2005-04-20 05:37:23 +02:00
|
|
|
<?php
|
2008-01-11 21:51:39 +01:00
|
|
|
/**
|
2008-06-22 22:23:23 +02:00
|
|
|
* These functions can be replaced via plugins. If plugins do not redefine these
|
|
|
|
* functions, then these will be used instead.
|
2008-01-11 21:51:39 +01:00
|
|
|
*
|
|
|
|
* @package WordPress
|
|
|
|
*/
|
2005-04-20 05:37:23 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'wp_set_current_user' ) ) :
|
|
|
|
/**
|
|
|
|
* Changes the current user by ID or name.
|
|
|
|
*
|
|
|
|
* Set $id to null and specify a name if you do not know a user's ID.
|
|
|
|
*
|
|
|
|
* Some WordPress functionality is based on the current user and not based on
|
|
|
|
* the signed in user. Therefore, it opens the ability to edit and perform
|
|
|
|
* actions on users who aren't signed in.
|
|
|
|
*
|
|
|
|
* @since 2.0.3
|
2020-06-16 23:07:14 +02:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @global WP_User $current_user The current user object which holds the user data.
|
|
|
|
*
|
2021-11-18 17:04:00 +01:00
|
|
|
* @param int|null $id User ID.
|
|
|
|
* @param string $name User's username.
|
|
|
|
* @return WP_User Current user User object.
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
|
|
|
function wp_set_current_user( $id, $name = '' ) {
|
|
|
|
global $current_user;
|
2006-01-13 20:19:09 +01:00
|
|
|
|
2019-03-11 11:57:55 +01:00
|
|
|
// If `$id` matches the current user, there is nothing to do.
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( isset( $current_user )
|
2015-10-08 19:29:24 +02:00
|
|
|
&& ( $current_user instanceof WP_User )
|
|
|
|
&& ( $id == $current_user->ID )
|
|
|
|
&& ( null !== $id )
|
2017-12-01 00:11:00 +01:00
|
|
|
) {
|
|
|
|
return $current_user;
|
|
|
|
}
|
2006-01-13 20:19:09 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$current_user = new WP_User( $id, $name );
|
2006-01-13 20:19:09 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
setup_userdata( $current_user->ID );
|
2006-01-13 20:19:09 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Fires after the current user is set.
|
|
|
|
*
|
|
|
|
* @since 2.0.1
|
|
|
|
*/
|
|
|
|
do_action( 'set_current_user' );
|
2006-01-13 20:19:09 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
return $current_user;
|
|
|
|
}
|
2006-01-13 20:19:09 +01:00
|
|
|
endif;
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'wp_get_current_user' ) ) :
|
|
|
|
/**
|
2022-06-07 00:35:10 +02:00
|
|
|
* Retrieves the current user object.
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
|
|
|
* Will set the current user, if the current user is not set. The current user
|
|
|
|
* will be set to the logged-in person. If no user is logged-in, then it will
|
|
|
|
* set the current user to 0, which is invalid and won't have any permissions.
|
|
|
|
*
|
|
|
|
* @since 2.0.3
|
|
|
|
*
|
|
|
|
* @see _wp_get_current_user()
|
|
|
|
* @global WP_User $current_user Checks if the current user is set.
|
|
|
|
*
|
|
|
|
* @return WP_User Current WP_User instance.
|
|
|
|
*/
|
|
|
|
function wp_get_current_user() {
|
|
|
|
return _wp_get_current_user();
|
|
|
|
}
|
2005-04-20 05:37:23 +02:00
|
|
|
endif;
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'get_userdata' ) ) :
|
|
|
|
/**
|
2022-06-07 00:35:10 +02:00
|
|
|
* Retrieves user info by user ID.
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
|
|
|
* @since 0.71
|
|
|
|
*
|
|
|
|
* @param int $user_id User ID
|
|
|
|
* @return WP_User|false WP_User object on success, false on failure.
|
|
|
|
*/
|
|
|
|
function get_userdata( $user_id ) {
|
|
|
|
return get_user_by( 'id', $user_id );
|
|
|
|
}
|
2011-08-24 21:32:59 +02:00
|
|
|
endif;
|
2006-02-12 08:53:23 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'get_user_by' ) ) :
|
|
|
|
/**
|
2022-06-07 00:35:10 +02:00
|
|
|
* Retrieves user info by a given field.
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
|
|
|
* @since 2.8.0
|
|
|
|
* @since 4.4.0 Added 'ID' as an alias of 'id' for the `$field` parameter.
|
|
|
|
*
|
2021-04-27 19:49:06 +02:00
|
|
|
* @global WP_User $current_user The current user object which holds the user data.
|
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @param string $field The field to retrieve the user with. id | ID | slug | email | login.
|
|
|
|
* @param int|string $value A value for $field. A user ID, slug, email address, or login name.
|
|
|
|
* @return WP_User|false WP_User object on success, false on failure.
|
|
|
|
*/
|
|
|
|
function get_user_by( $field, $value ) {
|
|
|
|
$userdata = WP_User::get_data_by( $field, $value );
|
2005-06-12 22:49:13 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! $userdata ) {
|
|
|
|
return false;
|
|
|
|
}
|
2007-11-27 23:14:53 +01:00
|
|
|
|
2022-11-29 16:51:14 +01:00
|
|
|
$user = new WP_User();
|
2017-12-01 00:11:00 +01:00
|
|
|
$user->init( $userdata );
|
2005-06-12 22:49:13 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
return $user;
|
|
|
|
}
|
2005-04-20 05:37:23 +02:00
|
|
|
endif;
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'cache_users' ) ) :
|
|
|
|
/**
|
2022-06-07 00:35:10 +02:00
|
|
|
* Retrieves info for user lists to prevent multiple queries by get_userdata().
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
|
|
|
* @since 3.0.0
|
|
|
|
*
|
|
|
|
* @global wpdb $wpdb WordPress database abstraction object.
|
|
|
|
*
|
2022-04-28 11:46:21 +02:00
|
|
|
* @param int[] $user_ids User ID numbers list
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
|
|
|
function cache_users( $user_ids ) {
|
|
|
|
global $wpdb;
|
2010-03-03 20:08:30 +01:00
|
|
|
|
2022-06-10 15:39:11 +02:00
|
|
|
update_meta_cache( 'user', $user_ids );
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$clean = _get_non_cached_ids( $user_ids, 'users' );
|
2010-03-03 20:08:30 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( empty( $clean ) ) {
|
|
|
|
return;
|
|
|
|
}
|
2010-03-03 20:08:30 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$list = implode( ',', $clean );
|
2010-03-03 20:08:30 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$users = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($list)" );
|
2022-06-10 17:17:10 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
foreach ( $users as $user ) {
|
|
|
|
update_user_caches( $user );
|
|
|
|
}
|
2009-04-17 23:25:11 +02:00
|
|
|
}
|
2009-04-21 22:27:22 +02:00
|
|
|
endif;
|
2009-04-17 23:25:11 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'wp_mail' ) ) :
|
2014-03-28 22:21:15 +01:00
|
|
|
/**
|
2019-05-24 00:42:52 +02:00
|
|
|
* Sends an email, similar to PHP's mail function.
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
|
|
|
* A true return value does not automatically mean that the user received the
|
|
|
|
* email successfully. It just only means that the method used was able to
|
|
|
|
* process the request without any errors.
|
|
|
|
*
|
2019-05-24 00:42:52 +02:00
|
|
|
* The default content type is `text/plain` which does not allow using HTML.
|
2017-12-01 00:11:00 +01:00
|
|
|
* However, you can set the content type of the email by using the
|
|
|
|
* {@see 'wp_mail_content_type'} filter.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* The default charset is based on the charset used on the blog. The charset can
|
|
|
|
* be set using the {@see 'wp_mail_charset'} filter.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @since 1.2.1
|
2021-04-21 21:47:01 +02:00
|
|
|
* @since 5.5.0 is_email() is used for email validation,
|
|
|
|
* instead of PHPMailer's default validator.
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
2020-06-12 17:47:07 +02:00
|
|
|
* @global PHPMailer\PHPMailer\PHPMailer $phpmailer
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
2020-12-20 16:09:06 +01:00
|
|
|
* @param string|string[] $to Array or comma-separated list of email addresses to send message.
|
|
|
|
* @param string $subject Email subject.
|
|
|
|
* @param string $message Message contents.
|
|
|
|
* @param string|string[] $headers Optional. Additional headers.
|
|
|
|
* @param string|string[] $attachments Optional. Paths to files to attach.
|
|
|
|
* @return bool Whether the email was sent successfully.
|
2014-03-28 22:21:15 +01:00
|
|
|
*/
|
2017-12-01 00:11:00 +01:00
|
|
|
function wp_mail( $to, $subject, $message, $headers = '', $attachments = array() ) {
|
2020-01-29 01:45:18 +01:00
|
|
|
// Compact the input, apply the filters, and extract them back out.
|
2008-10-16 22:57:49 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Filters the wp_mail() arguments.
|
|
|
|
*
|
|
|
|
* @since 2.2.0
|
|
|
|
*
|
2020-11-24 22:22:04 +01:00
|
|
|
* @param array $args {
|
|
|
|
* Array of the `wp_mail()` arguments.
|
|
|
|
*
|
|
|
|
* @type string|string[] $to Array or comma-separated list of email addresses to send message.
|
|
|
|
* @type string $subject Email subject.
|
|
|
|
* @type string $message Message contents.
|
|
|
|
* @type string|string[] $headers Additional headers.
|
|
|
|
* @type string|string[] $attachments Paths to files to attach.
|
|
|
|
* }
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
|
|
|
$atts = apply_filters( 'wp_mail', compact( 'to', 'subject', 'message', 'headers', 'attachments' ) );
|
2014-05-15 08:17:15 +02:00
|
|
|
|
2020-12-20 16:09:06 +01:00
|
|
|
/**
|
|
|
|
* Filters whether to preempt sending an email.
|
|
|
|
*
|
|
|
|
* Returning a non-null value will short-circuit {@see wp_mail()}, returning
|
|
|
|
* that value instead. A boolean return value should be used to indicate whether
|
|
|
|
* the email was successfully sent.
|
|
|
|
*
|
|
|
|
* @since 5.7.0
|
|
|
|
*
|
|
|
|
* @param null|bool $return Short-circuit return value.
|
|
|
|
* @param array $atts {
|
|
|
|
* Array of the `wp_mail()` arguments.
|
|
|
|
*
|
|
|
|
* @type string|string[] $to Array or comma-separated list of email addresses to send message.
|
|
|
|
* @type string $subject Email subject.
|
|
|
|
* @type string $message Message contents.
|
|
|
|
* @type string|string[] $headers Additional headers.
|
|
|
|
* @type string|string[] $attachments Paths to files to attach.
|
|
|
|
* }
|
|
|
|
*/
|
|
|
|
$pre_wp_mail = apply_filters( 'pre_wp_mail', null, $atts );
|
|
|
|
|
|
|
|
if ( null !== $pre_wp_mail ) {
|
|
|
|
return $pre_wp_mail;
|
|
|
|
}
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( isset( $atts['to'] ) ) {
|
|
|
|
$to = $atts['to'];
|
|
|
|
}
|
2016-12-30 07:44:40 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! is_array( $to ) ) {
|
|
|
|
$to = explode( ',', $to );
|
|
|
|
}
|
2014-05-15 08:17:15 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( isset( $atts['subject'] ) ) {
|
|
|
|
$subject = $atts['subject'];
|
|
|
|
}
|
2007-09-11 22:49:28 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( isset( $atts['message'] ) ) {
|
|
|
|
$message = $atts['message'];
|
|
|
|
}
|
2014-05-15 08:17:15 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( isset( $atts['headers'] ) ) {
|
|
|
|
$headers = $atts['headers'];
|
|
|
|
}
|
2014-05-15 08:17:15 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( isset( $atts['attachments'] ) ) {
|
|
|
|
$attachments = $atts['attachments'];
|
|
|
|
}
|
2007-06-14 04:25:30 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! is_array( $attachments ) ) {
|
|
|
|
$attachments = explode( "\n", str_replace( "\r\n", "\n", $attachments ) );
|
|
|
|
}
|
|
|
|
global $phpmailer;
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// (Re)create it, if it's gone missing.
|
2020-06-12 17:47:07 +02:00
|
|
|
if ( ! ( $phpmailer instanceof PHPMailer\PHPMailer\PHPMailer ) ) {
|
|
|
|
require_once ABSPATH . WPINC . '/PHPMailer/PHPMailer.php';
|
|
|
|
require_once ABSPATH . WPINC . '/PHPMailer/SMTP.php';
|
|
|
|
require_once ABSPATH . WPINC . '/PHPMailer/Exception.php';
|
|
|
|
$phpmailer = new PHPMailer\PHPMailer\PHPMailer( true );
|
2020-07-27 22:19:05 +02:00
|
|
|
|
|
|
|
$phpmailer::$validator = static function ( $email ) {
|
|
|
|
return (bool) is_email( $email );
|
|
|
|
};
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2007-06-14 04:25:30 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Headers.
|
2019-07-03 01:42:58 +02:00
|
|
|
$cc = array();
|
|
|
|
$bcc = array();
|
|
|
|
$reply_to = array();
|
Mail: Improve handling of UTF-8 address headers.
Previously, `wp_mail()` implemented Reply-To as a generic header, using
PHPMailer's `addCustomHeader()`. As such, the email address portion of
the header was being incorrectly encoded when the name portion
contained UTF-8 characters. Switching to PHPMailer's more specific
`addReplyTo()` method fixes the issue.
For greater readability, the handling of all address-related headers
(To, CC, BCC, Reply-To) has been standardized.
Props szepe.viktor, iandunn, bpetty, stephenharris.
Fixes #21659.
Built from https://develop.svn.wordpress.org/trunk@38058
git-svn-id: http://core.svn.wordpress.org/trunk@37999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 20:04:28 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( empty( $headers ) ) {
|
|
|
|
$headers = array();
|
2009-04-17 02:06:18 +02:00
|
|
|
} else {
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! is_array( $headers ) ) {
|
2020-01-29 01:45:18 +01:00
|
|
|
// Explode the headers out, so this function can take
|
|
|
|
// both string headers and an array of headers.
|
2017-12-01 00:11:00 +01:00
|
|
|
$tempheaders = explode( "\n", str_replace( "\r\n", "\n", $headers ) );
|
|
|
|
} else {
|
|
|
|
$tempheaders = $headers;
|
|
|
|
}
|
|
|
|
$headers = array();
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// If it's actually got contents.
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! empty( $tempheaders ) ) {
|
2020-01-29 01:45:18 +01:00
|
|
|
// Iterate through the raw headers.
|
2017-12-01 00:11:00 +01:00
|
|
|
foreach ( (array) $tempheaders as $header ) {
|
|
|
|
if ( strpos( $header, ':' ) === false ) {
|
|
|
|
if ( false !== stripos( $header, 'boundary=' ) ) {
|
|
|
|
$parts = preg_split( '/boundary=/i', trim( $header ) );
|
|
|
|
$boundary = trim( str_replace( array( "'", '"' ), '', $parts[1] ) );
|
|
|
|
}
|
|
|
|
continue;
|
2009-04-30 09:25:47 +02:00
|
|
|
}
|
2020-01-29 01:45:18 +01:00
|
|
|
// Explode them out.
|
2017-12-01 00:11:00 +01:00
|
|
|
list( $name, $content ) = explode( ':', trim( $header ), 2 );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Cleanup crew.
|
2017-12-01 00:11:00 +01:00
|
|
|
$name = trim( $name );
|
|
|
|
$content = trim( $content );
|
|
|
|
|
|
|
|
switch ( strtolower( $name ) ) {
|
2020-01-29 01:45:18 +01:00
|
|
|
// Mainly for legacy -- process a "From:" header if it's there.
|
2017-12-01 00:11:00 +01:00
|
|
|
case 'from':
|
|
|
|
$bracket_pos = strpos( $content, '<' );
|
2020-02-09 17:55:09 +01:00
|
|
|
if ( false !== $bracket_pos ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
// Text before the bracketed email is the "From" name.
|
|
|
|
if ( $bracket_pos > 0 ) {
|
2022-08-16 20:18:14 +02:00
|
|
|
$from_name = substr( $content, 0, $bracket_pos );
|
2017-12-01 00:11:00 +01:00
|
|
|
$from_name = str_replace( '"', '', $from_name );
|
|
|
|
$from_name = trim( $from_name );
|
|
|
|
}
|
|
|
|
|
|
|
|
$from_email = substr( $content, $bracket_pos + 1 );
|
|
|
|
$from_email = str_replace( '>', '', $from_email );
|
|
|
|
$from_email = trim( $from_email );
|
|
|
|
|
|
|
|
// Avoid setting an empty $from_email.
|
|
|
|
} elseif ( '' !== trim( $content ) ) {
|
|
|
|
$from_email = trim( $content );
|
2015-04-07 22:10:26 +02:00
|
|
|
}
|
2017-12-01 00:11:00 +01:00
|
|
|
break;
|
|
|
|
case 'content-type':
|
|
|
|
if ( strpos( $content, ';' ) !== false ) {
|
|
|
|
list( $type, $charset_content ) = explode( ';', $content );
|
|
|
|
$content_type = trim( $type );
|
|
|
|
if ( false !== stripos( $charset_content, 'charset=' ) ) {
|
|
|
|
$charset = trim( str_replace( array( 'charset=', '"' ), '', $charset_content ) );
|
|
|
|
} elseif ( false !== stripos( $charset_content, 'boundary=' ) ) {
|
|
|
|
$boundary = trim( str_replace( array( 'BOUNDARY=', 'boundary=', '"' ), '', $charset_content ) );
|
|
|
|
$charset = '';
|
|
|
|
}
|
|
|
|
|
|
|
|
// Avoid setting an empty $content_type.
|
|
|
|
} elseif ( '' !== trim( $content ) ) {
|
|
|
|
$content_type = trim( $content );
|
2010-02-27 17:10:45 +01:00
|
|
|
}
|
2017-12-01 00:11:00 +01:00
|
|
|
break;
|
|
|
|
case 'cc':
|
|
|
|
$cc = array_merge( (array) $cc, explode( ',', $content ) );
|
|
|
|
break;
|
|
|
|
case 'bcc':
|
|
|
|
$bcc = array_merge( (array) $bcc, explode( ',', $content ) );
|
|
|
|
break;
|
|
|
|
case 'reply-to':
|
|
|
|
$reply_to = array_merge( (array) $reply_to, explode( ',', $content ) );
|
|
|
|
break;
|
|
|
|
default:
|
2020-01-29 01:45:18 +01:00
|
|
|
// Add it to our grand headers array.
|
2017-12-01 00:11:00 +01:00
|
|
|
$headers[ trim( $name ) ] = trim( $content );
|
|
|
|
break;
|
|
|
|
}
|
2007-06-02 05:18:24 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2007-06-14 04:25:30 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Empty out the values that may be set.
|
2017-12-01 00:11:00 +01:00
|
|
|
$phpmailer->clearAllRecipients();
|
|
|
|
$phpmailer->clearAttachments();
|
|
|
|
$phpmailer->clearCustomHeaders();
|
|
|
|
$phpmailer->clearReplyTos();
|
2022-10-17 13:42:11 +02:00
|
|
|
$phpmailer->Body = '';
|
|
|
|
$phpmailer->AltBody = '';
|
2009-03-18 03:43:45 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Set "From" name and email.
|
|
|
|
|
|
|
|
// If we don't have a name from the input headers.
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! isset( $from_name ) ) {
|
|
|
|
$from_name = 'WordPress';
|
2007-06-02 05:18:24 +02:00
|
|
|
}
|
2007-06-14 04:25:30 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
/*
|
|
|
|
* If we don't have an email from the input headers, default to wordpress@$sitename
|
|
|
|
* Some hosts will block outgoing mail from this address if it doesn't exist,
|
|
|
|
* but there's no easy alternative. Defaulting to admin_email might appear to be
|
|
|
|
* another option, but some hosts may refuse to relay mail from an unknown domain.
|
|
|
|
* See https://core.trac.wordpress.org/ticket/5007.
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
|
|
|
if ( ! isset( $from_email ) ) {
|
|
|
|
// Get the site domain and get rid of www.
|
Code Modernization: Check the return type of `wp_parse_url()` in `wp_mail()`.
As per the PHP manual:
> If the `component` parameter is omitted, an associative array is returned.
> If the `component` parameter is specified, `parse_url()` returns a string (or an int, in the case of `PHP_URL_PORT`) instead of an array. If the requested component doesn't exist within the given URL, `null` will be returned.
Reference: [https://www.php.net/manual/en/function.parse-url.php#refsect1-function.parse-url-returnvalues PHP Manual: parse_url(): Return Values]
In PHP 8.1, if the home URL does not have a "host" component, it would lead to a `substr(): Passing null to parameter #1 ($string) of type string is deprecated` notice.
Changing the logic around and adding validation for the return type value of `wp_parse_url()` prevents that.
Follow-up to [48601], [51606], [51622], [51626], [51629], [51630].
Props dennisatyoast, jrf.
See #54730.
Built from https://develop.svn.wordpress.org/trunk@52799
git-svn-id: http://core.svn.wordpress.org/trunk@52388 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-02-25 14:48:00 +01:00
|
|
|
$sitename = wp_parse_url( network_home_url(), PHP_URL_HOST );
|
|
|
|
$from_email = 'wordpress@';
|
|
|
|
|
|
|
|
if ( null !== $sitename ) {
|
|
|
|
if ( 'www.' === substr( $sitename, 0, 4 ) ) {
|
|
|
|
$sitename = substr( $sitename, 4 );
|
|
|
|
}
|
Mail: Improve handling of UTF-8 address headers.
Previously, `wp_mail()` implemented Reply-To as a generic header, using
PHPMailer's `addCustomHeader()`. As such, the email address portion of
the header was being incorrectly encoded when the name portion
contained UTF-8 characters. Switching to PHPMailer's more specific
`addReplyTo()` method fixes the issue.
For greater readability, the handling of all address-related headers
(To, CC, BCC, Reply-To) has been standardized.
Props szepe.viktor, iandunn, bpetty, stephenharris.
Fixes #21659.
Built from https://develop.svn.wordpress.org/trunk@38058
git-svn-id: http://core.svn.wordpress.org/trunk@37999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 20:04:28 +02:00
|
|
|
|
Code Modernization: Check the return type of `wp_parse_url()` in `wp_mail()`.
As per the PHP manual:
> If the `component` parameter is omitted, an associative array is returned.
> If the `component` parameter is specified, `parse_url()` returns a string (or an int, in the case of `PHP_URL_PORT`) instead of an array. If the requested component doesn't exist within the given URL, `null` will be returned.
Reference: [https://www.php.net/manual/en/function.parse-url.php#refsect1-function.parse-url-returnvalues PHP Manual: parse_url(): Return Values]
In PHP 8.1, if the home URL does not have a "host" component, it would lead to a `substr(): Passing null to parameter #1 ($string) of type string is deprecated` notice.
Changing the logic around and adding validation for the return type value of `wp_parse_url()` prevents that.
Follow-up to [48601], [51606], [51622], [51626], [51629], [51630].
Props dennisatyoast, jrf.
See #54730.
Built from https://develop.svn.wordpress.org/trunk@52799
git-svn-id: http://core.svn.wordpress.org/trunk@52388 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-02-25 14:48:00 +01:00
|
|
|
$from_email .= $sitename;
|
|
|
|
}
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2010-02-27 17:10:45 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Filters the email address to send from.
|
|
|
|
*
|
|
|
|
* @since 2.2.0
|
|
|
|
*
|
|
|
|
* @param string $from_email Email address to send from.
|
|
|
|
*/
|
|
|
|
$from_email = apply_filters( 'wp_mail_from', $from_email );
|
2016-12-30 07:44:40 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Filters the name to associate with the "from" email address.
|
|
|
|
*
|
|
|
|
* @since 2.3.0
|
|
|
|
*
|
|
|
|
* @param string $from_name Name associated with the "from" email address.
|
|
|
|
*/
|
|
|
|
$from_name = apply_filters( 'wp_mail_from_name', $from_name );
|
2007-06-14 04:25:30 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
try {
|
|
|
|
$phpmailer->setFrom( $from_email, $from_name, false );
|
2020-06-12 17:47:07 +02:00
|
|
|
} catch ( PHPMailer\PHPMailer\Exception $e ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
$mail_error_data = compact( 'to', 'subject', 'message', 'headers', 'attachments' );
|
|
|
|
$mail_error_data['phpmailer_exception_code'] = $e->getCode();
|
2007-06-14 04:25:30 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/** This filter is documented in wp-includes/pluggable.php */
|
|
|
|
do_action( 'wp_mail_failed', new WP_Error( 'wp_mail_failed', $e->getMessage(), $mail_error_data ) );
|
Mail: Improve handling of UTF-8 address headers.
Previously, `wp_mail()` implemented Reply-To as a generic header, using
PHPMailer's `addCustomHeader()`. As such, the email address portion of
the header was being incorrectly encoded when the name portion
contained UTF-8 characters. Switching to PHPMailer's more specific
`addReplyTo()` method fixes the issue.
For greater readability, the handling of all address-related headers
(To, CC, BCC, Reply-To) has been standardized.
Props szepe.viktor, iandunn, bpetty, stephenharris.
Fixes #21659.
Built from https://develop.svn.wordpress.org/trunk@38058
git-svn-id: http://core.svn.wordpress.org/trunk@37999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 20:04:28 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
return false;
|
2008-06-16 22:02:10 +02:00
|
|
|
}
|
2010-02-27 17:10:45 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Set mail's subject and body.
|
2017-12-01 00:11:00 +01:00
|
|
|
$phpmailer->Subject = $subject;
|
|
|
|
$phpmailer->Body = $message;
|
Mail: Improve handling of UTF-8 address headers.
Previously, `wp_mail()` implemented Reply-To as a generic header, using
PHPMailer's `addCustomHeader()`. As such, the email address portion of
the header was being incorrectly encoded when the name portion
contained UTF-8 characters. Switching to PHPMailer's more specific
`addReplyTo()` method fixes the issue.
For greater readability, the handling of all address-related headers
(To, CC, BCC, Reply-To) has been standardized.
Props szepe.viktor, iandunn, bpetty, stephenharris.
Fixes #21659.
