Type of comment. Default is `comment`. */ return apply_filters( 'get_default_comment_status', $status, $post_type, $comment_type ); } /** * Retrieves the date the last comment was modified. * * @since 1.5.0 * @since 4.7.0 Replaced caching the modified date in a local static variable * with the Object Cache API. * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $timezone Which timezone to use in reference to 'gmt', 'blog', or 'server' locations. * @return string|false Last comment modified date on success, false on failure. */ function get_lastcommentmodified( $timezone = 'server' ) { global $wpdb; $timezone = strtolower( $timezone ); $key = "lastcommentmodified:$timezone"; $comment_modified_date = wp_cache_get( $key, 'timeinfo' ); if ( false !== $comment_modified_date ) { return $comment_modified_date; } switch ( $timezone ) { case 'gmt': $comment_modified_date = $wpdb->get_var( "SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1" ); break; case 'blog': $comment_modified_date = $wpdb->get_var( "SELECT comment_date FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1" ); break; case 'server': $add_seconds_server = gmdate( 'Z' ); $comment_modified_date = $wpdb->get_var( $wpdb->prepare( "SELECT DATE_ADD(comment_date_gmt, INTERVAL %s SECOND) FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1", $add_seconds_server ) ); break; } if ( $comment_modified_date ) { wp_cache_set( $key, $comment_modified_date, 'timeinfo' ); return $comment_modified_date; } return false; } /** * Retrieves the total comment counts for the whole site or a single post. * * @since 2.0.0 * * @param int $post_id Optional. Restrict the comment counts to the given post. Default 0, which indicates that * comment counts for the whole site will be retrieved. * @return int[] { * The number of comments keyed by their status. * * @type int $approved The number of approved comments. * @type int $awaiting_moderation The number of comments awaiting moderation (a.k.a. pending). * @type int $spam The number of spam comments. * @type int $trash The number of trashed comments. * @type int $post-trashed The number of comments for posts that are in the trash. * @type int $total_comments The total number of non-trashed comments, including spam. * @type int $all The total number of pending or approved comments. * } */ function get_comment_count( $post_id = 0 ) { $post_id = (int) $post_id; $comment_count = array( 'approved' => 0, 'awaiting_moderation' => 0, 'spam' => 0, 'trash' => 0, 'post-trashed' => 0, 'total_comments' => 0, 'all' => 0, ); $args = array( 'count' => true, 'update_comment_meta_cache' => false, 'orderby' => 'none', ); if ( $post_id > 0 ) { $args['post_id'] = $post_id; } $mapping = array( 'approved' => 'approve', 'awaiting_moderation' => 'hold', 'spam' => 'spam', 'trash' => 'trash', 'post-trashed' => 'post-trashed', ); $comment_count = array(); foreach ( $mapping as $key => $value ) { $comment_count[ $key ] = get_comments( array_merge( $args, array( 'status' => $value ) ) ); } $comment_count['all'] = $comment_count['approved'] + $comment_count['awaiting_moderation']; $comment_count['total_comments'] = $comment_count['all'] + $comment_count['spam']; return array_map( 'intval', $comment_count ); } // // Comment meta functions. // /** * Adds meta data field to a comment. * * For historical reasons both the meta key and the meta value are expected to be "slashed" (slashes escaped) on input. * * @since 2.9.0 * * @link https://developer.wordpress.org/reference/functions/add_comment_meta/ * * @param int $comment_id Comment ID. * @param string $meta_key Metadata name. * @param mixed $meta_value Metadata value. Arrays and objects are stored as serialized data and * will be returned as the same type when retrieved. Other data types will * be stored as strings in the database: * - false is stored and retrieved as an empty string ('') * - true is stored and retrieved as '1' * - numbers (both integer and float) are stored and retrieved as strings * Must be serializable if non-scalar. * @param bool $unique Optional. Whether the same key should not be added. * Default false. * @return int|false Meta ID on success, false on failure. */ function add_comment_meta( $comment_id, $meta_key, $meta_value, $unique = false ) { return add_metadata( 'comment', $comment_id, $meta_key, $meta_value, $unique ); } /** * Removes metadata matching criteria from a comment. * * You can match based on the key, or key and value. Removing based on key and * value, will keep from removing duplicate metadata with the same key. It also * allows removing all metadata matching key, if needed. * * For historical reasons both the meta key and the meta value are expected to be "slashed" (slashes escaped) on input. * * @since 2.9.0 * * @link https://developer.wordpress.org/reference/functions/delete_comment_meta/ * * @param int $comment_id Comment ID. * @param string $meta_key Metadata name. * @param mixed $meta_value Optional. Metadata value. If provided, * rows will only be removed that match the value. * Must be serializable if non-scalar. Default empty string. * @return bool True on success, false on failure. */ function delete_comment_meta( $comment_id, $meta_key, $meta_value = '' ) { return delete_metadata( 'comment', $comment_id, $meta_key, $meta_value ); } /** * Retrieves comment meta field for a comment. * * @since 2.9.0 * * @link https://developer.wordpress.org/reference/functions/get_comment_meta/ * * @param int $comment_id Comment ID. * @param string $key Optional. The meta key to retrieve. By default, * returns data for all keys. Default empty string. * @param bool $single Optional. Whether to return a single value. * This parameter has no effect if `$key` is not specified. * Default false. * @return mixed An array of values if `$single` is false. * The value of meta data field if `$single` is true. * False for an invalid `$comment_id` (non-numeric, zero, or negative value). * An empty array if a valid but non-existing comment ID is passed and `$single` is false. * An empty string if a valid but non-existing comment ID is passed and `$single` is true. * Note: Non-serialized values are returned as strings: * - false values are returned as empty strings ('') * - true values are returned as '1' * - numbers are returned as strings * Arrays and objects retain their original type. */ function get_comment_meta( $comment_id, $key = '', $single = false ) { return get_metadata( 'comment', $comment_id, $key, $single ); } /** * Queue comment meta for lazy-loading. * * @since 6.3.0 * * @param array $comment_ids List of comment IDs. */ function wp_lazyload_comment_meta( array $comment_ids ) { if ( empty( $comment_ids ) ) { return; } $lazyloader = wp_metadata_lazyloader(); $lazyloader->queue_objects( 'comment', $comment_ids ); } /** * Updates comment meta field based on comment ID. * * Use the $prev_value parameter to differentiate between meta fields with the * same key and comment ID. * * If the meta field for the comment does not exist, it will be added. * * For historical reasons both the meta key and the meta value are expected to be "slashed" (slashes escaped) on input. * * @since 2.9.0 * * @link https://developer.wordpress.org/reference/functions/update_comment_meta/ * * @param int $comment_id Comment ID. * @param string $meta_key Metadata key. * @param mixed $meta_value Metadata value. Must be serializable if non-scalar. * @param mixed $prev_value Optional. Previous value to check before updating. * If specified, only update existing metadata entries with * this value. Otherwise, update all entries. Default empty string. * @return int|bool Meta ID if the key didn't exist, true on successful update, * false on failure or if the value passed to the function * is the same as the one that is already in the database. */ function update_comment_meta( $comment_id, $meta_key, $meta_value, $prev_value = '' ) { return update_metadata( 'comment', $comment_id, $meta_key, $meta_value, $prev_value ); } /** * Sets the cookies used to store an unauthenticated commentator's identity. Typically used * to recall previous comments by this commentator that are still held in moderation. * * @since 3.4.0 * @since 4.9.6 The `$cookies_consent` parameter was added. * * @param WP_Comment $comment Comment object. * @param WP_User $user Comment author's user object. The user may not exist. * @param bool $cookies_consent Optional. Comment author's consent to store cookies. Default true. */ function wp_set_comment_cookies( $comment, $user, $cookies_consent = true ) { // If the user already exists, or the user opted out of cookies, don't set cookies. if ( $user->exists() ) { return; } if ( false === $cookies_consent ) { // Remove any existing cookies. $past = time() - YEAR_IN_SECONDS; setcookie( 'comment_author_' . COOKIEHASH, ' ', $past, COOKIEPATH, COOKIE_DOMAIN ); setcookie( 'comment_author_email_' . COOKIEHASH, ' ', $past, COOKIEPATH, COOKIE_DOMAIN ); setcookie( 'comment_author_url_' . COOKIEHASH, ' ', $past, COOKIEPATH, COOKIE_DOMAIN ); return; } /** * Filters the lifetime of the comment cookie in seconds. * * @since 2.8.0 * @since 6.6.0 The default $seconds value changed from 30000000 to YEAR_IN_SECONDS. * * @param int $seconds Comment cookie lifetime. Default YEAR_IN_SECONDS. */ $comment_cookie_lifetime = time() + apply_filters( 'comment_cookie_lifetime', YEAR_IN_SECONDS ); $secure = ( 'https' === parse_url( home_url(), PHP_URL_SCHEME ) ); setcookie( 'comment_author_' . COOKIEHASH, $comment->comment_author, $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure ); setcookie( 'comment_author_email_' . COOKIEHASH, $comment->comment_author_email, $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure ); setcookie( 'comment_author_url_' . COOKIEHASH, esc_url( $comment->comment_author_url ), $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure ); } /** * Sanitizes the cookies sent to the user already. * * Will only do anything if the cookies have already been created for the user. * Mostly used after cookies had been sent to use elsewhere. * * @since 2.0.4 */ function sanitize_comment_cookies() { if ( isset( $_COOKIE[ 'comment_author_' . COOKIEHASH ] ) ) { /** * Filters the comment author's name cookie before it is set. * * When this filter hook is evaluated in wp_filter_comment(), * the comment author's name string is passed. * * @since 1.5.0 * * @param string $author_cookie The comment author name cookie. */ $comment_author = apply_filters( 'pre_comment_author_name', $_COOKIE[ 'comment_author_' . COOKIEHASH ] ); $comment_author = wp_unslash( $comment_author ); $comment_author = esc_attr( $comment_author ); $_COOKIE[ 'comment_author_' . COOKIEHASH ] = $comment_author; } if ( isset( $_COOKIE[ 'comment_author_email_' . COOKIEHASH ] ) ) { /** * Filters the comment author's email cookie before it is set. * * When this filter hook is evaluated in wp_filter_comment(), * the comment author's email string is passed. * * @since 1.5.0 * * @param string $author_email_cookie The comment author email cookie. */ $comment_author_email = apply_filters( 'pre_comment_author_email', $_COOKIE[ 'comment_author_email_' . COOKIEHASH ] ); $comment_author_email = wp_unslash( $comment_author_email ); $comment_author_email = esc_attr( $comment_author_email ); $_COOKIE[ 'comment_author_email_' . COOKIEHASH ] = $comment_author_email; } if ( isset( $_COOKIE[ 'comment_author_url_' . COOKIEHASH ] ) ) { /** * Filters the comment author's URL cookie before it is set. * * When this filter hook is evaluated in wp_filter_comment(), * the comment author's URL string is passed. * * @since 1.5.0 * * @param string $author_url_cookie The comment author URL cookie. */ $comment_author_url = apply_filters( 'pre_comment_author_url', $_COOKIE[ 'comment_author_url_' . COOKIEHASH ] ); $comment_author_url = wp_unslash( $comment_author_url ); $_COOKIE[ 'comment_author_url_' . COOKIEHASH ] = $comment_author_url; } } /** * Validates whether this comment is allowed to be made. * * @since 2.0.0 * @since 4.7.0 The `$avoid_die` parameter was added, allowing the function * to return a WP_Error object instead of dying. * @since 5.5.0 The `$avoid_die` parameter was renamed to `$wp_error`. * * @global wpdb $wpdb WordPress database abstraction object. * * @param array $commentdata Contains information on the comment. * @param bool $wp_error When true, a disallowed comment will result in the function * returning a WP_Error object, rather than executing wp_die(). * Default false. * @return int|string|WP_Error Allowed comments return the approval status (0|1|'spam'|'trash'). * If `$wp_error` is true, disallowed comments return a WP_Error. */ function wp_allow_comment( $commentdata, $wp_error = false ) { global $wpdb; /* * Simple duplicate check. * expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content) */ $dupe = $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = %s AND comment_approved != 'trash' AND ( comment_author = %s ", wp_unslash( $commentdata['comment_post_ID'] ), wp_unslash( $commentdata['comment_parent'] ), wp_unslash( $commentdata['comment_author'] ) ); if ( $commentdata['comment_author_email'] ) { $dupe .= $wpdb->prepare( 'AND comment_author_email = %s ', wp_unslash( $commentdata['comment_author_email'] ) ); } $dupe .= $wpdb->prepare( ') AND comment_content = %s LIMIT 1', wp_unslash( $commentdata['comment_content'] ) ); $dupe_id = $wpdb->get_var( $dupe ); /** * Filters the ID, if any, of the duplicate comment found when creating a new comment. * * Return an empty value from this filter to allow what WP considers a duplicate comment. * * @since 4.4.0 * * @param int $dupe_id ID of the comment identified as a duplicate. * @param array $commentdata Data for the comment being created. */ $dupe_id = apply_filters( 'duplicate_comment_id', $dupe_id, $commentdata ); if ( $dupe_id ) { /** * Fires immediately after a duplicate comment is detected. * * @since 3.0.0 * * @param array $commentdata Comment data. */ do_action( 'comment_duplicate_trigger', $commentdata ); /** * Filters duplicate comment error message. * * @since 5.2.0 * * @param string $comment_duplicate_message Duplicate comment error message. */ $comment_duplicate_message = apply_filters( 'comment_duplicate_message', __( 'Duplicate comment detected; it looks as though you’ve already said that!' ) ); if ( $wp_error ) { return new WP_Error( 'comment_duplicate', $comment_duplicate_message, 409 ); } else { if ( wp_doing_ajax() ) { die( $comment_duplicate_message ); } wp_die( $comment_duplicate_message, 409 ); } } /** * Fires immediately before a comment is marked approved. * * Allows checking for comment flooding. * * @since 2.3.0 * @since 4.7.0 The `$avoid_die` parameter was added. * @since 5.5.0 The `$avoid_die` parameter was renamed to `$wp_error`. * * @param string $comment_author_ip Comment author's IP address. * @param string $comment_author_email Comment author's email. * @param string $comment_date_gmt GMT date the comment was posted. * @param bool $wp_error Whether to return a WP_Error object instead of executing * wp_die() or die() if a comment flood is occurring. */ do_action( 'check_comment_flood', $commentdata['comment_author_IP'], $commentdata['comment_author_email'], $commentdata['comment_date_gmt'], $wp_error ); /** * Filters whether a comment is part of a comment flood. * * The default check is wp_check_comment_flood(). See check_comment_flood_db(). * * @since 4.7.0 * @since 5.5.0 The `$avoid_die` parameter was renamed to `$wp_error`. * * @param bool $is_flood Is a comment flooding occurring? Default false. * @param string $comment_author_ip Comment author's IP address. * @param string $comment_author_email Comment author's email. * @param string $comment_date_gmt GMT date the comment was posted. * @param bool $wp_error Whether to return a WP_Error object instead of executing * wp_die() or die() if a comment flood is occurring. */ $is_flood = apply_filters( 'wp_is_comment_flood', false, $commentdata['comment_author_IP'], $commentdata['comment_author_email'], $commentdata['comment_date_gmt'], $wp_error ); if ( $is_flood ) { /** This filter is documented in wp-includes/comment-template.php */ $comment_flood_message = apply_filters( 'comment_flood_message', __( 'You are posting comments too quickly. Slow down.' ) ); return new WP_Error( 'comment_flood', $comment_flood_message, 429 ); } return wp_check_comment_data( $commentdata ); } /** * Hooks WP's native database-based comment-flood check. * * This wrapper maintains backward compatibility with plugins that expect to * be able to unhook the legacy check_comment_flood_db() function from * 'check_comment_flood' using remove_action(). * * @since 2.3.0 * @since 4.7.0 Converted to be an add_filter() wrapper. */ function check_comment_flood_db() { add_filter( 'wp_is_comment_flood', 'wp_check_comment_flood', 10, 5 ); } /** * Checks whether comment flooding is occurring. * * Won't run, if current user can manage options, so to not block * administrators. * * @since 4.7.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param bool $is_flood Is a comment flooding occurring? * @param string $ip Comment author's IP address. * @param string $email Comment author's email address. * @param string $date MySQL time string. * @param bool $avoid_die When true, a disallowed comment will result in the function * returning without executing wp_die() or die(). Default false. * @return bool Whether comment flooding is occurring. */ function wp_check_comment_flood( $is_flood, $ip, $email, $date, $avoid_die = false ) { global $wpdb; // Another callback has declared a flood. Trust it. if ( true === $is_flood ) { return $is_flood; } // Don't throttle admins or moderators. if ( current_user_can( 'manage_options' ) || current_user_can( 'moderate_comments' ) ) { return false; } $hour_ago = gmdate( 'Y-m-d H:i:s', time() - HOUR_IN_SECONDS ); if ( is_user_logged_in() ) { $user = get_current_user_id(); $check_column = '`user_id`'; } else { $user = $ip; $check_column = '`comment_author_IP`'; } $sql = $wpdb->prepare( "SELECT `comment_date_gmt` FROM `$wpdb->comments` WHERE `comment_date_gmt` >= %s AND ( $check_column = %s OR `comment_author_email` = %s ) ORDER BY `comment_date_gmt` DESC LIMIT 1", $hour_ago, $user, $email ); $lasttime = $wpdb->get_var( $sql ); if ( $lasttime ) { $time_lastcomment = mysql2date( 'U', $lasttime, false ); $time_newcomment = mysql2date( 'U', $date, false ); /** * Filters the comment flood status. * * @since 2.1.0 * * @param bool $bool Whether a comment flood is occurring. Default false. * @param int $time_lastcomment Timestamp of when the last comment was posted. * @param int $time_newcomment Timestamp of when the new comment was posted. */ $flood_die = apply_filters( 'comment_flood_filter', false, $time_lastcomment, $time_newcomment ); if ( $flood_die ) { /** * Fires before the comment flood message is triggered. * * @since 1.5.0 * * @param int $time_lastcomment Timestamp of when the last comment was posted. * @param int $time_newcomment Timestamp of when the new comment was posted. */ do_action( 'comment_flood_trigger', $time_lastcomment, $time_newcomment ); if ( $avoid_die ) { return true; } else { /** * Filters the comment flood error message. * * @since 5.2.0 * * @param string $comment_flood_message Comment flood error message. */ $comment_flood_message = apply_filters( 'comment_flood_message', __( 'You are posting comments too quickly. Slow down.' ) ); if ( wp_doing_ajax() ) { die( $comment_flood_message ); } wp_die( $comment_flood_message, 429 ); } } } return false; } /** * Separates an array of comments into an array keyed by comment_type. * * @since 2.7.0 * * @param WP_Comment[] $comments Array of comments. * @return array<string, WP_Comment[]> Array of comments keyed by comment type. */ function separate_comments( &$comments ) { $comments_by_type = array( 'comment' => array(), 'trackback' => array(), 'pingback' => array(), 'pings' => array(), ); $count = count( $comments ); for ( $i = 0; $i < $count; $i++ ) { $type = $comments[ $i ]->comment_type; if ( empty( $type ) ) { $type = 'comment'; } $comments_by_type[ $type ][] = &$comments[ $i ]; if ( 'trackback' === $type || 'pingback' === $type ) { $comments_by_type['pings'][] = &$comments[ $i ]; } } return $comments_by_type; } /** * Calculates the total number of comment pages. * * @since 2.7.0 * * @uses Walker_Comment * * @global WP_Query $wp_query WordPress Query object. * * @param WP_Comment[] $comments Optional. Array of WP_Comment objects. Defaults to `$wp_query->comments`. * @param int $per_page Optional. Comments per page. Defaults to the value of `comments_per_page` * query var, option of the same name, or 1 (in that order). * @param bool $threaded Optional. Control over flat or threaded comments. Defaults to the value * of `thread_comments` option. * @return int Number of comment pages. */ function get_comment_pages_count( $comments = null, $per_page = null, $threaded = null ) { global $wp_query; if ( null === $comments && null === $per_page && null === $threaded && ! empty( $wp_query->max_num_comment_pages ) ) { return $wp_query->max_num_comment_pages; } if ( ( ! $comments || ! is_array( $comments ) ) && ! empty( $wp_query->comments ) ) { $comments = $wp_query->comments; } if ( empty( $comments ) ) { return 0; } if ( ! get_option( 'page_comments' ) ) { return 1; } if ( ! isset( $per_page ) ) { $per_page = (int) get_query_var( 'comments_per_page' ); } if ( 0 === $per_page ) { $per_page = (int) get_option( 'comments_per_page' ); } if ( 0 === $per_page ) { return 1; } if ( ! isset( $threaded ) ) { $threaded = get_option( 'thread_comments' ); } if ( $threaded ) { $walker = new Walker_Comment(); $count = ceil( $walker->get_number_of_root_elements( $comments ) / $per_page ); } else { $count = ceil( count( $comments ) / $per_page ); } return (int) $count; } /** * Calculates what page number a comment will appear on for comment paging. * * @since 2.7.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $comment_id Comment ID. * @param array $args { * Array of optional arguments. * * @type string $type Limit paginated comments to those matching a given type. * Accepts 'comment', 'trackback', 'pingback', 'pings' * (trackbacks and pingbacks), or 'all'. Default 'all'. * @type int $per_page Per-page count to use when calculating pagination. * Defaults to the value of the 'comments_per_page' option. * @type int|string $max_depth If greater than 1, comment page will be determined * for the top-level parent `$comment_id`. * Defaults to the value of the 'thread_comments_depth' option. * } * @return int|null Comment page number or null on error. */ function get_page_of_comment( $comment_id, $args = array() ) { global $wpdb; $page = null; $comment = get_comment( $comment_id ); if ( ! $comment ) { return null; } $defaults = array( 'type' => 'all', 'page' => '', 'per_page' => '', 'max_depth' => '', ); $args = wp_parse_args( $args, $defaults ); $original_args = $args; // Order of precedence: 1. `$args['per_page']`, 2. 'comments_per_page' query_var, 3. 