Esempio n. 1
0
/**
 * Determine if uploaded file exceeds space quota.
 *
 * @since 3.0.0
 *
 * @param array $file $_FILES array for a given file.
 * @return array $_FILES array with 'error' key set if file exceeds quota. 'error' is empty otherwise.
 */
function check_upload_size($file)
{
    if (get_site_option('upload_space_check_disabled')) {
        return $file;
    }
    if ($file['error'] != '0') {
        // there's already an error
        return $file;
    }
    if (defined('WP_IMPORTING')) {
        return $file;
    }
    $space_left = get_upload_space_available();
    $file_size = filesize($file['tmp_name']);
    if ($space_left < $file_size) {
        $file['error'] = sprintf(__('Not enough space to upload. %1$s KB needed.'), number_format(($file_size - $space_left) / KB_IN_BYTES));
    }
    if ($file_size > KB_IN_BYTES * get_site_option('fileupload_maxk', 1500)) {
        $file['error'] = sprintf(__('This file is too big. Files must be less than %1$s KB in size.'), get_site_option('fileupload_maxk', 1500));
    }
    if (upload_is_user_over_quota(false)) {
        $file['error'] = __('You have used your space quota. Please delete files before uploading.');
    }
    if ($file['error'] != '0' && !isset($_POST['html-upload']) && !wp_doing_ajax()) {
        wp_die($file['error'] . ' <a href="javascript:history.go(-1)">' . __('Back') . '</a>');
    }
    return $file;
}
Esempio n. 2
0
/**
 * Send a JSON response back to an Ajax request.
 *
 * @since 3.5.0
 * @since 4.7.0 The `$status_code` parameter was added.
 *
 * @param mixed $response    Variable (usually an array or object) to encode as JSON,
 *                           then print and die.
 * @param int   $status_code The HTTP status code to output.
 */
function wp_send_json($response, $status_code = null)
{
    @header('Content-Type: application/json; charset=' . get_option('blog_charset'));
    if (null !== $status_code) {
        status_header($status_code);
    }
    echo wp_json_encode($response);
    if (wp_doing_ajax()) {
        wp_die('', '', array('response' => null));
    } else {
        die;
    }
}
Esempio n. 3
0
/**
 * Retrieves theme installer pages from the WordPress.org Themes API.
 *
 * It is possible for a theme to override the Themes API result with three
 * filters. Assume this is for themes, which can extend on the Theme Info to
 * offer more choices. This is very powerful and must be used with care, when
 * overriding the filters.
 *
 * The first filter, {@see 'themes_api_args'}, is for the args and gives the action
 * as the second parameter. The hook for {@see 'themes_api_args'} must ensure that
 * an object is returned.
 *
 * The second filter, {@see 'themes_api'}, allows a plugin to override the WordPress.org
 * Theme API entirely. If `$action` is 'query_themes', 'theme_information', or 'feature_list',
 * an object MUST be passed. If `$action` is 'hot_tags', an array should be passed.
 *
 * Finally, the third filter, {@see 'themes_api_result'}, makes it possible to filter the
 * response object or array, depending on the `$action` type.
 *
 * Supported arguments per action:
 *
 * | Argument Name      | 'query_themes' | 'theme_information' | 'hot_tags' | 'feature_list'   |
 * | -------------------| :------------: | :-----------------: | :--------: | :--------------: |
 * | `$slug`            | No             |  Yes                | No         | No               |
 * | `$per_page`        | Yes            |  No                 | No         | No               |
 * | `$page`            | Yes            |  No                 | No         | No               |
 * | `$number`          | No             |  No                 | Yes        | No               |
 * | `$search`          | Yes            |  No                 | No         | No               |
 * | `$tag`             | Yes            |  No                 | No         | No               |
 * | `$author`          | Yes            |  No                 | No         | No               |
 * | `$user`            | Yes            |  No                 | No         | No               |
 * | `$browse`          | Yes            |  No                 | No         | No               |
 * | `$locale`          | Yes            |  Yes                | No         | No               |
 * | `$fields`          | Yes            |  Yes                | No         | No               |
 *
 * @since 2.8.0
 *
 * @param string       $action API action to perform: 'query_themes', 'theme_information',
 *                             'hot_tags' or 'feature_list'.
 * @param array|object $args   {
 *     Optional. Array or object of arguments to serialize for the Themes API.
 *
 *     @type string  $slug     The theme slug. Default empty.
 *     @type int     $per_page Number of themes per page. Default 24.
 *     @type int     $page     Number of current page. Default 1.
 *     @type int     $number   Number of tags to be queried.
 *     @type string  $search   A search term. Default empty.
