/** * Activated the given EDD license. * * @return void * @since 1.7.1 */ public function activateLicense($option) { if ($this->settings['id'] != $option->settings['id']) { return; } /* Get the license */ $license = esc_attr($this->getValue()); /* License ID */ $key = substr(md5($license), 0, 10); /* If the license is set we can handle activation. */ if (strlen($license) > 0) { /* First of all we check if the user requested a manual activation */ if (isset($_GET['eddactivate']) && '1' == $_GET['eddactivate']) { global $pagenow; if (isset($_GET)) { $get = (array) $_GET; } if (isset($get['eddactivate'])) { unset($get['eddactivate']); } $this->check($license, 'activate_license'); /* Redirect to the settings page without the eddactivate parameter (otherwise it's used in all tabs links) */ wp_redirect(wp_sanitize_redirect(add_query_arg($get, admin_url($pagenow)))); } /* First activation of the license. */ if (false == get_transient("tf_edd_license_try_{$key}")) { $this->check($license, 'activate_license'); } } }
public function json_create_user() { $error = array("status" => 0, "msg" => __('There has been an error processing your request. Please, reload the page and try again.', Eab_EventsHub::TEXT_DOMAIN)); $data = stripslashes_deep($_POST); $email = $data['email']; if (empty($email)) { $error['msg'] = __('Please, submit an email.', Eab_EventsHub::TEXT_DOMAIN); die(json_encode($error)); } if (!is_email($email)) { $error['msg'] = __('Please, submit a valid email.', Eab_EventsHub::TEXT_DOMAIN); die(json_encode($error)); } if (email_exists($email)) { $current_location = get_permalink(); if (!empty($data['location'])) { // Let's make this sane first - it's coming from a POST request, so make that sane $loc = wp_validate_redirect(wp_sanitize_redirect($data['location'])); if (!empty($loc)) { $current_location = $loc; } } $login_link = wp_login_url($current_location); $login_message = sprintf(__('The email address already exists. Please <a href="%s">Login</a> and RSVP to the event.', Eab_EventsHub::TEXT_DOMAIN), $login_link); $error['msg'] = $login_message; die(json_encode($error)); } $wordp_user = $this->_create_user($email); if (is_object($wordp_user) && !empty($wordp_user->ID)) { $this->_login_user($wordp_user); } else { die(json_encode($error)); } die(json_encode(array("status" => 1))); }
/** * Send the Express Checkout NVP request * * @param $form_id * @throws Exception */ public function send_EC_Request($form_id) { if (!session_id()) { @session_start(); } if (!count($this->products)) { throw new Exception('Products not found!'); } $total = 0; // create the data to send on PayPal $data = '&SOLUTIONTYPE=' . 'Sole' . '&PAYMENTREQUEST_0_PAYMENTACTION=' . 'Sale' . '&PAYMENTREQUEST_0_CURRENCYCODE=' . urlencode(get_option('ab_paypal_currency')) . '&RETURNURL=' . urlencode(add_query_arg(array('action' => 'ab-paypal-returnurl', 'ab_fid' => $form_id), AB_Utils::getCurrentPageURL())) . '&CANCELURL=' . urlencode(add_query_arg(array('action' => 'ab-paypal-cancelurl', 'ab_fid' => $form_id), AB_Utils::getCurrentPageURL())); foreach ($this->products as $k => $product) { $data .= "&L_PAYMENTREQUEST_0_NAME{$k}=" . urlencode($product->name) . "&L_PAYMENTREQUEST_0_DESC{$k}=" . urlencode($product->desc) . "&L_PAYMENTREQUEST_0_AMT{$k}=" . urlencode($product->price) . "&L_PAYMENTREQUEST_0_QTY{$k}=" . urlencode($product->qty); $total += $product->qty * $product->price; } $data .= "&PAYMENTREQUEST_0_AMT=" . urlencode($total) . "&PAYMENTREQUEST_0_ITEMAMT=" . urlencode($total); // send the request to PayPal $response = self::sendNvpRequest('SetExpressCheckout', $data); //Respond according to message we receive from Paypal if ("SUCCESS" == strtoupper($response["ACK"]) || "SUCCESSWITHWARNING" == strtoupper($response["ACK"])) { $_SESSION['bookly'][$form_id]['paypal_response'] = array($response, $form_id); $paypalurl = 'https://www' . get_option('ab_paypal_ec_mode') . '.paypal.com/cgi-bin/webscr?cmd=_express-checkout&useraction=commit&token=' . urldecode($response["TOKEN"]); header('Location: ' . $paypalurl); exit; } else { header('Location: ' . wp_sanitize_redirect(add_query_arg(array('action' => 'ab-paypal-errorurl', 'ab_fid' => $form_id, 'error_msg' => $response["L_LONGMESSAGE0"]), AB_Utils::getCurrentPageURL()))); exit; } }
