]> scripts.mit.edu Git - autoinstalls/wordpress.git/blobdiff - wp-includes/canonical.php
WordPress 4.6.2
[autoinstalls/wordpress.git] / wp-includes / canonical.php
index 423dcc6366df2efe99c09443709942e5be2c53cd..11c513d31ae9e0d7ec25e0d2daca585bc7b50867 100644 (file)
@@ -17,7 +17,7 @@
  * prevents penalty for duplicate content by redirecting all incoming links to
  * one or the other.
  *
- * Prevents redirection for feeds, trackbacks, searches, comment popup, and
+ * Prevents redirection for feeds, trackbacks, searches, and
  * admin URLs. Does not redirect on non-pretty-permalink-supporting IIS 7+,
  * page/post previews, WP admin, Trackbacks, robots.txt, searches, or on POST
  * requests.
  * or query in an attempt to figure the correct page to go to.
  *
  * @since 2.3.0
- * @uses $wp_rewrite
- * @uses $is_IIS
+ *
+ * @global WP_Rewrite $wp_rewrite
+ * @global bool $is_IIS
+ * @global WP_Query $wp_query
+ * @global wpdb $wpdb WordPress database abstraction object.
  *
  * @param string $requested_url Optional. The URL that was requested, used to
  *             figure if redirect is needed.
  * @param bool $do_redirect Optional. Redirect to the new URL.
- * @return null|false|string Null, if redirect not needed. False, if redirect
- *             not needed or the string of the URL
+ * @return string|void The string of the URL, if redirect needed.
  */
 function redirect_canonical( $requested_url = null, $do_redirect = true ) {
-       global $wp_rewrite, $is_IIS, $wp_query, $wpdb;
+       global $wp_rewrite, $is_IIS, $wp_query, $wpdb, $wp;
 
-       if ( is_trackback() || is_search() || is_comments_popup() || is_admin() || !empty($_POST) || is_preview() || is_robots() || ( $is_IIS && !iis7_supports_permalinks() ) )
+       if ( isset( $_SERVER['REQUEST_METHOD'] ) && ! in_array( strtoupper( $_SERVER['REQUEST_METHOD'] ), array( 'GET', 'HEAD' ) ) ) {
                return;
+       }
 
-       if ( !$requested_url ) {
+       // If we're not in wp-admin and the post has been published and preview nonce
+       // is non-existent or invalid then no need for preview in query
+       if ( is_preview() && get_query_var( 'p' ) && 'publish' == get_post_status( get_query_var( 'p' ) ) ) {
+               if ( ! isset( $_GET['preview_id'] )
+                       || ! isset( $_GET['preview_nonce'] )
+                       || ! wp_verify_nonce( $_GET['preview_nonce'], 'post_preview_' . (int) $_GET['preview_id'] ) ) {
+                       $wp_query->is_preview = false;
+               }
+       }
+
+       if ( is_trackback() || is_search() || is_admin() || is_preview() || is_robots() || ( $is_IIS && !iis7_supports_permalinks() ) ) {
+               return;
+       }
+
+       if ( ! $requested_url && isset( $_SERVER['HTTP_HOST'] ) ) {
                // build the URL in the address bar
                $requested_url  = is_ssl() ? 'https://' : 'http://';
                $requested_url .= $_SERVER['HTTP_HOST'];
@@ -50,14 +67,9 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
        }
 
        $original = @parse_url($requested_url);
-       if ( false === $original )
+       if ( false === $original ) {
                return;
-
-       // Some PHP setups turn requests for / into /index.php in REQUEST_URI
-       // See: http://trac.wordpress.org/ticket/5017
-       // See: http://trac.wordpress.org/ticket/7173
-       // Disabled, for now:
-       // $original['path'] = preg_replace('|/index\.php$|', '/', $original['path']);
+       }
 
        $redirect = $original;
        $redirect_url = false;
@@ -68,6 +80,16 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
        if ( !isset($redirect['query']) )
                $redirect['query'] = '';
 
