/** * Retrieve HTTP Headers from URL. * * @since 1.5.1 * * @param string $url URL to retrieve HTTP headers from. * @param bool $deprecated Not Used. * @return bool|string False on failure, headers on success. */ function wp_get_http_headers($url, $deprecated = false) { if (!empty($deprecated)) { _deprecated_argument(__FUNCTION__, '2.7'); } $response = wp_safe_remote_head($url); if (is_wp_error($response)) { return false; } return wp_remote_retrieve_headers($response); }
/** * Finds a pingback server URI based on the given URL. * * Checks the HTML for the rel="pingback" link and x-pingback headers. It does * a check for the x-pingback headers first and returns that, if available. The * check for the rel="pingback" has more overhead than just the header. * * @since 1.5.0 * * @param string $url URL to ping. * @param int $deprecated Not Used. * @return false|string False on failure, string containing URI on success. */ function discover_pingback_server_uri($url, $deprecated = '') { if (!empty($deprecated)) { _deprecated_argument(__FUNCTION__, '2.7'); } $pingback_str_dquote = 'rel="pingback"'; $pingback_str_squote = 'rel=\'pingback\''; /** @todo Should use Filter Extension or custom preg_match instead. */ $parsed_url = parse_url($url); if (!isset($parsed_url['host'])) { // Not an URL. This should never happen. return false; } //Do not search for a pingback server on our own uploads $uploads_dir = wp_upload_dir(); if (0 === strpos($url, $uploads_dir['baseurl'])) { return false; } $response = wp_safe_remote_head($url, array('timeout' => 2, 'httpversion' => '1.0')); if (is_wp_error($response)) { return false; } if (wp_remote_retrieve_header($response, 'x-pingback')) { return wp_remote_retrieve_header($response, 'x-pingback'); } // Not an (x)html, sgml, or xml page, no use going further. if (preg_match('#(image|audio|video|model)/#is', wp_remote_retrieve_header($response, 'content-type'))) { return false; } // Now do a GET since we're going to look in the html headers (and we're sure it's not a binary file) $response = wp_safe_remote_get($url, array('timeout' => 2, 'httpversion' => '1.0')); if (is_wp_error($response)) { return false; } $contents = wp_remote_retrieve_body($response); $pingback_link_offset_dquote = strpos($contents, $pingback_str_dquote); $pingback_link_offset_squote = strpos($contents, $pingback_str_squote); if ($pingback_link_offset_dquote || $pingback_link_offset_squote) { $quote = $pingback_link_offset_dquote ? '"' : '\''; $pingback_link_offset = $quote == '"' ? $pingback_link_offset_dquote : $pingback_link_offset_squote; $pingback_href_pos = @strpos($contents, 'href=', $pingback_link_offset); $pingback_href_start = $pingback_href_pos + 6; $pingback_href_end = @strpos($contents, $quote, $pingback_href_start); $pingback_server_url_len = $pingback_href_end - $pingback_href_start; $pingback_server_url = substr($contents, $pingback_href_start, $pingback_server_url_len); // We may find rel="pingback" but an incomplete pingback URL if ($pingback_server_url_len > 0) { // We got it! return $pingback_server_url; } } return false; }
/** * @param $filename * * @return bool */ private function validate_filename($filename) { // check if file exists $url = WC_BooXtream::storedfilesurl . sanitize_file_name($filename) . '?exists'; // Set authentication $accountkey = $this->settings->accountkey; $loginname = $this->settings->accounts[$accountkey]['loginname']; $args = array('headers' => array('Authorization' => 'Basic ' . base64_encode($loginname . ':' . $accountkey))); $response = wp_safe_remote_head($url, $args); if ($response['response']['code'] !== 200) { return false; } return true; }
/** * Validate post links * * @since 0.1.0 * @change 0.7.1 * * @hook array spcl_acceptable_protocols * * @param intval $id Post ID */ public static function validate_links($id) { /* No PostID? */ if (empty($id)) { return; } /* Get post data */ $post = get_post($id); /* Post incomplete? */ if (empty($post) or empty($post->post_content)) { return; } /* Extract urls */ if (!