File manager - Edit - /home/matthif/www/wp-content/plugins/wp-compat/l10n.tar
Back
class-wp-block-template.php 0000666 00000003761 15225624212 0011723 0 ustar 00 <?php /** * Blocks API: WP_Block_Template class * * @package WordPress * @since 5.8.0 */ /** * Class representing a block template. * * @since 5.8.0 */ #[AllowDynamicProperties] class WP_Block_Template { /** * Type: wp_template. * * @since 5.8.0 * @var string */ public $type; /** * Theme. * * @since 5.8.0 * @var string */ public $theme; /** * Template slug. * * @since 5.8.0 * @var string */ public $slug; /** * ID. * * @since 5.8.0 * @var string */ public $id; /** * Title. * * @since 5.8.0 * @var string */ public $title = ''; /** * Content. * * @since 5.8.0 * @var string */ public $content = ''; /** * Description. * * @since 5.8.0 * @var string */ public $description = ''; /** * Source of the content. `theme` and `custom` is used for now. * * @since 5.8.0 * @var string */ public $source = 'theme'; /** * Origin of the content when the content has been customized. * When customized, origin takes on the value of source and source becomes * 'custom'. * * @since 5.9.0 * @var string|null */ public $origin; /** * Post ID. * * @since 5.8.0 * @var int|null */ public $wp_id; /** * Template Status. * * @since 5.8.0 * @var string */ public $status; /** * Whether a template is, or is based upon, an existing template file. * * @since 5.8.0 * @var bool */ public $has_theme_file; /** * Whether a template is a custom template. * * @since 5.9.0 * * @var bool */ public $is_custom = true; /** * Author. * * A value of 0 means no author. * * @since 5.9.0 * @var int|null */ public $author; /** * Plugin. * * @since 6.7.0 * @var string|null */ public $plugin; /** * Post types. * * @since 5.9.0 * @var string[]|null */ public $post_types; /** * Area. * * @since 5.9.0 * @var string|null */ public $area; /** * Modified. * * @since 6.3.0 * @var string|null */ public $modified; } class-wp-translations.php 0000666 00000007342 15225624212 0011540 0 ustar 00 <?php /** * I18N: WP_Translations class. * * @package WordPress * @subpackage I18N * @since 6.5.0 */ /** * Class WP_Translations. * * @since 6.5.0 * * @property-read array<string, string> $headers * @property-read array<string, string[]> $entries */ class WP_Translations { /** * Text domain. * * @since 6.5.0 * @var string */ protected $textdomain = 'default'; /** * Translation controller instance. * * @since 6.5.0 * @var WP_Translation_Controller */ protected $controller; /** * Constructor. * * @since 6.5.0 * * @param WP_Translation_Controller $controller I18N controller. * @param string $textdomain Optional. Text domain. Default 'default'. */ public function __construct( WP_Translation_Controller $controller, string $textdomain = 'default' ) { $this->controller = $controller; $this->textdomain = $textdomain; } /** * Magic getter for backward compatibility. * * @since 6.5.0 * * @param string $name Property name. * @return mixed */ public function __get( string $name ) { if ( 'entries' === $name ) { $entries = $this->controller->get_entries( $this->textdomain ); $result = array(); foreach ( $entries as $original => $translations ) { $result[] = $this->make_entry( $original, $translations ); } return $result; } if ( 'headers' === $name ) { return $this->controller->get_headers( $this->textdomain ); } return null; } /** * Builds a Translation_Entry from original string and translation strings. * * @see MO::make_entry() * * @since 6.5.0 * * @param string $original Original string to translate from MO file. Might contain * 0x04 as context separator or 0x00 as singular/plural separator. * @param string $translations Translation strings from MO file. * @return Translation_Entry Entry instance. */ private function make_entry( $original, $translations ): Translation_Entry { $entry = new Translation_Entry(); // Look for context, separated by \4. $parts = explode( "\4", $original ); if ( isset( $parts[1] ) ) { $original = $parts[1]; $entry->context = $parts[0]; } $entry->singular = $original; $entry->translations = explode( "\0", $translations ); $entry->is_plural = count( $entry->translations ) > 1; return $entry; } /** * Translates a plural string. * * @since 6.5.0 * * @param string|null $singular Singular string. * @param string|null $plural Plural string. * @param int|float $count Count. Should be an integer, but some plugins pass floats. * @param string|null $context Context. * @return string|null Translation if it exists, or the unchanged singular string. */ public function translate_plural( $singular, $plural, $count = 1, $context = '' ) { if ( null === $singular || null === $plural ) { return $singular; } $translation = $this->controller->translate_plural( array( $singular, $plural ), (int) $count, (string) $context, $this->textdomain ); if ( false !== $translation ) { return $translation; } // Fall back to the original with English grammar rules. return ( 1 === (int) $count ? $singular : $plural ); } /** * Translates a singular string. * * @since 6.5.0 * * @param string|null $singular Singular string. * @param string|null $context Context. * @return string|null Translation if it exists, or the unchanged singular string */ public function translate( $singular, $context = '' ) { if ( null === $singular ) { return null; } $translation = $this->controller->translate( $singular, (string) $context, $this->textdomain ); if ( false !== $translation ) { return $translation; } // Fall back to the original. return $singular; } } https-detection-20260606060413.php 0000666 00000013341 15225624212 0011763 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605122610.php 0000666 00000011205 15225624212 0011770 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260606074155.php 0000666 00000011205 15225624212 0012003 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605130239.php 0000666 00000011205 15225624212 0011776 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605114244.php 0000666 00000013341 15225624212 0011764 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605091602.php 0000666 00000013341 15225624212 0011766 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } class-wp-http-proxy.php 0000666 00000013534 15225624212 0011155 0 ustar 00 <?php /** * HTTP API: WP_HTTP_Proxy class * * @package WordPress * @subpackage HTTP * @since 4.4.0 */ /** * Core class used to implement HTTP API proxy support. * * There are caveats to proxy support. It requires that defines be made in the wp-config.php file to * enable proxy support. There are also a few filters that plugins can hook into for some of the * constants. * * Please note that only BASIC authentication is supported by most transports. * cURL MAY support more methods (such as NTLM authentication) depending on your environment. * * The constants are as follows: * <ol> * <li>WP_PROXY_HOST - Enable proxy support and host for connecting.</li> * <li>WP_PROXY_PORT - Proxy port for connection. No default, must be defined.</li> * <li>WP_PROXY_USERNAME - Proxy username, if it requires authentication.</li> * <li>WP_PROXY_PASSWORD - Proxy password, if it requires authentication.</li> * <li>WP_PROXY_BYPASS_HOSTS - Will prevent the hosts in this list from going through the proxy. * You do not need to have localhost and the site host in this list, because they will not be passed * through the proxy. The list should be presented in a comma separated list, wildcards using * are supported. Example: *.wordpress.org</li> * </ol> * * An example can be as seen below. * * define('WP_PROXY_HOST', '192.168.84.101'); * define('WP_PROXY_PORT', '8080'); * define('WP_PROXY_BYPASS_HOSTS', 'localhost, www.example.com, *.wordpress.org'); * * @link https://core.trac.wordpress.org/ticket/4011 Proxy support ticket in WordPress. * @link https://core.trac.wordpress.org/ticket/14636 Allow wildcard domains in WP_PROXY_BYPASS_HOSTS * * @since 2.8.0 */ #[AllowDynamicProperties] class WP_HTTP_Proxy { /** * Whether proxy connection should be used. * * Constants which control this behavior: * * - `WP_PROXY_HOST` * - `WP_PROXY_PORT` * * @since 2.8.0 * * @return bool */ public function is_enabled() { return defined( 'WP_PROXY_HOST' ) && defined( 'WP_PROXY_PORT' ); } /** * Whether authentication should be used. * * Constants which control this behavior: * * - `WP_PROXY_USERNAME` * - `WP_PROXY_PASSWORD` * * @since 2.8.0 * * @return bool */ public function use_authentication() { return defined( 'WP_PROXY_USERNAME' ) && defined( 'WP_PROXY_PASSWORD' ); } /** * Retrieve the host for the proxy server. * * @since 2.8.0 * * @return string */ public function host() { if ( defined( 'WP_PROXY_HOST' ) ) { return WP_PROXY_HOST; } return ''; } /** * Retrieve the port for the proxy server. * * @since 2.8.0 * * @return string */ public function port() { if ( defined( 'WP_PROXY_PORT' ) ) { return WP_PROXY_PORT; } return ''; } /** * Retrieve the username for proxy authentication. * * @since 2.8.0 * * @return string */ public function username() { if ( defined( 'WP_PROXY_USERNAME' ) ) { return WP_PROXY_USERNAME; } return ''; } /** * Retrieve the password for proxy authentication. * * @since 2.8.0 * * @return string */ public function password() { if ( defined( 'WP_PROXY_PASSWORD' ) ) { return WP_PROXY_PASSWORD; } return ''; } /** * Retrieve authentication string for proxy authentication. * * @since 2.8.0 * * @return string */ public function authentication() { return $this->username() . ':' . $this->password(); } /** * Retrieve header string for proxy authentication. * * @since 2.8.0 * * @return string */ public function authentication_header() { return 'Proxy-Authorization: Basic ' . base64_encode( $this->authentication() ); } /** * Determines whether the request should be sent through a proxy. * * We want to keep localhost and the site URL from being sent through the proxy, because * some proxies can not handle this. We also have the constant available for defining other * hosts that won't be sent through the proxy. * * @since 2.8.0 * * @param string $uri URL of the request. * @return bool Whether to send the request through the proxy. */ public function send_through_proxy( $uri ) { $check = parse_url( $uri ); // Malformed URL, can not process, but this could mean ssl, so let through anyway. if ( false === $check ) { return true; } $home = parse_url( get_option( 'siteurl' ) ); /** * Filters whether to preempt sending the request through the proxy. * * Returning false will bypass the proxy; returning true will send * the request through the proxy. Returning null bypasses the filter. * * @since 3.5.0 * * @param bool|null $override Whether to send the request through the proxy. Default null. * @param string $uri URL of the request. * @param array $check Associative array result of parsing the request URL with `parse_url()`. * @param array $home Associative array result of parsing the site URL with `parse_url()`. */ $result = apply_filters( 'pre_http_send_through_proxy', null, $uri, $check, $home ); if ( ! is_null( $result ) ) { return $result; } if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] === $check['host'] ) ) { return false; } if ( ! defined( 'WP_PROXY_BYPASS_HOSTS' ) ) { return true; } static $bypass_hosts = null; static $wildcard_regex = array(); if ( null === $bypass_hosts ) { $bypass_hosts = preg_split( '|,\s*|', WP_PROXY_BYPASS_HOSTS ); if ( str_contains( WP_PROXY_BYPASS_HOSTS, '*' ) ) { $wildcard_regex = array(); foreach ( $bypass_hosts as $host ) { $wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) ); } $wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i'; } } if ( ! empty( $wildcard_regex ) ) { return ! preg_match( $wildcard_regex, $check['host'] ); } else { return ! in_array( $check['host'], $bypass_hosts, true ); } } } https-migration-20260605111908.php 0000666 00000011205 15225624212 0012000 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605114255.php 0000666 00000013341 15225624212 0011766 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605053121.php 0000666 00000011205 15225624212 0011770 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260606092458.php 0000666 00000013341 15225624212 0012001 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } class-wp-translation-file-mo.php 0000666 00000014340 15225624212 0012677 0 ustar 00 <?php /** * I18N: WP_Translation_File_MO class. * * @package WordPress * @subpackage I18N * @since 6.5.0 */ /** * Class WP_Translation_File_MO. * * @since 6.5.0 */ class WP_Translation_File_MO extends WP_Translation_File { /** * Endian value. * * V for little endian, N for big endian, or false. * * Used for unpack(). * * @since 6.5.0 * @var false|'V'|'N' */ protected $uint32 = false; /** * The magic number of the GNU message catalog format. * * @since 6.5.0 * @var int */ const MAGIC_MARKER = 0x950412de; /** * Detects endian and validates file. * * @since 6.5.0 * * @param string $header File contents. * @return false|'V'|'N' V for little endian, N for big endian, or false on failure. */ protected function detect_endian_and_validate_file( string $header ) { $big = unpack( 'N', $header ); if ( false === $big ) { return false; } $big = reset( $big ); if ( false === $big ) { return false; } $little = unpack( 'V', $header ); if ( false === $little ) { return false; } $little = reset( $little ); if ( false === $little ) { return false; } // Force cast to an integer as it can be a float on x86 systems. See https://core.trac.wordpress.org/ticket/60678. if ( (int) self::MAGIC_MARKER === $big ) { return 'N'; } // Force cast to an integer as it can be a float on x86 systems. See https://core.trac.wordpress.org/ticket/60678. if ( (int) self::MAGIC_MARKER === $little ) { return 'V'; } $this->error = 'Magic marker does not exist'; return false; } /** * Parses the file. * * @since 6.5.0 * * @return bool True on success, false otherwise. */ protected function parse_file(): bool { $this->parsed = true; $file_contents = file_get_contents( $this->file ); // phpcs:ignore WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents if ( false === $file_contents ) { return false; } $file_length = strlen( $file_contents ); if ( $file_length < 24 ) { $this->error = 'Invalid data'; return false; } $this->uint32 = $this->detect_endian_and_validate_file( substr( $file_contents, 0, 4 ) ); if ( false === $this->uint32 ) { return false; } $offsets = substr( $file_contents, 4, 24 ); if ( false === $offsets ) { return false; } $offsets = unpack( "{$this->uint32}rev/{$this->uint32}total/{$this->uint32}originals_addr/{$this->uint32}translations_addr/{$this->uint32}hash_length/{$this->uint32}hash_addr", $offsets ); if ( false === $offsets ) { return false; } $offsets['originals_length'] = $offsets['translations_addr'] - $offsets['originals_addr']; $offsets['translations_length'] = $offsets['hash_addr'] - $offsets['translations_addr']; if ( $offsets['rev'] > 0 ) { $this->error = 'Unsupported revision'; return false; } if ( $offsets['translations_addr'] > $file_length || $offsets['originals_addr'] > $file_length ) { $this->error = 'Invalid data'; return false; } // Load the Originals. $original_data = str_split( substr( $file_contents, $offsets['originals_addr'], $offsets['originals_length'] ), 8 ); $translations_data = str_split( substr( $file_contents, $offsets['translations_addr'], $offsets['translations_length'] ), 8 ); foreach ( array_keys( $original_data ) as $i ) { $o = unpack( "{$this->uint32}length/{$this->uint32}pos", $original_data[ $i ] ); $t = unpack( "{$this->uint32}length/{$this->uint32}pos", $translations_data[ $i ] ); if ( false === $o || false === $t ) { continue; } $original = substr( $file_contents, $o['pos'], $o['length'] ); $translation = substr( $file_contents, $t['pos'], $t['length'] ); // GlotPress bug. $translation = rtrim( $translation, "\0" ); // Metadata about the MO file is stored in the first translation entry. if ( '' === $original ) { foreach ( explode( "\n", $translation ) as $meta_line ) { if ( '' === $meta_line || ! str_contains( $meta_line, ':' ) ) { continue; } list( $name, $value ) = array_map( 'trim', explode( ':', $meta_line, 2 ) ); $this->headers[ strtolower( $name ) ] = $value; } } else { /* * In MO files, the key normally contains both singular and plural versions. * However, this just adds the singular string for lookup, * which caters for cases where both __( 'Product' ) and _n( 'Product', 'Products' ) * are used and the translation is expected to be the same for both. */ $parts = explode( "\0", (string) $original ); $this->entries[ $parts[0] ] = $translation; } } return true; } /** * Exports translation contents as a string. * * @since 6.5.0 * * @return string Translation file contents. */ public function export(): string { // Prefix the headers as the first key. $headers_string = ''; foreach ( $this->headers as $header => $value ) { $headers_string .= "{$header}: $value\n"; } $entries = array_merge( array( '' => $headers_string ), $this->entries ); $entry_count = count( $entries ); if ( false === $this->uint32 ) { $this->uint32 = 'V'; } $bytes_for_entries = $entry_count * 4 * 2; // Pair of 32bit ints per entry. $originals_addr = 28; /* header */ $translations_addr = $originals_addr + $bytes_for_entries; $hash_addr = $translations_addr + $bytes_for_entries; $entry_offsets = $hash_addr; $file_header = pack( $this->uint32 . '*', // Force cast to an integer as it can be a float on x86 systems. See https://core.trac.wordpress.org/ticket/60678. (int) self::MAGIC_MARKER, 0, /* rev */ $entry_count, $originals_addr, $translations_addr, 0, /* hash_length */ $hash_addr ); $o_entries = ''; $t_entries = ''; $o_addr = ''; $t_addr = ''; foreach ( array_keys( $entries ) as $original ) { $o_addr .= pack( $this->uint32 . '*', strlen( $original ), $entry_offsets ); $entry_offsets += strlen( $original ) + 1; $o_entries .= $original . "\0"; } foreach ( $entries as $translations ) { $t_addr .= pack( $this->uint32 . '*', strlen( $translations ), $entry_offsets ); $entry_offsets += strlen( $translations ) + 1; $t_entries .= $translations . "\0"; } return $file_header . $o_addr . $t_addr . $o_entries . $t_entries; } } https-migration-20260605094627.php 0000666 00000011205 15225624212 0012010 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605081842.php 0000666 00000013341 15225624212 0011773 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605080450.php 0000666 00000013341 15225624212 0011765 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260616222435.php 0000666 00000011205 15225624212 0012000 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605094635.php 0000666 00000013341 15225624212 0011777 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260606024045.php 0000666 00000011205 15225624212 0011774 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605043510.php 0000666 00000011205 15225624212 0011771 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } class-wp-simplepie-file.php 0000666 00000006740 15225624212 0011724 0 ustar 00 <?php /** * Feed API: WP_SimplePie_File class * * @package WordPress * @subpackage Feed * @since 4.7.0 */ /** * Core class for fetching remote files and reading local files with SimplePie. * * This uses Core's HTTP API to make requests, which gives plugins the ability * to hook into the process. * * @since 2.8.0 */ #[AllowDynamicProperties] class WP_SimplePie_File extends SimplePie\File { /** * Timeout. * * @var int How long the connection should stay open in seconds. */ public $timeout = 10; /** * Constructor. * * @since 2.8.0 * @since 3.2.0 Updated to use a PHP5 constructor. * @since 5.6.1 Multiple headers are concatenated into a comma-separated string, * rather than remaining an array. * * @param string $url Remote file URL. * @param int $timeout Optional. How long the connection should stay open in seconds. * Default 10. * @param int $redirects Optional. The number of allowed redirects. Default 5. * @param string|array $headers Optional. Array or string of headers to send with the request. * Default null. * @param string $useragent Optional. User-agent value sent. Default null. * @param bool $force_fsockopen Optional. Whether to force opening internet or unix domain socket * connection or not. Default false. */ public function __construct( $url, $timeout = 10, $redirects = 5, $headers = null, $useragent = null, $force_fsockopen = false ) { $this->url = $url; $this->timeout = $timeout; $this->redirects = $redirects; $this->headers = $headers; $this->useragent = $useragent; $this->method = SimplePie\SimplePie::FILE_SOURCE_REMOTE; if ( preg_match( '/^http(s)?:\/\//i', $url ) ) { $args = array( 'timeout' => $this->timeout, 'redirection' => $this->redirects, ); if ( ! empty( $this->headers ) ) { $args['headers'] = $this->headers; } if ( SimplePie\Misc::get_default_useragent() !== $this->useragent ) { // Use default WP user agent unless custom has been specified. $args['user-agent'] = $this->useragent; } $res = wp_safe_remote_request( $url, $args ); if ( is_wp_error( $res ) ) { $this->error = 'WP HTTP Error: ' . $res->get_error_message(); $this->success = false; } else { $this->headers = wp_remote_retrieve_headers( $res ); if ( $this->headers instanceof \WpOrg\Requests\Utility\CaseInsensitiveDictionary ) { $this->headers = $this->headers->getAll(); } /* * SimplePie expects multiple headers to be stored as a comma-separated string, * but `wp_remote_retrieve_headers()` returns them as an array, so they need * to be converted. * * The only exception to that is the `content-type` header, which should ignore * any previous values and only use the last one. * * @see SimplePie\HTTP\Parser::new_line(). */ foreach ( $this->headers as $name => $value ) { if ( ! is_array( $value ) ) { continue; } if ( 'content-type' === $name ) { $this->headers[ $name ] = array_pop( $value ); } else { $this->headers[ $name ] = implode( ', ', $value ); } } $this->body = wp_remote_retrieve_body( $res ); $this->status_code = wp_remote_retrieve_response_code( $res ); } } else { $this->error = ''; $this->success = false; } } } https-migration-20260622024947.php 0000666 00000011205 15225624212 0012005 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260606142425.php 0000666 00000013341 15225624212 0011767 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605102011.php 0000666 00000011205 15225624212 0011761 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260606074258.php 0000666 00000013341 15225624212 0011777 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260606074042.php 0000666 00000011205 15225624212 0011776 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } wp-diff.php 0000666 00000001437 15225624212 0006623 0 ustar 00 <?php /** * WordPress Diff bastard child of old MediaWiki Diff Formatter. * * Basically all that remains is the table structure and some method names. * * @package WordPress * @subpackage Diff */ // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } if ( ! class_exists( 'Text_Diff', false ) ) { /** Text_Diff class */ require ABSPATH . WPINC . '/Text/Diff.php'; /** Text_Diff_Renderer class */ require ABSPATH . WPINC . '/Text/Diff/Renderer.php'; /** Text_Diff_Renderer_inline class */ require ABSPATH . WPINC . '/Text/Diff/Renderer/inline.php'; /** Text_Exception class */ require ABSPATH . WPINC . '/Text/Exception.php'; } require ABSPATH . WPINC . '/class-wp-text-diff-renderer-table.php'; require ABSPATH . WPINC . '/class-wp-text-diff-renderer-inline.php'; feed-rss2.php 0000666 00000007327 15225624212 0007065 0 ustar 00 <?php /** * RSS2 Feed Template for displaying RSS2 Posts feed. * * @package WordPress */ header( 'Content-Type: ' . feed_content_type( 'rss2' ) . '; charset=' . get_option( 'blog_charset' ), true ); $more = 1; echo '<?xml version="1.0" encoding="' . get_option( 'blog_charset' ) . '"?' . '>'; /** * Fires between the xml and rss tags in a feed. * * @since 4.0.0 * * @param string $context Type of feed. Possible values include 'rss2', 'rss2-comments', * 'rdf', 'atom', and 'atom-comments'. */ do_action( 'rss_tag_pre', 'rss2' ); ?> <rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" <?php /** * Fires at the end of the RSS root to add namespaces. * * @since 2.0.0 */ do_action( 'rss2_ns' ); ?> > <channel> <title><?php wp_title_rss(); ?></title> <atom:link href="<?php self_link(); ?>" rel="self" type="application/rss+xml" /> <link><?php bloginfo_rss( 'url' ); ?></link> <description><?php bloginfo_rss( 'description' ); ?></description> <lastBuildDate><?php echo get_feed_build_date( 'r' ); ?></lastBuildDate> <language><?php bloginfo_rss( 'language' ); ?></language> <sy:updatePeriod> <?php $duration = 'hourly'; /** * Filters how often to update the RSS feed. * * @since 2.1.0 * * @param string $duration The update period. Accepts 'hourly', 'daily', 'weekly', 'monthly', * 'yearly'. Default 'hourly'. */ echo apply_filters( 'rss_update_period', $duration ); ?> </sy:updatePeriod> <sy:updateFrequency> <?php $frequency = '1'; /** * Filters the RSS update frequency. * * @since 2.1.0 * * @param string $frequency An integer passed as a string representing the frequency * of RSS updates within the update period. Default '1'. */ echo apply_filters( 'rss_update_frequency', $frequency ); ?> </sy:updateFrequency> <?php /** * Fires at the end of the RSS2 Feed Header. * * @since 2.0.0 */ do_action( 'rss2_head' ); while ( have_posts() ) : the_post(); ?> <item> <title><?php the_title_rss(); ?></title> <link><?php the_permalink_rss(); ?></link> <?php if ( get_comments_number() || comments_open() ) : ?> <comments><?php comments_link_feed(); ?></comments> <?php endif; ?> <dc:creator><![CDATA[<?php the_author(); ?>]]></dc:creator> <pubDate><?php echo mysql2date( 'D, d M Y H:i:s +0000', get_post_time( 'Y-m-d H:i:s', true ), false ); ?></pubDate> <?php the_category_rss( 'rss2' ); ?> <guid isPermaLink="false"><?php the_guid(); ?></guid> <?php if ( get_option( 'rss_use_excerpt' ) ) : ?> <description><![CDATA[<?php the_excerpt_rss(); ?>]]></description> <?php else : ?> <description><![CDATA[<?php the_excerpt_rss(); ?>]]></description> <?php $content = get_the_content_feed( 'rss2' ); ?> <?php if ( strlen( $content ) > 0 ) : ?> <content:encoded><![CDATA[<?php echo $content; ?>]]></content:encoded> <?php else : ?> <content:encoded><![CDATA[<?php the_excerpt_rss(); ?>]]></content:encoded> <?php endif; ?> <?php endif; ?> <?php if ( get_comments_number() || comments_open() ) : ?> <wfw:commentRss><?php echo esc_url( get_post_comments_feed_link( null, 'rss2' ) ); ?></wfw:commentRss> <slash:comments><?php echo get_comments_number(); ?></slash:comments> <?php endif; ?> <?php rss_enclosure(); ?> <?php /** * Fires at the end of each RSS2 feed item. * * @since 2.0.0 */ do_action( 'rss2_item' ); ?> </item> <?php endwhile; ?> </channel> </rss> https-migration-20260605211515.php 0000666 00000011205 15225624212 0011773 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605141018.php 0000666 00000013341 15225624212 0011763 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605215107.php 0000666 00000011205 15225624212 0011774 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605201537.php 0000666 00000011205 15225624212 0011776 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605074200.php 0000666 00000013341 15225624212 0011761 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605082717.php 0000666 00000013341 15225624212 0011775 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605081204.php 0000666 00000011205 15225624212 0011773 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } class-wp-xmlrpc-server.php 0000666 00000644627 15225624212 0011645 0 ustar 00 <?php /** * XML-RPC protocol support for WordPress. * * @package WordPress * @subpackage Publishing */ /** * WordPress XMLRPC server implementation. * * Implements compatibility for Blogger API, MetaWeblog API, MovableType, and * pingback. Additional WordPress API for managing comments, pages, posts, * options, etc. * * As of WordPress 3.5.0, XML-RPC is enabled by default. It can be disabled * via the {@see 'xmlrpc_enabled'} filter found in wp_xmlrpc_server::set_is_enabled(). * * @since 1.5.0 * * @see IXR_Server */ #[AllowDynamicProperties] class wp_xmlrpc_server extends IXR_Server { /** * Methods. * * @var array */ public $methods; /** * Blog options. * * @var array */ public $blog_options; /** * IXR_Error instance. * * @var IXR_Error */ public $error; /** * Flags that the user authentication has failed in this instance of wp_xmlrpc_server. * * @var bool */ protected $auth_failed = false; /** * Flags that XML-RPC is enabled * * @var bool */ private $is_enabled; /** * Registers all of the XMLRPC methods that XMLRPC server understands. * * Sets up server and method property. Passes XMLRPC methods through the * {@see 'xmlrpc_methods'} filter to allow plugins to extend or replace * XML-RPC methods. * * @since 1.5.0 */ public function __construct() { $this->methods = array( // WordPress API. 'wp.getUsersBlogs' => 'this:wp_getUsersBlogs', 'wp.newPost' => 'this:wp_newPost', 'wp.editPost' => 'this:wp_editPost', 'wp.deletePost' => 'this:wp_deletePost', 'wp.getPost' => 'this:wp_getPost', 'wp.getPosts' => 'this:wp_getPosts', 'wp.newTerm' => 'this:wp_newTerm', 'wp.editTerm' => 'this:wp_editTerm', 'wp.deleteTerm' => 'this:wp_deleteTerm', 'wp.getTerm' => 'this:wp_getTerm', 'wp.getTerms' => 'this:wp_getTerms', 'wp.getTaxonomy' => 'this:wp_getTaxonomy', 'wp.getTaxonomies' => 'this:wp_getTaxonomies', 'wp.getUser' => 'this:wp_getUser', 'wp.getUsers' => 'this:wp_getUsers', 'wp.getProfile' => 'this:wp_getProfile', 'wp.editProfile' => 'this:wp_editProfile', 'wp.getPage' => 'this:wp_getPage', 'wp.getPages' => 'this:wp_getPages', 'wp.newPage' => 'this:wp_newPage', 'wp.deletePage' => 'this:wp_deletePage', 'wp.editPage' => 'this:wp_editPage', 'wp.getPageList' => 'this:wp_getPageList', 'wp.getAuthors' => 'this:wp_getAuthors', 'wp.getCategories' => 'this:mw_getCategories', // Alias. 'wp.getTags' => 'this:wp_getTags', 'wp.newCategory' => 'this:wp_newCategory', 'wp.deleteCategory' => 'this:wp_deleteCategory', 'wp.suggestCategories' => 'this:wp_suggestCategories', 'wp.uploadFile' => 'this:mw_newMediaObject', // Alias. 'wp.deleteFile' => 'this:wp_deletePost', // Alias. 'wp.getCommentCount' => 'this:wp_getCommentCount', 'wp.getPostStatusList' => 'this:wp_getPostStatusList', 'wp.getPageStatusList' => 'this:wp_getPageStatusList', 'wp.getPageTemplates' => 'this:wp_getPageTemplates', 'wp.getOptions' => 'this:wp_getOptions', 'wp.setOptions' => 'this:wp_setOptions', 'wp.getComment' => 'this:wp_getComment', 'wp.getComments' => 'this:wp_getComments', 'wp.deleteComment' => 'this:wp_deleteComment', 'wp.editComment' => 'this:wp_editComment', 'wp.newComment' => 'this:wp_newComment', 'wp.getCommentStatusList' => 'this:wp_getCommentStatusList', 'wp.getMediaItem' => 'this:wp_getMediaItem', 'wp.getMediaLibrary' => 'this:wp_getMediaLibrary', 'wp.getPostFormats' => 'this:wp_getPostFormats', 'wp.getPostType' => 'this:wp_getPostType', 'wp.getPostTypes' => 'this:wp_getPostTypes', 'wp.getRevisions' => 'this:wp_getRevisions', 'wp.restoreRevision' => 'this:wp_restoreRevision', // Blogger API. 'blogger.getUsersBlogs' => 'this:blogger_getUsersBlogs', 'blogger.getUserInfo' => 'this:blogger_getUserInfo', 'blogger.getPost' => 'this:blogger_getPost', 'blogger.getRecentPosts' => 'this:blogger_getRecentPosts', 'blogger.newPost' => 'this:blogger_newPost', 'blogger.editPost' => 'this:blogger_editPost', 'blogger.deletePost' => 'this:blogger_deletePost', // MetaWeblog API (with MT extensions to structs). 'metaWeblog.newPost' => 'this:mw_newPost', 'metaWeblog.editPost' => 'this:mw_editPost', 'metaWeblog.getPost' => 'this:mw_getPost', 'metaWeblog.getRecentPosts' => 'this:mw_getRecentPosts', 'metaWeblog.getCategories' => 'this:mw_getCategories', 'metaWeblog.newMediaObject' => 'this:mw_newMediaObject', /* * MetaWeblog API aliases for Blogger API. * See http://www.xmlrpc.com/stories/storyReader$2460 */ 'metaWeblog.deletePost' => 'this:blogger_deletePost', 'metaWeblog.getUsersBlogs' => 'this:blogger_getUsersBlogs', // MovableType API. 'mt.getCategoryList' => 'this:mt_getCategoryList', 'mt.getRecentPostTitles' => 'this:mt_getRecentPostTitles', 'mt.getPostCategories' => 'this:mt_getPostCategories', 'mt.setPostCategories' => 'this:mt_setPostCategories', 'mt.supportedMethods' => 'this:mt_supportedMethods', 'mt.supportedTextFilters' => 'this:mt_supportedTextFilters', 'mt.getTrackbackPings' => 'this:mt_getTrackbackPings', 'mt.publishPost' => 'this:mt_publishPost', // Pingback. 'pingback.ping' => 'this:pingback_ping', 'pingback.extensions.getPingbacks' => 'this:pingback_extensions_getPingbacks', 'demo.sayHello' => 'this:sayHello', 'demo.addTwoNumbers' => 'this:addTwoNumbers', ); $this->initialise_blog_option_info(); /** * Filters the methods exposed by the XML-RPC server. * * This filter can be used to add new methods, and remove built-in methods. * * @since 1.5.0 * * @param string[] $methods An array of XML-RPC methods, keyed by their methodName. */ $this->methods = apply_filters( 'xmlrpc_methods', $this->methods ); $this->set_is_enabled(); } /** * Sets wp_xmlrpc_server::$is_enabled property. * * Determines whether the xmlrpc server is enabled on this WordPress install * and set the is_enabled property accordingly. * * @since 5.7.3 */ private function set_is_enabled() { /* * Respect old get_option() filters left for back-compat when the 'enable_xmlrpc' * option was deprecated in 3.5.0. Use the {@see 'xmlrpc_enabled'} hook instead. */ $is_enabled = apply_filters( 'pre_option_enable_xmlrpc', false ); if ( false === $is_enabled ) { $is_enabled = apply_filters( 'option_enable_xmlrpc', true ); } /** * Filters whether XML-RPC methods requiring authentication are enabled. * * Contrary to the way it's named, this filter does not control whether XML-RPC is *fully* * enabled, rather, it only controls whether XML-RPC methods requiring authentication - * such as for publishing purposes - are enabled. * * Further, the filter does not control whether pingbacks or other custom endpoints that don't * require authentication are enabled. This behavior is expected, and due to how parity was matched * with the `enable_xmlrpc` UI option the filter replaced when it was introduced in 3.5. * * To disable XML-RPC methods that require authentication, use: * * add_filter( 'xmlrpc_enabled', '__return_false' ); * * For more granular control over all XML-RPC methods and requests, see the {@see 'xmlrpc_methods'} * and {@see 'xmlrpc_element_limit'} hooks. * * @since 3.5.0 * * @param bool $is_enabled Whether XML-RPC is enabled. Default true. */ $this->is_enabled = apply_filters( 'xmlrpc_enabled', $is_enabled ); } /** * Makes private/protected methods readable for backward compatibility. * * @since 4.0.0 * * @param string $name Method to call. * @param array $arguments Arguments to pass when calling. * @return array|IXR_Error|false Return value of the callback, false otherwise. */ public function __call( $name, $arguments ) { if ( '_multisite_getUsersBlogs' === $name ) { return $this->_multisite_getUsersBlogs( ...$arguments ); } return false; } /** * Serves the XML-RPC request. * * @since 2.9.0 */ public function serve_request() { $this->IXR_Server( $this->methods ); } /** * Tests XMLRPC API by saying, "Hello!" to client. * * @since 1.5.0 * * @return string Hello string response. */ public function sayHello() { return 'Hello!'; } /** * Tests XMLRPC API by adding two numbers for client. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 A number to add. * @type int $1 A second number to add. * } * @return int Sum of the two given numbers. */ public function addTwoNumbers( $args ) { $number1 = $args[0]; $number2 = $args[1]; return $number1 + $number2; } /** * Logs user in. * * @since 2.8.0 * * @param string $username User's username. * @param string $password User's password. * @return WP_User|false WP_User object if authentication passed, false otherwise. */ public function login( $username, #[\SensitiveParameter] $password ) { if ( ! $this->is_enabled ) { $this->error = new IXR_Error( 405, sprintf( __( 'XML-RPC services are disabled on this site.' ) ) ); return false; } if ( $this->auth_failed ) { $user = new WP_Error( 'login_prevented' ); } else { $user = wp_authenticate( $username, $password ); } if ( is_wp_error( $user ) ) { $this->error = new IXR_Error( 403, __( 'Incorrect username or password.' ) ); // Flag that authentication has failed once on this wp_xmlrpc_server instance. $this->auth_failed = true; /** * Filters the XML-RPC user login error message. * * @since 3.5.0 * * @param IXR_Error $error The XML-RPC error message. * @param WP_Error $user WP_Error object. */ $this->error = apply_filters( 'xmlrpc_login_error', $this->error, $user ); return false; } wp_set_current_user( $user->ID ); return $user; } /** * Checks user's credentials. Deprecated. * * @since 1.5.0 * @deprecated 2.8.0 Use wp_xmlrpc_server::login() * @see wp_xmlrpc_server::login() * * @param string $username User's username. * @param string $password User's password. * @return bool Whether authentication passed. */ public function login_pass_ok( $username, #[\SensitiveParameter] $password ) { return (bool) $this->login( $username, $password ); } /** * Escapes string or array of strings for database. * * @since 1.5.2 * * @param string|array $data Escape single string or array of strings. * @return string|void Returns with string is passed, alters by-reference * when array is passed. */ public function escape( &$data ) { if ( ! is_array( $data ) ) { return wp_slash( $data ); } foreach ( $data as &$v ) { if ( is_array( $v ) ) { $this->escape( $v ); } elseif ( ! is_object( $v ) ) { $v = wp_slash( $v ); } } } /** * Sends error response to client. * * Sends an XML error response to the client. If the endpoint is enabled * an HTTP 200 response is always sent per the XML-RPC specification. * * @since 5.7.3 * * @param IXR_Error|string $error Error code or an error object. * @param false $message Error message. Optional. */ public function error( $error, $message = false ) { // Accepts either an error object or an error code and message if ( $message && ! is_object( $error ) ) { $error = new IXR_Error( $error, $message ); } if ( ! $this->is_enabled ) { status_header( $error->code ); } $this->output( $error->getXml() ); } /** * Retrieves custom fields for post. * * @since 2.5.0 * * @param int $post_id Post ID. * @return array Custom fields, if exist. */ public function get_custom_fields( $post_id ) { $post_id = (int) $post_id; $custom_fields = array(); foreach ( (array) has_meta( $post_id ) as $meta ) { // Don't expose protected fields. if ( ! current_user_can( 'edit_post_meta', $post_id, $meta['meta_key'] ) ) { continue; } $custom_fields[] = array( 'id' => $meta['meta_id'], 'key' => $meta['meta_key'], 'value' => $meta['meta_value'], ); } return $custom_fields; } /** * Sets custom fields for post. * * @since 2.5.0 * * @param int $post_id Post ID. * @param array $fields Custom fields. */ public function set_custom_fields( $post_id, $fields ) { $post_id = (int) $post_id; foreach ( (array) $fields as $meta ) { if ( isset( $meta['id'] ) ) { $meta['id'] = (int) $meta['id']; $pmeta = get_metadata_by_mid( 'post', $meta['id'] ); if ( ! $pmeta || (int) $pmeta->post_id !== $post_id ) { continue; } if ( isset( $meta['key'] ) ) { $meta['key'] = wp_unslash( $meta['key'] ); if ( $meta['key'] !== $pmeta->meta_key ) { continue; } $meta['value'] = wp_unslash( $meta['value'] ); if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) ) { update_metadata_by_mid( 'post', $meta['id'], $meta['value'] ); } } elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) { delete_metadata_by_mid( 'post', $meta['id'] ); } } elseif ( current_user_can( 'add_post_meta', $post_id, wp_unslash( $meta['key'] ) ) ) { add_post_meta( $post_id, $meta['key'], $meta['value'] ); } } } /** * Retrieves custom fields for a term. * * @since 4.9.0 * * @param int $term_id Term ID. * @return array Array of custom fields, if they exist. */ public function get_term_custom_fields( $term_id ) { $term_id = (int) $term_id; $custom_fields = array(); foreach ( (array) has_term_meta( $term_id ) as $meta ) { if ( ! current_user_can( 'edit_term_meta', $term_id ) ) { continue; } $custom_fields[] = array( 'id' => $meta['meta_id'], 'key' => $meta['meta_key'], 'value' => $meta['meta_value'], ); } return $custom_fields; } /** * Sets custom fields for a term. * * @since 4.9.0 * * @param int $term_id Term ID. * @param array $fields Custom fields. */ public function set_term_custom_fields( $term_id, $fields ) { $term_id = (int) $term_id; foreach ( (array) $fields as $meta ) { if ( isset( $meta['id'] ) ) { $meta['id'] = (int) $meta['id']; $pmeta = get_metadata_by_mid( 'term', $meta['id'] ); if ( isset( $meta['key'] ) ) { $meta['key'] = wp_unslash( $meta['key'] ); if ( $meta['key'] !== $pmeta->meta_key ) { continue; } $meta['value'] = wp_unslash( $meta['value'] ); if ( current_user_can( 'edit_term_meta', $term_id ) ) { update_metadata_by_mid( 'term', $meta['id'], $meta['value'] ); } } elseif ( current_user_can( 'delete_term_meta', $term_id ) ) { delete_metadata_by_mid( 'term', $meta['id'] ); } } elseif ( current_user_can( 'add_term_meta', $term_id ) ) { add_term_meta( $term_id, $meta['key'], $meta['value'] ); } } } /** * Sets up blog options property. * * Passes property through {@see 'xmlrpc_blog_options'} filter. * * @since 2.6.0 */ public function initialise_blog_option_info() { $this->blog_options = array( // Read-only options. 'software_name' => array( 'desc' => __( 'Software Name' ), 'readonly' => true, 'value' => 'WordPress', ), 'software_version' => array( 'desc' => __( 'Software Version' ), 'readonly' => true, 'value' => get_bloginfo( 'version' ), ), 'blog_url' => array( 'desc' => __( 'WordPress Address (URL)' ), 'readonly' => true, 'option' => 'siteurl', ), 'home_url' => array( 'desc' => __( 'Site Address (URL)' ), 'readonly' => true, 'option' => 'home', ), 'login_url' => array( 'desc' => __( 'Login Address (URL)' ), 'readonly' => true, 'value' => wp_login_url(), ), 'admin_url' => array( 'desc' => __( 'The URL to the admin area' ), 'readonly' => true, 'value' => get_admin_url(), ), 'image_default_link_type' => array( 'desc' => __( 'Image default link type' ), 'readonly' => true, 'option' => 'image_default_link_type', ), 'image_default_size' => array( 'desc' => __( 'Image default size' ), 'readonly' => true, 'option' => 'image_default_size', ), 'image_default_align' => array( 'desc' => __( 'Image default align' ), 'readonly' => true, 'option' => 'image_default_align', ), 'template' => array( 'desc' => __( 'Template' ), 'readonly' => true, 'option' => 'template', ), 'stylesheet' => array( 'desc' => __( 'Stylesheet' ), 'readonly' => true, 'option' => 'stylesheet', ), 'post_thumbnail' => array( 'desc' => __( 'Post Thumbnail' ), 'readonly' => true, 'value' => current_theme_supports( 'post-thumbnails' ), ), // Updatable options. 'time_zone' => array( 'desc' => __( 'Time Zone' ), 'readonly' => false, 'option' => 'gmt_offset', ), 'blog_title' => array( 'desc' => __( 'Site Title' ), 'readonly' => false, 'option' => 'blogname', ), 'blog_tagline' => array( 'desc' => __( 'Site Tagline' ), 'readonly' => false, 'option' => 'blogdescription', ), 'date_format' => array( 'desc' => __( 'Date Format' ), 'readonly' => false, 'option' => 'date_format', ), 'time_format' => array( 'desc' => __( 'Time Format' ), 'readonly' => false, 'option' => 'time_format', ), 'users_can_register' => array( 'desc' => __( 'Allow new users to sign up' ), 'readonly' => false, 'option' => 'users_can_register', ), 'thumbnail_size_w' => array( 'desc' => __( 'Thumbnail Width' ), 'readonly' => false, 'option' => 'thumbnail_size_w', ), 'thumbnail_size_h' => array( 'desc' => __( 'Thumbnail Height' ), 'readonly' => false, 'option' => 'thumbnail_size_h', ), 'thumbnail_crop' => array( 'desc' => __( 'Crop thumbnail to exact dimensions' ), 'readonly' => false, 'option' => 'thumbnail_crop', ), 'medium_size_w' => array( 'desc' => __( 'Medium size image width' ), 'readonly' => false, 'option' => 'medium_size_w', ), 'medium_size_h' => array( 'desc' => __( 'Medium size image height' ), 'readonly' => false, 'option' => 'medium_size_h', ), 'medium_large_size_w' => array( 'desc' => __( 'Medium-Large size image width' ), 'readonly' => false, 'option' => 'medium_large_size_w', ), 'medium_large_size_h' => array( 'desc' => __( 'Medium-Large size image height' ), 'readonly' => false, 'option' => 'medium_large_size_h', ), 'large_size_w' => array( 'desc' => __( 'Large size image width' ), 'readonly' => false, 'option' => 'large_size_w', ), 'large_size_h' => array( 'desc' => __( 'Large size image height' ), 'readonly' => false, 'option' => 'large_size_h', ), 'default_comment_status' => array( 'desc' => __( 'Allow people to submit comments on new posts.' ), 'readonly' => false, 'option' => 'default_comment_status', ), 'default_ping_status' => array( 'desc' => __( 'Allow link notifications from other blogs (pingbacks and trackbacks) on new posts.' ), 'readonly' => false, 'option' => 'default_ping_status', ), ); /** * Filters the XML-RPC blog options property. * * @since 2.6.0 * * @param array $blog_options An array of XML-RPC blog options. */ $this->blog_options = apply_filters( 'xmlrpc_blog_options', $this->blog_options ); } /** * Retrieves the blogs of the user. * * @since 2.6.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type string $0 Username. * @type string $1 Password. * } * @return array|IXR_Error Array contains: * - 'isAdmin' * - 'isPrimary' - whether the blog is the user's primary blog * - 'url' * - 'blogid' * - 'blogName' * - 'xmlrpc' - url of xmlrpc endpoint */ public function wp_getUsersBlogs( $args ) { if ( ! $this->minimum_args( $args, 2 ) ) { return $this->error; } // If this isn't on WPMU then just use blogger_getUsersBlogs(). if ( ! is_multisite() ) { array_unshift( $args, 1 ); return $this->blogger_getUsersBlogs( $args ); } $this->escape( $args ); $username = $args[0]; $password = $args[1]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** * Fires after the XML-RPC user has been authenticated but before the rest of * the method logic begins. * * All built-in XML-RPC methods use the action xmlrpc_call, with a parameter * equal to the method's name, e.g., wp.getUsersBlogs, wp.newPost, etc. * * @since 2.5.0 * @since 5.7.0 Added the `$args` and `$server` parameters. * * @param string $name The method name. * @param array|string $args The escaped arguments passed to the method. * @param wp_xmlrpc_server $server The XML-RPC server instance. */ do_action( 'xmlrpc_call', 'wp.getUsersBlogs', $args, $this ); $blogs = (array) get_blogs_of_user( $user->ID ); $struct = array(); $primary_blog_id = 0; $active_blog = get_active_blog_for_user( $user->ID ); if ( $active_blog ) { $primary_blog_id = (int) $active_blog->blog_id; } $current_network_id = get_current_network_id(); foreach ( $blogs as $blog ) { // Don't include blogs that aren't hosted at this site. if ( $blog->site_id !