/** * Copy and paste of WordPress original function where headers are but stored * before sending to avoid CLI limitations. * * @param $location * @param int $status * @return bool */ function wp_redirect($location, $status = 302) { global $is_IIS; /** * Filter the redirect location. * * @since 2.1.0 * * @param string $location The path to redirect to. * @param int $status Status code to use. */ $location = apply_filters('wp_redirect', $location, $status); /** * Filter the redirect status code. * * @since 2.3.0 * * @param int $status Status code to use. * @param string $location The path to redirect to. */ $status = apply_filters('wp_redirect_status', $status, $location); if (!$location) { return false; } $location = wp_sanitize_redirect($location); if (!$is_IIS && PHP_SAPI != 'cgi-fcgi') { status_header($status); } // This causes problems on IIS and some FastCGI setups header("Location: {$location}", true, $status); global $cli_headers; $cli_headers["Location: {$location}"] = $status; return true; }
function wpas_system_tools() { if (!isset($_GET['tool']) || !isset($_GET['_nonce'])) { return false; } if (!wp_verify_nonce($_GET['_nonce'], 'system_tool')) { return false; } switch (sanitize_text_field($_GET['tool'])) { /* Clear all tickets metas */ case 'tickets_metas': wpas_clear_tickets_metas(); break; case 'agents_metas': wpas_clear_agents_metas(); break; case 'clear_taxonomies': wpas_clear_taxonomies(); break; case 'resync_products': wpas_delete_synced_products(true); break; case 'delete_products': wpas_delete_synced_products(); break; } /* Redirect in "read-only" mode */ $url = add_query_arg(array('post_type' => 'ticket', 'page' => 'wpas-status', 'tab' => 'tools', 'done' => sanitize_text_field($_GET['tool'])), admin_url('edit.php')); wp_redirect(wp_sanitize_redirect($url)); exit; }
function test_wp_sanitize_redirect() { $this->assertEquals('http://example.com/watchthelinefeedgo', wp_sanitize_redirect('http://example.com/watchthelinefeed%0Ago')); $this->assertEquals('http://example.com/watchthelinefeedgo', wp_sanitize_redirect('http://example.com/watchthelinefeed%0ago')); $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0Dgo')); $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0dgo')); //Nesting checks $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0ddgo')); $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0DDgo')); }
function test_wp_sanitize_redirect() { $this->assertEquals('http://example.com/watchthelinefeedgo', wp_sanitize_redirect('http://example.com/watchthelinefeed%0Ago')); $this->assertEquals('http://example.com/watchthelinefeedgo', wp_sanitize_redirect('http://example.com/watchthelinefeed%0ago')); $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0Dgo')); $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0dgo')); $this->assertEquals('http://example.com/watchtheallowedcharacters-~+_.?#=&;,/:%!*stay', wp_sanitize_redirect('http://example.com/watchtheallowedcharacters-~+_.?#=&;,/:%!*stay')); //Nesting checks $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0ddgo')); $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0DDgo')); }
