Пример #1
0
 /**
  * Add rel="nofollow"
  * to the given attribute
  * array if the specified
  * href is external
  *
  * @param array $attrs
  *
  * @return mixed
  */
 public static function add_link_rel($attrs)
 {
     if (isset($attrs['href']) && !empty($attrs['href']) && !wp_validate_redirect($attrs['href'], false)) {
         $attrs['rel'] = 'nofollow';
     }
     return $attrs;
 }
Пример #2
0
/**
 * Add to cart messages.
 *
 * @access public
 * @param int|array $products
 * @param bool $show_qty Should qty's be shown? Added in 2.6.0
 */
function wc_add_to_cart_message($products, $show_qty = false)
{
    $titles = array();
    $count = 0;
    if (!is_array($products)) {
        $products = array($products);
        $show_qty = false;
    }
    if (!$show_qty && !is_array($products)) {
        $products = array_fill_keys(array_values($products), 1);
    }
    foreach ($products as $product_id => $qty) {
        $titles[] = ($qty > 1 ? absint($qty) . ' × ' : '') . sprintf(_x('“%s”', 'Item name in quotes', 'woocommerce'), strip_tags(get_the_title($product_id)));
        $count += $qty;
    }
    $titles = array_filter($titles);
    $added_text = sprintf(_n('%s has been added to your cart.', '%s have been added to your cart.', $count, 'woocommerce'), wc_format_list_of_items($titles));
    // Output success messages
    if ('yes' === get_option('woocommerce_cart_redirect_after_add')) {
        $return_to = apply_filters('woocommerce_continue_shopping_redirect', wp_get_raw_referer() ? wp_validate_redirect(wp_get_raw_referer(), false) : wc_get_page_permalink('shop'));
        $message = sprintf('<a href="%s" class="button wc-forward">%s</a> %s', esc_url($return_to), esc_html__('Continue Shopping', 'woocommerce'), esc_html($added_text));
    } else {
        $message = sprintf('<a href="%s" class="button wc-forward">%s</a> %s', esc_url(wc_get_page_permalink('cart')), esc_html__('View Cart', 'woocommerce'), esc_html($added_text));
    }
    wc_add_notice(apply_filters('wc_add_to_cart_message', $message, $product_id));
}
 public function json_create_user()
 {
     $error = array("status" => 0, "msg" => __('There has been an error processing your request. Please, reload the page and try again.', Eab_EventsHub::TEXT_DOMAIN));
     $data = stripslashes_deep($_POST);
     $email = $data['email'];
     if (empty($email)) {
         $error['msg'] = __('Please, submit an email.', Eab_EventsHub::TEXT_DOMAIN);
         die(json_encode($error));
     }
     if (!is_email($email)) {
         $error['msg'] = __('Please, submit a valid email.', Eab_EventsHub::TEXT_DOMAIN);
         die(json_encode($error));
     }
     if (email_exists($email)) {
         $current_location = get_permalink();
         if (!empty($data['location'])) {
             // Let's make this sane first - it's coming from a POST request, so make that sane
             $loc = wp_validate_redirect(wp_sanitize_redirect($data['location']));
             if (!empty($loc)) {
                 $current_location = $loc;
             }
         }
         $login_link = wp_login_url($current_location);
         $login_message = sprintf(__('The email address already exists. Please <a href="%s">Login</a> and RSVP to the event.', Eab_EventsHub::TEXT_DOMAIN), $login_link);
         $error['msg'] = $login_message;
         die(json_encode($error));
     }
     $wordp_user = $this->_create_user($email);
     if (is_object($wordp_user) && !empty($wordp_user->ID)) {
         $this->_login_user($wordp_user);
     } else {
         die(json_encode($error));
     }
     die(json_encode(array("status" => 1)));
 }
 /**
  * Authorizations
  */
 function client_authorize()
 {
     $data = stripslashes_deep($_GET);
     $data['auth_type'] = 'client';
     $role = Jetpack::translate_current_user_to_role();
     $redirect = isset($data['redirect']) ? esc_url_raw((string) $data['redirect']) : '';
     $this->check_admin_referer("jetpack-authorize_{$role}_{$redirect}");
     $result = $this->authorize($data);
     if (is_wp_error($result)) {
         Jetpack::state('error', $result->get_error_code());
     }
     if (wp_validate_redirect($redirect)) {
         $this->wp_safe_redirect($redirect);
     } else {
         $this->wp_safe_redirect(Jetpack::admin_url());
     }
     /**
      * Fires after the Jetpack client is authorized to communicate with WordPress.com.