'comments_per_page' option. if ( get_option( 'page_comments' ) ) { if ( '' === $args['per_page'] ) { $args['per_page'] = get_query_var( 'comments_per_page' ); } if ( '' === $args['per_page'] ) { $args['per_page'] = get_option( 'comments_per_page' ); } } if ( empty( $args['per_page'] ) ) { $args['per_page'] = 0; $args['page'] = 0; } if ( $args['per_page'] < 1 ) { $page = 1; } if ( null === $page ) { if ( '' === $args['max_depth'] ) { if ( get_option( 'thread_comments' ) ) { $args['max_depth'] = get_option( 'thread_comments_depth' ); } else { $args['max_depth'] = -1; } } // Find this comment's top-level parent if threading is enabled. if ( $args['max_depth'] > 1 && '0' !== $comment->comment_parent ) { return get_page_of_comment( $comment->comment_parent, $args ); } $comment_args = array( 'type' => $args['type'], 'post_id' => $comment->comment_post_ID, 'fields' => 'ids', 'count' => true, 'status' => 'approve', 'orderby' => 'none', 'parent' => 0, 'date_query' => array( array( 'column' => "$wpdb->comments.comment_date_gmt", 'before' => $comment->comment_date_gmt, ), ), ); if ( is_user_logged_in() ) { $comment_args['include_unapproved'] = array( get_current_user_id() ); } else { $unapproved_email = wp_get_unapproved_comment_author_email(); if ( $unapproved_email ) { $comment_args['include_unapproved'] = array( $unapproved_email ); } } /** * Filters the arguments used to query comments in get_page_of_comment(). * * @since 5.5.0 * * @see WP_Comment_Query::__construct() * * @param array $comment_args { * Array of WP_Comment_Query arguments. * * @type string $type Limit paginated comments to those matching a given type. * Accepts 'comment', 'trackback', 'pingback', 'pings' * (trackbacks and pingbacks), or 'all'. Default 'all'. * @type int $post_id ID of the post. * @type string $fields Comment fields to return. * @type bool $count Whether to return a comment count (true) or array * of comment objects (false). * @type string $status Comment status. * @type int $parent Parent ID of comment to retrieve children of. * @type array $date_query Date query clauses to limit comments by. See WP_Date_Query. * @type array $include_unapproved Array of IDs or email addresses whose unapproved comments * will be included in paginated comments. * } */ $comment_args = apply_filters( 'get_page_of_comment_query_args', $comment_args ); $comment_query = new WP_Comment_Query(); $older_comment_count = $comment_query->query( $comment_args ); // No older comments? Then it's page #1. if ( 0 === $older_comment_count ) { $page = 1; // Divide comments older than this one by comments per page to get this comment's page number. } else { $page = (int) ceil( ( $older_comment_count + 1 ) / $args['per_page'] ); } } /** * Filters the calculated page on which a comment appears. * * @since 4.4.0 * @since 4.7.0 Introduced the `$comment_id` parameter. * * @param int $page Comment page. * @param array $args { * Arguments used to calculate pagination. These include arguments auto-detected by the function, * based on query vars, system settings, etc. For pristine arguments passed to the function, * see `$original_args`. * * @type string $type Type of comments to count. * @type int $page Calculated current page. * @type int $per_page Calculated number of comments per page. * @type int $max_depth Maximum comment threading depth allowed. * } * @param array $original_args { * Array of arguments passed to the function. Some or all of these may not be set. * * @type string $type Type of comments to count. * @type int $page Current comment page. * @type int $per_page Number of comments per page. * @type int $max_depth Maximum comment threading depth allowed. * } * @param int $comment_id ID of the comment. */ return apply_filters( 'get_page_of_comment', (int) $page, $args, $original_args, $comment_id ); } /** * Retrieves the maximum character lengths for the comment form fields. * * @since 4.5.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @return int[] Array of maximum lengths keyed by field name. */ function wp_get_comment_fields_max_lengths() { global $wpdb; $lengths = array( 'comment_author' => 245, 'comment_author_email' => 100, 'comment_author_url' => 200, 'comment_content' => 65525, ); if ( $wpdb->is_mysql ) { foreach ( $lengths as $column => $length ) { $col_length = $wpdb->get_col_length( $wpdb->comments, $column ); $max_length = 0; // No point if we can't get the DB column lengths. if ( is_wp_error( $col_length ) ) { break; } if ( ! is_array( $col_length ) && (int) $col_length > 0 ) { $max_length = (int) $col_length; } elseif ( is_array( $col_length ) && isset( $col_length['length'] ) && (int) $col_length['length'] > 0 ) { $max_length = (int) $col_length['length']; if ( ! empty( $col_length['type'] ) && 'byte' === $col_length['type'] ) { $max_length = $max_length - 10; } } if ( $max_length > 0 ) { $lengths[ $column ] = $max_length; } } } /** * Filters the lengths for the comment form fields. * * @since 4.5.0 * * @param int[] $lengths Array of maximum lengths keyed by field name. */ return apply_filters( 'wp_get_comment_fields_max_lengths', $lengths ); } /** * Compares the lengths of comment data against the maximum character limits. * * @since 4.7.0 * * @param array $comment_data Array of arguments for inserting a comment. * @return WP_Error|true WP_Error when a comment field exceeds the limit, * otherwise true. */ function wp_check_comment_data_max_lengths( $comment_data ) { $max_lengths = wp_get_comment_fields_max_lengths(); if ( isset( $comment_data['comment_author'] ) && mb_strlen( $comment_data['comment_author'], '8bit' ) > $max_lengths['comment_author'] ) { return new WP_Error( 'comment_author_column_length', __( '<strong>Error:</strong> Your name is too long.' ), 200 ); } if ( isset( $comment_data['comment_author_email'] ) && strlen( $comment_data['comment_author_email'] ) > $max_lengths['comment_author_email'] ) { return new WP_Error( 'comment_author_email_column_length', __( '<strong>Error:</strong> Your email address is too long.' ), 200 ); } if ( isset( $comment_data['comment_author_url'] ) && strlen( $comment_data['comment_author_url'] ) > $max_lengths['comment_author_url'] ) { return new WP_Error( 'comment_author_url_column_length', __( '<strong>Error:</strong> Your URL is too long.' ), 200 ); } if ( isset( $comment_data['comment_content'] ) && mb_strlen( $comment_data['comment_content'], '8bit' ) > $max_lengths['comment_content'] ) { return new WP_Error( 'comment_content_column_length', __( '<strong>Error:</strong> Your comment is too long.' ), 200 ); } return true; } /** * Checks whether comment data passes internal checks or has disallowed content. * * @since 6.7.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param array $comment_data Array of arguments for inserting a comment. * @return int|string|WP_Error The approval status on success (0|1|'spam'|'trash'), * WP_Error otherwise. */ function wp_check_comment_data( $comment_data ) { global $wpdb; if ( ! empty( $comment_data['user_id'] ) ) { $user = get_userdata( $comment_data['user_id'] ); $post_author = (int) $wpdb->get_var( $wpdb->prepare( "SELECT post_author FROM $wpdb->posts WHERE ID = %d LIMIT 1", $comment_data['comment_post_ID'] ) ); } if ( isset( $user ) && ( $comment_data['user_id'] === $post_author || $user->has_cap( 'moderate_comments' ) ) ) { // The author and the admins get respect. $approved = 1; } else { // Everyone else's comments will be checked. if ( check_comment( $comment_data['comment_author'], $comment_data['comment_author_email'], $comment_data['comment_author_url'], $comment_data['comment_content'], $comment_data['comment_author_IP'], $comment_data['comment_agent'], $comment_data['comment_type'] ) ) { $approved = 1; } else { $approved = 0; } if ( wp_check_comment_disallowed_list( $comment_data['comment_author'], $comment_data['comment_author_email'], $comment_data['comment_author_url'], $comment_data['comment_content'], $comment_data['comment_author_IP'], $comment_data['comment_agent'] ) ) { $approved = EMPTY_TRASH_DAYS ? 'trash' : 'spam'; } } /** * Filters a comment's approval status before it is set. * * @since 2.1.0 * @since 4.9.0 Returning a WP_Error value from the filter will short-circuit comment insertion * and allow skipping further processing. * * @param int|string|WP_Error $approved The approval status. Accepts 1, 0, 'spam', 'trash', * or WP_Error. * @param array $commentdata Comment data. */ return apply_filters( 'pre_comment_approved', $approved, $comment_data ); } /** * Checks if a comment contains disallowed characters or words. * * @since 5.5.0 * * @param string $author The author of the comment. * @param string $email The email of the comment. * @param string $url The url used in the comment. * @param string $comment The comment content. * @param string $user_ip The comment author's IP address. * @param string $user_agent The author's browser user agent. * @return bool True if the comment contains disallowed content, false otherwise. */ function wp_check_comment_disallowed_list( $author, $email, $url, $comment, $user_ip, $user_agent ) { /** * Fires before the comment is tested for disallowed characters or words. * * @since 1.5.0 * @deprecated 5.5.0 Use {@see 'wp_check_comment_disallowed_list'} instead. * * @param string $author Comment author. * @param string $email Comment author's email. * @param string $url Comment author's URL. * @param string $comment Comment content. * @param string $user_ip Comment author's IP address. * @param string $user_agent Comment author's browser user agent. */ do_action_deprecated( 'wp_blacklist_check', array( $author, $email, $url, $comment, $user_ip, $user_agent ), '5.5.0', 'wp_check_comment_disallowed_list', __( 'Please consider writing more inclusive code.' ) ); /** * Fires before the comment is tested for disallowed characters or words. * * @since 5.5.0 * * @param string $author Comment author. * @param string $email Comment author's email. * @param string $url Comment author's URL. * @param string $comment Comment content. * @param string $user_ip Comment author's IP address. * @param string $user_agent Comment author's browser user agent. */ do_action( 'wp_check_comment_disallowed_list', $author, $email, $url, $comment, $user_ip, $user_agent ); $mod_keys = trim( get_option( 'disallowed_keys' ) ); if ( '' === $mod_keys ) { return false; // If moderation keys are empty. } // Ensure HTML tags are not being used to bypass the list of disallowed characters and words. $comment_without_html = wp_strip_all_tags( $comment ); $words = explode( "\n", $mod_keys ); foreach ( (array) $words as $word ) { $word = trim( $word ); // Skip empty lines. if ( empty( $word ) ) { continue; } // Do some escaping magic so that '#' chars in the spam words don't break things: $word = preg_quote( $word, '#' ); $pattern = "#$word#iu"; if ( preg_match( $pattern, $author ) || preg_match( $pattern, $email ) || preg_match( $pattern, $url ) || preg_match( $pattern, $comment ) || preg_match( $pattern, $comment_without_html ) || preg_match( $pattern, $user_ip ) || preg_match( $pattern, $user_agent ) ) { return true; } } return false; } /** * Retrieves the total comment counts for the whole site or a single post. * * The comment stats are cached and then retrieved, if they already exist in the * cache. * * @see get_comment_count() Which handles fetching the live comment counts. * * @since 2.5.0 * * @param int $post_id Optional. Restrict the comment counts to the given post. Default 0, which indicates that * comment counts for the whole site will be retrieved. * @return stdClass { * The number of comments keyed by their status. * * @type int $approved The number of approved comments. * @type int $moderated The number of comments awaiting moderation (a.k.a. pending). * @type int $spam The number of spam comments. * @type int $trash The number of trashed comments. * @type int $post-trashed The number of comments for posts that are in the trash. * @type int $total_comments The total number of non-trashed comments, including spam. * @type int $all The total number of pending or approved comments. * } */ function wp_count_comments( $post_id = 0 ) { $post_id = (int) $post_id; /** * Filters the comments count for a given post or the whole site. * * @since 2.7.0 * * @param array|stdClass $count An empty array or an object containing comment counts. * @param int $post_id The post ID. Can be 0 to represent the whole site. */ $filtered = apply_filters( 'wp_count_comments', array(), $post_id ); if ( ! empty( $filtered ) ) { return $filtered; } $count = wp_cache_get( "comments-{$post_id}", 'counts' ); if ( false !== $count ) { return $count; } $stats = get_comment_count( $post_id ); $stats['moderated'] = $stats['awaiting_moderation']; unset( $stats['awaiting_moderation'] ); $stats_object = (object) $stats; wp_cache_set( "comments-{$post_id}", $stats_object, 'counts' ); return $stats_object; } /** * Trashes or deletes a comment. * * The comment is moved to Trash instead of permanently deleted unless Trash is * disabled, item is already in the Trash, or $force_delete is true. * * The post comment count will be updated if the comment was approved and has a * post ID available. * * @since 2.0.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. * @param bool $force_delete Whether to bypass Trash and force deletion. Default false. * @return bool True on success, false on failure. */ function wp_delete_comment( $comment_id, $force_delete = false ) { global $wpdb; $comment = get_comment( $comment_id ); if ( ! $comment ) { return false; } if ( ! $force_delete && EMPTY_TRASH_DAYS && ! in_array( wp_get_comment_status( $comment ), array( 'trash', 'spam' ), true ) ) { return wp_trash_comment( $comment_id ); } /** * Fires immediately before a comment is deleted from the database. * * @since 1.2.0 * @since 4.9.0 Added the `$comment` parameter. * * @param string $comment_id The comment ID as a numeric string. * @param WP_Comment $comment The comment to be deleted. */ do_action( 'delete_comment', $comment->comment_ID, $comment ); // Move children up a level. $children = $wpdb->get_col( $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_parent = %d", $comment->comment_ID ) ); if ( ! empty( $children ) ) { $wpdb->update( $wpdb->comments, array( 'comment_parent' => $comment->comment_parent ), array( 'comment_parent' => $comment->comment_ID ) ); clean_comment_cache( $children ); } // Delete metadata. $meta_ids = $wpdb->get_col( $wpdb->prepare( "SELECT meta_id FROM $wpdb->commentmeta WHERE comment_id = %d", $comment->comment_ID ) ); foreach ( $meta_ids as $mid ) { delete_metadata_by_mid( 'comment', $mid ); } if ( ! $wpdb->delete( $wpdb->comments, array( 'comment_ID' => $comment->comment_ID ) ) ) { return false; } /** * Fires immediately after a comment is deleted from the database. * * @since 2.9.0 * @since 4.9.0 Added the `$comment` parameter. * * @param string $comment_id The comment ID as a numeric string. * @param WP_Comment $comment The deleted comment. */ do_action( 'deleted_comment', $comment->comment_ID, $comment ); $post_id = $comment->comment_post_ID; if ( $post_id && '1' === $comment->comment_approved ) { wp_update_comment_count( $post_id ); } clean_comment_cache( $comment->comment_ID ); /** This action is documented in wp-includes/comment.php */ do_action( 'wp_set_comment_status', $comment->comment_ID, 'delete' ); wp_transition_comment_status( 'delete', $comment->comment_approved, $comment ); return true; } /** * Moves a comment to the Trash * * If Trash is disabled, comment is permanently deleted. * * @since 2.9.0 * @since 6.9.0 Any child notes are deleted when deleting a note. * * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. * @return bool True on success, false on failure. */ function wp_trash_comment( $comment_id ) { if ( ! EMPTY_TRASH_DAYS ) { $comment = get_comment( $comment_id ); $success = wp_delete_comment( $comment_id, true ); if ( ! $success ) { return false; } // Also delete children of top level 'note' type comments. if ( $comment && 'note' === $comment->comment_type && 0 === (int) $comment->comment_parent ) { $children = $comment->get_children( array( 'fields' => 'ids', 'status' => 'all', 'type' => 'note', ) ); foreach ( $children as $child_id ) { if ( ! wp_delete_comment( $child_id, true ) ) { $success = false; } } } return $success; } $comment = get_comment( $comment_id ); if ( ! $comment ) { return false; } /** * Fires immediately before a comment is sent to the Trash. * * @since 2.9.0 * @since 4.9.0 Added the `$comment` parameter. * * @param string $comment_id The comment ID as a numeric string. * @param WP_Comment $comment The comment to be trashed. */ do_action( 'trash_comment', $comment->comment_ID, $comment ); if ( wp_set_comment_status( $comment, 'trash' ) ) { delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_status' ); delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_time' ); add_comment_meta( $comment->comment_ID, '_wp_trash_meta_status', $comment->comment_approved ); add_comment_meta( $comment->comment_ID, '_wp_trash_meta_time', time() ); /** * Fires immediately after a comment is sent to Trash. * * @since 2.9.0 * @since 4.9.0 Added the `$comment` parameter. * * @param string $comment_id The comment ID as a numeric string. * @param WP_Comment $comment The trashed comment. */ do_action( 'trashed_comment', $comment->comment_ID, $comment ); // For top level 'note' type comments, also trash children. if ( 'note' === $comment->comment_type && 0 === (int) $comment->comment_parent ) { $children = $comment->get_children( array( 'fields' => 'ids', 'status' => 'all', 'type' => 'note', ) ); $success = true; foreach ( $children as $child_id ) { if ( ! wp_trash_comment( $child_id ) ) { $success = false; } } return $success; } return true; } return false; } /** * Removes a comment from the Trash * * @since 2.9.0 * * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. * @return bool True on success, false on failure. */ function wp_untrash_comment( $comment_id ) { $comment = get_comment( $comment_id ); if ( ! $comment ) { return false; } /** * Fires immediately before a comment is restored from the Trash. * * @since 2.9.0 * @since 4.9.0 Added the `$comment` parameter. * * @param string $comment_id The comment ID as a numeric string. * @param WP_Comment $comment The comment to be untrashed. */ do_action( 'untrash_comment', $comment->comment_ID, $comment ); $status = (string) get_comment_meta( $comment->comment_ID, '_wp_trash_meta_status', true ); if ( empty( $status ) ) { $status = '0'; } if ( wp_set_comment_status( $comment, $status ) ) { delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_time' ); delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_status' ); /** * Fires immediately after a comment is restored from the Trash. * * @since 2.9.0 * @since 4.9.0 Added the `$comment` parameter. * * @param string $comment_id The comment ID as a numeric string. * @param WP_Comment $comment The untrashed comment. */ do_action( 'untrashed_comment', $comment->comment_ID, $comment ); return true; } return false; } /** * Marks a comment as Spam. * * @since 2.9.0 * * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. * @return bool True on success, false on failure. */ function wp_spam_comment( $comment_id ) { $comment = get_comment( $comment_id ); if ( ! $comment ) { return false; } /** * Fires immediately before a comment is marked as Spam. * * @since 2.9.0 * @since 4.9.0 Added the `$comment` parameter. * * @param int $comment_id The comment ID. * @param WP_Comment $comment The comment to be marked as spam. */ do_action( 'spam_comment', $comment->comment_ID, $comment ); if ( wp_set_comment_status( $comment, 'spam' ) ) { delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_status' ); delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_time' ); add_comment_meta( $comment->comment_ID, '_wp_trash_meta_status', $comment->comment_approved ); add_comment_meta( $comment->comment_ID, '_wp_trash_meta_time', time() ); /** * Fires immediately after a comment is marked as Spam. * * @since 2.9.0 * @since 4.9.0 Added the `$comment` parameter. * * @param int $comment_id The comment ID. * @param WP_Comment $comment The comment marked as spam. */ do_action( 'spammed_comment', $comment->comment_ID, $comment ); return true; } return false; } /** * Removes a comment from the Spam. * * @since 2.9.0 * * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. * @return bool True on success, false on failure. */ function wp_unspam_comment( $comment_id ) { $comment = get_comment( $comment_id ); if ( ! $comment ) { return false; } /** * Fires immediately before a comment is unmarked as Spam. * * @since 2.9.0 * @since 4.9.0 Added the `$comment` parameter. * * @param string $comment_id The comment ID as a numeric string. * @param WP_Comment $comment The comment to be unmarked as spam. */ do_action( 'unspam_comment', $comment->comment_ID, $comment ); $status = (string) get_comment_meta( $comment->comment_ID, '_wp_trash_meta_status', true ); if ( empty( $status ) ) { $status = '0'; } if ( wp_set_comment_status( $comment, $status ) ) { delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_status' ); delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_time' ); /** * Fires immediately after a comment is unmarked as Spam. * * @since 2.9.0 * @since 4.9.0 Added the `$comment` parameter. * * @param string $comment_id The comment ID as a numeric string. * @param WP_Comment $comment The comment unmarked as spam. */ do_action( 'unspammed_comment', $comment->comment_ID, $comment ); return true; } return false; } /** * Retrieves the status of a comment by comment ID. * * @since 1.0.0 * * @param int|WP_Comment $comment_id Comment ID or WP_Comment object * @return string|false Status might be 'trash', 'approved', 'unapproved', 'spam'. False on failure. */ function wp_get_comment_status( $comment_id ) { $comment = get_comment( $comment_id ); if ( ! $comment ) { return false; } $approved = $comment->comment_approved; if ( null === $approved ) { return false; } elseif ( '1' === $approved ) { return 'approved'; } elseif ( '0' === $approved ) { return 'unapproved'; } elseif ( 'spam' === $approved ) { return 'spam'; } elseif ( 'trash' === $approved ) { return 'trash'; } else { return false; } } /** * Calls hooks for when a comment status transition occurs. * * Calls hooks for comment status transitions. If the new comment status is not the same * as the previous comment status, then two hooks will be ran, the first is * {@see 'transition_comment_status'} with new status, old status, and comment data. * The next action called is {@see 'comment_$old_status_to_$new_status'}. It has * the comment data. * * The final action will run whether or not the comment statuses are the same. * The action is named {@see 'comment_$new_status_$comment->comment_type'}. * * @since 2.7.0 * * @param string $new_status New comment status. * @param string $old_status Previous comment status. * @param WP_Comment $comment Comment object. */ function wp_transition_comment_status( $new_status, $old_status, $comment ) { /* * Translate raw statuses to human-readable formats for the hooks. * This is not a complete list of comment status, it's only the ones * that need to be renamed. */ $comment_statuses = array( 0 => 'unapproved', 'hold' => 'unapproved', // wp_set_comment_status() uses "hold". 