+ $site_url = parse_url( site_url() );
+ $path = ( !empty( $site_url['path'] ) ) ? $site_url['path'] : '';
+ $output .= "Disallow: $path/wp-admin/\n";
+ $output .= "Disallow: $path/wp-includes/\n";
+ }
+
+ echo apply_filters('robots_txt', $output, $public);
+}
+
+/**
+ * Test whether blog is already installed.
+ *
+ * The cache will be checked first. If you have a cache plugin, which saves the
+ * cache values, then this will work. If you use the default WordPress cache,
+ * and the database goes away, then you might have problems.
+ *
+ * Checks for the option siteurl for whether WordPress is installed.
+ *
+ * @since 2.1.0
+ * @uses $wpdb
+ *
+ * @return bool Whether blog is already installed.
+ */
+function is_blog_installed() {
+ global $wpdb;
+
+ // Check cache first. If options table goes away and we have true cached, oh well.
+ if ( wp_cache_get( 'is_blog_installed' ) )
+ return true;
+
+ $suppress = $wpdb->suppress_errors();
+ if ( ! defined( 'WP_INSTALLING' ) ) {
+ $alloptions = wp_load_alloptions();
+ }
+ // If siteurl is not set to autoload, check it specifically
+ if ( !isset( $alloptions['siteurl'] ) )
+ $installed = $wpdb->get_var( "SELECT option_value FROM $wpdb->options WHERE option_name = 'siteurl'" );
+ else
+ $installed = $alloptions['siteurl'];
+ $wpdb->suppress_errors( $suppress );
+
+ $installed = !empty( $installed );
+ wp_cache_set( 'is_blog_installed', $installed );
+
+ if ( $installed )
+ return true;
+
+ // If visiting repair.php, return true and let it take over.
+ if ( defined( 'WP_REPAIRING' ) )
+ return true;
+
+ $suppress = $wpdb->suppress_errors();
+
+ // Loop over the WP tables. If none exist, then scratch install is allowed.
+ // If one or more exist, suggest table repair since we got here because the options
+ // table could not be accessed.
+ $wp_tables = $wpdb->tables();
+ foreach ( $wp_tables as $table ) {
+ // The existence of custom user tables shouldn't suggest an insane state or prevent a clean install.
+ if ( defined( 'CUSTOM_USER_TABLE' ) && CUSTOM_USER_TABLE == $table )
+ continue;
+ if ( defined( 'CUSTOM_USER_META_TABLE' ) && CUSTOM_USER_META_TABLE == $table )
+ continue;
+
+ if ( ! $wpdb->get_results( "DESCRIBE $table;" ) )
+ continue;
+
+ // One or more tables exist. We are insane.
+
+ wp_load_translations_early();
+
+ // Die with a DB error.
+ $wpdb->error = sprintf( __( 'One or more database tables are unavailable. The database may need to be <a href="%s">repaired</a>.' ), 'maint/repair.php?referrer=is_blog_installed' );
+ dead_db();
+ }
+
+ $wpdb->suppress_errors( $suppress );
+
+ wp_cache_set( 'is_blog_installed', false );
+
+ return false;
+}
+
+/**
+ * Retrieve URL with nonce added to URL query.
+ *
+ * @package WordPress
+ * @subpackage Security
+ * @since 2.0.4
+ *
+ * @param string $actionurl URL to add nonce action
+ * @param string $action Optional. Nonce action name
+ * @return string URL with nonce action added.
+ */
+function wp_nonce_url( $actionurl, $action = -1 ) {
+ $actionurl = str_replace( '&', '&', $actionurl );
+ return esc_html( add_query_arg( '_wpnonce', wp_create_nonce( $action ), $actionurl ) );
+}
+
+/**
+ * Retrieve or display nonce hidden field for forms.
+ *
+ * The nonce field is used to validate that the contents of the form came from
+ * the location on the current site and not somewhere else. The nonce does not
+ * offer absolute protection, but should protect against most cases. It is very
+ * important to use nonce field in forms.
