/** * Performs a safe (local) redirect, using hq_redirect(). * * Checks whether the $location is using an allowed host, if it has an absolute * path. A plugin can therefore set or remove allowed host(s) to or from the * list. * * If the host is not allowed, then the redirect defaults to hq-admin on the siteurl * instead. This prevents malicious redirects which redirect to another host, * but only used in a few places. * * @since 0.0.1 */ function hq_safe_redirect($location, $status = 302) { // Need to look at the URL the way it will end up in hq_redirect() $location = hq_sanitize_redirect($location); /** * Filter the redirect fallback URL for when the provided redirect is not safe (local). * * @since 0.0.1 * * @param string $fallback_url The fallback URL to use by default. * @param int $status The redirect status. */ $location = hq_validate_redirect($location, apply_filters('hq_safe_redirect_fallback', admin_url(), $status)); hq_redirect($location, $status); }
/** * Attempts activation of plugin in a "sandbox" and redirects on success. * * A plugin that is already activated will not attempt to be activated again. * * The way it works is by setting the redirection to the error before trying to * include the plugin file. If the plugin fails, then the redirection will not * be overwritten with the success message. Also, the options will not be * updated and the activation hook will not be called on plugin error. * * It should be noted that in no way the below code will actually prevent errors * within the file. The code should not be used elsewhere to replicate the * "sandbox", which uses redirection to work. * {@source 13 1} * * If any errors are found or text is outputted, then it will be captured to * ensure that the success redirection will update the error redirection. * * @since 0.0.1 * * @param string $plugin Plugin path to main plugin file with plugin data. * @param string $redirect Optional. URL to redirect to. * @param bool $network_wide Whether to enable the plugin for all sites in the * network or just the current site. Multisite only. Default is false. * @param bool $silent Prevent calling activation hooks. Optional, default is false. * @return HQ_Error|null HQ_Error on invalid file or null on success. */ function activate_plugin($plugin, $redirect = '', $network_wide = false, $silent = false) { $plugin = plugin_basename(trim($plugin)); if (is_multisite() && ($network_wide || is_network_only_plugin($plugin))) { $network_wide = true; $current = get_site_option('active_sitewide_plugins', array()); $_GET['networkwide'] = 1; // Back compat for plugins looking for this value. } else { $current = get_option('active_plugins', array()); } $valid = validate_plugin($plugin); if (is_hq_error($valid)) { return $valid; } if ($network_wide && !isset($current[$plugin]) || !$network_wide && !in_array($plugin, $current)) { if (!empty($redirect)) { hq_redirect(add_query_arg('_error_nonce', hq_create_nonce('plugin-activation-error_' . $plugin), $redirect)); } // we'll override this later if the plugin can be included without fatal error ob_start(); hq_register_plugin_realpath(HQ_PLUGIN_DIR . '/' . $plugin); $_hq_plugin_file = $plugin; include_once HQ_PLUGIN_DIR . '/' . $plugin; $plugin = $_hq_plugin_file; // Avoid stomping of the $plugin variable in a plugin. if (!$silent) { /** * Fires before a plugin is activated. * * If a plugin is silently activated (such as during an update), * this hook does not fire. * * @since 0.0.1 * * @param string $plugin Plugin path to main plugin file with plugin data. * @param bool $network_wide Whether to enable the plugin for all sites in the network * or just the current site. Multisite only. Default is false. */ do_action('activate_plugin', $plugin, $network_wide); /** * Fires as a specific plugin is being activated. * * This hook is the "activation" hook used internally by * {@see register_activation_hook()}. The dynamic portion of the * hook name, `$plugin`, refers to the plugin basename. * * If a plugin is silently activated (such as during an update), * this hook does not fire. * * @since 0.0.1 * * @param bool $network_wide Whether to enable the plugin for all sites in the network * or just the current site. Multisite only. Default is false. */ do_action('activate_' . $plugin, $network_wide); } if ($network_wide) { $current = get_site_option('active_sitewide_plugins', array()); $current[$plugin] = time(); update_site_option('active_sitewide_plugins', $current); } else { $current = get_option('active_plugins', array()); $current[] = $plugin; sort($current); update_option('active_plugins', $current); } if (!$silent) { /** * Fires after a plugin has been activated. * * If a plugin is silently activated (such as during an update), * this hook does not fire. * * @since 0.0.1 * * @param string $plugin Plugin path to main plugin file with plugin data. * @param bool $network_wide Whether to enable the plugin for all sites in the network * or just the current site. Multisite only. Default is false. */ do_action('activated_plugin', $plugin, $network_wide); } if (ob_get_length() > 0) { $output = ob_get_clean(); return new HQ_Error('unexpected_output', __('The plugin generated unexpected output.'), $output); } ob_end_clean(); } return null; }
include HQ_PLUGIN_DIR . "/{$plugin_page}"; } } include ABSPATH . 'hq-admin/admin-footer.php'; exit; } elseif (isset($_GET['import'])) { $importer = $_GET['import']; if (!current_user_can('import')) { hq_die(__('You are not allowed to import.')); } if (validate_file($importer)) { hq_redirect(admin_url('import.php?invalid=' . $importer)); exit; } if (!isset($hq_importers[$importer]) || !is_callable($hq_importers[$importer][2])) { hq_redirect(admin_url('import.php?invalid=' . $importer)); exit; } /** * Fires before an importer screen is loaded. * * The dynamic portion of the hook name, `$importer`, refers to the importer slug. * * @since 0.0.1 */ do_action('load-importer-' . $importer); $parent_file = 'tools.php'; $submenu_file = 'import.php'; $title = __('Import'); if (!isset($_GET['noheader'])) { require_once ABSPATH . 'hq-admin/admin-header.php';
case 'register': //TODO: Goyo no multisite //if ( is_multisite() ) { if (false) { /** * Filter the Multisite sign up URL. * * @since 3.0.0 * * @param string $sign_up_url The sign up URL. */ hq_redirect(apply_filters('hq_signup_location', network_site_url('hq-signup.php'))); exit; } if (!get_option('users_can_register')) { hq_redirect(site_url('hq-login.php?registration=disabled')); exit; } $user_login = ''; $user_email = ''; if ($http_post) { $user_login = $_POST['user_login']; $user_email = $_POST['user_email']; $errors = register_new_user($user_login, $user_email); if (!is_hq_error($errors)) { $redirect_to = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : 'hq-login.php?checkemail=registered'; hq_safe_redirect($redirect_to); exit; } } $registration_redirect = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '';