From f0ab4402339927d0bbab367ca95feca91b28dc9b Mon Sep 17 00:00:00 2001 From: runas24 <166917824+runas24@users.noreply.github.com> Date: Wed, 17 Apr 2024 16:36:32 +0500 Subject: [PATCH] Add files via upload --- index.php | 17 + license.txt | 384 ++++++++++ readme.html | 97 +++ wp-activate.php | 218 ++++++ wp-blog-header.php | 21 + wp-comments-post.php | 81 +++ wp-config-sample.php | 95 +++ wp-cron.php | 205 ++++++ wp-links-opml.php | 98 +++ wp-load.php | 105 +++ wp-login.php | 1637 ++++++++++++++++++++++++++++++++++++++++++ wp-mail.php | 268 +++++++ wp-settings.php | 717 ++++++++++++++++++ wp-signup.php | 1046 +++++++++++++++++++++++++++ wp-trackback.php | 171 +++++ xmlrpc.php | 108 +++ 16 files changed, 5268 insertions(+) create mode 100644 index.php create mode 100644 license.txt create mode 100644 readme.html create mode 100644 wp-activate.php create mode 100644 wp-blog-header.php create mode 100644 wp-comments-post.php create mode 100644 wp-config-sample.php create mode 100644 wp-cron.php create mode 100644 wp-links-opml.php create mode 100644 wp-load.php create mode 100644 wp-login.php create mode 100644 wp-mail.php create mode 100644 wp-settings.php create mode 100644 wp-signup.php create mode 100644 wp-trackback.php create mode 100644 xmlrpc.php diff --git a/index.php b/index.php new file mode 100644 index 0000000..cc2a532 --- /dev/null +++ b/index.php @@ -0,0 +1,17 @@ + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. + +WRITTEN OFFER + +The source code for any program binaries or compressed scripts that are +included with WordPress can be freely obtained at the following URL: + + https://wordpress.org/download/source/ diff --git a/readme.html b/readme.html new file mode 100644 index 0000000..63341cb --- /dev/null +++ b/readme.html @@ -0,0 +1,97 @@ + + + + + + WordPress › ReadMe + + + +

+ WordPress +

+

Ваша собственная платформа для публикаций

+ +

Сначала главное

+

Добро пожаловать. WordPress для меня — очень особенный проект. Каждый разработчик и участник добавляет что-то своё, вместе мы создаём нечто прекрасное, и мне очень приятно быть частью этого. На WordPress ушли тысячи часов, и каждый день мы посвящаем его совершенствованию. Спасибо вам за то, что сделали его частью своего мира.

+

— Мэтт Мулленвег

+ +

Установка: Знаменитая 5-минутная установка

+
    +
  1. Разархивируйте пакет в пустой каталог и загрузите на сервер.
    2. +
  2. Откройте wp-admin/install.php в вашем браузере. Этот скрипт поможет вам создать файл wp-config.php с параметрами доступа к вашей базе данных. +
      +
    1. Если по какой-то причине автоматическая установка не удалась, не волнуйтесь. Она может работать не на всех серверах. Откройте wp-config-sample.php в текстовом редакторе наподобие WordPad и заполните параметры доступа к вашей базе данных.
      2. +
    2. Сохраните файл под именем wp-config.php и загрузите на сервер.
      3. +
    3. Откройте wp-admin/install.php в вашем браузере.
      4. +
    +
    3. +
  3. Как только файл конфигурации будет создан, скрипт установки создаст таблицы, необходимые для вашего сайта. Если произошла ошибка, перепроверьте ваш файл wp-config.php и попробуйте ещё раз. Если снова не удалось, обратитесь на форум поддержки WordPress с как можно большим количеством собранной информации.
    4. +
  4. Если вы не вводили пароль, запомните тот, который вам выдан. Если вы не вводили логин, им будет admin.
    5. +
  5. Скрипт установки перенаправит вас на страницу входа. Войдите с логином и паролем, выбранными во время установки. Если пароль был создан автоматически, можно перейти на страницу «Профиль», чтобы сменить его.
    6. +
+ +

Обновление

+

Автоматическое обновление

+
    +
  1. Откройте wp-admin/update-core.php в вашем браузере и следуйте указаниям.
    2. +
  2. Вы ожидали большего? Это всё!
    3. +
+ +

Обновление вручную

+
    +
  1. Перед обновлением чего-либо убедитесь, что у вас есть резервная копия всех файлов, которые могли быть вами изменены, таких как index.php.
    2. +
  2. Удалите ваши старые файлы WP, сохранив изменённые.
    3. +
  3. Загрузите новые файлы.
    4. +
  4. Откройте в браузере /wp-admin/upgrade.php.
    5. +
+ +

Переход с других систем

+

WordPress может импортировать содержимое из некоторых систем. Сначала нужно установить и запустить WordPress, как описано выше, затем использовать наши инструменты для импорта.

+ +

Системные требования

+
    +
  • PHP версии 7.0 или выше.
    • +
  • MySQL версии 5.5.5 или выше.
    • +
+ +

Рекомендации

+
    +
  • PHP версии 7.4 или выше.
    • +
  • MySQL версии 8.0 или выше, либо MariaDB версии 10.4 или выше.
    • +
  • Модуль Apache mod_rewrite.
    • +
  • Поддержка HTTPS.
    • +
  • Ссылка на wordpress.org c вашего сайта.
    • +
+ +

Сетевые ресурсы

+

Если у вас есть любые вопросы, не касающиеся этого документа, воспользуйтесь многочисленными сетевыми ресурсами:

+
+
Поддержка WordPress
+
HelpHub — это энциклопедия всего, что касается WordPress. Это наиболее полный источник информации о WordPress.
+
Блог WordPress
+
Здесь вы можете найти последние обновления и новости из мира WordPress. Свежие новости о WordPress по умолчанию появляются в вашей панели управления.
+
Планета WordPress
+
Планета WordPress — это новостной агрегатор, собирающий записи с блогов, посвящённых WordPress, по всему миру.
+
Форумы поддержки
+
Если вы смотрели везде и не нашли ответа, на форумах поддержки есть большое и очень активное сообщество людей, готовых оказать помощь. Чтобы вам могли помочь, используйте информативный заголовок сообщения и сформулируйте свой вопрос максимально подробно.
+
IRC-канал (Internet Relay Chat) WordPress
+
Существует канал онлайн-чата, который применяется для обсуждения среди людей, использующих WordPress, и иногда для поддержки. Страница по ссылке выше поможет вам попасть туда. (irc.libera.chat #wordpress)
+
+ +

Последние замечания

+
    +
  • Если у вас есть любые предложения, идеи или комментарии, либо вы (тяжёлый вздох!) нашли ошибку, присоединяйтесь к нам на форуме поддержки.
    • +
  • В WordPress имеется удобный API (Application Programming Interface) для плагинов, что позволяет легко расширять код. Если вас это интересует как разработчика, смотрите справочник разработчика плагинов. Файлы ядра лучше не редактировать.
    • +
+ +

Поделитесь любовью

+

WordPress не имеет ни многомиллионной рекламной кампании, ни известных спонсоров, но у нас есть кое-что получше — вы. Если вам нравится WordPress, расскажите о нём друзьям, установите его им, поделитесь знаниями или предложите авторам статей в СМИ обратить на нас внимание.

+ +

WordPress — это официальное продолжение системы b2/cafélog, написанной Майклом В. Работа была продолжена разработчиками WordPress. Если вы хотите поддержать WordPress — пожалуйста, рассмотрите вариант пожертвования.

+ +

Лицензия

+

WordPress бесплатен и опубликован под лицензией GPL (GNU General Public License) версии 2 или (на ваше усмотрение) более поздней. См. license.txt.

+ + + diff --git a/wp-activate.php b/wp-activate.php new file mode 100644 index 0000000..5dc6023 --- /dev/null +++ b/wp-activate.php @@ -0,0 +1,218 @@ +get_error_code() ) ) { + status_header( 404 ); +} elseif ( is_wp_error( $result ) ) { + $error_code = $result->get_error_code(); + + if ( ! in_array( $error_code, $valid_error_codes, true ) ) { + status_header( 400 ); + } +} + +nocache_headers(); + +if ( is_object( $wp_object_cache ) ) { + $wp_object_cache->cache_enabled = false; +} + +// Fix for page title. +$wp_query->is_404 = false; + +/** + * Fires before the Site Activation page is loaded. + * + * @since 3.0.0 + */ +do_action( 'activate_header' ); + +/** + * Adds an action hook specific to this page. + * + * Fires on {@see 'wp_head'}. + * + * @since MU (3.0.0) + */ +function do_activate_header() { + /** + * Fires within the `` section of the Site Activation page. + * + * Fires on the {@see 'wp_head'} action. + * + * @since 3.0.0 + */ + do_action( 'activate_wp_head' ); +} +add_action( 'wp_head', 'do_activate_header' ); + +/** + * Loads styles specific to this page. + * + * @since MU (3.0.0) + */ +function wpmu_activate_stylesheet() { + ?> + + + +
+
+ + +

+
+

+ +
+

+

+ +

+
+ + get_error_code(), $valid_error_codes, true ) ) { + $signup = $result->get_error_data(); + ?> +

+ '; + if ( '' === $signup->domain . $signup->path ) { + printf( + /* translators: 1: Login URL, 2: Username, 3: User email address, 4: Lost password URL. */ + __( 'Your account has been activated. You may now log in to the site using your chosen username of “%2$s”. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can reset your password.' ), + esc_url( network_site_url( $blog_details->path . 'wp-login.php', 'login' ) ), + esc_html( $signup->user_login ), + esc_html( $signup->user_email ), + esc_url( wp_lostpassword_url() ) + ); + } else { + printf( + /* translators: 1: Site URL, 2: Username, 3: User email address, 4: Lost password URL. */ + __( 'Your site at %1$s is active. You may now log in to your site using your chosen username of “%2$s”. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can reset your password.' ), + sprintf( '%1$s', esc_url( $signup->domain . $blog_details->path ) ), + esc_html( $signup->user_login ), + esc_html( $signup->user_email ), + esc_url( wp_lostpassword_url() ) + ); + } + echo '

'; + } elseif ( null === $result || is_wp_error( $result ) ) { + ?> +

+ +

get_error_message() ); ?>

+ + +

+ +
+

user_login ); ?>

+

+
+ + +

+ View your site or Log in' ), esc_url( $url ), esc_url( $login_url ) ); + ?> +

+ +

+ Log in or go back to the homepage.' ), + esc_url( network_site_url( $blog_details->path . 'wp-login.php', 'login' ) ), + esc_url( network_home_url( $blog_details->path ) ) + ); + ?> +

