/**
* Core User Role & Capabilities API
*
* @package WordPress
* @subpackage Users
*/
/**
* Maps a capability to the primitive capabilities required of the given user to
* satisfy the capability being checked.
*
* This function also accepts an ID of an object to map against if the capability is a meta capability. Meta
* capabilities such as `edit_post` and `edit_user` are capabilities used by this function to map to primitive
* capabilities that a user or role requires, such as `edit_posts` and `edit_others_posts`.
*
* Example usage:
*
* map_meta_cap( 'edit_posts', $user->ID );
* map_meta_cap( 'edit_post', $user->ID, $post->ID );
* map_meta_cap( 'edit_post_meta', $user->ID, $post->ID, $meta_key );
*
* This function does not check whether the user has the required capabilities,
* it just returns what the required capabilities are.
*
* @since 2.0.0
* @since 4.9.6 Added the `export_others_personal_data`, `erase_others_personal_data`,
* and `manage_privacy_options` capabilities.
* @since 5.1.0 Added the `update_php` capability.
* @since 5.2.0 Added the `resume_plugin` and `resume_theme` capabilities.
* @since 5.3.0 Formalized the existing and already documented `...$args` parameter
* by adding it to the function signature.
* @since 5.7.0 Added the `create_app_password`, `list_app_passwords`, `read_app_password`,
* `edit_app_password`, `delete_app_passwords`, `delete_app_password`,
* and `update_https` capabilities.
* @since 6.7.0 Added the `edit_block_binding` capability.
*
* @global array $post_type_meta_caps Used to get post type meta capabilities.
*
* @param string $cap Capability being checked.
* @param int $user_id User ID.
* @param mixed ...$args Optional further parameters, typically starting with an object ID.
* @return string[] Primitive capabilities required of the user.
*/
function map_meta_cap( $cap, $user_id, ...$args ) {
$caps = array();
switch ( $cap ) {
case 'remove_user':
// In multisite the user must be a super admin to remove themselves.
if ( isset( $args[0] ) && $user_id === (int) $args[0] && ! is_super_admin( $user_id ) ) {
$caps[] = 'do_not_allow';
} else {
$caps[] = 'remove_users';
}
break;
case 'promote_user':
case 'add_users':
$caps[] = 'promote_users';
break;
case 'edit_user':
case 'edit_users':
// Allow user to edit themselves.
if ( 'edit_user' === $cap && isset( $args[0] ) && $user_id === (int) $args[0] ) {
break;
}
// In multisite the user must have manage_network_users caps. If editing a super admin, the user must be a super admin.
if ( is_multisite() && ( ( ! is_super_admin( $user_id ) && 'edit_user' === $cap && is_super_admin( $args[0] ) ) || ! user_can( $user_id, 'manage_network_users' ) ) ) {
$caps[] = 'do_not_allow';
} else {
$caps[] = 'edit_users'; // edit_user maps to edit_users.
}
break;
case 'delete_post':
case 'delete_page':
if ( ! isset( $args[0] ) ) {
if ( 'delete_post' === $cap ) {
/* translators: %s: Capability name. */
$message = __( 'When checking for the %s capability, you must always check it against a specific post.' );
} else {
/* translators: %s: Capability name. */
$message = __( 'When checking for the %s capability, you must always check it against a specific page.' );
}
_doing_it_wrong(
__FUNCTION__,
sprintf( $message, '' . $cap . '' ),
'6.1.0'
);
$caps[] = 'do_not_allow';
break;
}
$post = get_post( $args[0] );
if ( ! $post ) {
$caps[] = 'do_not_allow';
break;
}
if ( 'revision' === $post->post_type ) {
$caps[] = 'do_not_allow';
break;
}
if ( (int) get_option( 'page_for_posts' ) === $post->ID
|| (int) get_option( 'page_on_front' ) === $post->ID
) {
$caps[] = 'manage_options';
break;
}
$post_type = get_post_type_object( $post->post_type );
if ( ! $post_type ) {
/* translators: 1: Post type, 2: Capability name. */
$message = __( 'The post type %1$s is not registered, so it may not be reliable to check the capability %2$s against a post of that type.' );
_doing_it_wrong(
__FUNCTION__,
sprintf(
$message,
'' . $post->post_type . '',
'' . $cap . ''
),
'4.4.0'
);
$caps[] = 'edit_others_posts';
break;
}
if ( ! $post_type->map_meta_cap ) {
$caps[] = $post_type->cap->$cap;
// Prior to 3.1 we would re-call map_meta_cap here.
if ( 'delete_post' === $cap ) {
$cap = $post_type->cap->$cap;
}
break;
}
// If the post author is set and the user is the author...
if ( $post->post_author && $user_id === (int) $post->post_author ) {
// If the post is published or scheduled...
if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) {
$caps[] = $post_type->cap->delete_published_posts;
} elseif ( 'trash' === $post->post_status ) {
$status = get_post_meta( $post->ID, '_wp_trash_meta_status', true );
if ( in_array( $status, array( 'publish', 'future' ), true ) ) {
$caps[] = $post_type->cap->delete_published_posts;
} else {
$caps[] = $post_type->cap->delete_posts;
}
} else {
// If the post is draft...
$caps[] = $post_type->cap->delete_posts;
}
} else {
// The user is trying to edit someone else's post.
$caps[] = $post_type->cap->delete_others_posts;
// The post is published or scheduled, extra cap required.
if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) {
$caps[] = $post_type->cap->delete_published_posts;
} elseif ( 'private' === $post->post_status ) {
$caps[] = $post_type->cap->delete_private_posts;
}
}
/*
* Setting the privacy policy page requires `manage_privacy_options`,
* so deleting it should require that too.
*/
if ( (int) get_option( 'wp_page_for_privacy_policy' ) === $post->ID ) {
$caps = array_merge( $caps, map_meta_cap( 'manage_privacy_options', $user_id ) );
}
break;
/*
* edit_post breaks down to edit_posts, edit_published_posts, or
* edit_others_posts.
*/
case 'edit_post':
case 'edit_page':
if ( ! isset( $args[0] ) ) {
if ( 'edit_post' === $cap ) {
/* translators: %s: Capability name. */
$message = __( 'When checking for the %s capability, you must always check it against a specific post.' );
} else {
/* translators: %s: Capability name. */
$message = __( 'When checking for the %s capability, you must always check it against a specific page.' );
}
_doing_it_wrong(
__FUNCTION__,
sprintf( $message, '' . $cap . '' ),
'6.1.0'
);
$caps[] = 'do_not_allow';
break;
}
$post = get_post( $args[0] );
if ( ! $post ) {
$caps[] = 'do_not_allow';
break;
}
if ( 'revision' === $post->post_type ) {
$post = get_post( $post->post_parent );
if ( ! $post ) {
$caps[] = 'do_not_allow';
break;
}
}
$post_type = get_post_type_object( $post->post_type );
if ( ! $post_type ) {
/* translators: 1: Post type, 2: Capability name. */
$message = __( 'The post type %1$s is not registered, so it may not be reliable to check the capability %2$s against a post of that type.' );
_doing_it_wrong(
__FUNCTION__,
sprintf(
$message,
'' . $post->post_type . '',
'' . $cap . ''
),
'4.4.0'
);
$caps[] = 'edit_others_posts';
break;
}
if ( ! $post_type->map_meta_cap ) {
$caps[] = $post_type->cap->$cap;
// Prior to 3.1 we would re-call map_meta_cap here.
if ( 'edit_post' === $cap ) {
$cap = $post_type->cap->$cap;
}
break;
}
// If the post author is set and the user is the author...
if ( $post->post_author && $user_id === (int) $post->post_author ) {
// If the post is published or scheduled...
if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) {
$caps[] = $post_type->cap->edit_published_posts;
} elseif ( 'trash' === $post->post_status ) {
$status = get_post_meta( $post->ID, '_wp_trash_meta_status', true );
if ( in_array( $status, array( 'publish', 'future' ), true ) ) {
$caps[] = $post_type->cap->edit_published_posts;
} else {
$caps[] = $post_type->cap->edit_posts;
}
} else {
// If the post is draft...
$caps[] = $post_type->cap->edit_posts;
}
} else {
// The user is trying to edit someone else's post.
$caps[] = $post_type->cap->edit_others_posts;
// The post is published or scheduled, extra cap required.
if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) {
$caps[] = $post_type->cap->edit_published_posts;
} elseif ( 'private' === $post->post_status ) {
$caps[] = $post_type->cap->edit_private_posts;
}
}
/*
* Setting the privacy policy page requires `manage_privacy_options`,
* so editing it should require that too.
*/
if ( (int) get_option( 'wp_page_for_privacy_policy' ) === $post->ID ) {
$caps = array_merge( $caps, map_meta_cap( 'manage_privacy_options', $user_id ) );
}
break;
case 'read_post':
case 'read_page':
if ( ! isset( $args[0] ) ) {
if ( 'read_post' === $cap ) {
/* translators: %s: Capability name. */
$message = __( 'When checking for the %s capability, you must always check it against a specific post.' );
} else {
/* translators: %s: Capability name. */
$message = __( 'When checking for the %s capability, you must always check it against a specific page.' );
}
_doing_it_wrong(
__FUNCTION__,
sprintf( $message, '' . $cap . '' ),
'6.1.0'
);
$caps[] = 'do_not_allow';
break;
}
$post = get_post( $args[0] );
if ( ! $post ) {
$caps[] = 'do_not_allow';
break;
}
if ( 'revision' === $post->post_type ) {
$post = get_post( $post->post_parent );
if ( ! $post ) {
$caps[] = 'do_not_allow';
break;
}
}
$post_type = get_post_type_object( $post->post_type );
if ( ! $post_type ) {
/* translators: 1: Post type, 2: Capability name. */
$message = __( 'The post type %1$s is not registered, so it may not be reliable to check the capability %2$s against a post of that type.' );
_doing_it_wrong(
__FUNCTION__,
sprintf(
$message,
'' . $post->post_type . '',
'' . $cap . ''
),
'4.4.0'
);
$caps[] = 'edit_others_posts';
break;
}
if ( ! $post_type->map_meta_cap ) {
$caps[] = $post_type->cap->$cap;
// Prior to 3.1 we would re-call map_meta_cap here.
if ( 'read_post' === $cap ) {
$cap = $post_type->cap->$cap;
}
break;
}
$status_obj = get_post_status_object( get_post_status( $post ) );
if ( ! $status_obj ) {
/* translators: 1: Post status, 2: Capability name. */
$message = __( 'The post status %1$s is not registered, so it may not be reliable to check the capability %2$s against a post with that status.' );
_doing_it_wrong(
__FUNCTION__,
sprintf(
$message,
'' . get_post_status( $post ) . '',
'' . $cap . ''
),
'5.4.0'
);
$caps[] = 'edit_others_posts';
break;
}
if ( $status_obj->public ) {
$caps[] = $post_type->cap->read;
break;
}
if ( $post->post_author && $user_id === (int) $post->post_author ) {
$caps[] = $post_type->cap->read;
} elseif ( $status_obj->private ) {
$caps[] = $post_type->cap->read_private_posts;
} else {
$caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
}
break;
case 'publish_post':
if ( ! isset( $args[0] ) ) {
/* translators: %s: Capability name. */
$message = __( 'When checking for the %s capability, you must always check it against a specific post.' );
_doing_it_wrong(
__FUNCTION__,
sprintf( $message, '' . $cap . '' ),
'6.1.0'
);
$caps[] = 'do_not_allow';
break;
}
$post = get_post( $args[0] );
if ( ! $post ) {
$caps[] = 'do_not_allow';
break;
}
$post_type = get_post_type_object( $post->post_type );
if ( ! $post_type ) {
/* translators: 1: Post type, 2: Capability name. */
$message = __( 'The post type %1$s is not registered, so it may not be reliable to check the capability %2$s against a post of that type.' );
_doing_it_wrong(
__FUNCTION__,
sprintf(
$message,
'' . $post->post_type . '',
'' . $cap . ''
),
'4.4.0'
);
$caps[] = 'edit_others_posts';
break;
}
$caps[] = $post_type->cap->publish_posts;
break;
case 'edit_post_meta':
case 'delete_post_meta':
case 'add_post_meta':
case 'edit_comment_meta':
case 'delete_comment_meta':
case 'add_comment_meta':
case 'edit_term_meta':
case 'delete_term_meta':
case 'add_term_meta':
case 'edit_user_meta':
case 'delete_user_meta':
case 'add_user_meta':
$object_type = explode( '_', $cap )[1];
if ( ! isset( $args[0] ) ) {
if ( 'post' === $object_type ) {
/* translators: %s: Capability name. */
$message = __( 'When checking for the %s capability, you must always check it against a specific post.' );
} elseif ( 'comment' === $object_type ) {
/* translators: %s: Capability name. */
$message = __( 'When checking for the %s capability, you must always check it against a specific comment.' );
} elseif ( 'term' === $object_type ) {
/* translators: %s: Capability name. */
$message = __( 'When checking for the %s capability, you must always check it against a specific term.' );
} else {
/* translators: %s: Capability name. */
$message = __( 'When checking for the %s capability, you must always check it against a specific user.' );
}
_doing_it_wrong(
__FUNCTION__,
sprintf( $message, '' . $cap . '' ),
'6.1.0'
);
$caps[] = 'do_not_allow';
break;
}
$object_id = (int) $args[0];
$object_subtype = get_object_subtype( $object_type, $object_id );
if ( empty( $object_subtype ) ) {
$caps[] = 'do_not_allow';
break;
}
$caps = map_meta_cap( "edit_{$object_type}", $user_id, $object_id );
$meta_key = isset( $args[1] ) ? $args[1] : false;
if ( $meta_key ) {
$allowed = ! is_protected_meta( $meta_key, $object_type );
if ( ! empty( $object_subtype ) && has_filter( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}" ) ) {
/**
* Filters whether the user is allowed to edit a specific meta key of a specific object type and subtype.
*
* The dynamic portions of the hook name, `$object_type`, `$meta_key`,
* and `$object_subtype`, refer to the metadata object type (comment, post, term or user),
* the meta key value, and the object subtype respectively.
*
* @since 4.9.8
*
* @param bool $allowed Whether the user can add the object meta. Default false.
* @param string $meta_key The meta key.
* @param int $object_id Object ID.
* @param int $user_id User ID.
* @param string $cap Capability name.
* @param string[] $caps Array of the user's capabilities.
*/
$allowed = apply_filters( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $allowed, $meta_key, $object_id, $user_id, $cap, $caps );
} else {
/**
* Filters whether the user is allowed to edit a specific meta key of a specific object type.
*
* Return true to have the mapped meta caps from `edit_{$object_type}` apply.
*
* The dynamic portion of the hook name, `$object_type` refers to the object type being filtered.
* The dynamic portion of the hook name, `$meta_key`, refers to the meta key passed to map_meta_cap().
*
* @since 3.3.0 As `auth_post_meta_{$meta_key}`.
* @since 4.6.0
*
* @param bool $allowed Whether the user can add the object meta. Default false.
* @param string $meta_key The meta key.
* @param int $object_id Object ID.
* @param int $user_id User ID.
* @param string $cap Capability name.
* @param string[] $caps Array of the user's capabilities.
*/
$allowed = apply_filters( "auth_{$object_type}_meta_{$meta_key}", $allowed, $meta_key, $object_id, $user_id, $cap, $caps );
}
if ( ! empty( $object_subtype ) ) {
/**
* Filters whether the user is allowed to edit meta for specific object types/subtypes.
*
* Return true to have the mapped meta caps from `edit_{$object_type}` apply.
*
* The dynamic portion of the hook name, `$object_type` refers to the object type being filtered.
* The dynamic portion of the hook name, `$object_subtype` refers to the object subtype being filtered.
* The dynamic portion of the hook name, `$meta_key`, refers to the meta key passed to map_meta_cap().
*
* @since 4.6.0 As `auth_post_{$post_type}_meta_{$meta_key}`.
* @since 4.7.0 Renamed from `auth_post_{$post_type}_meta_{$meta_key}` to
* `auth_{$object_type}_{$object_subtype}_meta_{$meta_key}`.
* @deprecated 4.9.8 Use {@see 'auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}'} instead.
*
* @param bool $allowed Whether the user can add the object meta. Default false.
* @param string $meta_key The meta key.
* @param int $object_id Object ID.
* @param int $user_id User ID.
* @param string $cap Capability name.
* @param string[] $caps Array of the user's capabilities.
*/
$allowed = apply_filters_deprecated(
"auth_{$object_type}_{$object_subtype}_meta_{$meta_key}",
array( $allowed, $meta_key, $object_id, $user_id, $cap, $caps ),
'4.9.8',
"auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}"
);
}
if ( ! $allowed ) {
$caps[] = $cap;
}
}
break;
case 'edit_comment':
if ( ! isset( $args[0] ) ) {
/* translators: %s: Capability name. */
$message = __( 'When checking for the %s capability, you must always check it against a specific comment.' );
_doing_it_wrong(
__FUNCTION__,
sprintf( $message, '' . $cap . '' ),
'6.1.0'
);
$caps[] = 'do_not_allow';
break;
}
$comment = get_comment( $args[0] );
if ( ! $comment ) {
$caps[] = 'do_not_allow';
break;
}
$post = get_post( $comment->comment_post_ID );
/*
* If the post doesn't exist, we have an orphaned comment.
* Fall back to the edit_posts capability, instead.