+       // If the original URL ended with non-breaking spaces, they were almost
+       // certainly inserted by accident. Let's remove them, so the reader doesn't
+       // see a 404 error with no obvious cause.
+       $redirect['path'] = preg_replace( '|(%C2%A0)+$|i', '', $redirect['path'] );
+
+       // It's not a preview, so remove it from URL
+       if ( get_query_var( 'preview' ) ) {
+               $redirect['query'] = remove_query_arg( 'preview', $redirect['query'] );
+       }
+
        if ( is_feed() && ( $id = get_query_var( 'p' ) ) ) {
                if ( $redirect_url = get_post_comments_feed_link( $id, get_query_var( 'feed' ) ) ) {
                        $redirect['query'] = _remove_qs_args_if_not_in_url( $redirect['query'], array( 'p', 'page_id', 'attachment_id', 'pagename', 'name', 'post_type', 'feed'), $redirect_url );
@@ -95,23 +117,52 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
                $id = max( get_query_var('p'), get_query_var('page_id'), get_query_var('attachment_id') );
                if ( $id && $redirect_post = get_post($id) ) {
                        $post_type_obj = get_post_type_object($redirect_post->post_type);
-                       if ( $post_type_obj->public ) {
+                       if ( $post_type_obj->public && 'auto-draft' != $redirect_post->post_status ) {
                                $redirect_url = get_permalink($redirect_post);
                                $redirect['query'] = _remove_qs_args_if_not_in_url( $redirect['query'], array( 'p', 'page_id', 'attachment_id', 'pagename', 'name', 'post_type' ), $redirect_url );
                        }
                }
 
+               if ( get_query_var( 'day' ) && get_query_var( 'monthnum' ) && get_query_var( 'year' ) ) {
+                       $year  = get_query_var( 'year' );
+                       $month = get_query_var( 'monthnum' );
+                       $day   = get_query_var( 'day' );
+                       $date  = sprintf( '%04d-%02d-%02d', $year, $month, $day );
+                       if ( ! wp_checkdate( $month, $day, $year, $date ) ) {
+                               $redirect_url = get_month_link( $year, $month );
+                               $redirect['query'] = _remove_qs_args_if_not_in_url( $redirect['query'], array( 'year', 'monthnum', 'day' ), $redirect_url );
+                       }
+               } elseif ( get_query_var( 'monthnum' ) && get_query_var( 'year' ) && 12 < get_query_var( 'monthnum' ) ) {
+                       $redirect_url = get_year_link( get_query_var( 'year' ) );
+                       $redirect['query'] = _remove_qs_args_if_not_in_url( $redirect['query'], array( 'year', 'monthnum' ), $redirect_url );
+               }
+
                if ( ! $redirect_url ) {
                        if ( $redirect_url = redirect_guess_404_permalink() ) {
                                $redirect['query'] = _remove_qs_args_if_not_in_url( $redirect['query'], array( 'page', 'feed', 'p', 'page_id', 'attachment_id', 'pagename', 'name', 'post_type' ), $redirect_url );
                        }
                }
 
+               if ( get_query_var( 'page' ) && $wp_query->post &&
+                       false !== strpos( $wp_query->post->post_content, '<!--nextpage-->' ) ) {
+                       $redirect['path'] = rtrim( $redirect['path'], (int) get_query_var( 'page' ) . '/' );
+                       $redirect['query'] = remove_query_arg( 'page', $redirect['query'] );
+                       $redirect_url = get_permalink( $wp_query->post->ID );
+               }
+
        } elseif ( is_object($wp_rewrite) && $wp_rewrite->using_permalinks() ) {
                // rewriting of old ?p=X, ?m=2004, ?m=200401, ?m=20040101
-               if ( is_attachment() && !empty($_GET['attachment_id']) && ! $redirect_url ) {
-                       if ( $redirect_url = get_attachment_link(get_query_var('attachment_id')) )
-                               $redirect['query'] = remove_query_arg('attachment_id', $redirect['query']);
+               if ( is_attachment() &&
+                       ! array_diff( array_keys( $wp->query_vars ), array( 'attachment', 'attachment_id' ) ) &&
+                       ! $redirect_url ) {
+                       if ( ! empty( $_GET['attachment_id'] ) ) {
+                               $redirect_url = get_attachment_link( get_query_var( 'attachment_id' ) );
+                               if ( $redirect_url ) {
+                                       $redirect['query'] = remove_query_arg( 'attachment_id', $redirect['query'] );
+                               }
+                       } else {
+                               $redirect_url = get_attachment_link();
+                       }
                } elseif ( is_single() && !empty($_GET['p']) && ! $redirect_url ) {
                        if ( $redirect_url = get_permalink(get_query_var('p')) )
                                $redirect['query'] = remove_query_arg(array('p', 'post_type'), $redirect['query']);
@@ -121,7 +172,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
                } elseif ( is_page() && !empty($_GET['page_id']) && ! $redirect_url ) {
                        if ( $redirect_url = get_permalink(get_query_var('page_id')) )
                                $redirect['query'] = remove_query_arg('page_id', $redirect['query']);
-               } elseif ( is_page() && !is_feed() && isset($wp_query->queried_object) && 'page' == get_option('show_on_front') && $wp_query->queried_object->ID == get_option('page_on_front')  && ! $redirect_url ) {
+               } elseif ( is_page() && !is_feed() && 'page' == get_option('show_on_front') && get_queried_object_id() == get_option('page_on_front')  && ! $redirect_url ) {
                        $redirect_url = home_url('/');
                } elseif ( is_home() && !empty($_GET['page_id']) && 'page' == get_option('show_on_front') && get_query_var('page_id') == get_option('page_for_posts')  && ! $redirect_url ) {
                        if ( $redirect_url = get_permalink(get_option('page_for_posts')) )
@@ -160,7 +211,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
                } elseif ( is_category() || is_tag() || is_tax() ) { // Terms (Tags/categories)
 