      *
      * @since 4.2.0
      *
      * @param int Jetpack Blog ID.
      */
     do_action('jetpack_client_authorized', Jetpack_Options::get_option('id'));
     $this->do_exit();
 }
 /**
  * catch quicklink submissions and redirect if the URL is valid.
  *
  * @since  1.0.4
  * @return void
  */
 protected function redirect_quick_link()
 {
     if (!isset($_POST['mlp_quicklink_select'])) {
         return;
     }
     add_filter('allowed_redirect_hosts', array($this, 'extend_allowed_hosts'), 10, 2);
     $url = wp_validate_redirect($_POST['mlp_quicklink_select'], FALSE);
     remove_filter('allowed_redirect_hosts', array($this, 'extend_allowed_hosts'));
     if (!$url) {
         return;
     }
     // force GET request
     wp_redirect($url, 303);
     exit;
 }
Пример #6
0
 /**
  * Track the page view
  *
  * @since   0.1.0
  * @change  1.4.2
  */
 public static function track_visit()
 {
     /* Init vars */
     $use_snippet = self::$_options['snippet'];
     $is_snippet = $use_snippet && get_query_var('statify_target');
     /* Skip tracking */
     if (self::_skip_tracking()) {
         return self::_jump_out($is_snippet);
     }
     /* Set target & referrer */
     if ($is_snippet) {
         $target = urldecode(get_query_var('statify_target'));
         $referrer = urldecode(get_query_var('statify_referrer'));
     } else {
         if (!$use_snippet) {
             $target = isset($_SERVER['REQUEST_URI']) ? wp_unslash($_SERVER['REQUEST_URI']) : '/';
             $referrer = isset($_SERVER['HTTP_REFERER']) ? wp_unslash($_SERVER['HTTP_REFERER']) : '';
         } else {
             return;
         }
     }
     /* Invalid target? */
     if (empty($target) or !wp_validate_redirect($target, false)) {
         return self::_jump_out($is_snippet);
     }
     /* Global vars */
     global $wpdb, $wp_rewrite;
     /* Init rows */
     $data = array('created' => '', 'referrer' => '', 'target' => '');
     /* Set request timestamp */
     $data['created'] = strftime('%Y-%m-%d', current_time('timestamp'));
     /* Sanitize referrer url */
     if (!empty($referrer) && strpos($referrer, home_url()) === false) {
         $data['referrer'] = esc_url_raw($referrer, array('http', 'https'));
     }
     /* Relative target url */
     $data['target'] = home_url($target, 'relative');
     /* Trim target url */
     if ($wp_rewrite->permalink_structure) {
         $data['target'] = parse_url($data['target'], PHP_URL_PATH);
     }
     /* Sanitize target url */
     $data['target'] = esc_url_raw($data['target']);
     /* Insert */
     $wpdb->insert($wpdb->statify, $data);
     /* Jump! */
     return self::_jump_out($is_snippet);
 }
 /**
  * Authorizations
  */
 function client_authorize()
 {
     $data = stripslashes_deep($_GET);
     $data['auth_type'] = 'client';
     $jetpack = $this->get_jetpack();
     $role = $jetpack->translate_current_user_to_role();
     $redirect = isset($data['redirect']) ? esc_url_raw((string) $data['redirect']) : '';
     $this->check_admin_referer("jetpack-authorize_{$role}_{$redirect}");
     $result = $this->authorize($data);
     if (is_wp_error($result)) {
         Jetpack::state('error', $result->get_error_code());
     }
     if (wp_validate_redirect($redirect)) {
         $this->wp_safe_redirect($redirect);
     } else {
         $this->wp_safe_redirect(Jetpack::admin_url());
     }
     $this->do_exit();
 }
 /**
  * Safe Redirect
  *
  * Ensure the redirect is to the same site or pluggable list of allowed domains.
  * If invalid will redirect to ...
  * Based on the WordPress wp_safe_redirect() function.