Built from https://develop.svn.wordpress.org/trunk@38058
git-svn-id: http://core.svn.wordpress.org/trunk@37999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 20:04:28 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Set destination addresses, using appropriate methods for handling addresses.
|
2017-12-01 00:11:00 +01:00
|
|
|
$address_headers = compact( 'to', 'cc', 'bcc', 'reply_to' );
|
Mail: Improve handling of UTF-8 address headers.
Previously, `wp_mail()` implemented Reply-To as a generic header, using
PHPMailer's `addCustomHeader()`. As such, the email address portion of
the header was being incorrectly encoded when the name portion
contained UTF-8 characters. Switching to PHPMailer's more specific
`addReplyTo()` method fixes the issue.
For greater readability, the handling of all address-related headers
(To, CC, BCC, Reply-To) has been standardized.
Props szepe.viktor, iandunn, bpetty, stephenharris.
Fixes #21659.
Built from https://develop.svn.wordpress.org/trunk@38058
git-svn-id: http://core.svn.wordpress.org/trunk@37999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 20:04:28 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
foreach ( $address_headers as $address_header => $addresses ) {
|
|
|
|
if ( empty( $addresses ) ) {
|
2011-04-28 20:16:01 +02:00
|
|
|
continue;
|
|
|
|
}
|
2008-06-16 22:02:10 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
foreach ( (array) $addresses as $address ) {
|
|
|
|
try {
|
2020-01-29 01:45:18 +01:00
|
|
|
// Break $recipient into name and address parts if in the format "Foo <bar@baz.com>".
|
2017-12-01 00:11:00 +01:00
|
|
|
$recipient_name = '';
|
2007-06-14 04:25:30 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( preg_match( '/(.*)<(.+)>/', $address, $matches ) ) {
|
Coding Standards: Use strict comparison where `count()` is involved.
Follow-up to [1636], [6974], [8114], [10322], [13326], [14760], [18006], [18541], [19743], [23249], [24115], [33359].
Props aristath, poena, afercia, SergeyBiryukov.
See #57839.
Built from https://develop.svn.wordpress.org/trunk@55642
git-svn-id: http://core.svn.wordpress.org/trunk@55154 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-04-10 14:56:21 +02:00
|
|
|
if ( count( $matches ) === 3 ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
$recipient_name = $matches[1];
|
|
|
|
$address = $matches[2];
|
|
|
|
}
|
|
|
|
}
|
2007-06-14 04:25:30 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
switch ( $address_header ) {
|
|
|
|
case 'to':
|
|
|
|
$phpmailer->addAddress( $address, $recipient_name );
|
|
|
|
break;
|
|
|
|
case 'cc':
|
|
|
|
$phpmailer->addCc( $address, $recipient_name );
|
|
|
|
break;
|
|
|
|
case 'bcc':
|
|
|
|
$phpmailer->addBcc( $address, $recipient_name );
|
|
|
|
break;
|
|
|
|
case 'reply_to':
|
|
|
|
$phpmailer->addReplyTo( $address, $recipient_name );
|
|
|
|
break;
|
|
|
|
}
|
2020-06-12 17:47:07 +02:00
|
|
|
} catch ( PHPMailer\PHPMailer\Exception $e ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2007-06-26 22:18:56 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Set to use PHP's mail().
|
2017-12-01 00:11:00 +01:00
|
|
|
$phpmailer->isMail();
|
2009-04-30 09:25:47 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Set Content-Type and charset.
|
|
|
|
|
2023-02-03 14:35:20 +01:00
|
|
|
// If we don't have a Content-Type from the input headers.
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! isset( $content_type ) ) {
|
|
|
|
$content_type = 'text/plain';
|
|
|
|
}
|
2007-06-14 04:25:30 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Filters the wp_mail() content type.
|
|
|
|
*
|
|
|
|
* @since 2.3.0
|
|
|
|
*
|
|
|
|
* @param string $content_type Default wp_mail() content type.
|
|
|
|
*/
|
|
|
|
$content_type = apply_filters( 'wp_mail_content_type', $content_type );
|
2007-06-14 04:25:30 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$phpmailer->ContentType = $content_type;
|
2014-03-28 22:21:15 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Set whether it's plaintext, depending on $content_type.
|
2020-05-16 20:42:12 +02:00
|
|
|
if ( 'text/html' === $content_type ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
$phpmailer->isHTML( true );
|
|
|
|
}
|
2007-06-14 04:25:30 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// If we don't have a charset from the input headers.
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! isset( $charset ) ) {
|
|
|
|
$charset = get_bloginfo( 'charset' );
|
2007-02-25 21:23:25 +01:00
|
|
|
}
|
2010-02-27 17:10:45 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Filters the default wp_mail() charset.
|
|
|
|
*
|
|
|
|
* @since 2.3.0
|
|
|
|
*
|
|
|
|
* @param string $charset Default email charset.
|
|
|
|
*/
|
|
|
|
$phpmailer->CharSet = apply_filters( 'wp_mail_charset', $charset );
|
2008-10-16 22:57:49 +02:00
|
|
|
|
2019-09-14 22:14:54 +02:00
|
|
|
// Set custom headers.
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! empty( $headers ) ) {
|
|
|
|
foreach ( (array) $headers as $name => $content ) {
|
2019-09-14 22:14:54 +02:00
|
|
|
// Only add custom headers not added automatically by PHPMailer.
|
2020-04-05 05:02:11 +02:00
|
|
|
if ( ! in_array( $name, array( 'MIME-Version', 'X-Mailer' ), true ) ) {
|
2020-06-12 17:47:07 +02:00
|
|
|
try {
|
|
|
|
$phpmailer->addCustomHeader( sprintf( '%1$s: %2$s', $name, $content ) );
|
|
|
|
} catch ( PHPMailer\PHPMailer\Exception $e ) {
|
|
|
|
continue;
|
|
|
|
}
|
2019-09-14 22:14:54 +02:00
|
|
|
}
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2007-06-14 04:25:30 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( false !== stripos( $content_type, 'multipart' ) && ! empty( $boundary ) ) {
|
2020-06-12 17:47:07 +02:00
|
|
|
$phpmailer->addCustomHeader( sprintf( 'Content-Type: %s; boundary="%s"', $content_type, $boundary ) );
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
|
|
|
}
|
2015-09-16 01:51:23 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! empty( $attachments ) ) {
|
2023-01-05 11:49:16 +01:00
|
|
|
foreach ( $attachments as $filename => $attachment ) {
|
|
|
|
$filename = is_string( $filename ) ? $filename : '';
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
try {
|
2023-01-05 11:49:16 +01:00
|
|
|
$phpmailer->addAttachment( $attachment, $filename );
|
2020-06-12 17:47:07 +02:00
|
|
|
} catch ( PHPMailer\PHPMailer\Exception $e ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2015-09-16 17:13:26 +02:00
|
|
|
|
2015-09-16 01:51:23 +02:00
|
|
|
/**
|
2017-12-01 00:11:00 +01:00
|
|
|
* Fires after PHPMailer is initialized.
|
2015-09-16 01:51:23 +02:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @since 2.2.0
|
2015-09-16 01:51:23 +02:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @param PHPMailer $phpmailer The PHPMailer instance (passed by reference).
|
2015-09-16 01:51:23 +02:00
|
|
|
*/
|
2017-12-01 00:11:00 +01:00
|
|
|
do_action_ref_array( 'phpmailer_init', array( &$phpmailer ) );
|
2015-09-16 01:51:23 +02:00
|
|
|
|
2021-11-09 23:27:59 +01:00
|
|
|
$mail_data = compact( 'to', 'subject', 'message', 'headers', 'attachments' );
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
// Send!
|
|
|
|
try {
|
2021-11-09 23:27:59 +01:00
|
|
|
$send = $phpmailer->send();
|
2017-12-01 00:11:00 +01:00
|
|
|
|
2021-11-09 23:27:59 +01:00
|
|
|
/**
|
2022-04-28 11:54:16 +02:00
|
|
|
* Fires after PHPMailer has successfully sent an email.
|
2021-11-09 23:27:59 +01:00
|
|
|
*
|
2022-04-28 11:54:16 +02:00
|
|
|
* The firing of this action does not necessarily mean that the recipient(s) received the
|
2021-11-09 23:27:59 +01:00
|
|
|
* email successfully. It only means that the `send` method above was able to
|
|
|
|
* process the request without any errors.
|
|
|
|
*
|
|
|
|
* @since 5.9.0
|
|
|
|
*
|
2022-04-28 11:54:16 +02:00
|
|
|
* @param array $mail_data {
|
|
|
|
* An array containing the email recipient(s), subject, message, headers, and attachments.
|
|
|
|
*
|
|
|
|
* @type string[] $to Email addresses to send message.
|
|
|
|
* @type string $subject Email subject.
|
|
|
|
* @type string $message Message contents.
|
|
|
|
* @type string[] $headers Additional headers.
|
|
|
|
* @type string[] $attachments Paths to files to attach.
|
|
|
|
* }
|
2021-11-09 23:27:59 +01:00
|
|
|
*/
|
|
|
|
do_action( 'wp_mail_succeeded', $mail_data );
|
|
|
|
|
|
|
|
return $send;
|
|
|
|
} catch ( PHPMailer\PHPMailer\Exception $e ) {
|
|
|
|
$mail_data['phpmailer_exception_code'] = $e->getCode();
|
2017-12-01 00:11:00 +01:00
|
|
|
|
|
|
|
/**
|
2020-06-12 17:47:07 +02:00
|
|
|
* Fires after a PHPMailer\PHPMailer\Exception is caught.
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
|
|
|
* @since 4.4.0
|
|
|
|
*
|
2020-06-12 17:47:07 +02:00
|
|
|
* @param WP_Error $error A WP_Error object with the PHPMailer\PHPMailer\Exception message, and an array
|
2017-12-01 00:11:00 +01:00
|
|
|
* containing the mail recipient, subject, message, headers, and attachments.
|
|
|
|
*/
|
2021-11-09 23:27:59 +01:00
|
|
|
do_action( 'wp_mail_failed', new WP_Error( 'wp_mail_failed', $e->getMessage(), $mail_data ) );
|
2017-12-01 00:11:00 +01:00
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
2011-04-28 20:16:01 +02:00
|
|
|
}
|
2005-04-20 05:37:23 +02:00
|
|
|
endif;
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'wp_authenticate' ) ) :
|
2014-03-28 22:21:15 +01:00
|
|
|
/**
|
2022-06-07 00:35:10 +02:00
|
|
|
* Authenticates a user, confirming the login credentials are valid.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @since 2.5.0
|
2016-03-17 09:06:27 +01:00
|
|
|
* @since 4.5.0 `$username` now accepts an email address.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @param string $username User's username or email address.
|
|
|
|
* @param string $password User's password.
|
|
|
|
* @return WP_User|WP_Error WP_User object if the credentials are valid,
|
|
|
|
* otherwise WP_Error.
|
2014-03-28 22:21:15 +01:00
|
|
|
*/
|
2017-12-01 00:11:00 +01:00
|
|
|
function wp_authenticate( $username, $password ) {
|
|
|
|
$username = sanitize_user( $username );
|
|
|
|
$password = trim( $password );
|
2009-02-23 18:33:02 +01:00
|
|
|
|
2014-03-28 22:21:15 +01:00
|
|
|
/**
|
2017-12-01 00:11:00 +01:00
|
|
|
* Filters whether a set of user login credentials are valid.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* A WP_User object is returned if the credentials authenticate a user.
|
|
|
|
* WP_Error or null otherwise.
|
|
|
|
*
|
|
|
|
* @since 2.8.0
|
|
|
|
* @since 4.5.0 `$username` now accepts an email address.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @param null|WP_User|WP_Error $user WP_User if the user is authenticated.
|
|
|
|
* WP_Error or null otherwise.
|
|
|
|
* @param string $username Username or email address.
|
2022-06-07 00:35:10 +02:00
|
|
|
* @param string $password User password.
|
2014-03-28 22:21:15 +01:00
|
|
|
*/
|
2017-12-01 00:11:00 +01:00
|
|
|
$user = apply_filters( 'authenticate', null, $username, $password );
|
2007-12-02 06:14:11 +01:00
|
|
|
|
2020-02-09 17:55:09 +01:00
|
|
|
if ( null == $user ) {
|
2020-01-29 01:45:18 +01:00
|
|
|
// TODO: What should the error message be? (Or would these even happen?)
|
2017-12-01 00:11:00 +01:00
|
|
|
// Only needed if all authentication handlers fail to return anything.
|
2022-06-02 17:05:13 +02:00
|
|
|
$user = new WP_Error( 'authentication_failed', __( '<strong>Error:</strong> Invalid username, email address or incorrect password.' ) );
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2008-01-22 20:35:19 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$ignore_codes = array( 'empty_username', 'empty_password' );
|
|
|
|
|
2020-04-05 05:02:11 +02:00
|
|
|
if ( is_wp_error( $user ) && ! in_array( $user->get_error_code(), $ignore_codes, true ) ) {
|
2019-12-17 16:36:01 +01:00
|
|
|
$error = $user;
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Fires after a user login has failed.
|
|
|
|
*
|
|
|
|
* @since 2.5.0
|
|
|
|
* @since 4.5.0 The value of `$username` can now be an email address.
|
2019-12-17 16:36:01 +01:00
|
|
|
* @since 5.4.0 The `$error` parameter was added.
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
2019-12-17 16:36:01 +01:00
|
|
|
* @param string $username Username or email address.
|
|
|
|
* @param WP_Error $error A WP_Error object with the authentication failure details.
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
2019-12-17 16:36:01 +01:00
|
|
|
do_action( 'wp_login_failed', $username, $error );
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2014-03-28 22:21:15 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
return $user;
|
|
|
|
}
|
|
|
|
endif;
|
|
|
|
|
|
|
|
if ( ! function_exists( 'wp_logout' ) ) :
|
2014-03-28 22:21:15 +01:00
|
|
|
/**
|
2022-06-07 00:35:10 +02:00
|
|
|
* Logs the current user out.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @since 2.5.0
|
2014-03-28 22:21:15 +01:00
|
|
|
*/
|
2017-12-01 00:11:00 +01:00
|
|
|
function wp_logout() {
|
2020-04-07 18:14:10 +02:00
|
|
|
$user_id = get_current_user_id();
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
wp_destroy_current_session();
|
|
|
|
wp_clear_auth_cookie();
|
2019-10-12 05:10:03 +02:00
|
|
|
wp_set_current_user( 0 );
|
2007-12-16 18:41:59 +01:00
|
|
|
|
2014-03-28 22:21:15 +01:00
|
|
|
/**
|
2020-04-07 18:14:10 +02:00
|
|
|
* Fires after a user is logged out.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @since 1.5.0
|
2020-04-07 18:14:10 +02:00
|
|
|
* @since 5.5.0 Added the `$user_id` parameter.
|
|
|
|
*
|
|
|
|
* @param int $user_id ID of the user that was logged out.
|
2014-03-28 22:21:15 +01:00
|
|
|
*/
|
2020-04-07 18:14:10 +02:00
|
|
|
do_action( 'wp_logout', $user_id );
|
2008-08-21 02:08:25 +02:00
|
|
|
}
|
2017-12-01 00:11:00 +01:00
|
|
|
endif;
|
2008-04-25 08:20:18 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'wp_validate_auth_cookie' ) ) :
|
|
|
|
/**
|
|
|
|
* Validates authentication cookie.
|
|
|
|
*
|
|
|
|
* The checks include making sure that the authentication cookie is set and
|
|
|
|
* pulling in the contents (if $cookie is not used).
|
|
|
|
*
|
|
|
|
* Makes sure the cookie is not expired. Verifies the hash in cookie is what is
|
|
|
|
* should be and compares the two.
|
|
|
|
*
|
|
|
|
* @since 2.5.0
|
|
|
|
*
|
|
|
|
* @global int $login_grace_period
|
|
|
|
*
|
2019-08-17 15:23:55 +02:00
|
|
|
* @param string $cookie Optional. If used, will validate contents instead of cookie's.
|
|
|
|
* @param string $scheme Optional. The cookie scheme to use: 'auth', 'secure_auth', or 'logged_in'.
|
2020-01-11 19:32:05 +01:00
|
|
|
* @return int|false User ID if valid cookie, false if invalid.
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
|
|
|
function wp_validate_auth_cookie( $cookie = '', $scheme = '' ) {
|
2019-07-03 01:42:58 +02:00
|
|
|
$cookie_elements = wp_parse_auth_cookie( $cookie, $scheme );
|
|
|
|
if ( ! $cookie_elements ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Fires if an authentication cookie is malformed.
|
|
|
|
*
|
|
|
|
* @since 2.7.0
|
|
|
|
*
|
|
|
|
* @param string $cookie Malformed auth cookie.
|
|
|
|
* @param string $scheme Authentication scheme. Values include 'auth', 'secure_auth',
|
|
|
|
* or 'logged_in'.
|
|
|
|
*/
|
|
|
|
do_action( 'auth_cookie_malformed', $cookie, $scheme );
|
|
|
|
return false;
|
|
|
|
}
|
2007-12-16 18:41:59 +01:00
|
|
|
|
2019-07-03 01:42:58 +02:00
|
|
|
$scheme = $cookie_elements['scheme'];
|
|
|
|
$username = $cookie_elements['username'];
|
|
|
|
$hmac = $cookie_elements['hmac'];
|
|
|
|
$token = $cookie_elements['token'];
|
|
|
|
$expired = $cookie_elements['expiration'];
|
|
|
|
$expiration = $cookie_elements['expiration'];
|
2007-12-16 18:41:59 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Allow a grace period for POST and Ajax requests.
|
2020-05-16 20:42:12 +02:00
|
|
|
if ( wp_doing_ajax() || 'POST' === $_SERVER['REQUEST_METHOD'] ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
$expired += HOUR_IN_SECONDS;
|
|
|
|
}
|
2007-12-16 18:41:59 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Quick check to see if an honest cookie has expired.
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( $expired < time() ) {
|
|
|
|
/**
|
|
|
|
* Fires once an authentication cookie has expired.
|
|
|
|
*
|
|
|
|
* @since 2.7.0
|
|
|
|
*
|
2022-04-28 11:54:16 +02:00
|
|
|
* @param string[] $cookie_elements {
|
|
|
|
* Authentication cookie components. None of the components should be assumed
|
|
|
|
* to be valid as they come directly from a client-provided cookie value.
|
|
|
|
*
|
|
|
|
* @type string $username User's username.
|
|
|
|
* @type string $expiration The time the cookie expires as a UNIX timestamp.
|
|
|
|
* @type string $token User's session token used.
|
|
|
|
* @type string $hmac The security hash for the cookie.
|
|
|
|
* @type string $scheme The cookie scheme to use.
|
|
|
|
* }
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
|
|
|
do_action( 'auth_cookie_expired', $cookie_elements );
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
$user = get_user_by( 'login', $username );
|
|
|
|
if ( ! $user ) {
|
|
|
|
/**
|
|
|
|
* Fires if a bad username is entered in the user authentication process.
|
|
|
|
*
|
|
|
|
* @since 2.7.0
|
|
|
|
*
|
2022-04-28 11:54:16 +02:00
|
|
|
* @param string[] $cookie_elements {
|
|
|
|
* Authentication cookie components. None of the components should be assumed
|
|
|
|
* to be valid as they come directly from a client-provided cookie value.
|
|
|
|
*
|
|
|
|
* @type string $username User's username.
|
|
|
|
* @type string $expiration The time the cookie expires as a UNIX timestamp.
|
|
|
|
* @type string $token User's session token used.
|
|
|
|
* @type string $hmac The security hash for the cookie.
|
|
|
|
* @type string $scheme The cookie scheme to use.
|
|
|
|
* }
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
|
|
|
do_action( 'auth_cookie_bad_username', $cookie_elements );
|
|
|
|
return false;
|
|
|
|
}
|
2009-02-03 06:03:16 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$pass_frag = substr( $user->user_pass, 8, 4 );
|
2009-02-03 06:03:16 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$key = wp_hash( $username . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme );
|
2014-09-20 19:28:18 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
// If ext/hash is not present, compat.php's hash_hmac() does not support sha256.
|
|
|
|
$algo = function_exists( 'hash' ) ? 'sha256' : 'sha1';
|
|
|
|
$hash = hash_hmac( $algo, $username . '|' . $expiration . '|' . $token, $key );
|
|
|
|
|
|
|
|
if ( ! hash_equals( $hash, $hmac ) ) {
|
|
|
|
/**
|
|
|
|
* Fires if a bad authentication cookie hash is encountered.
|
|
|
|
*
|
|
|
|
* @since 2.7.0
|
|
|
|
*
|
2022-04-28 11:54:16 +02:00
|
|
|
* @param string[] $cookie_elements {
|
|
|
|
* Authentication cookie components. None of the components should be assumed
|
|
|
|
* to be valid as they come directly from a client-provided cookie value.
|
|
|
|
*
|
|
|
|
* @type string $username User's username.
|
|
|
|
* @type string $expiration The time the cookie expires as a UNIX timestamp.
|
|
|
|
* @type string $token User's session token used.
|
|
|
|
* @type string $hmac The security hash for the cookie.
|
|
|
|
* @type string $scheme The cookie scheme to use.
|
|
|
|
* }
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
|
|
|
do_action( 'auth_cookie_bad_hash', $cookie_elements );
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
$manager = WP_Session_Tokens::get_instance( $user->ID );
|
|
|
|
if ( ! $manager->verify( $token ) ) {
|
2019-10-27 01:46:00 +02:00
|
|
|
/**
|
|
|
|
* Fires if a bad session token is encountered.
|
|
|
|
*
|
|
|
|
* @since 4.0.0
|
|
|
|
*
|
2022-04-28 11:54:16 +02:00
|
|
|
* @param string[] $cookie_elements {
|
|
|
|
* Authentication cookie components. None of the components should be assumed
|
|
|
|
* to be valid as they come directly from a client-provided cookie value.
|
|
|
|
*
|
|
|
|
* @type string $username User's username.
|
|
|
|
* @type string $expiration The time the cookie expires as a UNIX timestamp.
|
|
|
|
* @type string $token User's session token used.
|
|
|
|
* @type string $hmac The security hash for the cookie.
|
|
|
|
* @type string $scheme The cookie scheme to use.
|
|
|
|
* }
|
2019-10-27 01:46:00 +02:00
|
|
|
*/
|
2017-12-01 00:11:00 +01:00
|
|
|
do_action( 'auth_cookie_bad_session_token', $cookie_elements );
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Ajax/POST grace period set above.