1 => 'approved', 'approve' => 'approved', // wp_set_comment_status() uses "approve". ); if ( isset( $comment_statuses[ $new_status ] ) ) { $new_status = $comment_statuses[ $new_status ]; } if ( isset( $comment_statuses[ $old_status ] ) ) { $old_status = $comment_statuses[ $old_status ]; } // Call the hooks. if ( $new_status !== $old_status ) { /** * Fires when the comment status is in transition. * * @since 2.7.0 * * @param string $new_status The new comment status. * @param string $old_status The old comment status. * @param WP_Comment $comment Comment object. */ do_action( 'transition_comment_status', $new_status, $old_status, $comment ); /** * Fires when the comment status is in transition from one specific status to another. * * The dynamic portions of the hook name, `$old_status`, and `$new_status`, * refer to the old and new comment statuses, respectively. * * Possible hook names include: * * - `comment_unapproved_to_approved` * - `comment_spam_to_approved` * - `comment_approved_to_unapproved` * - `comment_spam_to_unapproved` * - `comment_unapproved_to_spam` * - `comment_approved_to_spam` * * @since 2.7.0 * * @param WP_Comment $comment Comment object. */ do_action( "comment_{$old_status}_to_{$new_status}", $comment ); } /** * Fires when the status of a specific comment type is in transition. * * The dynamic portions of the hook name, `$new_status`, and `$comment->comment_type`, * refer to the new comment status, and the type of comment, respectively. * * Typical comment types include 'comment', 'pingback', or 'trackback'. * * Possible hook names include: * * - `comment_approved_comment` * - `comment_approved_pingback` * - `comment_approved_trackback` * - `comment_unapproved_comment` * - `comment_unapproved_pingback` * - `comment_unapproved_trackback` * - `comment_spam_comment` * - `comment_spam_pingback` * - `comment_spam_trackback` * * @since 2.7.0 * * @param string $comment_id The comment ID as a numeric string. * @param WP_Comment $comment Comment object. */ do_action( "comment_{$new_status}_{$comment->comment_type}", $comment->comment_ID, $comment ); } /** * Clears the lastcommentmodified cached value when a comment status is changed. * * Deletes the lastcommentmodified cache key when a comment enters or leaves * 'approved' status. * * @since 4.7.0 * @access private * * @param string $new_status The new comment status. * @param string $old_status The old comment status. */ function _clear_modified_cache_on_transition_comment_status( $new_status, $old_status ) { if ( 'approved' === $new_status || 'approved' === $old_status ) { $data = array(); foreach ( array( 'server', 'gmt', 'blog' ) as $timezone ) { $data[] = "lastcommentmodified:$timezone"; } wp_cache_delete_multiple( $data, 'timeinfo' ); } } /** * Gets current commenter's name, email, and URL. * * Expects cookies content to already be sanitized. User of this function might * wish to recheck the returned array for validity. * * @see sanitize_comment_cookies() Use to sanitize cookies * * @since 2.0.4 * * @return array { * An array of current commenter variables. * * @type string $comment_author The name of the current commenter, or an empty string. * @type string $comment_author_email The email address of the current commenter, or an empty string. * @type string $comment_author_url The URL address of the current commenter, or an empty string. * } */ function wp_get_current_commenter() { // Cookies should already be sanitized. $comment_author = ''; if ( isset( $_COOKIE[ 'comment_author_' . COOKIEHASH ] ) ) { $comment_author = $_COOKIE[ 'comment_author_' . COOKIEHASH ]; } $comment_author_email = ''; if ( isset( $_COOKIE[ 'comment_author_email_' . COOKIEHASH ] ) ) { $comment_author_email = $_COOKIE[ 'comment_author_email_' . COOKIEHASH ]; } $comment_author_url = ''; if ( isset( $_COOKIE[ 'comment_author_url_' . COOKIEHASH ] ) ) { $comment_author_url = $_COOKIE[ 'comment_author_url_' . COOKIEHASH ]; } /** * Filters the current commenter's name, email, and URL. * * @since 3.1.0 * * @param array $comment_author_data { * An array of current commenter variables. * * @type string $comment_author The name of the current commenter, or an empty string. * @type string $comment_author_email The email address of the current commenter, or an empty string. * @type string $comment_author_url The URL address of the current commenter, or an empty string. * } */ return apply_filters( 'wp_get_current_commenter', compact( 'comment_author', 'comment_author_email', 'comment_author_url' ) ); } /** * Gets unapproved comment author's email. * * Used to allow the commenter to see their pending comment. * * @since 5.1.0 * @since 5.7.0 The window within which the author email for an unapproved comment * can be retrieved was extended to 10 minutes. * * @return string The unapproved comment author's email (when supplied). */ function wp_get_unapproved_comment_author_email() { $commenter_email = ''; if ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) { $comment_id = (int) $_GET['unapproved']; $comment = get_comment( $comment_id ); if ( $comment && hash_equals( $_GET['moderation-hash'], wp_hash( $comment->comment_date_gmt ) ) ) { // The comment will only be viewable by the comment author for 10 minutes. $comment_preview_expires = strtotime( $comment->comment_date_gmt . '+10 minutes' ); if ( time() < $comment_preview_expires ) { $commenter_email = $comment->comment_author_email; } } } if ( ! $commenter_email ) { $commenter = wp_get_current_commenter(); $commenter_email = $commenter['comment_author_email']; } return $commenter_email; } /** * Inserts a comment into the database. * * @since 2.0.0 * @since 4.4.0 Introduced the `$comment_meta` argument. * @since 5.5.0 Default value for `$comment_type` argument changed to `comment`. * * @global wpdb $wpdb WordPress database abstraction object. * * @param array $commentdata { * Array of arguments for inserting a new comment. * * @type string $comment_agent The HTTP user agent of the `$comment_author` when * the comment was submitted. Default empty. * @type int|string $comment_approved Whether the comment has been approved. Default 1. * @type string $comment_author The name of the author of the comment. Default empty. * @type string $comment_author_email The email address of the `$comment_author`. Default empty. * @type string $comment_author_IP The IP address of the `$comment_author`. Default empty. * @type string $comment_author_url The URL address of the `$comment_author`. Default empty. * @type string $comment_content The content of the comment. Default empty. * @type string $comment_date The date the comment was submitted. To set the date * manually, `$comment_date_gmt` must also be specified. * Default is the current time. * @type string $comment_date_gmt The date the comment was submitted in the GMT timezone. * Default is `$comment_date` in the site's GMT timezone. * @type int $comment_karma The karma of the comment. Default 0. * @type int $comment_parent ID of this comment's parent, if any. Default 0. * @type int $comment_post_ID ID of the post that relates to the comment, if any. * Default 0. * @type string $comment_type Comment type. Default 'comment'. * @type array $comment_meta Optional. Array of key/value pairs to be stored in commentmeta for the * new comment. * @type int $user_id ID of the user who submitted the comment. Default 0. * } * @return int|false The new comment's ID on success, false on failure. */ function wp_insert_comment( $commentdata ) { global $wpdb; $data = wp_unslash( $commentdata ); $comment_author = ! isset( $data['comment_author'] ) ? '' : $data['comment_author']; $comment_author_email = ! isset( $data['comment_author_email'] ) ? '' : $data['comment_author_email']; $comment_author_url = ! isset( $data['comment_author_url'] ) ? '' : $data['comment_author_url']; $comment_author_ip = ! isset( $data['comment_author_IP'] ) ? '' : $data['comment_author_IP']; $comment_date = ! isset( $data['comment_date'] ) ? current_time( 'mysql' ) : $data['comment_date']; $comment_date_gmt = ! isset( $data['comment_date_gmt'] ) ? get_gmt_from_date( $comment_date ) : $data['comment_date_gmt']; $comment_post_id = ! isset( $data['comment_post_ID'] ) ? 0 : $data['comment_post_ID']; $comment_content = ! isset( $data['comment_content'] ) ? '' : $data['comment_content']; $comment_karma = ! isset( $data['comment_karma'] ) ? 0 : $data['comment_karma']; $comment_approved = ! isset( $data['comment_approved'] ) ? 1 : $data['comment_approved']; $comment_agent = ! isset( $data['comment_agent'] ) ? '' : $data['comment_agent']; $comment_type = empty( $data['comment_type'] ) ? 'comment' : $data['comment_type']; $comment_parent = ! isset( $data['comment_parent'] ) ? 0 : $data['comment_parent']; $user_id = ! isset( $data['user_id'] ) ? 0 : $data['user_id']; $compacted = array( 'comment_post_ID' => $comment_post_id, 'comment_author_IP' => $comment_author_ip, ); $compacted += compact( 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_date', 'comment_date_gmt', 'comment_content', 'comment_karma', 'comment_approved', 'comment_agent', 'comment_type', 'comment_parent', 'user_id' ); if ( ! $wpdb->insert( $wpdb->comments, $compacted ) ) { return false; } $id = (int) $wpdb->insert_id; if ( 1 === (int) $comment_approved ) { wp_update_comment_count( $comment_post_id ); $data = array(); foreach ( array( 'server', 'gmt', 'blog' ) as $timezone ) { $data[] = "lastcommentmodified:$timezone"; } wp_cache_delete_multiple( $data, 'timeinfo' ); } clean_comment_cache( $id ); $comment = get_comment( $id ); // If metadata is provided, store it. if ( isset( $commentdata['comment_meta'] ) && is_array( $commentdata['comment_meta'] ) ) { foreach ( $commentdata['comment_meta'] as $meta_key => $meta_value ) { add_comment_meta( $comment->comment_ID, $meta_key, $meta_value, true ); } } /** * Fires immediately after a comment is inserted into the database. * * @since 2.8.0 * * @param int $id The comment ID. * @param WP_Comment $comment Comment object. */ do_action( 'wp_insert_comment', $id, $comment ); return $id; } /** * Filters and sanitizes comment data. * * Sets the comment data 'filtered' field to true when finished. This can be * checked as to whether the comment should be filtered and to keep from * filtering the same comment more than once. * * @since 2.0.0 * * @param array $commentdata Contains information on the comment. * @return array Parsed comment information. */ function wp_filter_comment( $commentdata ) { if ( isset( $commentdata['user_ID'] ) ) { /** * Filters the comment author's user ID before it is set. * * The first time this filter is evaluated, `user_ID` is checked * (for back-compat), followed by the standard `user_id` value. * * @since 1.5.0 * * @param int $user_id The comment author's user ID. */ $commentdata['user_id'] = apply_filters( 'pre_user_id', $commentdata['user_ID'] ); } elseif ( isset( $commentdata['user_id'] ) ) { /** This filter is documented in wp-includes/comment.php */ $commentdata['user_id'] = apply_filters( 'pre_user_id', $commentdata['user_id'] ); } /** * Filters the comment author's browser user agent before it is set. * * @since 1.5.0 * * @param string $comment_agent The comment author's browser user agent. */ $commentdata['comment_agent'] = apply_filters( 'pre_comment_user_agent', ( isset( $commentdata['comment_agent'] ) ? $commentdata['comment_agent'] : '' ) ); /** This filter is documented in wp-includes/comment.php */ $commentdata['comment_author'] = apply_filters( 'pre_comment_author_name', $commentdata['comment_author'] ); /** * Filters the comment content before it is set. * * @since 1.5.0 * * @param string $comment_content The comment content. */ $commentdata['comment_content'] = apply_filters( 'pre_comment_content', $commentdata['comment_content'] ); /** * Filters the comment author's IP address before it is set. * * @since 1.5.0 * * @param string $comment_author_ip The comment author's IP address. */ $commentdata['comment_author_IP'] = apply_filters( 'pre_comment_user_ip', $commentdata['comment_author_IP'] ); /** This filter is documented in wp-includes/comment.php */ $commentdata['comment_author_url'] = apply_filters( 'pre_comment_author_url', $commentdata['comment_author_url'] ); /** This filter is documented in wp-includes/comment.php */ $commentdata['comment_author_email'] = apply_filters( 'pre_comment_author_email', $commentdata['comment_author_email'] ); $commentdata['filtered'] = true; return $commentdata; } /** * Determines whether a comment should be blocked because of comment flood. * * @since 2.1.0 * * @param bool $block Whether plugin has already blocked comment. * @param int $time_lastcomment Timestamp for last comment. * @param int $time_newcomment Timestamp for new comment. * @return bool Whether comment should be blocked. */ function wp_throttle_comment_flood( $block, $time_lastcomment, $time_newcomment ) { if ( $block ) { // A plugin has already blocked... we'll let that decision stand. return $block; } if ( ( $time_newcomment - $time_lastcomment ) < 15 ) { return true; } return false; } /** * Adds a new comment to the database. * * Filters new comment to ensure that the fields are sanitized and valid before * inserting comment into database. Calls {@see 'comment_post'} action with comment ID * and whether comment is approved by WordPress. Also has {@see 'preprocess_comment'} * filter for processing the comment data before the function handles it. * * We use `REMOTE_ADDR` here directly. If you are behind a proxy, you should ensure * that it is properly set, such as in wp-config.php, for your environment. * * See {@link https://core.trac.wordpress.org/ticket/9235} * * @since 1.5.0 * @since 4.3.0 Introduced the `comment_agent` and `comment_author_IP` arguments. * @since 4.7.0 The `$avoid_die` parameter was added, allowing the function * to return a WP_Error object instead of dying. * @since 5.5.0 The `$avoid_die` parameter was renamed to `$wp_error`. * @since 5.5.0 Introduced the `comment_type` argument. * * @see wp_insert_comment() * @global wpdb $wpdb WordPress database abstraction object. * * @param array $commentdata { * Comment data. * * @type string $comment_author The name of the comment author. * @type string $comment_author_email The comment author email address. * @type string $comment_author_url The comment author URL. * @type string $comment_content The content of the comment. * @type string $comment_date The date the comment was submitted. Default is the current time. * @type string $comment_date_gmt The date the comment was submitted in the GMT timezone. * Default is `$comment_date` in the GMT timezone. * @type string $comment_type Comment type. Default 'comment'. * @type int $comment_parent The ID of this comment's parent, if any. Default 0. * @type int $comment_post_ID The ID of the post that relates to the comment. * @type int $user_id The ID of the user who submitted the comment. Default 0. * @type int $user_ID Kept for backward-compatibility. Use `$user_id` instead. * @type string $comment_agent Comment author user agent. Default is the value of 'HTTP_USER_AGENT' * in the `$_SERVER` superglobal sent in the original request. * @type string $comment_author_IP Comment author IP address in IPv4 format. Default is the value of * 'REMOTE_ADDR' in the `$_SERVER` superglobal sent in the original request. * } * @param bool $wp_error Should errors be returned as WP_Error objects instead of * executing wp_die()? Default false. * @return int|false|WP_Error The ID of the comment on success, false or WP_Error on failure. */ function wp_new_comment( $commentdata, $wp_error = false ) { global $wpdb; /* * Normalize `user_ID` to `user_id`, but pass the old key * to the `preprocess_comment` filter for backward compatibility. */ if ( isset( $commentdata['user_ID'] ) ) { $commentdata['user_ID'] = (int) $commentdata['user_ID']; $commentdata['user_id'] = $commentdata['user_ID']; } elseif ( isset( $commentdata['user_id'] ) ) { $commentdata['user_id'] = (int) $commentdata['user_id']; $commentdata['user_ID'] = $commentdata['user_id']; } $prefiltered_user_id = ( isset( $commentdata['user_id'] ) ) ? (int) $commentdata['user_id'] : 0; if ( ! isset( $commentdata['comment_author_IP'] ) ) { $commentdata['comment_author_IP'] = $_SERVER['REMOTE_ADDR']; } if ( ! isset( $commentdata['comment_agent'] ) ) { $commentdata['comment_agent'] = isset( $_SERVER['HTTP_USER_AGENT'] ) ? $_SERVER['HTTP_USER_AGENT'] : ''; } /** * Filters a comment's data before it is sanitized and inserted into the database. * * @since 1.5.0 * @since 5.6.0 Comment data includes the `comment_agent` and `comment_author_IP` values. * * @param array $commentdata Comment data. */ $commentdata = apply_filters( 'preprocess_comment', $commentdata ); $commentdata['comment_post_ID'] = (int) $commentdata['comment_post_ID']; // Normalize `user_ID` to `user_id` again, after the filter. if ( isset( $commentdata['user_ID'] ) && $prefiltered_user_id !== (int) $commentdata['user_ID'] ) { $commentdata['user_ID'] = (int) $commentdata['user_ID']; $commentdata['user_id'] = $commentdata['user_ID']; } elseif ( isset( $commentdata['user_id'] ) ) { $commentdata['user_id'] = (int) $commentdata['user_id']; $commentdata['user_ID'] = $commentdata['user_id']; } $commentdata['comment_parent'] = isset( $commentdata['comment_parent'] ) ? absint( $commentdata['comment_parent'] ) : 0; $parent_status = ( $commentdata['comment_parent'] > 0 ) ? wp_get_comment_status( $commentdata['comment_parent'] ) : ''; $commentdata['comment_parent'] = ( 'approved' === $parent_status || 'unapproved' === $parent_status ) ? $commentdata['comment_parent'] : 0; $commentdata['comment_author_IP'] = preg_replace( '/[^0-9a-fA-F:., ]/', '', $commentdata['comment_author_IP'] ); $commentdata['comment_agent'] = substr( $commentdata['comment_agent'], 0, 254 ); if ( empty( $commentdata['comment_date'] ) ) { $commentdata['comment_date'] = current_time( 'mysql' ); } if ( empty( $commentdata['comment_date_gmt'] ) ) { $commentdata['comment_date_gmt'] = current_time( 'mysql', true ); } if ( empty( $commentdata['comment_type'] ) ) { $commentdata['comment_type'] = 'comment'; } $commentdata['comment_approved'] = wp_allow_comment( $commentdata, $wp_error ); if ( is_wp_error( $commentdata['comment_approved'] ) ) { return $commentdata['comment_approved']; } $commentdata = wp_filter_comment( $commentdata ); if ( ! in_array( $commentdata['comment_approved'], array( 'trash', 'spam' ), true ) ) { // Validate the comment again after filters are applied to comment data. $commentdata['comment_approved'] = wp_check_comment_data( $commentdata ); } if ( is_wp_error( $commentdata['comment_approved'] ) ) { return $commentdata['comment_approved']; } $comment_id = wp_insert_comment( $commentdata ); if ( ! $comment_id ) { $fields = array( 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content' ); foreach ( $fields as $field ) { if ( isset( $commentdata[ $field ] ) ) { $commentdata[ $field ] = $wpdb->strip_invalid_text_for_column( $wpdb->comments, $field, $commentdata[ $field ] ); } } $commentdata = wp_filter_comment( $commentdata ); $commentdata['comment_approved'] = wp_allow_comment( $commentdata, $wp_error ); if ( is_wp_error( $commentdata['comment_approved'] ) ) { return $commentdata['comment_approved']; } $comment_id = wp_insert_comment( $commentdata ); if ( ! $comment_id ) { return false; } } /** * Fires immediately after a comment is inserted into the database. * * @since 1.2.0 * @since 4.5.0 The `$commentdata` parameter was added. * * @param int $comment_id The comment ID. * @param int|string $comment_approved 1 if the comment is approved, 0 if not, 'spam' if spam. * @param array $commentdata Comment data. */ do_action( 'comment_post', $comment_id, $commentdata['comment_approved'], $commentdata ); return $comment_id; } /** * Sends a comment moderation notification to the comment moderator. * * @since 4.4.0 * * @param int $comment_id ID of the comment. * @return bool True on success, false on failure. */ function wp_new_comment_notify_moderator( $comment_id ) { $comment = get_comment( $comment_id ); // Only send notifications for pending comments. $maybe_notify = ( '0' === $comment->comment_approved ); /** This filter is documented in wp-includes/pluggable.php */ $maybe_notify = apply_filters( 'notify_moderator', $maybe_notify, $comment_id ); if ( ! $maybe_notify ) { return false; } return wp_notify_moderator( $comment_id ); } /** * Sends a notification of a new comment to the post author. * * @since 4.4.0 * * Uses the {@see 'notify_post_author'} filter to determine whether the post author * should be notified when a new comment is added, overriding site setting. * * @param int $comment_id Comment ID. * @return bool True on success, false on failure. */ function wp_new_comment_notify_postauthor( $comment_id ) { $comment = get_comment( $comment_id ); $is_note = ( $comment && 'note' === $comment->comment_type ); $maybe_notify = $is_note ? get_option( 'wp_notes_notify', 1 ) : get_option( 'comments_notify' ); /** * Filters whether to send the post author new comment notification emails, * overriding the site setting. * * @since 4.4.0 * * @param bool $maybe_notify Whether to notify the post author about the new comment. * @param int $comment_id The ID of the comment for the notification. */ $maybe_notify = apply_filters( 'notify_post_author', $maybe_notify, $comment_id ); /* * wp_notify_postauthor() checks if notifying the author of their own comment. * By default, it won't, but filters can override this. */ if ( ! $maybe_notify ) { return false; } // Send notifications for approved comments and all notes. if ( ! isset( $comment->comment_approved ) || ( '1' !== $comment->comment_approved && ! $is_note ) ) { return false; } return wp_notify_postauthor( $comment_id ); } /** * Send a notification to the post author when a new note is added via the REST API. * * @since 6.9.0 * * @param WP_Comment $comment The comment object. */ function wp_new_comment_via_rest_notify_postauthor( $comment ) { if ( $comment instanceof WP_Comment && 'note' === $comment->comment_type ) { wp_new_comment_notify_postauthor( (int) $comment->comment_ID ); } } /** * Sets the status of a comment. * * The {@see 'wp_set_comment_status'} action is called after the comment is handled. * If the comment status is not in the list, then false is returned. * * @since 1.0.