/var/www/wordpress/wp-admin/includes/admin.php
/var/www/wordpress/wp-admin/includes/bookmark.php
/var/www/wordpress/wp-admin/includes/class-ftp-pure.php
/var/www/wordpress/wp-admin/includes/class-ftp-sockets.php
/var/www/wordpress/wp-admin/includes/class-ftp.php
/var/www/wordpress/wp-admin/includes/class-pclzip.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-base.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-direct.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-ftpext.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-ftpsockets.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-ssh2.php
/var/www/wordpress/wp-admin/includes/class-wp-importer.php
/var/www/wordpress/wp-admin/includes/class-wp-upgrader.php
/var/www/wordpress/wp-admin/includes/comment.php
/var/www/wordpress/wp-admin/includes/continents-cities.php
/var/www/wordpress/wp-admin/includes/dashboard.php
/var/www/wordpress/wp-admin/includes/deprecated.php
/var/www/wordpress/wp-admin/includes/export.php
/var/www/wordpress/wp-admin/includes/file.php
/var/www/wordpress/wp-admin/includes/image-edit.php
/var/www/wordpress/wp-admin/includes/image.php
/var/www/wordpress/wp-admin/includes/import.php
/var/www/wordpress/wp-admin/includes/manifest.php
/var/www/wordpress/wp-admin/includes/media.php
/var/www/wordpress/wp-admin/includes/meta-boxes.php
/var/www/wordpress/wp-admin/includes/misc.php
/var/www/wordpress/wp-admin/includes/ms-deprecated.php
/var/www/wordpress/wp-admin/includes/ms.php
/var/www/wordpress/wp-admin/includes/nav-menu.php
/var/www/wordpress/wp-admin/includes/plugin-install.php
/var/www/wordpress/wp-admin/includes/plugin.php
/var/www/wordpress/wp-admin/includes/post.php
/var/www/wordpress/wp-admin/includes/schema.php
/var/www/wordpress/wp-admin/includes/taxonomy.php
/var/www/wordpress/wp-admin/includes/template.php
/var/www/wordpress/wp-admin/includes/theme-install.php
/var/www/wordpress/wp-admin/includes/theme.php
/var/www/wordpress/wp-admin/includes/update-core.php
/var/www/wordpress/wp-admin/includes/update.php
/var/www/wordpress/wp-admin/includes/upgrade.php
/var/www/wordpress/wp-admin/includes/user.php
/var/www/wordpress/wp-admin/includes/widgets.php
/var/www/wordpress/wp-admin/js/revisions-js.php
/var/www/wordpress/wp-admin/maint/repair.php
/var/www/wordpress/wp-admin/admin-ajax.php
/var/www/wordpress/wp-admin/admin-footer.php
/var/www/wordpress/wp-admin/admin-functions.php
/var/www/wordpress/wp-admin/admin-header.php
/var/www/wordpress/wp-admin/admin-post.php
/var/www/wordpress/wp-admin/admin.php
/var/www/wordpress/wp-admin/async-upload.php
/var/www/wordpress/wp-admin/comment.php
/var/www/wordpress/wp-admin/custom-background.php
/var/www/wordpress/wp-admin/custom-header.php
/var/www/wordpress/wp-admin/edit-attachment-rows.php
/var/www/wordpress/wp-admin/edit-comments.php
/var/www/wordpress/wp-admin/edit-form-advanced.php
/var/www/wordpress/wp-admin/edit-form-comment.php
/var/www/wordpress/wp-admin/edit-link-categories.php
/var/www/wordpress/wp-admin/edit-link-category-form.php
/var/www/wordpress/wp-admin/edit-link-form.php
/var/www/wordpress/wp-admin/edit-post-rows.php
/var/www/wordpress/wp-admin/edit-tag-form.php
/var/www/wordpress/wp-admin/edit-tags.php
/var/www/wordpress/wp-admin/edit.php
/var/www/wordpress/wp-admin/export.php
/var/www/wordpress/wp-admin/gears-manifest.php
/var/www/wordpress/wp-admin/import.php
/var/www/wordpress/wp-admin/index-extra.php
/var/www/wordpress/wp-admin/index.php
/var/www/wordpress/wp-admin/install-helper.php
/var/www/wordpress/wp-admin/install.php
/var/www/wordpress/wp-admin/link-add.php
/var/www/wordpress/wp-admin/link-category.php
/var/www/wordpress/wp-admin/link-manager.php
/var/www/wordpress/wp-admin/link-parse-opml.php
/var/www/wordpress/wp-admin/link.php
/var/www/wordpress/wp-admin/load-scripts.php
/var/www/wordpress/wp-admin/load-styles.php
/var/www/wordpress/wp-admin/media-new.php
/var/www/wordpress/wp-admin/media-upload.php
/var/www/wordpress/wp-admin/media.php
/var/www/wordpress/wp-admin/menu-header.php
/var/www/wordpress/wp-admin/menu.php
/var/www/wordpress/wp-admin/moderation.php
/var/www/wordpress/wp-admin/ms-admin.php
/var/www/wordpress/wp-admin/ms-delete-site.php
/var/www/wordpress/wp-admin/ms-edit.php
/var/www/wordpress/wp-admin/ms-options.php
/var/www/wordpress/wp-admin/ms-sites.php
/var/www/wordpress/wp-admin/ms-themes.php
/var/www/wordpress/wp-admin/ms-upgrade-network.php
/var/www/wordpress/wp-admin/ms-users.php
/var/www/wordpress/wp-admin/my-sites.php
/var/www/wordpress/wp-admin/nav-menus.php
/var/www/wordpress/wp-admin/network.php
/var/www/wordpress/wp-admin/options-discussion.php
/var/www/wordpress/wp-admin/options-general.php
/var/www/wordpress/wp-admin/options-head.php
/var/www/wordpress/wp-admin/options-media.php
/var/www/wordpress/wp-admin/options-permalink.php
/var/www/wordpress/wp-admin/options-privacy.php
/var/www/wordpress/wp-admin/options-reading.php
/var/www/wordpress/wp-admin/options-writing.php
/var/www/wordpress/wp-admin/options.php
/var/www/wordpress/wp-admin/plugin-editor.php
/var/www/wordpress/wp-admin/plugin-install.php
/var/www/wordpress/wp-admin/plugins.php
/var/www/wordpress/wp-admin/post-new.php
/var/www/wordpress/wp-admin/post.php
/var/www/wordpress/wp-admin/press-this.php
/var/www/wordpress/wp-admin/profile.php
/var/www/wordpress/wp-admin/revision.php
/var/www/wordpress/wp-admin/setup-config.php
/var/www/wordpress/wp-admin/sidebar.php
/var/www/wordpress/wp-admin/theme-editor.php
/var/www/wordpress/wp-admin/theme-install.php
/var/www/wordpress/wp-admin/themes.php