+ +
+
+get_error_data(); + if ( ! empty( $data ) ) { + wp_die( + '

' . $comment->get_error_message() . '

', + __( 'Comment Submission Failure' ), + array( + 'response' => $data, + 'back_link' => true, + ) + ); + } else { + exit; + } +} + +$user = wp_get_current_user(); +$cookies_consent = ( isset( $_POST['wp-comment-cookies-consent'] ) ); + +/** + * Fires after comment cookies are set. + * + * @since 3.4.0 + * @since 4.9.6 The `$cookies_consent` parameter was added. + * + * @param WP_Comment $comment Comment object. + * @param WP_User $user Comment author's user object. The user may not exist. + * @param bool $cookies_consent Comment author's consent to store cookies. + */ +do_action( 'set_comment_cookies', $comment, $user, $cookies_consent ); + +$location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID; + +// If user didn't consent to cookies, add specific query arguments to display the awaiting moderation message. +if ( ! $cookies_consent && 'unapproved' === wp_get_comment_status( $comment ) && ! empty( $comment->comment_author_email ) ) { + $location = add_query_arg( + array( + 'unapproved' => $comment->comment_ID, + 'moderation-hash' => wp_hash( $comment->comment_date_gmt ), + ), + $location + ); +} + +/** + * Filters the location URI to send the commenter after posting. + * + * @since 2.0.5 + * + * @param string $location The 'redirect_to' URI sent via $_POST. + * @param WP_Comment $comment Comment object. + */ +$location = apply_filters( 'comment_post_redirect', $location, $comment ); + +wp_safe_redirect( $location ); +exit; diff --git a/wp-config-sample.php b/wp-config-sample.php new file mode 100644 index 0000000..613fce6 --- /dev/null +++ b/wp-config-sample.php @@ -0,0 +1,95 @@ += 70016 && function_exists( 'fastcgi_finish_request' ) ) { + fastcgi_finish_request(); +} elseif ( function_exists( 'litespeed_finish_request' ) ) { + litespeed_finish_request(); +} + +if ( ! empty( $_POST ) || defined( 'DOING_AJAX' ) || defined( 'DOING_CRON' ) ) { + die(); +} + +/** + * Tell WordPress the cron task is running. + * + * @var bool + */ +define( 'DOING_CRON', true ); + +if ( ! defined( 'ABSPATH' ) ) { + /** Set up WordPress environment */ + require_once __DIR__ . '/wp-load.php'; +} + +// Attempt to raise the PHP memory limit for cron event processing. +wp_raise_memory_limit( 'cron' ); + +/** + * Retrieves the cron lock. + * + * Returns the uncached `doing_cron` transient. + * + * @ignore + * @since 3.3.0 + * + * @global wpdb $wpdb WordPress database abstraction object. + * + * @return string|int|false Value of the `doing_cron` transient, 0|false otherwise. + */ +function _get_cron_lock() { + global $wpdb; + + $value = 0; + if ( wp_using_ext_object_cache() ) { + /* + * Skip local cache and force re-fetch of doing_cron transient + * in case another process updated the cache. + */ + $value = wp_cache_get( 'doing_cron', 'transient', true ); + } else { + $row = $wpdb->get_row( $wpdb->prepare( "SELECT option_value FROM $wpdb->options WHERE option_name = %s LIMIT 1", '_transient_doing_cron' ) ); + if ( is_object( $row ) ) { + $value = $row->option_value; + } + } + + return $value; +} + +$crons = wp_get_ready_cron_jobs(); +if ( empty( $crons ) ) { + die(); +} + +$gmt_time = microtime( true ); + +// The cron lock: a unix timestamp from when the cron was spawned. +$doing_cron_transient = get_transient( 'doing_cron' ); + +// Use global $doing_wp_cron lock, otherwise use the GET lock. If no lock, try to grab a new lock. +if ( empty( $doing_wp_cron ) ) { + if ( empty( $_GET['doing_wp_cron'] ) ) { + // Called from external script/job. Try setting a lock. + if ( $doing_cron_transient && ( $doing_cron_transient + WP_CRON_LOCK_TIMEOUT > $gmt_time ) ) { + return; + } + $doing_wp_cron = sprintf( '%.22F', microtime( true ) ); + $doing_cron_transient = $doing_wp_cron; + set_transient( 'doing_cron', $doing_wp_cron ); + } else { + $doing_wp_cron = $_GET['doing_wp_cron']; + } +} + +/* + * The cron lock (a unix timestamp set when the cron was spawned), + * must match $doing_wp_cron (the "key"). + */ +if ( $doing_cron_transient !== $doing_wp_cron ) { + return; +} + +foreach ( $crons as $timestamp => $cronhooks ) { + if ( $timestamp > $gmt_time ) { + break; + } + + foreach ( $cronhooks as $hook => $keys ) { + + foreach ( $keys as $k => $v ) { + + $schedule = $v['schedule']; + + if ( $schedule ) { + $result = wp_reschedule_event( $timestamp, $schedule, $hook, $v['args'], true ); + + if ( is_wp_error( $result ) ) { + error_log( + sprintf( + /* translators: 1: Hook name, 2: Error code, 3: Error message, 4: Event data. */ + __( 'Cron reschedule event error for hook: %1$s, Error code: %2$s, Error message: %3$s, Data: %4$s' ), + $hook, + $result->get_error_code(), + $result->get_error_message(), + wp_json_encode( $v ) + ) + ); + + /** + * Fires when an error happens rescheduling a cron event. + * + * @since 6.1.0 + * + * @param WP_Error $result The WP_Error object. + * @param string $hook Action hook to execute when the event is run. + * @param array $v Event data. + */ + do_action( 'cron_reschedule_event_error', $result, $hook, $v ); + } + } + + $result = wp_unschedule_event( $timestamp, $hook, $v['args'], true ); + + if ( is_wp_error( $result ) ) { + error_log( + sprintf( + /* translators: 1: Hook name, 2: Error code, 3: Error message, 4: Event data. */ + __( 'Cron unschedule event error for hook: %1$s, Error code: %2$s, Error message: %3$s, Data: %4$s' ), + $hook, + $result->get_error_code(), + $result->get_error_message(), + wp_json_encode( $v ) + ) + ); + + /** + * Fires when an error happens unscheduling a cron event. + * + * @since 6.1.0 + * + * @param WP_Error $result The WP_Error object. + * @param string $hook Action hook to execute when the event is run. + * @param array $v Event data. + */ + do_action( 'cron_unschedule_event_error', $result, $hook, $v ); + } + + /** + * Fires scheduled events. + * + * @ignore + * @since 2.1.0 + * + * @param string $hook Name of the hook that was scheduled to be fired. + * @param array $args The arguments to be passed to the hook. + */ + do_action_ref_array( $hook, $v['args'] ); + + // If the hook ran too long and another cron process stole the lock, quit. + if ( _get_cron_lock() !== $doing_wp_cron ) { + return; + } + } + } +} + +if ( _get_cron_lock() === $doing_wp_cron ) { + delete_transient( 'doing_cron' ); +} + +die(); diff --git a/wp-links-opml.php b/wp-links-opml.php new file mode 100644 index 0000000..746c287 --- /dev/null +++ b/wp-links-opml.php @@ -0,0 +1,98 @@ +\n"; +?> + + + + <?php + /* translators: %s: Site title. */ + printf( __( 'Links for %s' ), esc_attr( get_bloginfo( 'name', 'display' ) ) ); + ?> + + GMT + + + + 'link_category', + 'hierarchical' => 0, + ) + ); +} else { + $cats = get_categories( + array( + 'taxonomy' => 'link_category', + 'hierarchical' => 0, + 'include' => $link_cat, + ) + ); +} + +foreach ( (array) $cats as $cat ) : + /** This filter is documented in wp-includes/bookmark-template.php */ + $catname = apply_filters( 'link_category', $cat->name ); + + ?> + + $cat->term_id ) ); + foreach ( (array) $bookmarks as $bookmark ) : + /** + * Filters the OPML outline link title text. + * + * @since 2.2.0 + * + * @param string $title The OPML outline title text. + */ + $title = apply_filters( 'link_title', $bookmark->link_name ); + ?> + + + + + + diff --git a/wp-load.php b/wp-load.php new file mode 100644 index 0000000..d3787d1 --- /dev/null +++ b/wp-load.php @@ -0,0 +1,105 @@ +' . sprintf( + /* translators: %s: wp-config.php */ + __( "There doesn't seem to be a %s file. It is needed before the installation can continue." ), + 'wp-config.php' + ) . '

'; + $die .= '

' . sprintf( + /* translators: 1: Documentation URL, 2: wp-config.php */ + __( 'Need more help? Read the support article on %2$s.' ), + __( 'https://wordpress.org/documentation/article/editing-wp-config-php/' ), + 'wp-config.php' + ) . '

'; + $die .= '

' . sprintf( + /* translators: %s: wp-config.php */ + __( "You can create a %s file through a web interface, but this doesn't work for all server setups. The safest way is to manually create the file." ), + 'wp-config.php' + ) . '

'; + $die .= '

' . __( 'Create a Configuration File' ) . '

'; + + wp_die( $die, __( 'WordPress › Error' ) ); +} diff --git a/wp-login.php b/wp-login.php new file mode 100644 index 0000000..9eeac4a --- /dev/null +++ b/wp-login.php @@ -0,0 +1,1637 @@ +` element. + * Default 'Log In'. + * @param string $message Optional. Message to display in header. Default empty. + * @param WP_Error $wp_error Optional. The error to pass. Default is a WP_Error instance. + */ +function login_header( $title = 'Log In', $message = '', $wp_error = null ) { + global $error, $interim_login, $action; + + // Don't index any of these forms. + add_filter( 'wp_robots', 'wp_robots_sensitive_page' ); + add_action( 'login_head', 'wp_strict_cross_origin_referrer' ); + + add_action( 'login_head', 'wp_login_viewport_meta' ); + + if ( ! is_wp_error( $wp_error ) ) { + $wp_error = new WP_Error(); + } + + // Shake it! + $shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password', 'retrieve_password_email_failure' ); + /** + * Filters the error codes array for shaking the login form. + * + * @since 3.0.0 + * + * @param string[] $shake_error_codes Error codes that shake the login form. + */ + $shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes ); + + if ( $shake_error_codes && $wp_error->has_errors() && in_array( $wp_error->get_error_code(), $shake_error_codes, true ) ) { + add_action( 'login_footer', 'wp_shake_js', 12 ); + } + + $login_title = get_bloginfo( 'name', 'display' ); + + /* translators: Login screen title. 1: Login screen name, 2: Network or site name. */ + $login_title = sprintf( __( '%1$s ‹ %2$s — WordPress' ), $title, $login_title ); + + if ( wp_is_recovery_mode() ) { + /* translators: %s: Login screen title. */ + $login_title = sprintf( __( 'Recovery Mode — %s' ), $login_title ); + } + + /** + * Filters the title tag content for login page. + * + * @since 4.9.0 + * + * @param string $login_title The page title, with extra context added. + * @param string $title The original page title. + */ + $login_title = apply_filters( 'login_title', $login_title, $title ); + + ?> + > + + + <?php echo $login_title; ?> + get_error_code() ) { + ob_start(); + ?> + + + + + + + + + +
+