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. * @param string $comment_status New comment status, either 'hold', 'approve', 'spam', or 'trash'. * @param bool $wp_error Whether to return a WP_Error object if there is a failure. Default false. * @return bool|WP_Error True on success, false or WP_Error on failure. */ function wp_set_comment_status( $comment_id, $comment_status, $wp_error = false ) { global $wpdb; switch ( $comment_status ) { case 'hold': case '0': $status = '0'; break; case 'approve': case '1': $status = '1'; add_action( 'wp_set_comment_status', 'wp_new_comment_notify_postauthor' ); break; case 'spam': $status = 'spam'; break; case 'trash': $status = 'trash'; break; default: return false; } $comment_old = clone get_comment( $comment_id ); if ( ! $wpdb->update( $wpdb->comments, array( 'comment_approved' => $status ), array( 'comment_ID' => $comment_old->comment_ID ) ) ) { if ( $wp_error ) { return new WP_Error( 'db_update_error', __( 'Could not update comment status.' ), $wpdb->last_error ); } else { return false; } } clean_comment_cache( $comment_old->comment_ID ); $comment = get_comment( $comment_old->comment_ID ); /** * Fires immediately after transitioning a comment's status from one to another in the database * and removing the comment from the object cache, but prior to all status transition hooks. * * @since 1.5.0 * * @param string $comment_id Comment ID as a numeric string. * @param string $comment_status Current comment status. Possible values include * 'hold', '0', 'approve', '1', 'spam', and 'trash'. */ do_action( 'wp_set_comment_status', $comment->comment_ID, $comment_status ); wp_transition_comment_status( $comment_status, $comment_old->comment_approved, $comment ); wp_update_comment_count( $comment->comment_post_ID ); return true; } /** * Updates an existing comment in the database. * * Filters the comment and makes sure certain fields are valid before updating. * * @since 2.0.0 * @since 4.9.0 Add updating comment meta during comment update. * @since 5.5.0 The `$wp_error` parameter was added. * @since 5.5.0 The return values for an invalid comment or post ID * were changed to false instead of 0. * * @global wpdb $wpdb WordPress database abstraction object. * * @param array $commentarr Contains information on the comment. * @param bool $wp_error Optional. Whether to return a WP_Error on failure. Default false. * @return int|false|WP_Error The value 1 if the comment was updated, 0 if not updated. * False or a WP_Error object on failure. */ function wp_update_comment( $commentarr, $wp_error = false ) { global $wpdb; // First, get all of the original fields. $comment = get_comment( $commentarr['comment_ID'], ARRAY_A ); if ( empty( $comment ) ) { if ( $wp_error ) { return new WP_Error( 'invalid_comment_id', __( 'Invalid comment ID.' ) ); } else { return false; } } // Make sure that the comment post ID is valid (if specified). if ( ! empty( $commentarr['comment_post_ID'] ) && ! get_post( $commentarr['comment_post_ID'] ) ) { if ( $wp_error ) { return new WP_Error( 'invalid_post_id', __( 'Invalid post ID.' ) ); } else { return false; } } $filter_comment = false; if ( ! has_filter( 'pre_comment_content', 'wp_filter_kses' ) ) { $filter_comment = ! user_can( isset( $comment['user_id'] ) ? $comment['user_id'] : 0, 'unfiltered_html' ); } if ( $filter_comment ) { add_filter( 'pre_comment_content', 'wp_filter_kses' ); } // Escape data pulled from DB. $comment = wp_slash( $comment ); $old_status = $comment['comment_approved']; // Merge old and new fields with new fields overwriting old ones. $commentarr = array_merge( $comment, $commentarr ); $commentarr = wp_filter_comment( $commentarr ); if ( $filter_comment ) { remove_filter( 'pre_comment_content', 'wp_filter_kses' ); } // Now extract the merged array. $data = wp_unslash( $commentarr ); /** * Filters the comment content before it is updated in the database. * * @since 1.5.0 * * @param string $comment_content The comment data. */ $data['comment_content'] = apply_filters( 'comment_save_pre', $data['comment_content'] ); $data['comment_date_gmt'] = get_gmt_from_date( $data['comment_date'] ); if ( ! isset( $data['comment_approved'] ) ) { $data['comment_approved'] = 1; } elseif ( 'hold' === $data['comment_approved'] ) { $data['comment_approved'] = 0; } elseif ( 'approve' === $data['comment_approved'] ) { $data['comment_approved'] = 1; } $comment_id = $data['comment_ID']; $comment_post_id = $data['comment_post_ID']; /** * Filters the comment data immediately before it is updated in the database. * * Note: data being passed to the filter is already unslashed. * * @since 4.7.0 * @since 5.5.0 Returning a WP_Error value from the filter will short-circuit comment update * and allow skipping further processing. * * @param array|WP_Error $data The new, processed comment data, or WP_Error. * @param array $comment The old, unslashed comment data. * @param array $commentarr The new, raw comment data. */ $data = apply_filters( 'wp_update_comment_data', $data, $comment, $commentarr ); // Do not carry on on failure. if ( is_wp_error( $data ) ) { if ( $wp_error ) { return $data; } else { return false; } } $keys = array( 'comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_author_IP', 'comment_date', 'comment_date_gmt', 'comment_content', 'comment_karma', 'comment_approved', 'comment_agent', 'comment_type', 'comment_parent', 'user_id', ); $data = wp_array_slice_assoc( $data, $keys ); $result = $wpdb->update( $wpdb->comments, $data, array( 'comment_ID' => $comment_id ) ); if ( false === $result ) { if ( $wp_error ) { return new WP_Error( 'db_update_error', __( 'Could not update comment in the database.' ), $wpdb->last_error ); } else { return false; } } // If metadata is provided, store it. if ( isset( $commentarr['comment_meta'] ) && is_array( $commentarr['comment_meta'] ) ) { foreach ( $commentarr['comment_meta'] as $meta_key => $meta_value ) { update_comment_meta( $comment_id, $meta_key, $meta_value ); } } clean_comment_cache( $comment_id ); wp_update_comment_count( $comment_post_id ); /** * Fires immediately after a comment is updated in the database. * * The hook also fires immediately before comment status transition hooks are fired. * * @since 1.2.0 * @since 4.6.0 Added the `$data` parameter. * * @param int $comment_id The comment ID. * @param array $data Comment data. */ do_action( 'edit_comment', $comment_id, $data ); $comment = get_comment( $comment_id ); wp_transition_comment_status( $comment->comment_approved, $old_status, $comment ); return $result; } /** * Determines whether to defer comment counting. * * When setting $defer to true, all post comment counts will not be updated * until $defer is set to false. When $defer is set to false, then all * previously deferred updated post comment counts will then be automatically * updated without having to call wp_update_comment_count() after. * * @since 2.5.0 * * @param bool $defer * @return bool */ function wp_defer_comment_counting( $defer = null ) { static $_defer = false; if ( is_bool( $defer ) ) { $_defer = $defer; // Flush any deferred counts. if ( ! $defer ) { wp_update_comment_count( null, true ); } } return $_defer; } /** * Updates the comment count for post(s). * * When $do_deferred is false (is by default) and the comments have been set to * be deferred, the post_id will be added to a queue, which will be updated at a * later date and only updated once per post ID. * * If the comments have not be set up to be deferred, then the post will be * updated. When $do_deferred is set to true, then all previous deferred post * IDs will be updated along with the current $post_id. * * @since 2.1.0 * * @see wp_update_comment_count_now() For what could cause a false return value * * @param int|null $post_id Post ID. * @param bool $do_deferred Optional. Whether to process previously deferred * post comment counts. Default false. * @return bool|void True on success, false on failure or if post with ID does * not exist. */ function wp_update_comment_count( $post_id, $do_deferred = false ) { static $_deferred = array(); if ( empty( $post_id ) && ! $do_deferred ) { return false; } if ( $do_deferred ) { $_deferred = array_unique( $_deferred ); foreach ( $_deferred as $i => $_post_id ) { wp_update_comment_count_now( $_post_id ); unset( $_deferred[ $i ] ); /** @todo Move this outside of the foreach and reset $_deferred to an array instead */ } } if ( wp_defer_comment_counting() ) { $_deferred[] = $post_id; return true; } elseif ( $post_id ) { return wp_update_comment_count_now( $post_id ); } } /** * Updates the comment count for the post. * * @since 2.5.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $post_id Post ID * @return bool True on success, false if the post does not exist. */ function wp_update_comment_count_now( $post_id ) { global $wpdb; $post_id = (int) $post_id; if ( ! $post_id ) { return false; } wp_cache_delete( 'comments-0', 'counts' ); wp_cache_delete( "comments-{$post_id}", 'counts' ); $post = get_post( $post_id ); if ( ! $post ) { return false; } $old = (int) $post->comment_count; /** * Filters a post's comment count before it is updated in the database. * * @since 4.5.0 * * @param int|null $new The new comment count. Default null. * @param int $old The old comment count. * @param int $post_id Post ID. */ $new = apply_filters( 'pre_wp_update_comment_count_now', null, $old, $post_id ); if ( is_null( $new ) ) { $new = (int) $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1' AND comment_type != 'note'", $post_id ) ); } else { $new = (int) $new; } $wpdb->update( $wpdb->posts, array( 'comment_count' => $new ), array( 'ID' => $post_id ) ); clean_post_cache( $post ); /** * Fires immediately after a post's comment count is updated in the database. * * @since 2.3.0 * * @param int $post_id Post ID. * @param int $new The new comment count. * @param int $old The old comment count. */ do_action( 'wp_update_comment_count', $post_id, $new, $old ); /** This action is documented in wp-includes/post.php */ do_action( "edit_post_{$post->post_type}", $post_id, $post ); /** This action is documented in wp-includes/post.php */ do_action( 'edit_post', $post_id, $post ); return true; } // // Ping and trackback functions. // /** * Finds a pingback server URI based on the given URL. * * Checks the HTML for the rel="pingback" link and X-Pingback headers. It does * a check for the X-Pingback headers first and returns that, if available. * The check for the rel="pingback" has more overhead than just the header. * * @since 1.5.0 * * @param string $url URL to ping. * @param string $deprecated Not Used. * @return string|false String containing URI on success, false on failure. */ function discover_pingback_server_uri( $url, $deprecated = '' ) { if ( ! empty( $deprecated ) ) { _deprecated_argument( __FUNCTION__, '2.7.0' ); } $pingback_str_dquote = 'rel="pingback"'; $pingback_str_squote = 'rel=\'pingback\''; /** @todo Should use Filter Extension or custom preg_match instead. */ $parsed_url = parse_url( $url ); if ( ! isset( $parsed_url['host'] ) ) { // Not a URL. This should never happen. return false; } // Do not search for a pingback server on our own uploads. $uploads_dir = wp_get_upload_dir(); if ( str_starts_with( $url, $uploads_dir['baseurl'] ) ) { return false; } $response = wp_safe_remote_head( $url, array( 'timeout' => 2, 'httpversion' => '1.0', ) ); if ( is_wp_error( $response ) ) { return false; } if ( wp_remote_retrieve_header( $response, 'X-Pingback' ) ) { return wp_remote_retrieve_header( $response, 'X-Pingback' ); } // Not an (x)html, sgml, or xml page, no use going further. if ( preg_match( '#(image|audio|video|model)/#is', wp_remote_retrieve_header( $response, 'Content-Type' ) ) ) { return false; } // Now do a GET since we're going to look in the HTML headers (and we're sure it's not a binary file). $response = wp_safe_remote_get( $url, array( 'timeout' => 2, 'httpversion' => '1.0', ) ); if ( is_wp_error( $response ) ) { return false; } $contents = wp_remote_retrieve_body( $response ); $pingback_link_offset_dquote = strpos( $contents, $pingback_str_dquote ); $pingback_link_offset_squote = strpos( $contents, $pingback_str_squote ); if ( $pingback_link_offset_dquote || $pingback_link_offset_squote ) { $quote = ( $pingback_link_offset_dquote ) ? '"' : '\''; $pingback_link_offset = ( '"' === $quote ) ? $pingback_link_offset_dquote : $pingback_link_offset_squote; $pingback_href_pos = strpos( $contents, 'href=', $pingback_link_offset ); $pingback_href_start = $pingback_href_pos + 6; $pingback_href_end = strpos( $contents, $quote, $pingback_href_start ); $pingback_server_url_len = $pingback_href_end - $pingback_href_start; $pingback_server_url = substr( $contents, $pingback_href_start, $pingback_server_url_len ); // We may find rel="pingback" but an incomplete pingback URL. if ( $pingback_server_url_len > 0 ) { // We got it! return $pingback_server_url; } } return false; } /** * Performs all pingbacks, enclosures, trackbacks, and sends to pingback services. * * @since 2.1.0 * @since 5.6.0 Introduced `do_all_pings` action hook for individual services. */ function do_all_pings() { /** * Fires immediately after the `do_pings` event to hook services individually. * * @since 5.6.0 */ do_action( 'do_all_pings' ); } /** * Performs all pingbacks. * * @since 5.6.0 */ function do_all_pingbacks() { $pings = get_posts( array( 'post_type' => get_post_types(), 'suppress_filters' => false, 'nopaging' => true, 'meta_key' => '_pingme', 'fields' => 'ids', ) ); foreach ( $pings as $ping ) { delete_post_meta( $ping, '_pingme' ); pingback( null, $ping ); } } /** * Performs all enclosures. * * @since 5.6.0 */ function do_all_enclosures() { $enclosures = get_posts( array( 'post_type' => get_post_types(), 'suppress_filters' => false, 'nopaging' => true, 'meta_key' => '_encloseme', 'fields' => 'ids', ) ); foreach ( $enclosures as $enclosure ) { delete_post_meta( $enclosure, '_encloseme' ); do_enclose( null, $enclosure ); } } /** * Performs all trackbacks. * * @since 5.6.0 */ function do_all_trackbacks() { $trackbacks = get_posts( array( 'post_type' => get_post_types(), 'suppress_filters' => false, 'nopaging' => true, 'meta_key' => '_trackbackme', 'fields' => 'ids', ) ); foreach ( $trackbacks as $trackback ) { delete_post_meta( $trackback, '_trackbackme' ); do_trackbacks( $trackback ); } } /** * Performs trackbacks. * * @since 1.5.0 * @since 4.7.0 `$post` can be a WP_Post object. * * @global wpdb $wpdb WordPress database abstraction object. * * @param int|WP_Post $post Post ID or object to do trackbacks on. * @return void|false Returns false on failure. */ function do_trackbacks( $post ) { global $wpdb; $post = get_post( $post ); if ( ! $post ) { return false; } $to_ping = get_to_ping( $post ); $pinged = get_pung( $post ); if ( empty( $to_ping ) ) { $wpdb->update( $wpdb->posts, array( 'to_ping' => '' ), array( 'ID' => $post->ID ) ); return; } if ( empty( $post->post_excerpt ) ) { /** This filter is documented in wp-includes/post-template.php */ $excerpt = apply_filters( 'the_content', $post->post_content, $post->ID ); } else { /** This filter is documented in wp-includes/post-template.php */ $excerpt = apply_filters( 'the_excerpt', $post->post_excerpt ); } $excerpt = str_replace( ']]>', ']]>', $excerpt ); $excerpt = wp_html_excerpt( $excerpt, 252, '…' ); /** This filter is documented in wp-includes/post-template.php */ $post_title = apply_filters( 'the_title', $post->post_title, $post->ID ); $post_title = strip_tags( $post_title ); foreach ( (array) $to_ping as $tb_ping ) { $tb_ping = trim( $tb_ping ); if ( ! in_array( $tb_ping, $pinged, true ) ) { trackback( $tb_ping, $post_title, $excerpt, $post->ID ); $pinged[] = $tb_ping; } else { $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, %s, '')) WHERE ID = %d", $tb_ping, $post->ID ) ); } } } /** * Sends pings to all of the ping site services. * * @since 1.2.0 * * @param int $post_id Post ID. * @return int Same post ID as provided. */ function generic_ping( $post_id = 0 ) { $services = get_option( 'ping_sites' ); $services = explode( "\n", $services ); foreach ( (array) $services as $service ) { $service = trim( $service ); if ( '' !== $service ) { weblog_ping( $service ); } } return $post_id; } /** * Pings back the links found in a post. * * @since 0.71 * @since 4.7.0 `$post` can be a WP_Post object. * @since 6.8.0 Returns an array of pingback statuses indexed by link. * * @param string $content Post content to check for links. If empty will retrieve from post. * @param int|WP_Post $post Post ID or object. * @return array<string, bool> An array of pingback statuses indexed by link. */ function pingback( $content, $post ) { require_once ABSPATH . WPINC . '/class-IXR.php'; require_once ABSPATH . WPINC . '/class-wp-http-ixr-client.php'; // Original code by Mort (http://mort.mine.nu:8080). $post_links = array(); $post = get_post( $post ); if ( ! $post ) { return array(); } $pung = get_pung( $post ); if ( empty( $content ) ) { $content = $post->post_content; } /* * Step 1. * Parsing the post, external links (if any) are stored in the $post_links array. */ $post_links_temp = wp_extract_urls( $content ); $ping_status = array(); /* * Step 2. * Walking through the links array. * First we get rid of links pointing to sites, not to specific files. * Example: * http://dummy-weblog.org * http://dummy-weblog.org/ * http://dummy-weblog.org/post.php * We don't wanna ping first and second types, even if they have a valid <link/>. */ foreach ( (array) $post_links_temp as $link_test ) { // If we haven't pung it already and it isn't a link to itself. if ( ! in_array( $link_test, $pung, true ) && ( url_to_postid( $link_test ) !== $post->ID ) // Also, let's never ping local attachments. && ! is_local_attachment( $link_test ) ) { $test = parse_url( $link_test ); if ( $test ) { if ( isset( $test['query'] ) ) { $post_links[] = $link_test; } elseif ( isset( $test['path'] ) && ( '/' !== $test['path'] ) && ( '' !== $test['path'] ) ) { $post_links[] = $link_test; } } } } $post_links = array_unique( $post_links ); /** * Fires just before pinging back links found in a post. * * @since 2.0.0 * * @param string[] $post_links Array of link URLs to be checked (passed by reference). * @param string[] $pung Array of link URLs already pinged (passed by reference). * @param int $post_id The post ID. */ do_action_ref_array( 'pre_ping', array( &$post_links, &$pung, $post->ID ) ); foreach ( (array) $post_links as $pagelinkedto ) { $pingback_server_url = discover_pingback_server_uri( $pagelinkedto ); if ( $pingback_server_url ) { // Allow an additional 60 seconds for each pingback to complete. if ( function_exists( 'set_time_limit' ) ) { set_time_limit( 60 ); } // Now, the RPC call. $pagelinkedfrom = get_permalink( $post ); // Using a timeout of 3 seconds should be enough to cover slow servers. $client = new WP_HTTP_IXR_Client( $pingback_server_url ); $client->timeout = 3; /** * Filters the user agent sent when pinging-back a URL. * * @since 2.9.0 * * @param string $concat_useragent The user agent concatenated with ' -- WordPress/' * and the WordPress version. * @param string $useragent The useragent. * @param string $pingback_server_url The server URL being linked to. * @param string $pagelinkedto URL of page linked to. * @param string $pagelinkedfrom URL of page linked from. */ $client->useragent = apply_filters( 'pingback_useragent', $client->useragent . ' -- WordPress/' . get_bloginfo( 'version' ), $client->useragent, $pingback_server_url, $pagelinkedto, $pagelinkedfrom ); // When set to true, this outputs debug messages by itself. $client->debug = false; $status = $client->query( 'pingback.ping', $pagelinkedfrom, $pagelinkedto ); if ( $status // Ping registered. || ( isset( $client->error->code ) && 48 === $client->error->code ) // Already registered. ) { add_ping( $post, $pagelinkedto ); } $ping_status[ $pagelinkedto ] = $status; } } return $ping_status; } /** * Checks whether blog is public before returning sites. * * @since 2.1.0 * * @param mixed $sites Will return if blog is public, will not return if not public. * @return mixed Empty string if blog is not public, returns $sites, if site is public. */ function privacy_ping_filter( $sites ) { if ( '0' !== get_option( 'blog_public' ) ) { return $sites; } else { return ''; } } /** * Sends a Trackback. * * Updates database when sending trackback to prevent duplicates. * * @since 0.71 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $trackback_url URL to send trackbacks. * @param string $title Title of post. * @param string $excerpt Excerpt of post. * @param int $post_id Post ID. * @return int|false|void Database query from update. */ function trackback( $trackback_url, $title, $excerpt, $post_id ) { global $wpdb; if ( empty( $trackback_url ) ) { return; } $options = array(); $options['timeout'] = 10; $options['body'] = array( 'title' => $title, 'url' => get_permalink( $post_id ), 'blog_name' => get_option( 'blogname' ), 'excerpt' => $excerpt, ); $response = wp_safe_remote_post( $trackback_url, $options ); if ( is_wp_error( $response ) ) { return; } $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET pinged = CONCAT(pinged, '\n', %s) WHERE ID = %d", $trackback_url, $post_id ) ); return $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, %s, '')) WHERE ID = %d", $trackback_url, $post_id ) ); } /** * Sends a pingback. * * @since 1.2.0 * * @param string $server Host of blog to connect to. * @param string $path Path to send the ping. */ function weblog_ping( $server = '', $path = '' ) { require_once ABSPATH . WPINC . '/class-IXR.php'; require_once ABSPATH . WPINC . '/class-wp-http-ixr-client.php'; // Using a timeout of 3 seconds should be enough to cover slow servers. $client = new WP_HTTP_IXR_Client( $server, ( ( ! strlen( trim( $path ) ) || ( '/' === $path ) ) ? false : $path ) ); $client->timeout = 3; $client->useragent .= ' -- WordPress/' . get_bloginfo( 'version' ); // When set to true, this outputs debug messages by itself. $client->debug = false; $home = trailingslashit( home_url() ); if ( ! $client->query( 'weblogUpdates.extendedPing', get_option( 'blogname' ), $home, get_bloginfo( 'rss2_url' ) ) ) { // Then try a normal ping. $client->query( 'weblogUpdates.ping', get_option( 'blogname' ), $home ); } } /** * Default filter attached to pingback_ping_source_uri to validate the pingback's Source URI. * * @since 3.5.1 * * @see wp_http_validate_url() * * @param string $source_uri * @return string */ function pingback_ping_source_uri( $source_uri ) { return (string) wp_http_validate_url( $source_uri ); } /** * Default filter attached to xmlrpc_pingback_error. * * Returns a generic pingback error code unless the error code is 48, * which reports that the pingback is already registered. * * @since 3.5.1 * * @link https://www.hixie.ch/specs/pingback/pingback#TOC3 * * @param IXR_Error $ixr_error * @return IXR_Error */ function xmlrpc_pingback_error( $ixr_error ) { if ( 48 === $ixr_error->code ) { return $ixr_error; } return new IXR_Error( 0, '' ); } // // Cache. // /** * Removes a comment from the object cache. * * @since 2.3.0 * * @param int|array $ids Comment ID or an array of comment IDs to remove from cache. */ function clean_comment_cache( $ids ) { $comment_ids = (array) $ids; wp_cache_delete_multiple( $comment_ids, 'comment' ); foreach ( $comment_ids as $id ) { /** * Fires immediately after a comment has been removed from the object cache. * * @since 4.5.0 * * @param int $id Comment ID. */ do_action( 'clean_comment_cache', $id ); } wp_cache_set_comments_last_changed(); } /** * Updates the comment cache of given comments. * * Will add the comments in $comments to the cache. If comment ID already exists * in the comment cache then it will not be updated. The comment is added to the * cache using the comment group with the key using the ID of the comments. * * @since 2.3.0 * @since 4.4.0 Introduced the `$update_meta_cache` parameter. * * @param WP_Comment[] $comments Array of comment objects * @param bool $update_meta_cache Whether to update commentmeta cache. Default true. */ function update_comment_cache( $comments, $update_meta_cache = true ) { $data = array(); foreach ( (array) $comments as $comment ) { $data[ $comment->comment_ID ] = $comment; } wp_cache_add_multiple( $data, 'comment' ); if ( $update_meta_cache ) { // Avoid `wp_list_pluck()` in case `$comments` is passed by reference. $comment_ids = array(); foreach ( $comments as $comment ) { $comment_ids[] = $comment->comment_ID; } update_meta_cache( 'comment', $comment_ids ); } } /** * Adds any comments from the given IDs to the cache that do not already exist in cache. * * @since 4.4.0 * @since 6.1.0 This function is no longer marked as "private". * @since 6.3.0 Use wp_lazyload_comment_meta() for lazy-loading of comment meta. * * @see update_comment_cache() * @global wpdb $wpdb WordPress database abstraction object. * * @param int[] $comment_ids Array of comment IDs. * @param bool $update_meta_cache Optional. Whether to update the meta cache. Default true. */ function _prime_comment_caches( $comment_ids, $update_meta_cache = true ) { global $wpdb; $non_cached_ids = _get_non_cached_ids( $comment_ids, 'comment' ); if ( ! empty( $non_cached_ids ) ) { $fresh_comments = $wpdb->get_results( sprintf( "SELECT $wpdb->comments.