*/
if ( $post ) {
$caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
} else {
$caps = map_meta_cap( 'edit_posts', $user_id );
}
break;
case 'unfiltered_upload':
if ( defined( 'ALLOW_UNFILTERED_UPLOADS' ) && ALLOW_UNFILTERED_UPLOADS && ( ! is_multisite() || is_super_admin( $user_id ) ) ) {
$caps[] = $cap;
} else {
$caps[] = 'do_not_allow';
}
break;
case 'edit_css':
case 'unfiltered_html':
// Disallow unfiltered_html for all users, even admins and super admins.
if ( defined( 'DISALLOW_UNFILTERED_HTML' ) && DISALLOW_UNFILTERED_HTML ) {
$caps[] = 'do_not_allow';
} elseif ( is_multisite() && ! is_super_admin( $user_id ) ) {
$caps[] = 'do_not_allow';
} else {
$caps[] = 'unfiltered_html';
}
break;
case 'edit_files':
case 'edit_plugins':
case 'edit_themes':
// Disallow the file editors.
if ( defined( 'DISALLOW_FILE_EDIT' ) && DISALLOW_FILE_EDIT ) {
$caps[] = 'do_not_allow';
} elseif ( ! wp_is_file_mod_allowed( 'capability_edit_themes' ) ) {
$caps[] = 'do_not_allow';
} elseif ( is_multisite() && ! is_super_admin( $user_id ) ) {
$caps[] = 'do_not_allow';
} else {
$caps[] = $cap;
}
break;
case 'update_plugins':
case 'delete_plugins':
case 'install_plugins':
case 'upload_plugins':
case 'update_themes':
case 'delete_themes':
case 'install_themes':
case 'upload_themes':
case 'update_core':
/*
* Disallow anything that creates, deletes, or updates core, plugin, or theme files.
* Files in uploads are excepted.
*/
if ( ! wp_is_file_mod_allowed( 'capability_update_core' ) ) {
$caps[] = 'do_not_allow';
} elseif ( is_multisite() && ! is_super_admin( $user_id ) ) {
$caps[] = 'do_not_allow';
} elseif ( 'upload_themes' === $cap ) {
$caps[] = 'install_themes';
} elseif ( 'upload_plugins' === $cap ) {
$caps[] = 'install_plugins';
} else {
$caps[] = $cap;
}
break;
case 'install_languages':
case 'update_languages':
if ( ! wp_is_file_mod_allowed( 'can_install_language_pack' ) ) {
$caps[] = 'do_not_allow';
} elseif ( is_multisite() && ! is_super_admin( $user_id ) ) {
$caps[] = 'do_not_allow';
} else {
$caps[] = 'install_languages';
}
break;
case 'activate_plugins':
case 'deactivate_plugins':
case 'activate_plugin':
case 'deactivate_plugin':
$caps[] = 'activate_plugins';
if ( is_multisite() ) {
// update_, install_, and delete_ are handled above with is_super_admin().
$menu_perms = get_site_option( 'menu_items', array() );
if ( empty( $menu_perms['plugins'] ) ) {
$caps[] = 'manage_network_plugins';
}
}
break;
case 'resume_plugin':
$caps[] = 'resume_plugins';
break;
case 'resume_theme':
$caps[] = 'resume_themes';
break;
case 'delete_user':
case 'delete_users':
// If multisite only super admins can delete users.
if ( is_multisite() && ! is_super_admin( $user_id ) ) {
$caps[] = 'do_not_allow';
} else {
$caps[] = 'delete_users'; // delete_user maps to delete_users.
}
break;
case 'create_users':
if ( ! is_multisite() ) {
$caps[] = $cap;
} elseif ( is_super_admin( $user_id ) || get_site_option( 'add_new_users' ) ) {
$caps[] = $cap;
} else {
$caps[] = 'do_not_allow';
}
break;
case 'manage_links':
if ( get_option( 'link_manager_enabled' ) ) {
$caps[] = $cap;
} else {
$caps[] = 'do_not_allow';
}
break;
case 'customize':
$caps[] = 'edit_theme_options';
break;
case 'delete_site':
if ( is_multisite() ) {
$caps[] = 'manage_options';
} else {
$caps[] = 'do_not_allow';
}
break;
case 'edit_term':
case 'delete_term':
case 'assign_term':
if ( ! isset( $args[0] ) ) {
/* translators: %s: Capability name. */
$message = __( 'When checking for the %s capability, you must always check it against a specific term.' );
_doing_it_wrong(
__FUNCTION__,
sprintf( $message, '' . $cap . '' ),
'6.1.0'
);
$caps[] = 'do_not_allow';
break;
}
$term_id = (int) $args[0];
$term = get_term( $term_id );
if ( ! $term || is_wp_error( $term ) ) {
$caps[] = 'do_not_allow';
break;
}
$tax = get_taxonomy( $term->taxonomy );
if ( ! $tax ) {
$caps[] = 'do_not_allow';
break;
}
if ( 'delete_term' === $cap
&& ( (int) get_option( 'default_' . $term->taxonomy ) === $term->term_id
|| (int) get_option( 'default_term_' . $term->taxonomy ) === $term->term_id )
) {
$caps[] = 'do_not_allow';
break;
}
$taxo_cap = $cap . 's';
$caps = map_meta_cap( $tax->cap->$taxo_cap, $user_id, $term_id );
break;
case 'manage_post_tags':
case 'edit_categories':
case 'edit_post_tags':
case 'delete_categories':
case 'delete_post_tags':
$caps[] = 'manage_categories';
break;
case 'assign_categories':
case 'assign_post_tags':
$caps[] = 'edit_posts';
break;
case 'create_sites':
case 'delete_sites':
case 'manage_network':
case 'manage_sites':
case 'manage_network_users':
case 'manage_network_plugins':
case 'manage_network_themes':
case 'manage_network_options':
case 'upgrade_network':
$caps[] = $cap;
break;
case 'setup_network':
if ( is_multisite() ) {
$caps[] = 'manage_network_options';
} else {
$caps[] = 'manage_options';
}
break;
case 'update_php':
if ( is_multisite() && ! is_super_admin( $user_id ) ) {
$caps[] = 'do_not_allow';
} else {
$caps[] = 'update_core';
}
break;
case 'update_https':
if ( is_multisite() && ! is_super_admin( $user_id ) ) {
$caps[] = 'do_not_allow';
} else {
$caps[] = 'manage_options';
$caps[] = 'update_core';
}
break;
case 'export_others_personal_data':
case 'erase_others_personal_data':
case 'manage_privacy_options':
$caps[] = is_multisite() ? 'manage_network' : 'manage_options';
break;
case 'create_app_password':
case 'list_app_passwords':
case 'read_app_password':
case 'edit_app_password':
case 'delete_app_passwords':
case 'delete_app_password':
$caps = map_meta_cap( 'edit_user', $user_id, $args[0] );
break;
case 'edit_block_binding':
$block_editor_context = $args[0];
if ( isset( $block_editor_context->post ) ) {
$object_id = $block_editor_context->post->ID;
}
/*
* If the post ID is null, check if the context is the site editor.
* Fall back to the edit_theme_options in that case.
*/
if ( ! isset( $object_id ) ) {
if ( ! isset( $block_editor_context->name ) || 'core/edit-site' !== $block_editor_context->name ) {
$caps[] = 'do_not_allow';
break;
}
$caps = map_meta_cap( 'edit_theme_options', $user_id );
break;
}
$object_subtype = get_object_subtype( 'post', (int) $object_id );
if ( empty( $object_subtype ) ) {
$caps[] = 'do_not_allow';
break;
}
$post_type_object = get_post_type_object( $object_subtype );
// Initialize empty array if it doesn't exist.
if ( ! isset( $post_type_object->capabilities ) ) {
$post_type_object->capabilities = array();
}
$post_type_capabilities = get_post_type_capabilities( $post_type_object );
$caps = map_meta_cap( $post_type_capabilities->edit_post, $user_id, $object_id );
break;
default:
// Handle meta capabilities for custom post types.
global $post_type_meta_caps;
if ( isset( $post_type_meta_caps[ $cap ] ) ) {
return map_meta_cap( $post_type_meta_caps[ $cap ], $user_id, ...$args );
}
// Block capabilities map to their post equivalent.
$block_caps = array(
'edit_blocks',
'edit_others_blocks',
'publish_blocks',
'read_private_blocks',
'delete_blocks',
'delete_private_blocks',
'delete_published_blocks',
'delete_others_blocks',
'edit_private_blocks',
'edit_published_blocks',
);
if ( in_array( $cap, $block_caps, true ) ) {
$cap = str_replace( '_blocks', '_posts', $cap );
}
// If no meta caps match, return the original cap.
$caps[] = $cap;
}
/**
* Filters the primitive capabilities required of the given user to satisfy the
* capability being checked.
*
* @since 2.8.0
*
* @param string[] $caps Primitive capabilities required of the user.
* @param string $cap Capability being checked.
* @param int $user_id The user ID.
* @param array $args Adds context to the capability check, typically
* starting with an object ID.
*/
return apply_filters( 'map_meta_cap', $caps, $cap, $user_id, $args );
}
/**
* Returns whether the current user has the specified capability.
*
* This function also accepts an ID of an object to check against if the capability is a meta capability. Meta
* capabilities such as `edit_post` and `edit_user` are capabilities used by the `map_meta_cap()` function to
* map to primitive capabilities that a user or role has, such as `edit_posts` and `edit_others_posts`.
*
* Example usage:
*
* current_user_can( 'edit_posts' );
* current_user_can( 'edit_post', $post->ID );
* current_user_can( 'edit_post_meta', $post->ID, $meta_key );
*
* While checking against particular roles in place of a capability is supported
* in part, this practice is discouraged as it may produce unreliable results.
*
* Note: Will always return true if the current user is a super admin, unless specifically denied.
*
* @since 2.0.0
* @since 5.3.0 Formalized the existing and already documented `...$args` parameter
* by adding it to the function signature.
* @since 5.8.0 Converted to wrapper for the user_can() function.
*
* @see WP_User::has_cap()
* @see map_meta_cap()
*
* @param string $capability Capability name.
* @param mixed ...$args Optional further parameters, typically starting with an object ID.
* @return bool Whether the current user has the given capability. If `$capability` is a meta cap and `$object_id` is
* passed, whether the current user has the given meta capability for the given object.
*/
function current_user_can( $capability, ...$args ) {
return user_can( wp_get_current_user(), $capability, ...$args );
}
/**
* Returns whether the current user has the specified capability for a given site.
*
* This function also accepts an ID of an object to check against if the capability is a meta capability. Meta
* capabilities such as `edit_post` and `edit_user` are capabilities used by the `map_meta_cap()` function to
* map to primitive capabilities that a user or role has, such as `edit_posts` and `edit_others_posts`.
*
* This function replaces the current_user_can_for_blog() function.
*
* Example usage:
*
* current_user_can_for_site( $site_id, 'edit_posts' );
* current_user_can_for_site( $site_id, 'edit_post', $post->ID );
* current_user_can_for_site( $site_id, 'edit_post_meta', $post->ID, $meta_key );
*
* @since 6.7.0
*
* @param int $site_id Site ID.
* @param string $capability Capability name.
* @param mixed ...$args Optional further parameters, typically starting with an object ID.
* @return bool Whether the user has the given capability.
*/
function current_user_can_for_site( $site_id, $capability, ...$args ) {
$switched = is_multisite() ? switch_to_blog( $site_id ) : false;
$can = current_user_can( $capability, ...$args );
if ( $switched ) {
restore_current_blog();
}
return $can;
}
/**
* Returns whether the author of the supplied post has the specified capability.
*
* This function also accepts an ID of an object to check against if the capability is a meta capability. Meta
* capabilities such as `edit_post` and `edit_user` are capabilities used by the `map_meta_cap()` function to
* map to primitive capabilities that a user or role has, such as `edit_posts` and `edit_others_posts`.
*
* Example usage:
*
* author_can( $post, 'edit_posts' );
* author_can( $post, 'edit_post', $post->ID );
* author_can( $post, 'edit_post_meta', $post->ID, $meta_key );
*
* @since 2.9.0
* @since 5.3.0 Formalized the existing and already documented `...$args` parameter
* by adding it to the function signature.
*
* @param int|WP_Post $post Post ID or post object.
* @param string $capability Capability name.
* @param mixed ...$args Optional further parameters, typically starting with an object ID.
* @return bool Whether the post author has the given capability.
*/
function author_can( $post, $capability, ...$args ) {
$post = get_post( $post );
if ( ! $post ) {
return false;
}
$author = get_userdata( $post->post_author );
if ( ! $author ) {
return false;
}
return $author->has_cap( $capability, ...$args );
}
/**
* Returns whether a particular user has the specified capability.
*
* This function also accepts an ID of an object to check against if the capability is a meta capability. Meta
* capabilities such as `edit_post` and `edit_user` are capabilities used by the `map_meta_cap()` function to
* map to primitive capabilities that a user or role has, such as `edit_posts` and `edit_others_posts`.
*
* Example usage:
*
* user_can( $user->ID, 'edit_posts' );
* user_can( $user->ID, 'edit_post', $post->ID );
* user_can( $user->ID, 'edit_post_meta', $post->ID, $meta_key );
*
* @since 3.1.0
* @since 5.3.0 Formalized the existing and already documented `...$args` parameter
* by adding it to the function signature.
*
* @param int|WP_User $user User ID or object.
* @param string $capability Capability name.
* @param mixed ...$args Optional further parameters, typically starting with an object ID.
* @return bool Whether the user has the given capability.
*/
function user_can( $user, $capability, ...$args ) {
if ( ! is_object( $user ) ) {
$user = get_userdata( $user );
}
if ( empty( $user ) ) {
// User is logged out, create anonymous user object.
$user = new WP_User( 0 );
$user->init( new stdClass() );
}
return $user->has_cap( $capability, ...$args );
}
/**
* Returns whether a particular user has the specified capability for a given site.
*
* This function also accepts an ID of an object to check against if the capability is a meta capability. Meta
* capabilities such as `edit_post` and `edit_user` are capabilities used by the `map_meta_cap()` function to
* map to primitive capabilities that a user or role has, such as `edit_posts` and `edit_others_posts`.
*
* Example usage:
*
* user_can_for_site( $user->ID, $site_id, 'edit_posts' );
* user_can_for_site( $user->ID, $site_id, 'edit_post', $post->ID );
* user_can_for_site( $user->ID, $site_id, 'edit_post_meta', $post->ID, $meta_key );
*
* @since 6.7.0
*
* @param int|WP_User $user User ID or object.
* @param int $site_id Site ID.
* @param string $capability Capability name.
* @param mixed ...$args Optional further parameters, typically starting with an object ID.
* @return bool Whether the user has the given capability.
*/
function user_can_for_site( $user, $site_id, $capability, ...$args ) {
if ( ! is_object( $user ) ) {
$user = get_userdata( $user );
}
if ( empty( $user ) ) {
// User is logged out, create anonymous user object.
$user = new WP_User( 0 );
$user->init( new stdClass() );
}
// Check if the blog ID is valid.
if ( ! is_numeric( $site_id ) || $site_id <= 0 ) {
return false;
}
$switched = is_multisite() ? switch_to_blog( $site_id ) : false;
$can = user_can( $user->ID, $capability, ...$args );
if ( $switched ) {
restore_current_blog();
}
return $can;
}
/**
* Retrieves the global WP_Roles instance and instantiates it if necessary.
*
* @since 4.3.0
*
* @global WP_Roles $wp_roles WordPress role management object.
*
* @return WP_Roles WP_Roles global instance if not already instantiated.
*/
function wp_roles() {
global $wp_roles;
if ( ! isset( $wp_roles ) ) {
$wp_roles = new WP_Roles();
}
return $wp_roles;
}
/**
* Retrieves role object.
*
* @since 2.0.0
*
* @param string $role Role name.
* @return WP_Role|null WP_Role object if found, null if the role does not exist.
*/
function get_role( $role ) {
return wp_roles()->get_role( $role );
}
/**
* Adds a role, if it does not exist.
*
* @since 2.0.0
*
* @param string $role Role name.
* @param string $display_name Display name for role.
* @param bool[] $capabilities List of capabilities keyed by the capability name,
* e.g. array( 'edit_posts' => true, 'delete_posts' => false ).
* @return WP_Role|void WP_Role object, if the role is added.
*/
function add_role( $role, $display_name, $capabilities = array() ) {
if ( empty( $role ) ) {
return;
}
return wp_roles()->add_role( $role, $display_name, $capabilities );
}
/**
* Removes a role, if it exists.
*
* @since 2.0.0
*
* @param string $role Role name.
*/
function remove_role( $role ) {
wp_roles()->remove_role( $role );
}
/**
* Retrieves a list of super admins.
*
* @since 3.0.0
*
* @global array $super_admins
*
* @return string[] List of super admin logins.
*/
function get_super_admins() {
global $super_admins;
if ( isset( $super_admins ) ) {
return $super_admins;
} else {
return get_site_option( 'site_admins', array( 'admin' ) );
}
}
/**
* Determines whether user is a site admin.
*
* @since 3.0.0
*
* @param int|false $user_id Optional. The ID of a user. Defaults to false, to check the current user.
* @return bool Whether the user is a site admin.
*/
function is_super_admin( $user_id = false ) {
if ( ! $user_id ) {
$user = wp_get_current_user();
} else {
$user = get_userdata( $user_id );
}
if ( ! $user || ! $user->exists() ) {
return false;
}
if ( is_multisite() ) {
$super_admins = get_super_admins();
if ( is_array( $super_admins ) && in_array( $user->user_login, $super_admins, true ) ) {
return true;
}
} elseif ( $user->has_cap( 'delete_users' ) ) {
return true;
}
return false;
}
/**
* Grants Super Admin privileges.
*
* @since 3.0.0
*
* @global array $super_admins
*
* @param int $user_id ID of the user to be granted Super Admin privileges.
* @return bool True on success, false on failure. This can fail when the user is
* already a super admin or when the `$super_admins` global is defined.