($urls = wp_extract_urls($post->post_content))) { return; } /* Init */ $found = array(); /* Loop the urls */ foreach ($urls as $url) { /* Acceptable protocols filter */ $acceptable_protocols = (array) apply_filters('spcl_acceptable_protocols', array('http', 'https')); /* Scheme check */ if (!in_array(parse_url($url, PHP_URL_SCHEME), $acceptable_protocols)) { continue; } /* Fragment check */ if ($hash = parse_url($url, PHP_URL_FRAGMENT)) { $url = str_replace('#' . $hash, '', $url); } /* URL sanitization */ $url = esc_url_raw($url, $acceptable_protocols); /* Skip URL */ if (empty($url)) { continue; } /* Ping */ $response = wp_safe_remote_head($url); /* Error? */ if (is_wp_error($response)) { $found[] = array('url' => $url, 'error' => $response->get_error_message()); /* Respronse code */ } else { /* Status code */ $code = (int) wp_remote_retrieve_response_code($response); /* Handle error codes */ if ($code >= 400 && $code != 405) { $found[] = array('url' => $url, 'error' => sprintf('Status Code %d', $code)); } } } /* No items? */ if (empty($found)) { return; } /* Cache the result */ set_transient(self::_transient_hash(), $found, 60 * 30); }
/** * Handles form submission on save. Redirects if save is successful, otherwise sets an error message as a cmb property * * @return void */ function ot_handle_frontend_new_post_form_submission() { // If no form submission, bail if (empty($_POST) || !isset($_POST['submit-cmb'], $_POST['object_id'])) { return false; } // Get CMB2 metabox object $cmb = ot_frontend_cmb2_get(); $post_data = array(); // Get our shortcode attributes and set them as our initial post_data args if (isset($_POST['atts'])) { foreach ((array) $_POST['atts'] as $key => $value) { $post_data[$key] = sanitize_text_field($value); } unset($_POST['atts']); } // Check security nonce if (!isset($_POST[$cmb->nonce()]) || !wp_verify_nonce($_POST[$cmb->nonce()], $cmb->nonce())) { return $cmb->prop('submission_error', new WP_Error('security_fail', __('Security check failed.'))); } // Check title submitted if (empty($_POST['_ot_bv_link_submit_link'])) { return $cmb->prop('submission_error', new WP_Error('post_data_missing', __('New post requires a title.'))); } // And that the title is not the default title if ($cmb->get_field('_ot_bv_link_submit_link')->default() == $_POST['_ot_bv_link_submit_link']) { return $cmb->prop('submission_error', new WP_Error('post_data_missing', __('Please enter a new title.'))); } // Anti-spam honeypot - reject any submissions with this field isn't empty if (!empty($_POST['_ot_bv_link_submit_email_honeypot'])) { return $cmb->prop('submission_error', new WP_Error('post_data_missing', __('Sorry, we can\'t accept this submission.'))); } /** * Fetch sanitized values */ $sanitized_values = $cmb->get_sanitized_values($_POST); // Check the link is valid $url = $sanitized_values['_ot_bv_link_submit_link']; $response = wp_safe_remote_head($url, array('timeout' => 5)); $accepted_status_codes = array(200, 301, 302, 404); if ($_POST['_ot_bv_link_submit_link'] && !in_array(wp_remote_retrieve_response_code($response), $accepted_status_codes)) { return $cmb->prop('submission_error', new WP_Error('invalid_url', __('That URL doesn\'t seem to exist or is currently down, please try again.'))); } // Set the Title $get_title_from_url = get_title_from_url($url); // Set our post data arguments $post_data['post_title'] = $get_title_from_url; unset($get_title_from_url); $post_data['post_content'] = $sanitized_values['_ot_bv_link_submit_reason']; unset($sanitized_values['_ot_bv_link_submit_reason']); // select the category from the theme customiser $bv_links_category = get_theme_mod('ot_bv_user_selected_links_cat'); $post_data['post_category'] = array($bv_links_category); $post_data['tax_input'] = array('post_format' => array('post-format-link')); // Create the new post $new_submission_id = wp_insert_post($post_data, true); // If we hit a snag, update the user if (is_wp_error($new_submission_id)) { return $cmb->prop('submission_error', $new_submission_id); } // Loop through remaining (sanitized) data, and save to post-meta foreach ($sanitized_values as $key => $value) { if (is_array($value)) { $value = array_filter($value); if (!empty($value)) { update_post_meta($new_submission_id, $key, $value); } } else { update_post_meta($new_submission_id, $key, $value); } } /* * Redirect back to the form page with a query variable with the new post ID. * This will help double-submissions with browser refreshes */ wp_redirect(esc_url_raw(add_query_arg('post_submitted', $new_submission_id))); exit; }