/** * Generate a wpas-do field with a security nonce * * @since 3.3 * * @param string $action Action trigger * @param string $redirect_to Possible URL to redirect to after the action * @param bool $echo Whether to echo or return the fields * * @return string */ function wpas_do_field($action, $redirect_to = '', $echo = true) { $field = sprintf('<input type="hidden" name="%1$s" value="%2$s">', 'wpas-do', $action); $field .= wp_nonce_field('trigger_custom_action', 'wpas-do-nonce', true, false); if (!empty($redirect_to)) { $field .= sprintf('<input type="hidden" name="%1$s" value="%2$s">', 'redirect_to', wp_sanitize_redirect($redirect_to)); } if ($echo) { echo $field; } return $field; }
function test_wp_sanitize_redirect() { $this->assertEquals('http://example.com/watchthelinefeedgo', wp_sanitize_redirect('http://example.com/watchthelinefeed%0Ago')); $this->assertEquals('http://example.com/watchthelinefeedgo', wp_sanitize_redirect('http://example.com/watchthelinefeed%0ago')); $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0Dgo')); $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0dgo')); $this->assertEquals('http://example.com/watchtheallowedcharacters-~+_.?#=&;,/:%!*stay', wp_sanitize_redirect('http://example.com/watchtheallowedcharacters-~+_.?#=&;,/:%!*stay')); //Nesting checks $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0ddgo')); $this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0DDgo')); $this->assertEquals('http://example.com/whyisthisintheurl/?param[1]=foo', wp_sanitize_redirect('http://example.com/whyisthisintheurl/?param[1]=foo')); $this->assertEquals('http://[2606:2800:220:6d:26bf:1447:aa7]/', wp_sanitize_redirect('http://[2606:2800:220:6d:26bf:1447:aa7]/')); $this->assertEquals('http://example.com/search.php?search=(amistillhere)', wp_sanitize_redirect('http://example.com/search.php?search=(amistillhere)')); }
function wp_redirect($location, $status = 302) { $location = apply_filters('wp_redirect', $location, $status); if (empty($location)) { return false; } $status = apply_filters('wp_redirect_status', $status, $location); if ($status < 300 || $status > 399) { $status = 302; } $location = wp_sanitize_redirect($location); header('Location: ' . $location, true, $status); }
function wp_redirect($location, $status = 302) { global $is_IIS; $location = apply_filters('wp_redirect', $location, $status); $status = apply_filters('wp_redirect_status', $status, $location); if (!$location) { // allows the wp_redirect filter to cancel a redirect return false; } $location = wp_sanitize_redirect($location); if (!$is_IIS && php_sapi_name() != 'cgi-fcgi') { status_header($status); } // This causes problems on IIS and some FastCGI setups $uri_ext = '/' . WpBoojFindURISegment(); $uri_len = strlen($uri_ext) + 1; if (substr($location, 0, 1) == '/' && substr($location, 0, $uri_len) != $uri_ext) { $location = '/blog' . $location; } header("Location: {$location}", true, $status); }
function wpc_client_rul_safe_redirect($location) { global $rul_local_only; if (2 == $rul_local_only || 1 == $rul_local_only) { return $location; } // Need to look at the URL the way it will end up in wp_redirect() $location = wp_sanitize_redirect($location); // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//' if (substr($location, 0, 2) == '//') { $location = 'http:' . $location; } // In php 5 parse_url may fail if the URL query part contains http://, bug #38143 $test = ($cut = strpos($location, '?')) ? substr($location, 0, $cut) : $location; $lp = parse_url($test); $wpp = parse_url(get_home_url()); $allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : ''); if (isset($lp['host']) && (!in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host']))) { return false; } else { return $location; } }
