category element is not found, then the default post category will be * used. The return type then would be what $post_default_category. If the * category is found, then it will always be an array. * * @package WordPress * @subpackage XMLRPC * @since 0.71 * * @global string $post_default_category Default XMLRPC post category. * * @param string $content XMLRPC XML Request content * @return string|array List of categories or category name. */ function xmlrpc_getpostcategory( $content ) { global $post_default_category; if ( preg_match( '/(.+?)<\/category>/is', $content, $matchcat ) ) { $post_category = trim( $matchcat[1], ',' ); $post_category = explode( ',', $post_category ); } else { $post_category = $post_default_category; } return $post_category; } /** * XMLRPC XML content without title and category elements. * * @package WordPress * @subpackage XMLRPC * @since 0.71 * * @param string $content XMLRPC XML Request content * @return string XMLRPC XML Request content without title and category elements. */ function xmlrpc_removepostdata( $content ) { $content = preg_replace( '/(.+?)<\/title>/si', '', $content ); $content = preg_replace( '/<category>(.+?)<\/category>/si', '', $content ); $content = trim( $content ); return $content; } /** * Use RegEx to extract URLs from arbitrary content * * @since 3.7.0 * * @param string $content * @return array URLs found in passed string */ function wp_extract_urls( $content ) { preg_match_all( "#((?:[\w-]+://?|[\w\d]+[.])[^\s()<>]+[.](?:\([\w\d]+\)|(?:[^`!()\[\]{};:'\".,<>?«»“”‘’\s]|(?:[:]\d+)?/?)+))#", $content, $post_links ); $post_links = array_unique( array_map( 'html_entity_decode', $post_links[0] ) ); return array_values( $post_links ); } /** * Check content for video and audio links to add as enclosures. * * Will not add enclosures that have already been added and will * remove enclosures that are no longer in the post. This is called as * pingbacks and trackbacks. * * @package WordPress * @since 1.5.0 * * @uses $wpdb * * @param string $content Post Content * @param int $post_ID Post ID */ function do_enclose( $content, $post_ID ) { global $wpdb; //TODO: Tidy this ghetto code up and make the debug code optional include_once( ABSPATH . WPINC . '/class-IXR.php' ); $post_links = array(); $pung = get_enclosed( $post_ID ); $post_links_temp = wp_extract_urls( $content ); foreach ( $pung as $link_test ) { if ( ! in_array( $link_test, $post_links_temp ) ) { // link no longer in post $mids = $wpdb->get_col( $wpdb->prepare("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, like_escape( $link_test ) . '%') ); foreach ( $mids as $mid ) delete_metadata_by_mid( 'post', $mid ); } } foreach ( (array) $post_links_temp as $link_test ) { if ( !in_array( $link_test, $pung ) ) { // If we haven't pung it already $test = @parse_url( $link_test ); if ( false === $test ) continue; if ( isset( $test['query'] ) ) $post_links[] = $link_test; elseif ( isset($test['path']) && ( $test['path'] != '/' ) && ($test['path'] != '' ) ) $post_links[] = $link_test; } } foreach ( (array) $post_links as $url ) { if ( $url != '' && !$wpdb->get_var( $wpdb->prepare( "SELECT post_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, like_escape( $url ) . '%' ) ) ) { if ( $headers = wp_get_http_headers( $url) ) { $len = isset( $headers['content-length'] ) ? (int) $headers['content-length'] : 0; $type = isset( $headers['content-type'] ) ? $headers['content-type'] : ''; $allowed_types = array( 'video', 'audio' ); // Check to see if we can figure out the mime type from // the extension $url_parts = @parse_url( $url ); if ( false !== $url_parts ) { $extension = pathinfo( $url_parts['path'], PATHINFO_EXTENSION ); if ( !empty( $extension ) ) { foreach ( wp_get_mime_types() as $exts => $mime ) { if ( preg_match( '!^(' . $exts . ')$!i', $extension ) ) { $type = $mime; break; } } } } if ( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) { add_post_meta( $post_ID, 'enclosure', "$url\n$len\n$mime\n" ); } } } } } /** * Perform a HTTP HEAD or GET request. * * If $file_path is a writable filename, this will do a GET request and write * the file to that path. * * @since 2.5.0 * * @param string $url URL to fetch. * @param string|bool $file_path Optional. File path to write request to. * @param int $red (private) The number of Redirects followed, Upon 5 being hit, returns false. * @return bool|string False on failure and string of headers if HEAD request. */ function wp_get_http( $url, $file_path = false, $red = 1 ) { @set_time_limit( 60 ); if ( $red > 5 ) return false; $options = array(); $options['redirection'] = 5; if ( false == $file_path ) $options['method'] = 'HEAD'; else $options['method'] = 'GET'; $response = wp_safe_remote_request( $url, $options ); if ( is_wp_error( $response ) ) return false; $headers = wp_remote_retrieve_headers( $response ); $headers['response'] = wp_remote_retrieve_response_code( $response ); // WP_HTTP no longer follows redirects for HEAD requests. if ( 'HEAD' == $options['method'] && in_array($headers['response'], array(301, 302)) && isset( $headers['location'] ) ) { return wp_get_http( $headers['location'], $file_path, ++$red ); } if ( false == $file_path ) return $headers; // GET request - write it to the supplied filename $out_fp = fopen($file_path, 'w'); if ( !