*/
function grant_super_admin( $user_id ) {
// If global super_admins override is defined, there is nothing to do here.
if ( isset( $GLOBALS['super_admins'] ) || ! is_multisite() ) {
return false;
}
/**
* Fires before the user is granted Super Admin privileges.
*
* @since 3.0.0
*
* @param int $user_id ID of the user that is about to be granted Super Admin privileges.
*/
do_action( 'grant_super_admin', $user_id );
// Directly fetch site_admins instead of using get_super_admins().
$super_admins = get_site_option( 'site_admins', array( 'admin' ) );
$user = get_userdata( $user_id );
if ( $user && ! in_array( $user->user_login, $super_admins, true ) ) {
$super_admins[] = $user->user_login;
update_site_option( 'site_admins', $super_admins );
/**
* Fires after the user is granted Super Admin privileges.
*
* @since 3.0.0
*
* @param int $user_id ID of the user that was granted Super Admin privileges.
*/
do_action( 'granted_super_admin', $user_id );
return true;
}
return false;
}
/**
* Revokes Super Admin privileges.
*
* @since 3.0.0
*
* @global array $super_admins
*
* @param int $user_id ID of the user Super Admin privileges to be revoked from.
* @return bool True on success, false on failure. This can fail when the user's email
* is the network admin email or when the `$super_admins` global is defined.
*/
function revoke_super_admin( $user_id ) {
// If global super_admins override is defined, there is nothing to do here.
if ( isset( $GLOBALS['super_admins'] ) || ! is_multisite() ) {
return false;
}
/**
* Fires before the user's Super Admin privileges are revoked.
*
* @since 3.0.0
*
* @param int $user_id ID of the user Super Admin privileges are being revoked from.
*/
do_action( 'revoke_super_admin', $user_id );
// Directly fetch site_admins instead of using get_super_admins().
$super_admins = get_site_option( 'site_admins', array( 'admin' ) );
$user = get_userdata( $user_id );
if ( $user && 0 !== strcasecmp( $user->user_email, get_site_option( 'admin_email' ) ) ) {
$key = array_search( $user->user_login, $super_admins, true );
if ( false !== $key ) {
unset( $super_admins[ $key ] );
update_site_option( 'site_admins', $super_admins );
/**
* Fires after the user's Super Admin privileges are revoked.
*
* @since 3.0.0
*
* @param int $user_id ID of the user Super Admin privileges were revoked from.
*/
do_action( 'revoked_super_admin', $user_id );
return true;
}
}
return false;
}
/**
* Filters the user capabilities to grant the 'install_languages' capability as necessary.
*
* A user must have at least one out of the 'update_core', 'install_plugins', and
* 'install_themes' capabilities to qualify for 'install_languages'.
*
* @since 4.9.0
*
* @param bool[] $allcaps An array of all the user's capabilities.
* @return bool[] Filtered array of the user's capabilities.
*/
function wp_maybe_grant_install_languages_cap( $allcaps ) {
if ( ! empty( $allcaps['update_core'] ) || ! empty( $allcaps['install_plugins'] ) || ! empty( $allcaps['install_themes'] ) ) {
$allcaps['install_languages'] = true;
}
return $allcaps;
}
/**
* Filters the user capabilities to grant the 'resume_plugins' and 'resume_themes' capabilities as necessary.
*
* @since 5.2.0
*
* @param bool[] $allcaps An array of all the user's capabilities.
* @return bool[] Filtered array of the user's capabilities.
*/
function wp_maybe_grant_resume_extensions_caps( $allcaps ) {
// Even in a multisite, regular administrators should be able to resume plugins.
if ( ! empty( $allcaps['activate_plugins'] ) ) {
$allcaps['resume_plugins'] = true;
}
// Even in a multisite, regular administrators should be able to resume themes.
if ( ! empty( $allcaps['switch_themes'] ) ) {
$allcaps['resume_themes'] = true;
}
return $allcaps;
}
/**
* Filters the user capabilities to grant the 'view_site_health_checks' capabilities as necessary.
*
* @since 5.2.2
*
* @param bool[] $allcaps An array of all the user's capabilities.
* @param string[] $caps Required primitive capabilities for the requested capability.
* @param array $args {
* Arguments that accompany the requested capability check.
*
* @type string $0 Requested capability.
* @type int $1 Concerned user ID.
* @type mixed ...$2 Optional second and further parameters, typically object ID.
* }
* @param WP_User $user The user object.
* @return bool[] Filtered array of the user's capabilities.
*/
function wp_maybe_grant_site_health_caps( $allcaps, $caps, $args, $user ) {
if ( ! empty( $allcaps['install_plugins'] ) && ( ! is_multisite() || is_super_admin( $user->ID ) ) ) {
$allcaps['view_site_health_checks'] = true;
}
return $allcaps;
}
return;
// Dummy gettext calls to get strings in the catalog.
/* translators: User role for administrators. */
_x( 'Administrator', 'User role' );
/* translators: User role for editors. */
_x( 'Editor', 'User role' );
/* translators: User role for authors. */
_x( 'Author', 'User role' );
/* translators: User role for contributors. */
_x( 'Contributor', 'User role' );
/* translators: User role for subscribers. */
_x( 'Subscriber', 'User role' );
/**
* Template loading functions.
*
* @package WordPress
* @subpackage Template
*/
/**
* Retrieves path to a template.
*
* Used to quickly retrieve the path of a template without including the file
* extension. It will also check the parent theme, if the file exists, with
* the use of locate_template(). Allows for more generic template location
* without the use of the other get_*_template() functions.
*
* @since 1.5.0
*
* @param string $type Filename without extension.
* @param string[] $templates An optional list of template candidates.
* @return string Full path to template file.
*/
function get_query_template( $type, $templates = array() ) {
$type = preg_replace( '|[^a-z0-9-]+|', '', $type );
if ( empty( $templates ) ) {
$templates = array( "{$type}.php" );
}
/**
* Filters the list of template filenames that are searched for when retrieving a template to use.
*
* The dynamic portion of the hook name, `$type`, refers to the filename -- minus the file
* extension and any non-alphanumeric characters delimiting words -- of the file to load.
* The last element in the array should always be the fallback template for this query type.
*
* Possible hook names include:
*
* - `404_template_hierarchy`
* - `archive_template_hierarchy`
* - `attachment_template_hierarchy`
* - `author_template_hierarchy`
* - `category_template_hierarchy`
* - `date_template_hierarchy`
* - `embed_template_hierarchy`
* - `frontpage_template_hierarchy`
* - `home_template_hierarchy`
* - `index_template_hierarchy`
* - `page_template_hierarchy`
* - `paged_template_hierarchy`
* - `privacypolicy_template_hierarchy`
* - `search_template_hierarchy`
* - `single_template_hierarchy`
* - `singular_template_hierarchy`
* - `tag_template_hierarchy`
* - `taxonomy_template_hierarchy`
*
* @since 4.7.0
*
* @param string[] $templates A list of template candidates, in descending order of priority.
*/
$templates = apply_filters( "{$type}_template_hierarchy", $templates );
$template = locate_template( $templates );
$template = locate_block_template( $template, $type, $templates );
/**
* Filters the path of the queried template by type.
*
* The dynamic portion of the hook name, `$type`, refers to the filename -- minus the file
* extension and any non-alphanumeric characters delimiting words -- of the file to load.
* This hook also applies to various types of files loaded as part of the Template Hierarchy.
*
* Possible hook names include:
*
* - `404_template`
* - `archive_template`
* - `attachment_template`
* - `author_template`
* - `category_template`
* - `date_template`
* - `embed_template`
* - `frontpage_template`
* - `home_template`
* - `index_template`
* - `page_template`
* - `paged_template`
* - `privacypolicy_template`
* - `search_template`
* - `single_template`
* - `singular_template`
* - `tag_template`
* - `taxonomy_template`
*
* @since 1.5.0
* @since 4.8.0 The `$type` and `$templates` parameters were added.
*
* @param string $template Path to the template. See locate_template().
* @param string $type Sanitized filename without extension.
* @param string[] $templates A list of template candidates, in descending order of priority.
*/
return apply_filters( "{$type}_template", $template, $type, $templates );
}
/**
* Retrieves path of index template in current or parent template.
*
* The template hierarchy and template path are filterable via the {@see '$type_template_hierarchy'}
* and {@see '$type_template'} dynamic hooks, where `$type` is 'index'.
*
* @since 3.0.0
*
* @see get_query_template()
*
* @return string Full path to index template file.
*/
function get_index_template() {
return get_query_template( 'index' );
}
/**
* Retrieves path of 404 template in current or parent template.
*
* The template hierarchy and template path are filterable via the {@see '$type_template_hierarchy'}
* and {@see '$type_template'} dynamic hooks, where `$type` is '404'.
*
* @since 1.5.0
*
* @see get_query_template()
*
* @return string Full path to 404 template file.
*/
function get_404_template() {
return get_query_template( '404' );
}
/**
* Retrieves path of archive template in current or parent template.
*
* The template hierarchy and template path are filterable via the {@see '$type_template_hierarchy'}
* and {@see '$type_template'} dynamic hooks, where `$type` is 'archive'.
*
* @since 1.5.0
*
* @see get_query_template()
*
* @return string Full path to archive template file.
*/
function get_archive_template() {
$post_types = array_filter( (array) get_query_var( 'post_type' ) );
$templates = array();
if ( count( $post_types ) === 1 ) {
$post_type = reset( $post_types );
$templates[] = "archive-{$post_type}.php";
}
$templates[] = 'archive.php';
return get_query_template( 'archive', $templates );
}
/**
* Retrieves path of post type archive template in current or parent template.
*
* The template hierarchy and template path are filterable via the {@see '$type_template_hierarchy'}
* and {@see '$type_template'} dynamic hooks, where `$type` is 'archive'.
*
* @since 3.7.0
*
* @see get_archive_template()
*
* @return string Full path to archive template file.
*/
function get_post_type_archive_template() {
$post_type = get_query_var( 'post_type' );
if ( is_array( $post_type ) ) {
$post_type = reset( $post_type );
}
$obj = get_post_type_object( $post_type );
if ( ! ( $obj instanceof WP_Post_Type ) || ! $obj->has_archive ) {
return '';
}
return get_archive_template();
}
/**
* Retrieves path of author template in current or parent template.
*
* The hierarchy for this template looks like:
*
* 1. author-{nicename}.php
* 2. author-{id}.php
* 3. author.php
*
* An example of this is:
*
* 1. author-john.php
* 2. author-1.php
* 3. author.php
*
* The template hierarchy and template path are filterable via the {@see '$type_template_hierarchy'}
* and {@see '$type_template'} dynamic hooks, where `$type` is 'author'.
*
* @since 1.5.0
*
* @see get_query_template()
*
* @return string Full path to author template file.
*/
function get_author_template() {
$author = get_queried_object();
$templates = array();
if ( $author instanceof WP_User ) {
$templates[] = "author-{$author->user_nicename}.php";
$templates[] = "author-{$author->ID}.php";
}
$templates[] = 'author.php';
return get_query_template( 'author', $templates );
}
/**
* Retrieves path of category template in current or parent template.
*
* The hierarchy for this template looks like:
*
* 1. category-{slug}.php
* 2. category-{id}.php
* 3. category.php
*
* An example of this is:
*
* 1. category-news.php
* 2. category-2.php
* 3. category.php
*
* The template hierarchy and template path are filterable via the {@see '$type_template_hierarchy'}
* and {@see '$type_template'} dynamic hooks, where `$type` is 'category'.
*
* @since 1.5.0
* @since 4.7.0 The decoded form of `category-{slug}.php` was added to the top of the
* template hierarchy when the category slug contains multibyte characters.
*
* @see get_query_template()
*
* @return string Full path to category template file.
*/
function get_category_template() {
$category = get_queried_object();
$templates = array();
if ( ! empty( $category->slug ) ) {
$slug_decoded = urldecode( $category->slug );
if ( $slug_decoded !== $category->slug ) {
$templates[] = "category-{$slug_decoded}.php";
}
$templates[] = "category-{$category->slug}.php";
$templates[] = "category-{$category->term_id}.php";
}
$templates[] = 'category.php';
return get_query_template( 'category', $templates );
}
/**
* Retrieves path of tag template in current or parent template.
*
* The hierarchy for this template looks like:
*
* 1. tag-{slug}.php
* 2. tag-{id}.php
* 3. tag.php
*
* An example of this is:
*
* 1. tag-wordpress.php
* 2. tag-3.php
* 3. tag.php
*
* The template hierarchy and template path are filterable via the {@see '$type_template_hierarchy'}
* and {@see '$type_template'} dynamic hooks, where `$type` is 'tag'.
*
* @since 2.3.0
* @since 4.7.0 The decoded form of `tag-{slug}.php` was added to the top of the
* template hierarchy when the tag slug contains multibyte characters.
*
* @see get_query_template()
*
* @return string Full path to tag template file.
*/
function get_tag_template() {
$tag = get_queried_object();
$templates = array();
if ( ! empty( $tag->slug ) ) {
$slug_decoded = urldecode( $tag->slug );
if ( $slug_decoded !== $tag->slug ) {
$templates[] = "tag-{$slug_decoded}.php";
}
$templates[] = "tag-{$tag->slug}.php";
$templates[] = "tag-{$tag->term_id}.php";
}
$templates[] = 'tag.php';
return get_query_template( 'tag', $templates );
}
/**
* Retrieves path of custom taxonomy term template in current or parent template.
*
* The hierarchy for this template looks like:
*
* 1. taxonomy-{taxonomy_slug}-{term_slug}.php
* 2. taxonomy-{taxonomy_slug}.php
* 3. taxonomy.php
*
* An example of this is:
*
* 1. taxonomy-location-texas.php
* 2. taxonomy-location.php
* 3. taxonomy.php
*
* The template hierarchy and template path are filterable via the {@see '$type_template_hierarchy'}
* and {@see '$type_template'} dynamic hooks, where `$type` is 'taxonomy'.
*
* @since 2.5.0
* @since 4.7.0 The decoded form of `taxonomy-{taxonomy_slug}-{term_slug}.php` was added to the top of the
* template hierarchy when the term slug contains multibyte characters.
*
* @see get_query_template()
*
* @return string Full path to custom taxonomy term template file.
*/
function get_taxonomy_template() {
$term = get_queried_object();
$templates = array();
if ( ! empty( $term->slug ) ) {
$taxonomy = $term->taxonomy;
$slug_decoded = urldecode( $term->slug );
if ( $slug_decoded !== $term->slug ) {
$templates[] = "taxonomy-$taxonomy-{$slug_decoded}.php";
}
$templates[] = "taxonomy-$taxonomy-{$term->slug}.php";
$templates[] = "taxonomy-$taxonomy.php";
}
$templates[] = 'taxonomy.php';
return get_query_template( 'taxonomy', $templates );
}
/**
* Retrieves path of date template in current or parent template.
*
* The template hierarchy and template path are filterable via the {@see '$type_template_hierarchy'}
* and {@see '$type_template'} dynamic hooks, where `$type` is 'date'.
*
* @since 1.5.0
*
* @see get_query_template()
*
* @return string Full path to date template file.
*/
function get_date_template() {
return get_query_template( 'date' );
}
/**
* Retrieves path of home template in current or parent template.
*
* The template hierarchy and template path are filterable via the {@see '$type_template_hierarchy'}
* and {@see '$type_template'} dynamic hooks, where `$type` is 'home'.
*
* @since 1.5.0
*
* @see get_query_template()
*
* @return string Full path to home template file.
*/
function get_home_template() {
$templates = array( 'home.php', 'index.php' );
return get_query_template( 'home', $templates );
}
/**
* Retrieves path of front page template in current or parent template.
*
* The template hierarchy and template path are filterable via the {@see '$type_template_hierarchy'}
* and {@see '$type_template'} dynamic hooks, where `$type` is 'frontpage'.
*
* @since 3.0.0
*
* @see get_query_template()
*
* @return string Full path to front page template file.
*/
function get_front_page_template() {
$templates = array( 'front-page.php' );
return get_query_template( 'frontpage', $templates );
}
/**
* Retrieves path of Privacy Policy page template in current or parent template.
*
* The template hierarchy and template path are filterable via the {@see '$type_template_hierarchy'}
* and {@see '$type_template'} dynamic hooks, where `$type` is 'privacypolicy'.
*
* @since 5.2.0
*
* @see get_query_template()
*
* @return string Full path to privacy policy template file.
*/
function get_privacy_policy_template() {
$templates = array( 'privacy-policy.php' );
return get_query_template( 'privacypolicy', $templates );
}
/**
* Retrieves path of page template in current or parent template.
*
* Note: For block themes, use locate_block_template() function instead.
*
* The hierarchy for this template looks like:
*
* 1. {Page Template}.php
* 2. page-{page_name}.php
* 3. page-{id}.php
* 4. page.php
*
* An example of this is:
*
* 1. page-templates/full-width.php
* 2. page-about.php
* 3. page-4.php
* 4. page.php
*
* The template hierarchy and template path are filterable via the {@see '$type_template_hierarchy'}
* and {@see '$type_template'} dynamic hooks, where `$type` is 'page'.
*
* @since 1.5.0
* @since 4.7.0 The decoded form of `page-{page_name}.php` was added to the top of the
* template hierarchy when the page name contains multibyte characters.
*
* @see get_query_template()
*
* @return string Full path to page template file.
*/
function get_page_template() {
$id = get_queried_object_id();
$template = get_page_template_slug();
$pagename = get_query_var( 'pagename' );
if ( ! $pagename && $id ) {
/*
* If a static page is set as the front page, $pagename will not be set.
* Retrieve it from the queried object.