static function JsRedirect($url, $unsafe = false) { $url = wp_sanitize_redirect($url); if (!$unsafe) { $url = wp_validate_redirect($url, apply_filters('wp_safe_redirect_fallback', admin_url(), 302)); } echo '<script type="text/javascript"> window.location = "', str_replace('"', '\\"', $url), '"; </script><h1><a href="', esc_attr($url), '">', esc_html($url), '</a></h1>'; // NO exit/die here! }
/** * Performs a safe (local) redirect, using wp_redirect(). * * Checks whether the $location is using an allowed host, if it has an absolute * path. A plugin can therefore set or remove allowed host(s) to or from the * list. * * If the host is not allowed, then the redirect defaults to wp-admin on the siteurl * instead. This prevents malicious redirects which redirect to another host, * but only used in a few places. * * @since 2.3.0 * * @param string $location The path to redirect to. * @param int $status Status code to use. */ function wp_safe_redirect($location, $status = 302) { // Need to look at the URL the way it will end up in wp_redirect() $location = wp_sanitize_redirect($location); /** * Filters the redirect fallback URL for when the provided redirect is not safe (local). * * @since 4.3.0 * * @param string $fallback_url The fallback URL to use by default. * @param int $status The redirect status. */ $location = wp_validate_redirect($location, apply_filters('wp_safe_redirect_fallback', admin_url(), $status)); wp_redirect($location, $status); }
/** * performs a safe (local) redirect, using wp_redirect() * @return void **/ function wp_safe_redirect($location, $status = 302) { // Need to look at the URL the way it will end up in wp_redirect() $location = wp_sanitize_redirect($location); // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//' if (substr($location, 0, 2) == '//') { $location = 'http:' . $location; } $lp = parse_url($location); $wpp = parse_url(get_option('home')); $allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host'])); if (isset($lp['host']) && (!in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host']))) { $location = get_option('siteurl') . '/wp-admin/'; } wp_redirect($location, $status); }
function new_fb_redirect() { $redirect = get_site_transient(nextend_uniqid() . '_fb_r'); if (!$redirect || $redirect == '' || $redirect == new_fb_login_url()) { if (isset($_GET['redirect'])) { $redirect = $_GET['redirect']; } else { $redirect = site_url(); } } $redirect = wp_sanitize_redirect($redirect); $redirect = wp_validate_redirect($redirect, site_url()); header('LOCATION: ' . $redirect); delete_site_transient(nextend_uniqid() . '_fb_r'); exit; }
/** * Performs a safe (local) redirect, using wp_redirect(). * * Checks whether the $location is using an allowed host, if it has an absolute * path. A plugin can therefore set or remove allowed host(s) to or from the * list. * * If the host is not allowed, then the redirect is to wp-admin on the siteurl * instead. This prevents malicious redirects which redirect to another host, * but only used in a few places. * * @since 2.3 * @uses apply_filters() Calls 'allowed_redirect_hosts' on an array containing * WordPress host string and $location host string. * * @return void Does not return anything **/ function wp_safe_redirect($location, $status = 302) { // Need to look at the URL the way it will end up in wp_redirect() $location = wp_sanitize_redirect($location); // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//' if (substr($location, 0, 2) == '//') { $location = 'http:' . $location; } // In php 5 parse_url may fail if the URL query part contains http://, bug #38143 $test = ($cut = strpos($location, '?')) ? substr($location, 0, $cut) : $location; $lp = parse_url($test); $wpp = parse_url(get_option('home')); $allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : ''); if (isset($lp['host']) && (!in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host']))) { $location = admin_url(); } wp_redirect($location, $status); }