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( $expiration < time() ) {
|
|
|
|
$GLOBALS['login_grace_period'] = 1;
|
|
|
|
}
|
2008-02-05 07:47:27 +01:00
|
|
|
|
2014-03-28 22:21:15 +01:00
|
|
|
/**
|
2017-12-01 00:11:00 +01:00
|
|
|
* Fires once an authentication cookie has been validated.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
|
|
|
* @since 2.7.0
|
|
|
|
*
|
2022-04-28 11:54:16 +02:00
|
|
|
* @param string[] $cookie_elements {
|
|
|
|
* Authentication cookie components.
|
|
|
|
*
|
|
|
|
* @type string $username User's username.
|
|
|
|
* @type string $expiration The time the cookie expires as a UNIX timestamp.
|
|
|
|
* @type string $token User's session token used.
|
|
|
|
* @type string $hmac The security hash for the cookie.
|
|
|
|
* @type string $scheme The cookie scheme to use.
|
|
|
|
* }
|
2019-10-26 23:09:04 +02:00
|
|
|
* @param WP_User $user User object.
|
2014-03-28 22:21:15 +01:00
|
|
|
*/
|
2017-12-01 00:11:00 +01:00
|
|
|
do_action( 'auth_cookie_valid', $cookie_elements, $user );
|
2014-07-18 11:13:15 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
return $user->ID;
|
2014-05-15 08:11:13 +02:00
|
|
|
}
|
2017-12-01 00:11:00 +01:00
|
|
|
endif;
|
2009-10-11 13:26:59 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'wp_generate_auth_cookie' ) ) :
|
2014-03-28 22:21:15 +01:00
|
|
|
/**
|
2019-08-17 15:23:55 +02:00
|
|
|
* Generates authentication cookie contents.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @since 2.5.0
|
|
|
|
* @since 4.0.0 The `$token` parameter was added.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2019-08-17 15:23:55 +02:00
|
|
|
* @param int $user_id User ID.
|
2017-12-01 00:11:00 +01:00
|
|
|
* @param int $expiration The time the cookie expires as a UNIX timestamp.
|
2019-08-17 15:23:55 +02:00
|
|
|
* @param string $scheme Optional. The cookie scheme to use: 'auth', 'secure_auth', or 'logged_in'.
|
|
|
|
* Default 'auth'.
|
|
|
|
* @param string $token User's session token to use for this cookie.
|
2017-12-01 00:11:00 +01:00
|
|
|
* @return string Authentication cookie contents. Empty string if user does not exist.
|
2014-03-28 22:21:15 +01:00
|
|
|
*/
|
2017-12-01 00:11:00 +01:00
|
|
|
function wp_generate_auth_cookie( $user_id, $expiration, $scheme = 'auth', $token = '' ) {
|
|
|
|
$user = get_userdata( $user_id );
|
|
|
|
if ( ! $user ) {
|
|
|
|
return '';
|
|
|
|
}
|
2007-12-16 18:41:59 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! $token ) {
|
|
|
|
$manager = WP_Session_Tokens::get_instance( $user_id );
|
|
|
|
$token = $manager->create( $expiration );
|
|
|
|
}
|
2014-07-18 11:13:15 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$pass_frag = substr( $user->user_pass, 8, 4 );
|
2007-12-31 18:50:32 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$key = wp_hash( $user->user_login . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme );
|
2009-02-03 06:03:16 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
// If ext/hash is not present, compat.php's hash_hmac() does not support sha256.
|
|
|
|
$algo = function_exists( 'hash' ) ? 'sha256' : 'sha1';
|
|
|
|
$hash = hash_hmac( $algo, $user->user_login . '|' . $expiration . '|' . $token, $key );
|
2014-09-20 19:28:18 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$cookie = $user->user_login . '|' . $expiration . '|' . $token . '|' . $hash;
|
2007-12-31 18:50:32 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Filters the authentication cookie.
|
|
|
|
*
|
|
|
|
* @since 2.5.0
|
|
|
|
* @since 4.0.0 The `$token` parameter was added.
|
|
|
|
*
|
|
|
|
* @param string $cookie Authentication cookie.
|
|
|
|
* @param int $user_id User ID.
|
|
|
|
* @param int $expiration The time the cookie expires as a UNIX timestamp.
|
|
|
|
* @param string $scheme Cookie scheme used. Accepts 'auth', 'secure_auth', or 'logged_in'.
|
|
|
|
* @param string $token User's session token used.
|
|
|
|
*/
|
|
|
|
return apply_filters( 'auth_cookie', $cookie, $user_id, $expiration, $scheme, $token );
|
|
|
|
}
|
|
|
|
endif;
|
2007-12-31 18:50:32 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'wp_parse_auth_cookie' ) ) :
|
2014-03-28 22:21:15 +01:00
|
|
|
/**
|
2019-08-17 15:23:55 +02:00
|
|
|
* Parses a cookie into its components.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @since 2.7.0
|
2022-08-04 16:52:11 +02:00
|
|
|
* @since 4.0.0 The `$token` element was added to the return value.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2019-08-17 15:23:55 +02:00
|
|
|
* @param string $cookie Authentication cookie.
|
|
|
|
* @param string $scheme Optional. The cookie scheme to use: 'auth', 'secure_auth', or 'logged_in'.
|
2022-04-28 11:54:16 +02:00
|
|
|
* @return string[]|false {
|
|
|
|
* Authentication cookie components. None of the components should be assumed
|
|
|
|
* to be valid as they come directly from a client-provided cookie value. If
|
|
|
|
* the cookie value is malformed, false is returned.
|
|
|
|
*
|
|
|
|
* @type string $username User's username.
|
|
|
|
* @type string $expiration The time the cookie expires as a UNIX timestamp.
|
|
|
|
* @type string $token User's session token used.
|
|
|
|
* @type string $hmac The security hash for the cookie.
|
|
|
|
* @type string $scheme The cookie scheme to use.
|
|
|
|
* }
|
2014-03-28 22:21:15 +01:00
|
|
|
*/
|
2017-12-01 00:11:00 +01:00
|
|
|
function wp_parse_auth_cookie( $cookie = '', $scheme = '' ) {
|
|
|
|
if ( empty( $cookie ) ) {
|
|
|
|
switch ( $scheme ) {
|
|
|
|
case 'auth':
|
2008-08-25 23:09:26 +02:00
|
|
|
$cookie_name = AUTH_COOKIE;
|
2017-12-01 00:11:00 +01:00
|
|
|
break;
|
|
|
|
case 'secure_auth':
|
|
|
|
$cookie_name = SECURE_AUTH_COOKIE;
|
|
|
|
break;
|
|
|
|
case 'logged_in':
|
|
|
|
$cookie_name = LOGGED_IN_COOKIE;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
if ( is_ssl() ) {
|
|
|
|
$cookie_name = SECURE_AUTH_COOKIE;
|
|
|
|
$scheme = 'secure_auth';
|
|
|
|
} else {
|
|
|
|
$cookie_name = AUTH_COOKIE;
|
|
|
|
$scheme = 'auth';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if ( empty( $_COOKIE[ $cookie_name ] ) ) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
$cookie = $_COOKIE[ $cookie_name ];
|
|
|
|
}
|
2008-08-21 02:08:25 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$cookie_elements = explode( '|', $cookie );
|
|
|
|
if ( count( $cookie_elements ) !== 4 ) {
|
2008-08-21 02:08:25 +02:00
|
|
|
return false;
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2008-08-21 02:08:25 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
list( $username, $expiration, $token, $hmac ) = $cookie_elements;
|
|
|
|
|
|
|
|
return compact( 'username', 'expiration', 'token', 'hmac', 'scheme' );
|
2014-07-18 11:13:15 +02:00
|
|
|
}
|
2017-12-01 00:11:00 +01:00
|
|
|
endif;
|
|
|
|
|
|
|
|
if ( ! function_exists( 'wp_set_auth_cookie' ) ) :
|
|
|
|
/**
|
2019-08-17 15:23:55 +02:00
|
|
|
* Sets the authentication cookies based on user ID.
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
|
|
|
* The $remember parameter increases the time that the cookie will be kept. The
|
|
|
|
* default the cookie is kept without remembering is two days. When $remember is
|
|
|
|
* set, the cookies will be kept for 14 days or two weeks.
|
|
|
|
*
|
|
|
|
* @since 2.5.0
|
|
|
|
* @since 4.3.0 Added the `$token` parameter.
|
|
|
|
*
|
2020-03-01 11:38:07 +01:00
|
|
|
* @param int $user_id User ID.
|
|
|
|
* @param bool $remember Whether to remember the user.
|
|
|
|
* @param bool|string $secure Whether the auth cookie should only be sent over HTTPS. Default is an empty
|
|
|
|
* string which means the value of `is_ssl()` will be used.
|
|
|
|
* @param string $token Optional. User's session token to use for this cookie.
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
|
|
|
function wp_set_auth_cookie( $user_id, $remember = false, $secure = '', $token = '' ) {
|
|
|
|
if ( $remember ) {
|
|
|
|
/**
|
|
|
|
* Filters the duration of the authentication cookie expiration period.
|
|
|
|
*
|
|
|
|
* @since 2.8.0
|
|
|
|
*
|
|
|
|
* @param int $length Duration of the expiration period in seconds.
|
|
|
|
* @param int $user_id User ID.
|
|
|
|
* @param bool $remember Whether to remember the user login. Default false.
|
|
|
|
*/
|
|
|
|
$expiration = time() + apply_filters( 'auth_cookie_expiration', 14 * DAY_IN_SECONDS, $user_id, $remember );
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Ensure the browser will continue to send the cookie after the expiration time is reached.
|
|
|
|
* Needed for the login grace period in wp_validate_auth_cookie().
|
|
|
|
*/
|
|
|
|
$expire = $expiration + ( 12 * HOUR_IN_SECONDS );
|
|
|
|
} else {
|
|
|
|
/** This filter is documented in wp-includes/pluggable.php */
|
|
|
|
$expiration = time() + apply_filters( 'auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, $remember );
|
|
|
|
$expire = 0;
|
|
|
|
}
|
2008-08-21 02:08:25 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( '' === $secure ) {
|
|
|
|
$secure = is_ssl();
|
|
|
|
}
|
2008-08-21 02:08:25 +02:00
|
|
|
|
2020-03-01 11:40:07 +01:00
|
|
|
// Front-end cookie is secure when the auth cookie is secure and the site's home URL uses HTTPS.
|
2017-12-01 00:11:00 +01:00
|
|
|
$secure_logged_in_cookie = $secure && 'https' === parse_url( get_option( 'home' ), PHP_URL_SCHEME );
|
2008-08-21 02:08:25 +02:00
|
|
|
|
2014-03-28 22:21:15 +01:00
|
|
|
/**
|
2020-03-01 11:40:07 +01:00
|
|
|
* Filters whether the auth cookie should only be sent over HTTPS.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @since 3.1.0
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2020-03-01 11:40:07 +01:00
|
|
|
* @param bool $secure Whether the cookie should only be sent over HTTPS.
|
2017-12-01 00:11:00 +01:00
|
|
|
* @param int $user_id User ID.
|
2014-03-28 22:21:15 +01:00
|
|
|
*/
|
2017-12-01 00:11:00 +01:00
|
|
|
$secure = apply_filters( 'secure_auth_cookie', $secure, $user_id );
|
2014-03-28 22:21:15 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
2020-03-01 11:40:07 +01:00
|
|
|
* Filters whether the logged in cookie should only be sent over HTTPS.
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
|
|
|
* @since 3.1.0
|
|
|
|
*
|
2020-03-01 11:40:07 +01:00
|
|
|
* @param bool $secure_logged_in_cookie Whether the logged in cookie should only be sent over HTTPS.
|
2017-12-01 00:11:00 +01:00
|
|
|
* @param int $user_id User ID.
|
2020-03-01 11:40:07 +01:00
|
|
|
* @param bool $secure Whether the auth cookie should only be sent over HTTPS.
|
2014-03-28 22:21:15 +01:00
|
|
|
*/
|
2017-12-01 00:11:00 +01:00
|
|
|
$secure_logged_in_cookie = apply_filters( 'secure_logged_in_cookie', $secure_logged_in_cookie, $user_id, $secure );
|
2008-06-11 19:25:55 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( $secure ) {
|
|
|
|
$auth_cookie_name = SECURE_AUTH_COOKIE;
|
|
|
|
$scheme = 'secure_auth';
|
|
|
|
} else {
|
|
|
|
$auth_cookie_name = AUTH_COOKIE;
|
|
|
|
$scheme = 'auth';
|
|
|
|
}
|
2014-03-28 22:21:15 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( '' === $token ) {
|
|
|
|
$manager = WP_Session_Tokens::get_instance( $user_id );
|
|
|
|
$token = $manager->create( $expiration );
|
|
|
|
}
|
2007-12-16 18:41:59 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$auth_cookie = wp_generate_auth_cookie( $user_id, $expiration, $scheme, $token );
|
|
|
|
$logged_in_cookie = wp_generate_auth_cookie( $user_id, $expiration, 'logged_in', $token );
|
2014-07-18 11:13:15 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Fires immediately before the authentication cookie is set.
|
|
|
|
*
|
|
|
|
* @since 2.5.0
|
|
|
|
* @since 4.9.0 The `$token` parameter was added.
|
|
|
|
*
|
2018-09-14 15:35:25 +02:00
|
|
|
* @param string $auth_cookie Authentication cookie value.
|
2017-12-01 00:11:00 +01:00
|
|
|
* @param int $expire The time the login grace period expires as a UNIX timestamp.
|
|
|
|
* Default is 12 hours past the cookie's expiration time.
|
|
|
|
* @param int $expiration The time when the authentication cookie expires as a UNIX timestamp.
|
|
|
|
* Default is 14 days from now.
|
|
|
|
* @param int $user_id User ID.
|
2018-09-14 15:35:25 +02:00
|
|
|
* @param string $scheme Authentication scheme. Values include 'auth' or 'secure_auth'.
|
2017-12-01 00:11:00 +01:00
|
|
|
* @param string $token User's session token to use for this cookie.
|
|
|
|
*/
|
|
|
|
do_action( 'set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme, $token );
|
2007-12-24 09:01:55 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Fires immediately before the logged-in authentication cookie is set.
|
|
|
|
*
|
|
|
|
* @since 2.6.0
|
|
|
|
* @since 4.9.0 The `$token` parameter was added.
|
|
|
|
*
|
2018-09-14 15:35:25 +02:00
|
|
|
* @param string $logged_in_cookie The logged-in cookie value.
|
2017-12-01 00:11:00 +01:00
|
|
|
* @param int $expire The time the login grace period expires as a UNIX timestamp.
|
|
|
|
* Default is 12 hours past the cookie's expiration time.
|
|
|
|
* @param int $expiration The time when the logged-in authentication cookie expires as a UNIX timestamp.
|
|
|
|
* Default is 14 days from now.
|
|
|
|
* @param int $user_id User ID.
|
|
|
|
* @param string $scheme Authentication scheme. Default 'logged_in'.
|
|
|
|
* @param string $token User's session token to use for this cookie.
|
|
|
|
*/
|
|
|
|
do_action( 'set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in', $token );
|
2014-03-28 22:21:15 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Allows preventing auth cookies from actually being sent to the client.
|
|
|
|
*
|
|
|
|
* @since 4.7.4
|
2023-02-07 14:46:17 +01:00
|
|
|
* @since 6.2.0 The `$expire`, `$expiration`, `$user_id`, `$scheme`, and `$token` parameters were added.
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
2023-01-31 13:18:22 +01:00
|
|
|
* @param bool $send Whether to send auth cookies to the client. Default true.
|
2023-01-31 09:46:13 +01:00
|
|
|
* @param int $expire The time the login grace period expires as a UNIX timestamp.
|
2023-01-31 13:18:22 +01:00
|
|
|
* Default is 12 hours past the cookie's expiration time. Zero when clearing cookies.
|
2023-01-31 09:46:13 +01:00
|
|
|
* @param int $expiration The time when the logged-in authentication cookie expires as a UNIX timestamp.
|
|
|
|
* Default is 14 days from now. Zero when clearing cookies.
|
2023-02-07 13:30:17 +01:00
|
|
|
* @param int $user_id User ID. Zero when clearing cookies.
|
2023-02-07 14:46:17 +01:00
|
|
|
* @param string $scheme Authentication scheme. Values include 'auth' or 'secure_auth'.
|
2023-02-07 14:53:18 +01:00
|
|
|
* Empty string when clearing cookies.
|
2023-01-31 09:46:13 +01:00
|
|
|
* @param string $token User's session token to use for this cookie. Empty string when clearing cookies.
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
2023-02-07 14:46:17 +01:00
|
|
|
if ( ! apply_filters( 'send_auth_cookies', true, $expire, $expiration, $user_id, $scheme, $token ) ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
return;
|
|
|
|
}
|
2008-05-27 19:46:01 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
setcookie( $auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true );
|
|
|
|
setcookie( $auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true );
|
|
|
|
setcookie( LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true );
|
|
|
|
if ( COOKIEPATH != SITECOOKIEPATH ) {
|
|
|
|
setcookie( LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true );
|
|
|
|
}
|
2017-03-10 15:33:46 +01:00
|
|
|
}
|
2007-12-16 18:41:59 +01:00
|
|
|
endif;
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'wp_clear_auth_cookie' ) ) :
|
2014-03-28 22:21:15 +01:00
|
|
|
/**
|
2017-12-01 00:11:00 +01:00
|
|
|
* Removes all of the cookies associated with authentication.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @since 2.5.0
|
2014-03-28 22:21:15 +01:00
|
|
|
*/
|
2017-12-01 00:11:00 +01:00
|
|
|
function wp_clear_auth_cookie() {
|
|
|
|
/**
|
|
|
|
* Fires just before the authentication cookies are cleared.
|
|
|
|
*
|
|
|
|
* @since 2.7.0
|
|
|
|
*/
|
|
|
|
do_action( 'clear_auth_cookie' );
|
2005-04-20 05:37:23 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/** This filter is documented in wp-includes/pluggable.php */
|
2023-02-07 14:53:18 +01:00
|
|
|
if ( ! apply_filters( 'send_auth_cookies', true, 0, 0, 0, '', '' ) ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
return;
|
|
|
|
}
|
2006-02-12 08:53:23 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Auth cookies.
|
2017-12-01 00:11:00 +01:00
|
|
|
setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN );
|
|
|
|
setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN );
|
|
|
|
setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN );
|
|
|
|
setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN );
|
|
|
|
setcookie( LOGGED_IN_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
|
|
|
|
setcookie( LOGGED_IN_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Settings cookies.
|
2017-12-01 00:11:00 +01:00
|
|
|
setcookie( 'wp-settings-' . get_current_user_id(), ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH );
|
|
|
|
setcookie( 'wp-settings-time-' . get_current_user_id(), ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Old cookies.
|
2017-12-01 00:11:00 +01:00
|
|
|
setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
|
|
|
|
setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
|
|
|
|
setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
|
|
|
|
setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Even older cookies.
|
2017-12-01 00:11:00 +01:00
|
|
|
setcookie( USER_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
|
|
|
|
setcookie( PASS_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
|
|
|
|
setcookie( USER_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
|
|
|
|
setcookie( PASS_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
|
2018-05-26 14:43:23 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Post password cookie.
|
2018-05-27 03:33:22 +02:00
|
|
|
setcookie( 'wp-postpass_' . COOKIEHASH, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2005-12-15 17:31:41 +01:00
|
|
|
endif;
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'is_user_logged_in' ) ) :
|
2014-03-28 22:21:15 +01:00
|
|
|
/**
|
2018-02-13 17:54:31 +01:00
|
|
|
* Determines whether the current visitor is a logged in user.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2018-02-13 17:54:31 +01:00
|
|
|
* For more information on this and similar theme functions, check out
|
2018-03-18 15:23:33 +01:00
|
|
|
* the {@link https://developer.wordpress.org/themes/basics/conditional-tags/
|
2018-02-13 17:54:31 +01:00
|
|
|
* Conditional Tags} article in the Theme Developer Handbook.
|
2018-03-18 15:23:33 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @since 2.0.0
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @return bool True if user is logged in, false if not logged in.
|
2014-03-28 22:21:15 +01:00
|
|
|
*/
|
2017-12-01 00:11:00 +01:00
|
|
|
function is_user_logged_in() {
|
|
|
|
$user = wp_get_current_user();
|
2011-01-06 05:08:23 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
return $user->exists();
|
2005-04-20 05:37:23 +02:00
|
|
|
}
|
2017-12-01 00:11:00 +01:00
|
|
|
endif;
|
2008-05-27 19:46:01 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'auth_redirect' ) ) :
|
2016-06-07 22:49:30 +02:00
|
|
|
/**
|
2017-12-01 00:11:00 +01:00
|
|
|
* Checks if a user is logged in, if not it redirects them to the login page.
|
2016-06-07 22:49:30 +02:00
|
|
|
*
|
2019-09-01 15:03:55 +02:00
|
|
|
* When this code is called from a page, it checks to see if the user viewing the page is logged in.
|
|
|
|
* If the user is not logged in, they are redirected to the login page. The user is redirected
|
|
|
|
* in such a way that, upon logging in, they will be sent directly to the page they were originally
|
|
|
|
* trying to access.
|
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @since 1.5.0
|
2016-06-07 22:49:30 +02:00
|
|
|
*/
|
2017-12-01 00:11:00 +01:00
|
|
|
function auth_redirect() {
|
|
|
|
$secure = ( is_ssl() || force_ssl_admin() );
|
2010-10-07 21:34:18 +02:00
|
|
|
|
2014-03-28 22:21:15 +01:00
|
|
|
/**
|
2017-12-01 00:11:00 +01:00
|
|
|
* Filters whether to use a secure authentication redirect.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @since 3.1.0
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @param bool $secure Whether to use a secure authentication redirect. Default false.
|
2014-03-28 22:21:15 +01:00
|
|
|
*/
|
2017-12-01 00:11:00 +01:00
|
|
|
$secure = apply_filters( 'secure_auth_redirect', $secure );
|
2009-03-03 00:42:28 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// If https is required and request is http, redirect.
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( $secure && ! is_ssl() && false !== strpos( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) {
|
Code Modernization: Replace usage of `strpos()` with `str_starts_with()`.
`str_starts_with()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins with the given substring (needle).
WordPress core includes a polyfill for `str_starts_with()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `0 === strpos( ... )` with `str_starts_with()` in core files, making the code more readable and consistent, as well as improving performance.
While `strpos()` is slightly faster than the polyfill on PHP < 8.0, `str_starts_with()` is noticeably faster on PHP 8.0+, as it is optimized to avoid unnecessarily searching along the whole haystack if it does not find the needle.
Follow-up to [52039], [52040], [52326].
Props spacedmonkey, costdev, sabernhardt, mukesh27, desrosj, jorbin, TobiasBg, ayeshrajans, lgadzhev, SergeyBiryukov.
Fixes #58012.
Built from https://develop.svn.wordpress.org/trunk@55703
git-svn-id: http://core.svn.wordpress.org/trunk@55215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-02 17:45:22 +02:00
|
|
|
if ( str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) {
|
2012-08-30 15:33:00 +02:00
|
|
|
wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
|
2020-05-26 11:37:10 +02:00
|
|
|
exit;
|
2008-08-21 19:40:38 +02:00
|
|
|
} else {
|
2012-08-30 15:33:00 +02:00
|
|
|
wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
|
2020-05-26 11:37:10 +02:00
|
|
|
exit;
|
2008-08-21 19:40:38 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Filters the authentication redirect scheme.
|
|
|
|
*
|
|
|
|
* @since 2.9.0
|
|
|
|
*
|
|
|
|
* @param string $scheme Authentication redirect scheme. Default empty.
|
|
|
|
*/
|
|
|
|
$scheme = apply_filters( 'auth_redirect_scheme', '' );
|
|
|
|
|
2019-07-03 01:42:58 +02:00
|
|
|
$user_id = wp_validate_auth_cookie( '', $scheme );
|
|
|
|
if ( $user_id ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Fires before the authentication redirect.
|
|
|
|
*
|
|
|
|
* @since 2.8.0
|
|
|
|
*
|
|
|
|
* @param int $user_id User ID.
|
|
|
|
*/
|
|
|
|
do_action( 'auth_redirect', $user_id );
|
|
|
|
|
|
|
|
// If the user wants ssl but the session is not ssl, redirect.
|
|
|
|
if ( ! $secure && get_user_option( 'use_ssl', $user_id ) && false !== strpos( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) {
|
Code Modernization: Replace usage of `strpos()` with `str_starts_with()`.
`str_starts_with()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins with the given substring (needle).
WordPress core includes a polyfill for `str_starts_with()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `0 === strpos( ... )` with `str_starts_with()` in core files, making the code more readable and consistent, as well as improving performance.
While `strpos()` is slightly faster than the polyfill on PHP < 8.0, `str_starts_with()` is noticeably faster on PHP 8.0+, as it is optimized to avoid unnecessarily searching along the whole haystack if it does not find the needle.
Follow-up to [52039], [52040], [52326].
Props spacedmonkey, costdev, sabernhardt, mukesh27, desrosj, jorbin, TobiasBg, ayeshrajans, lgadzhev, SergeyBiryukov.
Fixes #58012.
Built from https://develop.svn.wordpress.org/trunk@55703
git-svn-id: http://core.svn.wordpress.org/trunk@55215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-02 17:45:22 +02:00
|
|
|
if ( str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
|
2020-05-26 11:37:10 +02:00
|
|
|
exit;
|
2017-12-01 00:11:00 +01:00
|
|
|
} else {
|
|
|
|
wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
|
2020-05-26 11:37:10 +02:00
|
|
|
exit;
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
|
|
|
}
|
2008-05-27 19:46:01 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
return; // The cookie is good, so we're done.
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2008-11-19 06:07:24 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// The cookie is no good, so force login.
|
2017-12-01 00:11:00 +01:00
|
|
|
nocache_headers();
|
2008-05-27 19:46:01 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$redirect = ( strpos( $_SERVER['REQUEST_URI'], '/options.php' ) && wp_get_referer() ) ? wp_get_referer() : set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
|
2005-04-20 05:37:23 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$login_url = wp_login_url( $redirect, true );
|
2011-06-08 18:56:26 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
wp_redirect( $login_url );
|
2020-05-26 11:37:10 +02:00
|
|
|
exit;
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
|
|
|
endif;
|
2014-03-28 22:21:15 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'check_admin_referer' ) ) :
|
2014-03-28 22:21:15 +01:00
|
|
|
/**
|
2019-06-25 19:07:52 +02:00
|
|
|
* Ensures intent by verifying that a user was referred from another admin page with the correct security nonce.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2019-06-25 19:07:52 +02:00
|
|
|
* This function ensures the user intends to perform a given action, which helps protect against clickjacking style
|
2023-01-10 10:30:13 +01:00
|
|
|
* attacks. It verifies intent, not authorization, therefore it does not verify the user's capabilities. This should
|
2019-06-25 19:07:52 +02:00
|
|
|
* be performed with `current_user_can()` or similar.
|
|
|
|
*
|
|
|
|
* If the nonce value is invalid, the function will exit with an "Are You Sure?" style message.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @since 1.2.0
|
2019-06-25 19:07:52 +02:00
|
|
|
* @since 2.5.0 The `$query_arg` parameter was added.
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
2019-06-25 19:07:52 +02:00
|
|
|
* @param int|string $action The nonce action.
|
|
|
|
* @param string $query_arg Optional. Key to check for nonce in `$_REQUEST`. Default '_wpnonce'.
|
2020-01-11 19:32:05 +01:00
|
|
|
* @return int|false 1 if the nonce is valid and generated between 0-12 hours ago,
|
|
|
|
* 2 if the nonce is valid and generated between 12-24 hours ago.
|
|
|
|
* False if the nonce is invalid.
|
2014-03-28 22:21:15 +01:00
|
|
|
*/
|
2017-12-01 00:11:00 +01:00
|
|
|
function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
|
2019-10-14 17:40:04 +02:00
|
|
|
if ( -1 === $action ) {
|
2021-05-21 12:49:57 +02:00
|
|
|
_doing_it_wrong( __FUNCTION__, __( 'You should specify an action to be verified by using the first parameter.' ), '3.2.0' );
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2015-07-01 05:37:23 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$adminurl = strtolower( admin_url() );
|
|
|
|
$referer = strtolower( wp_get_referer() );
|
|
|
|
$result = isset( $_REQUEST[ $query_arg ] ) ? wp_verify_nonce( $_REQUEST[ $query_arg ], $action ) : false;
|
2015-07-01 05:37:23 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Fires once the admin request has been validated or not.
|
|
|
|
*
|
|
|
|
* @since 1.5.1
|
|
|
|
*
|
|
|
|
* @param string $action The nonce action.
|
|
|
|
* @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between
|
|
|
|
* 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
|
|
|
|
*/
|
|
|
|
do_action( 'check_admin_referer', $action, $result );
|
2006-03-29 03:51:55 +02:00
|
|
|
|
Code Modernization: Replace usage of `strpos()` with `str_starts_with()`.
`str_starts_with()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins with the given substring (needle).
WordPress core includes a polyfill for `str_starts_with()` on PHP < 8.0 as of WordPress 5.9.
This commit replaces `0 === strpos( ... )` with `str_starts_with()` in core files, making the code more readable and consistent, as well as improving performance.
While `strpos()` is slightly faster than the polyfill on PHP < 8.0, `str_starts_with()` is noticeably faster on PHP 8.0+, as it is optimized to avoid unnecessarily searching along the whole haystack if it does not find the needle.
Follow-up to [52039], [52040], [52326].
Props spacedmonkey, costdev, sabernhardt, mukesh27, desrosj, jorbin, TobiasBg, ayeshrajans, lgadzhev, SergeyBiryukov.
Fixes #58012.