  */
 function safe_redirect($location, $status = 302)
 {
     $location = wp_sanitize_redirect($location);
     $location = wp_validate_redirect($location, home_url());
     wp_redirect($location, $status);
 }
Пример #9
0
 function authorize()
 {
     $data = stripslashes_deep($_GET);
     $args = array();
     $redirect = isset($data['redirect']) ? esc_url_raw((string) $data['redirect']) : '';
     do {
         $jetpack = Jetpack::init();
         $role = $jetpack->translate_current_user_to_role();
         if (!$role) {
             Jetpack::state('error', 'no_role');
             break;
         }
         $cap = $jetpack->translate_role_to_cap($role);
         if (!$cap) {
             Jetpack::state('error', 'no_cap');
             break;
         }
         check_admin_referer("jetpack-authorize_{$role}_{$redirect}");
         if (!empty($data['error'])) {
             Jetpack::state('error', $data['error']);
             break;
         }
         if (empty($data['state'])) {
             Jetpack::state('error', 'no_state');
             break;
         }
         if (!ctype_digit($data['state'])) {
             Jetpack::state('error', 'invalid_state');
             break;
         }
         $current_user_id = get_current_user_id();
         if ($current_user_id != $data['state']) {
             Jetpack::state('error', 'wrong_state');
             break;
         }
         if (empty($data['code'])) {
             Jetpack::state('error', 'no_code');
             break;
         }
         $token = $this->get_token($data);
         if (is_wp_error($token)) {
             if ($error = $token->get_error_code()) {
                 Jetpack::state('error', $error);
             } else {
                 Jetpack::state('error', 'invalid_token');
             }
             Jetpack::state('error_description', $token->get_error_message());
             break;
         }
         if (!$token) {
             Jetpack::state('error', 'no_token');
             break;
         }
         $is_master_user = !Jetpack::is_active();
         Jetpack::update_user_token($current_user_id, sprintf('%s.%d', $token, $current_user_id), $is_master_user);
         if ($is_master_user) {
             Jetpack::state('message', 'authorized');
         } else {
             Jetpack::state('message', 'linked');
             // Don't activate anything since we are just connecting a user.
             break;
         }
         if ($active_modules = Jetpack::get_option('active_modules')) {
             Jetpack::delete_option('active_modules');
             Jetpack::activate_default_modules(999, 1, $active_modules);
         } else {
             Jetpack::activate_default_modules();
         }
         $jetpack->sync->register('noop');
         // Spawn a sync to make sure the Jetpack Servers know what modules are active.
         // Start nonce cleaner
         wp_clear_scheduled_hook('jetpack_clean_nonces');
         wp_schedule_event(time(), 'hourly', 'jetpack_clean_nonces');
     } while (false);
     if (wp_validate_redirect($redirect)) {
         wp_safe_redirect($redirect);
     } else {
         wp_safe_redirect(Jetpack::admin_url());
     }
     exit;
 }
Пример #10
0
/**
 * Retrieve original referer that was posted, if it exists.
 *
 * @since 2.0.4
 *
 * @return string|false False if no original referer or original referer if set.
 */
function wp_get_original_referer()
{
    if (!empty($_REQUEST['_wp_original_http_referer']) && function_exists('wp_validate_redirect')) {
        return wp_validate_redirect(wp_unslash($_REQUEST['_wp_original_http_referer']), false);
    }
    return false;
}
Пример #11
0
 static function JsRedirect($url, $unsafe = false)
 {
     $url = wp_sanitize_redirect($url);
     if (!$unsafe) {
         $url = wp_validate_redirect($url, apply_filters('wp_safe_redirect_fallback', admin_url(), 302));
     }
     echo '<script type="text/javascript"> window.location = "', str_replace('"', '\\"', $url), '"; </script><h1><a href="', esc_attr($url), '">', esc_html($url), '</a></h1>';
     // NO exit/die here!
 }
 /**
  * Redirect back to the provided return_url
  *
  * @since 1.2.0
  * @param string $redirect_location
  * @param string $redirect_location
  */
 public function redirect_after_save_account_details($redirect_location)
 {
     $safe_redirect_location = get_permalink(wc_get_page_id('myaccount'));
     $safe_redirect_location = wp_sanitize_redirect($safe_redirect_location);
     $safe_redirect_location = wp_validate_redirect($safe_redirect_location, admin_url());
     if ($redirect_location === $safe_redirect_location && ($new_location = get_transient('wcsl_' . md5($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'])))) {
         $redirect_location = $new_location;
         delete_transient('wcsl_' . md5($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT']));
     }
     return $redirect_location;
 }
Пример #13
0
 /**
  * Возвращает URL, на который пользователь должен быть перенаправлен после успешной авторизации.
