Edit File by line
/home/zeestwma/richards.../wp-inclu...
File: pluggable.php
* Needed for the login grace period in wp_validate_auth_cookie().
[1000] Fix | Delete
*/
[1001] Fix | Delete
$expire = $expiration + ( 12 * HOUR_IN_SECONDS );
[1002] Fix | Delete
} else {
[1003] Fix | Delete
/** This filter is documented in wp-includes/pluggable.php */
[1004] Fix | Delete
$expiration = time() + apply_filters( 'auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, $remember );
[1005] Fix | Delete
$expire = 0;
[1006] Fix | Delete
}
[1007] Fix | Delete
[1008] Fix | Delete
if ( '' === $secure ) {
[1009] Fix | Delete
$secure = is_ssl();
[1010] Fix | Delete
}
[1011] Fix | Delete
[1012] Fix | Delete
// Front-end cookie is secure when the auth cookie is secure and the site's home URL uses HTTPS.
[1013] Fix | Delete
$secure_logged_in_cookie = $secure && 'https' === parse_url( get_option( 'home' ), PHP_URL_SCHEME );
[1014] Fix | Delete
[1015] Fix | Delete
/**
[1016] Fix | Delete
* Filters whether the auth cookie should only be sent over HTTPS.
[1017] Fix | Delete
*
[1018] Fix | Delete
* @since 3.1.0
[1019] Fix | Delete
*
[1020] Fix | Delete
* @param bool $secure Whether the cookie should only be sent over HTTPS.
[1021] Fix | Delete
* @param int $user_id User ID.
[1022] Fix | Delete
*/
[1023] Fix | Delete
$secure = apply_filters( 'secure_auth_cookie', $secure, $user_id );
[1024] Fix | Delete
[1025] Fix | Delete
/**
[1026] Fix | Delete
* Filters whether the logged in cookie should only be sent over HTTPS.
[1027] Fix | Delete
*
[1028] Fix | Delete
* @since 3.1.0
[1029] Fix | Delete
*
[1030] Fix | Delete
* @param bool $secure_logged_in_cookie Whether the logged in cookie should only be sent over HTTPS.
[1031] Fix | Delete
* @param int $user_id User ID.
[1032] Fix | Delete
* @param bool $secure Whether the auth cookie should only be sent over HTTPS.
[1033] Fix | Delete
*/
[1034] Fix | Delete
$secure_logged_in_cookie = apply_filters( 'secure_logged_in_cookie', $secure_logged_in_cookie, $user_id, $secure );
[1035] Fix | Delete
[1036] Fix | Delete
if ( $secure ) {
[1037] Fix | Delete
$auth_cookie_name = SECURE_AUTH_COOKIE;
[1038] Fix | Delete
$scheme = 'secure_auth';
[1039] Fix | Delete
} else {
[1040] Fix | Delete
$auth_cookie_name = AUTH_COOKIE;
[1041] Fix | Delete
$scheme = 'auth';
[1042] Fix | Delete
}
[1043] Fix | Delete
[1044] Fix | Delete
if ( '' === $token ) {
[1045] Fix | Delete
$manager = WP_Session_Tokens::get_instance( $user_id );
[1046] Fix | Delete
$token = $manager->create( $expiration );
[1047] Fix | Delete
}
[1048] Fix | Delete
[1049] Fix | Delete
$auth_cookie = wp_generate_auth_cookie( $user_id, $expiration, $scheme, $token );
[1050] Fix | Delete
$logged_in_cookie = wp_generate_auth_cookie( $user_id, $expiration, 'logged_in', $token );
[1051] Fix | Delete
[1052] Fix | Delete
/**
[1053] Fix | Delete
* Fires immediately before the authentication cookie is set.
[1054] Fix | Delete
*
[1055] Fix | Delete
* @since 2.5.0
[1056] Fix | Delete
* @since 4.9.0 The `$token` parameter was added.
