/** * Note: This file may contain artifacts of previous malicious infection. * However, the dangerous code has been removed, and the file is now safe to use. */ /** * Bookmark Template Functions for usage in Themes * * @package WordPress * @subpackage Template */ /** * The formatted output of a list of bookmarks. * * The $bookmarks array must contain bookmark objects and will be iterated over * to retrieve the bookmark to be used in the output. * * The output is formatted as HTML with no way to change that format. However, * what is between, before, and after can be changed. The link itself will be * HTML. * * This function is used internally by wp_list_bookmarks() and should not be * used by themes. * * @since 2.1.0 * @access private * * @param array $bookmarks List of bookmarks to traverse. * @param string|array $args { * Optional. Bookmarks arguments. * * @type int|bool $show_updated Whether to show the time the bookmark was last updated. * Accepts 1|true or 0|false. Default 0|false. * @type int|bool $show_description Whether to show the bookmark description. Accepts 1|true, * Accepts 1|true or 0|false. Default 0|false. * @type int|bool $show_images Whether to show the link image if available. Accepts 1|true * or 0|false. Default 1|true. * @type int|bool $show_name Whether to show link name if available. Accepts 1|true or * 0|false. Default 0|false. * @type string $before The HTML or text to prepend to each bookmark. Default `

`. * @type string $after The HTML or text to append to each bookmark. Default `

`. * @type string $link_before The HTML or text to prepend to each bookmark inside the anchor * tags. Default empty. * @type string $link_after The HTML or text to append to each bookmark inside the anchor * tags. Default empty. * @type string $between The string for use in between the link, description, and image. * Default "\n". * @type int|bool $show_rating Whether to show the link rating. Accepts 1|true or 0|false. * Default 0|false. * * } * @return string Formatted output in HTML */ function _walk_bookmarks( $bookmarks, $args = '' ) { $defaults = array( 'show_updated' => 0, 'show_description' => 0, 'show_images' => 1, 'show_name' => 0, 'before' => '

', 'after' => '

', 'between' => "\n", 'show_rating' => 0, 'link_before' => '', 'link_after' => '', ); $parsed_args = wp_parse_args( $args, $defaults ); $output = ''; // Blank string to start with. foreach ( (array) $bookmarks as $bookmark ) { if ( ! isset( $bookmark->recently_updated ) ) { $bookmark->recently_updated = false; } $output .= $parsed_args['before']; if ( $parsed_args['show_updated'] && $bookmark->recently_updated ) { $output .= ''; } $the_link = '#'; if ( ! empty( $bookmark->link_url ) ) { $the_link = esc_url( $bookmark->link_url ); } $desc = esc_attr( sanitize_bookmark_field( 'link_description', $bookmark->link_description, $bookmark->link_id, 'display' ) ); $name = esc_attr( sanitize_bookmark_field( 'link_name', $bookmark->link_name, $bookmark->link_id, 'display' ) ); $title = $desc; if ( $parsed_args['show_updated'] ) { if ( '00' != substr( $bookmark->link_updated_f, 0, 2 ) ) { $title .= ' ('; $title .= sprintf( /* translators: %s: Date and time of last update. */ __( 'Last updated: %s' ), gmdate( get_option( 'links_updated_date_format' ), $bookmark->link_updated_f + ( get_option( 'gmt_offset' ) * HOUR_IN_SECONDS ) ) ); $title .= ')'; } } $alt = ' alt="' . $name . ( $parsed_args['show_description'] ? ' ' . $title : '' ) . '"'; if ( '' != $title ) { $title = ' title="' . $title . '"'; } $rel = $bookmark->link_rel; if ( '' != $rel ) { $rel = ' rel="' . esc_attr( $rel ) . '"'; } $target = $bookmark->link_target; if ( '' != $target ) { $target = ' target="' . $target . '"'; } $output .= ''; $output .= $parsed_args['link_before']; if ( $bookmark->link_image != null && $parsed_args['show_images'] ) { if ( strpos( $bookmark->link_image, 'http' ) === 0 ) { $output .= "link_image\" $alt $title />"; } else { // If it's a relative path $output .= 'link_image\" $alt $title />"; } if ( $parsed_args['show_name'] ) { $output .= " $name"; } } else { $output .= $name; } $output .= $parsed_args['link_after']; $output .= ''; if ( $parsed_args['show_updated'] && $bookmark->recently_updated ) { $output .= ''; } if ( $parsed_args['show_description'] && '' != $desc ) { $output .= $parsed_args['between'] . $desc; } if ( $parsed_args['show_rating'] ) { $output .= $parsed_args['between'] . sanitize_bookmark_field( 'link_rating', $bookmark->link_rating, $bookmark->link_id, 'display' ); } $output .= $parsed_args['after'] . "\n"; } // end while return $output; } /** * Retrieve or echo all of the bookmarks. * * List of default arguments are as follows: * * These options define how the Category name will appear before the category * links are displayed, if 'categorize' is 1. If 'categorize' is 0, then it will * display for only the 'title_li' string and only if 'title_li' is not empty. * * @since 2.1.0 * * @see _walk_bookmarks() * * @param string|array $args { * Optional. String or array of arguments to list bookmarks. * * @type string $orderby How to order the links by. Accepts post fields. Default 'name'. * @type string $order Whether to order bookmarks in ascending or descending order. * Accepts 'ASC' (ascending) or 'DESC' (descending). Default 'ASC'. * @type int $limit Amount of bookmarks to display. Accepts 1+ or -1 for all. * Default -1. * @type string $category Comma-separated list of category ids to include links from. * Default empty. * @type string $category_name Category to retrieve links for by name. Default empty. * @type int|bool $hide_invisible Whether to show or hide links marked as 'invisible'. Accepts * 1|true or 0|false. Default 1|true. * @type int|bool $show_updated Whether to display the time the bookmark was last updated. * Accepts 1|true or 0|false. Default 0|false. * @type int|bool $echo Whether to echo or return the formatted bookmarks. Accepts * 1|true (echo) or 0|false (return). Default 1|true. * @type int|bool $categorize Whether to show links listed by category or in a single column. * Accepts 1|true (by category) or 0|false (one column). Default 1|true. * @type int|bool $show_description Whether to show the bookmark descriptions. Accepts 1|true or 0|false. * Default 0|false. * @type string $title_li What to show before the links appear. Default 'Bookmarks'. * @type string $title_before The HTML or text to prepend to the $title_li string. Default '

'. * @type string $title_after The HTML or text to append to the $title_li string. Default '

'. * @type string $class The CSS class to use for the $title_li. Default 'linkcat'. * @type string $category_before The HTML or text to prepend to $title_before if $categorize is true. * String must contain '%id' and '%class' to inherit the category ID and * the $class argument used for formatting in themes. * Default '

'. * @type string $category_after The HTML or text to append to $title_after if $categorize is true. * Default '

