rebase on oct-10-2023
This commit is contained in:
Rachit Bhargava
@@ -267,8 +267,10 @@ if ( ! function_exists( 'wp_mail' ) ) :
|
||||
$headers = array();
|
||||
} else {
|
||||
if ( ! is_array( $headers ) ) {
|
||||
// Explode the headers out, so this function can take
|
||||
// both string headers and an array of headers.
|
||||
/*
|
||||
* Explode the headers out, so this function can take
|
||||
* both string headers and an array of headers.
|
||||
*/
|
||||
$tempheaders = explode( "\n", str_replace( "\r\n", "\n", $headers ) );
|
||||
} else {
|
||||
$tempheaders = $headers;
|
||||
@@ -279,7 +281,7 @@ if ( ! function_exists( 'wp_mail' ) ) :
|
||||
if ( ! empty( $tempheaders ) ) {
|
||||
// Iterate through the raw headers.
|
||||
foreach ( (array) $tempheaders as $header ) {
|
||||
if ( strpos( $header, ':' ) === false ) {
|
||||
if ( ! str_contains( $header, ':' ) ) {
|
||||
if ( false !== stripos( $header, 'boundary=' ) ) {
|
||||
$parts = preg_split( '/boundary=/i', trim( $header ) );
|
||||
$boundary = trim( str_replace( array( "'", '"' ), '', $parts[1] ) );
|
||||
@@ -315,7 +317,7 @@ if ( ! function_exists( 'wp_mail' ) ) :
|
||||
}
|
||||
break;
|
||||
case 'content-type':
|
||||
if ( strpos( $content, ';' ) !== false ) {
|
||||
if ( str_contains( $content, ';' ) ) {
|
||||
list( $type, $charset_content ) = explode( ';', $content );
|
||||
$content_type = trim( $type );
|
||||
if ( false !== stripos( $charset_content, 'charset=' ) ) {
|
||||
@@ -376,7 +378,7 @@ if ( ! function_exists( 'wp_mail' ) ) :
|
||||
$from_email = 'wordpress@';
|
||||
|
||||
if ( null !== $sitename ) {
|
||||
if ( 'www.' === substr( $sitename, 0, 4 ) ) {
|
||||
if ( str_starts_with( $sitename, 'www.' ) ) {
|
||||
$sitename = substr( $sitename, 4 );
|
||||
}
|
||||
|
||||
@@ -432,7 +434,7 @@ if ( ! function_exists( 'wp_mail' ) ) :
|
||||
$recipient_name = '';
|
||||
|
||||
if ( preg_match( '/(.*)<(.+)>/', $address, $matches ) ) {
|
||||
if ( count( $matches ) == 3 ) {
|
||||
if ( count( $matches ) === 3 ) {
|
||||
$recipient_name = $matches[1];
|
||||
$address = $matches[2];
|
||||
}
|
||||
@@ -616,8 +618,10 @@ if ( ! function_exists( 'wp_authenticate' ) ) :
|
||||
$user = apply_filters( 'authenticate', null, $username, $password );
|
||||
|
||||
if ( null == $user ) {
|
||||
// TODO: What should the error message be? (Or would these even happen?)
|
||||
// Only needed if all authentication handlers fail to return anything.
|
||||
/*
|
||||
* TODO: What should the error message be? (Or would these even happen?)
|
||||
* Only needed if all authentication handlers fail to return anything.
|
||||
*/
|
||||
$user = new WP_Error( 'authentication_failed', __( '<strong>Error:</strong> Invalid username, email address or incorrect password.' ) );
|
||||
}
|
||||
|
||||
@@ -1186,8 +1190,8 @@ if ( ! function_exists( 'auth_redirect' ) ) :
|
||||
$secure = apply_filters( 'secure_auth_redirect', $secure );
|
||||
|
||||
// If https is required and request is http, redirect.
|
||||
if ( $secure && ! is_ssl() && false !== strpos( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) {
|
||||
if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) {
|
||||
if ( $secure && ! is_ssl() && str_contains( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) {
|
||||
if ( str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) {
|
||||
wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
|
||||
exit;
|
||||
} else {
|
||||
@@ -1217,8 +1221,8 @@ if ( ! function_exists( 'auth_redirect' ) ) :
|
||||
do_action( 'auth_redirect', $user_id );
|
||||
|
||||
// If the user wants ssl but the session is not ssl, redirect.
