コード例 #1
0
 /**
  * Activated the given EDD license.
  *
  * @return	void
  * @since	1.7.1
  */
 public function activateLicense($option)
 {
     if ($this->settings['id'] != $option->settings['id']) {
         return;
     }
     /* Get the license */
     $license = esc_attr($this->getValue());
     /* License ID */
     $key = substr(md5($license), 0, 10);
     /* If the license is set we can handle activation. */
     if (strlen($license) > 0) {
         /* First of all we check if the user requested a manual activation */
         if (isset($_GET['eddactivate']) && '1' == $_GET['eddactivate']) {
             global $pagenow;
             if (isset($_GET)) {
                 $get = (array) $_GET;
             }
             if (isset($get['eddactivate'])) {
                 unset($get['eddactivate']);
             }
             $this->check($license, 'activate_license');
             /* Redirect to the settings page without the eddactivate parameter (otherwise it's used in all tabs links) */
             wp_redirect(wp_sanitize_redirect(add_query_arg($get, admin_url($pagenow))));
         }
         /* First activation of the license. */
         if (false == get_transient("tf_edd_license_try_{$key}")) {
             $this->check($license, 'activate_license');
         }
     }
 }
コード例 #2
0
 public function json_create_user()
 {
     $error = array("status" => 0, "msg" => __('There has been an error processing your request. Please, reload the page and try again.', Eab_EventsHub::TEXT_DOMAIN));
     $data = stripslashes_deep($_POST);
     $email = $data['email'];
     if (empty($email)) {
         $error['msg'] = __('Please, submit an email.', Eab_EventsHub::TEXT_DOMAIN);
         die(json_encode($error));
     }
     if (!is_email($email)) {
         $error['msg'] = __('Please, submit a valid email.', Eab_EventsHub::TEXT_DOMAIN);
         die(json_encode($error));
     }
     if (email_exists($email)) {
         $current_location = get_permalink();
         if (!empty($data['location'])) {
             // Let's make this sane first - it's coming from a POST request, so make that sane
             $loc = wp_validate_redirect(wp_sanitize_redirect($data['location']));
             if (!empty($loc)) {
                 $current_location = $loc;
             }
         }
         $login_link = wp_login_url($current_location);
         $login_message = sprintf(__('The email address already exists. Please <a href="%s">Login</a> and RSVP to the event.', Eab_EventsHub::TEXT_DOMAIN), $login_link);
         $error['msg'] = $login_message;
         die(json_encode($error));
     }
     $wordp_user = $this->_create_user($email);
     if (is_object($wordp_user) && !empty($wordp_user->ID)) {
         $this->_login_user($wordp_user);
     } else {
         die(json_encode($error));
     }
     die(json_encode(array("status" => 1)));
 }
コード例 #3
0
ファイル: AB_PayPal.php プロジェクト: patrickcurl/monks
 /**
  * Send the Express Checkout NVP request
  *
  * @param $form_id
  * @throws Exception
  */
 public function send_EC_Request($form_id)
 {
     if (!session_id()) {
         @session_start();
     }
     if (!count($this->products)) {
         throw new Exception('Products not found!');
     }
     $total = 0;
     // create the data to send on PayPal
     $data = '&SOLUTIONTYPE=' . 'Sole' . '&PAYMENTREQUEST_0_PAYMENTACTION=' . 'Sale' . '&PAYMENTREQUEST_0_CURRENCYCODE=' . urlencode(get_option('ab_paypal_currency')) . '&RETURNURL=' . urlencode(add_query_arg(array('action' => 'ab-paypal-returnurl', 'ab_fid' => $form_id), AB_Utils::getCurrentPageURL())) . '&CANCELURL=' . urlencode(add_query_arg(array('action' => 'ab-paypal-cancelurl', 'ab_fid' => $form_id), AB_Utils::getCurrentPageURL()));
     foreach ($this->products as $k => $product) {
         $data .= "&L_PAYMENTREQUEST_0_NAME{$k}=" . urlencode($product->name) . "&L_PAYMENTREQUEST_0_DESC{$k}=" . urlencode($product->desc) . "&L_PAYMENTREQUEST_0_AMT{$k}=" . urlencode($product->price) . "&L_PAYMENTREQUEST_0_QTY{$k}=" . urlencode($product->qty);
         $total += $product->qty * $product->price;
     }
     $data .= "&PAYMENTREQUEST_0_AMT=" . urlencode($total) . "&PAYMENTREQUEST_0_ITEMAMT=" . urlencode($total);
     // send the request to PayPal
     $response = self::sendNvpRequest('SetExpressCheckout', $data);
     //Respond according to message we receive from Paypal
     if ("SUCCESS" == strtoupper($response["ACK"]) || "SUCCESSWITHWARNING" == strtoupper($response["ACK"])) {
         $_SESSION['bookly'][$form_id]['paypal_response'] = array($response, $form_id);
         $paypalurl = 'https://www' . get_option('ab_paypal_ec_mode') . '.paypal.com/cgi-bin/webscr?cmd=_express-checkout&useraction=commit&token=' . urldecode($response["TOKEN"]);
         header('Location: ' . $paypalurl);
         exit;
     } else {
         header('Location: ' . wp_sanitize_redirect(add_query_arg(array('action' => 'ab-paypal-errorurl', 'ab_fid' => $form_id, 'error_msg' => $response["L_LONGMESSAGE0"]), AB_Utils::getCurrentPageURL())));
         exit;
     }
 }
コード例 #4
0
/**
 * Copy and paste of WordPress original function where headers are but stored
 * before sending to avoid CLI limitations.
