* @access public
* @var array
*/
- public $public_query_vars = array('m', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'comments_popup', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type');
+ public $public_query_vars = array('m', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'comments_popup', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'title', 'embed' );
/**
* Private query variables.
if ( $wp_rewrite->use_verbose_page_rules && preg_match( '/pagename=\$matches\[([0-9]+)\]/', $query, $varmatch ) ) {
// This is a verbose page match, let's check to be sure about it.
- if ( ! get_page_by_path( $matches[ $varmatch[1] ] ) )
+ $page = get_page_by_path( $matches[ $varmatch[1] ] );
+ if ( ! $page ) {
continue;
+ }
+
+ $post_status_obj = get_post_status_object( $page->post_status );
+ if ( ! $post_status_obj->public && ! $post_status_obj->protected
+ && ! $post_status_obj->private && $post_status_obj->exclude_from_search ) {
+ continue;
+ }
}
// Got a match.
*/
$this->public_query_vars = apply_filters( 'query_vars', $this->public_query_vars );
- foreach ( get_post_types( array(), 'objects' ) as $post_type => $t )
- if ( $t->query_var )
+ foreach ( get_post_types( array(), 'objects' ) as $post_type => $t ) {
+ if ( is_post_type_viewable( $t ) && $t->query_var ) {
$post_type_query_vars[$t->query_var] = $post_type;
+ }
+ }
foreach ( $this->public_query_vars as $wpvar ) {
if ( isset( $this->extra_query_vars[$wpvar] ) )
if ( $t->query_var && isset( $this->query_vars[$t->query_var] ) )
$this->query_vars[$t->query_var] = str_replace( ' ', '+', $this->query_vars[$t->query_var] );
+ // Don't allow non-public taxonomies to be queried from the front-end.
+ if ( ! is_admin() ) {
+ foreach ( get_taxonomies( array( 'public' => false ), 'objects' ) as $taxonomy => $t ) {
+ /*
+ * Disallow when set to the 'taxonomy' query var.
+ * Non-public taxonomies cannot register custom query vars. See register_taxonomy().
+ */
+ if ( isset( $this->query_vars['taxonomy'] ) && $taxonomy === $this->query_vars['taxonomy'] ) {
+ unset( $this->query_vars['taxonomy'], $this->query_vars['term'] );
+ }
+ }
+ }
+
// Limit publicly queried post_types to those that are publicly_queryable
if ( isset( $this->query_vars['post_type']) ) {
$queryable_post_types = get_post_types( array('publicly_queryable' => true) );
}
/**
- * Send additional HTTP headers for caching, content type, etc.
+ * Sends additional HTTP headers for caching, content type, etc.
*
- * Sets the X-Pingback header, 404 status (if 404), Content-type. If showing
- * a feed, it will also send last-modified, etag, and 304 status if needed.
+ * Sets the Content-Type header. Sets the 'error' status (if passed) and optionally exits.
+ * If showing a feed, it will also send Last-Modified, ETag, and 304 status if needed.
*
* @since 2.0.0
+ * @since 4.4.0 `X-Pingback` header is added conditionally after posts have been queried in handle_404().
*/
public function send_headers() {
- $headers = array('X-Pingback' => get_bloginfo('pingback_url'));
+ $headers = array();
$status = null;
$exit_required = false;
} elseif ( empty( $this->query_vars['feed'] ) ) {
$headers['Content-Type'] = get_option('html_type') . '; charset=' . get_option('blog_charset');
} else {
+ // Set the correct content type for feeds
+ $type = $this->query_vars['feed'];
+ if ( 'feed' == $this->query_vars['feed'] ) {
+ $type = get_default_feed();
+ }
+ $headers['Content-Type'] = feed_content_type( $type ) . '; charset=' . get_option( 'blog_charset' );
+
// We're showing a feed, so WP is indeed the only thing that last changed
if ( !empty($this->query_vars['withcomments'])
|| false !== strpos( $this->query_vars['feed'], 'comments-' )
}
}
- foreach( (array) $headers as $name => $field_value )
+ foreach ( (array) $headers as $name => $field_value )
@header("{$name}: {$field_value}");
if ( $exit_required )
*
* Otherwise, issue a 200.
*
+ * This sets headers after posts have been queried. handle_404() really means "handle status."
+ * By inspecting the result of querying posts, seemingly successful requests can be switched to
+ * a 404 so that canonical redirection logic can kick in.
+ *
* @since 2.0.0
*
* @global WP_Query $wp_query
// Never 404 for the admin, robots, or if we found posts.
if ( is_admin() || is_robots() || $wp_query->posts ) {
- status_header( 200 );
- return;
+
+ $success = true;
+ if ( is_singular() ) {
+ $p = clone $wp_query->post;
+ // Only set X-Pingback for single posts that allow pings.
+ if ( $p && pings_open( $p ) ) {
+ @header( 'X-Pingback: ' . get_bloginfo( 'pingback_url' ) );
+ }
+
+ // check for paged content that exceeds the max number of pages
+ $next = '<!--nextpage-->';
+ if ( $p && false !== strpos( $p->post_content, $next ) && ! empty( $this->query_vars['page'] ) ) {
+ $page = trim( $this->query_vars['page'], '/' );
+ $success = (int) $page <= ( substr_count( $p->post_content, $next ) + 1 );
+ }
+ }
+
+ if ( $success ) {
+ status_header( 200 );
+ return;
+ }
}
// We will 404 for paged queries, as no posts were found.