 *     @type string  $tag      Tag to filter themes. Default empty.
 *     @type string  $author   Username of an author to filter themes. Default empty.
 *     @type string  $user     Username to query for their favorites. Default empty.
 *     @type string  $browse   Browse view: 'featured', 'popular', 'updated', 'favorites'.
 *     @type string  $locale   Locale to provide context-sensitive results. Default is the value of get_locale().
 *     @type array   $fields   {
 *         Array of fields which should or should not be returned.
 *
 *         @type bool $description        Whether to return the theme full description. Default false.
 *         @type bool $sections           Whether to return the theme readme sections: description, installation,
 *                                        FAQ, screenshots, other notes, and changelog. Default false.
 *         @type bool $rating             Whether to return the rating in percent and total number of ratings.
 *                                        Default false.
 *         @type bool $ratings            Whether to return the number of rating for each star (1-5). Default false.
 *         @type bool $downloaded         Whether to return the download count. Default false.
 *         @type bool $downloadlink       Whether to return the download link for the package. Default false.
 *         @type bool $last_updated       Whether to return the date of the last update. Default false.
 *         @type bool $tags               Whether to return the assigned tags. Default false.
 *         @type bool $homepage           Whether to return the theme homepage link. Default false.
 *         @type bool $screenshots        Whether to return the screenshots. Default false.
 *         @type int  $screenshot_count   Number of screenshots to return. Default 1.
 *         @type bool $screenshot_url     Whether to return the URL of the first screenshot. Default false.
 *         @type bool $photon_screenshots Whether to return the screenshots via Photon. Default false.
 *         @type bool $template           Whether to return the slug of the parent theme. Default false.
 *         @type bool $parent             Whether to return the slug, name and homepage of the parent theme. Default false.
 *         @type bool $versions           Whether to return the list of all available versions. Default false.
 *         @type bool $theme_url          Whether to return theme's URL. Default false.
 *         @type bool $extended_author    Whether to return nicename or nicename and display name. Default false.
 *     }
 * }
 * @return object|array|WP_Error Response object or array on success, WP_Error on failure. See the
 *         {@link https://developer.wordpress.org/reference/functions/themes_api/ function reference article}
 *         for more information on the make-up of possible return objects depending on the value of `$action`.
 */
function themes_api($action, $args = array())
{
    if (is_array($args)) {
        $args = (object) $args;
    }
    if (!isset($args->per_page)) {
        $args->per_page = 24;
    }
    if (!isset($args->locale)) {
        $args->locale = get_user_locale();
    }
    /**
     * Filters arguments used to query for installer pages from the WordPress.org Themes API.
     *
     * Important: An object MUST be returned to this filter.
     *
     * @since 2.8.0
     *
     * @param object $args   Arguments used to query for installer pages from the WordPress.org Themes API.
     * @param string $action Requested action. Likely values are 'theme_information',
     *                       'feature_list', or 'query_themes'.
     */
    $args = apply_filters('themes_api_args', $args, $action);
    /**
     * Filters whether to override the WordPress.org Themes API.
     *
     * Passing a non-false value will effectively short-circuit the WordPress.org API request.
     *
     * If `$action` is 'query_themes', 'theme_information', or 'feature_list', an object MUST
     * be passed. If `$action` is 'hot_tags', an array should be passed.
     *
     * @since 2.8.0
     *
     * @param false|object|array $override Whether to override the WordPress.org Themes API. Default false.
     * @param string             $action   Requested action. Likely values are 'theme_information',
     *                                    'feature_list', or 'query_themes'.
     * @param object             $args     Arguments used to query for installer pages from the Themes API.
     */
    $res = apply_filters('themes_api', false, $action, $args);
    if (!$res) {
        $url = $http_url = 'http://api.wordpress.org/themes/info/1.0/';
        if ($ssl = wp_http_supports(array('ssl'))) {
            $url = set_url_scheme($url, 'https');
        }
        $http_args = array('body' => array('action' => $action, 'request' => serialize($args)));
        $request = wp_remote_post($url, $http_args);
        if ($ssl && is_wp_error($request)) {
            if (!wp_doing_ajax()) {
                trigger_error(sprintf(__('An unexpected error occurred. Something may be wrong with WordPress.org or this server&#8217;s configuration. If you continue to have problems, please try the <a href="%s">support forums</a>.'), __('https://wordpress.org/support/')) . ' ' . __('(WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.)'), headers_sent() || WP_DEBUG ? E_USER_WARNING : E_USER_NOTICE);
            }
            $request = wp_remote_post($http_url, $http_args);
        }
        if (is_wp_error($request)) {
            $res = new WP_Error('themes_api_failed', sprintf(__('An unexpected error occurred. Something may be wrong with WordPress.org or this server&#8217;s configuration. If you continue to have problems, please try the <a href="%s">support forums</a>.'), __('https://wordpress.org/support/')), $request->get_error_message());
        } else {
            $res = maybe_unserialize(wp_remote_retrieve_body($request));
            if (!is_object($res) && !is_array($res)) {
                $res = new WP_Error('themes_api_failed', sprintf(__('An unexpected error occurred. Something may be wrong with WordPress.org or this server&#8217;s configuration. If you continue to have problems, please try the <a href="%s">support forums</a>.'), __('https://wordpress.org/support/')), wp_remote_retrieve_body($request));
            }
        }
    }
    /**
     * Filters the returned WordPress.org Themes API response.
