/**
* Retrieve HTTP Headers from URL.
*
* @since 1.5.1
*
* @param string $url URL to retrieve HTTP headers from.
* @param bool $deprecated Not Used.
* @return bool|string False on failure, headers on success.
*/
function wp_get_http_headers($url, $deprecated = false)
{
if (!empty($deprecated)) {
_deprecated_argument(__FUNCTION__, '2.7');
}
$response = wp_safe_remote_head($url);
if (is_wp_error($response)) {
return false;
}
return wp_remote_retrieve_headers($response);
}
/**
* Finds a pingback server URI based on the given URL.
*
* Checks the HTML for the rel="pingback" link and x-pingback headers. It does
* a check for the x-pingback headers first and returns that, if available. The
* check for the rel="pingback" has more overhead than just the header.
*
* @since 1.5.0
*
* @param string $url URL to ping.
* @param int $deprecated Not Used.
* @return false|string False on failure, string containing URI on success.
*/
function discover_pingback_server_uri($url, $deprecated = '')
{
if (!empty($deprecated)) {
_deprecated_argument(__FUNCTION__, '2.7');
}
$pingback_str_dquote = 'rel="pingback"';
$pingback_str_squote = 'rel=\'pingback\'';
/** @todo Should use Filter Extension or custom preg_match instead. */
$parsed_url = parse_url($url);
if (!isset($parsed_url['host'])) {
// Not an URL. This should never happen.
return false;
}
//Do not search for a pingback server on our own uploads
$uploads_dir = wp_upload_dir();
if (0 === strpos($url, $uploads_dir['baseurl'])) {
return false;
}
$response = wp_safe_remote_head($url, array('timeout' => 2, 'httpversion' => '1.0'));
if (is_wp_error($response)) {
return false;
}
if (wp_remote_retrieve_header($response, 'x-pingback')) {
return wp_remote_retrieve_header($response, 'x-pingback');
}
// Not an (x)html, sgml, or xml page, no use going further.
if (preg_match('#(image|audio|video|model)/#is', wp_remote_retrieve_header($response, 'content-type'))) {
return false;
}
// Now do a GET since we're going to look in the html headers (and we're sure it's not a binary file)
$response = wp_safe_remote_get($url, array('timeout' => 2, 'httpversion' => '1.0'));
if (is_wp_error($response)) {
return false;
}
$contents = wp_remote_retrieve_body($response);
$pingback_link_offset_dquote = strpos($contents, $pingback_str_dquote);
$pingback_link_offset_squote = strpos($contents, $pingback_str_squote);
if ($pingback_link_offset_dquote || $pingback_link_offset_squote) {
$quote = $pingback_link_offset_dquote ? '"' : '\'';
$pingback_link_offset = $quote == '"' ? $pingback_link_offset_dquote : $pingback_link_offset_squote;
$pingback_href_pos = @strpos($contents, 'href=', $pingback_link_offset);
$pingback_href_start = $pingback_href_pos + 6;
$pingback_href_end = @strpos($contents, $quote, $pingback_href_start);
$pingback_server_url_len = $pingback_href_end - $pingback_href_start;
$pingback_server_url = substr($contents, $pingback_href_start, $pingback_server_url_len);
// We may find rel="pingback" but an incomplete pingback URL
if ($pingback_server_url_len > 0) {
// We got it!