/** * Change the redirection URL. * * In case the upload fails we want to notify the user. * We change the redirection URL and integrate a custom message * encoded in base64 that will be interpreted by the notification class. * * @since 3.0.0 * * @param string $location Original redirection URL * * @return string New redirection URL */ public function redirect_error($location) { $url = remove_query_arg('message', $location); $error = is_array($this->error_message) ? implode(', ', $this->error_message) : $this->error_message; wpas_add_error('files_not_uploaded', sprintf(__('Your reply has been correctly submitted but the attachment was not uploaded. %s', 'awesome-support'), $error)); $location = wp_sanitize_redirect($url); return $location; }
function wp_redirect($location, $status = 302) { global $is_IIS; $location = apply_filters('wp_redirect', $location, $status); $status = apply_filters('wp_redirect_status', $status, $location); if (!$location) { return false; } if (function_exists('wp_sanitize_redirect')) { $location = wp_sanitize_redirect($location); } if ($is_IIS) { header("Refresh: 0;url={$location}"); } else { status_header($status); header("Location: {$location}"); } }
/** * Run pre-defined actions. * * Specific actions can be performed on page load. * Those actions are triggered by a URL parameter ($action). * * @since 3.0.0 * @return void */ public function custom_actions() { if (!isset($_GET['action'])) { return; } $action = sanitize_text_field($_GET['action']); switch ($action) { case 'reopen': if (isset($_GET['ticket_id'])) { $ticket_id = filter_input(INPUT_GET, 'ticket_id', FILTER_SANITIZE_NUMBER_INT); if (!wpas_can_submit_ticket($ticket_id) && !current_user_can('edit_ticket')) { wpas_add_error('cannot_reopen_ticket', __('You are not allowed to re-open this ticket', 'awesome-support')); wpas_redirect('ticket_reopen', wpas_get_tickets_list_page_url()); exit; } wpas_reopen_ticket($ticket_id); wpas_add_notification('ticket_reopen', __('The ticket has been successfully re-opened.', 'awesome-support')); wpas_redirect('ticket_reopen', wp_sanitize_redirect(get_permalink($ticket_id))); exit; } break; } }
/** * Redirect back to the provided return_url * * @since 1.2.0 * @param string $redirect_location * @param string $redirect_location */ public function redirect_after_save_account_details($redirect_location) { $safe_redirect_location = get_permalink(wc_get_page_id('myaccount')); $safe_redirect_location = wp_sanitize_redirect($safe_redirect_location); $safe_redirect_location = wp_validate_redirect($safe_redirect_location, admin_url()); if ($redirect_location === $safe_redirect_location && ($new_location = get_transient('wcsl_' . md5($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'])))) { $redirect_location = $new_location; delete_transient('wcsl_' . md5($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'])); } return $redirect_location; }
/** * Safe Redirect * * Ensure the redirect is to the same site or pluggable list of allowed domains. * If invalid will redirect to ... * Based on the WordPress wp_safe_redirect() function. */ function safe_redirect($location, $status = 302) { $location = wp_sanitize_redirect($location); $location = wp_validate_redirect($location, home_url()); wp_redirect($location, $status); }
/** * Get URL of the tickets list page * * @since 3.2.2 * * @return string */ function wpas_get_tickets_list_page_url() { $list = wpas_get_option('ticket_list'); if (empty($list)) { return ''; } if (is_array($list) && !empty($list)) { $list = $list[0]; } return wp_sanitize_redirect(get_permalink((int) $list)); }