 *
 * @param $location
 * @param int $status
 * @return bool
 */
function wp_redirect($location, $status = 302)
{
    global $is_IIS;
    /**
     * Filter the redirect location.
     *
     * @since 2.1.0
     *
     * @param string $location The path to redirect to.
     * @param int $status Status code to use.
     */
    $location = apply_filters('wp_redirect', $location, $status);
    /**
     * Filter the redirect status code.
     *
     * @since 2.3.0
     *
     * @param int $status Status code to use.
     * @param string $location The path to redirect to.
     */
    $status = apply_filters('wp_redirect_status', $status, $location);
    if (!$location) {
        return false;
    }
    $location = wp_sanitize_redirect($location);
    if (!$is_IIS && PHP_SAPI != 'cgi-fcgi') {
        status_header($status);
    }
    // This causes problems on IIS and some FastCGI setups
    header("Location: {$location}", true, $status);
    global $cli_headers;
    $cli_headers["Location: {$location}"] = $status;
    return true;
}
コード例 #5
0
function wpas_system_tools()
{
    if (!isset($_GET['tool']) || !isset($_GET['_nonce'])) {
        return false;
    }
    if (!wp_verify_nonce($_GET['_nonce'], 'system_tool')) {
        return false;
    }
    switch (sanitize_text_field($_GET['tool'])) {
        /* Clear all tickets metas */
        case 'tickets_metas':
            wpas_clear_tickets_metas();
            break;
        case 'agents_metas':
            wpas_clear_agents_metas();
            break;
        case 'clear_taxonomies':
            wpas_clear_taxonomies();
            break;
        case 'resync_products':
            wpas_delete_synced_products(true);
            break;
        case 'delete_products':
            wpas_delete_synced_products();
            break;
    }
    /* Redirect in "read-only" mode */
    $url = add_query_arg(array('post_type' => 'ticket', 'page' => 'wpas-status', 'tab' => 'tools', 'done' => sanitize_text_field($_GET['tool'])), admin_url('edit.php'));
    wp_redirect(wp_sanitize_redirect($url));
    exit;
}
コード例 #6
0
	function test_wp_sanitize_redirect() {
		$this->assertEquals('http://example.com/watchthelinefeedgo', wp_sanitize_redirect('http://example.com/watchthelinefeed%0Ago'));
		$this->assertEquals('http://example.com/watchthelinefeedgo', wp_sanitize_redirect('http://example.com/watchthelinefeed%0ago'));
		$this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0Dgo'));
		$this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0dgo'));
		//Nesting checks
		$this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0ddgo'));
		$this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0DDgo'));
	}
コード例 #7
0
	function test_wp_sanitize_redirect() {
		$this->assertEquals('http://example.com/watchthelinefeedgo', wp_sanitize_redirect('http://example.com/watchthelinefeed%0Ago'));
		$this->assertEquals('http://example.com/watchthelinefeedgo', wp_sanitize_redirect('http://example.com/watchthelinefeed%0ago'));
		$this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0Dgo'));
		$this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0dgo'));
		$this->assertEquals('http://example.com/watchtheallowedcharacters-~+_.?#=&;,/:%!*stay', wp_sanitize_redirect('http://example.com/watchtheallowedcharacters-~+_.?#=&;,/:%!*stay'));
		//Nesting checks
		$this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0ddgo'));
		$this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0DDgo'));
	}
コード例 #8
0
/**
 * Generate a wpas-do field with a security nonce
 *
 * @since 3.3
 *
 * @param string $action      Action trigger
 * @param string $redirect_to Possible URL to redirect to after the action
 * @param bool   $echo        Whether to echo or return the fields
 *
 * @return string
 */
function wpas_do_field($action, $redirect_to = '', $echo = true)
{
    $field = sprintf('<input type="hidden" name="%1$s" value="%2$s">', 'wpas-do', $action);
    $field .= wp_nonce_field('trigger_custom_action', 'wpas-do-nonce', true, false);
    if (!empty($redirect_to)) {