+ *
+ * The $action and $name are optional, but if you want to have better security,
+ * it is strongly suggested to set those two parameters. It is easier to just
+ * call the function without any parameters, because validation of the nonce
+ * doesn't require any parameters, but since crackers know what the default is
+ * it won't be difficult for them to find a way around your nonce and cause
+ * damage.
+ *
+ * The input name will be whatever $name value you gave. The input value will be
+ * the nonce creation value.
+ *
+ * @package WordPress
+ * @subpackage Security
+ * @since 2.0.4
+ *
+ * @param string $action Optional. Action name.
+ * @param string $name Optional. Nonce name.
+ * @param bool $referer Optional, default true. Whether to set the referer field for validation.
+ * @param bool $echo Optional, default true. Whether to display or return hidden form field.
+ * @return string Nonce field.
+ */
+function wp_nonce_field( $action = -1, $name = "_wpnonce", $referer = true , $echo = true ) {
+ $name = esc_attr( $name );
+ $nonce_field = '<input type="hidden" id="' . $name . '" name="' . $name . '" value="' . wp_create_nonce( $action ) . '" />';
+
+ if ( $referer )
+ $nonce_field .= wp_referer_field( false );
+
+ if ( $echo )
+ echo $nonce_field;
+
+ return $nonce_field;
+}
+
+/**
+ * Retrieve or display referer hidden field for forms.
+ *
+ * The referer link is the current Request URI from the server super global. The
+ * input name is '_wp_http_referer', in case you wanted to check manually.
+ *
+ * @package WordPress
+ * @subpackage Security
+ * @since 2.0.4
+ *
+ * @param bool $echo Whether to echo or return the referer field.
+ * @return string Referer field.
+ */
+function wp_referer_field( $echo = true ) {
+ $ref = esc_attr( $_SERVER['REQUEST_URI'] );
+ $referer_field = '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />';
+
+ if ( $echo )
+ echo $referer_field;
+ return $referer_field;
+}
+
+/**
+ * Retrieve or display original referer hidden field for forms.
+ *
+ * The input name is '_wp_original_http_referer' and will be either the same
+ * value of {@link wp_referer_field()}, if that was posted already or it will
+ * be the current page, if it doesn't exist.
+ *
+ * @package WordPress
+ * @subpackage Security
+ * @since 2.0.4
+ *
+ * @param bool $echo Whether to echo the original http referer
+ * @param string $jump_back_to Optional, default is 'current'. Can be 'previous' or page you want to jump back to.
+ * @return string Original referer field.
+ */
+function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) {
+ $jump_back_to = ( 'previous' == $jump_back_to ) ? wp_get_referer() : $_SERVER['REQUEST_URI'];
+ $ref = ( wp_get_original_referer() ) ? wp_get_original_referer() : $jump_back_to;
+ $orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . esc_attr( stripslashes( $ref ) ) . '" />';
+ if ( $echo )
+ echo $orig_referer_field;
+ return $orig_referer_field;
+}
+
+/**
+ * Retrieve referer from '_wp_http_referer' or HTTP referer. If it's the same
+ * as the current request URL, will return false.
+ *
+ * @package WordPress
+ * @subpackage Security
+ * @since 2.0.4
+ *
+ * @return string|bool False on failure. Referer URL on success.
+ */
+function wp_get_referer() {
+ $ref = false;
+ if ( ! empty( $_REQUEST['_wp_http_referer'] ) )
+ $ref = $_REQUEST['_wp_http_referer'];
+ else if ( ! empty( $_SERVER['HTTP_REFERER'] ) )
+ $ref = $_SERVER['HTTP_REFERER'];
+
+ if ( $ref && $ref !== $_SERVER['REQUEST_URI'] )
+ return $ref;
+ return false;
+}
+
+/**
+ * Retrieve original referer that was posted, if it exists.
+ *
+ * @package WordPress
+ * @subpackage Security
+ * @since 2.0.4
+ *
+ * @return string|bool False if no original referer or original referer if set.