     *
     * @since 2.8.0
     *
     * @param array|object|WP_Error $res    WordPress.org Themes API response.
     * @param string                $action Requested action. Likely values are 'theme_information',
     *                                      'feature_list', or 'query_themes'.
     * @param object                $args   Arguments used to query for installer pages from the WordPress.org Themes API.
     */
    return apply_filters('themes_api_result', $res, $action, $args);
}
Esempio n. 4
0
/**
 * Set PHP error reporting based on WordPress debug settings.
 *
 * Uses three constants: `WP_DEBUG`, `WP_DEBUG_DISPLAY`, and `WP_DEBUG_LOG`.
 * All three can be defined in wp-config.php. By default, `WP_DEBUG` and
 * `WP_DEBUG_LOG` are set to false, and `WP_DEBUG_DISPLAY` is set to true.
 *
 * When `WP_DEBUG` is true, all PHP notices are reported. WordPress will also
 * display internal notices: when a deprecated WordPress function, function
 * argument, or file is used. Deprecated code may be removed from a later
 * version.
 *
 * It is strongly recommended that plugin and theme developers use `WP_DEBUG`
 * in their development environments.
 *
 * `WP_DEBUG_DISPLAY` and `WP_DEBUG_LOG` perform no function unless `WP_DEBUG`
 * is true.
 *
 * When `WP_DEBUG_DISPLAY` is true, WordPress will force errors to be displayed.
 * `WP_DEBUG_DISPLAY` defaults to true. Defining it as null prevents WordPress
 * from changing the global configuration setting. Defining `WP_DEBUG_DISPLAY`
 * as false will force errors to be hidden.
 *
 * When `WP_DEBUG_LOG` is true, errors will be logged to debug.log in the content
 * directory.
 *
 * Errors are never displayed for XML-RPC, REST, and Ajax requests.
 *
 * @since 3.0.0
 * @access private
 */
function wp_debug_mode()
{
    /**
     * Filters whether to allow the debug mode check to occur.
     *
     * This filter runs before it can be used by plugins. It is designed for
     * non-web run-times. Returning false causes the `WP_DEBUG` and related
     * constants to not be checked and the default php values for errors
     * will be used unless you take care to update them yourself.
     *
     * @since 4.6.0
     *
     * @param bool $enable_debug_mode Whether to enable debug mode checks to occur. Default true.
     */
    if (!apply_filters('enable_wp_debug_mode_checks', true)) {
        return;
    }
    if (WP_DEBUG) {
        error_reporting(E_ALL);
        if (WP_DEBUG_DISPLAY) {
            ini_set('display_errors', 1);
        } elseif (null !== WP_DEBUG_DISPLAY) {
            ini_set('display_errors', 0);
        }
        if (WP_DEBUG_LOG) {
            ini_set('log_errors', 1);
            ini_set('error_log', WP_CONTENT_DIR . '/debug.log');
        }
    } else {
        error_reporting(E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_ERROR | E_WARNING | E_PARSE | E_USER_ERROR | E_USER_WARNING | E_RECOVERABLE_ERROR);
    }
    if (defined('XMLRPC_REQUEST') || defined('REST_REQUEST') || defined('WP_INSTALLING') && WP_INSTALLING || wp_doing_ajax()) {
        @ini_set('display_errors', 0);
    }
}
 /**
  * Return true if it's an Ajax request.
  *
  * @since 3.4.0
  * @since 4.2.0 Added `$action` param.
  * @access public
  *
  * @param string|null $action Whether the supplied Ajax action is being run.
  * @return bool True if it's an Ajax request, false otherwise.
  */
 public function doing_ajax($action = null)
 {
     if (!wp_doing_ajax()) {
         return false;
     }
     if (!$action) {
         return true;
     } else {
         /*
          * Note: we can't just use doing_action( "wp_ajax_{$action}" ) because we need
          * to check before admin-ajax.php gets to that point.