$out_fp ) return $headers; fwrite( $out_fp, wp_remote_retrieve_body( $response ) ); fclose($out_fp); clearstatcache(); return $headers; } /** * Retrieve HTTP Headers from URL. * * @since 1.5.1 * * @param string $url * @param bool $deprecated Not Used. * @return bool|string False on failure, headers on success. */ function wp_get_http_headers( $url, $deprecated = false ) { if ( !empty( $deprecated ) ) _deprecated_argument( __FUNCTION__, '2.7' ); $response = wp_safe_remote_head( $url ); if ( is_wp_error( $response ) ) return false; return wp_remote_retrieve_headers( $response ); } /** * Whether today is a new day. * * @since 0.71 * @uses $day Today * @uses $previousday Previous day * * @return int 1 when new day, 0 if not a new day. */ function is_new_day() { global $currentday, $previousday; if ( $currentday != $previousday ) return 1; else return 0; } /** * Build URL query based on an associative and, or indexed array. * * This is a convenient function for easily building url queries. It sets the * separator to '&' and uses _http_build_query() function. * * @see _http_build_query() Used to build the query * @link http://us2.php.net/manual/en/function.http-build-query.php more on what * http_build_query() does. * * @since 2.3.0 * * @param array $data URL-encode key/value pairs. * @return string URL encoded string */ function build_query( $data ) { return _http_build_query( $data, null, '&', '', false ); } // from php.net (modified by Mark Jaquith to behave like the native PHP5 function) function _http_build_query($data, $prefix=null, $sep=null, $key='', $urlencode=true) { $ret = array(); foreach ( (array) $data as $k => $v ) { if ( $urlencode) $k = urlencode($k); if ( is_int($k) && $prefix != null ) $k = $prefix.$k; if ( !empty($key) ) $k = $key . '%5B' . $k . '%5D'; if ( $v === null ) continue; elseif ( $v === FALSE ) $v = '0'; if ( is_array($v) || is_object($v) ) array_push($ret,_http_build_query($v, '', $sep, $k, $urlencode)); elseif ( $urlencode ) array_push($ret, $k.'='.urlencode($v)); else array_push($ret, $k.'='.$v); } if ( null === $sep ) $sep = ini_get('arg_separator.output'); return implode($sep, $ret); } /** * Retrieve a modified URL query string. * * You can rebuild the URL and append a new query variable to the URL query by * using this function. You can also retrieve the full URL with query data. * * Adding a single key & value or an associative array. Setting a key value to * an empty string removes the key. Omitting oldquery_or_uri uses the $_SERVER * value. Additional values provided are expected to be encoded appropriately * with urlencode() or rawurlencode(). * * @since 1.5.0 * * @param mixed $param1 Either newkey or an associative_array * @param mixed $param2 Either newvalue or oldquery or uri * @param mixed $param3 Optional. Old query or uri * @return string New URL query string. */ function add_query_arg() { $ret = ''; $args = func_get_args(); if ( is_array( $args[0] ) ) { if ( count( $args ) < 2 || false === $args[1] ) $uri = $_SERVER['REQUEST_URI']; else $uri = $args[1]; } else { if ( count( $args ) < 3 || false === $args[2] ) $uri = $_SERVER['REQUEST_URI']; else $uri = $args[2]; } if ( $frag = strstr( $uri, '#' ) ) $uri = substr( $uri, 0, -strlen( $frag ) ); else $frag = ''; if ( 0 === stripos( $uri, 'http://' ) ) { $protocol = 'http://'; $uri = substr( $uri, 7 ); } elseif ( 0 === stripos( $uri, 'https://' ) ) { $protocol = 'https://'; $uri = substr( $uri, 8 ); } else { $protocol = ''; } if ( strpos( $uri, '?' ) !== false ) { list( $base, $query ) = explode( '?', $uri, 2 ); $base .= '?'; } elseif ( $protocol || strpos( $uri, '=' ) === false ) { $base = $uri . '?'; $query = ''; } else { $base = ''; $query = $uri; } wp_parse_str( $query, $qs ); $qs = urlencode_deep( $qs ); // this re-URL-encodes things that were already in the query string if ( is_array( $args[0] ) ) { $kayvees = $args[0]; $qs = array_merge( $qs, $kayvees ); } else { $qs[ $args[0] ] = $args[1]; } foreach ( $qs as $k => $v ) { if ( $v === false ) unset( $qs[$k] ); } $ret = build_query( $qs ); $ret = trim( $ret, '?' ); $ret = preg_replace( '#=(&|$)#', '$1', $ret ); $ret = $protocol . $base . $ret . $frag; $ret = rtrim( $ret, '?' ); return $ret; } /** * Removes an item or list from the query string. * * @since 1.5.0 * * @param string|array $key Query key or keys to remove. * @param bool $query When false uses the $_SERVER value. * @return string New URL query string. */ function remove_query_arg( $key, $query=false ) { if ( is_array( $key ) ) { // removing multiple keys foreach ( $key as $k ) $query = add_query_arg( $k, false, $query ); return $query; } return add_query_arg( $key, false, $query ); } /** * Walks the array while sanitizing the contents. * * @since 0.71 * * @param array $array Array to walk while sanitizing contents. * @return array Sanitized $array. */ function add_magic_quotes( $array ) { foreach ( (array) $array as $k => $v ) { if ( is_array( $v ) ) { $array[$k] = add_magic_quotes( $v ); } else { $array[$k] = addslashes( $v ); } } return $array; } /** * HTTP request for URI to retrieve content. * * @since 1.5.1 * @uses wp_remote_get() * * @param string $uri URI/URL of web page to retrieve. * @return bool|string HTTP content. False on failure. */ function wp_remote_fopen( $uri ) { $parsed_url = @parse_url( $uri ); if ( !$parsed_url || !is_array( $parsed_url ) ) return false; $options = array(); $options['timeout'] = 10; $response = wp_safe_remote_get( $uri, $options ); if ( is_wp_error( $response ) ) return false; return wp_remote_retrieve_body( $response ); } /** * Set up the WordPress query. * * @since 2.0.0 * * @param string $query_vars Default WP_Query arguments. */ function wp( $query_vars = '' ) { global $wp, $wp_query, $wp_the_query; $wp->main( $query_vars ); if ( !isset($wp_the_query) ) $wp_the_query = $wp_query; } /** * Retrieve the description for the HTTP status. * * @since 2.3.0 * * @param int $code HTTP status code. * @return string Empty string if not found, or description if found. */ function get_status_header_desc( $code ) { global $wp_header_to_desc; $code = absint( $code ); if ( !isset( $wp_header_to_desc ) ) { $wp_header_to_desc = array( 100 => 'Continue', 101 => 'Switching Protocols', 102 => 'Processing', 200 => 'OK', 201 => 'Created', 202 => 'Accepted', 203 => 'Non-Authoritative Information', 204 => 'No Content', 205 => 'Reset Content', 206 => 'Partial Content', 207 => 'Multi-Status', 226 => 'IM