X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/61343b82c4f0da4c68e4c6373daafff4a81efdd1..073c5ed6408e2f00dc1863b463fe205467628905:/wp-includes/canonical.php diff --git a/wp-includes/canonical.php b/wp-includes/canonical.php index 423dcc63..11c513d3 100644 --- a/wp-includes/canonical.php +++ b/wp-includes/canonical.php @@ -17,7 +17,7 @@ * prevents penalty for duplicate content by redirecting all incoming links to * one or the other. * - * Prevents redirection for feeds, trackbacks, searches, comment popup, and + * Prevents redirection for feeds, trackbacks, searches, and * admin URLs. Does not redirect on non-pretty-permalink-supporting IIS 7+, * page/post previews, WP admin, Trackbacks, robots.txt, searches, or on POST * requests. @@ -27,22 +27,39 @@ * or query in an attempt to figure the correct page to go to. * * @since 2.3.0 - * @uses $wp_rewrite - * @uses $is_IIS + * + * @global WP_Rewrite $wp_rewrite + * @global bool $is_IIS + * @global WP_Query $wp_query + * @global wpdb $wpdb WordPress database abstraction object. * * @param string $requested_url Optional. The URL that was requested, used to * figure if redirect is needed. * @param bool $do_redirect Optional. Redirect to the new URL. - * @return null|false|string Null, if redirect not needed. False, if redirect - * not needed or the string of the URL + * @return string|void The string of the URL, if redirect needed. */ function redirect_canonical( $requested_url = null, $do_redirect = true ) { - global $wp_rewrite, $is_IIS, $wp_query, $wpdb; + global $wp_rewrite, $is_IIS, $wp_query, $wpdb, $wp; - if ( is_trackback() || is_search() || is_comments_popup() || is_admin() || !empty($_POST) || is_preview() || is_robots() || ( $is_IIS && !iis7_supports_permalinks() ) ) + if ( isset( $_SERVER['REQUEST_METHOD'] ) && ! in_array( strtoupper( $_SERVER['REQUEST_METHOD'] ), array( 'GET', 'HEAD' ) ) ) { return; + } - if ( !$requested_url ) { + // If we're not in wp-admin and the post has been published and preview nonce + // is non-existent or invalid then no need for preview in query + if ( is_preview() && get_query_var( 'p' ) && 'publish' == get_post_status( get_query_var( 'p' ) ) ) { + if ( ! isset( $_GET['preview_id'] ) + || ! isset( $_GET['preview_nonce'] ) + || ! wp_verify_nonce( $_GET['preview_nonce'], 'post_preview_' . (int) $_GET['preview_id'] ) ) { + $wp_query->is_preview = false; + } + } + + if ( is_trackback() || is_search() || is_admin() || is_preview() || is_robots() || ( $is_IIS && !iis7_supports_permalinks() ) ) { + return; + } + + if ( ! $requested_url && isset( $_SERVER['HTTP_HOST'] ) ) { // build the URL in the address bar $requested_url = is_ssl() ? 'https://' : 'http://'; $requested_url .= $_SERVER['HTTP_HOST']; @@ -50,14 +67,9 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { } $original = @parse_url($requested_url); - if ( false === $original ) + if ( false === $original ) { return; - - // Some PHP setups turn requests for / into /index.php in REQUEST_URI - // See: http://trac.wordpress.org/ticket/5017 - // See: http://trac.wordpress.org/ticket/7173 - // Disabled, for now: - // $original['path'] = preg_replace('|/index\.php$|', '/', $original['path']); + } $redirect = $original; $redirect_url = false; @@ -68,6 +80,16 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { if ( !isset($redirect['query']) ) $redirect['query'] = ''; + // If the original URL ended with non-breaking spaces, they were almost + // certainly inserted by accident. Let's remove them, so the reader doesn't + // see a 404 error with no obvious cause. + $redirect['path'] = preg_replace( '|(%C2%A0)+$|i', '', $redirect['path'] ); + + // It's not a preview, so remove it from URL + if ( get_query_var( 'preview' ) ) { + $redirect['query'] = remove_query_arg( 'preview', $redirect['query'] ); + } + if ( is_feed() && ( $id = get_query_var( 'p' ) ) ) { if ( $redirect_url = get_post_comments_feed_link( $id, get_query_var( 'feed' ) ) ) { $redirect['query'] = _remove_qs_args_if_not_in_url( $redirect['query'], array( 'p', 'page_id', 'attachment_id', 'pagename', 'name', 'post_type', 'feed'), $redirect_url ); @@ -95,23 +117,52 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { $id = max( get_query_var('p'), get_query_var('page_id'), get_query_var('attachment_id') ); if ( $id && $redirect_post = get_post($id) ) { $post_type_obj = get_post_type_object($redirect_post->post_type); - if ( $post_type_obj->public ) { + if ( $post_type_obj->public && 'auto-draft' != $redirect_post->post_status ) { $redirect_url = get_permalink($redirect_post); $redirect['query'] = _remove_qs_args_if_not_in_url( $redirect['query'], array( 'p', 'page_id', 'attachment_id', 'pagename', 'name', 'post_type' ), $redirect_url ); } } + if ( get_query_var( 'day' ) && get_query_var( 'monthnum' ) && get_query_var( 'year' ) ) { + $year = get_query_var( 'year' ); + $month = get_query_var( 'monthnum' ); + $day = get_query_var( 'day' ); + $date = sprintf( '%04d-%02d-%02d', $year, $month, $day ); + if ( ! wp_checkdate( $month, $day, $year, $date ) ) { + $redirect_url = get_month_link( $year, $month ); + $redirect['query'] = _remove_qs_args_if_not_in_url( $redirect['query'], array( 'year', 'monthnum', 'day' ), $redirect_url ); + } + } elseif ( get_query_var( 'monthnum' ) && get_query_var( 'year' ) && 12 < get_query_var( 'monthnum' ) ) { + $redirect_url = get_year_link( get_query_var( 'year' ) ); + $redirect['query'] = _remove_qs_args_if_not_in_url( $redirect['query'], array( 'year', 'monthnum' ), $redirect_url ); + } + if ( ! $redirect_url ) { if ( $redirect_url = redirect_guess_404_permalink() ) { $redirect['query'] = _remove_qs_args_if_not_in_url( $redirect['query'], array( 'page', 'feed', 'p', 'page_id', 'attachment_id', 'pagename', 'name', 'post_type' ), $redirect_url ); } } + if ( get_query_var( 'page' ) && $wp_query->post && + false !== strpos( $wp_query->post->post_content, '' ) ) { + $redirect['path'] = rtrim( $redirect['path'], (int) get_query_var( 'page' ) . '/' ); + $redirect['query'] = remove_query_arg( 'page', $redirect['query'] ); + $redirect_url = get_permalink( $wp_query->post->ID ); + } + } elseif ( is_object($wp_rewrite) && $wp_rewrite->using_permalinks() ) { // rewriting of old ?p=X, ?m=2004, ?m=200401, ?m=20040101 - if ( is_attachment() && !empty($_GET['attachment_id']) && ! $redirect_url ) { - if ( $redirect_url = get_attachment_link(get_query_var('attachment_id')) ) - $redirect['query'] = remove_query_arg('attachment_id', $redirect['query']); + if ( is_attachment() && + ! array_diff( array_keys( $wp->query_vars ), array( 'attachment', 'attachment_id' ) ) && + ! $redirect_url ) { + if ( ! empty( $_GET['attachment_id'] ) ) { + $redirect_url = get_attachment_link( get_query_var( 'attachment_id' ) ); + if ( $redirect_url ) { + $redirect['query'] = remove_query_arg( 'attachment_id', $redirect['query'] ); + } + } else { + $redirect_url = get_attachment_link(); + } } elseif ( is_single() && !empty($_GET['p']) && ! $redirect_url ) { if ( $redirect_url = get_permalink(get_query_var('p')) ) $redirect['query'] = remove_query_arg(array('p', 'post_type'), $redirect['query']); @@ -121,7 +172,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { } elseif ( is_page() && !empty($_GET['page_id']) && ! $redirect_url ) { if ( $redirect_url = get_permalink(get_query_var('page_id')) ) $redirect['query'] = remove_query_arg('page_id', $redirect['query']); - } elseif ( is_page() && !is_feed() && isset($wp_query->queried_object) && 