X-Git-Url: https://scripts.mit.edu/gitweb/autoinstallsdev/wordpress.git/blobdiff_plain/596d585e1dc1eb25bccd3781e37210a4e2504179..e08b42e8ad054ec67522d7ac1aaae5dc68cb3d01:/wp-includes/functions.php
diff --git a/wp-includes/functions.php b/wp-includes/functions.php
index a5a6a2d4..05acf4e1 100644
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -59,10 +59,10 @@ function mysql2date( $format, $date, $translate = true ) {
function current_time( $type, $gmt = 0 ) {
switch ( $type ) {
case 'mysql':
- return ( $gmt ) ? gmdate( 'Y-m-d H:i:s' ) : gmdate( 'Y-m-d H:i:s', ( time() + ( get_option( 'gmt_offset' ) * 3600 ) ) );
+ return ( $gmt ) ? gmdate( 'Y-m-d H:i:s' ) : gmdate( 'Y-m-d H:i:s', ( time() + ( get_option( 'gmt_offset' ) * HOUR_IN_SECONDS ) ) );
break;
case 'timestamp':
- return ( $gmt ) ? time() : time() + ( get_option( 'gmt_offset' ) * 3600 );
+ return ( $gmt ) ? time() : time() + ( get_option( 'gmt_offset' ) * HOUR_IN_SECONDS );
break;
}
}
@@ -214,8 +214,8 @@ function get_weekstartend( $mysqlstring, $start_of_week = '' ) {
if ( $weekday < $start_of_week )
$weekday += 7;
- $start = $day - 86400 * ( $weekday - $start_of_week ); // The most recent week start day on or before $day
- $end = $start + 604799; // $start + 7 days - 1 second
+ $start = $day - DAY_IN_SECONDS * ( $weekday - $start_of_week ); // The most recent week start day on or before $day
+ $end = $start + 7 * DAY_IN_SECONDS - 1; // $start + 7 days - 1 second
return compact( 'start', 'end' );
}
@@ -242,9 +242,10 @@ function maybe_unserialize( $original ) {
* @since 2.0.5
*
* @param mixed $data Value to check to see if was serialized.
+ * @param bool $strict Optional. Whether to be strict about the end of the string. Defaults true.
* @return bool False if not serialized and true if it was.
*/
-function is_serialized( $data ) {
+function is_serialized( $data, $strict = true ) {
// if it isn't a string, it isn't serialized
if ( ! is_string( $data ) )
return false;
@@ -256,21 +257,40 @@ function is_serialized( $data ) {
return false;
if ( ':' !== $data[1] )
return false;
- $lastc = $data[$length-1];
- if ( ';' !== $lastc && '}' !== $lastc )
- return false;
+ if ( $strict ) {
+ $lastc = $data[ $length - 1 ];
+ if ( ';' !== $lastc && '}' !== $lastc )
+ return false;
+ } else {
+ $semicolon = strpos( $data, ';' );
+ $brace = strpos( $data, '}' );
+ // Either ; or } must exist.
+ if ( false === $semicolon && false === $brace )
+ return false;
+ // But neither must be in the first X characters.
+ if ( false !== $semicolon && $semicolon < 3 )
+ return false;
+ if ( false !== $brace && $brace < 4 )
+ return false;
+ }
$token = $data[0];
switch ( $token ) {
case 's' :
- if ( '"' !== $data[$length-2] )
+ if ( $strict ) {
+ if ( '"' !== $data[ $length - 2 ] )
+ return false;
+ } elseif ( false === strpos( $data, '"' ) ) {
return false;
+ }
+ // or else fall through
case 'a' :
case 'O' :
return (bool) preg_match( "/^{$token}:[0-9]+:/s", $data );
case 'b' :
case 'i' :
case 'd' :
- return (bool) preg_match( "/^{$token}:[0-9.E-]+;\$/", $data );
+ $end = $strict ? '$' : '';
+ return (bool) preg_match( "/^{$token}:[0-9.E-]+;$end/", $data );
}
return false;
}
@@ -317,7 +337,7 @@ function maybe_serialize( $data ) {
// Double serialization is required for backward compatibility.
// See http://core.trac.wordpress.org/ticket/12930
- if ( is_serialized( $data ) )
+ if ( is_serialized( $data, false ) )
return serialize( $data );
return $data;
@@ -392,6 +412,26 @@ function xmlrpc_removepostdata( $content ) {
return $content;
}
+/**
+ * Use RegEx to extract URLs from arbitrary content
+ *
+ * @since 3.7.0
+ *
+ * @param string $content
+ * @return array URLs found in passed string
+ */
+function wp_extract_urls( $content ) {
+ preg_match_all(
+ "#((?:[\w-]+://?|[\w\d]+[.])[^\s()<>]+[.](?:\([\w\d]+\)|(?:[^`!()\[\]{};:'\".,<>?«»ââââ\s]|(?:[:]\d+)?/?)+))#",
+ $content,
+ $post_links
+ );
+
+ $post_links = array_unique( array_map( 'html_entity_decode', $post_links[0] ) );
+
+ return array_values( $post_links );
+}
+
/**
* Check content for video and audio links to add as enclosures.