Built from https://develop.svn.wordpress.org/trunk@55703
git-svn-id: http://core.svn.wordpress.org/trunk@55215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-02 17:45:22 +02:00
|
|
|
if ( ! $result && ! ( -1 === $action && str_starts_with( $referer, $adminurl ) ) ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
wp_nonce_ays( $action );
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
|
|
|
|
return $result;
|
2016-08-28 19:15:28 +02:00
|
|
|
}
|
2017-12-01 00:11:00 +01:00
|
|
|
endif;
|
2016-08-28 19:15:28 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'check_ajax_referer' ) ) :
|
|
|
|
/**
|
|
|
|
* Verifies the Ajax request to prevent processing requests external of the blog.
|
|
|
|
*
|
|
|
|
* @since 2.0.3
|
|
|
|
*
|
|
|
|
* @param int|string $action Action nonce.
|
|
|
|
* @param false|string $query_arg Optional. Key to check for the nonce in `$_REQUEST` (since 2.5). If false,
|
|
|
|
* `$_REQUEST` values will be evaluated for '_ajax_nonce', and '_wpnonce'
|
|
|
|
* (in that order). Default false.
|
Code Modernization: Rename parameters that use reserved keywords in `wp-includes/pluggable.php`.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$die` parameter to `$stop` in `check_ajax_referer()`.
* Renames the `$default` parameter to `$fallback_url` in `wp_validate_redirect()`.
* Renames the `$default` parameter to `$default_value` in `get_avatar()`.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932], [54933], [54938], [54943], [54944], [54945], [54946], [54947], [54948], [54950], [54951].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54952
git-svn-id: http://core.svn.wordpress.org/trunk@54504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-09 01:24:17 +01:00
|
|
|
* @param bool $stop Optional. Whether to stop early when the nonce cannot be verified.
|
2017-12-01 00:11:00 +01:00
|
|
|
* Default true.
|
2020-01-11 19:32:05 +01:00
|
|
|
* @return int|false 1 if the nonce is valid and generated between 0-12 hours ago,
|
|
|
|
* 2 if the nonce is valid and generated between 12-24 hours ago.
|
|
|
|
* False if the nonce is invalid.
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
Code Modernization: Rename parameters that use reserved keywords in `wp-includes/pluggable.php`.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$die` parameter to `$stop` in `check_ajax_referer()`.
* Renames the `$default` parameter to `$fallback_url` in `wp_validate_redirect()`.
* Renames the `$default` parameter to `$default_value` in `get_avatar()`.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932], [54933], [54938], [54943], [54944], [54945], [54946], [54947], [54948], [54950], [54951].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54952
git-svn-id: http://core.svn.wordpress.org/trunk@54504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-09 01:24:17 +01:00
|
|
|
function check_ajax_referer( $action = -1, $query_arg = false, $stop = true ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( -1 == $action ) {
|
2021-05-22 15:09:56 +02:00
|
|
|
_doing_it_wrong( __FUNCTION__, __( 'You should specify an action to be verified by using the first parameter.' ), '4.7.0' );
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2013-09-14 00:18:08 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$nonce = '';
|
2007-09-19 21:32:34 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( $query_arg && isset( $_REQUEST[ $query_arg ] ) ) {
|
|
|
|
$nonce = $_REQUEST[ $query_arg ];
|
|
|
|
} elseif ( isset( $_REQUEST['_ajax_nonce'] ) ) {
|
|
|
|
$nonce = $_REQUEST['_ajax_nonce'];
|
|
|
|
} elseif ( isset( $_REQUEST['_wpnonce'] ) ) {
|
|
|
|
$nonce = $_REQUEST['_wpnonce'];
|
|
|
|
}
|
2008-03-18 03:43:20 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$result = wp_verify_nonce( $nonce, $action );
|
2008-03-18 03:43:20 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Fires once the Ajax request has been validated or not.
|
|
|
|
*
|
|
|
|
* @since 2.1.0
|
|
|
|
*
|
|
|
|
* @param string $action The Ajax nonce action.
|
|
|
|
* @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between
|
|
|
|
* 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
|
|
|
|
*/
|
|
|
|
do_action( 'check_ajax_referer', $action, $result );
|
|
|
|
|
Code Modernization: Rename parameters that use reserved keywords in `wp-includes/pluggable.php`.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$die` parameter to `$stop` in `check_ajax_referer()`.
* Renames the `$default` parameter to `$fallback_url` in `wp_validate_redirect()`.
* Renames the `$default` parameter to `$default_value` in `get_avatar()`.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932], [54933], [54938], [54943], [54944], [54945], [54946], [54947], [54948], [54950], [54951].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54952
git-svn-id: http://core.svn.wordpress.org/trunk@54504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-09 01:24:17 +01:00
|
|
|
if ( $stop && false === $result ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( wp_doing_ajax() ) {
|
|
|
|
wp_die( -1, 403 );
|
|
|
|
} else {
|
|
|
|
die( '-1' );
|
|
|
|
}
|
2015-08-26 01:25:21 +02:00
|
|
|
}
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
return $result;
|
|
|
|
}
|
2006-03-29 03:51:55 +02:00
|
|
|
endif;
|
2006-01-30 00:06:58 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'wp_redirect' ) ) :
|
2013-09-04 10:31:09 +02:00
|
|
|
/**
|
2017-12-01 00:11:00 +01:00
|
|
|
* Redirects to another page.
|
2013-09-04 10:31:09 +02:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* Note: wp_redirect() does not exit automatically, and should almost always be
|
|
|
|
* followed by a call to `exit;`:
|
2013-09-04 10:31:09 +02:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* wp_redirect( $url );
|
|
|
|
* exit;
|
2013-09-04 10:31:09 +02:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* Exiting can also be selectively manipulated by using wp_redirect() as a conditional
|
2023-01-15 02:01:15 +01:00
|
|
|
* in conjunction with the {@see 'wp_redirect'} and {@see 'wp_redirect_status'} filters:
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
|
|
|
* if ( wp_redirect( $url ) ) {
|
|
|
|
* exit;
|
|
|
|
* }
|
|
|
|
*
|
|
|
|
* @since 1.5.1
|
2019-01-03 19:11:52 +01:00
|
|
|
* @since 5.1.0 The `$x_redirect_by` parameter was added.
|
2019-11-03 23:10:02 +01:00
|
|
|
* @since 5.4.0 On invalid status codes, wp_die() is called.
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
|
|
|
* @global bool $is_IIS
|
2013-09-04 10:31:09 +02:00
|
|
|
*
|
2018-02-01 16:06:35 +01:00
|
|
|
* @param string $location The path or URL to redirect to.
|
|
|
|
* @param int $status Optional. HTTP response status code to use. Default '302' (Moved Temporarily).
|
|
|
|
* @param string $x_redirect_by Optional. The application doing the redirect. Default 'WordPress'.
|
2022-10-21 23:51:14 +02:00
|
|
|
* @return bool False if the redirect was canceled, true otherwise.
|
2013-09-04 10:31:09 +02:00
|
|
|
*/
|
2018-02-01 16:06:35 +01:00
|
|
|
function wp_redirect( $location, $status = 302, $x_redirect_by = 'WordPress' ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
global $is_IIS;
|
2008-08-09 07:36:14 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Filters the redirect location.
|
|
|
|
*
|
|
|
|
* @since 2.1.0
|
|
|
|
*
|
|
|
|
* @param string $location The path or URL to redirect to.
|
|
|
|
* @param int $status The HTTP response status code to use.
|
|
|
|
*/
|
|
|
|
$location = apply_filters( 'wp_redirect', $location, $status );
|
2013-08-06 19:44:32 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Filters the redirect HTTP response status code to use.
|
|
|
|
*
|
|
|
|
* @since 2.3.0
|
|
|
|
*
|
|
|
|
* @param int $status The HTTP response status code to use.
|
|
|
|
* @param string $location The path or URL to redirect to.
|
|
|
|
*/
|
|
|
|
$status = apply_filters( 'wp_redirect_status', $status, $location );
|
|
|
|
|
|
|
|
if ( ! $location ) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2019-11-04 13:59:01 +01:00
|
|
|
if ( $status < 300 || 399 < $status ) {
|
2019-11-03 23:10:02 +01:00
|
|
|
wp_die( __( 'HTTP redirect status code must be a redirection code, 3xx.' ) );
|
|
|
|
}
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$location = wp_sanitize_redirect( $location );
|
|
|
|
|
2020-05-16 20:42:12 +02:00
|
|
|
if ( ! $is_IIS && 'cgi-fcgi' !== PHP_SAPI ) {
|
2020-01-29 01:45:18 +01:00
|
|
|
status_header( $status ); // This causes problems on IIS and some FastCGI setups.
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
|
|
|
|
2017-12-18 02:04:52 +01:00
|
|
|
/**
|
|
|
|
* Filters the X-Redirect-By header.
|
|
|
|
*
|
|
|
|
* Allows applications to identify themselves when they're doing a redirect.
|
|
|
|
*
|
2019-01-03 19:11:52 +01:00
|
|
|
* @since 5.1.0
|
2017-12-18 02:04:52 +01:00
|
|
|
*
|
|
|
|
* @param string $x_redirect_by The application doing the redirect.
|
|
|
|
* @param int $status Status code to use.
|
|
|
|
* @param string $location The path to redirect to.
|
|
|
|
*/
|
2018-02-01 16:06:35 +01:00
|
|
|
$x_redirect_by = apply_filters( 'x_redirect_by', $x_redirect_by, $status, $location );
|
2017-12-18 02:04:52 +01:00
|
|
|
if ( is_string( $x_redirect_by ) ) {
|
2017-12-18 02:11:47 +01:00
|
|
|
header( "X-Redirect-By: $x_redirect_by" );
|
2017-12-18 02:04:52 +01:00
|
|
|
}
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
header( "Location: $location", true, $status );
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
2007-09-19 05:47:37 +02:00
|
|
|
endif;
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'wp_sanitize_redirect' ) ) :
|
|
|
|
/**
|
|
|
|
* Sanitizes a URL for use in a redirect.
|
|
|
|
*
|
|
|
|
* @since 2.3.0
|
|
|
|
*
|
|
|
|
* @param string $location The path to redirect to.
|
|
|
|
* @return string Redirect-sanitized URL.
|
|
|
|
*/
|
|
|
|
function wp_sanitize_redirect( $location ) {
|
2019-10-12 01:54:03 +02:00
|
|
|
// Encode spaces.
|
|
|
|
$location = str_replace( ' ', '%20', $location );
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$regex = '/
|
2015-02-28 03:21:26 +01:00
|
|
|
(
|
|
|
|
(?: [\xC2-\xDF][\x80-\xBF] # double-byte sequences 110xxxxx 10xxxxxx
|
|
|
|
| \xE0[\xA0-\xBF][\x80-\xBF] # triple-byte sequences 1110xxxx 10xxxxxx * 2
|
|
|
|
| [\xE1-\xEC][\x80-\xBF]{2}
|
|
|
|
| \xED[\x80-\x9F][\x80-\xBF]
|
|
|
|
| [\xEE-\xEF][\x80-\xBF]{2}
|
|
|
|
| \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences 11110xxx 10xxxxxx * 3
|
|
|
|
| [\xF1-\xF3][\x80-\xBF]{3}
|
|
|
|
| \xF4[\x80-\x8F][\x80-\xBF]{2}
|
2015-05-06 08:58:24 +02:00
|
|
|
){1,40} # ...one or more times
|
2015-02-28 03:21:26 +01:00
|
|
|
)/x';
|
2017-12-01 00:11:00 +01:00
|
|
|
$location = preg_replace_callback( $regex, '_wp_sanitize_utf8_in_redirect', $location );
|
|
|
|
$location = preg_replace( '|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()@]|i', '', $location );
|
|
|
|
$location = wp_kses_no_null( $location );
|
2006-06-30 02:43:23 +02:00
|
|
|
|
2019-10-12 01:54:03 +02:00
|
|
|
// Remove %0D and %0A from location.
|
2017-12-01 00:11:00 +01:00
|
|
|
$strip = array( '%0d', '%0a', '%0D', '%0A' );
|
|
|
|
return _deep_replace( $strip, $location );
|
|
|
|
}
|
2015-02-28 03:21:26 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
2022-06-07 00:35:10 +02:00
|
|
|
* URL encodes UTF-8 characters in a URL.
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
|
|
|
* @ignore
|
|
|
|
* @since 4.2.0
|
|
|
|
* @access private
|
|
|
|
*
|
|
|
|
* @see wp_sanitize_redirect()
|
|
|
|
*
|
|
|
|
* @param array $matches RegEx matches against the redirect location.
|
|
|
|
* @return string URL-encoded version of the first RegEx match.
|
|
|
|
*/
|
|
|
|
function _wp_sanitize_utf8_in_redirect( $matches ) {
|
|
|
|
return urlencode( $matches[0] );
|
|
|
|
}
|
2005-04-20 05:37:23 +02:00
|
|
|
endif;
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'wp_safe_redirect' ) ) :
|
2015-06-16 07:26:26 +02:00
|
|
|
/**
|
2017-12-01 00:11:00 +01:00
|
|
|
* Performs a safe (local) redirect, using wp_redirect().
|
|
|
|
*
|
|
|
|
* Checks whether the $location is using an allowed host, if it has an absolute
|
|
|
|
* path. A plugin can therefore set or remove allowed host(s) to or from the
|
|
|
|
* list.
|
|
|
|
*
|
|
|
|
* If the host is not allowed, then the redirect defaults to wp-admin on the siteurl
|
|
|
|
* instead. This prevents malicious redirects which redirect to another host,
|
|
|
|
* but only used in a few places.
|
|
|
|
*
|
|
|
|
* Note: wp_safe_redirect() does not exit automatically, and should almost always be
|
|
|
|
* followed by a call to `exit;`:
|
|
|
|
*
|
|
|
|
* wp_safe_redirect( $url );
|
|
|
|
* exit;
|
2015-06-16 22:01:25 +02:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* Exiting can also be selectively manipulated by using wp_safe_redirect() as a conditional
|
2023-01-15 02:01:15 +01:00
|
|
|
* in conjunction with the {@see 'wp_redirect'} and {@see 'wp_redirect_status'} filters:
|
2015-06-16 22:01:25 +02:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* if ( wp_safe_redirect( $url ) ) {
|
|
|
|
* exit;
|
|
|
|
* }
|
|
|
|
*
|
|
|
|
* @since 2.3.0
|
2019-01-03 19:11:52 +01:00
|
|
|
* @since 5.1.0 The return value from wp_redirect() is now passed on, and the `$x_redirect_by` parameter was added.
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
2018-02-04 17:05:32 +01:00
|
|
|
* @param string $location The path or URL to redirect to.
|
|
|
|
* @param int $status Optional. HTTP response status code to use. Default '302' (Moved Temporarily).
|
|
|
|
* @param string $x_redirect_by Optional. The application doing the redirect. Default 'WordPress'.
|
2022-10-21 23:51:14 +02:00
|
|
|
* @return bool False if the redirect was canceled, true otherwise.
|
2015-06-16 07:26:26 +02:00
|
|
|
*/
|
2018-02-04 17:05:32 +01:00
|
|
|
function wp_safe_redirect( $location, $status = 302, $x_redirect_by = 'WordPress' ) {
|
2009-06-19 21:30:17 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Need to look at the URL the way it will end up in wp_redirect().
|
2017-12-01 00:11:00 +01:00
|
|
|
$location = wp_sanitize_redirect( $location );
|
2009-06-19 21:30:17 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Filters the redirect fallback URL for when the provided redirect is not safe (local).
|
|
|
|
*
|
|
|
|
* @since 4.3.0
|
|
|
|
*
|
|
|
|
* @param string $fallback_url The fallback URL to use by default.
|
|
|
|
* @param int $status The HTTP response status code to use.
|
|
|
|
*/
|
Code Modernization: Rename parameters that use reserved keywords in `wp-includes/pluggable.php`.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$die` parameter to `$stop` in `check_ajax_referer()`.
* Renames the `$default` parameter to `$fallback_url` in `wp_validate_redirect()`.
* Renames the `$default` parameter to `$default_value` in `get_avatar()`.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932], [54933], [54938], [54943], [54944], [54945], [54946], [54947], [54948], [54950], [54951].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54952
git-svn-id: http://core.svn.wordpress.org/trunk@54504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-09 01:24:17 +01:00
|
|
|
$fallback_url = apply_filters( 'wp_safe_redirect_fallback', admin_url(), $status );
|
|
|
|
|
|
|
|
$location = wp_validate_redirect( $location, $fallback_url );
|
2016-02-02 16:11:28 +01:00
|
|
|
|
2018-02-04 17:05:32 +01:00
|
|
|
return wp_redirect( $location, $status, $x_redirect_by );
|
2016-02-02 16:11:28 +01:00
|
|
|
}
|
2017-12-01 00:11:00 +01:00
|
|
|
endif;
|
2010-03-29 18:47:17 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'wp_validate_redirect' ) ) :
|
2014-03-28 22:21:15 +01:00
|
|
|
/**
|
2017-12-01 00:11:00 +01:00
|
|
|
* Validates a URL for use in a redirect.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* Checks whether the $location is using an allowed host, if it has an absolute
|
|
|
|
* path. A plugin can therefore set or remove allowed host(s) to or from the
|
|
|
|
* list.
|
|
|
|
*
|
Code Modernization: Rename parameters that use reserved keywords in `wp-includes/pluggable.php`.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$die` parameter to `$stop` in `check_ajax_referer()`.
* Renames the `$default` parameter to `$fallback_url` in `wp_validate_redirect()`.
* Renames the `$default` parameter to `$default_value` in `get_avatar()`.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932], [54933], [54938], [54943], [54944], [54945], [54946], [54947], [54948], [54950], [54951].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54952
git-svn-id: http://core.svn.wordpress.org/trunk@54504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-09 01:24:17 +01:00
|
|
|
* If the host is not allowed, then the redirect is to $fallback_url supplied.
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
|
|
|
* @since 2.8.1
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
Code Modernization: Rename parameters that use reserved keywords in `wp-includes/pluggable.php`.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$die` parameter to `$stop` in `check_ajax_referer()`.
* Renames the `$default` parameter to `$fallback_url` in `wp_validate_redirect()`.
* Renames the `$default` parameter to `$default_value` in `get_avatar()`.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932], [54933], [54938], [54943], [54944], [54945], [54946], [54947], [54948], [54950], [54951].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54952
git-svn-id: http://core.svn.wordpress.org/trunk@54504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-09 01:24:17 +01:00
|
|
|
* @param string $location The redirect to validate.
|
|
|
|
* @param string $fallback_url The value to return if $location is not allowed.
|
|
|
|
* @return string Redirect-sanitized URL.
|
2014-03-28 22:21:15 +01:00
|
|
|
*/
|
Code Modernization: Rename parameters that use reserved keywords in `wp-includes/pluggable.php`.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$die` parameter to `$stop` in `check_ajax_referer()`.
* Renames the `$default` parameter to `$fallback_url` in `wp_validate_redirect()`.
* Renames the `$default` parameter to `$default_value` in `get_avatar()`.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932], [54933], [54938], [54943], [54944], [54945], [54946], [54947], [54948], [54950], [54951].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54952
git-svn-id: http://core.svn.wordpress.org/trunk@54504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-09 01:24:17 +01:00
|
|
|
function wp_validate_redirect( $location, $fallback_url = '' ) {
|
2020-06-10 19:22:28 +02:00
|
|
|
$location = wp_sanitize_redirect( trim( $location, " \t\n\r\0\x08\x0B" ) );
|
2020-01-29 01:45:18 +01:00
|
|
|
// Browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'.
|
2020-05-16 20:42:12 +02:00
|
|
|
if ( '//' === substr( $location, 0, 2 ) ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
$location = 'http:' . $location;
|
|
|
|
}
|
2007-09-19 06:14:53 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// In PHP 5 parse_url() may fail if the URL query part contains 'http://'.
|
|
|
|
// See https://bugs.php.net/bug.php?id=38143
|
2019-07-03 01:42:58 +02:00
|
|
|
$cut = strpos( $location, '?' );
|
|
|
|
$test = $cut ? substr( $location, 0, $cut ) : $location;
|
2007-09-19 00:23:16 +02:00
|
|
|
|
2020-04-24 09:28:10 +02:00
|
|
|
$lp = parse_url( $test );
|
2007-09-19 00:23:16 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Give up if malformed URL.
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( false === $lp ) {
|
Code Modernization: Rename parameters that use reserved keywords in `wp-includes/pluggable.php`.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$die` parameter to `$stop` in `check_ajax_referer()`.
* Renames the `$default` parameter to `$fallback_url` in `wp_validate_redirect()`.
* Renames the `$default` parameter to `$default_value` in `get_avatar()`.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932], [54933], [54938], [54943], [54944], [54945], [54946], [54947], [54948], [54950], [54951].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54952
git-svn-id: http://core.svn.wordpress.org/trunk@54504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-09 01:24:17 +01:00
|
|
|
return $fallback_url;
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2013-11-24 17:26:10 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Allow only 'http' and 'https' schemes. No 'data:', etc.
|
2020-05-16 20:42:12 +02:00
|
|
|
if ( isset( $lp['scheme'] ) && ! ( 'http' === $lp['scheme'] || 'https' === $lp['scheme'] ) ) {
|
Code Modernization: Rename parameters that use reserved keywords in `wp-includes/pluggable.php`.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$die` parameter to `$stop` in `check_ajax_referer()`.
* Renames the `$default` parameter to `$fallback_url` in `wp_validate_redirect()`.
* Renames the `$default` parameter to `$default_value` in `get_avatar()`.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932], [54933], [54938], [54943], [54944], [54945], [54946], [54947], [54948], [54950], [54951].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54952
git-svn-id: http://core.svn.wordpress.org/trunk@54504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-09 01:24:17 +01:00
|
|
|
return $fallback_url;
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2013-09-14 00:18:08 +02:00
|
|
|
|
2019-09-04 18:57:56 +02:00
|
|
|
if ( ! isset( $lp['host'] ) && ! empty( $lp['path'] ) && '/' !== $lp['path'][0] ) {
|
|
|
|
$path = '';
|
|
|
|
if ( ! empty( $_SERVER['REQUEST_URI'] ) ) {
|
|
|
|
$path = dirname( parse_url( 'http://placeholder' . $_SERVER['REQUEST_URI'], PHP_URL_PATH ) . '?' );
|
Formatting: In `wp_validate_redirect()`, normalize the path when validating the location for relative URLs, to account for Windows paths.
Props peterwilsoncc, rconde, jmmathc, mat-lipe, Sixes, justinahinon, cmagrin, daxelrod, SergeyBiryukov.
Fixes #47980.
Built from https://develop.svn.wordpress.org/trunk@46472
git-svn-id: http://core.svn.wordpress.org/trunk@46270 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 12:52:04 +02:00
|
|
|
$path = wp_normalize_path( $path );
|
2019-09-04 18:57:56 +02:00
|
|
|
}
|
|
|
|
$location = '/' . ltrim( $path . '/', '/' ) . $location;
|
|
|
|
}
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Reject if certain components are set but host is not.
|
|
|
|
// This catches URLs like https:host.com for which parse_url() does not set the host field.
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! isset( $lp['host'] ) && ( isset( $lp['scheme'] ) || isset( $lp['user'] ) || isset( $lp['pass'] ) || isset( $lp['port'] ) ) ) {
|
Code Modernization: Rename parameters that use reserved keywords in `wp-includes/pluggable.php`.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$die` parameter to `$stop` in `check_ajax_referer()`.
* Renames the `$default` parameter to `$fallback_url` in `wp_validate_redirect()`.
* Renames the `$default` parameter to `$default_value` in `get_avatar()`.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932], [54933], [54938], [54943], [54944], [54945], [54946], [54947], [54948], [54950], [54951].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54952
git-svn-id: http://core.svn.wordpress.org/trunk@54504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-09 01:24:17 +01:00
|
|
|
return $fallback_url;
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2005-04-20 05:37:23 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
// Reject malformed components parse_url() can return on odd inputs.
|
|
|
|
foreach ( array( 'user', 'pass', 'host' ) as $component ) {
|
|
|
|
if ( isset( $lp[ $component ] ) && strpbrk( $lp[ $component ], ':/?#@' ) ) {
|
Code Modernization: Rename parameters that use reserved keywords in `wp-includes/pluggable.php`.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$die` parameter to `$stop` in `check_ajax_referer()`.
* Renames the `$default` parameter to `$fallback_url` in `wp_validate_redirect()`.
* Renames the `$default` parameter to `$default_value` in `get_avatar()`.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932], [54933], [54938], [54943], [54944], [54945], [54946], [54947], [54948], [54950], [54951].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54952
git-svn-id: http://core.svn.wordpress.org/trunk@54504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-09 01:24:17 +01:00
|
|
|
return $fallback_url;
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
|
|
|
}
|
2013-11-26 05:10:09 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$wpp = parse_url( home_url() );
|
2010-11-06 16:20:50 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 19:26:13 +02:00
|
|
|
* Filters the list of allowed hosts to redirect to.
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
|
|
|
* @since 2.3.0
|
|
|
|
*
|
2019-10-26 23:09:04 +02:00
|
|
|
* @param string[] $hosts An array of allowed host names.
|
|
|
|
* @param string $host The host name of the redirect destination; empty string if not set.
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
|
|
|
$allowed_hosts = (array) apply_filters( 'allowed_redirect_hosts', array( $wpp['host'] ), isset( $lp['host'] ) ? $lp['host'] : '' );
|
|
|
|
|
2020-04-05 05:02:11 +02:00
|
|
|
if ( isset( $lp['host'] ) && ( ! in_array( $lp['host'], $allowed_hosts, true ) && strtolower( $wpp['host'] ) !== $lp['host'] ) ) {
|
Code Modernization: Rename parameters that use reserved keywords in `wp-includes/pluggable.php`.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$die` parameter to `$stop` in `check_ajax_referer()`.
* Renames the `$default` parameter to `$fallback_url` in `wp_validate_redirect()`.