== $current_network_id ) { continue; } $blog_id = $blog->userblog_id; switch_to_blog( $blog_id ); $is_admin = current_user_can( 'manage_options' ); $is_primary = ( (int) $blog_id === $primary_blog_id ); $struct[] = array( 'isAdmin' => $is_admin, 'isPrimary' => $is_primary, 'url' => home_url( '/' ), 'blogid' => (string) $blog_id, 'blogName' => get_option( 'blogname' ), 'xmlrpc' => site_url( 'xmlrpc.php', 'rpc' ), ); restore_current_blog(); } return $struct; } /** * Checks if the method received at least the minimum number of arguments. * * @since 3.4.0 * * @param array $args An array of arguments to check. * @param int $count Minimum number of arguments. * @return bool True if `$args` contains at least `$count` arguments, false otherwise. */ protected function minimum_args( $args, $count ) { if ( ! is_array( $args ) || count( $args ) < $count ) { $this->error = new IXR_Error( 400, __( 'Insufficient arguments passed to this XML-RPC method.' ) ); return false; } return true; } /** * Prepares taxonomy data for return in an XML-RPC object. * * @param WP_Taxonomy $taxonomy The unprepared taxonomy data. * @param array $fields The subset of taxonomy fields to return. * @return array The prepared taxonomy data. */ protected function _prepare_taxonomy( $taxonomy, $fields ) { $_taxonomy = array( 'name' => $taxonomy->name, 'label' => $taxonomy->label, 'hierarchical' => (bool) $taxonomy->hierarchical, 'public' => (bool) $taxonomy->public, 'show_ui' => (bool) $taxonomy->show_ui, '_builtin' => (bool) $taxonomy->_builtin, ); if ( in_array( 'labels', $fields, true ) ) { $_taxonomy['labels'] = (array) $taxonomy->labels; } if ( in_array( 'cap', $fields, true ) ) { $_taxonomy['cap'] = (array) $taxonomy->cap; } if ( in_array( 'menu', $fields, true ) ) { $_taxonomy['show_in_menu'] = (bool) $taxonomy->show_in_menu; } if ( in_array( 'object_type', $fields, true ) ) { $_taxonomy['object_type'] = array_unique( (array) $taxonomy->object_type ); } /** * Filters XML-RPC-prepared data for the given taxonomy. * * @since 3.4.0 * * @param array $_taxonomy An array of taxonomy data. * @param WP_Taxonomy $taxonomy Taxonomy object. * @param array $fields The subset of taxonomy fields to return. */ return apply_filters( 'xmlrpc_prepare_taxonomy', $_taxonomy, $taxonomy, $fields ); } /** * Prepares term data for return in an XML-RPC object. * * @param array|object $term The unprepared term data. * @return array The prepared term data. */ protected function _prepare_term( $term ) { $_term = $term; if ( ! is_array( $_term ) ) { $_term = get_object_vars( $_term ); } // For integers which may be larger than XML-RPC supports ensure we return strings. $_term['term_id'] = (string) $_term['term_id']; $_term['term_group'] = (string) $_term['term_group']; $_term['term_taxonomy_id'] = (string) $_term['term_taxonomy_id']; $_term['parent'] = (string) $_term['parent']; // Count we are happy to return as an integer because people really shouldn't use terms that much. $_term['count'] = (int) $_term['count']; // Get term meta. $_term['custom_fields'] = $this->get_term_custom_fields( $_term['term_id'] ); /** * Filters XML-RPC-prepared data for the given term. * * @since 3.4.0 * * @param array $_term An array of term data. * @param array|object $term Term object or array. */ return apply_filters( 'xmlrpc_prepare_term', $_term, $term ); } /** * Converts a WordPress date string to an IXR_Date object. * * @param string $date Date string to convert. * @return IXR_Date IXR_Date object. */ protected function _convert_date( $date ) { if ( '0000-00-00 00:00:00' === $date ) { return new IXR_Date( '00000000T00:00:00Z' ); } return new IXR_Date( mysql2date( 'Ymd\TH:i:s', $date, false ) ); } /** * Converts a WordPress GMT date string to an IXR_Date object. * * @param string $date_gmt WordPress GMT date string. * @param string $date Date string. * @return IXR_Date IXR_Date object. */ protected function _convert_date_gmt( $date_gmt, $date ) { if ( '0000-00-00 00:00:00' !== $date && '0000-00-00 00:00:00' === $date_gmt ) { return new IXR_Date( get_gmt_from_date( mysql2date( 'Y-m-d H:i:s', $date, false ), 'Ymd\TH:i:s' ) ); } return $this->_convert_date( $date_gmt ); } /** * Prepares post data for return in an XML-RPC object. * * @param array $post The unprepared post data. * @param array $fields The subset of post type fields to return. * @return array The prepared post data. */ protected function _prepare_post( $post, $fields ) { // Holds the data for this post. built up based on $fields. $_post = array( 'post_id' => (string) $post['ID'] ); // Prepare common post fields. $post_fields = array( 'post_title' => $post['post_title'], 'post_date' => $this->_convert_date( $post['post_date'] ), 'post_date_gmt' => $this->_convert_date_gmt( $post['post_date_gmt'], $post['post_date'] ), 'post_modified' => $this->_convert_date( $post['post_modified'] ), 'post_modified_gmt' => $this->_convert_date_gmt( $post['post_modified_gmt'], $post['post_modified'] ), 'post_status' => $post['post_status'], 'post_type' => $post['post_type'], 'post_name' => $post['post_name'], 'post_author' => $post['post_author'], 'post_password' => $post['post_password'], 'post_excerpt' => $post['post_excerpt'], 'post_content' => $post['post_content'], 'post_parent' => (string) $post['post_parent'], 'post_mime_type' => $post['post_mime_type'], 'link' => get_permalink( $post['ID'] ), 'guid' => $post['guid'], 'menu_order' => (int) $post['menu_order'], 'comment_status' => $post['comment_status'], 'ping_status' => $post['ping_status'], 'sticky' => ( 'post' === $post['post_type'] && is_sticky( $post['ID'] ) ), ); // Thumbnail. $post_fields['post_thumbnail'] = array(); $thumbnail_id = get_post_thumbnail_id( $post['ID'] ); if ( $thumbnail_id ) { $thumbnail_size = current_theme_supports( 'post-thumbnail' ) ? 'post-thumbnail' : 'thumbnail'; $post_fields['post_thumbnail'] = $this->_prepare_media_item( get_post( $thumbnail_id ), $thumbnail_size ); } // Consider future posts as published. if ( 'future' === $post_fields['post_status'] ) { $post_fields['post_status'] = 'publish'; } // Fill in blank post format. $post_fields['post_format'] = get_post_format( $post['ID'] ); if ( empty( $post_fields['post_format'] ) ) { $post_fields['post_format'] = 'standard'; } // Merge requested $post_fields fields into $_post. if ( in_array( 'post', $fields, true ) ) { $_post = array_merge( $_post, $post_fields ); } else { $requested_fields = array_intersect_key( $post_fields, array_flip( $fields ) ); $_post = array_merge( $_post, $requested_fields ); } $all_taxonomy_fields = in_array( 'taxonomies', $fields, true ); if ( $all_taxonomy_fields || in_array( 'terms', $fields, true ) ) { $post_type_taxonomies = get_object_taxonomies( $post['post_type'], 'names' ); $terms = wp_get_object_terms( $post['ID'], $post_type_taxonomies ); $_post['terms'] = array(); foreach ( $terms as $term ) { $_post['terms'][] = $this->_prepare_term( $term ); } } if ( in_array( 'custom_fields', $fields, true ) ) { $_post['custom_fields'] = $this->get_custom_fields( $post['ID'] ); } if ( in_array( 'enclosure', $fields, true ) ) { $_post['enclosure'] = array(); $enclosures = (array) get_post_meta( $post['ID'], 'enclosure' ); if ( ! empty( $enclosures ) ) { $encdata = explode( "\n", $enclosures[0] ); $_post['enclosure']['url'] = trim( htmlspecialchars( $encdata[0] ) ); $_post['enclosure']['length'] = (int) trim( $encdata[1] ); $_post['enclosure']['type'] = trim( $encdata[2] ); } } /** * Filters XML-RPC-prepared date for the given post. * * @since 3.4.0 * * @param array $_post An array of modified post data. * @param array $post An array of post data. * @param array $fields An array of post fields. */ return apply_filters( 'xmlrpc_prepare_post', $_post, $post, $fields ); } /** * Prepares post data for return in an XML-RPC object. * * @since 3.4.0 * @since 4.6.0 Converted the `$post_type` parameter to accept a WP_Post_Type object. * * @param WP_Post_Type $post_type Post type object. * @param array $fields The subset of post fields to return. * @return array The prepared post type data. */ protected function _prepare_post_type( $post_type, $fields ) { $_post_type = array( 'name' => $post_type->name, 'label' => $post_type->label, 'hierarchical' => (bool) $post_type->hierarchical, 'public' => (bool) $post_type->public, 'show_ui' => (bool) $post_type->show_ui, '_builtin' => (bool) $post_type->_builtin, 'has_archive' => (bool) $post_type->has_archive, 'supports' => get_all_post_type_supports( $post_type->name ), ); if ( in_array( 'labels', $fields, true ) ) { $_post_type['labels'] = (array) $post_type->labels; } if ( in_array( 'cap', $fields, true ) ) { $_post_type['cap'] = (array) $post_type->cap; $_post_type['map_meta_cap'] = (bool) $post_type->map_meta_cap; } if ( in_array( 'menu', $fields, true ) ) { $_post_type['menu_position'] = (int) $post_type->menu_position; $_post_type['menu_icon'] = $post_type->menu_icon; $_post_type['show_in_menu'] = (bool) $post_type->show_in_menu; } if ( in_array( 'taxonomies', $fields, true ) ) { $_post_type['taxonomies'] = get_object_taxonomies( $post_type->name, 'names' ); } /** * Filters XML-RPC-prepared date for the given post type. * * @since 3.4.0 * @since 4.6.0 Converted the `$post_type` parameter to accept a WP_Post_Type object. * * @param array $_post_type An array of post type data. * @param WP_Post_Type $post_type Post type object. */ return apply_filters( 'xmlrpc_prepare_post_type', $_post_type, $post_type ); } /** * Prepares media item data for return in an XML-RPC object. * * @param WP_Post $media_item The unprepared media item data. * @param string $thumbnail_size The image size to use for the thumbnail URL. * @return array The prepared media item data. */ protected function _prepare_media_item( $media_item, $thumbnail_size = 'thumbnail' ) { $_media_item = array( 'attachment_id' => (string) $media_item->ID, 'date_created_gmt' => $this->_convert_date_gmt( $media_item->post_date_gmt, $media_item->post_date ), 'parent' => $media_item->post_parent, 'link' => wp_get_attachment_url( $media_item->ID ), 'title' => $media_item->post_title, 'caption' => $media_item->post_excerpt, 'description' => $media_item->post_content, 'metadata' => wp_get_attachment_metadata( $media_item->ID ), 'type' => $media_item->post_mime_type, 'alt' => get_post_meta( $media_item->ID, '_wp_attachment_image_alt', true ), ); $thumbnail_src = image_downsize( $media_item->ID, $thumbnail_size ); if ( $thumbnail_src ) { $_media_item['thumbnail'] = $thumbnail_src[0]; } else { $_media_item['thumbnail'] = $_media_item['link']; } /** * Filters XML-RPC-prepared data for the given media item. * * @since 3.4.0 * * @param array $_media_item An array of media item data. * @param WP_Post $media_item Media item object. * @param string $thumbnail_size Image size. */ return apply_filters( 'xmlrpc_prepare_media_item', $_media_item, $media_item, $thumbnail_size ); } /** * Prepares page data for return in an XML-RPC object. * * @param WP_Post $page The unprepared page data. * @return array The prepared page data. */ protected function _prepare_page( $page ) { // Get all of the page content and link. $full_page = get_extended( $page->post_content ); $link = get_permalink( $page->ID ); // Get info the page parent if there is one. $parent_title = ''; if ( ! empty( $page->post_parent ) ) { $parent = get_post( $page->post_parent ); $parent_title = $parent->post_title; } // Determine comment and ping settings. $allow_comments = comments_open( $page->ID ) ? 1 : 0; $allow_pings = pings_open( $page->ID ) ? 1 : 0; // Format page date. $page_date = $this->_convert_date( $page->post_date ); $page_date_gmt = $this->_convert_date_gmt( $page->post_date_gmt, $page->post_date ); // Pull the categories info together. $categories = array(); if ( is_object_in_taxonomy( 'page', 'category' ) ) { foreach ( wp_get_post_categories( $page->ID ) as $cat_id ) { $categories[] = get_cat_name( $cat_id ); } } // Get the author info. $author = get_userdata( $page->post_author ); $page_template = get_page_template_slug( $page->ID ); if ( empty( $page_template ) ) { $page_template = 'default'; } $_page = array( 'dateCreated' => $page_date, 'userid' => $page->post_author, 'page_id' => $page->ID, 'page_status' => $page->post_status, 'description' => $full_page['main'], 'title' => $page->post_title, 'link' => $link, 'permaLink' => $link, 'categories' => $categories, 'excerpt' => $page->post_excerpt, 'text_more' => $full_page['extended'], 'mt_allow_comments' => $allow_comments, 'mt_allow_pings' => $allow_pings, 'wp_slug' => $page->post_name, 'wp_password' => $page->post_password, 'wp_author' => $author->display_name, 'wp_page_parent_id' => $page->post_parent, 'wp_page_parent_title' => $parent_title, 'wp_page_order' => $page->menu_order, 'wp_author_id' => (string) $author->ID, 'wp_author_display_name' => $author->display_name, 'date_created_gmt' => $page_date_gmt, 'custom_fields' => $this->get_custom_fields( $page->ID ), 'wp_page_template' => $page_template, ); /** * Filters XML-RPC-prepared data for the given page. * * @since 3.4.0 * * @param array $_page An array of page data. * @param WP_Post $page Page object. */ return apply_filters( 'xmlrpc_prepare_page', $_page, $page ); } /** * Prepares comment data for return in an XML-RPC object. * * @param WP_Comment $comment The unprepared comment data. * @return array The prepared comment data. */ protected function _prepare_comment( $comment ) { // Format page date. $comment_date_gmt = $this->_convert_date_gmt( $comment->comment_date_gmt, $comment->comment_date ); if ( '0' === $comment->comment_approved ) { $comment_status = 'hold'; } elseif ( 'spam' === $comment->comment_approved ) { $comment_status = 'spam'; } elseif ( '1' === $comment->comment_approved ) { $comment_status = 'approve'; } else { $comment_status = $comment->comment_approved; } $_comment = array( 'date_created_gmt' => $comment_date_gmt, 'user_id' => $comment->user_id, 'comment_id' => $comment->comment_ID, 'parent' => $comment->comment_parent, 'status' => $comment_status, 'content' => $comment->comment_content, 'link' => get_comment_link( $comment ), 'post_id' => $comment->comment_post_ID, 'post_title' => get_the_title( $comment->comment_post_ID ), 'author' => $comment->comment_author, 'author_url' => $comment->comment_author_url, 'author_email' => $comment->comment_author_email, 'author_ip' => $comment->comment_author_IP, 'type' => $comment->comment_type, ); /** * Filters XML-RPC-prepared data for the given comment. * * @since 3.4.0 * * @param array $_comment An array of prepared comment data. * @param WP_Comment $comment Comment object. */ return apply_filters( 'xmlrpc_prepare_comment', $_comment, $comment ); } /** * Prepares user data for return in an XML-RPC object. * * @param WP_User $user The unprepared user object. * @param array $fields The subset of user fields to return. * @return array The prepared user data. */ protected function _prepare_user( $user, $fields ) { $_user = array( 'user_id' => (string) $user->ID ); $user_fields = array( 'username' => $user->user_login, 'first_name' => $user->user_firstname, 'last_name' => $user->user_lastname, 'registered' => $this->_convert_date( $user->user_registered ), 'bio' => $user->user_description, 'email' => $user->user_email, 'nickname' => $user->nickname, 'nicename' => $user->user_nicename, 'url' => $user->user_url, 'display_name' => $user->display_name, 'roles' => $user->roles, ); if ( in_array( 'all', $fields, true ) ) { $_user = array_merge( $_user, $user_fields ); } else { if ( in_array( 'basic', $fields, true ) ) { $basic_fields = array( 'username', 'email', 'registered', 'display_name', 'nicename' ); $fields = array_merge( $fields, $basic_fields ); } $requested_fields = array_intersect_key( $user_fields, array_flip( $fields ) ); $_user = array_merge( $_user, $requested_fields ); } /** * Filters XML-RPC-prepared data for the given user. * * @since 3.5.0 * * @param array $_user An array of user data. * @param WP_User $user User object. * @param array $fields An array of user fields. */ return apply_filters( 'xmlrpc_prepare_user', $_user, $user, $fields ); } /** * Creates a new post for any registered post type. * * @since 3.4.0 * * @link https://en.wikipedia.org/wiki/RSS_enclosure for information on RSS enclosures. * * @param array $args { * Method arguments. Note: top-level arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 { * Content struct for adding a new post. See wp_insert_post() for information on * additional post fields * * @type string $post_type Post type. Default 'post'. * @type string $post_status Post status. Default 'draft' * @type string $post_title Post title. * @type int $post_author Post author ID. * @type string $post_excerpt Post excerpt. * @type string $post_content Post content. * @type string $post_date_gmt Post date in GMT. * @type string $post_date Post date. * @type string $post_password Post password (20-character limit). * @type string $comment_status Post comment enabled status. Accepts 'open' or 'closed'. * @type string $ping_status Post ping status. Accepts 'open' or 'closed'. * @type bool $sticky Whether the post should be sticky. Automatically false if * `$post_status` is 'private'. * @type int $post_thumbnail ID of an image to use as the post thumbnail/featured image. * @type array $custom_fields Array of meta key/value pairs to add to the post. * @type array $terms Associative array with taxonomy names as keys and arrays * of term IDs as values. * @type array $terms_names Associative array with taxonomy names as keys and arrays * of term names as values. * @type array $enclosure { * Array of feed enclosure data to add to post meta. * * @type string $url URL for the feed enclosure. * @type int $length Size in bytes of the enclosure. * @type string $type Mime-type for the enclosure. * } * } * } * @return int|IXR_Error Post ID on success, IXR_Error instance otherwise. */ public function wp_newPost( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $content_struct = $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } // Convert the date field back to IXR form. if ( isset( $content_struct['post_date'] ) && ! ( $content_struct['post_date'] instanceof IXR_Date ) ) { $content_struct['post_date'] = $this->_convert_date( $content_struct['post_date'] ); } /* * Ignore the existing GMT date if it is empty or a non-GMT date was supplied in $content_struct, * since _insert_post() will ignore the non-GMT date if the GMT date is set. */ if ( isset( $content_struct['post_date_gmt'] ) && ! ( $content_struct['post_date_gmt'] instanceof IXR_Date ) ) { if ( '0000-00-00 00:00:00' === $content_struct['post_date_gmt'] || isset( $content_struct['post_date'] ) ) { unset( $content_struct['post_date_gmt'] ); } else { $content_struct['post_date_gmt'] = $this->_convert_date( $content_struct['post_date_gmt'] ); } } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.newPost', $args, $this ); unset( $content_struct['ID'] ); return $this->_insert_post( $user, $content_struct ); } /** * Helper method for filtering out elements from an array. * * @since 3.4.0 * * @param int $count Number to compare to one. * @return bool True if the number is greater than one, false otherwise. */ private function _is_greater_than_one( $count ) { return $count > 1; } /** * Encapsulates the logic for sticking a post and determining if * the user has permission to do so. * * @since 4.3.0 * * @param array $post_data * @param bool $update * @return void|IXR_Error */ private function _toggle_sticky( $post_data, $update = false ) { $post_type = get_post_type_object( $post_data['post_type'] ); // Private and password-protected posts cannot be stickied. if ( 'private' === $post_data['post_status'] || ! empty( $post_data['post_password'] ) ) { // Error if the client tried to stick the post, otherwise, silently unstick. if ( ! empty( $post_data['sticky'] ) ) { return new IXR_Error( 401, __( 'Sorry, you cannot stick a private post.' ) ); } if ( $update ) { unstick_post( $post_data['ID'] ); } } elseif ( isset( $post_data['sticky'] ) ) { if ( ! current_user_can( $post_type->cap->edit_others_posts ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to make posts sticky.' ) ); } $sticky = wp_validate_boolean( $post_data['sticky'] ); if ( $sticky ) { stick_post( $post_data['ID'] ); } else { unstick_post( $post_data['ID'] ); } } } /** * Helper method for wp_newPost() and wp_editPost(), containing shared logic. * * @since 3.4.0 * * @see wp_insert_post() * * @param WP_User $user The post author if post_author isn't set in $content_struct. * @param array|IXR_Error $content_struct Post data to insert. * @return IXR_Error|string */ protected function _insert_post( $user, $content_struct ) { $defaults = array( 'post_status' => 'draft', 'post_type' => 'post', 'post_author' => 0, 'post_password' => '', 'post_excerpt' => '', 'post_content' => '', 'post_title' => '', 'post_date' => '', 'post_date_gmt' => '', 'post_format' => null, 'post_name' => null, 'post_thumbnail' => null, 'post_parent' => 0, 'ping_status' => '', 'comment_status' => '', 'custom_fields' => null, 'terms_names' => null, 'terms' => null, 'sticky' => null, 'enclosure' => null, 'ID' => null, ); $post_data = wp_parse_args( array_intersect_key( $content_struct, $defaults ), $defaults ); $post_type = get_post_type_object( $post_data['post_type'] ); if ( ! $post_type ) { return new IXR_Error( 403, __( 'Invalid post type.' ) ); } $update = ! empty( $post_data['ID'] ); if ( $update ) { if ( ! get_post( $post_data['ID'] ) ) { return new IXR_Error( 401, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'edit_post', $post_data['ID'] ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); } if ( get_post_type( $post_data['ID'] ) !== $post_data['post_type'] ) { return new IXR_Error( 401, __( 'The post type may not be changed.' ) ); } } else { if ( ! current_user_can( $post_type->cap->create_posts ) || ! current_user_can( $post_type->cap->edit_posts ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to post on this site.' ) ); } } switch ( $post_data['post_status'] ) { case 'draft': case 'pending': break; case 'private': if ( ! current_user_can( $post_type->cap->publish_posts ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to create private posts in this post type.' ) ); } break; case 'publish': case 'future': if ( ! current_user_can( $post_type->cap->publish_posts ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish posts in this post type.' ) ); } break; default: if ( ! get_post_status_object( $post_data['post_status'] ) ) { $post_data['post_status'] = 'draft'; } break; } if ( ! empty( $post_data['post_password'] ) && ! current_user_can( $post_type->cap->publish_posts ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to create password protected posts in this post type.' ) ); } $post_data['post_author'] = absint( $post_data['post_author'] ); if ( ! empty( $post_data['post_author'] ) && $post_data['post_author'] !== $user->ID ) { if ( ! current_user_can( $post_type->cap->edit_others_posts ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to create posts as this user.' ) ); } $author = get_userdata( $post_data['post_author'] ); if ( ! $author ) { return new IXR_Error( 404, __( 'Invalid author ID.' ) ); } } else { $post_data['post_author'] = $user->ID; } if ( 'open' !== $post_data['comment_status'] && 'closed' !== $post_data['comment_status'] ) { unset( $post_data['comment_status'] ); } if ( 'open' !== $post_data['ping_status'] && 'closed' !== $post_data['ping_status'] ) { unset( $post_data['ping_status'] ); } // Do some timestamp voodoo. if ( ! empty( $post_data['post_date_gmt'] ) ) { // We know this is supposed to be GMT, so we're going to slap that Z on there by force. $date_created = rtrim( $post_data['post_date_gmt']->getIso(), 'Z' ) . 'Z'; } elseif ( ! empty( $post_data['post_date'] ) ) { $date_created = $post_data['post_date']->getIso(); } // Default to not flagging the post date to be edited unless it's intentional. $post_data['edit_date'] = false; if ( ! empty( $date_created ) ) { $post_data['post_date'] = iso8601_to_datetime( $date_created ); $post_data['post_date_gmt'] = iso8601_to_datetime( $date_created, 'gmt' ); // Flag the post date to be edited. $post_data['edit_date'] = true; } if ( ! isset( $post_data['ID'] ) ) { $post_data['ID'] = get_default_post_to_edit( $post_data['post_type'], true )->ID; } $post_id = $post_data['ID']; if ( 'post' === $post_data['post_type'] ) { $error = $this->_toggle_sticky( $post_data, $update ); if ( $error ) { return $error; } } if ( isset( $post_data['post_thumbnail'] ) ) { // Empty value deletes, non-empty value adds/updates. if ( ! $post_data['post_thumbnail'] ) { delete_post_thumbnail( $post_id ); } elseif ( ! get_post( absint( $post_data['post_thumbnail'] ) ) ) { return new IXR_Error( 404, __( 'Invalid attachment ID.' ) ); } set_post_thumbnail( $post_id, $post_data['post_thumbnail'] ); unset( $content_struct['post_thumbnail'] ); } if ( isset( $post_data['custom_fields'] ) ) { $this->set_custom_fields( $post_id, $post_data['custom_fields'] ); } if ( isset( $post_data['terms'] ) || isset( $post_data['terms_names'] ) ) { $post_type_taxonomies = get_object_taxonomies( $post_data['post_type'], 'objects' ); // Accumulate term IDs from terms and terms_names. $terms = array(); // First validate the terms specified by ID. if ( isset( $post_data['terms'] ) && is_array( $post_data['terms'] ) ) { $taxonomies = array_keys( $post_data['terms'] ); // Validating term IDs. foreach ( $taxonomies as $taxonomy ) { if ( ! array_key_exists( $taxonomy, $post_type_taxonomies ) ) { return new IXR_Error( 401, __( 'Sorry, one of the given taxonomies is not supported by the post type.' ) ); } if ( ! current_user_can( $post_type_taxonomies[ $taxonomy ]->cap->assign_terms ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign a term to one of the given taxonomies.' ) ); } $term_ids = $post_data['terms'][ $taxonomy ]; $terms[ $taxonomy ] = array(); foreach ( $term_ids as $term_id ) { $term = get_term_by( 'id', $term_id, $taxonomy ); if ( ! $term ) { return new IXR_Error( 403, __( 'Invalid term ID.' ) ); } $terms[ $taxonomy ][] = (int) $term_id; } } } // Now validate terms specified by name. if ( isset( $post_data['terms_names'] ) && is_array( $post_data['terms_names'] ) ) { $taxonomies = array_keys( $post_data['terms_names'] ); foreach ( $taxonomies as $taxonomy ) { if ( ! array_key_exists( $taxonomy, $post_type_taxonomies ) ) { return new IXR_Error( 401, __( 'Sorry, one of the given taxonomies is not supported by the post type.' ) ); } if ( ! current_user_can( $post_type_taxonomies[ $taxonomy ]->cap->assign_terms ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign a term to one of the given taxonomies.' ) ); } /* * For hierarchical taxonomies, we can't assign a term when multiple terms * in the hierarchy share the same name. */ $ambiguous_terms = array(); if ( is_taxonomy_hierarchical( $taxonomy ) ) { $tax_term_names = get_terms( array( 'taxonomy' => $taxonomy, 'fields' => 'names', 'hide_empty' => false, ) ); // Count the number of terms with the same name. $tax_term_names_count = array_count_values( $tax_term_names ); // Filter out non-ambiguous term names. $ambiguous_tax_term_counts = array_filter( $tax_term_names_count, array( $this, '_is_greater_than_one' ) ); $ambiguous_terms = array_keys( $ambiguous_tax_term_counts ); } $term_names = $post_data['terms_names'][ $taxonomy ]; foreach ( $term_names as $term_name ) { if ( in_array( $term_name, $ambiguous_terms, true ) ) { return new IXR_Error( 401, __( 'Ambiguous term name used in a hierarchical taxonomy. Please use term ID instead.' ) ); } $term = get_term_by( 'name', $term_name, $taxonomy ); if ( ! $term ) { // Term doesn't exist, so check that the user is allowed to create new terms. if ( ! current_user_can( $post_type_taxonomies[ $taxonomy ]->cap->edit_terms ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to add a term to one of the given taxonomies.' ) ); } // Create the new term. $term_info = wp_insert_term( $term_name, $taxonomy ); if ( is_wp_error( $term_info ) ) { return new IXR_Error( 500, $term_info->get_error_message() ); } $terms[ $taxonomy ][] = (int) $term_info['term_id']; } else { $terms[ $taxonomy ][] = (int) $term->term_id; } } } } $post_data['tax_input'] = $terms; unset( $post_data['terms'], $post_data['terms_names'] ); } if ( isset( $post_data['post_format'] ) ) { $format = set_post_format( $post_id, $post_data['post_format'] ); if ( is_wp_error( $format ) ) { return new IXR_Error( 500, $format->get_error_message() ); } unset( $post_data['post_format'] ); } // Handle enclosures. $enclosure = isset( $post_data['enclosure'] ) ? $post_data['enclosure'] : null; $this->add_enclosure_if_new( $post_id, $enclosure ); $this->attach_uploads( $post_id, $post_data['post_content'] ); /** * Filters post data array to be inserted via XML-RPC. * * @since 3.4.0 * * @param array $post_data Parsed array of post data. * @param array $content_struct Post data array. */ $post_data = apply_filters( 'xmlrpc_wp_insert_post_data', $post_data, $content_struct ); // Remove all null values to allow for using the insert/update post default values for those keys instead. $post_data = array_filter( $post_data, static function ( $value ) { return null !== $value; } ); $post_id = $update ? wp_update_post( $post_data, true ) : wp_insert_post( $post_data, true ); if ( is_wp_error( $post_id ) ) { return new IXR_Error( 500, $post_id->get_error_message() ); } if ( ! $post_id ) { if ( $update ) { return new IXR_Error( 401, __( 'Sorry, the post could not be updated.' ) ); } else { return new IXR_Error( 401, __( 'Sorry, the post could not be created.' ) ); } } return (string) $post_id; } /** * Edits a post for any registered post type. * * The $content_struct parameter only needs to contain fields that * should be changed. All other fields will retain their existing values. * * @since 3.4.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Post ID. * @type array $4 Extra content arguments. * } * @return true|IXR_Error True on success, IXR_Error on failure. */ public function wp_editPost( $args ) { if ( ! $this->minimum_args( $args, 5 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $post_id = (int) $args[3]; $content_struct = $args[4]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.editPost', $args, $this ); $post = get_post( $post_id, ARRAY_A ); if ( empty( $post['ID'] ) ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( isset( $content_struct['if_not_modified_since'] ) ) { // If the post has been modified since the date provided, return an error. if ( mysql2date( 'U', $post['post_modified_gmt'] ) > $content_struct['if_not_modified_since']->getTimestamp() ) { return new IXR_Error( 409, __( 'There is a revision of this post that is more recent.' ) ); } } // Convert the date field back to IXR form. $post['post_date'] = $this->_convert_date( $post['post_date'] ); /* * Ignore the existing GMT date if it is empty or a non-GMT date was supplied in $content_struct, * since _insert_post() will ignore the non-GMT date if the GMT date is set. */ if ( '0000-00-00 00:00:00' === $post['post_date_gmt'] || isset( $content_struct['post_date'] ) ) { unset( $post['post_date_gmt'] ); } else { $post['post_date_gmt'] = $this->_convert_date( $post['post_date_gmt'] ); } /* * If the API client did not provide 'post_date', then we must not perpetuate the value that * was stored in the database, or it will appear to be an intentional edit. Conveying it here * as if it was coming from the API client will cause an otherwise zeroed out 'post_date_gmt' * to get set with the value that was originally stored in the database when the draft was created. */ if ( ! isset( $content_struct['post_date'] ) ) { unset( $post['post_date'] ); } $this->escape( $post ); $merged_content_struct = array_merge( $post, $content_struct ); $retval = $this->_insert_post( $user, $merged_content_struct ); if ( $retval instanceof IXR_Error ) { return $retval; } return true; } /** * Deletes a post for any registered post type. * * @since 3.4.0 * * @see wp_delete_post() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Post ID. * } * @return true|IXR_Error True on success, IXR_Error instance on failure. */ public function wp_deletePost( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $post_id = (int) $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.deletePost', $args, $this ); $post = get_post( $post_id, ARRAY_A ); if ( empty( $post['ID'] ) ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'delete_post', $post_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this post.' ) ); } $result = wp_delete_post( $post_id ); if ( ! $result ) { return new IXR_Error( 500, __( 'Sorry, the post could not be deleted.' ) ); } return true; } /** * Retrieves a post. * * @since 3.4.0 * * The optional $fields parameter specifies what fields will be included * in the response array. This should be a list of field names. 'post_id' will * always be included in the response regardless of the value of $fields. * * Instead of, or in addition to, individual field names, conceptual group * names can be used to specify multiple fields. The available conceptual * groups are 'post' (all basic fields), 'taxonomies', 'custom_fields', * and 'enclosure'. * * @see get_post() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Post ID. * @type array $4 Optional. The subset of post type fields to return. * } * @return array|IXR_Error Array contains (based on $fields parameter): * - 'post_id' * - 'post_title' * - 'post_date' * - 'post_date_gmt' * - 'post_modified' * - 'post_modified_gmt' * - 'post_status' * - 'post_type' * - 'post_name' * - 'post_author' * - 'post_password' * - 'post_excerpt' * - 'post_content' * - 'link' * - 'comment_status' * - 'ping_status' * - 'sticky' * - 'custom_fields' * - 'terms' * - 'categories' * - 'tags' * - 'enclosure' */ public function wp_getPost( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $post_id = (int) $args[3]; if ( isset( $args[4] ) ) { $fields = $args[4]; } else { /** * Filters the default post query fields used by the given XML-RPC method. * * @since 3.4.0 * * @param array $fields An array of post fields to retrieve. By default, * contains 'post', 'terms', and 'custom_fields'. * @param string $method Method name. */ $fields = apply_filters( 'xmlrpc_default_post_fields', array( 'post', 'terms', 'custom_fields' ), 'wp.getPost' ); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPost', $args, $this ); $post = get_post( $post_id, ARRAY_A ); if ( empty( $post['ID'] ) ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'edit_post', $post_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); } return $this->_prepare_post( $post, $fields ); } /** * Retrieves posts. * * @since 3.4.0 * * @see wp_get_recent_posts() * @see wp_getPost() for more on `$fields` * @see get_posts() for more on `$filter` values * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Optional. Modifies the query used to retrieve posts. Accepts 'post_type', * 'post_status', 'number', 'offset', 'orderby', 's', and 'order'. * Default empty array. * @type array $4 Optional. The subset of post type fields to return in the response array. * } * @return array|IXR_Error Array containing a collection of posts. */ public function wp_getPosts( $args ) { if ( ! $this->minimum_args( $args, 3 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $filter = isset( $args[3] ) ? $args[3] : array(); if ( isset( $args[4] ) ) { $fields = $args[4]; } else { /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ $fields = apply_filters( 'xmlrpc_default_post_fields', array( 'post', 'terms', 'custom_fields' ), 'wp.getPosts' ); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPosts', $args, $this ); $query = array(); if ( isset( $filter['post_type'] ) ) { $post_type = get_post_type_object( $filter['post_type'] ); if ( ! ( (bool) $post_type ) ) { return new IXR_Error( 403, __( 'Invalid post type.' ) ); } } else { $post_type = get_post_type_object( 'post' ); } if ( ! current_user_can( $post_type->cap->edit_posts ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts in this post type.' ) ); } $query['post_type'] = $post_type->name; if ( isset( $filter['post_status'] ) ) { $query['post_status'] = $filter['post_status']; } if ( isset( $filter['number'] ) ) { $query['numberposts'] = absint( $filter['number'] ); } if ( isset( $filter['offset'] ) ) { $query['offset'] = absint( $filter['offset'] ); } if ( isset( $filter['orderby'] ) ) { $query['orderby'] = $filter['orderby']; if ( isset( $filter['order'] ) ) { $query['order'] = $filter['order']; } } if ( isset( $filter['s'] ) ) { $query['s'] = $filter['s']; } $posts_list = wp_get_recent_posts( $query ); if ( ! $posts_list ) { return array(); } // Holds all the posts data. $struct = array(); foreach ( $posts_list as $post ) { if ( ! current_user_can( 'edit_post', $post['ID'] ) ) { continue; } $struct[] = $this->_prepare_post( $post, $fields ); } return $struct; } /** * Creates a new term. * * @since 3.4.0 * * @see wp_insert_term() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Content struct for adding a new term. The struct must contain * the term 'name' and 'taxonomy'. Optional accepted values include * 'parent', 'description', and 'slug'. * } * @return int|IXR_Error The term ID on success, or an IXR_Error object on failure. */ public function wp_newTerm( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $content_struct = $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.newTerm', $args, $this ); if ( ! taxonomy_exists( $content_struct['taxonomy'] ) ) { return new IXR_Error( 403, __( 'Invalid taxonomy.' ) ); } $taxonomy = get_taxonomy( $content_struct['taxonomy'] ); if ( ! current_user_can( $taxonomy->cap->edit_terms ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to create terms in this taxonomy.' ) ); } $taxonomy = (array) $taxonomy; // Hold the data of the term. $term_data = array(); $term_data['name'] = trim( $content_struct['name'] ); if ( empty( $term_data['name'] ) ) { return new IXR_Error( 403, __( 'The term name cannot be empty.' ) ); } if ( isset( $content_struct['parent'] ) ) { if ( ! $taxonomy['hierarchical'] ) { return new IXR_Error( 403, __( 'This taxonomy is not hierarchical.' ) ); } $parent_term_id = (int) $content_struct['parent']; $parent_term = get_term( $parent_term_id, $taxonomy['name'] ); if ( is_wp_error( $parent_term ) ) { return new IXR_Error( 500, $parent_term->get_error_message() ); } if ( ! $parent_term ) { return new IXR_Error( 403, __( 'Parent term does not exist.' ) ); } $term_data['parent'] = $content_struct['parent']; } if ( isset( $content_struct['description'] ) ) { $term_data['description'] = $content_struct['description']; } if ( isset( $content_struct['slug'] ) ) { $term_data['slug'] = $content_struct['slug']; } $term = wp_insert_term( $term_data['name'], $taxonomy['name'], $term_data ); if ( is_wp_error( $term ) ) { return new IXR_Error( 500, $term->get_error_message() ); } if ( ! $term ) { return new IXR_Error( 500, __( 'Sorry, the term could not be created.' ) ); } // Add term meta. if ( isset( $content_struct['custom_fields'] ) ) { $this->set_term_custom_fields( $term['term_id'], $content_struct['custom_fields'] ); } return (string) $term['term_id']; } /** * Edits a term. * * @since 3.4.0 * * @see wp_update_term() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Term ID. * @type array $4 Content struct for editing a term. The struct must contain the * term 'taxonomy'. Optional accepted values include 'name', 'parent', * 'description', and 'slug'. * } * @return true|IXR_Error True on success, IXR_Error instance on failure. */ public function wp_editTerm( $args ) { if ( ! $this->minimum_args( $args, 5 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $term_id = (int) $args[3]; $content_struct = $args[4]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.editTerm', $args, $this ); if ( ! taxonomy_exists( $content_struct['taxonomy'] ) ) { return new IXR_Error( 403, __( 'Invalid taxonomy.' ) ); } $taxonomy = get_taxonomy( $content_struct['taxonomy'] ); $taxonomy = (array) $taxonomy; // Hold the data of the term. $term_data = array(); $term = get_term( $term_id, $content_struct['taxonomy'] ); if ( is_wp_error( $term ) ) { return new IXR_Error( 500, $term->get_error_message() ); } if ( ! $term ) { return new IXR_Error( 404, __( 'Invalid term ID.' ) ); } if ( ! current_user_can( 'edit_term', $term_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this term.' ) ); } if ( isset( $content_struct['name'] ) ) { $term_data['name'] = trim( $content_struct['name'] ); if ( empty( $term_data['name'] ) ) { return new IXR_Error( 403, __( 'The term name cannot be empty.' ) ); } } if ( ! empty( $content_struct['parent'] ) ) { if ( ! $taxonomy['hierarchical'] ) { return new IXR_Error( 403, __( 'Cannot set parent term, taxonomy is not hierarchical.' ) ); } $parent_term_id = (int) $content_struct['parent']; $parent_term = get_term( $parent_term_id, $taxonomy['name'] ); if ( is_wp_error( $parent_term ) ) { return new IXR_Error( 500, $parent_term->get_error_message() ); } if ( ! $parent_term ) { return new IXR_Error( 403, __( 'Parent term does not exist.' ) ); } $term_data['parent'] = $content_struct['parent']; } if ( isset( $content_struct['description'] ) ) { $term_data['description'] = $content_struct['description']; } if ( isset( $content_struct['slug'] ) ) { $term_data['slug'] = $content_struct['slug']; } $term = wp_update_term( $term_id, $taxonomy['name'], $term_data ); if ( is_wp_error( $term ) ) { return new IXR_Error( 500, $term->get_error_message() ); } if ( ! $term ) { return new IXR_Error( 500, __( 'Sorry, editing the term failed.' ) ); } // Update term meta. if ( isset( $content_struct['custom_fields'] ) ) { $this->set_term_custom_fields( $term_id, $content_struct['custom_fields'] ); } return true; } /** * Deletes a term. * * @since 3.4.0 * * @see wp_delete_term() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type string $3 Taxonomy name. * @type int $4 Term ID. * } * @return true|IXR_Error True on success, IXR_Error instance on failure. */ public function wp_deleteTerm( $args ) { if ( ! $this->minimum_args( $args, 5 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $taxonomy = $args[3]; $term_id = (int) $args[4]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.deleteTerm', $args, $this ); if ( ! taxonomy_exists( $taxonomy ) ) { return new IXR_Error( 403, __( 'Invalid taxonomy.' ) ); } $taxonomy = get_taxonomy( $taxonomy ); $term = get_term( $term_id, $taxonomy->name ); if ( is_wp_error( $term ) ) { return new IXR_Error( 500, $term->get_error_message() ); } if ( ! $term ) { return new IXR_Error( 404, __( 'Invalid term ID.' ) ); } if ( ! current_user_can( 'delete_term', $term_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this term.' ) ); } $result = wp_delete_term( $term_id, $taxonomy->name ); if ( is_wp_error( $result ) ) { return new IXR_Error( 500, $result->get_error_message() ); } if ( ! $result ) { return new IXR_Error( 500, __( 'Sorry, deleting the term failed.' ) ); } return $result; } /** * Retrieves a term. * * @since 3.4.0 * * @see get_term() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type string $3 Taxonomy name. * @type int $4 Term ID. * } * @return array|IXR_Error IXR_Error on failure, array on success, containing: * - 'term_id' * - 'name' * - 'slug' * - 'term_group' * - 'term_taxonomy_id' * - 'taxonomy' * - 'description' * - 'parent' * - 'count' */ public function wp_getTerm( $args ) { if ( ! $this->minimum_args( $args, 5 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $taxonomy = $args[3]; $term_id = (int) $args[4]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getTerm', $args, $this ); if ( ! taxonomy_exists( $taxonomy ) ) { return new IXR_Error( 403, __( 'Invalid taxonomy.' ) ); } $taxonomy = get_taxonomy( $taxonomy ); $term = get_term( $term_id, $taxonomy->name, ARRAY_A ); if ( is_wp_error( $term ) ) { return new IXR_Error( 500, $term->get_error_message() ); } if ( ! $term ) { return new IXR_Error( 404, __( 'Invalid term ID.' ) ); } if ( ! current_user_can( 'assign_term', $term_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign this term.' ) ); } return $this->_prepare_term( $term ); } /** * Retrieves all terms for a taxonomy. * * @since 3.4.0 * * The optional $filter parameter modifies the query used to retrieve terms. * Accepted keys are 'number', 'offset', 'orderby', 'order', 'hide_empty', and 'search'. * * @see get_terms() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type string $3 Taxonomy name. * @type array $4 Optional. Modifies the query used to retrieve posts. Accepts 'number', * 'offset', 'orderby', 'order', 'hide_empty', and 'search'. Default empty array. * } * @return array|IXR_Error An associative array of terms data on success, IXR_Error instance otherwise. */ public function wp_getTerms( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $taxonomy = $args[3]; $filter = isset( $args[4] ) ? $args[4] : array(); $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getTerms', $args, $this ); if ( ! taxonomy_exists( $taxonomy ) ) { return new IXR_Error( 403, __( 'Invalid taxonomy.' ) ); } $taxonomy = get_taxonomy( $taxonomy ); if ( ! current_user_can( $taxonomy->cap->assign_terms ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign terms in this taxonomy.' ) ); } $query = array( 'taxonomy' => $taxonomy->name ); if ( isset( $filter['number'] ) ) { $query['number'] = absint( $filter['number'] ); } if ( isset( $filter['offset'] ) ) { $query['offset'] = absint( $filter['offset'] ); } if ( isset( $filter['orderby'] ) ) { $query['orderby'] = $filter['orderby']; if ( isset( $filter['order'] ) ) { $query['order'] = $filter['order']; } } if ( isset( $filter['hide_empty'] ) ) { $query['hide_empty'] = $filter['hide_empty']; } else { $query['get'] = 'all'; } if ( isset( $filter['search'] ) ) { $query['search'] = $filter['search']; } $terms = get_terms( $query ); if ( is_wp_error( $terms ) ) { return new IXR_Error( 500, $terms->get_error_message() ); } $struct = array(); foreach ( $terms as $term ) { $struct[] = $this->_prepare_term( $term ); } return $struct; } /** * Retrieves a taxonomy. * * @since 3.4.0 * * @see get_taxonomy() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type string $3 Taxonomy name. * @type array $4 Optional. Array of taxonomy fields to limit to in the return. * Accepts 'labels', 'cap', 'menu', and 'object_type'. * Default empty array. * } * @return array|IXR_Error An array of taxonomy data on success, IXR_Error instance otherwise. */ public function wp_getTaxonomy( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $taxonomy = $args[3]; if ( isset( $args[4] ) ) { $fields = $args[4]; } else { /** * Filters the default taxonomy query fields used by the given XML-RPC method. * * @since 3.4.0 * * @param array $fields An array of taxonomy fields to retrieve. By default, * contains 'labels', 'cap', and 'object_type'. * @param string $method The method name. */ $fields = apply_filters( 'xmlrpc_default_taxonomy_fields', array( 'labels', 'cap', 'object_type' ), 'wp.getTaxonomy' ); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getTaxonomy', $args, $this ); if ( ! taxonomy_exists( $taxonomy ) ) { return new IXR_Error( 403, __( 'Invalid taxonomy.' ) ); } $taxonomy = get_taxonomy( $taxonomy ); if ( ! current_user_can( $taxonomy->cap->assign_terms ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign terms in this taxonomy.' ) ); } return $this->_prepare_taxonomy( $taxonomy, $fields ); } /** * Retrieves all taxonomies. * * @since 3.4.0 * * @see get_taxonomies() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Optional. An array of arguments for retrieving taxonomies. * @type array $4 Optional. The subset of taxonomy fields to return. * } * @return array|IXR_Error An associative array of taxonomy data with returned fields determined * by `$fields`, or an IXR_Error instance on failure. */ public function wp_getTaxonomies( $args ) { if ( ! $this->minimum_args( $args, 3 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $filter = isset( $args[3] ) ? $args[3] : array( 'public' => true ); if ( isset( $args[4] ) ) { $fields = $args[4]; } else { /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ $fields = apply_filters( 'xmlrpc_default_taxonomy_fields', array( 'labels', 'cap', 'object_type' ), 'wp.getTaxonomies' ); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getTaxonomies', $args, $this ); $taxonomies = get_taxonomies( $filter, 'objects' ); // Holds all the taxonomy data. $struct = array(); foreach ( $taxonomies as $taxonomy ) { // Capability check for post types. if ( ! current_user_can( $taxonomy->cap->assign_terms ) ) { continue; } $struct[] = $this->_prepare_taxonomy( $taxonomy, $fields ); } return $struct; } /** * Retrieves a user. * * The optional $fields parameter specifies what fields will be included * in the response array. This should be a list of field names. 