/var/www/wordpress/wp-admin/tools.php
/var/www/wordpress/wp-admin/update-core.php
/var/www/wordpress/wp-admin/update.php
/var/www/wordpress/wp-admin/upgrade-functions.php
/var/www/wordpress/wp-admin/upgrade.php
/var/www/wordpress/wp-admin/upload.php
/var/www/wordpress/wp-admin/user-edit.php
/var/www/wordpress/wp-admin/user-new.php
/var/www/wordpress/wp-admin/users.php
/var/www/wordpress/wp-admin/widgets.php
/var/www/wordpress/wp-content/languages/ru_RU.php
/var/www/wordpress/wp-content/plugins/akismet/akismet.php
/var/www/wordpress/wp-content/plugins/rh/rh.php
/var/www/wordpress/wp-content/plugins/hello.php
/var/www/wordpress/wp-content/plugins/index.php
/var/www/wordpress/wp-content/themes/twentyten/404.php
/var/www/wordpress/wp-content/themes/twentyten/archive.php
/var/www/wordpress/wp-content/themes/twentyten/attachment.php
/var/www/wordpress/wp-content/themes/twentyten/author.php
/var/www/wordpress/wp-content/themes/twentyten/category.php
/var/www/wordpress/wp-content/themes/twentyten/comments.php
/var/www/wordpress/wp-content/themes/twentyten/footer.php
/var/www/wordpress/wp-content/themes/twentyten/functions.php
/var/www/wordpress/wp-content/themes/twentyten/header.php
/var/www/wordpress/wp-content/themes/twentyten/index.php
/var/www/wordpress/wp-content/themes/twentyten/loop.php
/var/www/wordpress/wp-content/themes/twentyten/onecolumn-page.php
/var/www/wordpress/wp-content/themes/twentyten/page.php
/var/www/wordpress/wp-content/themes/twentyten/search.php
/var/www/wordpress/wp-content/themes/twentyten/sidebar-footer.php
/var/www/wordpress/wp-content/themes/twentyten/sidebar.php
/var/www/wordpress/wp-content/themes/twentyten/single.php
/var/www/wordpress/wp-content/themes/twentyten/tag.php
/var/www/wordpress/wp-content/themes/index.php
/var/www/wordpress/wp-content/index.php
/var/www/wordpress/wp-includes/js/tinymce/langs/wp-langs.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/utils/JSON.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/utils/Logger.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/EnchantSpell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/GoogleSpell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/PSpell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/PSpellShell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/SpellChecker.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/includes/general.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/config.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/rpc.php
/var/www/wordpress/wp-includes/js/tinymce/wp-mce-help.php
/var/www/wordpress/wp-includes/js/tinymce/wp-tinymce.php
/var/www/wordpress/wp-includes/pomo/entry.php
/var/www/wordpress/wp-includes/pomo/mo.php
/var/www/wordpress/wp-includes/pomo/po.php
/var/www/wordpress/wp-includes/pomo/streams.php
/var/www/wordpress/wp-includes/pomo/translations.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/native.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/shell.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/string.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/xdiff.php
/var/www/wordpress/wp-includes/Text/Diff/Renderer/inline.php
/var/www/wordpress/wp-includes/Text/Diff/Renderer.php
/var/www/wordpress/wp-includes/Text/Diff.php
/var/www/wordpress/wp-includes/theme-compat/comments-popup.php
/var/www/wordpress/wp-includes/theme-compat/comments.php
/var/www/wordpress/wp-includes/theme-compat/footer.php
/var/www/wordpress/wp-includes/theme-compat/header.php
/var/www/wordpress/wp-includes/theme-compat/sidebar.php
/var/www/wordpress/wp-includes/atomlib.php
/var/www/wordpress/wp-includes/author-template.php
/var/www/wordpress/wp-includes/bookmark-template.php
/var/www/wordpress/wp-includes/bookmark.php
/var/www/wordpress/wp-includes/cache.php
/var/www/wordpress/wp-includes/canonical.php
/var/www/wordpress/wp-includes/capabilities.php
/var/www/wordpress/wp-includes/category-template.php
/var/www/wordpress/wp-includes/category.php
/var/www/wordpress/wp-includes/class-feed.php
/var/www/wordpress/wp-includes/class-http.php
/var/www/wordpress/wp-includes/class-IXR.php
/var/www/wordpress/wp-includes/class-json.php
/var/www/wordpress/wp-includes/class-oembed.php
/var/www/wordpress/wp-includes/class-phpass.php
/var/www/wordpress/wp-includes/class-phpmailer.php
/var/www/wordpress/wp-includes/class-pop3.php
/var/www/wordpress/wp-includes/class-simplepie.php
/var/www/wordpress/wp-includes/class-smtp.php
/var/www/wordpress/wp-includes/class-snoopy.php
/var/www/wordpress/wp-includes/class.wp-dependencies.php
/var/www/wordpress/wp-includes/class.wp-scripts.php
/var/www/wordpress/wp-includes/class.wp-styles.php
/var/www/wordpress/wp-includes/classes.php
/var/www/wordpress/wp-includes/comment-template.php
/var/www/wordpress/wp-includes/comment.php
/var/www/wordpress/wp-includes/compat.php
/var/www/wordpress/wp-includes/cron.php
/var/www/wordpress/wp-includes/default-constants.php
/var/www/wordpress/wp-includes/default-embeds.php
/var/www/wordpress/wp-includes/default-filters.php
/var/www/wordpress/wp-includes/default-widgets.php
/var/www/wordpress/wp-includes/deprecated.php
/var/www/wordpress/wp-includes/feed-atom-comments.php
/var/www/wordpress/wp-includes/feed-atom.php
/var/www/wordpress/wp-includes/feed-rdf.php
/var/www/wordpress/wp-includes/feed-rss.php
/var/www/wordpress/wp-includes/feed-rss2-comments.php
/var/www/wordpress/wp-includes/feed-rss2.php
/var/www/wordpress/wp-includes/feed.php
/var/www/wordpress/wp-includes/formatting.php