|
||||
if ( ! $secure && get_user_option( 'use_ssl', $user_id ) && false !== strpos( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) {
|
||||
if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) {
|
||||
if ( ! $secure && get_user_option( 'use_ssl', $user_id ) && str_contains( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) {
|
||||
if ( str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) {
|
||||
wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
|
||||
exit;
|
||||
} else {
|
||||
@@ -1233,7 +1237,11 @@ if ( ! function_exists( 'auth_redirect' ) ) :
|
||||
// The cookie is no good, so force login.
|
||||
nocache_headers();
|
||||
|
||||
$redirect = ( strpos( $_SERVER['REQUEST_URI'], '/options.php' ) && wp_get_referer() ) ? wp_get_referer() : set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
|
||||
if ( str_contains( $_SERVER['REQUEST_URI'], '/options.php' ) && wp_get_referer() ) {
|
||||
$redirect = wp_get_referer();
|
||||
} else {
|
||||
$redirect = set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
|
||||
}
|
||||
|
||||
$login_url = wp_login_url( $redirect, true );
|
||||
|
||||
@@ -1281,7 +1289,7 @@ if ( ! function_exists( 'check_admin_referer' ) ) :
|
||||
*/
|
||||
do_action( 'check_admin_referer', $action, $result );
|
||||
|
||||
if ( ! $result && ! ( -1 === $action && strpos( $referer, $adminurl ) === 0 ) ) {
|
||||
if ( ! $result && ! ( -1 === $action && str_starts_with( $referer, $adminurl ) ) ) {
|
||||
wp_nonce_ays( $action );
|
||||
die();
|
||||
}
|
||||
@@ -1557,12 +1565,14 @@ if ( ! function_exists( 'wp_validate_redirect' ) ) :
|
||||
function wp_validate_redirect( $location, $fallback_url = '' ) {
|
||||
$location = wp_sanitize_redirect( trim( $location, " \t\n\r\0\x08\x0B" ) );
|
||||
// Browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'.
|
||||
if ( '//' === substr( $location, 0, 2 ) ) {
|
||||
if ( str_starts_with( $location, '//' ) ) {
|
||||
$location = 'http:' . $location;
|
||||
}
|
||||
|
||||
// In PHP 5 parse_url() may fail if the URL query part contains 'http://'.
|
||||
// See https://bugs.php.net/bug.php?id=38143
|
||||
/*
|
||||
* In PHP 5 parse_url() may fail if the URL query part contains 'http://'.
|
||||
* See https://bugs.php.net/bug.php?id=38143
|
||||
*/
|
||||
$cut = strpos( $location, '?' );
|
||||
$test = $cut ? substr( $location, 0, $cut ) : $location;
|
||||
|
||||
@@ -1587,8 +1597,10 @@ if ( ! function_exists( 'wp_validate_redirect' ) ) :
|
||||
$location = '/' . ltrim( $path . '/', '/' ) . $location;
|
||||
}
|
||||
|
||||
// Reject if certain components are set but host is not.
|
||||
// This catches URLs like https:host.com for which parse_url() does not set the host field.
|
||||
/*
|
||||
* Reject if certain components are set but host is not.
|
||||
* This catches URLs like https:host.com for which parse_url() does not set the host field.
|
||||
*/
|
||||
if ( ! isset( $lp['host'] ) && ( isset( $lp['scheme'] ) || isset( $lp['user'] ) || isset( $lp['pass'] ) || isset( $lp['port'] ) ) ) {
|
||||
return $fallback_url;
|
||||
}
|
||||
@@ -1714,8 +1726,10 @@ if ( ! function_exists( 'wp_notify_postauthor' ) ) :
|
||||
$comment_author_domain = gethostbyaddr( $comment->comment_author_IP );
|
||||
}
|
||||
|
||||
// The blogname option is escaped with esc_html() on the way into the database in sanitize_option().
|
||||
// We want to reverse this for the plain text arena of emails.
|
||||
/*
|
||||
* The blogname option is escaped with esc_html() on the way into the database in sanitize_option().