*/
$post = get_queried_object();
if ( $post ) {
$pagename = $post->post_name;
}
}
$templates = array();
if ( $template && 0 === validate_file( $template ) ) {
$templates[] = $template;
}
if ( $pagename ) {
$pagename_decoded = urldecode( $pagename );
if ( $pagename_decoded !== $pagename ) {
$templates[] = "page-{$pagename_decoded}.php";
}
$templates[] = "page-{$pagename}.php";
}
if ( $id ) {
$templates[] = "page-{$id}.php";
}
$templates[] = 'page.php';
return get_query_template( 'page', $templates );
}
/**
* Retrieves path of search template in current or parent template.
*
* The template hierarchy and template path are filterable via the {@see '$type_template_hierarchy'}
* and {@see '$type_template'} dynamic hooks, where `$type` is 'search'.
*
* @since 1.5.0
*
* @see get_query_template()
*
* @return string Full path to search template file.
*/
function get_search_template() {
return get_query_template( 'search' );
}
/**
* Retrieves path of single template in current or parent template. Applies to single Posts,
* single Attachments, and single custom post types.
*
* The hierarchy for this template looks like:
*
* 1. {Post Type Template}.php
* 2. single-{post_type}-{post_name}.php
* 3. single-{post_type}.php
* 4. single.php
*
* An example of this is:
*
* 1. templates/full-width.php
* 2. single-post-hello-world.php
* 3. single-post.php
* 4. single.php
*
* The template hierarchy and template path are filterable via the {@see '$type_template_hierarchy'}
* and {@see '$type_template'} dynamic hooks, where `$type` is 'single'.
*
* @since 1.5.0
* @since 4.4.0 `single-{post_type}-{post_name}.php` was added to the top of the template hierarchy.
* @since 4.7.0 The decoded form of `single-{post_type}-{post_name}.php` was added to the top of the
* template hierarchy when the post name contains multibyte characters.
* @since 4.7.0 `{Post Type Template}.php` was added to the top of the template hierarchy.
*
* @see get_query_template()
*
* @return string Full path to single template file.
*/
function get_single_template() {
$object = get_queried_object();
$templates = array();
if ( ! empty( $object->post_type ) ) {
$template = get_page_template_slug( $object );
if ( $template && 0 === validate_file( $template ) ) {
$templates[] = $template;
}
$name_decoded = urldecode( $object->post_name );
if ( $name_decoded !== $object->post_name ) {
$templates[] = "single-{$object->post_type}-{$name_decoded}.php";
}
$templates[] = "single-{$object->post_type}-{$object->post_name}.php";
$templates[] = "single-{$object->post_type}.php";
}
$templates[] = 'single.php';
return get_query_template( 'single', $templates );
}
/**
* Retrieves an embed template path in the current or parent template.
*
* The hierarchy for this template looks like:
*
* 1. embed-{post_type}-{post_format}.php
* 2. embed-{post_type}.php
* 3. embed.php
*
* An example of this is:
*
* 1. embed-post-audio.php
* 2. embed-post.php
* 3. embed.php
*
* The template hierarchy and template path are filterable via the {@see '$type_template_hierarchy'}
* and {@see '$type_template'} dynamic hooks, where `$type` is 'embed'.
*
* @since 4.5.0
*
* @see get_query_template()
*
* @return string Full path to embed template file.
*/
function get_embed_template() {
$object = get_queried_object();
$templates = array();
if ( ! empty( $object->post_type ) ) {
$post_format = get_post_format( $object );
if ( $post_format ) {
$templates[] = "embed-{$object->post_type}-{$post_format}.php";
}
$templates[] = "embed-{$object->post_type}.php";
}
$templates[] = 'embed.php';
return get_query_template( 'embed', $templates );
}
/**
* Retrieves the path of the singular template in current or parent template.
*
* The template hierarchy and template path are filterable via the {@see '$type_template_hierarchy'}
* and {@see '$type_template'} dynamic hooks, where `$type` is 'singular'.
*
* @since 4.3.0
*
* @see get_query_template()
*
* @return string Full path to singular template file
*/
function get_singular_template() {
return get_query_template( 'singular' );
}
/**
* Retrieves path of attachment template in current or parent template.
*
* The hierarchy for this template looks like:
*
* 1. {mime_type}-{sub_type}.php
* 2. {sub_type}.php
* 3. {mime_type}.php
* 4. attachment.php
*
* An example of this is:
*
* 1. image-jpeg.php
* 2. jpeg.php
* 3. image.php
* 4. attachment.php
*
* The template hierarchy and template path are filterable via the {@see '$type_template_hierarchy'}
* and {@see '$type_template'} dynamic hooks, where `$type` is 'attachment'.
*
* @since 2.0.0
* @since 4.3.0 The order of the mime type logic was reversed so the hierarchy is more logical.
*
* @see get_query_template()
*
* @return string Full path to attachment template file.
*/
function get_attachment_template() {
$attachment = get_queried_object();
$templates = array();
if ( $attachment ) {
if ( str_contains( $attachment->post_mime_type, '/' ) ) {
list( $type, $subtype ) = explode( '/', $attachment->post_mime_type );
} else {
list( $type, $subtype ) = array( $attachment->post_mime_type, '' );
}
if ( ! empty( $subtype ) ) {
$templates[] = "{$type}-{$subtype}.php";
$templates[] = "{$subtype}.php";
}
$templates[] = "{$type}.php";
}
$templates[] = 'attachment.php';
return get_query_template( 'attachment', $templates );
}
/**
* Set up the globals used for template loading.
*
* @since 6.5.0
*
* @global string $wp_stylesheet_path Path to current theme's stylesheet directory.
* @global string $wp_template_path Path to current theme's template directory.
*/
function wp_set_template_globals() {
global $wp_stylesheet_path, $wp_template_path;
$wp_stylesheet_path = get_stylesheet_directory();
$wp_template_path = get_template_directory();
}
/**
* Retrieves the name of the highest priority template file that exists.
*
* Searches in the stylesheet directory before the template directory and
* wp-includes/theme-compat so that themes which inherit from a parent theme
* can just overload one file.
*
* @since 2.7.0
* @since 5.5.0 The `$args` parameter was added.
*
* @global string $wp_stylesheet_path Path to current theme's stylesheet directory.
* @global string $wp_template_path Path to current theme's template directory.
*
* @param string|array $template_names Template file(s) to search for, in order.
* @param bool $load If true the template file will be loaded if it is found.
* @param bool $load_once Whether to require_once or require. Has no effect if `$load` is false.
* Default true.
* @param array $args Optional. Additional arguments passed to the template.
* Default empty array.
* @return string The template filename if one is located.
*/
function locate_template( $template_names, $load = false, $load_once = true, $args = array() ) {
global $wp_stylesheet_path, $wp_template_path;
if ( ! isset( $wp_stylesheet_path ) || ! isset( $wp_template_path ) ) {
wp_set_template_globals();
}
$is_child_theme = is_child_theme();
$located = '';
foreach ( (array) $template_names as $template_name ) {
if ( ! $template_name ) {
continue;
}
if ( file_exists( $wp_stylesheet_path . '/' . $template_name ) ) {
$located = $wp_stylesheet_path . '/' . $template_name;
break;
} elseif ( $is_child_theme && file_exists( $wp_template_path . '/' . $template_name ) ) {
$located = $wp_template_path . '/' . $template_name;
break;
} elseif ( file_exists( ABSPATH . WPINC . '/theme-compat/' . $template_name ) ) {
$located = ABSPATH . WPINC . '/theme-compat/' . $template_name;
break;
}
}
if ( $load && '' !== $located ) {
load_template( $located, $load_once, $args );
}
return $located;
}
/**
* Requires the template file with WordPress environment.
*
* The globals are set up for the template file to ensure that the WordPress
* environment is available from within the function. The query variables are
* also available.
*
* @since 1.5.0
* @since 5.5.0 The `$args` parameter was added.
*
* @global array $posts
* @global WP_Post $post Global post object.
* @global bool $wp_did_header
* @global WP_Query $wp_query WordPress Query object.
* @global WP_Rewrite $wp_rewrite WordPress rewrite component.
* @global wpdb $wpdb WordPress database abstraction object.
* @global string $wp_version
* @global WP $wp Current WordPress environment instance.
* @global int $id
* @global WP_Comment $comment Global comment object.
* @global int $user_ID
*
* @param string $_template_file Path to template file.
* @param bool $load_once Whether to require_once or require. Default true.
* @param array $args Optional. Additional arguments passed to the template.
* Default empty array.
*/
function load_template( $_template_file, $load_once = true, $args = array() ) {
global $posts, $post, $wp_did_header, $wp_query, $wp_rewrite, $wpdb, $wp_version, $wp, $id, $comment, $user_ID;
if ( is_array( $wp_query->query_vars ) ) {
/*
* This use of extract() cannot be removed. There are many possible ways that
* templates could depend on variables that it creates existing, and no way to
* detect and deprecate it.
*
* Passing the EXTR_SKIP flag is the safest option, ensuring globals and
* function variables cannot be overwritten.
*/
// phpcs:ignore WordPress.PHP.DontExtract.extract_extract
extract( $wp_query->query_vars, EXTR_SKIP );
}
if ( isset( $s ) ) {
$s = esc_attr( $s );
}
/**
* Fires before a template file is loaded.
*
* @since 6.1.0
*
* @param string $_template_file The full path to the template file.
* @param bool $load_once Whether to require_once or require.
* @param array $args Additional arguments passed to the template.
*/
do_action( 'wp_before_load_template', $_template_file, $load_once, $args );
if ( $load_once ) {
require_once $_template_file;
} else {
require $_template_file;
}
/**
* Fires after a template file is loaded.
*
* @since 6.1.0
*
* @param string $_template_file The full path to the template file.
* @param bool $load_once Whether to require_once or require.
* @param array $args Additional arguments passed to the template.
*/
do_action( 'wp_after_load_template', $_template_file, $load_once, $args );
}
/**
* Taxonomy API: Core category-specific functionality
*
* @package WordPress
* @subpackage Taxonomy
*/
/**
* Retrieves a list of category objects.
*
* If you set the 'taxonomy' argument to 'link_category', the link categories
* will be returned instead.
*
* @since 2.1.0
*
* @see get_terms() Type of arguments that can be changed.
*
* @param string|array $args {
* Optional. Arguments to retrieve categories. See get_terms() for additional options.
*
* @type string $taxonomy Taxonomy to retrieve terms for. Default 'category'.
* }
* @return array List of category objects.
*/
function get_categories( $args = '' ) {
$defaults = array( 'taxonomy' => 'category' );
$args = wp_parse_args( $args, $defaults );
/**
* Filters the taxonomy used to retrieve terms when calling get_categories().
*
* @since 2.7.0
*
* @param string $taxonomy Taxonomy to retrieve terms from.
* @param array $args An array of arguments. See get_terms().
*/
$args['taxonomy'] = apply_filters( 'get_categories_taxonomy', $args['taxonomy'], $args );
// Back compat.
if ( isset( $args['type'] ) && 'link' === $args['type'] ) {
_deprecated_argument(
__FUNCTION__,
'3.0.0',
sprintf(
/* translators: 1: "type => link", 2: "taxonomy => link_category" */
__( '%1$s is deprecated. Use %2$s instead.' ),
'type => link',
'taxonomy => link_category'
)
);
$args['taxonomy'] = 'link_category';
}
$categories = get_terms( $args );
if ( is_wp_error( $categories ) ) {
$categories = array();
} else {
$categories = (array) $categories;
foreach ( array_keys( $categories ) as $k ) {
_make_cat_compat( $categories[ $k ] );
}
}
return $categories;
}
/**
* Retrieves category data given a category ID or category object.
*
* If you pass the $category parameter an object, which is assumed to be the
* category row object retrieved the database. It will cache the category data.
*
* If you pass $category an integer of the category ID, then that category will
* be retrieved from the database, if it isn't already cached, and pass it back.
*
* If you look at get_term(), then both types will be passed through several
* filters and finally sanitized based on the $filter parameter value.
*
* @since 1.5.1
*
* @param int|object $category Category ID or category row object.
* @param string $output Optional. The required return type. One of OBJECT, ARRAY_A, or ARRAY_N, which
* correspond to a WP_Term object, an associative array, or a numeric array,
* respectively. Default OBJECT.
* @param string $filter Optional. How to sanitize category fields. Default 'raw'.
* @return object|array|WP_Error|null Category data in type defined by $output parameter.
* WP_Error if $category is empty, null if it does not exist.
*/
function get_category( $category, $output = OBJECT, $filter = 'raw' ) {
$category = get_term( $category, 'category', $output, $filter );
if ( is_wp_error( $category ) ) {
return $category;
}
_make_cat_compat( $category );
return $category;
}
/**
* Retrieves a category based on URL containing the category slug.
*
* Breaks the $category_path parameter up to get the category slug.
*
* Tries to find the child path and will return it. If it doesn't find a
* match, then it will return the first category matching slug, if $full_match,
* is set to false. If it does not, then it will return null.
*
* It is also possible that it will return a WP_Error object on failure. Check
* for it when using this function.
*
* @since 2.1.0
*
* @param string $category_path URL containing category slugs.
* @param bool $full_match Optional. Whether full path should be matched.
* @param string $output Optional. The required return type. One of OBJECT, ARRAY_A, or ARRAY_N, which
* correspond to a WP_Term object, an associative array, or a numeric array,
* respectively. Default OBJECT.
* @return WP_Term|array|WP_Error|null Type is based on $output value.
*/
function get_category_by_path( $category_path, $full_match = true, $output = OBJECT ) {
$category_path = rawurlencode( urldecode( $category_path ) );
$category_path = str_replace( '%2F', '/', $category_path );
$category_path = str_replace( '%20', ' ', $category_path );
$category_paths = '/' . trim( $category_path, '/' );
$leaf_path = sanitize_title( basename( $category_paths ) );
$category_paths = explode( '/', $category_paths );
$full_path = '';
foreach ( (array) $category_paths as $pathdir ) {
$full_path .= ( '' !== $pathdir ? '/' : '' ) . sanitize_title( $pathdir );
}
$categories = get_terms(
array(
'taxonomy' => 'category',
'get' => 'all',
'slug' => $leaf_path,
)
);
if ( empty( $categories ) ) {
return;
}
foreach ( $categories as $category ) {
$path = '/' . $leaf_path;
$curcategory = $category;
while ( ( 0 !== $curcategory->parent ) && ( $curcategory->parent !== $curcategory->term_id ) ) {
$curcategory = get_term( $curcategory->parent, 'category' );
if ( is_wp_error( $curcategory ) ) {
return $curcategory;
}
$path = '/' . $curcategory->slug . $path;
}
if ( $path === $full_path ) {
$category = get_term( $category->term_id, 'category', $output );
_make_cat_compat( $category );
return $category;
}
}
// If full matching is not required, return the first cat that matches the leaf.
if ( ! $full_match ) {
$category = get_term( reset( $categories )->term_id, 'category', $output );
_make_cat_compat( $category );
return $category;
}
}
/**
* Retrieves a category object by category slug.
*
* @since 2.3.0
*
* @param string $slug The category slug.
* @return object|false Category data object on success, false if not found.
*/
function get_category_by_slug( $slug ) {
$category = get_term_by( 'slug', $slug, 'category' );
if ( $category ) {
_make_cat_compat( $category );
}
return $category;
}
/**
* Retrieves the ID of a category from its name.
*
* @since 1.0.0
*
* @param string $cat_name Category name.
* @return int Category ID on success, 0 if the category doesn't exist.
*/
function get_cat_ID( $cat_name ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionNameInvalid
$cat = get_term_by( 'name', $cat_name, 'category' );
if ( $cat ) {
return $cat->term_id;
}
return 0;
}
/**
* Retrieves the name of a category from its ID.
*
* @since 1.0.0
*
* @param int $cat_id Category ID.
* @return string Category name, or an empty string if the category doesn't exist.
*/
function get_cat_name( $cat_id ) {
$cat_id = (int) $cat_id;
$category = get_term( $cat_id, 'category' );
if ( ! $category || is_wp_error( $category ) ) {
return '';
}
return $category->name;
}
/**
* Checks if a category is an ancestor of another category.
*
* You can use either an ID or the category object for both parameters.
* If you use an integer, the category will be retrieved.
*
* @since 2.1.0
*
* @param int|object $cat1 ID or object to check if this is the parent category.
* @param int|object $cat2 The child category.
* @return bool Whether $cat2 is child of $cat1.
*/
function cat_is_ancestor_of( $cat1, $cat2 ) {
return term_is_ancestor_of( $cat1, $cat2, 'category' );
}
/**
* Sanitizes category data based on context.
*
* @since 2.3.0
*
* @param object|array $category Category data.
* @param string $context Optional. Default 'display'.
* @return object|array Same type as $category with sanitized data for safe use.
*/
function sanitize_category( $category, $context = 'display' ) {
return sanitize_term( $category, 'category', $context );
}
/**
* Sanitizes data in single category key field.
*
* @since 2.3.0
*
* @param string $field Category key to sanitize.
* @param mixed $value Category value to sanitize.
* @param int $cat_id Category ID.
* @param string $context What filter to use, 'raw', 'display', etc.
* @return mixed Value after $value has been sanitized.
*/
function sanitize_category_field( $field, $value, $cat_id, $context ) {
return sanitize_term_field( $field, $value, $cat_id, 'category', $context );
}
/* Tags */
/**
* Retrieves all post tags.
*
* @since 2.3.0
*
* @param string|array $args {
* Optional. Arguments to retrieve tags. See get_terms() for additional options.
*
* @type string $taxonomy Taxonomy to retrieve terms for. Default 'post_tag'.
* }
* @return WP_Term[]|int|WP_Error Array of 'post_tag' term objects, a count thereof,
* or WP_Error if any of the taxonomies do not exist.
