ct['host'] ); /* * Ignore differences in host capitalization, as this can lead to infinite redirects. * Only redirect no-www <=> yes-www. */ if ( $original_host_low === $redirect_host_low || ( 'www.' . $original_host_low !== $redirect_host_low && 'www.' . $redirect_host_low !== $original_host_low ) ) { $redirect['host'] = $original['host']; } $compare_original = array( $original['host'], $original['path'] ); if ( ! empty( $original['port'] ) ) { $compare_original[] = $original['port']; } if ( ! empty( $original['query'] ) ) { $compare_original[] = $original['query']; } $compare_redirect = array( $redirect['host'], $redirect['path'] ); if ( ! empty( $redirect['port'] ) ) { $compare_redirect[] = $redirect['port']; } if ( ! empty( $redirect['query'] ) ) { $compare_redirect[] = $redirect['query']; } if ( $compare_original !== $compare_redirect ) { $redirect_url = $redirect['scheme'] . '://' . $redirect['host']; if ( ! empty( $redirect['port'] ) ) { $redirect_url .= ':' . $redirect['port']; } $redirect_url .= $redirect['path']; if ( ! empty( $redirect['query'] ) ) { $redirect_url .= '?' . $redirect['query']; } } if ( ! $redirect_url || $redirect_url === $requested_url ) { return; } // Hex-encoded octets are case-insensitive. if ( str_contains( $requested_url, '%' ) ) { if ( ! function_exists( 'lowercase_octets' ) ) { /** * Converts the first hex-encoded octet match to lowercase. * * @since 3.1.0 * @ignore * * @param array $matches Hex-encoded octet matches for the requested URL. * @return string Lowercased version of the first match. */ function lowercase_octets( $matches ) { return strtolower( $matches[0] ); } } $requested_url = preg_replace_callback( '|%[a-fA-F0-9][a-fA-F0-9]|', 'lowercase_octets', $requested_url ); } if ( $redirect_obj instanceof WP_Post ) { $post_status_obj = get_post_status_object( get_post_status( $redirect_obj ) ); /* * Unset the redirect object and URL if they are not readable by the user. * This condition is a little confusing as the condition needs to pass if * the post is not readable by the user. That's why there are ! (not) conditions * throughout. */ if ( // Private post statuses only redirect if the user can read them. ! ( $post_status_obj->private && current_user_can( 'read_post', $redirect_obj->ID ) ) && // For other posts, only redirect if publicly viewable. ! is_post_publicly_viewable( $redirect_obj ) ) { $redirect_obj = false; $redirect_url = false; } } /** * Filters the canonical redirect URL. * * Returning false to this filter will cancel the redirect. * * @since 2.3.0 * * @param string $redirect_url The redirect URL. * @param string $requested_url The requested URL. */ $redirect_url = apply_filters( 'redirect_canonical', $redirect_url, $requested_url ); // Yes, again -- in case the filter aborted the request. if ( ! $redirect_url || strip_fragment_from_url( $redirect_url ) === strip_fragment_from_url( $requested_url ) ) { return; } if ( $do_redirect ) { // Protect against chained redirects. if ( ! redirect_canonical( $redirect_url, false ) ) { wp_redirect( $redirect_url, 301 ); exit; } else { // Debug. // die("1: $redirect_url
2: " . redirect_canonical( $redirect_url, false ) ); return; } } else { return $redirect_url; } } /** * Removes arguments from a query string if they are not present in a URL * DO NOT use this in plugin code. * * @since 3.4.0 * @access private * * @param string $query_string * @param array $args_to_check * @param string $url * @return string The altered query string */ function _remove_qs_args_if_not_in_url( $query_string, array $args_to_check, $url ) { $parsed_url = parse_url( $url ); if ( ! empty( $parsed_url['query'] ) ) { parse_str( $parsed_url['query'], $parsed_query ); foreach ( $args_to_check as $qv ) { if ( ! isset( $parsed_query[ $qv ] ) ) { $query_string = remove_query_arg( $qv, $query_string ); } } } else { $query_string = remove_query_arg( $args_to_check, $query_string ); } return $query_string; } /** * Strips the #fragment from a URL, if one is present. * * @since 4.4.0 * * @param string $url The URL to strip. * @return string The altered URL. */ function strip_fragment_from_url( $url ) { $parsed_url = wp_parse_url( $url ); if ( ! empty( $parsed_url['host'] ) ) { $url = ''; if ( ! empty( $parsed_url['scheme'] ) ) { $url = $parsed_url['scheme'] . ':'; } $url .