*
@@ -417,22 +457,17 @@ function do_enclose( $content, $post_ID ) {
$pung = get_enclosed( $post_ID );
- $ltrs = '\w';
- $gunk = '/#~:.?+=&%@!\-';
- $punc = '.:?\-';
- $any = $ltrs . $gunk . $punc;
-
- preg_match_all( "{\b http : [$any] +? (?= [$punc] * [^$any] | $)}x", $content, $post_links_temp );
+ $post_links_temp = wp_extract_urls( $content );
foreach ( $pung as $link_test ) {
- if ( !in_array( $link_test, $post_links_temp[0] ) ) { // link no longer in post
+ if ( ! in_array( $link_test, $post_links_temp ) ) { // link no longer in post
$mids = $wpdb->get_col( $wpdb->prepare("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, like_escape( $link_test ) . '%') );
foreach ( $mids as $mid )
delete_metadata_by_mid( 'post', $mid );
}
}
- foreach ( (array) $post_links_temp[0] as $link_test ) {
+ foreach ( (array) $post_links_temp as $link_test ) {
if ( !in_array( $link_test, $pung ) ) { // If we haven't pung it already
$test = @parse_url( $link_test );
if ( false === $test )
@@ -458,7 +493,7 @@ function do_enclose( $content, $post_ID ) {
if ( false !== $url_parts ) {
$extension = pathinfo( $url_parts['path'], PATHINFO_EXTENSION );
if ( !empty( $extension ) ) {
- foreach ( get_allowed_mime_types( ) as $exts => $mime ) {
+ foreach ( wp_get_mime_types() as $exts => $mime ) {
if ( preg_match( '!^(' . $exts . ')$!i', $extension ) ) {
$type = $mime;
break;
@@ -502,7 +537,7 @@ function wp_get_http( $url, $file_path = false, $red = 1 ) {
else
$options['method'] = 'GET';
- $response = wp_remote_request($url, $options);
+ $response = wp_safe_remote_request( $url, $options );
if ( is_wp_error( $response ) )
return false;
@@ -543,7 +578,7 @@ function wp_get_http_headers( $url, $deprecated = false ) {
if ( !empty( $deprecated ) )
_deprecated_argument( __FUNCTION__, '2.7' );
- $response = wp_remote_head( $url );
+ $response = wp_safe_remote_head( $url );
if ( is_wp_error( $response ) )
return false;
@@ -637,16 +672,17 @@ function _http_build_query($data, $prefix=null, $sep=null, $key='', $urlencode=t
*/
function add_query_arg() {
$ret = '';
- if ( is_array( func_get_arg(0) ) ) {
- if ( @func_num_args() < 2 || false === @func_get_arg( 1 ) )
+ $args = func_get_args();
+ if ( is_array( $args[0] ) ) {
+ if ( count( $args ) < 2 || false === $args[1] )
$uri = $_SERVER['REQUEST_URI'];
else
- $uri = @func_get_arg( 1 );
+ $uri = $args[1];
} else {
- if ( @func_num_args() < 3 || false === @func_get_arg( 2 ) )
+ if ( count( $args ) < 3 || false === $args[2] )
$uri = $_SERVER['REQUEST_URI'];
else
- $uri = @func_get_arg( 2 );
+ $uri = $args[2];
}
if ( $frag = strstr( $uri, '#' ) )
@@ -654,23 +690,20 @@ function add_query_arg() {
else
$frag = '';
- if ( preg_match( '|^https?://|i', $uri, $matches ) ) {
- $protocol = $matches[0];
- $uri = substr( $uri, strlen( $protocol ) );
+ if ( 0 === stripos( $uri, 'http://' ) ) {
+ $protocol = 'http://';
+ $uri = substr( $uri, 7 );
+ } elseif ( 0 === stripos( $uri, 'https://' ) ) {
+ $protocol = 'https://';
+ $uri = substr( $uri, 8 );
} else {
$protocol = '';
}
if ( strpos( $uri, '?' ) !== false ) {
- $parts = explode( '?', $uri, 2 );
- if ( 1 == count( $parts ) ) {
- $base = '?';
- $query = $parts[0];
- } else {
- $base = $parts[0] . '?';
- $query = $parts[1];
- }
- } elseif ( !empty( $protocol ) || strpos( $uri, '=' ) === false ) {
+ list( $base, $query ) = explode( '?', $uri, 2 );
+ $base .= '?';
+ } elseif ( $protocol || strpos( $uri, '=' ) === false ) {
$base = $uri . '?';
$query = '';
} else {
@@ -680,14 +713,14 @@ function add_query_arg() {
wp_parse_str( $query, $qs );
$qs = urlencode_deep( $qs ); // this re-URL-encodes things that were already in the query string
- if ( is_array( func_get_arg( 0 ) ) ) {
- $kayvees = func_get_arg( 0 );
+ if ( is_array( $args[0] ) ) {
+ $kayvees = $args[0];
$qs = array_merge( $qs, $kayvees );
} else {
- $qs[func_get_arg( 0 )] = func_get_arg( 1 );
+ $qs[ $args[0] ] = $args[1];
}
- foreach ( (array) $qs as $k => $v ) {
+ foreach ( $qs as $k => $v ) {
if ( $v === false )
unset( $qs[$k] );
}
@@ -723,7 +756,7 @@ function remove_query_arg( $key, $query=false ) {
*
* @since 0.71
*
- * @param array $array Array to used to walk while sanitizing contents.
+ * @param array $array Array to walk while sanitizing contents.
* @return array Sanitized $array.
*/
function add_magic_quotes( $array ) {
@@ -755,7 +788,7 @@ function wp_remote_fopen( $uri ) {
$options = array();
$options['timeout'] = 10;
- $response = wp_remote_get( $uri, $options );
+ $response = wp_safe_remote_get( $uri, $options );
if ( is_wp_error( $response ) )
return false;
@@ -861,27 +894,24 @@ function get_status_header_desc( $code ) {
* Set HTTP status header.
*
* @since 2.0.0
- * @uses apply_filters() Calls 'status_header' on status header string, HTTP
- * HTTP code, HTTP code description, and protocol string as separate
- * parameters.
+ * @see get_status_header_desc()
*
- * @param int $header HTTP status code
- * @return unknown
+ * @param int $code HTTP status code.