        $field .= sprintf('<input type="hidden" name="%1$s" value="%2$s">', 'redirect_to', wp_sanitize_redirect($redirect_to));
    }
    if ($echo) {
        echo $field;
    }
    return $field;
}
コード例 #9
0
	function test_wp_sanitize_redirect() {
		$this->assertEquals('http://example.com/watchthelinefeedgo', wp_sanitize_redirect('http://example.com/watchthelinefeed%0Ago'));
		$this->assertEquals('http://example.com/watchthelinefeedgo', wp_sanitize_redirect('http://example.com/watchthelinefeed%0ago'));
		$this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0Dgo'));
		$this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0dgo'));
		$this->assertEquals('http://example.com/watchtheallowedcharacters-~+_.?#=&;,/:%!*stay', wp_sanitize_redirect('http://example.com/watchtheallowedcharacters-~+_.?#=&;,/:%!*stay'));
		//Nesting checks
		$this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0ddgo'));
		$this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0DDgo'));
		$this->assertEquals('http://example.com/whyisthisintheurl/?param[1]=foo', wp_sanitize_redirect('http://example.com/whyisthisintheurl/?param[1]=foo'));
		$this->assertEquals('http://[2606:2800:220:6d:26bf:1447:aa7]/', wp_sanitize_redirect('http://[2606:2800:220:6d:26bf:1447:aa7]/'));
		$this->assertEquals('http://example.com/search.php?search=(amistillhere)', wp_sanitize_redirect('http://example.com/search.php?search=(amistillhere)'));
	}
コード例 #10
0
 function wp_redirect($location, $status = 302)
 {
     $location = apply_filters('wp_redirect', $location, $status);
     if (empty($location)) {
         return false;
     }
     $status = apply_filters('wp_redirect_status', $status, $location);
     if ($status < 300 || $status > 399) {
         $status = 302;
     }
     $location = wp_sanitize_redirect($location);
     header('Location: ' . $location, true, $status);
 }
コード例 #11
0
 function wp_redirect($location, $status = 302)
 {
     global $is_IIS;
     $location = apply_filters('wp_redirect', $location, $status);
     $status = apply_filters('wp_redirect_status', $status, $location);
     if (!$location) {
         // allows the wp_redirect filter to cancel a redirect
         return false;
     }
     $location = wp_sanitize_redirect($location);
     if (!$is_IIS && php_sapi_name() != 'cgi-fcgi') {
         status_header($status);
     }
     // This causes problems on IIS and some FastCGI setups
     $uri_ext = '/' . WpBoojFindURISegment();
     $uri_len = strlen($uri_ext) + 1;
     if (substr($location, 0, 1) == '/' && substr($location, 0, $uri_len) != $uri_ext) {
         $location = '/blog' . $location;
     }
     header("Location: {$location}", true, $status);
 }
 function wpc_client_rul_safe_redirect($location)
 {
     global $rul_local_only;
     if (2 == $rul_local_only || 1 == $rul_local_only) {
         return $location;
     }
     // Need to look at the URL the way it will end up in wp_redirect()
     $location = wp_sanitize_redirect($location);
     // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
     if (substr($location, 0, 2) == '//') {
         $location = 'http:' . $location;
     }
     // In php 5 parse_url may fail if the URL query part contains http://, bug #38143
     $test = ($cut = strpos($location, '?')) ? substr($location, 0, $cut) : $location;
     $lp = parse_url($test);
     $wpp = parse_url(get_home_url());
     $allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : '');
     if (isset($lp['host']) && (!in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host']))) {
         return false;
     } else {
         return $location;
     }
 }
コード例 #13
0
ファイル: AdminLite.php プロジェクト: noxian/WP-Filebase
 static function JsRedirect($url, $unsafe = false)
 {
     $url = wp_sanitize_redirect($url);
     if (!$unsafe) {
         $url = wp_validate_redirect($url, apply_filters('wp_safe_redirect_fallback', admin_url(), 302));
     }
     echo '<script type="text/javascript"> window.location = "', str_replace('"', '\\"', $url), '"; </script><h1><a href="', esc_attr($url), '">', esc_html($url), '</a></h1>';
     // NO exit/die here!