Used', 300 => 'Multiple Choices', 301 => 'Moved Permanently', 302 => 'Found', 303 => 'See Other', 304 => 'Not Modified', 305 => 'Use Proxy', 306 => 'Reserved', 307 => 'Temporary Redirect', 400 => 'Bad Request', 401 => 'Unauthorized', 402 => 'Payment Required', 403 => 'Forbidden', 404 => 'Not Found', 405 => 'Method Not Allowed', 406 => 'Not Acceptable', 407 => 'Proxy Authentication Required', 408 => 'Request Timeout', 409 => 'Conflict', 410 => 'Gone', 411 => 'Length Required', 412 => 'Precondition Failed', 413 => 'Request Entity Too Large', 414 => 'Request-URI Too Long', 415 => 'Unsupported Media Type', 416 => 'Requested Range Not Satisfiable', 417 => 'Expectation Failed', 422 => 'Unprocessable Entity', 423 => 'Locked', 424 => 'Failed Dependency', 426 => 'Upgrade Required', 500 => 'Internal Server Error', 501 => 'Not Implemented', 502 => 'Bad Gateway', 503 => 'Service Unavailable', 504 => 'Gateway Timeout', 505 => 'HTTP Version Not Supported', 506 => 'Variant Also Negotiates', 507 => 'Insufficient Storage', 510 => 'Not Extended' ); } if ( isset( $wp_header_to_desc[$code] ) ) return $wp_header_to_desc[$code]; else return ''; } /** * Set HTTP status header. * * @since 2.0.0 * @uses apply_filters() Calls 'status_header' on status header string, HTTP * HTTP code, HTTP code description, and protocol string as separate * parameters. * * @param int $header HTTP status code * @return unknown */ function status_header( $header ) { $text = get_status_header_desc( $header ); if ( empty( $text ) ) return false; $protocol = $_SERVER["SERVER_PROTOCOL"]; if ( 'HTTP/1.1' != $protocol && 'HTTP/1.0' != $protocol ) $protocol = 'HTTP/1.0'; $status_header = "$protocol $header $text"; if ( function_exists( 'apply_filters' ) ) $status_header = apply_filters( 'status_header', $status_header, $header, $text, $protocol ); return @header( $status_header, true, $header ); } /** * Gets the header information to prevent caching. * * The several different headers cover the different ways cache prevention is handled * by different browsers * * @since 2.8.0 * * @uses apply_filters() * @return array The associative array of header names and field values. */ function wp_get_nocache_headers() { $headers = array( 'Expires' => 'Wed, 11 Jan 1984 05:00:00 GMT', 'Cache-Control' => 'no-cache, must-revalidate, max-age=0', 'Pragma' => 'no-cache', ); if ( function_exists('apply_filters') ) { $headers = (array) apply_filters('nocache_headers', $headers); } $headers['Last-Modified'] = false; return $headers; } /** * Sets the headers to prevent caching for the different browsers. * * Different browsers support different nocache headers, so several headers must * be sent so that all of them get the point that no caching should occur. * * @since 2.0.0 * @uses wp_get_nocache_headers() */ function nocache_headers() { $headers = wp_get_nocache_headers(); unset( $headers['Last-Modified'] ); // In PHP 5.3+, make sure we are not sending a Last-Modified header. if ( function_exists( 'header_remove' ) ) { @header_remove( 'Last-Modified' ); } else { // In PHP 5.2, send an empty Last-Modified header, but only as a // last resort to override a header already sent. #WP23021 foreach ( headers_list() as $header ) { if ( 0 === stripos( $header, 'Last-Modified' ) ) { $headers['Last-Modified'] = ''; break; } } } foreach( $headers as $name => $field_value ) @header("{$name}: {$field_value}"); } /** * Set the headers for caching for 10 days with JavaScript content type. * * @since 2.1.0 */ function cache_javascript_headers() { $expiresOffset = 10 * DAY_IN_SECONDS; header( "Content-Type: text/javascript; charset=" . get_bloginfo( 'charset' ) ); header( "Vary: Accept-Encoding" ); // Handle proxies header( "Expires: " . gmdate( "D, d M Y H:i:s", time() + $expiresOffset ) . " GMT" ); } /** * Retrieve the number of database queries during the WordPress execution. * * @since 2.0.0 * * @return int Number of database queries */ function get_num_queries() { global $wpdb; return $wpdb->num_queries; } /** * Whether input is yes or no. Must be 'y' to be true. * * @since 1.0.0 * * @param string $yn Character string containing either 'y' or 'n' * @return bool True if yes, false on anything else */ function bool_from_yn( $yn ) { return ( strtolower( $yn ) == 'y' ); } /** * Loads the feed template from the use of an action hook. * * If the feed action does not have a hook, then the function will die with a * message telling the visitor that the feed is not valid. * * It is better to only have one hook for each feed. * * @since 2.1.0 * @uses $wp_query Used to tell if the use a comment feed. * @uses do_action() Calls 'do_feed_$feed' hook, if a hook exists for the feed. */ function do_feed() { global $wp_query; $feed = get_query_var( 'feed' ); // Remove the pad, if present. $feed = preg_replace( '/^_+/', '', $feed ); if ( $feed == '' || $feed == 'feed' ) $feed = get_default_feed(); $hook = 'do_feed_' . $feed; if ( ! has_action( $hook ) ) wp_die( __( 'ERROR: This is not a valid feed template.' ), '', array( 'response' => 404 ) ); do_action( $hook, $wp_query->is_comment_feed ); } /** * Load the RDF RSS 0.91 Feed template. * * @since 2.1.0 */ function do_feed_rdf() { load_template( ABSPATH . WPINC . '/feed-rdf.php' ); } /** * Load the RSS 1.0 Feed Template. * * @since 2.1.0 */ function do_feed_rss() { load_template( ABSPATH . WPINC . '/feed-rss.php' ); } /** * Load either the RSS2 comment feed or the RSS2 posts feed. * * @since 2.1.0 * * @param bool $for_comments True for the comment feed, false for normal feed. */ function do_feed_rss2( $for_comments ) { if ( $for_comments ) load_template( ABSPATH . WPINC . '/feed-rss2-comments.php' ); else load_template( ABSPATH . WPINC . '/feed-rss2.php' ); } /** * Load either Atom comment feed or Atom posts feed. * * @since 2.1.0 * * @param bool $for_comments True for the comment feed, false for normal feed. */ function do_feed_atom( $for_comments ) { if ($for_comments) load_template( ABSPATH . WPINC . '/feed-atom-comments.php'); else load_template( ABSPATH . WPINC . '/feed-atom.php' ); } /** * Display the robots.txt file content. * * The echo content should be with usage of the permalinks or for creating the * robots.txt file. * * @since 2.1.0 * @uses do_action() Calls 'do_robotstxt' hook for displaying robots.txt rules. */ function do_robots() { header( 'Content-Type: text/plain; charset=utf-8' ); do_action( 'do_robotstxt' ); $output = "User-agent: *\n"; $public = get_option( 'blog_public' ); if ( '0' == $public ) { $output .