put`. False if `$algo` * is unknown or invalid. */ function _hash_hmac($algo, $data, $key, $raw_output = false) { $packs = array('md5' => 'H32', 'sha1' => 'H40'); if ( !isset($packs[$algo]) ) return false; $pack = $packs[$algo]; if (strlen($key) > 64) $key = pack($pack, $algo($key)); $key = str_pad($key, 64, chr(0)); $ipad = (substr($key, 0, 64) ^ str_repeat(chr(0x36), 64)); $opad = (substr($key, 0, 64) ^ str_repeat(chr(0x5C), 64)); $hmac = $algo($opad . pack($pack, $algo($ipad . $data))); if ( $raw_output ) return pack( $pack, $hmac ); return $hmac; } if ( !function_exists('json_encode') ) { function json_encode( $string ) { global $wp_json; if ( ! ( $wp_json instanceof Services_JSON ) ) { require_once( ABSPATH . WPINC . '/class-json.php' ); $wp_json = new Services_JSON(); } return $wp_json->encodeUnsafe( $string ); } } if ( !function_exists('json_decode') ) { /** * @global Services_JSON $wp_json * @param string $string * @param bool $assoc_array * @return object|array */ function json_decode( $string, $assoc_array = false ) { global $wp_json; if ( ! ($wp_json instanceof Services_JSON ) ) { require_once( ABSPATH . WPINC . '/class-json.php' ); $wp_json = new Services_JSON(); } $res = $wp_json->decode( $string ); if ( $assoc_array ) $res = _json_decode_object_helper( $res ); return $res; } /** * @param object $data * @return array */ function _json_decode_object_helper($data) { if ( is_object($data) ) $data = get_object_vars($data); return is_array($data) ? array_map(__FUNCTION__, $data) : $data; } } if ( ! function_exists( 'hash_equals' ) ) : /** * Timing attack safe string comparison * * Compares two strings using the same time whether they're equal or not. * * This function was added in PHP 5.6. * * Note: It can leak the length of a string when arguments of differing length are supplied. * * @since 3.9.2 * * @param string $a Expected string. * @param string $b Actual, user supplied, string. * @return bool Whether strings are equal. */ function hash_equals( $a, $b ) { $a_length = strlen( $a ); if ( $a_length !== strlen( $b ) ) { return false; } $result = 0; // Do not attempt to "optimize" this. for ( $i = 0; $i < $a_length; $i++ ) { $result |= ord( $a[ $i ] ) ^ ord( $b[ $i ] ); } return $result === 0; } endif; // JSON_PRETTY_PRINT was introduced in PHP 5.4 // Defined here to prevent a notice when using it with wp_json_encode() if ( ! defined( 'JSON_PRETTY_PRINT' ) ) { define( 'JSON_PRETTY_PRINT', 128 ); } if ( ! function_exists( 'json_last_error_msg' ) ) : /** * Retrieves the error string of the last json_encode() or json_decode() call. * * @since 4.4.0 * * @internal This is a compatibility function for PHP <5.5 * * @return bool|string Returns the error message on success, "No Error" if no error has occurred, * or false on failure. */ function json_last_error_msg() { // See https://core.trac.wordpress.org/ticket/27799. if ( ! function_exists( 'json_last_error' ) ) { return false; } $last_error_code = json_last_error(); // Just in case JSON_ERROR_NONE is not defined. $error_code_none = defined( 'JSON_ERROR_NONE' ) ? JSON_ERROR_NONE : 0; switch ( true ) { case $last_error_code === $error_code_none: return 'No error'; case defined( 'JSON_ERROR_DEPTH' ) && JSON_ERROR_DEPTH === $last_error_code: return 'Maximum stack depth exceeded'; case defined( 'JSON_ERROR_STATE_MISMATCH' ) && JSON_ERROR_STATE_MISMATCH === $last_error_code: return 'State mismatch (invalid or malformed JSON)'; case defined( 'JSON_ERROR_CTRL_CHAR' ) && JSON_ERROR_CTRL_CHAR === $last_error_code: return 'Control character error, possibly incorrectly encoded'; case defined( 'JSON_ERROR_SYNTAX' ) && JSON_ERROR_SYNTAX === $last_error_code: return 'Syntax error'; case defined( 'JSON_ERROR_UTF8' ) && JSON_ERROR_UTF8 === $last_error_code: return 'Malformed UTF-8 characters, possibly incorrectly encoded'; case defined( 'JSON_ERROR_RECURSION' ) && JSON_ERROR_RECURSION === $last_error_code: return 'Recursion detected'; case defined( 'JSON_ERROR_INF_OR_NAN' ) && JSON_ERROR_INF_OR_NAN === $last_error_code: return 'Inf and NaN cannot be JSON encoded'; case defined( 'JSON_ERROR_UNSUPPORTED_TYPE' ) && JSON_ERROR_UNSUPPORTED_TYPE === $last_error_code: return 'Type is not supported'; default: return 'An unknown error occurred'; } } endif; if ( ! interface_exists( 'JsonSerializable' ) ) { define( 'WP_JSON_SERIALIZE_COMPATIBLE', true ); /** * JsonSerializable interface. * * Compatibility shim for PHP <5.4 * * @link https://secure.php.net/jsonserializable * * @since 4.4.0 */ interface JsonSerializable { public function jsonSerialize(); } } // random_int was introduced in PHP 7.0 if ( ! function_exists( 'random_int' ) ) { require ABSPATH . WPINC . '/random_compat/random.php'; } if ( ! function_exists( 'array_replace_recursive' ) ) : /** * PHP-agnostic version of {@link array_replace_recursive()}. * * The array_replace_recursive() function is a PHP 5.3 function. WordPress * currently supports down to PHP 5.2, so this method is a workaround * for PHP 5.2. * * Note: array_replace_recursive() supports infinite arguments, but for our use- * case, we only need to support two arguments. * * Subject to removal once WordPress makes PHP 5.3.0 the minimum requirement. * * @since 4.5.3 * * @see https://secure.php.net/manual/en/function.array-replace-recursive.php#109390 * * @param array $base Array with keys needing to be replaced. * @param array $replacements Array with the replaced keys. * * @return array */ function array_replace_recursive( $base = array(), $replacements = array() ) { foreach ( array_slice( func_get_args(), 1 ) as $replacements ) { $bref_stack = array( &$base ); $head_stack = array( $replacements ); do { end( $bref_stack ); $bref = &$bref_stack[ key( $bref_stack ) ]; $head = array_pop( $head_stack ); unset( $bref_stack[ key( $bref_stack ) ] ); foreach ( array_keys( $head ) as $key ) { if ( isset( $key, $bref ) && isset( $bref[ $key ] ) && is_array( $bref[ $key ] ) && isset( $head[ $key ] ) && is_array( $head[ $key ] ) ) { $bref_stack[] = &$bref[ $key ]; $head_stack[] = $head[ $key ]; } else { $bref[ $key ] = $head[ $key ]; } } } while ( count( $head_stack ) ); } return $base; } endif; /** * Polyfill for the SPL autoloader. In PHP 5.2 (but not 5.3 and later), SPL can * be disabled, and PHP 7.2 raises notices if the compiler finds an __autoload() * function declaration. Function availability is checked here, and the * autoloader is included only if necessary. */ if ( ! function_exists( 'spl_autoload_register' ) ) { require_once ABSPATH . WPINC . '/spl-autoload-compat.php'; } if ( ! function_exists( 'is_countable' ) ) { /** * Polyfill for is_countable() function added in PHP 7.3. * * Verify that the content of a variable is an array or an object * implementing the Countable interface. * * @since 4.9.6 * * @param mixed $var The value to check. * * @return bool True if `$var` is countable, false otherwise. */ function is_countable( $var ) { return ( is_array( $var ) || $var instanceof Countable || $var instanceof SimpleXMLElement || $var instanceof ResourceBundle ); } } if ( ! function_exists( 'is_iterable' ) ) { /** * Polyfill for is_iterable() function added in PHP 7.1. * * Verify that the content of a variable is an array or an object * implementing the Traversable interface. * * @since 4.9.6 * * @param mixed $var The value to check. * * @return bool True if `$var` is iterable, false otherwise. */ function is_iterable( $var ) { return ( is_array( $var ) || $var instanceof Traversable ); } } did_permalink = false; } } /** * Filters the query variables whitelist before processing. * * Allows (publicly allowed) query vars to be added, removed, or changed prior * to executing the query. Needed to allow custom rewrite rules using your own arguments * to work, or any other custom query variables you want to be publicly available. * * @since 1.5.0 * * @param array $public_query_vars The array of whitelisted query variables. */ $this->public_query_vars = apply_filters( 'query_vars', $this->public_query_vars ); foreach ( get_post_types( array(), 'objects' ) as $post_type => $t ) { if ( is_post_type_viewable( $t ) && $t->query_var ) { $post_type_query_vars[$t->query_var] = $post_type; } } foreach ( $this->public_query_vars as $wpvar ) { if ( isset( $this->extra_query_vars[$wpvar] ) ) $this->query_vars[$wpvar] = $this->extra_query_vars[$wpvar]; elseif ( isset( $_GET[ $wpvar ] ) && isset( $_POST[ $wpvar ] ) && $_GET[ $wpvar ] !== $_POST[ $wpvar ] ) wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 ); elseif ( isset( $_POST[$wpvar] ) ) $this->query_vars[$wpvar] = $_POST[$wpvar]; elseif ( isset( $_GET[$wpvar] ) ) $this->query_vars[$wpvar] = $_GET[$wpvar]; elseif ( isset( $perma_query_vars[$wpvar] ) ) $this->query_vars[$wpvar] = $perma_query_vars[$wpvar]; if ( !empty( $this->query_vars[$wpvar] ) ) { if ( ! is_array( $this->query_vars[$wpvar] ) ) { $this->query_vars[$wpvar] = (string) $this->query_vars[$wpvar]; } else { foreach ( $this->query_vars[$wpvar] as $vkey => $v ) { if ( !is_object( $v ) ) { $this->query_vars[$wpvar][$vkey] = (string) $v; } } } if ( isset($post_type_query_vars[$wpvar] ) ) { $this->query_vars['post_type'] = $post_type_query_vars[$wpvar]; $this->query_vars['name'] = $this->query_vars[$wpvar]; } } } // Convert urldecoded spaces back into + foreach ( get_taxonomies( array() , 'objects' ) as $taxonomy => $t ) if ( $t->query_var && isset( $this->query_vars[$t->query_var] ) ) $this->query_vars[$t->query_var] = str_replace( ' ', '+', $this->query_vars[$t->query_var] ); // Don't allow non-publicly queryable taxonomies to be queried from the front end. if ( ! is_admin() ) { foreach ( get_taxonomies( array( 'publicly_queryable' => false ), 'objects' ) as $taxonomy => $t ) { /* * Disallow when set to the 'taxonomy' query var. * Non-publicly queryable taxonomies cannot register custom query vars. See register_taxonomy(). */ if ( isset( $this->query_vars['taxonomy'] ) && $taxonomy === $this->query_vars['taxonomy'] ) { unset( $this->query_vars['taxonomy'], $this->query_vars['term'] ); } } } // Limit publicly queried post_types to those that are publicly_queryable if ( isset( $this->query_vars['post_type']) ) { $queryable_post_types = get_post_types( array('publicly_queryable' => true) ); if ( ! is_array( $this->query_vars['post_type'] ) ) { if ( ! in_array( $this->query_vars['post_type'], $queryable_post_types ) ) unset( $this->query_vars['post_type'] ); } else { $this->query_vars['post_type'] = array_intersect( $this->query_vars['post_type'], $queryable_post_types ); } } // Resolve conflicts between posts with numeric slugs and date archive queries. $this->query_vars = wp_resolve_numeric_slug_conflicts( $this->query_vars ); foreach ( (array) $this->private_query_vars as $var) { if ( isset($this->extra_query_vars[$var]) ) $this->query_vars[$var] = $this->extra_query_vars[$var]; } if ( isset($error) ) $this->query_vars['error'] = $error; /** * Filters the array