 }
コード例 #14
0
ファイル: pluggable.php プロジェクト: pjsong/WordPress
 /**
  * Performs a safe (local) redirect, using wp_redirect().
  *
  * Checks whether the $location is using an allowed host, if it has an absolute
  * path. A plugin can therefore set or remove allowed host(s) to or from the
  * list.
  *
  * If the host is not allowed, then the redirect defaults to wp-admin on the siteurl
  * instead. This prevents malicious redirects which redirect to another host,
  * but only used in a few places.
  *
  * @since 2.3.0
  *
  * @param string $location The path to redirect to.
  * @param int    $status   Status code to use.
  */
 function wp_safe_redirect($location, $status = 302)
 {
     // Need to look at the URL the way it will end up in wp_redirect()
     $location = wp_sanitize_redirect($location);
     /**
      * Filters the redirect fallback URL for when the provided redirect is not safe (local).
      *
      * @since 4.3.0
      *
      * @param string $fallback_url The fallback URL to use by default.
      * @param int    $status       The redirect status.
      */
     $location = wp_validate_redirect($location, apply_filters('wp_safe_redirect_fallback', admin_url(), $status));
     wp_redirect($location, $status);
 }
コード例 #15
0
 /**
 * performs a safe (local) redirect, using wp_redirect()
 * @return void
 **/
 function wp_safe_redirect($location, $status = 302)
 {
     // Need to look at the URL the way it will end up in wp_redirect()
     $location = wp_sanitize_redirect($location);
     // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
     if (substr($location, 0, 2) == '//') {
         $location = 'http:' . $location;
     }
     $lp = parse_url($location);
     $wpp = parse_url(get_option('home'));
     $allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']));
     if (isset($lp['host']) && (!in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host']))) {
         $location = get_option('siteurl') . '/wp-admin/';
     }
     wp_redirect($location, $status);
 }
コード例 #16
0
function new_fb_redirect()
{
    $redirect = get_site_transient(nextend_uniqid() . '_fb_r');
    if (!$redirect || $redirect == '' || $redirect == new_fb_login_url()) {
        if (isset($_GET['redirect'])) {
            $redirect = $_GET['redirect'];
        } else {
            $redirect = site_url();
        }
    }
    $redirect = wp_sanitize_redirect($redirect);
    $redirect = wp_validate_redirect($redirect, site_url());
    header('LOCATION: ' . $redirect);
    delete_site_transient(nextend_uniqid() . '_fb_r');
    exit;
}
コード例 #17
0
ファイル: pluggable.php プロジェクト: nurpax/saastafi
 /**
  * Performs a safe (local) redirect, using wp_redirect().
  *
  * Checks whether the $location is using an allowed host, if it has an absolute
  * path. A plugin can therefore set or remove allowed host(s) to or from the
  * list.
  *
  * If the host is not allowed, then the redirect is to wp-admin on the siteurl
  * instead. This prevents malicious redirects which redirect to another host,
  * but only used in a few places.
  *
  * @since 2.3
  * @uses apply_filters() Calls 'allowed_redirect_hosts' on an array containing
  *		WordPress host string and $location host string.
  *
  * @return void Does not return anything
  **/
 function wp_safe_redirect($location, $status = 302)
 {
     // Need to look at the URL the way it will end up in wp_redirect()
     $location = wp_sanitize_redirect($location);
     // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
     if (substr($location, 0, 2) == '//') {
         $location = 'http:' . $location;
     }
     // In php 5 parse_url may fail if the URL query part contains http://, bug #38143
     $test = ($cut = strpos($location, '?')) ? substr($location, 0, $cut) : $location;
     $lp = parse_url($test);
     $wpp = parse_url(get_option('home'));
     $allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : '');
     if (isset($lp['host']) && (!in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host']))) {
         $location = admin_url();
     }
     wp_redirect($location, $status);
 }
コード例 #18
0
 /**
  * Change the redirection URL.
  *
  * In case the upload fails we want to notify the user.
  * We change the redirection URL and integrate a custom message
  * encoded in base64 that will be interpreted by the notification class.