|
||||
* We want to reverse this for the plain text arena of emails.
|
||||
*/
|
||||
$blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
|
||||
$comment_content = wp_specialchars_decode( $comment->comment_content );
|
||||
|
||||
@@ -1903,8 +1917,10 @@ if ( ! function_exists( 'wp_notify_moderator' ) ) :
|
||||
|
||||
$comments_waiting = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_approved = '0'" );
|
||||
|
||||
// The blogname option is escaped with esc_html() on the way into the database in sanitize_option().
|
||||
// We want to reverse this for the plain text arena of emails.
|
||||
/*
|
||||
* The blogname option is escaped with esc_html() on the way into the database in sanitize_option().
|
||||
* We want to reverse this for the plain text arena of emails.
|
||||
*/
|
||||
$blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
|
||||
$comment_content = wp_specialchars_decode( $comment->comment_content );
|
||||
|
||||
@@ -2042,13 +2058,17 @@ if ( ! function_exists( 'wp_password_change_notification' ) ) :
|
||||
* @param WP_User $user User object.
|
||||
*/
|
||||
function wp_password_change_notification( $user ) {
|
||||
// Send a copy of password change notification to the admin,
|
||||
// but check to see if it's the admin whose password we're changing, and skip this.
|
||||
/*
|
||||
* Send a copy of password change notification to the admin,
|
||||
* but check to see if it's the admin whose password we're changing, and skip this.
|
||||
*/
|
||||
if ( 0 !== strcasecmp( $user->user_email, get_option( 'admin_email' ) ) ) {
|
||||
/* translators: %s: User name. */
|
||||
$message = sprintf( __( 'Password changed for user: %s' ), $user->user_login ) . "\r\n";
|
||||
// The blogname option is escaped with esc_html() on the way into the database in sanitize_option().
|
||||
// We want to reverse this for the plain text arena of emails.
|
||||
/*
|
||||
* The blogname option is escaped with esc_html() on the way into the database in sanitize_option().
|
||||
* We want to reverse this for the plain text arena of emails.
|
||||
*/
|
||||
$blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
|
||||
|
||||
$wp_password_change_notification_email = array(
|
||||
@@ -2115,8 +2135,10 @@ if ( ! function_exists( 'wp_new_user_notification' ) ) :
|
||||
|
||||
$user = get_userdata( $user_id );
|
||||
|
||||
// The blogname option is escaped with esc_html() on the way into the database in sanitize_option().
|
||||
// We want to reverse this for the plain text arena of emails.
|
||||
/*
|
||||
* The blogname option is escaped with esc_html() on the way into the database in sanitize_option().
|
||||
* We want to reverse this for the plain text arena of emails.
|
||||
*/
|
||||
$blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
|
||||
|
||||
/**
|
||||
@@ -2359,7 +2381,7 @@ if ( ! function_exists( 'wp_create_nonce' ) ) :
|
||||
$uid = apply_filters( 'nonce_user_logged_out', $uid, $action );
|
||||
}
|
||||
|
||||
$token = wp_get_session_token( $action );
|
||||
$token = wp_get_session_token();
|
||||
$i = wp_nonce_tick( $action );
|
||||
|
||||
return substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
|
||||
@@ -2572,8 +2594,10 @@ if ( ! function_exists( 'wp_check_password' ) ) :
|
||||
return apply_filters( 'check_password', $check, $password, $hash, $user_id );
|
||||
}
|
||||
|
||||
// If the stored hash is longer than an MD5,
|
||||
// presume the new style phpass portable hash.
|
||||
/*
|
||||
* If the stored hash is longer than an MD5,
|
||||
* presume the new style phpass portable hash.
|
||||
*/
|
||||
if ( empty( $wp_hasher ) ) {
|
||||
require_once ABSPATH . WPINC . '/class-phpass.php';
|
||||
// By default, use the portable hash from phpass.
|
||||
@@ -2651,8 +2675,10 @@ if ( ! function_exists( 'wp_rand' ) ) :
|
||||
function wp_rand( $min = null, $max = null ) {
|
||||
global $rnd_value;
|
||||
|
||||
// Some misconfigured 32-bit environments (Entropy PHP, for example)
|
||||
// truncate integers larger than PHP_INT_MAX to PHP_INT_MAX rather than overflowing them to floats.