          */
         return isset($_REQUEST['action']) && wp_unslash($_REQUEST['action']) === $action;
     }
 }
Esempio n. 6
0
/**
 * Send a JSON response back to an Ajax request.
 *
 * @since 3.5.0
 *
 * @param mixed $response Variable (usually an array or object) to encode as JSON,
 *                        then print and die.
 */
function wp_send_json($response)
{
    @header('Content-Type: application/json; charset=' . get_option('blog_charset'));
    echo wp_json_encode($response);
    if (wp_doing_ajax()) {
        wp_die();
    } else {
        die;
    }
}
Esempio n. 7
0
/**
 * Saves and restores user interface settings stored in a cookie.
 *
 * Checks if the current user-settings cookie is updated and stores it. When no
 * cookie exists (different browser used), adds the last saved cookie restoring
 * the settings.
 *
 * @since 2.7.0
 */
function wp_user_settings()
{
    if (!is_admin() || wp_doing_ajax()) {
        return;
    }
    if (!($user_id = get_current_user_id())) {
        return;
    }
    if (is_super_admin() && !is_user_member_of_blog()) {
        return;
    }
    $settings = (string) get_user_option('user-settings', $user_id);
    if (isset($_COOKIE['wp-settings-' . $user_id])) {
        $cookie = preg_replace('/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $user_id]);
        // No change or both empty
        if ($cookie == $settings) {
            return;
        }
        $last_saved = (int) get_user_option('user-settings-time', $user_id);
        $current = isset($_COOKIE['wp-settings-time-' . $user_id]) ? preg_replace('/[^0-9]/', '', $_COOKIE['wp-settings-time-' . $user_id]) : 0;
        // The cookie is newer than the saved value. Update the user_option and leave the cookie as-is
        if ($current > $last_saved) {
            update_user_option($user_id, 'user-settings', $cookie, false);
            update_user_option($user_id, 'user-settings-time', time() - 5, false);
            return;
        }
    }
    // The cookie is not set in the current browser or the saved value is newer.
    $secure = 'https' === parse_url(admin_url(), PHP_URL_SCHEME);
    setcookie('wp-settings-' . $user_id, $settings, time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure);
    setcookie('wp-settings-time-' . $user_id, time(), time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure);
    $_COOKIE['wp-settings-' . $user_id] = $settings;
}
Esempio n. 8
0
/**
 * Clear existing update caches for plugins, themes, and core.
 *
 * @since 4.1.0
 */
function wp_clean_update_cache()
{
    if (function_exists('wp_clean_plugins_cache')) {
        wp_clean_plugins_cache();
    } else {
        delete_site_transient('update_plugins');
    }
    wp_clean_themes_cache();
    delete_site_transient('update_core');
}
if (!is_main_site() && !is_network_admin() || wp_doing_ajax()) {
    return;
}
add_action('admin_init', '_maybe_update_core');
add_action('wp_version_check', 'wp_version_check');
add_action('load-plugins.php', 'wp_update_plugins');
add_action('load-update.php', 'wp_update_plugins');
add_action('load-update-core.php', 'wp_update_plugins');
add_action('admin_init', '_maybe_update_plugins');
add_action('wp_update_plugins', 'wp_update_plugins');
add_action('load-themes.php', 'wp_update_themes');
add_action('load-update.php', 'wp_update_themes');
add_action('load-update-core.php', 'wp_update_themes');
add_action('admin_init', '_maybe_update_themes');
add_action('wp_update_themes', 'wp_update_themes');
add_action('update_option_WPLANG', 'wp_clean_update_cache', 10, 0);
/**
 * Checks to see if all of the feed url in $check_urls are cached.
 *
 * If $check_urls is empty, look for the rss feed url found in the dashboard
 * widget options of $widget_id. If cached, call $callback, a function that
 * echoes out output for this widget. If not cache, echo a "Loading..." stub
 * which is later replaced by Ajax call (see top of /wp-admin/index.php)
 *
 * @since 2.5.0
 *
 * @param string $widget_id
 * @param callable $callback
 * @param array $check_urls RSS feeds
 * @return bool False on failure. True on success.