+ add( 'error', $error ); + unset( $error ); + } + + if ( $wp_error->has_errors() ) { + $error_list = array(); + $messages = ''; + + foreach ( $wp_error->get_error_codes() as $code ) { + $severity = $wp_error->get_error_data( $code ); + foreach ( $wp_error->get_error_messages( $code ) as $error_message ) { + if ( 'message' === $severity ) { + $messages .= '

' . $error_message . '

'; + } else { + $error_list[] = $error_message; + } + } + } + + if ( ! empty( $error_list ) ) { + $errors = ''; + + if ( count( $error_list ) > 1 ) { + $errors .= '
    '; + + foreach ( $error_list as $item ) { + $errors .= '
  • ' . $item . '
    • '; + } + + $errors .= '
'; + } else { + $errors .= '

' . $error_list[0] . '

'; + } + + /** + * Filters the error messages displayed above the login form. + * + * @since 2.1.0 + * + * @param string $errors Login error messages. + */ + $errors = apply_filters( 'login_errors', $errors ); + + wp_admin_notice( + $errors, + array( + 'type' => 'error', + 'id' => 'login_error', + 'paragraph_wrap' => false, + ) + ); + } + + if ( ! empty( $messages ) ) { + /** + * Filters instructional messages displayed above the login form. + * + * @since 2.5.0 + * + * @param string $messages Login messages. + */ + $messages = apply_filters( 'login_messages', $messages ); + + wp_admin_notice( + $messages, + array( + 'type' => 'info', + 'id' => 'login-message', + 'additional_classes' => array( 'message' ), + 'paragraph_wrap' => false, + ) + ); + } + } +} // End of login_header(). + +/** + * Outputs the footer for the login page. + * + * @since 3.1.0 + * + * @global bool|string $interim_login Whether interim login modal is being displayed. String 'success' + * upon successful login. + * + * @param string $input_id Which input to auto-focus. + */ +function login_footer( $input_id = '' ) { + global $interim_login; + + // Don't allow interim logins to navigate away from the page. + if ( ! $interim_login ) { + ?> +

+ %s', + esc_url( home_url( '/' ) ), + sprintf( + /* translators: %s: Site title. */ + _x( '← Go to %s', 'site' ), + get_bloginfo( 'title', 'display' ) + ) + ); + /** + * Filters the "Go to site" link displayed in the login page footer. + * + * @since 5.7.0 + * + * @param string $link HTML link to the home URL of the current site. + */ + echo apply_filters( 'login_site_html_link', $html_link ); + ?> +

+ ', '
' ); + } + + ?> + . ?> + + +
+
+ + + + 'language-switcher-locales', + 'name' => 'wp_lang', + 'selected' => determine_locale(), + 'show_available_translations' => false, + 'explicit_option_en_us' => true, + 'languages' => $languages, + ); + + /** + * Filters default arguments for the Languages select input on the login screen. + * + * The arguments get passed to the wp_dropdown_languages() function. + * + * @since 5.9.0 + * + * @param array $args Arguments for the Languages select input on the login screen. + */ + wp_dropdown_languages( apply_filters( 'login_language_dropdown_args', $args ) ); + ?> + + + + + + + + + + + + + + + +
+
+ + + + + + + + + + 0 ) { + update_option( 'admin_email_lifespan', time() + $remind_interval ); + } + + $redirect_to = add_query_arg( 'admin_email_remind_later', 1, $redirect_to ); + wp_safe_redirect( $redirect_to ); + exit; + } + + if ( ! empty( $_POST['correct-admin-email'] ) ) { + if ( ! check_admin_referer( 'confirm_admin_email', 'confirm_admin_email_nonce' ) ) { + wp_safe_redirect( wp_login_url() ); + exit; + } + + /** + * Filters the interval for redirecting the user to the admin email confirmation screen. + * + * If `0` (zero) is returned, the user will not be redirected. + * + * @since 5.3.0 + * + * @param int $interval Interval time (in seconds). Default is 6 months. + */ + $admin_email_check_interval = (int) apply_filters( 'admin_email_check_interval', 6 * MONTH_IN_SECONDS ); + + if ( $admin_email_check_interval > 0 ) { + update_option( 'admin_email_lifespan', time() + $admin_email_check_interval ); + } + + wp_safe_redirect( $redirect_to ); + exit; + } + + login_header( __( 'Confirm your administration email' ), '', $errors ); + + /** + * Fires before the admin email confirm form. + * + * @since 5.3.0 + * + * @param WP_Error $errors A `WP_Error` object containing any errors generated by using invalid + * credentials. Note that the error object may not contain any errors. + */ + do_action( 'admin_email_confirm', $errors ); + + ?> + +
+ + + +

+ +

+

+ administration email for this website is still correct.' ); ?> + %s', + /* translators: Hidden accessibility text. */ + __( '(opens in a new tab)' ) + ); + + printf( + '%s%s', + esc_url( $admin_email_help_url ), + __( 'Why is this important?' ), + $accessibility_text + ); + + ?> +

+

+ ' . esc_html( $admin_email ) . '' + ); + + ?> +

+

+ +

+ +
+
+ + + +
+ 0 ) : ?> +
+ 'confirm_admin_email', + 'remind_me_later' => wp_create_nonce( 'remind_me_later_nonce' ), + ), + $remind_me_link + ); + + ?> + +
+ +
+
+ + HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure ); + + wp_safe_redirect( wp_get_referer() ); + exit; + + case 'logout': + check_admin_referer( 'log-out' ); + + $user = wp_get_current_user(); + + wp_logout(); + + if ( ! empty( $_REQUEST['redirect_to'] ) ) { + $redirect_to = $_REQUEST['redirect_to']; + $requested_redirect_to = $redirect_to; + } else { + $redirect_to = add_query_arg( + array( + 'loggedout' => 'true', + 'wp_lang' => get_user_locale( $user ), + ), + wp_login_url() + ); + + $requested_redirect_to = ''; + } + + /** + * Filters the log out redirect URL. + * + * @since 4.2.0 + * + * @param string $redirect_to The redirect destination URL. + * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter. + * @param WP_User $user The WP_User object for the user that's logging out. + */ + $redirect_to = apply_filters( 'logout_redirect', $redirect_to, $requested_redirect_to, $user ); + + wp_safe_redirect( $redirect_to ); + exit; + + case 'lostpassword': + case 'retrievepassword': + if ( $http_post ) { + $errors = retrieve_password(); + + if ( ! is_wp_error( $errors ) ) { + $redirect_to = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : 'wp-login.php?checkemail=confirm'; + wp_safe_redirect( $redirect_to ); + exit; + } + } + + if ( isset( $_GET['error'] ) ) { + if ( 'invalidkey' === $_GET['error'] ) { + $errors->add( 'invalidkey', __( 'Error: Your password reset link appears to be invalid. Please request a new link below.' ) ); + } elseif ( 'expiredkey' === $_GET['error'] ) { + $errors->add( 'expiredkey', __( 'Error: Your password reset link has expired. Please request a new link below.' ) ); + } + } + + $lostpassword_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : ''; + /** + * Filters the URL redirected to after submitting the lostpassword/retrievepassword form. + * + * @since 3.0.0 + * + * @param string $lostpassword_redirect The redirect destination URL. + */ + $redirect_to = apply_filters( 'lostpassword_redirect', $lostpassword_redirect ); + + /** + * Fires before the lost password form. + * + * @since 1.5.1 + * @since 5.1.0 Added the `$errors` parameter. + * + * @param WP_Error $errors A `WP_Error` object containing any errors generated by using invalid + * credentials. Note that the error object may not contain any errors. + */ + do_action( 'lost_password', $errors ); + + login_header( + __( 'Lost Password' ), + wp_get_admin_notice( + __( 'Please enter your username or email address. You will receive an email message with instructions on how to reset your password.' ), + array( + 'type' => 'info', + 'additional_classes' => array( 'message' ), + ) + ), + $errors + ); + + $user_login = ''; + + if ( isset( $_POST['user_login'] ) && is_string( $_POST['user_login'] ) ) { + $user_login = wp_unslash( $_POST['user_login'] ); + } + + ?> + +
+

+ + +

+ + +

+ +

+
+ +

+ + %s', esc_url( wp_registration_url() ), __( 'Register' ) ); + + echo esc_html( $login_link_separator ); + + /** This filter is documented in wp-includes/general-template.php */ + echo apply_filters( 'register', $registration_url ); + } + + ?> +

+ get_error_code() === 'expired_key' ) { + wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=expiredkey' ) ); + } else { + wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=invalidkey' ) ); + } + + exit; + } + + $errors = new WP_Error(); + + // Check if password is one or all empty spaces. + if ( ! empty( $_POST['pass1'] ) ) { + $_POST['pass1'] = trim( $_POST['pass1'] ); + + if ( empty( $_POST['pass1'] ) ) { + $errors->add( 'password_reset_empty_space', __( 'The password cannot be a space or all spaces.' ) ); + } + } + + // Check if password fields do not match. + if ( ! empty( $_POST['pass1'] ) && trim( $_POST['pass2'] ) !== $_POST['pass1'] ) { + $errors->add( 'password_reset_mismatch', __( 'Error: The passwords do not match.' ) ); + } + + /** + * Fires before the password reset procedure is validated. + * + * @since 3.5.0 + * + * @param WP_Error $errors WP Error object. + * @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise. + */ + do_action( 'validate_password_reset', $errors, $user ); + + if ( ( ! $errors->has_errors() ) && isset( $_POST['pass1'] ) && ! empty( $_POST['pass1'] ) ) { + reset_password( $user, $_POST['pass1'] ); + setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true ); + login_header( + __( 'Password Reset' ), + wp_get_admin_notice( + __( 'Your password has been reset.' ) . ' ' . __( 'Log in' ) . '', + array( + 'type' => 'info', + 'additional_classes' => array( 'message', 'reset-pass' ), + ) + ) + ); + login_footer(); + exit; + } + + wp_enqueue_script( 'utils' ); + wp_enqueue_script( 'user-profile' ); + + login_header( + __( 'Reset Password' ), + wp_get_admin_notice( + __( 'Enter your new password below or generate one.' ), + array( + 'type' => 'info', + 'additional_classes' => array( 'message', 'reset-pass' ), + ) + ), + $errors + ); + + ?> +
+ + +
+

+ +

+ +
+ + + +
+
+
+ + +
+
+ +

+ + +

+ +

+ + + +

+ + +

+
+ +

+ + %s', esc_url( wp_registration_url() ), __( 'Register' ) ); + + echo esc_html( $login_link_separator ); + + /** This filter is documented in wp-includes/general-template.php */ + echo apply_filters( 'register', $registration_url ); + } + + ?> +

+ 'info', + 'additional_classes' => array( 'message', 'register' ), + ) + ), + $errors + ); + + ?> +
+

+ + +

+

+ + +

+ +

+ +

+ +

+ +

+
+ +

+ + %s', esc_url( wp_lostpassword_url() ), __( 'Lost your password?' ) ); + + /** This filter is documented in wp-login.php */ + echo apply_filters( 'lost_password_html_link', $html_link ); + + ?> +

+ add( + 'confirm', + sprintf( + /* translators: %s: Link to the login page. */ + __( 'Check your email for the confirmation link, then visit the login page.' ), + wp_login_url() + ), + 'message' + ); + } elseif ( 'registered' === $_GET['checkemail'] ) { + $errors->add( + 'registered', + sprintf( + /* translators: %s: Link to the login page. */ + __( 'Registration complete. Please check your email, then visit the login page.' ), + wp_login_url() + ), + 'message' + ); + } + + /** This action is documented in wp-login.php */ + $errors = apply_filters( 'wp_login_errors', $errors, $redirect_to ); + + login_header( __( 'Check your email' ), '', $errors ); + login_footer(); + break; + + case 'confirmaction': + if ( ! isset( $_GET['request_id'] ) ) { + wp_die( __( 'Missing request ID.' ) ); + } + + if ( ! isset( $_GET['confirm_key'] ) ) { + wp_die( __( 'Missing confirm key.' ) ); + } + + $request_id = (int) $_GET['request_id']; + $key = sanitize_text_field( wp_unslash( $_GET['confirm_key'] ) ); + $result = wp_validate_user_request_key( $request_id, $key ); + + if ( is_wp_error( $result ) ) { + wp_die( $result ); + } + + /** + * Fires an action hook when the account action has been confirmed by the user. + * + * Using this you can assume the user has agreed to perform the action by + * clicking on the link in the confirmation email. + * + * After firing this action hook the page will redirect to wp-login a callback + * redirects or exits first. + * + * @since 4.9.6 + * + * @param int $request_id Request ID. + */ + do_action( 'user_request_action_confirmed', $request_id ); + + $message = _wp_privacy_account_request_confirmed_message( $request_id ); + + login_header( __( 'User action confirmed.' ), $message ); + login_footer(); + exit; + + case 'login': + default: + $secure_cookie = ''; + $customize_login = isset( $_REQUEST['customize-login'] ); + + if ( $customize_login ) { + wp_enqueue_script( 'customize-base' ); + } + + // If the user wants SSL but the session is not SSL, force a secure cookie. + if ( ! empty( $_POST['log'] ) && ! force_ssl_admin() ) { + $user_name = sanitize_user( wp_unslash( $_POST['log'] ) ); + $user = get_user_by( 'login', $user_name ); + + if ( ! $user && strpos( $user_name, '@' ) ) { + $user = get_user_by( 'email', $user_name ); + } + + if ( $user ) { + if ( get_user_option( 'use_ssl', $user->ID ) ) { + $secure_cookie = true; + force_ssl_admin( true ); + } + } + } + + if ( isset( $_REQUEST['redirect_to'] ) ) { + $redirect_to = $_REQUEST['redirect_to']; + // Redirect to HTTPS if user wants SSL. + if ( $secure_cookie && str_contains( $redirect_to, 'wp-admin' ) ) { + $redirect_to = preg_replace( '|^http://|', 'https://', $redirect_to ); + } + } else { + $redirect_to = admin_url(); + } + + $reauth = empty( $_REQUEST['reauth'] ) ? false : true; + + $user = wp_signon( array(), $secure_cookie ); + + if ( empty( $_COOKIE[ LOGGED_IN_COOKIE ] ) ) { + if ( headers_sent() ) { + $user = new WP_Error( + 'test_cookie', + sprintf( + /* translators: 1: Browser cookie documentation URL, 2: Support forums URL. */ + __( 'Error: Cookies are blocked due to unexpected output. For help, please see this documentation or try the support forums.' ), + __( 'https://wordpress.org/documentation/article/cookies/' ), + __( 'https://wordpress.org/support/forums/' ) + ) + ); + } elseif ( isset( $_POST['testcookie'] ) && empty( $_COOKIE[ TEST_COOKIE ] ) ) { + // If cookies are disabled, the user can't log in even with a valid username and password. + $user = new WP_Error( + 'test_cookie', + sprintf( + /* translators: %s: Browser cookie documentation URL. */ + __( 'Error: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.' ), + __( 'https://wordpress.org/documentation/article/cookies/#enable-cookies-in-your-browser' ) + ) + ); + } + } + + $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : ''; + /** + * Filters the login redirect URL. + * + * @since 3.0.0 + * + * @param string $redirect_to The redirect destination URL. + * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter. + * @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise. + */ + $redirect_to = apply_filters( 'login_redirect', $redirect_to, $requested_redirect_to, $user ); + + if ( ! is_wp_error( $user ) && ! $reauth ) { + if ( $interim_login ) { + $message = '

' . __( 'You have logged in successfully.' ) . '

'; + $interim_login = 'success'; + login_header( '', $message ); + + ?> + + + + + + exists() && $user->has_cap( 'manage_options' ) ) { + $admin_email_lifespan = (int) get_option( 'admin_email_lifespan' ); + + /* + * If `0` (or anything "falsey" as it is cast to int) is returned, the user will not be redirected + * to the admin email confirmation screen. + */ + /** This filter is documented in wp-login.php */ + $admin_email_check_interval = (int) apply_filters( 'admin_email_check_interval', 6 * MONTH_IN_SECONDS ); + + if ( $admin_email_check_interval > 0 && time() > $admin_email_lifespan ) { + $redirect_to = add_query_arg( + array( + 'action' => 'confirm_admin_email', + 'wp_lang' => get_user_locale( $user ), + ), + wp_login_url( $redirect_to ) + ); + } + } + + if ( ( empty( $redirect_to ) || 'wp-admin/' === $redirect_to || admin_url() === $redirect_to ) ) { + // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. + if ( is_multisite() && ! get_active_blog_for_user( $user->ID ) && ! is_super_admin( $user->ID ) ) { + $redirect_to = user_admin_url(); + } elseif ( is_multisite() && ! $user->has_cap( 'read' ) ) { + $redirect_to = get_dashboard_url( $user->ID ); + } elseif ( ! $user->has_cap( 'edit_posts' ) ) { + $redirect_to = $user->has_cap( 'read' ) ? admin_url( 'profile.php' ) : home_url(); + } + + wp_redirect( $redirect_to ); + exit; + } + + wp_safe_redirect( $redirect_to ); + exit; + } + + $errors = $user; + // Clear errors if loggedout is set. + if ( ! empty( $_GET['loggedout'] ) || $reauth ) { + $errors = new WP_Error(); + } + + if ( empty( $_POST ) && $errors->get_error_codes() === array( 'empty_username', 'empty_password' ) ) { + $errors = new WP_Error( '', '' ); + } + + if ( $interim_login ) { + if ( ! $errors->has_errors() ) { + $errors->add( 'expired', __( 'Your session has expired. Please log in to continue where you left off.' ), 'message' ); + } + } else { + // Some parts of this script use the main login form to display a message. + if ( isset( $_GET['loggedout'] ) && $_GET['loggedout'] ) { + $errors->add( 'loggedout', __( 'You are now logged out.' ), 'message' ); + } elseif ( isset( $_GET['registration'] ) && 'disabled' === $_GET['registration'] ) { + $errors->add( 'registerdisabled', __( 'Error: User registration is currently not allowed.' ) ); + } elseif ( str_contains( $redirect_to, 'about.php?updated' ) ) { + $errors->add( 'updated', __( 'You have successfully updated WordPress! Please log back in to see what’s new.' ), 'message' ); + } elseif ( WP_Recovery_Mode_Link_Service::LOGIN_ACTION_ENTERED === $action ) { + $errors->add( 'enter_recovery_mode', __( 'Recovery Mode Initialized. Please log in to continue.' ), 'message' ); + } elseif ( isset( $_GET['redirect_to'] ) && str_contains( $_GET['redirect_to'], 'wp-admin/authorize-application.php' ) ) { + $query_component = wp_parse_url( $_GET['redirect_to'], PHP_URL_QUERY ); + $query = array(); + if ( $query_component ) { + parse_str( $query_component, $query ); + } + + if ( ! empty( $query['app_name'] ) ) { + /* translators: 1: Website name, 2: Application name. */ + $message = sprintf( 'Please log in to %1$s to authorize %2$s to connect to your account.', get_bloginfo( 'name', 'display' ), '' . esc_html( $query['app_name'] ) . '' ); + } else { + /* translators: %s: Website name. */ + $message = sprintf( 'Please log in to %s to proceed with authorization.', get_bloginfo( 'name', 'display' ) ); + } + + $errors->add( 'authorize_application', $message, 'message' ); + } + } + + /** + * Filters the login page errors. + * + * @since 3.6.0 + * + * @param WP_Error $errors WP Error object. + * @param string $redirect_to Redirect destination URL. + */ + $errors = apply_filters( 'wp_login_errors', $errors, $redirect_to ); + + // Clear any stale cookies. + if ( $reauth ) { + wp_clear_auth_cookie(); + } + + login_header( __( 'Log In' ), '', $errors ); + + if ( isset( $_POST['log'] ) ) { + $user_login = ( 'incorrect_password' === $errors->get_error_code() || 'empty_password' === $errors->get_error_code() ) ? esc_attr( wp_unslash( $_POST['log'] ) ) : ''; + } + + $rememberme = ! empty( $_POST['rememberme'] ); + + $aria_describedby = ''; + $has_errors = $errors->has_errors(); + + if ( $has_errors ) { + $aria_describedby = ' aria-describedby="login_error"'; + } + + if ( $has_errors && 'message' === $errors->get_error_data() ) { + $aria_describedby = ' aria-describedby="login-message"'; + } + + wp_enqueue_script( 'user-profile' ); + ?> + +
+