|
||||
/*
|
||||
* Some misconfigured 32-bit environments (Entropy PHP, for example)
|
||||
* truncate integers larger than PHP_INT_MAX to PHP_INT_MAX rather than overflowing them to floats.
|
||||
*/
|
||||
$max_random_number = 3000000000 === 2147483647 ? (float) '4294967295' : 4294967295; // 4294967295 = 0xffffffff
|
||||
|
||||
if ( null === $min ) {
|
||||
@@ -2687,8 +2713,10 @@ if ( ! function_exists( 'wp_rand' ) ) :
|
||||
}
|
||||
}
|
||||
|
||||
// Reset $rnd_value after 14 uses.
|
||||
// 32 (md5) + 40 (sha1) + 40 (sha1) / 8 = 14 random numbers from $rnd_value.
|
||||
/*
|
||||
* Reset $rnd_value after 14 uses.
|
||||
* 32 (md5) + 40 (sha1) + 40 (sha1) / 8 = 14 random numbers from $rnd_value.
|
||||
*/
|
||||
if ( strlen( $rnd_value ) < 8 ) {
|
||||
if ( defined( 'WP_SETUP_CONFIG' ) ) {
|
||||
static $seed = '';
|
||||
@@ -2815,14 +2843,11 @@ if ( ! function_exists( 'get_avatar' ) ) :
|
||||
'class' => null,
|
||||
'force_display' => false,
|
||||
'loading' => null,
|
||||
'fetchpriority' => null,
|
||||
'extra_attr' => '',
|
||||
'decoding' => 'async',
|
||||
);
|
||||
|
||||
if ( wp_lazy_loading_enabled( 'img', 'get_avatar' ) ) {
|
||||
$defaults['loading'] = wp_get_loading_attr_default( 'get_avatar' );
|
||||
}
|
||||
|
||||
if ( empty( $args ) ) {
|
||||
$args = array();
|
||||
}
|
||||
@@ -2840,6 +2865,11 @@ if ( ! function_exists( 'get_avatar' ) ) :
|
||||
$args['width'] = $args['size'];
|
||||
}
|
||||
|
||||
// Update args with loading optimized attributes.
|
||||
$loading_optimization_attr = wp_get_loading_optimization_attributes( 'img', $args, 'get_avatar' );
|
||||
|
||||
$args = array_merge( $args, $loading_optimization_attr );
|
||||
|
||||
if ( is_object( $id_or_email ) && isset( $id_or_email->comment_ID ) ) {
|
||||
$id_or_email = get_comment( $id_or_email );
|
||||
}
|
||||
@@ -2892,7 +2922,7 @@ if ( ! function_exists( 'get_avatar' ) ) :
|
||||
}
|
||||
}
|
||||
|
||||
// Add `loading` and `decoding` attributes.
|
||||
// Add `loading`, `fetchpriority` and `decoding` attributes.
|
||||
$extra_attr = $args['extra_attr'];
|
||||
|
||||
if ( in_array( $args['loading'], array( 'lazy', 'eager' ), true )
|
||||
@@ -2915,6 +2945,17 @@ if ( ! function_exists( 'get_avatar' ) ) :
|
||||
$extra_attr .= "decoding='{$args['decoding']}'";
|
||||
}
|
||||
|
||||
// Add support for `fetchpriority`.
|
||||
if ( in_array( $args['fetchpriority'], array( 'high', 'low', 'auto' ), true )
|
||||
&& ! preg_match( '/\bfetchpriority\s*=/', $extra_attr )
|
||||
) {
|
||||
if ( ! empty( $extra_attr ) ) {
|
||||
$extra_attr .= ' ';
|
||||
}
|
||||
|
||||
$extra_attr .= "fetchpriority='{$args['fetchpriority']}'";
|
||||
}
|
||||
|
||||
$avatar = sprintf(
|
||||
"<img alt='%s' src='%s' srcset='%s' class='%s' height='%d' width='%d' %s/>",
|
||||
esc_attr( $args['alt'] ),
|
||||
|
||||
Reference in New Issue
Block a user