* FROM $wpdb->comments WHERE comment_ID IN (%s)", implode( ',', array_map( 'intval', $non_cached_ids ) ) ) ); update_comment_cache( $fresh_comments, false ); } if ( $update_meta_cache ) { wp_lazyload_comment_meta( $comment_ids ); } } // // Internal. // /** * Closes comments on old posts on the fly, without any extra DB queries. Hooked to the_posts. * * @since 2.7.0 * @access private * * @param WP_Post[] $posts Array of post objects. * @param WP_Query $query Query object. * @return WP_Post[] */ function _close_comments_for_old_posts( $posts, $query ) { if ( empty( $posts ) || ! $query->is_singular() || ! get_option( 'close_comments_for_old_posts' ) ) { return $posts; } /** * Filters the list of post types to automatically close comments for. * * @since 3.2.0 * * @param string[] $post_types An array of post type names. */ $post_types = apply_filters( 'close_comments_for_post_types', array( 'post' ) ); if ( ! in_array( $posts[0]->post_type, $post_types, true ) ) { return $posts; } $days_old = (int) get_option( 'close_comments_days_old' ); if ( ! $days_old ) { return $posts; } if ( time() - strtotime( $posts[0]->post_date_gmt ) > ( $days_old * DAY_IN_SECONDS ) ) { $posts[0]->comment_status = 'closed'; $posts[0]->ping_status = 'closed'; } return $posts; } /** * Closes comments on an old post. Hooked to comments_open and pings_open. * * @since 2.7.0 * @access private * * @param bool $open Comments open or closed. * @param int $post_id Post ID. * @return bool $open */ function _close_comments_for_old_post( $open, $post_id ) { if ( ! $open ) { return $open; } if ( ! get_option( 'close_comments_for_old_posts' ) ) { return $open; } $days_old = (int) get_option( 'close_comments_days_old' ); if ( ! $days_old ) { return $open; } $post = get_post( $post_id ); /** This filter is documented in wp-includes/comment.php */ $post_types = apply_filters( 'close_comments_for_post_types', array( 'post' ) ); if ( ! in_array( $post->post_type, $post_types, true ) ) { return $open; } // Undated drafts should not show up as comments closed. if ( '0000-00-00 00:00:00' === $post->post_date_gmt ) { return $open; } if ( time() - strtotime( $post->post_date_gmt ) > ( $days_old * DAY_IN_SECONDS ) ) { return false; } return $open; } /** * Handles the submission of a comment, usually posted to wp-comments-post.php via a comment form. * * This function expects unslashed data, as opposed to functions such as `wp_new_comment()` which * expect slashed data. * * @since 4.4.0 * * @param array $comment_data { * Comment data. * * @type string|int $comment_post_ID The ID of the post that relates to the comment. * @type string $author The name of the comment author. * @type string $email The comment author email address. * @type string $url The comment author URL. * @type string $comment The content of the comment. * @type string|int $comment_parent The ID of this comment's parent, if any. Default 0. * @type string $_wp_unfiltered_html_comment The nonce value for allowing unfiltered HTML. * } * @return WP_Comment|WP_Error A WP_Comment object on success, a WP_Error object on failure. */ function wp_handle_comment_submission( $comment_data ) { $comment_post_id = 0; $comment_author = ''; $comment_author_email = ''; $comment_author_url = ''; $comment_content = ''; $comment_parent = 0; $user_id = 0; if ( isset( $comment_data['comment_post_ID'] ) ) { $comment_post_id = (int) $comment_data['comment_post_ID']; } if ( isset( $comment_data['author'] ) && is_string( $comment_data['author'] ) ) { $comment_author = trim( strip_tags( $comment_data['author'] ) ); } if ( isset( $comment_data['email'] ) && is_string( $comment_data['email'] ) ) { $comment_author_email = trim( $comment_data['email'] ); } if ( isset( $comment_data['url'] ) && is_string( $comment_data['url'] ) ) { $comment_author_url = trim( $comment_data['url'] ); } if ( isset( $comment_data['comment'] ) && is_string( $comment_data['comment'] ) ) { $comment_content = trim( $comment_data['comment'] ); } if ( isset( $comment_data['comment_parent'] ) ) { $comment_parent = absint( $comment_data['comment_parent'] ); $comment_parent_object = get_comment( $comment_parent ); if ( 0 !== $comment_parent && ( ! $comment_parent_object instanceof WP_Comment || 0 === (int) $comment_parent_object->comment_approved ) ) { /** * Fires when a comment reply is attempted to an unapproved comment. * * @since 6.2.0 * * @param int $comment_post_id Post ID. * @param int $comment_parent Parent comment ID. */ do_action( 'comment_reply_to_unapproved_comment', $comment_post_id, $comment_parent ); return new WP_Error( 'comment_reply_to_unapproved_comment', __( 'Sorry, replies to unapproved comments are not allowed.' ), 403 ); } } $post = get_post( $comment_post_id ); if ( empty( $post->comment_status ) ) { /** * Fires when a comment is attempted on a post that does not exist. * * @since 1.5.0 * * @param int $comment_post_id Post ID. */ do_action( 'comment_id_not_found', $comment_post_id ); return new WP_Error( 'comment_id_not_found' ); } // get_post_status() will get the parent status for attachments. $status = get_post_status( $post ); if ( ( 'private' === $status ) && ! current_user_can( 'read_post', $comment_post_id ) ) { return new WP_Error( 'comment_id_not_found' ); } $status_obj = get_post_status_object( $status ); if ( ! comments_open( $comment_post_id ) ) { /** * Fires when a comment is attempted on a post that has comments closed. * * @since 1.5.0 * * @param int $comment_post_id Post ID. */ do_action( 'comment_closed', $comment_post_id ); return new WP_Error( 'comment_closed', __( 'Sorry, comments are closed for this item.' ), 403 ); } elseif ( 'trash' === $status ) { /** * Fires when a comment is attempted on a trashed post. * * @since 2.9.0 * * @param int $comment_post_id Post ID. */ do_action( 'comment_on_trash', $comment_post_id ); return new WP_Error( 'comment_on_trash' ); } elseif ( ! $status_obj->public && ! $status_obj->private ) { /** * Fires when a comment is attempted on a post in draft mode. * * @since 1.5.1 * * @param int $comment_post_id Post ID. */ do_action( 'comment_on_draft', $comment_post_id ); if ( current_user_can( 'read_post', $comment_post_id ) ) { return new WP_Error( 'comment_on_draft', __( 'Sorry, comments are not allowed for this item.' ), 403 ); } else { return new WP_Error( 'comment_on_draft' ); } } elseif ( post_password_required( $comment_post_id ) ) { /** * Fires when a comment is attempted on a password-protected post. * * @since 2.9.0 * * @param int $comment_post_id Post ID. */ do_action( 'comment_on_password_protected', $comment_post_id ); return new WP_Error( 'comment_on_password_protected' ); } else { /** * Fires before a comment is posted. * * @since 2.8.0 * * @param int $comment_post_id Post ID. */ do_action( 'pre_comment_on_post', $comment_post_id ); } // If the user is logged in. $user = wp_get_current_user(); if ( $user->exists() ) { if ( empty( $user->display_name ) ) { $user->display_name = $user->user_login; } $comment_author = $user->display_name; $comment_author_email = $user->user_email; $comment_author_url = $user->user_url; $user_id = $user->ID; if ( current_user_can( 'unfiltered_html' ) ) { if ( ! isset( $comment_data['_wp_unfiltered_html_comment'] ) || ! wp_verify_nonce( $comment_data['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_id ) ) { kses_remove_filters(); // Start with a clean slate. kses_init_filters(); // Set up the filters. remove_filter( 'pre_comment_content', 'wp_filter_post_kses' ); add_filter( 'pre_comment_content', 'wp_filter_kses' ); } } } else { if ( get_option( 'comment_registration' ) ) { return new WP_Error( 'not_logged_in', __( 'Sorry, you must be logged in to comment.' ), 403 ); } } $comment_type = 'comment'; if ( get_option( 'require_name_email' ) && ! $user->exists() ) { if ( '' === $comment_author_email || '' === $comment_author ) { return new WP_Error( 'require_name_email', __( '<strong>Error:</strong> Please fill the required fields.' ), 200 ); } elseif ( ! is_email( $comment_author_email ) ) { return new WP_Error( 'require_valid_email', __( '<strong>Error:</strong> Please enter a valid email address.' ), 200 ); } } $commentdata = array( 'comment_post_ID' => $comment_post_id, ); $commentdata += compact( 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_id' ); /** * Filters whether an empty comment should be allowed. * * @since 5.1.0 * * @param bool $allow_empty_comment Whether to allow empty comments. Default false. * @param array $commentdata Array of comment data to be sent to wp_insert_comment(). */ $allow_empty_comment = apply_filters( 'allow_empty_comment', false, $commentdata ); if ( '' === $comment_content && ! $allow_empty_comment ) { return new WP_Error( 'require_valid_comment', __( '<strong>Error:</strong> Please type your comment text.' ), 200 ); } $check_max_lengths = wp_check_comment_data_max_lengths( $commentdata ); if ( is_wp_error( $check_max_lengths ) ) { return $check_max_lengths; } $comment_id = wp_new_comment( wp_slash( $commentdata ), true ); if ( is_wp_error( $comment_id ) ) { return $comment_id; } if ( ! $comment_id ) { return new WP_Error( 'comment_save_error', __( '<strong>Error:</strong> The comment could not be saved. Please try again later.' ), 500 ); } return get_comment( $comment_id ); } /** * Registers the personal data exporter for comments. * * @since 4.9.6 * * @param array[] $exporters An array of personal data exporters. * @return array[] An array of personal data exporters. */ function wp_register_comment_personal_data_exporter( $exporters ) { $exporters['wordpress-comments'] = array( 'exporter_friendly_name' => __( 'WordPress Comments' ), 'callback' => 'wp_comments_personal_data_exporter', ); return $exporters; } /** * Finds and exports personal data associated with an email address from the comments table. * * @since 4.9.6 * * @param string $email_address The comment author email address. * @param int $page Comment page number. * @return array { * An array of personal data. * * @type array[] $data An array of personal data arrays. * @type bool $done Whether the exporter is finished. * } */ function wp_comments_personal_data_exporter( $email_address, $page = 1 ) { // Limit us to 500 comments at a time to avoid timing out. $number = 500; $page = (int) $page; $data_to_export = array(); $comments = get_comments( array( 'author_email' => $email_address, 'number' => $number, 'paged' => $page, 'orderby' => 'comment_ID', 'order' => 'ASC', 'update_comment_meta_cache' => false, ) ); $comment_prop_to_export = array( 'comment_author' => __( 'Comment Author' ), 'comment_author_email' => __( 'Comment Author Email' ), 'comment_author_url' => __( 'Comment Author URL' ), 'comment_author_IP' => __( 'Comment Author IP' ), 'comment_agent' => __( 'Comment Author User Agent' ), 'comment_date' => __( 'Comment Date' ), 'comment_content' => __( 'Comment Content' ), 'comment_link' => __( 'Comment URL' ), ); foreach ( (array) $comments as $comment ) { $comment_data_to_export = array(); foreach ( $comment_prop_to_export as $key => $name ) { $value = ''; switch ( $key ) { case 'comment_author': case 'comment_author_email': case 'comment_author_url': case 'comment_author_IP': case 'comment_agent': case 'comment_date': $value = $comment->{$key}; break; case 'comment_content': $value = get_comment_text( $comment->comment_ID ); break; case 'comment_link': $value = get_comment_link( $comment->comment_ID ); $value = sprintf( '<a href="%s" target="_blank">%s</a>', esc_url( $value ), esc_html( $value ) ); break; } if ( ! empty( $value ) ) { $comment_data_to_export[] = array( 'name' => $name, 'value' => $value, ); } } $data_to_export[] = array( 'group_id' => 'comments', 'group_label' => __( 'Comments' ), 'group_description' => __( 'User’s comment data.' ), 'item_id' => "comment-{$comment->comment_ID}", 'data' => $comment_data_to_export, ); } $done = count( $comments ) < $number; return array( 'data' => $data_to_export, 'done' => $done, ); } /** * Registers the personal data eraser for comments. * * @since 4.9.6 * * @param array $erasers An array of personal data erasers. * @return array An array of personal data erasers. */ function wp_register_comment_personal_data_eraser( $erasers ) { $erasers['wordpress-comments'] = array( 'eraser_friendly_name' => __( 'WordPress Comments' ), 'callback' => 'wp_comments_personal_data_eraser', ); return $erasers; } /** * Erases personal data associated with an email address from the comments table. * * @since 4.9.6 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $email_address The comment author email address. * @param int $page Comment page number. * @return array { * Data removal results. * * @type bool $items_removed Whether items were actually removed. * @type bool $items_retained Whether items were retained. * @type string[] $messages An array of messages to add to the personal data export file. * @type bool $done Whether the eraser is finished. * } */ function wp_comments_personal_data_eraser( $email_address, $page = 1 ) { global $wpdb; if ( empty( $email_address ) ) { return array( 'items_removed' => false, 'items_retained' => false, 'messages' => array(), 'done' => true, ); } // Limit us to 500 comments at a time to avoid timing out. $number = 500; $page = (int) $page; $items_removed = false; $items_retained = false; $comments = get_comments( array( 'author_email' => $email_address, 'number' => $number, 'paged' => $page, 'orderby' => 'comment_ID', 'order' => 'ASC', 'include_unapproved' => true, ) ); /* translators: Name of a comment's author after being anonymized. */ $anon_author = __( 'Anonymous' ); $messages = array(); foreach ( (array) $comments as $comment ) { $anonymized_comment = array(); $anonymized_comment['comment_agent'] = ''; $anonymized_comment['comment_author'] = $anon_author; $anonymized_comment['comment_author_email'] = ''; $anonymized_comment['comment_author_IP'] = wp_privacy_anonymize_data( 'ip', $comment->comment_author_IP ); $anonymized_comment['comment_author_url'] = ''; $anonymized_comment['user_id'] = 0; $comment_id = (int) $comment->comment_ID; /** * Filters whether to anonymize the comment. * * @since 4.9.6 * * @param bool|string $anon_message Whether to apply the comment anonymization (bool) or a custom * message (string). Default true. * @param WP_Comment $comment WP_Comment object. * @param array $anonymized_comment Anonymized comment data. */ $anon_message = apply_filters( 'wp_anonymize_comment', true, $comment, $anonymized_comment ); if ( true !== $anon_message ) { if ( $anon_message && is_string( $anon_message ) ) { $messages[] = esc_html( $anon_message ); } else { /* translators: %d: Comment ID. */ $messages[] = sprintf( __( 'Comment %d contains personal data but could not be anonymized.' ), $comment_id ); } $items_retained = true; continue; } $args = array( 'comment_ID' => $comment_id, ); $updated = $wpdb->update( $wpdb->comments, $anonymized_comment, $args ); if ( $updated ) { $items_removed = true; clean_comment_cache( $comment_id ); } else { $items_retained = true; } } $done = count( $comments ) < $number; return array( 'items_removed' => $items_removed, 'items_retained' => $items_retained, 'messages' => $messages, 'done' => $done, ); } /** * Sets the last changed time for the 'comment' cache group. * * @since 5.0.0 */ function wp_cache_set_comments_last_changed() { wp_cache_set_last_changed( 'comment' ); } /** * Updates the comment type for a batch of comments. * * @since 5.5.0 * * @global wpdb $wpdb WordPress database abstraction object. */ function _wp_batch_update_comment_type() { global $wpdb; $lock_name = 'update_comment_type.lock'; // Try to lock. $lock_result = $wpdb->query( $wpdb->prepare( "INSERT IGNORE INTO `$wpdb->options` ( `option_name`, `option_value`, `autoload` ) VALUES (%s, %s, 'no') /* LOCK */", $lock_name, time() ) ); if ( ! $lock_result ) { $lock_result = get_option( $lock_name ); // Bail if we were unable to create a lock, or if the existing lock is still valid. if ( ! $lock_result || ( $lock_result > ( time() - HOUR_IN_SECONDS ) ) ) { wp_schedule_single_event( time() + ( 5 * MINUTE_IN_SECONDS ), 'wp_update_comment_type_batch' ); return; } } // Update the lock, as by this point we've definitely got a lock, just need to fire the actions. update_option( $lock_name, time() ); // Check if there's still an empty comment type. $empty_comment_type = $wpdb->get_var( "SELECT comment_ID FROM $wpdb->comments WHERE comment_type = '' LIMIT 1" ); // No empty comment type, we're done here. if ( ! $empty_comment_type ) { update_option( 'finished_updating_comment_type', true ); delete_option( $lock_name ); return; } // Empty comment type found? We'll need to run this script again. wp_schedule_single_event( time() + ( 2 * MINUTE_IN_SECONDS ), 'wp_update_comment_type_batch' ); /** * Filters the comment batch size for updating the comment type. * * @since 5.5.0 * * @param int $comment_batch_size The comment batch size. Default 100. */ $comment_batch_size = (int) apply_filters( 'wp_update_comment_type_batch_size', 100 ); // Get the IDs of the comments to update. $comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_type = '' ORDER BY comment_ID DESC LIMIT %d", $comment_batch_size ) ); if ( $comment_ids ) { $comment_id_list = implode( ',', $comment_ids ); // Update the `comment_type` field value to be `comment` for the next batch of comments. $wpdb->query( "UPDATE {$wpdb->comments} SET comment_type = 'comment' WHERE comment_type = '' AND comment_ID IN ({$comment_id_list})" // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared ); // Make sure to clean the comment cache. clean_comment_cache( $comment_ids ); } delete_option( $lock_name ); } /** * In order to avoid the _wp_batch_update_comment_type() job being accidentally removed, * check that it's still scheduled while we haven't finished updating comment types. * * @ignore * @since 5.5.0 */ function _wp_check_for_scheduled_update_comment_type() { if ( ! get_option( 'finished_updating_comment_type' ) && ! wp_next_scheduled( 'wp_update_comment_type_batch' ) ) { wp_schedule_single_event( time() + MINUTE_IN_SECONDS, 'wp_update_comment_type_batch' ); } } /** * Register initial note status meta. * * @since 6.9.0 */ function wp_create_initial_comment_meta() { register_meta( 'comment', '_wp_note_status', array( 'type' => 'string', 'description' => __( 'Note resolution status' ), 'single' => true, 'show_in_rest' => array( 'schema' => array( 'type' => 'string', 'enum' => array( 'resolved', 'reopen' ), ), ), 'auth_callback' => function ( $allowed, $meta_key, $object_id ) { return current_user_can( 'edit_comment', $object_id ); }, ) ); } align.php 0000666 00000003254 15225166143 0006364 0 ustar 00 <?php /** * Align block support flag. * * @package WordPress * @since 5.6.0 */ /** * Registers the align block attribute for block types that support it. * * @since 5.6.0 * @access private * * @param WP_Block_Type $block_type Block Type. */ function wp_register_alignment_support( $block_type ) { $has_align_support = block_has_support( $block_type, 'align', false ); if ( $has_align_support ) { if ( ! $block_type->attributes ) { $block_type->attributes = array(); } if ( ! array_key_exists( 'align', $block_type->attributes ) ) { $block_type->attributes['align'] = array( 'type' => 'string', 'enum' => array( 'left', 'center', 'right', 'wide', 'full', '' ), ); } } } /** * Adds CSS classes for block alignment to the incoming attributes array. * This will be applied to the block markup in the front-end. * * @since 5.6.0 * @access private * * @param WP_Block_Type $block_type Block Type. * @param array $block_attributes Block attributes. * @return array Block alignment CSS classes and inline styles. */ function wp_apply_alignment_support( $block_type, $block_attributes ) { $attributes = array(); $has_align_support = block_has_support( $block_type, 'align', false ); if ( $has_align_support ) { $has_block_alignment = array_key_exists( 'align', $block_attributes ); if ( $has_block_alignment ) { $attributes['class'] = sprintf( 'align%s', $block_attributes['align'] ); } } return $attributes; } // Register the block support. WP_Block_Supports::get_instance()->register( 'align', array( 'register_attribute' => 'wp_register_alignment_support', 'apply' => 'wp_apply_alignment_support', ) ); https-detection-20260605034026.php 0000666 00000013341 15225166143 0011767 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } generated-classname.php 0000666 00000003321 15225166143 0011167 0 ustar 00 <?php /** * Generated classname block support flag. * * @package WordPress * @since 5.6.0 */ /** * Gets the generated classname from a given block name. * * @since 5.6.0 * * @access private * * @param string $block_name Block Name. * @return string Generated classname. */ function wp_get_block_default_classname( $block_name ) { // Generated HTML classes for blocks follow the `wp-block-{name}` nomenclature. // Blocks provided by WordPress drop the prefixes 'core/' or 'core-' (historically used in 'core-embed/'). $classname = 'wp-block-' . preg_replace( '/^core-/', '', str_replace( '/', '-', $block_name ) ); /** * Filters the default block className for server rendered blocks. * * @since 5.6.0 * * @param string $class_name The current applied classname. * @param string $block_name The block name. */ $classname = apply_filters( 'block_default_classname', $classname, $block_name ); return $classname; } /** * Adds the generated classnames to the output. * * @since 5.6.0 * * @access private * * @param WP_Block_Type $block_type Block Type. * @return array Block CSS classes and inline styles. */ function wp_apply_generated_classname_support( $block_type ) { $attributes = array(); $has_generated_classname_support = block_has_support( $block_type, 'className', true ); if ( $has_generated_classname_support ) { $block_classname = wp_get_block_default_classname( $block_type->name ); if ( $block_classname ) { $attributes['class'] = $block_classname; } } return $attributes; } // Register the block support. WP_Block_Supports::get_instance()->register( 'generated-classname', array( 'apply' => 'wp_apply_generated_classname_support', ) ); https-detection-20260605022840.php 0000666 00000013341 15225166143 0011770 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } spacing.php 0000666 00000005474 15225166143 0006724 0 ustar 00 <?php /** * Spacing block support flag. * * For backwards compatibility, this remains separate to the dimensions.php * block support despite both belonging under a single panel in the editor. * * @package WordPress * @since 5.8.0 */ /** * Registers the style block attribute for block types that support it. * * @since 5.8.0 * @access private * * @param WP_Block_Type $block_type Block Type. */ function wp_register_spacing_support( $block_type ) { $has_spacing_support = block_has_support( $block_type, 'spacing', false ); // Setup attributes and styles within that if needed. if ( ! $block_type->attributes ) { $block_type->attributes = array(); } if ( $has_spacing_support && ! array_key_exists( 'style', $block_type->attributes ) ) { $block_type->attributes['style'] = array( 'type' => 'object', ); } } /** * Adds CSS classes for block spacing to the incoming attributes array. * This will be applied to the block markup in the front-end. * * @since 5.8.0 * @since 6.1.0 Implemented the style engine to generate CSS and classnames. * @access private * * @param WP_Block_Type $block_type Block Type. * @param array $block_attributes Block attributes. * @return array Block spacing CSS classes and inline styles. */ function wp_apply_spacing_support( $block_type, $block_attributes ) { if ( wp_should_skip_block_supports_serialization( $block_type, 'spacing' ) ) { return array(); } $attributes = array(); $has_padding_support = block_has_support( $block_type, array( 'spacing', 'padding' ), false ); $has_margin_support = block_has_support( $block_type, array( 'spacing', 'margin' ), false ); $block_styles = isset( $block_attributes['style'] ) ? $block_attributes['style'] : null; if ( ! $block_styles ) { return $attributes; } $skip_padding = wp_should_skip_block_supports_serialization( $block_type, 'spacing', 'padding' ); $skip_margin = wp_should_skip_block_supports_serialization( $block_type, 'spacing', 'margin' ); $spacing_block_styles = array( 'padding' => null, 'margin' => null, ); if ( $has_padding_support && ! $skip_padding ) { $spacing_block_styles['padding'] = isset( $block_styles['spacing']['padding'] ) ? $block_styles['spacing']['padding'] : null; } if ( $has_margin_support && ! $skip_margin ) { $spacing_block_styles['margin'] = isset( $block_styles['spacing']['margin'] ) ? $block_styles['spacing']['margin'] : null; } $styles = wp_style_engine_get_styles( array( 'spacing' => $spacing_block_styles ) ); if ( ! empty( $styles['css'] ) ) { $attributes['style'] = $styles['css']; } return $attributes; } // Register the block support. WP_Block_Supports::get_instance()->register( 'spacing', array( 'register_attribute' => 'wp_register_spacing_support', 'apply' => 'wp_apply_spacing_support', ) ); embed-template.php 0000666 00000000522 15225166143 0010152 0 ustar 00 <?php /** * Back-compat placeholder for the base embed template * * @package WordPress * @subpackage oEmbed * @since 4.4.0 * @deprecated 4.5.0 Moved to wp-includes/theme-compat/embed.php */ _deprecated_file( basename( __FILE__ ), '4.5.0', WPINC . '/theme-compat/embed.php' ); require ABSPATH . WPINC . '/theme-compat/embed.php'; https-migration-20260605104451.php 0000666 00000011205 15225166143 0011777 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260606022324.php 0000666 00000011205 15225166143 0011776 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605091009.php 0000666 00000011205 15225166143 0012003 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } position.php 0000666 00000010361 15225166143 0007133 0 ustar 00 <?php /** * Position block support flag. * * @package WordPress * @since 6.2.0 */ /** * Registers the style block attribute for block types that support it. * * @since 6.2.0 * @access private * * @param WP_Block_Type $block_type Block Type. */ function wp_register_position_support( $block_type ) { $has_position_support = block_has_support( $block_type, 'position', false ); // Set up attributes and styles within that if needed. if ( ! $block_type->attributes ) { $block_type->attributes = array(); } if ( $has_position_support && ! array_key_exists( 'style', $block_type->attributes ) ) { $block_type->attributes['style'] = array( 'type' => 'object', ); } } /** * Renders position styles to the block wrapper. * * @since 6.2.0 * @access private * * @param string $block_content Rendered block content. * @param array $block Block object. * @return string Filtered block content. */ function wp_render_position_support( $block_content, $block ) { $block_type = WP_Block_Type_Registry::get_instance()->get_registered( $block['blockName'] ); $has_position_support = block_has_support( $block_type, 'position', false ); if ( ! $has_position_support || empty( $block['attrs']['style']['position'] ) ) { return $block_content; } $global_settings = wp_get_global_settings(); $theme_has_sticky_support = isset( $global_settings['position']['sticky'] ) ? $global_settings['position']['sticky'] : false; $theme_has_fixed_support = isset( $global_settings['position']['fixed'] ) ? $global_settings['position']['fixed'] : false; // Only allow output for position types that the theme supports. $allowed_position_types = array(); if ( true === $theme_has_sticky_support ) { $allowed_position_types[] = 'sticky'; } if ( true === $theme_has_fixed_support ) { $allowed_position_types[] = 'fixed'; } $style_attribute = isset( $block['attrs']['style'] ) ? $block['attrs']['style'] : null; $class_name = wp_unique_id( 'wp-container-' ); $selector = ".$class_name"; $position_styles = array(); $position_type = isset( $style_attribute['position']['type'] ) ? $style_attribute['position']['type'] : ''; $wrapper_classes = array(); if ( in_array( $position_type, $allowed_position_types, true ) ) { $wrapper_classes[] = $class_name; $wrapper_classes[] = 'is-position-' . $position_type; $sides = array( 'top', 'right', 'bottom', 'left' ); foreach ( $sides as $side ) { $side_value = isset( $style_attribute['position'][ $side ] ) ? $style_attribute['position'][ $side ] : null; if ( null !== $side_value ) { /* * For fixed or sticky top positions, * ensure the value includes an offset for the logged in admin bar. */ if ( 'top' === $side && ( 'fixed' === $position_type || 'sticky' === $position_type ) ) { // Ensure 0 values can be used in `calc()` calculations. if ( '0' === $side_value || 0 === $side_value ) { $side_value = '0px'; } // Ensure current side value also factors in the height of the logged in admin bar. $side_value = "calc($side_value + var(--wp-admin--admin-bar--position-offset, 0px))"; } $position_styles[] = array( 'selector' => $selector, 'declarations' => array( $side => $side_value, ), ); } } $position_styles[] = array( 'selector' => $selector, 'declarations' => array( 'position' => $position_type, 'z-index' => '10', ), ); } if ( ! empty( $position_styles ) ) { /* * Add to the style engine store to enqueue and render position styles. */ wp_style_engine_get_stylesheet_from_css_rules( $position_styles, array( 'context' => 'block-supports', 'prettify' => false, ) ); // Inject class name to block container markup. $content = new WP_HTML_Tag_Processor( $block_content ); $content->next_tag(); foreach ( $wrapper_classes as $class ) { $content->add_class( $class ); } return (string) $content; } return $block_content; } // Register the block support. WP_Block_Supports::get_instance()->register( 'position', array( 'register_attribute' => 'wp_register_position_support', ) ); add_filter( 'render_block', 'wp_render_position_support', 10, 2 ); border.php 0000666 00000014426 15225166143 0006552 0 ustar 00 <?php /** * Border block support flag. * * @package WordPress * @since 5.8.0 */ /** * Registers the style attribute used by the border feature if needed for block * types that support borders. * * @since 5.8.0 * @since 6.1.0 Improved conditional blocks optimization. * @access private * * @param WP_Block_Type $block_type Block Type. */ function wp_register_border_support( $block_type ) { // Setup attributes and styles within that if needed. if ( ! $block_type->attributes ) { $block_type->attributes = array(); } if ( block_has_support( $block_type, '__experimentalBorder' ) && ! array_key_exists( 'style', $block_type->attributes ) ) { $block_type->attributes['style'] = array( 'type' => 'object', ); } if ( wp_has_border_feature_support( $block_type, 'color' ) && ! array_key_exists( 'borderColor', $block_type->attributes ) ) { $block_type->attributes['borderColor'] = array( 'type' => 'string', ); } } /** * Adds CSS classes and inline styles for border styles to the incoming * attributes array. This will be applied to the block markup in the front-end. * * @since 5.8.0 * @since 6.1.0 Implemented the style engine to generate CSS and classnames. * @access private * * @param WP_Block_Type $block_type Block type. * @param array $block_attributes Block attributes. * @return array Border CSS classes and inline styles. */ function wp_apply_border_support( $block_type, $block_attributes ) { if ( wp_should_skip_block_supports_serialization( $block_type, 'border' ) ) { return array(); } $border_block_styles = array(); $has_border_color_support = wp_has_border_feature_support( $block_type, 'color' ); $has_border_width_support = wp_has_border_feature_support( $block_type, 'width' ); // Border radius. if ( wp_has_border_feature_support( $block_type, 'radius' ) && isset( $block_attributes['style']['border']['radius'] ) && ! wp_should_skip_block_supports_serialization( $block_type, '__experimentalBorder', 'radius' ) ) { $border_radius = $block_attributes['style']['border']['radius']; if ( is_numeric( $border_radius ) ) { $border_radius .= 'px'; } $border_block_styles['radius'] = $border_radius; } // Border style. if ( wp_has_border_feature_support( $block_type, 'style' ) && isset( $block_attributes['style']['border']['style'] ) && ! wp_should_skip_block_supports_serialization( $block_type, '__experimentalBorder', 'style' ) ) { $border_block_styles['style'] = $block_attributes['style']['border']['style']; } // Border width. if ( $has_border_width_support && isset( $block_attributes['style']['border']['width'] ) && ! wp_should_skip_block_supports_serialization( $block_type, '__experimentalBorder', 'width' ) ) { $border_width = $block_attributes['style']['border']['width']; // This check handles original unitless implementation. if ( is_numeric( $border_width ) ) { $border_width .= 'px'; } $border_block_styles['width'] = $border_width; } // Border color. if ( $has_border_color_support && ! wp_should_skip_block_supports_serialization( $block_type, '__experimentalBorder', 'color' ) ) { $preset_border_color = array_key_exists( 'borderColor', $block_attributes ) ? "var:preset|color|{$block_attributes['borderColor']}" : null; $custom_border_color = isset( $block_attributes['style']['border']['color'] ) ? $block_attributes['style']['border']['color'] : null; $border_block_styles['color'] = $preset_border_color ? $preset_border_color : $custom_border_color; } // Generates styles for individual border sides. if ( $has_border_color_support || $has_border_width_support ) { foreach ( array( 'top', 'right', 'bottom', 'left' ) as $side ) { $border = isset( $block_attributes['style']['border'][ $side ] ) ? $block_attributes['style']['border'][ $side ] : null; $border_side_values = array( 'width' => isset( $border['width'] ) && ! wp_should_skip_block_supports_serialization( $block_type, '__experimentalBorder', 'width' ) ? $border['width'] : null, 'color' => isset( $border['color'] ) && ! wp_should_skip_block_supports_serialization( $block_type, '__experimentalBorder', 'color' ) ? $border['color'] : null, 'style' => isset( $border['style'] ) && ! wp_should_skip_block_supports_serialization( $block_type, '__experimentalBorder', 'style' ) ? $border['style'] : null, ); $border_block_styles[ $side ] = $border_side_values; } } // Collect classes and styles. $attributes = array(); $styles = wp_style_engine_get_styles( array( 'border' => $border_block_styles ) ); if ( ! empty( $styles['classnames'] ) ) { $attributes['class'] = $styles['classnames']; } if ( ! empty( $styles['css'] ) ) { $attributes['style'] = $styles['css']; } return $attributes; } /** * Checks whether the current block type supports the border feature requested. * * If the `__experimentalBorder` support flag is a boolean `true` all border * support features are available. Otherwise, the specific feature's support * flag nested under `experimentalBorder` must be enabled for the feature * to be opted into. * * @since 5.8.0 * @access private * * @param WP_Block_Type $block_type Block type to check for support. * @param string $feature Name of the feature to check support for. * @param mixed $default_value Fallback value for feature support, defaults to false. * @return bool Whether the feature is supported. */ function wp_has_border_feature_support( $block_type, $feature, $default_value = false ) { // Check if all border support features have been opted into via `"__experimentalBorder": true`. if ( $block_type instanceof WP_Block_Type ) { $block_type_supports_border = isset( $block_type->supports['__experimentalBorder'] ) ? $block_type->supports['__experimentalBorder'] : $default_value; if ( true === $block_type_supports_border ) { return true; } } // Check if the specific feature has been opted into individually // via nested flag under `__experimentalBorder`. return block_has_support( $block_type, array( '__experimentalBorder', $feature ), $default_value ); } // Register the block support. WP_Block_Supports::get_instance()->register( 'border', array( 'register_attribute' => 'wp_register_border_support', 'apply' => 'wp_apply_border_support', ) ); https-detection-20260605073942.php 0000666 00000013341 15225166143 0012001 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } string.php 0000666 00000020233 15225166143 0006574 0 ustar 00 <?php /** * Parses unified or context diffs output from eg. the diff utility. * * Example: * <code> * $patch = file_get_contents('example.patch'); * $diff = new Text_Diff('string', array($patch)); * $renderer = new Text_Diff_Renderer_inline(); * echo $renderer->render($diff); * </code> * * Copyright 2005 Örjan Persson <o@42mm.org> * Copyright 2005-2010 The Horde Project (http://www.horde.org/) * * See the enclosed file COPYING for license information (LGPL). If you did * not receive this file, see https://opensource.org/license/lgpl-2-1/. * * @author Örjan Persson <o@42mm.org> * @package Text_Diff * @since 0.2.0 */ class Text_Diff_Engine_string { /** * Parses a unified or context diff. * * First param contains the whole diff and the second can be used to force * a specific diff type. If the second parameter is 'autodetect', the * diff will be examined to find out which type of diff this is. * * @param string $diff The diff content. * @param string $mode The diff mode of the content in $diff. One of * 'context', 'unified', or 'autodetect'. * * @return array List of all diff operations. */ function diff($diff, $mode = 'autodetect') { // Detect line breaks. $lnbr = "\n"; if (strpos($diff, "\r\n") !== false) { $lnbr = "\r\n"; } elseif (strpos($diff, "\r") !== false) { $lnbr = "\r"; } // Make sure we have a line break at the EOF. if (substr($diff, -strlen($lnbr)) != $lnbr) { $diff .= $lnbr; } if ($mode != 'autodetect' && $mode != 'context' && $mode != 'unified') { return PEAR::raiseError('Type of diff is unsupported'); } if ($mode == 'autodetect') { $context = strpos($diff, '***'); $unified = strpos($diff, '---'); if ($context === $unified) { return PEAR::raiseError('Type of diff could not be detected'); } elseif ($context === false || $unified === false) { $mode = $context !== false ? 'context' : 'unified'; } else { $mode = $context < $unified ? 'context' : 'unified'; } } // Split by new line and remove the diff header, if there is one. $diff = explode($lnbr, $diff); if (($mode == 'context' && strpos($diff[0], '***') === 0) || ($mode == 'unified' && strpos($diff[0], '---') === 0)) { array_shift($diff); array_shift($diff); } if ($mode == 'context') { return $this->parseContextDiff($diff); } else { return $this->parseUnifiedDiff($diff); } } /** * Parses an array containing the unified diff. * * @param array $diff Array of lines. * * @return array List of all diff operations. */ function parseUnifiedDiff($diff) { $edits = array(); $end = count($diff) - 1; for ($i = 0; $i < $end;) { $diff1 = array(); switch (substr($diff[$i], 0, 1)) { case ' ': do { $diff1[] = substr($diff[$i], 1); } while (++$i < $end && substr($diff[$i], 0, 1) == ' '); $edits[] = new Text_Diff_Op_copy($diff1); break; case '+': // get all new lines do { $diff1[] = substr($diff[$i], 1); } while (++$i < $end && substr($diff[$i], 0, 1) == '+'); $edits[] = new Text_Diff_Op_add($diff1); break; case '-': // get changed or removed lines $diff2 = array(); do { $diff1[] = substr($diff[$i], 1); } while (++$i < $end && substr($diff[$i], 0, 1) == '-'); while ($i < $end && substr($diff[$i], 0, 1) == '+') { $diff2[] = substr($diff[$i++], 1); } if (count($diff2) == 0) { $edits[] = new Text_Diff_Op_delete($diff1); } else { $edits[] = new Text_Diff_Op_change($diff1, $diff2); } break; default: $i++; break; } } return $edits; } /** * Parses an array containing the context diff. * * @param array $diff Array of lines. * * @return array List of all diff operations. */ function parseContextDiff(&$diff) { $edits = array(); $i = $max_i = $j = $max_j = 0; $end = count($diff) - 1; while ($i < $end && $j < $end) { while ($i >= $max_i && $j >= $max_j) { // Find the boundaries of the diff output of the two files for ($i = $j; $i < $end && substr($diff[$i], 0, 3) == '***'; $i++); for ($max_i = $i; $max_i < $end && substr($diff[$max_i], 0, 3) != '---'; $max_i++); for ($j = $max_i; $j < $end && substr($diff[$j], 0, 3) == '---'; $j++); for ($max_j = $j; $max_j < $end && substr($diff[$max_j], 0, 3) != '***'; $max_j++); } // find what hasn't been changed $array = array(); while ($i < $max_i && $j < $max_j && strcmp($diff[$i], $diff[$j]) == 0) { $array[] = substr($diff[$i], 2); $i++; $j++; } while ($i < $max_i && ($max_j-$j) <= 1) { if ($diff[$i] != '' && substr($diff[$i], 0, 1) != ' ') { break; } $array[] = substr($diff[$i++], 2); } while ($j < $max_j && ($max_i-$i) <= 1) { if ($diff[$j] != '' && substr($diff[$j], 0, 1) != ' ') { break; } $array[] = substr($diff[$j++], 2); } if (count($array) > 0) { $edits[] = new Text_Diff_Op_copy($array); } if ($i < $max_i) { $diff1 = array(); switch (substr($diff[$i], 0, 1)) { case '!': $diff2 = array(); do { $diff1[] = substr($diff[$i], 2); if ($j < $max_j && substr($diff[$j], 0, 1) == '!') { $diff2[] = substr($diff[$j++], 2); } } while (++$i < $max_i && substr($diff[$i], 0, 1) == '!'); $edits[] = new Text_Diff_Op_change($diff1, $diff2); break; case '+': do { $diff1[] = substr($diff[$i], 2); } while (++$i < $max_i && substr($diff[$i], 0, 1) == '+'); $edits[] = new Text_Diff_Op_add($diff1); break; case '-': do { $diff1[] = substr($diff[$i], 2); } while (++$i < $max_i && substr($diff[$i], 0, 1) == '-'); $edits[] = new Text_Diff_Op_delete($diff1); break; } } if ($j < $max_j) { $diff2 = array(); switch (substr($diff[$j], 0, 1)) { case '+': do { $diff2[] = substr($diff[$j++], 2); } while ($j < $max_j && substr($diff[$j], 0, 1) == '+'); $edits[] = new Text_Diff_Op_add($diff2); break; case '-': do { $diff2[] = substr($diff[$j++], 2); } while ($j < $max_j && substr($diff[$j], 0, 1) == '-'); $edits[] = new Text_Diff_Op_delete($diff2); break; } } } return $edits; } } https-detection-20260605172432.php 0000666 00000013341 15225166143 0011773 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } layout.php 0000666 00000115773 15225166143 0006621 0 ustar 00 <?php /** * Layout block support flag. * * @package WordPress * @since 5.8.0 */ /** * Returns layout definitions, keyed by layout type. * * Provides a common definition of slugs, classnames, base styles, and spacing styles for each layout type. * When making changes or additions to layout definitions, the corresponding JavaScript definitions should * also be updated. * * @since 6.3.0 * @since 6.6.0 Updated specificity for compatibility with 0-1-0 global styles specificity. * @access private * * @return array[] Layout definitions. */ function wp_get_layout_definitions() { $layout_definitions = array( 'default' => array( 'name' => 'default', 'slug' => 'flow', 'className' => 'is-layout-flow', 'baseStyles' => array( array( 'selector' => ' > .alignleft', 'rules' => array( 'float' => 'left', 'margin-inline-start' => '0', 'margin-inline-end' => '2em', ), ), array( 'selector' => ' > .alignright', 'rules' => array( 'float' => 'right', 'margin-inline-start' => '2em', 'margin-inline-end' => '0', ), ), array( 'selector' => ' > .aligncenter', 'rules' => array( 'margin-left' => 'auto !important', 'margin-right' => 'auto !important', ), ), ), 'spacingStyles' => array( array( 'selector' => ' > :first-child', 'rules' => array( 'margin-block-start' => '0', ), ), array( 'selector' => ' > :last-child', 'rules' => array( 'margin-block-end' => '0', ), ), array( 'selector' => ' > *', 'rules' => array( 'margin-block-start' => null, 'margin-block-end' => '0', ), ), ), ), 'constrained' => array( 'name' => 'constrained', 'slug' => 'constrained', 'className' => 'is-layout-constrained', 'baseStyles' => array( array( 'selector' => ' > .alignleft', 'rules' => array( 'float' => 'left', 'margin-inline-start' => '0', 'margin-inline-end' => '2em', ), ), array( 'selector' => ' > .alignright', 'rules' => array( 'float' => 'right', 'margin-inline-start' => '2em', 'margin-inline-end' => '0', ), ), array( 'selector' => ' > .aligncenter', 'rules' => array( 'margin-left' => 'auto !important', 'margin-right' => 'auto !important', ), ), array( 'selector' => ' > :where(:not(.alignleft):not(.alignright):not(.alignfull))', 'rules' => array( 'max-width' => 'var(--wp--style--global--content-size)', 'margin-left' => 'auto !important', 'margin-right' => 'auto !important', ), ), array( 'selector' => ' > .alignwide', 'rules' => array( 'max-width' => 'var(--wp--style--global--wide-size)', ), ), ), 'spacingStyles' => array( array( 'selector' => ' > :first-child', 'rules' => array( 'margin-block-start' => '0', ), ), array( 'selector' => ' > :last-child', 'rules' => array( 'margin-block-end' => '0', ), ), array( 'selector' => ' > *', 'rules' => array( 'margin-block-start' => null, 'margin-block-end' => '0', ), ), ), ), 'flex' => array( 'name' => 'flex', 'slug' => 'flex', 'className' => 'is-layout-flex', 'displayMode' => 'flex', 'baseStyles' => array( array( 'selector' => '', 'rules' => array( 'flex-wrap' => 'wrap', 'align-items' => 'center', ), ), array( 'selector' => ' > :is(*, div)', // :is(*, div) instead of just * increases the specificity by 001. 