+ + class="input" value="" size="20" autocapitalize="off" autocomplete="username" required="required" /> +

+ +
+ +
+ class="input password-input" value="" size="20" autocomplete="current-password" spellcheck="false" required="required" /> + +
+
+ +

/>

+

+ + + + + + + + + +

+
+ + +

+ %s', esc_url( wp_registration_url() ), __( 'Register' ) ); + + /** This filter is documented in wp-includes/general-template.php */ + echo apply_filters( 'register', $registration_url ); + + echo esc_html( $login_link_separator ); + } + + $html_link = sprintf( '%s', esc_url( wp_lostpassword_url() ), __( 'Lost your password?' ) ); + + /** + * Filters the link that allows the user to reset the lost password. + * + * @since 6.1.0 + * + * @param string $html_link HTML link to the lost password form. + */ + echo apply_filters( 'lost_password_html_link', $html_link ); + + ?> +

+ get_error_code() === 'invalid_username' ) { + $login_script .= 'd.value = "";'; + } + } + + $login_script .= 'd.focus(); d.select();'; + $login_script .= '} catch( er ) {}'; + $login_script .= '}, 200);'; + $login_script .= "}\n"; // End of wp_attempt_focus(). + + /** + * Filters whether to print the call to `wp_attempt_focus()` on the login screen. + * + * @since 4.8.0 + * + * @param bool $print Whether to print the function call. Default true. + */ + if ( apply_filters( 'enable_login_autofocus', true ) && ! $error ) { + $login_script .= "wp_attempt_focus();\n"; + } + + // Run `wpOnload()` if defined. + $login_script .= "if ( typeof wpOnload === 'function' ) { wpOnload() }"; + + wp_print_inline_script_tag( $login_script ); + + if ( $interim_login ) { + ob_start(); + ?> + + Writing + * + * @package WordPress + */ + +/** Make sure that the WordPress bootstrap has run before continuing. */ +require __DIR__ . '/wp-load.php'; + +/** This filter is documented in wp-admin/options.php */ +if ( ! apply_filters( 'enable_post_by_email_configuration', true ) ) { + wp_die( __( 'This action has been disabled by the administrator.' ), 403 ); +} + +$mailserver_url = get_option( 'mailserver_url' ); + +if ( 'mail.example.com' === $mailserver_url || empty( $mailserver_url ) ) { + wp_die( __( 'This action has been disabled by the administrator.' ), 403 ); +} + +/** + * Fires to allow a plugin to do a complete takeover of Post by Email. + * + * @since 2.9.0 + */ +do_action( 'wp-mail.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores + +/** Get the POP3 class with which to access the mailbox. */ +require_once ABSPATH . WPINC . '/class-pop3.php'; + +/** Only check at this interval for new messages. */ +if ( ! defined( 'WP_MAIL_INTERVAL' ) ) { + define( 'WP_MAIL_INTERVAL', 5 * MINUTE_IN_SECONDS ); +} + +$last_checked = get_transient( 'mailserver_last_checked' ); + +if ( $last_checked ) { + wp_die( __( 'Slow down cowboy, no need to check for new mails so often!' ) ); +} + +set_transient( 'mailserver_last_checked', true, WP_MAIL_INTERVAL ); + +$time_difference = get_option( 'gmt_offset' ) * HOUR_IN_SECONDS; + +$phone_delim = '::'; + +$pop3 = new POP3(); + +if ( ! $pop3->connect( get_option( 'mailserver_url' ), get_option( 'mailserver_port' ) ) || ! $pop3->user( get_option( 'mailserver_login' ) ) ) { + wp_die( esc_html( $pop3->ERROR ) ); +} + +$count = $pop3->pass( get_option( 'mailserver_pass' ) ); + +if ( false === $count ) { + wp_die( esc_html( $pop3->ERROR ) ); +} + +if ( 0 === $count ) { + $pop3->quit(); + wp_die( __( 'There does not seem to be any new mail.' ) ); +} + +// Always run as an unauthenticated user. +wp_set_current_user( 0 ); + +for ( $i = 1; $i <= $count; $i++ ) { + + $message = $pop3->get( $i ); + + $bodysignal = false; + $boundary = ''; + $charset = ''; + $content = ''; + $content_type = ''; + $content_transfer_encoding = ''; + $post_author = 1; + $author_found = false; + $post_date = null; + $post_date_gmt = null; + + foreach ( $message as $line ) { + // Body signal. + if ( strlen( $line ) < 3 ) { + $bodysignal = true; + } + if ( $bodysignal ) { + $content .= $line; + } else { + if ( preg_match( '/Content-Type: /i', $line ) ) { + $content_type = trim( $line ); + $content_type = substr( $content_type, 14, strlen( $content_type ) - 14 ); + $content_type = explode( ';', $content_type ); + if ( ! empty( $content_type[1] ) ) { + $charset = explode( '=', $content_type[1] ); + $charset = ( ! empty( $charset[1] ) ) ? trim( $charset[1] ) : ''; + } + $content_type = $content_type[0]; + } + if ( preg_match( '/Content-Transfer-Encoding: /i', $line ) ) { + $content_transfer_encoding = trim( $line ); + $content_transfer_encoding = substr( $content_transfer_encoding, 27, strlen( $content_transfer_encoding ) - 27 ); + $content_transfer_encoding = explode( ';', $content_transfer_encoding ); + $content_transfer_encoding = $content_transfer_encoding[0]; + } + if ( 'multipart/alternative' === $content_type && str_contains( $line, 'boundary="' ) && '' === $boundary ) { + $boundary = trim( $line ); + $boundary = explode( '"', $boundary ); + $boundary = $boundary[1]; + } + if ( preg_match( '/Subject: /i', $line ) ) { + $subject = trim( $line ); + $subject = substr( $subject, 9, strlen( $subject ) - 9 ); + // Captures any text in the subject before $phone_delim as the subject. + if ( function_exists( 'iconv_mime_decode' ) ) { + $subject = iconv_mime_decode( $subject, 2, get_option( 'blog_charset' ) ); + } else { + $subject = wp_iso_descrambler( $subject ); + } + $subject = explode( $phone_delim, $subject ); + $subject = $subject[0]; + } + + /* + * Set the author using the email address (From or Reply-To, the last used) + * otherwise use the site admin. + */ + if ( ! $author_found && preg_match( '/^(From|Reply-To): /', $line ) ) { + if ( preg_match( '|[a-z0-9_.-]+@[a-z0-9_.-]+(?!.*<)|i', $line, $matches ) ) { + $author = $matches[0]; + } else { + $author = trim( $line ); + } + $author = sanitize_email( $author ); + if ( is_email( $author ) ) { + $userdata = get_user_by( 'email', $author ); + if ( ! empty( $userdata ) ) { + $post_author = $userdata->ID; + $author_found = true; + } + } + } + + if ( preg_match( '/Date: /i', $line ) ) { // Of the form '20 Mar 2002 20:32:37 +0100'. + $ddate = str_replace( 'Date: ', '', trim( $line ) ); + // Remove parenthesized timezone string if it exists, as this confuses strtotime(). + $ddate = preg_replace( '!\s*\(.+\)\s*$!', '', $ddate ); + $ddate_timestamp = strtotime( $ddate ); + $post_date = gmdate( 'Y-m-d H:i:s', $ddate_timestamp + $time_difference ); + $post_date_gmt = gmdate( 'Y-m-d H:i:s', $ddate_timestamp ); + } + } + } + + // Set $post_status based on $author_found and on author's publish_posts capability. + if ( $author_found ) { + $user = new WP_User( $post_author ); + $post_status = ( $user->has_cap( 'publish_posts' ) ) ? 'publish' : 'pending'; + } else { + // Author not found in DB, set status to pending. Author already set to admin. + $post_status = 'pending'; + } + + $subject = trim( $subject ); + + if ( 'multipart/alternative' === $content_type ) { + $content = explode( '--' . $boundary, $content ); + $content = $content[2]; + + // Match case-insensitive Content-Transfer-Encoding. + if ( preg_match( '/Content-Transfer-Encoding: quoted-printable/i', $content, $delim ) ) { + $content = explode( $delim[0], $content ); + $content = $content[1]; + } + $content = strip_tags( $content, '


' ); + } + $content = trim( $content ); + + /** + * Filters the original content of the email. + * + * Give Post-By-Email extending plugins full access to the content, either + * the raw content, or the content of the last quoted-printable section. + * + * @since 2.8.0 + * + * @param string $content The original email content. + */ + $content = apply_filters( 'wp_mail_original_content', $content ); + + if ( false !== stripos( $content_transfer_encoding, 'quoted-printable' ) ) { + $content = quoted_printable_decode( $content ); + } + + if ( function_exists( 'iconv' ) && ! empty( $charset ) ) { + $content = iconv( $charset, get_option( 'blog_charset' ), $content ); + } + + // Captures any text in the body after $phone_delim as the body. + $content = explode( $phone_delim, $content ); + $content = empty( $content[1] ) ? $content[0] : $content[1]; + + $content = trim( $content ); + + /** + * Filters the content of the post submitted by email before saving. + * + * @since 1.2.0 + * + * @param string $content The email content. + */ + $post_content = apply_filters( 'phone_content', $content ); + + $post_title = xmlrpc_getposttitle( $content ); + + if ( '' === trim( $post_title ) ) { + $post_title = $subject; + } + + $post_category = array( get_option( 'default_email_category' ) ); + + $post_data = compact( 'post_content', 'post_title', 'post_date', 'post_date_gmt', 'post_author', 'post_category', 'post_status' ); + $post_data = wp_slash( $post_data ); + + $post_ID = wp_insert_post( $post_data ); + if ( is_wp_error( $post_ID ) ) { + echo "\n" . $post_ID->get_error_message(); + } + + // The post wasn't inserted or updated, for whatever reason. Better move forward to the next email. + if ( empty( $post_ID ) ) { + continue; + } + + /** + * Fires after a post submitted by email is published. + * + * @since 1.2.0 + * + * @param int $post_ID The post ID. + */ + do_action( 'publish_phone', $post_ID ); + + echo "\n

" . __( 'Author:' ) . ' ' . esc_html( $post_author ) . '