*/
-function status_header( $header ) {
- $text = get_status_header_desc( $header );
+function status_header( $code ) {
+ $description = get_status_header_desc( $code );
- if ( empty( $text ) )
- return false;
+ if ( empty( $description ) )
+ return;
- $protocol = $_SERVER["SERVER_PROTOCOL"];
+ $protocol = $_SERVER['SERVER_PROTOCOL'];
if ( 'HTTP/1.1' != $protocol && 'HTTP/1.0' != $protocol )
$protocol = 'HTTP/1.0';
- $status_header = "$protocol $header $text";
+ $status_header = "$protocol $code $description";
if ( function_exists( 'apply_filters' ) )
- $status_header = apply_filters( 'status_header', $status_header, $header, $text, $protocol );
+ $status_header = apply_filters( 'status_header', $status_header, $code, $description, $protocol );
- return @header( $status_header, true, $header );
+ @header( $status_header, true, $code );
}
/**
@@ -892,13 +922,11 @@ function status_header( $header ) {
*
* @since 2.8.0
*
- * @uses apply_filters()
* @return array The associative array of header names and field values.
*/
function wp_get_nocache_headers() {
$headers = array(
'Expires' => 'Wed, 11 Jan 1984 05:00:00 GMT',
- 'Last-Modified' => gmdate( 'D, d M Y H:i:s' ) . ' GMT',
'Cache-Control' => 'no-cache, must-revalidate, max-age=0',
'Pragma' => 'no-cache',
);
@@ -906,6 +934,7 @@ function wp_get_nocache_headers() {
if ( function_exists('apply_filters') ) {
$headers = (array) apply_filters('nocache_headers', $headers);
}
+ $headers['Last-Modified'] = false;
return $headers;
}
@@ -916,10 +945,27 @@ function wp_get_nocache_headers() {
* be sent so that all of them get the point that no caching should occur.
*
* @since 2.0.0
- * @uses wp_get_nocache_headers()
+ * @see wp_get_nocache_headers()
*/
function nocache_headers() {
$headers = wp_get_nocache_headers();
+
+ unset( $headers['Last-Modified'] );
+
+ // In PHP 5.3+, make sure we are not sending a Last-Modified header.
+ if ( function_exists( 'header_remove' ) ) {
+ @header_remove( 'Last-Modified' );
+ } else {
+ // In PHP 5.2, send an empty Last-Modified header, but only as a
+ // last resort to override a header already sent. #WP23021
+ foreach ( headers_list() as $header ) {
+ if ( 0 === stripos( $header, 'Last-Modified' ) ) {
+ $headers['Last-Modified'] = '';
+ break;
+ }
+ }
+ }
+
foreach( $headers as $name => $field_value )
@header("{$name}: {$field_value}");
}
@@ -930,7 +976,7 @@ function nocache_headers() {
* @since 2.1.0
*/
function cache_javascript_headers() {
- $expiresOffset = 864000; // 10 days
+ $expiresOffset = 10 * DAY_IN_SECONDS;
header( "Content-Type: text/javascript; charset=" . get_bloginfo( 'charset' ) );
header( "Vary: Accept-Encoding" ); // Handle proxies
header( "Expires: " . gmdate( "D, d M Y H:i:s", time() + $expiresOffset ) . " GMT" );
@@ -984,10 +1030,8 @@ function do_feed() {
$feed = get_default_feed();
$hook = 'do_feed_' . $feed;
- if ( !has_action($hook) ) {
- $message = sprintf( __( 'ERROR: %s is not a valid feed template.' ), esc_html($feed));
- wp_die( $message, '', array( 'response' => 404 ) );
- }
+ if ( ! has_action( $hook ) )
+ wp_die( __( 'ERROR: This is not a valid feed template.' ), '', array( 'response' => 404 ) );
do_action( $hook, $wp_query->is_comment_feed );
}
@@ -1147,13 +1191,14 @@ function is_blog_installed() {
* @subpackage Security
* @since 2.0.4
*
- * @param string $actionurl URL to add nonce action
- * @param string $action Optional. Nonce action name
+ * @param string $actionurl URL to add nonce action.
+ * @param string $action Optional. Nonce action name.
+ * @param string $name Optional. Nonce name.
* @return string URL with nonce action added.
*/
-function wp_nonce_url( $actionurl, $action = -1 ) {
+function wp_nonce_url( $actionurl, $action = -1, $name = '_wpnonce' ) {
$actionurl = str_replace( '&', '&', $actionurl );
- return esc_html( add_query_arg( '_wpnonce', wp_create_nonce( $action ), $actionurl ) );
+ return esc_html( add_query_arg( $name, wp_create_nonce( $action ), $actionurl ) );
}
/**
@@ -1211,8 +1256,7 @@ function wp_nonce_field( $action = -1, $name = "_wpnonce", $referer = true , $ec
* @return string Referer field.
*/
function wp_referer_field( $echo = true ) {
- $ref = esc_attr( $_SERVER['REQUEST_URI'] );
- $referer_field = '';
+ $referer_field = '';
if ( $echo )
echo $referer_field;
@@ -1235,9 +1279,10 @@ function wp_referer_field( $echo = true ) {
* @return string Original referer field.
*/
function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) {
- $jump_back_to = ( 'previous' == $jump_back_to ) ? wp_get_referer() : $_SERVER['REQUEST_URI'];
- $ref = ( wp_get_original_referer() ) ? wp_get_original_referer() : $jump_back_to;
- $orig_referer_field = '';
+ if ( ! $ref = wp_get_original_referer() ) {
+ $ref = 'previous' == $jump_back_to ? wp_get_referer() : wp_unslash( $_SERVER['REQUEST_URI'] );
+ }
+ $orig_referer_field = '';
if ( $echo )
echo $orig_referer_field;
return $orig_referer_field;
@@ -1254,14 +1299,16 @@ function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) {
* @return string|bool False on failure. Referer URL on success.