/** * Builds Wonderflux admin pages * @since 0.1 * @updated 1.2 * * @params * * 'title' = Title at top of page * * 'include' = Which admin content/form to include * */ function wf_page_build($title, $include) { echo '<div class="themes-php wrap">'; switch ($include) { case 'core': $tab1 = TRUE; break; case 'style': $tab2 = TRUE; break; case 'advanced': $tab3 = TRUE; break; case 'system': $tab4 = TRUE; break; case 'backup': $tab5 = TRUE; break; default: $tab1 = TRUE; break; } $thistab_highlight = ' nav-tab-active'; echo '<div class="nav-tab-wrapper">'; echo '<h2 class="nav-tab-wrapper">'; echo '<a href="' . wp_sanitize_redirect(admin_url()) . 'admin.php?page=wonderflux" class="nav-tab'; if (isset($tab1)) { echo $thistab_highlight; } echo '">' . esc_attr__('Wonderflux Home', 'wonderflux') . '</a>'; echo '<a href="' . wp_sanitize_redirect(admin_url()) . 'admin.php?page=wonderflux_stylelab" class="nav-tab'; if (isset($tab2)) { echo $thistab_highlight; } echo '">' . esc_attr__('Stylelab', 'wonderflux') . '</a>'; echo '<a href="' . wp_sanitize_redirect(admin_url()) . 'admin.php?page=wonderflux_advanced" class="nav-tab'; if (isset($tab3)) { echo $thistab_highlight; } echo '">' . esc_attr__('Advanced', 'wonderflux') . '</a>'; echo '<a href="' . wp_sanitize_redirect(admin_url()) . 'admin.php?page=wonderflux_system" class="nav-tab'; if (isset($tab4)) { echo $thistab_highlight; } echo '">' . esc_attr__('System', 'wonderflux') . '</a>'; echo '<a href="' . wp_sanitize_redirect(admin_url()) . 'admin.php?page=wonderflux_backup" class="nav-tab'; if (isset($tab5)) { echo $thistab_highlight; } echo '">' . esc_attr__('Backup/Restore', 'wonderflux') . '</a>'; echo '</h2>'; echo '</div>'; if (isset($_GET['settings-updated'])) { echo '<div class="updated settings-error" id="setting-error-settings_updated"><p><strong>' . $title . ' ' . esc_attr__('Settings updated successfully.', 'wonderflux') . '</strong></p></div>'; } if (isset($_GET['backuperror'])) { echo '<div class="updated error" id="setting-error-settings_updated"><p><strong>' . esc_attr__('Import aborted - no settings changed. Sorry - looks like thats the wrong file you tried to import.', 'wonderflux') . '</strong></p></div>'; } if (isset($_GET['backupsuccess'])) { echo '<div class="updated" id="settings_updated"><p><strong>' . esc_attr__('Import complete - Wonderflux theme settings restored.', 'wonderflux') . '</strong></p></div>'; } require 'admin-pages/wf-page-' . $include . '.php'; if ($include == 'backup') { $this->admin_backup->wf_backup_form(); } // Include relevant output depending on grid system if ($include == 'advanced') { if ($this->wfx_grid_type == 'pixels') { $this->admin_forms->wf_form_helper_file_css_combine('css/wf-css-core-structure.css', 'Y'); } else { $this->admin_forms->wf_form_helper_file_css_combine_2('css/wf-css-flux-layout-core.css', 'Y'); } } // Backpat - depreciated function get_current_theme() in WordPress 3.4 $wf_current_theme = wp_get_theme()->Name; if ($wf_current_theme == 'Wonderflux Framework') { $output = '<div id="message2" class="updated">'; $output .= '<h3>' . esc_attr__('Ooops, you could be doing so much more with Wonderflux!', 'wonderflux') . '</h3>'; $output .= '<p>' . esc_attr__('Wonderflux is a theme framework. It can be directly activated like this and will work perfectly - but you are really missing out on all the cool stuff Wonderflux can do!', 'wonderflux') . '</p>'; $output .= '<p>'; $output .= esc_attr__('To get the most out of Wonderflux, you should take a quick read over', 'wonderflux'); $output .= ' <a href="http://wonderflux.com/guide/doc/introduction/" title="'; $output .= esc_attr__('Read the Wonderflux overview guide', 'wonderflux'); $output .= '">'; $output .= esc_attr__('the Wonderflux introduction', 'wonderflux'); $output .= '</a> '; $output .= esc_attr__('- also be sure to check out the documentation links below to learn about how to use the various aspects of Wonderflux.', 'wonderflux'); $output .