X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/9e77185fafaf4e60e2b73821e0e4b9b1a11fb85f..5d244c8fd9a27c9f89dd08da2af6fbc67d4fce63:/wp-includes/functions.php diff --git a/wp-includes/functions.php b/wp-includes/functions.php index 0a8e1a0c..d903349c 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -100,7 +100,7 @@ function date_i18n( $dateformatstring, $unixtimestamp = false, $gmt = false ) { /* * Store original value for language with untypical grammars. - * See http://core.trac.wordpress.org/ticket/9396 + * See https://core.trac.wordpress.org/ticket/9396 */ $req_format = $dateformatstring; @@ -197,7 +197,7 @@ function number_format_i18n( $number, $decimals = 0 ) { * * @param int|string $bytes Number of bytes. Note max integer size for integers. * @param int $decimals Optional. Precision of number of decimal places. Default 0. - * @return bool|string False on failure. Number string on success. + * @return string|false False on failure. Number string on success. */ function size_format( $bytes, $decimals = 0 ) { $quant = array( @@ -377,7 +377,7 @@ function maybe_serialize( $data ) { return serialize( $data ); // Double serialization is required for backward compatibility. - // See http://core.trac.wordpress.org/ticket/12930 + // See https://core.trac.wordpress.org/ticket/12930 if ( is_serialized( $data, false ) ) return serialize( $data ); @@ -457,23 +457,23 @@ function xmlrpc_removepostdata( $content ) { */ function wp_extract_urls( $content ) { preg_match_all( - "#(" + "#([\"']?)(" . "(?:([\w-]+:)?//?)" . "[^\s()<>]+" . "[.]" . "(?:" . "\([\w\d]+\)|" . "(?:" - . "[^`!()\[\]{};:'\".,<>?«»“”‘’\s]|" + . "[^`!()\[\]{};:'\".,<>«»“”‘’\s]|" . "(?:[:]\d+)?/?" . ")+" . ")" - . ")#", + . ")\\1#", $content, $post_links ); - $post_links = array_unique( array_map( 'html_entity_decode', $post_links[0] ) ); + $post_links = array_unique( array_map( 'html_entity_decode', $post_links[2] ) ); return array_values( $post_links ); } @@ -641,7 +641,7 @@ function wp_get_http_headers( $url, $deprecated = false ) { * @global string $currentday The day of the current post in the loop. * @global string $previousday The day of the previous post in the loop. * - * @return int|bool 1|true when new day, 0|false if not a new day. + * @return int 1 when new day, 0 if not a new day. */ function is_new_day() { global $currentday, $previousday; @@ -803,7 +803,7 @@ function add_query_arg() { * @since 1.5.0 * * @param string|array $key Query key or keys to remove. - * @param bool $query Optional. When false uses the $_SERVER value. Default false. + * @param bool|string $query Optional. When false uses the $_SERVER value. Default false. * @return string New URL query string. */ function remove_query_arg( $key, $query = false ) { @@ -842,7 +842,7 @@ function add_magic_quotes( $array ) { * @see wp_safe_remote_get() * * @param string $uri URI/URL of web page to retrieve. - * @return bool|string HTTP content. False on failure. + * @return false|string HTTP content. False on failure. */ function wp_remote_fopen( $uri ) { $parsed_url = @parse_url( $uri ); @@ -1087,7 +1087,7 @@ function cache_javascript_headers() { * * @since 2.0.0 * - * @global wpdb $wpdb WordPress database access abstraction object. + * @global wpdb $wpdb WordPress database abstraction object. * * @return int Number of database queries. */ @@ -1253,7 +1253,7 @@ function do_robots() { * * @since 2.1.0 * - * @global wpdb $wpdb WordPress database access abstraction object. + * @global wpdb $wpdb WordPress database abstraction object. * * @return bool Whether the blog is already installed. */ @@ -1327,9 +1327,9 @@ function is_blog_installed() { * * @since 2.0.4 * - * @param string $actionurl URL to add nonce action. - * @param string $action Optional. Nonce action name. Default -1. - * @param string $name Optional. Nonce name. Default '_wpnonce'. + * @param string $actionurl URL to add nonce action. + * @param int|string $action Optional. Nonce action name. Default -1. + * @param string $name Optional. Nonce name. Default '_wpnonce'. * @return