'rules' => array( 'margin' => '0', ), ), ), 'spacingStyles' => array( array( 'selector' => '', 'rules' => array( 'gap' => null, ), ), ), ), 'grid' => array( 'name' => 'grid', 'slug' => 'grid', 'className' => 'is-layout-grid', 'displayMode' => 'grid', 'baseStyles' => array( array( 'selector' => ' > :is(*, div)', // :is(*, div) instead of just * increases the specificity by 001. 'rules' => array( 'margin' => '0', ), ), ), 'spacingStyles' => array( array( 'selector' => '', 'rules' => array( 'gap' => null, ), ), ), ), ); return $layout_definitions; } /** * Registers the layout block attribute for block types that support it. * * @since 5.8.0 * @since 6.3.0 Check for layout support via the `layout` key with fallback to `__experimentalLayout`. * @access private * * @param WP_Block_Type $block_type Block Type. */ function wp_register_layout_support( $block_type ) { $support_layout = block_has_support( $block_type, 'layout', false ) || block_has_support( $block_type, '__experimentalLayout', false ); if ( $support_layout ) { if ( ! $block_type->attributes ) { $block_type->attributes = array(); } if ( ! array_key_exists( 'layout', $block_type->attributes ) ) { $block_type->attributes['layout'] = array( 'type' => 'object', ); } } } /** * Generates the CSS corresponding to the provided layout. * * @since 5.9.0 * @since 6.1.0 Added `$block_spacing` param, use style engine to enqueue styles. * @since 6.3.0 Added grid layout type. * @since 6.6.0 Removed duplicated selector from layout styles. * Enabled negative margins for alignfull children of blocks with custom padding. * @access private * * @param string $selector CSS selector. * @param array $layout Layout object. The one that is passed has already checked * the existence of default block layout. * @param bool $has_block_gap_support Optional. Whether the theme has support for the block gap. Default false. * @param string|string[]|null $gap_value Optional. The block gap value to apply. Default null. * @param bool $should_skip_gap_serialization Optional. Whether to skip applying the user-defined value set in the editor. Default false. * @param string $fallback_gap_value Optional. The block gap value to apply. Default '0.5em'. * @param array|null $block_spacing Optional. Custom spacing set on the block. Default null. * @return string CSS styles on success. Else, empty string. */ function wp_get_layout_style( $selector, $layout, $has_block_gap_support = false, $gap_value = null, $should_skip_gap_serialization = false, $fallback_gap_value = '0.5em', $block_spacing = null ) { $layout_type = isset( $layout['type'] ) ? $layout['type'] : 'default'; $layout_styles = array(); if ( 'default' === $layout_type ) { if ( $has_block_gap_support ) { if ( is_array( $gap_value ) ) { $gap_value = isset( $gap_value['top'] ) ? $gap_value['top'] : null; } if ( null !== $gap_value && ! $should_skip_gap_serialization ) { // Get spacing CSS variable from preset value if provided. if ( is_string( $gap_value ) && str_contains( $gap_value, 'var:preset|spacing|' ) ) { $index_to_splice = strrpos( $gap_value, '|' ) + 1; $slug = _wp_to_kebab_case( substr( $gap_value, $index_to_splice ) ); $gap_value = "var(--wp--preset--spacing--$slug)"; } array_push( $layout_styles, array( 'selector' => "$selector > *", 'declarations' => array( 'margin-block-start' => '0', 'margin-block-end' => '0', ), ), array( 'selector' => "$selector > * + *", 'declarations' => array( 'margin-block-start' => $gap_value, 'margin-block-end' => '0', ), ) ); } } } elseif ( 'constrained' === $layout_type ) { $content_size = isset( $layout['contentSize'] ) ? $layout['contentSize'] : ''; $wide_size = isset( $layout['wideSize'] ) ? $layout['wideSize'] : ''; $justify_content = isset( $layout['justifyContent'] ) ? $layout['justifyContent'] : 'center'; $all_max_width_value = $content_size ? $content_size : $wide_size; $wide_max_width_value = $wide_size ? $wide_size : $content_size; // Make sure there is a single CSS rule, and all tags are stripped for security. $all_max_width_value = safecss_filter_attr( explode( ';', $all_max_width_value )[0] ); $wide_max_width_value = safecss_filter_attr( explode( ';', $wide_max_width_value )[0] ); $margin_left = 'left' === $justify_content ? '0 !important' : 'auto !important'; $margin_right = 'right' === $justify_content ? '0 !important' : 'auto !important'; if ( $content_size || $wide_size ) { array_push( $layout_styles, array( 'selector' => "$selector > :where(:not(.alignleft):not(.alignright):not(.alignfull))", 'declarations' => array( 'max-width' => $all_max_width_value, 'margin-left' => $margin_left, 'margin-right' => $margin_right, ), ), array( 'selector' => "$selector > .alignwide", 'declarations' => array( 'max-width' => $wide_max_width_value ), ), array( 'selector' => "$selector .alignfull", 'declarations' => array( 'max-width' => 'none' ), ) ); } if ( isset( $block_spacing ) ) { $block_spacing_values = wp_style_engine_get_styles( array( 'spacing' => $block_spacing, ) ); /* * Handle negative margins for alignfull children of blocks with custom padding set. * They're added separately because padding might only be set on one side. */ if ( isset( $block_spacing_values['declarations']['padding-right'] ) ) { $padding_right = $block_spacing_values['declarations']['padding-right']; // Add unit if 0. if ( '0' === $padding_right ) { $padding_right = '0px'; } $layout_styles[] = array( 'selector' => "$selector > .alignfull", 'declarations' => array( 'margin-right' => "calc($padding_right * -1)" ), ); } if ( isset( $block_spacing_values['declarations']['padding-left'] ) ) { $padding_left = $block_spacing_values['declarations']['padding-left']; // Add unit if 0. if ( '0' === $padding_left ) { $padding_left = '0px'; } $layout_styles[] = array( 'selector' => "$selector > .alignfull", 'declarations' => array( 'margin-left' => "calc($padding_left * -1)" ), ); } } if ( 'left' === $justify_content ) { $layout_styles[] = array( 'selector' => "$selector > :where(:not(.alignleft):not(.alignright):not(.alignfull))", 'declarations' => array( 'margin-left' => '0 !important' ), ); } if ( 'right' === $justify_content ) { $layout_styles[] = array( 'selector' => "$selector > :where(:not(.alignleft):not(.alignright):not(.alignfull))", 'declarations' => array( 'margin-right' => '0 !important' ), ); } if ( $has_block_gap_support ) { if ( is_array( $gap_value ) ) { $gap_value = isset( $gap_value['top'] ) ? $gap_value['top'] : null; } if ( null !== $gap_value && ! $should_skip_gap_serialization ) { // Get spacing CSS variable from preset value if provided. if ( is_string( $gap_value ) && str_contains( $gap_value, 'var:preset|spacing|' ) ) { $index_to_splice = strrpos( $gap_value, '|' ) + 1; $slug = _wp_to_kebab_case( substr( $gap_value, $index_to_splice ) ); $gap_value = "var(--wp--preset--spacing--$slug)"; } array_push( $layout_styles, array( 'selector' => "$selector > *", 'declarations' => array( 'margin-block-start' => '0', 'margin-block-end' => '0', ), ), array( 'selector' => "$selector > * + *", 'declarations' => array( 'margin-block-start' => $gap_value, 'margin-block-end' => '0', ), ) ); } } } elseif ( 'flex' === $layout_type ) { $layout_orientation = isset( $layout['orientation'] ) ? $layout['orientation'] : 'horizontal'; $justify_content_options = array( 'left' => 'flex-start', 'right' => 'flex-end', 'center' => 'center', ); $vertical_alignment_options = array( 'top' => 'flex-start', 'center' => 'center', 'bottom' => 'flex-end', ); if ( 'horizontal' === $layout_orientation ) { $justify_content_options += array( 'space-between' => 'space-between' ); $vertical_alignment_options += array( 'stretch' => 'stretch' ); } else { $justify_content_options += array( 'stretch' => 'stretch' ); $vertical_alignment_options += array( 'space-between' => 'space-between' ); } if ( ! empty( $layout['flexWrap'] ) && 'nowrap' === $layout['flexWrap'] ) { $layout_styles[] = array( 'selector' => $selector, 'declarations' => array( 'flex-wrap' => 'nowrap' ), ); } if ( $has_block_gap_support && isset( $gap_value ) ) { $combined_gap_value = ''; $gap_sides = is_array( $gap_value ) ? array( 'top', 'left' ) : array( 'top' ); foreach ( $gap_sides as $gap_side ) { $process_value = $gap_value; if ( is_array( $gap_value ) ) { $process_value = isset( $gap_value[ $gap_side ] ) ? $gap_value[ $gap_side ] : $fallback_gap_value; } // Get spacing CSS variable from preset value if provided. if ( is_string( $process_value ) && str_contains( $process_value, 'var:preset|spacing|' ) ) { $index_to_splice = strrpos( $process_value, '|' ) + 1; $slug = _wp_to_kebab_case( substr( $process_value, $index_to_splice ) ); $process_value = "var(--wp--preset--spacing--$slug)"; } $combined_gap_value .= "$process_value "; } $gap_value = trim( $combined_gap_value ); if ( null !== $gap_value && ! $should_skip_gap_serialization ) { $layout_styles[] = array( 'selector' => $selector, 'declarations' => array( 'gap' => $gap_value ), ); } } if ( 'horizontal' === $layout_orientation ) { /* * Add this style only if is not empty for backwards compatibility, * since we intend to convert blocks that had flex layout implemented * by custom css. */ if ( ! empty( $layout['justifyContent'] ) && array_key_exists( $layout['justifyContent'], $justify_content_options ) ) { $layout_styles[] = array( 'selector' => $selector, 'declarations' => array( 'justify-content' => $justify_content_options[ $layout['justifyContent'] ] ), ); } if ( ! empty( $layout['verticalAlignment'] ) && array_key_exists( $layout['verticalAlignment'], $vertical_alignment_options ) ) { $layout_styles[] = array( 'selector' => $selector, 'declarations' => array( 'align-items' => $vertical_alignment_options[ $layout['verticalAlignment'] ] ), ); } } else { $layout_styles[] = array( 'selector' => $selector, 'declarations' => array( 'flex-direction' => 'column' ), ); if ( ! empty( $layout['justifyContent'] ) && array_key_exists( $layout['justifyContent'], $justify_content_options ) ) { $layout_styles[] = array( 'selector' => $selector, 'declarations' => array( 'align-items' => $justify_content_options[ $layout['justifyContent'] ] ), ); } else { $layout_styles[] = array( 'selector' => $selector, 'declarations' => array( 'align-items' => 'flex-start' ), ); } if ( ! empty( $layout['verticalAlignment'] ) && array_key_exists( $layout['verticalAlignment'], $vertical_alignment_options ) ) { $layout_styles[] = array( 'selector' => $selector, 'declarations' => array( 'justify-content' => $vertical_alignment_options[ $layout['verticalAlignment'] ] ), ); } } } elseif ( 'grid' === $layout_type ) { if ( ! empty( $layout['columnCount'] ) ) { $layout_styles[] = array( 'selector' => $selector, 'declarations' => array( 'grid-template-columns' => 'repeat(' . $layout['columnCount'] . ', minmax(0, 1fr))' ), ); } else { $minimum_column_width = ! empty( $layout['minimumColumnWidth'] ) ? $layout['minimumColumnWidth'] : '12rem'; $layout_styles[] = array( 'selector' => $selector, 'declarations' => array( 'grid-template-columns' => 'repeat(auto-fill, minmax(min(' . $minimum_column_width . ', 100%), 1fr))', 'container-type' => 'inline-size', ), ); } if ( $has_block_gap_support && isset( $gap_value ) ) { $combined_gap_value = ''; $gap_sides = is_array( $gap_value ) ? array( 'top', 'left' ) : array( 'top' ); foreach ( $gap_sides as $gap_side ) { $process_value = $gap_value; if ( is_array( $gap_value ) ) { $process_value = isset( $gap_value[ $gap_side ] ) ? $gap_value[ $gap_side ] : $fallback_gap_value; } // Get spacing CSS variable from preset value if provided. if ( is_string( $process_value ) && str_contains( $process_value, 'var:preset|spacing|' ) ) { $index_to_splice = strrpos( $process_value, '|' ) + 1; $slug = _wp_to_kebab_case( substr( $process_value, $index_to_splice ) ); $process_value = "var(--wp--preset--spacing--$slug)"; } $combined_gap_value .= "$process_value "; } $gap_value = trim( $combined_gap_value ); if ( null !== $gap_value && ! $should_skip_gap_serialization ) { $layout_styles[] = array( 'selector' => $selector, 'declarations' => array( 'gap' => $gap_value ), ); } } } if ( ! empty( $layout_styles ) ) { /* * Add to the style engine store to enqueue and render layout styles. * Return compiled layout styles to retain backwards compatibility. * Since https://github.com/WordPress/gutenberg/pull/42452, * wp_enqueue_block_support_styles is no longer called in this block supports file. */ return wp_style_engine_get_stylesheet_from_css_rules( $layout_styles, array( 'context' => 'block-supports', 'prettify' => false, ) ); } return ''; } /** * Renders the layout config to the block wrapper. * * @since 5.8.0 * @since 6.3.0 Adds compound class to layout wrapper for global spacing styles. * @since 6.3.0 Check for layout support via the `layout` key with fallback to `__experimentalLayout`. * @since 6.6.0 Removed duplicate container class from layout styles. * @access private * * @param string $block_content Rendered block content. * @param array $block Block object. * @return string Filtered block content. */ function wp_render_layout_support_flag( $block_content, $block ) { $block_type = WP_Block_Type_Registry::get_instance()->get_registered( $block['blockName'] ); $block_supports_layout = block_has_support( $block_type, 'layout', false ) || block_has_support( $block_type, '__experimentalLayout', false ); $child_layout = isset( $block['attrs']['style']['layout'] ) ? $block['attrs']['style']['layout'] : null; if ( ! $block_supports_layout && ! $child_layout ) { return $block_content; } $outer_class_names = array(); // Child layout specific logic. if ( $child_layout ) { /* * Generates a unique class for child block layout styles. * * To ensure consistent class generation across different page renders, * only properties that affect layout styling are used. These properties * come from `$block['attrs']['style']['layout']` and `$block['parentLayout']`. * * As long as these properties coincide, the generated class will be the same. */ $container_content_class = wp_unique_id_from_values( array( 'layout' => array_intersect_key( $block['attrs']['style']['layout'] ?? array(), array_flip( array( 'selfStretch', 'flexSize', 'columnStart', 'columnSpan', 'rowStart', 'rowSpan' ) ) ), 'parentLayout' => array_intersect_key( $block['parentLayout'] ?? array(), array_flip( array( 'minimumColumnWidth', 'columnCount' ) ) ), ), 'wp-container-content-' ); $child_layout_declarations = array(); $child_layout_styles = array(); $self_stretch = isset( $child_layout['selfStretch'] ) ? $child_layout['selfStretch'] : null; if ( 'fixed' === $self_stretch && isset( $child_layout['flexSize'] ) ) { $child_layout_declarations['flex-basis'] = $child_layout['flexSize']; $child_layout_declarations['box-sizing'] = 'border-box'; } elseif ( 'fill' === $self_stretch ) { $child_layout_declarations['flex-grow'] = '1'; } if ( isset( $child_layout['columnSpan'] ) ) { $column_span = $child_layout['columnSpan']; $child_layout_declarations['grid-column'] = "span $column_span"; } if ( isset( $child_layout['rowSpan'] ) ) { $row_span = $child_layout['rowSpan']; $child_layout_declarations['grid-row'] = "span $row_span"; } $child_layout_styles[] = array( 'selector' => ".$container_content_class", 'declarations' => $child_layout_declarations, ); /* * If columnSpan is set, and the parent grid is responsive, i.e. if it has a minimumColumnWidth set, * the columnSpan should be removed on small grids. If there's a minimumColumnWidth, the grid is responsive. * But if the minimumColumnWidth value wasn't changed, it won't be set. In that case, if columnCount doesn't * exist, we can assume that the grid is responsive. */ if ( isset( $child_layout['columnSpan'] ) && ( isset( $block['parentLayout']['minimumColumnWidth'] ) || ! isset( $block['parentLayout']['columnCount'] ) ) ) { $column_span_number = floatval( $child_layout['columnSpan'] ); $parent_column_width = isset( $block['parentLayout']['minimumColumnWidth'] ) ? $block['parentLayout']['minimumColumnWidth'] : '12rem'; $parent_column_value = floatval( $parent_column_width ); $parent_column_unit = explode( $parent_column_value, $parent_column_width ); /* * If there is no unit, the width has somehow been mangled so we reset both unit and value * to defaults. * Additionally, the unit should be one of px, rem or em, so that also needs to be checked. */ if ( count( $parent_column_unit ) <= 1 ) { $parent_column_unit = 'rem'; $parent_column_value = 12; } else { $parent_column_unit = $parent_column_unit[1]; if ( ! in_array( $parent_column_unit, array( 'px', 'rem', 'em' ), true ) ) { $parent_column_unit = 'rem'; } } /* * A default gap value is used for this computation because custom gap values may not be * viable to use in the computation of the container query value. */ $default_gap_value = 'px' === $parent_column_unit ? 24 : 1.5; $container_query_value = $column_span_number * $parent_column_value + ( $column_span_number - 1 ) * $default_gap_value; $container_query_value = $container_query_value . $parent_column_unit; $child_layout_styles[] = array( 'rules_group' => "@container (max-width: $container_query_value )", 'selector' => ".$container_content_class", 'declarations' => array( 'grid-column' => '1/-1', ), ); } /* * Add to the style engine store to enqueue and render layout styles. * Return styles here just to check if any exist. */ $child_css = wp_style_engine_get_stylesheet_from_css_rules( $child_layout_styles, array( 'context' => 'block-supports', 'prettify' => false, ) ); if ( $child_css ) { $outer_class_names[] = $container_content_class; } } // Prep the processor for modifying the block output. $processor = new WP_HTML_Tag_Processor( $block_content ); // Having no tags implies there are no tags onto which to add class names. if ( ! $processor->next_tag() ) { return $block_content; } /* * A block may not support layout but still be affected by a parent block's layout. * * In these cases add the appropriate class names and then return early; there's * no need to investigate on this block whether additional layout constraints apply. */ if ( ! $block_supports_layout && ! empty( $outer_class_names ) ) { foreach ( $outer_class_names as $class_name ) { $processor->add_class( $class_name ); } return $processor->get_updated_html(); } elseif ( ! $block_supports_layout ) { // Ensure layout classnames are not injected if there is no layout support. return $block_content; } $global_settings = wp_get_global_settings(); $fallback_layout = isset( $block_type->supports['layout']['default'] ) ? $block_type->supports['layout']['default'] : array(); if ( empty( $fallback_layout ) ) { $fallback_layout = isset( $block_type->supports['__experimentalLayout']['default'] ) ? $block_type->supports['__experimentalLayout']['default'] : array(); } $used_layout = isset( $block['attrs']['layout'] ) ? $block['attrs']['layout'] : $fallback_layout; $class_names = array(); $layout_definitions = wp_get_layout_definitions(); // Set the correct layout type for blocks using legacy content width. if ( isset( $used_layout['inherit'] ) && $used_layout['inherit'] || isset( $used_layout['contentSize'] ) && $used_layout['contentSize'] ) { $used_layout['type'] = 'constrained'; } $root_padding_aware_alignments = isset( $global_settings['useRootPaddingAwareAlignments'] ) ? $global_settings['useRootPaddingAwareAlignments'] : false; if ( $root_padding_aware_alignments && isset( $used_layout['type'] ) && 'constrained' === $used_layout['type'] ) { $class_names[] = 'has-global-padding'; } /* * The following section was added to reintroduce a small set of layout classnames that were * removed in the 5.9 release (https://github.com/WordPress/gutenberg/issues/38719). It is * not intended to provide an extended set of classes to match all block layout attributes * here. */ if ( ! empty( $block['attrs']['layout']['orientation'] ) ) { $class_names[] = 'is-' . sanitize_title( $block['attrs']['layout']['orientation'] ); } if ( ! empty( $block['attrs']['layout']['justifyContent'] ) ) { $class_names[] = 'is-content-justification-' . sanitize_title( $block['attrs']['layout']['justifyContent'] ); } if ( ! empty( $block['attrs']['layout']['flexWrap'] ) && 'nowrap' === $block['attrs']['layout']['flexWrap'] ) { $class_names[] = 'is-nowrap'; } // Get classname for layout type. if ( isset( $used_layout['type'] ) ) { $layout_classname = isset( $layout_definitions[ $used_layout['type'] ]['className'] ) ? $layout_definitions[ $used_layout['type'] ]['className'] : ''; } else { $layout_classname = isset( $layout_definitions['default']['className'] ) ? $layout_definitions['default']['className'] : ''; } if ( $layout_classname && is_string( $layout_classname ) ) { $class_names[] = sanitize_title( $layout_classname ); } /* * Only generate Layout styles if the theme has not opted-out. * Attribute-based Layout classnames are output in all cases. */ if ( ! current_theme_supports( 'disable-layout-styles' ) ) { $gap_value = isset( $block['attrs']['style']['spacing']['blockGap'] ) ? $block['attrs']['style']['spacing']['blockGap'] : null; /* * Skip if gap value contains unsupported characters. * Regex for CSS value borrowed from `safecss_filter_attr`, and used here * to only match against the value, not the CSS attribute. */ if ( is_array( $gap_value ) ) { foreach ( $gap_value as $key => $value ) { $gap_value[ $key ] = $value && preg_match( '%[\\\(&=}]|/\*%', $value ) ? null : $value; } } else { $gap_value = $gap_value && preg_match( '%[\\\(&=}]|/\*%', $gap_value ) ? null : $gap_value; } $fallback_gap_value = isset( $block_type->supports['spacing']['blockGap']['__experimentalDefault'] ) ? $block_type->supports['spacing']['blockGap']['__experimentalDefault'] : '0.5em'; $block_spacing = isset( $block['attrs']['style']['spacing'] ) ? $block['attrs']['style']['spacing'] : null; /* * If a block's block.json skips serialization for spacing or spacing.blockGap, * don't apply the user-defined value to the styles. */ $should_skip_gap_serialization = wp_should_skip_block_supports_serialization( $block_type, 'spacing', 'blockGap' ); $block_gap = isset( $global_settings['spacing']['blockGap'] ) ? $global_settings['spacing']['blockGap'] : null; $has_block_gap_support = isset( $block_gap ); /* * Generates a unique ID based on all the data required to obtain the * corresponding layout style. Keeps the CSS class names the same * even for different blocks on different places, as long as they have * the same layout definition. Makes the CSS class names stable across * paginations for features like the enhanced pagination of the Query block. */ $container_class = wp_unique_id_from_values( array( $used_layout, $has_block_gap_support, $gap_value, $should_skip_gap_serialization, $fallback_gap_value, $block_spacing, ), 'wp-container-' . sanitize_title( $block['blockName'] ) . '-is-layout-' ); $style = wp_get_layout_style( ".