of parsed query variables. * * @since 2.1.0 * * @param array $query_vars The array of requested query variables. */ $this->query_vars = apply_filters( 'request', $this->query_vars ); /** * Fires once all query variables for the current request have been parsed. * * @since 2.1.0 * * @param WP $this Current WordPress environment instance (passed by reference). */ do_action_ref_array( 'parse_request', array( &$this ) ); } /** * Sends additional HTTP headers for caching, content type, etc. * * Sets the Content-Type header. Sets the 'error' status (if passed) and optionally exits. * If showing a feed, it will also send Last-Modified, ETag, and 304 status if needed. * * @since 2.0.0 * @since 4.4.0 `X-Pingback` header is added conditionally after posts have been queried in handle_404(). */ public function send_headers() { $headers = array(); $status = null; $exit_required = false; if ( is_user_logged_in() ) $headers = array_merge($headers, wp_get_nocache_headers()); if ( ! empty( $this->query_vars['error'] ) ) { $status = (int) $this->query_vars['error']; if ( 404 === $status ) { if ( ! is_user_logged_in() ) $headers = array_merge($headers, wp_get_nocache_headers()); $headers['Content-Type'] = get_option('html_type') . '; charset=' . get_option('blog_charset'); } elseif ( in_array( $status, array( 403, 500, 502, 503 ) ) ) { $exit_required = true; } } elseif ( empty( $this->query_vars['feed'] ) ) { $headers['Content-Type'] = get_option('html_type') . '; charset=' . get_option('blog_charset'); } else { // Set the correct content type for feeds $type = $this->query_vars['feed']; if ( 'feed' == $this->query_vars['feed'] ) { $type = get_default_feed(); } $headers['Content-Type'] = feed_content_type( $type ) . '; charset=' . get_option( 'blog_charset' ); // We're showing a feed, so WP is indeed the only thing that last changed. if ( ! empty( $this->query_vars['withcomments'] ) || false !== strpos( $this->query_vars['feed'], 'comments-' ) || ( empty( $this->query_vars['withoutcomments'] ) && ( ! empty( $this->query_vars['p'] ) || ! empty( $this->query_vars['name'] ) || ! empty( $this->query_vars['page_id'] ) || ! empty( $this->query_vars['pagename'] ) || ! empty( $this->query_vars['attachment'] ) || ! empty( $this->query_vars['attachment_id'] ) ) ) ) { $wp_last_modified = mysql2date( 'D, d M Y H:i:s', get_lastcommentmodified( 'GMT' ), false ); } else { $wp_last_modified = mysql2date( 'D, d M Y H:i:s', get_lastpostmodified( 'GMT' ), false ); } if ( ! $wp_last_modified ) { $wp_last_modified = date( 'D, d M Y H:i:s' ); } $wp_last_modified .= ' GMT'; $wp_etag = '"' . md5($wp_last_modified) . '"'; $headers['Last-Modified'] = $wp_last_modified; $headers['ETag'] = $wp_etag; // Support for Conditional GET if (isset($_SERVER['HTTP_IF_NONE_MATCH'])) $client_etag = wp_unslash( $_SERVER['HTTP_IF_NONE_MATCH'] ); else $client_etag = false; $client_last_modified = empty($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? '' : trim($_SERVER['HTTP_IF_MODIFIED_SINCE']); // If string is empty, return 0. If not, attempt to parse into a timestamp $client_modified_timestamp = $client_last_modified ? strtotime($client_last_modified) : 0; // Make a timestamp for our most recent modification... $wp_modified_timestamp = strtotime($wp_last_modified); if ( ($client_last_modified && $client_etag) ? (($client_modified_timestamp >= $wp_modified_timestamp) && ($client_etag == $wp_etag)) : (($client_modified_timestamp >= $wp_modified_timestamp) || ($client_etag == $wp_etag)) ) { $status = 304; $exit_required = true; } } /** * Filters the HTTP headers before they're sent to the browser. * * @since 2.8.0 * * @param