= "Disallow: /\n"; } else { $site_url = parse_url( site_url() ); $path = ( !empty( $site_url['path'] ) ) ? $site_url['path'] : ''; $output .= "Disallow: $path/wp-admin/\n"; $output .= "Disallow: $path/wp-includes/\n"; } echo apply_filters('robots_txt', $output, $public); } /** * Test whether blog is already installed. * * The cache will be checked first. If you have a cache plugin, which saves the * cache values, then this will work. If you use the default WordPress cache, * and the database goes away, then you might have problems. * * Checks for the option siteurl for whether WordPress is installed. * * @since 2.1.0 * @uses $wpdb * * @return bool Whether blog is already installed. */ function is_blog_installed() { global $wpdb; // Check cache first. If options table goes away and we have true cached, oh well. if ( wp_cache_get( 'is_blog_installed' ) ) return true; $suppress = $wpdb->suppress_errors(); if ( ! defined( 'WP_INSTALLING' ) ) { $alloptions = wp_load_alloptions(); } // If siteurl is not set to autoload, check it specifically if ( !isset( $alloptions['siteurl'] ) ) $installed = $wpdb->get_var( "SELECT option_value FROM $wpdb->options WHERE option_name = 'siteurl'" ); else $installed = $alloptions['siteurl']; $wpdb->suppress_errors( $suppress ); $installed = !empty( $installed ); wp_cache_set( 'is_blog_installed', $installed ); if ( $installed ) return true; // If visiting repair.php, return true and let it take over. if ( defined( 'WP_REPAIRING' ) ) return true; $suppress = $wpdb->suppress_errors(); // Loop over the WP tables. If none exist, then scratch install is allowed. // If one or more exist, suggest table repair since we got here because the options // table could not be accessed. $wp_tables = $wpdb->tables(); foreach ( $wp_tables as $table ) { // The existence of custom user tables shouldn't suggest an insane state or prevent a clean install. if ( defined( 'CUSTOM_USER_TABLE' ) && CUSTOM_USER_TABLE == $table ) continue; if ( defined( 'CUSTOM_USER_META_TABLE' ) && CUSTOM_USER_META_TABLE == $table ) continue; if ( ! $wpdb->get_results( "DESCRIBE $table;" ) ) continue; // One or more tables exist. We are insane. wp_load_translations_early(); // Die with a DB error. $wpdb->error = sprintf( __( 'One or more database tables are unavailable. The database may need to be <a href="%s">repaired</a>.' ), 'maint/repair.php?referrer=is_blog_installed' ); dead_db(); } $wpdb->suppress_errors( $suppress ); wp_cache_set( 'is_blog_installed', false ); return false; } /** * Retrieve URL with nonce added to URL query. * * @package WordPress * @subpackage Security * @since 2.0.4 * * @param string $actionurl URL to add nonce action. * @param string $action Optional. Nonce action name. * @param string $name Optional. Nonce name. * @return string URL with nonce action added. */ function wp_nonce_url( $actionurl, $action = -1, $name = '_wpnonce' ) { $actionurl = str_replace( '&', '&', $actionurl ); return esc_html( add_query_arg( $name, wp_create_nonce( $action ), $actionurl ) ); } /** * Retrieve or display nonce hidden field for forms. * * The nonce field is used to validate that the contents of the form came from * the location on the current site and not somewhere else. The nonce does not * offer absolute protection, but should protect against most cases. It is very * important to use nonce field in forms. * * The $action and $name are optional, but if you want to have better security, * it is strongly suggested to set those two parameters. It is easier to just * call the function without any parameters, because validation of the nonce * doesn't require any parameters, but since crackers know what the default is * it won't be difficult for them to find a way around your nonce and cause * damage. * * The input name will be whatever $name value you gave. The input value will be * the nonce creation value. * * @package WordPress * @subpackage Security * @since 2.0.4 * * @param string $action Optional. Action name. * @param string $name Optional. Nonce name. * @param bool $referer Optional, default true. Whether to set the referer field for validation. * @param bool $echo Optional, default true. Whether to display or return hidden form field. * @return string Nonce field. */ function wp_nonce_field( $action = -1, $name = "_wpnonce", $referer = true , $echo = true ) { $name = esc_attr( $name ); $nonce_field = '<input type="hidden" id="' . $name . '" name="' . $name . '" value="' . wp_create_nonce( $action ) . '" />'; if ( $referer ) $nonce_field .