*/
function get_tags( $args = '' ) {
$defaults = array( 'taxonomy' => 'post_tag' );
$args = wp_parse_args( $args, $defaults );
$tags = get_terms( $args );
if ( empty( $tags ) ) {
$tags = array();
} else {
/**
* Filters the array of term objects returned for the 'post_tag' taxonomy.
*
* @since 2.3.0
*
* @param WP_Term[]|int|WP_Error $tags Array of 'post_tag' term objects, a count thereof,
* or WP_Error if any of the taxonomies do not exist.
* @param array $args An array of arguments. See {@see get_terms()}.
*/
$tags = apply_filters( 'get_tags', $tags, $args );
}
return $tags;
}
/**
* Retrieves a post tag by tag ID or tag object.
*
* If you pass the $tag parameter an object, which is assumed to be the tag row
* object retrieved from the database, it will cache the tag data.
*
* If you pass $tag an integer of the tag ID, then that tag will be retrieved
* from the database, if it isn't already cached, and passed back.
*
* If you look at get_term(), both types will be passed through several filters
* and finally sanitized based on the $filter parameter value.
*
* @since 2.3.0
*
* @param int|WP_Term|object $tag A tag ID or object.
* @param string $output Optional. The required return type. One of OBJECT, ARRAY_A, or ARRAY_N, which
* correspond to a WP_Term object, an associative array, or a numeric array,
* respectively. Default OBJECT.
* @param string $filter Optional. How to sanitize tag fields. Default 'raw'.
* @return WP_Term|array|WP_Error|null Tag data in type defined by $output parameter.
* WP_Error if $tag is empty, null if it does not exist.
*/
function get_tag( $tag, $output = OBJECT, $filter = 'raw' ) {
return get_term( $tag, 'post_tag', $output, $filter );
}
/* Cache */
/**
* Removes the category cache data based on ID.
*
* @since 2.1.0
*
* @param int $id Category ID
*/
function clean_category_cache( $id ) {
clean_term_cache( $id, 'category' );
}
/**
* Updates category structure to old pre-2.3 from new taxonomy structure.
*
* This function was added for the taxonomy support to update the new category
* structure with the old category one. This will maintain compatibility with
* plugins and themes which depend on the old key or property names.
*
* The parameter should only be passed a variable and not create the array or
* object inline to the parameter. The reason for this is that parameter is
* passed by reference and PHP will fail unless it has the variable.
*
* There is no return value, because everything is updated on the variable you
* pass to it. This is one of the features with using pass by reference in PHP.
*
* @since 2.3.0
* @since 4.4.0 The `$category` parameter now also accepts a WP_Term object.
* @access private
*
* @param array|object|WP_Term $category Category row object or array.
*/
function _make_cat_compat( &$category ) {
if ( is_object( $category ) && ! is_wp_error( $category ) ) {
$category->cat_ID = $category->term_id;
$category->category_count = $category->count;
$category->category_description = $category->description;
$category->cat_name = $category->name;
$category->category_nicename = $category->slug;
$category->category_parent = $category->parent;
} elseif ( is_array( $category ) && isset( $category['term_id'] ) ) {
$category['cat_ID'] = &$category['term_id'];
$category['category_count'] = &$category['count'];
$category['category_description'] = &$category['description'];
$category['cat_name'] = &$category['name'];
$category['category_nicename'] = &$category['slug'];
$category['category_parent'] = &$category['parent'];
}
}
/**
* Canonical API to handle WordPress Redirecting
*
* Based on "Permalink Redirect" from Scott Yang and "Enforce www. Preference"
* by Mark Jaquith
*
* @package WordPress
* @since 2.3.0
*/
/**
* Redirects incoming links to the proper URL based on the site url.
*
* Search engines consider www.somedomain.com and somedomain.com to be two
* different URLs when they both go to the same location. This SEO enhancement
* prevents penalty for duplicate content by redirecting all incoming links to
* one or the other.
*
* Prevents redirection for feeds, trackbacks, searches, and
* admin URLs. Does not redirect on non-pretty-permalink-supporting IIS 7+,
* page/post previews, WP admin, Trackbacks, robots.txt, favicon.ico, searches,
* or on POST requests.
*
* Will also attempt to find the correct link when a user enters a URL that does
* not exist based on exact WordPress query. Will instead try to parse the URL
* or query in an attempt to figure the correct page to go to.
*
* @since 2.3.0
*
* @global WP_Rewrite $wp_rewrite WordPress rewrite component.
* @global bool $is_IIS
* @global WP_Query $wp_query WordPress Query object.
* @global wpdb $wpdb WordPress database abstraction object.
* @global WP $wp Current WordPress environment instance.
*
* @param string $requested_url Optional. The URL that was requested, used to
* figure if redirect is needed.
* @param bool $do_redirect Optional. Redirect to the new URL.
* @return string|void The string of the URL, if redirect needed.
*/
function redirect_canonical( $requested_url = null, $do_redirect = true ) {
global $wp_rewrite, $is_IIS, $wp_query, $wpdb, $wp;
if ( isset( $_SERVER['REQUEST_METHOD'] ) && ! in_array( strtoupper( $_SERVER['REQUEST_METHOD'] ), array( 'GET', 'HEAD' ), true ) ) {
return;
}
/*
* If we're not in wp-admin and the post has been published and preview nonce
* is non-existent or invalid then no need for preview in query.
*/
if ( is_preview() && get_query_var( 'p' ) && 'publish' === get_post_status( get_query_var( 'p' ) ) ) {
if ( ! isset( $_GET['preview_id'] )
|| ! isset( $_GET['preview_nonce'] )
|| ! wp_verify_nonce( $_GET['preview_nonce'], 'post_preview_' . (int) $_GET['preview_id'] )
) {
$wp_query->is_preview = false;
}
}
if ( is_admin() || is_search() || is_preview() || is_trackback() || is_favicon()
|| ( $is_IIS && ! iis7_supports_permalinks() )
) {
return;
}
if ( ! $requested_url && isset( $_SERVER['HTTP_HOST'] ) ) {
// Build the URL in the address bar.
$requested_url = is_ssl() ? 'https://' : 'http://';
$requested_url .= $_SERVER['HTTP_HOST'];
$requested_url .= $_SERVER['REQUEST_URI'];
}
$original = parse_url( $requested_url );
if ( false === $original ) {
return;
}
$redirect = $original;
$redirect_url = false;
$redirect_obj = false;
// Notice fixing.
if ( ! isset( $redirect['path'] ) ) {
$redirect['path'] = '';
}
if ( ! isset( $redirect['query'] ) ) {
$redirect['query'] = '';
}
/*
* If the original URL ended with non-breaking spaces, they were almost
* certainly inserted by accident. Let's remove them, so the reader doesn't
* see a 404 error with no obvious cause.
*/
$redirect['path'] = preg_replace( '|(%C2%A0)+$|i', '', $redirect['path'] );
// It's not a preview, so remove it from URL.
if ( get_query_var( 'preview' ) ) {
$redirect['query'] = remove_query_arg( 'preview', $redirect['query'] );
}
$post_id = get_query_var( 'p' );
if ( is_feed() && $post_id ) {
$redirect_url = get_post_comments_feed_link( $post_id, get_query_var( 'feed' ) );
$redirect_obj = get_post( $post_id );
if ( $redirect_url ) {
$redirect['query'] = _remove_qs_args_if_not_in_url(
$redirect['query'],
array( 'p', 'page_id', 'attachment_id', 'pagename', 'name', 'post_type', 'feed' ),
$redirect_url
);
$redirect['path'] = parse_url( $redirect_url, PHP_URL_PATH );
}
}
if ( is_singular() && $wp_query->post_count < 1 && $post_id ) {
$vars = $wpdb->get_results( $wpdb->prepare( "SELECT post_type, post_parent FROM $wpdb->posts WHERE ID = %d", $post_id ) );
if ( ! empty( $vars[0] ) ) {
$vars = $vars[0];
if ( 'revision' === $vars->post_type && $vars->post_parent > 0 ) {
$post_id = $vars->post_parent;
}
$redirect_url = get_permalink( $post_id );
$redirect_obj = get_post( $post_id );
if ( $redirect_url ) {
$redirect['query'] = _remove_qs_args_if_not_in_url(
$redirect['query'],
array( 'p', 'page_id', 'attachment_id', 'pagename', 'name', 'post_type' ),
$redirect_url
);
}
}
}
// These tests give us a WP-generated permalink.
if ( is_404() ) {
// Redirect ?page_id, ?p=, ?attachment_id= to their respective URLs.
$post_id = max( get_query_var( 'p' ), get_query_var( 'page_id' ), get_query_var( 'attachment_id' ) );
$redirect_post = $post_id ? get_post( $post_id ) : false;
if ( $redirect_post ) {
$post_type_obj = get_post_type_object( $redirect_post->post_type );
if ( $post_type_obj && $post_type_obj->public && 'auto-draft' !== $redirect_post->post_status ) {
$redirect_url = get_permalink( $redirect_post );
$redirect_obj = get_post( $redirect_post );
$redirect['query'] = _remove_qs_args_if_not_in_url(
$redirect['query'],
array( 'p', 'page_id', 'attachment_id', 'pagename', 'name', 'post_type' ),
$redirect_url
);
}
}
$year = get_query_var( 'year' );
$month = get_query_var( 'monthnum' );
$day = get_query_var( 'day' );
if ( $year && $month && $day ) {
$date = sprintf( '%04d-%02d-%02d', $year, $month, $day );
if ( ! wp_checkdate( $month, $day, $year, $date ) ) {
$redirect_url = get_month_link( $year, $month );
$redirect['query'] = _remove_qs_args_if_not_in_url(
$redirect['query'],
array( 'year', 'monthnum', 'day' ),
$redirect_url
);
}
} elseif ( $year && $month && $month > 12 ) {
$redirect_url = get_year_link( $year );
$redirect['query'] = _remove_qs_args_if_not_in_url(
$redirect['query'],
array( 'year', 'monthnum' ),
$redirect_url
);
}
// Strip off non-existing links from single posts or pages.
if ( get_query_var( 'page' ) ) {
$post_id = 0;
if ( $wp_query->queried_object instanceof WP_Post ) {
$post_id = $wp_query->queried_object->ID;
} elseif ( $wp_query->post ) {
$post_id = $wp_query->post->ID;
}
if ( $post_id ) {
$redirect_url = get_permalink( $post_id );
$redirect_obj = get_post( $post_id );
$redirect['path'] = rtrim( $redirect['path'], (int) get_query_var( 'page' ) . '/' );
$redirect['query'] = remove_query_arg( 'page', $redirect['query'] );
}
}
if ( ! $redirect_url ) {
$redirect_url = redirect_guess_404_permalink();
if ( $redirect_url ) {
$redirect['query'] = _remove_qs_args_if_not_in_url(
$redirect['query'],
array( 'page', 'feed', 'p', 'page_id', 'attachment_id', 'pagename', 'name', 'post_type' ),
$redirect_url
);
}
}
} elseif ( is_object( $wp_rewrite ) && $wp_rewrite->using_permalinks() ) {
// Rewriting of old ?p=X, ?m=2004, ?m=200401, ?m=20040101.
if ( is_attachment()
&& ! array_diff( array_keys( $wp->query_vars ), array( 'attachment', 'attachment_id' ) )
&& ! $redirect_url
) {
if ( ! empty( $_GET['attachment_id'] ) ) {
$redirect_url = get_attachment_link( get_query_var( 'attachment_id' ) );
$redirect_obj = get_post( get_query_var( 'attachment_id' ) );
if ( $redirect_url ) {
$redirect['query'] = remove_query_arg( 'attachment_id', $redirect['query'] );
}
} else {
$redirect_url = get_attachment_link();
$redirect_obj = get_post();
}
} elseif ( is_single() && ! empty( $_GET['p'] ) && ! $redirect_url ) {
$redirect_url = get_permalink( get_query_var( 'p' ) );
$redirect_obj = get_post( get_query_var( 'p' ) );
if ( $redirect_url ) {
$redirect['query'] = remove_query_arg( array( 'p', 'post_type' ), $redirect['query'] );
}
} elseif ( is_single() && ! empty( $_GET['name'] ) && ! $redirect_url ) {
$redirect_url = get_permalink( $wp_query->get_queried_object_id() );
$redirect_obj = get_post( $wp_query->get_queried_object_id() );
if ( $redirect_url ) {
$redirect['query'] = remove_query_arg( 'name', $redirect['query'] );
}
} elseif ( is_page() && ! empty( $_GET['page_id'] ) && ! $redirect_url ) {
$redirect_url = get_permalink( get_query_var( 'page_id' ) );
$redirect_obj = get_post( get_query_var( 'page_id' ) );
if ( $redirect_url ) {
$redirect['query'] = remove_query_arg( 'page_id', $redirect['query'] );
}
} elseif ( is_page() && ! is_feed() && ! $redirect_url
&& 'page' === get_option( 'show_on_front' ) && get_queried_object_id() === (int) get_option( 'page_on_front' )
) {
$redirect_url = home_url( '/' );
} elseif ( is_home() && ! empty( $_GET['page_id'] ) && ! $redirect_url
&& 'page' === get_option( 'show_on_front' ) && get_query_var( 'page_id' ) === (int) get_option( 'page_for_posts' )
) {
$redirect_url = get_permalink( get_option( 'page_for_posts' ) );
$redirect_obj = get_post( get_option( 'page_for_posts' ) );
if ( $redirect_url ) {
$redirect['query'] = remove_query_arg( 'page_id', $redirect['query'] );
}
} elseif ( ! empty( $_GET['m'] ) && ( is_year() || is_month() || is_day() ) ) {
$m = get_query_var( 'm' );
switch ( strlen( $m ) ) {
case 4: // Yearly.
$redirect_url = get_year_link( $m );
break;
case 6: // Monthly.
$redirect_url = get_month_link( substr( $m, 0, 4 ), substr( $m, 4, 2 ) );
break;
case 8: // Daily.
$redirect_url = get_day_link( substr( $m, 0, 4 ), substr( $m, 4, 2 ), substr( $m, 6, 2 ) );
break;
}
if ( $redirect_url ) {
$redirect['query'] = remove_query_arg( 'm', $redirect['query'] );
}
// Now moving on to non ?m=X year/month/day links.
} elseif ( is_date() ) {
$year = get_query_var( 'year' );
$month = get_query_var( 'monthnum' );
$day = get_query_var( 'day' );
if ( is_day() && $year && $month && ! empty( $_GET['day'] ) ) {
$redirect_url = get_day_link( $year, $month, $day );
if ( $redirect_url ) {
$redirect['query'] = remove_query_arg( array( 'year', 'monthnum', 'day' ), $redirect['query'] );
}
} elseif ( is_month() && $year && ! empty( $_GET['monthnum'] ) ) {
$redirect_url = get_month_link( $year, $month );
if ( $redirect_url ) {
$redirect['query'] = remove_query_arg( array( 'year', 'monthnum' ), $redirect['query'] );
}
} elseif ( is_year() && ! empty( $_GET['year'] ) ) {
$redirect_url = get_year_link( $year );
if ( $redirect_url ) {
$redirect['query'] = remove_query_arg( 'year', $redirect['query'] );
}
}
} elseif ( is_author() && ! empty( $_GET['author'] )
&& is_string( $_GET['author'] ) && preg_match( '|^[0-9]+$|', $_GET['author'] )
) {
$author = get_userdata( get_query_var( 'author' ) );
if ( false !== $author
&& $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE $wpdb->posts.post_author = %d AND $wpdb->posts.post_status = 'publish' LIMIT 1", $author->ID ) )
) {
$redirect_url = get_author_posts_url( $author->ID, $author->user_nicename );
$redirect_obj = $author;
if ( $redirect_url ) {
$redirect['query'] = remove_query_arg( 'author', $redirect['query'] );
}
}
} elseif ( is_category() || is_tag() || is_tax() ) { // Terms (tags/categories).
$term_count = 0;
foreach ( $wp_query->tax_query->queried_terms as $tax_query ) {
if ( isset( $tax_query['terms'] ) && is_countable( $tax_query['terms'] ) ) {
$term_count += count( $tax_query['terms'] );
}
}
$obj = $wp_query->get_queried_object();
if ( $term_count <= 1 && ! empty( $obj->term_id ) ) {
$tax_url = get_term_link( (int) $obj->term_id, $obj->taxonomy );
if ( $tax_url && ! is_wp_error( $tax_url ) ) {
if ( ! empty( $redirect['query'] ) ) {
// Strip taxonomy query vars off the URL.
$qv_remove = array( 'term', 'taxonomy' );
if ( is_category() ) {
$qv_remove[] = 'category_name';
$qv_remove[] = 'cat';
} elseif ( is_tag() ) {
$qv_remove[] = 'tag';
$qv_remove[] = 'tag_id';
} else {
// Custom taxonomies will have a custom query var, remove those too.
$tax_obj = get_taxonomy( $obj->taxonomy );
if ( false !== $tax_obj->query_var ) {
$qv_remove[] = $tax_obj->query_var;
}
}
$rewrite_vars = array_diff( array_keys( $wp_query->query ), array_keys( $_GET ) );
// Check to see if all the query vars are coming from the rewrite, none are set via $_GET.
if ( ! array_diff( $rewrite_vars, array_keys( $_GET ) ) ) {
// Remove all of the per-tax query vars.
$redirect['query'] = remove_query_arg( $qv_remove, $redirect['query'] );
// Create the destination URL for this taxonomy.
$tax_url = parse_url( $tax_url );
if ( ! empty( $tax_url['query'] ) ) {
// Taxonomy accessible via ?taxonomy=...&term=... or any custom query var.
parse_str( $tax_url['query'], $query_vars );
$redirect['query'] = add_query_arg( $query_vars, $redirect['query'] );
} else {
// Taxonomy is accessible via a "pretty URL".