  *
  * @param string           $redirect_to           URL-адрес перенаправления.
  * @param string           $requested_redirect_to The requested redirect destination URL passed as a parameter.
  * @param WP_User|WP_Error $user                  WP_User  если Логин прошла успешно, в противном случае объект  WP_Error.
  *
  * @return string Redirect URL
  */
 public function redirect_after_login($redirect_to, $requested_redirect_to, $user)
 {
     $redirect_url = home_url();
     if (!isset($user->ID)) {
         return $redirect_url;
     }
     if (user_can($user, 'manage_options')) {
         //  Используйте параметр redirect_to если он установлен, в противном случае перенаправления администратора приборной панели.
         if ($requested_redirect_to == '') {
             $redirect_url = admin_url();
         } else {
             $redirect_url = $requested_redirect_to;
         }
     } else {
         //Простым пользователям всегда идти к своей странице аккаунта после регистрации
         $redirect_url = home_url('member-account');
     }
     return wp_validate_redirect($redirect_url, home_url());
 }
        /**
         * Method used for the janrain_capture_logout action on admin-ajax.php.
         */
        function logout()
        {
            $s = isset($_SERVER['HTTPS']) ? '; secure' : '';
            $n = self::$name;
            $r = isset($_GET['source']) ? $_GET['source'] : home_url();
            $r = wp_validate_redirect($r, home_url());
            // Escaping - applied early due to heredoc
            if (function_exists('wp_json_encode')) {
                $r = wp_json_encode($r);
            } elseif (function_exists('json_encode')) {
                $r = json_encode($r);
            }
            echo <<<LOGOUT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
\t "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
\t<head>
\t<title>Janrain Capture</title>
\t</head>
\t<body>
\t<script type="text/javascript">
\t\tdocument.cookie = 'backplane-channel=; expires=Thu, 01-Jan-70 00:00:01 GMT; path=/{$s}';
\t\twindow.location.href = {$r};
\t</script>
\t</body>
</html>
LOGOUT;
            exit;
        }
Пример #15
0
 /**
  * Builds a URL to the Jetpack connection auth page
  *
  * @since 3.9.5
  *
  * @param bool $raw If true, URL will not be escaped.
  * @param bool|string $redirect If true, will redirect back to Jetpack wp-admin landing page after connection.
  *                              If string, will be a custom redirect.
  * @param bool|string $from If not false, adds 'from=$from' param to the connect URL.
  *
  * @return string Connect URL
  */
 function build_connect_url($raw = false, $redirect = false, $from = false)
 {
     if (!Jetpack_Options::get_option('blog_token') || !Jetpack_Options::get_option('id')) {
         $url = Jetpack::nonce_url_no_esc(Jetpack::admin_url('action=register'), 'jetpack-register');
         if (is_network_admin()) {
             $url = add_query_arg('is_multisite', network_admin_url('admin.php?page=jetpack-settings'), $url);
         }
     } else {
         require_once JETPACK__GLOTPRESS_LOCALES_PATH;
         $role = $this->translate_current_user_to_role();
         $signed_role = $this->sign_role($role);
         $user = wp_get_current_user();
         $jetpack_admin_page = esc_url_raw(admin_url('admin.php?page=jetpack'));
         $redirect = $redirect ? wp_validate_redirect(esc_url_raw($redirect), $jetpack_admin_page) : $jetpack_admin_page;
         $gp_locale = GP_Locales::by_field('wp_locale', get_locale());
         if (isset($_REQUEST['is_multisite'])) {
             $redirect = Jetpack_Network::init()->get_url('network_admin_page');
         }
         $secrets = Jetpack::init()->generate_secrets('authorize');
         @(list($secret) = explode(':', $secrets));
         $site_icon = function_exists('has_site_icon') && has_site_icon() ? get_site_icon_url() : false;
         $args = urlencode_deep(array('response_type' => 'code', 'client_id' => Jetpack_Options::get_option('id'), 'redirect_uri' => add_query_arg(array('action' => 'authorize', '_wpnonce' => wp_create_nonce("jetpack-authorize_{$role}_{$redirect}"), 'redirect' => urlencode($redirect)), esc_url(admin_url('admin.php?page=jetpack'))), 'state' => $user->ID, 'scope' => $signed_role, 'user_email' => $user->user_email, 'user_login' => $user->user_login, 'is_active' => Jetpack::is_active(), 'jp_version' => JETPACK__VERSION, 'auth_type' => 'calypso', 'secret' => $secret, 'locale' => isset($gp_locale->slug) ? $gp_locale->slug : '', 'blogname' => get_option('blogname'), 'site_url' => site_url(), 'home_url' => home_url(), 'site_icon' => $site_icon));
         $url = add_query_arg($args, Jetpack::api_url('authorize'));
     }
     if ($from) {
         $url = add_query_arg('from', $from, $url);
     }
     if (isset($_GET['calypso_env'])) {
         $url = add_query_arg('calypso_env', sanitize_key($_GET['calypso_env']), $url);
     }
     return $raw ? $url : esc_url($url);
 }
 function r20486_comment_post_redirect($location)
 {
     $location = wp_sanitize_redirect($location);
     $location = wp_validate_redirect($location, admin_url());
     return $location;
 }
Пример #17
0
 /**
  * Catches quicklink submissions and redirects if the URL is valid.