  *
  * @since  3.0.0
  *
  * @param  string $location Original redirection URL
  *
  * @return string            New redirection URL
  */
 public function redirect_error($location)
 {
     $url = remove_query_arg('message', $location);
     $error = is_array($this->error_message) ? implode(', ', $this->error_message) : $this->error_message;
     wpas_add_error('files_not_uploaded', sprintf(__('Your reply has been correctly submitted but the attachment was not uploaded. %s', 'awesome-support'), $error));
     $location = wp_sanitize_redirect($url);
     return $location;
 }
 function wp_redirect($location, $status = 302)
 {
     global $is_IIS;
     $location = apply_filters('wp_redirect', $location, $status);
     $status = apply_filters('wp_redirect_status', $status, $location);
     if (!$location) {
         return false;
     }
     if (function_exists('wp_sanitize_redirect')) {
         $location = wp_sanitize_redirect($location);
     }
     if ($is_IIS) {
         header("Refresh: 0;url={$location}");
     } else {
         status_header($status);
         header("Location: {$location}");
     }
 }
コード例 #20
0
 /**
  * Run pre-defined actions.
  *
  * Specific actions can be performed on page load.
  * Those actions are triggered by a URL parameter ($action).
  *
  * @since  3.0.0
  * @return void
  */
 public function custom_actions()
 {
     if (!isset($_GET['action'])) {
         return;
     }
     $action = sanitize_text_field($_GET['action']);
     switch ($action) {
         case 'reopen':
             if (isset($_GET['ticket_id'])) {
                 $ticket_id = filter_input(INPUT_GET, 'ticket_id', FILTER_SANITIZE_NUMBER_INT);
                 if (!wpas_can_submit_ticket($ticket_id) && !current_user_can('edit_ticket')) {
                     wpas_add_error('cannot_reopen_ticket', __('You are not allowed to re-open this ticket', 'awesome-support'));
                     wpas_redirect('ticket_reopen', wpas_get_tickets_list_page_url());
                     exit;
                 }
                 wpas_reopen_ticket($ticket_id);
                 wpas_add_notification('ticket_reopen', __('The ticket has been successfully re-opened.', 'awesome-support'));
                 wpas_redirect('ticket_reopen', wp_sanitize_redirect(get_permalink($ticket_id)));
                 exit;
             }
             break;
     }
 }
 /**
  * Redirect back to the provided return_url
  *
  * @since 1.2.0
  * @param string $redirect_location
  * @param string $redirect_location
  */
 public function redirect_after_save_account_details($redirect_location)
 {
     $safe_redirect_location = get_permalink(wc_get_page_id('myaccount'));
     $safe_redirect_location = wp_sanitize_redirect($safe_redirect_location);
     $safe_redirect_location = wp_validate_redirect($safe_redirect_location, admin_url());
     if ($redirect_location === $safe_redirect_location && ($new_location = get_transient('wcsl_' . md5($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'])))) {
         $redirect_location = $new_location;
         delete_transient('wcsl_' . md5($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT']));
     }
     return $redirect_location;
 }
コード例 #22
0
 /**
  * Safe Redirect
  *
  * Ensure the redirect is to the same site or pluggable list of allowed domains.
  * If invalid will redirect to ...
  * Based on the WordPress wp_safe_redirect() function.