string Escaped URL with nonce action added. */ function wp_nonce_url( $actionurl, $action = -1, $name = '_wpnonce' ) { @@ -1357,10 +1357,10 @@ function wp_nonce_url( $actionurl, $action = -1, $name = '_wpnonce' ) { * * @since 2.0.4 * - * @param string $action Optional. Action name. Default -1. - * @param string $name Optional. Nonce name. Default '_wpnonce'. - * @param bool $referer Optional. Whether to set the referer field for validation. Default true. - * @param bool $echo Optional. Whether to display or return hidden form field. Default true. + * @param int|string $action Optional. Action name. Default -1. + * @param string $name Optional. Nonce name. Default '_wpnonce'. + * @param bool $referer Optional. Whether to set the referer field for validation. Default true. + * @param bool $echo Optional. Whether to display or return hidden form field. Default true. * @return string Nonce field HTML markup. */ function wp_nonce_field( $action = -1, $name = "_wpnonce", $referer = true , $echo = true ) { @@ -1426,7 +1426,7 @@ function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) { * * @since 2.0.4 * - * @return string|bool False on failure. Referer URL on success. + * @return false|string False on failure. Referer URL on success. */ function wp_get_referer() { if ( ! function_exists( 'wp_validate_redirect' ) ) @@ -1447,7 +1447,7 @@ function wp_get_referer() { * * @since 2.0.4 * - * @return string|bool False if no original referer or original referer if set. + * @return string|false False if no original referer or original referer if set. */ function wp_get_original_referer() { if ( ! empty( $_REQUEST['_wp_original_http_referer'] ) && function_exists( 'wp_validate_redirect' ) ) @@ -1918,10 +1918,10 @@ function wp_unique_filename( $dir, $filename, $unique_filename_callback = null ) * * @since 2.0.0 * - * @param string $name Filename. - * @param null $deprecated Never used. Set to null. - * @param mixed $bits File content - * @param string $time Optional. Time formatted in 'yyyy/mm'. Default null. + * @param string $name Filename. + * @param null|string $deprecated Never used. Set to null. + * @param mixed $bits File content + * @param string $time Optional. Time formatted in 'yyyy/mm'. Default null. * @return array */ function wp_upload_bits( $name, $deprecated, $bits, $time = null ) { @@ -2016,7 +2016,7 @@ function wp_ext2type( $ext ) { 'image' => array( 'jpg', 'jpeg', 'jpe', 'gif', 'png', 'bmp', 'tif', 'tiff', 'ico' ), 'audio' => array( 'aac', 'ac3', 'aif', 'aiff', 'm3a', 'm4a', 'm4b', 'mka', 'mp1', 'mp2', 'mp3', 'ogg', 'oga', 'ram', 'wav', 'wma' ), 'video' => array( '3g2', '3gp', '3gpp', 'asf', 'avi', 'divx', 'dv', 'flv', 'm4v', 'mkv', 'mov', 'mp4', 'mpeg', 'mpg', 'mpv', 'ogm', 'ogv', 'qt', 'rm', 'vob', 'wmv' ), - 'document' => array( 'doc', 'docx', 'docm', 'dotm', 'odt', 'pages', 'pdf', 'xps', 'oxps', 'rtf', 'wp', 'wpd' ), + 'document' => array( 'doc', 'docx', 'docm', 'dotm', 'odt', 'pages', 'pdf', 'xps', 'oxps', 'rtf', 'wp', 'wpd', 'psd' ), 'spreadsheet' => array( 'numbers', 'ods', 'xls', 'xlsx', 'xlsm', 'xlsb' ), 'interactive' => array( 'swf', 'key', 'ppt', 'pptx', 'pptm', 'pps', 'ppsx', 'ppsm', 'sldx', 'sldm', 'odp' ), 'text' => array( 'asc', 'csv', 'tsv', 'txt' ), @@ -2223,6 +2223,7 @@ function wp_get_mime_types() { 'rar' => 'application/rar', '7z' => 'application/x-7z-compressed', 'exe' => 'application/x-msdownload', + 'psd' => 'application/octet-stream', // MS Office formats. 'doc' => 'application/msword', 'pot|pps|ppt' => 'application/vnd.ms-powerpoint', @@ -2273,8 +2274,6 @@ function wp_get_mime_types() { * * @since 2.8.6 * - * @uses wp_get_upload_mime_types() to fetch the list of mime types - * * @param int|WP_User $user Optional. User to check. Defaults to current user. * @return array Array of mime types keyed by the file extension regex corresponding * to those types. @@ -2313,7 +2312,6 @@ function get_allowed_mime_types( $user = null ) { * @param string $action The nonce action. */ function wp_nonce_ays( $action ) { - $title = __( 'WordPress Failure Notice' ); if ( 'log-out' == $action ) { $html = sprintf( __( 'You are attempting to log out of %s' ), get_bloginfo( 'name' ) ) . '