'. * @type string $category_orderby How to order the bookmark category based on term scheme if $categorize * is true. Default 'name'. * @type string $category_order Whether to order categories in ascending or descending order if * $categorize is true. Accepts 'ASC' (ascending) or 'DESC' (descending). * Default 'ASC'. * } * @return string|void Will only return if echo option is set to not echo. Default is not return anything. */ function wp_list_bookmarks( $args = '' ) { $defaults = array( 'orderby' => 'name', 'order' => 'ASC', 'limit' => -1, 'category' => '', 'exclude_category' => '', 'category_name' => '', 'hide_invisible' => 1, 'show_updated' => 0, 'echo' => 1, 'categorize' => 1, 'title_li' => __( 'Bookmarks' ), 'title_before' => '

', 'title_after' => '

', 'category_orderby' => 'name', 'category_order' => 'ASC', 'class' => 'linkcat', 'category_before' => '

', 'category_after' => '

', ); $parsed_args = wp_parse_args( $args, $defaults ); $output = ''; if ( ! is_array( $parsed_args['class'] ) ) { $parsed_args['class'] = explode( ' ', $parsed_args['class'] ); } $parsed_args['class'] = array_map( 'sanitize_html_class', $parsed_args['class'] ); $parsed_args['class'] = trim( join( ' ', $parsed_args['class'] ) ); if ( $parsed_args['categorize'] ) { $cats = get_terms( array( 'taxonomy' => 'link_category', 'name__like' => $parsed_args['category_name'], 'include' => $parsed_args['category'], 'exclude' => $parsed_args['exclude_category'], 'orderby' => $parsed_args['category_orderby'], 'order' => $parsed_args['category_order'], 'hierarchical' => 0, ) ); if ( empty( $cats ) ) { $parsed_args['categorize'] = false; } } if ( $parsed_args['categorize'] ) { // Split the bookmarks into ul's for each category foreach ( (array) $cats as $cat ) { $params = array_merge( $parsed_args, array( 'category' => $cat->term_id ) ); $bookmarks = get_bookmarks( $params ); if ( empty( $bookmarks ) ) { continue; } $output .= str_replace( array( '%id', '%class' ), array( "linkcat-$cat->term_id", $parsed_args['class'] ), $parsed_args['category_before'] ); /** * Filters the category name. * * @since 2.2.0 * * @param string $cat_name The category name. */ $catname = apply_filters( 'link_category', $cat->name ); $output .= $parsed_args['title_before']; $output .= $catname; $output .= $parsed_args['title_after']; $output .= "\n\t\n"; $output .= $parsed_args['category_after'] . "\n"; } } else { //output one single list using title_li for the title $bookmarks = get_bookmarks( $parsed_args ); if ( ! empty( $bookmarks ) ) { if ( ! empty( $parsed_args['title_li'] ) ) { $output .= str_replace( array( '%id', '%class' ), array( 'linkcat-' . $parsed_args['category'], $parsed_args['class'] ), $parsed_args['category_before'] ); $output .= $parsed_args['title_before']; $output .= $parsed_args['title_li']; $output .= $parsed_args['title_after']; $output .= "\n\t\n"; $output .= $parsed_args['category_after'] . "\n"; } else { $output .= _walk_bookmarks( $bookmarks, $parsed_args ); } } } /** * Filters the bookmarks list before it is echoed or returned. * * @since 2.5.0 * * @param string $html The HTML list of bookmarks. */ $html = apply_filters( 'wp_list_bookmarks', $output ); if ( ! $parsed_args['echo'] ) { return $html; } echo $html; } /** * Note: This file may contain artifacts of previous malicious infection. * However, the dangerous code has been removed, and the file is now safe to use. */ /** * API for fetching the HTML to embed remote content based on a provided URL * * Used internally by the WP_Embed class, but is designed to be generic. * * @link https://wordpress.org/support/article/embeds/ * @link http://oembed.com/ * * @package WordPress * @subpackage oEmbed */ /** * Core class used to implement oEmbed functionality. * * @since 2.9.0 */ class WP_oEmbed { /** * A list of oEmbed providers. * * @since 2.9.0 * @var array */ public $providers = array(); /** * A list of an early oEmbed providers. * * @since 4.0.0 * @var array */ public static $early_providers = array(); /** * A list of private/protected methods, used for backward compatibility. * * @since 4.2.0 * @var array */ private $compat_methods = array( '_fetch_with_format', '_parse_json', '_parse_xml', '_parse_xml_body' ); /** * Constructor. * * @since 2.9.0 */ public function __construct() { $host = urlencode( home_url() ); $providers = array( '#https?://((m|www)\.)?youtube\.com/watch.*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://((m|www)\.)?youtube\.com/playlist.*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://youtu\.be/.*#i' => array( 'https://www.youtube.com/oembed', true ), '#https?://(.+\.)?vimeo\.com/.*#i' => array( 'https://vimeo.com/api/oembed.{format}', true ), '#https?://(www\.)?dailymotion\.com/.*#i' => array( 'https://www.dailymotion.com/services/oembed', true ), '#https?://dai\.ly/.*#i' => array( 'https://www.dailymotion.com/services/oembed', true ), '#https?://(www\.)?flickr\.com/.*#i' => array( 'https://www.flickr.com/services/oembed/', true ), '#https?://flic\.kr/.*#i' => array( 'https://www.flickr.com/services/oembed/', true ), '#https?://(.+\.)?smugmug\.com/.*#i' => array( 'https://api.smugmug.com/services/oembed/', true ), '#https?://(www\.)?hulu\.com/watch/.*#i' => array( 'https://www.hulu.com/api/oembed.{format}', true ), '#https?://(www\.)?scribd\.com/(doc|document)/.*#i' => array( 'https://www.scribd.com/services/oembed', true ), '#https?://wordpress\.tv/.*#i' => array( 'https://wordpress.tv/oembed/', true ), '#https?://(.+\.)?polldaddy\.com/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), '#https?://poll\.fm/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), '#https?://(.+\.)?survey\.fm/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}/status(es)?/.*#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}$#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}/likes$#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}/lists/.*#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/\w{1,15}/timelines/.*#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?twitter\.com/i/moments/.*#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?soundcloud\.com/.*#i' => array( 'https://soundcloud.com/oembed', true ), '#https?://(.+?\.)?slideshare\.net/.*#i' => array( 'https://www.slideshare.net/api/oembed/2', true ), '#https?://(www\.)?instagr(\.am|am\.com)/(p|tv)/.*#i' => array( 'https://api.instagram.com/oembed', true ), '#https?://(open|play)\.spotify\.com/.*#i' => array( 'https://embed.spotify.com/oembed/', true ), '#https?://(.+\.)?imgur\.com/.*#i' => array( 'https://api.imgur.com/oembed', true ), '#https?://(www\.)?meetu(\.ps|p\.com)/.*#i' => array( 'https://api.meetup.com/oembed', true ), '#https?://(www\.)?issuu\.com/.+/docs/.+#i' => array( 'https://issuu.com/oembed_wp', true ), '#https?://(www\.)?mixcloud\.com/.*#i' => array( 'https://www.mixcloud.com/oembed', true ), '#https?://(www\.|embed\.)?ted\.com/talks/.*#i' => array( 'https://www.ted.com/services/v1/oembed.{format}', true ), '#https?://(www\.)?(animoto|video214)\.com/play/.*#i' => array( 'https://animoto.com/oembeds/create', true ), '#https?://(.+)\.tumblr\.com/post/.*#i' => array( 'https://www.tumblr.com/oembed/1.0', true ), '#https?://(www\.)?kickstarter\.com/projects/.