[1057] Fix | Delete
*
[1058] Fix | Delete
* @param string $auth_cookie Authentication cookie value.
[1059] Fix | Delete
* @param int $expire The time the login grace period expires as a UNIX timestamp.
[1060] Fix | Delete
* Default is 12 hours past the cookie's expiration time.
[1061] Fix | Delete
* @param int $expiration The time when the authentication cookie expires as a UNIX timestamp.
[1062] Fix | Delete
* Default is 14 days from now.
[1063] Fix | Delete
* @param int $user_id User ID.
[1064] Fix | Delete
* @param string $scheme Authentication scheme. Values include 'auth' or 'secure_auth'.
[1065] Fix | Delete
* @param string $token User's session token to use for this cookie.
[1066] Fix | Delete
*/
[1067] Fix | Delete
do_action( 'set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme, $token );
[1068] Fix | Delete
[1069] Fix | Delete
/**
[1070] Fix | Delete
* Fires immediately before the logged-in authentication cookie is set.
[1071] Fix | Delete
*
[1072] Fix | Delete
* @since 2.6.0
[1073] Fix | Delete
* @since 4.9.0 The `$token` parameter was added.
[1074] Fix | Delete
*
[1075] Fix | Delete
* @param string $logged_in_cookie The logged-in cookie value.
[1076] Fix | Delete
* @param int $expire The time the login grace period expires as a UNIX timestamp.
[1077] Fix | Delete
* Default is 12 hours past the cookie's expiration time.
[1078] Fix | Delete
* @param int $expiration The time when the logged-in authentication cookie expires as a UNIX timestamp.
[1079] Fix | Delete
* Default is 14 days from now.
[1080] Fix | Delete
* @param int $user_id User ID.
[1081] Fix | Delete
* @param string $scheme Authentication scheme. Default 'logged_in'.
[1082] Fix | Delete
* @param string $token User's session token to use for this cookie.
[1083] Fix | Delete
*/
[1084] Fix | Delete
do_action( 'set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in', $token );
[1085] Fix | Delete
[1086] Fix | Delete
/**
[1087] Fix | Delete
* Allows preventing auth cookies from actually being sent to the client.
[1088] Fix | Delete
*
[1089] Fix | Delete
* @since 4.7.4
[1090] Fix | Delete
* @since 6.2.0 The `$expire`, `$expiration`, `$user_id`, `$scheme`, and `$token` parameters were added.
[1091] Fix | Delete
*
[1092] Fix | Delete
* @param bool $send Whether to send auth cookies to the client. Default true.
[1093] Fix | Delete
* @param int $expire The time the login grace period expires as a UNIX timestamp.
[1094] Fix | Delete
* Default is 12 hours past the cookie's expiration time. Zero when clearing cookies.
[1095] Fix | Delete
* @param int $expiration The time when the logged-in authentication cookie expires as a UNIX timestamp.
[1096] Fix | Delete
* Default is 14 days from now. Zero when clearing cookies.
[1097] Fix | Delete
* @param int $user_id User ID. Zero when clearing cookies.
[1098] Fix | Delete
* @param string $scheme Authentication scheme. Values include 'auth' or 'secure_auth'.
[1099] Fix | Delete
* Empty string when clearing cookies.
[1100] Fix | Delete
* @param string $token User's session token to use for this cookie. Empty string when clearing cookies.
[1101] Fix | Delete
*/
[1102] Fix | Delete
if ( ! apply_filters( 'send_auth_cookies', true, $expire, $expiration, $user_id, $scheme, $token ) ) {
[1103] Fix | Delete
return;
[1104] Fix | Delete
}
[1105] Fix | Delete
[1106] Fix | Delete
setcookie( $auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true );
[1107] Fix | Delete
setcookie( $auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true );
[1108] Fix | Delete
setcookie( LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true );
[1109] Fix | Delete
if ( COOKIEPATH !== SITECOOKIEPATH ) {
[1110] Fix | Delete
setcookie( LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true );
[1111] Fix | Delete
}
[1112] Fix | Delete
}
[1113] Fix | Delete
endif;
[1114] Fix | Delete
[1115] Fix | Delete
if ( ! function_exists( 'wp_clear_auth_cookie' ) ) :
[1116] Fix | Delete
/**
[1117] Fix | Delete
* Removes all of the cookies associated with authentication.