                        $term_count = 0;
-                       foreach ( $wp_query->tax_query->queries as $tax_query )
+                       foreach ( $wp_query->tax_query->queried_terms as $tax_query )
                                $term_count += count( $tax_query['terms'] );
 
                        $obj = $wp_query->get_queried_object();
@@ -205,26 +256,34 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
                        }
                } elseif ( is_single() && strpos($wp_rewrite->permalink_structure, '%category%') !== false && $cat = get_query_var( 'category_name' ) ) {
                        $category = get_category_by_path( $cat );
-                       $post_terms = wp_get_object_terms($wp_query->get_queried_object_id(), 'category', array('fields' => 'tt_ids'));
-                       if ( (!$category || is_wp_error($category)) || ( !is_wp_error($post_terms) && !empty($post_terms) && !in_array($category->term_taxonomy_id, $post_terms) ) )
+                       if ( ( ! $category || is_wp_error( $category ) ) || ! has_term( $category->term_id, 'category', $wp_query->get_queried_object_id() ) ) {
                                $redirect_url = get_permalink($wp_query->get_queried_object_id());
+                       }
                }
 
                // Post Paging
-               if ( is_singular() && ! is_front_page() && get_query_var('page') ) {
+               if ( is_singular() && get_query_var('page') ) {
                        if ( !$redirect_url )
                                $redirect_url = get_permalink( get_queried_object_id() );
-                       $redirect_url = trailingslashit( $redirect_url ) . user_trailingslashit( get_query_var( 'page' ), 'single_paged' );
+
+                       $page = get_query_var( 'page' );
+                       if ( $page > 1 ) {
+                               if ( is_front_page() ) {
+                                       $redirect_url = trailingslashit( $redirect_url ) . user_trailingslashit( "$wp_rewrite->pagination_base/$page", 'paged' );
+                               } else {
+                                       $redirect_url = trailingslashit( $redirect_url ) . user_trailingslashit( $page, 'single_paged' );
+                               }
+                       }
                        $redirect['query'] = remove_query_arg( 'page', $redirect['query'] );
                }
 
                // paging and feeds
                if ( get_query_var('paged') || is_feed() || get_query_var('cpage') ) {
-                       while ( preg_match( "#/$wp_rewrite->pagination_base/?[0-9]+?(/+)?$#", $redirect['path'] ) || preg_match( '#/(comments/?)?(feed|rss|rdf|atom|rss2)(/+)?$#', $redirect['path'] ) || preg_match( '#/comment-page-[0-9]+(/+)?$#', $redirect['path'] ) ) {
+                       while ( preg_match( "#/$wp_rewrite->pagination_base/?[0-9]+?(/+)?$#", $redirect['path'] ) || preg_match( '#/(comments/?)?(feed|rss|rdf|atom|rss2)(/+)?$#', $redirect['path'] ) || preg_match( "#/{$wp_rewrite->comments_pagination_base}-[0-9]+(/+)?$#", $redirect['path'] ) ) {
                                // Strip off paging and feed
                                $redirect['path'] = preg_replace("#/$wp_rewrite->pagination_base/?[0-9]+?(/+)?$#", '/', $redirect['path']); // strip off any existing paging
                                $redirect['path'] = preg_replace('#/(comments/?)?(feed|rss2?|rdf|atom)(/+|$)#', '/', $redirect['path']); // strip off feed endings
-                               $redirect['path'] = preg_replace('#/comment-page-[0-9]+?(/+)?$#', '/', $redirect['path']); // strip off any existing comment paging
+                               $redirect['path'] = preg_replace("#/{$wp_rewrite->comments_pagination_base}-[0-9]+?(/+)?$#", '/', $redirect['path']); // strip off any existing comment paging
                        }
 