  */
 function safe_redirect($location, $status = 302)
 {
     $location = wp_sanitize_redirect($location);
     $location = wp_validate_redirect($location, home_url());
     wp_redirect($location, $status);
 }
コード例 #23
0
/**
 * Get URL of the tickets list page
 *
 * @since 3.2.2
 *
 * @return string
 */
function wpas_get_tickets_list_page_url()
{
    $list = wpas_get_option('ticket_list');
    if (empty($list)) {
        return '';
    }
    if (is_array($list) && !empty($list)) {
        $list = $list[0];
    }
    return wp_sanitize_redirect(get_permalink((int) $list));
}
コード例 #24
0
 /**
  * Builds Wonderflux admin pages
  * @since 0.1
  * @updated 1.2
  *
  *	@params
  *
  *	'title' = Title at top of page
  *
  *	'include' = Which admin content/form to include
  *
  */
 function wf_page_build($title, $include)
 {
     echo '<div class="themes-php wrap">';
     switch ($include) {
         case 'core':
             $tab1 = TRUE;
             break;
         case 'style':
             $tab2 = TRUE;
             break;
         case 'advanced':
             $tab3 = TRUE;
             break;
         case 'system':
             $tab4 = TRUE;
             break;
         case 'backup':
             $tab5 = TRUE;
             break;
         default:
             $tab1 = TRUE;
             break;
     }
     $thistab_highlight = ' nav-tab-active';
     echo '<div class="nav-tab-wrapper">';
     echo '<h2 class="nav-tab-wrapper">';
     echo '<a href="' . wp_sanitize_redirect(admin_url()) . 'admin.php?page=wonderflux" class="nav-tab';
     if (isset($tab1)) {
         echo $thistab_highlight;
     }
     echo '">' . esc_attr__('Wonderflux Home', 'wonderflux') . '</a>';
     echo '<a href="' . wp_sanitize_redirect(admin_url()) . 'admin.php?page=wonderflux_stylelab" class="nav-tab';
     if (isset($tab2)) {
         echo $thistab_highlight;
     }
     echo '">' . esc_attr__('Stylelab', 'wonderflux') . '</a>';
     echo '<a href="' . wp_sanitize_redirect(admin_url()) . 'admin.php?page=wonderflux_advanced" class="nav-tab';
     if (isset($tab3)) {
         echo $thistab_highlight;
     }
     echo '">' . esc_attr__('Advanced', 'wonderflux') . '</a>';
     echo '<a href="' . wp_sanitize_redirect(admin_url()) . 'admin.php?page=wonderflux_system" class="nav-tab';
     if (isset($tab4)) {
         echo $thistab_highlight;
     }
     echo '">' . esc_attr__('System', 'wonderflux') . '</a>';
     echo '<a href="' . wp_sanitize_redirect(admin_url()) . 'admin.php?page=wonderflux_backup" class="nav-tab';
     if (isset($tab5)) {
         echo $thistab_highlight;
     }
     echo '">' . esc_attr__('Backup/Restore', 'wonderflux') . '</a>';
     echo '</h2>';
     echo '</div>';
     if (isset($_GET['settings-updated'])) {
         echo '<div class="updated settings-error" id="setting-error-settings_updated"><p><strong>' . $title . ' ' . esc_attr__('Settings updated successfully.', 'wonderflux') . '</strong></p></div>';
     }
     if (isset($_GET['backuperror'])) {
         echo '<div class="updated error" id="setting-error-settings_updated"><p><strong>' . esc_attr__('Import aborted - no settings changed. Sorry - looks like thats the wrong file you tried to import.', 'wonderflux') . '</strong></p></div>';
     }
     if (isset($_GET['backupsuccess'])) {
         echo '<div class="updated" id="settings_updated"><p><strong>' . esc_attr__('Import complete - Wonderflux theme settings restored.', 'wonderflux') . '</strong></p></div>';
     }
     require 'admin-pages/wf-page-' . $include . '.php';
     if ($include == 'backup') {
         $this->admin_backup->wf_backup_form();
     }
     // Include relevant output depending on grid system
     if ($include == 'advanced') {
         if ($this->wfx_grid_type == 'pixels') {
             $this->admin_forms->wf_form_helper_file_css_combine('css/wf-css-core-structure.css', 'Y');
         } else {
             $this->admin_forms->wf_form_helper_file_css_combine_2('css/wf-css-flux-layout-core.css', 'Y');
         }
     }
     // Backpat - depreciated function get_current_theme() in WordPress 3.4
     $wf_current_theme = wp_get_theme()->Name;
     if ($wf_current_theme == 'Wonderflux Framework') {
         $output = '<div id="message2" class="updated">';
         $output .= '<h3>' . esc_attr__('Ooops, you could be doing so much more with Wonderflux!', 'wonderflux') . '</h3>';
         $output .= '<p>' . esc_attr__('Wonderflux is a theme framework. It can be directly activated like this and will work perfectly - but you are really missing out on all the cool stuff Wonderflux can do!', 'wonderflux') . '</p>';
         $output .= '<p>';
         $output .= esc_attr__('To get the most out of Wonderflux, you should take a quick read over', 'wonderflux');
         $output .= ' <a href="http://wonderflux.com/guide/doc/introduction/" title="';
         $output .= esc_attr__('Read the Wonderflux overview guide', 'wonderflux');