'user_id' will * always be included in the response regardless of the value of $fields. * * Instead of, or in addition to, individual field names, conceptual group * names can be used to specify multiple fields. The available conceptual * groups are 'basic' and 'all'. * * @uses get_userdata() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 User ID. * @type array $4 Optional. Array of fields to return. * } * @return array|IXR_Error Array contains (based on $fields parameter): * - 'user_id' * - 'username' * - 'first_name' * - 'last_name' * - 'registered' * - 'bio' * - 'email' * - 'nickname' * - 'nicename' * - 'url' * - 'display_name' * - 'roles' */ public function wp_getUser( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user_id = (int) $args[3]; if ( isset( $args[4] ) ) { $fields = $args[4]; } else { /** * Filters the default user query fields used by the given XML-RPC method. * * @since 3.5.0 * * @param array $fields An array of user fields to retrieve. By default, contains 'all'. * @param string $method The method name. */ $fields = apply_filters( 'xmlrpc_default_user_fields', array( 'all' ), 'wp.getUser' ); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getUser', $args, $this ); if ( ! current_user_can( 'edit_user', $user_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this user.' ) ); } $user_data = get_userdata( $user_id ); if ( ! $user_data ) { return new IXR_Error( 404, __( 'Invalid user ID.' ) ); } return $this->_prepare_user( $user_data, $fields ); } /** * Retrieves users. * * The optional $filter parameter modifies the query used to retrieve users. * Accepted keys are 'number' (default: 50), 'offset' (default: 0), 'role', * 'who', 'orderby', and 'order'. * * The optional $fields parameter specifies what fields will be included * in the response array. * * @uses get_users() * @see wp_getUser() for more on $fields and return values * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Optional. Arguments for the user query. * @type array $4 Optional. Fields to return. * } * @return array|IXR_Error users data */ public function wp_getUsers( $args ) { if ( ! $this->minimum_args( $args, 3 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $filter = isset( $args[3] ) ? $args[3] : array(); if ( isset( $args[4] ) ) { $fields = $args[4]; } else { /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ $fields = apply_filters( 'xmlrpc_default_user_fields', array( 'all' ), 'wp.getUsers' ); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getUsers', $args, $this ); if ( ! current_user_can( 'list_users' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to list users.' ) ); } $query = array( 'fields' => 'all_with_meta' ); $query['number'] = ( isset( $filter['number'] ) ) ? absint( $filter['number'] ) : 50; $query['offset'] = ( isset( $filter['offset'] ) ) ? absint( $filter['offset'] ) : 0; if ( isset( $filter['orderby'] ) ) { $query['orderby'] = $filter['orderby']; if ( isset( $filter['order'] ) ) { $query['order'] = $filter['order']; } } if ( isset( $filter['role'] ) ) { if ( get_role( $filter['role'] ) === null ) { return new IXR_Error( 403, __( 'Invalid role.' ) ); } $query['role'] = $filter['role']; } if ( isset( $filter['who'] ) ) { $query['who'] = $filter['who']; } $users = get_users( $query ); $_users = array(); foreach ( $users as $user_data ) { if ( current_user_can( 'edit_user', $user_data->ID ) ) { $_users[] = $this->_prepare_user( $user_data, $fields ); } } return $_users; } /** * Retrieves information about the requesting user. * * @uses get_userdata() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username * @type string $2 Password * @type array $3 Optional. Fields to return. * } * @return array|IXR_Error (@see wp_getUser) */ public function wp_getProfile( $args ) { if ( ! $this->minimum_args( $args, 3 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; if ( isset( $args[3] ) ) { $fields = $args[3]; } else { /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ $fields = apply_filters( 'xmlrpc_default_user_fields', array( 'all' ), 'wp.getProfile' ); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getProfile', $args, $this ); if ( ! current_user_can( 'edit_user', $user->ID ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit your profile.' ) ); } $user_data = get_userdata( $user->ID ); return $this->_prepare_user( $user_data, $fields ); } /** * Edits user's profile. * * @uses wp_update_user() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Content struct. It can optionally contain: * - 'first_name' * - 'last_name' * - 'website' * - 'display_name' * - 'nickname' * - 'nicename' * - 'bio' * } * @return true|IXR_Error True, on success. */ public function wp_editProfile( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $content_struct = $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.editProfile', $args, $this ); if ( ! current_user_can( 'edit_user', $user->ID ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit your profile.' ) ); } // Holds data of the user. $user_data = array(); $user_data['ID'] = $user->ID; // Only set the user details if they were given. if ( isset( $content_struct['first_name'] ) ) { $user_data['first_name'] = $content_struct['first_name']; } if ( isset( $content_struct['last_name'] ) ) { $user_data['last_name'] = $content_struct['last_name']; } if ( isset( $content_struct['url'] ) ) { $user_data['user_url'] = $content_struct['url']; } if ( isset( $content_struct['display_name'] ) ) { $user_data['display_name'] = $content_struct['display_name']; } if ( isset( $content_struct['nickname'] ) ) { $user_data['nickname'] = $content_struct['nickname']; } if ( isset( $content_struct['nicename'] ) ) { $user_data['user_nicename'] = $content_struct['nicename']; } if ( isset( $content_struct['bio'] ) ) { $user_data['description'] = $content_struct['bio']; } $result = wp_update_user( $user_data ); if ( is_wp_error( $result ) ) { return new IXR_Error( 500, $result->get_error_message() ); } if ( ! $result ) { return new IXR_Error( 500, __( 'Sorry, the user could not be updated.' ) ); } return true; } /** * Retrieves a page. * * @since 2.2.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type int $1 Page ID. * @type string $2 Username. * @type string $3 Password. * } * @return array|IXR_Error */ public function wp_getPage( $args ) { $this->escape( $args ); $page_id = (int) $args[1]; $username = $args[2]; $password = $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } $page = get_post( $page_id ); if ( ! $page ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'edit_page', $page_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this page.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPage', $args, $this ); // If we found the page then format the data. if ( $page->ID && ( 'page' === $page->post_type ) ) { return $this->_prepare_page( $page ); } else { // If the page doesn't exist, indicate that. return new IXR_Error( 404, __( 'Sorry, no such page.' ) ); } } /** * Retrieves Pages. * * @since 2.2.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Optional. Number of pages. Default 10. * } * @return array|IXR_Error */ public function wp_getPages( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $num_pages = isset( $args[3] ) ? (int) $args[3] : 10; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_pages' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit pages.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPages', $args, $this ); $pages = get_posts( array( 'post_type' => 'page', 'post_status' => 'any', 'numberposts' => $num_pages, ) ); $num_pages = count( $pages ); // If we have pages, put together their info. if ( $num_pages >= 1 ) { $pages_struct = array(); foreach ( $pages as $page ) { if ( current_user_can( 'edit_page', $page->ID ) ) { $pages_struct[] = $this->_prepare_page( $page ); } } return $pages_struct; } return array(); } /** * Creates a new page. * * @since 2.2.0 * * @see wp_xmlrpc_server::mw_newPost() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Content struct. * } * @return int|IXR_Error */ public function wp_newPage( $args ) { // Items not escaped here will be escaped in wp_newPost(). $username = $this->escape( $args[1] ); $password = $this->escape( $args[2] ); $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.newPage', $args, $this ); // Mark this as content for a page. $args[3]['post_type'] = 'page'; // Let mw_newPost() do all of the heavy lifting. return $this->mw_newPost( $args ); } /** * Deletes a page. * * @since 2.2.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Page ID. * } * @return true|IXR_Error True, if success. */ public function wp_deletePage( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $page_id = (int) $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.deletePage', $args, $this ); /* * Get the current page based on the 'page_id' and * make sure it is a page and not a post. */ $actual_page = get_post( $page_id, ARRAY_A ); if ( ! $actual_page || ( 'page' !== $actual_page['post_type'] ) ) { return new IXR_Error( 404, __( 'Sorry, no such page.' ) ); } // Make sure the user can delete pages. if ( ! current_user_can( 'delete_page', $page_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this page.' ) ); } // Attempt to delete the page. $result = wp_delete_post( $page_id ); if ( ! $result ) { return new IXR_Error( 500, __( 'Failed to delete the page.' ) ); } /** * Fires after a page has been successfully deleted via XML-RPC. * * @since 3.4.0 * * @param int $page_id ID of the deleted page. * @param array $args An array of arguments to delete the page. */ do_action( 'xmlrpc_call_success_wp_deletePage', $page_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase return true; } /** * Edits a page. * * @since 2.2.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type int $1 Page ID. * @type string $2 Username. * @type string $3 Password. * @type string $4 Content. * @type int $5 Publish flag. 0 for draft, 1 for publish. * } * @return array|IXR_Error */ public function wp_editPage( $args ) { // Items will be escaped in mw_editPost(). $page_id = (int) $args[1]; $username = $args[2]; $password = $args[3]; $content = $args[4]; $publish = $args[5]; $escaped_username = $this->escape( $username ); $escaped_password = $this->escape( $password ); $user = $this->login( $escaped_username, $escaped_password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.editPage', $args, $this ); // Get the page data and make sure it is a page. $actual_page = get_post( $page_id, ARRAY_A ); if ( ! $actual_page || ( 'page' !== $actual_page['post_type'] ) ) { return new IXR_Error( 404, __( 'Sorry, no such page.' ) ); } // Make sure the user is allowed to edit pages. if ( ! current_user_can( 'edit_page', $page_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this page.' ) ); } // Mark this as content for a page. $content['post_type'] = 'page'; // Arrange args in the way mw_editPost() understands. $args = array( $page_id, $username, $password, $content, $publish, ); // Let mw_editPost() do all of the heavy lifting. return $this->mw_editPost( $args ); } /** * Retrieves page list. * * @since 2.2.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function wp_getPageList( $args ) { global $wpdb; $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_pages' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit pages.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPageList', $args, $this ); // Get list of page IDs and titles. $page_list = $wpdb->get_results( " SELECT ID page_id, post_title page_title, post_parent page_parent_id, post_date_gmt, post_date, post_status FROM {$wpdb->posts} WHERE post_type = 'page' ORDER BY ID " ); // The date needs to be formatted properly. $num_pages = count( $page_list ); for ( $i = 0; $i < $num_pages; $i++ ) { $page_list[ $i ]->dateCreated = $this->_convert_date( $page_list[ $i ]->post_date ); $page_list[ $i ]->date_created_gmt = $this->_convert_date_gmt( $page_list[ $i ]->post_date_gmt, $page_list[ $i ]->post_date ); unset( $page_list[ $i ]->post_date_gmt ); unset( $page_list[ $i ]->post_date ); unset( $page_list[ $i ]->post_status ); } return $page_list; } /** * Retrieves authors list. * * @since 2.2.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function wp_getAuthors( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_posts' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getAuthors', $args, $this ); $authors = array(); foreach ( get_users( array( 'fields' => array( 'ID', 'user_login', 'display_name' ) ) ) as $user ) { $authors[] = array( 'user_id' => $user->ID, 'user_login' => $user->user_login, 'display_name' => $user->display_name, ); } return $authors; } /** * Gets the list of all tags. * * @since 2.7.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function wp_getTags( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_posts' ) ) { return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this site in order to view tags.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getKeywords', $args, $this ); $tags = array(); $all_tags = get_tags(); if ( $all_tags ) { foreach ( (array) $all_tags as $tag ) { $struct = array(); $struct['tag_id'] = $tag->term_id; $struct['name'] = $tag->name; $struct['count'] = $tag->count; $struct['slug'] = $tag->slug; $struct['html_url'] = esc_html( get_tag_link( $tag->term_id ) ); $struct['rss_url'] = esc_html( get_tag_feed_link( $tag->term_id ) ); $tags[] = $struct; } } return $tags; } /** * Creates a new category. * * @since 2.2.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Category. * } * @return int|IXR_Error Category ID. */ public function wp_newCategory( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $category = $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.newCategory', $args, $this ); // Make sure the user is allowed to add a category. if ( ! current_user_can( 'manage_categories' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to add a category.' ) ); } /* * If no slug was provided, make it empty * so that WordPress will generate one. */ if ( empty( $category['slug'] ) ) { $category['slug'] = ''; } /* * If no parent_id was provided, make it empty * so that it will be a top-level page (no parent). */ if ( ! isset( $category['parent_id'] ) ) { $category['parent_id'] = ''; } // If no description was provided, make it empty. if ( empty( $category['description'] ) ) { $category['description'] = ''; } $new_category = array( 'cat_name' => $category['name'], 'category_nicename' => $category['slug'], 'category_parent' => $category['parent_id'], 'category_description' => $category['description'], ); $cat_id = wp_insert_category( $new_category, true ); if ( is_wp_error( $cat_id ) ) { if ( 'term_exists' === $cat_id->get_error_code() ) { return (int) $cat_id->get_error_data(); } else { return new IXR_Error( 500, __( 'Sorry, the category could not be created.' ) ); } } elseif ( ! $cat_id ) { return new IXR_Error( 500, __( 'Sorry, the category could not be created.' ) ); } /** * Fires after a new category has been successfully created via XML-RPC. * * @since 3.4.0 * * @param int $cat_id ID of the new category. * @param array $args An array of new category arguments. */ do_action( 'xmlrpc_call_success_wp_newCategory', $cat_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase return $cat_id; } /** * Deletes a category. * * @since 2.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Category ID. * } * @return bool|IXR_Error See wp_delete_term() for return info. */ public function wp_deleteCategory( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $category_id = (int) $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.deleteCategory', $args, $this ); if ( ! current_user_can( 'delete_term', $category_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this category.' ) ); } $status = wp_delete_term( $category_id, 'category' ); if ( true === $status ) { /** * Fires after a category has been successfully deleted via XML-RPC. * * @since 3.4.0 * * @param int $category_id ID of the deleted category. * @param array $args An array of arguments to delete the category. */ do_action( 'xmlrpc_call_success_wp_deleteCategory', $category_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase } return $status; } /** * Retrieves category list. * * @since 2.2.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Category * @type int $4 Max number of results. * } * @return array|IXR_Error */ public function wp_suggestCategories( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $category = $args[3]; $max_results = (int) $args[4]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_posts' ) ) { return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this site in order to view categories.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.suggestCategories', $args, $this ); $category_suggestions = array(); $args = array( 'get' => 'all', 'number' => $max_results, 'name__like' => $category, ); foreach ( (array) get_categories( $args ) as $cat ) { $category_suggestions[] = array( 'category_id' => $cat->term_id, 'category_name' => $cat->name, ); } return $category_suggestions; } /** * Retrieves a comment. * * @since 2.7.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Comment ID. * } * @return array|IXR_Error */ public function wp_getComment( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $comment_id = (int) $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getComment', $args, $this ); $comment = get_comment( $comment_id ); if ( ! $comment ) { return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); } if ( ! current_user_can( 'edit_comment', $comment_id ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to moderate or edit this comment.' ) ); } return $this->_prepare_comment( $comment ); } /** * Retrieves comments. * * Besides the common blog_id (unused), username, and password arguments, * it takes a filter array as the last argument. * * Accepted 'filter' keys are 'status', 'post_id', 'offset', and 'number'. * * The defaults are as follows: * - 'status' - Default is ''. Filter by status (e.g., 'approve', 'hold') * - 'post_id' - Default is ''. The post where the comment is posted. * Empty string shows all comments. * - 'number' - Default is 10. Total number of media items to retrieve. * - 'offset' - Default is 0. See WP_Query::query() for more. * * @since 2.7.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Optional. Query arguments. * } * @return array|IXR_Error Array containing a collection of comments. * See wp_xmlrpc_server::wp_getComment() for a description * of each item contents. */ public function wp_getComments( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $struct = isset( $args[3] ) ? $args[3] : array(); $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getComments', $args, $this ); if ( isset( $struct['status'] ) ) { $status = $struct['status']; } else { $status = ''; } if ( ! current_user_can( 'moderate_comments' ) && 'approve' !== $status ) { return new IXR_Error( 401, __( 'Invalid comment status.' ) ); } $post_id = ''; if ( isset( $struct['post_id'] ) ) { $post_id = absint( $struct['post_id'] ); } $post_type = ''; if ( isset( $struct['post_type'] ) ) { $post_type_object = get_post_type_object( $struct['post_type'] ); if ( ! $post_type_object || ! post_type_supports( $post_type_object->name, 'comments' ) ) { return new IXR_Error( 404, __( 'Invalid post type.' ) ); } $post_type = $struct['post_type']; } $offset = 0; if ( isset( $struct['offset'] ) ) { $offset = absint( $struct['offset'] ); } $number = 10; if ( isset( $struct['number'] ) ) { $number = absint( $struct['number'] ); } $comments = get_comments( array( 'status' => $status, 'post_id' => $post_id, 'offset' => $offset, 'number' => $number, 'post_type' => $post_type, ) ); $comments_struct = array(); if ( is_array( $comments ) ) { foreach ( $comments as $comment ) { $comments_struct[] = $this->_prepare_comment( $comment ); } } return $comments_struct; } /** * Deletes a comment. * * By default, the comment will be moved to the Trash instead of deleted. * See wp_delete_comment() for more information on this behavior. * * @since 2.7.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Comment ID. * } * @return bool|IXR_Error See wp_delete_comment(). */ public function wp_deleteComment( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $comment_id = (int) $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! get_comment( $comment_id ) ) { return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); } if ( ! current_user_can( 'edit_comment', $comment_id ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to delete this comment.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.deleteComment', $args, $this ); $status = wp_delete_comment( $comment_id ); if ( true === $status ) { /** * Fires after a comment has been successfully deleted via XML-RPC. * * @since 3.4.0 * * @param int $comment_id ID of the deleted comment. * @param array $args An array of arguments to delete the comment. */ do_action( 'xmlrpc_call_success_wp_deleteComment', $comment_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase } return $status; } /** * Edits a comment. * * Besides the common blog_id (unused), username, and password arguments, * it takes a comment_id integer and a content_struct array as the last argument. * * The allowed keys in the content_struct array are: * - 'author' * - 'author_url' * - 'author_email' * - 'content' * - 'date_created_gmt' * - 'status'. Common statuses are 'approve', 'hold', 'spam'. See get_comment_statuses() for more details. * * @since 2.7.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Comment ID. * @type array $4 Content structure. * } * @return true|IXR_Error True, on success. */ public function wp_editComment( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $comment_id = (int) $args[3]; $content_struct = $args[4]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! get_comment( $comment_id ) ) { return new IXR_Error( 404, __( 'Invalid comment ID.' ) ); } if ( ! current_user_can( 'edit_comment', $comment_id ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to moderate or edit this comment.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.editComment', $args, $this ); $comment = array( 'comment_ID' => $comment_id, ); if ( isset( $content_struct['status'] ) ) { $statuses = get_comment_statuses(); $statuses = array_keys( $statuses ); if ( ! in_array( $content_struct['status'], $statuses, true ) ) { return new IXR_Error( 401, __( 'Invalid comment status.' ) ); } $comment['comment_approved'] = $content_struct['status']; } // Do some timestamp voodoo. if ( ! empty( $content_struct['date_created_gmt'] ) ) { // We know this is supposed to be GMT, so we're going to slap that Z on there by force. $date_created = rtrim( $content_struct['date_created_gmt']->getIso(), 'Z' ) . 'Z'; $comment['comment_date'] = get_date_from_gmt( $date_created ); $comment['comment_date_gmt'] = iso8601_to_datetime( $date_created, 'gmt' ); } if ( isset( $content_struct['content'] ) ) { $comment['comment_content'] = $content_struct['content']; } if ( isset( $content_struct['author'] ) ) { $comment['comment_author'] = $content_struct['author']; } if ( isset( $content_struct['author_url'] ) ) { $comment['comment_author_url'] = $content_struct['author_url']; } if ( isset( $content_struct['author_email'] ) ) { $comment['comment_author_email'] = $content_struct['author_email']; } $result = wp_update_comment( $comment, true ); if ( is_wp_error( $result ) ) { return new IXR_Error( 500, $result->get_error_message() ); } if ( ! $result ) { return new IXR_Error( 500, __( 'Sorry, the comment could not be updated.' ) ); } /** * Fires after a comment has been successfully updated via XML-RPC. * * @since 3.4.0 * * @param int $comment_id ID of the updated comment. * @param array $args An array of arguments to update the comment. */ do_action( 'xmlrpc_call_success_wp_editComment', $comment_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase return true; } /** * Creates a new comment. * * @since 2.7.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type string|int $3 Post ID or URL. * @type array $4 Content structure. * } * @return int|IXR_Error See wp_new_comment(). */ public function wp_newComment( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $post = $args[3]; $content_struct = $args[4]; /** * Filters whether to allow anonymous comments over XML-RPC. * * @since 2.7.0 * * @param bool $allow Whether to allow anonymous commenting via XML-RPC. * Default false. */ $allow_anon = apply_filters( 'xmlrpc_allow_anonymous_comments', false ); $user = $this->login( $username, $password ); if ( ! $user ) { $logged_in = false; if ( $allow_anon && get_option( 'comment_registration' ) ) { return new IXR_Error( 403, __( 'Sorry, you must be logged in to comment.' ) ); } elseif ( ! $allow_anon ) { return $this->error; } } else { $logged_in = true; } if ( is_numeric( $post ) ) { $post_id = absint( $post ); } else { $post_id = url_to_postid( $post ); } if ( ! $post_id ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! get_post( $post_id ) ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! comments_open( $post_id ) ) { return new IXR_Error( 403, __( 'Sorry, comments are closed for this item.' ) ); } if ( 'publish' === get_post_status( $post_id ) && ! current_user_can( 'edit_post', $post_id ) && post_password_required( $post_id ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) ); } if ( 'private' === get_post_status( $post_id ) && ! current_user_can( 'read_post', $post_id ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) ); } $comment = array( 'comment_post_ID' => $post_id, 'comment_content' => trim( $content_struct['content'] ), ); if ( $logged_in ) { $display_name = $user->display_name; $user_email = $user->user_email; $user_url = $user->user_url; $comment['comment_author'] = $this->escape( $display_name ); $comment['comment_author_email'] = $this->escape( $user_email ); $comment['comment_author_url'] = $this->escape( $user_url ); $comment['user_id'] = $user->ID; } else { $comment['comment_author'] = ''; if ( isset( $content_struct['author'] ) ) { $comment['comment_author'] = $content_struct['author']; } $comment['comment_author_email'] = ''; if ( isset( $content_struct['author_email'] ) ) { $comment['comment_author_email'] = $content_struct['author_email']; } $comment['comment_author_url'] = ''; if ( isset( $content_struct['author_url'] ) ) { $comment['comment_author_url'] = $content_struct['author_url']; } $comment['user_id'] = 0; if ( get_option( 'require_name_email' ) ) { if ( strlen( $comment['comment_author_email'] ) < 6 || '' === $comment['comment_author'] ) { return new IXR_Error( 403, __( 'Comment author name and email are required.' ) ); } elseif ( ! is_email( $comment['comment_author_email'] ) ) { return new IXR_Error( 403, __( 'A valid email address is required.' ) ); } } } $comment['comment_parent'] = isset( $content_struct['comment_parent'] ) ? absint( $content_struct['comment_parent'] ) : 0; /** This filter is documented in wp-includes/comment.php */ $allow_empty = apply_filters( 'allow_empty_comment', false, $comment ); if ( ! $allow_empty && '' === $comment['comment_content'] ) { return new IXR_Error( 403, __( 'Comment is required.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.newComment', $args, $this ); $comment_id = wp_new_comment( $comment, true ); if ( is_wp_error( $comment_id ) ) { return new IXR_Error( 403, $comment_id->get_error_message() ); } if ( ! $comment_id ) { return new IXR_Error( 403, __( 'An error occurred while processing your comment. Please ensure all fields are filled correctly and try again.' ) ); } /** * Fires after a new comment has been successfully created via XML-RPC. * * @since 3.4.0 * * @param int $comment_id ID of the new comment. * @param array $args An array of new comment arguments. */ do_action( 'xmlrpc_call_success_wp_newComment', $comment_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase return $comment_id; } /** * Retrieves all of the comment status. * * @since 2.7.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function wp_getCommentStatusList( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'publish_posts' ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details about this site.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getCommentStatusList', $args, $this ); return get_comment_statuses(); } /** * Retrieves comment counts. * * @since 2.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Post ID. * } * @return array|IXR_Error */ public function wp_getCommentCount( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $post_id = (int) $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } $post = get_post( $post_id, ARRAY_A ); if ( empty( $post['ID'] ) ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'edit_post', $post_id ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details of this post.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getCommentCount', $args, $this ); $count = wp_count_comments( $post_id ); return array( 'approved' => $count->approved, 'awaiting_moderation' => $count->moderated, 'spam' => $count->spam, 'total_comments' => $count->total_comments, ); } /** * Retrieves post statuses. * * @since 2.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function wp_getPostStatusList( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_posts' ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details about this site.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPostStatusList', $args, $this ); return get_post_statuses(); } /** * Retrieves page statuses. * * @since 2.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function wp_getPageStatusList( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_pages' ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details about this site.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPageStatusList', $args, $this ); return get_page_statuses(); } /** * Retrieves page templates. * * @since 2.6.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function wp_getPageTemplates( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_pages' ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details about this site.' ) ); } $templates = get_page_templates(); $templates['Default'] = 'default'; return $templates; } /** * Retrieves blog options. * * @since 2.6.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Optional. Options. * } * @return array|IXR_Error */ public function wp_getOptions( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $options = isset( $args[3] ) ? (array) $args[3] : array(); $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } // If no specific options where asked for, return all of them. if ( count( $options ) === 0 ) { $options = array_keys( $this->blog_options ); } return $this->_getOptions( $options ); } /** * Retrieves blog options value from list. * * @since 2.6.0 * * @param array $options Options to retrieve. * @return array */ public function _getOptions( $options ) { $data = array(); $can_manage = current_user_can( 'manage_options' ); foreach ( $options as $option ) { if ( array_key_exists( $option, $this->blog_options ) ) { $data[ $option ] = $this->blog_options[ $option ]; // Is the value static or dynamic? if ( isset( $data[ $option ]['option'] ) ) { $data[ $option ]['value'] = get_option( $data[ $option ]['option'] ); unset( $data[ $option ]['option'] ); } if ( ! $can_manage ) { $data[ $option ]['readonly'] = true; } } } return $data; } /** * Updates blog options. * * @since 2.6.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Options. * } * @return array|IXR_Error */ public function wp_setOptions( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $options = (array) $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'manage_options' ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to update options.' ) ); } $option_names = array(); foreach ( $options as $o_name => $o_value ) { $option_names[] = $o_name; if ( ! array_key_exists( $o_name, $this->blog_options ) ) { continue; } if ( $this->blog_options[ $o_name ]['readonly'] ) { continue; } update_option( $this->blog_options[ $o_name ]['option'], wp_unslash( $o_value ) ); } // Now return the updated values. return $this->_getOptions( $option_names ); } /** * Retrieves a media item by ID. * * @since 3.1.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Attachment ID. * } * @return array|IXR_Error Associative array contains: * - 'date_created_gmt' * - 'parent' * - 'link' * - 'thumbnail' * - 'title' * - 'caption' * - 'description' * - 'metadata' */ public function wp_getMediaItem( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $attachment_id = (int) $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'upload_files' ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to upload files.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getMediaItem', $args, $this ); $attachment = get_post( $attachment_id ); if ( ! $attachment || 'attachment' !== $attachment->post_type ) { return new IXR_Error( 404, __( 'Invalid attachment ID.' ) ); } return $this->_prepare_media_item( $attachment ); } /** * Retrieves a collection of media library items (or attachments). * * Besides the common blog_id (unused), username, and password arguments, * it takes a filter array as the last argument. * * Accepted 'filter' keys are 'parent_id', 'mime_type', 'offset', and 'number'. * * The defaults are as follows: * - 'number' - Default is 5. Total number of media items to retrieve. * - 'offset' - Default is 0. See WP_Query::query() for more. * - 'parent_id' - Default is ''. The post where the media item is attached. * Empty string shows all media items. 0 shows unattached media items. * - 'mime_type' - Default is ''. Filter by mime type (e.g., 'image/jpeg', 'application/pdf') * * @since 3.1.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Optional. Query arguments. * } * @return array|IXR_Error Array containing a collection of media items. * See wp_xmlrpc_server::wp_getMediaItem() for a description * of each item contents. */ public function wp_getMediaLibrary( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $struct = isset( $args[3] ) ? $args[3] : array(); $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'upload_files' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to upload files.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getMediaLibrary', $args, $this ); $parent_id = ( isset( $struct['parent_id'] ) ) ? absint( $struct['parent_id'] ) : ''; $mime_type = ( isset( $struct['mime_type'] ) ) ? $struct['mime_type'] : ''; $offset = ( isset( $struct['offset'] ) ) ? absint( $struct['offset'] ) : 0; $number = ( isset( $struct['number'] ) ) ? absint( $struct['number'] ) : -1; $attachments = get_posts( array( 'post_type' => 'attachment', 'post_parent' => $parent_id, 'offset' => $offset, 'numberposts' => $number, 'post_mime_type' => $mime_type, ) ); $attachments_struct = array(); foreach ( $attachments as $attachment ) { $attachments_struct[] = $this->_prepare_media_item( $attachment ); } return $attachments_struct; } /** * Retrieves a list of post formats used by the site. * * @since 3.1.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error List of post formats, otherwise IXR_Error object. */ public function wp_getPostFormats( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_posts' ) ) { return new IXR_Error( 403, __( 'Sorry, you are not allowed to access details about this site.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPostFormats', $args, $this ); $formats = get_post_format_strings(); // Find out if they want a list of currently supports formats. if ( isset( $args[3] ) && is_array( $args[3] ) ) { if ( $args[3]['show-supported'] ) { if ( current_theme_supports( 'post-formats' ) ) { $supported = get_theme_support( 'post-formats' ); $data = array(); $data['all'] = $formats; $data['supported'] = $supported[0]; $formats = $data; } } } return $formats; } /** * Retrieves a post type. * * @since 3.4.0 * * @see get_post_type_object() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type string $3 Post type name. * @type array $4 Optional. Fields to fetch. * } * @return array|IXR_Error Array contains: * - 'labels' * - 'description' * - 'capability_type' * - 'cap' * - 'map_meta_cap' * - 'hierarchical' * - 'menu_position' * - 'taxonomies' * - 'supports' */ public function wp_getPostType( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $post_type_name = $args[3]; if ( isset( $args[4] ) ) { $fields = $args[4]; } else { /** * Filters the default post type query fields used by the given XML-RPC method. * * @since 3.4.0 * * @param array $fields An array of post type fields to retrieve. By default, * contains 'labels', 'cap', and 'taxonomies'. * @param string $method The method name. */ $fields = apply_filters( 'xmlrpc_default_posttype_fields', array( 'labels', 'cap', 'taxonomies' ), 'wp.getPostType' ); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPostType', $args, $this ); if ( ! post_type_exists( $post_type_name ) ) { return new IXR_Error( 403, __( 'Invalid post type.' ) ); } $post_type = get_post_type_object( $post_type_name ); if ( ! current_user_can( $post_type->cap->edit_posts ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts in this post type.' ) ); } return $this->_prepare_post_type( $post_type, $fields ); } /** * Retrieves post types. * * @since 3.4.0 * * @see get_post_types() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Optional. Query arguments. * @type array $4 Optional. Fields to fetch. * } * @return array|IXR_Error */ public function wp_getPostTypes( $args ) { if ( ! $this->minimum_args( $args, 3 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $filter = isset( $args[3] ) ? $args[3] : array( 'public' => true ); if ( isset( $args[4] ) ) { $fields = $args[4]; } else { /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ $fields = apply_filters( 'xmlrpc_default_posttype_fields', array( 'labels', 'cap', 'taxonomies' ), 'wp.getPostTypes' ); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getPostTypes', $args, $this ); $post_types = get_post_types( $filter, 'objects' ); $struct = array(); foreach ( $post_types as $post_type ) { if ( ! current_user_can( $post_type->cap->edit_posts ) ) { continue; } $struct[ $post_type->name ] = $this->_prepare_post_type( $post_type, $fields ); } return $struct; } /** * Retrieves revisions for a specific post. * * @since 3.5.0 * * The optional $fields parameter specifies what fields will be included * in the response array. * * @uses wp_get_post_revisions() * @see wp_getPost() for more on $fields * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Post ID. * @type array $4 Optional. Fields to fetch. * } * @return array|IXR_Error Array containing a collection of posts. */ public function wp_getRevisions( $args ) { if ( ! $this->minimum_args( $args, 4 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $post_id = (int) $args[3]; if ( isset( $args[4] ) ) { $fields = $args[4]; } else { /** * Filters the default revision query fields used by the given XML-RPC method. * * @since 3.5.0 * * @param array $field An array of revision fields to retrieve. By default, * contains 'post_date' and 'post_date_gmt'. * @param string $method The method name. */ $fields = apply_filters( 'xmlrpc_default_revision_fields', array( 'post_date', 'post_date_gmt' ), 'wp.getRevisions' ); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.getRevisions', $args, $this ); $post = get_post( $post_id ); if ( ! $post ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'edit_post', $post_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts.' ) ); } // Check if revisions are enabled. if ( ! wp_revisions_enabled( $post ) ) { return new IXR_Error( 401, __( 'Sorry, revisions are disabled.' ) ); } $revisions = wp_get_post_revisions( $post_id ); if ( ! $revisions ) { return array(); } $struct = array(); foreach ( $revisions as $revision ) { if ( ! current_user_can( 'read_post', $revision->ID ) ) { continue; } // Skip autosaves. if ( wp_is_post_autosave( $revision ) ) { continue; } $struct[] = $this->_prepare_post( get_object_vars( $revision ), $fields ); } return $struct; } /** * Restores a post revision. * * @since 3.5.0 * * @uses wp_restore_post_revision() * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Revision ID. * } * @return bool|IXR_Error false if there was an error restoring, true if success. */ public function wp_restoreRevision( $args ) { if ( ! $this->minimum_args( $args, 3 ) ) { return $this->error; } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $revision_id = (int) $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.restoreRevision', $args, $this ); $revision = wp_get_post_revision( $revision_id ); if ( ! $revision ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( wp_is_post_autosave( $revision ) ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } $post = get_post( $revision->post_parent ); if ( ! $post ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'edit_post', $revision->post_parent ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); } // Check if revisions are disabled. if ( ! wp_revisions_enabled( $post ) ) { return new IXR_Error( 401, __( 'Sorry, revisions are disabled.' ) ); } $post = wp_restore_post_revision( $revision_id ); return (bool) $post; } /* * Blogger API functions. * Specs on http://plant.blogger.com/api and https://groups.yahoo.com/group/bloggerDev/ */ /** * Retrieves blogs that user owns. * * Will make more sense once we support multiple blogs. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function blogger_getUsersBlogs( $args ) { if ( ! $this->minimum_args( $args, 3 ) ) { return $this->error; } if ( is_multisite() ) { return $this->_multisite_getUsersBlogs( $args ); } $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'blogger.getUsersBlogs', $args, $this ); $is_admin = current_user_can( 'manage_options' ); $struct = array( 'isAdmin' => $is_admin, 'url' => get_option( 'home' ) . '/', 'blogid' => '1', 'blogName' => get_option( 'blogname' ), 'xmlrpc' => site_url( 'xmlrpc.php', 'rpc' ), ); return array( $struct ); } /** * Private function for retrieving a users blogs for multisite setups. * * @since 3.0.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ protected function _multisite_getUsersBlogs( $args ) { $current_blog = get_site(); $domain = $current_blog->domain; $path = $current_blog->path . 'xmlrpc.php'; $blogs = $this->wp_getUsersBlogs( $args ); if ( $blogs instanceof IXR_Error ) { return $blogs; } if ( $_SERVER['HTTP_HOST'] === $domain && $_SERVER['REQUEST_URI'] === $path ) { return $blogs; } else { foreach ( (array) $blogs as $blog ) { if ( str_contains( $blog['url'], $_SERVER['HTTP_HOST'] ) ) { return array( $blog ); } } return array(); } } /** * Retrieves user's data. * * Gives your client some info about you, so you don't have to. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function blogger_getUserInfo( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_posts' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to access user data on this site.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'blogger.getUserInfo', $args, $this ); $struct = array( 'nickname' => $user->nickname, 'userid' => $user->ID, 'url' => $user->user_url, 'lastname' => $user->last_name, 'firstname' => $user->first_name, ); return $struct; } /** * Retrieves a post. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type int $1 Post ID. * @type string $2 Username. * @type string $3 Password. * } * @return array|IXR_Error */ public function blogger_getPost( $args ) { $this->escape( $args ); $post_id = (int) $args[1]; $username = $args[2]; $password = $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } $post_data = get_post( $post_id, ARRAY_A ); if ( ! $post_data ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'edit_post', $post_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'blogger.getPost', $args, $this ); $categories = implode( ',', wp_get_post_categories( $post_id ) ); $content = '<title>' . wp_unslash( $post_data['post_title'] ) . '</title>'; $content .= '<category>' . $categories . '</category>'; $content .= wp_unslash( $post_data['post_content'] ); $struct = array( 'userid' => $post_data['post_author'], 'dateCreated' => $this->_convert_date( $post_data['post_date'] ), 'content' => $content, 'postid' => (string) $post_data['ID'], ); return $struct; } /** * Retrieves the list of recent posts. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type string $0 App key (unused). * @type int $1 Blog ID (unused). * @type string $2 Username. * @type string $3 Password. * @type int $4 Optional. Number of posts. * } * @return array|IXR_Error */ public function blogger_getRecentPosts( $args ) { $this->escape( $args ); // $args[0] = appkey - ignored. $username = $args[2]; $password = $args[3]; if ( isset( $args[4] ) ) { $query = array( 'numberposts' => absint( $args[4] ) ); } else { $query = array(); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_posts' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'blogger.getRecentPosts', $args, $this ); $posts_list = wp_get_recent_posts( $query ); if ( ! $posts_list ) { $this->error = new IXR_Error( 500, __( 'No posts found or an error occurred while retrieving posts.' ) ); return $this->error; } $recent_posts = array(); foreach ( $posts_list as $entry ) { if ( ! current_user_can( 'edit_post', $entry['ID'] ) ) { continue; } $post_date = $this->_convert_date( $entry['post_date'] ); $categories = implode( ',', wp_get_post_categories( $entry['ID'] ) ); $content = '<title>' . wp_unslash( $entry['post_title'] ) . '</title>'; $content .= '<category>' . $categories . '</category>'; $content .= wp_unslash( $entry['post_content'] ); $recent_posts[] = array( 'userid' => $entry['post_author'], 'dateCreated' => $post_date, 'content' => $content, 'postid' => (string) $entry['ID'], ); } return $recent_posts; } /** * Deprecated. * * @since 1.5.0 * @deprecated 3.5.0 * * @param array $args Unused. * @return IXR_Error Error object. */ public function blogger_getTemplate( $args ) { return new IXR_Error( 403, __( 'Sorry, this method is not supported.' ) ); } /** * Deprecated. * * @since 1.5.0 * @deprecated 3.5.0 * * @param array $args Unused. * @return IXR_Error Error object. */ public function blogger_setTemplate( $args ) { return new IXR_Error( 403, __( 'Sorry, this method is not supported.' ) ); } /** * Creates a new post. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type string $0 App key (unused). * @type int $1 Blog ID (unused). * @type string $2 Username. * @type string $3 Password. * @type string $4 Content. * @type int $5 Publish flag. 0 for draft, 1 for publish. * } * @return int|IXR_Error */ public function blogger_newPost( $args ) { $this->escape( $args ); $username = $args[2]; $password = $args[3]; $content = $args[4]; $publish = $args[5]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'blogger.newPost', $args, $this ); $cap = ( $publish ) ? 'publish_posts' : 'edit_posts'; if ( ! current_user_can( get_post_type_object( 'post' )->cap->create_posts ) || ! current_user_can( $cap ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to post on this site.' ) ); } $post_status = ( $publish ) ? 'publish' : 'draft'; $post_author = $user->ID; $post_title = xmlrpc_getposttitle( $content ); $post_category = xmlrpc_getpostcategory( $content ); $post_content = xmlrpc_removepostdata( $content ); $post_date = current_time( 'mysql' ); $post_date_gmt = current_time( 'mysql', true ); $post_data = compact( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status' ); $post_id = wp_insert_post( $post_data ); if ( is_wp_error( $post_id ) ) { return new IXR_Error( 500, $post_id->get_error_message() ); } if ( ! $post_id ) { return new IXR_Error( 500, __( 'Sorry, the post could not be created.' ) ); } $this->attach_uploads( $post_id, $post_content ); /** * Fires after a new post has been successfully created via the XML-RPC Blogger API. * * @since 3.4.0 * * @param int $post_id ID of the new post. * @param array $args An array of new post arguments. */ do_action( 'xmlrpc_call_success_blogger_newPost', $post_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase return $post_id; } /** * Edits a post. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type int $1 Post ID. * @type string $2 Username. * @type string $3 Password. * @type string $4 Content * @type int $5 Publish flag. 0 for draft, 1 for publish. * } * @return true|IXR_Error true when done. */ public function blogger_editPost( $args ) { $this->escape( $args ); $post_id = (int) $args[1]; $username = $args[2]; $password = $args[3]; $content = $args[4]; $publish = $args[5]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'blogger.editPost', $args, $this ); $actual_post = get_post( $post_id, ARRAY_A ); if ( ! $actual_post || 'post' !== $actual_post['post_type'] ) { return new IXR_Error( 404, __( 'Sorry, no such post.' ) ); } $this->escape( $actual_post ); if ( ! current_user_can( 'edit_post', $post_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); } if ( 'publish' === $actual_post['post_status'] && ! current_user_can( 'publish_posts' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish this post.' ) ); } $postdata = array(); $postdata['ID'] = $actual_post['ID']; $postdata['post_content'] = xmlrpc_removepostdata( $content ); $postdata['post_title'] = xmlrpc_getposttitle( $content ); $postdata['post_category'] = xmlrpc_getpostcategory( $content ); $postdata['post_status'] = $actual_post['post_status']; $postdata['post_excerpt'] = $actual_post['post_excerpt']; $postdata['post_status'] = $publish ? 'publish' : 'draft'; $result = wp_update_post( $postdata ); if ( ! $result ) { return new IXR_Error( 500, __( 'Sorry, the post could not be updated.' ) ); } $this->attach_uploads( $actual_post['ID'], $postdata['post_content'] ); /** * Fires after a post has been successfully updated via the XML-RPC Blogger API. * * @since 3.4.0 * * @param int $post_id ID of the updated post. * @param array $args An array of arguments for the post to edit. */ do_action( 'xmlrpc_call_success_blogger_editPost', $post_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase return true; } /** * Deletes a post. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type int $1 Post ID. * @type string $2 Username. * @type string $3 Password. * } * @return true|IXR_Error True when post is deleted. */ public function blogger_deletePost( $args ) { $this->escape( $args ); $post_id = (int) $args[1]; $username = $args[2]; $password = $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'blogger.deletePost', $args, $this ); $actual_post = get_post( $post_id, ARRAY_A ); if ( ! $actual_post || 'post' !== $actual_post['post_type'] ) { return new IXR_Error( 404, __( 'Sorry, no such post.' ) ); } if ( ! current_user_can( 'delete_post', $post_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this post.' ) ); } $result = wp_delete_post( $post_id ); if ( ! $result ) { return new IXR_Error( 500, __( 'Sorry, the post could not be deleted.' ) ); } /** * Fires after a post has been successfully deleted via the XML-RPC Blogger API. * * @since 3.4.0 * * @param int $post_id ID of the deleted post. * @param array $args An array of arguments to delete the post. */ do_action( 'xmlrpc_call_success_blogger_deletePost', $post_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase return true; } /* * MetaWeblog API functions. * Specs on wherever Dave Winer wants them to be. */ /** * Creates a new post. * * The 'content_struct' argument must contain: * - title * - description * - mt_excerpt * - mt_text_more * - mt_keywords * - mt_tb_ping_urls * - categories * * Also, it can optionally contain: * - wp_slug * - wp_password * - wp_page_parent_id * - wp_page_order * - wp_author_id * - post_status | page_status - can be 'draft', 'private', 'publish', or 'pending' * - mt_allow_comments - can be 'open' or 'closed' * - mt_allow_pings - can be 'open' or 'closed' * - date_created_gmt * - dateCreated * - wp_post_thumbnail * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Content structure. * @type int $4 Optional. Publish flag. 0 for draft, 1 for publish. Default 0. * } * @return int|IXR_Error */ public function mw_newPost( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $content_struct = $args[3]; $publish = isset( $args[4] ) ? $args[4] : 0; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'metaWeblog.newPost', $args, $this ); $page_template = ''; if ( ! empty( $content_struct['post_type'] ) ) { if ( 'page' === $content_struct['post_type'] ) { if ( $publish ) { $cap = 'publish_pages'; } elseif ( isset( $content_struct['page_status'] ) && 'publish' === $content_struct['page_status'] ) { $cap = 'publish_pages'; } else { $cap = 'edit_pages'; } $error_message = __( 'Sorry, you are not allowed to publish pages on this site.' ); $post_type = 'page'; if ( ! empty( $content_struct['wp_page_template'] ) ) { $page_template = $content_struct['wp_page_template']; } } elseif ( 'post' === $content_struct['post_type'] ) { if ( $publish ) { $cap = 'publish_posts'; } elseif ( isset( $content_struct['post_status'] ) && 'publish' === $content_struct['post_status'] ) { $cap = 'publish_posts'; } else { $cap = 'edit_posts'; } $error_message = __( 'Sorry, you are not allowed to publish posts on this site.' ); $post_type = 'post'; } else { // No other 'post_type' values are allowed here. return new IXR_Error( 401, __( 'Invalid post type.' ) ); } } else { if ( $publish ) { $cap = 'publish_posts'; } elseif ( isset( $content_struct['post_status'] ) && 'publish' === $content_struct['post_status'] ) { $cap = 'publish_posts'; } else { $cap = 'edit_posts'; } $error_message = __( 'Sorry, you are not allowed to publish posts on this site.' ); $post_type = 'post'; } if ( ! current_user_can( get_post_type_object( $post_type )->cap->create_posts ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish posts on this site.' ) ); } if ( ! current_user_can( $cap ) ) { return new IXR_Error( 401, $error_message ); } // Check for a valid post format if one was given. if ( isset( $content_struct['wp_post_format'] ) ) { $content_struct['wp_post_format'] = sanitize_key( $content_struct['wp_post_format'] ); if ( ! array_key_exists( $content_struct['wp_post_format'], get_post_format_strings() ) ) { return new IXR_Error( 404, __( 'Invalid post format.' ) ); } } // Let WordPress generate the 'post_name' (slug) unless // one has been provided. $post_name = null; if ( isset( $content_struct['wp_slug'] ) ) { $post_name = $content_struct['wp_slug']; } // Only use a password if one was given. $post_password = ''; if ( isset( $content_struct['wp_password'] ) ) { $post_password = $content_struct['wp_password']; } // Only set a post parent if one was given. $post_parent = 0; if ( isset( $content_struct['wp_page_parent_id'] ) ) { $post_parent = $content_struct['wp_page_parent_id']; } // Only set the 'menu_order' if it was given. $menu_order = 0; if ( isset( $content_struct['wp_page_order'] ) ) { $menu_order = $content_struct['wp_page_order']; } $post_author = $user->ID; // If an author ID was provided then use it instead. if ( isset( $content_struct['wp_author_id'] ) && ( $user->ID !== (int) $content_struct['wp_author_id'] ) ) { switch ( $post_type ) { case 'post': if ( ! current_user_can( 'edit_others_posts' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to create posts as this user.' ) ); } break; case 'page': if ( ! current_user_can( 'edit_others_pages' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to create pages as this user.' ) ); } break; default: return new IXR_Error( 401, __( 'Invalid post type.' ) ); } $author = get_userdata( $content_struct['wp_author_id'] ); if ( ! $author ) { return new IXR_Error( 404, __( 'Invalid author ID.' ) ); } $post_author = $content_struct['wp_author_id']; } $post_title = isset( $content_struct['title'] ) ? $content_struct['title'] : ''; $post_content = isset( $content_struct['description'] ) ? $content_struct['description'] : ''; $post_status = $publish ? 'publish' : 'draft'; if ( isset( $content_struct[ "{$post_type}_status" ] ) ) { switch ( $content_struct[ "{$post_type}_status" ] ) { case 'draft': case 'pending': case 'private': case 'publish': $post_status = $content_struct[ "{$post_type}_status" ]; break; default: // Deliberably left empty. break; } } $post_excerpt = isset( $content_struct['mt_excerpt'] ) ? $content_struct['mt_excerpt'] : ''; $post_more = isset( $content_struct['mt_text_more'] ) ? $content_struct['mt_text_more'] : ''; $tags_input = isset( $content_struct['mt_keywords'] ) ? $content_struct['mt_keywords'] : array(); if ( isset( $content_struct['mt_allow_comments'] ) ) { if ( ! is_numeric( $content_struct['mt_allow_comments'] ) ) { switch ( $content_struct['mt_allow_comments'] ) { case 'closed': $comment_status = 'closed'; break; case 'open': $comment_status = 'open'; break; default: $comment_status = get_default_comment_status( $post_type ); break; } } else { switch ( (int) $content_struct['mt_allow_comments'] ) { case 0: case 2: $comment_status = 'closed'; break; case 1: $comment_status = 'open'; break; default: $comment_status = get_default_comment_status( $post_type ); break; } } } else { $comment_status = get_default_comment_status( $post_type ); } if ( isset( $content_struct['mt_allow_pings'] ) ) { if ( ! is_numeric( $content_struct['mt_allow_pings'] ) ) { switch ( $content_struct['mt_allow_pings'] ) { case 'closed': $ping_status = 'closed'; break; case 'open': $ping_status = 'open'; break; default: $ping_status = get_default_comment_status( $post_type, 'pingback' ); break; } } else { switch ( (int) $content_struct['mt_allow_pings'] ) { case 0: $ping_status = 'closed'; break; case 1: $ping_status = 'open'; break; default: $ping_status = get_default_comment_status( $post_type, 'pingback' ); break; } } } else { $ping_status = get_default_comment_status( $post_type, 'pingback' ); } if ( $post_more ) { $post_content .= '<!--more-->' . $post_more; } $to_ping = ''; if ( isset( $content_struct['mt_tb_ping_urls'] ) ) { $to_ping = $content_struct['mt_tb_ping_urls']; if ( is_array( $to_ping ) ) { $to_ping = implode( ' ', $to_ping ); } } // Do some timestamp voodoo. if ( ! empty( $content_struct['date_created_gmt'] ) ) { // We know this is supposed to be GMT, so we're going to slap that Z on there by force. $date_created = rtrim( $content_struct['date_created_gmt']->getIso(), 'Z' ) . 'Z'; } elseif ( ! empty( $content_struct['dateCreated'] ) ) { $date_created = $content_struct['dateCreated']->getIso(); } $post_date = ''; $post_date_gmt = ''; if ( ! empty( $date_created ) ) { $post_date = iso8601_to_datetime( $date_created ); $post_date_gmt = iso8601_to_datetime( $date_created, 'gmt' ); } $post_category = array(); if ( isset( $content_struct['categories'] ) ) { $catnames = $content_struct['categories']; if ( is_array( $catnames ) ) { foreach ( $catnames as $cat ) { $post_category[] = get_cat_ID( $cat ); } } } $postdata = compact( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'to_ping', 'post_type', 'post_name', 'post_password', 'post_parent', 'menu_order', 'tags_input', 'page_template' ); $post_id = get_default_post_to_edit( $post_type, true )->ID; $postdata['ID'] = $post_id; // Only posts can be sticky. if ( 'post' === $post_type && isset( $content_struct['sticky'] ) ) { $data = $postdata; $data['sticky'] = $content_struct['sticky']; $error = $this->_toggle_sticky( $data ); if ( $error ) { return $error; } } if ( isset( $content_struct['custom_fields'] ) ) { $this->set_custom_fields( $post_id, $content_struct['custom_fields'] ); } if ( isset( $content_struct['wp_post_thumbnail'] ) ) { if ( set_post_thumbnail( $post_id, $content_struct['wp_post_thumbnail'] ) === false ) { return new IXR_Error( 404, __( 'Invalid attachment ID.' ) ); } unset( $content_struct['wp_post_thumbnail'] ); } // Handle enclosures. $enclosure = isset( $content_struct['enclosure'] ) ? $content_struct['enclosure'] : null; $this->add_enclosure_if_new( $post_id, $enclosure ); $this->attach_uploads( $post_id, $post_content ); /* * Handle post formats if assigned, value is validated earlier * in this function. */ if ( isset( $content_struct['wp_post_format'] ) ) { set_post_format( $post_id, $content_struct['wp_post_format'] ); } $post_id = wp_insert_post( $postdata, true ); if ( is_wp_error( $post_id ) ) { return new IXR_Error( 500, $post_id->get_error_message() ); } if ( ! $post_id ) { return new IXR_Error( 500, __( 'Sorry, the post could not be created.' ) ); } /** * Fires after a new post has been successfully created via the XML-RPC MovableType API. * * @since 3.4.0 * * @param int $post_id ID of the new post. * @param array $args An array of arguments to create the new post. */ do_action( 'xmlrpc_call_success_mw_newPost', $post_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase return (string) $post_id; } /** * Adds an enclosure to a post if it's new. * * @since 2.8.0 * * @param int $post_id Post ID. * @param array $enclosure Enclosure data. */ public function add_enclosure_if_new( $post_id, $enclosure ) { if ( is_array( $enclosure ) && isset( $enclosure['url'] ) && isset( $enclosure['length'] ) && isset( $enclosure['type'] ) ) { $encstring = $enclosure['url'] . "\n" . $enclosure['length'] . "\n" . $enclosure['type'] . "\n"; $found = false; $enclosures = get_post_meta( $post_id, 'enclosure' ); if ( $enclosures ) { foreach ( $enclosures as $enc ) { // This method used to omit the trailing new line. #23219 if ( rtrim( $enc, "\n" ) === rtrim( $encstring, "\n" ) ) { $found = true; break; } } } if ( ! $found ) { add_post_meta( $post_id, 'enclosure', $encstring ); } } } /** * Attaches an upload to a post. * * @since 2.1.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $post_id Post ID. * @param string $post_content Post Content for attachment. */ public function attach_uploads( $post_id, $post_content ) { global $wpdb; // Find any unattached files. $attachments = $wpdb->get_results( "SELECT ID, guid FROM {$wpdb->posts} WHERE post_parent = '0' AND post_type = 'attachment'" ); if ( is_array( $attachments ) ) { foreach ( $attachments as $file ) { if ( ! empty( $file->guid ) && str_contains( $post_content, $file->guid ) ) { $wpdb->update( $wpdb->posts, array( 'post_parent' => $post_id ), array( 'ID' => $file->ID ) ); } } } } /** * Edits a post. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Post ID. * @type string $1 Username. * @type string $2 Password. * @type array $3 Content structure. * @type int $4 Optional. Publish flag. 0 for draft, 1 for publish. Default 0. * } * @return true|IXR_Error True on success. */ public function mw_editPost( $args ) { $this->escape( $args ); $post_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $content_struct = $args[3]; $publish = isset( $args[4] ) ? $args[4] : 0; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'metaWeblog.editPost', $args, $this ); $postdata = get_post( $post_id, ARRAY_A ); /* * If there is no post data for the give post ID, stop now and return an error. * Otherwise a new post will be created (which was the old behavior). */ if ( ! $postdata || empty( $postdata['ID'] ) ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'edit_post', $post_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); } // Use wp.editPost to edit post types other than post and page. if ( ! in_array( $postdata['post_type'], array( 'post', 'page' ), true ) ) { return new IXR_Error( 401, __( 'Invalid post type.' ) ); } // Thwart attempt to change the post type. if ( ! empty( $content_struct['post_type'] ) && ( $content_struct['post_type'] !== $postdata['post_type'] ) ) { return new IXR_Error( 401, __( 'The post type may not be changed.' ) ); } // Check for a valid post format if one was given. if ( isset( $content_struct['wp_post_format'] ) ) { $content_struct['wp_post_format'] = sanitize_key( $content_struct['wp_post_format'] ); if ( ! array_key_exists( $content_struct['wp_post_format'], get_post_format_strings() ) ) { return new IXR_Error( 404, __( 'Invalid post format.' ) ); } } $this->escape( $postdata ); $post_id = $postdata['ID']; $post_content = $postdata['post_content']; $post_title = $postdata['post_title']; $post_excerpt = $postdata['post_excerpt']; $post_password = $postdata['post_password']; $post_parent = $postdata['post_parent']; $post_type = $postdata['post_type']; $menu_order = $postdata['menu_order']; $ping_status = $postdata['ping_status']; $comment_status = $postdata['comment_status']; // Let WordPress manage slug if none was provided. $post_name = $postdata['post_name']; if ( isset( $content_struct['wp_slug'] ) ) { $post_name = $content_struct['wp_slug']; } // Only use a password if one was given. if ( isset( $content_struct['wp_password'] ) ) { $post_password = $content_struct['wp_password']; } // Only set a post parent if one was given. if ( isset( $content_struct['wp_page_parent_id'] ) ) { $post_parent = $content_struct['wp_page_parent_id']; } // Only set the 'menu_order' if it was given. if ( isset( $content_struct['wp_page_order'] ) ) { $menu_order = $content_struct['wp_page_order']; } $page_template = ''; if ( ! empty( $content_struct['wp_page_template'] ) && 'page' === $post_type ) { $page_template = $content_struct['wp_page_template']; } $post_author = $postdata['post_author']; // If an author ID was provided then use it instead. if ( isset( $content_struct['wp_author_id'] ) ) { // Check permissions if attempting to switch author to or from another user. if ( $user->ID !== (int) $content_struct['wp_author_id'] || $user->ID !== (int) $post_author ) { switch ( $post_type ) { case 'post': if ( ! current_user_can( 'edit_others_posts' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to change the post author as this user.' ) ); } break; case 'page': if ( ! current_user_can( 'edit_others_pages' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to change the page author as this user.' ) ); } break; default: return new IXR_Error( 401, __( 'Invalid post type.' ) ); } $post_author = $content_struct['wp_author_id']; } } if ( isset( $content_struct['mt_allow_comments'] ) ) { if ( ! is_numeric( $content_struct['mt_allow_comments'] ) ) { switch ( $content_struct['mt_allow_comments'] ) { case 'closed': $comment_status = 'closed'; break; case 'open': $comment_status = 'open'; break; default: $comment_status = get_default_comment_status( $post_type ); break; } } else { switch ( (int) $content_struct['mt_allow_comments'] ) { case 0: case 2: $comment_status = 'closed'; break; case 1: $comment_status = 'open'; break; default: $comment_status = get_default_comment_status( $post_type ); break; } } } if ( isset( $content_struct['mt_allow_pings'] ) ) { if ( ! is_numeric( $content_struct['mt_allow_pings'] ) ) { switch ( $content_struct['mt_allow_pings'] ) { case 'closed': $ping_status = 'closed'; break; case 'open': $ping_status = 'open'; break; default: $ping_status = get_default_comment_status( $post_type, 'pingback' ); break; } } else { switch ( (int) $content_struct['mt_allow_pings'] ) { case 0: $ping_status = 'closed'; break; case 1: $ping_status = 'open'; break; default: $ping_status = get_default_comment_status( $post_type, 'pingback' ); break; } } } if ( isset( $content_struct['title'] ) ) { $post_title = $content_struct['title']; } if ( isset( $content_struct['description'] ) ) { $post_content = $content_struct['description']; } $post_category = array(); if ( isset( $content_struct['categories'] ) ) { $catnames = $content_struct['categories']; if ( is_array( $catnames ) ) { foreach ( $catnames as $cat ) { $post_category[] = get_cat_ID( $cat ); } } } if ( isset( $content_struct['mt_excerpt'] ) ) { $post_excerpt = $content_struct['mt_excerpt']; } $post_more = isset( $content_struct['mt_text_more'] ) ? $content_struct['mt_text_more'] : ''; $post_status = $publish ? 'publish' : 'draft'; if ( isset( $content_struct[ "{$post_type}_status" ] ) ) { switch ( $content_struct[ "{$post_type}_status" ] ) { case 'draft': case 'pending': case 'private': case 'publish': $post_status = $content_struct[ "{$post_type}_status" ]; break; default: $post_status = $publish ? 'publish' : 'draft'; break; } } $tags_input = isset( $content_struct['mt_keywords'] ) ? $content_struct['mt_keywords'] : array(); if ( 'publish' === $post_status || 'private' === $post_status ) { if ( 'page' === $post_type && ! current_user_can( 'publish_pages' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish this page.' ) ); } elseif ( ! current_user_can( 'publish_posts' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish this post.' ) ); } } if ( $post_more ) { $post_content = $post_content . '<!--more-->' . $post_more; } $to_ping = ''; if ( isset( $content_struct['mt_tb_ping_urls'] ) ) { $to_ping = $content_struct['mt_tb_ping_urls']; if ( is_array( $to_ping ) ) { $to_ping = implode( ' ', $to_ping ); } } // Do some timestamp voodoo. if ( ! empty( $content_struct['date_created_gmt'] ) ) { // We know this is supposed to be GMT, so we're going to slap that Z on there by force. $date_created = rtrim( $content_struct['date_created_gmt']->getIso(), 'Z' ) . 'Z'; } elseif ( ! empty( $content_struct['dateCreated'] ) ) { $date_created = $content_struct['dateCreated']->getIso(); } // Default to not flagging the post date to be edited unless it's intentional. $edit_date = false; if ( ! empty( $date_created ) ) { $post_date = iso8601_to_datetime( $date_created ); $post_date_gmt = iso8601_to_datetime( $date_created, 'gmt' ); // Flag the post date to be edited. $edit_date = true; } else { $post_date = $postdata['post_date']; $post_date_gmt = $postdata['post_date_gmt']; } $newpost = array( 'ID' => $post_id, ); $newpost += compact( 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'edit_date', 'post_date', 'post_date_gmt', 'to_ping', 'post_name', 'post_password', 'post_parent', 'menu_order', 'post_author', 'tags_input', 'page_template' ); // We've got all the data -- post it. $result = wp_update_post( $newpost, true ); if ( is_wp_error( $result ) ) { return new IXR_Error( 500, $result->get_error_message() ); } if ( ! $result ) { return new IXR_Error( 500, __( 'Sorry, the post could not be updated.' ) ); } // Only posts can be sticky. if ( 'post' === $post_type && isset( $content_struct['sticky'] ) ) { $data = $newpost; $data['sticky'] = $content_struct['sticky']; $data['post_type'] = 'post'; $error = $this->_toggle_sticky( $data, true ); if ( $error ) { return $error; } } if ( isset( $content_struct['custom_fields'] ) ) { $this->set_custom_fields( $post_id, $content_struct['custom_fields'] ); } if ( isset( $content_struct['wp_post_thumbnail'] ) ) { // Empty value deletes, non-empty value adds/updates. if ( empty( $content_struct['wp_post_thumbnail'] ) ) { delete_post_thumbnail( $post_id ); } else { if ( set_post_thumbnail( $post_id, $content_struct['wp_post_thumbnail'] ) === false ) { return new IXR_Error( 404, __( 'Invalid attachment ID.' ) ); } } unset( $content_struct['wp_post_thumbnail'] ); } // Handle enclosures. $enclosure = isset( $content_struct['enclosure'] ) ? $content_struct['enclosure'] : null; $this->add_enclosure_if_new( $post_id, $enclosure ); $this->attach_uploads( $post_id, $post_content ); // Handle post formats if assigned, validation is handled earlier in this function. if ( isset( $content_struct['wp_post_format'] ) ) { set_post_format( $post_id, $content_struct['wp_post_format'] ); } /** * Fires after a post has been successfully updated via the XML-RPC MovableType API. * * @since 3.4.0 * * @param int $post_id ID of the updated post. * @param array $args An array of arguments to update the post. */ do_action( 'xmlrpc_call_success_mw_editPost', $post_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase return true; } /** * Retrieves a post. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Post ID. * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function mw_getPost( $args ) { $this->escape( $args ); $post_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } $postdata = get_post( $post_id, ARRAY_A ); if ( ! $postdata ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'edit_post', $post_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'metaWeblog.getPost', $args, $this ); if ( '' !== $postdata['post_date'] ) { $post_date = $this->_convert_date( $postdata['post_date'] ); $post_date_gmt = $this->_convert_date_gmt( $postdata['post_date_gmt'], $postdata['post_date'] ); $post_modified = $this->_convert_date( $postdata['post_modified'] ); $post_modified_gmt = $this->_convert_date_gmt( $postdata['post_modified_gmt'], $postdata['post_modified'] ); $categories = array(); $cat_ids = wp_get_post_categories( $post_id ); foreach ( $cat_ids as $cat_id ) { $categories[] = get_cat_name( $cat_id ); } $tagnames = array(); $tags = wp_get_post_tags( $post_id ); if ( ! empty( $tags ) ) { foreach ( $tags as $tag ) { $tagnames[] = $tag->name; } $tagnames = implode( ', ', $tagnames ); } else { $tagnames = ''; } $post = get_extended( $postdata['post_content'] ); $link = get_permalink( $postdata['ID'] ); // Get the author info. $author = get_userdata( $postdata['post_author'] ); $allow_comments = ( 'open' === $postdata['comment_status'] ) ? 1 : 0; $allow_pings = ( 'open' === $postdata['ping_status'] ) ? 1 : 0; // Consider future posts as published. if ( 'future' === $postdata['post_status'] ) { $postdata['post_status'] = 'publish'; } // Get post format. $post_format = get_post_format( $post_id ); if ( empty( $post_format ) ) { $post_format = 'standard'; } $sticky = false; if ( is_sticky( $post_id ) ) { $sticky = true; } $enclosure = array(); foreach ( (array) get_post_custom( $post_id ) as $key => $val ) { if ( 'enclosure' === $key ) { foreach ( (array) $val as $enc ) { $encdata = explode( "\n", $enc ); $enclosure['url'] = trim( htmlspecialchars( $encdata[0] ) ); $enclosure['length'] = (int) trim( $encdata[1] ); $enclosure['type'] = trim( $encdata[2] ); break 2; } } } $resp = array( 'dateCreated' => $post_date, 'userid' => $postdata['post_author'], 'postid' => $postdata['ID'], 'description' => $post['main'], 'title' => $postdata['post_title'], 'link' => $link, 'permaLink' => $link, // Commented out because no other tool seems to use this. // 'content' => $entry['post_content'], 'categories' => $categories, 'mt_excerpt' => $postdata['post_excerpt'], 'mt_text_more' => $post['extended'], 'wp_more_text' => $post['more_text'], 'mt_allow_comments' => $allow_comments, 'mt_allow_pings' => $allow_pings, 'mt_keywords' => $tagnames, 'wp_slug' => $postdata['post_name'], 'wp_password' => $postdata['post_password'], 'wp_author_id' => (string) $author->ID, 'wp_author_display_name' => $author->display_name, 'date_created_gmt' => $post_date_gmt, 'post_status' => $postdata['post_status'], 'custom_fields' => $this->get_custom_fields( $post_id ), 'wp_post_format' => $post_format, 'sticky' => $sticky, 'date_modified' => $post_modified, 'date_modified_gmt' => $post_modified_gmt, ); if ( ! empty( $enclosure ) ) { $resp['enclosure'] = $enclosure; } $resp['wp_post_thumbnail'] = get_post_thumbnail_id( $postdata['ID'] ); return $resp; } else { return new IXR_Error( 404, __( 'Sorry, no such post.' ) ); } } /** * Retrieves list of recent posts. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Optional. Number of posts. * } * @return array|IXR_Error */ public function mw_getRecentPosts( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; if ( isset( $args[3] ) ) { $query = array( 'numberposts' => absint( $args[3] ) ); } else { $query = array(); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_posts' ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit posts.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'metaWeblog.getRecentPosts', $args, $this ); $posts_list = wp_get_recent_posts( $query ); if ( ! $posts_list ) { return array(); } $recent_posts = array(); foreach ( $posts_list as $entry ) { if ( ! current_user_can( 'edit_post', $entry['ID'] ) ) { continue; } $post_date = $this->_convert_date( $entry['post_date'] ); $post_date_gmt = $this->_convert_date_gmt( $entry['post_date_gmt'], $entry['post_date'] ); $post_modified = $this->_convert_date( $entry['post_modified'] ); $post_modified_gmt = $this->_convert_date_gmt( $entry['post_modified_gmt'], $entry['post_modified'] ); $categories = array(); $cat_ids = wp_get_post_categories( $entry['ID'] ); foreach ( $cat_ids as $cat_id ) { $categories[] = get_cat_name( $cat_id ); } $tagnames = array(); $tags = wp_get_post_tags( $entry['ID'] ); if ( ! empty( $tags ) ) { foreach ( $tags as $tag ) { $tagnames[] = $tag->name; } $tagnames = implode( ', ', $tagnames ); } else { $tagnames = ''; } $post = get_extended( $entry['post_content'] ); $link = get_permalink( $entry['ID'] ); // Get the post author info. $author = get_userdata( $entry['post_author'] ); $allow_comments = ( 'open' === $entry['comment_status'] ) ? 1 : 0; $allow_pings = ( 'open' === $entry['ping_status'] ) ? 1 : 0; // Consider future posts as published. if ( 'future' === $entry['post_status'] ) { $entry['post_status'] = 'publish'; } // Get post format. $post_format = get_post_format( $entry['ID'] ); if ( empty( $post_format ) ) { $post_format = 'standard'; } $recent_posts[] = array( 'dateCreated' => $post_date, 'userid' => $entry['post_author'], 'postid' => (string) $entry['ID'], 'description' => $post['main'], 'title' => $entry['post_title'], 'link' => $link, 'permaLink' => $link, // Commented out because no other tool seems to use this. // 'content' => $entry['post_content'], 'categories' => $categories, 'mt_excerpt' => $entry['post_excerpt'], 'mt_text_more' => $post['extended'], 'wp_more_text' => $post['more_text'], 'mt_allow_comments' => $allow_comments, 'mt_allow_pings' => $allow_pings, 'mt_keywords' => $tagnames, 'wp_slug' => $entry['post_name'], 'wp_password' => $entry['post_password'], 'wp_author_id' => (string) $author->ID, 'wp_author_display_name' => $author->display_name, 'date_created_gmt' => $post_date_gmt, 'post_status' => $entry['post_status'], 'custom_fields' => $this->get_custom_fields( $entry['ID'] ), 'wp_post_format' => $post_format, 'date_modified' => $post_modified, 'date_modified_gmt' => $post_modified_gmt, 'sticky' => ( 'post' === $entry['post_type'] && is_sticky( $entry['ID'] ) ), 'wp_post_thumbnail' => get_post_thumbnail_id( $entry['ID'] ), ); } return $recent_posts; } /** * Retrieves the list of categories on a given blog. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function mw_getCategories( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_posts' ) ) { return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this site in order to view categories.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'metaWeblog.getCategories', $args, $this ); $categories_struct = array(); $cats = get_categories( array( 'get' => 'all' ) ); if ( $cats ) { foreach ( $cats as $cat ) { $struct = array(); $struct['categoryId'] = $cat->term_id; $struct['parentId'] = $cat->parent; $struct['description'] = $cat->name; $struct['categoryDescription'] = $cat->description; $struct['categoryName'] = $cat->name; $struct['htmlUrl'] = esc_html( get_category_link( $cat->term_id ) ); $struct['rssUrl'] = esc_html( get_category_feed_link( $cat->term_id, 'rss2' ) ); $categories_struct[] = $struct; } } return $categories_struct; } /** * Uploads a file, following your settings. * * Adapted from a patch by Johann Richard. * * @link http://mycvs.org/archives/2004/06/30/file-upload-to-wordpress-in-ecto/ * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type array $3 Data. * } * @return array|IXR_Error */ public function mw_newMediaObject( $args ) { $username = $this->escape( $args[1] ); $password = $this->escape( $args[2] ); $data = $args[3]; $name = sanitize_file_name( $data['name'] ); $type = $data['type']; $bits = $data['bits']; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'metaWeblog.newMediaObject', $args, $this ); if ( ! current_user_can( 'upload_files' ) ) { $this->error = new IXR_Error( 401, __( 'Sorry, you are not allowed to upload files.' ) ); return $this->error; } if ( is_multisite() && upload_is_user_over_quota( false ) ) { $this->error = new IXR_Error( 401, sprintf( /* translators: %s: Allowed space allocation. */ __( 'Sorry, you have used your space allocation of %s. Please delete some files to upload more files.' ), size_format( get_space_allowed() * MB_IN_BYTES ) ) ); return $this->error; } /** * Filters whether to preempt the XML-RPC media upload. * * Returning a truthy value will effectively short-circuit the media upload, * returning that value as a 500 error instead. * * @since 2.1.0 * * @param bool $error Whether to pre-empt the media upload. Default false. */ $upload_err = apply_filters( 'pre_upload_error', false ); if ( $upload_err ) { return new IXR_Error( 500, $upload_err ); } $upload = wp_upload_bits( $name, null, $bits ); if ( ! empty( $upload['error'] ) ) { /* translators: 1: File name, 2: Error message. */ $error_string = sprintf( __( 'Could not write file %1$s (%2$s).' ), $name, $upload['error'] ); return new IXR_Error( 500, $error_string ); } // Construct the attachment array. $post_id = 0; if ( ! empty( $data['post_id'] ) ) { $post_id = (int) $data['post_id']; if ( ! current_user_can( 'edit_post', $post_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); } } $attachment = array( 'post_title' => $name, 'post_content' => '', 'post_type' => 'attachment', 'post_parent' => $post_id, 'post_mime_type' => $type, 'guid' => $upload['url'], ); // Save the data. $attachment_id = wp_insert_attachment( $attachment, $upload['file'], $post_id ); wp_update_attachment_metadata( $attachment_id, wp_generate_attachment_metadata( $attachment_id, $upload['file'] ) ); /** * Fires after a new attachment has been added via the XML-RPC MovableType API. * * @since 3.4.0 * * @param int $attachment_id ID of the new attachment. * @param array $args An array of arguments to add the attachment. */ do_action( 'xmlrpc_call_success_mw_newMediaObject', $attachment_id, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase $struct = $this->_prepare_media_item( get_post( $attachment_id ) ); // Deprecated values. $struct['id'] = $struct['attachment_id']; $struct['file'] = $struct['title']; $struct['url'] = $struct['link']; return $struct; } /* * MovableType API functions. * Specs archive on https://web.archive.org/web/20050220091302/http://www.movabletype.org/docs/mtmanual_programmatic.html */ /** * Retrieves the post titles of recent posts. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * @type int $3 Optional. Number of posts. * } * @return array|IXR_Error */ public function mt_getRecentPostTitles( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; if ( isset( $args[3] ) ) { $query = array( 'numberposts' => absint( $args[3] ) ); } else { $query = array(); } $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'mt.getRecentPostTitles', $args, $this ); $posts_list = wp_get_recent_posts( $query ); if ( ! $posts_list ) { $this->error = new IXR_Error( 500, __( 'No posts found or an error occurred while retrieving posts.' ) ); return $this->error; } $recent_posts = array(); foreach ( $posts_list as $entry ) { if ( ! current_user_can( 'edit_post', $entry['ID'] ) ) { continue; } $post_date = $this->_convert_date( $entry['post_date'] ); $post_date_gmt = $this->_convert_date_gmt( $entry['post_date_gmt'], $entry['post_date'] ); $recent_posts[] = array( 'dateCreated' => $post_date, 'userid' => $entry['post_author'], 'postid' => (string) $entry['ID'], 'title' => $entry['post_title'], 'post_status' => $entry['post_status'], 'date_created_gmt' => $post_date_gmt, ); } return $recent_posts; } /** * Retrieves the list of all categories on a blog. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Blog ID (unused). * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function mt_getCategoryList( $args ) { $this->escape( $args ); $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! current_user_can( 'edit_posts' ) ) { return new IXR_Error( 401, __( 'Sorry, you must be able to edit posts on this site in order to view categories.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'mt.getCategoryList', $args, $this ); $categories_struct = array(); $cats = get_categories( array( 'hide_empty' => 0, 'hierarchical' => 0, ) ); if ( $cats ) { foreach ( $cats as $cat ) { $struct = array(); $struct['categoryId'] = $cat->term_id; $struct['categoryName'] = $cat->name; $categories_struct[] = $struct; } } return $categories_struct; } /** * Retrieves post categories. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Post ID. * @type string $1 Username. * @type string $2 Password. * } * @return array|IXR_Error */ public function mt_getPostCategories( $args ) { $this->escape( $args ); $post_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } if ( ! get_post( $post_id ) ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'edit_post', $post_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'mt.getPostCategories', $args, $this ); $categories = array(); $cat_ids = wp_get_post_categories( (int) $post_id ); // First listed category will be the primary category. $is_primary = true; foreach ( $cat_ids as $cat_id ) { $categories[] = array( 'categoryName' => get_cat_name( $cat_id ), 'categoryId' => (string) $cat_id, 'isPrimary' => $is_primary, ); $is_primary = false; } return $categories; } /** * Sets categories for a post. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Post ID. * @type string $1 Username. * @type string $2 Password. * @type array $3 Categories. * } * @return true|IXR_Error True on success. */ public function mt_setPostCategories( $args ) { $this->escape( $args ); $post_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $categories = $args[3]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'mt.setPostCategories', $args, $this ); if ( ! get_post( $post_id ) ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'edit_post', $post_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this post.' ) ); } $cat_ids = array(); foreach ( $categories as $cat ) { $cat_ids[] = $cat['categoryId']; } wp_set_post_categories( $post_id, $cat_ids ); return true; } /** * Retrieves an array of methods supported by this server. * * @since 1.5.0 * * @return array */ public function mt_supportedMethods() { /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'mt.supportedMethods', array(), $this ); return array_keys( $this->methods ); } /** * Retrieves an empty array because we don't support per-post text filters. * * @since 1.5.0 */ public function mt_supportedTextFilters() { /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'mt.supportedTextFilters', array(), $this ); /** * Filters the MoveableType text filters list for XML-RPC. * * @since 2.2.0 * * @param array $filters An array of text filters. */ return apply_filters( 'xmlrpc_text_filters', array() ); } /** * Retrieves trackbacks sent to a given post. * * @since 1.5.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $post_id * @return array|IXR_Error */ public function mt_getTrackbackPings( $post_id ) { global $wpdb; /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'mt.getTrackbackPings', $post_id, $this ); $actual_post = get_post( $post_id, ARRAY_A ); if ( ! $actual_post ) { return new IXR_Error( 404, __( 'Sorry, no such post.' ) ); } $comments = $wpdb->get_results( $wpdb->prepare( "SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_id ) ); if ( ! $comments ) { return array(); } $trackback_pings = array(); foreach ( $comments as $comment ) { if ( 'trackback' === $comment->comment_type ) { $content = $comment->comment_content; $title = substr( $content, 8, ( strpos( $content, '</strong>' ) - 8 ) ); $trackback_pings[] = array( 'pingTitle' => $title, 'pingURL' => $comment->comment_author_url, 'pingIP' => $comment->comment_author_IP, ); } } return $trackback_pings; } /** * Sets a post's publish status to 'publish'. * * @since 1.5.0 * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type int $0 Post ID. * @type string $1 Username. * @type string $2 Password. * } * @return int|IXR_Error */ public function mt_publishPost( $args ) { $this->escape( $args ); $post_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; $user = $this->login( $username, $password ); if ( ! $user ) { return $this->error; } /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'mt.publishPost', $args, $this ); $postdata = get_post( $post_id, ARRAY_A ); if ( ! $postdata ) { return new IXR_Error( 404, __( 'Invalid post ID.' ) ); } if ( ! current_user_can( 'publish_posts' ) || ! current_user_can( 'edit_post', $post_id ) ) { return new IXR_Error( 401, __( 'Sorry, you are not allowed to publish this post.' ) ); } $postdata['post_status'] = 'publish'; // Retain old categories. $postdata['post_category'] = wp_get_post_categories( $post_id ); $this->escape( $postdata ); return wp_update_post( $postdata ); } /* * Pingback functions. * Specs on www.hixie.ch/specs/pingback/pingback */ /** * Retrieves a pingback and registers it. * * @since 1.5.