= '//' . $parsed_url['host']; if ( ! empty( $parsed_url['port'] ) ) { $url .= ':' . $parsed_url['port']; } if ( ! empty( $parsed_url['path'] ) ) { $url .= $parsed_url['path']; } if ( ! empty( $parsed_url['query'] ) ) { $url .= '?' . $parsed_url['query']; } } return $url; } /** * Attempts to guess the correct URL for a 404 request based on query vars. * * @since 2.3.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @return string|false The correct URL if one is found. False on failure. */ function redirect_guess_404_permalink() { global $wpdb; /** * Filters whether to attempt to guess a redirect URL for a 404 request. * * Returning a false value from the filter will disable the URL guessing * and return early without performing a redirect. * * @since 5.5.0 * * @param bool $do_redirect_guess Whether to attempt to guess a redirect URL * for a 404 request. Default true. */ if ( false === apply_filters( 'do_redirect_guess_404_permalink', true ) ) { return false; } /** * Short-circuits the redirect URL guessing for 404 requests. * * Returning a non-null value from the filter will effectively short-circuit * the URL guessing, returning the passed value instead. * * @since 5.5.0 * * @param null|string|false $pre Whether to short-circuit guessing the redirect for a 404. * Default null to continue with the URL guessing. */ $pre = apply_filters( 'pre_redirect_guess_404_permalink', null ); if ( null !== $pre ) { return $pre; } if ( get_query_var( 'name' ) ) { $publicly_viewable_statuses = array_filter( get_post_stati(), 'is_post_status_viewable' ); $publicly_viewable_post_types = array_filter( get_post_types( array( 'exclude_from_search' => false ) ), 'is_post_type_viewable' ); /** * Filters whether to perform a strict guess for a 404 redirect. * * Returning a truthy value from the filter will redirect only exact post_name matches. * * @since 5.5.0 * * @param bool $strict_guess Whether to perform a strict guess. Default false (loose guess). */ $strict_guess = apply_filters( 'strict_redirect_guess_404_permalink', false ); if ( $strict_guess ) { $where = $wpdb->prepare( 'post_name = %s', get_query_var( 'name' ) ); } else { $where = $wpdb->prepare( 'post_name LIKE %s', $wpdb->esc_like( get_query_var( 'name' ) ) . '%' ); } // If any of post_type, year, monthnum, or day are set, use them to refine the query. if ( get_query_var( 'post_type' ) ) { if ( is_array( get_query_var( 'post_type' ) ) ) { $post_types = array_intersect( get_query_var( 'post_type' ), $publicly_viewable_post_types ); if ( empty( $post_types ) ) { return false; } $where .= " AND post_type IN ('" . join( "', '", esc_sql( get_query_var( 'post_type' ) ) ) . "')"; } else { if ( ! in_array( get_query_var( 'post_type' ), $publicly_viewable_post_types, true ) ) { return false; } $where .= $wpdb->prepare( ' AND post_type = %s', get_query_var( 'post_type' ) ); } } else { $where .= " AND post_type IN ('" . implode( "', '", esc_sql( $publicly_viewable_post_types ) ) . "')"; } if ( get_query_var( 'year' ) ) { $where .= $wpdb->prepare( ' AND YEAR(post_date) = %d', get_query_var( 'year' ) ); } if ( get_query_var( 'monthnum' ) ) { $where .= $wpdb->prepare( ' AND MONTH(post_date) = %d', get_query_var( 'monthnum' ) ); } if ( get_query_var( 'day' ) ) { $where .