  *
  * @since 1.0.4
  *
  * @param string $url The URL that is to be redirected to.
  *
  * @return void
  */
 private function redirect_quick_link($url)
 {
     $callback = [$this, 'extend_allowed_hosts'];
     add_filter('allowed_redirect_hosts', $callback, 10, 2);
     $url = wp_validate_redirect($url, false);
     remove_filter('allowed_redirect_hosts', $callback);
     if (!$url) {
         return;
     }
     // Force GET request.
     wp_redirect($url, 303);
     \Inpsyde\MultilingualPress\call_exit();
 }
Пример #18
0
 /**
  * Returns the URL to which the user should be redirected after the (successful) login.
  *
  * @param string           $redirect_to           The redirect destination URL.
  * @param string           $requested_redirect_to The requested redirect destination URL passed as a parameter.
  * @param WP_User|WP_Error $user                  WP_User object if login was successful, WP_Error object otherwise.
  *
  * @return string Redirect URL
  */
 public function redirect_after_login($redirect_to, $requested_redirect_to, $user)
 {
     $redirect_url = home_url();
     if (!isset($user->ID)) {
         return $redirect_url;
     }
     if (user_can($user, 'manage_options')) {
         // Use the redirect_to parameter if one is set, otherwise redirect to admin dashboard.
         if ($requested_redirect_to == '') {
             $redirect_url = admin_url();
         } else {
             $redirect_url = $requested_redirect_to;
         }
     } else {
         // Non-admin users always go to their account page after login
         //$redirect_url = home_url( 'profile' );
         $redirect_url = home_url($user->user_login);
     }
     return wp_validate_redirect($redirect_url, home_url());
 }
Пример #19
0
 /**
  * Builds a URL to the Jetpack connection auth page
  *
  * @since 3.9.5
  *
  * @param bool $raw If true, URL will not be escaped.
  * @param bool|string $redirect If true, will redirect back to Jetpack wp-admin landing page after connection.
  *                              If string, will be a custom redirect.
  * @param bool|string $from If not false, adds 'from=$from' param to the connect URL.
  *
  * @return string Connect URL
  */
 function build_connect_url($raw = false, $redirect = false, $from = false)
 {
     if (!Jetpack_Options::get_option('blog_token') || !Jetpack_Options::get_option('id')) {
         $url = Jetpack::nonce_url_no_esc(Jetpack::admin_url('action=register'), 'jetpack-register');
         if (is_network_admin()) {
             $url = add_query_arg('is_multisite', network_admin_url('admin.php?page=jetpack-settings'), $url);
         }
     } else {
         if (defined('JETPACK__GLOTPRESS_LOCALES_PATH') && (include_once JETPACK__GLOTPRESS_LOCALES_PATH)) {
             $gp_locale = GP_Locales::by_field('wp_locale', get_locale());
         }
         $role = self::translate_current_user_to_role();
         $signed_role = self::sign_role($role);
         $user = wp_get_current_user();
         $jetpack_admin_page = esc_url_raw(admin_url('admin.php?page=jetpack'));
         $redirect = $redirect ? wp_validate_redirect(esc_url_raw($redirect), $jetpack_admin_page) : $jetpack_admin_page;
         if (isset($_REQUEST['is_multisite'])) {
             $redirect = Jetpack_Network::init()->get_url('network_admin_page');
         }
         $secrets = Jetpack::init()->generate_secrets('authorize');
         @(list($secret) = explode(':', $secrets));
         $site_icon = function_exists('has_site_icon') && has_site_icon() ? get_site_icon_url() : false;
         /**
          * Filter the type of authorization.