* Renames the `$default` parameter to `$default_value` in `get_avatar()`.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932], [54933], [54938], [54943], [54944], [54945], [54946], [54947], [54948], [54950], [54951].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54952
git-svn-id: http://core.svn.wordpress.org/trunk@54504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-09 01:24:17 +01:00
|
|
|
$location = $fallback_url;
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2013-11-25 02:47:10 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
return $location;
|
|
|
|
}
|
|
|
|
endif;
|
2013-11-25 02:47:10 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'wp_notify_postauthor' ) ) :
|
2013-11-26 05:10:09 +01:00
|
|
|
/**
|
2022-06-07 00:35:10 +02:00
|
|
|
* Notifies an author (and/or others) of a comment/trackback/pingback on a post.
|
2013-11-26 05:10:09 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @since 1.0.0
|
2013-11-26 05:10:09 +01:00
|
|
|
*
|
2020-07-23 23:11:05 +02:00
|
|
|
* @param int|WP_Comment $comment_id Comment ID or WP_Comment object.
|
2022-06-07 00:35:10 +02:00
|
|
|
* @param string $deprecated Not used.
|
2017-12-01 00:11:00 +01:00
|
|
|
* @return bool True on completion. False if no email addresses were specified.
|
2013-11-26 05:10:09 +01:00
|
|
|
*/
|
2017-12-01 00:11:00 +01:00
|
|
|
function wp_notify_postauthor( $comment_id, $deprecated = null ) {
|
|
|
|
if ( null !== $deprecated ) {
|
|
|
|
_deprecated_argument( __FUNCTION__, '3.8.0' );
|
|
|
|
}
|
2013-11-25 02:47:10 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$comment = get_comment( $comment_id );
|
|
|
|
if ( empty( $comment ) || empty( $comment->comment_post_ID ) ) {
|
|
|
|
return false;
|
|
|
|
}
|
2013-11-25 02:47:10 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$post = get_post( $comment->comment_post_ID );
|
|
|
|
$author = get_userdata( $post->post_author );
|
2009-05-25 01:47:49 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
// Who to notify? By default, just the post author, but others can be added.
|
|
|
|
$emails = array();
|
|
|
|
if ( $author ) {
|
|
|
|
$emails[] = $author->user_email;
|
|
|
|
}
|
2013-07-11 00:01:12 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Filters the list of email addresses to receive a comment notification.
|
|
|
|
*
|
|
|
|
* By default, only post authors are notified of comments. This filter allows
|
|
|
|
* others to be added.
|
|
|
|
*
|
|
|
|
* @since 3.7.0
|
|
|
|
*
|
2019-10-26 23:09:04 +02:00
|
|
|
* @param string[] $emails An array of email addresses to receive a comment notification.
|
2021-11-18 14:57:01 +01:00
|
|
|
* @param string $comment_id The comment ID as a numeric string.
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
|
|
|
$emails = apply_filters( 'comment_notification_recipients', $emails, $comment->comment_ID );
|
|
|
|
$emails = array_filter( $emails );
|
|
|
|
|
|
|
|
// If there are no addresses to send the comment to, bail.
|
|
|
|
if ( ! count( $emails ) ) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Facilitate unsetting below without knowing the keys.
|
2013-11-25 02:47:10 +01:00
|
|
|
$emails = array_flip( $emails );
|
2005-04-20 05:37:23 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Filters whether to notify comment authors of their comments on their own posts.
|
|
|
|
*
|
|
|
|
* By default, comment authors aren't notified of their comments on their own
|
|
|
|
* posts. This filter allows you to override that.
|
|
|
|
*
|
|
|
|
* @since 3.8.0
|
|
|
|
*
|
2021-11-18 14:57:01 +01:00
|
|
|
* @param bool $notify Whether to notify the post author of their own comment.
|
|
|
|
* Default false.
|
|
|
|
* @param string $comment_id The comment ID as a numeric string.
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
|
|
|
$notify_author = apply_filters( 'comment_notification_notify_author', false, $comment->comment_ID );
|
2013-07-11 00:01:12 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// The comment was left by the author.
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( $author && ! $notify_author && $comment->user_id == $post->post_author ) {
|
|
|
|
unset( $emails[ $author->user_email ] );
|
|
|
|
}
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// The author moderated a comment on their own post.
|
2020-02-09 17:55:09 +01:00
|
|
|
if ( $author && ! $notify_author && get_current_user_id() == $post->post_author ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
unset( $emails[ $author->user_email ] );
|
|
|
|
}
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// The post author is no longer a member of the blog.
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( $author && ! $notify_author && ! user_can( $post->post_author, 'read_post', $post->ID ) ) {
|
|
|
|
unset( $emails[ $author->user_email ] );
|
|
|
|
}
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// If there's no email to send the comment to, bail, otherwise flip array back around for use below.
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! count( $emails ) ) {
|
|
|
|
return false;
|
2015-09-14 23:40:24 +02:00
|
|
|
} else {
|
2017-12-01 00:11:00 +01:00
|
|
|
$emails = array_flip( $emails );
|
2015-09-14 23:40:24 +02:00
|
|
|
}
|
2005-04-20 05:37:23 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$switched_locale = switch_to_locale( get_locale() );
|
2005-11-11 01:07:39 +01:00
|
|
|
|
2019-07-09 07:45:58 +02:00
|
|
|
$comment_author_domain = '';
|
|
|
|
if ( WP_Http::is_ip_address( $comment->comment_author_IP ) ) {
|
|
|
|
$comment_author_domain = gethostbyaddr( $comment->comment_author_IP );
|
|
|
|
}
|
2005-04-20 05:37:23 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// The blogname option is escaped with esc_html() on the way into the database in sanitize_option().
|
|
|
|
// We want to reverse this for the plain text arena of emails.
|
2017-12-01 00:11:00 +01:00
|
|
|
$blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
|
|
|
|
$comment_content = wp_specialchars_decode( $comment->comment_content );
|
|
|
|
|
|
|
|
switch ( $comment->comment_type ) {
|
|
|
|
case 'trackback':
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: %s: Post title. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message = sprintf( __( 'New trackback on your post "%s"' ), $post->post_title ) . "\r\n";
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: 1: Trackback/pingback website name, 2: Website IP address, 3: Website hostname. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'Website: %1$s (IP address: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: %s: Trackback/pingback/comment author URL. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n";
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: %s: Comment text. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'Comment: %s' ), "\r\n" . $comment_content ) . "\r\n\r\n";
|
|
|
|
$notify_message .= __( 'You can see all trackbacks on this post here:' ) . "\r\n";
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: Trackback notification email subject. 1: Site title, 2: Post title. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$subject = sprintf( __( '[%1$s] Trackback: "%2$s"' ), $blogname, $post->post_title );
|
|
|
|
break;
|
2020-01-27 05:33:04 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
case 'pingback':
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: %s: Post title. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message = sprintf( __( 'New pingback on your post "%s"' ), $post->post_title ) . "\r\n";
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: 1: Trackback/pingback website name, 2: Website IP address, 3: Website hostname. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'Website: %1$s (IP address: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: %s: Trackback/pingback/comment author URL. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n";
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: %s: Comment text. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'Comment: %s' ), "\r\n" . $comment_content ) . "\r\n\r\n";
|
|
|
|
$notify_message .= __( 'You can see all pingbacks on this post here:' ) . "\r\n";
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: Pingback notification email subject. 1: Site title, 2: Post title. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$subject = sprintf( __( '[%1$s] Pingback: "%2$s"' ), $blogname, $post->post_title );
|
|
|
|
break;
|
2020-01-27 05:33:04 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
default: // Comments.
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: %s: Post title. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message = sprintf( __( 'New comment on your post "%s"' ), $post->post_title ) . "\r\n";
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: 1: Comment author's name, 2: Comment author's IP address, 3: Comment author's hostname. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'Author: %1$s (IP address: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: %s: Comment author email. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'Email: %s' ), $comment->comment_author_email ) . "\r\n";
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: %s: Trackback/pingback/comment author URL. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n";
|
2020-01-27 05:33:04 +01:00
|
|
|
|
|
|
|
if ( $comment->comment_parent && user_can( $post->post_author, 'edit_comment', $comment->comment_parent ) ) {
|
|
|
|
/* translators: Comment moderation. %s: Parent comment edit URL. */
|
|
|
|
$notify_message .= sprintf( __( 'In reply to: %s' ), admin_url( "comment.php?action=editcomment&c={$comment->comment_parent}#wpbody-content" ) ) . "\r\n";
|
|
|
|
}
|
|
|
|
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: %s: Comment text. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'Comment: %s' ), "\r\n" . $comment_content ) . "\r\n\r\n";
|
|
|
|
$notify_message .= __( 'You can see all comments on this post here:' ) . "\r\n";
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: Comment notification email subject. 1: Site title, 2: Post title. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$subject = sprintf( __( '[%1$s] Comment: "%2$s"' ), $blogname, $post->post_title );
|
|
|
|
break;
|
|
|
|
}
|
2020-01-27 05:33:04 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= get_permalink( $comment->comment_post_ID ) . "#comments\r\n\r\n";
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: %s: Comment URL. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'Permalink: %s' ), get_comment_link( $comment ) ) . "\r\n";
|
2005-04-20 05:37:23 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( user_can( $post->post_author, 'edit_comment', $comment->comment_ID ) ) {
|
|
|
|
if ( EMPTY_TRASH_DAYS ) {
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: Comment moderation. %s: Comment action URL. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'Trash it: %s' ), admin_url( "comment.php?action=trash&c={$comment->comment_ID}#wpbody-content" ) ) . "\r\n";
|
|
|
|
} else {
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: Comment moderation. %s: Comment action URL. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'Delete it: %s' ), admin_url( "comment.php?action=delete&c={$comment->comment_ID}#wpbody-content" ) ) . "\r\n";
|
|
|
|
}
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: Comment moderation. %s: Comment action URL. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'Spam it: %s' ), admin_url( "comment.php?action=spam&c={$comment->comment_ID}#wpbody-content" ) ) . "\r\n";
|
|
|
|
}
|
2005-11-11 03:00:06 +01:00
|
|
|
|
Mail: Ensure that a server hostname can be set by using `network_home_url()`.
Due to the varying server setups, `$_SERVER['SERVER_NAME'];` can't reliably ensure that there will be a relevant host that could be used as the hostname in an email. Since the `network_home_url()` is set at this point, and is filterable, this should better enable emails to be sent from the server.
Fixes #25239.
Props layotte, SergeyBiryukov, nacin, sreedoap, szepe.viktor, jesin, kitchin, mensmaximus, mt8.biz, Grzegorz.Janoszka, cbutlerjr, dd32, BjornW, neodjandre, BjornW, Ipstenu, ocean90, danielbachhuber, desmith, joemcgill, jdgrimes, riasat, derekakelly, swissspidy, lilmike, tsimmons, robert.peake, DavidAnderson, cloudstek, pigdog234, BjornW, rawrly, pessoft, RedSand, seayou, dvershinin, bastho, chesio, Starbuck, afragen, ocean90, whyisjake.
Built from https://develop.svn.wordpress.org/trunk@48601
git-svn-id: http://core.svn.wordpress.org/trunk@48363 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-24 19:40:06 +02:00
|
|
|
$wp_email = 'wordpress@' . preg_replace( '#^www\.#', '', wp_parse_url( network_home_url(), PHP_URL_HOST ) );
|
2014-03-28 22:21:15 +01:00
|
|
|
|
2020-05-16 20:42:12 +02:00
|
|
|
if ( '' === $comment->comment_author ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
$from = "From: \"$blogname\" <$wp_email>";
|
2020-05-16 20:42:12 +02:00
|
|
|
if ( '' !== $comment->comment_author_email ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
$reply_to = "Reply-To: $comment->comment_author_email";
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
$from = "From: \"$comment->comment_author\" <$wp_email>";
|
2020-05-16 20:42:12 +02:00
|
|
|
if ( '' !== $comment->comment_author_email ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
$reply_to = "Reply-To: \"$comment->comment_author_email\" <$comment->comment_author_email>";
|
|
|
|
}
|
|
|
|
}
|
2014-03-28 22:21:15 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$message_headers = "$from\n"
|
|
|
|
. 'Content-Type: text/plain; charset="' . get_option( 'blog_charset' ) . "\"\n";
|
2013-08-23 21:36:10 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( isset( $reply_to ) ) {
|
|
|
|
$message_headers .= $reply_to . "\n";
|
|
|
|
}
|
2007-06-14 04:25:30 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Filters the comment notification email text.
|
|
|
|
*
|
|
|
|
* @since 1.5.2
|
|
|
|
*
|
|
|
|
* @param string $notify_message The comment notification email text.
|
2021-11-18 14:57:01 +01:00
|
|
|
* @param string $comment_id Comment ID as a numeric string.
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
|
|
|
$notify_message = apply_filters( 'comment_notification_text', $notify_message, $comment->comment_ID );
|
2016-10-26 17:36:31 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Filters the comment notification email subject.
|
|
|
|
*
|
|
|
|
* @since 1.5.2
|
|
|
|
*
|
|
|
|
* @param string $subject The comment notification email subject.
|
2021-11-18 14:57:01 +01:00
|
|
|
* @param string $comment_id Comment ID as a numeric string.
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
|
|
|
$subject = apply_filters( 'comment_notification_subject', $subject, $comment->comment_ID );
|
2005-04-20 05:37:23 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Filters the comment notification email headers.
|
|
|
|
*
|
|
|
|
* @since 1.5.2
|
|
|
|
*
|
|
|
|
* @param string $message_headers Headers for the comment notification email.
|
2021-11-18 14:57:01 +01:00
|
|
|
* @param string $comment_id Comment ID as a numeric string.
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
|
|
|
$message_headers = apply_filters( 'comment_notification_headers', $message_headers, $comment->comment_ID );
|
2005-04-20 05:37:23 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
foreach ( $emails as $email ) {
|
2019-07-09 07:45:58 +02:00
|
|
|
wp_mail( $email, wp_specialchars_decode( $subject ), $notify_message, $message_headers );
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
Comments: Introduce two new filters, `notify_moderator` and `notify_post_author`, both of which make it possible to selectively override site notification email settings for new comments.
The `notify_moderator` filter makes it possible to override the value for the `moderation_notify` option, which controls whether to send new comment emails to "site moderators", that is to say, the owner of the admin email for the site and the post author if they have the ability to modify the comment.
The `notify_post_author` filter likewise makes it possible to override the value for the `comments_notify` option, which controls whether to send new comment emails to the post author. If the post author is the comment author, default behavior is not to send the notification. Note: enabling or disabling notifications via this hook could also affect other recipients added via the 'comment_notification_recipients' filter in `wp_notify_postauthor()`, if hooked.
Passing a falsey value to either of the new filters will prevent notifications from being sent, regardless of their corresponding option values.
Adds tests.
Props coffee2code, adamsilverstein, DrewAPicture.
Fixes #761.
Built from https://develop.svn.wordpress.org/trunk@35339
git-svn-id: http://core.svn.wordpress.org/trunk@35305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-21 20:35:31 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( $switched_locale ) {
|
|
|
|
restore_previous_locale();
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
endif;
|
|
|
|
|
|
|
|
if ( ! function_exists( 'wp_notify_moderator' ) ) :
|
Comments: Introduce two new filters, `notify_moderator` and `notify_post_author`, both of which make it possible to selectively override site notification email settings for new comments.
The `notify_moderator` filter makes it possible to override the value for the `moderation_notify` option, which controls whether to send new comment emails to "site moderators", that is to say, the owner of the admin email for the site and the post author if they have the ability to modify the comment.
The `notify_post_author` filter likewise makes it possible to override the value for the `comments_notify` option, which controls whether to send new comment emails to the post author. If the post author is the comment author, default behavior is not to send the notification. Note: enabling or disabling notifications via this hook could also affect other recipients added via the 'comment_notification_recipients' filter in `wp_notify_postauthor()`, if hooked.
Passing a falsey value to either of the new filters will prevent notifications from being sent, regardless of their corresponding option values.
Adds tests.
Props coffee2code, adamsilverstein, DrewAPicture.
Fixes #761.
Built from https://develop.svn.wordpress.org/trunk@35339
git-svn-id: http://core.svn.wordpress.org/trunk@35305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-21 20:35:31 +02:00
|
|
|
/**
|
2017-12-01 00:11:00 +01:00
|
|
|
* Notifies the moderator of the site about a new comment that is awaiting approval.
|
|
|
|
*
|
|
|
|
* @since 1.0.0
|
Comments: Introduce two new filters, `notify_moderator` and `notify_post_author`, both of which make it possible to selectively override site notification email settings for new comments.
The `notify_moderator` filter makes it possible to override the value for the `moderation_notify` option, which controls whether to send new comment emails to "site moderators", that is to say, the owner of the admin email for the site and the post author if they have the ability to modify the comment.
The `notify_post_author` filter likewise makes it possible to override the value for the `comments_notify` option, which controls whether to send new comment emails to the post author. If the post author is the comment author, default behavior is not to send the notification. Note: enabling or disabling notifications via this hook could also affect other recipients added via the 'comment_notification_recipients' filter in `wp_notify_postauthor()`, if hooked.
Passing a falsey value to either of the new filters will prevent notifications from being sent, regardless of their corresponding option values.
Adds tests.
Props coffee2code, adamsilverstein, DrewAPicture.
Fixes #761.
Built from https://develop.svn.wordpress.org/trunk@35339
git-svn-id: http://core.svn.wordpress.org/trunk@35305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-21 20:35:31 +02:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @global wpdb $wpdb WordPress database abstraction object.
|
Comments: Introduce two new filters, `notify_moderator` and `notify_post_author`, both of which make it possible to selectively override site notification email settings for new comments.
The `notify_moderator` filter makes it possible to override the value for the `moderation_notify` option, which controls whether to send new comment emails to "site moderators", that is to say, the owner of the admin email for the site and the post author if they have the ability to modify the comment.
The `notify_post_author` filter likewise makes it possible to override the value for the `comments_notify` option, which controls whether to send new comment emails to the post author. If the post author is the comment author, default behavior is not to send the notification. Note: enabling or disabling notifications via this hook could also affect other recipients added via the 'comment_notification_recipients' filter in `wp_notify_postauthor()`, if hooked.
Passing a falsey value to either of the new filters will prevent notifications from being sent, regardless of their corresponding option values.
Adds tests.
Props coffee2code, adamsilverstein, DrewAPicture.
Fixes #761.
Built from https://develop.svn.wordpress.org/trunk@35339
git-svn-id: http://core.svn.wordpress.org/trunk@35305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-21 20:35:31 +02:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* Uses the {@see 'notify_moderator'} filter to determine whether the site moderator
|
|
|
|
* should be notified, overriding the site setting.
|
|
|
|
*
|
|
|
|
* @param int $comment_id Comment ID.
|
|
|
|
* @return true Always returns true.
|
Comments: Introduce two new filters, `notify_moderator` and `notify_post_author`, both of which make it possible to selectively override site notification email settings for new comments.
The `notify_moderator` filter makes it possible to override the value for the `moderation_notify` option, which controls whether to send new comment emails to "site moderators", that is to say, the owner of the admin email for the site and the post author if they have the ability to modify the comment.
The `notify_post_author` filter likewise makes it possible to override the value for the `comments_notify` option, which controls whether to send new comment emails to the post author. If the post author is the comment author, default behavior is not to send the notification. Note: enabling or disabling notifications via this hook could also affect other recipients added via the 'comment_notification_recipients' filter in `wp_notify_postauthor()`, if hooked.
Passing a falsey value to either of the new filters will prevent notifications from being sent, regardless of their corresponding option values.
Adds tests.
Props coffee2code, adamsilverstein, DrewAPicture.
Fixes #761.
Built from https://develop.svn.wordpress.org/trunk@35339
git-svn-id: http://core.svn.wordpress.org/trunk@35305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-21 20:35:31 +02:00
|
|
|
*/
|
2017-12-01 00:11:00 +01:00
|
|
|
function wp_notify_moderator( $comment_id ) {
|
|
|
|
global $wpdb;
|
Comments: Introduce two new filters, `notify_moderator` and `notify_post_author`, both of which make it possible to selectively override site notification email settings for new comments.
The `notify_moderator` filter makes it possible to override the value for the `moderation_notify` option, which controls whether to send new comment emails to "site moderators", that is to say, the owner of the admin email for the site and the post author if they have the ability to modify the comment.
The `notify_post_author` filter likewise makes it possible to override the value for the `comments_notify` option, which controls whether to send new comment emails to the post author. If the post author is the comment author, default behavior is not to send the notification. Note: enabling or disabling notifications via this hook could also affect other recipients added via the 'comment_notification_recipients' filter in `wp_notify_postauthor()`, if hooked.
Passing a falsey value to either of the new filters will prevent notifications from being sent, regardless of their corresponding option values.
Adds tests.
Props coffee2code, adamsilverstein, DrewAPicture.
Fixes #761.
Built from https://develop.svn.wordpress.org/trunk@35339
git-svn-id: http://core.svn.wordpress.org/trunk@35305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-21 20:35:31 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$maybe_notify = get_option( 'moderation_notify' );
|
2007-06-14 04:25:30 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Filters whether to send the site moderator email notifications, overriding the site setting.
|
|
|
|
*
|
|
|
|
* @since 4.4.0
|
|
|
|
*
|
|
|
|
* @param bool $maybe_notify Whether to notify blog moderator.
|
2023-02-12 19:08:21 +01:00
|
|
|
* @param int $comment_id The ID of the comment for the notification.
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
|
|
|
$maybe_notify = apply_filters( 'notify_moderator', $maybe_notify, $comment_id );
|
2005-04-20 05:37:23 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! $maybe_notify ) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
$comment = get_comment( $comment_id );
|
|
|
|
$post = get_post( $comment->comment_post_ID );
|
|
|
|
$user = get_userdata( $post->post_author );
|
|
|
|
// Send to the administration and to the post author if the author can modify the comment.
|
|
|
|
$emails = array( get_option( 'admin_email' ) );
|
|
|
|
if ( $user && user_can( $user->ID, 'edit_comment', $comment_id ) && ! empty( $user->user_email ) ) {
|
|
|
|
if ( 0 !== strcasecmp( $user->user_email, get_option( 'admin_email' ) ) ) {
|
|
|
|
$emails[] = $user->user_email;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
$switched_locale = switch_to_locale( get_locale() );
|
2008-03-02 21:17:30 +01:00
|
|
|
|
2019-07-09 07:45:58 +02:00
|
|
|
$comment_author_domain = '';
|
|
|
|
if ( WP_Http::is_ip_address( $comment->comment_author_IP ) ) {
|
|
|
|
$comment_author_domain = gethostbyaddr( $comment->comment_author_IP );
|
|
|
|
}
|
|
|
|
|
2019-12-10 14:47:00 +01:00
|
|
|
$comments_waiting = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_approved = '0'" );
|
2017-12-01 00:11:00 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// The blogname option is escaped with esc_html() on the way into the database in sanitize_option().
|
|
|
|
// We want to reverse this for the plain text arena of emails.
|
2017-12-01 00:11:00 +01:00
|
|
|
$blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
|
|
|
|
$comment_content = wp_specialchars_decode( $comment->comment_content );
|
|
|
|
|
|
|
|
switch ( $comment->comment_type ) {
|
|
|
|
case 'trackback':
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: %s: Post title. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message = sprintf( __( 'A new trackback on the post "%s" is waiting for your approval' ), $post->post_title ) . "\r\n";
|
|
|
|
$notify_message .= get_permalink( $comment->comment_post_ID ) . "\r\n\r\n";
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: 1: Trackback/pingback website name, 2: Website IP address, 3: Website hostname. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'Website: %1$s (IP address: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: %s: Trackback/pingback/comment author URL. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n";
|
|
|
|
$notify_message .= __( 'Trackback excerpt: ' ) . "\r\n" . $comment_content . "\r\n\r\n";
|
|
|
|
break;
|
2020-01-27 05:33:04 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
case 'pingback':
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: %s: Post title. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message = sprintf( __( 'A new pingback on the post "%s" is waiting for your approval' ), $post->post_title ) . "\r\n";
|
|
|
|
$notify_message .= get_permalink( $comment->comment_post_ID ) . "\r\n\r\n";
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: 1: Trackback/pingback website name, 2: Website IP address, 3: Website hostname. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'Website: %1$s (IP address: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: %s: Trackback/pingback/comment author URL. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n";
|
|
|
|
$notify_message .= __( 'Pingback excerpt: ' ) . "\r\n" . $comment_content . "\r\n\r\n";
|
|
|
|
break;
|
2020-01-27 05:33:04 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
default: // Comments.
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: %s: Post title. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message = sprintf( __( 'A new comment on the post "%s" is waiting for your approval' ), $post->post_title ) . "\r\n";
|
|
|
|
$notify_message .= get_permalink( $comment->comment_post_ID ) . "\r\n\r\n";
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: 1: Comment author's name, 2: Comment author's IP address, 3: Comment author's hostname. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'Author: %1$s (IP address: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: %s: Comment author email. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'Email: %s' ), $comment->comment_author_email ) . "\r\n";
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: %s: Trackback/pingback/comment author URL. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n";
|
2020-01-27 05:33:04 +01:00
|
|
|
|
|
|
|
if ( $comment->comment_parent ) {
|
|
|
|
/* translators: Comment moderation. %s: Parent comment edit URL. */
|
|
|
|
$notify_message .= sprintf( __( 'In reply to: %s' ), admin_url( "comment.php?action=editcomment&c={$comment->comment_parent}#wpbody-content" ) ) . "\r\n";
|
|
|
|
}
|
|
|
|
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: %s: Comment text. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'Comment: %s' ), "\r\n" . $comment_content ) . "\r\n\r\n";
|
|
|
|
break;
|
|
|
|
}
|
2016-02-19 20:14:26 +01:00
|
|
|
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: Comment moderation. %s: Comment action URL. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'Approve it: %s' ), admin_url( "comment.php?action=approve&c={$comment_id}#wpbody-content" ) ) . "\r\n";
|
|
|
|
|
|
|
|
if ( EMPTY_TRASH_DAYS ) {
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: Comment moderation. %s: Comment action URL. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'Trash it: %s' ), admin_url( "comment.php?action=trash&c={$comment_id}#wpbody-content" ) ) . "\r\n";
|
|
|
|
} else {
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: Comment moderation. %s: Comment action URL. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'Delete it: %s' ), admin_url( "comment.php?action=delete&c={$comment_id}#wpbody-content" ) ) . "\r\n";
|
|
|
|
}
|
|
|
|
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: Comment moderation. %s: Comment action URL. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf( __( 'Spam it: %s' ), admin_url( "comment.php?action=spam&c={$comment_id}#wpbody-content" ) ) . "\r\n";
|
2016-02-19 20:14:26 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$notify_message .= sprintf(
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: Comment moderation. %s: Number of comments awaiting approval. */
|
2017-12-01 00:11:00 +01:00
|
|
|
_n(
|
|
|
|
'Currently %s comment is waiting for approval. Please visit the moderation panel:',
|
2018-08-17 03:51:36 +02:00
|
|
|
'Currently %s comments are waiting for approval. Please visit the moderation panel:',
|
|
|
|
$comments_waiting
|
|
|
|
),
|
|
|
|
number_format_i18n( $comments_waiting )
|
2017-12-01 00:11:00 +01:00
|
|
|
) . "\r\n";
|
|
|
|
$notify_message .= admin_url( 'edit-comments.php?comment_status=moderated#wpbody-content' ) . "\r\n";
|
2008-03-02 21:17:30 +01:00
|
|
|
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: Comment moderation notification email subject. 1: Site title, 2: Post title. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$subject = sprintf( __( '[%1$s] Please moderate: "%2$s"' ), $blogname, $post->post_title );
|
|
|
|
$message_headers = '';
|
2005-04-20 05:37:23 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Filters the list of recipients for comment moderation emails.
|
|
|
|
*
|
|
|
|
* @since 3.7.0
|
|
|
|
*
|
2019-10-26 23:09:04 +02:00
|
|
|
* @param string[] $emails List of email addresses to notify for comment moderation.
|
|
|
|
* @param int $comment_id Comment ID.