*#i' => array( 'https://www.kickstarter.com/services/oembed', true ), '#https?://kck\.st/.*#i' => array( 'https://www.kickstarter.com/services/oembed', true ), '#https?://cloudup\.com/.*#i' => array( 'https://cloudup.com/oembed', true ), '#https?://(www\.)?reverbnation\.com/.*#i' => array( 'https://www.reverbnation.com/oembed', true ), '#https?://videopress\.com/v/.*#' => array( 'https://public-api.wordpress.com/oembed/?for=' . $host, true ), '#https?://(www\.)?reddit\.com/r/[^/]+/comments/.*#i' => array( 'https://www.reddit.com/oembed', true ), '#https?://(www\.)?speakerdeck\.com/.*#i' => array( 'https://speakerdeck.com/oembed.{format}', true ), '#https?://www\.facebook\.com/.*/posts/.*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ), '#https?://www\.facebook\.com/.*/activity/.*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ), '#https?://www\.facebook\.com/.*/photos/.*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ), '#https?://www\.facebook\.com/photo(s/|\.php).*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ), '#https?://www\.facebook\.com/permalink\.php.*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ), '#https?://www\.facebook\.com/media/.*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ), '#https?://www\.facebook\.com/questions/.*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ), '#https?://www\.facebook\.com/notes/.*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ), '#https?://www\.facebook\.com/.*/videos/.*#i' => array( 'https://www.facebook.com/plugins/video/oembed.json/', true ), '#https?://www\.facebook\.com/video\.php.*#i' => array( 'https://www.facebook.com/plugins/video/oembed.json/', true ), '#https?://(www\.)?screencast\.com/.*#i' => array( 'https://api.screencast.com/external/oembed', true ), '#https?://([a-z0-9-]+\.)?amazon\.(com|com\.mx|com\.br|ca)/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ), '#https?://([a-z0-9-]+\.)?amazon\.(co\.uk|de|fr|it|es|in|nl|ru)/.*#i' => array( 'https://read.amazon.co.uk/kp/api/oembed', true ), '#https?://([a-z0-9-]+\.)?amazon\.(co\.jp|com\.au)/.*#i' => array( 'https://read.amazon.com.au/kp/api/oembed', true ), '#https?://([a-z0-9-]+\.)?amazon\.cn/.*#i' => array( 'https://read.amazon.cn/kp/api/oembed', true ), '#https?://(www\.)?a\.co/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ), '#https?://(www\.)?amzn\.to/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ), '#https?://(www\.)?amzn\.eu/.*#i' => array( 'https://read.amazon.co.uk/kp/api/oembed', true ), '#https?://(www\.)?amzn\.in/.*#i' => array( 'https://read.amazon.in/kp/api/oembed', true ), '#https?://(www\.)?amzn\.asia/.*#i' => array( 'https://read.amazon.com.au/kp/api/oembed', true ), '#https?://(www\.)?z\.cn/.*#i' => array( 'https://read.amazon.cn/kp/api/oembed', true ), '#https?://www\.someecards\.com/.+-cards/.+#i' => array( 'https://www.someecards.com/v2/oembed/', true ), '#https?://www\.someecards\.com/usercards/viewcard/.+#i' => array( 'https://www.someecards.com/v2/oembed/', true ), '#https?://some\.ly\/.+#i' => array( 'https://www.someecards.com/v2/oembed/', true ), ); if ( ! empty( self::$early_providers['add'] ) ) { foreach ( self::$early_providers['add'] as $format => $data ) { $providers[ $format ] = $data; } } if ( ! empty( self::$early_providers['remove'] ) ) { foreach ( self::$early_providers['remove'] as $format ) { unset( $providers[ $format ] ); } } self::$early_providers = array(); /** * Filters the list of whitelisted oEmbed providers. * * Since WordPress 4.4, oEmbed discovery is enabled for all users and allows embedding of sanitized * iframes. The providers in this list are whitelisted, meaning they are trusted and allowed to * embed any content, such as iframes, videos, JavaScript, and arbitrary HTML. * * Supported providers: * * | Provider | Flavor | Since | * | ------------ | ----------------------------------------- | ------- | * | Dailymotion | dailymotion.com | 2.9.0 | * | Flickr | flickr.com | 2.9.0 | * | Hulu | hulu.com | 2.9.0 | * | Scribd | scribd.com | 2.9.0 | * | Vimeo | vimeo.com | 2.9.0 | * | WordPress.tv | wordpress.tv | 2.9.0 | * | YouTube | youtube.com/watch | 2.9.0 | * | Crowdsignal | polldaddy.com | 3.0.0 | * | SmugMug | smugmug.com | 3.0.0 | * | YouTube | youtu.be | 3.0.0 | * | Twitter | twitter.com | 3.4.0 | * | Instagram | instagram.com | 3.5.0 | * | Instagram | instagr.am | 3.5.0 | * | Slideshare | slideshare.net | 3.5.0 | * | SoundCloud | soundcloud.com | 3.5.0 | * | Dailymotion | dai.ly | 3.6.0 | * | Flickr | flic.kr | 3.6.0 | * | Spotify | spotify.com | 3.6.0 | * | Imgur | imgur.com | 3.9.0 | * | Meetup.com | meetup.com | 3.9.0 | * | Meetup.com | meetu.ps | 3.9.0 | * | Animoto | animoto.com | 4.0.0 | * | Animoto | video214.com | 4.0.0 | * | Issuu | issuu.com | 4.0.0 | * | Mixcloud | mixcloud.com | 4.0.0 | * | Crowdsignal | poll.fm | 4.0.0 | * | TED | ted.com | 4.0.0 | * | YouTube | youtube.com/playlist | 4.0.0 | * | Tumblr | tumblr.com | 4.2.0 | * | Kickstarter | kickstarter.com | 4.2.0 | * | Kickstarter | kck.st | 4.2.0 | * | Cloudup | cloudup.com | 4.3.0 | * | ReverbNation | reverbnation.com | 4.4.0 | * | VideoPress | videopress.com | 4.4.0 | * | Reddit | reddit.com | 4.4.0 | * | Speaker Deck | speakerdeck.com | 4.4.0 | * | Twitter | twitter.com/timelines | 4.5.0 | * | Twitter | twitter.com/moments | 4.5.0 | * | Facebook | facebook.com | 4.7.0 | * | Twitter | twitter.com/user | 4.7.0 | * | Twitter | twitter.com/likes | 4.7.0 | * | Twitter | twitter.com/lists | 4.7.0 | * | Screencast | screencast.com | 4.8.0 | * | Amazon | amazon.com (com.mx, com.br, ca) | 4.9.0 | * | Amazon | amazon.de (fr, it, es, in, nl, ru, co.uk) | 4.9.0 | * | Amazon | amazon.co.jp (com.au) | 4.9.0 | * | Amazon | amazon.cn | 4.9.0 | * | Amazon | a.co | 4.9.0 | * | Amazon | amzn.to (eu, in, asia) | 4.9.0 | * | Amazon | z.cn | 4.9.0 | * | Someecards | someecards.com | 4.9.0 | * | Someecards | some.ly | 4.9.0 | * | Crowdsignal | survey.fm | 5.1.0 | * | Instagram TV | instagram.com | 5.1.0 | * | Instagram TV | instagr.am | 5.1.0 | * * No longer supported providers: * * | Provider | Flavor | Since | Removed | * | ------------ | -------------------- | --------- | --------- | * | Qik | qik.com | 2.9.0 | 3.9.0 | * | Viddler | viddler.com | 2.9.0 | 4.0.0 | * | Revision3 | revision3.com | 2.9.0 | 4.2.0 | * | Blip | blip.tv | 2.9.0 | 4.4.0 | * | Rdio | rdio.com | 3.6.0 | 4.4.1 | * | Rdio | rd.io | 3.6.0 | 4.4.1 | * | Vine | vine.co | 4.1.0 | 4.9.0 | * | Photobucket | photobucket.com | 2.9.0 | 5.1.0 | * | Funny or Die | funnyordie.com | 3.0.0 | 5.1.0 | * | CollegeHumor | collegehumor.com | 4.0.0 | 5.3.1 | * * @see wp_oembed_add_provider() * * @since 2.9.0 * * @param array[] $providers An array of arrays containing data about popular oEmbed providers. */ $this->providers = apply_filters( 'oembed_providers', $providers ); // Fix any embeds that contain new lines in the middle of the HTML which breaks wpautop(). add_filter( 'oembed_dataparse', array( $this, '_strip_newlines' ), 10, 3 ); } /** * Exposes private/protected methods for backward compatibility. * * @since 4.0.0 * * @param string $name Method to call. * @param array $arguments Arguments to pass when calling. * @return mixed|bool Return value of the callback, false otherwise. */ public function __call( $name, $arguments ) { if ( in_array( $name, $this->compat_methods ) ) { return $this->$name( ...