'; + echo "\n

" . __( 'Posted title:' ) . ' ' . esc_html( $post_title ) . '

'; + + if ( ! $pop3->delete( $i ) ) { + echo '

' . sprintf( + /* translators: %s: POP3 error. */ + __( 'Oops: %s' ), + esc_html( $pop3->ERROR ) + ) . '

'; + $pop3->reset(); + exit; + } else { + echo '

' . sprintf( + /* translators: %s: The message ID. */ + __( 'Mission complete. Message %s deleted.' ), + '' . $i . '' + ) . '

'; + } +} + +$pop3->quit(); diff --git a/wp-settings.php b/wp-settings.php new file mode 100644 index 0000000..9673479 --- /dev/null +++ b/wp-settings.php @@ -0,0 +1,717 @@ +init(); + +// Load multisite-specific files. +if ( is_multisite() ) { + require ABSPATH . WPINC . '/ms-functions.php'; + require ABSPATH . WPINC . '/ms-default-filters.php'; + require ABSPATH . WPINC . '/ms-deprecated.php'; +} + +// Define constants that rely on the API to obtain the default value. +// Define must-use plugin directory constants, which may be overridden in the sunrise.php drop-in. +wp_plugin_directory_constants(); + +/** + * @since 3.9.0 + * + * @global array $wp_plugin_paths + */ +$GLOBALS['wp_plugin_paths'] = array(); + +// Load must-use plugins. +foreach ( wp_get_mu_plugins() as $mu_plugin ) { + $_wp_plugin_file = $mu_plugin; + include_once $mu_plugin; + $mu_plugin = $_wp_plugin_file; // Avoid stomping of the $mu_plugin variable in a plugin. + + /** + * Fires once a single must-use plugin has loaded. + * + * @since 5.1.0 + * + * @param string $mu_plugin Full path to the plugin's main file. + */ + do_action( 'mu_plugin_loaded', $mu_plugin ); +} +unset( $mu_plugin, $_wp_plugin_file ); + +// Load network activated plugins. +if ( is_multisite() ) { + foreach ( wp_get_active_network_plugins() as $network_plugin ) { + wp_register_plugin_realpath( $network_plugin ); + + $_wp_plugin_file = $network_plugin; + include_once $network_plugin; + $network_plugin = $_wp_plugin_file; // Avoid stomping of the $network_plugin variable in a plugin. + + /** + * Fires once a single network-activated plugin has loaded. + * + * @since 5.1.0 + * + * @param string $network_plugin Full path to the plugin's main file. + */ + do_action( 'network_plugin_loaded', $network_plugin ); + } + unset( $network_plugin, $_wp_plugin_file ); +} + +/** + * Fires once all must-use and network-activated plugins have loaded. + * + * @since 2.8.0 + */ +do_action( 'muplugins_loaded' ); + +if ( is_multisite() ) { + ms_cookie_constants(); +} + +// Define constants after multisite is loaded. +wp_cookie_constants(); + +// Define and enforce our SSL constants. +wp_ssl_constants(); + +// Create common globals. +require ABSPATH . WPINC . '/vars.php'; + +// Make taxonomies and posts available to plugins and themes. +// @plugin authors: warning: these get registered again on the init hook. +create_initial_taxonomies(); +create_initial_post_types(); + +wp_start_scraping_edited_file_errors(); + +// Register the default theme directory root. +register_theme_directory( get_theme_root() ); + +if ( ! is_multisite() && wp_is_fatal_error_handler_enabled() ) { + // Handle users requesting a recovery mode link and initiating recovery mode. + wp_recovery_mode()->initialize(); +} + +// Load active plugins. +foreach ( wp_get_active_and_valid_plugins() as $plugin ) { + wp_register_plugin_realpath( $plugin ); + + $_wp_plugin_file = $plugin; + include_once $plugin; + $plugin = $_wp_plugin_file; // Avoid stomping of the $plugin variable in a plugin. + + /** + * Fires once a single activated plugin has loaded. + * + * @since 5.1.0 + * + * @param string $plugin Full path to the plugin's main file. + */ + do_action( 'plugin_loaded', $plugin ); +} +unset( $plugin, $_wp_plugin_file ); + +// Load pluggable functions. +require ABSPATH . WPINC . '/pluggable.php'; +require ABSPATH . WPINC . '/pluggable-deprecated.php'; + +// Set internal encoding. +wp_set_internal_encoding(); + +// Run wp_cache_postload() if object cache is enabled and the function exists. +if ( WP_CACHE && function_exists( 'wp_cache_postload' ) ) { + wp_cache_postload(); +} + +/** + * Fires once activated plugins have loaded. + * + * Pluggable functions are also available at this point in the loading order. + * + * @since 1.5.0 + */ +do_action( 'plugins_loaded' ); + +// Define constants which affect functionality if not already defined. +wp_functionality_constants(); + +// Add magic quotes and set up $_REQUEST ( $_GET + $_POST ). +wp_magic_quotes(); + +/** + * Fires when comment cookies are sanitized. + * + * @since 2.0.11 + */ +do_action( 'sanitize_comment_cookies' ); + +/** + * WordPress Query object + * + * @since 2.0.0 + * + * @global WP_Query $wp_the_query WordPress Query object. + */ +$GLOBALS['wp_the_query'] = new WP_Query(); + +/** + * Holds the reference to {@see $wp_the_query}. + * Use this global for WordPress queries + * + * @since 1.5.0 + * + * @global WP_Query $wp_query WordPress Query object. + */ +$GLOBALS['wp_query'] = $GLOBALS['wp_the_query']; + +/** + * Holds the WordPress Rewrite object for creating pretty URLs + * + * @since 1.5.0 + * + * @global WP_Rewrite $wp_rewrite WordPress rewrite component. + */ +$GLOBALS['wp_rewrite'] = new WP_Rewrite(); + +/** + * WordPress Object + * + * @since 2.0.0 + * + * @global WP $wp Current WordPress environment instance. + */ +$GLOBALS['wp'] = new WP(); + +/** + * WordPress Widget Factory Object + * + * @since 2.8.0 + * + * @global WP_Widget_Factory $wp_widget_factory + */ +$GLOBALS['wp_widget_factory'] = new WP_Widget_Factory(); + +/** + * WordPress User Roles + * + * @since 2.0.0 + * + * @global WP_Roles $wp_roles WordPress role management object. + */ +$GLOBALS['wp_roles'] = new WP_Roles(); + +/** + * Fires before the theme is loaded. + * + * @since 2.6.0 + */ +do_action( 'setup_theme' ); + +// Define the template related constants and globals. +wp_templating_constants(); +wp_set_template_globals(); + +// Load the default text localization domain. +load_default_textdomain(); + +$locale = get_locale(); +$locale_file = WP_LANG_DIR . "/$locale.php"; +if ( ( 0 === validate_file( $locale ) ) && is_readable( $locale_file ) ) { + require $locale_file; +} +unset( $locale_file ); + +/** + * WordPress Locale object for loading locale domain date and various strings. + * + * @since 2.1.0 + * + * @global WP_Locale $wp_locale WordPress date and time locale object. + */ +$GLOBALS['wp_locale'] = new WP_Locale(); + +/** + * WordPress Locale Switcher object for switching locales. + * + * @since 4.7.0 + * + * @global WP_Locale_Switcher $wp_locale_switcher WordPress locale switcher object. + */ +$GLOBALS['wp_locale_switcher'] = new WP_Locale_Switcher(); +$GLOBALS['wp_locale_switcher']->init(); + +// Load the functions for the active theme, for both parent and child theme if applicable. +foreach ( wp_get_active_and_valid_themes() as $theme ) { + if ( file_exists( $theme . '/functions.php' ) ) { + include $theme . '/functions.php'; + } +} +unset( $theme ); + +/** + * Fires after the theme is loaded. + * + * @since 3.0.0 + */ +do_action( 'after_setup_theme' ); + +// Create an instance of WP_Site_Health so that Cron events may fire. +if ( ! class_exists( 'WP_Site_Health' ) ) { + require_once ABSPATH . 'wp-admin/includes/class-wp-site-health.php'; +} +WP_Site_Health::get_instance(); + +// Set up current user. +$GLOBALS['wp']->init(); + +/** + * Fires after WordPress has finished loading but before any headers are sent. + * + * Most of WP is loaded at this stage, and the user is authenticated. WP continues + * to load on the {@see 'init'} hook that follows (e.g. widgets), and many plugins instantiate + * themselves on it for all sorts of reasons (e.g. they need a user, a taxonomy, etc.). + * + * If you wish to plug an action once WP is loaded, use the {@see 'wp_loaded'} hook below. + * + * @since 1.5.0 + */ +do_action( 'init' ); + +// Check site status. +if ( is_multisite() ) { + $file = ms_site_check(); + if ( true !== $file ) { + require $file; + die(); + } + unset( $file ); +} + +/** + * This hook is fired once WP, all plugins, and the theme are fully loaded and instantiated. + * + * Ajax requests should use wp-admin/admin-ajax.php. admin-ajax.php can handle requests for + * users not logged in. + * + * @link https://codex.wordpress.org/AJAX_in_Plugins + * + * @since 3.0.0 + */ +do_action( 'wp_loaded' ); diff --git a/wp-signup.php b/wp-signup.php new file mode 100644 index 0000000..d11f166 --- /dev/null +++ b/wp-signup.php @@ -0,0 +1,1046 @@ +is_404 = false; + +/** + * Fires before the Site Sign-up page is loaded. + * + * @since 4.4.0 + */ +do_action( 'before_signup_header' ); + +/** + * Prints styles for front-end Multisite Sign-up pages. + * + * @since MU (3.0.0) + */ +function wpmu_signup_stylesheet() { + ?> + + +
+
+' . __( 'Site Name (subdirectory only):' ) . ''; + } else { + echo ''; + } + + $errmsg_blogname = $errors->get_error_message( 'blogname' ); + $errmsg_blogname_aria = ''; + if ( $errmsg_blogname ) { + $errmsg_blogname_aria = 'wp-signup-blogname-error '; + echo '

' . $errmsg_blogname . '

'; + } + + if ( ! is_subdomain_install() ) { + echo '
' . $current_network->domain . $current_network->path . '
'; + } else { + $site_domain = preg_replace( '|^www\.|', '', $current_network->domain ); + echo '
.' . esc_html( $site_domain ) . '
'; + } + + if ( ! is_user_logged_in() ) { + if ( ! is_subdomain_install() ) { + $site = $current_network->domain . $current_network->path . __( 'sitename' ); + } else { + $site = __( 'domain' ) . '.' . $site_domain . $current_network->path; + } + + printf( + '