         $output .= '">';
         $output .= esc_attr__('the Wonderflux introduction', 'wonderflux');
         $output .= '</a> ';
         $output .= esc_attr__('- also be sure to check out the documentation links below to learn about how to use the various aspects of Wonderflux.', 'wonderflux');
         $output .= '</p>';
         $output .= $this->wf_common_help();
         $output .= '<p>';
         $output .= esc_attr__('You can also', 'wonderflux');
         $output .= ' <a href="https://github.com/Jonnyauk/wonderflux-girder/" title="';
         $output .= esc_attr__('Download the free Girder Wonderflux child theme', 'wonderflux');
         $output .= '">';
         $output .= esc_attr__('download the free example Wonderflux child theme call Girder', 'wonderflux');
         $output .= '</a>';
         $output .= esc_attr__(' - take a look at the layout code and especially the theme functions.php file for references on using Wonderflux.', 'wonderflux');
         $output .= '</strong></p>';
         $output .= '</div>';
         echo $output;
     } else {
         // Silence is golden
         //echo '<p>' . esc_attr__('You are using the','wonderflux') . ' ' . esc_attr($wf_current_theme) . ' ' . esc_attr__('Wonderflux child theme','wonderflux') . '</p>';
     }
     $output = '<h2>' . esc_attr__('Help and support', 'wonderflux') . '</h2>';
     $output .= '<p>';
     $output .= ' <a href="http://wonderflux.com/guide/" title="';
     $output .= esc_attr__('Visit the Wonderflux guide', 'wonderflux');
     $output .= '">';
     $output .= esc_attr__('The Wonderflux guide', 'wonderflux');
     $output .= '</a> ';
     $output .= esc_attr__('is the official (work in progress!) documentation site for Wonderflux. Click on the direct links below to find relevant content.', 'wonderflux');
     echo $output;
     echo $this->wf_common_help();
     echo '</div>';
     // close themes-php wrap div
 }
コード例 #25
0
 /**
  * Performs a safe (local) redirect, using wp_redirect().
  *
  * Checks whether the $location is using an allowed host, if it has an absolute
  * path. A plugin can therefore set or remove allowed host(s) to or from the
  * list.
  *
  * If the host is not allowed, then the redirect is to wp-admin on the siteurl
  * instead. This prevents malicious redirects which redirect to another host,
  * but only used in a few places.
  *
  * @since 2.3.0
  *
  * @return void Does not return anything
  **/
 function wp_safe_redirect($location, $status = 302)
 {
     // Need to look at the URL the way it will end up in wp_redirect()
     $location = wp_sanitize_redirect($location);
     $location = wp_validate_redirect($location, admin_url());
     wp_redirect($location, $status);
 }
コード例 #26
0
ファイル: sso.php プロジェクト: kanei/vantuch.cz
 /**
  * When jetpack-sso-auth-redirect query parameter is set, will redirect user to
  * WordPress.com authorization flow.
  *
  * We redirect here instead of in handle_login() because Jetpack::init()->build_connect_url
  * calls menu_page_url() which doesn't work properly until admin menus are registered.
  */
 function maybe_authorize_user_after_sso()
 {
     if (empty($_GET['jetpack-sso-auth-redirect'])) {
         return;
     }
     $redirect_to = !empty($_GET['redirect_to']) ? esc_url_raw($_GET['redirect_to']) : admin_url();
     $request_redirect_to = !empty($_GET['request_redirect_to']) ? esc_url_raw($_GET['request_redirect_to']) : $redirect_to;
     /** This filter is documented in core/src/wp-login.php */
     $redirect_after_auth = apply_filters('login_redirect', $redirect_to, $request_redirect_to, wp_get_current_user());
     /**
      * Since we are passing this redirect to WordPress.com and therefore can not use wp_safe_redirect(),
      * let's sanitize it here to make sure it's safe. If the redirect is not safe, then use admin_url().
      */
     $redirect_after_auth = wp_sanitize_redirect($redirect_after_auth);
     $redirect_after_auth = wp_validate_redirect($redirect_after_auth, admin_url());
     /**
      * Return the raw connect URL with our redirect and attribute connection to SSO.
      */
     $connect_url = Jetpack::init()->build_connect_url(true, $redirect_after_auth, 'sso');
     add_filter('allowed_redirect_hosts', array('Jetpack_SSO_Helpers', 'allowed_redirect_hosts'));
     wp_safe_redirect($connect_url);
     exit;
 }
 /**
  * If the request included a Redirect URL, parse, sanitize, and process the redirection
  *
  * @since  3.1.6
  * @return void
  */
 function maybe_redirect()
 {
     if (!empty($_POST['cc_redirect_url'])) {
         $safe_redirect = false;
         $requested_url = urldecode($_POST['cc_redirect_url']);
         $parsed = parse_url($requested_url);
         /**
          * This is a local URL, has a path but not a domain or http://
          *
          * We use wp_safe_redirect() because it's definitely local.