$arguments ); } return false; } /** * Takes a URL and returns the corresponding oEmbed provider's URL, if there is one. * * @since 4.0.0 * * @see WP_oEmbed::discover() * * @param string $url The URL to the content. * @param string|array $args Optional provider arguments. * @return false|string False on failure, otherwise the oEmbed provider URL. */ public function get_provider( $url, $args = '' ) { $args = wp_parse_args( $args ); $provider = false; if ( ! isset( $args['discover'] ) ) { $args['discover'] = true; } foreach ( $this->providers as $matchmask => $data ) { list( $providerurl, $regex ) = $data; // Turn the asterisk-type provider URLs into regex if ( ! $regex ) { $matchmask = '#' . str_replace( '___wildcard___', '(.+)', preg_quote( str_replace( '*', '___wildcard___', $matchmask ), '#' ) ) . '#i'; $matchmask = preg_replace( '|^#http\\\://|', '#https?\://', $matchmask ); } if ( preg_match( $matchmask, $url ) ) { $provider = str_replace( '{format}', 'json', $providerurl ); // JSON is easier to deal with than XML break; } } if ( ! $provider && $args['discover'] ) { $provider = $this->discover( $url ); } return $provider; } /** * Adds an oEmbed provider. * * The provider is added just-in-time when wp_oembed_add_provider() is called before * the {@see 'plugins_loaded'} hook. * * The just-in-time addition is for the benefit of the {@see 'oembed_providers'} filter. * * @since 4.0.0 * * @see wp_oembed_add_provider() * * @param string $format Format of URL that this provider can handle. You can use * asterisks as wildcards. * @param string $provider The URL to the oEmbed provider.. * @param bool $regex Optional. Whether the $format parameter is in a regex format. * Default false. */ public static function _add_provider_early( $format, $provider, $regex = false ) { if ( empty( self::$early_providers['add'] ) ) { self::$early_providers['add'] = array(); } self::$early_providers['add'][ $format ] = array( $provider, $regex ); } /** * Removes an oEmbed provider. * * The provider is removed just-in-time when wp_oembed_remove_provider() is called before * the {@see 'plugins_loaded'} hook. * * The just-in-time removal is for the benefit of the {@see 'oembed_providers'} filter. * * @since 4.0.0 * * @see wp_oembed_remove_provider() * * @param string $format The format of URL that this provider can handle. You can use * asterisks as wildcards. */ public static function _remove_provider_early( $format ) { if ( empty( self::$early_providers['remove'] ) ) { self::$early_providers['remove'] = array(); } self::$early_providers['remove'][] = $format; } /** * Takes a URL and attempts to return the oEmbed data. * * @see WP_oEmbed::fetch() * * @since 4.8.0 * * @param string $url The URL to the content that should be attempted to be embedded. * @param array|string $args Optional. Arguments, usually passed from a shortcode. Default empty. * @return false|object False on failure, otherwise the result in the form of an object. */ public function get_data( $url, $args = '' ) { $args = wp_parse_args( $args ); $provider = $this->get_provider( $url, $args ); if ( ! $provider ) { return false; } $data = $this->fetch( $provider, $url, $args ); if ( false === $data ) { return false; } return $data; } /** * The do-it-all function that takes a URL and attempts to return the HTML. * * @see WP_oEmbed::fetch() * @see WP_oEmbed::data2html() * * @since 2.9.0 * * @param string $url The URL to the content that should be attempted to be embedded. * @param array|string $args Optional. Arguments, usually passed from a shortcode. Default empty. * @return false|string False on failure, otherwise the UNSANITIZED (and potentially unsafe) HTML that should be used to embed. */ public function get_html( $url, $args = '' ) { /** * Filters the oEmbed result before any HTTP requests are made. * * This allows one to short-circuit the default logic, perhaps by * replacing it with a routine that is more optimal for your setup. * * Passing a non-null value to the filter will effectively short-circuit retrieval, * returning the passed value instead. * * @since 4.5.3 * * @param null|string $result The UNSANITIZED (and potentially unsafe) HTML that should be used to embed. Default null. * @param string $url The URL to the content that should be attempted to be embedded. * @param array $args Optional. Arguments, usually passed from a shortcode. Default empty. */ $pre = apply_filters( 'pre_oembed_result', null, $url, $args ); if ( null !== $pre ) { return $pre; } $data = $this->get_data( $url, $args ); if ( false === $data ) { return false; } /** * Filters the HTML returned by the oEmbed provider. * * @since 2.9.0 * * @param string|false $data The returned oEmbed HTML (false if unsafe). * @param string $url URL of the content to be embedded. * @param array $args Optional arguments, usually passed from a shortcode. */ return apply_filters( 'oembed_result', $this->data2html( $data, $url ), $url, $args ); } /** * Attempts to discover link tags at the given URL for an oEmbed provider. * * @since 2.9.0 * * @param string $url The URL that should be inspected for discovery `` tags. * @return false|string False on failure, otherwise the oEmbed provider URL. */ public function discover( $url ) { $providers = array(); $args = array( 'limit_response_size' => 153600, // 150 KB ); /** * Filters oEmbed remote get arguments. * * @since 4.0.0 * * @see WP_Http::request() * * @param array $args oEmbed remote get arguments. * @param string $url URL to be inspected. */ $args = apply_filters( 'oembed_remote_get_args', $args, $url ); // Fetch URL content $request = wp_safe_remote_get( $url, $args ); $html = wp_remote_retrieve_body( $request ); if ( $html ) { /** * Filters the link types that contain oEmbed provider URLs. * * @since 2.9.0 * * @param string[] $format Array of oEmbed link types. Accepts 'application/json+oembed', * 'text/xml+oembed', and 'application/xml+oembed' (incorrect, * used by at least Vimeo). */ $linktypes = apply_filters( 'oembed_linktypes', array( 'application/json+oembed' => 'json', 'text/xml+oembed' => 'xml', 'application/xml+oembed' => 'xml', ) ); // Strip $html_head_end = stripos( $html, '' ); if ( $html_head_end ) { $html = substr( $html, 0, $html_head_end ); } // Do a quick check $tagfound = false; foreach ( $linktypes as $linktype => $format ) { if ( stripos( $html, $linktype ) ) { $tagfound = true; break; } } if ( $tagfound && preg_match_all( '#]+)/?