array $headers The list of headers to be sent. * @param WP $this Current WordPress environment instance. */ $headers = apply_filters( 'wp_headers', $headers, $this ); if ( ! empty( $status ) ) status_header( $status ); // If Last-Modified is set to false, it should not be sent (no-cache situation). if ( isset( $headers['Last-Modified'] ) && false === $headers['Last-Modified'] ) { unset( $headers['Last-Modified'] ); // In PHP 5.3+, make sure we are not sending a Last-Modified header. if ( function_exists( 'header_remove' ) ) { @header_remove( 'Last-Modified' ); } else { // In PHP 5.2, send an empty Last-Modified header, but only as a // last resort to override a header already sent. #WP23021 foreach ( headers_list() as $header ) { if ( 0 === stripos( $header, 'Last-Modified' ) ) { $headers['Last-Modified'] = ''; break; } } } } foreach ( (array) $headers as $name => $field_value ) @header("{$name}: {$field_value}"); if ( $exit_required ) exit(); /** * Fires once the requested HTTP headers for caching, content type, etc. have been sent. * * @since 2.1.0 * * @param WP $this Current WordPress environment instance (passed by reference). */ do_action_ref_array( 'send_headers', array( &$this ) ); } /** * Sets the query string property based off of the query variable property. * * The {@see 'query_string'} filter is deprecated, but still works. Plugins should * use the {@see 'request'} filter instead. * * @since 2.0.0 */ public function build_query_string() { $this->query_string = ''; foreach ( (array) array_keys($this->query_vars) as $wpvar) { if ( '' != $this->query_vars[$wpvar] ) { $this->query_string .= (strlen($this->query_string) < 1) ? '' : '&'; if ( !is_scalar($this->query_vars[$wpvar]) ) // Discard non-scalars. continue; $this->query_string .= $wpvar . '=' . rawurlencode($this->query_vars[$wpvar]); } } if ( has_filter( 'query_string' ) ) { // Don't bother filtering and parsing if no plugins are hooked in. /** * Filters the query string before parsing. * * @since 1.5.0 * @deprecated 2.1.0 Use 'query_vars' or 'request' filters instead. * * @param string $query_string The query string to modify. */ $this->query_string = apply_filters( 'query_string', $this->query_string ); parse_str($this->query_string, $this->query_vars); } } /** * Set up the WordPress Globals. * * The query_vars property will be extracted to the GLOBALS. So care should * be taken when naming global variables that might interfere with the * WordPress environment. * * @since 2.0.0 * * @global WP_Query $wp_query * @global string $query_string Query string for the loop. * @global array $posts The found posts. * @global WP_Post|null $post The current post, if available. * @global string $request The SQL statement for the request. * @global int $more Only set, if single page or post. * @global int $single If single page or post. Only set, if single page or post. * @global WP_User $authordata Only set, if author archive. */ public function register_globals() { global $wp_query; // Extract updated query vars back into global namespace. foreach ( (array) $wp_query->query_vars as $key => $value ) { $GLOBALS[ $key ] = $value; } $GLOBALS['query_string'] = $this->query_string; $GLOBALS['posts'] = & $wp_query->posts; $GLOBALS['post'] = isset( $wp_query->post ) ? $wp_query->post : null; $GLOBALS['request'] = $wp_query->request; if ( $wp_query->is_single() || $wp_query->is_page() ) { $GLOBALS['more'] = 1; $GLOBALS['single'] = 1; } if ( $wp_query->is_author() && isset( $wp_query->post ) ) $GLOBALS['authordata'] = get_userdata( $wp_query->post->post_author ); } /** * Set up the current user. * * @since 2.0.0 */ public