'; $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : ''; @@ -2324,25 +2322,51 @@ function wp_nonce_ays( $action ) { $html .= "

" . __( 'Please try again.' ) . ""; } - wp_die( $html, $title, array('response' => 403) ); + wp_die( $html, __( 'WordPress Failure Notice' ), 403 ); } /** * Kill WordPress execution and display HTML message with error message. * - * This function complements the die() PHP function. The difference is that + * This function complements the `die()` PHP function. The difference is that * HTML will be displayed to the user. It is recommended to use this function - * only, when the execution should not continue any further. It is not - * recommended to call this function very often and try to handle as many errors - * as possible silently. + * only when the execution should not continue any further. It is not recommended + * to call this function very often, and try to handle as many errors as possible + * silently or more gracefully. * - * @since 2.0.4 + * As a shorthand, the desired HTTP response code may be passed as an integer to + * the `$title` parameter (the default title would apply) or the `$args` parameter. * - * @param string $message Optional. Error message. Default empty. - * @param string $title Optional. Error title. Default empty. - * @param string|array $args Optional. Arguments to control behavior. Default empty array. + * @since 2.0.4 + * @since 4.1.0 The `$title` and `$args` parameters were changed to optionally accept + * an integer to be used as the response code. + * + * @param string|WP_Error $message Optional. Error message. If this is a {@see WP_Error} object, + * the error's messages are used. Default empty. + * @param string|int $title Optional. Error title. If `$message` is a `WP_Error` object, + * error data with the key 'title' may be used to specify the title. + * If `$title` is an integer, then it is treated as the response + * code. Default empty. + * @param string|array|int $args { + * Optional. Arguments to control behavior. If `$args` is an integer, then it is treated + * as the response code. Default empty array. + * + * @type int $response The HTTP response code. Default 500. + * @type bool $back_link Whether to include a link to go back. Default false. + * @type string $text_direction The text direction. This is only useful internally, when WordPress + * is still loading and the site's locale is not set up yet. Accepts 'rtl'. + * Default is the value of {@see is_rtl()}. + * } */ function wp_die( $message = '', $title = '', $args = array() ) { + + if ( is_int( $args ) ) { + $args = array( 'response' => $args ); + } elseif ( is_int( $title ) ) { + $args = array( 'response' => $title ); + $title = ''; + } + if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) { /** * Filter callback for killing WordPress execution for AJAX requests. @@ -2611,6 +2635,142 @@ function _scalar_wp_die_handler( $message = '' ) { die(); } +/** + * Encode a variable into JSON, with some sanity checks. + * + * @since 4.1.0 + * + * @param mixed $data Variable (usually an array or object) to encode as JSON. + * @param int $options Optional. Options to be passed to json_encode(). Default 0. + * @param int $depth Optional. Maximum depth to walk through $data. Must be + * greater than 0. Default 512. + * @return bool|string The JSON encoded string, or false if it cannot be encoded. + */ +function wp_json_encode( $data, $options = 0, $depth = 512 ) { + /* + * json_encode() has had extra params added over the years. + * $options was added in 5.3, and $depth in 5.5. + * We need to make sure we call it with the correct arguments. + */ + if ( version_compare( PHP_VERSION, '5.5', '>=' ) ) { + $args = array( $data, $options, $depth ); + } elseif ( version_compare( PHP_VERSION, '5.3', '>=' ) ) { + $args = array( $data, $options ); + } else { + $args = array( $data ); + } + + $json = call_user_func_array( 'json_encode', $args ); + + // If json_encode() was successful, no need to do more sanity checking. + // ... unless we're in an old version of PHP, and json_encode() returned + // a string containing 'null'. Then we need to do more sanity checking. + if ( false !