/var/www/wordpress/wp-includes/functions.php
/var/www/wordpress/wp-includes/functions.wp-scripts.php
/var/www/wordpress/wp-includes/functions.wp-styles.php
/var/www/wordpress/wp-includes/general-template.php
/var/www/wordpress/wp-includes/http.php
/var/www/wordpress/wp-includes/kses.php
/var/www/wordpress/wp-includes/l10n.php
/var/www/wordpress/wp-includes/link-template.php
/var/www/wordpress/wp-includes/load.php
/var/www/wordpress/wp-includes/locale.php
/var/www/wordpress/wp-includes/media.php
/var/www/wordpress/wp-includes/meta.php
/var/www/wordpress/wp-includes/ms-blogs.php
/var/www/wordpress/wp-includes/ms-default-constants.php
/var/www/wordpress/wp-includes/ms-default-filters.php
/var/www/wordpress/wp-includes/ms-deprecated.php
/var/www/wordpress/wp-includes/ms-files.php
/var/www/wordpress/wp-includes/ms-functions.php
/var/www/wordpress/wp-includes/ms-load.php
/var/www/wordpress/wp-includes/ms-settings.php
/var/www/wordpress/wp-includes/nav-menu-template.php
/var/www/wordpress/wp-includes/nav-menu.php
/var/www/wordpress/wp-includes/pluggable-deprecated.php
/var/www/wordpress/wp-includes/pluggable.php
#CodeDescriptions
1<?php
2/**
3 * These functions can be replaced via plugins. If plugins do not redefine these
4 * functions, then these will be used instead.
5 *
6 * @package WordPress
7 */
8
9if ( !function_exists('wp_set_current_user') ) :
10/**
11 * Changes the current user by ID or name.
12 *
13 * Set $id to null and specify a name if you do not know a user's ID.
14 *
15 * Some WordPress functionality is based on the current user and not based on
16 * the signed in user. Therefore, it opens the ability to edit and perform
17 * actions on users who aren't signed in.
18 *
19 * @since 2.0.3
20 * @global object $current_user The current user object which holds the user data.
21 * @uses do_action() Calls 'set_current_user' hook after setting the current user.
22 *
23 * @param int $id User ID
24 * @param string $name User's username
25 * @return WP_User Current user User object
26 */
27function wp_set_current_user($id, $name = '') {
28 global $current_user;
29
30 if ( isset($current_user) && ($id == $current_user->ID) )
31 return $current_user;
32
33 $current_user = new WP_User($id, $name);
34
35 setup_userdata($current_user->ID);
36
37 do_action('set_current_user');
38
39 return $current_user;
40}
41endif;
42
43if ( !function_exists('wp_get_current_user') ) :
44/**
45 * Retrieve the current user object.
46 *
47 * @since 2.0.3
48 *
49 * @return WP_User Current user WP_User object
50 */
51function wp_get_current_user() {
52 global $current_user;
53
54 get_currentuserinfo();
55
56 return $current_user;
57}
58endif;
59
60if ( !function_exists('get_currentuserinfo') ) :
61/**
62 * Populate global variables with information about the currently logged in user.
63 *
64 * Will set the current user, if the current user is not set. The current user
65 * will be set to the logged in person. If no user is logged in, then it will
66 * set the current user to 0, which is invalid and won't have any permissions.
67 *
68 * @since 0.71
69 * @uses $current_user Checks if the current user is set
70 * @uses wp_validate_auth_cookie() Retrieves current logged in user.
71 *
72 * @return bool|null False on XMLRPC Request and invalid auth cookie. Null when current user set
73 */
74function get_currentuserinfo() {
75 global $current_user;
76
77 if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST )
78 return false;
79
80 if ( ! empty($current_user) )
81 return;
82
83 if ( ! $user = wp_validate_auth_cookie() ) {
84 if ( is_admin() || empty($_COOKIE[LOGGED_IN_COOKIE]) || !$user = wp_validate_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], 'logged_in') ) {
85 wp_set_current_user(0);
86 return false;
87 }
88 }
89
90 wp_set_current_user($user);
91}
92endif;
93
94if ( !function_exists('get_userdata') ) :
95/**
96 * Retrieve user info by user ID.
97 *
98 * @since 0.71
99 *
100 * @param int $user_id User ID
101 * @return bool|object False on failure, User DB row object
102 */
103function get_userdata( $user_id ) {
104 global $wpdb;
105
106 if ( ! is_numeric( $user_id ) )
107 return false;
108
109 $user_id = absint( $user_id );
110 if ( ! $user_id )
111 return false;
112
113 $user = wp_cache_get( $user_id, 'users' );
114
115 if ( $user )
116 return $user;
117
118 if ( ! $user = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->users WHERE ID = %d LIMIT 1", $user_id ) ) )
119 return false;
120
121 _fill_user( $user );
122
123 return $user;
124}
125endif;
126
127if ( !function_exists('cache_users') ) :
128/**
129 * Retrieve info for user lists to prevent multiple queries by get_userdata()
130 *
131 * @since 3.0.0
132 *
133 * @param array $users User ID numbers list
134 */
135function cache_users( $users ) {
136 global $wpdb;
137
138 $clean = array();
139 foreach($users as $id) {
140 $id = (int) $id;
141 if (wp_cache_get($id, 'users')) {
142 // seems to be cached already
143 } else {
144 $clean[] = $id;
145 }
146 }
147
148 if ( 0 == count($clean) )
149 return;
150
151 $list = implode(',', $clean);
152
153 $results = $wpdb->get_results("SELECT * FROM $wpdb->users WHERE ID IN ($list)");
154
155 _fill_many_users($results);
156}
157endif;
158
159if ( !function_exists('get_user_by') ) :
160/**
161 * Retrieve user info by a given field
162 *
163 * @since 2.8.0
164 *
165 * @param string $field The field to retrieve the user with. id | slug | email | login
166 * @param int|string $value A value for $field. A user ID, slug, email address, or login name.
