X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/0461a5f2e55c8d5f1fde96ca2e83117152573c7d..9e77185fafaf4e60e2b73821e0e4b9b1a11fb85f:/wp-includes/canonical.php diff --git a/wp-includes/canonical.php b/wp-includes/canonical.php index 5aefe2ba..c1b90251 100644 --- a/wp-includes/canonical.php +++ b/wp-includes/canonical.php @@ -39,8 +39,23 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { global $wp_rewrite, $is_IIS, $wp_query, $wpdb; - if ( is_trackback() || is_search() || is_comments_popup() || is_admin() || !empty($_POST) || is_preview() || is_robots() || ( $is_IIS && !iis7_supports_permalinks() ) ) + if ( isset( $_SERVER['REQUEST_METHOD'] ) && ! in_array( strtoupper( $_SERVER['REQUEST_METHOD'] ), array( 'GET', 'HEAD' ) ) ) { return; + } + + // If we're not in wp-admin and the post has been published and preview nonce + // is non-existent or invalid then no need for preview in query + if ( is_preview() && get_query_var( 'p' ) && 'publish' == get_post_status( get_query_var( 'p' ) ) ) { + if ( ! isset( $_GET['preview_id'] ) + || ! isset( $_GET['preview_nonce'] ) + || ! wp_verify_nonce( $_GET['preview_nonce'], 'post_preview_' . (int) $_GET['preview_id'] ) ) { + $wp_query->is_preview = false; + } + } + + if ( is_trackback() || is_search() || is_comments_popup() || is_admin() || is_preview() || is_robots() || ( $is_IIS && !iis7_supports_permalinks() ) ) { + return; + } if ( !$requested_url ) { // build the URL in the address bar @@ -68,6 +83,11 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { if ( !isset($redirect['query']) ) $redirect['query'] = ''; + // It's not a preview, so remove it from URL + if ( get_query_var( 'preview' ) ) { + $redirect['query'] = remove_query_arg( 'preview', $redirect['query'] ); + } + if ( is_feed() && ( $id = get_query_var( 'p' ) ) ) { if ( $redirect_url = get_post_comments_feed_link( $id, get_query_var( 'feed' ) ) ) { $redirect['query'] = _remove_qs_args_if_not_in_url( $redirect['query'], array( 'p', 'page_id', 'attachment_id', 'pagename', 'name', 'post_type', 'feed'), $redirect_url ); @@ -295,11 +315,13 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { } if ( 'wp-register.php' == basename( $redirect['path'] ) ) { - if ( is_multisite() ) + if ( is_multisite() ) { /** This filter is documented in wp-login.php */ $redirect_url = apply_filters( 'wp_signup_location', network_site_url( 'wp-signup.php' ) ); - else + } else { $redirect_url = site_url( 'wp-login.php?action=register' ); + } + wp_redirect( $redirect_url, 301 ); die(); } @@ -338,6 +360,10 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { else unset($redirect['port']); + if ( ! empty( $user_home['scheme'] ) && $user_home['scheme'] === 'https' ) { + $redirect['scheme'] = 'https'; + } + // trailing /index.php $redirect['path'] = preg_replace('|/' . preg_quote( $wp_rewrite->index, '|' ) . '/*?$|', '/', $redirect['path']); @@ -395,7 +421,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { ( strtolower($original['host']) != 'www.' . strtolower($redirect['host']) && 'www.' . strtolower($original['host']) != strtolower($redirect['host']) ) ) $redirect['host'] = $original['host']; - $compare_original = array($original['host'], $original['path']); + $compare_original = array( $original['scheme'], $original['host'], $original['path'] ); if ( !empty( $original['port'] ) ) $compare_original[] = $original['port']; @@ -403,7 +429,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { if ( !empty( $original['query'] ) ) $compare_original[] = $original['query']; - $compare_redirect = array($redirect['host'], $redirect['path']); + $compare_redirect = array( $redirect['scheme'], $redirect['host'], $redirect['path'] ); if ( !empty( $redirect['port'] ) ) $compare_redirect[] = $redirect['port']; @@ -498,7 +524,7 @@ function redirect_guess_404_permalink() { global $wpdb, $wp_rewrite; if ( get_query_var('name') ) { - $where = $wpdb->prepare("post_name LIKE %s", like_escape( get_query_var('name') ) . '%'); + $where = $wpdb->prepare("post_name LIKE %s", $wpdb->esc_like( get_query_var('name') ) . '%'); // if any of post_type, year, monthnum, or day are set, use them to refine the query if ( get_query_var('post_type') )