  * Generate a URL to an endpoint
  * Used to construct meta links in API responses
  * @param mixed $args Optional arguments to be appended to URL
  * @return string Endpoint URL
 function get_link()
     $args = func_get_args();
     $format = array_shift($args);
     $base = WPCOM_JSON_API__BASE;
     $path = array_pop($args);
     if ($path) {
         $path = '/' . ltrim($path, '/');
     $args[] = $path;
     // Escape any % in args before using sprintf
     $escaped_args = array();
     foreach ($args as $arg_key => $arg_value) {
         $escaped_args[$arg_key] = str_replace('%', '%%', $arg_value);
     $relative_path = vsprintf("{$format}%s", $escaped_args);
     if (!wp_startswith($relative_path, '.')) {
         // Generic version. Match the requested version as best we can
         $api_version = $this->get_closest_version_of_endpoint($format, $relative_path);
         $base = substr($base, 0, -1) . $api_version;
     // escape any % in the relative path before running it through sprintf again
     $relative_path = str_replace('%', '%%', $relative_path);
     // http, WPCOM_JSON_API__BASE, ...    , path
     // %s  , %s                  , $format, %s
     return esc_url_raw(sprintf("https://%s{$relative_path}", $base));
 function callback($path = '', $blog_id = 0)
     $blog_id = $this->api->switch_to_blog_and_validate_user($this->api->get_blog_id($blog_id));
     if (is_wp_error($blog_id)) {
         return $blog_id;
     if (!current_user_can('edit_posts')) {
         return new WP_Error('unauthorized', 'Your token must have permission to post on this blog.', 403);
     $args = $this->query_args();
     $shortcode = trim($args['shortcode']);
     // Quick validation - shortcodes should always be enclosed in brackets []
     if (!wp_startswith($shortcode, '[') || !wp_endswith($shortcode, ']')) {
         return new WP_Error('invalid_shortcode', 'The shortcode parameter must begin and end with square brackets.', 400);
     // Make sure only one shortcode is being rendered at a time
     $pattern = get_shortcode_regex();
     preg_match_all("/{$pattern}/s", $shortcode, $matches);
     if (count($matches[0]) > 1) {
         return new WP_Error('invalid_shortcode', 'Only one shortcode can be rendered at a time.', 400);
     $render = $this->process_render(array($this, 'do_shortcode'), $shortcode);
     // if nothing happened, then the shortcode does not exist.
     if ($shortcode == $render['result']) {
         return new WP_Error('invalid_shortcode', 'The requested shortcode does not exist.', 400);
     // our output for this endpoint..
     $return['shortcode'] = $shortcode;
     $return['result'] = $render['result'];
     $return = $this->add_assets($return, $render['loaded_scripts'], $render['loaded_styles']);
     return $return;
  * Should we allow the meta key to be synced?
  * @param string $meta_key The meta key.
  * @return bool
 function is_meta_key_allowed($meta_key)
     if ('_' === $meta_key[0] && !in_array($meta_key, Jetpack_Sync_Defaults::$default_whitelist_meta_keys) && !wp_startswith($meta_key, '_wpas_skip_')) {
         return false;
     if (in_array($meta_key, Jetpack_Sync_Settings::get_setting('meta_blacklist'))) {
         return false;
     return true;
Esempio n. 4
 public static function imagecreatefromurl($image_url)
     $data = null;
     // If it's a URL:
     if (preg_match('#^https?://#i', $image_url)) {
         // If it's a url pointing to a local media library url:
         $content_url = content_url();
         $_image_url = set_url_scheme($image_url);
         if (wp_startswith($_image_url, $content_url)) {
             $_image_path = str_replace($content_url, ABSPATH . 'wp-content', $_image_url);
             if (file_exists($_image_path)) {
                 $filetype = wp_check_filetype($_image_path);
                 $ext = $filetype['ext'];
                 $type = $filetype['type'];
                 if (wp_startswith($type, 'image/')) {
                     $data = file_get_contents($_image_path);
         if (empty($data)) {
             $response = wp_remote_get($image_url);
             if (is_wp_error($response)) {
                 return $response;
             $data = wp_remote_retrieve_body($response);
     // If it's a local path in our WordPress install:
     if (file_exists($image_url)) {
         $filetype = wp_check_filetype($image_url);
         $ext = $filetype['ext'];
         $type = $filetype['type'];
         if (wp_startswith($type, 'image/')) {
             $data = file_get_contents($image_url);
     // Now turn it into an image and return it.
     return imagecreatefromstring($data);
Esempio n. 5
  * Populate an array with all values necessary to submit a NEW contact-form feedback to Akismet.
  * Note that this includes the current user_ip etc, so this should only be called when accepting a new item via $_POST
  * @param array $form Contact form feedback array
  * @return array feedback array with additional data ready for submission to Akismet
 function prepare_for_akismet($form)
     $form['comment_type'] = 'contact_form';
     $form['user_ip'] = $_SERVER['REMOTE_ADDR'];
     $form['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
     $form['referrer'] = $_SERVER['HTTP_REFERER'];
     $form['blog'] = get_option('home');
     foreach ($_SERVER as $key => $value) {
         if (!is_string($value)) {
         if (in_array($key, array('HTTP_COOKIE', 'HTTP_COOKIE2', 'HTTP_USER_AGENT', 'HTTP_REFERER'))) {
             // We don't care about cookies, and the UA and Referrer were caught above.
         } elseif (in_array($key, array('REMOTE_ADDR', 'REQUEST_URI', 'DOCUMENT_URI'))) {
             // All three of these are relevant indicators and should be passed along.
             $form[$key] = $value;
         } elseif (wp_startswith($key, 'HTTP_')) {
             // Any other HTTP header indicators.
             // `wp_startswith()` is a wpcom helper function and is included in Jetpack via `functions.compat.php`
             $form[$key] = $value;
     return $form;
Esempio n. 6
function jetpack_photon_banned_domains($skip, $image_url, $args, $scheme)
    $banned_domains = array('http://chart.googleapis.com/', 'https://chart.googleapis.com/', 'http://chart.apis.google.com/');
    foreach ($banned_domains as $banned_domain) {
        if (wp_startswith($image_url, $banned_domain)) {
            return true;
    return $skip;
 function is_whitelisted_post_meta($meta_key)
     // _wpas_skip_ is used by publicize
     return in_array($meta_key, Jetpack_Sync_Settings::get_setting('post_meta_whitelist')) || wp_startswith($meta_key, '_wpas_skip_');
 function is_whitelisted_post_meta($meta_key)
     // _wpas_skip_ is used by publicize
     return in_array($meta_key, $this->get_post_meta_whitelist()) || wp_startswith($meta_key, '_wpas_skip_');