$container_class", $used_layout, $has_block_gap_support, $gap_value, $should_skip_gap_serialization, $fallback_gap_value, $block_spacing ); // Only add container class and enqueue block support styles if unique styles were generated. if ( ! empty( $style ) ) { $class_names[] = $container_class; } } // Add combined layout and block classname for global styles to hook onto. $split_block_name = explode( '/', $block['blockName'] ); $full_block_name = 'core' === $split_block_name[0] ? end( $split_block_name ) : implode( '-', $split_block_name ); $class_names[] = 'wp-block-' . $full_block_name . '-' . $layout_classname; // Add classes to the outermost HTML tag if necessary. if ( ! empty( $outer_class_names ) ) { foreach ( $outer_class_names as $outer_class_name ) { $processor->add_class( $outer_class_name ); } } /** * Attempts to refer to the inner-block wrapping element by its class attribute. * * When examining a block's inner content, if a block has inner blocks, then * the first content item will likely be a text (HTML) chunk immediately * preceding the inner blocks. The last HTML tag in that chunk would then be * an opening tag for an element that wraps the inner blocks. * * There's no reliable way to associate this wrapper in $block_content because * it may have changed during the rendering pipeline (as inner contents is * provided before rendering) and through previous filters. In many cases, * however, the `class` attribute will be a good-enough identifier, so this * code finds the last tag in that chunk and stores the `class` attribute * so that it can be used later when working through the rendered block output * to identify the wrapping element and add the remaining class names to it. * * It's also possible that no inner block wrapper even exists. If that's the * case this code could apply the class names to an invalid element. * * Example: * * $block['innerBlocks'] = array( $list_item ); * $block['innerContent'] = array( '<ul class="list-wrapper is-unordered">', null, '</ul>' ); * * // After rendering, the initial contents may have been modified by other renderers or filters. * $block_content = <<<HTML * <figure> * <ul class="annotated-list list-wrapper is-unordered"> * <li>Code</li> * </ul><figcaption>It's a list!</figcaption> * </figure> * HTML; * * Although it is possible that the original block-wrapper classes are changed in $block_content * from how they appear in $block['innerContent'], it's likely that the original class attributes * are still present in the wrapper as they are in this example. Frequently, additional classes * will also be present; rarely should classes be removed. * * @todo Find a better way to match the first inner block. If it's possible to identify where the * first inner block starts, then it will be possible to find the last tag before it starts * and then that tag, if an opening tag, can be solidly identified as a wrapping element. * Can some unique value or class or ID be added to the inner blocks when they process * so that they can be extracted here safely without guessing? Can the block rendering function * return information about where the rendered inner blocks start? * * @var string|null */ $inner_block_wrapper_classes = null; $first_chunk = isset( $block['innerContent'][0] ) ? $block['innerContent'][0] : null; if ( is_string( $first_chunk ) && count( $block['innerContent'] ) > 1 ) { $first_chunk_processor = new WP_HTML_Tag_Processor( $first_chunk ); while ( $first_chunk_processor->next_tag() ) { $class_attribute = $first_chunk_processor->get_attribute( 'class' ); if ( is_string( $class_attribute ) && ! empty( $class_attribute ) ) { $inner_block_wrapper_classes = $class_attribute; } } } /* * If necessary, advance to what is likely to be an inner block wrapper tag. * * This advances until it finds the first tag containing the original class * attribute from above. If none is found it will scan to the end of the block * and fail to add any class names. * * If there is no block wrapper it won't advance at all, in which case the * class names will be added to the first and outermost tag of the block. * For cases where this outermost tag is the only tag surrounding inner * blocks then the outer wrapper and inner wrapper are the same. */ do { if ( ! $inner_block_wrapper_classes ) { break; } $class_attribute = $processor->get_attribute( 'class' ); if ( is_string( $class_attribute ) && str_contains( $class_attribute, $inner_block_wrapper_classes ) ) { break; } } while ( $processor->next_tag() ); // Add the remaining class names. foreach ( $class_names as $class_name ) { $processor->add_class( $class_name ); } return $processor->get_updated_html(); } /** * Check if the parent block exists and if it has a layout attribute. * If it does, add the parent layout to the parsed block * * @since 6.6.0 * @access private * * @param array $parsed_block The parsed block. * @param array $source_block The source block. * @param WP_Block $parent_block The parent block. * @return array The parsed block with parent layout attribute if it exists. */ function wp_add_parent_layout_to_parsed_block( $parsed_block, $source_block, $parent_block ) { if ( $parent_block && isset( $parent_block->parsed_block['attrs']['layout'] ) ) { $parsed_block['parentLayout'] = $parent_block->parsed_block['attrs']['layout']; } return $parsed_block; } add_filter( 'render_block_data', 'wp_add_parent_layout_to_parsed_block', 10, 3 ); // Register the block support. WP_Block_Supports::get_instance()->register( 'layout', array( 'register_attribute' => 'wp_register_layout_support', ) ); add_filter( 'render_block', 'wp_render_layout_support_flag', 10, 2 ); /** * For themes without theme.json file, make sure * to restore the inner div for the group block * to avoid breaking styles relying on that div. * * @since 5.8.0 * @since 6.6.1 Removed inner container from Grid variations. * @access private * * @param string $block_content Rendered block content. * @param array $block Block object. * @return string Filtered block content. */ function wp_restore_group_inner_container( $block_content, $block ) { $tag_name = isset( $block['attrs']['tagName'] ) ? $block['attrs']['tagName'] : 'div'; $group_with_inner_container_regex = sprintf( '/(^\s*<%1$s\b[^>]*wp-block-group(\s|")[^>]*>)(\s*<div\b[^>]*wp-block-group__inner-container(\s|")[^>]*>)((.|\S|\s)*)/U', preg_quote( $tag_name, '/' ) ); if ( wp_theme_has_theme_json() || 1 === preg_match( $group_with_inner_container_regex, $block_content ) || ( isset( $block['attrs']['layout']['type'] ) && ( 'flex' === $block['attrs']['layout']['type'] || 'grid' === $block['attrs']['layout']['type'] ) ) ) { return $block_content; } /* * This filter runs after the layout classnames have been added to the block, so they * have to be removed from the outer wrapper and then added to the inner. */ $layout_classes = array(); $processor = new WP_HTML_Tag_Processor( $block_content ); if ( $processor->next_tag( array( 'class_name' => 'wp-block-group' ) ) ) { foreach ( $processor->class_list() as $class_name ) { if ( str_contains( $class_name, 'is-layout-' ) ) { $layout_classes[] = $class_name; $processor->remove_class( $class_name ); } } } $content_without_layout_classes = $processor->get_updated_html(); $replace_regex = sprintf( '/(^\s*<%1$s\b[^>]*wp-block-group[^>]*>)(.*)(<\/%1$s>\s*$)/ms', preg_quote( $tag_name, '/' ) ); $updated_content = preg_replace_callback( $replace_regex, static function ( $matches ) { return $matches[1] . '<div class="wp-block-group__inner-container">' . $matches[2] . '</div>' . $matches[3]; }, $content_without_layout_classes ); // Add layout classes to inner wrapper. if ( ! empty( $layout_classes ) ) { $processor = new WP_HTML_Tag_Processor( $updated_content ); if ( $processor->next_tag( array( 'class_name' => 'wp-block-group__inner-container' ) ) ) { foreach ( $layout_classes as $class_name ) { $processor->add_class( $class_name ); } } $updated_content = $processor->get_updated_html(); } return $updated_content; } add_filter( 'render_block_core/group', 'wp_restore_group_inner_container', 10, 2 ); /** * For themes without theme.json file, make sure * to restore the outer div for the aligned image block * to avoid breaking styles relying on that div. * * @since 6.0.0 * @access private * * @param string $block_content Rendered block content. * @param array $block Block object. * @return string Filtered block content. */ function wp_restore_image_outer_container( $block_content, $block ) { if ( wp_theme_has_theme_json() ) { return $block_content; } $figure_processor = new WP_HTML_Tag_Processor( $block_content ); if ( ! $figure_processor->next_tag( 'FIGURE' ) || ! $figure_processor->has_class( 'wp-block-image' ) || ! ( $figure_processor->has_class( 'alignleft' ) || $figure_processor->has_class( 'aligncenter' ) || $figure_processor->has_class( 'alignright' ) ) ) { return $block_content; } /* * The next section of code wraps the existing figure in a new DIV element. * While doing it, it needs to transfer the layout and the additional CSS * class names from the original figure upward to the wrapper. * * Example: * * // From this… * <!-- wp:image {"className":"hires"} --> * <figure class="wp-block-image wide hires">… * * // To this… * <div class="wp-block-image hires"><figure class="wide">… */ $wrapper_processor = new WP_HTML_Tag_Processor( '<div>' ); $wrapper_processor->next_token(); $wrapper_processor->set_attribute( 'class', is_string( $block['attrs']['className'] ?? null ) ? "wp-block-image {$block['attrs']['className']}" : 'wp-block-image' ); // And remove them from the existing content; it has been transferred upward. $figure_processor->remove_class( 'wp-block-image' ); foreach ( $wrapper_processor->class_list() as $class_name ) { $figure_processor->remove_class( $class_name ); } return "{$wrapper_processor->get_updated_html()}{$figure_processor->get_updated_html()}</div>"; } add_filter( 'render_block_core/image', 'wp_restore_image_outer_container', 10, 2 ); block-style-variations.php 0000666 00000022312 15225166143 0011673 0 ustar 00 <?php /** * Block support to enable per-section styling of block types via * block style variations. * * @package WordPress * @since 6.6.0 */ /** * Determines the block style variation names within a CSS class string. * * @since 6.6.0 * * @param string $class_string CSS class string to look for a variation in. * * @return array|null The block style variation name if found. */ function wp_get_block_style_variation_name_from_class( $class_string ) { if ( ! is_string( $class_string ) ) { return null; } preg_match_all( '/\bis-style-(?!default)(\S+)\b/', $class_string, $matches ); return $matches[1] ?? null; } /** * Recursively resolves any `ref` values within a block style variation's data. * * @since 6.6.0 * @access private * * @param array $variation_data Reference to the variation data being processed. * @param array $theme_json Theme.json data to retrieve referenced values from. */ function wp_resolve_block_style_variation_ref_values( &$variation_data, $theme_json ) { foreach ( $variation_data as $key => &$value ) { // Only need to potentially process arrays. if ( is_array( $value ) ) { // If ref value is set, attempt to find its matching value and update it. if ( array_key_exists( 'ref', $value ) ) { // Clean up any invalid ref value. if ( empty( $value['ref'] ) || ! is_string( $value['ref'] ) ) { unset( $variation_data[ $key ] ); } $value_path = explode( '.', $value['ref'] ?? '' ); $ref_value = _wp_array_get( $theme_json, $value_path ); // Only update the current value if the referenced path matched a value. if ( null === $ref_value ) { unset( $variation_data[ $key ] ); } else { $value = $ref_value; } } else { // Recursively look for ref instances. wp_resolve_block_style_variation_ref_values( $value, $theme_json ); } } } } /** * Renders the block style variation's styles. * * In the case of nested blocks with variations applied, we want the parent * variation's styles to be rendered before their descendants. This solves the * issue of a block type being styled in both the parent and descendant: we want * the descendant style to take priority, and this is done by loading it after, * in the DOM order. This is why the variation stylesheet generation is in a * different filter. * * @since 6.6.0 * @access private * * @param array $parsed_block The parsed block. * * @return array The parsed block with block style variation classname added. */ function wp_render_block_style_variation_support_styles( $parsed_block ) { $classes = $parsed_block['attrs']['className'] ?? null; $variations = wp_get_block_style_variation_name_from_class( $classes ); if ( ! $variations ) { return $parsed_block; } $tree = WP_Theme_JSON_Resolver::get_merged_data(); $theme_json = $tree->get_raw_data(); // Only the first block style variation with data is supported. $variation_data = array(); foreach ( $variations as $variation ) { $variation_data = $theme_json['styles']['blocks'][ $parsed_block['blockName'] ]['variations'][ $variation ] ?? array(); if ( ! empty( $variation_data ) ) { break; } } if ( empty( $variation_data ) ) { return $parsed_block; } /* * Recursively resolve any ref values with the appropriate value within the * theme_json data. */ wp_resolve_block_style_variation_ref_values( $variation_data, $theme_json ); $variation_instance = wp_unique_id( $variation . '--' ); $class_name = "is-style-$variation_instance"; $updated_class_name = $parsed_block['attrs']['className'] . " $class_name"; /* * Even though block style variations are effectively theme.json partials, * they can't be processed completely as though they are. * * Block styles support custom selectors to direct specific types of styles * to inner elements. For example, borders on Image block's get applied to * the inner `img` element rather than the wrapping `figure`. * * The following relocates the "root" block style variation styles to * under an appropriate blocks property to leverage the preexisting style * generation for simple block style variations. This way they get the * custom selectors they need. * * The inner elements and block styles for the variation itself are * still included at the top level but scoped by the variation's selector * when the stylesheet is generated. */ $elements_data = $variation_data['elements'] ?? array(); $blocks_data = $variation_data['blocks'] ?? array(); unset( $variation_data['elements'] ); unset( $variation_data['blocks'] ); _wp_array_set( $blocks_data, array( $parsed_block['blockName'], 'variations', $variation_instance ), $variation_data ); $config = array( 'version' => WP_Theme_JSON::LATEST_SCHEMA, 'styles' => array( 'elements' => $elements_data, 'blocks' => $blocks_data, ), ); // Turn off filter that excludes block nodes. They are needed here for the variation's inner block types. if ( ! is_admin() ) { remove_filter( 'wp_theme_json_get_style_nodes', 'wp_filter_out_block_nodes' ); } // Temporarily prevent variation instance from being sanitized while processing theme.json. $styles_registry = WP_Block_Styles_Registry::get_instance(); $styles_registry->register( $parsed_block['blockName'], array( 'name' => $variation_instance ) ); $variation_theme_json = new WP_Theme_JSON( $config, 'blocks' ); $variation_styles = $variation_theme_json->get_stylesheet( array( 'styles' ), array( 'custom' ), array( 'include_block_style_variations' => true, 'skip_root_layout_styles' => true, 'scope' => ".$class_name", ) ); // Clean up temporary block style now instance styles have been processed. $styles_registry->unregister( $parsed_block['blockName'], $variation_instance ); // Restore filter that excludes block nodes. if ( ! is_admin() ) { add_filter( 'wp_theme_json_get_style_nodes', 'wp_filter_out_block_nodes' ); } if ( empty( $variation_styles ) ) { return $parsed_block; } wp_register_style( 'block-style-variation-styles', false, array( 'wp-block-library', 'global-styles' ) ); wp_add_inline_style( 'block-style-variation-styles', $variation_styles ); /* * Add variation instance class name to block's className string so it can * be enforced in the block markup via render_block filter. */ _wp_array_set( $parsed_block, array( 'attrs', 'className' ), $updated_class_name ); return $parsed_block; } /** * Ensures the variation block support class name generated and added to * block attributes in the `render_block_data` filter gets applied to the * block's markup. * * @since 6.6.0 * @access private * * @see wp_render_block_style_variation_support_styles * * @param string $block_content Rendered block content. * @param array $block Block object. * * @return string Filtered block content. */ function wp_render_block_style_variation_class_name( $block_content, $block ) { if ( ! $block_content || empty( $block['attrs']['className'] ) ) { return $block_content; } /* * Matches a class prefixed by `is-style`, followed by the * variation slug, then `--`, and finally an instance number. */ preg_match( '/\bis-style-(\S+?--\d+)\b/', $block['attrs']['className'], $matches ); if ( empty( $matches ) ) { return $block_content; } $tags = new WP_HTML_Tag_Processor( $block_content ); if ( $tags->next_tag() ) { /* * Ensure the variation instance class name set in the * `render_block_data` filter is applied in markup. * See `wp_render_block_style_variation_support_styles`. */ $tags->add_class( $matches[0] ); } return $tags->get_updated_html(); } /** * Enqueues styles for block style variations. * * @since 6.6.0 * @access private */ function wp_enqueue_block_style_variation_styles() { wp_enqueue_style( 'block-style-variation-styles' ); } // Register the block support. WP_Block_Supports::get_instance()->register( 'block-style-variation', array() ); add_filter( 'render_block_data', 'wp_render_block_style_variation_support_styles', 10, 2 ); add_filter( 'render_block', 'wp_render_block_style_variation_class_name', 10, 2 ); add_action( 'wp_enqueue_scripts', 'wp_enqueue_block_style_variation_styles', 1 ); /** * Registers block style variations read in from theme.json partials. * * @since 6.6.0 * @access private * * @param array $variations Shared block style variations. */ function wp_register_block_style_variations_from_theme_json_partials( $variations ) { if ( empty( $variations ) ) { return; } $registry = WP_Block_Styles_Registry::get_instance(); foreach ( $variations as $variation ) { if ( empty( $variation['blockTypes'] ) || empty( $variation['styles'] ) ) { continue; } $variation_name = $variation['slug'] ?? _wp_to_kebab_case( $variation['title'] ); $variation_label = $variation['title'] ?? $variation_name; foreach ( $variation['blockTypes'] as $block_type ) { $registered_styles = $registry->get_registered_styles_for_block( $block_type ); // Register block style variation if it hasn't already been registered. if ( ! array_key_exists( $variation_name, $registered_styles ) ) { register_block_style( $block_type, array( 'name' => $variation_name, 'label' => $variation_label, ) ); } } } } https-detection-20260605080358.php 0000666 00000013341 15225166143 0012000 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605113812.php 0000666 00000011205 15225166143 0012000 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } class-wp-http-requests-response.php 0000666 00000010460 15225166143 0013502 0 ustar 00 <?php /** * HTTP API: WP_HTTP_Requests_Response class * * @package WordPress * @subpackage HTTP * @since 4.6.0 */ /** * Core wrapper object for a WpOrg\Requests\Response for standardization. * * @since 4.6.0 * * @see WP_HTTP_Response */ class WP_HTTP_Requests_Response extends WP_HTTP_Response { /** * Requests Response object. * * @since 4.6.0 * @var \WpOrg\Requests\Response */ protected $response; /** * Filename the response was saved to. * * @since 4.6.0 * @var string|null */ protected $filename; /** * Constructor. * * @since 4.6.0 * * @param \WpOrg\Requests\Response $response HTTP response. * @param string $filename Optional. File name. Default empty. */ public function __construct( WpOrg\Requests\Response $response, $filename = '' ) { $this->response = $response; $this->filename = $filename; } /** * Retrieves the response object for the request. * * @since 4.6.0 * * @return WpOrg\Requests\Response HTTP response. */ public function get_response_object() { return $this->response; } /** * Retrieves headers associated with the response. * * @since 4.6.0 * * @return \WpOrg\Requests\Utility\CaseInsensitiveDictionary Map of header name to header value. */ public function get_headers() { // Ensure headers remain case-insensitive. $converted = new WpOrg\Requests\Utility\CaseInsensitiveDictionary(); foreach ( $this->response->headers->getAll() as $key => $value ) { if ( count( $value ) === 1 ) { $converted[ $key ] = $value[0]; } else { $converted[ $key ] = $value; } } return $converted; } /** * Sets all header values. * * @since 4.6.0 * * @param array $headers Map of header name to header value. */ public function set_headers( $headers ) { $this->response->headers = new WpOrg\Requests\Response\Headers( $headers ); } /** * Sets a single HTTP header. * * @since 4.6.0 * * @param string $key Header name. * @param string $value Header value. * @param bool $replace Optional. Whether to replace an existing header of the same name. * Default true. */ public function header( $key, $value, $replace = true ) { if ( $replace ) { unset( $this->response->headers[ $key ] ); } $this->response->headers[ $key ] = $value; } /** * Retrieves the HTTP return code for the response. * * @since 4.6.0 * * @return int The 3-digit HTTP status code. */ public function get_status() { return $this->response->status_code; } /** * Sets the 3-digit HTTP status code. * * @since 4.6.0 * * @param int $code HTTP status. */ public function set_status( $code ) { $this->response->status_code = absint( $code ); } /** * Retrieves the response data. * * @since 4.6.0 * * @return string Response data. */ public function get_data() { return $this->response->body; } /** * Sets the response data. * * @since 4.6.0 * * @param string $data Response data. */ public function set_data( $data ) { $this->response->body = $data; } /** * Retrieves cookies from the response. * * @since 4.6.0 * * @return WP_HTTP_Cookie[] List of cookie objects. */ public function get_cookies() { $cookies = array(); foreach ( $this->response->cookies as $cookie ) { $cookies[] = new WP_Http_Cookie( array( 'name' => $cookie->name, 'value' => urldecode( $cookie->value ), 'expires' => isset( $cookie->attributes['expires'] ) ? $cookie->attributes['expires'] : null, 'path' => isset( $cookie->attributes['path'] ) ? $cookie->attributes['path'] : null, 'domain' => isset( $cookie->attributes['domain'] ) ? $cookie->attributes['domain'] : null, 'host_only' => isset( $cookie->flags['host-only'] ) ? $cookie->flags['host-only'] : null, ) ); } return $cookies; } /** * Converts the object to a WP_Http response array. * * @since 4.6.0 * * @return array WP_Http response array, per WP_Http::request(). */ public function to_array() { return array( 'headers' => $this->get_headers(), 'body' => $this->get_data(), 'response' => array( 'code' => $this->get_status(), 'message' => get_status_header_desc( $this->get_status() ), ), 'cookies' => $this->get_cookies(), 'filename' => $this->filename, ); } } https-detection-20260623210321.php 0000666 00000013341 15225166143 0011761 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605081608.php 0000666 00000013341 15225166143 0011777 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration.php 0000666 00000011205 15225166143 0010416 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); }
| ver. 1.4 |
Github
|
.
| PHP 5.4.45 | Generation time: 0.01 |
proxy
|
phpinfo
|
Settings