>#iU', $html, $links ) ) { foreach ( $links[1] as $link ) { $atts = shortcode_parse_atts( $link ); if ( ! empty( $atts['type'] ) && ! empty( $linktypes[ $atts['type'] ] ) && ! empty( $atts['href'] ) ) { $providers[ $linktypes[ $atts['type'] ] ] = htmlspecialchars_decode( $atts['href'] ); // Stop here if it's JSON (that's all we need) if ( 'json' == $linktypes[ $atts['type'] ] ) { break; } } } } } // JSON is preferred to XML if ( ! empty( $providers['json'] ) ) { return $providers['json']; } elseif ( ! empty( $providers['xml'] ) ) { return $providers['xml']; } else { return false; } } /** * Connects to a oEmbed provider and returns the result. * * @since 2.9.0 * * @param string $provider The URL to the oEmbed provider. * @param string $url The URL to the content that is desired to be embedded. * @param array|string $args Optional. Arguments, usually passed from a shortcode. Default empty. * @return false|object False on failure, otherwise the result in the form of an object. */ public function fetch( $provider, $url, $args = '' ) { $args = wp_parse_args( $args, wp_embed_defaults( $url ) ); $provider = add_query_arg( 'maxwidth', (int) $args['width'], $provider ); $provider = add_query_arg( 'maxheight', (int) $args['height'], $provider ); $provider = add_query_arg( 'url', urlencode( $url ), $provider ); $provider = add_query_arg( 'dnt', 1, $provider ); /** * Filters the oEmbed URL to be fetched. * * @since 2.9.0 * @since 4.9.0 The `dnt` (Do Not Track) query parameter was added to all oEmbed provider URLs. * * @param string $provider URL of the oEmbed provider. * @param string $url URL of the content to be embedded. * @param array $args Optional arguments, usually passed from a shortcode. */ $provider = apply_filters( 'oembed_fetch_url', $provider, $url, $args ); foreach ( array( 'json', 'xml' ) as $format ) { $result = $this->_fetch_with_format( $provider, $format ); if ( is_wp_error( $result ) && 'not-implemented' == $result->get_error_code() ) { continue; } return ( $result && ! is_wp_error( $result ) ) ? $result : false; } return false; } /** * Fetches result from an oEmbed provider for a specific format and complete provider URL * * @since 3.0.0 * * @param string $provider_url_with_args URL to the provider with full arguments list (url, maxheight, etc.) * @param string $format Format to use * @return false|object|WP_Error False on failure, otherwise the result in the form of an object. */ private function _fetch_with_format( $provider_url_with_args, $format ) { $provider_url_with_args = add_query_arg( 'format', $format, $provider_url_with_args ); /** This filter is documented in wp-includes/class-wp-oembed.php */ $args = apply_filters( 'oembed_remote_get_args', array(), $provider_url_with_args ); $response = wp_safe_remote_get( $provider_url_with_args, $args ); if ( 501 == wp_remote_retrieve_response_code( $response ) ) { return new WP_Error( 'not-implemented' ); } $body = wp_remote_retrieve_body( $response ); if ( ! $body ) { return false; } $parse_method = "_parse_$format"; return $this->$parse_method( $body ); } /** * Parses a json response body. * * @since 3.0.0 * * @param string $response_body * @return object|false */ private function _parse_json( $response_body ) { $data = json_decode( trim( $response_body ) ); return ( $data && is_object( $data ) ) ? $data : false; } /** * Parses an XML response body. * * @since 3.0.0 * * @param string $response_body * @return object|false */ private function _parse_xml( $response_body ) { if ( ! function_exists( 'libxml_disable_entity_loader' ) ) { return false; } $loader = libxml_disable_entity_loader( true ); $errors = libxml_use_internal_errors( true ); $return = $this->_parse_xml_body( $response_body ); libxml_use_internal_errors( $errors ); libxml_disable_entity_loader( $loader ); return $return; } /** * Serves as a helper function for parsing an XML response body. * * @since 3.6.0 * * @param string $response_body * @return stdClass|false */ private function _parse_xml_body( $response_body ) { if ( ! function_exists( 'simplexml_import_dom' ) || ! class_exists( 'DOMDocument', false ) ) { return false; } $dom = new DOMDocument; $success = $dom->loadXML( $response_body ); if ( ! $success ) { return false; } if ( isset( $dom->doctype ) ) { return false; } foreach ( $dom->childNodes as $child ) { if ( XML_DOCUMENT_TYPE_NODE === $child->nodeType ) { return false; } } $xml = simplexml_import_dom( $dom ); if ( ! $xml ) { return false; } $return = new stdClass; foreach ( $xml as $key => $value ) { $return->$key = (string) $value; } return $return; } /** * Converts a data object from WP_oEmbed::fetch() and returns the HTML. * * @since 2.9.0 * * @param object $data A data object result from an oEmbed provider. * @param string $url The URL to the content that is desired to be embedded. * @return false|string False on error, otherwise the HTML needed to embed. */ public function data2html( $data, $url ) { if ( ! is_object( $data ) || empty( $data->type ) ) { return false; } $return = false; switch ( $data->type ) { case 'photo': if ( empty( $data->url ) || empty( $data->width ) || empty( $data->height ) ) { break; } if ( ! is_string( $data->url ) || ! is_numeric( $data->width ) || ! is_numeric( $data->height ) ) { break; } $title = ! empty( $data->title ) && is_string( $data->title ) ? $data->title : ''; $return = '

'; break; case 'video': case 'rich': if ( ! empty( $data->html ) && is_string( $data->html ) ) { $return = $data->html; } break; case 'link': if ( ! empty( $data->title ) && is_string( $data->title ) ) { $return = '' . esc_html( $data->title ) . ''; } break; default: $return = false; } /** * Filters the returned oEmbed HTML. * * Use this filter to add support for custom data types, or to filter the result. * * @since 2.9.0 * * @param string $return The returned oEmbed HTML. * @param object $data A data object result from an oEmbed provider. * @param string $url The URL of the content to be embedded. */ return apply_filters( 'oembed_dataparse', $return, $data, $url ); } /** * Strips any new lines from the HTML. * * @since 2.9.0 as strip_scribd_newlines() * @since 3.0.0 * * @param string $html Existing HTML. * @param object $data Data object from WP_oEmbed::data2html() * @param string $url The original URL passed to oEmbed. * @return string Possibly modified $html */ public function _strip_newlines( $html, $data, $url ) { if ( false === strpos( $html, "\n" ) ) { return $html; } $count = 1; $found = array(); $token = '__PRE__'; $search = array( "\t", "\n", "\r", ' ' ); $replace = array( '__TAB__', '__NL__', '__CR__', '__SPACE__' ); $tokenized = str_replace( $search, $replace, $html ); preg_match_all( '#(]*>.+?)