return $pingback_server_url;
}
}
return false;
}
/**
* @param $filename
*
* @return bool
*/
private function validate_filename($filename)
{
// check if file exists
$url = WC_BooXtream::storedfilesurl . sanitize_file_name($filename) . '?exists';
// Set authentication
$accountkey = $this->settings->accountkey;
$loginname = $this->settings->accounts[$accountkey]['loginname'];
$args = array('headers' => array('Authorization' => 'Basic ' . base64_encode($loginname . ':' . $accountkey)));
$response = wp_safe_remote_head($url, $args);
if ($response['response']['code'] !== 200) {
return false;
}
return true;
}
/**
* Validate post links
*
* @since 0.1.0
* @change 0.7.1
*
* @hook array spcl_acceptable_protocols
*
* @param intval $id Post ID
*/
public static function validate_links($id)
{
/* No PostID? */
if (empty($id)) {
return;
}
/* Get post data */
$post = get_post($id);
/* Post incomplete? */
if (empty($post) or empty($post->post_content)) {
return;
}
/* Extract urls */
if (!($urls = wp_extract_urls($post->post_content))) {
return;
}
/* Init */
$found = array();
/* Loop the urls */
foreach ($urls as $url) {
/* Acceptable protocols filter */
$acceptable_protocols = (array) apply_filters('spcl_acceptable_protocols', array('http', 'https'));
/* Scheme check */
if (!in_array(parse_url($url, PHP_URL_SCHEME), $acceptable_protocols)) {
continue;
}
/* Fragment check */
if ($hash = parse_url($url, PHP_URL_FRAGMENT)) {
$url = str_replace('#' . $hash, '', $url);
}
/* URL sanitization */
$url = esc_url_raw($url, $acceptable_protocols);
/* Skip URL */
if (empty($url)) {
continue;
}
/* Ping */
$response = wp_safe_remote_head($url);
/* Error? */
if (is_wp_error($response)) {
$found[] = array('url' => $url, 'error' => $response->get_error_message());
/* Respronse code */
} else {
/* Status code */
$code = (int) wp_remote_retrieve_response_code($response);
/* Handle error codes */
if ($code >= 400 && $code != 405) {
$found[] = array('url' => $url, 'error' => sprintf('Status Code %d', $code));
}
}
}
/* No items? */
if (empty($found)) {
return;
}
/* Cache the result */
set_transient(self::_transient_hash(), $found, 60 * 30);
}
/**
* Handles form submission on save. Redirects if save is successful, otherwise sets an error message as a cmb property
*
* @return void
*/
function ot_handle_frontend_new_post_form_submission()
{
// If no form submission, bail
if (empty($_POST) || !isset($_POST['submit-cmb'], $_POST['object_id'])) {
return false;
}
// Get CMB2 metabox object
$cmb = ot_frontend_cmb2_get();
$post_data = array();
// Get our shortcode attributes and set them as our initial post_data args
if (isset($_POST['atts'])) {
foreach ((array) $_POST['atts'] as $key => $value) {
$post_data[$key] = sanitize_text_field($value);
}
unset($_POST['atts']);
}
// Check security nonce
if (!isset($_POST[$cmb->nonce()]) || !wp_verify_nonce($_POST[$cmb->nonce()], $cmb->nonce())) {
return $cmb->prop('submission_error', new WP_Error('security_fail', __('Security check failed.')));
}
// Check title submitted
if (empty($_POST['_ot_bv_link_submit_link'])) {
return $cmb->prop('submission_error', new WP_Error('post_data_missing', __('New post requires a title.')));
}
// And that the title is not the default title
if ($cmb->get_field('_ot_bv_link_submit_link')->default() == $_POST['_ot_bv_link_submit_link']) {
return $cmb->prop('submission_error', new WP_Error('post_data_missing', __('Please enter a new title.')));
}
// Anti-spam honeypot - reject any submissions with this field isn't empty
if (!empty($_POST['_ot_bv_link_submit_email_honeypot'])) {
return $cmb->prop('submission_error', new WP_Error('post_data_missing', __('Sorry, we can\'t accept this submission.')));
}
/**
* Fetch sanitized values
*/
$sanitized_values = $cmb->get_sanitized_values($_POST);
// Check the link is valid
$url = $sanitized_values['_ot_bv_link_submit_link'];
$response = wp_safe_remote_head($url, array('timeout' => 5));
$accepted_status_codes = array(200, 301, 302, 404);
if ($_POST['_ot_bv_link_submit_link'] && !in_array(wp_remote_retrieve_response_code($response), $accepted_status_codes)) {
return $cmb->prop('submission_error', new WP_Error('invalid_url', __('That URL doesn\'t seem to exist or is currently down, please try again.')));
}
// Set the Title
$get_title_from_url = get_title_from_url($url);
// Set our post data arguments
$post_data['post_title'] = $get_title_from_url;
unset($get_title_from_url);
$post_data['post_content'] = $sanitized_values['_ot_bv_link_submit_reason'];
unset($sanitized_values['_ot_bv_link_submit_reason']);
// select the category from the theme customiser
$bv_links_category = get_theme_mod('ot_bv_user_selected_links_cat');
$post_data['post_category'] = array($bv_links_category);
$post_data['tax_input'] = array('post_format' => array('post-format-link'));
// Create the new post
$new_submission_id = wp_insert_post($post_data, true);
// If we hit a snag, update the user
if (is_wp_error($new_submission_id)) {
return $cmb->prop('submission_error', $new_submission_id);
}
// Loop through remaining (sanitized) data, and save to post-meta
foreach ($sanitized_values as $key => $value) {
if (is_array($value)) {
$value = array_filter($value);
if (!empty($value)) {
update_post_meta($new_submission_id, $key, $value);
}
} else {
update_post_meta($new_submission_id, $key, $value);
}
}
/*
* Redirect back to the form page with a query variable with the new post ID.
* This will help double-submissions with browser refreshes
*/
wp_redirect(esc_url_raw(add_query_arg('post_submitted', $new_submission_id)));
exit;
}