 */
function wp_dashboard_cached_rss_widget($widget_id, $callback, $check_urls = array())
{
    $loading = '<p class="widget-loading hide-if-no-js">' . __('Loading&#8230;') . '</p><p class="hide-if-js">' . __('This widget requires JavaScript.') . '</p>';
    $doing_ajax = wp_doing_ajax();
    if (empty($check_urls)) {
        $widgets = get_option('dashboard_widget_options');
        if (empty($widgets[$widget_id]['url']) && !$doing_ajax) {
            echo $loading;
            return false;
        }
        $check_urls = array($widgets[$widget_id]['url']);
    }
    $locale = get_locale();
    $cache_key = 'dash_' . md5($widget_id . '_' . $locale);
    if (false !== ($output = get_transient($cache_key))) {
        echo $output;
        return true;
    }
    if (!$doing_ajax) {
        echo $loading;
        return false;
    }
    if ($callback && is_callable($callback)) {
        $args = array_slice(func_get_args(), 3);
        array_unshift($args, $widget_id, $check_urls);
        ob_start();
        call_user_func_array($callback, $args);
        set_transient($cache_key, ob_get_flush(), 12 * HOUR_IN_SECONDS);
        // Default lifetime in cache of 12 hours (same as the feeds)
    }
    return true;
}
 /**
  * Display XML formatted responses.
  *
  * Sets the content type header to text/xml.
  *
  * @since 2.1.0
  */
 public function send()
 {
     header('Content-Type: text/xml; charset=' . get_option('blog_charset'));
     echo "<?xml version='1.0' encoding='" . get_option('blog_charset') . "' standalone='yes'?><wp_ajax>";
     foreach ((array) $this->responses as $response) {
         echo $response;
     }
     echo '</wp_ajax>';
     if (wp_doing_ajax()) {
         wp_die();
     } else {
         die;
     }
 }
 /**
  * Generate and display row actions links.
  *
  * @since 4.3.0
  * @access protected
  *
  * @global string $comment_status Status for the current listed comments.
  *
  * @param WP_Comment $comment     The comment object.
  * @param string     $column_name Current column name.
  * @param string     $primary     Primary column name.
  * @return string|void Comment row actions output.
  */
 protected function handle_row_actions($comment, $column_name, $primary)
 {
     global $comment_status;
     if ($primary !== $column_name) {
         return '';
     }
     if (!$this->user_can) {
         return;
     }
     $the_comment_status = wp_get_comment_status($comment);
     $out = '';
     $del_nonce = esc_html('_wpnonce=' . wp_create_nonce("delete-comment_{$comment->comment_ID}"));
     $approve_nonce = esc_html('_wpnonce=' . wp_create_nonce("approve-comment_{$comment->comment_ID}"));
     $url = "comment.php?c={$comment->comment_ID}";
     $approve_url = esc_url($url . "&action=approvecomment&{$approve_nonce}");
     $unapprove_url = esc_url($url . "&action=unapprovecomment&{$approve_nonce}");
     $spam_url = esc_url($url . "&action=spamcomment&{$del_nonce}");
     $unspam_url = esc_url($url . "&action=unspamcomment&{$del_nonce}");
     $trash_url = esc_url($url . "&action=trashcomment&{$del_nonce}");
     $untrash_url = esc_url($url . "&action=untrashcomment&{$del_nonce}");
     $delete_url = esc_url($url . "&action=deletecomment&{$del_nonce}");
     // Preorder it: Approve | Reply | Quick Edit | Edit | Spam | Trash.
     $actions = array('approve' => '', 'unapprove' => '', 'reply' => '', 'quickedit' => '', 'edit' => '', 'spam' => '', 'unspam' => '', 'trash' => '', 'untrash' => '', 'delete' => '');
     // Not looking at all comments.