$redirect['path'] = $tax_url['path'];
}
} else {
// Some query vars are set via $_GET. Unset those from $_GET that exist via the rewrite.
foreach ( $qv_remove as $_qv ) {
if ( isset( $rewrite_vars[ $_qv ] ) ) {
$redirect['query'] = remove_query_arg( $_qv, $redirect['query'] );
}
}
}
}
}
}
} elseif ( is_single() && str_contains( $wp_rewrite->permalink_structure, '%category%' ) ) {
$category_name = get_query_var( 'category_name' );
if ( $category_name ) {
$category = get_category_by_path( $category_name );
if ( ! $category || is_wp_error( $category )
|| ! has_term( $category->term_id, 'category', $wp_query->get_queried_object_id() )
) {
$redirect_url = get_permalink( $wp_query->get_queried_object_id() );
$redirect_obj = get_post( $wp_query->get_queried_object_id() );
}
}
}
// Post paging.
if ( is_singular() && get_query_var( 'page' ) ) {
$page = get_query_var( 'page' );
if ( ! $redirect_url ) {
$redirect_url = get_permalink( get_queried_object_id() );
$redirect_obj = get_post( get_queried_object_id() );
}
if ( $page > 1 ) {
$redirect_url = trailingslashit( $redirect_url );
if ( is_front_page() ) {
$redirect_url .= user_trailingslashit( "$wp_rewrite->pagination_base/$page", 'paged' );
} else {
$redirect_url .= user_trailingslashit( $page, 'single_paged' );
}
}
$redirect['query'] = remove_query_arg( 'page', $redirect['query'] );
}
if ( get_query_var( 'sitemap' ) ) {
$redirect_url = get_sitemap_url( get_query_var( 'sitemap' ), get_query_var( 'sitemap-subtype' ), get_query_var( 'paged' ) );
$redirect['query'] = remove_query_arg( array( 'sitemap', 'sitemap-subtype', 'paged' ), $redirect['query'] );
} elseif ( get_query_var( 'paged' ) || is_feed() || get_query_var( 'cpage' ) ) {
// Paging and feeds.
$paged = get_query_var( 'paged' );
$feed = get_query_var( 'feed' );
$cpage = get_query_var( 'cpage' );
while ( preg_match( "#/$wp_rewrite->pagination_base/?[0-9]+?(/+)?$#", $redirect['path'] )
|| preg_match( '#/(comments/?)?(feed|rss2?|rdf|atom)(/+)?$#', $redirect['path'] )
|| preg_match( "#/{$wp_rewrite->comments_pagination_base}-[0-9]+(/+)?$#", $redirect['path'] )
) {
// Strip off any existing paging.
$redirect['path'] = preg_replace( "#/$wp_rewrite->pagination_base/?[0-9]+?(/+)?$#", '/', $redirect['path'] );
// Strip off feed endings.
$redirect['path'] = preg_replace( '#/(comments/?)?(feed|rss2?|rdf|atom)(/+|$)#', '/', $redirect['path'] );
// Strip off any existing comment paging.
$redirect['path'] = preg_replace( "#/{$wp_rewrite->comments_pagination_base}-[0-9]+?(/+)?$#", '/', $redirect['path'] );
}
$addl_path = '';
$default_feed = get_default_feed();
if ( is_feed() && in_array( $feed, $wp_rewrite->feeds, true ) ) {
$addl_path = ! empty( $addl_path ) ? trailingslashit( $addl_path ) : '';
if ( ! is_singular() && get_query_var( 'withcomments' ) ) {
$addl_path .= 'comments/';
}
if ( ( 'rss' === $default_feed && 'feed' === $feed ) || 'rss' === $feed ) {
$format = ( 'rss2' === $default_feed ) ? '' : 'rss2';
} else {
$format = ( $default_feed === $feed || 'feed' === $feed ) ? '' : $feed;
}
$addl_path .= user_trailingslashit( 'feed/' . $format, 'feed' );
$redirect['query'] = remove_query_arg( 'feed', $redirect['query'] );
} elseif ( is_feed() && 'old' === $feed ) {
$old_feed_files = array(
'wp-atom.php' => 'atom',
'wp-commentsrss2.php' => 'comments_rss2',
'wp-feed.php' => $default_feed,
'wp-rdf.php' => 'rdf',
'wp-rss.php' => 'rss2',
'wp-rss2.php' => 'rss2',
);
if ( isset( $old_feed_files[ basename( $redirect['path'] ) ] ) ) {
$redirect_url = get_feed_link( $old_feed_files[ basename( $redirect['path'] ) ] );
wp_redirect( $redirect_url, 301 );
die();
}
}
if ( $paged > 0 ) {
$redirect['query'] = remove_query_arg( 'paged', $redirect['query'] );
if ( ! is_feed() ) {
if ( ! is_single() ) {
$addl_path = ! empty( $addl_path ) ? trailingslashit( $addl_path ) : '';
if ( $paged > 1 ) {
$addl_path .= user_trailingslashit( "$wp_rewrite->pagination_base/$paged", 'paged' );
}
}
} elseif ( $paged > 1 ) {
$redirect['query'] = add_query_arg( 'paged', $paged, $redirect['query'] );
}
}
$default_comments_page = get_option( 'default_comments_page' );
if ( get_option( 'page_comments' )
&& ( 'newest' === $default_comments_page && $cpage > 0
|| 'newest' !== $default_comments_page && $cpage > 1 )
) {
$addl_path = ( ! empty( $addl_path ) ? trailingslashit( $addl_path ) : '' );
$addl_path .= user_trailingslashit( $wp_rewrite->comments_pagination_base . '-' . $cpage, 'commentpaged' );
$redirect['query'] = remove_query_arg( 'cpage', $redirect['query'] );
}
// Strip off trailing /index.php/.
$redirect['path'] = preg_replace( '|/' . preg_quote( $wp_rewrite->index, '|' ) . '/?$|', '/', $redirect['path'] );
$redirect['path'] = user_trailingslashit( $redirect['path'] );
if ( ! empty( $addl_path )
&& $wp_rewrite->using_index_permalinks()
&& ! str_contains( $redirect['path'], '/' . $wp_rewrite->index . '/' )
) {
$redirect['path'] = trailingslashit( $redirect['path'] ) . $wp_rewrite->index . '/';
}
if ( ! empty( $addl_path ) ) {
$redirect['path'] = trailingslashit( $redirect['path'] ) . $addl_path;
}
$redirect_url = $redirect['scheme'] . '://' . $redirect['host'] . $redirect['path'];
}
if ( 'wp-register.php' === basename( $redirect['path'] ) ) {
if ( is_multisite() ) {
/** This filter is documented in wp-login.php */
$redirect_url = apply_filters( 'wp_signup_location', network_site_url( 'wp-signup.php' ) );
} else {
$redirect_url = wp_registration_url();
}
wp_redirect( $redirect_url, 301 );
die();
}
}
$is_attachment_redirect = false;
if ( is_attachment() && ! get_option( 'wp_attachment_pages_enabled' ) ) {
$attachment_id = get_query_var( 'attachment_id' );
$attachment_post = get_post( $attachment_id );
$attachment_parent_id = $attachment_post ? $attachment_post->post_parent : 0;
$attachment_url = wp_get_attachment_url( $attachment_id );
if ( $attachment_url !== $redirect_url ) {
/*
* If an attachment is attached to a post, it inherits the parent post's status.
* Fetch the parent post to check its status later.
*/
if ( $attachment_parent_id ) {
$redirect_obj = get_post( $attachment_parent_id );
}
$redirect_url = $attachment_url;
}
$is_attachment_redirect = true;
}
$redirect['query'] = preg_replace( '#^\??&*?#', '', $redirect['query'] );
// Tack on any additional query vars.
if ( $redirect_url && ! empty( $redirect['query'] ) ) {
parse_str( $redirect['query'], $_parsed_query );
$redirect = parse_url( $redirect_url );
if ( ! empty( $_parsed_query['name'] ) && ! empty( $redirect['query'] ) ) {
parse_str( $redirect['query'], $_parsed_redirect_query );
if ( empty( $_parsed_redirect_query['name'] ) ) {
unset( $_parsed_query['name'] );
}
}
$_parsed_query = array_combine(
rawurlencode_deep( array_keys( $_parsed_query ) ),
rawurlencode_deep( array_values( $_parsed_query ) )
);
$redirect_url = add_query_arg( $_parsed_query, $redirect_url );
}
if ( $redirect_url ) {
$redirect = parse_url( $redirect_url );
}
// www.example.com vs. example.com
$user_home = parse_url( home_url() );
if ( ! empty( $user_home['host'] ) ) {
$redirect['host'] = $user_home['host'];
}
if ( empty( $user_home['path'] ) ) {
$user_home['path'] = '/';
}
// Handle ports.
if ( ! empty( $user_home['port'] ) ) {
$redirect['port'] = $user_home['port'];
} else {
unset( $redirect['port'] );
}
// Trailing /index.php.
$redirect['path'] = preg_replace( '|/' . preg_quote( $wp_rewrite->index, '|' ) . '/*?$|', '/', $redirect['path'] );
$punctuation_pattern = implode(
'|',
array_map(
'preg_quote',
array(
' ',
'%20', // Space.
'!',
'%21', // Exclamation mark.
'"',
'%22', // Double quote.
"'",
'%27', // Single quote.
'(',
'%28', // Opening bracket.
')',
'%29', // Closing bracket.
',',
'%2C', // Comma.
'.',
'%2E', // Period.
';',
'%3B', // Semicolon.
'{',
'%7B', // Opening curly bracket.
'}',
'%7D', // Closing curly bracket.
'%E2%80%9C', // Opening curly quote.
'%E2%80%9D', // Closing curly quote.
)
)
);
// Remove trailing spaces and end punctuation from the path.
$redirect['path'] = preg_replace( "#($punctuation_pattern)+$#", '', $redirect['path'] );
if ( ! empty( $redirect['query'] ) ) {
// Remove trailing spaces and end punctuation from certain terminating query string args.
$redirect['query'] = preg_replace( "#((^|&)(p|page_id|cat|tag)=[^&]*?)($punctuation_pattern)+$#", '$1', $redirect['query'] );
// Clean up empty query strings.
$redirect['query'] = trim( preg_replace( '#(^|&)(p|page_id|cat|tag)=?(&|$)#', '&', $redirect['query'] ), '&' );
// Redirect obsolete feeds.
$redirect['query'] = preg_replace( '#(^|&)feed=rss(&|$)#', '$1feed=rss2$2', $redirect['query'] );
// Remove redundant leading ampersands.
$redirect['query'] = preg_replace( '#^\??&*?#', '', $redirect['query'] );
}
// Strip /index.php/ when we're not using PATHINFO permalinks.
if ( ! $wp_rewrite->using_index_permalinks() ) {
$redirect['path'] = str_replace( '/' . $wp_rewrite->index . '/', '/', $redirect['path'] );
}
// Trailing slashes.
if ( is_object( $wp_rewrite ) && $wp_rewrite->using_permalinks()
&& ! $is_attachment_redirect
&& ! is_404() && ( ! is_front_page() || is_front_page() && get_query_var( 'paged' ) > 1 )
) {
$user_ts_type = '';
if ( get_query_var( 'paged' ) > 0 ) {
$user_ts_type = 'paged';
} else {
foreach ( array( 'single', 'category', 'page', 'day', 'month', 'year', 'home' ) as $type ) {
$func = 'is_' . $type;
if ( call_user_func( $func ) ) {
$user_ts_type = $type;
break;
}
}
}
$redirect['path'] = user_trailingslashit( $redirect['path'], $user_ts_type );
} elseif ( is_front_page() ) {
$redirect['path'] = trailingslashit( $redirect['path'] );
}
// Remove trailing slash for robots.txt or sitemap requests.
if ( is_robots()
|| ! empty( get_query_var( 'sitemap' ) ) || ! empty( get_query_var( 'sitemap-stylesheet' ) )
) {
$redirect['path'] = untrailingslashit( $redirect['path'] );
}
// Strip multiple slashes out of the URL.
if ( str_contains( $redirect['path'], '//' ) ) {
$redirect['path'] = preg_replace( '|/+|', '/', $redirect['path'] );
}
// Always trailing slash the Front Page URL.
if ( trailingslashit( $redirect['path'] ) === trailingslashit( $user_home['path'] ) ) {
$redirect['path'] = trailingslashit( $redirect['path'] );
}
$original_host_low = strtolower( $original['host'] );
$redirect_host_low = strtolower( $redirect['host'] );
/*
* Ignore differences in host capitalization, as this can lead to infinite redirects.
* Only redirect no-www <=> yes-www.
*/
if ( $original_host_low === $redirect_host_low
|| ( 'www.' . $original_host_low !== $redirect_host_low
&& 'www.' . $redirect_host_low !== $original_host_low )
) {
$redirect['host'] = $original['host'];
}
$compare_original = array( $original['host'], $original['path'] );
if ( ! empty( $original['port'] ) ) {
$compare_original[] = $original['port'];
}
if ( ! empty( $original['query'] ) ) {
$compare_original[] = $original['query'];
}
$compare_redirect = array( $redirect['host'], $redirect['path'] );
if ( ! empty( $redirect['port'] ) ) {
$compare_redirect[] = $redirect['port'];
}
if ( ! empty( $redirect['query'] ) ) {
$compare_redirect[] = $redirect['query'];
}
if ( $compare_original !== $compare_redirect ) {
$redirect_url = $redirect['scheme'] . '://' . $redirect['host'];
if ( ! empty( $redirect['port'] ) ) {
$redirect_url .= ':' . $redirect['port'];
}
$redirect_url .= $redirect['path'];
if ( ! empty( $redirect['query'] ) ) {
$redirect_url .= '?' . $redirect['query'];
}
}
if ( ! $redirect_url || $redirect_url === $requested_url ) {
return;
}
// Hex-encoded octets are case-insensitive.
if ( str_contains( $requested_url, '%' ) ) {
if ( ! function_exists( 'lowercase_octets' ) ) {
/**
* Converts the first hex-encoded octet match to lowercase.
*
* @since 3.1.0
* @ignore
*
* @param array $matches Hex-encoded octet matches for the requested URL.
* @return string Lowercased version of the first match.
*/
function lowercase_octets( $matches ) {
return strtolower( $matches[0] );
}
}
$requested_url = preg_replace_callback( '|%[a-fA-F0-9][a-fA-F0-9]|', 'lowercase_octets', $requested_url );
}
if ( $redirect_obj instanceof WP_Post ) {
$post_status_obj = get_post_status_object( get_post_status( $redirect_obj ) );
/*
* Unset the redirect object and URL if they are not readable by the user.
* This condition is a little confusing as the condition needs to pass if
* the post is not readable by the user. That's why there are ! (not) conditions
* throughout.
*/
if (
// Private post statuses only redirect if the user can read them.
! (
$post_status_obj->private &&
current_user_can( 'read_post', $redirect_obj->ID )
) &&
// For other posts, only redirect if publicly viewable.
! is_post_publicly_viewable( $redirect_obj )
) {
$redirect_obj = false;
$redirect_url = false;
}
}
/**
* Filters the canonical redirect URL.
*
* Returning false to this filter will cancel the redirect.
*
* @since 2.3.0
*
* @param string $redirect_url The redirect URL.
* @param string $requested_url The requested URL.
*/
$redirect_url = apply_filters( 'redirect_canonical', $redirect_url, $requested_url );
// Yes, again -- in case the filter aborted the request.
if ( ! $redirect_url || strip_fragment_from_url( $redirect_url ) === strip_fragment_from_url( $requested_url ) ) {
return;
}
if ( $do_redirect ) {
// Protect against chained redirects.
if ( ! redirect_canonical( $redirect_url, false ) ) {
wp_redirect( $redirect_url, 301 );
exit;
} else {
// Debug.
// die("1: $redirect_url
2: " . redirect_canonical( $redirect_url, false ) );
return;
}
} else {
return $redirect_url;
}
}
/**
* Removes arguments from a query string if they are not present in a URL
* DO NOT use this in plugin code.
*
* @since 3.4.0
* @access private
*
* @param string $query_string
* @param array $args_to_check
* @param string $url
* @return string The altered query string
*/
function _remove_qs_args_if_not_in_url( $query_string, array $args_to_check, $url ) {
$parsed_url = parse_url( $url );
if ( ! empty( $parsed_url['query'] ) ) {
parse_str( $parsed_url['query'], $parsed_query );
foreach ( $args_to_check as $qv ) {
if ( ! isset( $parsed_query[ $qv ] ) ) {
$query_string = remove_query_arg( $qv, $query_string );
}
}
} else {
$query_string = remove_query_arg( $args_to_check, $query_string );
}
return $query_string;
}
/**
* Strips the #fragment from a URL, if one is present.
*
* @since 4.4.0
*
* @param string $url The URL to strip.
* @return string The altered URL.
*/
function strip_fragment_from_url( $url ) {
$parsed_url = wp_parse_url( $url );
if ( ! empty( $parsed_url['host'] ) ) {
$url = '';
if ( ! empty( $parsed_url['scheme'] ) ) {
$url = $parsed_url['scheme'] . ':';
}
$url .= '//' . $parsed_url['host'];
if ( ! empty( $parsed_url['port'] ) ) {
$url .= ':' . $parsed_url['port'];
}
if ( ! empty( $parsed_url['path'] ) ) {
$url .= $parsed_url['path'];
}
if ( ! empty( $parsed_url['query'] ) ) {
$url .= '?' . $parsed_url['query'];
}
}
return $url;
}
/**
* Attempts to guess the correct URL for a 404 request based on query vars.