function init() { wp_get_current_user(); } /** * Set up the Loop based on the query variables. * * @since 2.0.0 * * @global WP_Query $wp_the_query */ public function query_posts() { global $wp_the_query; $this->build_query_string(); $wp_the_query->query($this->query_vars); } /** * Set the Headers for 404, if nothing is found for requested URL. * * Issue a 404 if a request doesn't match any posts and doesn't match * any object (e.g. an existing-but-empty category, tag, author) and a 404 was not already * issued, and if the request was not a search or the homepage. * * Otherwise, issue a 200. * * This sets headers after posts have been queried. handle_404() really means "handle status." * By inspecting the result of querying posts, seemingly successful requests can be switched to * a 404 so that canonical redirection logic can kick in. * * @since 2.0.0 * * @global WP_Query $wp_query */ public function handle_404() { global $wp_query; /** * Filters whether to short-circuit default header status handling. * * Returning a non-false value from the filter will short-circuit the handling * and return early. * * @since 4.5.0 * * @param bool $preempt Whether to short-circuit default header status handling. Default false. * @param WP_Query $wp_query WordPress Query object. */ if ( false !== apply_filters( 'pre_handle_404', false, $wp_query ) ) { return; } // If we've already issued a 404, bail. if ( is_404() ) return; // Never 404 for the admin, robots, or if we found posts. if ( is_admin() || is_robots() || $wp_query->posts ) { $success = true; if ( is_singular() ) { $p = false; if ( $wp_query->post instanceof WP_Post ) { $p = clone $wp_query->post; } // Only set X-Pingback for single posts that allow pings. if ( $p && pings_open( $p ) ) { @header( 'X-Pingback: ' . get_bloginfo( 'pingback_url', 'display' ) ); } // check for paged content that exceeds the max number of pages $next = ''; if ( $p && false !== strpos( $p->post_content, $next ) && ! empty( $this->query_vars['page'] ) ) { $page = trim( $this->query_vars['page'], '/' ); $success = (int) $page <= ( substr_count( $p->post_content, $next ) + 1 ); } } if ( $success ) { status_header( 200 ); return; } } // We will 404 for paged queries, as no posts were found. if ( ! is_paged() ) { // Don't 404 for authors without posts as long as they matched an author on this site. $author = get_query_var( 'author' ); if ( is_author() && is_numeric( $author ) && $author > 0 && is_user_member_of_blog( $author ) ) { status_header( 200 ); return; } // Don't 404 for these queries if they matched an object. if ( ( is_tag() || is_category() || is_tax() || is_post_type_archive() ) && get_queried_object() ) { status_header( 200 ); return; } // Don't 404 for these queries either. if ( is_home() || is_search() || is_feed() ) { status_header( 200 ); return; } } // Guess it's time to 404. $wp_query->set_404(); status_header( 404 ); nocache_headers(); } /** * Sets up all of the variables required by the WordPress environment. * * The action {@see 'wp'} has one parameter that references the WP object. It * allows for accessing the properties and methods to further manipulate the * object. * * @since 2.0.0 * * @param string|array $query_args Passed to parse_request(). */ public function main($query_args = '') { $this->init(); $this->parse_request($query_args); $this->send_headers(); $this->query_posts(); $this->handle_404(); $this->register_globals(); /** * Fires once the WordPress environment has been set up. * * @since 2.1.0 * * @param WP $this Current WordPress environment instance (passed by reference). */ do_action_ref_array( 'wp', array( &$this ) ); } }