*/
function wp_get_referer() {
+ if ( ! function_exists( 'wp_validate_redirect' ) )
+ return false;
$ref = false;
if ( ! empty( $_REQUEST['_wp_http_referer'] ) )
- $ref = $_REQUEST['_wp_http_referer'];
+ $ref = wp_unslash( $_REQUEST['_wp_http_referer'] );
else if ( ! empty( $_SERVER['HTTP_REFERER'] ) )
- $ref = $_SERVER['HTTP_REFERER'];
+ $ref = wp_unslash( $_SERVER['HTTP_REFERER'] );
- if ( $ref && $ref !== $_SERVER['REQUEST_URI'] )
- return $ref;
+ if ( $ref && $ref !== wp_unslash( $_SERVER['REQUEST_URI'] ) )
+ return wp_validate_redirect( $ref, false );
return false;
}
@@ -1275,8 +1322,8 @@ function wp_get_referer() {
* @return string|bool False if no original referer or original referer if set.
*/
function wp_get_original_referer() {
- if ( !empty( $_REQUEST['_wp_original_http_referer'] ) )
- return $_REQUEST['_wp_original_http_referer'];
+ if ( ! empty( $_REQUEST['_wp_original_http_referer'] ) && function_exists( 'wp_validate_redirect' ) )
+ return wp_validate_redirect( wp_unslash( $_REQUEST['_wp_original_http_referer'] ), false );
return false;
}
@@ -1291,9 +1338,21 @@ function wp_get_original_referer() {
* @return bool Whether the path was created. True if path already exists.
*/
function wp_mkdir_p( $target ) {
+ $wrapper = null;
+
+ // strip the protocol
+ if( wp_is_stream( $target ) ) {
+ list( $wrapper, $target ) = explode( '://', $target, 2 );
+ }
+
// from php.net/mkdir user contributed notes
$target = str_replace( '//', '/', $target );
+ // put the wrapper back on the target
+ if( $wrapper !== null ) {
+ $target = $wrapper . '://' . $target;
+ }
+
// safe mode fails with a trailing slash under certain PHP versions.
$target = rtrim($target, '/'); // Use rtrim() instead of untrailingslashit to avoid formatting.php dependency.
if ( empty($target) )
@@ -1302,19 +1361,32 @@ function wp_mkdir_p( $target ) {
if ( file_exists( $target ) )
return @is_dir( $target );
- // Attempting to create the directory may clutter up our display.
- if ( @mkdir( $target ) ) {
- $stat = @stat( dirname( $target ) );
- $dir_perms = $stat['mode'] & 0007777; // Get the permission bits.
- @chmod( $target, $dir_perms );
- return true;
- } elseif ( is_dir( dirname( $target ) ) ) {
- return false;
+ // We need to find the permissions of the parent folder that exists and inherit that.
+ $target_parent = dirname( $target );
+ while ( '.' != $target_parent && ! is_dir( $target_parent ) ) {
+ $target_parent = dirname( $target_parent );
+ }
+
+ // Get the permission bits.
+ $dir_perms = false;
+ if ( $stat = @stat( $target_parent ) ) {
+ $dir_perms = $stat['mode'] & 0007777;
+ } else {
+ $dir_perms = 0777;
}
- // If the above failed, attempt to create the parent node, then try again.
- if ( ( $target != '/' ) && ( wp_mkdir_p( dirname( $target ) ) ) )
- return wp_mkdir_p( $target );
+ if ( @mkdir( $target, $dir_perms, true ) ) {
+
+ // If a umask is set that modifies $dir_perms, we'll have to re-set the $dir_perms correctly with chmod()
+ if ( $dir_perms != $dir_perms & ~umask() ) {
+ $folder_parts = explode( '/', substr( $target, strlen( $target_parent ) + 1 ) );
+ for ( $i = 1; $i <= count( $folder_parts ); $i++ ) {
+ @chmod( $target_parent . '/' . implode( '/', array_slice( $folder_parts, 0, $i ) ), $dir_perms );
+ }
+ }
+
+ return true;
+ }
return false;
}
@@ -1363,9 +1435,13 @@ function path_join( $base, $path ) {
/**
* Determines a writable directory for temporary files.
- * Function's preference is to WP_CONTENT_DIR followed by the return value of sys_get_temp_dir()
, before finally defaulting to /tmp/
+ * Function's preference is the return value of sys_get_temp_dir()
,
+ * followed by your PHP temporary upload directory, followed by WP_CONTENT_DIR,
+ * before finally defaulting to /tmp/
*
- * In the event that this function does not find a writable location, It may be overridden by the WP_TEMP_DIR
constant in your wp-config.php
file.
+ * In the event that this function does not find a writable location,
+ * It may be overridden by the WP_TEMP_DIR
constant in
+ * your wp-config.php
file.
*
* @since 2.5.0
*
@@ -1377,26 +1453,80 @@ function get_temp_dir() {
return trailingslashit(WP_TEMP_DIR);
if ( $temp )
- return trailingslashit($temp);
+ return trailingslashit( rtrim( $temp, '\\' ) );
- $temp = WP_CONTENT_DIR . '/';
- if ( is_dir($temp) && @is_writable($temp) )
- return $temp;
-
- if ( function_exists('sys_get_temp_dir') ) {
+ if ( function_exists('sys_get_temp_dir') ) {
$temp = sys_get_temp_dir();
- if ( @is_writable($temp) )
- return trailingslashit($temp);
+ if ( @is_dir( $temp ) && wp_is_writable( $temp ) )
+ return trailingslashit( rtrim( $temp, '\\' ) );
}
$temp = ini_get('upload_tmp_dir');
- if ( is_dir($temp) && @is_writable($temp) )
- return trailingslashit($temp);
+ if ( @is_dir( $temp ) && wp_is_writable( $temp ) )
+ return trailingslashit( rtrim( $temp, '\\' ) );
+
+ $temp = WP_CONTENT_DIR . '/';
+ if ( is_dir( $temp ) && wp_is_writable( $temp ) )
+ return $temp;
$temp = '/tmp/';
return $temp;
}
+/**
+ * Determine if a directory is writable.