          */
         if (!empty($parsed['path']) && empty($parsed['host']) && empty($parsed['scheme'])) {
             // Generate the URL based on the path
             $redirect_url = site_url($parsed['path']);
             if (!empty($parsed['query'])) {
                 $redirect_url .= '?' . $parsed['query'];
             }
             $safe_redirect = true;
         } elseif (!empty($parsed['query']) && !empty($parsed['scheme']) && !empty($parsed['host'])) {
             $path = isset($parsed['path']) ? $parsed['path'] : '';
             $temp_url = $parsed['scheme'] . '://' . $parsed['host'] . $path;
             $temp_url = esc_url_raw($temp_url);
             $redirect_url = $temp_url . '?' . $parsed['query'];
         } else {
             $redirect_url = wp_sanitize_redirect($requested_url);
         }
         /**
          * Set whether to use wp_safe_redirect() for a request. If local URL, defaults to yes. If not, defaults to no.
          *
          * @var boolean
          */
         $safe_redirect = apply_filters('constant_contact_force_use_safe_redirect', $safe_redirect, $this);
         do_action('ctct_activity', 'Redirecting User after processing', $redirect_url);
         if ($safe_redirect) {
             wp_safe_redirect($redirect_url);
         } else {
             wp_redirect($redirect_url);
         }
         exit;
     }
 }
コード例 #28
0
 function r20486_comment_post_redirect($location)
 {
     $location = wp_sanitize_redirect($location);
     $location = wp_validate_redirect($location, admin_url());
     return $location;
 }
コード例 #29
0
 /**
  * Builds preview layout model and dispatches save.
  */
 public function build_preview()
 {
     if (!Upfront_Permissions::current(Upfront_Permissions::SAVE) && !Upfront_Permissions::current(Upfront_Permissions::SAVE_REVISION)) {
         $this->_reject();
     }
     global $post;
     $raw_data = stripslashes_deep($_POST);
     $data = !empty($raw_data['data']) ? $raw_data['data'] : '';
     $current_url = !empty($raw_data['current_url']) ? $raw_data['current_url'] : home_url();
     $current_url = wp_validate_redirect(wp_sanitize_redirect($current_url), false);
     $current_url = $current_url ? $current_url : home_url();
     $layout = Upfront_Layout::from_json($data);
     $layout_id_key = $this->_data->save_revision($layout);
     // Check concurrent edits from other users
     $current_user_id = get_current_user_id();
     $current_others_revisions = $this->_data->get_entity_revisions($layout->get_cascade(), array('date_query' => array(array('after' => "-15 minutes")), 'author__not_in' => array($current_user_id)));
     $concurrent_users = array();
     if (!empty($current_others_revisions)) {
         foreach ($current_others_revisions as $rvsn) {
             if (empty($rvsn->post_author)) {
                 continue;
             }
             $user = get_user_by('id', $rvsn->post_author);
             if (empty($user) || empty($user->ID)) {
                 continue;
             }
             $concurrent_users[$user->ID] = $user->display_name;
         }
     }
     $preview_url = remove_query_arg('editmode', add_query_arg(array(self::HOOK => $layout_id_key), $current_url));
     $this->_out(new Upfront_JsonResponse_Success(array('html' => $preview_url, 'concurrent_users' => $concurrent_users)));
 }
コード例 #30
0
/**
 * Trigger the re-open ticket function
 *
 * This is triggered by the wpas_do custom actions.
 *
 * @since 3.3
 *
 * @param array $data Superglobal data
 *
 * @return void
 */
function wpas_reopen_ticket_trigger($data)
{
    if (isset($data['ticket_id'])) {
        $ticket_id = (int) $data['ticket_id'];
        if (!wpas_can_submit_ticket($ticket_id) && !current_user_can('edit_ticket')) {
            wpas_add_error('cannot_reopen_ticket', __('You are not allowed to re-open this ticket', 'awesome-support'));
            wpas_redirect('ticket_reopen', wpas_get_tickets_list_page_url());
            exit;
        }
        wpas_reopen_ticket($ticket_id);
        wpas_add_notification('ticket_reopen', __('The ticket has been successfully re-opened.', 'awesome-support'));
        wpas_redirect('ticket_reopen', wp_sanitize_redirect(get_permalink($ticket_id)));
        exit;
    }
}