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
|
|
|
$emails = apply_filters( 'comment_moderation_recipients', $emails, $comment_id );
|
2005-08-31 01:17:42 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Filters the comment moderation email text.
|
|
|
|
*
|
|
|
|
* @since 1.5.2
|
|
|
|
*
|
|
|
|
* @param string $notify_message Text of the comment moderation email.
|
|
|
|
* @param int $comment_id Comment ID.
|
|
|
|
*/
|
|
|
|
$notify_message = apply_filters( 'comment_moderation_text', $notify_message, $comment_id );
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Filters the comment moderation email subject.
|
|
|
|
*
|
|
|
|
* @since 1.5.2
|
|
|
|
*
|
|
|
|
* @param string $subject Subject of the comment moderation email.
|
|
|
|
* @param int $comment_id Comment ID.
|
|
|
|
*/
|
|
|
|
$subject = apply_filters( 'comment_moderation_subject', $subject, $comment_id );
|
2014-03-28 22:21:15 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Filters the comment moderation email headers.
|
|
|
|
*
|
|
|
|
* @since 2.8.0
|
|
|
|
*
|
|
|
|
* @param string $message_headers Headers for the comment moderation email.
|
|
|
|
* @param int $comment_id Comment ID.
|
|
|
|
*/
|
|
|
|
$message_headers = apply_filters( 'comment_moderation_headers', $message_headers, $comment_id );
|
|
|
|
|
|
|
|
foreach ( $emails as $email ) {
|
2019-07-09 07:45:58 +02:00
|
|
|
wp_mail( $email, wp_specialchars_decode( $subject ), $notify_message, $message_headers );
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if ( $switched_locale ) {
|
|
|
|
restore_previous_locale();
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
endif;
|
|
|
|
|
|
|
|
if ( ! function_exists( 'wp_password_change_notification' ) ) :
|
2014-03-28 22:21:15 +01:00
|
|
|
/**
|
2022-06-07 00:35:10 +02:00
|
|
|
* Notifies the blog admin of a user changing password, normally via email.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @since 2.7.0
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @param WP_User $user User object.
|
2014-03-28 22:21:15 +01:00
|
|
|
*/
|
2017-12-01 00:11:00 +01:00
|
|
|
function wp_password_change_notification( $user ) {
|
2020-01-29 01:45:18 +01:00
|
|
|
// Send a copy of password change notification to the admin,
|
|
|
|
// but check to see if it's the admin whose password we're changing, and skip this.
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( 0 !== strcasecmp( $user->user_email, get_option( 'admin_email' ) ) ) {
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: %s: User name. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$message = sprintf( __( 'Password changed for user: %s' ), $user->user_login ) . "\r\n";
|
2020-01-29 01:45:18 +01:00
|
|
|
// The blogname option is escaped with esc_html() on the way into the database in sanitize_option().
|
|
|
|
// We want to reverse this for the plain text arena of emails.
|
2017-12-01 00:11:00 +01:00
|
|
|
$blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
|
|
|
|
|
|
|
|
$wp_password_change_notification_email = array(
|
|
|
|
'to' => get_option( 'admin_email' ),
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: Password change notification email subject. %s: Site title. */
|
2017-12-01 00:11:00 +01:00
|
|
|
'subject' => __( '[%s] Password Changed' ),
|
|
|
|
'message' => $message,
|
|
|
|
'headers' => '',
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Filters the contents of the password change notification email sent to the site admin.
|
|
|
|
*
|
|
|
|
* @since 4.9.0
|
|
|
|
*
|
|
|
|
* @param array $wp_password_change_notification_email {
|
|
|
|
* Used to build wp_mail().
|
|
|
|
*
|
|
|
|
* @type string $to The intended recipient - site admin email address.
|
|
|
|
* @type string $subject The subject of the email.
|
|
|
|
* @type string $message The body of the email.
|
|
|
|
* @type string $headers The headers of the email.
|
|
|
|
* }
|
|
|
|
* @param WP_User $user User object for user whose password was changed.
|
|
|
|
* @param string $blogname The site title.
|
|
|
|
*/
|
|
|
|
$wp_password_change_notification_email = apply_filters( 'wp_password_change_notification_email', $wp_password_change_notification_email, $user, $blogname );
|
|
|
|
|
|
|
|
wp_mail(
|
|
|
|
$wp_password_change_notification_email['to'],
|
|
|
|
wp_specialchars_decode( sprintf( $wp_password_change_notification_email['subject'], $blogname ) ),
|
|
|
|
$wp_password_change_notification_email['message'],
|
|
|
|
$wp_password_change_notification_email['headers']
|
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
endif;
|
2014-03-28 22:21:15 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'wp_new_user_notification' ) ) :
|
2014-03-28 22:21:15 +01:00
|
|
|
/**
|
2022-06-07 00:35:10 +02:00
|
|
|
* Emails login credentials to a newly-registered user.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* A new user registration notification is also sent to admin email.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @since 2.0.0
|
|
|
|
* @since 4.3.0 The `$plaintext_pass` parameter was changed to `$notify`.
|
|
|
|
* @since 4.3.1 The `$plaintext_pass` parameter was deprecated. `$notify` added as a third parameter.
|
|
|
|
* @since 4.6.0 The `$notify` parameter accepts 'user' for sending notification only to the user created.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @param int $user_id User ID.
|
|
|
|
* @param null $deprecated Not used (argument deprecated).
|
|
|
|
* @param string $notify Optional. Type of notification that should happen. Accepts 'admin' or an empty
|
|
|
|
* string (admin only), 'user', or 'both' (admin and user). Default empty.
|
2014-03-28 22:21:15 +01:00
|
|
|
*/
|
2017-12-01 00:11:00 +01:00
|
|
|
function wp_new_user_notification( $user_id, $deprecated = null, $notify = '' ) {
|
2020-02-09 17:55:09 +01:00
|
|
|
if ( null !== $deprecated ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
_deprecated_argument( __FUNCTION__, '4.3.1' );
|
|
|
|
}
|
2016-10-26 17:36:31 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Accepts only 'user', 'admin' , 'both' or default '' as $notify.
|
2019-01-16 05:27:50 +01:00
|
|
|
if ( ! in_array( $notify, array( 'user', 'admin', 'both', '' ), true ) ) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$user = get_userdata( $user_id );
|
2005-04-20 05:37:23 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// The blogname option is escaped with esc_html() on the way into the database in sanitize_option().
|
|
|
|
// We want to reverse this for the plain text arena of emails.
|
2017-12-01 00:11:00 +01:00
|
|
|
$blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
|
|
|
|
|
2022-07-12 23:05:16 +02:00
|
|
|
/**
|
|
|
|
* Filters whether the admin is notified of a new user registration.
|
|
|
|
*
|
|
|
|
* @since 6.1.0
|
|
|
|
*
|
|
|
|
* @param bool $send Whether to send the email. Default true.
|
|
|
|
* @param WP_User $user User object for new user.
|
|
|
|
*/
|
|
|
|
$send_notification_to_admin = apply_filters( 'wp_send_new_user_notification_to_admin', true, $user );
|
|
|
|
|
|
|
|
if ( 'user' !== $notify && true === $send_notification_to_admin ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
$switched_locale = switch_to_locale( get_locale() );
|
|
|
|
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: %s: Site title. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$message = sprintf( __( 'New user registration on your site %s:' ), $blogname ) . "\r\n\r\n";
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: %s: User login. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$message .= sprintf( __( 'Username: %s' ), $user->user_login ) . "\r\n\r\n";
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: %s: User email address. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$message .= sprintf( __( 'Email: %s' ), $user->user_email ) . "\r\n";
|
|
|
|
|
|
|
|
$wp_new_user_notification_email_admin = array(
|
|
|
|
'to' => get_option( 'admin_email' ),
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: New user registration notification email subject. %s: Site title. */
|
2017-12-01 00:11:00 +01:00
|
|
|
'subject' => __( '[%s] New User Registration' ),
|
|
|
|
'message' => $message,
|
|
|
|
'headers' => '',
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Filters the contents of the new user notification email sent to the site admin.
|
|
|
|
*
|
|
|
|
* @since 4.9.0
|
|
|
|
*
|
2019-06-04 14:48:55 +02:00
|
|
|
* @param array $wp_new_user_notification_email_admin {
|
2017-12-01 00:11:00 +01:00
|
|
|
* Used to build wp_mail().
|
|
|
|
*
|
|
|
|
* @type string $to The intended recipient - site admin email address.
|
|
|
|
* @type string $subject The subject of the email.
|
|
|
|
* @type string $message The body of the email.
|
|
|
|
* @type string $headers The headers of the email.
|
|
|
|
* }
|
|
|
|
* @param WP_User $user User object for new user.
|
|
|
|
* @param string $blogname The site title.
|
|
|
|
*/
|
|
|
|
$wp_new_user_notification_email_admin = apply_filters( 'wp_new_user_notification_email_admin', $wp_new_user_notification_email_admin, $user, $blogname );
|
|
|
|
|
2019-07-09 07:45:58 +02:00
|
|
|
wp_mail(
|
2017-12-01 00:11:00 +01:00
|
|
|
$wp_new_user_notification_email_admin['to'],
|
|
|
|
wp_specialchars_decode( sprintf( $wp_new_user_notification_email_admin['subject'], $blogname ) ),
|
|
|
|
$wp_new_user_notification_email_admin['message'],
|
|
|
|
$wp_new_user_notification_email_admin['headers']
|
|
|
|
);
|
|
|
|
|
|
|
|
if ( $switched_locale ) {
|
|
|
|
restore_previous_locale();
|
|
|
|
}
|
|
|
|
}
|
2017-07-26 02:54:43 +02:00
|
|
|
|
2022-07-12 23:05:16 +02:00
|
|
|
/**
|
|
|
|
* Filters whether the user is notified of their new user registration.
|
|
|
|
*
|
|
|
|
* @since 6.1.0
|
|
|
|
*
|
|
|
|
* @param bool $send Whether to send the email. Default true.
|
|
|
|
* @param WP_User $user User object for new user.
|
|
|
|
*/
|
|
|
|
$send_notification_to_user = apply_filters( 'wp_send_new_user_notification_to_user', true, $user );
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// `$deprecated` was pre-4.3 `$plaintext_pass`. An empty `$plaintext_pass` didn't sent a user notification.
|
2022-07-12 23:05:16 +02:00
|
|
|
if ( 'admin' === $notify || true !== $send_notification_to_user || ( empty( $deprecated ) && empty( $notify ) ) ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
return;
|
|
|
|
}
|
2008-07-29 22:21:34 +02:00
|
|
|
|
2019-08-01 17:30:58 +02:00
|
|
|
$key = get_password_reset_key( $user );
|
|
|
|
if ( is_wp_error( $key ) ) {
|
|
|
|
return;
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2006-02-12 08:53:23 +01:00
|
|
|
|
2023-01-30 11:27:16 +01:00
|
|
|
$switched_locale = switch_to_user_locale( $user_id );
|
2017-07-26 02:54:43 +02:00
|
|
|
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: %s: User login. */
|
2017-12-01 00:11:00 +01:00
|
|
|
$message = sprintf( __( 'Username: %s' ), $user->user_login ) . "\r\n\r\n";
|
|
|
|
$message .= __( 'To set your password, visit the following address:' ) . "\r\n\r\n";
|
Mail: Remove angle brackets from password reset URL in emails sent by `retrieve_password()` and `wp_new_user_notification()`.
The brackets were originally added in [16285] per W3C recommendation in https://www.w3.org/Addressing/URL/5.1_Wrappers.html to avoid wrapping the URL across multiple lines in plain text in older email clients.
This doesn't seem like a common issue in modern email clients, and the current implementation causes more issues than it solves. Since the URL is on a line by itself, it should not require any delimiters.
The URL in recovery mode email introduced in [44973] doesn't have angle brackets, so it's time to retire them in password reset email too if they're not used consistently.
Props donmhico, Otto42, sproutchris, iandunn, dd32, DaveWP196, sebastian.pisula, tommix, sablednah, julian.kimmig, Rahe, clayisland, arenddeboer, nicole2292, nagoke, squarecandy, eatingrules, SergeyBiryukov.
Fixes #21095, #23578, #44589.
Built from https://develop.svn.wordpress.org/trunk@47086
git-svn-id: http://core.svn.wordpress.org/trunk@46886 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-18 03:32:06 +01:00
|
|
|
$message .= network_site_url( "wp-login.php?action=rp&key=$key&login=" . rawurlencode( $user->user_login ), 'login' ) . "\r\n\r\n";
|
2006-02-12 08:53:23 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$message .= wp_login_url() . "\r\n";
|
|
|
|
|
|
|
|
$wp_new_user_notification_email = array(
|
|
|
|
'to' => $user->user_email,
|
2019-09-03 02:41:05 +02:00
|
|
|
/* translators: Login details notification email subject. %s: Site title. */
|
2019-04-12 20:16:52 +02:00
|
|
|
'subject' => __( '[%s] Login Details' ),
|
2017-08-03 15:21:46 +02:00
|
|
|
'message' => $message,
|
|
|
|
'headers' => '',
|
|
|
|
);
|
2017-07-26 02:54:43 +02:00
|
|
|
|
|
|
|
/**
|
2017-12-01 00:11:00 +01:00
|
|
|
* Filters the contents of the new user notification email sent to the new user.
|
2017-07-26 02:54:43 +02:00
|
|
|
*
|
|
|
|
* @since 4.9.0
|
|
|
|
*
|
2017-08-03 15:21:46 +02:00
|
|
|
* @param array $wp_new_user_notification_email {
|
|
|
|
* Used to build wp_mail().
|
2017-07-26 02:54:43 +02:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @type string $to The intended recipient - New user email address.
|
2017-08-03 15:21:46 +02:00
|
|
|
* @type string $subject The subject of the email.
|
|
|
|
* @type string $message The body of the email.
|
|
|
|
* @type string $headers The headers of the email.
|
|
|
|
* }
|
|
|
|
* @param WP_User $user User object for new user.
|
|
|
|
* @param string $blogname The site title.
|
2017-07-26 02:54:43 +02:00
|
|
|
*/
|
2017-12-01 00:11:00 +01:00
|
|
|
$wp_new_user_notification_email = apply_filters( 'wp_new_user_notification_email', $wp_new_user_notification_email, $user, $blogname );
|
2017-07-26 02:54:43 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
wp_mail(
|
|
|
|
$wp_new_user_notification_email['to'],
|
|
|
|
wp_specialchars_decode( sprintf( $wp_new_user_notification_email['subject'], $blogname ) ),
|
|
|
|
$wp_new_user_notification_email['message'],
|
|
|
|
$wp_new_user_notification_email['headers']
|
2017-08-03 15:21:46 +02:00
|
|
|
);
|
2016-10-26 17:36:31 +02:00
|
|
|
|
|
|
|
if ( $switched_locale ) {
|
|
|
|
restore_previous_locale();
|
|
|
|
}
|
2016-04-21 12:20:27 +02:00
|
|
|
}
|
2017-12-01 00:11:00 +01:00
|
|
|
endif;
|
2005-09-14 02:03:02 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'wp_nonce_tick' ) ) :
|
2017-07-26 02:54:43 +02:00
|
|
|
/**
|
2019-06-25 19:07:52 +02:00
|
|
|
* Returns the time-dependent variable for nonce creation.
|
2017-07-26 02:54:43 +02:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* A nonce has a lifespan of two ticks. Nonces in their second tick may be
|
|
|
|
* updated, e.g. by autosave.
|
2017-07-26 02:54:43 +02:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @since 2.5.0
|
2022-09-21 22:24:12 +02:00
|
|
|
* @since 6.1.0 Added `$action` argument.
|
2017-07-26 02:54:43 +02:00
|
|
|
*
|
2022-09-21 22:24:12 +02:00
|
|
|
* @param string|int $action Optional. The nonce action. Default -1.
|
2017-12-01 00:11:00 +01:00
|
|
|
* @return float Float value rounded up to the next highest integer.
|
2017-07-26 02:54:43 +02:00
|
|
|
*/
|
2022-09-19 23:36:10 +02:00
|
|
|
function wp_nonce_tick( $action = -1 ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
|
|
|
* Filters the lifespan of nonces in seconds.
|
|
|
|
*
|
|
|
|
* @since 2.5.0
|
2022-09-21 22:24:12 +02:00
|
|
|
* @since 6.1.0 Added `$action` argument to allow for more targeted filters.
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
2022-09-19 23:36:10 +02:00
|
|
|
* @param int $lifespan Lifespan of nonces in seconds. Default 86,400 seconds, or one day.
|
2022-09-21 22:24:12 +02:00
|
|
|
* @param string|int $action The nonce action, or -1 if none was provided.
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
2022-09-19 23:36:10 +02:00
|
|
|
$nonce_life = apply_filters( 'nonce_life', DAY_IN_SECONDS, $action );
|
2016-10-26 17:36:31 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
return ceil( time() / ( $nonce_life / 2 ) );
|
2016-10-26 17:36:31 +02:00
|
|
|
}
|
2005-09-14 02:03:02 +02:00
|
|
|
endif;
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'wp_verify_nonce' ) ) :
|
2014-03-28 22:21:15 +01:00
|
|
|
/**
|
2019-06-25 19:07:52 +02:00
|
|
|
* Verifies that a correct security nonce was used with time limit.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2019-06-25 19:07:52 +02:00
|
|
|
* A nonce is valid for 24 hours (by default).
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
|
|
|
* @since 2.0.3
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2019-06-25 19:07:52 +02:00
|
|
|
* @param string $nonce Nonce value that was used for verification, usually via a form field.
|
2017-12-01 00:11:00 +01:00
|
|
|
* @param string|int $action Should give context to what is taking place and be the same when nonce was created.
|
2020-01-11 19:32:05 +01:00
|
|
|
* @return int|false 1 if the nonce is valid and generated between 0-12 hours ago,
|
|
|
|
* 2 if the nonce is valid and generated between 12-24 hours ago.
|
|
|
|
* False if the nonce is invalid.
|
2014-03-28 22:21:15 +01:00
|
|
|
*/
|
2017-12-01 00:11:00 +01:00
|
|
|
function wp_verify_nonce( $nonce, $action = -1 ) {
|
|
|
|
$nonce = (string) $nonce;
|
|
|
|
$user = wp_get_current_user();
|
|
|
|
$uid = (int) $user->ID;
|
|
|
|
if ( ! $uid ) {
|
|
|
|
/**
|
|
|
|
* Filters whether the user who generated the nonce is logged out.
|
|
|
|
*
|
|
|
|
* @since 3.5.0
|
|
|
|
*
|
2022-09-21 22:24:12 +02:00
|
|
|
* @param int $uid ID of the nonce-owning user.
|
|
|
|
* @param string|int $action The nonce action, or -1 if none was provided.
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
|
|
|
$uid = apply_filters( 'nonce_user_logged_out', $uid, $action );
|
|
|
|
}
|
2008-03-18 03:43:20 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( empty( $nonce ) ) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
$token = wp_get_session_token();
|
2022-09-19 23:36:10 +02:00
|
|
|
$i = wp_nonce_tick( $action );
|
2017-12-01 00:11:00 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Nonce generated 0-12 hours ago.
|
2017-12-01 00:11:00 +01:00
|
|
|
$expected = substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
|
|
|
|
if ( hash_equals( $expected, $nonce ) ) {
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Nonce generated 12-24 hours ago.
|
2017-12-01 00:11:00 +01:00
|
|
|
$expected = substr( wp_hash( ( $i - 1 ) . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
|
|
|
|
if ( hash_equals( $expected, $nonce ) ) {
|
|
|
|
return 2;
|
|
|
|
}
|
2008-03-18 03:43:20 +01:00
|
|
|
|
2014-03-28 22:21:15 +01:00
|
|
|
/**
|
2017-12-01 00:11:00 +01:00
|
|
|
* Fires when nonce verification fails.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @since 4.4.0
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @param string $nonce The invalid nonce.
|
|
|
|
* @param string|int $action The nonce action.
|
|
|
|
* @param WP_User $user The current user object.
|
|
|
|
* @param string $token The user's session token.
|
2014-03-28 22:21:15 +01:00
|
|
|
*/
|
2017-12-01 00:11:00 +01:00
|
|
|
do_action( 'wp_verify_nonce_failed', $nonce, $action, $user, $token );
|
2006-05-03 00:08:34 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Invalid nonce.
|
2014-08-26 09:39:19 +02:00
|
|
|
return false;
|
|
|
|
}
|
2017-12-01 00:11:00 +01:00
|
|
|
endif;
|
2014-08-26 09:39:19 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'wp_create_nonce' ) ) :
|
2015-08-26 02:06:21 +02:00
|
|
|
/**
|
2017-12-01 00:11:00 +01:00
|
|
|
* Creates a cryptographic token tied to a specific action, user, user session,
|
|
|
|
* and window of time.
|
2015-08-26 02:06:21 +02:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @since 2.0.3
|
2022-06-07 00:35:10 +02:00
|
|
|
* @since 4.0.0 Session tokens were integrated with nonce creation.
|
2015-08-26 02:06:21 +02:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @param string|int $action Scalar value to add context to the nonce.
|
|
|
|
* @return string The token.
|
2015-09-11 07:56:24 +02:00
|
|
|
*/
|
2017-12-01 00:11:00 +01:00
|
|
|
function wp_create_nonce( $action = -1 ) {
|
|
|
|
$user = wp_get_current_user();
|
|
|
|
$uid = (int) $user->ID;
|
|
|
|
if ( ! $uid ) {
|
|
|
|
/** This filter is documented in wp-includes/pluggable.php */
|
|
|
|
$uid = apply_filters( 'nonce_user_logged_out', $uid, $action );
|
|
|
|
}
|
2015-08-26 02:06:21 +02:00
|
|
|
|
2023-04-25 16:57:23 +02:00
|
|
|
$token = wp_get_session_token();
|
2022-09-19 23:36:10 +02:00
|
|
|
$i = wp_nonce_tick( $action );
|
2006-05-03 00:08:34 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
return substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
|
2014-03-28 22:21:15 +01:00
|
|
|
}
|
2006-05-31 02:24:03 +02:00
|
|
|
endif;
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'wp_salt' ) ) :
|
|
|
|
/**
|
2019-06-25 19:07:52 +02:00
|
|
|
* Returns a salt to add to hashes.