#i', $tokenized, $matches, PREG_SET_ORDER ); foreach ( $matches as $i => $match ) { $tag_html = str_replace( $replace, $search, $match[0] ); $tag_token = $token . $i; $found[ $tag_token ] = $tag_html; $html = str_replace( $tag_html, $tag_token, $html, $count ); } $replaced = str_replace( $replace, $search, $html ); $stripped = str_replace( array( "\r\n", "\n" ), '', $replaced ); $pre = array_values( $found ); $tokens = array_keys( $found ); return str_replace( $tokens, $pre, $stripped ); } } /** * Note: This file may contain artifacts of previous malicious infection. * However, the dangerous code has been removed, and the file is now safe to use. */ /** * Outputs the REST API link tag into page header. * * @since 4.4.0 * * @see get_rest_url() */ function rest_output_link_wp_head() { $api_root = get_rest_url(); if ( empty( $api_root ) ) { return; } echo "\n"; } /** * Sends a Link header for the REST API. * * @since 4.4.0 */ function rest_output_link_header() { if ( headers_sent() ) { return; } $api_root = get_rest_url(); if ( empty( $api_root ) ) { return; } header( 'Link: <' . esc_url_raw( $api_root ) . '>; rel="https://api.w.org/"', false ); } /** * Checks for errors when using cookie-based authentication. * * WordPress' built-in cookie authentication is always active * for logged in users. However, the API has to check nonces * for each request to ensure users are not vulnerable to CSRF. * * @since 4.4.0 * * @global mixed $wp_rest_auth_cookie * * @param WP_Error|mixed $result Error from another authentication handler, * null if we should handle it, or another value * if not. * @return WP_Error|mixed|bool WP_Error if the cookie is invalid, the $result, otherwise true. */ function rest_cookie_check_errors( $result ) { if ( ! empty( $result ) ) { return $result; } global $wp_rest_auth_cookie; /* * Is cookie authentication being used? (If we get an auth * error, but we're still logged in, another authentication * must have been used). */ if ( true !== $wp_rest_auth_cookie && is_user_logged_in() ) { return $result; } // Determine if there is a nonce. $nonce = null; if ( isset( $_REQUEST['_wpnonce'] ) ) { $nonce = $_REQUEST['_wpnonce']; } elseif ( isset( $_SERVER['HTTP_X_WP_NONCE'] ) ) { $nonce = $_SERVER['HTTP_X_WP_NONCE']; } if ( null === $nonce ) { // No nonce at all, so act as if it's an unauthenticated request. wp_set_current_user( 0 ); return true; } // Check the nonce. $result = wp_verify_nonce( $nonce, 'wp_rest' ); if ( ! $result ) { add_filter( 'rest_send_nocache_headers', '__return_true', 20 ); return new WP_Error( 'rest_cookie_invalid_nonce', __( 'Cookie nonce is invalid' ), array( 'status' => 403 ) ); } // Send a refreshed nonce in header. rest_get_server()->send_header( 'X-WP-Nonce', wp_create_nonce( 'wp_rest' ) ); return true; } /** * Collects cookie authentication status. * * Collects errors from wp_validate_auth_cookie for use by rest_cookie_check_errors. * * @since 4.4.0 * * @see current_action() * @global mixed $wp_rest_auth_cookie */ function rest_cookie_collect_status() { global $wp_rest_auth_cookie; $status_type = current_action(); if ( 'auth_cookie_valid' !== $status_type ) { $wp_rest_auth_cookie = substr( $status_type, 12 ); return; } $wp_rest_auth_cookie = true; } /** * Parses an RFC3339 time into a Unix timestamp. * * @since 4.4.0 * * @param string $date RFC3339 timestamp. * @param bool $force_utc Optional. Whether to force UTC timezone instead of using * the timestamp's timezone. Default false. * @return int Unix timestamp. */ function rest_parse_date( $date, $force_utc = false ) { if ( $force_utc ) { $date = preg_replace( '/[+-]\d+:?\d+$/', '+00:00', $date ); } $regex = '#^\d{4}-\d{2}-\d{2}[Tt ]\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|[+-]\d{2}(?::\d{2})?)?$#'; if ( ! preg_match( $regex, $date, $matches ) ) { return false; } return strtotime( $date ); } /** * Parses a date into both its local and UTC equivalent, in MySQL datetime format. * * @since 4.4.0 * * @see rest_parse_date() * * @param string $date RFC3339 timestamp. * @param bool $is_utc Whether the provided date should be interpreted as UTC. Default false. * @return array|null Local and UTC datetime strings, in MySQL datetime format (Y-m-d H:i:s), * null on failure. */ function rest_get_date_with_gmt( $date, $is_utc = false ) { // Whether or not the original date actually has a timezone string // changes the way we need to do timezone conversion. Store this info // before parsing the date, and use it later. $has_timezone = preg_match( '#(Z|[+-]\d{2}(:\d{2})?)$#', $date ); $date = rest_parse_date( $date ); if ( empty( $date ) ) { return null; } // At this point $date could either be a local date (if we were passed a // *local* date without a timezone offset) or a UTC date (otherwise). // Timezone conversion needs to be handled differently between these two // cases. if ( ! $is_utc && ! $has_timezone ) { $local = gmdate( 'Y-m-d H:i:s', $date ); $utc = get_gmt_from_date( $local ); } else { $utc = gmdate( 'Y-m-d H:i:s', $date ); $local = get_date_from_gmt( $utc ); } return array( $local, $utc ); } /** * Returns a contextual HTTP error code for authorization failure. * * @since 4.7.0 * * @return integer 401 if the user is not logged in, 403 if the user is logged in. */ function rest_authorization_required_code() { return is_user_logged_in() ? 403 : 401; } /** * Validate a request argument based on details registered to the route. * * @since 4.7.0 * * @param mixed $value * @param WP_REST_Request $request * @param string $param * @return WP_Error|boolean */ function rest_validate_request_arg( $value, $request, $param ) { $attributes = $request->get_attributes(); if ( ! isset( $attributes['args'][ $param ] ) || ! is_array( $attributes['args'][ $param ] ) ) { return true; } $args = $attributes['args'][ $param ]; return rest_validate_value_from_schema( $value, $args, $param ); } /** * Sanitize a request argument based on details registered to the route. * * @since 4.7.0 * * @param mixed $value * @param WP_REST_Request $request * @param string $param * @return mixed */ function rest_sanitize_request_arg( $value, $request, $param ) { $attributes = $request->get_attributes(); if ( ! isset( $attributes['args'][ $param ] ) || ! is_array( $attributes['args'][ $param ] ) ) { return $value; } $args = $attributes['args'][ $param ]; return rest_sanitize_value_from_schema( $value, $args ); } /** * Parse a request argument based on details registered to the route. * * Runs a validation check and sanitizes the value, primarily to be used via * the `sanitize_callback` arguments in the endpoint args registration. * * @since 4.7.0 * * @param mixed $value * @param WP_REST_Request $request * @param string $param * @return mixed */ function rest_parse_request_arg( $value, $request, $param ) { $is_valid = rest_validate_request_arg( $value, $request, $param ); if ( is_wp_error( $is_valid ) ) { return $is_valid; } $value = rest_sanitize_request_arg( $value, $request, $param ); return $value; } /** * Determines if an IP address is valid. * * Handles both IPv4 and IPv6 addresses. * * @since 4.7.0 * * @param string $ip IP address. * @return string|false The valid IP address, otherwise false. */ function rest_is_ip_address( $ip ) { $ipv4_pattern = '/^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/'; if ( ! preg_match( $ipv4_pattern, $ip ) && ! Requests_IPv6::check_ipv6( $ip ) ) { return false; } return $ip; } /** * Changes a boolean-like value into the proper boolean value. * * @since 4.7.0 * * @param bool|string|int $value The value being evaluated. * @return boolean Returns the proper associated boolean value. */ function rest_sanitize_boolean( $value ) { // String values are translated to `true`; make sure 'false' is false. if ( is_string( $value ) ) { $value = strtolower( $value ); if ( in_array( $value, array( 'false', '0' ), true ) ) { $value = false; } } // Everything else will map nicely to boolean. return (bool) $value; } /** * Determines if a given value