167 * @return bool|object False on failure, User DB row object
168 */
169function get_user_by($field, $value) {
170 global $wpdb;
171
172 switch ($field) {
173 case 'id':
174 return get_userdata($value);
175 break;
176 case 'slug':
177 $user_id = wp_cache_get($value, 'userslugs');
178 $field = 'user_nicename';
179 break;
180 case 'email':
181 $user_id = wp_cache_get($value, 'useremail');
182 $field = 'user_email';
183 break;
184 case 'login':
185 $value = sanitize_user( $value );
186 $user_id = wp_cache_get($value, 'userlogins');
187 $field = 'user_login';
188 break;
189 default:
190 return false;
191 }
192
193 if ( false !== $user_id )
194 return get_userdata($user_id);
195
196 if ( !$user = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->users WHERE $field = %s", $value) ) )
197 return false;
198
199 _fill_user($user);
200
201 return $user;
202}
203endif;
204
205if ( !function_exists('get_userdatabylogin') ) :
206/**
207 * Retrieve user info by login name.
208 *
209 * @since 0.71
210 *
211 * @param string $user_login User's username
212 * @return bool|object False on failure, User DB row object
213 */
214function get_userdatabylogin($user_login) {
215 return get_user_by('login', $user_login);
216}
217endif;
218
219if ( !function_exists('get_user_by_email') ) :
220/**
221 * Retrieve user info by email.
222 *
223 * @since 2.5
224 *
225 * @param string $email User's email address
226 * @return bool|object False on failure, User DB row object
227 */
228function get_user_by_email($email) {
229 return get_user_by('email', $email);//Connection Handling
230}
231endif;
232
233if ( !function_exists( 'wp_mail' ) ) :
234/**
235 * Send mail, similar to PHP's mail
236 *
237 * A true return value does not automatically mean that the user received the
238 * email successfully. It just only means that the method used was able to
239 * process the request without any errors.
240 *
241 * Using the two 'wp_mail_from' and 'wp_mail_from_name' hooks allow from
242 * creating a from address like 'Name <email@address.com>' when both are set. If
243 * just 'wp_mail_from' is set, then just the email address will be used with no
244 * name.
245 *
246 * The default content type is 'text/plain' which does not allow using HTML.
247 * However, you can set the content type of the email by using the
248 * 'wp_mail_content_type' filter.
249 *
250 * The default charset is based on the charset used on the blog. The charset can
251 * be set using the 'wp_mail_charset' filter.
252 *
253 * @since 1.2.1
254 * @uses apply_filters() Calls 'wp_mail' hook on an array of all of the parameters.
255 * @uses apply_filters() Calls 'wp_mail_from' hook to get the from email address.
256 * @uses apply_filters() Calls 'wp_mail_from_name' hook to get the from address name.
257 * @uses apply_filters() Calls 'wp_mail_content_type' hook to get the email content type.
258 * @uses apply_filters() Calls 'wp_mail_charset' hook to get the email charset
259 * @uses do_action_ref_array() Calls 'phpmailer_init' hook on the reference to
260 * phpmailer object.
261 * @uses PHPMailer
262 * @
263 *
264 * @param string|array $to Array or comma-separated list of email addresses to send message.
265 * @param string $subject Email subject
266 * @param string $message Message contents
267 * @param string|array $headers Optional. Additional headers.
268 * @param string|array $attachments Optional. Files to attach.
269 * @return bool Whether the email contents were sent successfully.
270 */
271function wp_mail( $to, $subject, $message, $headers = '', $attachments = array() ) {
272 // Compact the input, apply the filters, and extract them back out
273 extract( apply_filters( 'wp_mail', compact( 'to', 'subject', 'message', 'headers', 'attachments' ) ) );
274
275 if ( !is_array($attachments) )
276 $attachments = explode( "\n", str_replace( "\r\n", "\n", $attachments ) );
277
278 global $phpmailer;
279
280 // (Re)create it, if it's gone missing
281 if ( !is_object( $phpmailer ) || !is_a( $phpmailer, 'PHPMailer' ) ) {
282 require_once ABSPATH . WPINC . '/class-phpmailer.php';
283 require_once ABSPATH . WPINC . '/class-smtp.php';
284 $phpmailer = new PHPMailer();
285 }
286
287 // Headers
288 if ( empty( $headers ) ) {
289 $headers = array();
290 } else {
291 if ( !is_array( $headers ) ) {
292 // Explode the headers out, so this function can take both
293 // string headers and an array of headers.
294 $tempheaders = explode( "\n", str_replace( "\r\n", "\n", $headers ) );
295 } else {
296 $tempheaders = $headers;
297 }
298 $headers = array();
299
300 // If it's actually got contents
301 if ( !empty( $tempheaders ) ) {
302 // Iterate through the raw headers
303 foreach ( (array) $tempheaders as $header ) {
304 if ( strpos($header, ':') === false ) {
305 if ( false !== stripos( $header, 'boundary=' ) ) {
306 $parts = preg_split('/boundary=/i', trim( $header ) );
307 $boundary = trim( str_replace( array( "'", '"' ), '', $parts[1] ) );
308 }
309 continue;
310 }
311 // Explode them out
312 list( $name, $content ) = explode( ':', trim( $header ), 2 );
313
314 // Cleanup crew
315 $name = trim( $name );
316 $content = trim( $content );
317
318 switch ( strtolower( $name ) ) {
319 // Mainly for legacy -- process a From: header if it's there
320 case 'from':
321 if ( strpos($content, '<' ) !== false ) {
322 // So... making my life hard again?