= $wpdb->prepare( ' AND DAYOFMONTH(post_date) = %d', get_query_var( 'day' ) ); } // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared $post_id = $wpdb->get_var( "SELECT ID FROM $wpdb->posts WHERE $where AND post_status IN ('" . implode( "', '", esc_sql( $publicly_viewable_statuses ) ) . "')" ); if ( ! $post_id ) { return false; } if ( get_query_var( 'feed' ) ) { return get_post_comments_feed_link( $post_id, get_query_var( 'feed' ) ); } elseif ( get_query_var( 'page' ) > 1 ) { return trailingslashit( get_permalink( $post_id ) ) . user_trailingslashit( get_query_var( 'page' ), 'single_paged' ); } else { return get_permalink( $post_id ); } } return false; } /** * Redirects a variety of shorthand URLs to the admin. * * If a user visits example.com/admin, they'll be redirected to /wp-admin. * Visiting /login redirects to /wp-login.php, and so on. * * @since 3.4.0 * * @global WP_Rewrite $wp_rewrite WordPress rewrite component. */ function wp_redirect_admin_locations() { global $wp_rewrite; if ( ! ( is_404() && $wp_rewrite->using_permalinks() ) ) { return; } $admins = array( home_url( 'wp-admin', 'relative' ), home_url( 'dashboard', 'relative' ), home_url( 'admin', 'relative' ), site_url( 'dashboard', 'relative' ), site_url( 'admin', 'relative' ), ); if ( in_array( untrailingslashit( $_SERVER['REQUEST_URI'] ), $admins, true ) ) { wp_redirect( admin_url() ); exit; } $logins = array( home_url( 'wp-login.php', 'relative' ), home_url( 'login.php', 'relative' ), home_url( 'login', 'relative' ), site_url( 'login', 'relative' ), ); if ( in_array( untrailingslashit( $_SERVER['REQUEST_URI'] ), $logins, true ) ) { wp_redirect( wp_login_url() ); exit; } } $attr, ']' ); if ( false === $open || false === $close ) { continue; // Go to next attribute. Square braces will be escaped at end of loop. } $double = strpos( $attr, '"' ); $single = strpos( $attr, "'" ); if ( ( false === $single || $open < $single ) && ( false === $double || $open < $double ) ) { /* * $attr like '[shortcode]' or 'name = [shortcode]' implies unfiltered_html. * In this specific situation we assume KSES did not run because the input * was written by an administrator, so we should avoid changing the output * and we do not need to run KSES here. */ $attr = preg_replace_callback( "/$pattern/", 'do_shortcode_tag', $attr ); } else { /* * $attr like 'name = "[shortcode]"' or "name = '[shortcode]'". * We do not know if $content was unfiltered. Assume KSES ran before shortcodes. */ $count = 0; $new_attr = preg_replace_callback( "/$pattern/", 'do_shortcode_tag', $attr, -1, $count ); if ( $count > 0 ) { // Sanitize the shortcode output using KSES. $new_attr = wp_kses_one_attr( $new_attr, $elname ); if ( '' !== trim( $new_attr ) ) { // The shortcode is safe to use now. $attr = $new_attr; } } } } $element = $front . implode( '', $attributes ) . $back; // Now encode any remaining '[' or ']' chars. $element = strtr( $element, $trans ); } $content = implode( '', $textarr ); return $content; } /** * Removes placeholders added by do_shortcodes_in_html_tags(). * * @since 4.2.3 * * @param string $content Content to search for placeholders. * @return string Content with placeholders removed. */ function unescape_invalid_shortcodes( $content ) { // Clean up entire string, avoids re-parsing HTML. $trans = array( '[' => '[', ']' => ']', ); $content = strtr( $content, $trans ); return $content; } /** * Retrieves the shortcode attributes regex. * * @since 4.4.0 * * @return string The shortcode attribute regular expression. */ function get_shortcode_atts_regex() { return '/([\w-]+)\s*=\s*"([^"]*)"(?:\s|$)|([\w-]+)\s*=\s*\'([^\']*)\'(?:\s|$)|([\w-]+)\s*=\s*([^\s\'"]+)(?:\s|$)|"([^"]*)"(?:\s|$)|\'([^\']*)\'(?:\s|$)|(\S+)(?:\s|$)/'; } /** * Retrieves all attributes from the shortcodes tag. * * The attributes list has the attribute name as the key and the value of the * attribute as the value in the key/value pair. This allows for easier * retrieval of the attributes, since all attributes have to be known. * * @since 2.5.0 * @since 6.5.0 The function now always returns an empty array, * even if the original arguments string cannot be parsed or is empty. * * @param string $text Shortcode arguments list. * @return array Array of attribute values keyed by attribute name. * Returns