     if ($comment_status && 'all' != $comment_status) {
         if ('approved' === $the_comment_status) {
             $actions['unapprove'] = "<a href='{$unapprove_url}' data-wp-lists='delete:the-comment-list:comment-{$comment->comment_ID}:e7e7d3:action=dim-comment&amp;new=unapproved' class='vim-u vim-destructive' aria-label='" . esc_attr__('Unapprove this comment') . "'>" . __('Unapprove') . '</a>';
         } elseif ('unapproved' === $the_comment_status) {
             $actions['approve'] = "<a href='{$approve_url}' data-wp-lists='delete:the-comment-list:comment-{$comment->comment_ID}:e7e7d3:action=dim-comment&amp;new=approved' class='vim-a vim-destructive' aria-label='" . esc_attr__('Approve this comment') . "'>" . __('Approve') . '</a>';
         }
     } else {
         $actions['approve'] = "<a href='{$approve_url}' data-wp-lists='dim:the-comment-list:comment-{$comment->comment_ID}:unapproved:e7e7d3:e7e7d3:new=approved' class='vim-a' aria-label='" . esc_attr__('Approve this comment') . "'>" . __('Approve') . '</a>';
         $actions['unapprove'] = "<a href='{$unapprove_url}' data-wp-lists='dim:the-comment-list:comment-{$comment->comment_ID}:unapproved:e7e7d3:e7e7d3:new=unapproved' class='vim-u' aria-label='" . esc_attr__('Unapprove this comment') . "'>" . __('Unapprove') . '</a>';
     }
     if ('spam' !== $the_comment_status) {
         $actions['spam'] = "<a href='{$spam_url}' data-wp-lists='delete:the-comment-list:comment-{$comment->comment_ID}::spam=1' class='vim-s vim-destructive' aria-label='" . esc_attr__('Mark this comment as spam') . "'>" . _x('Spam', 'verb') . '</a>';
     } elseif ('spam' === $the_comment_status) {
         $actions['unspam'] = "<a href='{$unspam_url}' data-wp-lists='delete:the-comment-list:comment-{$comment->comment_ID}:66cc66:unspam=1' class='vim-z vim-destructive' aria-label='" . esc_attr__('Restore this comment from the spam') . "'>" . _x('Not Spam', 'comment') . '</a>';
     }
     if ('trash' === $the_comment_status) {
         $actions['untrash'] = "<a href='{$untrash_url}' data-wp-lists='delete:the-comment-list:comment-{$comment->comment_ID}:66cc66:untrash=1' class='vim-z vim-destructive' aria-label='" . esc_attr__('Restore this comment from the Trash') . "'>" . __('Restore') . '</a>';
     }
     if ('spam' === $the_comment_status || 'trash' === $the_comment_status || !EMPTY_TRASH_DAYS) {
         $actions['delete'] = "<a href='{$delete_url}' data-wp-lists='delete:the-comment-list:comment-{$comment->comment_ID}::delete=1' class='delete vim-d vim-destructive' aria-label='" . esc_attr__('Delete this comment permanently') . "'>" . __('Delete Permanently') . '</a>';
     } else {
         $actions['trash'] = "<a href='{$trash_url}' data-wp-lists='delete:the-comment-list:comment-{$comment->comment_ID}::trash=1' class='delete vim-d vim-destructive' aria-label='" . esc_attr__('Move this comment to the Trash') . "'>" . _x('Trash', 'verb') . '</a>';
     }
     if ('spam' !== $the_comment_status && 'trash' !== $the_comment_status) {
         $actions['edit'] = "<a href='comment.php?action=editcomment&amp;c={$comment->comment_ID}' aria-label='" . esc_attr__('Edit this comment') . "'>" . __('Edit') . '</a>';
         $format = '<a data-comment-id="%d" data-post-id="%d" data-action="%s" class="%s" aria-label="%s" href="#">%s</a>';
         $actions['quickedit'] = sprintf($format, $comment->comment_ID, $comment->comment_post_ID, 'edit', 'vim-q comment-inline', esc_attr__('Quick edit this comment inline'), __('Quick&nbsp;Edit'));
         $actions['reply'] = sprintf($format, $comment->comment_ID, $comment->comment_post_ID, 'replyto', 'vim-r comment-inline', esc_attr__('Reply to this comment'), __('Reply'));
     }
     /** This filter is documented in wp-admin/includes/dashboard.php */
     $actions = apply_filters('comment_row_actions', array_filter($actions), $comment);
     $i = 0;
     $out .= '<div class="row-actions">';
     foreach ($actions as $action => $link) {
         ++$i;
         ('approve' === $action || 'unapprove' === $action) && 2 === $i || 1 === $i ? $sep = '' : ($sep = ' | ');
         // Reply and quickedit need a hide-if-no-js span when not added with ajax
         if (('reply' === $action || 'quickedit' === $action) && !wp_doing_ajax()) {
             $action .= ' hide-if-no-js';
         } elseif ($action === 'untrash' && $the_comment_status === 'trash' || $action === 'unspam' && $the_comment_status === 'spam') {
             if ('1' == get_comment_meta($comment->comment_ID, '_wp_trash_meta_status', true)) {
                 $action .= ' approve';
             } else {
                 $action .= ' unapprove';
             }
         }
         $out .= "<span class='{$action}'>{$sep}{$link}</span>";
     }
     $out .= '</div>';
     $out .= '<button type="button" class="toggle-row"><span class="screen-reader-text">' . __('Show more details') . '</span></button>';
     return $out;
 }
 /**
  * An internal method that sets all the necessary pagination arguments
  *
  * @since 3.1.0
  * @access protected
  *
  * @param array|string $args Array or string of arguments with information about the pagination.