[1118] Fix | Delete
*
[1119] Fix | Delete
* @since 2.5.0
[1120] Fix | Delete
*/
[1121] Fix | Delete
function wp_clear_auth_cookie() {
[1122] Fix | Delete
/**
[1123] Fix | Delete
* Fires just before the authentication cookies are cleared.
[1124] Fix | Delete
*
[1125] Fix | Delete
* @since 2.7.0
[1126] Fix | Delete
*/
[1127] Fix | Delete
do_action( 'clear_auth_cookie' );
[1128] Fix | Delete
[1129] Fix | Delete
/** This filter is documented in wp-includes/pluggable.php */
[1130] Fix | Delete
if ( ! apply_filters( 'send_auth_cookies', true, 0, 0, 0, '', '' ) ) {
[1131] Fix | Delete
return;
[1132] Fix | Delete
}
[1133] Fix | Delete
[1134] Fix | Delete
// Auth cookies.
[1135] Fix | Delete
setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN );
[1136] Fix | Delete
setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN );
[1137] Fix | Delete
setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN );
[1138] Fix | Delete
setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN );
[1139] Fix | Delete
setcookie( LOGGED_IN_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
[1140] Fix | Delete
setcookie( LOGGED_IN_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
[1141] Fix | Delete
[1142] Fix | Delete
// Settings cookies.
[1143] Fix | Delete
setcookie( 'wp-settings-' . get_current_user_id(), ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH );
[1144] Fix | Delete
setcookie( 'wp-settings-time-' . get_current_user_id(), ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH );
[1145] Fix | Delete
[1146] Fix | Delete
// Old cookies.
[1147] Fix | Delete
setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
[1148] Fix | Delete
setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
[1149] Fix | Delete
setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
[1150] Fix | Delete
setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
[1151] Fix | Delete
[1152] Fix | Delete
// Even older cookies.
[1153] Fix | Delete
setcookie( USER_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
[1154] Fix | Delete
setcookie( PASS_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
[1155] Fix | Delete
setcookie( USER_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
[1156] Fix | Delete
setcookie( PASS_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
[1157] Fix | Delete
[1158] Fix | Delete
// Post password cookie.
[1159] Fix | Delete
setcookie( 'wp-postpass_' . COOKIEHASH, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
[1160] Fix | Delete
}
[1161] Fix | Delete
endif;
[1162] Fix | Delete
[1163] Fix | Delete
if ( ! function_exists( 'is_user_logged_in' ) ) :
[1164] Fix | Delete
/**
[1165] Fix | Delete
* Determines whether the current visitor is a logged in user.
[1166] Fix | Delete
*
[1167] Fix | Delete
* For more information on this and similar theme functions, check out
[1168] Fix | Delete
* the {@link https://developer.wordpress.org/themes/basics/conditional-tags/
[1169] Fix | Delete
* Conditional Tags} article in the Theme Developer Handbook.
[1170] Fix | Delete
*
[1171] Fix | Delete
* @since 2.0.0
[1172] Fix | Delete
*
[1173] Fix | Delete
* @return bool True if user is logged in, false if not logged in.
[1174] Fix | Delete
*/
[1175] Fix | Delete
function is_user_logged_in() {
[1176] Fix | Delete
$user = wp_get_current_user();
[1177] Fix | Delete
[1178] Fix | Delete
return $user->exists();
[1179] Fix | Delete
}
[1180] Fix | Delete
endif;
[1181] Fix | Delete
[1182] Fix | Delete
if ( ! function_exists( 'auth_redirect' ) ) :
[1183] Fix | Delete
/**
[1184] Fix | Delete
* Checks if a user is logged in, if not it redirects them to the login page.