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
|
|
|
* Salts are created using secret keys. Secret keys are located in two places:
|
|
|
|
* in the database and in the wp-config.php file. The secret key in the database
|
|
|
|
* is randomly generated and will be appended to the secret keys in wp-config.php.
|
|
|
|
*
|
|
|
|
* The secret keys in wp-config.php should be updated to strong, random keys to maximize
|
|
|
|
* security. Below is an example of how the secret key constants are defined.
|
|
|
|
* Do not paste this example directly into wp-config.php. Instead, have a
|
|
|
|
* {@link https://api.wordpress.org/secret-key/1.1/salt/ secret key created} just
|
|
|
|
* for you.
|
|
|
|
*
|
|
|
|
* define('AUTH_KEY', ' Xakm<o xQy rw4EMsLKM-?!T+,PFF})H4lzcW57AF0U@N@< >M%G4Yt>f`z]MON');
|
|
|
|
* define('SECURE_AUTH_KEY', 'LzJ}op]mr|6+![P}Ak:uNdJCJZd>(Hx.-Mh#Tz)pCIU#uGEnfFz|f ;;eU%/U^O~');
|
|
|
|
* define('LOGGED_IN_KEY', '|i|Ux`9<p-h$aFf(qnT:sDO:D1P^wZ$$/Ra@miTJi9G;ddp_<q}6H1)o|a +&JCM');
|
|
|
|
* define('NONCE_KEY', '%:R{[P|,s.KuMltH5}cI;/k<Gx~j!f0I)m_sIyu+&NJZ)-iO>z7X>QYR0Z_XnZ@|');
|
|
|
|
* define('AUTH_SALT', 'eZyT)-Naw]F8CwA*VaW#q*|.)g@o}||wf~@C-YSt}(dh_r6EbI#A,y|nU2{B#JBW');
|
|
|
|
* define('SECURE_AUTH_SALT', '!=oLUTXh,QW=H `}`L|9/^4-3 STz},T(w}W<I`.JjPi)<Bmf1v,HpGe}T1:Xt7n');
|
|
|
|
* define('LOGGED_IN_SALT', '+XSqHc;@Q*K_b|Z?NC[3H!!EONbh.n<+=uKR:>*c(u`g~EJBf#8u#R{mUEZrozmm');
|
|
|
|
* define('NONCE_SALT', 'h`GXHhD>SLWVfg1(1(N{;.V!MoE(SfbA_ksP@&`+AycHcAV$+?@3q+rxV{%^VyKT');
|
|
|
|
*
|
|
|
|
* Salting passwords helps against tools which has stored hashed values of
|
|
|
|
* common dictionary strings. The added values makes it harder to crack.
|
|
|
|
*
|
|
|
|
* @since 2.5.0
|
|
|
|
*
|
|
|
|
* @link https://api.wordpress.org/secret-key/1.1/salt/ Create secrets for wp-config.php
|
|
|
|
*
|
2022-06-07 00:35:10 +02:00
|
|
|
* @param string $scheme Authentication scheme (auth, secure_auth, logged_in, nonce).
|
2017-12-01 00:11:00 +01:00
|
|
|
* @return string Salt value
|
|
|
|
*/
|
|
|
|
function wp_salt( $scheme = 'auth' ) {
|
|
|
|
static $cached_salts = array();
|
|
|
|
if ( isset( $cached_salts[ $scheme ] ) ) {
|
|
|
|
/**
|
|
|
|
* Filters the WordPress salt.
|
|
|
|
*
|
|
|
|
* @since 2.5.0
|
|
|
|
*
|
|
|
|
* @param string $cached_salt Cached salt for the given scheme.
|
|
|
|
* @param string $scheme Authentication scheme. Values include 'auth',
|
|
|
|
* 'secure_auth', 'logged_in', and 'nonce'.
|
|
|
|
*/
|
|
|
|
return apply_filters( 'salt', $cached_salts[ $scheme ], $scheme );
|
|
|
|
}
|
2012-03-07 04:41:56 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
static $duplicated_keys;
|
|
|
|
if ( null === $duplicated_keys ) {
|
2022-09-20 13:57:20 +02:00
|
|
|
$duplicated_keys = array(
|
2023-02-28 14:22:22 +01:00
|
|
|
'put your unique phrase here' => true,
|
2022-09-20 13:57:20 +02:00
|
|
|
);
|
2023-02-28 14:22:22 +01:00
|
|
|
|
|
|
|
/*
|
|
|
|
* translators: This string should only be translated if wp-config-sample.php is localized.
|
|
|
|
* You can check the localized release package or
|
|
|
|
* https://i18n.svn.wordpress.org/<locale code>/branches/<wp version>/dist/wp-config-sample.php
|
|
|
|
*/
|
|
|
|
$duplicated_keys[ __( 'put your unique phrase here' ) ] = true;
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
foreach ( array( 'AUTH', 'SECURE_AUTH', 'LOGGED_IN', 'NONCE', 'SECRET' ) as $first ) {
|
|
|
|
foreach ( array( 'KEY', 'SALT' ) as $second ) {
|
|
|
|
if ( ! defined( "{$first}_{$second}" ) ) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
$value = constant( "{$first}_{$second}" );
|
|
|
|
$duplicated_keys[ $value ] = isset( $duplicated_keys[ $value ] );
|
2014-06-11 20:36:15 +02:00
|
|
|
}
|
2008-06-11 19:25:55 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$values = array(
|
|
|
|
'key' => '',
|
|
|
|
'salt' => '',
|
|
|
|
);
|
|
|
|
if ( defined( 'SECRET_KEY' ) && SECRET_KEY && empty( $duplicated_keys[ SECRET_KEY ] ) ) {
|
|
|
|
$values['key'] = SECRET_KEY;
|
|
|
|
}
|
2020-05-16 20:42:12 +02:00
|
|
|
if ( 'auth' === $scheme && defined( 'SECRET_SALT' ) && SECRET_SALT && empty( $duplicated_keys[ SECRET_SALT ] ) ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
$values['salt'] = SECRET_SALT;
|
|
|
|
}
|
2012-01-27 19:52:20 +01:00
|
|
|
|
2020-04-05 05:02:11 +02:00
|
|
|
if ( in_array( $scheme, array( 'auth', 'secure_auth', 'logged_in', 'nonce' ), true ) ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
foreach ( array( 'key', 'salt' ) as $type ) {
|
|
|
|
$const = strtoupper( "{$scheme}_{$type}" );
|
|
|
|
if ( defined( $const ) && constant( $const ) && empty( $duplicated_keys[ constant( $const ) ] ) ) {
|
|
|
|
$values[ $type ] = constant( $const );
|
|
|
|
} elseif ( ! $values[ $type ] ) {
|
|
|
|
$values[ $type ] = get_site_option( "{$scheme}_{$type}" );
|
|
|
|
if ( ! $values[ $type ] ) {
|
|
|
|
$values[ $type ] = wp_generate_password( 64, true, true );
|
|
|
|
update_site_option( "{$scheme}_{$type}", $values[ $type ] );
|
|
|
|
}
|
2012-01-27 19:52:20 +01:00
|
|
|
}
|
2008-06-11 19:25:55 +02:00
|
|
|
}
|
2017-12-01 00:11:00 +01:00
|
|
|
} else {
|
2014-06-11 20:36:15 +02:00
|
|
|
if ( ! $values['key'] ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
$values['key'] = get_site_option( 'secret_key' );
|
|
|
|
if ( ! $values['key'] ) {
|
|
|
|
$values['key'] = wp_generate_password( 64, true, true );
|
|
|
|
update_site_option( 'secret_key', $values['key'] );
|
|
|
|
}
|
2008-12-07 22:31:13 +01:00
|
|
|
}
|
2017-12-01 00:11:00 +01:00
|
|
|
$values['salt'] = hash_hmac( 'md5', $scheme, $values['key'] );
|
2008-12-07 22:31:13 +01:00
|
|
|
}
|
2006-05-31 03:40:00 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$cached_salts[ $scheme ] = $values['key'] . $values['salt'];
|
2014-03-28 22:21:15 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/** This filter is documented in wp-includes/pluggable.php */
|
|
|
|
return apply_filters( 'salt', $cached_salts[ $scheme ], $scheme );
|
|
|
|
}
|
2006-05-31 03:40:00 +02:00
|
|
|
endif;
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'wp_hash' ) ) :
|
|
|
|
/**
|
2022-06-07 00:35:10 +02:00
|
|
|
* Gets hash of given string.
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
|
|
|
* @since 2.0.3
|
|
|
|
*
|
2022-06-07 00:35:10 +02:00
|
|
|
* @param string $data Plain text to hash.
|
|
|
|
* @param string $scheme Authentication scheme (auth, secure_auth, logged_in, nonce).
|
|
|
|
* @return string Hash of $data.
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
|
|
|
function wp_hash( $data, $scheme = 'auth' ) {
|
|
|
|
$salt = wp_salt( $scheme );
|
2006-05-31 02:24:03 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
return hash_hmac( 'md5', $data, $salt );
|
|
|
|
}
|
2006-05-03 00:08:34 +02:00
|
|
|
endif;
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'wp_hash_password' ) ) :
|
|
|
|
/**
|
2022-06-07 00:35:10 +02:00
|
|
|
* Creates a hash (encrypt) of a plain text password.
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
|
|
|
* For integration with other applications, this function can be overwritten to
|
|
|
|
* instead use the other package password checking algorithm.
|
|
|
|
*
|
|
|
|
* @since 2.5.0
|
|
|
|
*
|
|
|
|
* @global PasswordHash $wp_hasher PHPass object
|
|
|
|
*
|
2022-06-07 00:35:10 +02:00
|
|
|
* @param string $password Plain text user password to hash.
|
|
|
|
* @return string The hash string of the password.
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
|
|
|
function wp_hash_password( $password ) {
|
|
|
|
global $wp_hasher;
|
|
|
|
|
|
|
|
if ( empty( $wp_hasher ) ) {
|
2020-02-06 07:33:11 +01:00
|
|
|
require_once ABSPATH . WPINC . '/class-phpass.php';
|
2020-01-29 01:45:18 +01:00
|
|
|
// By default, use the portable hash from phpass.
|
2017-12-01 00:11:00 +01:00
|
|
|
$wp_hasher = new PasswordHash( 8, true );
|
|
|
|
}
|
2007-12-02 06:14:11 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
return $wp_hasher->HashPassword( trim( $password ) );
|
2007-12-02 06:14:11 +01:00
|
|
|
}
|
2017-12-01 00:11:00 +01:00
|
|
|
endif;
|
|
|
|
|
|
|
|
if ( ! function_exists( 'wp_check_password' ) ) :
|
|
|
|
/**
|
|
|
|
* Checks the plaintext password against the encrypted Password.
|
|
|
|
*
|
|
|
|
* Maintains compatibility between old version and the new cookie authentication
|
|
|
|
* protocol using PHPass library. The $hash parameter is the encrypted password
|
|
|
|
* and the function compares the plain text password when encrypted similarly
|
|
|
|
* against the already encrypted password to see if they match.
|
|
|
|
*
|
|
|
|
* For integration with other applications, this function can be overwritten to
|
|
|
|
* instead use the other package password checking algorithm.
|
|
|
|
*
|
|
|
|
* @since 2.5.0
|
|
|
|
*
|
|
|
|
* @global PasswordHash $wp_hasher PHPass object used for checking the password
|
2022-06-07 00:35:10 +02:00
|
|
|
* against the $hash + $password.
|
2017-12-01 00:11:00 +01:00
|
|
|
* @uses PasswordHash::CheckPassword
|
|
|
|
*
|
2022-06-07 00:35:10 +02:00
|
|
|
* @param string $password Plaintext user's password.
|
2017-12-01 00:11:00 +01:00
|
|
|
* @param string $hash Hash of the user's password to check against.
|
|
|
|
* @param string|int $user_id Optional. User ID.
|
2022-06-07 00:35:10 +02:00
|
|
|
* @return bool False, if the $password does not match the hashed password.
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
|
|
|
function wp_check_password( $password, $hash, $user_id = '' ) {
|
|
|
|
global $wp_hasher;
|
|
|
|
|
|
|
|
// If the hash is still md5...
|
|
|
|
if ( strlen( $hash ) <= 32 ) {
|
|
|
|
$check = hash_equals( $hash, md5( $password ) );
|
|
|
|
if ( $check && $user_id ) {
|
|
|
|
// Rehash using new hash.
|
|
|
|
wp_set_password( $password, $user_id );
|
|
|
|
$hash = wp_hash_password( $password );
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Filters whether the plaintext password matches the encrypted password.
|
|
|
|
*
|
|
|
|
* @since 2.5.0
|
|
|
|
*
|
|
|
|
* @param bool $check Whether the passwords match.
|
|
|
|
* @param string $password The plaintext password.
|
|
|
|
* @param string $hash The hashed password.
|
|
|
|
* @param string|int $user_id User ID. Can be empty.
|
|
|
|
*/
|
|
|
|
return apply_filters( 'check_password', $check, $password, $hash, $user_id );
|
|
|
|
}
|
2008-02-05 07:47:27 +01:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// If the stored hash is longer than an MD5,
|
|
|
|
// presume the new style phpass portable hash.
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( empty( $wp_hasher ) ) {
|
2020-02-06 07:33:11 +01:00
|
|
|
require_once ABSPATH . WPINC . '/class-phpass.php';
|
2020-01-29 01:45:18 +01:00
|
|
|
// By default, use the portable hash from phpass.
|
2017-12-01 00:11:00 +01:00
|
|
|
$wp_hasher = new PasswordHash( 8, true );
|
|
|
|
}
|
|
|
|
|
|
|
|
$check = $wp_hasher->CheckPassword( $password, $hash );
|
|
|
|
|
|
|
|
/** This filter is documented in wp-includes/pluggable.php */
|
|
|
|
return apply_filters( 'check_password', $check, $password, $hash, $user_id );
|
|
|
|
}
|
2007-12-02 06:14:11 +01:00
|
|
|
endif;
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'wp_generate_password' ) ) :
|
|
|
|
/**
|
|
|
|
* Generates a random password drawn from the defined set of characters.
|
|
|
|
*
|
2023-03-02 14:57:23 +01:00
|
|
|
* Uses wp_rand() to create passwords with far less predictability
|
2017-12-04 23:40:47 +01:00
|
|
|
* than similar native PHP functions like `rand()` or `mt_rand()`.
|
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @since 2.5.0
|
|
|
|
*
|
|
|
|
* @param int $length Optional. The length of password to generate. Default 12.
|
|
|
|
* @param bool $special_chars Optional. Whether to include standard special characters.
|
|
|
|
* Default true.
|
|
|
|
* @param bool $extra_special_chars Optional. Whether to include other special characters.
|
|
|
|
* Used when generating secret keys and salts. Default false.
|
|
|
|
* @return string The random password.
|
|
|
|
*/
|
|
|
|
function wp_generate_password( $length = 12, $special_chars = true, $extra_special_chars = false ) {
|
|
|
|
$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
|
|
|
|
if ( $special_chars ) {
|
|
|
|
$chars .= '!@#$%^&*()';
|
|
|
|
}
|
|
|
|
if ( $extra_special_chars ) {
|
|
|
|
$chars .= '-_ []{}<>~`+=,.;:/?|';
|
|
|
|
}
|
2007-12-02 06:14:11 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$password = '';
|
|
|
|
for ( $i = 0; $i < $length; $i++ ) {
|
|
|
|
$password .= substr( $chars, wp_rand( 0, strlen( $chars ) - 1 ), 1 );
|
2008-03-27 23:44:47 +01:00
|
|
|
}
|
|
|
|
|
2014-03-28 22:21:15 +01:00
|
|
|
/**
|
2017-12-01 00:11:00 +01:00
|
|
|
* Filters the randomly-generated password.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @since 3.0.0
|
2019-06-27 02:48:53 +02:00
|
|
|
* @since 5.3.0 Added the `$length`, `$special_chars`, and `$extra_special_chars` parameters.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2019-06-27 02:48:53 +02:00
|
|
|
* @param string $password The generated password.
|
|
|
|
* @param int $length The length of password to generate.
|
|
|
|
* @param bool $special_chars Whether to include standard special characters.
|
|
|
|
* @param bool $extra_special_chars Whether to include other special characters.
|
2014-03-28 22:21:15 +01:00
|
|
|
*/
|
2019-06-27 02:48:53 +02:00
|
|
|
return apply_filters( 'random_password', $password, $length, $special_chars, $extra_special_chars );
|
2007-12-02 06:14:11 +01:00
|
|
|
}
|
|
|
|
endif;
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'wp_rand' ) ) :
|
2014-03-28 22:21:15 +01:00
|
|
|
/**
|
2022-09-17 00:39:11 +02:00
|
|
|
* Generates a random non-negative number.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* @since 2.6.2
|
|
|
|
* @since 4.4.0 Uses PHP7 random_int() or the random_compat library if available.
|
2022-06-07 00:50:10 +02:00
|
|
|
* @since 6.1.0 Returns zero instead of a random number if both `$min` and `$max` are zero.
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
|
|
|
* @global string $rnd_value
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2022-06-07 00:50:10 +02:00
|
|
|
* @param int $min Optional. Lower limit for the generated number.
|
|
|
|
* Accepts positive integers or zero. Defaults to 0.
|
|
|
|
* @param int $max Optional. Upper limit for the generated number.
|
|
|
|
* Accepts positive integers. Defaults to 4294967295.
|
2022-09-17 00:39:11 +02:00
|
|
|
* @return int A random non-negative number between min and max.
|
2014-03-28 22:21:15 +01:00
|
|
|
*/
|
2022-06-07 00:50:10 +02:00
|
|
|
function wp_rand( $min = null, $max = null ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
global $rnd_value;
|
2008-08-25 19:52:28 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Some misconfigured 32-bit environments (Entropy PHP, for example)
|
|
|
|
// truncate integers larger than PHP_INT_MAX to PHP_INT_MAX rather than overflowing them to floats.
|
2017-12-01 00:11:00 +01:00
|
|
|
$max_random_number = 3000000000 === 2147483647 ? (float) '4294967295' : 4294967295; // 4294967295 = 0xffffffff
|
2015-10-09 06:28:24 +02:00
|
|
|
|
2022-06-07 00:50:10 +02:00
|
|
|
if ( null === $min ) {
|
|
|
|
$min = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ( null === $max ) {
|
|
|
|
$max = $max_random_number;
|
|
|
|
}
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// We only handle ints, floats are truncated to their integer value.
|
2017-12-01 00:11:00 +01:00
|
|
|
$min = (int) $min;
|
|
|
|
$max = (int) $max;
|
2015-10-09 06:28:24 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Use PHP's CSPRNG, or a compatible method.
|
2017-12-01 00:11:00 +01:00
|
|
|
static $use_random_int_functionality = true;
|
|
|
|
if ( $use_random_int_functionality ) {
|
|
|
|
try {
|
|
|
|
// wp_rand() can accept arguments in either order, PHP cannot.
|
2022-06-07 00:50:10 +02:00
|
|
|
$_max = max( $min, $max );
|
|
|
|
$_min = min( $min, $max );
|
2017-12-01 00:11:00 +01:00
|
|
|
$val = random_int( $_min, $_max );
|
|
|
|
if ( false !== $val ) {
|
|
|
|
return absint( $val );
|
|
|
|
} else {
|
|
|
|
$use_random_int_functionality = false;
|
|
|
|
}
|
|
|
|
} catch ( Error $e ) {
|
|
|
|
$use_random_int_functionality = false;
|
|
|
|
} catch ( Exception $e ) {
|
2015-10-09 06:28:24 +02:00
|
|
|
$use_random_int_functionality = false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Reset $rnd_value after 14 uses.
|
|
|
|
// 32 (md5) + 40 (sha1) + 40 (sha1) / 8 = 14 random numbers from $rnd_value.
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( strlen( $rnd_value ) < 8 ) {
|
|
|
|
if ( defined( 'WP_SETUP_CONFIG' ) ) {
|
|
|
|
static $seed = '';
|
|
|
|
} else {
|
|
|
|
$seed = get_transient( 'random_seed' );
|
|
|
|
}
|
|
|
|
$rnd_value = md5( uniqid( microtime() . mt_rand(), true ) . $seed );
|
|
|
|
$rnd_value .= sha1( $rnd_value );
|
|
|
|
$rnd_value .= sha1( $rnd_value . $seed );
|
|
|
|
$seed = md5( $seed . $rnd_value );
|
|
|
|
if ( ! defined( 'WP_SETUP_CONFIG' ) && ! defined( 'WP_INSTALLING' ) ) {
|
|
|
|
set_transient( 'random_seed', $seed );
|
|
|
|
}
|
2015-07-14 00:22:24 +02:00
|
|
|
}
|
2008-08-25 19:52:28 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Take the first 8 digits for our value.
|
2017-12-01 00:11:00 +01:00
|
|
|
$value = substr( $rnd_value, 0, 8 );
|
2008-08-25 19:52:28 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
// Strip the first eight, leaving the remainder for the next call to wp_rand().
|
|
|
|
$rnd_value = substr( $rnd_value, 8 );
|
2008-08-25 19:52:28 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$value = abs( hexdec( $value ) );
|
2008-08-25 19:52:28 +02:00
|
|
|
|
2020-01-29 01:45:18 +01:00
|
|
|
// Reduce the value to be within the min - max range.
|
2022-06-07 00:50:10 +02:00
|
|
|
$value = $min + ( $max - $min + 1 ) * $value / ( $max_random_number + 1 );
|
2008-08-25 19:52:28 +02:00
|
|
|
|
2020-10-08 23:15:13 +02:00
|
|
|
return abs( (int) $value );
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2008-08-25 19:52:28 +02:00
|
|
|
endif;
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'wp_set_password' ) ) :
|
|
|
|
/**
|
|
|
|
* Updates the user's password with a new encrypted one.
|
|
|
|
*
|
|
|
|
* For integration with other applications, this function can be overwritten to
|
|
|
|
* instead use the other package password checking algorithm.
|
|
|
|
*
|
|
|
|
* Please note: This function should be used sparingly and is really only meant for single-time
|
|
|
|
* application. Leveraging this improperly in a plugin or theme could result in an endless loop
|
|
|
|
* of password resets if precautions are not taken to ensure it does not execute on every page load.
|
|
|
|
*
|
|
|
|
* @since 2.5.0
|
|
|
|
*
|
|
|
|
* @global wpdb $wpdb WordPress database abstraction object.
|
|
|
|
*
|
2022-06-07 00:35:10 +02:00
|
|
|
* @param string $password The plaintext new user password.
|
|
|
|
* @param int $user_id User ID.
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
|
|
|
function wp_set_password( $password, $user_id ) {
|
|
|
|
global $wpdb;
|
|
|
|
|
|
|
|
$hash = wp_hash_password( $password );
|
|
|
|
$wpdb->update(
|
2018-08-17 03:51:36 +02:00
|
|
|
$wpdb->users,
|
|
|
|
array(
|
2017-12-01 00:11:00 +01:00
|
|
|
'user_pass' => $hash,
|
|
|
|
'user_activation_key' => '',
|
2018-08-17 03:51:36 +02:00
|
|
|
),
|
|
|
|
array( 'ID' => $user_id )
|
2017-12-01 00:11:00 +01:00
|
|
|
);
|
2009-03-06 05:27:51 +01:00
|
|
|
|
2019-08-01 19:49:57 +02:00
|
|
|
clean_user_cache( $user_id );
|
2023-01-12 10:05:15 +01:00
|
|
|
|
|
|
|
/**
|
2023-01-12 14:14:15 +01:00
|
|
|
* Fires after the user password is set.
|
2023-01-12 10:05:15 +01:00
|
|
|
*
|
|
|
|
* @since 6.2.0
|
|
|
|
*
|
2023-01-12 14:14:15 +01:00
|
|
|
* @param string $password The plaintext password just set.
|
|
|
|
* @param int $user_id The ID of the user whose password was just set.
|
2023-01-12 10:05:15 +01:00
|
|
|
*/
|
|
|
|
do_action( 'wp_set_password', $password, $user_id );
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2007-12-17 07:02:45 +01:00
|
|
|
endif;
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'get_avatar' ) ) :
|
|
|
|
/**
|
2022-06-07 00:35:10 +02:00
|
|
|
* Retrieves the avatar `<img>` tag for a user, email address, MD5 hash, comment, or post.
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
|
|
|
* @since 2.5.0
|
|
|
|
* @since 4.2.0 Optional `$args` parameter added.
|
|
|
|
*
|
Code Modernization: Rename parameters that use reserved keywords in `wp-includes/pluggable.php`.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$die` parameter to `$stop` in `check_ajax_referer()`.
* Renames the `$default` parameter to `$fallback_url` in `wp_validate_redirect()`.
* Renames the `$default` parameter to `$default_value` in `get_avatar()`.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932], [54933], [54938], [54943], [54944], [54945], [54946], [54947], [54948], [54950], [54951].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54952
git-svn-id: http://core.svn.wordpress.org/trunk@54504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-09 01:24:17 +01:00
|
|
|
* @param mixed $id_or_email The Gravatar to retrieve. Accepts a user_id, gravatar md5 hash,
|
|
|
|
* user email, WP_User object, WP_Post object, or WP_Comment object.
|
|
|
|
* @param int $size Optional. Height and width of the avatar image file in pixels. Default 96.
|
2023-02-06 22:30:18 +01:00
|
|
|
* @param string $default_value URL for the default image or a default type. Accepts '404' (return
|
|
|
|
* a 404 instead of a default image), 'retro' (8bit), 'RoboHash' (robohash),
|
|
|
|
* 'monsterid' (monster), 'wavatar' (cartoon face), 'indenticon' (the "quilt"),
|
Code Modernization: Rename parameters that use reserved keywords in `wp-includes/pluggable.php`.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$die` parameter to `$stop` in `check_ajax_referer()`.
* Renames the `$default` parameter to `$fallback_url` in `wp_validate_redirect()`.
* Renames the `$default` parameter to `$default_value` in `get_avatar()`.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932], [54933], [54938], [54943], [54944], [54945], [54946], [54947], [54948], [54950], [54951].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54952
git-svn-id: http://core.svn.wordpress.org/trunk@54504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-09 01:24:17 +01:00
|
|
|
* 'mystery', 'mm', or 'mysteryman' (The Oyster Man), 'blank' (transparent GIF),
|
|
|
|
* or 'gravatar_default' (the Gravatar logo). Default is the value of the
|
|
|
|
* 'avatar_default' option, with a fallback of 'mystery'.
|
|
|
|
* @param string $alt Optional. Alternative text to use in img tag. Default empty.
|
2020-07-23 23:11:05 +02:00
|
|
|
* @param array $args {
|
2017-12-01 00:11:00 +01:00
|
|
|
* Optional. Extra arguments to retrieve the avatar.
|
|
|
|
*
|
|
|
|
* @type int $height Display height of the avatar in pixels. Defaults to $size.
|
|
|
|
* @type int $width Display width of the avatar in pixels. Defaults to $size.
|
|
|
|
* @type bool $force_default Whether to always show the default image, never the Gravatar. Default false.
|
|
|
|
* @type string $rating What rating to display avatars up to. Accepts 'G', 'PG', 'R', 'X', and are
|
|
|
|
* judged in that order. Default is the value of the 'avatar_rating' option.
|
|
|
|
* @type string $scheme URL scheme to use. See set_url_scheme() for accepted values.
|
|
|
|
* Default null.
|
2020-07-23 23:11:05 +02:00
|
|
|
* @type array|string $class Array or string of additional classes to add to the img element.
|
2017-12-01 00:11:00 +01:00
|
|
|
* Default null.
|
|
|
|
* @type bool $force_display Whether to always show the avatar - ignores the show_avatars option.
|
|
|
|
* Default false.
|
Media: Enable lazy-loading of images by automatically adding the new `loading="lazy"` attribute to image tags on the front-end.
- Introduces `wp_lazy_loading_enabled()`, `wp_filter_content_tags()`, `wp_img_tag_add_loading_attr()`, and `wp_img_tag_add_srcset_and_sizes_attr()` functions.
- Introduces `wp_lazy_loading_enabled`, `wp_img_tag_add_loading_attr`, and `wp_img_tag_add_srcset_and_sizes_attr` filters.
Props flixos90, addyosmani, mor10, swissspidy, pierlo, westonruter, spacedmonkey, mikeschroder, jonoaldersonwp, peterwilsoncc, narwen, jeffpaul, OptimizingMatters, futtta, mukeshpanchal27, azaozz.
Fixes #44427.
Built from https://develop.svn.wordpress.org/trunk@47554
git-svn-id: http://core.svn.wordpress.org/trunk@47329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-08 02:55:07 +02:00
|
|
|
* @type string $loading Value for the `loading` attribute.
|
|
|
|
* Default null.
|
2017-12-01 00:11:00 +01:00
|
|
|
* @type string $extra_attr HTML attributes to insert in the IMG element. Is not sanitized. Default empty.
|
|
|
|
* }
|
2020-01-11 19:32:05 +01:00
|
|
|
* @return string|false `<img>` tag for the user's avatar. False on failure.
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
Code Modernization: Rename parameters that use reserved keywords in `wp-includes/pluggable.php`.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$die` parameter to `$stop` in `check_ajax_referer()`.