+ *
+ * This function is used to work around certain ACL issues
+ * in PHP primarily affecting Windows Servers.
+ *
+ * @see win_is_writable()
+ *
+ * @since 3.6.0
+ *
+ * @param string $path
+ * @return bool
+ */
+function wp_is_writable( $path ) {
+ if ( 'WIN' === strtoupper( substr( PHP_OS, 0, 3 ) ) )
+ return win_is_writable( $path );
+ else
+ return @is_writable( $path );
+}
+
+/**
+ * Workaround for Windows bug in is_writable() function
+ *
+ * PHP has issues with Windows ACL's for determine if a
+ * directory is writable or not, this works around them by
+ * checking the ability to open files rather than relying
+ * upon PHP to interprate the OS ACL.
+ *
+ * @link http://bugs.php.net/bug.php?id=27609
+ * @link http://bugs.php.net/bug.php?id=30931
+ *
+ * @since 2.8.0
+ *
+ * @param string $path
+ * @return bool
+ */
+function win_is_writable( $path ) {
+
+ if ( $path[strlen( $path ) - 1] == '/' ) // if it looks like a directory, check a random file within the directory
+ return win_is_writable( $path . uniqid( mt_rand() ) . '.tmp');
+ else if ( is_dir( $path ) ) // If it's a directory (and not a file) check a random file within the directory
+ return win_is_writable( $path . '/' . uniqid( mt_rand() ) . '.tmp' );
+
+ // check tmp file for read/write capabilities
+ $should_delete_tmp_file = !file_exists( $path );
+ $f = @fopen( $path, 'a' );
+ if ( $f === false )
+ return false;
+ fclose( $f );
+ if ( $should_delete_tmp_file )
+ unlink( $path );
+ return true;
+}
+
/**
* Get an array containing the current upload directory's path and url.
*
@@ -1431,21 +1561,16 @@ function get_temp_dir() {
* @return array See above for description.
*/
function wp_upload_dir( $time = null ) {
- global $switched;
$siteurl = get_option( 'siteurl' );
- $upload_path = get_option( 'upload_path' );
- $upload_path = trim($upload_path);
- $main_override = is_multisite() && defined( 'MULTISITE' ) && is_main_site();
- if ( empty($upload_path) ) {
+ $upload_path = trim( get_option( 'upload_path' ) );
+
+ if ( empty( $upload_path ) || 'wp-content/uploads' == $upload_path ) {
$dir = WP_CONTENT_DIR . '/uploads';
+ } elseif ( 0 !== strpos( $upload_path, ABSPATH ) ) {
+ // $dir is absolute, $upload_path is (maybe) relative to ABSPATH
+ $dir = path_join( ABSPATH, $upload_path );
} else {
$dir = $upload_path;
- if ( 'wp-content/uploads' == $upload_path ) {
- $dir = WP_CONTENT_DIR . '/uploads';
- } elseif ( 0 !== strpos($dir, ABSPATH) ) {
- // $dir is absolute, $upload_path is (maybe) relative to ABSPATH
- $dir = path_join( ABSPATH, $dir );
- }
}
if ( !$url = get_option( 'upload_url_path' ) ) {
@@ -1455,19 +1580,54 @@ function wp_upload_dir( $time = null ) {
$url = trailingslashit( $siteurl ) . $upload_path;
}
- if ( defined('UPLOADS') && !$main_override && ( !isset( $switched ) || $switched === false ) ) {
+ // Obey the value of UPLOADS. This happens as long as ms-files rewriting is disabled.
+ // We also sometimes obey UPLOADS when rewriting is enabled -- see the next block.
+ if ( defined( 'UPLOADS' ) && ! ( is_multisite() && get_site_option( 'ms_files_rewriting' ) ) ) {
$dir = ABSPATH . UPLOADS;
$url = trailingslashit( $siteurl ) . UPLOADS;
}
- if ( is_multisite() && !$main_override && ( !isset( $switched ) || $switched === false ) ) {
- if ( defined( 'BLOGUPLOADDIR' ) )
- $dir = untrailingslashit(BLOGUPLOADDIR);
- $url = str_replace( UPLOADS, 'files', $url );
+ // If multisite (and if not the main site in a post-MU network)
+ if ( is_multisite() && ! ( is_main_network() && is_main_site() && defined( 'MULTISITE' ) ) ) {
+
+ if ( ! get_site_option( 'ms_files_rewriting' ) ) {
+ // If ms-files rewriting is disabled (networks created post-3.5), it is fairly straightforward:
+ // Append sites/%d if we're not on the main site (for post-MU networks). (The extra directory
+ // prevents a four-digit ID from conflicting with a year-based directory for the main site.
+ // But if a MU-era network has disabled ms-files rewriting manually, they don't need the extra
+ // directory, as they never had wp-content/uploads for the main site.)
+
+ if ( defined( 'MULTISITE' ) )
+ $ms_dir = '/sites/' . get_current_blog_id();
+ else
+ $ms_dir = '/' . get_current_blog_id();
+
+ $dir .= $ms_dir;
+ $url .= $ms_dir;
+
+ } elseif ( defined( 'UPLOADS' ) && ! ms_is_switched() ) {
+ // Handle the old-form ms-files.php rewriting if the network still has that enabled.
+ // When ms-files rewriting is enabled, then we only listen to UPLOADS when:
+ // 1) we are not on the main site in a post-MU network,
+ // as wp-content/uploads is used there, and
+ // 2) we are not switched, as ms_upload_constants() hardcodes
+ // these constants to reflect the original blog ID.
+ //
+ // Rather than UPLOADS, we actually use BLOGUPLOADDIR if it is set, as it is absolute.