          * 'calypso' completes authorization on wordpress.com/jetpack/connect
          * while 'jetpack' ( or any other value ) completes the authorization at jetpack.wordpress.com.
          *
          * @since 4.3.3
          *
          * @param string $auth_type Defaults to 'calypso', can also be 'jetpack'.
          */
         $auth_type = apply_filters('jetpack_auth_type', 'calypso');
         $args = urlencode_deep(array('response_type' => 'code', 'client_id' => Jetpack_Options::get_option('id'), 'redirect_uri' => add_query_arg(array('action' => 'authorize', '_wpnonce' => wp_create_nonce("jetpack-authorize_{$role}_{$redirect}"), 'redirect' => urlencode($redirect)), esc_url(admin_url('admin.php?page=jetpack'))), 'state' => $user->ID, 'scope' => $signed_role, 'user_email' => $user->user_email, 'user_login' => $user->user_login, 'is_active' => Jetpack::is_active(), 'jp_version' => JETPACK__VERSION, 'auth_type' => $auth_type, 'secret' => $secret, 'locale' => isset($gp_locale) && isset($gp_locale->slug) ? $gp_locale->slug : '', 'blogname' => get_option('blogname'), 'site_url' => site_url(), 'home_url' => home_url(), 'site_icon' => $site_icon));
         $url = add_query_arg($args, Jetpack::api_url('authorize'));
     }
     if ($from) {
         $url = add_query_arg('from', $from, $url);
     }
     if (isset($_GET['calypso_env'])) {
         $url = add_query_arg('calypso_env', sanitize_key($_GET['calypso_env']), $url);
     }
     return $raw ? $url : esc_url($url);
 }
function new_fb_redirect()
{
    $redirect = get_site_transient(nextend_uniqid() . '_fb_r');
    if (!$redirect || $redirect == '' || $redirect == new_fb_login_url()) {
        if (isset($_GET['redirect'])) {
            $redirect = $_GET['redirect'];
        } else {
            $redirect = site_url();
        }
    }
    $redirect = wp_sanitize_redirect($redirect);
    $redirect = wp_validate_redirect($redirect, site_url());
    header('LOCATION: ' . $redirect);
    delete_site_transient(nextend_uniqid() . '_fb_r');
    exit;
}
Пример #21
0
/**
 * Whitelists allowed redirect hosts for safe HTTP requests as well.
 *
 * Attached to the http_request_host_is_external filter.
 *
 * @since 3.6.0
 *
 * @param bool $is_external
 * @param string $host
 * @return bool
 */
function allowed_http_request_hosts($is_external, $host)
{
    if (!$is_external && wp_validate_redirect('http://' . $host)) {
        $is_external = true;
    }
    return $is_external;
}
Пример #22
0
 /**
  * Performs a safe (local) redirect, using wp_redirect().
  *
  * Checks whether the $location is using an allowed host, if it has an absolute
  * path. A plugin can therefore set or remove allowed host(s) to or from the
  * list.
  *
  * If the host is not allowed, then the redirect defaults to wp-admin on the siteurl
  * instead. This prevents malicious redirects which redirect to another host,
  * but only used in a few places.
  *
  * @since 2.3.0
  *
  * @param string $location The path to redirect to.
  * @param int    $status   Status code to use.
  */
 function wp_safe_redirect($location, $status = 302)
 {
     // Need to look at the URL the way it will end up in wp_redirect()
     $location = wp_sanitize_redirect($location);
     /**
      * Filters the redirect fallback URL for when the provided redirect is not safe (local).
      *
      * @since 4.3.0
      *
      * @param string $fallback_url The fallback URL to use by default.
      * @param int    $status       The redirect status.