* Renames the `$default` parameter to `$fallback_url` in `wp_validate_redirect()`.
* Renames the `$default` parameter to `$default_value` in `get_avatar()`.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932], [54933], [54938], [54943], [54944], [54945], [54946], [54947], [54948], [54950], [54951].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54952
git-svn-id: http://core.svn.wordpress.org/trunk@54504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-09 01:24:17 +01:00
|
|
|
function get_avatar( $id_or_email, $size = 96, $default_value = '', $alt = '', $args = null ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
$defaults = array(
|
|
|
|
// get_avatar_data() args.
|
|
|
|
'size' => 96,
|
|
|
|
'height' => null,
|
|
|
|
'width' => null,
|
|
|
|
'default' => get_option( 'avatar_default', 'mystery' ),
|
|
|
|
'force_default' => false,
|
|
|
|
'rating' => get_option( 'avatar_rating' ),
|
|
|
|
'scheme' => null,
|
|
|
|
'alt' => '',
|
|
|
|
'class' => null,
|
|
|
|
'force_display' => false,
|
Media: Enable lazy-loading of images by automatically adding the new `loading="lazy"` attribute to image tags on the front-end.
- Introduces `wp_lazy_loading_enabled()`, `wp_filter_content_tags()`, `wp_img_tag_add_loading_attr()`, and `wp_img_tag_add_srcset_and_sizes_attr()` functions.
- Introduces `wp_lazy_loading_enabled`, `wp_img_tag_add_loading_attr`, and `wp_img_tag_add_srcset_and_sizes_attr` filters.
Props flixos90, addyosmani, mor10, swissspidy, pierlo, westonruter, spacedmonkey, mikeschroder, jonoaldersonwp, peterwilsoncc, narwen, jeffpaul, OptimizingMatters, futtta, mukeshpanchal27, azaozz.
Fixes #44427.
Built from https://develop.svn.wordpress.org/trunk@47554
git-svn-id: http://core.svn.wordpress.org/trunk@47329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-08 02:55:07 +02:00
|
|
|
'loading' => null,
|
2017-12-01 00:11:00 +01:00
|
|
|
'extra_attr' => '',
|
Media: Add `decoding="async"` to image attributes.
Dynamically add `decoding="async"` to image tags on the front end of a site to instruct browsers to download them in parallel.
Modifies `wp_get_attachment_image()`, `get_avatar()` to include the attribute by default. Modifies `wp_filter_content_tags()` to add the attribute during the front-end render of the site.
Introduces `wp_img_tag_add_decoding_attr()` to take an image tag and modify it to include the attribute. Introduces the filter `wp_img_tag_add_decoding_attr` used to define the default value for the attribute.
Props adamsilverstein, ayeshrajans, costdev, flixos90, hellofromtonya, isaumya, michaelbourne, mihai2u, mitogh, sergiomdgomes, spacedmonkey, westonruter, peterwilsoncc.
Fixes #53232.
Built from https://develop.svn.wordpress.org/trunk@53480
git-svn-id: http://core.svn.wordpress.org/trunk@53069 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-09 07:31:12 +02:00
|
|
|
'decoding' => 'async',
|
2017-12-01 00:11:00 +01:00
|
|
|
);
|
2008-10-03 05:20:54 +02:00
|
|
|
|
Media: Enable lazy-loading of images by automatically adding the new `loading="lazy"` attribute to image tags on the front-end.
- Introduces `wp_lazy_loading_enabled()`, `wp_filter_content_tags()`, `wp_img_tag_add_loading_attr()`, and `wp_img_tag_add_srcset_and_sizes_attr()` functions.
- Introduces `wp_lazy_loading_enabled`, `wp_img_tag_add_loading_attr`, and `wp_img_tag_add_srcset_and_sizes_attr` filters.
Props flixos90, addyosmani, mor10, swissspidy, pierlo, westonruter, spacedmonkey, mikeschroder, jonoaldersonwp, peterwilsoncc, narwen, jeffpaul, OptimizingMatters, futtta, mukeshpanchal27, azaozz.
Fixes #44427.
Built from https://develop.svn.wordpress.org/trunk@47554
git-svn-id: http://core.svn.wordpress.org/trunk@47329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-08 02:55:07 +02:00
|
|
|
if ( wp_lazy_loading_enabled( 'img', 'get_avatar' ) ) {
|
Media: Refine the heuristics to exclude certain images and iframes from being lazy-loaded to improve performance.
This changeset implements the refined lazy-loading behavior outlined in https://make.wordpress.org/core/2021/07/15/refining-wordpress-cores-lazy-loading-implementation/ in order to improve the Largest Contentful Paint metric, which can see a regression from images or iframes above the fold being lazy-loaded. Adjusting this so far has been possible for developers via filters and still is, however this enhancement brings a more accurate behavior out of the box for the majority of themes.
Specifically, this changeset skips the very first "content image or iframe" on the page from being lazy-loaded. "Content image or iframe" denotes any image or iframe that is found within content of any post in the current main query loop as well as any featured image of such a post. This applies both to "singular" as well as "archive" content: On a "singular" page the first image/iframe of the post is not lazy-loaded, while on an "archive" page the first image/iframe of the _first_ post in the query is not lazy-loaded.
This approach refines the lazy-loading behavior correctly for the majority of themes, which use a single-column layout for post content. For themes with multi-column layouts, a new `wp_omit_loading_attr_threshold` filter can be used to change how many of the first images/iframes are being skipped from lazy-loaded (default is `1`). For example, a theme using a three-column grid of latest posts for archives could use the filter to override the threshold to `3` on archive pages, so that the first three content images/iframes would not be lazy-loaded.
Props adamsilverstein, azaozz, flixos90, hellofromtonya, jonoaldersonwp, mte90, rviscomi, tweetythierry, westonruter.
Fixes #53675. See #50425.
Built from https://develop.svn.wordpress.org/trunk@52065
git-svn-id: http://core.svn.wordpress.org/trunk@51657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-09 01:36:01 +01:00
|
|
|
$defaults['loading'] = wp_get_loading_attr_default( 'get_avatar' );
|
Media: Enable lazy-loading of images by automatically adding the new `loading="lazy"` attribute to image tags on the front-end.
- Introduces `wp_lazy_loading_enabled()`, `wp_filter_content_tags()`, `wp_img_tag_add_loading_attr()`, and `wp_img_tag_add_srcset_and_sizes_attr()` functions.
- Introduces `wp_lazy_loading_enabled`, `wp_img_tag_add_loading_attr`, and `wp_img_tag_add_srcset_and_sizes_attr` filters.
Props flixos90, addyosmani, mor10, swissspidy, pierlo, westonruter, spacedmonkey, mikeschroder, jonoaldersonwp, peterwilsoncc, narwen, jeffpaul, OptimizingMatters, futtta, mukeshpanchal27, azaozz.
Fixes #44427.
Built from https://develop.svn.wordpress.org/trunk@47554
git-svn-id: http://core.svn.wordpress.org/trunk@47329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-08 02:55:07 +02:00
|
|
|
}
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( empty( $args ) ) {
|
|
|
|
$args = array();
|
|
|
|
}
|
2008-03-02 22:41:35 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$args['size'] = (int) $size;
|
Code Modernization: Rename parameters that use reserved keywords in `wp-includes/pluggable.php`.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$die` parameter to `$stop` in `check_ajax_referer()`.
* Renames the `$default` parameter to `$fallback_url` in `wp_validate_redirect()`.
* Renames the `$default` parameter to `$default_value` in `get_avatar()`.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932], [54933], [54938], [54943], [54944], [54945], [54946], [54947], [54948], [54950], [54951].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54952
git-svn-id: http://core.svn.wordpress.org/trunk@54504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-09 01:24:17 +01:00
|
|
|
$args['default'] = $default_value;
|
2017-12-01 00:11:00 +01:00
|
|
|
$args['alt'] = $alt;
|
2014-03-28 22:21:15 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$args = wp_parse_args( $args, $defaults );
|
2015-02-26 22:17:24 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( empty( $args['height'] ) ) {
|
|
|
|
$args['height'] = $args['size'];
|
|
|
|
}
|
|
|
|
if ( empty( $args['width'] ) ) {
|
|
|
|
$args['width'] = $args['size'];
|
|
|
|
}
|
2015-09-16 19:34:24 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( is_object( $id_or_email ) && isset( $id_or_email->comment_ID ) ) {
|
|
|
|
$id_or_email = get_comment( $id_or_email );
|
|
|
|
}
|
2015-04-05 18:46:26 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
/**
|
2020-03-16 19:40:07 +01:00
|
|
|
* Allows the HTML for a user's avatar to be returned early.
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
2021-12-29 18:28:00 +01:00
|
|
|
* Returning a non-null value will effectively short-circuit get_avatar(), passing
|
2017-12-01 00:11:00 +01:00
|
|
|
* the value through the {@see 'get_avatar'} filter and returning early.
|
|
|
|
*
|
|
|
|
* @since 4.2.0
|
|
|
|
*
|
2019-09-21 19:41:57 +02:00
|
|
|
* @param string|null $avatar HTML for the user's avatar. Default null.
|
2020-03-16 19:40:07 +01:00
|
|
|
* @param mixed $id_or_email The avatar to retrieve. Accepts a user_id, Gravatar MD5 hash,
|
2019-09-21 19:41:57 +02:00
|
|
|
* user email, WP_User object, WP_Post object, or WP_Comment object.
|
|
|
|
* @param array $args Arguments passed to get_avatar_url(), after processing.
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
|
|
|
$avatar = apply_filters( 'pre_get_avatar', null, $id_or_email, $args );
|
2013-11-02 13:20:11 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! is_null( $avatar ) ) {
|
|
|
|
/** This filter is documented in wp-includes/pluggable.php */
|
|
|
|
return apply_filters( 'get_avatar', $avatar, $id_or_email, $args['size'], $args['default'], $args['alt'], $args );
|
|
|
|
}
|
2008-02-07 07:07:12 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! $args['force_display'] && ! get_option( 'show_avatars' ) ) {
|
|
|
|
return false;
|
|
|
|
}
|
2015-06-27 10:35:24 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$url2x = get_avatar_url( $id_or_email, array_merge( $args, array( 'size' => $args['size'] * 2 ) ) );
|
2015-01-09 05:43:23 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$args = get_avatar_data( $id_or_email, $args );
|
2015-01-09 05:43:23 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$url = $args['url'];
|
2008-05-03 02:56:16 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! $url || is_wp_error( $url ) ) {
|
|
|
|
return false;
|
|
|
|
}
|
2010-02-24 21:50:40 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$class = array( 'avatar', 'avatar-' . (int) $args['size'], 'photo' );
|
2015-01-09 05:43:23 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! $args['found_avatar'] || $args['force_default'] ) {
|
|
|
|
$class[] = 'avatar-default';
|
2015-01-09 05:43:23 +01:00
|
|
|
}
|
2008-02-07 07:07:12 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( $args['class'] ) {
|
|
|
|
if ( is_array( $args['class'] ) ) {
|
|
|
|
$class = array_merge( $class, $args['class'] );
|
|
|
|
} else {
|
|
|
|
$class[] = $args['class'];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-12-01 16:43:20 +01:00
|
|
|
// Add `loading` and `decoding` attributes.
|
Media: Enable lazy-loading of images by automatically adding the new `loading="lazy"` attribute to image tags on the front-end.
- Introduces `wp_lazy_loading_enabled()`, `wp_filter_content_tags()`, `wp_img_tag_add_loading_attr()`, and `wp_img_tag_add_srcset_and_sizes_attr()` functions.
- Introduces `wp_lazy_loading_enabled`, `wp_img_tag_add_loading_attr`, and `wp_img_tag_add_srcset_and_sizes_attr` filters.
Props flixos90, addyosmani, mor10, swissspidy, pierlo, westonruter, spacedmonkey, mikeschroder, jonoaldersonwp, peterwilsoncc, narwen, jeffpaul, OptimizingMatters, futtta, mukeshpanchal27, azaozz.
Fixes #44427.
Built from https://develop.svn.wordpress.org/trunk@47554
git-svn-id: http://core.svn.wordpress.org/trunk@47329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-08 02:55:07 +02:00
|
|
|
$extra_attr = $args['extra_attr'];
|
|
|
|
|
2022-12-01 16:43:20 +01:00
|
|
|
if ( in_array( $args['loading'], array( 'lazy', 'eager' ), true )
|
|
|
|
&& ! preg_match( '/\bloading\s*=/', $extra_attr )
|
|
|
|
) {
|
Media: Enable lazy-loading of images by automatically adding the new `loading="lazy"` attribute to image tags on the front-end.
- Introduces `wp_lazy_loading_enabled()`, `wp_filter_content_tags()`, `wp_img_tag_add_loading_attr()`, and `wp_img_tag_add_srcset_and_sizes_attr()` functions.
- Introduces `wp_lazy_loading_enabled`, `wp_img_tag_add_loading_attr`, and `wp_img_tag_add_srcset_and_sizes_attr` filters.
Props flixos90, addyosmani, mor10, swissspidy, pierlo, westonruter, spacedmonkey, mikeschroder, jonoaldersonwp, peterwilsoncc, narwen, jeffpaul, OptimizingMatters, futtta, mukeshpanchal27, azaozz.
Fixes #44427.
Built from https://develop.svn.wordpress.org/trunk@47554
git-svn-id: http://core.svn.wordpress.org/trunk@47329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-08 02:55:07 +02:00
|
|
|
if ( ! empty( $extra_attr ) ) {
|
|
|
|
$extra_attr .= ' ';
|
|
|
|
}
|
|
|
|
|
2022-12-01 16:43:20 +01:00
|
|
|
$extra_attr .= "loading='{$args['loading']}'";
|
Media: Enable lazy-loading of images by automatically adding the new `loading="lazy"` attribute to image tags on the front-end.
- Introduces `wp_lazy_loading_enabled()`, `wp_filter_content_tags()`, `wp_img_tag_add_loading_attr()`, and `wp_img_tag_add_srcset_and_sizes_attr()` functions.
- Introduces `wp_lazy_loading_enabled`, `wp_img_tag_add_loading_attr`, and `wp_img_tag_add_srcset_and_sizes_attr` filters.
Props flixos90, addyosmani, mor10, swissspidy, pierlo, westonruter, spacedmonkey, mikeschroder, jonoaldersonwp, peterwilsoncc, narwen, jeffpaul, OptimizingMatters, futtta, mukeshpanchal27, azaozz.
Fixes #44427.
Built from https://develop.svn.wordpress.org/trunk@47554
git-svn-id: http://core.svn.wordpress.org/trunk@47329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-08 02:55:07 +02:00
|
|
|
}
|
|
|
|
|
2022-12-01 16:43:20 +01:00
|
|
|
if ( in_array( $args['decoding'], array( 'async', 'sync', 'auto' ), true )
|
|
|
|
&& ! preg_match( '/\bdecoding\s*=/', $extra_attr )
|
|
|
|
) {
|
Media: Add `decoding="async"` to image attributes.
Dynamically add `decoding="async"` to image tags on the front end of a site to instruct browsers to download them in parallel.
Modifies `wp_get_attachment_image()`, `get_avatar()` to include the attribute by default. Modifies `wp_filter_content_tags()` to add the attribute during the front-end render of the site.
Introduces `wp_img_tag_add_decoding_attr()` to take an image tag and modify it to include the attribute. Introduces the filter `wp_img_tag_add_decoding_attr` used to define the default value for the attribute.
Props adamsilverstein, ayeshrajans, costdev, flixos90, hellofromtonya, isaumya, michaelbourne, mihai2u, mitogh, sergiomdgomes, spacedmonkey, westonruter, peterwilsoncc.
Fixes #53232.
Built from https://develop.svn.wordpress.org/trunk@53480
git-svn-id: http://core.svn.wordpress.org/trunk@53069 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-09 07:31:12 +02:00
|
|
|
if ( ! empty( $extra_attr ) ) {
|
|
|
|
$extra_attr .= ' ';
|
|
|
|
}
|
2022-12-01 16:43:20 +01:00
|
|
|
|
Media: Add `decoding="async"` to image attributes.
Dynamically add `decoding="async"` to image tags on the front end of a site to instruct browsers to download them in parallel.
Modifies `wp_get_attachment_image()`, `get_avatar()` to include the attribute by default. Modifies `wp_filter_content_tags()` to add the attribute during the front-end render of the site.
Introduces `wp_img_tag_add_decoding_attr()` to take an image tag and modify it to include the attribute. Introduces the filter `wp_img_tag_add_decoding_attr` used to define the default value for the attribute.
Props adamsilverstein, ayeshrajans, costdev, flixos90, hellofromtonya, isaumya, michaelbourne, mihai2u, mitogh, sergiomdgomes, spacedmonkey, westonruter, peterwilsoncc.
Fixes #53232.
Built from https://develop.svn.wordpress.org/trunk@53480
git-svn-id: http://core.svn.wordpress.org/trunk@53069 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-09 07:31:12 +02:00
|
|
|
$extra_attr .= "decoding='{$args['decoding']}'";
|
|
|
|
}
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$avatar = sprintf(
|
|
|
|
"<img alt='%s' src='%s' srcset='%s' class='%s' height='%d' width='%d' %s/>",
|
|
|
|
esc_attr( $args['alt'] ),
|
|
|
|
esc_url( $url ),
|
|
|
|
esc_url( $url2x ) . ' 2x',
|
2020-10-18 19:27:06 +02:00
|
|
|
esc_attr( implode( ' ', $class ) ),
|
2017-12-01 00:11:00 +01:00
|
|
|
(int) $args['height'],
|
|
|
|
(int) $args['width'],
|
Media: Enable lazy-loading of images by automatically adding the new `loading="lazy"` attribute to image tags on the front-end.
- Introduces `wp_lazy_loading_enabled()`, `wp_filter_content_tags()`, `wp_img_tag_add_loading_attr()`, and `wp_img_tag_add_srcset_and_sizes_attr()` functions.
- Introduces `wp_lazy_loading_enabled`, `wp_img_tag_add_loading_attr`, and `wp_img_tag_add_srcset_and_sizes_attr` filters.
Props flixos90, addyosmani, mor10, swissspidy, pierlo, westonruter, spacedmonkey, mikeschroder, jonoaldersonwp, peterwilsoncc, narwen, jeffpaul, OptimizingMatters, futtta, mukeshpanchal27, azaozz.
Fixes #44427.
Built from https://develop.svn.wordpress.org/trunk@47554
git-svn-id: http://core.svn.wordpress.org/trunk@47329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-08 02:55:07 +02:00
|
|
|
$extra_attr
|
2017-12-01 00:11:00 +01:00
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
2020-03-16 19:40:07 +01:00
|
|
|
* Filters the HTML for a user's avatar.
|
2017-12-01 00:11:00 +01:00
|
|
|
*
|
|
|
|
* @since 2.5.0
|
|
|
|
* @since 4.2.0 The `$args` parameter was added.
|
|
|
|
*
|
Code Modernization: Rename parameters that use reserved keywords in `wp-includes/pluggable.php`.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.
This commit:
* Renames the `$die` parameter to `$stop` in `check_ajax_referer()`.
* Renames the `$default` parameter to `$fallback_url` in `wp_validate_redirect()`.
* Renames the `$default` parameter to `$default_value` in `get_avatar()`.
Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932], [54933], [54938], [54943], [54944], [54945], [54946], [54947], [54948], [54950], [54951].
Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54952
git-svn-id: http://core.svn.wordpress.org/trunk@54504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-09 01:24:17 +01:00
|
|
|
* @param string $avatar HTML for the user's avatar.
|
|
|
|
* @param mixed $id_or_email The avatar to retrieve. Accepts a user_id, Gravatar MD5 hash,
|
|
|
|
* user email, WP_User object, WP_Post object, or WP_Comment object.
|
|
|
|
* @param int $size Square avatar width and height in pixels to retrieve.
|
|
|
|
* @param string $default_value URL for the default image or a default type. Accepts '404', 'retro', 'monsterid',
|
|
|
|
* 'wavatar', 'indenticon', 'mystery', 'mm', 'mysteryman', 'blank', or 'gravatar_default'.
|
|
|
|
* @param string $alt Alternative text to use in the avatar image tag.
|
|
|
|
* @param array $args Arguments passed to get_avatar_data(), after processing.
|
2017-12-01 00:11:00 +01:00
|
|
|
*/
|
|
|
|
return apply_filters( 'get_avatar', $avatar, $id_or_email, $args['size'], $args['default'], $args['alt'], $args );
|
|
|
|
}
|
|
|
|
endif;
|
2015-01-09 05:43:23 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! function_exists( 'wp_text_diff' ) ) :
|
2014-03-28 22:21:15 +01:00
|
|
|
/**
|
2017-12-01 00:11:00 +01:00
|
|
|
* Displays a human readable HTML representation of the difference between two strings.
|
2014-03-28 22:21:15 +01:00
|
|
|
*
|
2017-12-01 00:11:00 +01:00
|
|
|
* The Diff is available for getting the changes between versions. The output is
|
|
|
|
* HTML, so the primary use is for displaying the changes. If the two strings
|
|
|
|
* are equivalent, then an empty string will be returned.
|
|
|
|
*
|
|
|
|
* @since 2.6.0
|
|
|
|
*
|
|
|
|
* @see wp_parse_args() Used to change defaults to user defined settings.
|
|
|
|
* @uses Text_Diff
|
|
|
|
* @uses WP_Text_Diff_Renderer_Table
|
|
|
|
*
|
2022-06-07 00:35:10 +02:00
|
|
|
* @param string $left_string "old" (left) version of string.
|
|
|
|
* @param string $right_string "new" (right) version of string.
|
2019-08-11 00:28:54 +02:00
|
|
|
* @param string|array $args {
|
|
|
|
* Associative array of options to pass to WP_Text_Diff_Renderer_Table().
|
|
|
|
*
|
|
|
|
* @type string $title Titles the diff in a manner compatible
|
|
|
|
* with the output. Default empty.
|
|
|
|
* @type string $title_left Change the HTML to the left of the title.
|
|
|
|
* Default empty.
|
|
|
|
* @type string $title_right Change the HTML to the right of the title.
|
|
|
|
* Default empty.
|
|
|
|
* @type bool $show_split_view True for split view (two columns), false for
|
|
|
|
* un-split view (single column). Default true.
|
|
|
|
* }
|
2017-12-01 00:11:00 +01:00
|
|
|
* @return string Empty string if strings are equivalent or HTML with differences.
|
2014-03-28 22:21:15 +01:00
|
|
|
*/
|
2017-12-01 00:11:00 +01:00
|
|
|
function wp_text_diff( $left_string, $right_string, $args = null ) {
|
|
|
|
$defaults = array(
|
2019-08-11 00:28:54 +02:00
|
|
|
'title' => '',
|
|
|
|
'title_left' => '',
|
|
|
|
'title_right' => '',
|
|
|
|
'show_split_view' => true,
|
2017-12-01 00:11:00 +01:00
|
|
|
);
|
|
|
|
$args = wp_parse_args( $args, $defaults );
|
2008-04-19 01:38:21 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! class_exists( 'WP_Text_Diff_Renderer_Table', false ) ) {
|
2020-02-06 07:33:11 +01:00
|
|
|
require ABSPATH . WPINC . '/wp-diff.php';
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2008-04-19 01:38:21 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$left_string = normalize_whitespace( $left_string );
|
|
|
|
$right_string = normalize_whitespace( $right_string );
|
2008-08-09 07:36:14 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$left_lines = explode( "\n", $left_string );
|
|
|
|
$right_lines = explode( "\n", $right_string );
|
|
|
|
$text_diff = new Text_Diff( $left_lines, $right_lines );
|
|
|
|
$renderer = new WP_Text_Diff_Renderer_Table( $args );
|
|
|
|
$diff = $renderer->render( $text_diff );
|
2008-04-19 01:38:21 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( ! $diff ) {
|
|
|
|
return '';
|
|
|
|
}
|
2008-04-19 01:38:21 +02:00
|
|
|
|
2021-01-27 22:53:58 +01:00
|
|
|
$is_split_view = ! empty( $args['show_split_view'] );
|
|
|
|
$is_split_view_class = $is_split_view ? ' is-split-view' : '';
|
2013-02-28 16:14:34 +01:00
|
|
|
|
2021-01-27 22:53:58 +01:00
|
|
|
$r = "<table class='diff$is_split_view_class'>\n";
|
|
|
|
|
|
|
|
if ( $args['title'] ) {
|
|
|
|
$r .= "<caption class='diff-title'>$args[title]</caption>\n";
|
2017-12-01 00:11:00 +01:00
|
|
|
}
|
2008-04-19 01:38:21 +02:00
|
|
|
|
2021-01-27 22:53:58 +01:00
|
|
|
if ( $args['title_left'] || $args['title_right'] ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
$r .= '<thead>';
|
|
|
|
}
|
2021-01-27 22:53:58 +01:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
if ( $args['title_left'] || $args['title_right'] ) {
|
2021-01-27 22:53:58 +01:00
|
|
|
$th_or_td_left = empty( $args['title_left'] ) ? 'td' : 'th';
|
|
|
|
$th_or_td_right = empty( $args['title_right'] ) ? 'td' : 'th';
|
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$r .= "<tr class='diff-sub-title'>\n";
|
2021-01-27 22:53:58 +01:00
|
|
|
$r .= "\t<$th_or_td_left>$args[title_left]</$th_or_td_left>\n";
|
|
|
|
if ( $is_split_view ) {
|
|
|
|
$r .= "\t<$th_or_td_right>$args[title_right]</$th_or_td_right>\n";
|
|
|
|
}
|
2017-12-01 00:11:00 +01:00
|
|
|
$r .= "</tr>\n";
|
|
|
|
}
|
2021-01-27 22:53:58 +01:00
|
|
|
|
|
|
|
if ( $args['title_left'] || $args['title_right'] ) {
|
2017-12-01 00:11:00 +01:00
|
|
|
$r .= "</thead>\n";
|
|
|
|
}
|
2008-04-19 01:38:21 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
$r .= "<tbody>\n$diff\n</tbody>\n";
|
|
|
|
$r .= '</table>';
|
2008-04-19 01:38:21 +02:00
|
|
|
|
2017-12-01 00:11:00 +01:00
|
|
|
return $r;
|
|
|
|
}
|
2008-04-19 01:38:21 +02:00
|
|
|
endif;
|