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param array $args { * Method arguments. Note: arguments must be ordered as documented. * * @type string $0 URL of page linked from. * @type string $1 URL of page linked to. * } * @return string|IXR_Error */ public function pingback_ping( $args ) { global $wpdb; /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'pingback.ping', $args, $this ); $this->escape( $args ); $pagelinkedfrom = str_replace( '&', '&', $args[0] ); $pagelinkedto = str_replace( '&', '&', $args[1] ); $pagelinkedto = str_replace( '&', '&', $pagelinkedto ); /** * Filters the pingback source URI. * * @since 3.6.0 * * @param string $pagelinkedfrom URI of the page linked from. * @param string $pagelinkedto URI of the page linked to. */ $pagelinkedfrom = apply_filters( 'pingback_ping_source_uri', $pagelinkedfrom, $pagelinkedto ); if ( ! $pagelinkedfrom ) { return $this->pingback_error( 0, __( 'A valid URL was not provided.' ) ); } // Check if the page linked to is on our site. $pos1 = strpos( $pagelinkedto, str_replace( array( 'http://www.', 'http://', 'https://www.', 'https://' ), '', get_option( 'home' ) ) ); if ( ! $pos1 ) { return $this->pingback_error( 0, __( 'Is there no link to us?' ) ); } /* * Let's find which post is linked to. * FIXME: Does url_to_postid() cover all these cases already? * If so, then let's use it and drop the old code. */ $urltest = parse_url( $pagelinkedto ); $post_id = url_to_postid( $pagelinkedto ); if ( $post_id ) { // $way } elseif ( isset( $urltest['path'] ) && preg_match( '#p/[0-9]{1,}#', $urltest['path'], $match ) ) { // The path defines the post_ID (archives/p/XXXX). $blah = explode( '/', $match[0] ); $post_id = (int) $blah[1]; } elseif ( isset( $urltest['query'] ) && preg_match( '#p=[0-9]{1,}#', $urltest['query'], $match ) ) { // The query string defines the post_ID (?p=XXXX). $blah = explode( '=', $match[0] ); $post_id = (int) $blah[1]; } elseif ( isset( $urltest['fragment'] ) ) { // An #anchor is there, it's either... if ( (int) $urltest['fragment'] ) { // ...an integer #XXXX (simplest case), $post_id = (int) $urltest['fragment']; } elseif ( preg_match( '/post-[0-9]+/', $urltest['fragment'] ) ) { // ...a post ID in the form 'post-###', $post_id = preg_replace( '/[^0-9]+/', '', $urltest['fragment'] ); } elseif ( is_string( $urltest['fragment'] ) ) { // ...or a string #title, a little more complicated. $title = preg_replace( '/[^a-z0-9]/i', '.', $urltest['fragment'] ); $sql = $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", $title ); $post_id = $wpdb->get_var( $sql ); if ( ! $post_id ) { // Returning unknown error '0' is better than die()'ing. return $this->pingback_error( 0, '' ); } } } else { // TODO: Attempt to extract a post ID from the given URL. return $this->pingback_error( 33, __( 'The specified target URL cannot be used as a target. It either does not exist, or it is not a pingback-enabled resource.' ) ); } $post_id = (int) $post_id; $post = get_post( $post_id ); if ( ! $post ) { // Post not found. return $this->pingback_error( 33, __( 'The specified target URL cannot be used as a target. It either does not exist, or it is not a pingback-enabled resource.' ) ); } if ( url_to_postid( $pagelinkedfrom ) === $post_id ) { return $this->pingback_error( 0, __( 'The source URL and the target URL cannot both point to the same resource.' ) ); } // Check if pings are on. if ( ! pings_open( $post ) ) { return $this->pingback_error( 33, __( 'The specified target URL cannot be used as a target. It either does not exist, or it is not a pingback-enabled resource.' ) ); } // Let's check that the remote site didn't already pingback this entry. if ( $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $post_id, $pagelinkedfrom ) ) ) { return $this->pingback_error( 48, __( 'The pingback has already been registered.' ) ); } /* * The remote site may have sent the pingback before it finished publishing its own content * containing this pingback URL. If that happens then it won't be immediately possible to fetch * the pinging post; adding a small delay reduces the likelihood of this happening. * * While there are more robust methods than calling `sleep()` here (because `sleep()` merely * mitigates the risk of requesting the remote post before it's available), this is effective * enough for most cases and avoids introducing more complexity into this code. * * One way to improve the reliability of this code might be to add failure-handling to the remote * fetch and retry up to a set number of times if it receives a 404. This could also handle 401 and * 403 responses to differentiate the "does not exist" failure from the "may not access" failure. */ sleep( 1 ); $remote_ip = preg_replace( '/[^0-9a-fA-F:., ]/', '', $_SERVER['REMOTE_ADDR'] ); /** This filter is documented in wp-includes/class-wp-http.php */ $user_agent = apply_filters( 'http_headers_useragent', 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ), $pagelinkedfrom ); // Let's check the remote site. $http_api_args = array( 'timeout' => 10, 'redirection' => 0, 'limit_response_size' => 153600, // 150 KB 'user-agent' => "$user_agent; verifying pingback from $remote_ip", 'headers' => array( 'X-Pingback-Forwarded-For' => $remote_ip, ), ); $request = wp_safe_remote_get( $pagelinkedfrom, $http_api_args ); $remote_source = wp_remote_retrieve_body( $request ); $remote_source_original = $remote_source; if ( ! $remote_source ) { return $this->pingback_error( 16, __( 'The source URL does not exist.' ) ); } /** * Filters the pingback remote source. * * @since 2.5.0 * * @param string $remote_source Response source for the page linked from. * @param string $pagelinkedto URL of the page linked to. */ $remote_source = apply_filters( 'pre_remote_source', $remote_source, $pagelinkedto ); // Work around bug in strip_tags(): $remote_source = str_replace( '<!DOC', '<DOC', $remote_source ); $remote_source = preg_replace( '/[\r\n\t ]+/', ' ', $remote_source ); // normalize spaces $remote_source = preg_replace( '/<\/*(h1|h2|h3|h4|h5|h6|p|th|td|li|dt|dd|pre|caption|input|textarea|button|body)[^>]*>/', "\n\n", $remote_source ); preg_match( '|<title>([^<]*?)</title>|is', $remote_source, $matchtitle ); $title = isset( $matchtitle[1] ) ? $matchtitle[1] : ''; if ( empty( $title ) ) { return $this->pingback_error( 32, __( 'A title on that page cannot be found.' ) ); } // Remove all script and style tags including their content. $remote_source = preg_replace( '@<(script|style)[^>]*?>.*?</\\1>@si', '', $remote_source ); // Just keep the tag we need. $remote_source = strip_tags( $remote_source, '<a>' ); $p = explode( "\n\n", $remote_source ); $preg_target = preg_quote( $pagelinkedto, '|' ); foreach ( $p as $para ) { if ( str_contains( $para, $pagelinkedto ) ) { // It exists, but is it a link? preg_match( '|<a[^>]+?' . $preg_target . '[^>]*>([^>]+?)</a>|', $para, $context ); // If the URL isn't in a link context, keep looking. if ( empty( $context ) ) { continue; } /* * We're going to use this fake tag to mark the context in a bit. * The marker is needed in case the link text appears more than once in the paragraph. */ $excerpt = preg_replace( '|\</?wpcontext\>|', '', $para ); // prevent really long link text if ( strlen( $context[1] ) > 100 ) { $context[1] = substr( $context[1], 0, 100 ) . '…'; } $marker = '<wpcontext>' . $context[1] . '</wpcontext>'; // Set up our marker. $excerpt = str_replace( $context[0], $marker, $excerpt ); // Swap out the link for our marker. $excerpt = strip_tags( $excerpt, '<wpcontext>' ); // Strip all tags but our context marker. $excerpt = trim( $excerpt ); $preg_marker = preg_quote( $marker, '|' ); $excerpt = preg_replace( "|.*?\s(.{0,100}$preg_marker.{0,100})\s.*|s", '$1', $excerpt ); $excerpt = strip_tags( $excerpt ); // YES, again, to remove the marker wrapper. break; } } if ( empty( $context ) ) { // Link to target not found. return $this->pingback_error( 17, __( 'The source URL does not contain a link to the target URL, and so cannot be used as a source.' ) ); } $pagelinkedfrom = str_replace( '&', '&', $pagelinkedfrom ); $context = '[…] ' . esc_html( $excerpt ) . ' […]'; $pagelinkedfrom = $this->escape( $pagelinkedfrom ); $comment_post_id = (int) $post_id; $comment_author = $title; $comment_author_email = ''; $this->escape( $comment_author ); $comment_author_url = $pagelinkedfrom; $comment_content = $context; $this->escape( $comment_content ); $comment_type = 'pingback'; $commentdata = array( 'comment_post_ID' => $comment_post_id, ); $commentdata += compact( 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_content', 'comment_type', 'remote_source', 'remote_source_original' ); $comment_id = wp_new_comment( $commentdata ); if ( is_wp_error( $comment_id ) ) { return $this->pingback_error( 0, $comment_id->get_error_message() ); } /** * Fires after a post pingback has been sent. * * @since 0.71 * * @param int $comment_id Comment ID. */ do_action( 'pingback_post', $comment_id ); /* translators: 1: URL of the page linked from, 2: URL of the page linked to. */ return sprintf( __( 'Pingback from %1$s to %2$s registered. Keep the web talking! :-)' ), $pagelinkedfrom, $pagelinkedto ); } /** * Retrieves an array of URLs that pingbacked the given URL. * * Specs on http://www.aquarionics.com/misc/archives/blogite/0198.html * * @since 1.5.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $url * @return array|IXR_Error */ public function pingback_extensions_getPingbacks( $url ) { global $wpdb; /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'pingback.extensions.getPingbacks', $url, $this ); $url = $this->escape( $url ); $post_id = url_to_postid( $url ); if ( ! $post_id ) { // We aren't sure that the resource is available and/or pingback enabled. return $this->pingback_error( 33, __( 'The specified target URL cannot be used as a target. It either does not exist, or it is not a pingback-enabled resource.' ) ); } $actual_post = get_post( $post_id, ARRAY_A ); if ( ! $actual_post ) { // No such post = resource not found. return $this->pingback_error( 32, __( 'The specified target URL does not exist.' ) ); } $comments = $wpdb->get_results( $wpdb->prepare( "SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_id ) ); if ( ! $comments ) { return array(); } $pingbacks = array(); foreach ( $comments as $comment ) { if ( 'pingback' === $comment->comment_type ) { $pingbacks[] = $comment->comment_author_url; } } return $pingbacks; } /** * Sends a pingback error based on the given error code and message. * * @since 3.6.0 * * @param int $code Error code. * @param string $message Error message. * @return IXR_Error Error object. */ protected function pingback_error( $code, $message ) { /** * Filters the XML-RPC pingback error return. * * @since 3.5.1 * * @param IXR_Error $error An IXR_Error object containing the error code and message. */ return apply_filters( 'xmlrpc_pingback_error', new IXR_Error( $code, $message ) ); } } https-detection-20260606052425.php 0000666 00000013341 15225624212 0011767 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605225728.php 0000666 00000011205 15225624212 0012006 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } class-wp-block-parser-frame.php 0000666 00000003741 15225624212 0012472 0 ustar 00 <?php /** * Block Serialization Parser * * @package WordPress */ /** * Class WP_Block_Parser_Frame * * Holds partial blocks in memory while parsing * * @internal * @since 5.0.0 */ class WP_Block_Parser_Frame { /** * Full or partial block * * @since 5.0.0 * @var WP_Block_Parser_Block */ public $block; /** * Byte offset into document for start of parse token * * @since 5.0.0 * @var int */ public $token_start; /** * Byte length of entire parse token string * * @since 5.0.0 * @var int */ public $token_length; /** * Byte offset into document for after parse token ends * (used during reconstruction of stack into parse production) * * @since 5.0.0 * @var int */ public $prev_offset; /** * Byte offset into document where leading HTML before token starts * * @since 5.0.0 * @var int */ public $leading_html_start; /** * Constructor * * Will populate object properties from the provided arguments. * * @since 5.0.0 * * @param WP_Block_Parser_Block $block Full or partial block. * @param int $token_start Byte offset into document for start of parse token. * @param int $token_length Byte length of entire parse token string. * @param int|null $prev_offset Optional. Byte offset into document for after parse token ends. Default null. * @param int|null $leading_html_start Optional. Byte offset into document where leading HTML before token starts. * Default null. */ public function __construct( $block, $token_start, $token_length, $prev_offset = null, $leading_html_start = null ) { $this->block = $block; $this->token_start = $token_start; $this->token_length = $token_length; $this->prev_offset = isset( $prev_offset ) ? $prev_offset : $token_start + $token_length; $this->leading_html_start = $leading_html_start; } } block-template-utils.php 0000666 00000172024 15225624212 0011331 0 ustar 00 <?php /** * Utilities used to fetch and create templates and template parts. * * @package WordPress * @since 5.8.0 */ // Define constants for supported wp_template_part_area taxonomy. if ( ! defined( 'WP_TEMPLATE_PART_AREA_HEADER' ) ) { define( 'WP_TEMPLATE_PART_AREA_HEADER', 'header' ); } if ( ! defined( 'WP_TEMPLATE_PART_AREA_FOOTER' ) ) { define( 'WP_TEMPLATE_PART_AREA_FOOTER', 'footer' ); } if ( ! defined( 'WP_TEMPLATE_PART_AREA_SIDEBAR' ) ) { define( 'WP_TEMPLATE_PART_AREA_SIDEBAR', 'sidebar' ); } if ( ! defined( 'WP_TEMPLATE_PART_AREA_UNCATEGORIZED' ) ) { define( 'WP_TEMPLATE_PART_AREA_UNCATEGORIZED', 'uncategorized' ); } /** * For backward compatibility reasons, * block themes might be using block-templates or block-template-parts, * this function ensures we fallback to these folders properly. * * @since 5.9.0 * * @param string $theme_stylesheet The stylesheet. Default is to leverage the main theme root. * * @return string[] { * Folder names used by block themes. * * @type string $wp_template Theme-relative directory name for block templates. * @type string $wp_template_part Theme-relative directory name for block template parts. * } */ function get_block_theme_folders( $theme_stylesheet = null ) { $theme = wp_get_theme( (string) $theme_stylesheet ); if ( ! $theme->exists() ) { // Return the default folders if the theme doesn't exist. return array( 'wp_template' => 'templates', 'wp_template_part' => 'parts', ); } return $theme->get_block_template_folders(); } /** * Returns a filtered list of allowed area values for template parts. * * @since 5.9.0 * * @return array[] { * The allowed template part area values. * * @type array ...$0 { * Data for the allowed template part area. * * @type string $area Template part area name. * @type string $label Template part area label. * @type string $description Template part area description. * @type string $icon Template part area icon. * @type string $area_tag Template part area tag. * } * } */ function get_allowed_block_template_part_areas() { $default_area_definitions = array( array( 'area' => WP_TEMPLATE_PART_AREA_UNCATEGORIZED, 'label' => _x( 'General', 'template part area' ), 'description' => __( 'General templates often perform a specific role like displaying post content, and are not tied to any particular area.' ), 'icon' => 'layout', 'area_tag' => 'div', ), array( 'area' => WP_TEMPLATE_PART_AREA_HEADER, 'label' => _x( 'Header', 'template part area' ), 'description' => __( 'The Header template defines a page area that typically contains a title, logo, and main navigation.' ), 'icon' => 'header', 'area_tag' => 'header', ), array( 'area' => WP_TEMPLATE_PART_AREA_FOOTER, 'label' => _x( 'Footer', 'template part area' ), 'description' => __( 'The Footer template defines a page area that typically contains site credits, social links, or any other combination of blocks.' ), 'icon' => 'footer', 'area_tag' => 'footer', ), ); /** * Filters the list of allowed template part area values. * * @since 5.9.0 * * @param array[] $default_area_definitions { * The allowed template part area values. * * @type array ...$0 { * Data for the template part area. * * @type string $area Template part area name. * @type string $label Template part area label. * @type string $description Template part area description. * @type string $icon Template part area icon. * @type string $area_tag Template part area tag. * } * } */ return apply_filters( 'default_wp_template_part_areas', $default_area_definitions ); } /** * Returns a filtered list of default template types, containing their * localized titles and descriptions. * * @since 5.9.0 * * @return array[] { * The default template types. * * @type array ...$0 { * Data for the template type. * * @type string $title Template type title. * @type string $description Template type description. * } * } */ function get_default_block_template_types() { $default_template_types = array( 'index' => array( 'title' => _x( 'Index', 'Template name' ), 'description' => __( 'Used as a fallback template for all pages when a more specific template is not defined.' ), ), 'home' => array( 'title' => _x( 'Blog Home', 'Template name' ), 'description' => __( 'Displays the latest posts as either the site homepage or as the "Posts page" as defined under reading settings. If it exists, the Front Page template overrides this template when posts are shown on the homepage.' ), ), 'front-page' => array( 'title' => _x( 'Front Page', 'Template name' ), 'description' => __( 'Displays your site\'s homepage, whether it is set to display latest posts or a static page. The Front Page template takes precedence over all templates.' ), ), 'singular' => array( 'title' => _x( 'Single Entries', 'Template name' ), 'description' => __( 'Displays any single entry, such as a post or a page. This template will serve as a fallback when a more specific template (e.g. Single Post, Page, or Attachment) cannot be found.' ), ), 'single' => array( 'title' => _x( 'Single Posts', 'Template name' ), 'description' => __( 'Displays a single post on your website unless a custom template has been applied to that post or a dedicated template exists.' ), ), 'page' => array( 'title' => _x( 'Pages', 'Template name' ), 'description' => __( 'Displays a static page unless a custom template has been applied to that page or a dedicated template exists.' ), ), 'archive' => array( 'title' => _x( 'All Archives', 'Template name' ), 'description' => __( 'Displays any archive, including posts by a single author, category, tag, taxonomy, custom post type, and date. This template will serve as a fallback when more specific templates (e.g. Category or Tag) cannot be found.' ), ), 'author' => array( 'title' => _x( 'Author Archives', 'Template name' ), 'description' => __( 'Displays a single author\'s post archive. This template will serve as a fallback when a more specific template (e.g. Author: Admin) cannot be found.' ), ), 'category' => array( 'title' => _x( 'Category Archives', 'Template name' ), 'description' => __( 'Displays a post category archive. This template will serve as a fallback when a more specific template (e.g. Category: Recipes) cannot be found.' ), ), 'taxonomy' => array( 'title' => _x( 'Taxonomy', 'Template name' ), 'description' => __( 'Displays a custom taxonomy archive. Like categories and tags, taxonomies have terms which you use to classify things. For example: a taxonomy named "Art" can have multiple terms, such as "Modern" and "18th Century." This template will serve as a fallback when a more specific template (e.g. Taxonomy: Art) cannot be found.' ), ), 'date' => array( 'title' => _x( 'Date Archives', 'Template name' ), 'description' => __( 'Displays a post archive when a specific date is visited (e.g., example.com/2023/).' ), ), 'tag' => array( 'title' => _x( 'Tag Archives', 'Template name' ), 'description' => __( 'Displays a post tag archive. This template will serve as a fallback when a more specific template (e.g. Tag: Pizza) cannot be found.' ), ), 'attachment' => array( 'title' => __( 'Attachment Pages' ), 'description' => __( 'Displays when a visitor views the dedicated page that exists for any media attachment.' ), ), 'search' => array( 'title' => _x( 'Search Results', 'Template name' ), 'description' => __( 'Displays when a visitor performs a search on your website.' ), ), 'privacy-policy' => array( 'title' => __( 'Privacy Policy' ), 'description' => __( 'Displays your site\'s Privacy Policy page.' ), ), '404' => array( 'title' => _x( 'Page: 404', 'Template name' ), 'description' => __( 'Displays when a visitor views a non-existent page, such as a dead link or a mistyped URL.' ), ), ); // Add a title and description to post format templates. $post_formats = get_post_format_strings(); foreach ( $post_formats as $post_format_slug => $post_format_name ) { $default_template_types[ 'taxonomy-post_format-post-format-' . $post_format_slug ] = array( 'title' => sprintf( /* translators: %s: Post format name. */ _x( 'Post Format: %s', 'Template name' ), $post_format_name ), 'description' => sprintf( /* translators: %s: Post format name. */ __( 'Displays the %s post format archive.' ), $post_format_name ), ); } /** * Filters the list of default template types. * * @since 5.9.0 * * @param array[] $default_template_types { * The default template types. * * @type array ...$0 { * Data for the template type. * * @type string $title Template type title. * @type string $description Template type description. * } * } */ return apply_filters( 'default_template_types', $default_template_types ); } /** * Checks whether the input 'area' is a supported value. * Returns the input if supported, otherwise returns the 'uncategorized' value. * * @since 5.9.0 * @access private * * @param string $type Template part area name. * @return string Input if supported, else the uncategorized value. */ function _filter_block_template_part_area( $type ) { $allowed_areas = array_map( static function ( $item ) { return $item['area']; }, get_allowed_block_template_part_areas() ); if ( in_array( $type, $allowed_areas, true ) ) { return $type; } $warning_message = sprintf( /* translators: %1$s: Template area type, %2$s: the uncategorized template area value. */ __( '"%1$s" is not a supported wp_template_part area value and has been added as "%2$s".' ), $type, WP_TEMPLATE_PART_AREA_UNCATEGORIZED ); wp_trigger_error( __FUNCTION__, $warning_message ); return WP_TEMPLATE_PART_AREA_UNCATEGORIZED; } /** * Finds all nested template part file paths in a theme's directory. * * @since 5.9.0 * @access private * * @param string $base_directory The theme's file path. * @return string[] A list of paths to all template part files. */ function _get_block_templates_paths( $base_directory ) { static $template_path_list = array(); if ( isset( $template_path_list[ $base_directory ] ) ) { return $template_path_list[ $base_directory ]; } $path_list = array(); if ( is_dir( $base_directory ) ) { $nested_files = new RecursiveIteratorIterator( new RecursiveDirectoryIterator( $base_directory ) ); $nested_html_files = new RegexIterator( $nested_files, '/^.+\.html$/i', RecursiveRegexIterator::GET_MATCH ); foreach ( $nested_html_files as $path => $file ) { $path_list[] = $path; } } $template_path_list[ $base_directory ] = $path_list; return $path_list; } /** * Retrieves the template file from the theme for a given slug. * * @since 5.9.0 * @access private * * @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'. * @param string $slug Template slug. * @return array|null { * Array with template metadata if $template_type is one of 'wp_template' or 'wp_template_part', * null otherwise. * * @type string $slug Template slug. * @type string $path Template file path. * @type string $theme Theme slug. * @type string $type Template type. * @type string $area Template area. Only for 'wp_template_part'. * @type string $title Optional. Template title. * @type string[] $postTypes Optional. List of post types that the template supports. Only for 'wp_template'. * } */ function _get_block_template_file( $template_type, $slug ) { if ( 'wp_template' !== $template_type && 'wp_template_part' !== $template_type ) { return null; } $themes = array( get_stylesheet() => get_stylesheet_directory(), get_template() => get_template_directory(), ); foreach ( $themes as $theme_slug => $theme_dir ) { $template_base_paths = get_block_theme_folders( $theme_slug ); $file_path = $theme_dir . '/' . $template_base_paths[ $template_type ] . '/' . $slug . '.html'; if ( file_exists( $file_path ) ) { $new_template_item = array( 'slug' => $slug, 'path' => $file_path, 'theme' => $theme_slug, 'type' => $template_type, ); if ( 'wp_template_part' === $template_type ) { return _add_block_template_part_area_info( $new_template_item ); } // If it's not a `wp_template_part`, it must be a `wp_template`. return _add_block_template_info( $new_template_item ); } } return null; } /** * Retrieves the template files from the theme. * * @since 5.9.0 * @since 6.3.0 Added the `$query` parameter. * @access private * * @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'. * @param array $query { * Arguments to retrieve templates. Optional, empty by default. * * @type string[] $slug__in List of slugs to include. * @type string[] $slug__not_in List of slugs to skip. * @type string $area A 'wp_template_part_area' taxonomy value to filter by (for 'wp_template_part' template type only). * @type string $post_type Post type to get the templates for. * } * * @return array|null Template files on success, null if `$template_type` is not matched. */ function _get_block_templates_files( $template_type, $query = array() ) { if ( 'wp_template' !== $template_type && 'wp_template_part' !== $template_type ) { return null; } $default_template_types = array(); if ( 'wp_template' === $template_type ) { $default_template_types = get_default_block_template_types(); } // Prepare metadata from $query. $slugs_to_include = isset( $query['slug__in'] ) ? $query['slug__in'] : array(); $slugs_to_skip = isset( $query['slug__not_in'] ) ? $query['slug__not_in'] : array(); $area = isset( $query['area'] ) ? $query['area'] : null; $post_type = isset( $query['post_type'] ) ? $query['post_type'] : ''; $stylesheet = get_stylesheet(); $template = get_template(); $themes = array( $stylesheet => get_stylesheet_directory(), ); // Add the parent theme if it's not the same as the current theme. if ( $stylesheet !== $template ) { $themes[ $template ] = get_template_directory(); } $template_files = array(); foreach ( $themes as $theme_slug => $theme_dir ) { $template_base_paths = get_block_theme_folders( $theme_slug ); $theme_template_files = _get_block_templates_paths( $theme_dir . '/' . $template_base_paths[ $template_type ] ); foreach ( $theme_template_files as $template_file ) { $template_base_path = $template_base_paths[ $template_type ]; $template_slug = substr( $template_file, // Starting position of slug. strpos( $template_file, $template_base_path . DIRECTORY_SEPARATOR ) + 1 + strlen( $template_base_path ), // Subtract ending '.html'. -5 ); // Skip this item if its slug doesn't match any of the slugs to include. if ( ! empty( $slugs_to_include ) && ! in_array( $template_slug, $slugs_to_include, true ) ) { continue; } // Skip this item if its slug matches any of the slugs to skip. if ( ! empty( $slugs_to_skip ) && in_array( $template_slug, $slugs_to_skip, true ) ) { continue; } /* * The child theme items (stylesheet) are processed before the parent theme's (template). * If a child theme defines a template, prevent the parent template from being added to the list as well. */ if ( isset( $template_files[ $template_slug ] ) ) { continue; } $new_template_item = array( 'slug' => $template_slug, 'path' => $template_file, 'theme' => $theme_slug, 'type' => $template_type, ); if ( 'wp_template_part' === $template_type ) { $candidate = _add_block_template_part_area_info( $new_template_item ); if ( ! isset( $area ) || $area === $candidate['area'] ) { $template_files[ $template_slug ] = $candidate; } } if ( 'wp_template' === $template_type ) { $candidate = _add_block_template_info( $new_template_item ); $is_custom = ! isset( $default_template_types[ $candidate['slug'] ] ); if ( ! $post_type || ( $post_type && isset( $candidate['postTypes'] ) && in_array( $post_type, $candidate['postTypes'], true ) ) ) { $template_files[ $template_slug ] = $candidate; } // The custom templates with no associated post types are available for all post types. if ( $post_type && ! isset( $candidate['postTypes'] ) && $is_custom ) { $template_files[ $template_slug ] = $candidate; } } } } return array_values( $template_files ); } /** * Attempts to add custom template information to the template item. * * @since 5.9.0 * @access private * * @param array $template_item Template to add information to (requires 'slug' field). * @return array Template item. */ function _add_block_template_info( $template_item ) { if ( ! wp_theme_has_theme_json() ) { return $template_item; } $theme_data = wp_get_theme_data_custom_templates(); if ( isset( $theme_data[ $template_item['slug'] ] ) ) { $template_item['title'] = $theme_data[ $template_item['slug'] ]['title']; $template_item['postTypes'] = $theme_data[ $template_item['slug'] ]['postTypes']; } return $template_item; } /** * Attempts to add the template part's area information to the input template. * * @since 5.9.0 * @access private * * @param array $template_info Template to add information to (requires 'type' and 'slug' fields). * @return array Template info. */ function _add_block_template_part_area_info( $template_info ) { if ( wp_theme_has_theme_json() ) { $theme_data = wp_get_theme_data_template_parts(); } if ( isset( $theme_data[ $template_info['slug'] ]['area'] ) ) { $template_info['title'] = $theme_data[ $template_info['slug'] ]['title']; $template_info['area'] = _filter_block_template_part_area( $theme_data[ $template_info['slug'] ]['area'] ); } else { $template_info['area'] = WP_TEMPLATE_PART_AREA_UNCATEGORIZED; } return $template_info; } /** * Returns an array containing the references of * the passed blocks and their inner blocks. * * @since 5.9.0 * @access private * * @param array $blocks array of blocks. * @return array block references to the passed blocks and their inner blocks. */ function _flatten_blocks( &$blocks ) { $all_blocks = array(); $queue = array(); foreach ( $blocks as &$block ) { $queue[] = &$block; } while ( count( $queue ) > 0 ) { $block = &$queue[0]; array_shift( $queue ); $all_blocks[] = &$block; if ( ! empty( $block['innerBlocks'] ) ) { foreach ( $block['innerBlocks'] as &$inner_block ) { $queue[] = &$inner_block; } } } return $all_blocks; } /** * Injects the active theme's stylesheet as a `theme` attribute * into a given template part block. * * @since 6.4.0 * @access private * * @param array $block a parsed block. */ function _inject_theme_attribute_in_template_part_block( &$block ) { if ( 'core/template-part' === $block['blockName'] && ! isset( $block['attrs']['theme'] ) ) { $block['attrs']['theme'] = get_stylesheet(); } } /** * Removes the `theme` attribute from a given template part block. * * @since 6.4.0 * @access private * * @param array $block a parsed block. */ function _remove_theme_attribute_from_template_part_block( &$block ) { if ( 'core/template-part' === $block['blockName'] && isset( $block['attrs']['theme'] ) ) { unset( $block['attrs']['theme'] ); } } /** * Builds a unified template object based on a theme file. * * @since 5.9.0 * @since 6.3.0 Added `modified` property to template objects. * @access private * * @param array $template_file Theme file. * @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'. * @return WP_Block_Template Template. */ function _build_block_template_result_from_file( $template_file, $template_type ) { $default_template_types = get_default_block_template_types(); $theme = get_stylesheet(); $template = new WP_Block_Template(); $template->id = $theme . '//' . $template_file['slug']; $template->theme = $theme; $template->content = file_get_contents( $template_file['path'] ); $template->slug = $template_file['slug']; $template->source = 'theme'; $template->type = $template_type; $template->title = ! empty( $template_file['title'] ) ? $template_file['title'] : $template_file['slug']; $template->status = 'publish'; $template->has_theme_file = true; $template->is_custom = true; $template->modified = null; if ( 'wp_template' === $template_type ) { $registered_template = WP_Block_Templates_Registry::get_instance()->get_by_slug( $template_file['slug'] ); if ( $registered_template ) { $template->plugin = $registered_template->plugin; $template->title = empty( $template->title ) || $template->title === $template->slug ? $registered_template->title : $template->title; $template->description = empty( $template->description ) ? $registered_template->description : $template->description; } } if ( 'wp_template' === $template_type && isset( $default_template_types[ $template_file['slug'] ] ) ) { $template->description = $default_template_types[ $template_file['slug'] ]['description']; $template->title = $default_template_types[ $template_file['slug'] ]['title']; $template->is_custom = false; } if ( 'wp_template' === $template_type && isset( $template_file['postTypes'] ) ) { $template->post_types = $template_file['postTypes']; } if ( 'wp_template_part' === $template_type && isset( $template_file['area'] ) ) { $template->area = $template_file['area']; } if ( 'wp_template_part' === $template->type ) { /* * In order for hooked blocks to be inserted at positions first_child and last_child in a template part, * we need to wrap its content a mock template part block and traverse it. */ $content = get_comment_delimited_block_content( 'core/template-part', array(), $template->content ); $content = apply_block_hooks_to_content( $content, $template, 'insert_hooked_blocks_and_set_ignored_hooked_blocks_metadata' ); $template->content = remove_serialized_parent_block( $content ); } else { $template->content = apply_block_hooks_to_content( $template->content, $template, 'insert_hooked_blocks_and_set_ignored_hooked_blocks_metadata' ); } return $template; } /** * Builds the title and description of a post-specific template based on the underlying referenced post. * * Mutates the underlying template object. * * @since 6.1.0 * @access private * * @param string $post_type Post type, e.g. page, post, product. * @param string $slug Slug of the post, e.g. a-story-about-shoes. * @param WP_Block_Template $template Template to mutate adding the description and title computed. * @return bool Returns true if the referenced post was found and false otherwise. */ function _wp_build_title_and_description_for_single_post_type_block_template( $post_type, $slug, WP_Block_Template $template ) { $post_type_object = get_post_type_object( $post_type ); $default_args = array( 'post_type' => $post_type, 'post_status' => 'publish', 'posts_per_page' => 1, 'update_post_meta_cache' => false, 'update_post_term_cache' => false, 'ignore_sticky_posts' => true, 'no_found_rows' => true, ); $args = array( 'name' => $slug, ); $args = wp_parse_args( $args, $default_args ); $posts_query = new WP_Query( $args ); if ( empty( $posts_query->posts ) ) { $template->title = sprintf( /* translators: Custom template title in the Site Editor referencing a post that was not found. 1: Post type singular name, 2: Post type slug. */ __( 'Not found: %1$s (%2$s)' ), $post_type_object->labels->singular_name, $slug ); return false; } $post_title = $posts_query->posts[0]->post_title; $template->title = sprintf( /* translators: Custom template title in the Site Editor. 1: Post type singular name, 2: Post title. */ __( '%1$s: %2$s' ), $post_type_object->labels->singular_name, $post_title ); $template->description = sprintf( /* translators: Custom template description in the Site Editor. %s: Post title. */ __( 'Template for %s' ), $post_title ); $args = array( 'title' => $post_title, ); $args = wp_parse_args( $args, $default_args ); $posts_with_same_title_query = new WP_Query( $args ); if ( count( $posts_with_same_title_query->posts ) > 1 ) { $template->title = sprintf( /* translators: Custom template title in the Site Editor. 1: Template title, 2: Post type slug. */ __( '%1$s (%2$s)' ), $template->title, $slug ); } return true; } /** * Builds the title and description of a taxonomy-specific template based on the underlying entity referenced. * * Mutates the underlying template object. * * @since 6.1.0 * @access private * * @param string $taxonomy Identifier of the taxonomy, e.g. category. * @param string $slug Slug of the term, e.g. shoes. * @param WP_Block_Template $template Template to mutate adding the description and title computed. * @return bool True if the term referenced was found and false otherwise. */ function _wp_build_title_and_description_for_taxonomy_block_template( $taxonomy, $slug, WP_Block_Template $template ) { $taxonomy_object = get_taxonomy( $taxonomy ); $default_args = array( 'taxonomy' => $taxonomy, 'hide_empty' => false, 'update_term_meta_cache' => false, ); $term_query = new WP_Term_Query(); $args = array( 'number' => 1, 'slug' => $slug, ); $args = wp_parse_args( $args, $default_args ); $terms_query = $term_query->query( $args ); if ( empty( $terms_query ) ) { $template->title = sprintf( /* translators: Custom template title in the Site Editor, referencing a taxonomy term that was not found. 1: Taxonomy singular name, 2: Term slug. */ __( 'Not found: %1$s (%2$s)' ), $taxonomy_object->labels->singular_name, $slug ); return false; } $term_title = $terms_query[0]->name; $template->title = sprintf( /* translators: Custom template title in the Site Editor. 1: Taxonomy singular name, 2: Term title. */ __( '%1$s: %2$s' ), $taxonomy_object->labels->singular_name, $term_title ); $template->description = sprintf( /* translators: Custom template description in the Site Editor. %s: Term title. */ __( 'Template for %s' ), $term_title ); $term_query = new WP_Term_Query(); $args = array( 'number' => 2, 'name' => $term_title, ); $args = wp_parse_args( $args, $default_args ); $terms_with_same_title_query = $term_query->query( $args ); if ( count( $terms_with_same_title_query ) > 1 ) { $template->title = sprintf( /* translators: Custom template title in the Site Editor. 1: Template title, 2: Term slug. */ __( '%1$s (%2$s)' ), $template->title, $slug ); } return true; } /** * Builds a block template object from a post object. * * This is a helper function that creates a block template object from a given post object. * It is self-sufficient in that it only uses information passed as arguments; it does not * query the database for additional information. * * @since 6.5.3 * @access private * * @param WP_Post $post Template post. * @param array $terms Additional terms to inform the template object. * @param array $meta Additional meta fields to inform the template object. * @return WP_Block_Template|WP_Error Template or error object. */ function _build_block_template_object_from_post_object( $post, $terms = array(), $meta = array() ) { if ( empty( $terms['wp_theme'] ) ) { return new WP_Error( 'template_missing_theme', __( 'No theme is defined for this template.' ) ); } $theme = $terms['wp_theme']; $default_template_types = get_default_block_template_types(); $template_file = _get_block_template_file( $post->post_type, $post->post_name ); $has_theme_file = get_stylesheet() === $theme && null !== $template_file; $template = new WP_Block_Template(); $template->wp_id = $post->ID; $template->id = $theme . '//' . $post->post_name; $template->theme = $theme; $template->content = $post->post_content; $template->slug = $post->post_name; $template->source = 'custom'; $template->origin = ! empty( $meta['origin'] ) ? $meta['origin'] : null; $template->type = $post->post_type; $template->description = $post->post_excerpt; $template->title = $post->post_title; $template->status = $post->post_status; $template->has_theme_file = $has_theme_file; $template->is_custom = empty( $meta['is_wp_suggestion'] ); $template->author = $post->post_author; $template->modified = $post->post_modified; if ( 'wp_template' === $post->post_type && $has_theme_file && isset( $template_file['postTypes'] ) ) { $template->post_types = $template_file['postTypes']; } if ( 'wp_template' === $post->post_type && isset( $default_template_types[ $template->slug ] ) ) { $template->is_custom = false; } if ( 'wp_template_part' === $post->post_type && isset( $terms['wp_template_part_area'] ) ) { $template->area = $terms['wp_template_part_area']; } return $template; } /** * Builds a unified template object based a post Object. * * @since 5.9.0 * @since 6.3.0 Added `modified` property to template objects. * @since 6.4.0 Added support for a revision post to be passed to this function. * @access private * * @param WP_Post $post Template post. * @return WP_Block_Template|WP_Error Template or error object. */ function _build_block_template_result_from_post( $post ) { $post_id = wp_is_post_revision( $post ); if ( ! $post_id ) { $post_id = $post; } $parent_post = get_post( $post_id ); $post->post_name = $parent_post->post_name; $post->post_type = $parent_post->post_type; $terms = get_the_terms( $parent_post, 'wp_theme' ); if ( is_wp_error( $terms ) ) { return $terms; } if ( ! $terms ) { return new WP_Error( 'template_missing_theme', __( 'No theme is defined for this template.' ) ); } $terms = array( 'wp_theme' => $terms[0]->name, ); if ( 'wp_template_part' === $parent_post->post_type ) { $type_terms = get_the_terms( $parent_post, 'wp_template_part_area' ); if ( ! is_wp_error( $type_terms ) && false !== $type_terms ) { $terms['wp_template_part_area'] = $type_terms[0]->name; } } $meta = array( 'origin' => get_post_meta( $parent_post->ID, 'origin', true ), 'is_wp_suggestion' => get_post_meta( $parent_post->ID, 'is_wp_suggestion', true ), ); $template = _build_block_template_object_from_post_object( $post, $terms, $meta ); if ( is_wp_error( $template ) ) { return $template; } // Check for a block template without a description and title or with a title equal to the slug. if ( 'wp_template' === $parent_post->post_type && empty( $template->description ) && ( empty( $template->title ) || $template->title === $template->slug ) ) { $matches = array(); // Check for a block template for a single author, page, post, tag, category, custom post type, or custom taxonomy. if ( preg_match( '/(author|page|single|tag|category|taxonomy)-(.+)/', $template->slug, $matches ) ) { $type = $matches[1]; $slug_remaining = $matches[2]; switch ( $type ) { case 'author': $nice_name = $slug_remaining; $users = get_users( array( 'capability' => 'edit_posts', 'search' => $nice_name, 'search_columns' => array( 'user_nicename' ), 'fields' => 'display_name', ) ); if ( empty( $users ) ) { $template->title = sprintf( /* translators: Custom template title in the Site Editor, referencing a deleted author. %s: Author nicename. */ __( 'Deleted author: %s' ), $nice_name ); } else { $author_name = $users[0]; $template->title = sprintf( /* translators: Custom template title in the Site Editor. %s: Author name. */ __( 'Author: %s' ), $author_name ); $template->description = sprintf( /* translators: Custom template description in the Site Editor. %s: Author name. */ __( 'Template for %s' ), $author_name ); $users_with_same_name = get_users( array( 'capability' => 'edit_posts', 'search' => $author_name, 'search_columns' => array( 'display_name' ), 'fields' => 'display_name', ) ); if ( count( $users_with_same_name ) > 1 ) { $template->title = sprintf( /* translators: Custom template title in the Site Editor. 1: Template title of an author template, 2: Author nicename. */ __( '%1$s (%2$s)' ), $template->title, $nice_name ); } } break; case 'page': _wp_build_title_and_description_for_single_post_type_block_template( 'page', $slug_remaining, $template ); break; case 'single': $post_types = get_post_types(); foreach ( $post_types as $post_type ) { $post_type_length = strlen( $post_type ) + 1; // If $slug_remaining starts with $post_type followed by a hyphen. if ( 0 === strncmp( $slug_remaining, $post_type . '-', $post_type_length ) ) { $slug = substr( $slug_remaining, $post_type_length, strlen( $slug_remaining ) ); $found = _wp_build_title_and_description_for_single_post_type_block_template( $post_type, $slug, $template ); if ( $found ) { break; } } } break; case 'tag': _wp_build_title_and_description_for_taxonomy_block_template( 'post_tag', $slug_remaining, $template ); break; case 'category': _wp_build_title_and_description_for_taxonomy_block_template( 'category', $slug_remaining, $template ); break; case 'taxonomy': $taxonomies = get_taxonomies(); foreach ( $taxonomies as $taxonomy ) { $taxonomy_length = strlen( $taxonomy ) + 1; // If $slug_remaining starts with $taxonomy followed by a hyphen. if ( 0 === strncmp( $slug_remaining, $taxonomy . '-', $taxonomy_length ) ) { $slug = substr( $slug_remaining, $taxonomy_length, strlen( $slug_remaining ) ); $found = _wp_build_title_and_description_for_taxonomy_block_template( $taxonomy, $slug, $template ); if ( $found ) { break; } } } break; } } } if ( 'wp_template' === $post->post_type ) { $registered_template = WP_Block_Templates_Registry::get_instance()->get_by_slug( $template->slug ); if ( $registered_template ) { $template->plugin = $registered_template->plugin; $template->origin = 'theme' !== $template->origin && 'theme' !== $template->source ? 