shell bypass 403
UnknownSec Shell
:
/
home
/
innovagencyco
/
www
/
abtest.innovagency.co.za
/
wp-admin
/
includes
/ [
drwxr-xr-x
]
upload
mass deface
mass delete
console
info server
name :
misc.php
<?php /** * Misc WordPress Administration API. * * @package WordPress * @subpackage Administration */ /** * Returns whether the server is running Apache with the mod_rewrite module loaded. * * @since 2.0.0 * * @return bool Whether the server is running Apache with the mod_rewrite module loaded. */ function got_mod_rewrite() { $got_rewrite = apache_mod_loaded( 'mod_rewrite', true ); /** * Filters whether Apache and mod_rewrite are present. * * This filter was previously used to force URL rewriting for other servers, * like nginx. Use the {@see 'got_url_rewrite'} filter in got_url_rewrite() instead. * * @since 2.5.0 * * @see got_url_rewrite() * * @param bool $got_rewrite Whether Apache and mod_rewrite are present. */ return apply_filters( 'got_rewrite', $got_rewrite ); } /** * Returns whether the server supports URL rewriting. * * Detects Apache's mod_rewrite, IIS 7.0+ permalink support, and nginx. * * @since 3.7.0 * * @global bool $is_nginx * @global bool $is_caddy * * @return bool Whether the server supports URL rewriting. */ function got_url_rewrite() { $got_url_rewrite = ( got_mod_rewrite() || $GLOBALS['is_nginx'] || $GLOBALS['is_caddy'] || iis7_supports_permalinks() ); /** * Filters whether URL rewriting is available. * * @since 3.7.0 * * @param bool $got_url_rewrite Whether URL rewriting is available. */ return apply_filters( 'got_url_rewrite', $got_url_rewrite ); } /** * Extracts strings from between the BEGIN and END markers in the .htaccess file. * * @since 1.5.0 * * @param string $filename Filename to extract the strings from. * @param string $marker The marker to extract the strings from. * @return string[] An array of strings from a file (.htaccess) from between BEGIN and END markers. */ function extract_from_markers( $filename, $marker ) { $result = array(); if ( ! file_exists( $filename ) ) { return $result; } $markerdata = explode( "\n", implode( '', file( $filename ) ) ); $state = false; foreach ( $markerdata as $markerline ) { if ( str_contains( $markerline, '# END ' . $marker ) ) { $state = false; } if ( $state ) { if ( str_starts_with( $markerline, '#' ) ) { continue; } $result[] = $markerline; } if ( str_contains( $markerline, '# BEGIN ' . $marker ) ) { $state = true; } } return $result; } /** * Inserts an array of strings into a file (.htaccess), placing it between * BEGIN and END markers. * * Replaces existing marked info. Retains surrounding * data. Creates file if none exists. * * @since 1.5.0 * * @param string $filename Filename to alter. * @param string $marker The marker to alter. * @param array|string $insertion The new content to insert. * @return bool True on write success, false on failure. */ function insert_with_markers( $filename, $marker, $insertion ) { if ( ! file_exists( $filename ) ) { if ( ! is_writable( dirname( $filename ) ) ) { return false; } if ( ! touch( $filename ) ) { return false; } // Make sure the file is created with a minimum set of permissions. $perms = fileperms( $filename ); if ( $perms ) { chmod( $filename, $perms | 0644 ); } } elseif ( ! is_writable( $filename ) ) { return false; } if ( ! is_array( $insertion ) ) { $insertion = explode( "\n", $insertion ); } $switched_locale = switch_to_locale( get_locale() ); $instructions = sprintf( /* translators: 1: Marker. */ __( 'The directives (lines) between "BEGIN %1$s" and "END %1$s" are dynamically generated, and should only be modified via WordPress filters. Any changes to the directives between these markers will be overwritten.' ), $marker ); $instructions = explode( "\n", $instructions ); foreach ( $instructions as $line => $text ) { $instructions[ $line ] = '# ' . $text; } /** * Filters the inline instructions inserted before the dynamically generated content. * * @since 5.3.0 * * @param string[] $instructions Array of lines with inline instructions. * @param string $marker The marker being inserted. */ $instructions = apply_filters( 'insert_with_markers_inline_instructions', $instructions, $marker ); if ( $switched_locale ) { restore_previous_locale(); } $insertion = array_merge( $instructions, $insertion ); $start_marker = "# BEGIN {$marker}"; $end_marker = "# END {$marker}"; $fp = fopen( $filename, 'r+' ); if ( ! $fp ) { return false; } // Attempt to get a lock. If the filesystem supports locking, this will block until the lock is acquired. flock( $fp, LOCK_EX ); $lines = array(); while ( ! feof( $fp ) ) { $lines[] = rtrim( fgets( $fp ), "\r\n" ); } // Split out the existing file into the preceding lines, and those that appear after the marker. $pre_lines = array(); $post_lines = array(); $existing_lines = array(); $found_marker = false; $found_end_marker = false; foreach ( $lines as $line ) { if ( ! $found_marker && str_contains( $line, $start_marker ) ) { $found_marker = true; continue; } elseif ( ! $found_end_marker && str_contains( $line, $end_marker ) ) { $found_end_marker = true; continue; } if ( ! $found_marker ) { $pre_lines[] = $line; } elseif ( $found_marker && $found_end_marker ) { $post_lines[] = $line; } else { $existing_lines[] = $line; } } // Check to see if there was a change. if ( $existing_lines === $insertion ) { flock( $fp, LOCK_UN ); fclose( $fp ); return true; } // Generate the