= wp_referer_field( false ); if ( $echo ) echo $nonce_field; return $nonce_field; } /** * Retrieve or display referer hidden field for forms. * * The referer link is the current Request URI from the server super global. The * input name is '_wp_http_referer', in case you wanted to check manually. * * @package WordPress * @subpackage Security * @since 2.0.4 * * @param bool $echo Whether to echo or return the referer field. * @return string Referer field. */ function wp_referer_field( $echo = true ) { $referer_field = '<input type="hidden" name="_wp_http_referer" value="'. esc_attr( wp_unslash( $_SERVER['REQUEST_URI'] ) ) . '" />'; if ( $echo ) echo $referer_field; return $referer_field; } /** * Retrieve or display original referer hidden field for forms. * * The input name is '_wp_original_http_referer' and will be either the same * value of {@link wp_referer_field()}, if that was posted already or it will * be the current page, if it doesn't exist. * * @package WordPress * @subpackage Security * @since 2.0.4 * * @param bool $echo Whether to echo the original http referer * @param string $jump_back_to Optional, default is 'current'. Can be 'previous' or page you want to jump back to. * @return string Original referer field. */ function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) { if ( ! $ref = wp_get_original_referer() ) { $ref = 'previous' == $jump_back_to ? wp_get_referer() : wp_unslash( $_SERVER['REQUEST_URI'] ); } $orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . esc_attr( $ref ) . '" />'; if ( $echo ) echo $orig_referer_field; return $orig_referer_field; } /** * Retrieve referer from '_wp_http_referer' or HTTP referer. If it's the same * as the current request URL, will return false. * * @package WordPress * @subpackage Security * @since 2.0.4 * * @return string|bool False on failure. Referer URL on success. */ function wp_get_referer() { if ( ! function_exists( 'wp_validate_redirect' ) ) return false; $ref = false; if ( ! empty( $_REQUEST['_wp_http_referer'] ) ) $ref = wp_unslash( $_REQUEST['_wp_http_referer'] ); else if ( ! empty( $_SERVER['HTTP_REFERER'] ) ) $ref = wp_unslash( $_SERVER['HTTP_REFERER'] ); if ( $ref && $ref !== wp_unslash( $_SERVER['REQUEST_URI'] ) ) return wp_validate_redirect( $ref, false ); return false; } /** * Retrieve original referer that was posted, if it exists. * * @package WordPress * @subpackage Security * @since 2.0.4 * * @return string|bool False if no original referer or original referer if set. */ function wp_get_original_referer() { if ( ! empty( $_REQUEST['_wp_original_http_referer'] ) && function_exists( 'wp_validate_redirect' ) ) return wp_validate_redirect( wp_unslash( $_REQUEST['_wp_original_http_referer'] ), false ); return false; } /** * Recursive directory creation based on full path. * * Will attempt to set permissions on folders. * * @since 2.0.1 * * @param string $target Full path to attempt to create. * @return bool Whether the path was created. True if path already exists. */ function wp_mkdir_p( $target ) { $wrapper = null; // strip the protocol if( wp_is_stream( $target ) ) { list( $wrapper, $target ) = explode( '://', $target, 2 ); } // from php.net/mkdir user contributed notes $target = str_replace( '//', '/', $target ); // put the wrapper back on the target if( $wrapper !== null ) { $target = $wrapper . '://' . $target; } // safe mode fails with a trailing slash under certain PHP versions. $target = rtrim($target, '/'); // Use rtrim() instead of untrailingslashit to avoid formatting.php dependency. if ( empty($target) ) $target = '/'; if ( file_exists( $target ) ) return @is_dir( $target ); // We need to find the permissions of the parent folder that exists and inherit that. $target_parent = dirname( $target ); while ( '.' != $target_parent && ! is_dir( $target_parent ) ) { $target_parent = dirname( $target_parent ); } // Get the permission bits. $dir_perms = false; if ( $stat = @stat( $target_parent ) ) { $dir_perms = $stat['mode'] & 0007777; } else { $dir_perms = 0777; } if ( @mkdir( $target, $dir_perms, true ) ) { // If a umask is set that modifies $dir_perms, we'll have to re-set the $dir_perms correctly with chmod() if ( $dir_perms != ( $dir_perms & ~umask() ) ) { $folder_parts = explode( '/', substr( $target, strlen( $target_parent ) + 1 ) ); for ( $i = 1; $i <= count( $folder_parts ); $i++ ) { @chmod( $target_parent . '/' . implode( '/', array_slice( $folder_parts, 0, $i ) ), $dir_perms ); } } return true; } return false; } /** * Test if a give filesystem path is absolute ('/foo/bar', 'c:\windows'). * * @since 2.5.0 * * @param string $path File path * @return bool True if path is absolute, false is not absolute. */ function path_is_absolute( $path ) { // this is definitive if true but fails if $path does not exist or contains a symbolic link if ( realpath($path) == $path ) return true; if ( strlen($path) == 0 || $path[0] == '.' ) return false; // windows allows absolute paths like this if ( preg_match('#^[a-zA-Z]:\\\\#', $path) ) return true; // a path starting with / or \ is absolute; anything else is relative return ( $path[0] == '/' || $path[0] == '\\' ); } /** * Join two filesystem paths together (e.g. 'give me $path relative to $base'). * * If the $path is absolute, then it the full path is returned. * * @since 2.5.0 * * @param string $base * @param string $path * @return string The path with the base or absolute path. */ function path_join( $base, $path ) { if ( path_is_absolute($path) ) return $path; return rtrim($base, '/') . '/' . ltrim($path, '/'); } /** * Determines a writable directory for temporary files. * Function's preference is the return value of <code>sys_get_temp_dir()</code>, * followed by your PHP temporary upload directory, followed by WP_CONTENT_DIR, * before finally defaulting to /tmp/ * * In the event that this function does not find a writable location, * It may be overridden by the <code>WP_TEMP_DIR</code> constant in * your <code>wp-config.php</code> file. * * @since 2.5.0 * * @return string Writable temporary directory */ function get_temp_dir() { static $temp; if ( defined('WP_TEMP_DIR') ) return trailingslashit(WP_TEMP_DIR); if ( $temp ) return trailingslashit( rtrim( $temp, '\\' ) ); if ( function_exists('sys_get_temp_dir') ) { $temp = sys_get_temp_dir(); if ( @is_dir( $temp ) && wp_is_writable( $temp ) ) return trailingslashit( rtrim( $temp, '\\' ) ); } $temp = ini_get('upload_tmp_dir'); if ( @is_dir( $temp ) && wp_is_writable( $temp ) ) return trailingslashit( rtrim( $temp, '\\' ) ); $temp = WP_CONTENT_DIR . '/'; if ( is_dir( $temp ) && wp_is_writable( $temp ) ) return $temp; $temp = '/tmp/'; return $temp; } /** * Determine if a directory is writable. * * This function is used to work around certain ACL issues * in PHP primarily affecting Windows Servers. * * @see win_is_writable() * * @since 3.6.0 * * @param string $path * @return bool */ function wp_is_writable( $path ) { if ( 'WIN' === strtoupper( substr( PHP_OS, 0, 3 ) ) ) return win_is_writable( $path ); else return @is_writable( $path ); } /** * Workaround for Windows bug in is_writable() function * * PHP has issues with Windows ACL's for determine if a * directory is writable or not, this works around them by * checking the ability to open files rather than relying * upon PHP to interprate the OS ACL. * * @link http://bugs.php.net/bug.php?id=27609 * @link http://bugs.php.net/bug.php?id=30931 * * @since 2.8.0 * * @param string $path * @return bool */ function win_is_writable( $path ) { if ( $path[strlen( $path ) - 1] == '/' ) // if it looks like a directory, check a random file within the directory return win_is_writable( $path . uniqid( mt_rand() ) . '.tmp'); else if ( is_dir( $path ) ) // If it's a directory (and not a file) check a random file within the directory return win_is_writable( $path . '/' . uniqid( mt_rand() ) . '.tmp' ); // check tmp file for read/write capabilities $should_delete_tmp_file = !file_exists( $path ); $f = @fopen( $path, 'a' ); if ( $f === false ) return false; fclose( $f ); if ( $should_delete_tmp_file ) unlink( $path ); return true; } /** * Get an array containing the current upload directory's path and url. * * Checks the 'upload_path' option, which should be from the web root folder, * and if it isn't empty it will be used. If it is empty, then the path will be * 'WP_CONTENT_DIR/uploads'. If the 'UPLOADS' constant is defined, then it will * override the 'upload_path' option and 'WP_CONTENT_DIR/uploads' path. * * The upload URL path is set either by the 'upload_url_path' option or by using * the 'WP_CONTENT_URL' constant and appending '/uploads' to the path. * * If the 'uploads_use_yearmonth_folders' is set to true (checkbox if checked in * the administration settings panel), then the time will be used. The format * will be year first and then month. * * If the path couldn't be created, then an error will be returned with the key * 'error' containing the error message. The error suggests that the parent * directory is not writable by the server. * * On success, the returned array will have many indices: * 'path' - base directory and sub directory or full path to upload directory. * 'url' - base url and sub directory or absolute URL to upload directory. * 'subdir' - sub directory if uploads use year/month folders option is on. * 'basedir' - path without subdir. * 'baseurl' - URL path without subdir. * 'error' - set to false. * * @since 2.0.0 * @uses apply_filters() Calls 'upload_dir' on returned array. * * @param string $time Optional. Time formatted in 'yyyy/mm'. * @return array See above for description. */ function wp_upload_dir( $time = null ) { $siteurl = get_option( 'siteurl' ); $upload_path = trim( get_option( 'upload_path' ) ); if ( empty( $upload_path ) || 'wp-content/uploads' == $upload_path ) { $dir = WP_CONTENT_DIR . '/uploads'; } elseif ( 0 !== strpos( $upload_path, ABSPATH ) ) { // $dir is absolute, $upload_path is (maybe) relative to ABSPATH $dir = path_join( ABSPATH, $upload_path ); } else { $dir = $upload_path; } if ( !$url = get_option( 'upload_url_path' ) ) { if ( empty($upload_path) || ( 'wp-content/uploads' == $upload_path ) || ( $upload_path == $dir ) ) $url = WP_CONTENT_URL . '/uploads'; else $url = trailingslashit( $siteurl ) . $upload_path; } // Obey the value of UPLOADS. This happens as long as ms-files rewriting is disabled. // We also sometimes obey UPLOADS when rewriting is enabled -- see the next block. if ( defined( 'UPLOADS' ) && ! ( is_multisite() && get_site_option( 'ms_files_rewriting' ) ) ) { $dir = ABSPATH . UPLOADS; $url = trailingslashit( $siteurl ) . UPLOADS; } // If multisite (and if not the main site in a post-MU network) if ( is_multisite() && ! ( is_main_network() && is_main_site() && defined( 'MULTISITE' ) ) ) { if ( ! get_site_option( 'ms_files_rewriting' ) ) { // If ms-files rewriting is disabled (networks created post-3.5), it is fairly straightforward: // Append sites/%d if we're not on the main site (for post-MU networks). (The extra directory // prevents a four-digit ID from conflicting with a year-based directory for the main site. // But if a MU-era network has disabled ms-files rewriting manually, they don't need the extra // directory, as they never had wp-content/uploads for the main site.) if ( defined( 'MULTISITE' ) ) $ms_dir = '/sites/' . get_current_blog_id(); else $ms_dir = '/' . get_current_blog_id(); $dir .= $ms_dir; $url .= $ms_dir; } elseif ( defined( 'UPLOADS' ) && ! ms_is_switched() ) { // Handle the old-form ms-files.php rewriting if the network still has that enabled. // When ms-files rewriting is enabled, then we only listen to UPLOADS when: // 1) we are not on the main site in a post-MU network, // as wp-content/uploads is used there, and // 2) we are not switched, as ms_upload_constants() hardcodes // these constants to reflect the original blog ID. // // Rather than UPLOADS, we actually use BLOGUPLOADDIR if it is set, as it is absolute. // (And it will be set, see ms_upload_constants().) Otherwise, UPLOADS can be used, as // as it is relative to ABSPATH. For the final piece: when UPLOADS is used with ms-files // rewriting in multisite, the resulting URL is /files. (#WP22702 for background.) if ( defined( 'BLOGUPLOADDIR' ) ) $dir = untrailingslashit( BLOGUPLOADDIR ); else $dir = ABSPATH . UPLOADS; $url = trailingslashit( $siteurl ) . 'files'; } } $basedir = $dir; $baseurl = $url; $subdir = ''; if ( get_option( 'uploads_use_yearmonth_folders' ) ) { // Generate the yearly and monthly dirs if ( !