'plugin' : $template->origin; $template->title = empty( $template->title ) || $template->title === $template->slug ? $registered_template->title : $template->title; $template->description = empty( $template->description ) ? $registered_template->description : $template->description; } } if ( 'wp_template_part' === $template->type ) { $existing_ignored_hooked_blocks = get_post_meta( $post->ID, '_wp_ignored_hooked_blocks', true ); $attributes = ! empty( $existing_ignored_hooked_blocks ) ? array( 'metadata' => array( 'ignoredHookedBlocks' => json_decode( $existing_ignored_hooked_blocks, true ) ) ) : array(); /* * In order for hooked blocks to be inserted at positions first_child and last_child in a template part, * we need to wrap its content a mock template part block and traverse it. */ $content = get_comment_delimited_block_content( 'core/template-part', $attributes, $template->content ); $content = apply_block_hooks_to_content( $content, $template, 'insert_hooked_blocks_and_set_ignored_hooked_blocks_metadata' ); $template->content = remove_serialized_parent_block( $content ); } else { $template->content = apply_block_hooks_to_content( $template->content, $template, 'insert_hooked_blocks_and_set_ignored_hooked_blocks_metadata' ); } return $template; } /** * Retrieves a list of unified template objects based on a query. * * @since 5.8.0 * * @param array $query { * Optional. Arguments to retrieve templates. * * @type string[] $slug__in List of slugs to include. * @type int $wp_id Post ID of customized template. * @type string $area A 'wp_template_part_area' taxonomy value to filter by (for 'wp_template_part' template type only). * @type string $post_type Post type to get the templates for. * } * @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'. * @return WP_Block_Template[] Array of block templates. */ function get_block_templates( $query = array(), $template_type = 'wp_template' ) { /** * Filters the block templates array before the query takes place. * * Return a non-null value to bypass the WordPress queries. * * @since 5.9.0 * * @param WP_Block_Template[]|null $block_templates Return an array of block templates to short-circuit the default query, * or null to allow WP to run its normal queries. * @param array $query { * Arguments to retrieve templates. All arguments are optional. * * @type string[] $slug__in List of slugs to include. * @type int $wp_id Post ID of customized template. * @type string $area A 'wp_template_part_area' taxonomy value to filter by (for 'wp_template_part' template type only). * @type string $post_type Post type to get the templates for. * } * @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'. */ $templates = apply_filters( 'pre_get_block_templates', null, $query, $template_type ); if ( ! is_null( $templates ) ) { return $templates; } $post_type = isset( $query['post_type'] ) ? $query['post_type'] : ''; $wp_query_args = array( 'post_status' => array( 'auto-draft', 'draft', 'publish' ), 'post_type' => $template_type, 'posts_per_page' => -1, 'no_found_rows' => true, 'lazy_load_term_meta' => false, 'tax_query' => array( array( 'taxonomy' => 'wp_theme', 'field' => 'name', 'terms' => get_stylesheet(), ), ), ); if ( 'wp_template_part' === $template_type && isset( $query['area'] ) ) { $wp_query_args['tax_query'][] = array( 'taxonomy' => 'wp_template_part_area', 'field' => 'name', 'terms' => $query['area'], ); $wp_query_args['tax_query']['relation'] = 'AND'; } if ( ! empty( $query['slug__in'] ) ) { $wp_query_args['post_name__in'] = $query['slug__in']; $wp_query_args['posts_per_page'] = count( array_unique( $query['slug__in'] ) ); } // This is only needed for the regular templates/template parts post type listing and editor. if ( isset( $query['wp_id'] ) ) { $wp_query_args['p'] = $query['wp_id']; } else { $wp_query_args['post_status'] = 'publish'; } $template_query = new WP_Query( $wp_query_args ); $query_result = array(); foreach ( $template_query->posts as $post ) { $template = _build_block_template_result_from_post( $post ); if ( is_wp_error( $template ) ) { continue; } if ( $post_type && ! $template->is_custom ) { continue; } if ( $post_type && isset( $template->post_types ) && ! in_array( $post_type, $template->post_types, true ) ) { continue; } $query_result[] = $template; } if ( ! isset( $query['wp_id'] ) ) { /* * If the query has found some user templates, those have priority * over the theme-provided ones, so we skip querying and building them. */ $query['slug__not_in'] = wp_list_pluck( $query_result, 'slug' ); /* * We need to unset the post_type query param because some templates * would be excluded otherwise, like `page.html` when looking for * `page` templates. We need all templates so we can exclude duplicates * from plugin-registered templates. * See: https://github.com/WordPress/gutenberg/issues/65584 */ $template_files_query = $query; unset( $template_files_query['post_type'] ); $template_files = _get_block_templates_files( $template_type, $template_files_query ); foreach ( $template_files as $template_file ) { // If the query doesn't specify a post type, or it does and the template matches the post type, add it. if ( ! isset( $query['post_type'] ) || ( isset( $template_file['postTypes'] ) && in_array( $query['post_type'], $template_file['postTypes'], true ) ) ) { $query_result[] = _build_block_template_result_from_file( $template_file, $template_type ); } elseif ( ! isset( $template_file['postTypes'] ) ) { // The custom templates with no associated post types are available for all post types as long // as they are not default templates. $candidate = _build_block_template_result_from_file( $template_file, $template_type ); $default_template_types = get_default_block_template_types(); if ( ! isset( $default_template_types[ $candidate->slug ] ) ) { $query_result[] = $candidate; } } } if ( 'wp_template' === $template_type ) { // Add templates registered in the template registry. Filtering out the ones which have a theme file. $registered_templates = WP_Block_Templates_Registry::get_instance()->get_by_query( $query ); $matching_registered_templates = array_filter( $registered_templates, function ( $registered_template ) use ( $template_files ) { foreach ( $template_files as $template_file ) { if ( $template_file['slug'] === $registered_template->slug ) { return false; } } return true; } ); $matching_registered_templates = array_map( function ( $template ) { $template->content = apply_block_hooks_to_content( $template->content, $template, 'insert_hooked_blocks_and_set_ignored_hooked_blocks_metadata' ); return $template; }, $matching_registered_templates ); $query_result = array_merge( $query_result, $matching_registered_templates ); } } /** * Filters the array of queried block templates array after they've been fetched. * * @since 5.9.0 * * @param WP_Block_Template[] $query_result Array of found block templates. * @param array $query { * Arguments to retrieve templates. All arguments are optional. * * @type string[] $slug__in List of slugs to include. * @type int $wp_id Post ID of customized template. * @type string $area A 'wp_template_part_area' taxonomy value to filter by (for 'wp_template_part' template type only). * @type string $post_type Post type to get the templates for. * } * @param string $template_type wp_template or wp_template_part. */ return apply_filters( 'get_block_templates', $query_result, $query, $template_type ); } /** * Retrieves a single unified template object using its id. * * @since 5.8.0 * * @param string $id Template unique identifier (example: 'theme_slug//template_slug'). * @param string $template_type Optional. Template type. Either 'wp_template' or 'wp_template_part'. * Default 'wp_template'. * @return WP_Block_Template|null Template. */ function get_block_template( $id, $template_type = 'wp_template' ) { /** * Filters the block template object before the query takes place. * * Return a non-null value to bypass the WordPress queries. * * @since 5.9.0 * * @param WP_Block_Template|null $block_template Return block template object to short-circuit the default query, * or null to allow WP to run its normal queries. * @param string $id Template unique identifier (example: 'theme_slug//template_slug'). * @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'. */ $block_template = apply_filters( 'pre_get_block_template', null, $id, $template_type ); if ( ! is_null( $block_template ) ) { return $block_template; } $parts = explode( '//', $id, 2 ); if ( count( $parts ) < 2 ) { return null; } list( $theme, $slug ) = $parts; $wp_query_args = array( 'post_name__in' => array( $slug ), 'post_type' => $template_type, 'post_status' => array( 'auto-draft', 'draft', 'publish', 'trash' ), 'posts_per_page' => 1, 'no_found_rows' => true, 'tax_query' => array( array( 'taxonomy' => 'wp_theme', 'field' => 'name', 'terms' => $theme, ), ), ); $template_query = new WP_Query( $wp_query_args ); $posts = $template_query->posts; if ( count( $posts ) > 0 ) { $template = _build_block_template_result_from_post( $posts[0] ); if ( ! is_wp_error( $template ) ) { return $template; } } $block_template = get_block_file_template( $id, $template_type ); /** * Filters the queried block template object after it's been fetched. * * @since 5.9.0 * * @param WP_Block_Template|null $block_template The found block template, or null if there isn't one. * @param string $id Template unique identifier (example: 'theme_slug//template_slug'). * @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'. */ return apply_filters( 'get_block_template', $block_template, $id, $template_type ); } /** * Retrieves a unified template object based on a theme file or plugin registration. * * This is a fallback of get_block_template(), used when no templates are found in the database. * Also checks for templates registered via the Template Registration API. * * @since 5.9.0 * * @param string $id Template unique identifier (example: 'theme_slug//template_slug'). * @param string $template_type Optional. Template type. Either 'wp_template' or 'wp_template_part'. * Default 'wp_template'. * @return WP_Block_Template|null The found block template, or null if there isn't one. */ function get_block_file_template( $id, $template_type = 'wp_template' ) { /** * Filters the block template object before the theme file discovery takes place. * * Return a non-null value to bypass the WordPress theme file discovery. * * @since 5.9.0 * * @param WP_Block_Template|null $block_template Return block template object to short-circuit the default query, * or null to allow WP to run its normal queries. * @param string $id Template unique identifier (example: 'theme_slug//template_slug'). * @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'. */ $block_template = apply_filters( 'pre_get_block_file_template', null, $id, $template_type ); if ( ! is_null( $block_template ) ) { return $block_template; } $parts = explode( '//', $id, 2 ); if ( count( $parts ) < 2 ) { /** This filter is documented in wp-includes/block-template-utils.php */ return apply_filters( 'get_block_file_template', null, $id, $template_type ); } list( $theme, $slug ) = $parts; if ( get_stylesheet() === $theme ) { $template_file = _get_block_template_file( $template_type, $slug ); if ( null !== $template_file ) { $block_template = _build_block_template_result_from_file( $template_file, $template_type ); /** This filter is documented in wp-includes/block-template-utils.php */ return apply_filters( 'get_block_file_template', $block_template, $id, $template_type ); } } $block_template = WP_Block_Templates_Registry::get_instance()->get_by_slug( $slug ); if ( $block_template ) { $block_template->content = apply_block_hooks_to_content( $block_template->content, $block_template, 'insert_hooked_blocks_and_set_ignored_hooked_blocks_metadata' ); } /** * Filters the block template object after it has been (potentially) fetched from the theme file. * * @since 5.9.0 * * @param WP_Block_Template|null $block_template The found block template, or null if there is none. * @param string $id Template unique identifier (example: 'theme_slug//template_slug'). * @param string $template_type Template type. Either 'wp_template' or 'wp_template_part'. */ return apply_filters( 'get_block_file_template', $block_template, $id, $template_type ); } /** * Prints a block template part. * * @since 5.9.0 * * @param string $part The block template part to print, for example 'header' or 'footer'. */ function block_template_part( $part ) { $template_part = get_block_template( get_stylesheet() . '//' . $part, 'wp_template_part' ); if ( ! $template_part || empty( $template_part->content ) ) { return; } echo do_blocks( $template_part->content ); } /** * Prints the header block template part. * * @since 5.9.0 */ function block_header_area() { block_template_part( 'header' ); } /** * Prints the footer block template part. * * @since 5.9.0 */ function block_footer_area() { block_template_part( 'footer' ); } /** * Determines whether a theme directory should be ignored during export. * * @since 6.0.0 * * @param string $path The path of the file in the theme. * @return bool Whether this file is in an ignored directory. */ function wp_is_theme_directory_ignored( $path ) { $directories_to_ignore = array( '.DS_Store', '.svn', '.git', '.hg', '.bzr', 'node_modules', 'vendor' ); foreach ( $directories_to_ignore as $directory ) { if ( str_starts_with( $path, $directory ) ) { return true; } } return false; } /** * Creates an export of the current templates and * template parts from the site editor at the * specified path in a ZIP file. * * @since 5.9.0 * @since 6.0.0 Adds the whole theme to the export archive. * * @return WP_Error|string Path of the ZIP file or error on failure. */ function wp_generate_block_templates_export_file() { $wp_version = wp_get_wp_version(); if ( ! class_exists( 'ZipArchive' ) ) { return new WP_Error( 'missing_zip_package', __( 'Zip Export not supported.' ) ); } $obscura = wp_generate_password( 12, false, false ); $theme_name = basename( get_stylesheet() ); $filename = get_temp_dir() . $theme_name . $obscura . '.zip'; $zip = new ZipArchive(); if ( true !== $zip->open( $filename, ZipArchive::CREATE | ZipArchive::OVERWRITE ) ) { return new WP_Error( 'unable_to_create_zip', __( 'Unable to open export file (archive) for writing.' ) ); } $zip->addEmptyDir( 'templates' ); $zip->addEmptyDir( 'parts' ); // Get path of the theme. $theme_path = wp_normalize_path( get_stylesheet_directory() ); // Create recursive directory iterator. $theme_files = new RecursiveIteratorIterator( new RecursiveDirectoryIterator( $theme_path ), RecursiveIteratorIterator::LEAVES_ONLY ); // Make a copy of the current theme. foreach ( $theme_files as $file ) { // Skip directories as they are added automatically. if ( ! $file->isDir() ) { // Get real and relative path for current file. $file_path = wp_normalize_path( $file ); $relative_path = substr( $file_path, strlen( $theme_path ) + 1 ); if ( ! wp_is_theme_directory_ignored( $relative_path ) ) { $zip->addFile( $file_path, $relative_path ); } } } // Load templates into the zip file. $templates = get_block_templates(); foreach ( $templates as $template ) { $template->content = traverse_and_serialize_blocks( parse_blocks( $template->content ), '_remove_theme_attribute_from_template_part_block' ); $zip->addFromString( 'templates/' . $template->slug . '.html', $template->content ); } // Load template parts into the zip file. $template_parts = get_block_templates( array(), 'wp_template_part' ); foreach ( $template_parts as $template_part ) { $zip->addFromString( 'parts/' . $template_part->slug . '.html', $template_part->content ); } // Load theme.json into the zip file. $tree = WP_Theme_JSON_Resolver::get_theme_data( array(), array( 'with_supports' => false ) ); // Merge with user data. $tree->merge( WP_Theme_JSON_Resolver::get_user_data() ); $theme_json_raw = $tree->get_data(); // If a version is defined, add a schema. if ( $theme_json_raw['version'] ) { $theme_json_version = 'wp/' . substr( $wp_version, 0, 3 ); $schema = array( '$schema' => 'https://schemas.wp.org/' . $theme_json_version . '/theme.json' ); $theme_json_raw = array_merge( $schema, $theme_json_raw ); } // Convert to a string. $theme_json_encoded = wp_json_encode( $theme_json_raw, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE ); // Replace 4 spaces with a tab. $theme_json_tabbed = preg_replace( '~(?:^|\G)\h{4}~m', "\t", $theme_json_encoded ); // Add the theme.json file to the zip. $zip->addFromString( 'theme.json', $theme_json_tabbed ); // Save changes to the zip file. $zip->close(); return $filename; } /** * Gets the template hierarchy for the given template slug to be created. * * Note: Always add `index` as the last fallback template. * * @since 6.1.0 * * @param string $slug The template slug to be created. * @param bool $is_custom Optional. Indicates if a template is custom or * part of the template hierarchy. Default false. * @param string $template_prefix Optional. The template prefix for the created template. * Used to extract the main template type, e.g. * in `taxonomy-books` the `taxonomy` is extracted. * Default empty string. * @return string[] The template hierarchy. */ function get_template_hierarchy( $slug, $is_custom = false, $template_prefix = '' ) { if ( 'index' === $slug ) { /** This filter is documented in wp-includes/template.php */ return apply_filters( 'index_template_hierarchy', array( 'index' ) ); } if ( $is_custom ) { /** This filter is documented in wp-includes/template.php */ return apply_filters( 'page_template_hierarchy', array( 'page', 'singular', 'index' ) ); } if ( 'front-page' === $slug ) { /** This filter is documented in wp-includes/template.php */ return apply_filters( 'frontpage_template_hierarchy', array( 'front-page', 'home', 'index' ) ); } $matches = array(); $template_hierarchy = array( $slug ); // Most default templates don't have `$template_prefix` assigned. if ( ! empty( $template_prefix ) ) { list( $type ) = explode( '-', $template_prefix ); // We need these checks because we always add the `$slug` above. if ( ! in_array( $template_prefix, array( $slug, $type ), true ) ) { $template_hierarchy[] = $template_prefix; } if ( $slug !== $type ) { $template_hierarchy[] = $type; } } elseif ( preg_match( '/^(author|category|archive|tag|page)-.+$/', $slug, $matches ) ) { $template_hierarchy[] = $matches[1]; } elseif ( preg_match( '/^(taxonomy|single)-(.+)$/', $slug, $matches ) ) { $type = $matches[1]; $slug_remaining = $matches[2]; $items = 'single' === $type ? get_post_types() : get_taxonomies(); foreach ( $items as $item ) { if ( ! str_starts_with( $slug_remaining, $item ) ) { continue; } // If $slug_remaining is equal to $post_type or $taxonomy we have // the single-$post_type template or the taxonomy-$taxonomy template. if ( $slug_remaining === $item ) { $template_hierarchy[] = $type; break; } // If $slug_remaining is single-$post_type-$slug template. if ( strlen( $slug_remaining ) > strlen( $item ) + 1 ) { $template_hierarchy[] = "$type-$item"; $template_hierarchy[] = $type; break; } } } // Handle `archive` template. if ( str_starts_with( $slug, 'author' ) || str_starts_with( $slug, 'taxonomy' ) || str_starts_with( $slug, 'category' ) || str_starts_with( $slug, 'tag' ) || 'date' === $slug ) { $template_hierarchy[] = 'archive'; } // Handle `single` template. if ( 'attachment' === $slug ) { $template_hierarchy[] = 'single'; } // Handle `singular` template. if ( str_starts_with( $slug, 'single' ) || str_starts_with( $slug, 'page' ) || 'attachment' === $slug ) { $template_hierarchy[] = 'singular'; } $template_hierarchy[] = 'index'; $template_type = ''; if ( ! empty( $template_prefix ) ) { list( $template_type ) = explode( '-', $template_prefix ); } else { list( $template_type ) = explode( '-', $slug ); } $valid_template_types = array( '404', 'archive', 'attachment', 'author', 'category', 'date', 'embed', 'frontpage', 'home', 'index', 'page', 'paged', 'privacypolicy', 'search', 'single', 'singular', 'tag', 'taxonomy' ); if ( in_array( $template_type, $valid_template_types, true ) ) { /** This filter is documented in wp-includes/template.php */ return apply_filters( "{$template_type}_template_hierarchy", $template_hierarchy ); } return $template_hierarchy; } /** * Inject ignoredHookedBlocks metadata attributes into a template or template part. * * Given an object that represents a `wp_template` or `wp_template_part` post object * prepared for inserting or updating the database, locate all blocks that have * hooked blocks, and inject a `metadata.ignoredHookedBlocks` attribute into the anchor * blocks to reflect the latter. * * @since 6.5.0 * @access private * * @param stdClass $changes An object representing a template or template part * prepared for inserting or updating the database. * @param WP_REST_Request $deprecated Deprecated. Not used. * @return stdClass|WP_Error The updated object representing a template or template part. */ function inject_ignored_hooked_blocks_metadata_attributes( $changes, $deprecated = null ) { if ( null !== $deprecated ) { _deprecated_argument( __FUNCTION__, '6.5.3' ); } if ( ! isset( $changes->post_content ) ) { return $changes; } $hooked_blocks = get_hooked_blocks(); if ( empty( $hooked_blocks ) && ! has_filter( 'hooked_block_types' ) ) { return $changes; } $meta = isset( $changes->meta_input ) ? $changes->meta_input : array(); $terms = isset( $changes->tax_input ) ? $changes->tax_input : array(); if ( empty( $changes->ID ) ) { // There's no post object for this template in the database for this template yet. $post = $changes; } else { // Find the existing post object. $post = get_post( $changes->ID ); // If the post is a revision, use the parent post's post_name and post_type. $post_id = wp_is_post_revision( $post ); if ( $post_id ) { $parent_post = get_post( $post_id ); $post->post_name = $parent_post->post_name; $post->post_type = $parent_post->post_type; } // Apply the changes to the existing post object. $post = (object) array_merge( (array) $post, (array) $changes ); $type_terms = get_the_terms( $changes->ID, 'wp_theme' ); $terms['wp_theme'] = ! is_wp_error( $type_terms ) && ! empty( $type_terms ) ? $type_terms[0]->name : null; } // Required for the WP_Block_Template. Update the post object with the current time. $post->post_modified = current_time( 'mysql' ); // If the post_author is empty, set it to the current user. if ( empty( $post->post_author ) ) { $post->post_author = get_current_user_id(); } if ( 'wp_template_part' === $post->post_type && ! isset( $terms['wp_template_part_area'] ) ) { $area_terms = get_the_terms( $changes->ID, 'wp_template_part_area' ); $terms['wp_template_part_area'] = ! is_wp_error( $area_terms ) && ! empty( $area_terms ) ? $area_terms[0]->name : null; } $template = _build_block_template_object_from_post_object( new WP_Post( $post ), $terms, $meta ); if ( is_wp_error( $template ) ) { return $template; } if ( 'wp_template_part' === $post->post_type ) { $attributes = array(); $existing_ignored_hooked_blocks = isset( $post->ID ) ? get_post_meta( $post->ID, '_wp_ignored_hooked_blocks', true ) : ''; if ( ! empty( $existing_ignored_hooked_blocks ) ) { $attributes['metadata'] = array( 'ignoredHookedBlocks' => json_decode( $existing_ignored_hooked_blocks, true ), ); } $content = get_comment_delimited_block_content( 'core/template-part', $attributes, $changes->post_content ); $content = apply_block_hooks_to_content( $content, $template, 'set_ignored_hooked_blocks_metadata' ); $changes->post_content = remove_serialized_parent_block( $content ); $wrapper_block_markup = extract_serialized_parent_block( $content ); $wrapper_block = parse_blocks( $wrapper_block_markup )[0]; $ignored_hooked_blocks = $wrapper_block['attrs']['metadata']['ignoredHookedBlocks'] ?? array(); if ( ! empty( $ignored_hooked_blocks ) ) { if ( ! isset( $changes->meta_input ) ) { $changes->meta_input = array(); } $changes->meta_input['_wp_ignored_hooked_blocks'] = wp_json_encode( $ignored_hooked_blocks ); } } else { $changes->post_content = apply_block_hooks_to_content( $changes->post_content, $template, 'set_ignored_hooked_blocks_metadata' ); } return $changes; } .l10n.php 0000666 00000000000 15225624212 0006100 0 ustar 00 https-migration.php 0000666 00000011205 15225624212 0010412 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605080358.php 0000666 00000013341 15225624212 0011774 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } cache-compat.php 0000666 00000023536 15225624212 0007617 0 ustar 00 <?php /** * Object Cache API functions missing from 3rd party object caches. * * @link https://developer.wordpress.org/reference/classes/wp_object_cache/ * * @package WordPress * @subpackage Cache */ if ( ! function_exists( 'wp_cache_add_multiple' ) ) : /** * Adds multiple values to the cache in one call, if the cache keys don't already exist. * * Compat function to mimic wp_cache_add_multiple(). * * @ignore * @since 6.0.0 * * @see wp_cache_add_multiple() * * @param array $data Array of keys and values to be added. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool[] Array of return values, grouped by key. Each value is either * true on success, or false if cache key and group already exist. */ function wp_cache_add_multiple( array $data, $group = '', $expire = 0 ) { $values = array(); foreach ( $data as $key => $value ) { $values[ $key ] = wp_cache_add( $key, $value, $group, $expire ); } return $values; } endif; if ( ! function_exists( 'wp_cache_set_multiple' ) ) : /** * Sets multiple values to the cache in one call. * * Differs from wp_cache_add_multiple() in that it will always write data. * * Compat function to mimic wp_cache_set_multiple(). * * @ignore * @since 6.0.0 * * @see wp_cache_set_multiple() * * @param array $data Array of keys and values to be set. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool[] Array of return values, grouped by key. Each value is either * true on success, or false on failure. */ function wp_cache_set_multiple( array $data, $group = '', $expire = 0 ) { $values = array(); foreach ( $data as $key => $value ) { $values[ $key ] = wp_cache_set( $key, $value, $group, $expire ); } return $values; } endif; if ( ! function_exists( 'wp_cache_get_multiple' ) ) : /** * Retrieves multiple values from the cache in one call. * * Compat function to mimic wp_cache_get_multiple(). * * @ignore * @since 5.5.0 * * @see wp_cache_get_multiple() * * @param array $keys Array of keys under which the cache contents are stored. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @param bool $force Optional. Whether to force an update of the local cache * from the persistent cache. Default false. * @return array Array of return values, grouped by key. Each value is either * the cache contents on success, or false on failure. */ function wp_cache_get_multiple( $keys, $group = '', $force = false ) { $values = array(); foreach ( $keys as $key ) { $values[ $key ] = wp_cache_get( $key, $group, $force ); } return $values; } endif; if ( ! function_exists( 'wp_cache_delete_multiple' ) ) : /** * Deletes multiple values from the cache in one call. * * Compat function to mimic wp_cache_delete_multiple(). * * @ignore * @since 6.0.0 * * @see wp_cache_delete_multiple() * * @param array $keys Array of keys under which the cache to deleted. * @param string $group Optional. Where the cache contents are grouped. Default empty. * @return bool[] Array of return values, grouped by key. Each value is either * true on success, or false if the contents were not deleted. */ function wp_cache_delete_multiple( array $keys, $group = '' ) { $values = array(); foreach ( $keys as $key ) { $values[ $key ] = wp_cache_delete( $key, $group ); } return $values; } endif; if ( ! function_exists( 'wp_cache_flush_runtime' ) ) : /** * Removes all cache items from the in-memory runtime cache. * * Compat function to mimic wp_cache_flush_runtime(). * * @ignore * @since 6.0.0 * * @see wp_cache_flush_runtime() * * @return bool True on success, false on failure. */ function wp_cache_flush_runtime() { if ( ! wp_cache_supports( 'flush_runtime' ) ) { _doing_it_wrong( __FUNCTION__, __( 'Your object cache implementation does not support flushing the in-memory runtime cache.' ), '6.1.0' ); return false; } return wp_cache_flush(); } endif; if ( ! function_exists( 'wp_cache_flush_group' ) ) : /** * Removes all cache items in a group, if the object cache implementation supports it. * * Before calling this function, always check for group flushing support using the * `wp_cache_supports( 'flush_group' )` function. * * @since 6.1.0 * * @see WP_Object_Cache::flush_group() * @global WP_Object_Cache $wp_object_cache Object cache global instance. * * @param string $group Name of group to remove from cache. * @return bool True if group was flushed, false otherwise. */ function wp_cache_flush_group( $group ) { global $wp_object_cache; if ( ! wp_cache_supports( 'flush_group' ) ) { _doing_it_wrong( __FUNCTION__, __( 'Your object cache implementation does not support flushing individual groups.' ), '6.1.0' ); return false; } return $wp_object_cache->flush_group( $group ); } endif; if ( ! function_exists( 'wp_cache_supports' ) ) : /** * Determines whether the object cache implementation supports a particular feature. * * @since 6.1.0 * * @param string $feature Name of the feature to check for. Possible values include: * 'add_multiple', 'set_multiple', 'get_multiple', 'delete_multiple', * 'flush_runtime', 'flush_group'. * @return bool True if the feature is supported, false otherwise. */ function wp_cache_supports( $feature ) { return false; } endif; if ( ! function_exists( 'wp_cache_get_salted' ) ) : /** * Retrieves cached data if valid and unchanged. * * @since 6.9.0 * * @param string $cache_key The cache key used for storage and retrieval. * @param string $group The cache group used for organizing data. * @param string|string[] $salt The timestamp (or multiple timestamps if an array) indicating when the cache group(s) were last updated. * @return mixed|false The cached data if valid, or false if the cache does not exist or is outdated. */ function wp_cache_get_salted( $cache_key, $group, $salt ) { $salt = is_array( $salt ) ? implode( ':', $salt ) : $salt; $cache = wp_cache_get( $cache_key, $group ); if ( ! is_array( $cache ) ) { return false; } if ( ! isset( $cache['salt'] ) || ! isset( $cache['data'] ) || $salt !== $cache['salt'] ) { return false; } return $cache['data']; } endif; if ( ! function_exists( 'wp_cache_set_salted' ) ) : /** * Stores salted data in the cache. * * @since 6.9.0 * * @param string $cache_key The cache key under which to store the data. * @param mixed $data The data to be cached. * @param string $group The cache group to which the data belongs. * @param string|string[] $salt The timestamp (or multiple timestamps if an array) indicating when the cache group(s) were last updated. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool True on success, false on failure. */ function wp_cache_set_salted( $cache_key, $data, $group, $salt, $expire = 0 ) { $salt = is_array( $salt ) ? implode( ':', $salt ) : $salt; return wp_cache_set( $cache_key, array( 'data' => $data, 'salt' => $salt, ), $group, $expire ); } endif; if ( ! function_exists( 'wp_cache_get_multiple_salted' ) ) : /** * Retrieves multiple items from the cache, only considering valid and unchanged items. * * @since 6.9.0 * * @param array $cache_keys Array of cache keys to retrieve. * @param string $group The group of the cache to check. * @param string|string[] $salt The timestamp (or multiple timestamps if an array) indicating when the cache group(s) were last updated. * @return array An associative array containing cache values. Values are `false` if they are not found or outdated. */ function wp_cache_get_multiple_salted( $cache_keys, $group, $salt ) { $salt = is_array( $salt ) ? implode( ':', $salt ) : $salt; $cache = wp_cache_get_multiple( $cache_keys, $group ); foreach ( $cache as $key => $value ) { if ( ! is_array( $value ) ) { $cache[ $key ] = false; continue; } if ( ! isset( $value['salt'], $value['data'] ) || $salt !== $value['salt'] ) { $cache[ $key ] = false; continue; } $cache[ $key ] = $value['data']; } return $cache; } endif; if ( ! function_exists( 'wp_cache_set_multiple_salted' ) ) : /** * Stores multiple pieces of salted data in the cache. * * @since 6.9.0 * * @param mixed $data Data to be stored in the cache for all keys. * @param string $group Group to which the cached data belongs. * @param string|string[] $salt The timestamp (or multiple timestamps if an array) indicating when the cache group(s) were last updated. * @param int $expire Optional. When to expire the cache contents, in seconds. * Default 0 (no expiration). * @return bool[] Array of return values, grouped by key. Each value is either * true on success, or false on failure. */ function wp_cache_set_multiple_salted( $data, $group, $salt, $expire = 0 ) { $salt = is_array( $salt ) ? implode( ':', $salt ) : $salt; $new_cache = array(); foreach ( $data as $key => $value ) { $new_cache[ $key ] = array( 'data' => $value, 'salt' => $salt, ); } return wp_cache_set_multiple( $new_cache, $group, $expire ); } endif; class-wp-translation-file-php.php 0000666 00000003425 15225624212 0013055 0 ustar 00 <?php /** * I18N: WP_Translation_File_PHP class. * * @package WordPress * @subpackage I18N * @since 6.5.0 */ /** * Class WP_Translation_File_PHP. * * @since 6.5.0 */ class WP_Translation_File_PHP extends WP_Translation_File { /** * Parses the file. * * @since 6.5.0 */ protected function parse_file() { $this->parsed = true; $result = include $this->file; if ( ! $result || ! is_array( $result ) ) { $this->error = 'Invalid data'; return; } if ( isset( $result['messages'] ) && is_array( $result['messages'] ) ) { foreach ( $result['messages'] as $original => $translation ) { $this->entries[ (string) $original ] = $translation; } unset( $result['messages'] ); } $this->headers = array_change_key_case( $result ); } /** * Exports translation contents as a string. * * @since 6.5.0 * * @return string Translation file contents. */ public function export(): string { $data = array_merge( $this->headers, array( 'messages' => $this->entries ) ); return '<?php' . PHP_EOL . 'return ' . $this->var_export( $data ) . ';' . PHP_EOL; } /** * Outputs or returns a parsable string representation of a variable. * * Like {@see var_export()} but "minified", using short array syntax * and no newlines. * * @since 6.5.0 * * @param mixed $value The variable you want to export. * @return string The variable representation. */ private function var_export( $value ): string { if ( ! is_array( $value ) ) { return var_export( $value, true ); } $entries = array(); $is_list = array_is_list( $value ); foreach ( $value as $key => $val ) { $entries[] = $is_list ? $this->var_export( $val ) : var_export( $key, true ) . '=>' . $this->var_export( $val ); } return '[' . implode( ',', $entries ) . ']'; } } https-detection-20260613232255.php 0000666 00000013341 15225624212 0011766 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605051208.php 0000666 00000011205 15225624212 0011774 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } string.php 0000666 00000020233 15225624212 0006570 0 ustar 00 <?php /** * Parses unified or context diffs output from eg. the diff utility. * * Example: * <code> * $patch = file_get_contents('example.patch'); * $diff = new Text_Diff('string', array($patch)); * $renderer = new Text_Diff_Renderer_inline(); * echo $renderer->render($diff); * </code> * * Copyright 2005 Örjan Persson <o@42mm.org> * Copyright 2005-2010 The Horde Project (http://www.horde.org/) * * See the enclosed file COPYING for license information (LGPL). If you did * not receive this file, see https://opensource.org/license/lgpl-2-1/. * * @author Örjan Persson <o@42mm.org> * @package Text_Diff * @since 0.2.0 */ class Text_Diff_Engine_string { /** * Parses a unified or context diff. * * First param contains the whole diff and the second can be used to force * a specific diff type. If the second parameter is 'autodetect', the * diff will be examined to find out which type of diff this is. * * @param string $diff The diff content. * @param string $mode The diff mode of the content in $diff. One of * 'context', 'unified', or 'autodetect'. * * @return array List of all diff operations. */ function diff($diff, $mode = 'autodetect') { // Detect line breaks. $lnbr = "\n"; if (strpos($diff, "\r\n") !== false) { $lnbr = "\r\n"; } elseif (strpos($diff, "\r") !== false) { $lnbr = "\r"; } // Make sure we have a line break at the EOF. if (substr($diff, -strlen($lnbr)) != $lnbr) { $diff .= $lnbr; } if ($mode != 'autodetect' && $mode != 'context' && $mode != 'unified') { return PEAR::raiseError('Type of diff is unsupported'); } if ($mode == 'autodetect') { $context = strpos($diff, '***'); $unified = strpos($diff, '---'); if ($context === $unified) { return PEAR::raiseError('Type of diff could not be detected'); } elseif ($context === false || $unified === false) { $mode = $context !== false ? 'context' : 'unified'; } else { $mode = $context < $unified ? 'context' : 'unified'; } } // Split by new line and remove the diff header, if there is one. $diff = explode($lnbr, $diff); if (($mode == 'context' && strpos($diff[0], '***') === 0) || ($mode == 'unified' && strpos($diff[0], '---') === 0)) { array_shift($diff); array_shift($diff); } if ($mode == 'context') { return $this->parseContextDiff($diff); } else { return $this->parseUnifiedDiff($diff); } } /** * Parses an array containing the unified diff. * * @param array $diff Array of lines. * * @return array List of all diff operations. */ function parseUnifiedDiff($diff) { $edits = array(); $end = count($diff) - 1; for ($i = 0; $i < $end;) { $diff1 = array(); switch (substr($diff[$i], 0, 1)) { case ' ': do { $diff1[] = substr($diff[$i], 1); } while (++$i < $end && substr($diff[$i], 0, 1) == ' '); $edits[] = new Text_Diff_Op_copy($diff1); break; case '+': // get all new lines do { $diff1[] = substr($diff[$i], 1); } while (++$i < $end && substr($diff[$i], 0, 1) == '+'); $edits[] = new Text_Diff_Op_add($diff1); break; case '-': // get changed or removed lines $diff2 = array(); do { $diff1[] = substr($diff[$i], 1); } while (++$i < $end && substr($diff[$i], 0, 1) == '-'); while ($i < $end && substr($diff[$i], 0, 1) == '+') { $diff2[] = substr($diff[$i++], 1); } if (count($diff2) == 0) { $edits[] = new Text_Diff_Op_delete($diff1); } else { $edits[] = new Text_Diff_Op_change($diff1, $diff2); } break; default: $i++; break; } } return $edits; } /** * Parses an array containing the context diff. * * @param array $diff Array of lines. * * @return array List of all diff operations. */ function parseContextDiff(&$diff) { $edits = array(); $i = $max_i = $j = $max_j = 0; $end = count($diff) - 1; while ($i < $end && $j < $end) { while ($i >= $max_i && $j >= $max_j) { // Find the boundaries of the diff output of the two files for ($i = $j; $i < $end && substr($diff[$i], 0, 3) == '***'; $i++); for ($max_i = $i; $max_i < $end && substr($diff[$max_i], 0, 3) != '---'; $max_i++); for ($j = $max_i; $j < $end && substr($diff[$j], 0, 3) == '---'; $j++); for ($max_j = $j; $max_j < $end && substr($diff[$max_j], 0, 3) != '***'; $max_j++); } // find what hasn't been changed $array = array(); while ($i < $max_i && $j < $max_j && strcmp($diff[$i], $diff[$j]) == 0) { $array[] = substr($diff[$i], 2); $i++; $j++; } while ($i < $max_i && ($max_j-$j) <= 1) { if ($diff[$i] != '' && substr($diff[$i], 0, 1) != ' ') { break; } $array[] = substr($diff[$i++], 2); } while ($j < $max_j && ($max_i-$i) <= 1) { if ($diff[$j] != '' && substr($diff[$j], 0, 1) != ' ') { break; } $array[] = substr($diff[$j++], 2); } if (count($array) > 0) { $edits[] = new Text_Diff_Op_copy($array); } if ($i < $max_i) { $diff1 = array(); switch (substr($diff[$i], 0, 1)) { case '!': $diff2 = array(); do { $diff1[] = substr($diff[$i], 2); if ($j < $max_j && substr($diff[$j], 0, 1) == '!') { $diff2[] = substr($diff[$j++], 2); } } while (++$i < $max_i && substr($diff[$i], 0, 1) == '!'); $edits[] = new Text_Diff_Op_change($diff1, $diff2); break; case '+': do { $diff1[] = substr($diff[$i], 2); } while (++$i < $max_i && substr($diff[$i], 0, 1) == '+'); $edits[] = new Text_Diff_Op_add($diff1); break; case '-': do { $diff1[] = substr($diff[$i], 2); } while (++$i < $max_i && substr($diff[$i], 0, 1) == '-'); $edits[] = new Text_Diff_Op_delete($diff1); break; } } if ($j < $max_j) { $diff2 = array(); switch (substr($diff[$j], 0, 1)) { case '+': do { $diff2[] = substr($diff[$j++], 2); } while ($j < $max_j && substr($diff[$j], 0, 1) == '+'); $edits[] = new Text_Diff_Op_add($diff2); break; case '-': do { $diff2[] = substr($diff[$j++], 2); } while ($j < $max_j && substr($diff[$j], 0, 1) == '-'); $edits[] = new Text_Diff_Op_delete($diff2); break; } } } return $edits; } } https-migration-20260605222822.php 0000666 00000011205 15225624212 0011776 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605112022.php 0000666 00000013341 15225624212 0011754 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260605145106.php 0000666 00000011205 15225624212 0011775 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } class-wp-customize-control.php 0000666 00000063007 15225624212 0012517 0 ustar 00 <?php /** * WordPress Customize Control classes * * @package WordPress * @subpackage Customize * @since 3.4.0 */ // Don't load directly. if ( ! defined( 'ABSPATH' ) ) { die( '-1' ); } /** * Customize Control class. * * @since 3.4.0 */ #[AllowDynamicProperties] class WP_Customize_Control { /** * Incremented with each new class instantiation, then stored in $instance_number. * * Used when sorting two instances whose priorities are equal. * * @since 4.1.0 * @var int */ protected static $instance_count = 0; /** * Order in which this instance was created in relation to other instances. * * @since 4.1.0 * @var int */ public $instance_number; /** * Customizer manager. * * @since 3.4.0 * @var WP_Customize_Manager */ public $manager; /** * Control ID. * * @since 3.4.0 * @var string */ public $id; /** * All settings tied to the control. * * @since 3.4.0 * @var array */ public $settings; /** * The primary setting for the control (if there is one). * * @since 3.4.0 * @var string|WP_Customize_Setting|null */ public $setting = 'default'; /** * Capability required to use this control. * * Normally this is empty and the capability is derived from the capabilities * of the associated `$settings`. * * @since 4.5.0 * @var string */ public $capability; /** * Order priority to load the control in Customizer. * * @since 3.4.0 * @var int */ public $priority = 10; /** * Section the control belongs to. * * @since 3.4.0 * @var string */ public $section = ''; /** * Label for the control. * * @since 3.4.0 * @var string */ public $label = ''; /** * Description for the control. * * @since 4.0.0 * @var string */ public $description = ''; /** * List of choices for 'radio' or 'select' type controls, where values are the keys, and labels are the values. * * @since 3.4.0 * @var array */ public $choices = array(); /** * List of custom input attributes for control output, where attribute names are the keys and values are the values. * * Not used for 'checkbox', 'radio', 'select', or 'dropdown-pages' control types. * * @since 4.0.0 * @var array */ public $input_attrs = array(); /** * Show UI for adding new content, currently only used for the dropdown-pages control. * * @since 4.7.0 * @var bool */ public $allow_addition = false; /** * @deprecated It is better to just call the json() method * @since 3.4.0 * @var array */ public $json = array(); /** * Control's Type. * * @since 3.4.0 * @var string */ public $type = 'text'; /** * Callback. * * @since 4.0.0 * * @see WP_Customize_Control::active() * * @var callable Callback is called with one argument, the instance of * WP_Customize_Control, and returns bool to indicate whether * the control is active (such as it relates to the URL * currently being previewed). */ public $active_callback = ''; /** * Constructor. * * Supplied `$args` override class property defaults. * * If `$args['settings']` is not defined, use the `$id` as the setting ID. * * @since 3.4.0 * * @param WP_Customize_Manager $manager Customizer bootstrap instance. * @param string $id Control ID. * @param array $args { * Optional. Array of properties for the new Control object. Default empty array. * * @type int $instance_number Order in which this instance was created in relation * to other instances. * @type WP_Customize_Manager $manager Customizer bootstrap instance. * @type string $id Control ID. * @type array $settings All settings tied to the control. If undefined, `$id` will * be used. * @type string $setting The primary setting for the control (if there is one). * Default 'default'. * @type string $capability Capability required to use this control. Normally this is empty * and the capability is derived from `$settings`. * @type int $priority Order priority to load the control. Default 10. * @type string $section Section the control belongs to. Default empty. * @type string $label Label for the control. Default empty. * @type string $description Description for the control. Default empty. * @type array $choices List of choices for 'radio' or 'select' type controls, where * values are the keys, and labels are the values. * Default empty array. * @type array $input_attrs List of custom input attributes for control output, where * attribute names are the keys and values are the values. Not * used for 'checkbox', 'radio', 'select', or 'dropdown-pages' * control types. Default empty array. * @type bool $allow_addition Show UI for adding new content, currently only used for the * dropdown-pages control. Default false. * @type array $json Deprecated. Use WP_Customize_Control::json() instead. * @type string $type Control type. Core controls include 'text', 'checkbox', * 'textarea', 'radio', 'select', and 'dropdown-pages'. Additional * input types such as 'email', 'url', 'number', 'hidden', and * 'date' are supported implicitly. Default 'text'. * @type callable $active_callback Active callback. * } */ public function __construct( $manager, $id, $args = array() ) { $keys = array_keys( get_object_vars( $this ) ); foreach ( $keys as $key ) { if ( isset( $args[ $key ] ) ) { $this->$key = $args[ $key ]; } } $this->manager = $manager; $this->id = $id; if ( empty( $this->active_callback ) ) { $this->active_callback = array( $this, 'active_callback' ); } self::$instance_count += 1; $this->instance_number = self::$instance_count; // Process settings. if ( ! isset( $this->settings ) ) { $this->settings = $id; } $settings = array(); if ( is_array( $this->settings ) ) { foreach ( $this->settings as $key => $setting ) { $settings[ $key ] = $this->manager->get_setting( $setting ); } } elseif ( is_string( $this->settings ) ) { $this->setting = $this->manager->get_setting( $this->settings ); $settings['default'] = $this->setting; } $this->settings = $settings; } /** * Enqueues control related scripts/styles. * * @since 3.4.0 */ public function enqueue() {} /** * Checks whether control is active to current Customizer preview. * * @since 4.0.0 * * @return bool Whether the control is active to the current preview. */ final public function active() { $control = $this; $active = call_user_func( $this->active_callback, $this ); /** * Filters response of WP_Customize_Control::active(). * * @since 4.0.0 * * @param bool $active Whether the Customizer control is active. * @param WP_Customize_Control $control WP_Customize_Control instance. */ $active = apply_filters( 'customize_control_active', $active, $control ); return $active; } /** * Default callback used when invoking WP_Customize_Control::active(). * * Subclasses can override this with their specific logic, or they may * provide an 'active_callback' argument to the constructor. * * @since 4.0.0 * * @return true Always true. */ public function active_callback() { return true; } /** * Fetches a setting's value. * Grabs the main setting by default. * * @since 3.4.0 * * @param string $setting_key * @return mixed The requested setting's value, if the setting exists. */ final public function value( $setting_key = 'default' ) { if ( isset( $this->settings[ $setting_key ] ) ) { return $this->settings[ $setting_key ]->value(); } } /** * Refreshes the parameters passed to the JavaScript via JSON. * * @since 3.4.0 */ public function to_json() { $this->json['settings'] = array(); foreach ( $this->settings as $key => $setting ) { $this->json['settings'][ $key ] = $setting->id; } $this->json['type'] = $this->type; $this->json['priority'] = $this->priority; $this->json['active'] = $this->active(); $this->json['section'] = $this->section; $this->json['content'] = $this->get_content(); $this->json['label'] = $this->label; $this->json['description'] = $this->description; $this->json['instanceNumber'] = $this->instance_number; if ( 'dropdown-pages' === $this->type ) { $this->json['allow_addition'] = $this->allow_addition; } } /** * Gets the data to export to the client via JSON. * * @since 4.1.0 * * @return array Array of parameters passed to the JavaScript. */ public function json() { $this->to_json(); return $this->json; } /** * Checks if the user can use this control. * * Returns false if the user cannot manipulate one of the associated settings, * or if one of the associated settings does not exist. Also returns false if * the associated section does not exist or if its capability check returns * false. * * @since 3.4.0 * * @return bool False if theme doesn't support the control or user doesn't have the required permissions, otherwise true. */ final public function check_capabilities() { if ( ! empty( $this->capability ) && ! current_user_can( $this->capability ) ) { return false; } foreach ( $this->settings as $setting ) { if ( ! $setting || ! $setting->check_capabilities() ) { return false; } } $section = $this->manager->get_section( $this->section ); if ( isset( $section ) && ! $section->check_capabilities() ) { return false; } return true; } /** * Gets the control's content for insertion into the Customizer pane. * * @since 4.1.0 * * @return string Contents of the control. */ final public function get_content() { ob_start(); $this->maybe_render(); return trim( ob_get_clean() ); } /** * Checks capabilities and render the control. * * @since 3.4.0 * @uses WP_Customize_Control::render() */ final public function maybe_render() { if ( ! $this->check_capabilities() ) { return; } /** * Fires just before the current Customizer control is rendered. * * @since 3.4.0 * * @param WP_Customize_Control $control WP_Customize_Control instance. */ do_action( 'customize_render_control', $this ); /** * Fires just before a specific Customizer control is rendered. * * The dynamic portion of the hook name, `$this->id`, refers to * the control ID. * * @since 3.4.0 * * @param WP_Customize_Control $control WP_Customize_Control instance. */ do_action( "customize_render_control_{$this->id}", $this ); $this->render(); } /** * Renders the control wrapper and calls $this->render_content() for the internals. * * @since 3.4.0 */ protected function render() { $id = 'customize-control-' . str_replace( array( '[', ']' ), array( '-', '' ), $this->id ); $class = 'customize-control customize-control-' . $this->type; printf( '<li id="%s" class="%s">', esc_attr( $id ), esc_attr( $class ) ); $this->render_content(); echo '</li>'; } /** * Gets the data link attribute for a setting. * * @since 3.4.0 * @since 4.9.0 Return a `data-customize-setting-key-link` attribute if a setting is not registered for the supplied setting key. * * @param string $setting_key * @return string Data link parameter, a `data-customize-setting-link` attribute if the `$setting_key` refers * to a pre-registered setting, and a `data-customize-setting-key-link` attribute if the setting * is not yet registered. */ public function get_link( $setting_key = 'default' ) { if ( isset( $this->settings[ $setting_key ] ) && $this->settings[ $setting_key ] instanceof WP_Customize_Setting ) { return 'data-customize-setting-link="' . esc_attr( $this->settings[ $setting_key ]->id ) . '"'; } else { return 'data-customize-setting-key-link="' . esc_attr( $setting_key ) . '"'; } } /** * Renders the data link attribute for the control's input element. * * @since 3.4.0 * @uses WP_Customize_Control::get_link() * * @param string $setting_key Default 'default'. */ public function link( $setting_key = 'default' ) { echo $this->get_link( $setting_key ); } /** * Renders the custom attributes for the control's input element. * * @since 4.0.0 */ public function input_attrs() { foreach ( $this->input_attrs as $attr => $value ) { echo $attr . '="' . esc_attr( $value ) . '" '; } } /** * Renders the control's content. * * Allows the content to be overridden without having to rewrite the wrapper in `$this::render()`. * * Supports basic input types `text`, `checkbox`, `textarea`, `radio`, `select` and `dropdown-pages`. * Additional input types such as `email`, `url`, `number`, `hidden` and `date` are supported implicitly. * * Control content can alternately be rendered in JS. See WP_Customize_Control::print_template(). * * @since 3.4.0 */ protected function render_content() { $input_id = '_customize-input-' . $this->id; $description_id = '_customize-description-' . $this->id; $describedby_attr = ( ! empty( $this->description ) ) ? ' aria-describedby="' . esc_attr( $description_id ) . '" ' : ''; switch ( $this->type ) { case 'checkbox': ?