(%s) %s

', + /* translators: %s: Site address. */ + sprintf( __( 'Your address will be %s.' ), $site ), + __( 'Must be at least 4 characters, letters and numbers only. It cannot be changed, so choose carefully!' ) + ); + } + + // Site Title. + ?> + + get_error_message( 'blog_title' ); + $errmsg_blog_title_aria = ''; + if ( $errmsg_blog_title ) { + $errmsg_blog_title_aria = ' aria-describedby="wp-signup-blog-title-error"'; + echo '

' . $errmsg_blog_title . '

'; + } + echo ''; + ?> + + +

+ + 'WPLANG', + 'id' => 'site-language', + 'selected' => $lang, + 'languages' => $languages, + 'show_available_translations' => false, + ) + ); + ?> +

+ + +
+
+ + + + +

+ + /> + + + + /> + + +

+
+
+ + ' . __( 'Username:' ) . ''; + $errmsg_username = $errors->get_error_message( 'user_name' ); + $errmsg_username_aria = ''; + if ( $errmsg_username ) { + $errmsg_username_aria = 'wp-signup-username-error '; + echo '

' . $errmsg_username . '

'; + } + ?> + +

+ + ' . __( 'Email Address:' ) . ''; + $errmsg_email = $errors->get_error_message( 'user_email' ); + $errmsg_email_aria = ''; + if ( $errmsg_email ) { + $errmsg_email_aria = 'wp-signup-email-error '; + echo '

' . $errmsg_email . '

'; + } + ?> + +

+ + get_error_message( 'generic' ); + if ( $errmsg_generic ) { + echo '

' . $errmsg_generic . '

'; + } + /** + * Fires at the end of the new user account registration form. + * + * @since 3.0.0 + * + * @param WP_Error $errors A WP_Error object containing 'user_name' or 'user_email' errors. + */ + do_action( 'signup_extra_fields', $errors ); +} + +/** + * Validates user sign-up name and email. + * + * @since MU (3.0.0) + * + * @return array Contains username, email, and error messages. + * See wpmu_validate_user_signup() for details. + */ +function validate_user_form() { + return wpmu_validate_user_signup( $_POST['user_name'], $_POST['user_email'] ); +} + +/** + * Shows a form for returning users to sign up for another site. + * + * @since MU (3.0.0) + * + * @param string $blogname The new site name + * @param string $blog_title The new site title. + * @param WP_Error|string $errors A WP_Error object containing existing errors. Defaults to empty string. + */ +function signup_another_blog( $blogname = '', $blog_title = '', $errors = '' ) { + $current_user = wp_get_current_user(); + + if ( ! is_wp_error( $errors ) ) { + $errors = new WP_Error(); + } + + $signup_defaults = array( + 'blogname' => $blogname, + 'blog_title' => $blog_title, + 'errors' => $errors, + ); + + /** + * Filters the default site sign-up variables. + * + * @since 3.0.0 + * + * @param array $signup_defaults { + * An array of default site sign-up variables. + * + * @type string $blogname The site blogname. + * @type string $blog_title The site title. + * @type WP_Error $errors A WP_Error object possibly containing 'blogname' or 'blog_title' errors. + * } + */ + $filtered_results = apply_filters( 'signup_another_blog_init', $signup_defaults ); + + $blogname = $filtered_results['blogname']; + $blog_title = $filtered_results['blog_title']; + $errors = $filtered_results['errors']; + + /* translators: %s: Network title. */ + echo '

' . sprintf( __( 'Get another %s site in seconds' ), get_network()->site_name ) . '

'; + + if ( $errors->has_errors() ) { + echo '

' . __( 'There was a problem, please correct the form below and try again.' ) . '

'; + } + ?> +

+ add another site to your account. There is no limit to the number of sites you can have, so create to your heart’s content, but write responsibly!' ), + $current_user->display_name + ); + ?> +

+ + ID ); + if ( ! empty( $blogs ) ) { + ?> + +

+
    + userblog_id ); + echo '
  • ' . $home_url . '
    • '; + } + ?> +
+ + +

+
+ + + +

+
+ has_errors() ) { + signup_another_blog( $blogname, $blog_title, $errors ); + return false; + } + + $public = (int) $_POST['blog_public']; + + $blog_meta_defaults = array( + 'lang_id' => 1, + 'public' => $public, + ); + + // Handle the language setting for the new site. + if ( ! empty( $_POST['WPLANG'] ) ) { + + $languages = signup_get_available_languages(); + + if ( in_array( $_POST['WPLANG'], $languages, true ) ) { + $language = wp_unslash( sanitize_text_field( $_POST['WPLANG'] ) ); + + if ( $language ) { + $blog_meta_defaults['WPLANG'] = $language; + } + } + } + + /** + * Filters the new site meta variables. + * + * Use the {@see 'add_signup_meta'} filter instead. + * + * @since MU (3.0.0) + * @deprecated 3.0.0 Use the {@see 'add_signup_meta'} filter instead. + * + * @param array $blog_meta_defaults An array of default blog meta variables. + */ + $meta_defaults = apply_filters_deprecated( 'signup_create_blog_meta', array( $blog_meta_defaults ), '3.0.0', 'add_signup_meta' ); + + /** + * Filters the new default site meta variables. + * + * @since 3.0.0 + * + * @param array $meta { + * An array of default site meta variables. + * + * @type int $lang_id The language ID. + * @type int $blog_public Whether search engines should be discouraged from indexing the site. 1 for true, 0 for false. + * } + */ + $meta = apply_filters( 'add_signup_meta', $meta_defaults ); + + $blog_id = wpmu_create_blog( $domain, $path, $blog_title, $current_user->ID, $meta, get_current_network_id() ); + + if ( is_wp_error( $blog_id ) ) { + return false; + } + + confirm_another_blog_signup( $domain, $path, $blog_title, $current_user->user_login, $current_user->user_email, $meta, $blog_id ); + return true; +} + +/** + * Shows a message confirming that the new site has been created. + * + * @since MU (3.0.0) + * @since 4.4.0 Added the `$blog_id` parameter. + * + * @param string $domain The domain URL. + * @param string $path The site root path. + * @param string $blog_title The site title. + * @param string $user_name The username. + * @param string $user_email The user's email address. + * @param array $meta Any additional meta from the {@see 'add_signup_meta'} filter in validate_blog_signup(). + * @param int $blog_id The site ID. + */ +function confirm_another_blog_signup( $domain, $path, $blog_title, $user_name, $user_email = '', $meta = array(), $blog_id = 0 ) { + + if ( $blog_id ) { + switch_to_blog( $blog_id ); + $home_url = home_url( '/' ); + $login_url = wp_login_url(); + restore_current_blog(); + } else { + $home_url = 'http://' . $domain . $path; + $login_url = 'http://' . $domain . $path . 'wp-login.php'; + } + + $site = sprintf( + '%2$s', + esc_url( $home_url ), + $blog_title + ); + + ?> +

+ +

+

+ Log in as “%3$s” using your existing password.' ), + sprintf( + '%s', + esc_url( $home_url ), + untrailingslashit( $domain . $path ) + ), + esc_url( $login_url ), + $user_name + ); + ?> +

+ $user_name, + 'user_email' => $user_email, + 'errors' => $errors, + ); + + /** + * Filters the default user variables used on the user sign-up form. + * + * @since 3.0.0 + * + * @param array $signup_user_defaults { + * An array of default user variables. + * + * @type string $user_name The user username. + * @type string $user_email The user email address. + * @type WP_Error $errors A WP_Error object with possible errors relevant to the sign-up user. + * } + */ + $filtered_results = apply_filters( 'signup_user_init', $signup_user_defaults ); + $user_name = $filtered_results['user_name']; + $user_email = $filtered_results['user_email']; + $errors = $filtered_results['errors']; + + ?> + +

+ site_name ); + ?> +

+
+ + + + + + + + + +
+ +

+ + /> + + + + /> + + +

+
+ + +

+
+ has_errors() ) { + signup_user( $user_name, $user_email, $errors ); + return false; + } + + if ( 'blog' === $_POST['signup_for'] ) { + signup_blog( $user_name, $user_email ); + return false; + } + + /** This filter is documented in wp-signup.php */ + wpmu_signup_user( $user_name, $user_email, apply_filters( 'add_signup_meta', array() ) ); + + confirm_user_signup( $user_name, $user_email ); + return true; +} + +/** + * Shows a message confirming that the new user has been registered and is awaiting activation. + * + * @since MU (3.0.0) + * + * @param string $user_name The username. + * @param string $user_email The user's email address. + */ +function confirm_user_signup( $user_name, $user_email ) { + ?> +

+ +

+

you must activate it.' ); ?>

+

+ ' . $user_email . '' ); + ?> +

+

+ $user_name, + 'user_email' => $user_email, + 'blogname' => $blogname, + 'blog_title' => $blog_title, + 'errors' => $errors, + ); + + /** + * Filters the default site creation variables for the site sign-up form. + * + * @since 3.0.0 + * + * @param array $signup_blog_defaults { + * An array of default site creation variables. + * + * @type string $user_name The user username. + * @type string $user_email The user email address. + * @type string $blogname The blogname. + * @type string $blog_title The title of the site. + * @type WP_Error $errors A WP_Error object with possible errors relevant to new site creation variables. + * } + */ + $filtered_results = apply_filters( 'signup_blog_init', $signup_blog_defaults ); + + $user_name = $filtered_results['user_name']; + $user_email = $filtered_results['user_email']; + $blogname = $filtered_results['blogname']; + $blog_title = $filtered_results['blog_title']; + $errors = $filtered_results['errors']; + + if ( empty( $blogname ) ) { + $blogname = $user_name; + } + ?> +
+ + + + + +