*
* @since 2.3.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @return string|false The correct URL if one is found. False on failure.
*/
function redirect_guess_404_permalink() {
global $wpdb;
/**
* Filters whether to attempt to guess a redirect URL for a 404 request.
*
* Returning a false value from the filter will disable the URL guessing
* and return early without performing a redirect.
*
* @since 5.5.0
*
* @param bool $do_redirect_guess Whether to attempt to guess a redirect URL
* for a 404 request. Default true.
*/
if ( false === apply_filters( 'do_redirect_guess_404_permalink', true ) ) {
return false;
}
/**
* Short-circuits the redirect URL guessing for 404 requests.
*
* Returning a non-null value from the filter will effectively short-circuit
* the URL guessing, returning the passed value instead.
*
* @since 5.5.0
*
* @param null|string|false $pre Whether to short-circuit guessing the redirect for a 404.
* Default null to continue with the URL guessing.
*/
$pre = apply_filters( 'pre_redirect_guess_404_permalink', null );
if ( null !== $pre ) {
return $pre;
}
if ( get_query_var( 'name' ) ) {
$publicly_viewable_statuses = array_filter( get_post_stati(), 'is_post_status_viewable' );
$publicly_viewable_post_types = array_filter( get_post_types( array( 'exclude_from_search' => false ) ), 'is_post_type_viewable' );
/**
* Filters whether to perform a strict guess for a 404 redirect.
*
* Returning a truthy value from the filter will redirect only exact post_name matches.
*
* @since 5.5.0
*
* @param bool $strict_guess Whether to perform a strict guess. Default false (loose guess).
*/
$strict_guess = apply_filters( 'strict_redirect_guess_404_permalink', false );
if ( $strict_guess ) {
$where = $wpdb->prepare( 'post_name = %s', get_query_var( 'name' ) );
} else {
$where = $wpdb->prepare( 'post_name LIKE %s', $wpdb->esc_like( get_query_var( 'name' ) ) . '%' );
}
// If any of post_type, year, monthnum, or day are set, use them to refine the query.
if ( get_query_var( 'post_type' ) ) {
if ( is_array( get_query_var( 'post_type' ) ) ) {
$post_types = array_intersect( get_query_var( 'post_type' ), $publicly_viewable_post_types );
if ( empty( $post_types ) ) {
return false;
}
$where .= " AND post_type IN ('" . join( "', '", esc_sql( get_query_var( 'post_type' ) ) ) . "')";
} else {
if ( ! in_array( get_query_var( 'post_type' ), $publicly_viewable_post_types, true ) ) {
return false;
}
$where .= $wpdb->prepare( ' AND post_type = %s', get_query_var( 'post_type' ) );
}
} else {
$where .= " AND post_type IN ('" . implode( "', '", esc_sql( $publicly_viewable_post_types ) ) . "')";
}
if ( get_query_var( 'year' ) ) {
$where .= $wpdb->prepare( ' AND YEAR(post_date) = %d', get_query_var( 'year' ) );
}
if ( get_query_var( 'monthnum' ) ) {
$where .= $wpdb->prepare( ' AND MONTH(post_date) = %d', get_query_var( 'monthnum' ) );
}
if ( get_query_var( 'day' ) ) {
$where .= $wpdb->prepare( ' AND DAYOFMONTH(post_date) = %d', get_query_var( 'day' ) );
}
// phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
$post_id = $wpdb->get_var( "SELECT ID FROM $wpdb->posts WHERE $where AND post_status IN ('" . implode( "', '", esc_sql( $publicly_viewable_statuses ) ) . "')" );
if ( ! $post_id ) {
return false;
}
if ( get_query_var( 'feed' ) ) {
return get_post_comments_feed_link( $post_id, get_query_var( 'feed' ) );
} elseif ( get_query_var( 'page' ) > 1 ) {
return trailingslashit( get_permalink( $post_id ) ) . user_trailingslashit( get_query_var( 'page' ), 'single_paged' );
} else {
return get_permalink( $post_id );
}
}
return false;
}
/**
* Redirects a variety of shorthand URLs to the admin.
*
* If a user visits example.com/admin, they'll be redirected to /wp-admin.
* Visiting /login redirects to /wp-login.php, and so on.
*
* @since 3.4.0
*
* @global WP_Rewrite $wp_rewrite WordPress rewrite component.
*/
function wp_redirect_admin_locations() {
global $wp_rewrite;
if ( ! ( is_404() && $wp_rewrite->using_permalinks() ) ) {
return;
}
$admins = array(
home_url( 'wp-admin', 'relative' ),
home_url( 'dashboard', 'relative' ),
home_url( 'admin', 'relative' ),
site_url( 'dashboard', 'relative' ),
site_url( 'admin', 'relative' ),
);
if ( in_array( untrailingslashit( $_SERVER['REQUEST_URI'] ), $admins, true ) ) {
wp_redirect( admin_url() );
exit;
}
$logins = array(
home_url( 'wp-login.php', 'relative' ),
home_url( 'login.php', 'relative' ),
home_url( 'login', 'relative' ),
site_url( 'login', 'relative' ),
);
if ( in_array( untrailingslashit( $_SERVER['REQUEST_URI'] ), $logins, true ) ) {
wp_redirect( wp_login_url() );
exit;
}
}
/**
* HTTP API: WP_Http_Streams class
*
* @package WordPress
* @subpackage HTTP
* @since 4.4.0
*/
/**
* Core class used to integrate PHP Streams as an HTTP transport.
*
* @since 2.7.0
* @since 3.7.0 Combined with the fsockopen transport and switched to `stream_socket_client()`.
* @deprecated 6.4.0 Use WP_Http
* @see WP_Http
*/
#[AllowDynamicProperties]
class WP_Http_Streams {
/**
* Send a HTTP request to a URI using PHP Streams.
*
* @see WP_Http::request() For default options descriptions.
*
* @since 2.7.0
* @since 3.7.0 Combined with the fsockopen transport and switched to stream_socket_client().
*
* @param string $url The request URL.
* @param string|array $args Optional. Override the defaults.
* @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. A WP_Error instance upon error
*/
public function request( $url, $args = array() ) {
$defaults = array(
'method' => 'GET',
'timeout' => 5,
'redirection' => 5,
'httpversion' => '1.0',
'blocking' => true,
'headers' => array(),
'body' => null,
'cookies' => array(),
'decompress' => false,
'stream' => false,
'filename' => null,
);
$parsed_args = wp_parse_args( $args, $defaults );
if ( isset( $parsed_args['headers']['User-Agent'] ) ) {
$parsed_args['user-agent'] = $parsed_args['headers']['User-Agent'];
unset( $parsed_args['headers']['User-Agent'] );
} elseif ( isset( $parsed_args['headers']['user-agent'] ) ) {
$parsed_args['user-agent'] = $parsed_args['headers']['user-agent'];
unset( $parsed_args['headers']['user-agent'] );
}
// Construct Cookie: header if any cookies are set.
WP_Http::buildCookieHeader( $parsed_args );
$parsed_url = parse_url( $url );
$connect_host = $parsed_url['host'];
$secure_transport = ( 'ssl' === $parsed_url['scheme'] || 'https' === $parsed_url['scheme'] );
if ( ! isset( $parsed_url['port'] ) ) {
if ( 'ssl' === $parsed_url['scheme'] || 'https' === $parsed_url['scheme'] ) {
$parsed_url['port'] = 443;
$secure_transport = true;
} else {
$parsed_url['port'] = 80;
}
}
// Always pass a path, defaulting to the root in cases such as http://example.com.
if ( ! isset( $parsed_url['path'] ) ) {
$parsed_url['path'] = '/';
}
if ( isset( $parsed_args['headers']['Host'] ) || isset( $parsed_args['headers']['host'] ) ) {
if ( isset( $parsed_args['headers']['Host'] ) ) {
$parsed_url['host'] = $parsed_args['headers']['Host'];
} else {
$parsed_url['host'] = $parsed_args['headers']['host'];
}
unset( $parsed_args['headers']['Host'], $parsed_args['headers']['host'] );
}
/*
* Certain versions of PHP have issues with 'localhost' and IPv6, It attempts to connect
* to ::1, which fails when the server is not set up for it. For compatibility, always
* connect to the IPv4 address.
*/
if ( 'localhost' === strtolower( $connect_host ) ) {
$connect_host = '127.0.0.1';
}
$connect_host = $secure_transport ? 'ssl://' . $connect_host : 'tcp://' . $connect_host;
$is_local = isset( $parsed_args['local'] ) && $parsed_args['local'];
$ssl_verify = isset( $parsed_args['sslverify'] ) && $parsed_args['sslverify'];
if ( $is_local ) {
/**
* Filters whether SSL should be verified for local HTTP API requests.
*
* @since 2.8.0
* @since 5.1.0 The `$url` parameter was added.
*
* @param bool|string $ssl_verify Boolean to control whether to verify the SSL connection
* or path to an SSL certificate.
* @param string $url The request URL.
*/
$ssl_verify = apply_filters( 'https_local_ssl_verify', $ssl_verify, $url );
} elseif ( ! $is_local ) {
/** This filter is documented in wp-includes/class-wp-http.php */
$ssl_verify = apply_filters( 'https_ssl_verify', $ssl_verify, $url );
}
$proxy = new WP_HTTP_Proxy();
$context = stream_context_create(
array(
'ssl' => array(
'verify_peer' => $ssl_verify,
// 'CN_match' => $parsed_url['host'], // This is handled by self::verify_ssl_certificate().
'capture_peer_cert' => $ssl_verify,
'SNI_enabled' => true,
'cafile' => $parsed_args['sslcertificates'],
'allow_self_signed' => ! $ssl_verify,
),
)
);
$timeout = (int) floor( $parsed_args['timeout'] );
$utimeout = 0;
if ( $timeout !== (int) $parsed_args['timeout'] ) {
$utimeout = 1000000 * $parsed_args['timeout'] % 1000000;
}
$connect_timeout = max( $timeout, 1 );
// Store error number.
$connection_error = null;
// Store error string.
$connection_error_str = null;
if ( ! WP_DEBUG ) {
// In the event that the SSL connection fails, silence the many PHP warnings.
if ( $secure_transport ) {
$error_reporting = error_reporting( 0 );
}
if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) {
// phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
$handle = @stream_socket_client(
'tcp://' . $proxy->host() . ':' . $proxy->port(),
$connection_error,
$connection_error_str,
$connect_timeout,
STREAM_CLIENT_CONNECT,
$context
);
} else {
// phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
$handle = @stream_socket_client(
$connect_host . ':' . $parsed_url['port'],
$connection_error,
$connection_error_str,
$connect_timeout,
STREAM_CLIENT_CONNECT,
$context
);
}
if ( $secure_transport ) {
error_reporting( $error_reporting );
}
} else {
if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) {
$handle = stream_socket_client(
'tcp://' . $proxy->host() . ':' . $proxy->port(),
$connection_error,
$connection_error_str,
$connect_timeout,
STREAM_CLIENT_CONNECT,
$context
);
} else {
$handle = stream_socket_client(
$connect_host . ':' . $parsed_url['port'],
$connection_error,
$connection_error_str,
$connect_timeout,
STREAM_CLIENT_CONNECT,
$context
);
}
}
if ( false === $handle ) {
// SSL connection failed due to expired/invalid cert, or, OpenSSL configuration is broken.
if ( $secure_transport && 0 === $connection_error && '' === $connection_error_str ) {
return new WP_Error( 'http_request_failed', __( 'The SSL certificate for the host could not be verified.' ) );
}
return new WP_Error( 'http_request_failed', $connection_error . ': ' . $connection_error_str );
}
// Verify that the SSL certificate is valid for this request.
if ( $secure_transport && $ssl_verify && ! $proxy->is_enabled() ) {
if ( ! self::verify_ssl_certificate( $handle, $parsed_url['host'] ) ) {
return new WP_Error( 'http_request_failed', __( 'The SSL certificate for the host could not be verified.' ) );
}
}
stream_set_timeout( $handle, $timeout, $utimeout );
if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { // Some proxies require full URL in this field.
$request_path = $url;
} else {
$request_path = $parsed_url['path'] . ( isset( $parsed_url['query'] ) ? '?' . $parsed_url['query'] : '' );
}
$headers = strtoupper( $parsed_args['method'] ) . ' ' . $request_path . ' HTTP/' . $parsed_args['httpversion'] . "\r\n";
$include_port_in_host_header = (
( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) )
|| ( 'http' === $parsed_url['scheme'] && 80 !== $parsed_url['port'] )
|| ( 'https' === $parsed_url['scheme'] && 443 !== $parsed_url['port'] )
);
if ( $include_port_in_host_header ) {
$headers .= 'Host: ' . $parsed_url['host'] . ':' . $parsed_url['port'] . "\r\n";
} else {
$headers .= 'Host: ' . $parsed_url['host'] . "\r\n";
}
if ( isset( $parsed_args['user-agent'] ) ) {
$headers .= 'User-agent: ' . $parsed_args['user-agent'] . "\r\n";
}
if ( is_array( $parsed_args['headers'] ) ) {
foreach ( (array) $parsed_args['headers'] as $header => $header_value ) {
$headers .= $header . ': ' . $header_value . "\r\n";
}
} else {
$headers .= $parsed_args['headers'];
}
if ( $proxy->use_authentication() ) {
$headers .= $proxy->authentication_header() . "\r\n";
}
$headers .= "\r\n";
if ( ! is_null( $parsed_args['body'] ) ) {
$headers .= $parsed_args['body'];
}
fwrite( $handle, $headers );
if ( ! $parsed_args['blocking'] ) {
stream_set_blocking( $handle, 0 );
fclose( $handle );
return array(
'headers' => array(),
'body' => '',
'response' => array(
'code' => false,
'message' => false,
),
'cookies' => array(),
);
}
$response = '';
$body_started = false;
$keep_reading = true;
$block_size = 4096;
if ( isset( $parsed_args['limit_response_size'] ) ) {
$block_size = min( $block_size, $parsed_args['limit_response_size'] );
}
// If streaming to a file setup the file handle.
if ( $parsed_args['stream'] ) {
if ( ! WP_DEBUG ) {
$stream_handle = @fopen( $parsed_args['filename'], 'w+' );
} else {
$stream_handle = fopen( $parsed_args['filename'], 'w+' );
}
if ( ! $stream_handle ) {
return new WP_Error(
'http_request_failed',
sprintf(
/* translators: 1: fopen(), 2: File name. */
__( 'Could not open handle for %1$s to %2$s.' ),
'fopen()',
$parsed_args['filename']
)
);
}
$bytes_written = 0;
while ( ! feof( $handle ) && $keep_reading ) {
$block = fread( $handle, $block_size );
if ( ! $body_started ) {
$response .= $block;
if ( strpos( $response, "\r\n\r\n" ) ) {
$processed_response = WP_Http::processResponse( $response );
$body_started = true;
$block = $processed_response['body'];
unset( $response );
$processed_response['body'] = '';
}
}
$this_block_size = strlen( $block );
if ( isset( $parsed_args['limit_response_size'] )
&& ( $bytes_written + $this_block_size ) > $parsed_args['limit_response_size']
) {
$this_block_size = ( $parsed_args['limit_response_size'] - $bytes_written );
$block = substr( $block, 0, $this_block_size );
}
$bytes_written_to_file = fwrite( $stream_handle, $block );
if ( $bytes_written_to_file !== $this_block_size ) {
fclose( $handle );
fclose( $stream_handle );
return new WP_Error( 'http_request_failed', __( 'Failed to write request to temporary file.' ) );
}
$bytes_written += $bytes_written_to_file;
$keep_reading = (
! isset( $parsed_args['limit_response_size'] )
|| $bytes_written < $parsed_args['limit_response_size']
);
}
fclose( $stream_handle );
} else {
$header_length = 0;
while ( ! feof( $handle ) && $keep_reading ) {
$block = fread( $handle, $block_size );
$response .= $block;
if ( ! $body_started && strpos( $response, "\r\n\r\n" ) ) {
$header_length = strpos( $response, "\r\n\r\n" ) + 4;
$body_started = true;
}
$keep_reading = (
! $body_started
|| ! isset( $parsed_args['limit_response_size'] )
|| strlen( $response ) < ( $header_length + $parsed_args['limit_response_size'] )
);
}
$processed_response = WP_Http::processResponse( $response );
unset( $response );
}
fclose( $handle );
$processed_headers = WP_Http::processHeaders( $processed_response['headers'], $url );
$response = array(
'headers' => $processed_headers['headers'],
// Not yet processed.
'body' => null,
'response' => $processed_headers['response'],
'cookies' => $processed_headers['cookies'],
'filename' => $parsed_args['filename'],
);
// Handle redirects.
$redirect_response = WP_Http::handle_redirects( $url, $parsed_args, $response );
if ( false !== $redirect_response ) {
return $redirect_response;
}
// If the body was chunk encoded, then decode it.
if ( ! empty( $processed_response['body'] )
&& isset( $processed_headers['headers']['transfer-encoding'] )
&& 'chunked' === $processed_headers['headers']['transfer-encoding']
) {
$processed_response['body'] = WP_Http::chunkTransferDecode( $processed_response['body'] );
}
if ( true === $parsed_args['decompress']
&& true === WP_Http_Encoding::should_decode( $processed_headers['headers'] )
) {
$processed_response['body'] = WP_Http_Encoding::decompress( $processed_response['body'] );
}
if ( isset( $parsed_args['limit_response_size'] )
&& strlen( $processed_response['body'] ) > $parsed_args['limit_response_size']
) {
$processed_response['body'] = substr( $processed_response['body'], 0, $parsed_args['limit_response_size'] );
}
$response['body'] = $processed_response['body'];
return $response;
}
/**
* Verifies the received SSL certificate against its Common Names and subjectAltName fields.