[1185] Fix | Delete
*
[1186] Fix | Delete
* When this code is called from a page, it checks to see if the user viewing the page is logged in.
[1187] Fix | Delete
* If the user is not logged in, they are redirected to the login page. The user is redirected
[1188] Fix | Delete
* in such a way that, upon logging in, they will be sent directly to the page they were originally
[1189] Fix | Delete
* trying to access.
[1190] Fix | Delete
*
[1191] Fix | Delete
* @since 1.5.0
[1192] Fix | Delete
*/
[1193] Fix | Delete
function auth_redirect() {
[1194] Fix | Delete
$secure = ( is_ssl() || force_ssl_admin() );
[1195] Fix | Delete
[1196] Fix | Delete
/**
[1197] Fix | Delete
* Filters whether to use a secure authentication redirect.
[1198] Fix | Delete
*
[1199] Fix | Delete
* @since 3.1.0
[1200] Fix | Delete
*
[1201] Fix | Delete
* @param bool $secure Whether to use a secure authentication redirect. Default false.
[1202] Fix | Delete
*/
[1203] Fix | Delete
$secure = apply_filters( 'secure_auth_redirect', $secure );
[1204] Fix | Delete
[1205] Fix | Delete
// If https is required and request is http, redirect.
[1206] Fix | Delete
if ( $secure && ! is_ssl() && str_contains( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) {
[1207] Fix | Delete
if ( str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) {
[1208] Fix | Delete
wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
[1209] Fix | Delete
exit;
[1210] Fix | Delete
} else {
[1211] Fix | Delete
wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
[1212] Fix | Delete
exit;
[1213] Fix | Delete
}
[1214] Fix | Delete
}
[1215] Fix | Delete
[1216] Fix | Delete
/**
[1217] Fix | Delete
* Filters the authentication redirect scheme.
[1218] Fix | Delete
*
[1219] Fix | Delete
* @since 2.9.0
[1220] Fix | Delete
*
[1221] Fix | Delete
* @param string $scheme Authentication redirect scheme. Default empty.
[1222] Fix | Delete
*/
[1223] Fix | Delete
$scheme = apply_filters( 'auth_redirect_scheme', '' );
[1224] Fix | Delete
[1225] Fix | Delete
$user_id = wp_validate_auth_cookie( '', $scheme );
[1226] Fix | Delete
if ( $user_id ) {
[1227] Fix | Delete
/**
[1228] Fix | Delete
* Fires before the authentication redirect.
[1229] Fix | Delete
*
[1230] Fix | Delete
* @since 2.8.0
[1231] Fix | Delete
*
[1232] Fix | Delete
* @param int $user_id User ID.
[1233] Fix | Delete
*/
[1234] Fix | Delete
do_action( 'auth_redirect', $user_id );
[1235] Fix | Delete
[1236] Fix | Delete
// If the user wants ssl but the session is not ssl, redirect.
[1237] Fix | Delete
if ( ! $secure && get_user_option( 'use_ssl', $user_id ) && str_contains( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) {
[1238] Fix | Delete
if ( str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) {
[1239] Fix | Delete
wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
[1240] Fix | Delete
exit;
[1241] Fix | Delete
} else {
[1242] Fix | Delete
wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
[1243] Fix | Delete
exit;
[1244] Fix | Delete
}
[1245] Fix | Delete
}
[1246] Fix | Delete
[1247] Fix | Delete
return; // The cookie is good, so we're done.
[1248] Fix | Delete
}
[1249] Fix | Delete
[1250] Fix | Delete
// The cookie is no good, so force login.