+ */
+function wp_get_original_referer() {
+ if ( !empty( $_REQUEST['_wp_original_http_referer'] ) )
+ return $_REQUEST['_wp_original_http_referer'];
+ return false;
+}
+
+/**
+ * Recursive directory creation based on full path.
+ *
+ * Will attempt to set permissions on folders.
+ *
+ * @since 2.0.1
+ *
+ * @param string $target Full path to attempt to create.
+ * @return bool Whether the path was created. True if path already exists.
+ */
+function wp_mkdir_p( $target ) {
+ // from php.net/mkdir user contributed notes
+ $target = str_replace( '//', '/', $target );
+
+ // safe mode fails with a trailing slash under certain PHP versions.
+ $target = rtrim($target, '/'); // Use rtrim() instead of untrailingslashit to avoid formatting.php dependency.
+ if ( empty($target) )
+ $target = '/';
+
+ if ( file_exists( $target ) )
+ return @is_dir( $target );
+
+ // Attempting to create the directory may clutter up our display.
+ if ( @mkdir( $target ) ) {
+ $stat = @stat( dirname( $target ) );
+ $dir_perms = $stat['mode'] & 0007777; // Get the permission bits.
+ @chmod( $target, $dir_perms );
+ return true;
+ } elseif ( is_dir( dirname( $target ) ) ) {
+ return false;
+ }
+
+ // If the above failed, attempt to create the parent node, then try again.
+ if ( ( $target != '/' ) && ( wp_mkdir_p( dirname( $target ) ) ) )
+ return wp_mkdir_p( $target );
+
+ return false;
+}
+
+/**
+ * Test if a give filesystem path is absolute ('/foo/bar', 'c:\windows').
+ *
+ * @since 2.5.0
+ *
+ * @param string $path File path
+ * @return bool True if path is absolute, false is not absolute.
+ */
+function path_is_absolute( $path ) {
+ // this is definitive if true but fails if $path does not exist or contains a symbolic link
+ if ( realpath($path) == $path )
+ return true;
+
+ if ( strlen($path) == 0 || $path[0] == '.' )
+ return false;
+
+ // windows allows absolute paths like this
+ if ( preg_match('#^[a-zA-Z]:\\\\#', $path) )
+ return true;
+
+ // a path starting with / or \ is absolute; anything else is relative
+ return ( $path[0] == '/' || $path[0] == '\\' );
+}
+
+/**
+ * Join two filesystem paths together (e.g. 'give me $path relative to $base').
+ *
+ * If the $path is absolute, then it the full path is returned.
+ *
+ * @since 2.5.0
+ *
+ * @param string $base
+ * @param string $path
+ * @return string The path with the base or absolute path.
+ */
+function path_join( $base, $path ) {
+ if ( path_is_absolute($path) )
+ return $path;
+
+ return rtrim($base, '/') . '/' . ltrim($path, '/');
+}
+
+/**
+ * Determines a writable directory for temporary files.
+ * Function's preference is to WP_CONTENT_DIR followed by the return value of <code>sys_get_temp_dir()</code>, before finally defaulting to /tmp/
+ *
+ * In the event that this function does not find a writable location, It may be overridden by the <code>WP_TEMP_DIR</code> constant in your <code>wp-config.php</code> file.
+ *
+ * @since 2.5.0
+ *
+ * @return string Writable temporary directory
+ */
+function get_temp_dir() {
+ static $temp;
+ if ( defined('WP_TEMP_DIR') )
+ return trailingslashit(WP_TEMP_DIR);
+
+ if ( $temp )
+ return trailingslashit($temp);
+
+ $temp = WP_CONTENT_DIR . '/';
+ if ( is_dir($temp) && @is_writable($temp) )
+ return $temp;
+
+ if ( function_exists('sys_get_temp_dir') ) {
+ $temp = sys_get_temp_dir();
+ if ( @is_writable($temp) )
+ return trailingslashit($temp);
+ }
+
+ $temp = ini_get('upload_tmp_dir');
+ if ( is_dir($temp) && @is_writable($temp) )
+ return trailingslashit($temp);
+
+ $temp = '/tmp/';
+ return $temp;
+}
+
+/**
+ * Get an array containing the current upload directory's path and url.
