X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/72836ec95a52eacbda4dc5aa296b7dd6de08bd3b..88550bc3400cc7c035ff590ecb007c7938041ded:/wp-includes/canonical.php diff --git a/wp-includes/canonical.php b/wp-includes/canonical.php index 231855ea..5b2f84d6 100644 --- a/wp-includes/canonical.php +++ b/wp-includes/canonical.php @@ -39,8 +39,23 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { global $wp_rewrite, $is_IIS, $wp_query, $wpdb; - if ( is_trackback() || is_search() || is_comments_popup() || is_admin() || !empty($_POST) || is_preview() || is_robots() || ( $is_IIS && !iis7_supports_permalinks() ) ) + if ( isset( $_SERVER['REQUEST_METHOD'] ) && ! in_array( strtoupper( $_SERVER['REQUEST_METHOD'] ), array( 'GET', 'HEAD' ) ) ) { return; + } + + // If we're not in wp-admin and the post has been published and preview nonce + // is non-existent or invalid then no need for preview in query + if ( is_preview() && get_query_var( 'p' ) && 'publish' == get_post_status( get_query_var( 'p' ) ) ) { + if ( ! isset( $_GET['preview_id'] ) + || ! isset( $_GET['preview_nonce'] ) + || ! wp_verify_nonce( $_GET['preview_nonce'], 'post_preview_' . (int) $_GET['preview_id'] ) ) { + $wp_query->is_preview = false; + } + } + + if ( is_trackback() || is_search() || is_comments_popup() || is_admin() || is_preview() || is_robots() || ( $is_IIS && !iis7_supports_permalinks() ) ) { + return; + } if ( !$requested_url ) { // build the URL in the address bar @@ -54,8 +69,8 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { return; // Some PHP setups turn requests for / into /index.php in REQUEST_URI - // See: http://trac.wordpress.org/ticket/5017 - // See: http://trac.wordpress.org/ticket/7173 + // See: https://core.trac.wordpress.org/ticket/5017 + // See: https://core.trac.wordpress.org/ticket/7173 // Disabled, for now: // $original['path'] = preg_replace('|/index\.php$|', '/', $original['path']); @@ -68,6 +83,11 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { if ( !isset($redirect['query']) ) $redirect['query'] = ''; + // It's not a preview, so remove it from URL + if ( get_query_var( 'preview' ) ) { + $redirect['query'] = remove_query_arg( 'preview', $redirect['query'] ); + } + if ( is_feed() && ( $id = get_query_var( 'p' ) ) ) { if ( $redirect_url = get_post_comments_feed_link( $id, get_query_var( 'feed' ) ) ) { $redirect['query'] = _remove_qs_args_if_not_in_url( $redirect['query'], array( 'p', 'page_id', 'attachment_id', 'pagename', 'name', 'post_type', 'feed'), $redirect_url ); @@ -174,7 +194,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { } elseif ( is_category() || is_tag() || is_tax() ) { // Terms (Tags/categories) $term_count = 0; - foreach ( $wp_query->tax_query->queries as $tax_query ) + foreach ( $wp_query->tax_query->queried_terms as $tax_query ) $term_count += count( $tax_query['terms'] ); $obj = $wp_query->get_queried_object(); @@ -295,11 +315,13 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { } if ( 'wp-register.php' == basename( $redirect['path'] ) ) { - if ( is_multisite() ) + if ( is_multisite() ) { /** This filter is documented in wp-login.php */ $redirect_url = apply_filters( 'wp_signup_location', network_site_url( 'wp-signup.php' ) ); - else + } else { $redirect_url = site_url( 'wp-login.php?action=register' ); + } + wp_redirect( $redirect_url, 301 ); die(); } @@ -395,7 +417,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { ( strtolower($original['host']) != 'www.' . strtolower($redirect['host']) && 'www.' . strtolower($original['host']) != strtolower($redirect['host']) ) ) $redirect['host'] = $original['host']; - $compare_original = array($original['host'], $original['path']); + $compare_original = array( $original['host'], $original['path'] ); if ( !empty( $original['port'] ) ) $compare_original[] = $original['port']; @@ -403,7 +425,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { if ( !empty( $original['query'] ) ) $compare_original[] = $original['query']; - $compare_redirect = array($redirect['host'], $redirect['path']); + $compare_redirect = array( $redirect['host'], $redirect['path'] ); if ( !empty( $redirect['port'] ) ) $compare_redirect[] = $redirect['port']; @@ -467,9 +489,12 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { * Removes arguments from a query string if they are not present in a URL * DO NOT use this in plugin code. * - * @since 3.4 + * @since 3.4.0 * @access private * + * @param string $query_string + * @param array $args_to_check + * @param string $url * @return string The altered query string */ function _remove_qs_args_if_not_in_url( $query_string, Array $args_to_check, $url ) { @@ -490,7 +515,8 @@ function _remove_qs_args_if_not_in_url( $query_string, Array $args_to_check, $ur * Attempts to guess the correct URL based on query vars * * @since 2.3.0 - * @uses $wpdb + * + * @global wpdb $wpdb WordPress database abstraction object. * * @return bool|string The correct URL if one is found. False on failure. */ @@ -498,7 +524,7 @@ function redirect_guess_404_permalink() { global $wpdb, $wp_rewrite; if ( get_query_var('name') ) { - $where = $wpdb->prepare("post_name LIKE %s", like_escape( get_query_var('name') ) . '%'); + $where = $wpdb->prepare("post_name LIKE %s", $wpdb->esc_like( get_query_var('name') ) . '%'); // if any of post_type, year, monthnum, or day are set, use them to refine the query if ( get_query_var('post_type') )