[1251] Fix | Delete
nocache_headers();
[1252] Fix | Delete
[1253] Fix | Delete
if ( str_contains( $_SERVER['REQUEST_URI'], '/options.php' ) && wp_get_referer() ) {
[1254] Fix | Delete
$redirect = wp_get_referer();
[1255] Fix | Delete
} else {
[1256] Fix | Delete
$redirect = set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
[1257] Fix | Delete
}
[1258] Fix | Delete
[1259] Fix | Delete
$login_url = wp_login_url( $redirect, true );
[1260] Fix | Delete
[1261] Fix | Delete
wp_redirect( $login_url );
[1262] Fix | Delete
exit;
[1263] Fix | Delete
}
[1264] Fix | Delete
endif;
[1265] Fix | Delete
[1266] Fix | Delete
if ( ! function_exists( 'check_admin_referer' ) ) :
[1267] Fix | Delete
/**
[1268] Fix | Delete
* Ensures intent by verifying that a user was referred from another admin page with the correct security nonce.
[1269] Fix | Delete
*
[1270] Fix | Delete
* This function ensures the user intends to perform a given action, which helps protect against clickjacking style
[1271] Fix | Delete
* attacks. It verifies intent, not authorization, therefore it does not verify the user's capabilities. This should
[1272] Fix | Delete
* be performed with `current_user_can()` or similar.
[1273] Fix | Delete
*
[1274] Fix | Delete
* If the nonce value is invalid, the function will exit with an "Are You Sure?" style message.
[1275] Fix | Delete
*
[1276] Fix | Delete
* @since 1.2.0
[1277] Fix | Delete
* @since 2.5.0 The `$query_arg` parameter was added.
[1278] Fix | Delete
*
[1279] Fix | Delete
* @param int|string $action The nonce action.
[1280] Fix | Delete
* @param string $query_arg Optional. Key to check for nonce in `$_REQUEST`. Default '_wpnonce'.
[1281] Fix | Delete
* @return int|false 1 if the nonce is valid and generated between 0-12 hours ago,
[1282] Fix | Delete
* 2 if the nonce is valid and generated between 12-24 hours ago.
[1283] Fix | Delete
* False if the nonce is invalid.
[1284] Fix | Delete
*/
[1285] Fix | Delete
function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
[1286] Fix | Delete
if ( -1 === $action ) {
[1287] Fix | Delete
_doing_it_wrong( __FUNCTION__, __( 'You should specify an action to be verified by using the first parameter.' ), '3.2.0' );
[1288] Fix | Delete
}
[1289] Fix | Delete
[1290] Fix | Delete
$adminurl = strtolower( admin_url() );
[1291] Fix | Delete
$referer = strtolower( wp_get_referer() );
[1292] Fix | Delete
$result = isset( $_REQUEST[ $query_arg ] ) ? wp_verify_nonce( $_REQUEST[ $query_arg ], $action ) : false;
[1293] Fix | Delete
[1294] Fix | Delete
/**
[1295] Fix | Delete
* Fires once the admin request has been validated or not.
[1296] Fix | Delete
*
[1297] Fix | Delete
* @since 1.5.1
[1298] Fix | Delete
*
[1299] Fix | Delete
* @param string $action The nonce action.
[1300] Fix | Delete
* @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between
[1301] Fix | Delete
* 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
[1302] Fix | Delete
*/
[1303] Fix | Delete
do_action( 'check_admin_referer', $action, $result );
[1304] Fix | Delete
[1305] Fix | Delete
if ( ! $result && ! ( -1 === $action && str_starts_with( $referer, $adminurl ) ) ) {
[1306] Fix | Delete
wp_nonce_ays( $action );
[1307] Fix | Delete
die();
[1308] Fix | Delete
}
[1309] Fix | Delete
[1310] Fix | Delete
return $result;
[1311] Fix | Delete
}
[1312] Fix | Delete
endif;
[1313] Fix | Delete
[1314] Fix | Delete
if ( ! function_exists( 'check_ajax_referer' ) ) :
[1315] Fix | Delete
/**
[1316] Fix | Delete
* Verifies the Ajax request to prevent processing requests external of the blog.