323 $from_name = substr( $content, 0, strpos( $content, '<' ) - 1 );
324 $from_name = str_replace( '"', '', $from_name );
325 $from_name = trim( $from_name );
326
327 $from_email = substr( $content, strpos( $content, '<' ) + 1 );
328 $from_email = str_replace( '>', '', $from_email );
329 $from_email = trim( $from_email );
330 } else {
331 $from_email = trim( $content );
332 }
333 break;
334 case 'content-type':
335 if ( strpos( $content, ';' ) !== false ) {
336 list( $type, $charset ) = explode( ';', $content );
337 $content_type = trim( $type );
338 if ( false !== stripos( $charset, 'charset=' ) ) {
339 $charset = trim( str_replace( array( 'charset=', '"' ), '', $charset ) );
340 } elseif ( false !== stripos( $charset, 'boundary=' ) ) {
341 $boundary = trim( str_replace( array( 'BOUNDARY=', 'boundary=', '"' ), '', $charset ) );
342 $charset = '';
343 }
344 } else {
345 $content_type = trim( $content );
346 }
347 break;
348 case 'cc':
349 $cc = array_merge( (array) $cc, explode( ',', $content ) );
350 break;
351 case 'bcc':
352 $bcc = array_merge( (array) $bcc, explode( ',', $content ) );
353 break;
354 default:
355 // Add it to our grand headers array
356 $headers[trim( $name )] = trim( $content );
357 break;
358 }
359 }
360 }
361 }
362
363 // Empty out the values that may be set
364 $phpmailer->ClearAddresses();
365 $phpmailer->ClearAllRecipients();
366 $phpmailer->ClearAttachments();
367 $phpmailer->ClearBCCs();
368 $phpmailer->ClearCCs();
369 $phpmailer->ClearCustomHeaders();
370 $phpmailer->ClearReplyTos();
371
372 // From email and name
373 // If we don't have a name from the input headers
374 if ( !isset( $from_name ) )
375 $from_name = 'WordPress';
376
377 /* If we don't have an email from the input headers default to wordpress@$sitename
378 * Some hosts will block outgoing mail from this address if it doesn't exist but
379 * there's no easy alternative. Defaulting to admin_email might appear to be another
380 * option but some hosts may refuse to relay mail from an unknown domain. See
381 * http://trac.wordpress.org/ticket/5007.
382 */
383
384 if ( !isset( $from_email ) ) {
385 // Get the site domain and get rid of www.
386 $sitename = strtolower( $_SERVER['SERVER_NAME'] );
387 if ( substr( $sitename, 0, 4 ) == 'www.' ) {
388 $sitename = substr( $sitename, 4 );
389 }
390
391 $from_email = 'wordpress@' . $sitename;
392 }
393
394 // Plugin authors can override the potentially troublesome default
395 $phpmailer->From = apply_filters( 'wp_mail_from' , $from_email );
396 $phpmailer->FromName = apply_filters( 'wp_mail_from_name', $from_name );
397
398 // Set destination addresses
399 if ( !is_array( $to ) )
400 $to = explode( ',', $to );
401
402 foreach ( (array) $to as $recipient ) {
403 $phpmailer->AddAddress( trim( $recipient ) );
404 }
405
406 // Set mail's subject and body
407 $phpmailer->Subject = $subject;
408 $phpmailer->Body = $message;
409
410 // Add any CC and BCC recipients
411 if ( !empty( $cc ) ) {
412 foreach ( (array) $cc as $recipient ) {
413 $phpmailer->AddCc( trim($recipient) );
414 }
415 }
416
417 if ( !empty( $bcc ) ) {
418 foreach ( (array) $bcc as $recipient) {
419 $phpmailer->AddBcc( trim($recipient) );
420 }
421 }
422
423 // Set to use PHP's mail()
424 $phpmailer->IsMail();
425
426 // Set Content-Type and charset
427 // If we don't have a content-type from the input headers
428 if ( !isset( $content_type ) )
429 $content_type = 'text/plain';
430
431 $content_type = apply_filters( 'wp_mail_content_type', $content_type );
432
433 $phpmailer->ContentType = $content_type;
434
435 // Set whether it's plaintext, depending on $content_type
436 if ( 'text/html' == $content_type )
437 $phpmailer->IsHTML( true );
438
439 // If we don't have a charset from the input headers
440 if ( !isset( $charset ) )
441 $charset = get_bloginfo( 'charset' );
442
443 // Set the content-type and charset
444 $phpmailer->CharSet = apply_filters( 'wp_mail_charset', $charset );
445
446 // Set custom headers
447 if ( !empty( $headers ) ) {
448 foreach( (array) $headers as $name => $content ) {
449 $phpmailer->AddCustomHeader( sprintf( '%1$s: %2$s', $name, $content ) );//Cross Site Scripting
450 }
451
452 if ( false !== stripos( $content_type, 'multipart' ) && ! empty($boundary) )
453 $phpmailer->AddCustomHeader( sprintf( "Content-Type: %s;\n\t boundary=\"%s\"", $content_type, $boundary ) );
454 }
455
456 if ( !empty( $attachments ) ) {
457 foreach ( $attachments as $attachment ) {
458 $phpmailer->AddAttachment($attachment);
459 }
460 }
461
462 do_action_ref_array( 'phpmailer_init', array( &$phpmailer ) );
463
464 // Send!
465 $result = @$phpmailer->Send();
466
467 return $result;
468}
469endif;
470
471if ( !function_exists('wp_authenticate') ) :
472/**
473 * Checks a user's login information and logs them in if it checks out.
474 *
475 * @since 2.5.0
476 *
477 * @param string $username User's username
478 * @param string $password User's password
479 * @return WP_Error|WP_User WP_User object if login successful, otherwise WP_Error object.
480 */
481function wp_authenticate($username, $password) {
482 $username = sanitize_user($username);
483 $password = trim($password);
484
485 $user = apply_filters('authenticate', null, $username, $password);
486
487 if ( $user == null ) {
488 // TODO what should the error message be? (Or would these even happen?)