                        $addl_path = '';
@@ -267,8 +326,11 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
                                }
                        }
 
-                       if ( get_option('page_comments') && ( ( 'newest' == get_option('default_comments_page') && get_query_var('cpage') > 0 ) || ( 'newest' != get_option('default_comments_page') && get_query_var('cpage') > 1 ) ) ) {
-                               $addl_path = ( !empty( $addl_path ) ? trailingslashit($addl_path) : '' ) . user_trailingslashit( 'comment-page-' . get_query_var('cpage'), 'commentpaged' );
+                       if ( get_option( 'page_comments' ) && (
+                               ( 'newest' == get_option( 'default_comments_page' ) && get_query_var( 'cpage' ) > 0 ) ||
+                               ( 'newest' != get_option( 'default_comments_page' ) && get_query_var( 'cpage' ) > 1 )
+                       ) ) {
+                               $addl_path = ( !empty( $addl_path ) ? trailingslashit($addl_path) : '' ) . user_trailingslashit( $wp_rewrite->comments_pagination_base . '-' . get_query_var('cpage'), 'commentpaged' );
                                $redirect['query'] = remove_query_arg( 'cpage', $redirect['query'] );
                        }
 
@@ -281,10 +343,13 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
                }
 
                if ( 'wp-register.php' == basename( $redirect['path'] ) ) {
-                       if ( is_multisite() )
+                       if ( is_multisite() ) {
+                               /** This filter is documented in wp-login.php */
                                $redirect_url = apply_filters( 'wp_signup_location', network_site_url( 'wp-signup.php' ) );
-                       else
-                               $redirect_url = site_url( 'wp-login.php?action=register' );
+                       } else {
+                               $redirect_url = wp_registration_url();
+                       }
+
                        wp_redirect( $redirect_url, 301 );
                        die();
                }
@@ -380,7 +445,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
                ( strtolower($original['host']) != 'www.' . strtolower($redirect['host']) && 'www.' . strtolower($original['host']) != strtolower($redirect['host']) ) )
                $redirect['host'] = $original['host'];
 
-       $compare_original = array($original['host'], $original['path']);
+       $compare_original = array( $original['host'], $original['path'] );
 
        if ( !empty( $original['port'] ) )
                $compare_original[] = $original['port'];
@@ -388,7 +453,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
        if ( !empty( $original['query'] ) )
                $compare_original[] = $original['query'];
 
-       $compare_redirect = array($redirect['host'], $redirect['path']);
+       $compare_redirect = array( $redirect['host'], $redirect['path'] );
 
        if ( !empty( $redirect['port'] ) )
                $compare_redirect[] = $redirect['port'];
@@ -405,12 +470,22 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
                        $redirect_url .= '?' . $redirect['query'];
        }
 
-       if ( !$redirect_url || $redirect_url == $requested_url )
-               return false;
+       if ( ! $redirect_url || $redirect_url == $requested_url ) {
+               return;
+       }
 
        // Hex encoded octets are case-insensitive.
        if ( false !== strpos($requested_url, '%') ) {
                if ( !function_exists('lowercase_octets') ) {
+                       /**
+                        * Converts the first hex-encoded octet match to lowercase.
+                        *
+                        * @since 3.1.0
+                        * @ignore
+                        *
+                        * @param array $matches Hex-encoded octet matches for the requested URL.
+                        * @return string Lowercased version of the first match.
+                        */
                        function lowercase_octets($matches) {
                                return strtolower( $matches[0] );
                        }
@@ -418,11 +493,22 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
                $requested_url = preg_replace_callback('|%[a-fA-F0-9][a-fA-F0-9]|', 'lowercase_octets', $requested_url);
        }
 
-       // Note that you can use the "redirect_canonical" filter to cancel a canonical redirect for whatever reason by returning false
-       $redirect_url = apply_filters('redirect_canonical', $redirect_url, $requested_url);
-
-       if ( !$redirect_url || $redirect_url == $requested_url ) // yes, again -- in case the filter aborted the request
-               return false;
+       /**
+        * Filters the canonical redirect URL.
+        *
+        * Returning false to this filter will cancel the redirect.
+        *
+        * @since 2.3.0
+        *
+        * @param string $redirect_url  The redirect URL.
+        * @param string $requested_url The requested URL.
+        */
+       $redirect_url = apply_filters( 'redirect_canonical', $redirect_url, $requested_url );
+
+       // yes, again -- in case the filter aborted the request
+       if ( ! $redirect_url || strip_fragment_from_url( $redirect_url ) == strip_fragment_from_url( $requested_url ) ) {
+               return;
+       }
 