+ // (And it will be set, see ms_upload_constants().) Otherwise, UPLOADS can be used, as
+ // as it is relative to ABSPATH. For the final piece: when UPLOADS is used with ms-files
+ // rewriting in multisite, the resulting URL is /files. (#WP22702 for background.)
+
+ if ( defined( 'BLOGUPLOADDIR' ) )
+ $dir = untrailingslashit( BLOGUPLOADDIR );
+ else
+ $dir = ABSPATH . UPLOADS;
+ $url = trailingslashit( $siteurl ) . 'files';
+ }
}
- $bdir = $dir;
- $burl = $url;
+ $basedir = $dir;
+ $baseurl = $url;
$subdir = '';
if ( get_option( 'uploads_use_yearmonth_folders' ) ) {
@@ -1482,7 +1642,15 @@ function wp_upload_dir( $time = null ) {
$dir .= $subdir;
$url .= $subdir;
- $uploads = apply_filters( 'upload_dir', array( 'path' => $dir, 'url' => $url, 'subdir' => $subdir, 'basedir' => $bdir, 'baseurl' => $burl, 'error' => false ) );
+ $uploads = apply_filters( 'upload_dir',
+ array(
+ 'path' => $dir,
+ 'url' => $url,
+ 'subdir' => $subdir,
+ 'basedir' => $basedir,
+ 'baseurl' => $baseurl,
+ 'error' => false,
+ ) );
// Make sure we have an uploads dir
if ( ! wp_mkdir_p( $uploads['path'] ) ) {
@@ -1492,7 +1660,7 @@ function wp_upload_dir( $time = null ) {
$error_path = basename( $uploads['basedir'] ) . $uploads['subdir'];
$message = sprintf( __( 'Unable to create directory %s. Is its parent directory writable by the server?' ), $error_path );
- return array( 'error' => $message );
+ $uploads['error'] = $message;
}
return $uploads;
@@ -1591,7 +1759,7 @@ function wp_upload_bits( $name, $deprecated, $bits, $time = null ) {
return array( 'error' => __( 'Empty filename' ) );
$wp_filetype = wp_check_filetype( $name );
- if ( !$wp_filetype['ext'] )
+ if ( ! $wp_filetype['ext'] && ! current_user_can( 'unfiltered_upload' ) )
return array( 'error' => __( 'Invalid file type' ) );
$upload = wp_upload_dir( $time );
@@ -1650,19 +1818,24 @@ function wp_upload_bits( $name, $deprecated, $bits, $time = null ) {
* @return string|null The file type, example: audio, video, document, spreadsheet, etc. Null if not found.
*/
function wp_ext2type( $ext ) {
+ $ext = strtolower( $ext );
$ext2type = apply_filters( 'ext2type', array(
- 'audio' => array( 'aac', 'ac3', 'aif', 'aiff', 'm3a', 'm4a', 'm4b', 'mka', 'mp1', 'mp2', 'mp3', 'ogg', 'oga', 'ram', 'wav', 'wma' ),
- 'video' => array( 'asf', 'avi', 'divx', 'dv', 'flv', 'm4v', 'mkv', 'mov', 'mp4', 'mpeg', 'mpg', 'mpv', 'ogm', 'ogv', 'qt', 'rm', 'vob', 'wmv' ),
- 'document' => array( 'doc', 'docx', 'docm', 'dotm', 'odt', 'pages', 'pdf', 'rtf', 'wp', 'wpd' ),
- 'spreadsheet' => array( 'numbers', 'ods', 'xls', 'xlsx', 'xlsb', 'xlsm' ),
- 'interactive' => array( 'key', 'ppt', 'pptx', 'pptm', 'odp', 'swf' ),
+ 'image' => array( 'jpg', 'jpeg', 'jpe', 'gif', 'png', 'bmp', 'tif', 'tiff', 'ico' ),
+ 'audio' => array( 'aac', 'ac3', 'aif', 'aiff', 'm3a', 'm4a', 'm4b', 'mka', 'mp1', 'mp2', 'mp3', 'ogg', 'oga', 'ram', 'wav', 'wma' ),
+ 'video' => array( 'asf', 'avi', 'divx', 'dv', 'flv', 'm4v', 'mkv', 'mov', 'mp4', 'mpeg', 'mpg', 'mpv', 'ogm', 'ogv', 'qt', 'rm', 'vob', 'wmv' ),
+ 'document' => array( 'doc', 'docx', 'docm', 'dotm', 'odt', 'pages', 'pdf', 'rtf', 'wp', 'wpd' ),
+ 'spreadsheet' => array( 'numbers', 'ods', 'xls', 'xlsx', 'xlsm', 'xlsb' ),
+ 'interactive' => array( 'swf', 'key', 'ppt', 'pptx', 'pptm', 'pps', 'ppsx', 'ppsm', 'sldx', 'sldm', 'odp' ),
'text' => array( 'asc', 'csv', 'tsv', 'txt' ),
- 'archive' => array( 'bz2', 'cab', 'dmg', 'gz', 'rar', 'sea', 'sit', 'sqx', 'tar', 'tgz', 'zip', '7z' ),
+ 'archive' => array( 'bz2', 'cab', 'dmg', 'gz', 'rar', 'sea', 'sit', 'sqx', 'tar', 'tgz', 'zip', '7z' ),
'code' => array( 'css', 'htm', 'html', 'php', 'js' ),
- ));
+ ) );
+
foreach ( $ext2type as $type => $exts )
if ( in_array( $ext, $exts ) )
return $type;
+
+ return null;
}
/**
@@ -1705,8 +1878,8 @@ function wp_check_filetype( $filename, $mimes = null ) {
*
* @since 3.0.0
*
- * @param string $file Full path to the image.
- * @param string $filename The filename of the image (may differ from $file due to $file being in a tmp directory)
+ * @param string $file Full path to the file.
+ * @param string $filename The name of the file (may differ from $file due to $file being in a tmp directory)
* @param array $mimes Optional. Key is the file extension with value as the mime type.