[1317] Fix | Delete
*
[1318] Fix | Delete
* @since 2.0.3
[1319] Fix | Delete
*
[1320] Fix | Delete
* @param int|string $action Action nonce.
[1321] Fix | Delete
* @param false|string $query_arg Optional. Key to check for the nonce in `$_REQUEST` (since 2.5). If false,
[1322] Fix | Delete
* `$_REQUEST` values will be evaluated for '_ajax_nonce', and '_wpnonce'
[1323] Fix | Delete
* (in that order). Default false.
[1324] Fix | Delete
* @param bool $stop Optional. Whether to stop early when the nonce cannot be verified.
[1325] Fix | Delete
* Default true.
[1326] Fix | Delete
* @return int|false 1 if the nonce is valid and generated between 0-12 hours ago,
[1327] Fix | Delete
* 2 if the nonce is valid and generated between 12-24 hours ago.
[1328] Fix | Delete
* False if the nonce is invalid.
[1329] Fix | Delete
*/
[1330] Fix | Delete
function check_ajax_referer( $action = -1, $query_arg = false, $stop = true ) {
[1331] Fix | Delete
if ( -1 === $action ) {
[1332] Fix | Delete
_doing_it_wrong( __FUNCTION__, __( 'You should specify an action to be verified by using the first parameter.' ), '4.7.0' );
[1333] Fix | Delete
}
[1334] Fix | Delete
[1335] Fix | Delete
$nonce = '';
[1336] Fix | Delete
[1337] Fix | Delete
if ( $query_arg && isset( $_REQUEST[ $query_arg ] ) ) {
[1338] Fix | Delete
$nonce = $_REQUEST[ $query_arg ];
[1339] Fix | Delete
} elseif ( isset( $_REQUEST['_ajax_nonce'] ) ) {
[1340] Fix | Delete
$nonce = $_REQUEST['_ajax_nonce'];
[1341] Fix | Delete
} elseif ( isset( $_REQUEST['_wpnonce'] ) ) {
[1342] Fix | Delete
$nonce = $_REQUEST['_wpnonce'];
[1343] Fix | Delete
}
[1344] Fix | Delete
[1345] Fix | Delete
$result = wp_verify_nonce( $nonce, $action );
[1346] Fix | Delete
[1347] Fix | Delete
/**
[1348] Fix | Delete
* Fires once the Ajax request has been validated or not.
[1349] Fix | Delete
*
[1350] Fix | Delete
* @since 2.1.0
[1351] Fix | Delete
*
[1352] Fix | Delete
* @param string $action The Ajax nonce action.
[1353] Fix | Delete
* @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between
[1354] Fix | Delete
* 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
[1355] Fix | Delete
*/
[1356] Fix | Delete
do_action( 'check_ajax_referer', $action, $result );
[1357] Fix | Delete
[1358] Fix | Delete
if ( $stop && false === $result ) {
[1359] Fix | Delete
if ( wp_doing_ajax() ) {
[1360] Fix | Delete
wp_die( -1, 403 );
[1361] Fix | Delete
} else {
[1362] Fix | Delete
die( '-1' );
[1363] Fix | Delete
}
[1364] Fix | Delete
}
[1365] Fix | Delete
[1366] Fix | Delete
return $result;
[1367] Fix | Delete
}
[1368] Fix | Delete
endif;
[1369] Fix | Delete
[1370] Fix | Delete
if ( ! function_exists( 'wp_redirect' ) ) :
[1371] Fix | Delete
/**
[1372] Fix | Delete
* Redirects to another page.