> <span class="customize-inside-control-row"> <input id="<?php echo esc_attr( $input_id ); ?>" <?php echo $describedby_attr; ?> type="checkbox" value="<?php echo esc_attr( $this->value() ); ?>" <?php $this->link(); ?> <?php checked( $this->value() ); ?> /> <label for="<?php echo esc_attr( $input_id ); ?>"><?php echo esc_html( $this->label ); ?></label> <?php if ( ! empty( $this->description ) ) : ?> <span id="<?php echo esc_attr( $description_id ); ?>" class="description customize-control-description"><?php echo $this->description; ?></span> <?php endif; ?> </span> <?php break; case 'radio': if ( empty( $this->choices ) ) { return; } $name = '_customize-radio-' . $this->id; ?> <?php if ( ! empty( $this->label ) ) : ?> <span class="customize-control-title"><?php echo esc_html( $this->label ); ?></span> <?php endif; ?> <?php if ( ! empty( $this->description ) ) : ?> <span id="<?php echo esc_attr( $description_id ); ?>" class="description customize-control-description"><?php echo $this->description; ?></span> <?php endif; ?> <?php foreach ( $this->choices as $value => $label ) : ?> <span class="customize-inside-control-row"> <input id="<?php echo esc_attr( $input_id . '-radio-' . $value ); ?>" type="radio" <?php echo $describedby_attr; ?> value="<?php echo esc_attr( $value ); ?>" name="<?php echo esc_attr( $name ); ?>" <?php $this->link(); ?> <?php checked( $this->value(), $value ); ?> /> <label for="<?php echo esc_attr( $input_id . '-radio-' . $value ); ?>"><?php echo esc_html( $label ); ?></label> </span> <?php endforeach; ?> <?php break; case 'select': if ( empty( $this->choices ) ) { return; } ?> <?php if ( ! empty( $this->label ) ) : ?> <label for="<?php echo esc_attr( $input_id ); ?>" class="customize-control-title"><?php echo esc_html( $this->label ); ?></label> <?php endif; ?> <?php if ( ! empty( $this->description ) ) : ?> <span id="<?php echo esc_attr( $description_id ); ?>" class="description customize-control-description"><?php echo $this->description; ?></span> <?php endif; ?> <select id="<?php echo esc_attr( $input_id ); ?>" <?php echo $describedby_attr; ?> <?php $this->link(); ?>> <?php foreach ( $this->choices as $value => $label ) { echo '<option value="' . esc_attr( $value ) . '"' . selected( $this->value(), $value, false ) . '>' . esc_html( $label ) . '</option>'; } ?> </select> <?php break; case 'textarea': if ( ! array_key_exists( 'rows', $this->input_attrs ) ) { $this->input_attrs['rows'] = 5; } ?> <?php if ( ! empty( $this->label ) ) : ?> <label for="<?php echo esc_attr( $input_id ); ?>" class="customize-control-title"><?php echo esc_html( $this->label ); ?></label> <?php endif; ?> <?php if ( ! empty( $this->description ) ) : ?> <span id="<?php echo esc_attr( $description_id ); ?>" class="description customize-control-description"><?php echo $this->description; ?></span> <?php endif; ?> <textarea id="<?php echo esc_attr( $input_id ); ?>" <?php echo $describedby_attr; ?> <?php $this->input_attrs(); ?> <?php $this->link(); ?> ><?php echo esc_textarea( $this->value() ); ?></textarea> <?php break; case 'dropdown-pages': ?> <?php if ( ! empty( $this->label ) ) : ?> <label for="<?php echo esc_attr( $input_id ); ?>" class="customize-control-title"><?php echo esc_html( $this->label ); ?></label> <?php endif; ?> <?php if ( ! empty( $this->description ) ) : ?> <span id="<?php echo esc_attr( $description_id ); ?>" class="description customize-control-description"><?php echo $this->description; ?></span> <?php endif; ?> <?php $dropdown_name = '_customize-dropdown-pages-' . $this->id; $show_option_none = __( '— Select —' ); $option_none_value = '0'; $dropdown = wp_dropdown_pages( array( 'name' => $dropdown_name, 'echo' => 0, 'show_option_none' => $show_option_none, 'option_none_value' => $option_none_value, 'selected' => $this->value(), ) ); if ( empty( $dropdown ) ) { $dropdown = sprintf( '<select id="%1$s" name="%1$s">', esc_attr( $dropdown_name ) ); $dropdown .= sprintf( '<option value="%1$s">%2$s</option>', esc_attr( $option_none_value ), esc_html( $show_option_none ) ); $dropdown .= '</select>'; } // Hackily add in the data link parameter. $dropdown = str_replace( '<select', '<select ' . $this->get_link() . ' id="' . esc_attr( $input_id ) . '" ' . $describedby_attr, $dropdown ); /* * Even more hackily add auto-draft page stubs. * @todo Eventually this should be removed in favor of the pages being injected into the underlying get_pages() call. * See <https://github.com/xwp/wp-customize-posts/pull/250>. */ $nav_menus_created_posts_setting = $this->manager->get_setting( 'nav_menus_created_posts' ); if ( $nav_menus_created_posts_setting && current_user_can( 'publish_pages' ) ) { $auto_draft_page_options = ''; foreach ( $nav_menus_created_posts_setting->value() as $auto_draft_page_id ) { $post = get_post( $auto_draft_page_id ); if ( $post && 'page' === $post->post_type ) { $auto_draft_page_options .= sprintf( '<option value="%1$s">%2$s</option>', esc_attr( $post->ID ), esc_html( $post->post_title ) ); } } if ( $auto_draft_page_options ) { $dropdown = str_replace( '</select>', $auto_draft_page_options . '</select>', $dropdown ); } } echo $dropdown; ?> <?php if ( $this->allow_addition && current_user_can( 'publish_pages' ) && current_user_can( 'edit_theme_options' ) ) : // Currently tied to menus functionality. ?> <button type="button" class="button-link add-new-toggle"> <?php /* translators: %s: Add Page label. */ printf( __( '+ %s' ), get_post_type_object( 'page' )->labels->add_new_item ); ?> </button> <div class="new-content-item-wrapper"> <label for="create-input-<?php echo esc_attr( $this->id ); ?>"><?php _e( 'New page title' ); ?></label> <div class="new-content-item"> <input type="text" id="create-input-<?php echo esc_attr( $this->id ); ?>" class="create-item-input form-required"> <button type="button" class="button add-content"><?php _e( 'Add' ); ?></button> </div> <span id="create-input-<?php echo esc_attr( $this->id ); ?>-error" class="create-item-error error-message" style="display: none;"><?php _e( 'Please enter a page title' ); ?></span> </div> <?php endif; ?> <?php break; default: ?> <?php if ( ! empty( $this->label ) ) : ?> <label for="<?php echo esc_attr( $input_id ); ?>" class="customize-control-title"><?php echo esc_html( $this->label ); ?></label> <?php endif; ?> <?php if ( ! empty( $this->description ) ) : ?> <span id="<?php echo esc_attr( $description_id ); ?>" class="description customize-control-description"><?php echo $this->description; ?></span> <?php endif; ?> <input id="<?php echo esc_attr( $input_id ); ?>" type="<?php echo esc_attr( $this->type ); ?>" <?php echo $describedby_attr; ?> <?php $this->input_attrs(); ?> <?php if ( ! isset( $this->input_attrs['value'] ) ) : ?> value="<?php echo esc_attr( $this->value() ); ?>" <?php endif; ?> <?php $this->link(); ?> /> <?php break; } } /** * Renders the control's JS template. * * This function is only run for control types that have been registered with * WP_Customize_Manager::register_control_type(). * * In the future, this will also print the template for the control's container * element and be override-able. * * @since 4.1.0 */ final public function print_template() { ?> <script type="text/html" id="tmpl-customize-control-<?php echo esc_attr( $this->type ); ?>-content"> <?php $this->content_template(); ?> </script> <?php } /** * An Underscore (JS) template for this control's content (but not its container). * * Class variables for this control class are available in the `data` JS object; * export custom variables by overriding WP_Customize_Control::to_json(). * * @see WP_Customize_Control::print_template() * * @since 4.1.0 */ protected function content_template() {} } /** * WP_Customize_Color_Control class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-color-control.php'; /** * WP_Customize_Media_Control class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-media-control.php'; /** * WP_Customize_Upload_Control class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-upload-control.php'; /** * WP_Customize_Image_Control class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-image-control.php'; /** * WP_Customize_Background_Image_Control class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-background-image-control.php'; /** * WP_Customize_Background_Position_Control class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-background-position-control.php'; /** * WP_Customize_Cropped_Image_Control class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-cropped-image-control.php'; /** * WP_Customize_Site_Icon_Control class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-site-icon-control.php'; /** * WP_Customize_Header_Image_Control class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-header-image-control.php'; /** * WP_Customize_Theme_Control class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-theme-control.php'; /** * WP_Widget_Area_Customize_Control class. */ require_once ABSPATH . WPINC . '/customize/class-wp-widget-area-customize-control.php'; /** * WP_Widget_Form_Customize_Control class. */ require_once ABSPATH . WPINC . '/customize/class-wp-widget-form-customize-control.php'; /** * WP_Customize_Nav_Menu_Control class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-control.php'; /** * WP_Customize_Nav_Menu_Item_Control class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-item-control.php'; /** * WP_Customize_Nav_Menu_Location_Control class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-location-control.php'; /** * WP_Customize_Nav_Menu_Name_Control class. * * As this file is deprecated, it will trigger a deprecation notice if instantiated. In a subsequent * release, the require_once here will be removed and _deprecated_file() will be called if file is * required at all. * * @deprecated 4.9.0 This file is no longer used due to new menu creation UX. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-name-control.php'; /** * WP_Customize_Nav_Menu_Locations_Control class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-locations-control.php'; /** * WP_Customize_Nav_Menu_Auto_Add_Control class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-nav-menu-auto-add-control.php'; /** * WP_Customize_Date_Time_Control class. */ require_once ABSPATH . WPINC . '/customize/class-wp-customize-date-time-control.php'; /** * WP_Sidebar_Block_Editor_Control class. */ require_once ABSPATH . WPINC . '/customize/class-wp-sidebar-block-editor-control.php'; class-wp-user-request.php 0000666 00000004401 15225624212 0011454 0 ustar 00 <?php /** * WP_User_Request class. * * Represents user request data loaded from a WP_Post object. * * @since 4.9.6 */ #[AllowDynamicProperties] final class WP_User_Request { /** * Request ID. * * @since 4.9.6 * @var int */ public $ID = 0; /** * User ID. * * @since 4.9.6 * @var int */ public $user_id = 0; /** * User email. * * @since 4.9.6 * @var string */ public $email = ''; /** * Action name. * * @since 4.9.6 * @var string */ public $action_name = ''; /** * Current status. * * @since 4.9.6 * @var string */ public $status = ''; /** * Timestamp this request was created. * * @since 4.9.6 * @var int|null */ public $created_timestamp = null; /** * Timestamp this request was last modified. * * @since 4.9.6 * @var int|null */ public $modified_timestamp = null; /** * Timestamp this request was confirmed. * * @since 4.9.6 * @var int|null */ public $confirmed_timestamp = null; /** * Timestamp this request was completed. * * @since 4.9.6 * @var int|null */ public $completed_timestamp = null; /** * Misc data assigned to this request. * * @since 4.9.6 * @var array */ public $request_data = array(); /** * Key used to confirm this request. * * @since 4.9.6 * @since 6.8.0 The key is now hashed using wp_fast_hash() instead of phpass. * * @var string */ public $confirm_key = ''; /** * Constructor. * * @since 4.9.6 * * @param WP_Post|object $post Post object. */ public function __construct( $post ) { $this->ID = $post->ID; $this->user_id = $post->post_author; $this->email = $post->post_title; $this->action_name = $post->post_name; $this->status = $post->post_status; $this->created_timestamp = strtotime( $post->post_date_gmt ); $this->modified_timestamp = strtotime( $post->post_modified_gmt ); $this->confirmed_timestamp = (int) get_post_meta( $post->ID, '_wp_user_request_confirmed_timestamp', true ); $this->completed_timestamp = (int) get_post_meta( $post->ID, '_wp_user_request_completed_timestamp', true ); $this->request_data = json_decode( $post->post_content, true ); $this->confirm_key = $post->post_password; } } https-detection-20260605101435.php 0000666 00000013341 15225624212 0011762 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260607003752.php 0000666 00000011205 15225624212 0011777 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260605080448.php 0000666 00000011205 15225624212 0012004 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605172305.php 0000666 00000013341 15225624212 0011766 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } class-wp-script-modules.php 0000666 00000100225 15225624212 0011763 0 ustar 00 <?php /** * Script Modules API: WP_Script_Modules class. * * Native support for ES Modules and Import Maps. * * @package WordPress * @subpackage Script Modules */ /** * Core class used to register script modules. * * @since 6.5.0 */ class WP_Script_Modules { /** * Holds the registered script modules, keyed by script module identifier. * * @since 6.5.0 * @var array<string, array<string, mixed>> */ private $registered = array(); /** * An array of IDs for queued script modules. * * @since 6.9.0 * @var string[] */ private $queue = array(); /** * Holds the script module identifiers that have been printed. * * @since 6.9.0 * @var string[] */ private $done = array(); /** * Tracks whether the @wordpress/a11y script module is available. * * Some additional HTML is required on the page for the module to work. Track * whether it's available to print at the appropriate time. * * @since 6.7.0 * @var bool */ private $a11y_available = false; /** * Holds a mapping of dependents (as IDs) for a given script ID. * Used to optimize recursive dependency tree checks. * * @since 6.9.0 * @var array<string, string[]> */ private $dependents_map = array(); /** * Holds the valid values for fetchpriority. * * @since 6.9.0 * @var string[] */ private $priorities = array( 'low', 'auto', 'high', ); /** * List of IDs for script modules encountered which have missing dependencies. * * An ID is added to this list when it is discovered to have missing dependencies. At this time, a warning is * emitted with {@see _doing_it_wrong()}. The ID is then added to this list, so that duplicate warnings don't occur. * * @since 6.9.1 * @var string[] */ private $modules_with_missing_dependencies = array(); /** * Registers the script module if no script module with that script module * identifier has already been registered. * * @since 6.5.0 * @since 6.9.0 Added the $args parameter. * * @param string $id The identifier of the script module. Should be unique. It will be used in the * final import map. * @param string $src Optional. Full URL of the script module, or path of the script module relative * to the WordPress root directory. If it is provided and the script module has * not been registered yet, it will be registered. * @param array $deps { * Optional. List of dependencies. * * @type string|array ...$0 { * An array of script module identifiers of the dependencies of this script * module. The dependencies can be strings or arrays. If they are arrays, * they need an `id` key with the script module identifier, and can contain * an `import` key with either `static` or `dynamic`. By default, * dependencies that don't contain an `import` key are considered static. * * @type string $id The script module identifier. * @type string $import Optional. Import type. May be either `static` or * `dynamic`. Defaults to `static`. * } * } * @param string|false|null $version Optional. String specifying the script module version number. Defaults to false. * It is added to the URL as a query string for cache busting purposes. If $version * is set to false, the version number is the currently installed WordPress version. * If $version is set to null, no version is added. * @param array $args { * Optional. An array of additional args. Default empty array. * * @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional. * @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional. * } */ public function register( string $id, string $src, array $deps = array(), $version = false, array $args = array() ) { if ( '' === $id ) { _doing_it_wrong( __METHOD__, __( 'Non-empty string required for id.' ), '6.9.0' ); return; } if ( ! isset( $this->registered[ $id ] ) ) { $dependencies = array(); foreach ( $deps as $dependency ) { if ( is_array( $dependency ) ) { if ( ! isset( $dependency['id'] ) || ! is_string( $dependency['id'] ) ) { _doing_it_wrong( __METHOD__, __( 'Missing required id key in entry among dependencies array.' ), '6.5.0' ); continue; } $dependencies[] = array( 'id' => $dependency['id'], 'import' => isset( $dependency['import'] ) && 'dynamic' === $dependency['import'] ? 'dynamic' : 'static', ); } elseif ( is_string( $dependency ) ) { $dependencies[] = array( 'id' => $dependency, 'import' => 'static', ); } else { _doing_it_wrong( __METHOD__, __( 'Entries in dependencies array must be either strings or arrays with an id key.' ), '6.5.0' ); } } $in_footer = isset( $args['in_footer'] ) && (bool) $args['in_footer']; $fetchpriority = 'auto'; if ( isset( $args['fetchpriority'] ) ) { if ( $this->is_valid_fetchpriority( $args['fetchpriority'] ) ) { $fetchpriority = $args['fetchpriority']; } else { _doing_it_wrong( __METHOD__, sprintf( /* translators: 1: $fetchpriority, 2: $id */ __( 'Invalid fetchpriority `%1$s` defined for `%2$s` during script registration.' ), is_string( $args['fetchpriority'] ) ? $args['fetchpriority'] : gettype( $args['fetchpriority'] ), $id ), '6.9.0' ); } } $this->registered[ $id ] = array( 'src' => $src, 'version' => $version, 'dependencies' => $dependencies, 'in_footer' => $in_footer, 'fetchpriority' => $fetchpriority, ); } } /** * Gets IDs for queued script modules. * * @since 6.9.0 * * @return string[] Script module IDs. */ public function get_queue(): array { return $this->queue; } /** * Checks if the provided fetchpriority is valid. * * @since 6.9.0 * * @param string|mixed $priority Fetch priority. * @return bool Whether valid fetchpriority. */ private function is_valid_fetchpriority( $priority ): bool { return in_array( $priority, $this->priorities, true ); } /** * Sets the fetch priority for a script module. * * @since 6.9.0 * * @param string $id Script module identifier. * @param 'auto'|'low'|'high' $priority Fetch priority for the script module. * @return bool Whether setting the fetchpriority was successful. */ public function set_fetchpriority( string $id, string $priority ): bool { if ( ! isset( $this->registered[ $id ] ) ) { return false; } if ( '' === $priority ) { $priority = 'auto'; } if ( ! $this->is_valid_fetchpriority( $priority ) ) { _doing_it_wrong( __METHOD__, /* translators: %s: Invalid fetchpriority. */ sprintf( __( 'Invalid fetchpriority: %s' ), $priority ), '6.9.0' ); return false; } $this->registered[ $id ]['fetchpriority'] = $priority; return true; } /** * Sets whether a script module should be printed in the footer. * * This is only relevant in block themes. * * @since 6.9.0 * * @param string $id Script module identifier. * @param bool $in_footer Whether to print in the footer. * @return bool Whether setting the printing location was successful. */ public function set_in_footer( string $id, bool $in_footer ): bool { if ( ! isset( $this->registered[ $id ] ) ) { return false; } $this->registered[ $id ]['in_footer'] = $in_footer; return true; } /** * Marks the script module to be enqueued in the page. * * If a src is provided and the script module has not been registered yet, it * will be registered. * * @since 6.5.0 * @since 6.9.0 Added the $args parameter. * * @param string $id The identifier of the script module. Should be unique. It will be used in the * final import map. * @param string $src Optional. Full URL of the script module, or path of the script module relative * to the WordPress root directory. If it is provided and the script module has * not been registered yet, it will be registered. * @param array $deps { * Optional. List of dependencies. * * @type string|array ...$0 { * An array of script module identifiers of the dependencies of this script * module. The dependencies can be strings or arrays. If they are arrays, * they need an `id` key with the script module identifier, and can contain * an `import` key with either `static` or `dynamic`. By default, * dependencies that don't contain an `import` key are considered static. * * @type string $id The script module identifier. * @type string $import Optional. Import type. May be either `static` or * `dynamic`. Defaults to `static`. * } * } * @param string|false|null $version Optional. String specifying the script module version number. Defaults to false. * It is added to the URL as a query string for cache busting purposes. If $version * is set to false, the version number is the currently installed WordPress version. * If $version is set to null, no version is added. * @param array $args { * Optional. An array of additional args. Default empty array. * * @type bool $in_footer Whether to print the script module in the footer. Only relevant to block themes. Default 'false'. Optional. * @type 'auto'|'low'|'high' $fetchpriority Fetch priority. Default 'auto'. Optional. * } */ public function enqueue( string $id, string $src = '', array $deps = array(), $version = false, array $args = array() ) { if ( '' === $id ) { _doing_it_wrong( __METHOD__, __( 'Non-empty string required for id.' ), '6.9.0' ); return; } if ( ! in_array( $id, $this->queue, true ) ) { $this->queue[] = $id; } if ( ! isset( $this->registered[ $id ] ) && $src ) { $this->register( $id, $src, $deps, $version, $args ); } } /** * Unmarks the script module so it will no longer be enqueued in the page. * * @since 6.5.0 * * @param string $id The identifier of the script module. */ public function dequeue( string $id ) { $this->queue = array_values( array_diff( $this->queue, array( $id ) ) ); } /** * Removes a registered script module. * * @since 6.5.0 * * @param string $id The identifier of the script module. */ public function deregister( string $id ) { $this->dequeue( $id ); unset( $this->registered[ $id ] ); } /** * Adds the hooks to print the import map, enqueued script modules and script * module preloads. * * In classic themes, the script modules used by the blocks are not yet known * when the `wp_head` actions is fired, so it needs to print everything in the * footer. * * @since 6.5.0 */ public function add_hooks() { $is_block_theme = wp_is_block_theme(); $position = $is_block_theme ? 'wp_head' : 'wp_footer'; add_action( $position, array( $this, 'print_import_map' ) ); if ( $is_block_theme ) { /* * Modules can only be printed in the head for block themes because only with * block themes will import map be fully populated by modules discovered by * rendering the block template. In classic themes, modules are enqueued during * template rendering, thus the import map must be printed in the footer, * followed by all enqueued modules. */ add_action( 'wp_head', array( $this, 'print_head_enqueued_script_modules' ) ); } add_action( 'wp_footer', array( $this, 'print_enqueued_script_modules' ) ); add_action( $position, array( $this, 'print_script_module_preloads' ) ); add_action( 'admin_print_footer_scripts', array( $this, 'print_import_map' ) ); add_action( 'admin_print_footer_scripts', array( $this, 'print_enqueued_script_modules' ) ); add_action( 'admin_print_footer_scripts', array( $this, 'print_script_module_preloads' ) ); add_action( 'wp_footer', array( $this, 'print_script_module_data' ) ); add_action( 'admin_print_footer_scripts', array( $this, 'print_script_module_data' ) ); add_action( 'wp_footer', array( $this, 'print_a11y_script_module_html' ), 20 ); add_action( 'admin_print_footer_scripts', array( $this, 'print_a11y_script_module_html' ), 20 ); } /** * Gets the highest fetch priority for the provided script IDs. * * @since 6.9.0 * * @param string[] $ids Script module IDs. * @return 'auto'|'low'|'high' Highest fetch priority for the provided script module IDs. */ private function get_highest_fetchpriority( array $ids ): string { static $high_priority_index = null; if ( null === $high_priority_index ) { $high_priority_index = count( $this->priorities ) - 1; } $highest_priority_index = 0; foreach ( $ids as $id ) { if ( isset( $this->registered[ $id ] ) ) { $highest_priority_index = (int) max( $highest_priority_index, (int) array_search( $this->registered[ $id ]['fetchpriority'], $this->priorities, true ) ); if ( $high_priority_index === $highest_priority_index ) { break; } } } return $this->priorities[ $highest_priority_index ]; } /** * Prints the enqueued script modules in head. * * This is only used in block themes. * * @since 6.9.0 */ public function print_head_enqueued_script_modules() { foreach ( $this->get_sorted_dependencies( $this->queue ) as $id ) { if ( isset( $this->registered[ $id ] ) && ! $this->registered[ $id ]['in_footer'] ) { // If any dependency is set to be printed in footer, skip printing this module in head. $dependencies = array_keys( $this->get_dependencies( array( $id ) ) ); foreach ( $dependencies as $dependency_id ) { if ( in_array( $dependency_id, $this->queue, true ) && isset( $this->registered[ $dependency_id ] ) && $this->registered[ $dependency_id ]['in_footer'] ) { continue 2; } } $this->print_script_module( $id ); } } } /** * Prints the enqueued script modules in footer. * * @since 6.5.0 */ public function print_enqueued_script_modules() { foreach ( $this->get_sorted_dependencies( $this->queue ) as $id ) { $this->print_script_module( $id ); } } /** * Prints the enqueued script module using script tags with type="module" * attributes. * * @since 6.9.0 * * @param string $id The script module identifier. */ private function print_script_module( string $id ) { if ( in_array( $id, $this->done, true ) || ! in_array( $id, $this->queue, true ) ) { return; } $this->done[] = $id; $src = $this->get_src( $id ); if ( '' === $src ) { return; } $attributes = array( 'type' => 'module', 'src' => $src, 'id' => $id . '-js-module', ); $script_module = $this->registered[ $id ]; $queued_dependents = array_intersect( $this->queue, $this->get_recursive_dependents( $id ) ); $fetchpriority = $this->get_highest_fetchpriority( array_merge( array( $id ), $queued_dependents ) ); if ( 'auto' !== $fetchpriority ) { $attributes['fetchpriority'] = $fetchpriority; } if ( $fetchpriority !== $script_module['fetchpriority'] ) { $attributes['data-wp-fetchpriority'] = $script_module['fetchpriority']; } wp_print_script_tag( $attributes ); } /** * Prints the static dependencies of the enqueued script modules using * link tags with rel="modulepreload" attributes. * * If a script module is marked for enqueue, it will not be preloaded. * * @since 6.5.0 */ public function print_script_module_preloads() { $dependency_ids = $this->get_sorted_dependencies( $this->queue, array( 'static' ) ); foreach ( $dependency_ids as $id ) { // Don't preload if it's marked for enqueue. if ( in_array( $id, $this->queue, true ) ) { continue; } $src = $this->get_src( $id ); if ( '' === $src ) { continue; } $enqueued_dependents = array_intersect( $this->get_recursive_dependents( $id ), $this->queue ); $highest_fetchpriority = $this->get_highest_fetchpriority( $enqueued_dependents ); printf( '<link rel="modulepreload" href="%s" id="%s"', esc_url( $src ), esc_attr( $id . '-js-modulepreload' ) ); if ( 'auto' !== $highest_fetchpriority ) { printf( ' fetchpriority="%s"', esc_attr( $highest_fetchpriority ) ); } if ( $highest_fetchpriority !== $this->registered[ $id ]['fetchpriority'] && 'auto' !== $this->registered[ $id ]['fetchpriority'] ) { printf( ' data-wp-fetchpriority="%s"', esc_attr( $this->registered[ $id ]['fetchpriority'] ) ); } echo ">\n"; } } /** * Prints the import map using a script tag with a type="importmap" attribute. * * @since 6.5.0 */ public function print_import_map() { $import_map = $this->get_import_map(); if ( ! empty( $import_map['imports'] ) ) { wp_print_inline_script_tag( (string) wp_json_encode( $import_map, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ), array( 'type' => 'importmap', 'id' => 'wp-importmap', ) ); } } /** * Returns the import map array. * * @since 6.5.0 * * @return array Array with an `imports` key mapping to an array of script module identifiers and their respective * URLs, including the version query. */ private function get_import_map(): array { $imports = array(); foreach ( array_keys( $this->get_dependencies( $this->queue ) ) as $id ) { $src = $this->get_src( $id ); if ( '' !== $src ) { $imports[ $id ] = $src; } } return array( 'imports' => $imports ); } /** * Retrieves the list of script modules marked for enqueue. * * Even though this is a private method and is unused in core, there are ecosystem plugins accessing it via the * Reflection API. The ecosystem should rather use {@see self::get_queue()}. * * @since 6.5.0 * * @return array<string, array> Script modules marked for enqueue, keyed by script module identifier. */ private function get_marked_for_enqueue(): array { return wp_array_slice_assoc( $this->registered, $this->queue ); } /** * Retrieves all the dependencies for the given script module identifiers, filtered by import types. * * It will consolidate an array containing a set of unique dependencies based * on the requested import types: 'static', 'dynamic', or both. This method is * recursive and also retrieves dependencies of the dependencies. * * @since 6.5.0 * * @param string[] $ids The identifiers of the script modules for which to gather dependencies. * @param string[] $import_types Optional. Import types of dependencies to retrieve: 'static', 'dynamic', or both. * Default is both. * @return array<string, array> List of dependencies, keyed by script module identifier. */ private function get_dependencies( array $ids, array $import_types = array( 'static', 'dynamic' ) ): array { $all_dependencies = array(); $id_queue = $ids; while ( ! empty( $id_queue ) ) { $id = array_shift( $id_queue ); if ( ! isset( $this->registered[ $id ] ) ) { continue; } foreach ( $this->registered[ $id ]['dependencies'] as $dependency ) { if ( ! isset( $all_dependencies[ $dependency['id'] ] ) && in_array( $dependency['import'], $import_types, true ) && isset( $this->registered[ $dependency['id'] ] ) ) { $all_dependencies[ $dependency['id'] ] = $this->registered[ $dependency['id'] ]; // Add this dependency to the list to get dependencies for. $id_queue[] = $dependency['id']; } } } return $all_dependencies; } /** * Gets all dependents of a script module. * * This is not recursive. * * @since 6.9.0 * * @see WP_Scripts::get_dependents() * * @param string $id The script ID. * @return string[] Script module IDs. */ private function get_dependents( string $id ): array { // Check if dependents map for the handle in question is present. If so, use it. if ( isset( $this->dependents_map[ $id ] ) ) { return $this->dependents_map[ $id ]; } $dependents = array(); // Iterate over all registered scripts, finding dependents of the script passed to this method. foreach ( $this->registered as $registered_id => $args ) { if ( in_array( $id, wp_list_pluck( $args['dependencies'], 'id' ), true ) ) { $dependents[] = $registered_id; } } // Add the module's dependents to the map to ease future lookups. $this->dependents_map[ $id ] = $dependents; return $dependents; } /** * Gets all recursive dependents of a script module. * * @since 6.9.0 * * @see WP_Scripts::get_dependents() * * @param string $id The script ID. * @return string[] Script module IDs. */ private function get_recursive_dependents( string $id ): array { $dependents = array(); $id_queue = array( $id ); $processed = array(); while ( ! empty( $id_queue ) ) { $current_id = array_shift( $id_queue ); // Skip unregistered or already-processed script modules. if ( ! isset( $this->registered[ $current_id ] ) || isset( $processed[ $current_id ] ) ) { continue; } // Mark as processed to guard against infinite loops from circular dependencies. $processed[ $current_id ] = true; // Find the direct dependents of the current script. foreach ( $this->get_dependents( $current_id ) as $dependent_id ) { // Only add the dependent if we haven't found it before. if ( ! isset( $dependents[ $dependent_id ] ) ) { $dependents[ $dependent_id ] = true; // Add dependency to the queue. $id_queue[] = $dependent_id; } } } return array_keys( $dependents ); } /** * Sorts the given script module identifiers based on their dependencies. * * It will return a list of script module identifiers sorted in the order * they should be printed, so that dependencies are printed before the script * modules that depend on them. * * @since 6.9.0 * * @param string[] $ids The identifiers of the script modules to sort. * @param string[] $import_types Optional. Import types of dependencies to retrieve: 'static', 'dynamic', or both. * Default is both. * @return string[] Sorted list of script module identifiers. */ private function get_sorted_dependencies( array $ids, array $import_types = array( 'static', 'dynamic' ) ): array { $sorted = array(); foreach ( $ids as $id ) { $this->sort_item_dependencies( $id, $import_types, $sorted ); } return array_unique( $sorted ); } /** * Recursively sorts the dependencies for a single script module identifier. * * @since 6.9.0 * * @param string $id The identifier of the script module to sort. * @param string[] $import_types Optional. Import types of dependencies to retrieve: 'static', 'dynamic', or both. * @param string[] &$sorted The array of sorted identifiers, passed by reference. * @return bool True on success, false on failure (e.g., missing dependency). */ private function sort_item_dependencies( string $id, array $import_types, array &$sorted ): bool { // If already processed, don't do it again. if ( in_array( $id, $sorted, true ) ) { return true; } // If the item doesn't exist, fail. if ( ! isset( $this->registered[ $id ] ) ) { return false; } $dependency_ids = array(); foreach ( $this->registered[ $id ]['dependencies'] as $dependency ) { if ( in_array( $dependency['import'], $import_types, true ) ) { $dependency_ids[] = $dependency['id']; } } // If the item requires dependencies that do not exist, fail. $missing_dependencies = array_diff( $dependency_ids, array_keys( $this->registered ) ); if ( count( $missing_dependencies ) > 0 ) { if ( ! in_array( $id, $this->modules_with_missing_dependencies, true ) ) { _doing_it_wrong( get_class( $this ) . '::register', sprintf( /* translators: 1: Script module ID, 2: List of missing dependency IDs. */ __( 'The script module with the ID "%1$s" was enqueued with dependencies that are not registered: %2$s.' ), $id, implode( wp_get_list_item_separator(), $missing_dependencies ) ), '6.9.1' ); $this->modules_with_missing_dependencies[] = $id; } return false; } // Recursively process dependencies. foreach ( $dependency_ids as $dependency_id ) { if ( ! $this->sort_item_dependencies( $dependency_id, $import_types, $sorted ) ) { // A dependency failed to resolve, so this branch fails. return false; } } // All dependencies are sorted, so we can now add the current item. $sorted[] = $id; return true; } /** * Gets the versioned URL for a script module src. * * If $version is set to false, the version number is the currently installed * WordPress version. If $version is set to null, no version is added. * Otherwise, the string passed in $version is used. * * @since 6.5.0 * * @param string $id The script module identifier. * @return string The script module src with a version if relevant. */ private function get_src( string $id ): string { if ( ! isset( $this->registered[ $id ] ) ) { return ''; } $script_module = $this->registered[ $id ]; $src = $script_module['src']; if ( '' !== $src ) { if ( false === $script_module['version'] ) { $src = add_query_arg( 'ver', get_bloginfo( 'version' ), $src ); } elseif ( null !== $script_module['version'] ) { $src = add_query_arg( 'ver', $script_module['version'], $src ); } } /** * Filters the script module source. * * @since 6.5.0 * * @param string $src Module source URL. * @param string $id Module identifier. */ $src = apply_filters( 'script_module_loader_src', $src, $id ); if ( ! is_string( $src ) ) { $src = ''; } return $src; } /** * Print data associated with Script Modules. * * The data will be embedded in the page HTML and can be read by Script Modules on page load. * * @since 6.7.0 * * Data can be associated with a Script Module via the * {@see "script_module_data_{$module_id}"} filter. * * The data for a Script Module will be serialized as JSON in a script tag with an ID of the * form `wp-script-module-data-{$module_id}`. */ public function print_script_module_data(): void { $modules = array(); foreach ( array_unique( $this->queue ) as $id ) { if ( '@wordpress/a11y' === $id ) { $this->a11y_available = true; } $modules[ $id ] = true; } foreach ( array_keys( $this->get_import_map()['imports'] ) as $id ) { if ( '@wordpress/a11y' === $id ) { $this->a11y_available = true; } $modules[ $id ] = true; } foreach ( array_keys( $modules ) as $module_id ) { /** * Filters data associated with a given Script Module. * * Script Modules may require data that is required for initialization or is essential * to have immediately available on page load. These are suitable use cases for * this data. * * The dynamic portion of the hook name, `$module_id`, refers to the Script Module ID * that the data is associated with. * * This is best suited to pass essential data that must be available to the module for * initialization or immediately on page load. It does not replace the REST API or * fetching data from the client. * * Example: * * add_filter( * 'script_module_data_MyScriptModuleID', * function ( array $data ): array { * $data['dataForClient'] = 'ok'; * return $data; * } * ); * * If the filter returns no data (an empty array), nothing will be embedded in the page. * * The data for a given Script Module, if provided, will be JSON serialized in a script * tag with an ID of the form `wp-script-module-data-{$module_id}`. * * The data can be read on the client with a pattern like this: * * Example: * * const dataContainer = document.getElementById( 'wp-script-module-data-MyScriptModuleID' ); * let data = {}; * if ( dataContainer ) { * try { * data = JSON.parse( dataContainer.textContent ); * } catch {} * } * // data.dataForClient === 'ok'; * initMyScriptModuleWithData( data ); * * @since 6.7.0 * * @param array $data The data associated with the Script Module. */ $data = apply_filters( "script_module_data_{$module_id}", array() ); if ( is_array( $data ) && array() !