= '</p>'; $output .= $this->wf_common_help(); $output .= '<p>'; $output .= esc_attr__('You can also', 'wonderflux'); $output .= ' <a href="https://github.com/Jonnyauk/wonderflux-girder/" title="'; $output .= esc_attr__('Download the free Girder Wonderflux child theme', 'wonderflux'); $output .= '">'; $output .= esc_attr__('download the free example Wonderflux child theme call Girder', 'wonderflux'); $output .= '</a>'; $output .= esc_attr__(' - take a look at the layout code and especially the theme functions.php file for references on using Wonderflux.', 'wonderflux'); $output .= '</strong></p>'; $output .= '</div>'; echo $output; } else { // Silence is golden //echo '<p>' . esc_attr__('You are using the','wonderflux') . ' ' . esc_attr($wf_current_theme) . ' ' . esc_attr__('Wonderflux child theme','wonderflux') . '</p>'; } $output = '<h2>' . esc_attr__('Help and support', 'wonderflux') . '</h2>'; $output .= '<p>'; $output .= ' <a href="http://wonderflux.com/guide/" title="'; $output .= esc_attr__('Visit the Wonderflux guide', 'wonderflux'); $output .= '">'; $output .= esc_attr__('The Wonderflux guide', 'wonderflux'); $output .= '</a> '; $output .= esc_attr__('is the official (work in progress!) documentation site for Wonderflux. Click on the direct links below to find relevant content.', 'wonderflux'); echo $output; echo $this->wf_common_help(); echo '</div>'; // close themes-php wrap div }
/** * Performs a safe (local) redirect, using wp_redirect(). * * Checks whether the $location is using an allowed host, if it has an absolute * path. A plugin can therefore set or remove allowed host(s) to or from the * list. * * If the host is not allowed, then the redirect is to wp-admin on the siteurl * instead. This prevents malicious redirects which redirect to another host, * but only used in a few places. * * @since 2.3.0 * * @return void Does not return anything **/ function wp_safe_redirect($location, $status = 302) { // Need to look at the URL the way it will end up in wp_redirect() $location = wp_sanitize_redirect($location); $location = wp_validate_redirect($location, admin_url()); wp_redirect($location, $status); }
/** * When jetpack-sso-auth-redirect query parameter is set, will redirect user to * WordPress.com authorization flow. * * We redirect here instead of in handle_login() because Jetpack::init()->build_connect_url * calls menu_page_url() which doesn't work properly until admin menus are registered. */ function maybe_authorize_user_after_sso() { if (empty($_GET['jetpack-sso-auth-redirect'])) { return; } $redirect_to = !empty($_GET['redirect_to']) ? esc_url_raw($_GET['redirect_to']) : admin_url(); $request_redirect_to = !empty($_GET['request_redirect_to']) ? esc_url_raw($_GET['request_redirect_to']) : $redirect_to; /** This filter is documented in core/src/wp-login.php */ $redirect_after_auth = apply_filters('login_redirect', $redirect_to, $request_redirect_to, wp_get_current_user()); /** * Since we are passing this redirect to WordPress.com and therefore can not use wp_safe_redirect(), * let's sanitize it here to make sure it's safe. If the redirect is not safe, then use admin_url(). */ $redirect_after_auth = wp_sanitize_redirect($redirect_after_auth); $redirect_after_auth = wp_validate_redirect($redirect_after_auth, admin_url()); /** * Return the raw connect URL with our redirect and attribute connection to SSO. */ $connect_url = Jetpack::init()->build_connect_url(true, $redirect_after_auth, 'sso'); add_filter('allowed_redirect_hosts', array('Jetpack_SSO_Helpers', 'allowed_redirect_hosts')); wp_safe_redirect($connect_url); exit; }