empty array if there are no attributes * or if the original arguments string cannot be parsed. */ function shortcode_parse_atts( $text ) { $atts = array(); $pattern = get_shortcode_atts_regex(); $text = preg_replace( "/[\x{00a0}\x{200b}]+/u", ' ', $text ); if ( preg_match_all( $pattern, $text, $match, PREG_SET_ORDER ) ) { foreach ( $match as $m ) { if ( ! empty( $m[1] ) ) { $atts[ strtolower( $m[1] ) ] = stripcslashes( $m[2] ); } elseif ( ! empty( $m[3] ) ) { $atts[ strtolower( $m[3] ) ] = stripcslashes( $m[4] ); } elseif ( ! empty( $m[5] ) ) { $atts[ strtolower( $m[5] ) ] = stripcslashes( $m[6] ); } elseif ( isset( $m[7] ) && strlen( $m[7] ) ) { $atts[] = stripcslashes( $m[7] ); } elseif ( isset( $m[8] ) && strlen( $m[8] ) ) { $atts[] = stripcslashes( $m[8] ); } elseif ( isset( $m[9] ) ) { $atts[] = stripcslashes( $m[9] ); } } // Reject any unclosed HTML elements. foreach ( $atts as &$value ) { if ( str_contains( $value, '<' ) ) { if ( 1 !== preg_match( '/^[^<]*+(?:<[^>]*+>[^<]*+)*+$/', $value ) ) { $value = ''; } } } } return $atts; } /** * Combines user attributes with known attributes and fill in defaults when needed. * * The pairs should be considered to be all of the attributes which are * supported by the caller and given as a list. The returned attributes will * only contain the attributes in the $pairs list. * * If the $atts list has unsupported attributes, then they will be ignored and * removed from the final returned list. * * @since 2.5.0 * * @param array $pairs Entire list of supported attributes and their defaults. * @param array $atts User defined attributes in shortcode tag. * @param string $shortcode Optional. The name of the shortcode, provided for context to enable filtering * @return array Combined and filtered attribute list. */ function shortcode_atts( $pairs, $atts, $shortcode = '' ) { $atts = (array) $atts; $out = array(); foreach ( $pairs as $name => $default ) { if ( array_key_exists( $name, $atts ) ) { $out[ $name ] = $atts[ $name ]; } else { $out[ $name ] = $default; } } if ( $shortcode ) { /** * Filters shortcode attributes. * * If the third parameter of the shortcode_atts() function is present then this filter is available. * The third parameter, $shortcode, is the name of the shortcode. * * @since 3.6.0 * @since 4.4.0 Added the `$shortcode` parameter. * * @param array $out The output array of shortcode attributes. * @param array $pairs The supported attributes and their defaults. * @param array $atts The user defined shortcode attributes. * @param string $shortcode The shortcode name. */ $out = apply_filters( "shortcode_atts_{$shortcode}", $out, $pairs, $atts, $shortcode ); } return $out; } /** * Removes all shortcode tags from the given content. * * @since 2.5.0 * * @global array $shortcode_tags * * @param string $content Content to remove shortcode tags. * @return string Content without shortcode tags. */ function strip_shortcodes( $content ) { global $shortcode_tags; if ( ! str_contains( $content, '[' ) ) { return $content; } if ( empty( $shortcode_tags ) || ! is_array( $shortcode_tags ) ) { return $content; } // Find all registered tag names in $content. preg_match_all( '@\[([^<>&/\[\]\x00-\x20=]++)@', $content, $matches ); $tags_to_remove = array_keys( $shortcode_tags ); /** * Filters the list of shortcode tags to remove from the content. * * @since 4.7.0 * * @param array $tags_to_remove Array of shortcode tags to remove. * @param string $content Content shortcodes are being removed from. */ $tags_to_remove = apply_filters( 'strip_shortcodes_tagnames', $tags_to_remove, $content ); $tagnames = array_intersect( $tags_to_remove, $matches[1] ); if ( empty( $tagnames ) ) { return $content; } $content = do_shortcodes_in_html_tags( $content, true, $tagnames ); $pattern = get_shortcode_regex( $tagnames ); $content = preg_replace_callback( "/$pattern/", 'strip_shortcode_tag', $content ); // Always restore square braces so we don't break things like