[1373] Fix | Delete
*
[1374] Fix | Delete
* Note: wp_redirect() does not exit automatically, and should almost always be
[1375] Fix | Delete
* followed by a call to `exit;`:
[1376] Fix | Delete
*
[1377] Fix | Delete
* wp_redirect( $url );
[1378] Fix | Delete
* exit;
[1379] Fix | Delete
*
[1380] Fix | Delete
* Exiting can also be selectively manipulated by using wp_redirect() as a conditional
[1381] Fix | Delete
* in conjunction with the {@see 'wp_redirect'} and {@see 'wp_redirect_status'} filters:
[1382] Fix | Delete
*
[1383] Fix | Delete
* if ( wp_redirect( $url ) ) {
[1384] Fix | Delete
* exit;
[1385] Fix | Delete
* }
[1386] Fix | Delete
*
[1387] Fix | Delete
* @since 1.5.1
[1388] Fix | Delete
* @since 5.1.0 The `$x_redirect_by` parameter was added.
[1389] Fix | Delete
* @since 5.4.0 On invalid status codes, wp_die() is called.
[1390] Fix | Delete
*
[1391] Fix | Delete
* @global bool $is_IIS
[1392] Fix | Delete
*
[1393] Fix | Delete
* @param string $location The path or URL to redirect to.
[1394] Fix | Delete
* @param int $status Optional. HTTP response status code to use. Default '302' (Moved Temporarily).
[1395] Fix | Delete
* @param string|false $x_redirect_by Optional. The application doing the redirect or false to omit. Default 'WordPress'.
[1396] Fix | Delete
* @return bool False if the redirect was canceled, true otherwise.
[1397] Fix | Delete
*/
[1398] Fix | Delete
function wp_redirect( $location, $status = 302, $x_redirect_by = 'WordPress' ) {
[1399] Fix | Delete
global $is_IIS;
[1400] Fix | Delete
[1401] Fix | Delete
/**
[1402] Fix | Delete
* Filters the redirect location.
[1403] Fix | Delete
*
[1404] Fix | Delete
* @since 2.1.0
[1405] Fix | Delete
*
[1406] Fix | Delete
* @param string $location The path or URL to redirect to.
[1407] Fix | Delete
* @param int $status The HTTP response status code to use.
[1408] Fix | Delete
*/
[1409] Fix | Delete
$location = apply_filters( 'wp_redirect', $location, $status );
[1410] Fix | Delete
[1411] Fix | Delete
/**
[1412] Fix | Delete
* Filters the redirect HTTP response status code to use.
[1413] Fix | Delete
*
[1414] Fix | Delete
* @since 2.3.0
[1415] Fix | Delete
*
[1416] Fix | Delete
* @param int $status The HTTP response status code to use.
[1417] Fix | Delete
* @param string $location The path or URL to redirect to.
[1418] Fix | Delete
*/
[1419] Fix | Delete
$status = apply_filters( 'wp_redirect_status', $status, $location );
[1420] Fix | Delete
[1421] Fix | Delete
if ( ! $location ) {
[1422] Fix | Delete
return false;
[1423] Fix | Delete
}
[1424] Fix | Delete
[1425] Fix | Delete
if ( $status < 300 || 399 < $status ) {
[1426] Fix | Delete
wp_die( __( 'HTTP redirect status code must be a redirection code, 3xx.' ) );
[1427] Fix | Delete
}
[1428] Fix | Delete
[1429] Fix | Delete
$location = wp_sanitize_redirect( $location );
[1430] Fix | Delete
[1431] Fix | Delete
if ( ! $is_IIS && 'cgi-fcgi' !== PHP_SAPI ) {
[1432] Fix | Delete
status_header( $status ); // This causes problems on IIS and some FastCGI setups.
[1433] Fix | Delete
}
[1434] Fix | Delete
[1435] Fix | Delete
/**
[1436] Fix | Delete
* Filters the X-Redirect-By header.
[1437] Fix | Delete
*
[1438] Fix | Delete
* Allows applications to identify themselves when they're doing a redirect.