$time ) $time = current_time( 'mysql' ); $y = substr( $time, 0, 4 ); $m = substr( $time, 5, 2 ); $subdir = "/$y/$m"; } $dir .= $subdir; $url .= $subdir; $uploads = apply_filters( 'upload_dir', array( 'path' => $dir, 'url' => $url, 'subdir' => $subdir, 'basedir' => $basedir, 'baseurl' => $baseurl, 'error' => false, ) ); // Make sure we have an uploads dir if ( ! wp_mkdir_p( $uploads['path'] ) ) { if ( 0 === strpos( $uploads['basedir'], ABSPATH ) ) $error_path = str_replace( ABSPATH, '', $uploads['basedir'] ) . $uploads['subdir']; else $error_path = basename( $uploads['basedir'] ) . $uploads['subdir']; $message = sprintf( __( 'Unable to create directory %s. Is its parent directory writable by the server?' ), $error_path ); $uploads['error'] = $message; } return $uploads; } /** * Get a filename that is sanitized and unique for the given directory. * * If the filename is not unique, then a number will be added to the filename * before the extension, and will continue adding numbers until the filename is * unique. * * The callback is passed three parameters, the first one is the directory, the * second is the filename, and the third is the extension. * * @since 2.5.0 * * @param string $dir * @param string $filename * @param mixed $unique_filename_callback Callback. * @return string New filename, if given wasn't unique. */ function wp_unique_filename( $dir, $filename, $unique_filename_callback = null ) { // sanitize the file name before we begin processing $filename = sanitize_file_name($filename); // separate the filename into a name and extension $info = pathinfo($filename); $ext = !empty($info['extension']) ? '.' . $info['extension'] : ''; $name = basename($filename, $ext); // edge case: if file is named '.ext', treat as an empty name if ( $name === $ext ) $name = ''; // Increment the file number until we have a unique file to save in $dir. Use callback if supplied. if ( $unique_filename_callback && is_callable( $unique_filename_callback ) ) { $filename = call_user_func( $unique_filename_callback, $dir, $name, $ext ); } else { $number = ''; // change '.ext' to lower case if ( $ext && strtolower($ext) != $ext ) { $ext2 = strtolower($ext); $filename2 = preg_replace( '|' . preg_quote($ext) . '$|', $ext2, $filename ); // check for both lower and upper case extension or image sub-sizes may be overwritten while ( file_exists($dir . "/$filename") || file_exists($dir . "/$filename2") ) { $new_number = $number + 1; $filename = str_replace( "$number$ext", "$new_number$ext", $filename ); $filename2 = str_replace( "$number$ext2", "$new_number$ext2", $filename2 ); $number = $new_number; } return $filename2; } while ( file_exists( $dir . "/$filename" ) ) { if ( '' == "$number$ext" ) $filename = $filename . ++$number . $ext; else $filename = str_replace( "$number$ext", ++$number . $ext, $filename ); } } return $filename; } /** * Create a file in the upload folder with given content. * * If there is an error, then the key 'error' will exist with the error message. * If success, then the key 'file' will have the unique file path, the 'url' key * will have the link to the new file. and the 'error' key will be set to false. * * This function will not move an uploaded file to the upload folder. It will * create a new file with the content in $bits parameter. If you move the upload * file, read the content of the uploaded file, and then you can give the * filename and content to this function, which will add it to the upload * folder. * * The permissions will be set on the new file automatically by this function. * * @since 2.0.0 * * @param string $name * @param null $deprecated Never used. Set to null. * @param mixed $bits File content * @param string $time Optional. Time formatted in 'yyyy/mm'. * @return array */ function wp_upload_bits( $name, $deprecated, $bits, $time = null ) { if ( !empty( $deprecated ) ) _deprecated_argument( __FUNCTION__, '2.0' ); if ( empty( $name ) ) return array( 'error' => __( 'Empty filename' ) ); $wp_filetype = wp_check_filetype( $name ); if ( ! $wp_filetype['ext'] && ! current_user_can( 'unfiltered_upload' ) ) return array( 'error' => __( 'Invalid file type' ) ); $upload = wp_upload_dir( $time ); if ( $upload['error'] !== false ) return $upload; $upload_bits_error = apply_filters( 'wp_upload_bits', array( 'name' => $name, 'bits' => $bits, 'time' => $time ) ); if ( !is_array( $upload_bits_error ) ) { $upload[ 'error' ] = $upload_bits_error; return $upload; } $filename = wp_unique_filename( $upload['path'], $name ); $new_file = $upload['path'] . "/$filename"; if ( ! wp_mkdir_p( dirname( $new_file ) ) ) { if ( 0 === strpos( $upload['basedir'], ABSPATH ) ) $error_path = str_replace( ABSPATH, '', $upload['basedir'] ) . $upload['subdir']; else $error_path = basename( $upload['basedir'] ) . $upload['subdir']; $message = sprintf( __( 'Unable to create directory %s. Is its parent directory writable by the server?' ), $error_path ); return array( 'error' => $message ); } $ifp = @ fopen( $new_file, 'wb' ); if ( ! $ifp ) return array( 'error' => sprintf( __( 'Could not write file %s' ), $new_file ) ); @fwrite( $ifp, $bits ); fclose( $ifp ); clearstatcache(); // Set correct file permissions $stat = @ stat( dirname( $new_file ) ); $perms = $stat['mode'] & 0007777; $perms = $perms & 0000666; @ chmod( $new_file, $perms ); clearstatcache(); // Compute the URL $url = $upload['url'] . "/$filename"; return array( 'file' => $new_file, 'url' => $url, 'error' => false ); } /** * Retrieve the file type based on the extension name. * * @package WordPress * @since 2.5.0 * @uses apply_filters() Calls 'ext2type' hook on default supported types. * * @param string $ext The extension to search. * @return string|null The file type, example: audio, video, document, spreadsheet, etc. Null if not found. */ function wp_ext2type( $ext ) { $ext = strtolower( $ext ); $ext2type = apply_filters( 'ext2type', array( 'image' => array( 'jpg', 'jpeg', 'jpe', 'gif', 'png', 'bmp', 'tif', 'tiff', 'ico' ), 'audio' => array( 'aac', 'ac3', 'aif', 'aiff', 'm3a', 'm4a', 'm4b', 'mka', 'mp1', 'mp2', 'mp3', 'ogg', 'oga', 'ram', 'wav', 'wma' ), 'video' => array( 'asf', 'avi', 'divx', 'dv', 'flv', 'm4v', 'mkv', 'mov', 'mp4', 'mpeg', 'mpg', 'mpv', 'ogm', 'ogv', 'qt', 'rm', 'vob', 'wmv' ), 'document' => array( 'doc', 'docx', 'docm', 'dotm', 'odt', 'pages', 'pdf', 'rtf', 'wp', 'wpd' ), 'spreadsheet' => array( 'numbers', 'ods', 'xls', 'xlsx', 'xlsm', 'xlsb' ), 'interactive' => array( 'swf', 'key', 'ppt', 'pptx', 'pptm', 'pps', 'ppsx', 'ppsm', 'sldx', 'sldm', 'odp' ), 'text' => array( 'asc', 'csv', 'tsv', 'txt' ), 'archive' => array( 'bz2', 'cab', 'dmg', 'gz', 'rar', 'sea', 'sit', 'sqx', 'tar', 'tgz', 'zip', '7z' ), 'code' => array( 'css', 'htm', 'html', 'php', 'js' ), ) ); foreach ( $ext2type as $type => $exts ) if ( in_array( $ext, $exts ) ) return $type; return null; } /** * Retrieve the file type from the file name. * * You can optionally define the mime array, if needed. * * @since 2.0.4 * * @param string $filename File name or path. * @param array $mimes Optional. Key is the file extension with value as the mime type. * @return array Values with extension first and mime type. */ function wp_check_filetype( $filename, $mimes = null ) { if ( empty($mimes) ) $mimes = get_allowed_mime_types(); $type = false; $ext = false; foreach ( $mimes as $ext_preg => $mime_match ) { $ext_preg = '!\.(' . $ext_preg . ')$!i'; if ( preg_match( $ext_preg, $filename, $ext_matches ) ) { $type = $mime_match; $ext = $ext_matches[1]; break; } } return compact( 'ext', 'type' ); } /** * Attempt to determine the real file type of a file. * If unable to, the file name extension will be used to determine type. * * If it's determined that the extension does not match the file's real type, * then the "proper_filename" value will be set with a proper filename and extension. * * Currently this function only supports validating images known to getimagesize(). * * @since 3.0.0 * * @param string $file Full path to the file. * @param string $filename The name of the file (may differ from $file due to $file being in a tmp directory) * @param array $mimes Optional. Key is the file extension with value as the mime type. * @return array Values for the extension, MIME, and either a corrected filename or false if original $filename is valid */ function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) { $proper_filename = false; // Do basic extension validation and MIME mapping $wp_filetype = wp_check_filetype( $filename, $mimes ); extract( $wp_filetype ); // We can't do any further validation without a file to work with if ( ! file_exists( $file ) ) return compact( 'ext', 'type', 'proper_filename' ); // We're able to validate images using GD if ( $type && 0 === strpos( $type, 'image/' ) && function_exists('getimagesize') ) { // Attempt to figure out what type of image it actually is $imgstats = @getimagesize( $file ); // If getimagesize() knows what kind of image it really is and if the real MIME doesn't match the claimed MIME if ( !empty($imgstats['mime']) && $imgstats['mime'] != $type ) { // This is a simplified array of MIMEs that getimagesize() can detect and their extensions // You shouldn't need to use this filter, but it's here just in case $mime_to_ext = apply_filters( 'getimagesize_mimes_to_exts', array( 'image/jpeg' => 'jpg', 'image/png' => 'png', 'image/gif' => 'gif', 'image/bmp' => 'bmp', 'image/tiff' => 'tif', ) ); // Replace whatever is after the last period in the filename with the correct extension if ( ! empty( $mime_to_ext[ $imgstats['mime'] ] ) ) { $filename_parts = explode( '.', $filename ); array_pop( $filename_parts ); $filename_parts[] = $mime_to_ext[ $imgstats['mime'] ]; $new_filename = implode( '.', $filename_parts ); if ( $new_filename != $filename ) $proper_filename = $new_filename; // Mark that it changed // Redefine the extension / MIME $wp_filetype = wp_check_filetype( $new_filename, $mimes ); extract( $wp_filetype ); } } } // Let plugins try and validate other types of files // Should return an array in the style of array( 'ext' => $ext, 'type' => $type, 'proper_filename' => $proper_filename ) return apply_filters( 'wp_check_filetype_and_ext', compact( 'ext', 'type', 'proper_filename' ), $file, $filename, $mimes ); } /** * Retrieve list of mime types and file extensions. * * @since 3.5.0 * * @uses apply_filters() Calls 'mime_types' on returned array. This filter should * be used to add types, not remove them. To remove types use the upload_mimes filter. * * @return array Array of mime types keyed by the file extension regex corresponding to those types. */ function wp_get_mime_types() { // Accepted MIME types are set here as PCRE unless provided. return apply_filters( 'mime_types', array( // Image formats 'jpg|jpeg|jpe' => 'image/jpeg', 'gif' => 'image/gif', 'png' => 'image/png', 'bmp' => 'image/bmp', 'tif|tiff' => 'image/tiff', 'ico' => 'image/x-icon', // Video formats 'asf|asx' => 'video/x-ms-asf', 'wmv' => 'video/x-ms-wmv', 'wmx' => 'video/x-ms-wmx', 'wm' => 'video/x-ms-wm', 'avi' => 'video/avi', 'divx' => 'video/divx', 'flv' => 'video/x-flv', 'mov|qt' => 'video/quicktime', 'mpeg|mpg|mpe' => 'video/mpeg', 'mp4|m4v' => 'video/mp4', 'ogv' => 'video/ogg', 'webm' => 'video/webm', 'mkv' => 'video/x-matroska', // Text formats 'txt|asc|c|cc|h' => 'text/plain', 'csv' => 'text/csv', 'tsv' => 'text/tab-separated-values', 'ics' => 'text/calendar', 'rtx' => 'text/richtext', 'css' => 't<br /> <b>Parse error</b>: syntax error, unexpected ''_update_term_count_on_transit' (T_ENCAPSED_AND_WHITESPACE) in <b>/home/ivanaskwith/extratextual.tv/wp-includes/default-filters.php</b> on line <b>255</b><br />