      */
     $location = wp_validate_redirect($location, apply_filters('wp_safe_redirect_fallback', admin_url(), $status));
     wp_redirect($location, $status);
 }
Пример #23
0
 * @package WordPress
 * @subpackage Customize
 * @since 3.4.0
 */
define('IFRAME_REQUEST', true);
/** Load WordPress Administration Bootstrap */
require_once dirname(__FILE__) . '/admin.php';
if (!current_user_can('customize')) {
    wp_die(__('Cheatin&#8217; uh?'), 403);
}
wp_reset_vars(array('url', 'return'));
$url = wp_unslash($url);
$url = wp_validate_redirect($url, home_url('/'));
if ($return) {
    $return = wp_unslash($return);
    $return = wp_validate_redirect($return);
}
if (!$return) {
    if ($url) {
        $return = $url;
    } elseif (current_user_can('edit_theme_options') || current_user_can('switch_themes')) {
        $return = admin_url('themes.php');
    } else {
        $return = admin_url();
    }
}
global $wp_scripts, $wp_customize;
$registered = $wp_scripts->registered;
$wp_scripts = new WP_Scripts();
$wp_scripts->registered = $registered;
add_action('customize_controls_print_scripts', 'print_head_scripts', 20);
Пример #24
0
 /**
  * When jetpack-sso-auth-redirect query parameter is set, will redirect user to
  * WordPress.com authorization flow.
  *
  * We redirect here instead of in handle_login() because Jetpack::init()->build_connect_url
  * calls menu_page_url() which doesn't work properly until admin menus are registered.
  */
 function maybe_authorize_user_after_sso()
 {
     if (empty($_GET['jetpack-sso-auth-redirect'])) {
         return;
     }
     $redirect_to = !empty($_GET['redirect_to']) ? esc_url_raw($_GET['redirect_to']) : admin_url();
     $request_redirect_to = !empty($_GET['request_redirect_to']) ? esc_url_raw($_GET['request_redirect_to']) : $redirect_to;
     /** This filter is documented in core/src/wp-login.php */
     $redirect_after_auth = apply_filters('login_redirect', $redirect_to, $request_redirect_to, wp_get_current_user());
     /**
      * Since we are passing this redirect to WordPress.com and therefore can not use wp_safe_redirect(),
      * let's sanitize it here to make sure it's safe. If the redirect is not safe, then use admin_url().
      */
     $redirect_after_auth = wp_sanitize_redirect($redirect_after_auth);
     $redirect_after_auth = wp_validate_redirect($redirect_after_auth, admin_url());
     /**
      * Return the raw connect URL with our redirect and attribute connection to SSO.
      */
     $connect_url = Jetpack::init()->build_connect_url(true, $redirect_after_auth, 'sso');
     add_filter('allowed_redirect_hosts', array('Jetpack_SSO_Helpers', 'allowed_redirect_hosts'));
     wp_safe_redirect($connect_url);
     exit;
 }
            <p class="step"><a class="button button-large"
                               href="upgrade.php?step=1&amp;backto=<?php 
            echo $goback;
            ?>
"><?php 
            _e('Update WordPress Database');
            ?>
</a>
            </p>
            <?php 
            break;
        case 1:
            wp_upgrade();
            $backto = !empty($_GET['backto']) ? wp_unslash(urldecode($_GET['backto'])) : __get_option('home') . '/';
            $backto = esc_url($backto);
            $backto = wp_validate_redirect($backto, __get_option('home') . '/');
            ?>
            <h2><?php 
            _e('Update Complete');
            ?>
</h2>
            <p><?php 
            _e('Your WordPress database has been successfully updated!');
            ?>
</p>
            <p class="step"><a class="button button-large" href="<?php 
            echo $backto;
            ?>
"><?php 
            _e('Continue');
            ?>
 /**
  * Return the original (real) Return URL
  *
  * @param integer $session_id
  *
  * @return string
  *
  * @since 3.9
  */
 protected function get_original_return_url($session_id)
 {
     $transact_url = get_option('transact_url');
     $transact_url = apply_filters('wpsc_paypal_digital_goods_transact_url', $transact_url);
     $transact_url = apply_filters('wpsc_paypal_express_checkout_transact_url', $transact_url);
     $location = add_query_arg(array('sessionid' => $session_id, 'token' => $_REQUEST['token'], 'PayerID' => $_REQUEST['PayerID'], 'payment_gateway' => 'paypal-digital-goods', 'payment_gateway_callback' => 'confirm_transaction'), $transact_url);
     $location = wp_validate_redirect($location);
     $location = apply_filters('wpsc_paypal_express_checkout_return_url', $location);
     return apply_filters('wpsc_paypal_digital_goods_return_url', $location);
 }
Пример #27
0
 /**
  * Performs a safe (local) redirect, using wp_redirect().