new file data. $new_file_data = implode( "\n", array_merge( $pre_lines, array( $start_marker ), $insertion, array( $end_marker ), $post_lines ) ); // Write to the start of the file, and truncate it to that length. fseek( $fp, 0 ); $bytes = fwrite( $fp, $new_file_data ); if ( $bytes ) { ftruncate( $fp, ftell( $fp ) ); } fflush( $fp ); flock( $fp, LOCK_UN ); fclose( $fp ); return (bool) $bytes; } /** * Updates the htaccess file with the current rules if it is writable. * * Always writes to the file if it exists and is writable to ensure that we * blank out old rules. * * @since 1.5.0 * * @global WP_Rewrite $wp_rewrite WordPress rewrite component. * * @return bool|null True on write success, false on failure. Null in multisite. */ function save_mod_rewrite_rules() { global $wp_rewrite; if ( is_multisite() ) { return; } // Ensure get_home_path() is declared. require_once ABSPATH . 'wp-admin/includes/file.php'; $home_path = get_home_path(); $htaccess_file = $home_path . '.htaccess'; /* * If the file doesn't already exist check for write access to the directory * and whether we have some rules. Else check for write access to the file. */ if ( ! file_exists( $htaccess_file ) && is_writable( $home_path ) && $wp_rewrite->using_mod_rewrite_permalinks() || is_writable( $htaccess_file ) ) { if ( got_mod_rewrite() ) { $rules = explode( "\n", $wp_rewrite->mod_rewrite_rules() ); return insert_with_markers( $htaccess_file, 'WordPress', $rules ); } } return false; } /** * Updates the IIS web.config file with the current rules if it is writable. * If the permalinks do not require rewrite rules then the rules are deleted from the web.config file. * * @since 2.8.0 * * @global WP_Rewrite $wp_rewrite WordPress rewrite component. * * @return bool|null True on write success, false on failure. Null in multisite. */ function iis7_save_url_rewrite_rules() { global $wp_rewrite; if ( is_multisite() ) { return; } // Ensure get_home_path() is declared. require_once ABSPATH . 'wp-admin/includes/file.php'; $home_path = get_home_path(); $web_config_file = $home_path . 'web.config'; // Using win_is_writable() instead of is_writable() because of a bug in Windows PHP. if ( iis7_supports_permalinks() && ( ! file_exists( $web_config_file ) && win_is_writable( $home_path ) && $wp_rewrite->using_mod_rewrite_permalinks() || win_is_writable( $web_config_file ) ) ) { $rule = $wp_rewrite->iis7_url_rewrite_rules( false ); if ( ! empty( $rule ) ) { return iis7_add_rewrite_rule( $web_config_file, $rule ); } else { return iis7_delete_rewrite_rule( $web_config_file ); } } return false; } /** * Updates the "recently-edited" file for the plugin or theme file editor. * * @since 1.5.0 * * @param string $file */ function update_recently_edited( $file ) { $oldfiles = (array) get_option( 'recently_edited' ); if ( $oldfiles ) { $oldfiles = array_reverse( $oldfiles ); $oldfiles[] = $file; $oldfiles = array_reverse( $oldfiles ); $oldfiles = array_unique( $oldfiles ); if ( 5 < count( $oldfiles ) ) { array_pop( $oldfiles ); } } else { $oldfiles[] = $file; } update_option( 'recently_edited', $oldfiles ); } /** * Makes a tree structure for the theme file editor's file list. * * @since 4.9.0 * @access private * * @param array $allowed_files List of theme file paths. * @return array Tree structure for listing theme files. */ function wp_make_theme_file_tree( $allowed_files ) { $tree_list = array(); foreach ( $allowed_files as $file_name => $absolute_filename ) { $list = explode( '/', $file_name ); $last_dir = &$tree_list; foreach ( $list as $dir ) { $last_dir =& $last_dir[ $dir ]; } $last_dir = $file_name; } return $tree_list; } /** * Outputs the formatted file list for the theme file editor. * * @since 4.9.0 * @access private * * @global string $relative_file Name of the file being edited relative to the * theme directory. * @global string $stylesheet The stylesheet name of the theme being edited. * * @param array|string $tree List of file/folder paths, or filename. * @param int $level The aria-level for the current iteration. * @param int $size The aria-setsize for the current iteration. * @param int $index The aria-posinset for the current iteration. */ function wp_print_theme_file_tree( $tree, $level = 2, $size = 1, $index = 1 ) { global $relative_file, $stylesheet; if ( is_array( $tree ) ) { $index = 0; $size = count( $tree ); foreach ( $tree as $label => $theme_file ) : ++$index; if ( ! is_array( $theme_file ) ) { wp_print_theme_file_tree( $theme_file, $level, $index, $size ); continue; } ?> <li role="treeitem" aria-expanded="true" tabindex="-1" aria-level="<?php echo esc_attr( $level ); ?>" aria-setsize="<?php echo esc_attr( $size ); ?>" aria-posinset="<?php echo esc_attr( $index ); ?>"> <span class="folder-label"><?php echo esc_html( $label ); ?> <span class="screen-reader-text"> <?php /* translators: Hidden accessibility text. */ _e( 'folder' ); ?> </span><span aria-hidden="true" class="icon"></span></span> <ul role="group" class="tree-folder"><?php wp_print_theme_file_tree( $theme_file, $level + 1, $index, $size ); ?></ul> </li> <?php endforeach; } else { $filename = $tree; $url = add_query_arg( array( 'file' => rawurlencode( $tree ), 'theme' => rawurlencode( $stylesheet ), ), self_admin_url( 'theme-editor.php' ) ); ?> <li role="none" class="<?php echo esc_attr( $relative_file === $filename ? 'current-file' : '' ); ?