489 // Only needed if all authentication handlers fail to return anything.
490 $user = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Invalid username or incorrect password.'));
491 }
492
493 $ignore_codes = array('empty_username', 'empty_password');
494
495 if (is_wp_error($user) && !in_array($user->get_error_code(), $ignore_codes) ) {
496 do_action('wp_login_failed', $username);
497 }
498
499 return $user;
500}
501endif;
502
503if ( !function_exists('wp_logout') ) :
504/**
505 * Log the current user out.
506 *
507 * @since 2.5.0
508 */
509function wp_logout() {
510 wp_clear_auth_cookie();
511 do_action('wp_logout');
512}
513endif;
514
515if ( !function_exists('wp_validate_auth_cookie') ) :
516/**
517 * Validates authentication cookie.
518 *
519 * The checks include making sure that the authentication cookie is set and
520 * pulling in the contents (if $cookie is not used).
521 *
522 * Makes sure the cookie is not expired. Verifies the hash in cookie is what is
523 * should be and compares the two.
524 *
525 * @since 2.5
526 *
527 * @param string $cookie Optional. If used, will validate contents instead of cookie's
528 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
529 * @return bool|int False if invalid cookie, User ID if valid.
530 */
531function wp_validate_auth_cookie($cookie = '', $scheme = '') {
532 if ( ! $cookie_elements = wp_parse_auth_cookie($cookie, $scheme) ) {
533 do_action('auth_cookie_malformed', $cookie, $scheme);
534 return false;
535 }
536
537 extract($cookie_elements, EXTR_OVERWRITE);//Possible Control Flow
538
539 $expired = $expiration;
540
541 // Allow a grace period for POST and AJAX requests
542 if ( defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD'] )
543 $expired += 3600;
544
545 // Quick check to see if an honest cookie has expired
546 if ( $expired < time() ) {
547 do_action('auth_cookie_expired', $cookie_elements);
548 return false;
549 }
550
551 $user = get_userdatabylogin($username);
552 if ( ! $user ) {
553 do_action('auth_cookie_bad_username', $cookie_elements);
554 return false;
555 }
556
557 $pass_frag = substr($user->user_pass, 8, 4);
558
559 $key = wp_hash($username . $pass_frag . '|' . $expiration, $scheme);
560 $hash = hash_hmac('md5', $username . '|' . $expiration, $key);
561
562 if ( $hmac != $hash ) {
563 do_action('auth_cookie_bad_hash', $cookie_elements);
564 return false;
565 }
566
567 if ( $expiration < time() ) // AJAX/POST grace period set above
568 $GLOBALS['login_grace_period'] = 1;
569
570 do_action('auth_cookie_valid', $cookie_elements, $user);
571
572 return $user->ID;
573}
574endif;
575
576if ( !function_exists('wp_generate_auth_cookie') ) :
577/**
578 * Generate authentication cookie contents.
579 *
580 * @since 2.5
581 * @uses apply_filters() Calls 'auth_cookie' hook on $cookie contents, User ID
582 * and expiration of cookie.
583 *
584 * @param int $user_id User ID
585 * @param int $expiration Cookie expiration in seconds
586 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
587 * @return string Authentication cookie contents
588 */
589function wp_generate_auth_cookie($user_id, $expiration, $scheme = 'auth') {
590 $user = get_userdata($user_id);
591
592 $pass_frag = substr($user->user_pass, 8, 4);
593
594 $key = wp_hash($user->user_login . $pass_frag . '|' . $expiration, $scheme);
595 $hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key);
596
597 $cookie = $user->user_login . '|' . $expiration . '|' . $hash;
598
599 return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $scheme);
600}
601endif;
602
603if ( !function_exists('wp_parse_auth_cookie') ) :
604/**
605 * Parse a cookie into its components
606 *
607 * @since 2.7
608 *
609 * @param string $cookie
610 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
611 * @return array Authentication cookie components
612 */
613function wp_parse_auth_cookie($cookie = '', $scheme = '') {
614 if ( empty($cookie) ) {
615 switch ($scheme){
616 case 'auth':
617 $cookie_name = AUTH_COOKIE;
618 break;
619 case 'secure_auth':
620 $cookie_name = SECURE_AUTH_COOKIE;
621 break;
622 case "logged_in":
623 $cookie_name = LOGGED_IN_COOKIE;
624 break;
625 default:
626 if ( is_ssl() ) {
627 $cookie_name = SECURE_AUTH_COOKIE;
628 $scheme = 'secure_auth';
629 } else {
630 $cookie_name = AUTH_COOKIE;
631 $scheme = 'auth';
632 }
633 }
634
635 if ( empty($_COOKIE[$cookie_name]) )
636 return false;
637 $cookie = $_COOKIE[$cookie_name];
638 }
639
640 $cookie_elements = explode('|', $cookie);
641 if ( count($cookie_elements) != 3 )
642 return false;
643
644 list($username, $expiration, $hmac) = $cookie_elements;
645
646 return compact('username', 'expiration', 'hmac', 'scheme');
647}
648endif;
649
650if ( !function_exists('wp_set_auth_cookie') ) :
651/**
652 * Sets the authentication cookies based User ID.
653 *
654 * The $remember parameter increases the time that the cookie will be kept. The
655 * default the cookie is kept without remembering is two days. When $remember is
656 * set, the cookies will be kept for 14 days or two weeks.