  *
  * Checks whether the $location is using an allowed host, if it has an absolute
  * path. A plugin can therefore set or remove allowed host(s) to or from the
  * list.
  *
  * If the host is not allowed, then the redirect is to wp-admin on the siteurl
  * instead. This prevents malicious redirects which redirect to another host,
  * but only used in a few places.
  *
  * @since 2.3.0
  *
  * @return void Does not return anything
  **/
 function wp_safe_redirect($location, $status = 302)
 {
     // Need to look at the URL the way it will end up in wp_redirect()
     $location = wp_sanitize_redirect($location);
     $location = wp_validate_redirect($location, admin_url());
     wp_redirect($location, $status);
 }
Пример #28
0
 * Customize Controls
 *
 * @package WordPress
 * @subpackage Customize
 * @since 3.4.0
 */
define('IFRAME_REQUEST', true);
require_once './admin.php';
if (!current_user_can('edit_theme_options')) {
    wp_die(__('Cheatin&#8217; uh?'));
}
wp_reset_vars(array('url', 'return'));
$url = urldecode($url);
$url = wp_validate_redirect($url, home_url('/'));
if ($return) {
    $return = wp_validate_redirect(urldecode($return));
}
if (!$return) {
    $return = $url;
}
global $wp_scripts, $wp_customize;
$registered = $wp_scripts->registered;
$wp_scripts = new WP_Scripts();
$wp_scripts->registered = $registered;
add_action('customize_controls_print_scripts', 'print_head_scripts', 20);
add_action('customize_controls_print_footer_scripts', '_wp_footer_scripts');
add_action('customize_controls_print_styles', 'print_admin_styles', 20);
do_action('customize_controls_init');
wp_enqueue_script('customize-controls');
wp_enqueue_style('customize-controls');
do_action('customize_controls_enqueue_scripts');
 /**
  * Set URL to link the user to when closing the Customizer.
  *
  * URL is validated.
  *
  * @since 4.4.0
  * @access public
  *
  * @param string $return_url URL for return link.
  */
 public function set_return_url($return_url)
 {
     $return_url = esc_url_raw($return_url);
     $return_url = remove_query_arg(wp_removable_query_args(), $return_url);
     $return_url = wp_validate_redirect($return_url);
     $this->return_url = $return_url;
 }
 /**
  * Builds preview layout model and dispatches save.
  */
 public function build_preview()
 {
     if (!Upfront_Permissions::current(Upfront_Permissions::SAVE) && !Upfront_Permissions::current(Upfront_Permissions::SAVE_REVISION)) {
         $this->_reject();
     }
     global $post;
     $raw_data = stripslashes_deep($_POST);
     $data = !empty($raw_data['data']) ? $raw_data['data'] : '';
     $current_url = !empty($raw_data['current_url']) ? $raw_data['current_url'] : home_url();
     $current_url = wp_validate_redirect(wp_sanitize_redirect($current_url), false);
     $current_url = $current_url ? $current_url : home_url();
     $layout = Upfront_Layout::from_json($data);
     $layout_id_key = $this->_data->save_revision($layout);
     // Check concurrent edits from other users
     $current_user_id = get_current_user_id();
     $current_others_revisions = $this->_data->get_entity_revisions($layout->get_cascade(), array('date_query' => array(array('after' => "-15 minutes")), 'author__not_in' => array($current_user_id)));
     $concurrent_users = array();
     if (!empty($current_others_revisions)) {
         foreach ($current_others_revisions as $rvsn) {
             if (empty($rvsn->post_author)) {
                 continue;
             }
             $user = get_user_by('id', $rvsn->post_author);
             if (empty($user) || empty($user->ID)) {
                 continue;
             }
             $concurrent_users[$user->ID] = $user->display_name;
         }
     }
     $preview_url = remove_query_arg('editmode', add_query_arg(array(self::HOOK => $layout_id_key), $current_url));
     $this->_out(new Upfront_JsonResponse_Success(array('html' => $preview_url, 'concurrent_users' => $concurrent_users)));
 }