  */
 protected function set_pagination_args($args)
 {
     $args = wp_parse_args($args, array('total_items' => 0, 'total_pages' => 0, 'per_page' => 0));
     if (!$args['total_pages'] && $args['per_page'] > 0) {
         $args['total_pages'] = ceil($args['total_items'] / $args['per_page']);
     }
     // Redirect if page number is invalid and headers are not already sent.
     if (!headers_sent() && !wp_doing_ajax() && $args['total_pages'] > 0 && $this->get_pagenum() > $args['total_pages']) {
         wp_redirect(add_query_arg('paged', $args['total_pages']));
         exit;
     }
     $this->_pagination_args = $args;
 }
Esempio n. 13
0
/**
 * Check whether comment flooding is occurring.
 *
 * Won't run, if current user can manage options, so to not block
 * administrators.
 *
 * @since 2.3.0
 *
 * @global wpdb $wpdb WordPress database abstraction object.
 *
 * @param string $ip Comment IP.
 * @param string $email Comment author email address.
 * @param string $date MySQL time string.
 */
function check_comment_flood_db($ip, $email, $date)
{
    global $wpdb;
    // don't throttle admins or moderators
    if (current_user_can('manage_options') || current_user_can('moderate_comments')) {
        return;
    }
    $hour_ago = gmdate('Y-m-d H:i:s', time() - HOUR_IN_SECONDS);
    if (is_user_logged_in()) {
        $user = get_current_user_id();
        $check_column = '`user_id`';
    } else {
        $user = $ip;
        $check_column = '`comment_author_IP`';
    }
    $sql = $wpdb->prepare("SELECT `comment_date_gmt` FROM `{$wpdb->comments}` WHERE `comment_date_gmt` >= %s AND ( {$check_column} = %s OR `comment_author_email` = %s ) ORDER BY `comment_date_gmt` DESC LIMIT 1", $hour_ago, $user, $email);
    $lasttime = $wpdb->get_var($sql);
    if ($lasttime) {
        $time_lastcomment = mysql2date('U', $lasttime, false);
        $time_newcomment = mysql2date('U', $date, false);
        /**
         * Filters the comment flood status.
         *
         * @since 2.1.0
         *
         * @param bool $bool             Whether a comment flood is occurring. Default false.
         * @param int  $time_lastcomment Timestamp of when the last comment was posted.
         * @param int  $time_newcomment  Timestamp of when the new comment was posted.
         */
        $flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
        if ($flood_die) {
            /**
             * Fires before the comment flood message is triggered.
             *
             * @since 1.5.0
             *
             * @param int $time_lastcomment Timestamp of when the last comment was posted.
             * @param int $time_newcomment  Timestamp of when the new comment was posted.
             */
            do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment);
            if (wp_doing_ajax()) {
                die(__('You are posting comments too quickly. Slow down.'));
            }
            wp_die(__('You are posting comments too quickly. Slow down.'), 429);
        }
    }
}
 /**
  * Generates and displays row action links.
  *
  * @since 4.3.0
  * @access protected
  *
  * @param WP_Term $tag         Tag being acted upon.
  * @param string  $column_name Current column name.
  * @param string  $primary     Primary column name.
  * @return string Row actions output for terms.
  */
 protected function handle_row_actions($tag, $column_name, $primary)
 {
     if ($primary !== $column_name) {
         return '';
     }
     $taxonomy = $this->screen->taxonomy;
     $tax = get_taxonomy($taxonomy);
     $default_term = get_option('default_' . $taxonomy);
     $uri = wp_doing_ajax() ? wp_get_referer() : $_SERVER['REQUEST_URI'];
     $edit_link = add_query_arg('wp_http_referer', urlencode(wp_unslash($uri)), get_edit_term_link($tag->term_id, $taxonomy, $this->screen->post_type));
     $actions = array();
     if (current_user_can($tax->cap->edit_terms)) {
         $actions['edit'] = sprintf('<a href="%s" aria-label="%s">%s</a>', esc_url($edit_link), esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $tag->name)), __('Edit'));
         $actions['inline hide-if-no-js'] = sprintf('<a href="#" class="editinline aria-button-if-js" aria-label="%s">%s</a>', esc_attr(sprintf(__('Quick edit &#8220;%s&#8221; inline'), $tag->name)), __('Quick&nbsp;Edit'));
     }
     if (current_user_can($tax->cap->delete_terms) && $tag->term_id != $default_term) {
         $actions['delete'] = sprintf('<a href="%s" class="delete-tag aria-button-if-js" aria-label="%s">%s</a>', wp_nonce_url("edit-tags.php?action=delete&amp;taxonomy={$taxonomy}&amp;tag_ID={$tag->term_id}", 'delete-tag_' . $tag->term_id), esc_attr(sprintf(__('Delete &#8220;%s&#8221;'), $tag->name)), __('Delete'));
     }
     if ($tax->public) {
         $actions['view'] = sprintf('<a href="%s" aria-label="%s">%s</a>', get_term_link($tag), esc_attr(sprintf(__('View &#8220;%s&#8221; archive'), $tag->name)), __('View'));
     }
     /**
      * Filters the action links displayed for each term in the Tags list table.