/** * If the request included a Redirect URL, parse, sanitize, and process the redirection * * @since 3.1.6 * @return void */ function maybe_redirect() { if (!empty($_POST['cc_redirect_url'])) { $safe_redirect = false; $requested_url = urldecode($_POST['cc_redirect_url']); $parsed = parse_url($requested_url); /** * This is a local URL, has a path but not a domain or http:// * * We use wp_safe_redirect() because it's definitely local. */ if (!empty($parsed['path']) && empty($parsed['host']) && empty($parsed['scheme'])) { // Generate the URL based on the path $redirect_url = site_url($parsed['path']); if (!empty($parsed['query'])) { $redirect_url .= '?' . $parsed['query']; } $safe_redirect = true; } elseif (!empty($parsed['query']) && !empty($parsed['scheme']) && !empty($parsed['host'])) { $path = isset($parsed['path']) ? $parsed['path'] : ''; $temp_url = $parsed['scheme'] . '://' . $parsed['host'] . $path; $temp_url = esc_url_raw($temp_url); $redirect_url = $temp_url . '?' . $parsed['query']; } else { $redirect_url = wp_sanitize_redirect($requested_url); } /** * Set whether to use wp_safe_redirect() for a request. If local URL, defaults to yes. If not, defaults to no. * * @var boolean */ $safe_redirect = apply_filters('constant_contact_force_use_safe_redirect', $safe_redirect, $this); do_action('ctct_activity', 'Redirecting User after processing', $redirect_url); if ($safe_redirect) { wp_safe_redirect($redirect_url); } else { wp_redirect($redirect_url); } exit; } }
function r20486_comment_post_redirect($location) { $location = wp_sanitize_redirect($location); $location = wp_validate_redirect($location, admin_url()); return $location; }
/** * Builds preview layout model and dispatches save. */ public function build_preview() { if (!Upfront_Permissions::current(Upfront_Permissions::SAVE) && !Upfront_Permissions::current(Upfront_Permissions::SAVE_REVISION)) { $this->_reject(); } global $post; $raw_data = stripslashes_deep($_POST); $data = !empty($raw_data['data']) ? $raw_data['data'] : ''; $current_url = !empty($raw_data['current_url']) ? $raw_data['current_url'] : home_url(); $current_url = wp_validate_redirect(wp_sanitize_redirect($current_url), false); $current_url = $current_url ? $current_url : home_url(); $layout = Upfront_Layout::from_json($data); $layout_id_key = $this->_data->save_revision($layout); // Check concurrent edits from other users $current_user_id = get_current_user_id(); $current_others_revisions = $this->_data->get_entity_revisions($layout->get_cascade(), array('date_query' => array(array('after' => "-15 minutes")), 'author__not_in' => array($current_user_id))); $concurrent_users = array(); if (!empty($current_others_revisions)) { foreach ($current_others_revisions as $rvsn) { if (empty($rvsn->post_author)) { continue; } $user = get_user_by('id', $rvsn->post_author); if (empty($user) || empty($user->ID)) { continue; } $concurrent_users[$user->ID] = $user->display_name; } } $preview_url = remove_query_arg('editmode', add_query_arg(array(self::HOOK => $layout_id_key), $current_url)); $this->_out(new Upfront_JsonResponse_Success(array('html' => $preview_url, 'concurrent_users' => $concurrent_users))); }
/** * Trigger the re-open ticket function * * This is triggered by the wpas_do custom actions. * * @since 3.3 * * @param array $data Superglobal data * * @return void */ function wpas_reopen_ticket_trigger($data) { if (isset($data['ticket_id'])) { $ticket_id = (int) $data['ticket_id']; if (!wpas_can_submit_ticket($ticket_id) && !current_user_can('edit_ticket')) { wpas_add_error('cannot_reopen_ticket', __('You are not allowed to re-open this ticket', 'awesome-support')); wpas_redirect('ticket_reopen', wpas_get_tickets_list_page_url()); exit; } wpas_reopen_ticket($ticket_id); wpas_add_notification('ticket_reopen', __('The ticket has been successfully re-opened.', 'awesome-support')); wpas_redirect('ticket_reopen', wp_sanitize_redirect(get_permalink($ticket_id))); exit; } }