[1439] Fix | Delete
*
[1440] Fix | Delete
* @since 5.1.0
[1441] Fix | Delete
*
[1442] Fix | Delete
* @param string|false $x_redirect_by The application doing the redirect or false to omit the header.
[1443] Fix | Delete
* @param int $status Status code to use.
[1444] Fix | Delete
* @param string $location The path to redirect to.
[1445] Fix | Delete
*/
[1446] Fix | Delete
$x_redirect_by = apply_filters( 'x_redirect_by', $x_redirect_by, $status, $location );
[1447] Fix | Delete
if ( is_string( $x_redirect_by ) ) {
[1448] Fix | Delete
header( "X-Redirect-By: $x_redirect_by" );
[1449] Fix | Delete
}
[1450] Fix | Delete
[1451] Fix | Delete
header( "Location: $location", true, $status );
[1452] Fix | Delete
[1453] Fix | Delete
return true;
[1454] Fix | Delete
}
[1455] Fix | Delete
endif;
[1456] Fix | Delete
[1457] Fix | Delete
if ( ! function_exists( 'wp_sanitize_redirect' ) ) :
[1458] Fix | Delete
/**
[1459] Fix | Delete
* Sanitizes a URL for use in a redirect.
[1460] Fix | Delete
*
[1461] Fix | Delete
* @since 2.3.0
[1462] Fix | Delete
*
[1463] Fix | Delete
* @param string $location The path to redirect to.
[1464] Fix | Delete
* @return string Redirect-sanitized URL.
[1465] Fix | Delete
*/
[1466] Fix | Delete
function wp_sanitize_redirect( $location ) {
[1467] Fix | Delete
// Encode spaces.
[1468] Fix | Delete
$location = str_replace( ' ', '%20', $location );
[1469] Fix | Delete
[1470] Fix | Delete
$regex = '/
[1471] Fix | Delete
(
[1472] Fix | Delete
(?: [\xC2-\xDF][\x80-\xBF] # double-byte sequences 110xxxxx 10xxxxxx
[1473] Fix | Delete
| \xE0[\xA0-\xBF][\x80-\xBF] # triple-byte sequences 1110xxxx 10xxxxxx * 2
[1474] Fix | Delete
| [\xE1-\xEC][\x80-\xBF]{2}
[1475] Fix | Delete
| \xED[\x80-\x9F][\x80-\xBF]
[1476] Fix | Delete
| [\xEE-\xEF][\x80-\xBF]{2}
[1477] Fix | Delete
| \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences 11110xxx 10xxxxxx * 3
[1478] Fix | Delete
| [\xF1-\xF3][\x80-\xBF]{3}
[1479] Fix | Delete
| \xF4[\x80-\x8F][\x80-\xBF]{2}
[1480] Fix | Delete
){1,40} # ...one or more times
[1481] Fix | Delete
)/x';
[1482] Fix | Delete
$location = preg_replace_callback( $regex, '_wp_sanitize_utf8_in_redirect', $location );
[1483] Fix | Delete
$location = preg_replace( '|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()@]|i', '', $location );
[1484] Fix | Delete
$location = wp_kses_no_null( $location );
[1485] Fix | Delete
[1486] Fix | Delete
// Remove %0D and %0A from location.
[1487] Fix | Delete
$strip = array( '%0d', '%0a', '%0D', '%0A' );
[1488] Fix | Delete
return _deep_replace( $strip, $location );
[1489] Fix | Delete
}
[1490] Fix | Delete
[1491] Fix | Delete
/**
[1492] Fix | Delete
* URL encodes UTF-8 characters in a URL.
[1493] Fix | Delete
*
[1494] Fix | Delete
* @ignore
[1495] Fix | Delete
* @since 4.2.0
[1496] Fix | Delete
* @access private
[1497] Fix | Delete
*
[1498] Fix | Delete
* @see wp_sanitize_redirect()
[1499] Fix | Delete
1234567
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function