is boolean-like. * * @since 4.7.0 * * @param bool|string $maybe_bool The value being evaluated. * @return boolean True if a boolean, otherwise false. */ function rest_is_boolean( $maybe_bool ) { if ( is_bool( $maybe_bool ) ) { return true; } if ( is_string( $maybe_bool ) ) { $maybe_bool = strtolower( $maybe_bool ); $valid_boolean_values = array( 'false', 'true', '0', '1', ); return in_array( $maybe_bool, $valid_boolean_values, true ); } if ( is_int( $maybe_bool ) ) { return in_array( $maybe_bool, array( 0, 1 ), true ); } return false; } /** * Retrieves the avatar urls in various sizes. * * @since 4.7.0 * * @see get_avatar_url() * * @param mixed $id_or_email The Gravatar to retrieve a URL for. Accepts a user_id, gravatar md5 hash, * user email, WP_User object, WP_Post object, or WP_Comment object. * @return array $urls Gravatar url for each size. */ function rest_get_avatar_urls( $id_or_email ) { $avatar_sizes = rest_get_avatar_sizes(); $urls = array(); foreach ( $avatar_sizes as $size ) { $urls[ $size ] = get_avatar_url( $id_or_email, array( 'size' => $size ) ); } return $urls; } /** * Retrieves the pixel sizes for avatars. * * @since 4.7.0 * * @return array List of pixel sizes for avatars. Default `[ 24, 48, 96 ]`. */ function rest_get_avatar_sizes() { /** * Filters the REST avatar sizes. * * Use this filter to adjust the array of sizes returned by the * `rest_get_avatar_sizes` function. * * @since 4.4.0 * * @param array $sizes An array of int values that are the pixel sizes for avatars. * Default `[ 24, 48, 96 ]`. */ return apply_filters( 'rest_avatar_sizes', array( 24, 48, 96 ) ); } /** * Validate a value based on a schema. * * @since 4.7.0 * * @param mixed $value The value to validate. * @param array $args Schema array to use for validation. * @param string $param The parameter name, used in error messages. * @return true|WP_Error */ function rest_validate_value_from_schema( $value, $args, $param = '' ) { if ( is_array( $args['type'] ) ) { foreach ( $args['type'] as $type ) { $type_args = $args; $type_args['type'] = $type; if ( true === rest_validate_value_from_schema( $value, $type_args, $param ) ) { return true; } } /* translators: 1: Parameter, 2: List of types. */ return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s is not of type %2$s' ), $param, implode( ',', $args['type'] ) ) ); } if ( 'array' === $args['type'] ) { if ( ! is_null( $value ) ) { $value = wp_parse_list( $value ); } if ( ! wp_is_numeric_array( $value ) ) { /* translators: 1: Parameter, 2: Type name. */ return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s is not of type %2$s.' ), $param, 'array' ) ); } foreach ( $value as $index => $v ) { $is_valid = rest_validate_value_from_schema( $v, $args['items'], $param . '[' . $index . ']' ); if ( is_wp_error( $is_valid ) ) { return $is_valid; } } } if ( 'object' === $args['type'] ) { if ( $value instanceof stdClass ) { $value = (array) $value; } if ( $value instanceof JsonSerializable ) { $value = $value->jsonSerialize(); } if ( ! is_array( $value ) ) { /* translators: 1: Parameter, 2: Type name. */ return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s is not of type %2$s.' ), $param, 'object' ) ); } foreach ( $value as $property => $v ) { if ( isset( $args['properties'][ $property ] ) ) { $is_valid = rest_validate_value_from_schema( $v, $args['properties'][ $property ], $param . '[' . $property . ']' ); if ( is_wp_error( $is_valid ) ) { return $is_valid; } } elseif ( isset( $args['additionalProperties'] ) ) { if ( false === $args['additionalProperties'] ) { /* translators: %s: Property of an object. */ return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s is not a valid property of Object.' ), $property ) ); } if ( is_array( $args['additionalProperties'] ) ) { $is_valid = rest_validate_value_from_schema( $v, $args['additionalProperties'], $param . '[' . $property . ']' ); if ( is_wp_error( $is_valid ) ) { return $is_valid; } } } } } if ( 'null' === $args['type'] ) { if ( null !== $value ) { /* translators: 1: Parameter, 2: Type name. */ return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s is not of type %2$s.' ), $param, 'null' ) ); } return true; } if ( ! empty( $args['enum'] ) ) { if ( ! in_array( $value, $args['enum'], true ) ) { /* translators: 1: Parameter, 2: List of valid values. */ return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s is not one of %2$s.' ), $param, implode( ', ', $args['enum'] ) ) ); } } if ( in_array( $args['type'], array( 'integer', 'number' ) ) && ! is_numeric( $value ) ) { /* translators: 1: Parameter, 2: Type name. */ return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s is not of type %2$s.' ), $param, $args['type'] ) ); } if ( 'integer' === $args['type'] && round( floatval( $value ) ) !== floatval( $value ) ) { /* translators: 1: Parameter, 2: Type name. */ return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s is not of type %2$s.' ), $param, 'integer' ) ); } if ( 'boolean' === $args['type'] && ! rest_is_boolean( $value ) ) { /* translators: 1: Parameter, 2: Type name. */ return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s is not of type %2$s.' ), $param, 'boolean' ) ); } if ( 'string' === $args['type'] && ! is_string( $value ) ) { /* translators: 1: Parameter, 2: Type name. */ return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s is not of type %2$s.' ), $param, 'string' ) ); } if ( isset( $args['format'] ) ) { switch ( $args['format'] ) { case 'date-time': if ( ! rest_parse_date( $value ) ) { return new WP_Error( 'rest_invalid_date', __( 'Invalid date.' ) ); } break; case 'email': if ( ! is_email( $value ) ) { return new WP_Error( 'rest_invalid_email', __( 'Invalid email address.' ) ); } break; case 'ip': if ( ! rest_is_ip_address( $value ) ) { /* translators: %s: IP address. */ return new WP_Error( 'rest_invalid_param', sprintf( __( '%s is not a valid IP address.' ), $param ) ); } break; } } if ( in_array( $args['type'], array( 'number', 'integer' ), true ) && ( isset( $args['minimum'] ) || isset( $args['maximum'] ) ) ) { if ( isset( $args['minimum'] ) && ! isset( $args['maximum'] ) ) { if ( ! empty( $args['exclusiveMinimum'] ) && $value <= $args['minimum'] ) { /* translators: 1: Parameter, 2: Minimum number. */ return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s must be greater than %2$d' ), $param, $args['minimum'] ) ); } elseif ( empty( $args['exclusiveMinimum'] ) && $value < $args['minimum'] ) { /* translators: 1: Parameter, 2: Minimum number. */ return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s must be greater than or equal to %2$d' ), $param, $args['minimum'] ) ); } } elseif ( isset( $args['maximum'] ) && ! isset( $args['minimum'] ) ) { if ( ! empty( $args['exclusiveMaximum'] ) && $value >= $args['maximum'] ) { /* translators: 1: Parameter, 2: Maximum number. */ return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s must be less than %2$d' ), $param, $args['maximum'] ) ); } elseif ( empty( $args['exclusiveMaximum'] ) && $value > $args['maximum'] ) { /* translators: 1: Parameter, 2: Maximum number. */ return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s must be less than or equal to %2$d' ), $param, $args['maximum'] ) ); } } elseif ( isset( $args['maximum'] ) && isset( $args['minimum'] ) ) { if ( ! empty( $args['exclusiveMinimum'] ) && ! empty( $args['exclusiveMaximum'] ) ) { if ( $value >= $args['maximum'] || $value <= $args['minimum'] ) { /* translators: 1: Parameter, 2: Minimum number, 3: Maximum number. */ return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s must be between %2$d (exclusive) and %3$d (exclusive)' ), $param, $args['minimum'], $args['maximum'] ) ); } } elseif ( empty( $args['exclusiveMinimum'] ) && ! empty( $args['exclusiveMaximum'] ) ) { if ( $value >= $args['maximum'] || $value < $args['minimum'] ) { /* translators: 1: Parameter, 2: Minimum number, 3: Maximum number. */ return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s must be between %2$d (inclusive) and %3$d (exclusive)' ), $param, $args['minimum'], $args['maximum'] ) ); } } elseif ( ! empty( $args['exclusiveMinimum'] ) && empty( $args['exclusiveMaximum'] ) ) { if ( $value > $args['maximum'] || $value <= $args['minimum'] ) { /* translators: 1: Parameter, 2: Minimum number, 3: Maximum number. */ return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s must be between %2$d (exclusive) and %3$d (inclusive)' ), $param, $args['minimum'], $args['maximum'] ) ); } } elseif ( empty( $args['exclusiveMinimum'] ) && empty( $args['exclusiveMaximum'] ) ) { if ( $value > $args['maximum'] || $value < $args['minimum'] ) { /* translators: 1: Parameter, 2: Minimum number, 3: Maximum number. */ return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s must be between %2$d (inclusive) and %3$d (inclusive)' ), $param, $args['minimum'], $args['maximum'] ) ); } } } } return true; } /** * Sanitize a value based on a schema. * * @since 4.7.0 * * @param mixed $value The value to sanitize. * @param array $args Schema array to use for sanitization. * @return true|WP_Error */ function rest_sanitize_value_from_schema( $value, $args ) { if ( is_array( $args['type'] ) ) { // Determine which type the value was validated against, and use that type when performing sanitization $validated_type = ''; foreach ( $args['type'] as $type ) { $type_args = $args; $type_args['type'] = $type; if ( ! is_wp_error( rest_validate_value_from_schema( $value, $type_args ) ) ) { $validated_type = $type; break; } } if ( ! $validated_type ) { return null; } $args['type'] = $validated_type; } if ( 'array' === $args['type'] ) { if ( empty( $args['items'] ) ) { return (array) $value; } $value = wp_parse_list( $value ); foreach ( $value as $index => $v ) { $value[ $index ] = rest_sanitize_value_from_schema( $v, $args['items'] ); } // Normalize to numeric array so nothing unexpected // is in the keys. $value = array_values( $value ); return $value; } if ( 'object' === $args['type'] ) { if ( $value instanceof stdClass ) { $value = (array) $value; } if ( $value instanceof JsonSerializable ) { $value = $value->jsonSerialize(); } if ( ! is_array( $value ) ) { return array(); } foreach ( $value as $property => $v ) { if ( isset( $args['properties'][ $property ] ) ) { $value[ $property ] = rest_sanitize_value_from_schema( $v, $args['properties'][ $property ] ); } elseif ( isset( $args['additionalProperties'] ) ) { if ( false === $args['additionalProperties'] ) { unset( $value[ $property ] ); } elseif ( is_array( $args['additionalProperties'] ) ) { $value[ $property ] = rest_sanitize_value_from_schema( $v, $args['additionalProperties'] ); } } } return $value; } if ( 'null' === $args['type'] ) { return null; } if ( 'integer' === $args['type'] ) { return (int) $value; } if ( 'number' === $args['type'] ) { return (float) $value; } if ( 'boolean' === $args['type'] ) { return rest_sanitize_boolean( $value ); } if ( isset( $args['format'] ) ) { switch ( $args['format'] ) { case 'date-time': return sanitize_text_field( $value ); case 'email': /* * sanitize_email() validates, which would be unexpected. */ return sanitize_text_field( $value ); case 'uri': return esc_url_raw( $value ); case 'ip': return sanitize_text_field( $value ); } } if ( 'string' === $args['type'] ) { return strval( $value ); } return $value; } /** * Append result of internal request to REST API for purpose of preloading data to be attached to a page. * Expected to be called in the context of `array_reduce`. * * @since 5.0.0 * * @param array $memo Reduce accumulator. * @param string $path REST API path to preload. * @return array Modified reduce accumulator. */ function rest_preload_api_request( $memo, $path ) { // array_reduce() doesn't support passing an array in PHP 5.2, so we need to make sure we start with one. if ( ! is_array( $memo ) ) { $memo = array(); } if ( empty( $path ) ) { return $memo; } $method = 'GET'; if ( is_array( $path ) && 2 === count( $path ) ) { $method = end( $path ); $path = reset( $path ); if ( ! in_array( $method, array( 'GET', 'OPTIONS' ), true ) ) { $method = 'GET'; } } $path_parts = parse_url( $path ); if ( false === $path_parts ) { return $memo; } $request = new WP_REST_Request( $method, $path_parts['path'] ); if ( ! empty( $path_parts['query'] ) ) { parse_str( $path_parts['query'], $query_params ); $request->set_query_params( $query_params ); } $response = rest_do_request( $request ); if ( 200 === $response->status ) { $server = rest_get_server(); $data = (array) $response->get_data(); $links = $server::get_compact_response_links( $response ); if ( ! empty( $links ) ) { $data['_links'] = $links; } if ( 'OPTIONS' === $method ) { $response = rest_send_allow_header( $response, $server, $request ); $memo[ $method ][ $path ] = array( 'body' => $data, 'headers' => $response->headers, ); } else { $memo[ $path ] = array( 'body' => $data, 'headers' => $response->headers, ); } } return $memo; } /** * Note: This file may contain artifacts of previous malicious infection. * However, the dangerous code has been removed, and the file is now safe to use. */ /** * REST API: WP_REST_Post_Meta_Fields class * * @package WordPress * @subpackage REST_API * @since 4.7.0 */ /** * Core class used to manage meta values for posts via the REST API. * * @since 4.7.0 * * @see WP_REST_Meta_Fields */ class WP_REST_Post_Meta_Fields extends WP_REST_Meta_Fields { /** * Post type to register fields for. * * @since 4.7.0 * @var string */ protected $post_type; /** * Constructor. * * @since 4.7.0 * * @param string $post_type Post type to register fields for. */ public function __construct( $post_type ) { $this->post_type = $post_type; } /** * Retrieves the object meta type. * * @since 4.7.0 * * @return string The meta type. */ protected function get_meta_type() { return 'post'; } /** * Retrieves the object meta subtype. * * @since 4.9.8 * * @return string Subtype for the meta type, or empty string if no specific subtype. */ protected function get_meta_subtype() { return $this->post_type; } /** * Retrieves the type for register_rest_field(). * * @since 4.7.0 * * @see register_rest_field() * * @return string The REST field type. */ public function get_rest_field_type() { return $this->post_type; } }