== $json && ( version_compare( PHP_VERSION, '5.5', '>=' ) || false === strpos( $json, 'null' ) ) ) { + return $json; + } + + try { + $args[0] = _wp_json_sanity_check( $data, $depth ); + } catch ( Exception $e ) { + return false; + } + + return call_user_func_array( 'json_encode', $args ); +} + +/** + * Perform sanity checks on data that shall be encoded to JSON. + * + * @see wp_json_encode() + * + * @since 4.1.0 + * @access private + * @internal + * + * @param mixed $data Variable (usually an array or object) to encode as JSON. + * @param int $depth Maximum depth to walk through $data. Must be greater than 0. + * @return mixed The sanitized data that shall be encoded to JSON. + */ +function _wp_json_sanity_check( $data, $depth ) { + if ( $depth < 0 ) { + throw new Exception( 'Reached depth limit' ); + } + + if ( is_array( $data ) ) { + $output = array(); + foreach ( $data as $id => $el ) { + // Don't forget to sanitize the ID! + if ( is_string( $id ) ) { + $clean_id = _wp_json_convert_string( $id ); + } else { + $clean_id = $id; + } + + // Check the element type, so that we're only recursing if we really have to. + if ( is_array( $el ) || is_object( $el ) ) { + $output[ $clean_id ] = _wp_json_sanity_check( $el, $depth - 1 ); + } elseif ( is_string( $el ) ) { + $output[ $clean_id ] = _wp_json_convert_string( $el ); + } else { + $output[ $clean_id ] = $el; + } + } + } elseif ( is_object( $data ) ) { + $output = new stdClass; + foreach ( $data as $id => $el ) { + if ( is_string( $id ) ) { + $clean_id = _wp_json_convert_string( $id ); + } else { + $clean_id = $id; + } + + if ( is_array( $el ) || is_object( $el ) ) { + $output->$clean_id = _wp_json_sanity_check( $el, $depth - 1 ); + } elseif ( is_string( $el ) ) { + $output->$clean_id = _wp_json_convert_string( $el ); + } else { + $output->$clean_id = $el; + } + } + } elseif ( is_string( $data ) ) { + return _wp_json_convert_string( $data ); + } else { + return $data; + } + + return $output; +} + +/** + * Convert a string to UTF-8, so that it can be safely encoded to JSON. + * + * @see _wp_json_sanity_check() + * + * @since 4.1.0 + * @access private + * @internal + * + * @param string $string The string which is to be converted. + * @return string The checked string. + */ +function _wp_json_convert_string( $string ) { + static $use_mb = null; + if ( is_null( $use_mb ) ) { + $use_mb = function_exists( 'mb_convert_encoding' ); + } + + if ( $use_mb ) { + $encoding = mb_detect_encoding( $string, mb_detect_order(), true ); + if ( $encoding ) { + return mb_convert_encoding( $string, 'UTF-8', $encoding ); + } else { + return mb_convert_encoding( $string, 'UTF-8', 'UTF-8' ); + } + } else { + return wp_check_invalid_utf8( $string, true ); + } +} + /** * Send a JSON response back to an Ajax request. * @@ -2621,7 +2781,7 @@ function _scalar_wp_die_handler( $message = '' ) { */ function wp_send_json( $response ) { @header( 'Content-Type: application/json; charset=' . get_option( 'blog_charset' ) ); - echo json_encode( $response ); + echo wp_json_encode( $response ); if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) wp_die(); else @@ -2647,15 +2807,34 @@ function wp_send_json_success( $data = null ) { /** * Send a JSON response back to an Ajax request, indicating failure. * + * If the `$data` parameter is a {@see WP_Error} object, the errors + * within the object are processed and output as an array of error + * codes and corresponding messages. All other types are output + * without further processing. + * * @since 3.5.0 + * @since 4.1.0 The `$data` parameter is now processed if a {@see WP_Error} + * object is passed in. * * @param mixed $data Data to encode as JSON, then print and die. */ function wp_send_json_error( $data = null ) { $response = array( 'success' => false ); - if ( isset( $data ) ) - $response['data'] = $data; + if ( isset( $data ) ) { + if ( is_wp_error( $data ) ) { + $result = array(); + foreach ( $data->errors as $code => $messages ) { + foreach ( $messages as $message ) { + $result[] = array( 'code' => $code, 'message' => $message ); + } + } + + $response['data'] = $result; + } else { + $response['data'] = $data; + } + } wp_send_json( $response ); } @@ -3066,8 +3245,6 @@ function wp_maybe_load_widgets() { * Append the Widgets menu to the themes main menu. * * @since 2.2.0 - * - * @uses $submenu The administration submenu list. */ function wp_widgets_add_menu() { global $submenu; @@ -3108,7 +3285,7 @@ function wp_ob_end_flush_all() { * * @since 2.3.2 * - * @global wpdb $wpdb WordPress database access abstraction object. + * @global wpdb $wpdb WordPress database abstraction object. */ function dead_db() { global $wpdb; @@ -3273,11 +3450,11 @@ function _deprecated_file( $file, $version, $replacement = null, $message = '' ) * Before this function is called, the argument must be checked for whether it was * used by comparing it to its default value or evaluating whether it is empty. * For example: - * - * if ( ! empty( $deprecated ) ) { - * _deprecated_argument( __FUNCTION__, '3.0' ); - * } - * + * + * if ( ! empty( $deprecated ) ) { + * _deprecated_argument( __FUNCTION__, '3.0' ); + * } + * * * There is a hook deprecated_argument_run that will be called that can be used * to get the backtrace up to what file and function used the deprecated @@ -3926,7 +4103,7 @@ function wp_timezone_choice( $selected_zone ) { * @since 2.8.0 * @access private * - * @see http://core.trac.wordpress.org/ticket/8497 + * @see https://core.trac.wordpress.org/ticket/8497 * * @param string $str Header comment to clean up. * @return string @@ -3991,13 +4168,15 @@ function wp_scheduled_delete() { * If the file data is not within that first 8kiB, then the author should correct * their plugin file and move the data headers to the top. * - * @see http://codex.wordpress.org/File_Header + * @link http://codex.wordpress.org/File_Header * * @since 2.9.0 + * * @param string $file Path to the file. * @param array $default_headers List of headers, in the format array('HeaderKey' => 'Header Name'). * @param string $context Optional. If specified adds filter hook "extra_{$context}_headers". * Default empty. + * @return array Array of file headers in `HeaderKey => Header Value` format. */ function get_file_data( $file, $default_headers, $context = '' ) { // We don't need to write to the file, so just open for reading. @@ -4015,8 +4194,8 @@ function get_file_data( $file, $default_headers, $context = '' ) { /** * Filter extra file headers by context. * - * The dynamic portion of the hook name, $context, refers to the context - * where extra headers might be loaded. + * The dynamic portion of the hook name, `$context`, refers to + * the context where extra headers might be loaded. * * @since 2.9.0 * @@ -4275,7 +4454,7 @@ function wp_allowed_protocols() { * * @since 3.4.0 * - * @see http://core.trac.wordpress.org/ticket/19589 + * @see https://core.trac.wordpress.org/ticket/19589 * * @param string $ignore_class Optional. A class to ignore all function calls within - useful * when you want to just give info about the callee. Default null. @@ -4536,7 +4715,7 @@ function get_tag_regex( $tag ) { * @since 3.6.0 * @access private * - * @see http://core.trac.wordpress.org/ticket/23688 + * @see https://core.trac.wordpress.org/ticket/23688 * * @param string $charset A charset name. * @return string The canonical form of the charset. @@ -4610,7 +4789,9 @@ function reset_mbstring_encoding() { } /** - * Alternative to filter_var( $var, FILTER_VALIDATE_BOOLEAN ). + * Filter/validate a variable as a boolean. + * + * Alternative to `filter_var( $var, FILTER_VALIDATE_BOOLEAN )`. * * @since 4.0.0 * @@ -4622,7 +4803,7 @@ function wp_validate_boolean( $var ) { return $var; } - if ( 'false' === $var ) { + if ( is_string( $var ) && 'false' === strtolower( $var ) ) { return false; }