        if ( $do_redirect ) {
                // protect against chained redirects
@@ -432,7 +518,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
                } else {
                        // Debug
                        // die("1: $redirect_url<br />2: " . redirect_canonical( $redirect_url, false ) );
-                       return false;
+                       return;
                }
        } else {
                return $redirect_url;
@@ -443,9 +529,12 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
  * Removes arguments from a query string if they are not present in a URL
  * DO NOT use this in plugin code.
  *
- * @since 3.4
+ * @since 3.4.0
  * @access private
  *
+ * @param string $query_string
+ * @param array $args_to_check
+ * @param string $url
  * @return string The altered query string
  */
 function _remove_qs_args_if_not_in_url( $query_string, Array $args_to_check, $url ) {
@@ -462,19 +551,45 @@ function _remove_qs_args_if_not_in_url( $query_string, Array $args_to_check, $ur
        return $query_string;
 }
 
+/**
+ * Strips the #fragment from a URL, if one is present.
+ *
+ * @since 4.4.0
+ *
+ * @param string $url The URL to strip.
+ * @return string The altered URL.
+ */
+function strip_fragment_from_url( $url ) {
+       $parsed_url = @parse_url( $url );
+       if ( ! empty( $parsed_url['host'] ) ) {
+               // This mirrors code in redirect_canonical(). It does not handle every case.
+               $url = $parsed_url['scheme'] . '://' . $parsed_url['host'];
+               if ( ! empty( $parsed_url['port'] ) ) {
+                       $url .= ':' . $parsed_url['port'];
+               }
+               $url .= $parsed_url['path'];
+               if ( ! empty( $parsed_url['query'] ) ) {
+                       $url .= '?' . $parsed_url['query'];
+               }
+       }
+
+       return $url;
+}
+
 /**
  * Attempts to guess the correct URL based on query vars
  *
  * @since 2.3.0
- * @uses $wpdb
  *
- * @return bool|string The correct URL if one is found. False on failure.
+ * @global wpdb $wpdb WordPress database abstraction object.
+ *
+ * @return false|string The correct URL if one is found. False on failure.
  */
 function redirect_guess_404_permalink() {
-       global $wpdb, $wp_rewrite;
+       global $wpdb;
 
        if ( get_query_var('name') ) {
-               $where = $wpdb->prepare("post_name LIKE %s", like_escape( get_query_var('name') ) . '%');
+               $where = $wpdb->prepare("post_name LIKE %s", $wpdb->esc_like( get_query_var('name') ) . '%');
 
                // if any of post_type, year, monthnum, or day are set, use them to refine the query
                if ( get_query_var('post_type') )
@@ -494,7 +609,7 @@ function redirect_guess_404_permalink() {
                        return false;
                if ( get_query_var( 'feed' ) )
                        return get_post_comments_feed_link( $post_id, get_query_var( 'feed' ) );
-               elseif ( get_query_var( 'page' ) )
+               elseif ( get_query_var( 'page' ) && 1 < get_query_var( 'page' ) )
                        return trailingslashit( get_permalink( $post_id ) ) . user_trailingslashit( get_query_var( 'page' ), 'single_paged' );
                else
                        return get_permalink( $post_id );
@@ -503,8 +618,16 @@ function redirect_guess_404_permalink() {
        return false;
 }
 
-add_action('template_redirect', 'redirect_canonical');
-
+/**
+ * Redirects a variety of shorthand URLs to the admin.
+ *
+ * If a user visits example.com/admin, they'll be redirected to /wp-admin.
+ * Visiting /login redirects to /wp-login.php, and so on.
+ *
+ * @since 3.4.0
+ *
+ * @global WP_Rewrite $wp_rewrite
+ */
 function wp_redirect_admin_locations() {
        global $wp_rewrite;
        if ( ! ( is_404() && $wp_rewrite->using_permalinks() ) )
@@ -528,9 +651,7 @@ function wp_redirect_admin_locations() {
                site_url( 'login', 'relative' ),
        );
        if ( in_array( untrailingslashit( $_SERVER['REQUEST_URI'] ), $logins ) ) {
-               wp_redirect( site_url( 'wp-login.php', 'login' ) );
+               wp_redirect( wp_login_url() );
                exit;
        }
 }
-
-add_action( 'template_redirect', 'wp_redirect_admin_locations', 1000 );