657 *
658 * @since 2.5
659 *
660 * @param int $user_id User ID
661 * @param bool $remember Whether to remember the user
662 */
663function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
664 if ( $remember ) {
665 $expiration = $expire = time() + apply_filters('auth_cookie_expiration', 1209600, $user_id, $remember);
666 } else {
667 $expiration = time() + apply_filters('auth_cookie_expiration', 172800, $user_id, $remember);
668 $expire = 0;
669 }
670
671 if ( '' === $secure )
672 $secure = is_ssl();
673
674 if ( $secure ) {
675 $auth_cookie_name = SECURE_AUTH_COOKIE;
676 $scheme = 'secure_auth';
677 } else {
678 $auth_cookie_name = AUTH_COOKIE;
679 $scheme = 'auth';
680 }
681
682 $auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
683 $logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
684
685 do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
686 do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
687
688 // Set httponly if the php version is >= 5.2.0
689 if ( version_compare(phpversion(), '5.2.0', 'ge') ) {
690 setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
691 setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
692 setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, false, true);
693 if ( COOKIEPATH != SITECOOKIEPATH )
694 setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, false, true);
695 } else {
696 $cookie_domain = COOKIE_DOMAIN;
697 if ( !empty($cookie_domain) )
698 $cookie_domain .= '; HttpOnly';
699 setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, $cookie_domain, $secure);
700 setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, $cookie_domain, $secure);
701 setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, $cookie_domain);
702 if ( COOKIEPATH != SITECOOKIEPATH )
703 setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, $cookie_domain);
704 }
705}
706endif;
707
708if ( !function_exists('wp_clear_auth_cookie') ) :
709/**
710 * Removes all of the cookies associated with authentication.
711 *
712 * @since 2.5
713 */
714function wp_clear_auth_cookie() {
715 do_action('clear_auth_cookie');
716
717 setcookie(AUTH_COOKIE, ' ', time() - 31536000, ADMIN_COOKIE_PATH, COOKIE_DOMAIN);
718 setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, ADMIN_COOKIE_PATH, COOKIE_DOMAIN);
719 setcookie(AUTH_COOKIE, ' ', time() - 31536000, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN);
720 setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN);
721 setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
722 setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
723
724 // Old cookies
725 setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
726 setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
727 setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
728 setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
729
730 // Even older cookies
731 setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
732 setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
733 setcookie(USER_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
734 setcookie(PASS_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
735}
736endif;
737
738if ( !function_exists('is_user_logged_in') ) :
739/**
740 * Checks if the current visitor is a logged in user.
741 *
742 * @since 2.0.0
743 *
744 * @return bool True if user is logged in, false if not logged in.
745 */
746function is_user_logged_in() {
747 $user = wp_get_current_user();
748
749 if ( $user->id == 0 )
750 return false;
751
752 return true;
753}
754endif;
755
756if ( !function_exists('auth_redirect') ) :
757/**
758 * Checks if a user is logged in, if not it redirects them to the login page.
759 *
760 * @since 1.5
761 */
762function auth_redirect() {
763 // Checks if a user is logged in, if not redirects them to the login page
764
765 $secure = ( is_ssl() || force_ssl_admin() );
766
767 // If https is required and request is http, redirect
768 if ( $secure && !is_ssl() && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) {
769 if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
770 wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
771 exit();
772 } else {
773 wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
774 exit();
775 }
776 }
777
778 if ( $user_id = wp_validate_auth_cookie( '', apply_filters( 'auth_redirect_scheme', '' ) ) ) {
779 do_action('auth_redirect', $user_id);
780
781 // If the user wants ssl but the session is not ssl, redirect.
782 if ( !$secure && get_user_option('use_ssl', $user_id) && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) {
783 if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
784 wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
785 exit();
786 } else {
787 wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
788 exit();
789 }
790 }
791
792 return; // The cookie is good so we're done
793 }
794
795 // The cookie is no good so force login
796 nocache_headers();
797
798 if ( is_ssl() )
799 $proto = 'https://';
800 else
801 $proto = 'http://';
802
803 $redirect = ( strpos($_SERVER['REQUEST_URI'], '/options.php') && wp_get_referer() ) ? wp_get_referer() : $proto . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
804
805 $login_url = wp_login_url($redirect, true);
806
807 wp_redirect($login_url);
808 exit();
809}
810endif;
811
812if ( !function_exists('check_admin_referer') ) :
813/**
814 * Makes sure that a user was referred from another admin page.
815 *
816 * To avoid security exploits.
817 *
818 * @since 1.2.0
819 * @uses do_action() Calls 'check_admin_referer' on $action.
820 *
821 * @param string $action Action nonce
822 * @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
823 */
824function check_admin_referer($action = -1, $query_arg = '_wpnonce') {
825 $adminurl = strtolower(admin_url());
826 $referer = strtolower(wp_get_referer());
827 $result = isset($_REQUEST[$query_arg]) ? wp_verify_nonce($_REQUEST[$query_arg], $action) : false;
828 if ( !$result && !(-1 == $action && strpos($referer, $adminurl) !== false) ) {
829 wp_nonce_ays($action);
830 die();
831 }
832 do_action('check_admin_referer', $action, $result);
833 return $result;
834}endif;
835
836if ( !function_exists('check_ajax_referer') ) :
837/**
838 * Verifies the AJAX request to prevent processing requests external of the blog.
839 *
840 * @since 2.0.3
841 *
842 * @param string $action Action nonce
843 * @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
844 */
845function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
846 if ( $query_arg )
847 $nonce = $_REQUEST[$query_arg];
848 else
849 $nonce = isset($_REQUEST['_ajax_nonce']) ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce'];
850
851 $result = wp_verify_nonce( $nonce, $action );
852
853 if ( $die && false == $result )
854 die('-1');
855
856 do_action('check_ajax_referer', $action, $result);
857
858 return $result;
859}
860endif;
861
862if ( !function_exists('wp_redirect') ) :
863/**
864 * Redirects to another page, with a workaround for the IIS Set-Cookie bug.
865 *
866 * @link http://support.microsoft.com/kb/q176113/
867 * @since 1.5.1
868 * @uses apply_filters() Calls 'wp_redirect' hook on $location and $status.
869 *
870 * @param string $location The path to redirect to
871 * @param int $status Status code to use
872 * @return bool False if $location is not set
873 */
874function wp_redirect($location, $status = 302) {
875 global $is_IIS;
876
877 $location = apply_filters('wp_redirect', $location, $status);
878 $status = apply_filters('wp_redirect_status', $status, $location);
879
880 if ( !$location ) // allows the wp_redirect filter to cancel a redirect
881 return false;
882
883 $location = wp_sanitize_redirect($location);
884
885 if ( $is_IIS ) {
886 header("Refresh: 0;url=$location");
887 } else {
888 if ( php_sapi_name() != 'cgi-fcgi' )
889 status_header($status); // This causes problems on IIS and some FastCGI setups//Cross Site Scripting
890 header("Location: $location", true, $status);
891 }
892}
893endif;
894
895if ( !function_exists('wp_sanitize_redirect') ) :
896/**
897 * Sanitizes a URL for use in a redirect.