*
* PHP's SSL verifications only verify that it's a valid Certificate, it doesn't verify if
* the certificate is valid for the hostname which was requested.
* This function verifies the requested hostname against certificate's subjectAltName field,
* if that is empty, or contains no DNS entries, a fallback to the Common Name field is used.
*
* IP Address support is included if the request is being made to an IP address.
*
* @since 3.7.0
*
* @param resource $stream The PHP Stream which the SSL request is being made over
* @param string $host The hostname being requested
* @return bool If the certificate presented in $stream is valid for $host
*/
public static function verify_ssl_certificate( $stream, $host ) {
$context_options = stream_context_get_options( $stream );
if ( empty( $context_options['ssl']['peer_certificate'] ) ) {
return false;
}
$cert = openssl_x509_parse( $context_options['ssl']['peer_certificate'] );
if ( ! $cert ) {
return false;
}
/*
* If the request is being made to an IP address, we'll validate against IP fields
* in the cert (if they exist)
*/
$host_type = ( WP_Http::is_ip_address( $host ) ? 'ip' : 'dns' );
$certificate_hostnames = array();
if ( ! empty( $cert['extensions']['subjectAltName'] ) ) {
$match_against = preg_split( '/,\s*/', $cert['extensions']['subjectAltName'] );
foreach ( $match_against as $match ) {
list( $match_type, $match_host ) = explode( ':', $match );
if ( strtolower( trim( $match_type ) ) === $host_type ) { // IP: or DNS:
$certificate_hostnames[] = strtolower( trim( $match_host ) );
}
}
} elseif ( ! empty( $cert['subject']['CN'] ) ) {
// Only use the CN when the certificate includes no subjectAltName extension.
$certificate_hostnames[] = strtolower( $cert['subject']['CN'] );
}
// Exact hostname/IP matches.
if ( in_array( strtolower( $host ), $certificate_hostnames, true ) ) {
return true;
}
// IP's can't be wildcards, Stop processing.
if ( 'ip' === $host_type ) {
return false;
}
// Test to see if the domain is at least 2 deep for wildcard support.
if ( substr_count( $host, '.' ) < 2 ) {
return false;
}
// Wildcard subdomains certs (*.example.com) are valid for a.example.com but not a.b.example.com.
$wildcard_host = preg_replace( '/^[^.]+\./', '*.', $host );
return in_array( strtolower( $wildcard_host ), $certificate_hostnames, true );
}
/**
* Determines whether this class can be used for retrieving a URL.
*
* @since 2.7.0
* @since 3.7.0 Combined with the fsockopen transport and switched to stream_socket_client().
*
* @param array $args Optional. Array of request arguments. Default empty array.
* @return bool False means this class can not be used, true means it can.
*/
public static function test( $args = array() ) {
if ( ! function_exists( 'stream_socket_client' ) ) {
return false;
}
$is_ssl = isset( $args['ssl'] ) && $args['ssl'];
if ( $is_ssl ) {
if ( ! extension_loaded( 'openssl' ) ) {
return false;
}
if ( ! function_exists( 'openssl_x509_parse' ) ) {
return false;
}
}
/**
* Filters whether streams can be used as a transport for retrieving a URL.
*
* @since 2.7.0
*
* @param bool $use_class Whether the class can be used. Default true.
* @param array $args Request arguments.
*/
return apply_filters( 'use_streams_transport', true, $args );
}
}
/**
* Deprecated HTTP Transport method which used fsockopen.
*
* This class is not used, and is included for backward compatibility only.
* All code should make use of WP_Http directly through its API.
*
* @see WP_HTTP::request
*
* @since 2.7.0
* @deprecated 3.7.0 Please use WP_HTTP::request() directly
*/
class WP_HTTP_Fsockopen extends WP_Http_Streams {
// For backward compatibility for users who are using the class directly.
}
/**
* REST API: WP_REST_Controller class
*
* @package WordPress
* @subpackage REST_API
* @since 4.7.0
*/
/**
* Core base controller for managing and interacting with REST API items.
*
* @since 4.7.0
*/
#[AllowDynamicProperties]
abstract class WP_REST_Controller {
/**
* The namespace of this controller's route.
*
* @since 4.7.0
* @var string
*/
protected $namespace;
/**
* The base of this controller's route.
*
* @since 4.7.0
* @var string
*/
protected $rest_base;
/**
* Cached results of get_item_schema.
*
* @since 5.3.0
* @var array
*/
protected $schema;
/**
* Registers the routes for the objects of the controller.
*
* @since 4.7.0
*
* @see register_rest_route()
*/
public function register_routes() {
_doing_it_wrong(
'WP_REST_Controller::register_routes',
/* translators: %s: register_routes() */
sprintf( __( "Method '%s' must be overridden." ), __METHOD__ ),
'4.7.0'
);
}
/**
* Checks if a given request has access to get items.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/
public function get_items_permissions_check( $request ) {
return new WP_Error(
'invalid-method',
/* translators: %s: Method name. */
sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ),
array( 'status' => 405 )
);
}
/**
* Retrieves a collection of items.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function get_items( $request ) {
return new WP_Error(
'invalid-method',
/* translators: %s: Method name. */
sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ),
array( 'status' => 405 )
);
}
/**
* Checks if a given request has access to get a specific item.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has read access for the item, WP_Error object otherwise.
*/
public function get_item_permissions_check( $request ) {
return new WP_Error(
'invalid-method',
/* translators: %s: Method name. */
sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ),
array( 'status' => 405 )
);
}
/**
* Retrieves one item from the collection.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function get_item( $request ) {
return new WP_Error(
'invalid-method',
/* translators: %s: Method name. */
sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ),
array( 'status' => 405 )
);
}
/**
* Checks if a given request has access to create items.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has access to create items, WP_Error object otherwise.
*/
public function create_item_permissions_check( $request ) {
return new WP_Error(
'invalid-method',
/* translators: %s: Method name. */
sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ),
array( 'status' => 405 )
);
}
/**
* Creates one item from the collection.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function create_item( $request ) {
return new WP_Error(
'invalid-method',
/* translators: %s: Method name. */
sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ),
array( 'status' => 405 )
);
}
/**
* Checks if a given request has access to update a specific item.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise.
*/
public function update_item_permissions_check( $request ) {
return new WP_Error(
'invalid-method',
/* translators: %s: Method name. */
sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ),
array( 'status' => 405 )
);
}
/**
* Updates one item from the collection.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function update_item( $request ) {
return new WP_Error(
'invalid-method',
/* translators: %s: Method name. */
sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ),
array( 'status' => 405 )
);
}
/**
* Checks if a given request has access to delete a specific item.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise.
*/
public function delete_item_permissions_check( $request ) {
return new WP_Error(
'invalid-method',
/* translators: %s: Method name. */
sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ),
array( 'status' => 405 )
);
}
/**
* Deletes one item from the collection.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function delete_item( $request ) {
return new WP_Error(
'invalid-method',
/* translators: %s: Method name. */
sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ),
array( 'status' => 405 )
);
}
/**
* Prepares one item for create or update operation.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Request object.
* @return object|WP_Error The prepared item, or WP_Error object on failure.
*/
protected function prepare_item_for_database( $request ) {
return new WP_Error(
'invalid-method',
/* translators: %s: Method name. */
sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ),
array( 'status' => 405 )
);
}
/**
* Prepares the item for the REST response.
*
* @since 4.7.0
*
* @param mixed $item WordPress representation of the item.
* @param WP_REST_Request $request Request object.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function prepare_item_for_response( $item, $request ) {
return new WP_Error(
'invalid-method',
/* translators: %s: Method name. */
sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ),
array( 'status' => 405 )
);
}
/**
* Prepares a response for insertion into a collection.
*
* @since 4.7.0
*
* @param WP_REST_Response $response Response object.
* @return array|mixed Response data, ready for insertion into collection data.
*/
public function prepare_response_for_collection( $response ) {
if ( ! ( $response instanceof WP_REST_Response ) ) {
return $response;
}
$data = (array) $response->get_data();
$server = rest_get_server();
$links = $server::get_compact_response_links( $response );
if ( ! empty( $links ) ) {
$data['_links'] = $links;
}
return $data;
}
/**
* Filters a response based on the context defined in the schema.
*
* @since 4.7.0
*
* @param array $response_data Response data to filter.
* @param string $context Context defined in the schema.
* @return array Filtered response.
*/
public function filter_response_by_context( $response_data, $context ) {
$schema = $this->get_item_schema();
return rest_filter_response_by_context( $response_data, $schema, $context );
}
/**
* Retrieves the item's schema, conforming to JSON Schema.
*
* @since 4.7.0
*
* @return array Item schema data.
*/
public function get_item_schema() {
return $this->add_additional_fields_schema( array() );
}
/**
* Retrieves the item's schema for display / public consumption purposes.
*
* @since 4.7.0
*
* @return array Public item schema data.
*/
public function get_public_item_schema() {
$schema = $this->get_item_schema();
if ( ! empty( $schema['properties'] ) ) {
foreach ( $schema['properties'] as &$property ) {
unset( $property['arg_options'] );
}
}
return $schema;
}
/**
* Retrieves the query params for the collections.
*
* @since 4.7.0
*
* @return array Query parameters for the collection.
*/
public function get_collection_params() {
return array(
'context' => $this->get_context_param(),
'page' => array(
'description' => __( 'Current page of the collection.' ),
'type' => 'integer',
'default' => 1,
'sanitize_callback' => 'absint',
'validate_callback' => 'rest_validate_request_arg',
'minimum' => 1,
),
'per_page' => array(
'description' => __( 'Maximum number of items to be returned in result set.' ),
'type' => 'integer',
'default' => 10,
'minimum' => 1,
'maximum' => 100,
'sanitize_callback' => 'absint',
'validate_callback' => 'rest_validate_request_arg',
),
'search' => array(
'description' => __( 'Limit results to those matching a string.' ),
'type' => 'string',
'sanitize_callback' => 'sanitize_text_field',
'validate_callback' => 'rest_validate_request_arg',
),
);
}
/**
* Retrieves the magical context param.
*
* Ensures consistent descriptions between endpoints, and populates enum from schema.
*
* @since 4.7.0
*
* @param array $args Optional. Additional arguments for context parameter. Default empty array.
* @return array Context parameter details.
*/
public function get_context_param( $args = array() ) {
$param_details = array(
'description' => __( 'Scope under which the request is made; determines fields present in response.' ),
'type' => 'string',
'sanitize_callback' => 'sanitize_key',
'validate_callback' => 'rest_validate_request_arg',
);
$schema = $this->get_item_schema();
if ( empty( $schema['properties'] ) ) {
return array_merge( $param_details, $args );
}
$contexts = array();
foreach ( $schema['properties'] as $attributes ) {
if ( ! empty( $attributes['context'] ) ) {
$contexts = array_merge( $contexts, $attributes['context'] );
}
}
if ( ! empty( $contexts ) ) {
$param_details['enum'] = array_unique( $contexts );
rsort( $param_details['enum'] );
}
return array_merge( $param_details, $args );
}
/**
* Adds the values from additional fields to a data object.
*
* @since 4.7.0
*
* @param array $response_data Prepared response array.
* @param WP_REST_Request $request Full details about the request.
* @return array Modified data object with additional fields.
*/
protected function add_additional_fields_to_object( $response_data, $request ) {
$additional_fields = $this->get_additional_fields();
$requested_fields = $this->get_fields_for_response( $request );
foreach ( $additional_fields as $field_name => $field_options ) {
if ( ! $field_options['get_callback'] ) {
continue;
}
if ( ! rest_is_field_included( $field_name, $requested_fields ) ) {
continue;
}
$response_data[ $field_name ] = call_user_func(
$field_options['get_callback'],
$response_data,
$field_name,
$request,
$this->get_object_type()
);
}
return $response_data;
}
/**
* Updates the values of additional fields added to a data object.
*
* @since 4.7.0
*
* @param object $data_object Data model like WP_Term or WP_Post.
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True on success, WP_Error object if a field cannot be updated.
*/
protected function update_additional_fields_for_object( $data_object, $request ) {
$additional_fields = $this->get_additional_fields();
foreach ( $additional_fields as $field_name => $field_options ) {
if ( ! $field_options['update_callback'] ) {
continue;
}
// Don't run the update callbacks if the data wasn't passed in the request.
if ( ! isset( $request[ $field_name ] ) ) {
continue;
}
$result = call_user_func(
$field_options['update_callback'],
$request[ $field_name ],
$data_object,
$field_name,
$request,
$this->get_object_type()
);
if ( is_wp_error( $result ) ) {
return $result;
}
}
return true;
}
/**
* Adds the schema from additional fields to a schema array.
*
* The type of object is inferred from the passed schema.
*
* @since 4.7.0
*
* @param array $schema Schema array.
* @return array Modified Schema array.
*/
protected function add_additional_fields_schema( $schema ) {
if ( empty( $schema['title'] ) ) {
return $schema;
}
// Can't use $this->get_object_type otherwise we cause an inf loop.
$object_type = $schema['title'];
$additional_fields = $this->get_additional_fields( $object_type );
foreach ( $additional_fields as $field_name => $field_options ) {
if ( ! $field_options['schema'] ) {
continue;
}
$schema['properties'][ $field_name ] = $field_options['schema'];
}
return $schema;
}
/**
* Retrieves all of the registered additional fields for a given object-type.
*
* @since 4.7.0
*
* @global array $wp_rest_additional_fields Holds registered fields, organized by object type.
*
* @param string $object_type Optional. The object type.
* @return array Registered additional fields (if any), empty array if none or if the object type
* could not be inferred.
*/
protected function get_additional_fields( $object_type = null ) {
global $wp_rest_additional_fields;
if ( ! $object_type ) {
$object_type = $this->get_object_type();
}
if ( ! $object_type ) {
return array();
}
if ( ! $wp_rest_additional_fields || ! isset( $wp_rest_additional_fields[ $object_type ] ) ) {
return array();
}
return $wp_rest_additional_fields[ $object_type ];
}
/**
* Retrieves the object type this controller is responsible for managing.
*
* @since 4.7.0
*
* @return string Object type for the controller.
*/
protected function get_object_type() {
$schema = $this->get_item_schema();
if ( ! $schema || ! isset( $schema['title'] ) ) {
return null;
}
return $schema['title'];
}
/**
* Gets an array of fields to be included on the response.
*
* Included fields are based on item schema and `_fields=` request argument.
*
* @since 4.9.6
*
* @param WP_REST_Request $request Full details about the request.
* @return string[] Fields to be included in the response.
*/
public function get_fields_for_response( $request ) {
$schema = $this->get_item_schema();
$properties = isset( $schema['properties'] ) ? $schema['properties'] : array();
$additional_fields = $this->get_additional_fields();
foreach ( $additional_fields as $field_name => $field_options ) {
/*
* For back-compat, include any field with an empty schema
* because it won't be present in $this->get_item_schema().
*/
if ( is_null( $field_options['schema'] ) ) {
$properties[ $field_name ] = $field_options;
}
}
// Exclude fields that specify a different context than the request context.
$context = $request['context'];
if ( $context ) {
foreach ( $properties as $name => $options ) {
if ( ! empty( $options['context'] ) && ! in_array( $context, $options['context'], true ) ) {
unset( $properties[ $name ] );
}
}
}
$fields = array_keys( $properties );
/*
* '_links' and '_embedded' are not typically part of the item schema,
* but they can be specified in '_fields', so they are added here as a
* convenience for checking with rest_is_field_included().
*/
$fields[] = '_links';
if ( $request->has_param( '_embed' ) ) {
$fields[] = '_embedded';
}
$fields = array_unique( $fields );
if ( ! isset( $request['_fields'] ) ) {
return $fields;
}
$requested_fields = wp_parse_list( $request['_fields'] );
if ( 0 === count( $requested_fields ) ) {
return $fields;
}
// Trim off outside whitespace from the comma delimited list.
$requested_fields = array_map( 'trim', $requested_fields );
// Always persist 'id', because it can be needed for add_additional_fields_to_object().
if ( in_array( 'id', $fields, true ) ) {
$requested_fields[] = 'id';
}
// Return the list of all requested fields which appear in the schema.
return array_reduce(
$requested_fields,
static function ( $response_fields, $field ) use ( $fields ) {
if ( in_array( $field, $fields, true ) ) {
$response_fields[] = $field;
return $response_fields;
}
// Check for nested fields if $field is not a direct match.
$nested_fields = explode( '.', $field );
/*
* A nested field is included so long as its top-level property
* is present in the schema.
*/
if ( in_array( $nested_fields[0], $fields, true ) ) {
$response_fields[] = $field;
}
return $response_fields;
},
array()
);
}
/**
* Retrieves an array of endpoint arguments from the item schema for the controller.
*
* @since 4.7.0
*
* @param string $method Optional. HTTP method of the request. The arguments for `CREATABLE` requests are
* checked for required values and may fall-back to a given default, this is not done
* on `EDITABLE` requests. Default WP_REST_Server::CREATABLE.
* @return array Endpoint arguments.
*/
public function get_endpoint_args_for_item_schema( $method = WP_REST_Server::CREATABLE ) {
return rest_get_endpoint_args_for_schema( $this->get_item_schema(), $method );
}
/**
* Sanitizes the slug value.
*
* @since 4.7.0
*
* @internal We can't use sanitize_title() directly, as the second
* parameter is the fallback title, which would end up being set to the
* request object.
*
* @see https://github.com/WP-API/WP-API/issues/1585
*
* @todo Remove this in favour of https://core.trac.wordpress.org/ticket/34659
*
* @param string $slug Slug value passed in request.
* @return string Sanitized value for the slug.
*/
public function sanitize_slug( $slug ) {
return sanitize_title( $slug );
}
}