>"> <a role="treeitem" tabindex="<?php echo esc_attr( $relative_file === $filename ? '0' : '-1' ); ?>" href="<?php echo esc_url( $url ); ?>" aria-level="<?php echo esc_attr( $level ); ?>" aria-setsize="<?php echo esc_attr( $size ); ?>" aria-posinset="<?php echo esc_attr( $index ); ?>"> <?php $file_description = esc_html( get_file_description( $filename ) ); if ( $file_description !== $filename && wp_basename( $filename ) !== $file_description ) { $file_description .= '<br /><span class="nonessential">(' . esc_html( $filename ) . ')</span>'; } if ( $relative_file === $filename ) { echo '<span class="notice notice-info">' . $file_description . '</span>'; } else { echo $file_description; } ?> </a> </li> <?php } } /** * Makes a tree structure for the plugin file editor's file list. * * @since 4.9.0 * @access private * * @param array $plugin_editable_files List of plugin file paths. * @return array Tree structure for listing plugin files. */ function wp_make_plugin_file_tree( $plugin_editable_files ) { $tree_list = array(); foreach ( $plugin_editable_files as $plugin_file ) { $list = explode( '/', preg_replace( '#^.+?/#', '', $plugin_file ) ); $last_dir = &$tree_list; foreach ( $list as $dir ) { $last_dir =& $last_dir[ $dir ]; } $last_dir = $plugin_file; } return $tree_list; } /** * Outputs the formatted file list for the plugin file editor. * * @since 4.9.0 * @access private * * @param array|string $tree List of file/folder paths, or filename. * @param string $label Name of file or folder to print. * @param int $level The aria-level for the current iteration. * @param int $size The aria-setsize for the current iteration. * @param int $index The aria-posinset for the current iteration. */ function wp_print_plugin_file_tree( $tree, $label = '', $level = 2, $size = 1, $index = 1 ) { global $file, $plugin; if ( is_array( $tree ) ) { $index = 0; $size = count( $tree ); foreach ( $tree as $label => $plugin_file ) : ++$index; if ( ! is_array( $plugin_file ) ) { wp_print_plugin_file_tree( $plugin_file, $label, $level, $index, $size ); continue; } ?> <li role="treeitem" aria-expanded="true" tabindex="-1" aria-level="<?php echo esc_attr( $level ); ?>" aria-setsize="<?php echo esc_attr( $size ); ?>" aria-posinset="<?php echo esc_attr( $index ); ?>"> <span class="folder-label"><?php echo esc_html( $label ); ?> <span class="screen-reader-text"> <?php /* translators: Hidden accessibility text. */ _e( 'folder' ); ?> </span><span aria-hidden="true" class="icon"></span></span> <ul role="group" class="tree-folder"><?php wp_print_plugin_file_tree( $plugin_file, '', $level + 1, $index, $size ); ?></ul> </li> <?php endforeach; } else { $url = add_query_arg( array( 'file' => rawurlencode( $tree ), 'plugin' => rawurlencode( $plugin ), ), self_admin_url( 'plugin-editor.php' ) ); ?> <li role="none" class="<?php echo esc_attr( $file === $tree ? 'current-file' : '' ); ?>"> <a role="treeitem" tabindex="<?php echo esc_attr( $file === $tree ? '0' : '-1' ); ?>" href="<?php echo esc_url( $url ); ?>" aria-level="<?php echo esc_attr( $level ); ?>" aria-setsize="<?php echo esc_attr( $size ); ?>" aria-posinset="<?php echo esc_attr( $index ); ?>"> <?php if ( $file === $tree ) { echo '<span class="notice notice-info">' . esc_html( $label ) . '</span>'; } else { echo esc_html( $label ); } ?> </a> </li> <?php } } /** * Flushes rewrite rules if `siteurl`, `home` or `page_on_front` changed. * * @since 2.1.0 * * @param string $old_value * @param string $value */ function update_home_siteurl( $old_value, $value ) { if ( wp_installing() ) { return; } if ( is_multisite() && ms_is_switched() ) { delete_option( 'rewrite_rules' ); } else { flush_rewrite_rules(); } } /** * Resets global variables based on `$_GET` and `$_POST`. * * This function resets global variables based on the names passed * in the `$vars` array to the value of `$_POST[$var]` or `$_GET[$var]` or an * empty string if neither is defined. * * @since 2.0.0 * * @param array $vars An array of globals to reset. */ function wp_reset_vars( $vars ) { foreach ( $vars as $var ) { if ( empty( $_POST[ $var ] ) ) { if ( empty( $_GET[ $var ] ) ) { $GLOBALS[ $var ] = ''; } else { $GLOBALS[ $var ] = $_GET[ $var ]; } } else { $GLOBALS[ $var ] = $_POST[ $var ]; } } } /** * Displays the given administration message. * * @since 2.1.0 * * @param string|WP_Error $message */ function show_message( $message ) { if ( is_wp_error( $message ) ) { if ( $message->get_error_data() && is_string( $message->get_error_data() ) ) { $message = $message->get_error_message() . ': ' . $message->get_error_data(); } else { $message = $message->get_error_message(); } } echo "<p>$message</p>\n"; wp_ob_end_flush_all(); flush(); } /** * @since 2.8.0 * * @param string $content * @return array */ function wp_doc_link_parse( $content ) { if ( ! is_string( $content ) || empty( $content ) ) { return array(); } if ( ! function_exists( 'token_get_all' ) ) { return array(); } $tokens = token_get_all( $content ); $count = count( $tokens ); $functions = array(); $ignore_functions = array(); for ( $t = 0; $t < $count - 2; $t++ ) { if ( ! is_array( $tokens[ $t ] ) ) { continue; } if ( T_STRING === $tokens[ $t ][0] && ( '(' === $tokens[ $t + 1 ] || '(' === $tokens[ $t + 2 ] ) ) { // If it's a function or class defined locally, there's not going to be any docs available. if ( ( isset( $tokens[ $t - 2 ][1] ) && in_array( $tokens[ $t - 2 ][1], array( 'function', 'class' ), true ) ) || ( isset( $tokens[ $t - 2 ][0] ) && T_OBJECT_OPERATOR === $tokens[ $t - 1 ][0] ) ) { $ignore_functions[] = $tokens[ $t ][1]; } // Add this to our stack of unique references. $functions[] = $tokens[ $t ][1]; } } $functions = array_unique( $functions ); sort( $functions ); /** * Filters the list of functions and classes to be ignored from the documentation lookup. * * @since 2.8.0 * * @param string[] $ignore_functions Array of names of functions and classes to be ignored. */ $ignore_functions = apply_filters( 'documentation_ignore_functions', $ignore_functions ); $ignore_functions = array_unique( $ignore_functions ); $output = array(); foreach ( $functions as $function ) { if ( in_array( $function, $ignore_functions, true ) ) { continue; } $output[] = $function; } return $output; } /** * Saves option for number of rows when listing posts, pages, comments, etc. * * @since 2.8.0 */ function set_screen_options() { if ( ! isset( $_POST['wp_screen_options'] ) || ! is_array( $_POST['wp_screen_options'] ) ) { return; } check_admin_referer( 'screen-options-nonce', 'screenoptionnonce' ); $user = wp_get_current_user(); if ( ! $user ) { return; } $option = $_POST['wp_screen_options']['option']; $value = $_POST['wp_screen_options']['value']; if ( sanitize_key( $option ) !== $option ) { return; } $map_option = $option; $type = str_replace( 'edit_', '', $map_option ); $type = str_replace( '_per_page', '', $type ); if ( in_array( $type, get_taxonomies(), true ) ) { $map_option = 'edit_tags_per_page'; } elseif ( in_array( $type, get_post_types(), true ) ) { $map_option = 'edit_per_page'; } else { $option = str_replace( '-', '_', $option ); } switch ( $map_option ) { case 'edit_per_page': case 'users_per_page': case 'edit_comments_per_page': case 'upload_per_page': case 'edit_tags_per_page': case 'plugins_per_page': case 'export_personal_data_requests_per_page': case 'remove_personal_data_requests_per_page': // Network admin. case 'sites_network_per_page': case 'users_network_per_page': case 'site_users_network_per_page': case 'plugins_network_per_page': case 'themes_network_per_page': case 'site_themes_network_per_page': $value = (int) $value; if ( $value < 1 || $value > 999 ) { return; } break; default: $screen_option = false; if ( str_ends_with( $option, '_page' ) || 'layout_columns' === $option ) { /** * Filters a screen option value before it is set. * * The filter can also be used to modify non-standard `[items]_per_page` * settings. See the parent function for a full list of standard options. * * Returning false from the filter will skip saving the current option. * * @since 2.8.0 * @since 5.4.2 Only applied to options ending with '_page', * or the 'layout_columns' option. * * @see set_screen_options() * * @param mixed $screen_option The value to save instead of the option value. * Default false (to skip saving the current option). * @param string $option The option name. * @param int $value The option value. */ $screen_option = apply_filters( 'set-screen-option', $screen_option, $option, $value ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores } /** * Filters a screen option value before it is set. * * The dynamic portion of the hook name, `$option`, refers to the option name. * * Returning false from the filter will skip saving the current option. * * @since 5.4.2 * * @see set_screen_options() * * @param mixed $screen_option The value to save instead of the option value. * Default false (to skip saving the current option). * @param string $option The option name. * @param int $value The option value. */ $value = apply_filters( "set_screen_option_{$option}", $screen_option, $option, $value ); if ( false === $value ) { return; } break; } update_user_meta( $user->ID, $option, $value ); $url = remove_query_arg( array( 'pagenum', 'apage', 'paged' ), wp_get_referer() ); if ( isset( $_POST['mode'] ) ) { $url = add_query_arg( array( 'mode' => $_POST['mode'] ), $url ); } wp_safe_redirect( $url ); exit; } /** * Checks if rewrite rule for WordPress already exists in the IIS 7+ configuration file. * * @since 2.8.0 * * @param string $filename The file path to the configuration file. * @return bool */ function iis7_rewrite_rule_exists( $filename ) { if ( ! file_exists( $filename ) ) { return false; } if ( ! class_exists( 'DOMDocument', false ) ) { return false; } $doc = new DOMDocument(); if ( $doc->load( $filename ) === false ) { return false; } $xpath = new DOMXPath( $doc ); $rules = $xpath->query( '/configuration/system.webServer/rewrite/rules/rule[starts-with(@name,\'wordpress\')] | /configuration/system.webServer/rewrite/rules/rule[starts-with(@name,\'WordPress\')]' ); if ( 0 === $rules->length ) { return false; } return true; } /** * Deletes WordPress rewrite rule from web.config file if it exists there. * * @since 2.8.0 * * @param string $filename Name of the configuration file. * @return bool */ function iis7_delete_rewrite_rule( $filename ) { // If configuration file does not exist then rules also do not exist, so there is nothing to delete. if ( ! file_exists( $filename ) ) { return true; } if ( ! class_exists( 'DOMDocument', false ) ) { return false; } $doc = new DOMDocument(); $doc->preserveWhiteSpace = false; if ( $doc->load( $filename ) === false ) { return false; } $xpath = new DOMXPath( $doc ); $rules = $xpath->query( '/configuration/system.webServer/rewrite/rules/rule[starts-with(@name,\'wordpress\')] | /configuration/system.webServer/rewrite/rules/rule[starts-with(@name,\'WordPress\')]' ); if ( $rules->length > 0 ) { $child = $rules->item( 0 ); $parent = $child->parentNode; $parent->removeChild( $child ); $doc->formatOutput = true; saveDomDocument( $doc, $filename ); } return true; } /** * Adds WordPress rewrite rule to the IIS 7+ configuration file. * * @since 2.8.0 * * @param string $filename The file path to the configuration file. * @param string $rewrite_rule The XML fragment with URL Rewrite rule. * @return bool */ function iis7_add_rewrite_rule( $filename, $rewrite_rule ) { if ( ! class_exists( 'DOMDocument', false ) ) { return false; } // If configuration file does not exist then we create one. if ( ! file_exists( $filename ) ) { $fp = fopen( $filename, 'w' ); fwrite( $fp, '<configuration/>' ); fclose( $fp ); } $doc = new DOMDocument(); $doc->preserveWhiteSpace = false; if ( $doc->load( $filename ) === false ) { return false; } $xpath = new DOMXPath( $doc ); // First check if the rule already exists as in that case there is no need to re-add it. $wordpress_rules = $xpath->query( '/configuration/system.webServer/rewrite/rules/rule[starts-with(@name,\'wordpress\')] | /configuration/system.webServer/rewrite/rules/rule[starts-with(@name,\'WordPress\')]' ); if ( $wordpress_rules->length > 0 ) { return true; } // Check the XPath to the rewrite rule and create XML nodes if they do not exist. $xml_nodes = $xpath->query( '/configuration/system.webServer/rewrite/rules' ); if ( $xml_nodes->length > 0 ) { $rules_node = $xml_nodes->item( 0 ); } else { $rules_node = $doc->createElement( 'rules' ); $xml_nodes = $xpath->query( '/configuration/system.webServer/rewrite' ); if ( $xml_nodes->length > 0 ) { $rewrite_node = $xml_nodes->item( 0 ); $rewrite_node->appendChild( $rules_node ); } else { $rewrite_node = $doc->createElement( 'rewrite' ); $rewrite_node->appendChild( $rules_node ); $xml_nodes = $xpath->query( '/configuration/system.webServer' ); if ( $xml_nodes->length > 0 ) { $system_web_server_node = $xml_nodes->item( 0 ); $system_web_server_node->appendChild( $rewrite_node ); } else { $system_web_server_node = $doc->createElement( 'system.webServer' ); $system_web_server_node->appendChild( $rewrite_node ); $xml_nodes = $xpath->query( '/configuration' ); if ( $xml_nodes->length > 0 ) { $config_node = $xml_nodes->item( 0 ); $config_node->appendChild( $system_web_server_node ); } else { $config_node = $doc->createElement( 'configuration' ); $doc->appendChild( $config_node ); $config_node->appendChild( $system_web_server_node ); } } } } $rule_fragment = $doc->createDocumentFragment(); $rule_fragment->appendXML( $rewrite_rule ); $rules_node->appendChild( $rule_fragment ); $doc->encoding = 'UTF-8'; $doc->formatOutput = true; saveDomDocument( $doc, $filename ); return true; } /** * Saves the XML document into a file. * * @since 2.8.0 * * @param DOMDocument $doc * @param string $filename */ function saveDomDocument( $doc, $filename ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionNameInvalid $config = $doc->saveXML(); $config = preg_replace( "/([^\r])\n/", "$1\r\n", $config ); $fp = fopen( $filename, 'w' ); fwrite( $fp, $config ); fclose( $fp ); } /** * Displays the default admin color scheme picker (Used in user-edit.php). * * @since 3.0.0 * * @global array $_wp_admin_css_colors * * @param int $user_id User ID. */ function admin_color_scheme_picker( $user_id ) { global $_wp_admin_css_colors; ksort( $_wp_admin_css_colors ); if ( isset( $_wp_admin_css_colors['fresh'] ) ) { // Set Default ('fresh') and Light should go first. $_wp_admin_css_colors = array_filter( array_merge( array( 'fresh' => '', 'light' => '', 'modern' => '', ), $_wp_admin_css_colors ) ); } $current_color = get_user_option( 'admin_color', $user_id ); if ( empty( $current_color ) || ! isset( $_wp_admin_css_colors[ $current_color ] ) ) { $current_color = 'fresh'; } ?> <fieldset id="color-picker" class="scheme-list"> <legend class="screen-reader-text"><span> <?php /* translators: Hidden accessibility text. */ _e( 'Admin Color Scheme' ); ?> </span></legend> <?php wp_nonce_field( 'save-color-scheme', 'color-nonce', false ); foreach ( $_wp_admin_css_colors as $color => $color_info ) : ?> <div class="color-option <?php echo ( $color === $current_color ) ? 'selected' : ''; ?>"> <input name="admin_color" id="admin_color_<?php echo esc_attr( $color ); ?>" type="radio" value="<?php echo esc_attr( $color ); ?>" class="tog" <?php checked( $color, $current_color ); ?> /> <input type="hidden" class="css_url" value="<?php echo esc_url( $color_info->url ); ?>" /> <input type="hidden" class="icon_colors" value="<?php echo esc_attr( wp_json_encode( array( 'icons' => $color_info->icon_colors ) ) ); ?>" /> <label for="admin_color_<?php echo esc_attr( $color ); ?>"><?php echo esc_html( $color_info->name ); ?></label> <div class="color-palette"> <?php foreach ( $color_info->colors as $html_color ) { ?> <div class="color-palette-shade" style="background-color: <?php echo esc_attr( $html_color ); ?>"> </div> <?php } ?> </div> </div> <?php endforeach; ?