'page' == get_option('show_on_front') && $wp_query->queried_object->ID == get_option('page_on_front') && ! $redirect_url ) { + } elseif ( is_page() && !is_feed() && 'page' == get_option('show_on_front') && get_queried_object_id() == get_option('page_on_front') && ! $redirect_url ) { $redirect_url = home_url('/'); } elseif ( is_home() && !empty($_GET['page_id']) && 'page' == get_option('show_on_front') && get_query_var('page_id') == get_option('page_for_posts') && ! $redirect_url ) { if ( $redirect_url = get_permalink(get_option('page_for_posts')) ) @@ -160,7 +211,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { } elseif ( is_category() || is_tag() || is_tax() ) { // Terms (Tags/categories) $term_count = 0; - foreach ( $wp_query->tax_query->queries as $tax_query ) + foreach ( $wp_query->tax_query->queried_terms as $tax_query ) $term_count += count( $tax_query['terms'] ); $obj = $wp_query->get_queried_object(); @@ -205,26 +256,34 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { } } elseif ( is_single() && strpos($wp_rewrite->permalink_structure, '%category%') !== false && $cat = get_query_var( 'category_name' ) ) { $category = get_category_by_path( $cat ); - $post_terms = wp_get_object_terms($wp_query->get_queried_object_id(), 'category', array('fields' => 'tt_ids')); - if ( (!$category || is_wp_error($category)) || ( !is_wp_error($post_terms) && !empty($post_terms) && !in_array($category->term_taxonomy_id, $post_terms) ) ) + if ( ( ! $category || is_wp_error( $category ) ) || ! has_term( $category->term_id, 'category', $wp_query->get_queried_object_id() ) ) { $redirect_url = get_permalink($wp_query->get_queried_object_id()); + } } // Post Paging - if ( is_singular() && ! is_front_page() && get_query_var('page') ) { + if ( is_singular() && get_query_var('page') ) { if ( !$redirect_url ) $redirect_url = get_permalink( get_queried_object_id() ); - $redirect_url = trailingslashit( $redirect_url ) . user_trailingslashit( get_query_var( 'page' ), 'single_paged' ); + + $page = get_query_var( 'page' ); + if ( $page > 1 ) { + if ( is_front_page() ) { + $redirect_url = trailingslashit( $redirect_url ) . user_trailingslashit( "$wp_rewrite->pagination_base/$page", 'paged' ); + } else { + $redirect_url = trailingslashit( $redirect_url ) . user_trailingslashit( $page, 'single_paged' ); + } + } $redirect['query'] = remove_query_arg( 'page', $redirect['query'] ); } // paging and feeds if ( get_query_var('paged') || is_feed() || get_query_var('cpage') ) { - while ( preg_match( "#/$wp_rewrite->pagination_base/?[0-9]+?(/+)?$#", $redirect['path'] ) || preg_match( '#/(comments/?)?(feed|rss|rdf|atom|rss2)(/+)?$#', $redirect['path'] ) || preg_match( '#/comment-page-[0-9]+(/+)?$#', $redirect['path'] ) ) { + while ( preg_match( "#/$wp_rewrite->pagination_base/?[0-9]+?(/+)?$#", $redirect['path'] ) || preg_match( '#/(comments/?)?(feed|rss|rdf|atom|rss2)(/+)?$#', $redirect['path'] ) || preg_match( "#/{$wp_rewrite->comments_pagination_base}-[0-9]+(/+)?$#", $redirect['path'] ) ) { // Strip off paging and feed $redirect['path'] = preg_replace("#/$wp_rewrite->pagination_base/?[0-9]+?(/+)?$#", '/', $redirect['path']); // strip off any existing paging $redirect['path'] = preg_replace('#/(comments/?)?(feed|rss2?|rdf|atom)(/+|$)#', '/', $redirect['path']); // strip off feed endings - $redirect['path'] = preg_replace('#/comment-page-[0-9]+?(/+)?$#', '/', $redirect['path']); // strip off any existing comment paging + $redirect['path'] = preg_replace("#/{$wp_rewrite->comments_pagination_base}-[0-9]+?(/+)?