      *
      * @since 2.8.0
      * @deprecated 3.0.0 Use {$taxonomy}_row_actions instead.
      *
      * @param array  $actions An array of action links to be displayed. Default
      *                        'Edit', 'Quick Edit', 'Delete', and 'View'.
      * @param WP_Term $tag    Term object.
      */
     $actions = apply_filters('tag_row_actions', $actions, $tag);
     /**
      * Filters the action links displayed for each term in the terms list table.
      *
      * The dynamic portion of the hook name, `$taxonomy`, refers to the taxonomy slug.
      *
      * @since 3.0.0
      *
      * @param array  $actions An array of action links to be displayed. Default
      *                        'Edit', 'Quick Edit', 'Delete', and 'View'.
      * @param WP_Term $tag    Term object.
      */
     $actions = apply_filters("{$taxonomy}_row_actions", $actions, $tag);
     return $this->row_actions($actions);
 }
 /**
  * Verifies the Ajax request to prevent processing requests external of the blog.
  *
  * @since 2.0.3
  *
  * @param int|string   $action    Action nonce.
  * @param false|string $query_arg Optional. Key to check for the nonce in `$_REQUEST` (since 2.5). If false,
  *                                `$_REQUEST` values will be evaluated for '_ajax_nonce', and '_wpnonce'
  *                                (in that order). Default false.
  * @param bool         $die       Optional. Whether to die early when the nonce cannot be verified.
  *                                Default true.
  * @return false|int False if the nonce is invalid, 1 if the nonce is valid and generated between
  *                   0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
  */
 function check_ajax_referer($action = -1, $query_arg = false, $die = true)
 {
     if (-1 == $action) {
         _doing_it_wrong(__FUNCTION__, __('You should specify a nonce action to be verified by using the first parameter.'), '4.7');
     }
     $nonce = '';
     if ($query_arg && isset($_REQUEST[$query_arg])) {
         $nonce = $_REQUEST[$query_arg];
     } elseif (isset($_REQUEST['_ajax_nonce'])) {
         $nonce = $_REQUEST['_ajax_nonce'];
     } elseif (isset($_REQUEST['_wpnonce'])) {
         $nonce = $_REQUEST['_wpnonce'];
     }
     $result = wp_verify_nonce($nonce, $action);
     /**
      * Fires once the Ajax request has been validated or not.
      *
      * @since 2.1.0
      *
      * @param string    $action The Ajax nonce action.
      * @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between
      *                          0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
      */
     do_action('check_ajax_referer', $action, $result);
     if ($die && false === $result) {
         if (wp_doing_ajax()) {
             wp_die(-1, 403);
         } else {
             die('-1');
         }
     }
     return $result;
 }
Esempio n. 16
0
 /**
  * Verifies the Ajax request to prevent processing requests external of the blog.
  *
  * @since 2.0.3
  *
  * @param int|string   $action    Action nonce.
  * @param false|string $query_arg Optional. Key to check for the nonce in `$_REQUEST` (since 2.5). If false,
  *                                `$_REQUEST` values will be evaluated for '_ajax_nonce', and '_wpnonce'
  *                                (in that order). Default false.
  * @param bool         $die       Optional. Whether to die early when the nonce cannot be verified.
  *                                Default true.
  * @return false|int False if the nonce is invalid, 1 if the nonce is valid and generated between
  *                   0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
  */
 function check_ajax_referer($action = -1, $query_arg = false, $die = true)
 {
     $nonce = '';
     if ($query_arg && isset($_REQUEST[$query_arg])) {
         $nonce = $_REQUEST[$query_arg];
     } elseif (isset($_REQUEST['_ajax_nonce'])) {
         $nonce = $_REQUEST['_ajax_nonce'];
     } elseif (isset($_REQUEST['_wpnonce'])) {
         $nonce = $_REQUEST['_wpnonce'];
     }
     $result = wp_verify_nonce($nonce, $action);
     /**
      * Fires once the Ajax request has been validated or not.
      *
      * @since 2.1.0
      *
      * @param string    $action The Ajax nonce action.
      * @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between
      *                          0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
      */
     do_action('check_ajax_referer', $action, $result);
     if ($die && false === $result) {
         if (wp_doing_ajax()) {
             wp_die(-1);
         } else {
             die('-1');
         }
     }
     return $result;
 }