898 *
899 * @since 2.3
900 *
901 * @return string redirect-sanitized URL
902 **/
903function wp_sanitize_redirect($location) {
904 $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!]|i', '', $location);
905 $location = wp_kses_no_null($location);
906
907 // remove %0d and %0a from location
908 $strip = array('%0d', '%0a', '%0D', '%0A');
909 $location = _deep_replace($strip, $location);
910 return $location;
911}
912endif;
913
914if ( !function_exists('wp_safe_redirect') ) :
915/**
916 * Performs a safe (local) redirect, using wp_redirect().
917 *
918 * Checks whether the $location is using an allowed host, if it has an absolute
919 * path. A plugin can therefore set or remove allowed host(s) to or from the
920 * list.
921 *
922 * If the host is not allowed, then the redirect is to wp-admin on the siteurl
923 * instead. This prevents malicious redirects which redirect to another host,
924 * but only used in a few places.
925 *
926 * @since 2.3
927 * @uses wp_validate_redirect() To validate the redirect is to an allowed host.
928 *
929 * @return void Does not return anything
930 **/
931function wp_safe_redirect($location, $status = 302) {
932
933 // Need to look at the URL the way it will end up in wp_redirect()
934 $location = wp_sanitize_redirect($location);
935
936 $location = wp_validate_redirect($location, admin_url());
937
938 wp_redirect($location, $status);
939}
940endif;
941
942if ( !function_exists('wp_validate_redirect') ) :
943/**
944 * Validates a URL for use in a redirect.
945 *
946 * Checks whether the $location is using an allowed host, if it has an absolute
947 * path. A plugin can therefore set or remove allowed host(s) to or from the
948 * list.
949 *
950 * If the host is not allowed, then the redirect is to $default supplied
951 *
952 * @since 2.8.1
953 * @uses apply_filters() Calls 'allowed_redirect_hosts' on an array containing
954 * WordPress host string and $location host string.
955 *
956 * @param string $location The redirect to validate
957 * @param string $default The value to return is $location is not allowed
958 * @return string redirect-sanitized URL
959 **/
960function wp_validate_redirect($location, $default = '') {
961 // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
962 if ( substr($location, 0, 2) == '//' )
963 $location = 'http:' . $location;
964
965 // In php 5 parse_url may fail if the URL query part contains http://, bug #38143
966 $test = ( $cut = strpos($location, '?') ) ? substr( $location, 0, $cut ) : $location;
967
968 $lp = parse_url($test);
969
970 // Give up if malformed URL
971 if ( false === $lp )
972 return $default;
973
974 // Allow only http and https schemes. No data:, etc.
975 if ( isset($lp['scheme']) && !('http' == $lp['scheme'] || 'https' == $lp['scheme']) )
976 return $default;
977
978 // Reject if scheme is set but host is not. This catches urls like https:host.com for which parse_url does not set the host field.
979 if ( isset($lp['scheme']) && !isset($lp['host']) )
980 return $default;
981
982 $wpp = parse_url(home_url());
983
984 $allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : '');
985
986 if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host'])) )
987 $location = $default;
988
989 return $location;
990}
991endif;
992
993if ( ! function_exists('wp_notify_postauthor') ) :
994/**
995 * Notify an author of a comment/trackback/pingback to one of their posts.
996 *
997 * @since 1.0.0
998 *
999 * @param int $comment_id Comment ID
1000 * @param string $comment_type Optional. The comment type either 'comment' (default), 'trackback', or 'pingback'
/var/www/wordpress/wp-includes/plugin.php
/var/www/wordpress/wp-includes/post-template.php
/var/www/wordpress/wp-includes/post-thumbnail-template.php
/var/www/wordpress/wp-includes/post.php
/var/www/wordpress/wp-includes/query.php
/var/www/wordpress/wp-includes/registration-functions.php
/var/www/wordpress/wp-includes/registration.php
/var/www/wordpress/wp-includes/rewrite.php
/var/www/wordpress/wp-includes/rss-functions.php
/var/www/wordpress/wp-includes/rss.php
/var/www/wordpress/wp-includes/script-loader.php
/var/www/wordpress/wp-includes/shortcodes.php
/var/www/wordpress/wp-includes/taxonomy.php
/var/www/wordpress/wp-includes/template-loader.php
/var/www/wordpress/wp-includes/theme.php
/var/www/wordpress/wp-includes/update.php
/var/www/wordpress/wp-includes/user.php
/var/www/wordpress/wp-includes/vars.php
/var/www/wordpress/wp-includes/version.php
/var/www/wordpress/wp-includes/widgets.php
/var/www/wordpress/wp-includes/wp-db.php
/var/www/wordpress/wp-includes/wp-diff.php
/var/www/wordpress/index.php
/var/www/wordpress/wp-activate.php
/var/www/wordpress/wp-app.php
/var/www/wordpress/wp-atom.php
/var/www/wordpress/wp-blog-header.php
/var/www/wordpress/wp-comments-post.php
/var/www/wordpress/wp-commentsrss2.php
/var/www/wordpress/wp-config-sample.php
/var/www/wordpress/wp-cron.php
/var/www/wordpress/wp-feed.php
/var/www/wordpress/wp-links-opml.php
/var/www/wordpress/wp-load.php
/var/www/wordpress/wp-login.php
/var/www/wordpress/wp-mail.php
/var/www/wordpress/wp-pass.php
/var/www/wordpress/wp-rdf.php
/var/www/wordpress/wp-register.php
/var/www/wordpress/wp-rss.php
/var/www/wordpress/wp-rss2.php
/var/www/wordpress/wp-settings.php
/var/www/wordpress/wp-signup.php
/var/www/wordpress/wp-trackback.php
/var/www/wordpress/xmlrpc.php