+
+ has_errors() ) { + signup_user( $user_name, $user_email, $user_errors ); + return false; + } + + $result = wpmu_validate_blog_signup( $_POST['blogname'], $_POST['blog_title'] ); + $domain = $result['domain']; + $path = $result['path']; + $blogname = $result['blogname']; + $blog_title = $result['blog_title']; + $errors = $result['errors']; + + if ( $errors->has_errors() ) { + signup_blog( $user_name, $user_email, $blogname, $blog_title, $errors ); + return false; + } + + $public = (int) $_POST['blog_public']; + $signup_meta = array( + 'lang_id' => 1, + 'public' => $public, + ); + + // Handle the language setting for the new site. + if ( ! empty( $_POST['WPLANG'] ) ) { + + $languages = signup_get_available_languages(); + + if ( in_array( $_POST['WPLANG'], $languages, true ) ) { + $language = wp_unslash( sanitize_text_field( $_POST['WPLANG'] ) ); + + if ( $language ) { + $signup_meta['WPLANG'] = $language; + } + } + } + + /** This filter is documented in wp-signup.php */ + $meta = apply_filters( 'add_signup_meta', $signup_meta ); + + wpmu_signup_blog( $domain, $path, $blog_title, $user_name, $user_email, $meta ); + confirm_blog_signup( $domain, $path, $blog_title, $user_name, $user_email, $meta ); + return true; +} + +/** + * Shows a message confirming that the new site has been registered and is awaiting activation. + * + * @since MU (3.0.0) + * + * @param string $domain The domain or subdomain of the site. + * @param string $path The path of the site. + * @param string $blog_title The title of the new site. + * @param string $user_name The user's username. + * @param string $user_email The user's email address. + * @param array $meta Any additional meta from the {@see 'add_signup_meta'} filter in validate_blog_signup(). + */ +function confirm_blog_signup( $domain, $path, $blog_title, $user_name = '', $user_email = '', $meta = array() ) { + ?> +

+ {$blog_title}" ) + ?> +

+ +

you must activate it.' ); ?>

+

+ ' . $user_email . '' ); + ?> +

+

+

+

+
    +

    • +

    • +
  • + +
    • +
+ '; + _e( 'Greetings Network Administrator!' ); + echo ' '; + + switch ( $active_signup ) { + case 'none': + _e( 'The network currently disallows registrations.' ); + break; + case 'blog': + _e( 'The network currently allows site registrations.' ); + break; + case 'user': + _e( 'The network currently allows user registrations.' ); + break; + default: + _e( 'The network currently allows both site and user registrations.' ); + break; + } + + echo ' '; + + /* translators: %s: URL to Network Settings screen. */ + printf( __( 'To change or disable registration go to your Options page.' ), esc_url( network_admin_url( 'settings.php' ) ) ); + echo '
'; +} + +$newblogname = isset( $_GET['new'] ) ? strtolower( preg_replace( '/^-|-$|[^-a-zA-Z0-9]/', '', $_GET['new'] ) ) : null; + +$current_user = wp_get_current_user(); +if ( 'none' === $active_signup ) { + _e( 'Registration has been disabled.' ); +} elseif ( 'blog' === $active_signup && ! is_user_logged_in() ) { + $login_url = wp_login_url( network_site_url( 'wp-signup.php' ) ); + /* translators: %s: Login URL. */ + printf( __( 'You must first log in, and then you can create a new site.' ), $login_url ); +} else { + $stage = isset( $_POST['stage'] ) ? $_POST['stage'] : 'default'; + switch ( $stage ) { + case 'validate-user-signup': + if ( 'all' === $active_signup + || ( 'blog' === $_POST['signup_for'] && 'blog' === $active_signup ) + || ( 'user' === $_POST['signup_for'] && 'user' === $active_signup ) + ) { + validate_user_signup(); + } else { + _e( 'User registration has been disabled.' ); + } + break; + case 'validate-blog-signup': + if ( 'all' === $active_signup || 'blog' === $active_signup ) { + validate_blog_signup(); + } else { + _e( 'Site registration has been disabled.' ); + } + break; + case 'gimmeanotherblog': + validate_another_blog_signup(); + break; + case 'default': + default: + $user_email = isset( $_POST['user_email'] ) ? $_POST['user_email'] : ''; + /** + * Fires when the site sign-up form is sent. + * + * @since 3.0.0 + */ + do_action( 'preprocess_signup_form' ); + if ( is_user_logged_in() && ( 'all' === $active_signup || 'blog' === $active_signup ) ) { + signup_another_blog( $newblogname ); + } elseif ( ! is_user_logged_in() && ( 'all' === $active_signup || 'user' === $active_signup ) ) { + signup_user( $newblogname, $user_email ); + } elseif ( ! is_user_logged_in() && ( 'blog' === $active_signup ) ) { + _e( 'Sorry, new registrations are not allowed at this time.' ); + } else { + _e( 'You are logged in already. No need to register again!' ); + } + + if ( $newblogname ) { + $newblog = get_blogaddress_by_name( $newblogname ); + + if ( 'blog' === $active_signup || 'all' === $active_signup ) { + printf( + /* translators: %s: Site address. */ + '

' . __( 'The site you were looking for, %s, does not exist, but you can create it now!' ) . '

', + '' . $newblog . '' + ); + } else { + printf( + /* translators: %s: Site address. */ + '

' . __( 'The site you were looking for, %s, does not exist.' ) . '

', + '' . $newblog . '' + ); + } + } + break; + } +} +?> +
+
+ + + '1' ) ); +} + +// Always run as an unauthenticated user. +wp_set_current_user( 0 ); + +/** + * Response to a trackback. + * + * Responds with an error or success XML message. + * + * @since 0.71 + * + * @param int|bool $error Whether there was an error. + * Default '0'. Accepts '0' or '1', true or false. + * @param string $error_message Error message if an error occurred. Default empty string. + */ +function trackback_response( $error = 0, $error_message = '' ) { + header( 'Content-Type: text/xml; charset=' . get_option( 'blog_charset' ) ); + + if ( $error ) { + echo '\n"; + echo "\n"; + echo "1\n"; + echo "$error_message\n"; + echo ''; + die(); + } else { + echo '\n"; + echo "\n"; + echo "0\n"; + echo ''; + } +} + +if ( ! isset( $_GET['tb_id'] ) || ! $_GET['tb_id'] ) { + $post_id = explode( '/', $_SERVER['REQUEST_URI'] ); + $post_id = (int) $post_id[ count( $post_id ) - 1 ]; +} + +$trackback_url = isset( $_POST['url'] ) ? $_POST['url'] : ''; +$charset = isset( $_POST['charset'] ) ? $_POST['charset'] : ''; + +// These three are stripslashed here so they can be properly escaped after mb_convert_encoding(). +$title = isset( $_POST['title'] ) ? wp_unslash( $_POST['title'] ) : ''; +$excerpt = isset( $_POST['excerpt'] ) ? wp_unslash( $_POST['excerpt'] ) : ''; +$blog_name = isset( $_POST['blog_name'] ) ? wp_unslash( $_POST['blog_name'] ) : ''; + +if ( $charset ) { + $charset = str_replace( array( ',', ' ' ), '', strtoupper( trim( $charset ) ) ); +} else { + $charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS'; +} + +// No valid uses for UTF-7. +if ( str_contains( $charset, 'UTF-7' ) ) { + die; +} + +// For international trackbacks. +if ( function_exists( 'mb_convert_encoding' ) ) { + $title = mb_convert_encoding( $title, get_option( 'blog_charset' ), $charset ); + $excerpt = mb_convert_encoding( $excerpt, get_option( 'blog_charset' ), $charset ); + $blog_name = mb_convert_encoding( $blog_name, get_option( 'blog_charset' ), $charset ); +} + +// Escape values to use in the trackback. +$title = wp_slash( $title ); +$excerpt = wp_slash( $excerpt ); +$blog_name = wp_slash( $blog_name ); + +if ( is_single() || is_page() ) { + $post_id = $posts[0]->ID; +} + +if ( ! isset( $post_id ) || ! (int) $post_id ) { + trackback_response( 1, __( 'I really need an ID for this to work.' ) ); +} + +if ( empty( $title ) && empty( $trackback_url ) && empty( $blog_name ) ) { + // If it doesn't look like a trackback at all. + wp_redirect( get_permalink( $post_id ) ); + exit; +} + +if ( ! empty( $trackback_url ) && ! empty( $title ) ) { + /** + * Fires before the trackback is added to a post. + * + * @since 4.7.0 + * + * @param int $post_id Post ID related to the trackback. + * @param string $trackback_url Trackback URL. + * @param string $charset Character set. + * @param string $title Trackback title. + * @param string $excerpt Trackback excerpt. + * @param string $blog_name Site name. + */ + do_action( 'pre_trackback_post', $post_id, $trackback_url, $charset, $title, $excerpt, $blog_name ); + + header( 'Content-Type: text/xml; charset=' . get_option( 'blog_charset' ) ); + + if ( ! pings_open( $post_id ) ) { + trackback_response( 1, __( 'Sorry, trackbacks are closed for this item.' ) ); + } + + $title = wp_html_excerpt( $title, 250, '…' ); + $excerpt = wp_html_excerpt( $excerpt, 252, '…' ); + + $comment_post_id = (int) $post_id; + $comment_author = $blog_name; + $comment_author_email = ''; + $comment_author_url = $trackback_url; + $comment_content = "$title\n\n$excerpt"; + $comment_type = 'trackback'; + + $dupe = $wpdb->get_results( + $wpdb->prepare( + "SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", + $comment_post_id, + $comment_author_url + ) + ); + + if ( $dupe ) { + trackback_response( 1, __( 'There is already a ping from that URL for this post.' ) ); + } + + $commentdata = array( + 'comment_post_ID' => $comment_post_id, + ); + + $commentdata += compact( + 'comment_author', + 'comment_author_email', + 'comment_author_url', + 'comment_content', + 'comment_type' + ); + + $result = wp_new_comment( $commentdata ); + + if ( is_wp_error( $result ) ) { + trackback_response( 1, $result->get_error_message() ); + } + + $trackback_id = $wpdb->insert_id; + + /** + * Fires after a trackback is added to a post. + * + * @since 1.2.0 + * + * @param int $trackback_id Trackback ID. + */ + do_action( 'trackback_post', $trackback_id ); + + trackback_response( 0 ); +} diff --git a/xmlrpc.php b/xmlrpc.php new file mode 100644 index 0000000..5929020 --- /dev/null +++ b/xmlrpc.php @@ -0,0 +1,108 @@ +'; + ?> + + + WordPress + https://wordpress.org/ + + + + + + + + + + + serve_request(); + +exit; + +/** + * logIO() - Writes logging info to a file. + * + * @since 1.2.0 + * @deprecated 3.4.0 Use error_log() + * @see error_log() + * + * @global int|bool $xmlrpc_logging Whether to enable XML-RPC logging. + * + * @param string $io Whether input or output. + * @param string $msg Information describing logging reason. + */ +function logIO( $io, $msg ) { + _deprecated_function( __FUNCTION__, '3.4.0', 'error_log()' ); + if ( ! empty( $GLOBALS['xmlrpc_logging'] ) ) { + error_log( $io . ' - ' . $msg ); + } +}