* @return array Values for the extension, MIME, and either a corrected filename or false if original $filename is valid
*/
@@ -1763,101 +1936,133 @@ function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) {
}
/**
- * Retrieve list of allowed mime types and file extensions.
+ * Retrieve list of mime types and file extensions.
*
- * @since 2.8.6
+ * @since 3.5.0
+ *
+ * @uses apply_filters() Calls 'mime_types' on returned array. This filter should
+ * be used to add types, not remove them. To remove types use the upload_mimes filter.
*
* @return array Array of mime types keyed by the file extension regex corresponding to those types.
*/
-function get_allowed_mime_types() {
- static $mimes = false;
-
- if ( !$mimes ) {
- // Accepted MIME types are set here as PCRE unless provided.
- $mimes = apply_filters( 'upload_mimes', array(
- 'jpg|jpeg|jpe' => 'image/jpeg',
- 'gif' => 'image/gif',
- 'png' => 'image/png',
- 'bmp' => 'image/bmp',
- 'tif|tiff' => 'image/tiff',
- 'ico' => 'image/x-icon',
- 'asf|asx|wax|wmv|wmx' => 'video/asf',
- 'avi' => 'video/avi',
- 'divx' => 'video/divx',
- 'flv' => 'video/x-flv',
- 'mov|qt' => 'video/quicktime',
- 'mpeg|mpg|mpe' => 'video/mpeg',
- 'txt|asc|c|cc|h' => 'text/plain',
- 'csv' => 'text/csv',
- 'tsv' => 'text/tab-separated-values',
- 'ics' => 'text/calendar',
- 'rtx' => 'text/richtext',
- 'css' => 'text/css',
- 'htm|html' => 'text/html',
- 'mp3|m4a|m4b' => 'audio/mpeg',
- 'mp4|m4v' => 'video/mp4',
- 'ra|ram' => 'audio/x-realaudio',
- 'wav' => 'audio/wav',
- 'ogg|oga' => 'audio/ogg',
- 'ogv' => 'video/ogg',
- 'mid|midi' => 'audio/midi',
- 'wma' => 'audio/wma',
- 'mka' => 'audio/x-matroska',
- 'mkv' => 'video/x-matroska',
- 'rtf' => 'application/rtf',
- 'js' => 'application/javascript',
- 'pdf' => 'application/pdf',
- 'doc|docx' => 'application/msword',
- 'pot|pps|ppt|pptx|ppam|pptm|sldm|ppsm|potm' => 'application/vnd.ms-powerpoint',
- 'wri' => 'application/vnd.ms-write',
- 'xla|xls|xlsx|xlt|xlw|xlam|xlsb|xlsm|xltm' => 'application/vnd.ms-excel',
- 'mdb' => 'application/vnd.ms-access',
- 'mpp' => 'application/vnd.ms-project',
- 'docm|dotm' => 'application/vnd.ms-word',
- 'pptx|sldx|ppsx|potx' => 'application/vnd.openxmlformats-officedocument.presentationml',
- 'xlsx|xltx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml',
- 'docx|dotx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml',
- 'onetoc|onetoc2|onetmp|onepkg' => 'application/onenote',
- 'swf' => 'application/x-shockwave-flash',
- 'class' => 'application/java',
- 'tar' => 'application/x-tar',
- 'zip' => 'application/zip',
- 'gz|gzip' => 'application/x-gzip',
- 'rar' => 'application/rar',
- '7z' => 'application/x-7z-compressed',
- 'exe' => 'application/x-msdownload',
- // openoffice formats
- 'odt' => 'application/vnd.oasis.opendocument.text',
- 'odp' => 'application/vnd.oasis.opendocument.presentation',
- 'ods' => 'application/vnd.oasis.opendocument.spreadsheet',
- 'odg' => 'application/vnd.oasis.opendocument.graphics',
- 'odc' => 'application/vnd.oasis.opendocument.chart',
- 'odb' => 'application/vnd.oasis.opendocument.database',
- 'odf' => 'application/vnd.oasis.opendocument.formula',
- // wordperfect formats
- 'wp|wpd' => 'application/wordperfect',
- ) );
- }
-
- return $mimes;
+function wp_get_mime_types() {
+ // Accepted MIME types are set here as PCRE unless provided.