$#", '/', $redirect['path']); // strip off any existing comment paging } $addl_path = ''; @@ -267,8 +326,11 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { } } - if ( get_option('page_comments') && ( ( 'newest' == get_option('default_comments_page') && get_query_var('cpage') > 0 ) || ( 'newest' != get_option('default_comments_page') && get_query_var('cpage') > 1 ) ) ) { - $addl_path = ( !empty( $addl_path ) ? trailingslashit($addl_path) : '' ) . user_trailingslashit( 'comment-page-' . get_query_var('cpage'), 'commentpaged' ); + if ( get_option( 'page_comments' ) && ( + ( 'newest' == get_option( 'default_comments_page' ) && get_query_var( 'cpage' ) > 0 ) || + ( 'newest' != get_option( 'default_comments_page' ) && get_query_var( 'cpage' ) > 1 ) + ) ) { + $addl_path = ( !empty( $addl_path ) ? trailingslashit($addl_path) : '' ) . user_trailingslashit( $wp_rewrite->comments_pagination_base . '-' . get_query_var('cpage'), 'commentpaged' ); $redirect['query'] = remove_query_arg( 'cpage', $redirect['query'] ); } @@ -281,10 +343,13 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { } if ( 'wp-register.php' == basename( $redirect['path'] ) ) { - if ( is_multisite() ) + if ( is_multisite() ) { + /** This filter is documented in wp-login.php */ $redirect_url = apply_filters( 'wp_signup_location', network_site_url( 'wp-signup.php' ) ); - else - $redirect_url = site_url( 'wp-login.php?action=register' ); + } else { + $redirect_url = wp_registration_url(); + } + wp_redirect( $redirect_url, 301 ); die(); } @@ -380,7 +445,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { ( strtolower($original['host']) != 'www.' . strtolower($redirect['host']) && 'www.' . strtolower($original['host']) != strtolower($redirect['host']) ) ) $redirect['host'] = $original['host']; - $compare_original = array($original['host'], $original['path']); + $compare_original = array( $original['host'], $original['path'] ); if ( !empty( $original['port'] ) ) $compare_original[] = $original['port']; @@ -388,7 +453,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { if ( !empty( $original['query'] ) ) $compare_original[] = $original['query']; - $compare_redirect = array($redirect['host'], $redirect['path']); + $compare_redirect = array( $redirect['host'], $redirect['path'] ); if ( !empty( $redirect['port'] ) ) $compare_redirect[] = $redirect['port']; @@ -405,12 +470,22 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { $redirect_url .= '?' . $redirect['query']; } - if ( !$redirect_url || $redirect_url == $requested_url ) - return false; + if ( ! $redirect_url || $redirect_url == $requested_url ) { + return; + } // Hex encoded octets are case-insensitive. if ( false !== strpos($requested_url, '%') ) { if ( !function_exists('lowercase_octets') ) { + /** + * Converts the first hex-encoded octet match to lowercase. + * + * @since 3.1.0 + * @ignore + * + * @param array $matches Hex-encoded octet matches for the requested URL. + * @return string Lowercased version of the first match. + */ function lowercase_octets($matches) { return strtolower( $matches[0] ); } @@ -418,11 +493,22 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { $requested_url = preg_replace_callback('|%[a-fA-F0-9][a-fA-F0-9]|', 'lowercase_octets', $requested_url); } - // Note that you can use the "redirect_canonical" filter to cancel a canonical redirect for whatever reason by returning false - $redirect_url = apply_filters('redirect_canonical', $redirect_url, $requested_url); - - if ( !$redirect_url || $redirect_url == $requested_url ) // yes, again -- in case the filter aborted the request - return false; + /** + * Filters the canonical redirect URL. + * + * Returning false to this filter will cancel the redirect. + * + * @since 2.3.0 + * + * @param string $redirect_url The redirect URL. + * @param string $requested_url The requested URL. + */ + $redirect_url = apply_filters( 'redirect_canonical', $redirect_url, $requested_url ); + + // yes, again -- in case the filter aborted the request + if ( ! $redirect_url || strip_fragment_from_url( $redirect_url ) == strip_fragment_from_url( $requested_url ) ) { + return; + } if ( $do_redirect ) { // protect against chained redirects @@ -432,7 +518,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { } else { // Debug // die("1: $redirect_url