> </fieldset> <?php } /** * * @global array $_wp_admin_css_colors */ function wp_color_scheme_settings() { global $_wp_admin_css_colors; $color_scheme = get_user_option( 'admin_color' ); // It's possible to have a color scheme set that is no longer registered. if ( empty( $_wp_admin_css_colors[ $color_scheme ] ) ) { $color_scheme = 'fresh'; } if ( ! empty( $_wp_admin_css_colors[ $color_scheme ]->icon_colors ) ) { $icon_colors = $_wp_admin_css_colors[ $color_scheme ]->icon_colors; } elseif ( ! empty( $_wp_admin_css_colors['fresh']->icon_colors ) ) { $icon_colors = $_wp_admin_css_colors['fresh']->icon_colors; } else { // Fall back to the default set of icon colors if the default scheme is missing. $icon_colors = array( 'base' => '#a7aaad', 'focus' => '#72aee6', 'current' => '#fff', ); } echo '<script type="text/javascript">var _wpColorScheme = ' . wp_json_encode( array( 'icons' => $icon_colors ) ) . ";</script>\n"; } /** * Displays the viewport meta in the admin. * * @since 5.5.0 */ function wp_admin_viewport_meta() { /** * Filters the viewport meta in the admin. * * @since 5.5.0 * * @param string $viewport_meta The viewport meta. */ $viewport_meta = apply_filters( 'admin_viewport_meta', 'width=device-width,initial-scale=1.0' ); if ( empty( $viewport_meta ) ) { return; } echo '<meta name="viewport" content="' . esc_attr( $viewport_meta ) . '">'; } /** * Adds viewport meta for mobile in Customizer. * * Hooked to the {@see 'admin_viewport_meta'} filter. * * @since 5.5.0 * * @param string $viewport_meta The viewport meta. * @return string Filtered viewport meta. */ function _customizer_mobile_viewport_meta( $viewport_meta ) { return trim( $viewport_meta, ',' ) . ',minimum-scale=0.5,maximum-scale=1.2'; } /** * Checks lock status for posts displayed on the Posts screen. * * @since 3.6.0 * * @param array $response The Heartbeat response. * @param array $data The $_POST data sent. * @param string $screen_id The screen ID. * @return array The Heartbeat response. */ function wp_check_locked_posts( $response, $data, $screen_id ) { $checked = array(); if ( array_key_exists( 'wp-check-locked-posts', $data ) && is_array( $data['wp-check-locked-posts'] ) ) { foreach ( $data['wp-check-locked-posts'] as $key ) { $post_id = absint( substr( $key, 5 ) ); if ( ! $post_id ) { continue; } $user_id = wp_check_post_lock( $post_id ); if ( $user_id ) { $user = get_userdata( $user_id ); if ( $user && current_user_can( 'edit_post', $post_id ) ) { $send = array( 'name' => $user->display_name, /* translators: %s: User's display name. */ 'text' => sprintf( __( '%s is currently editing' ), $user->display_name ), ); if ( get_option( 'show_avatars' ) ) { $send['avatar_src'] = get_avatar_url( $user->ID, array( 'size' => 18 ) ); $send['avatar_src_2x'] = get_avatar_url( $user->ID, array( 'size' => 36 ) ); } $checked[ $key ] = $send; } } } } if ( ! empty( $checked ) ) { $response['wp-check-locked-posts'] = $checked; } return $response; } /** * Checks lock status on the New/Edit Post screen and refresh the lock. * * @since 3.6.0 * * @param array $response The Heartbeat response. * @param array $data The $_POST data sent. * @param string $screen_id The screen ID. * @return array The Heartbeat response. */ function wp_refresh_post_lock( $response, $data, $screen_id ) { if ( array_key_exists( 'wp-refresh-post-lock', $data ) ) { $received = $data['wp-refresh-post-lock']; $send = array(); $post_id = absint( $received['post_id'] ); if ( ! $post_id ) { return $response; } if ( ! current_user_can( 'edit_post', $post_id ) ) { return $response; } $user_id = wp_check_post_lock( $post_id ); $user = get_userdata( $user_id ); if ( $user ) { $error = array( 'name' => $user->display_name, /* translators: %s: User's display name. */ 'text' => sprintf( __( '%s has taken over and is currently editing.' ), $user->display_name ), ); if ( get_option( 'show_avatars' ) ) { $error['avatar_src'] = get_avatar_url( $user->ID, array( 'size' => 64 ) ); $error['avatar_src_2x'] = get_avatar_url( $user->ID, array( 'size' => 128 ) ); } $send['lock_error'] = $error; } else { $new_lock = wp_set_post_lock( $post_id ); if ( $new_lock ) { $send['new_lock'] = implode( ':', $new_lock ); } } $response['wp-refresh-post-lock'] = $send; } return $response; } /** * Checks nonce expiration on the New/Edit Post screen and refresh if needed. * * @since 3.6.0 * * @param array $response The Heartbeat response. * @param array $data The $_POST data sent. * @param string $screen_id The screen ID. * @return array The Heartbeat response. */ function wp_refresh_post_nonces( $response, $data, $screen_id ) { if ( array_key_exists( 'wp-refresh-post-nonces', $data ) ) { $received = $data['wp-refresh-post-nonces']; $response['wp-refresh-post-nonces'] = array( 'check' => 1 ); $post_id = absint( $received['post_id'] ); if ( ! $post_id ) { return $response; } if ( ! current_user_can( 'edit_post', $post_id ) ) { return $response; } $response['wp-refresh-post-nonces'] = array( 'replace' => array( 'getpermalinknonce' => wp_create_nonce( 'getpermalink' ), 'samplepermalinknonce' => wp_create_nonce( 'samplepermalink' ), 'closedpostboxesnonce' => wp_create_nonce( 'closedpostboxes' ), '_ajax_linking_nonce' => wp_create_nonce( 'internal-linking' ), '_wpnonce' => wp_create_nonce( 'update-post_' . $post_id ), ), ); } return $response; } /** * Refresh nonces used with meta boxes in the block editor. * * @since 6.1.0 * * @param array $response The Heartbeat response. * @param array $data The $_POST data sent. * @return array The Heartbeat response. */ function wp_refresh_metabox_loader_nonces( $response, $data ) { if ( empty( $data['wp-refresh-metabox-loader-nonces'] ) ) { return $response; } $received = $data['wp-refresh-metabox-loader-nonces']; $post_id = (int) $received['post_id']; if ( ! $post_id ) { return $response; } if ( ! current_user_can( 'edit_post', $post_id ) ) { return $response; } $response['wp-refresh-metabox-loader-nonces'] = array( 'replace' => array( 'metabox_loader_nonce' => wp_create_nonce( 'meta-box-loader' ), '_wpnonce' => wp_create_nonce( 'update-post_' . $post_id ), ), ); return $response; } /** * Adds the latest Heartbeat and REST API nonce to the Heartbeat response. * * @since 5.0.0 * * @param array $response The Heartbeat response. * @return array The Heartbeat response. */ function wp_refresh_heartbeat_nonces( $response ) { // Refresh the Rest API nonce. $response['rest_nonce'] = wp_create_nonce( 'wp_rest' ); // Refresh the Heartbeat nonce. $response['heartbeat_nonce'] = wp_create_nonce( 'heartbeat-nonce' ); return $response; } /** * Disables suspension of Heartbeat on the Add/Edit Post screens. * * @since 3.8.0 * * @global string $pagenow The filename of the current screen. * * @param array $settings An array of Heartbeat settings. * @return array Filtered Heartbeat settings. */ function wp_heartbeat_set_suspension( $settings ) { global $pagenow; if ( 'post.php' === $pagenow || 'post-new.php' === $pagenow ) { $settings['suspension'] = 'disable'; } return $settings; } /** * Performs autosave with heartbeat. * * @since 3.9.0 * * @param array $response The Heartbeat response. * @param array $data The $_POST data sent. * @return array The Heartbeat response. */ function heartbeat_autosave( $response, $data ) { if ( ! empty( $data['wp_autosave'] ) ) { $saved = wp_autosave( $data['wp_autosave'] ); if ( is_wp_error( $saved ) ) { $response['wp_autosave'] = array( 'success' => false, 'message' => $saved->get_error_message(), ); } elseif ( empty( $saved ) ) { $response['wp_autosave'] = array( 'success' => false, 'message' => __( 'Error while saving.' ), ); } else { /* translators: Draft saved date format, see https://www.php.net/manual/datetime.format.php */ $draft_saved_date_format = __( 'g:i:s a' ); $response['wp_autosave'] = array( 'success' => true, /* translators: %s: Date and time. */ 'message' => sprintf( __( 'Draft saved at %s.' ), date_i18n( $draft_saved_date_format ) ), ); } } return $response; } /** * Removes single-use URL parameters and create canonical link based on new URL. * * Removes specific query string parameters from a URL, create the canonical link, * put it in the admin header, and change the current URL to match. * * @since 4.2.0 */ function wp_admin_canonical_url() { $removable_query_args = wp_removable_query_args(); if ( empty( $removable_query_args ) ) { return; } // Ensure we're using an absolute URL. $current_url = set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); $filtered_url = remove_query_arg( $removable_query_args, $current_url ); /** * Filters the admin canonical URL value. * * @since 6.5.0 * * @param string $filtered_url The admin canonical URL value. */ $filtered_url = apply_filters( 'wp_admin_canonical_url', $filtered_url ); ?> <link id="wp-admin-canonical" rel="canonical" href="<?php echo esc_url( $filtered_url ); ?>" /> <script> if ( window.history.replaceState ) { window.history.replaceState( null, null, document.getElementById( 'wp-admin-canonical' ).href + window.location.hash ); } </script> <?php } /** * Sends a referrer policy header so referrers are not sent externally from administration screens. * * @since 4.9.0 */ function wp_admin_headers() { $policy = 'strict-origin-when-cross-origin'; /** * Filters the admin referrer policy header value. * * @since 4.9.0 * @since 4.9.5 The default value was changed to 'strict-origin-when-cross-origin'. * * @link https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy * * @param string $policy The admin referrer policy header value. Default 'strict-origin-when-cross-origin'. */ $policy = apply_filters( 'admin_referrer_policy', $policy ); header( sprintf( 'Referrer-Policy: %s', $policy ) ); } /** * Outputs JS that reloads the page if the user navigated to it with the Back or Forward button. * * Used on the Edit Post and Add New Post screens. Needed to ensure the page is not loaded from browser cache, * so the post title and editor content are the last saved versions. Ideally this script should run first in the head. * * @since 4.6.0 */ function wp_page_reload_on_back_button_js() { ?> <script> if ( typeof performance !== 'undefined' && performance.navigation && performance.navigation.type === 2 ) { document.location.reload( true ); } </script> <?php } /** * Sends a confirmation request email when a change of site admin email address is attempted. * * The new site admin address will not become active until confirmed. * * @since 3.0.0 * @since 4.9.0 This function was moved from wp-admin/includes/ms.php so it's no longer Multisite specific. * * @param string $old_value The old site admin email address. * @param string $value The proposed new site admin email address. */ function update_option_new_admin_email( $old_value, $value ) { if ( get_option( 'admin_email' ) === $value || ! is_email( $value ) ) { return; } $hash = md5( $value . time() . wp_rand() ); $new_admin_email = array( 'hash' => $hash, 'newemail' => $value, ); update_option( 'adminhash', $new_admin_email, false ); $switched_locale = switch_to_user_locale( get_current_user_id() ); /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */ $email_text = __( 'Howdy ###USERNAME###, Someone with administrator capabilities recently requested to have the administration email address changed on this site: ###SITEURL### To confirm this change, please click on the following link: ###ADMIN_URL### You can safely ignore and delete this email if you do not want to take this action. This email has been sent to ###EMAIL### Regards, All at ###SITENAME### ###SITEURL###' ); /** * Filters the text of the email sent when a change of site admin email address is attempted. * * The following strings have a special meaning and will get replaced dynamically: * - ###USERNAME### The current user's username. * - ###ADMIN_URL### The link to click on to confirm the email change. * - ###EMAIL### The proposed new site admin email address. * - ###SITENAME### The name of the site. * - ###SITEURL### The URL to the site. * * @since MU (3.0.0) * @since 4.9.0 This filter is no longer Multisite specific. * * @param string $email_text Text in the email. * @param array $new_admin_email { * Data relating to the new site admin email address. * * @type string $hash The secure hash used in the confirmation link URL. * @type string $newemail The proposed new site admin email address. * } */ $content = apply_filters( 'new_admin_email_content', $email_text, $new_admin_email ); $current_user = wp_get_current_user(); $content = str_replace( '###USERNAME###', $current_user->user_login, $content ); $content = str_replace( '###ADMIN_URL###', esc_url( self_admin_url( 'options.php?adminhash=' . $hash ) ), $content ); $content = str_replace( '###EMAIL###', $value, $content ); $content = str_replace( '###SITENAME###', wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ), $content ); $content = str_replace( '###SITEURL###', home_url(), $content ); if ( '' !== get_option( 'blogname' ) ) { $site_title = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); } else { $site_title = parse_url( home_url(), PHP_URL_HOST ); } $subject = sprintf( /* translators: New admin email address notification email subject. %s: Site title. */ __( '[%s] New Admin Email Address' ), $site_title ); /** * Filters the subject of the email sent when a change of site admin email address is attempted. * * @since 6.5.0 * * @param string $subject Subject of the email. */ $subject = apply_filters( 'new_admin_email_subject', $subject ); wp_mail( $value, $subject, $content ); if ( $switched_locale ) { restore_previous_locale(); } } /** * Appends '(Draft)' to draft page titles in the privacy page dropdown * so that unpublished content is obvious. * * @since 4.9.8 * @access private * * @param string $title Page title. * @param WP_Post $page Page data object. * @return string Page title. */ function _wp_privacy_settings_filter_draft_page_titles( $title, $page ) { if ( 'draft' === $page->post_status && 'privacy' === get_current_screen()->id ) { /* translators: %s: Page title. */ $title = sprintf( __( '%s (Draft)' ), $title ); } return $title; } /** * Checks if the user needs to update PHP. * * @since 5.1.0 * @since 5.1.1 Added the {@see 'wp_is_php_version_acceptable'} filter. * * @return array|false { * Array of PHP version data. False on failure. * * @type string $recommended_version The PHP version recommended by WordPress. * @type string $minimum_version The minimum required PHP version. * @type bool $is_supported Whether the PHP version is actively supported. * @type bool $is_secure Whether the PHP version receives security updates. * @type bool $is_acceptable Whether the PHP version is still acceptable or warnings * should be shown and an update recommended. * } */ function wp_check_php_version() { $version = PHP_VERSION; $key = md5( $version ); $response = get_site_transient( 'php_check_' . $key ); if ( false === $response ) { $url = 'http://api.wordpress.org/core/serve-happy/1.0/'; if ( wp_http_supports( array( 'ssl' ) ) ) { $url = set_url_scheme( $url, 'https' ); } $url = add_query_arg( 'php_version', $version, $url ); $response = wp_remote_get( $url ); if ( is_wp_error( $response ) || 200 !== wp_remote_retrieve_response_code( $response ) ) { return false; } $response = json_decode( wp_remote_retrieve_body( $response ), true ); if ( ! is_array( $response ) ) { return false; } set_site_transient( 'php_check_' . $key, $response, WEEK_IN_SECONDS ); } if ( isset( $response['is_acceptable'] ) && $response['is_acceptable'] ) { /** * Filters whether the active PHP version is considered acceptable by WordPress. * * Returning false will trigger a PHP version warning to show up in the admin dashboard to administrators. * * This filter is only run if the wordpress.org Serve Happy API considers the PHP version acceptable, ensuring * that this filter can only make this check stricter, but not loosen it. * * @since 5.1.1 * * @param bool $is_acceptable Whether the PHP version is considered acceptable. Default true. * @param string $version PHP version checked. */ $response['is_acceptable'] = (bool) apply_filters( 'wp_is_php_version_acceptable', true, $version ); } $response['is_lower_than_future_minimum'] = false; // The minimum supported PHP version will be updated to 7.4 in the future. Check if the current version is lower. if ( version_compare( $version, '7.4', '<' ) ) { $response['is_lower_than_future_minimum'] = true; // Force showing of warnings. $response['is_acceptable'] = false; } return $response; }
© 2024 UnknownSec