+ return apply_filters( 'mime_types', array(
+ // Image formats
+ 'jpg|jpeg|jpe' => 'image/jpeg',
+ 'gif' => 'image/gif',
+ 'png' => 'image/png',
+ 'bmp' => 'image/bmp',
+ 'tif|tiff' => 'image/tiff',
+ 'ico' => 'image/x-icon',
+ // Video formats
+ 'asf|asx' => 'video/x-ms-asf',
+ 'wmv' => 'video/x-ms-wmv',
+ 'wmx' => 'video/x-ms-wmx',
+ 'wm' => 'video/x-ms-wm',
+ 'avi' => 'video/avi',
+ 'divx' => 'video/divx',
+ 'flv' => 'video/x-flv',
+ 'mov|qt' => 'video/quicktime',
+ 'mpeg|mpg|mpe' => 'video/mpeg',
+ 'mp4|m4v' => 'video/mp4',
+ 'ogv' => 'video/ogg',
+ 'webm' => 'video/webm',
+ 'mkv' => 'video/x-matroska',
+ // Text formats
+ 'txt|asc|c|cc|h' => 'text/plain',
+ 'csv' => 'text/csv',
+ 'tsv' => 'text/tab-separated-values',
+ 'ics' => 'text/calendar',
+ 'rtx' => 'text/richtext',
+ 'css' => 'text/css',
+ 'htm|html' => 'text/html',
+ // Audio formats
+ 'mp3|m4a|m4b' => 'audio/mpeg',
+ 'ra|ram' => 'audio/x-realaudio',
+ 'wav' => 'audio/wav',
+ 'ogg|oga' => 'audio/ogg',
+ 'mid|midi' => 'audio/midi',
+ 'wma' => 'audio/x-ms-wma',
+ 'wax' => 'audio/x-ms-wax',
+ 'mka' => 'audio/x-matroska',
+ // Misc application formats
+ 'rtf' => 'application/rtf',
+ 'js' => 'application/javascript',
+ 'pdf' => 'application/pdf',
+ 'swf' => 'application/x-shockwave-flash',
+ 'class' => 'application/java',
+ 'tar' => 'application/x-tar',
+ 'zip' => 'application/zip',
+ 'gz|gzip' => 'application/x-gzip',
+ 'rar' => 'application/rar',
+ '7z' => 'application/x-7z-compressed',
+ 'exe' => 'application/x-msdownload',
+ // MS Office formats
+ 'doc' => 'application/msword',
+ 'pot|pps|ppt' => 'application/vnd.ms-powerpoint',
+ 'wri' => 'application/vnd.ms-write',
+ 'xla|xls|xlt|xlw' => 'application/vnd.ms-excel',
+ 'mdb' => 'application/vnd.ms-access',
+ 'mpp' => 'application/vnd.ms-project',
+ 'docx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+ 'docm' => 'application/vnd.ms-word.document.macroEnabled.12',
+ 'dotx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.template',
+ 'dotm' => 'application/vnd.ms-word.template.macroEnabled.12',
+ 'xlsx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+ 'xlsm' => 'application/vnd.ms-excel.sheet.macroEnabled.12',
+ 'xlsb' => 'application/vnd.ms-excel.sheet.binary.macroEnabled.12',
+ 'xltx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.template',
+ 'xltm' => 'application/vnd.ms-excel.template.macroEnabled.12',
+ 'xlam' => 'application/vnd.ms-excel.addin.macroEnabled.12',
+ 'pptx' => 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
+ 'pptm' => 'application/vnd.ms-powerpoint.presentation.macroEnabled.12',
+ 'ppsx' => 'application/vnd.openxmlformats-officedocument.presentationml.slideshow',
+ 'ppsm' => 'application/vnd.ms-powerpoint.slideshow.macroEnabled.12',
+ 'potx' => 'application/vnd.openxmlformats-officedocument.presentationml.template',
+ 'potm' => 'application/vnd.ms-powerpoint.template.macroEnabled.12',
+ 'ppam' => 'application/vnd.ms-powerpoint.addin.macroEnabled.12',
+ 'sldx' => 'application/vnd.openxmlformats-officedocument.presentationml.slide',
+ 'sldm' => 'application/vnd.ms-powerpoint.slide.macroEnabled.12',
+ 'onetoc|onetoc2|onetmp|onepkg' => 'application/onenote',
+ // OpenOffice formats
+ 'odt' => 'application/vnd.oasis.opendocument.text',
+ 'odp' => 'application/vnd.oasis.opendocument.presentation',
+ 'ods' => 'application/vnd.oasis.opendocument.spreadsheet',
+ 'odg' => 'application/vnd.oasis.opendocument.graphics',
+ 'odc' => 'application/vnd.oasis.opendocument.chart',
+ 'odb' => 'application/vnd.oasis.opendocument.database',
+ 'odf' => 'application/vnd.oasis.opendocument.formula',
+ // WordPerfect formats
+ 'wp|wpd' => 'application/wordperfect',
+ // iWork formats
+ 'key' => 'application/vnd.apple.keynote',
+ 'numbers' => 'application/vnd.apple.numbers',
+ 'pages' => 'application/vnd.apple.pages',
+ ) );
}
-
/**
- * Retrieve nonce action "Are you sure" message.
+ * Retrieve list of allowed mime types and file extensions.
*
- * Deprecated in 3.4.1 and 3.5.0. Backported to 3.3.3.
+ * @since 2.8.6
*
- * @since 2.0.4
- * @deprecated 3.4.1
- * @deprecated Use wp_nonce_ays()
- * @see wp_nonce_ays()
+ * @uses apply_filters() Calls 'upload_mimes' on returned array
+ * @uses wp_get_upload_mime_types() to fetch the list of mime types
*
- * @param string $action Nonce action.
- * @return string Are you sure message.
+ * @param int|WP_User $user Optional. User to check. Defaults to current user.
+ * @return array Array of mime types keyed by the file extension regex corresponding to those types.
*/
-function wp_explain_nonce( $action ) {
- _deprecated_function( __FUNCTION__, '3.4.1', 'wp_nonce_ays()' );
- return __( 'Are you sure you want to do this?' );
+function get_allowed_mime_types( $user = null ) {
+ $t = wp_get_mime_types();
+
+ unset( $t['swf'], $t['exe'] );
+ if ( function_exists( 'current_user_can' ) )
+ $unfiltered = $user ? user_can( $user, 'unfiltered_html' ) : current_user_can( 'unfiltered_html' );
+
+ if ( empty( $unfiltered ) )
+ unset( $t['htm|html'] );
+
+ return apply_filters( 'upload_mimes', $t, $user );
}
/**
@@ -1906,8 +2111,6 @@ function wp_die( $message = '', $title = '', $args = array() ) {
$function = apply_filters( 'wp_die_ajax_handler', '_ajax_wp_die_handler' );
elseif ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST )
$function = apply_filters( 'wp_die_xmlrpc_handler', '_xmlrpc_wp_die_handler' );
- elseif ( defined( 'APP_REQUEST' ) && APP_REQUEST )
- $function = apply_filters( 'wp_die_app_handler', '_scalar_wp_die_handler' );
else
$function = apply_filters( 'wp_die_handler', '_default_wp_die_handler' );
@@ -1985,24 +2188,23 @@ function _default_wp_die_handler( $message, $title = '', $args = array() ) {