== $data ) { /* * This data will be printed as JSON inside a script tag like this: * <script type="application/json"></script> * * A script tag must be closed by a sequence beginning with `</`. It's impossible to * close a script tag without using `<`. We ensure that `<` is escaped and `/` can * remain unescaped, so `</script>` will be printed as `\u003C/script\u00E3`. * * - JSON_HEX_TAG: All < and > are converted to \u003C and \u003E. * - JSON_UNESCAPED_SLASHES: Don't escape /. * * If the page will use UTF-8 encoding, it's safe to print unescaped unicode: * * - JSON_UNESCAPED_UNICODE: Encode multibyte Unicode characters literally (instead of as `\uXXXX`). * - JSON_UNESCAPED_LINE_TERMINATORS: The line terminators are kept unescaped when * JSON_UNESCAPED_UNICODE is supplied. It uses the same behaviour as it was * before PHP 7.1 without this constant. Available as of PHP 7.1.0. * * The JSON specification requires encoding in UTF-8, so if the generated HTML page * is not encoded in UTF-8 then it's not safe to include those literals. They must * be escaped to avoid encoding issues. * * @see https://www.rfc-editor.org/rfc/rfc8259.html for details on encoding requirements. * @see https://www.php.net/manual/en/json.constants.php for details on these constants. * @see https://html.spec.whatwg.org/#script-data-state for details on script tag parsing. */ $json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_LINE_TERMINATORS; if ( ! is_utf8_charset() ) { $json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES; } wp_print_inline_script_tag( (string) wp_json_encode( $data, $json_encode_flags ), array( 'type' => 'application/json', 'id' => "wp-script-module-data-{$module_id}", ) ); } } } /** * @access private This is only intended to be called by the registered actions. * * @since 6.7.0 */ public function print_a11y_script_module_html() { if ( ! $this->a11y_available ) { return; } echo '<div style="position:absolute;margin:-1px;padding:0;height:1px;width:1px;overflow:hidden;clip-path:inset(50%);border:0;word-wrap:normal !important;">' . '<p id="a11y-speak-intro-text" class="a11y-speak-intro-text" hidden>' . esc_html__( 'Notifications' ) . '</p>' . '<div id="a11y-speak-assertive" class="a11y-speak-region" aria-live="assertive" aria-relevant="additions text" aria-atomic="true"></div>' . '<div id="a11y-speak-polite" class="a11y-speak-region" aria-live="polite" aria-relevant="additions text" aria-atomic="true"></div>' . '</div>'; } } https-migration-20260605062553.php 0000666 00000011205 15225624212 0012001 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-migration-20260606215435.php 0000666 00000011205 15225624212 0012001 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260605073931.php 0000666 00000013341 15225624212 0011773 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } class-wp-translation-file.php 0000666 00000014211 15225624212 0012263 0 ustar 00 <?php /** * I18N: WP_Translation_File class. * * @package WordPress * @subpackage I18N * @since 6.5.0 */ /** * Class WP_Translation_File. * * @since 6.5.0 */ abstract class WP_Translation_File { /** * List of headers. * * @since 6.5.0 * @var array<string, string> */ protected $headers = array(); /** * Whether file has been parsed. * * @since 6.5.0 * @var bool */ protected $parsed = false; /** * Error information. * * @since 6.5.0 * @var string|null Error message or null if no error. */ protected $error; /** * File name. * * @since 6.5.0 * @var string */ protected $file = ''; /** * Translation entries. * * @since 6.5.0 * @var array<string, string> */ protected $entries = array(); /** * Plural forms function. * * @since 6.5.0 * @var callable|null Plural forms. */ protected $plural_forms = null; /** * Constructor. * * @since 6.5.0 * * @param string $file File to load. */ protected function __construct( string $file ) { $this->file = $file; } /** * Creates a new WP_Translation_File instance for a given file. * * @since 6.5.0 * * @param string $file File name. * @param string|null $filetype Optional. File type. Default inferred from file name. * @return false|WP_Translation_File */ public static function create( string $file, ?string $filetype = null ) { if ( ! is_readable( $file ) ) { return false; } if ( null === $filetype ) { $pos = strrpos( $file, '.' ); if ( false !== $pos ) { $filetype = substr( $file, $pos + 1 ); } } switch ( $filetype ) { case 'mo': return new WP_Translation_File_MO( $file ); case 'php': return new WP_Translation_File_PHP( $file ); default: return false; } } /** * Creates a new WP_Translation_File instance for a given file. * * @since 6.5.0 * * @param string $file Source file name. * @param string $filetype Desired target file type. * @return string|false Transformed translation file contents on success, false otherwise. */ public static function transform( string $file, string $filetype ) { $source = self::create( $file ); if ( false === $source ) { return false; } switch ( $filetype ) { case 'mo': $destination = new WP_Translation_File_MO( '' ); break; case 'php': $destination = new WP_Translation_File_PHP( '' ); break; default: return false; } $success = $destination->import( $source ); if ( ! $success ) { return false; } return $destination->export(); } /** * Returns all headers. * * @since 6.5.0 * * @return array<string, string> Headers. */ public function headers(): array { if ( ! $this->parsed ) { $this->parse_file(); } return $this->headers; } /** * Returns all entries. * * @since 6.5.0 * * @return array<string, string[]> Entries. */ public function entries(): array { if ( ! $this->parsed ) { $this->parse_file(); } return $this->entries; } /** * Returns the current error information. * * @since 6.5.0 * * @return string|null Error message or null if no error. */ public function error() { return $this->error; } /** * Returns the file name. * * @since 6.5.0 * * @return string File name. */ public function get_file(): string { return $this->file; } /** * Translates a given string. * * @since 6.5.0 * * @param string $text String to translate. * @return false|string Translation(s) on success, false otherwise. */ public function translate( string $text ) { if ( ! $this->parsed ) { $this->parse_file(); } return $this->entries[ $text ] ?? false; } /** * Returns the plural form for a given number. * * @since 6.5.0 * * @param int $number Count. * @return int Plural form. */ public function get_plural_form( int $number ): int { if ( ! $this->parsed ) { $this->parse_file(); } if ( null === $this->plural_forms && isset( $this->headers['plural-forms'] ) ) { $expression = $this->get_plural_expression_from_header( $this->headers['plural-forms'] ); $this->plural_forms = $this->make_plural_form_function( $expression ); } if ( is_callable( $this->plural_forms ) ) { /** * Plural form. * * @var int $result Plural form. */ $result = call_user_func( $this->plural_forms, $number ); return $result; } // Default plural form matches English, only "One" is considered singular. return ( 1 === $number ? 0 : 1 ); } /** * Returns the plural forms expression as a tuple. * * @since 6.5.0 * * @param string $header Plural-Forms header string. * @return string Plural forms expression. */ protected function get_plural_expression_from_header( string $header ): string { if ( preg_match( '/^\s*nplurals\s*=\s*(\d+)\s*;\s+plural\s*=\s*(.+)$/', $header, $matches ) ) { return trim( $matches[2] ); } return 'n != 1'; } /** * Makes a function, which will return the right translation index, according to the * plural forms header. * * @since 6.5.0 * * @param string $expression Plural form expression. * @return callable(int $num): int Plural forms function. */ protected function make_plural_form_function( string $expression ): callable { try { $handler = new Plural_Forms( rtrim( $expression, ';' ) ); return array( $handler, 'get' ); } catch ( Exception $e ) { // Fall back to default plural-form function. return $this->make_plural_form_function( 'n != 1' ); } } /** * Imports translations from another file. * * @since 6.5.0 * * @param WP_Translation_File $source Source file. * @return bool True on success, false otherwise. */ protected function import( WP_Translation_File $source ): bool { if ( null !== $source->error() ) { return false; } $this->headers = $source->headers(); $this->entries = $source->entries(); $this->error = $source->error(); return null === $this->error; } /** * Parses the file. * * @since 6.5.0 */ abstract protected function parse_file(); /** * Exports translation contents as a string. * * @since 6.5.0 * * @return string Translation file contents. */ abstract public function export(); } class-wp-translation-controller.php 0000666 00000031253 15225624212 0013534 0 ustar 00 <?php /** * I18N: WP_Translation_Controller class. * * @package WordPress * @subpackage I18N * @since 6.5.0 */ /** * Class WP_Translation_Controller. * * @since 6.5.0 */ final class WP_Translation_Controller { /** * Current locale. * * @since 6.5.0 * @var string */ protected $current_locale = 'en_US'; /** * Map of loaded translations per locale and text domain. * * [ Locale => [ Textdomain => [ ..., ... ] ] ] * * @since 6.5.0 * @var array<string, array<string, WP_Translation_File[]>> */ protected $loaded_translations = array(); /** * List of loaded translation files. * * [ Filename => [ Locale => [ Textdomain => WP_Translation_File ] ] ] * * @since 6.5.0 * @var array<string, array<string, array<string, WP_Translation_File|false>>> */ protected $loaded_files = array(); /** * Container for the main instance of the class. * * @since 6.5.0 * @var WP_Translation_Controller|null */ private static $instance = null; /** * Utility method to retrieve the main instance of the class. * * The instance will be created if it does not exist yet. * * @since 6.5.0 * * @return WP_Translation_Controller */ public static function get_instance(): WP_Translation_Controller { if ( null === self::$instance ) { self::$instance = new self(); } return self::$instance; } /** * Returns the current locale. * * @since 6.5.0 * * @return string Locale. */ public function get_locale(): string { return $this->current_locale; } /** * Sets the current locale. * * @since 6.5.0 * * @param string $locale Locale. */ public function set_locale( string $locale ) { $this->current_locale = $locale; } /** * Loads a translation file for a given text domain. * * @since 6.5.0 * * @param string $translation_file Translation file. * @param string $textdomain Optional. Text domain. Default 'default'. * @param string $locale Optional. Locale. Default current locale. * @return bool True on success, false otherwise. */ public function load_file( string $translation_file, string $textdomain = 'default', ?string $locale = null ): bool { if ( null === $locale ) { $locale = $this->current_locale; } $translation_file = realpath( $translation_file ); if ( false === $translation_file ) { return false; } if ( isset( $this->loaded_files[ $translation_file ][ $locale ][ $textdomain ] ) && false !== $this->loaded_files[ $translation_file ][ $locale ][ $textdomain ] ) { return null === $this->loaded_files[ $translation_file ][ $locale ][ $textdomain ]->error(); } if ( isset( $this->loaded_files[ $translation_file ][ $locale ] ) && array() !== $this->loaded_files[ $translation_file ][ $locale ] ) { $moe = reset( $this->loaded_files[ $translation_file ][ $locale ] ); } else { $moe = WP_Translation_File::create( $translation_file ); if ( false === $moe || null !== $moe->error() ) { $moe = false; } } $this->loaded_files[ $translation_file ][ $locale ][ $textdomain ] = $moe; if ( ! $moe instanceof WP_Translation_File ) { return false; } if ( ! isset( $this->loaded_translations[ $locale ][ $textdomain ] ) ) { $this->loaded_translations[ $locale ][ $textdomain ] = array(); } $this->loaded_translations[ $locale ][ $textdomain ][] = $moe; return true; } /** * Unloads a translation file for a given text domain. * * @since 6.5.0 * * @param WP_Translation_File|string $file Translation file instance or file name. * @param string $textdomain Optional. Text domain. Default 'default'. * @param string $locale Optional. Locale. Defaults to all locales. * @return bool True on success, false otherwise. */ public function unload_file( $file, string $textdomain = 'default', ?string $locale = null ): bool { if ( is_string( $file ) ) { $file = realpath( $file ); } if ( null !== $locale ) { if ( isset( $this->loaded_translations[ $locale ][ $textdomain ] ) ) { foreach ( $this->loaded_translations[ $locale ][ $textdomain ] as $i => $moe ) { if ( $file === $moe || $file === $moe->get_file() ) { unset( $this->loaded_translations[ $locale ][ $textdomain ][ $i ] ); unset( $this->loaded_files[ $moe->get_file() ][ $locale ][ $textdomain ] ); return true; } } } return true; } foreach ( $this->loaded_translations as $l => $domains ) { if ( ! isset( $domains[ $textdomain ] ) ) { continue; } foreach ( $domains[ $textdomain ] as $i => $moe ) { if ( $file === $moe || $file === $moe->get_file() ) { unset( $this->loaded_translations[ $l ][ $textdomain ][ $i ] ); unset( $this->loaded_files[ $moe->get_file() ][ $l ][ $textdomain ] ); return true; } } } return false; } /** * Unloads all translation files for a given text domain. * * @since 6.5.0 * * @param string $textdomain Optional. Text domain. Default 'default'. * @param string $locale Optional. Locale. Defaults to all locales. * @return bool True on success, false otherwise. */ public function unload_textdomain( string $textdomain = 'default', ?string $locale = null ): bool { $unloaded = false; if ( null !== $locale ) { if ( isset( $this->loaded_translations[ $locale ][ $textdomain ] ) ) { $unloaded = true; foreach ( $this->loaded_translations[ $locale ][ $textdomain ] as $moe ) { unset( $this->loaded_files[ $moe->get_file() ][ $locale ][ $textdomain ] ); } } unset( $this->loaded_translations[ $locale ][ $textdomain ] ); return $unloaded; } foreach ( $this->loaded_translations as $l => $domains ) { if ( ! isset( $domains[ $textdomain ] ) ) { continue; } $unloaded = true; foreach ( $domains[ $textdomain ] as $moe ) { unset( $this->loaded_files[ $moe->get_file() ][ $l ][ $textdomain ] ); } unset( $this->loaded_translations[ $l ][ $textdomain ] ); } return $unloaded; } /** * Determines whether translations are loaded for a given text domain. * * @since 6.5.0 * * @param string $textdomain Optional. Text domain. Default 'default'. * @param string $locale Optional. Locale. Default current locale. * @return bool True if there are any loaded translations, false otherwise. */ public function is_textdomain_loaded( string $textdomain = 'default', ?string $locale = null ): bool { if ( null === $locale ) { $locale = $this->current_locale; } return isset( $this->loaded_translations[ $locale ][ $textdomain ] ) && array() !== $this->loaded_translations[ $locale ][ $textdomain ]; } /** * Translates a singular string. * * @since 6.5.0 * * @param string $text Text to translate. * @param string $context Optional. Context for the string. Default empty string. * @param string $textdomain Optional. Text domain. Default 'default'. * @param string $locale Optional. Locale. Default current locale. * @return string|false Translation on success, false otherwise. */ public function translate( string $text, string $context = '', string $textdomain = 'default', ?string $locale = null ) { if ( '' !== $context ) { $context .= "\4"; } $translation = $this->locate_translation( "{$context}{$text}", $textdomain, $locale ); if ( false === $translation ) { return false; } return $translation['entries'][0]; } /** * Translates plurals. * * Checks both singular+plural combinations as well as just singulars, * in case the translation file does not store the plural. * * @since 6.5.0 * * @param array $plurals { * Pair of singular and plural translations. * * @type string $0 Singular translation. * @type string $1 Plural translation. * } * @param int $number Number of items. * @param string $context Optional. Context for the string. Default empty string. * @param string $textdomain Optional. Text domain. Default 'default'. * @param string|null $locale Optional. Locale. Default current locale. * @return string|false Translation on success, false otherwise. */ public function translate_plural( array $plurals, int $number, string $context = '', string $textdomain = 'default', ?string $locale = null ) { if ( '' !== $context ) { $context .= "\4"; } $text = implode( "\0", $plurals ); $translation = $this->locate_translation( "{$context}{$text}", $textdomain, $locale ); if ( false === $translation ) { $text = $plurals[0]; $translation = $this->locate_translation( "{$context}{$text}", $textdomain, $locale ); if ( false === $translation ) { return false; } } /** @var WP_Translation_File $source */ $source = $translation['source']; $num = $source->get_plural_form( $number ); // See \Translations::translate_plural(). return $translation['entries'][ $num ] ?? $translation['entries'][0]; } /** * Returns all existing headers for a given text domain. * * @since 6.5.0 * * @param string $textdomain Optional. Text domain. Default 'default'. * @return array<string, string> Headers. */ public function get_headers( string $textdomain = 'default' ): array { if ( array() === $this->loaded_translations ) { return array(); } $headers = array(); foreach ( $this->get_files( $textdomain ) as $moe ) { foreach ( $moe->headers() as $header => $value ) { $headers[ $this->normalize_header( $header ) ] = $value; } } return $headers; } /** * Normalizes header names to be capitalized. * * @since 6.5.0 * * @param string $header Header name. * @return string Normalized header name. */ protected function normalize_header( string $header ): string { $parts = explode( '-', $header ); $parts = array_map( 'ucfirst', $parts ); return implode( '-', $parts ); } /** * Returns all entries for a given text domain. * * @since 6.5.0 * * @param string $textdomain Optional. Text domain. Default 'default'. * @return array<string, string> Entries. */ public function get_entries( string $textdomain = 'default' ): array { if ( array() === $this->loaded_translations ) { return array(); } $entries = array(); foreach ( $this->get_files( $textdomain ) as $moe ) { $entries = array_merge( $entries, $moe->entries() ); } return $entries; } /** * Locates translation for a given string and text domain. * * @since 6.5.0 * * @param string $singular Singular translation. * @param string $textdomain Optional. Text domain. Default 'default'. * @param string $locale Optional. Locale. Default current locale. * @return array{source: WP_Translation_File, entries: string[]}|false { * Translations on success, false otherwise. * * @type WP_Translation_File $source Translation file instance. * @type string[] $entries Array of translation entries. * } */ protected function locate_translation( string $singular, string $textdomain = 'default', ?string $locale = null ) { if ( array() === $this->loaded_translations ) { return false; } // Find the translation in all loaded files for this text domain. foreach ( $this->get_files( $textdomain, $locale ) as $moe ) { $translation = $moe->translate( $singular ); if ( false !== $translation ) { return array( 'entries' => explode( "\0", $translation ), 'source' => $moe, ); } if ( null !== $moe->error() ) { // Unload this file, something is wrong. $this->unload_file( $moe, $textdomain, $locale ); } } // Nothing could be found. return false; } /** * Returns all translation files for a given text domain. * * @since 6.5.0 * * @param string $textdomain Optional. Text domain. Default 'default'. * @param string $locale Optional. Locale. Default current locale. * @return WP_Translation_File[] List of translation files. */ protected function get_files( string $textdomain = 'default', ?string $locale = null ): array { if ( null === $locale ) { $locale = $this->current_locale; } return $this->loaded_translations[ $locale ][ $textdomain ] ?? array(); } /** * Returns a boolean to indicate whether a translation exists for a given string with optional text domain and locale. * * @since 6.7.0 * * @param string $singular Singular translation to check. * @param string $textdomain Optional. Text domain. Default 'default'. * @param ?string $locale Optional. Locale. Default current locale. * @return bool True if the translation exists, false otherwise. */ public function has_translation( string $singular, string $textdomain = 'default', ?string $locale = null ): bool { if ( null === $locale ) { $locale = $this->current_locale; } return false !== $this->locate_translation( $singular, $textdomain, $locale ); } } https-migration-20260605080419.php 0000666 00000011205 15225624212 0012002 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection.php 0000666 00000013341 15225624212 0010402 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260605172948.php 0000666 00000013341 15225624212 0012003 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-detection-20260606105656.php 0000666 00000013341 15225624212 0011774 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260606050648.php 0000666 00000011205 15225624212 0012004 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } https-detection-20260622202808.php 0000666 00000013341 15225624212 0011767 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } https-migration-20260606092456.php 0000666 00000011205 15225624212 0012007 0 ustar 00 <?php /** * HTTPS migration functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`, causing WordPress to * add frontend filters to replace insecure site URLs that may be present in older database content. The * {@see 'wp_should_replace_insecure_home_url'} filter can be used to modify that behavior. * * @since 5.7.0 * * @return bool True if insecure URLs should replaced, false otherwise. */ function wp_should_replace_insecure_home_url() { $should_replace_insecure_home_url = wp_is_using_https() && get_option( 'https_migration_required' ) // For automatic replacement, both 'home' and 'siteurl' need to not only use HTTPS, they also need to be using // the same domain. && wp_parse_url( home_url(), PHP_URL_HOST ) === wp_parse_url( site_url(), PHP_URL_HOST ); /** * Filters whether WordPress should replace old HTTP URLs to the site with their HTTPS counterpart. * * If a WordPress site had its URL changed from HTTP to HTTPS, by default this will return `true`. This filter can * be used to disable that behavior, e.g. after having replaced URLs manually in the database. * * @since 5.7.0 * * @param bool $should_replace_insecure_home_url Whether insecure HTTP URLs to the site should be replaced. */ return apply_filters( 'wp_should_replace_insecure_home_url', $should_replace_insecure_home_url ); } /** * Replaces insecure HTTP URLs to the site in the given content, if configured to do so. * * This function replaces all occurrences of the HTTP version of the site's URL with its HTTPS counterpart, if * determined via {@see wp_should_replace_insecure_home_url()}. * * @since 5.7.0 * * @param string $content Content to replace URLs in. * @return string Filtered content. */ function wp_replace_insecure_home_url( $content ) { if ( ! wp_should_replace_insecure_home_url() ) { return $content; } $https_url = home_url( '', 'https' ); $http_url = str_replace( 'https://', 'http://', $https_url ); // Also replace potentially escaped URL. $escaped_https_url = str_replace( '/', '\/', $https_url ); $escaped_http_url = str_replace( '/', '\/', $http_url ); return str_replace( array( $http_url, $escaped_http_url, ), array( $https_url, $escaped_https_url, ), $content ); } /** * Update the 'home' and 'siteurl' option to use the HTTPS variant of their URL. * * If this update does not result in WordPress recognizing that the site is now using HTTPS (e.g. due to constants * overriding the URLs used), the changes will be reverted. In such a case the function will return false. * * @since 5.7.0 * * @return bool True on success, false on failure. */ function wp_update_urls_to_https() { // Get current URL options. $orig_home = get_option( 'home' ); $orig_siteurl = get_option( 'siteurl' ); // Get current URL options, replacing HTTP with HTTPS. $home = str_replace( 'http://', 'https://', $orig_home ); $siteurl = str_replace( 'http://', 'https://', $orig_siteurl ); // Update the options. update_option( 'home', $home ); update_option( 'siteurl', $siteurl ); if ( ! wp_is_using_https() ) { /* * If this did not result in the site recognizing HTTPS as being used, * revert the change and return false. */ update_option( 'home', $orig_home ); update_option( 'siteurl', $orig_siteurl ); return false; } // Otherwise the URLs were successfully changed to use HTTPS. return true; } /** * Updates the 'https_migration_required' option if needed when the given URL has been updated from HTTP to HTTPS. * * If this is a fresh site, a migration will not be required, so the option will be set as `false`. * * This is hooked into the {@see 'update_option_home'} action. * * @since 5.7.0 * @access private * * @param mixed $old_url Previous value of the URL option. * @param mixed $new_url New value of the URL option. */ function wp_update_https_migration_required( $old_url, $new_url ) { // Do nothing if WordPress is being installed. if ( wp_installing() ) { return; } // Delete/reset the option if the new URL is not the HTTPS version of the old URL. if ( untrailingslashit( (string) $old_url ) !== str_replace( 'https://', 'http://', untrailingslashit( (string) $new_url ) ) ) { delete_option( 'https_migration_required' ); return; } // If this is a fresh site, there is no content to migrate, so do not require migration. $https_migration_required = get_option( 'fresh_site' ) ? false : true; update_option( 'https_migration_required', $https_migration_required ); } theme-previews.php 0000666 00000005536 15225624212 0010237 0 ustar 00 <?php /** * Theme previews using the Site Editor for block themes. * * @package WordPress */ /** * Filters the blog option to return the path for the previewed theme. * * @since 6.3.0 * * @param string $current_stylesheet The current theme's stylesheet or template path. * @return string The previewed theme's stylesheet or template path. */ function wp_get_theme_preview_path( $current_stylesheet = null ) { if ( ! current_user_can( 'switch_themes' ) ) { return $current_stylesheet; } $preview_stylesheet = ! empty( $_GET['wp_theme_preview'] ) ? sanitize_text_field( wp_unslash( $_GET['wp_theme_preview'] ) ) : null; $wp_theme = wp_get_theme( $preview_stylesheet ); if ( ! is_wp_error( $wp_theme->errors() ) ) { if ( current_filter() === 'template' ) { $theme_path = $wp_theme->get_template(); } else { $theme_path = $wp_theme->get_stylesheet(); } return sanitize_text_field( $theme_path ); } return $current_stylesheet; } /** * Adds a middleware to `apiFetch` to set the theme for the preview. * This adds a `wp_theme_preview` URL parameter to API requests from the Site Editor, so they also respond as if the theme is set to the value of the parameter. * * @since 6.3.0 */ function wp_attach_theme_preview_middleware() { // Don't allow non-admins to preview themes. if ( ! current_user_can( 'switch_themes' ) ) { return; } wp_add_inline_script( 'wp-api-fetch', sprintf( 'wp.apiFetch.use( wp.apiFetch.createThemePreviewMiddleware( %s ) );', wp_json_encode( sanitize_text_field( wp_unslash( $_GET['wp_theme_preview'] ) ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); } /** * Set a JavaScript constant for theme activation. * * Sets the JavaScript global WP_BLOCK_THEME_ACTIVATE_NONCE containing the nonce * required to activate a theme. For use within the site editor. * * @see https://github.com/WordPress/gutenberg/pull/41836 * * @since 6.3.0 * @access private */ function wp_block_theme_activate_nonce() { $nonce_handle = 'switch-theme_' . wp_get_theme_preview_path(); ?> <script type="text/javascript"> window.WP_BLOCK_THEME_ACTIVATE_NONCE = <?php echo wp_json_encode( wp_create_nonce( $nonce_handle ), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ); ?>; </script> <?php } /** * Add filters and actions to enable Block Theme Previews in the Site Editor. * * The filters and actions should be added after `pluggable.php` is included as they may * trigger code that uses `current_user_can()` which requires functionality from `pluggable.php`. * * @since 6.3.2 */ function wp_initialize_theme_preview_hooks() { if ( ! empty( $_GET['wp_theme_preview'] ) ) { add_filter( 'stylesheet', 'wp_get_theme_preview_path' ); add_filter( 'template', 'wp_get_theme_preview_path' ); add_action( 'init', 'wp_attach_theme_preview_middleware' ); add_action( 'admin_head', 'wp_block_theme_activate_nonce' ); } } https-detection-20260606093042.php 0000666 00000013341 15225624212 0011767 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } class-wp-http-requests-response.php 0000666 00000010460 15225624212 0013476 0 ustar 00 <?php /** * HTTP API: WP_HTTP_Requests_Response class * * @package WordPress * @subpackage HTTP * @since 4.6.0 */ /** * Core wrapper object for a WpOrg\Requests\Response for standardization. * * @since 4.6.0 * * @see WP_HTTP_Response */ class WP_HTTP_Requests_Response extends WP_HTTP_Response { /** * Requests Response object. * * @since 4.6.0 * @var \WpOrg\Requests\Response */ protected $response; /** * Filename the response was saved to. * * @since 4.6.0 * @var string|null */ protected $filename; /** * Constructor. * * @since 4.6.0 * * @param \WpOrg\Requests\Response $response HTTP response. * @param string $filename Optional. File name. Default empty. */ public function __construct( WpOrg\Requests\Response $response, $filename = '' ) { $this->response = $response; $this->filename = $filename; } /** * Retrieves the response object for the request. * * @since 4.6.0 * * @return WpOrg\Requests\Response HTTP response. */ public function get_response_object() { return $this->response; } /** * Retrieves headers associated with the response. * * @since 4.6.0 * * @return \WpOrg\Requests\Utility\CaseInsensitiveDictionary Map of header name to header value. */ public function get_headers() { // Ensure headers remain case-insensitive. $converted = new WpOrg\Requests\Utility\CaseInsensitiveDictionary(); foreach ( $this->response->headers->getAll() as $key => $value ) { if ( count( $value ) === 1 ) { $converted[ $key ] = $value[0]; } else { $converted[ $key ] = $value; } } return $converted; } /** * Sets all header values. * * @since 4.6.0 * * @param array $headers Map of header name to header value. */ public function set_headers( $headers ) { $this->response->headers = new WpOrg\Requests\Response\Headers( $headers ); } /** * Sets a single HTTP header. * * @since 4.6.0 * * @param string $key Header name. * @param string $value Header value. * @param bool $replace Optional. Whether to replace an existing header of the same name. * Default true. */ public function header( $key, $value, $replace = true ) { if ( $replace ) { unset( $this->response->headers[ $key ] ); } $this->response->headers[ $key ] = $value; } /** * Retrieves the HTTP return code for the response. * * @since 4.6.0 * * @return int The 3-digit HTTP status code. */ public function get_status() { return $this->response->status_code; } /** * Sets the 3-digit HTTP status code. * * @since 4.6.0 * * @param int $code HTTP status. */ public function set_status( $code ) { $this->response->status_code = absint( $code ); } /** * Retrieves the response data. * * @since 4.6.0 * * @return string Response data. */ public function get_data() { return $this->response->body; } /** * Sets the response data. * * @since 4.6.0 * * @param string $data Response data. */ public function set_data( $data ) { $this->response->body = $data; } /** * Retrieves cookies from the response. * * @since 4.6.0 * * @return WP_HTTP_Cookie[] List of cookie objects. */ public function get_cookies() { $cookies = array(); foreach ( $this->response->cookies as $cookie ) { $cookies[] = new WP_Http_Cookie( array( 'name' => $cookie->name, 'value' => urldecode( $cookie->value ), 'expires' => isset( $cookie->attributes['expires'] ) ? $cookie->attributes['expires'] : null, 'path' => isset( $cookie->attributes['path'] ) ? $cookie->attributes['path'] : null, 'domain' => isset( $cookie->attributes['domain'] ) ? $cookie->attributes['domain'] : null, 'host_only' => isset( $cookie->flags['host-only'] ) ? $cookie->flags['host-only'] : null, ) ); } return $cookies; } /** * Converts the object to a WP_Http response array. * * @since 4.6.0 * * @return array WP_Http response array, per WP_Http::request(). */ public function to_array() { return array( 'headers' => $this->get_headers(), 'body' => $this->get_data(), 'response' => array( 'code' => $this->get_status(), 'message' => get_status_header_desc( $this->get_status() ), ), 'cookies' => $this->get_cookies(), 'filename' => $this->filename, ); } } https-detection-20260605081611.php 0000666 00000013341 15225624212 0011765 0 ustar 00 <?php /** * HTTPS detection functions. * * @package WordPress * @since 5.7.0 */ /** * Checks whether the website is using HTTPS. * * This is based on whether both the home and site URL are using HTTPS. * * @since 5.7.0 * @see wp_is_home_url_using_https() * @see wp_is_site_url_using_https() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_using_https() { if ( ! wp_is_home_url_using_https() ) { return false; } return wp_is_site_url_using_https(); } /** * Checks whether the current site URL is using HTTPS. * * @since 5.7.0 * @see home_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_home_url_using_https() { return 'https' === wp_parse_url( home_url(), PHP_URL_SCHEME ); } /** * Checks whether the current site's URL where WordPress is stored is using HTTPS. * * This checks the URL where WordPress application files (e.g. wp-blog-header.php or the wp-admin/ folder) * are accessible. * * @since 5.7.0 * @see site_url() * * @return bool True if using HTTPS, false otherwise. */ function wp_is_site_url_using_https() { /* * Use direct option access for 'siteurl' and manually run the 'site_url' * filter because `site_url()` will adjust the scheme based on what the * current request is using. */ /** This filter is documented in wp-includes/link-template.php */ $site_url = apply_filters( 'site_url', get_option( 'siteurl' ), '', null, null ); return 'https' === wp_parse_url( $site_url, PHP_URL_SCHEME ); } /** * Checks whether HTTPS is supported for the server and domain. * * This function makes an HTTP request through `wp_get_https_detection_errors()` * to check for HTTPS support. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments, * to avoid potential latency issues. * * @since 5.7.0 * * @return bool True if HTTPS is supported, false otherwise. */ function wp_is_https_supported() { $https_detection_errors = wp_get_https_detection_errors(); // If there are errors, HTTPS is not supported. return empty( $https_detection_errors ); } /** * Runs a remote HTTPS request to detect whether HTTPS supported, and stores potential errors. * * This function checks for HTTPS support by making an HTTP request. As this process can be resource-intensive, * it should be used cautiously, especially in performance-sensitive environments. * It is called when HTTPS support needs to be validated. * * @since 6.4.0 * @access private * * @return array An array containing potential detection errors related to HTTPS, or an empty array if no errors are found. */ function wp_get_https_detection_errors() { /** * Short-circuits the process of detecting errors related to HTTPS support. * * Returning a `WP_Error` from the filter will effectively short-circuit the default logic of trying a remote * request to the site over HTTPS, storing the errors array from the returned `WP_Error` instead. * * @since 6.4.0 * * @param null|WP_Error $pre Error object to short-circuit detection, * or null to continue with the default behavior. */ $support_errors = apply_filters( 'pre_wp_get_https_detection_errors', null ); if ( is_wp_error( $support_errors ) ) { return $support_errors->errors; } $support_errors = new WP_Error(); $response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => true, ) ); if ( is_wp_error( $response ) ) { $unverified_response = wp_remote_request( home_url( '/', 'https' ), array( 'headers' => array( 'Cache-Control' => 'no-cache', ), 'sslverify' => false, ) ); if ( is_wp_error( $unverified_response ) ) { $support_errors->add( 'https_request_failed', __( 'HTTPS request failed.' ) ); } else { $support_errors->add( 'ssl_verification_failed', __( 'SSL verification failed.' ) ); } $response = $unverified_response; } if ( ! is_wp_error( $response ) ) { if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { $support_errors->add( 'bad_response_code', wp_remote_retrieve_response_message( $response ) ); } elseif ( false === wp_is_local_html_output( wp_remote_retrieve_body( $response ) ) ) { $support_errors->add( 'bad_response_source', __( 'It looks like the response did not come from this site.' ) ); } } return $support_errors->errors; } /** * Checks whether a given HTML string is likely an output from this WordPress site. * * This function attempts to check for various common WordPress patterns whether they are included in the HTML string. * Since any of these actions may be disabled through third-party code, this function may also return null to indicate * that it was not possible to determine ownership. * * @since 5.7.0 * @access private * * @param string $html Full HTML output string, e.g. from a HTTP response. * @return bool|null True/false for whether HTML was generated by this site, null if unable to determine. */ function wp_is_local_html_output( $html ) { // 1. Check if HTML includes the site's Really Simple Discovery link. if ( has_action( 'wp_head', 'rsd_link' ) ) { $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( site_url( 'xmlrpc.php?rsd', 'rpc' ) ) ); // See rsd_link(). return str_contains( $html, $pattern ); } // 2. Check if HTML includes the site's REST API link. if ( has_action( 'wp_head', 'rest_output_link_wp_head' ) ) { // Try both HTTPS and HTTP since the URL depends on context. $pattern = preg_replace( '#^https?:(?=//)#', '', esc_url( get_rest_url() ) ); // See rest_output_link_wp_head(). return str_contains( $html, $pattern ); } // Otherwise the result cannot be determined. return null; } class-wp-navigation-fallback.php 0000666 00000021751 15225624212 0012713 0 ustar 00 <?php /** * WP_Navigation_Fallback class * * Manages fallback behavior for Navigation menus. * * @package WordPress * @subpackage Navigation * @since 6.3.0 */ /** * Manages fallback behavior for Navigation menus. * * @since 6.3.0 */ class WP_Navigation_Fallback { /** * Updates the wp_navigation custom post type schema, in order to expose * additional fields in the embeddable links of WP_REST_Navigation_Fallback_Controller. * * The Navigation Fallback endpoint may embed the full Navigation Menu object * into the response as the `self` link. By default, the Posts Controller * will only expose a limited subset of fields but the editor requires * additional fields to be available in order to utilize the menu. * * Used with the `rest_wp_navigation_item_schema` hook. * * @since 6.4.0 * * @param array $schema The schema for the `wp_navigation` post. * @return array The modified schema. */ public static function update_wp_navigation_post_schema( $schema ) { // Expose top level fields. $schema['properties']['status']['context'] = array_merge( $schema['properties']['status']['context'], array( 'embed' ) ); $schema['properties']['content']['context'] = array_merge( $schema['properties']['content']['context'], array( 'embed' ) ); /* * Exposes sub properties of content field. * These sub properties aren't exposed by the posts controller by default, * for requests where context is `embed`. * * @see WP_REST_Posts_Controller::get_item_schema() */ $schema['properties']['content']['properties']['raw']['context'] = array_merge( $schema['properties']['content']['properties']['raw']['context'], array( 'embed' ) ); $schema['properties']['content']['properties']['rendered']['context'] = array_merge( $schema['properties']['content']['properties']['rendered']['context'], array( 'embed' ) ); $schema['properties']['content']['properties']['block_version']['context'] = array_merge( $schema['properties']['content']['properties']['block_version']['context'], array( 'embed' ) ); /* * Exposes sub properties of title field. * These sub properties aren't exposed by the posts controller by default, * for requests where context is `embed`. * * @see WP_REST_Posts_Controller::get_item_schema() */ $schema['properties']['title']['properties']['raw']['context'] = array_merge( $schema['properties']['title']['properties']['raw']['context'], array( 'embed' ) ); return $schema; } /** * Gets (and/or creates) an appropriate fallback Navigation Menu. * * @since 6.3.0 * * @return WP_Post|null the fallback Navigation Post or null. */ public static function get_fallback() { /** * Filters whether or not a fallback should be created. * * @since 6.3.0 * * @param bool $create Whether to create a fallback navigation menu. Default true. */ $should_create_fallback = apply_filters( 'wp_navigation_should_create_fallback', true ); $fallback = static::get_most_recently_published_navigation(); if ( $fallback || ! $should_create_fallback ) { return $fallback; } $fallback = static::create_classic_menu_fallback(); if ( $fallback && ! is_wp_error( $fallback ) ) { // Return the newly created fallback post object which will now be the most recently created navigation menu. return $fallback instanceof WP_Post ? $fallback : static::get_most_recently_published_navigation(); } $fallback = static::create_default_fallback(); if ( $fallback && ! is_wp_error( $fallback ) ) { // Return the newly created fallback post object which will now be the most recently created navigation menu. return $fallback instanceof WP_Post ? $fallback : static::get_most_recently_published_navigation(); } return null; } /** * Finds the most recently published `wp_navigation` post type. * * @since 6.3.0 * * @return WP_Post|null the first non-empty Navigation or null. */ private static function get_most_recently_published_navigation() { $parsed_args = array( 'post_type' => 'wp_navigation', 'no_found_rows' => true, 'update_post_meta_cache' => false, 'update_post_term_cache' => false, 'order' => 'DESC', 'orderby' => 'date', 'post_status' => 'publish', 'posts_per_page' => 1, ); $navigation_post = new WP_Query( $parsed_args ); if ( count( $navigation_post->posts ) > 0 ) { return $navigation_post->posts[0]; } return null; } /** * Creates a Navigation Menu post from a Classic Menu. * * @since 6.3.0 * * @return int|WP_Error The post ID of the default fallback menu or a WP_Error object. */ private static function create_classic_menu_fallback() { // See if we have a classic menu. $classic_nav_menu = static::get_fallback_classic_menu(); if ( ! $classic_nav_menu ) { return new WP_Error( 'no_classic_menus', __( 'No Classic Menus found.' ) ); } // If there is a classic menu then convert it to blocks. $classic_nav_menu_blocks = WP_Classic_To_Block_Menu_Converter::convert( $classic_nav_menu ); if ( is_wp_error( $classic_nav_menu_blocks ) ) { return $classic_nav_menu_blocks; } if ( empty( $classic_nav_menu_blocks ) ) { return new WP_Error( 'cannot_convert_classic_menu', __( 'Unable to convert Classic Menu to blocks.' ) ); } // Create a new navigation menu from the classic menu. $classic_menu_fallback = wp_insert_post( array( 'post_content' => $classic_nav_menu_blocks, 'post_title' => $classic_nav_menu->name, 'post_name' => $classic_nav_menu->slug, 'post_status' => 'publish', 'post_type' => 'wp_navigation', ), true // So that we can check whether the result is an error. ); return $classic_menu_fallback; } /** * Determines the most appropriate classic navigation menu to use as a fallback. * * @since 6.3.0 * * @return WP_Term|null The most appropriate classic navigation menu to use as a fallback. */ private static function get_fallback_classic_menu() { $classic_nav_menus = wp_get_nav_menus(); if ( ! $classic_nav_menus || is_wp_error( $classic_nav_menus ) ) { return null; } $nav_menu = static::get_nav_menu_at_primary_location(); if ( $nav_menu ) { return $nav_menu; } $nav_menu = static::get_nav_menu_with_primary_slug( $classic_nav_menus ); if ( $nav_menu ) { return $nav_menu; } return static::get_most_recently_created_nav_menu( $classic_nav_menus ); } /** * Sorts the classic menus and returns the most recently created one. * * @since 6.3.0 * * @param WP_Term[] $classic_nav_menus Array of classic nav menu term objects. * @return WP_Term The most recently created classic nav menu. */ private static function get_most_recently_created_nav_menu( $classic_nav_menus ) { usort( $classic_nav_menus, static function ( $a, $b ) { return $b->term_id - $a->term_id; } ); return $classic_nav_menus[0]; } /** * Returns the classic menu with the slug `primary` if it exists. * * @since 6.3.0 * * @param WP_Term[] $classic_nav_menus Array of classic nav menu term objects. * @return WP_Term|null The classic nav menu with the slug `primary` or null. */ private static function get_nav_menu_with_primary_slug( $classic_nav_menus ) { foreach ( $classic_nav_menus as $classic_nav_menu ) { if ( 'primary' === $classic_nav_menu->slug ) { return $classic_nav_menu; } } return null; } /** * Gets the classic menu assigned to the `primary` navigation menu location * if it exists. * * @since 6.3.0 * * @return WP_Term|null The classic nav menu assigned to the `primary` location or null. */ private static function get_nav_menu_at_primary_location() { $locations = get_nav_menu_locations(); if ( isset( $locations['primary'] ) ) { $primary_menu = wp_get_nav_menu_object( $locations['primary'] ); if ( $primary_menu ) { return $primary_menu; } } return null; } /** * Creates a default Navigation Block Menu fallback. * * @since 6.3.0 * * @return int|WP_Error The post ID of the default fallback menu or a WP_Error object. */ private static function create_default_fallback() { $default_blocks = static::get_default_fallback_blocks(); // Create a new navigation menu from the fallback blocks. $default_fallback = wp_insert_post( array( 'post_content' => $default_blocks, 'post_title' => _x( 'Navigation', 'Title of a Navigation menu' ), 'post_name' => 'navigation', 'post_status' => 'publish', 'post_type' => 'wp_navigation', ), true // So that we can check whether the result is an error. ); return $default_fallback; } /** * Gets the rendered markup for the default fallback blocks. * * @since 6.3.0 * * @return string default blocks markup to use a the fallback. */ private static function get_default_fallback_blocks() { $registry = WP_Block_Type_Registry::get_instance(); // If `core/page-list` is not registered then use empty blocks. return $registry->is_registered( 'core/page-list' ) ? '<!-- wp:page-list /-->' : ''; } }
| ver. 1.4 |
Github
|
.
| PHP 5.4.45 | Generation time: 0.01 |
proxy
|
phpinfo
|
Settings