+ *
+ * Checks the 'upload_path' option, which should be from the web root folder,
+ * and if it isn't empty it will be used. If it is empty, then the path will be
+ * 'WP_CONTENT_DIR/uploads'. If the 'UPLOADS' constant is defined, then it will
+ * override the 'upload_path' option and 'WP_CONTENT_DIR/uploads' path.
+ *
+ * The upload URL path is set either by the 'upload_url_path' option or by using
+ * the 'WP_CONTENT_URL' constant and appending '/uploads' to the path.
+ *
+ * If the 'uploads_use_yearmonth_folders' is set to true (checkbox if checked in
+ * the administration settings panel), then the time will be used. The format
+ * will be year first and then month.
+ *
+ * If the path couldn't be created, then an error will be returned with the key
+ * 'error' containing the error message. The error suggests that the parent
+ * directory is not writable by the server.
+ *
+ * On success, the returned array will have many indices:
+ * 'path' - base directory and sub directory or full path to upload directory.
+ * 'url' - base url and sub directory or absolute URL to upload directory.
+ * 'subdir' - sub directory if uploads use year/month folders option is on.
+ * 'basedir' - path without subdir.
+ * 'baseurl' - URL path without subdir.
+ * 'error' - set to false.
+ *
+ * @since 2.0.0
+ * @uses apply_filters() Calls 'upload_dir' on returned array.
+ *
+ * @param string $time Optional. Time formatted in 'yyyy/mm'.
+ * @return array See above for description.
+ */
+function wp_upload_dir( $time = null ) {
+ global $switched;
+ $siteurl = get_option( 'siteurl' );
+ $upload_path = get_option( 'upload_path' );
+ $upload_path = trim($upload_path);
+ $main_override = is_multisite() && defined( 'MULTISITE' ) && is_main_site();
+ if ( empty($upload_path) ) {
+ $dir = WP_CONTENT_DIR . '/uploads';
+ } else {
+ $dir = $upload_path;
+ if ( 'wp-content/uploads' == $upload_path ) {
+ $dir = WP_CONTENT_DIR . '/uploads';
+ } elseif ( 0 !== strpos($dir, ABSPATH) ) {
+ // $dir is absolute, $upload_path is (maybe) relative to ABSPATH
+ $dir = path_join( ABSPATH, $dir );
+ }
+ }
+
+ if ( !$url = get_option( 'upload_url_path' ) ) {
+ if ( empty($upload_path) || ( 'wp-content/uploads' == $upload_path ) || ( $upload_path == $dir ) )
+ $url = WP_CONTENT_URL . '/uploads';
+ else
+ $url = trailingslashit( $siteurl ) . $upload_path;
+ }
+
+ if ( defined('UPLOADS') && !$main_override && ( !isset( $switched ) || $switched === false ) ) {
+ $dir = ABSPATH . UPLOADS;
+ $url = trailingslashit( $siteurl ) . UPLOADS;
+ }
+
+ if ( is_multisite() && !$main_override && ( !isset( $switched ) || $switched === false ) ) {
+ if ( defined( 'BLOGUPLOADDIR' ) )
+ $dir = untrailingslashit(BLOGUPLOADDIR);
+ $url = str_replace( UPLOADS, 'files', $url );
+ }
+
+ $bdir = $dir;
+ $burl = $url;
+
+ $subdir = '';
+ if ( get_option( 'uploads_use_yearmonth_folders' ) ) {
+ // Generate the yearly and monthly dirs
+ if ( !$time )
+ $time = current_time( 'mysql' );
+ $y = substr( $time, 0, 4 );
+ $m = substr( $time, 5, 2 );
+ $subdir = "/$y/$m";