2: " . redirect_canonical( $redirect_url, false ) ); - return false; + return; } } else { return $redirect_url; @@ -443,9 +529,12 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { * Removes arguments from a query string if they are not present in a URL * DO NOT use this in plugin code. * - * @since 3.4 + * @since 3.4.0 * @access private * + * @param string $query_string + * @param array $args_to_check + * @param string $url * @return string The altered query string */ function _remove_qs_args_if_not_in_url( $query_string, Array $args_to_check, $url ) { @@ -462,19 +551,45 @@ function _remove_qs_args_if_not_in_url( $query_string, Array $args_to_check, $ur return $query_string; } +/** + * Strips the #fragment from a URL, if one is present. + * + * @since 4.4.0 + * + * @param string $url The URL to strip. + * @return string The altered URL. + */ +function strip_fragment_from_url( $url ) { + $parsed_url = @parse_url( $url ); + if ( ! empty( $parsed_url['host'] ) ) { + // This mirrors code in redirect_canonical(). It does not handle every case. + $url = $parsed_url['scheme'] . '://' . $parsed_url['host']; + if ( ! empty( $parsed_url['port'] ) ) { + $url .= ':' . $parsed_url['port']; + } + $url .= $parsed_url['path']; + if ( ! empty( $parsed_url['query'] ) ) { + $url .= '?' . $parsed_url['query']; + } + } + + return $url; +} + /** * Attempts to guess the correct URL based on query vars * * @since 2.3.0 - * @uses $wpdb * - * @return bool|string The correct URL if one is found. False on failure. + * @global wpdb $wpdb WordPress database abstraction object. + * + * @return false|string The correct URL if one is found. False on failure. */ function redirect_guess_404_permalink() { - global $wpdb, $wp_rewrite; + global $wpdb; if ( get_query_var('name') ) { - $where = $wpdb->prepare("post_name LIKE %s", like_escape( get_query_var('name') ) . '%'); + $where = $wpdb->prepare("post_name LIKE %s", $wpdb->esc_like( get_query_var('name') ) . '%'); // if any of post_type, year, monthnum, or day are set, use them to refine the query if ( get_query_var('post_type') ) @@ -494,7 +609,7 @@ function redirect_guess_404_permalink() { return false; if ( get_query_var( 'feed' ) ) return get_post_comments_feed_link( $post_id, get_query_var( 'feed' ) ); - elseif ( get_query_var( 'page' ) ) + elseif ( get_query_var( 'page' ) && 1 < get_query_var( 'page' ) ) return trailingslashit( get_permalink( $post_id ) ) . user_trailingslashit( get_query_var( 'page' ), 'single_paged' ); else return get_permalink( $post_id ); @@ -503,8 +618,16 @@ function redirect_guess_404_permalink() { return false; } -add_action('template_redirect', 'redirect_canonical'); - +/** + * Redirects a variety of shorthand URLs to the admin. + * + * If a user visits example.com/admin, they'll be redirected to /wp-admin. + * Visiting /login redirects to /wp-login.php, and so on. + * + * @since 3.4.0 + * + * @global WP_Rewrite $wp_rewrite + */ function wp_redirect_admin_locations() { global $wp_rewrite; if ( ! ( is_404() && $wp_rewrite->using_permalinks() ) ) @@ -528,9 +651,7 @@ function wp_redirect_admin_locations() { site_url( 'login', 'relative' ), ); if ( in_array( untrailingslashit( $_SERVER['REQUEST_URI'] ), $logins ) ) { - wp_redirect( site_url( 'wp-login.php', 'login' ) ); + wp_redirect( wp_login_url() ); exit; } } - -add_action( 'template_redirect', 'wp_redirect_admin_locations', 1000 );