diff --git a/.htaccess b/.htaccess new file mode 100644 index 0000000..5c9abb5 --- /dev/null +++ b/.htaccess @@ -0,0 +1,16 @@ + +# BEGIN WordPress +# The directives (lines) between "BEGIN WordPress" and "END WordPress" are +# dynamically generated, and should only be modified via WordPress filters. +# Any changes to the directives between these markers will be overwritten. + +RewriteEngine On +RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] +RewriteBase /Rural%20problem/ +RewriteRule ^index\.php$ - [L] +RewriteCond %{REQUEST_FILENAME} !-f +RewriteCond %{REQUEST_FILENAME} !-d +RewriteRule . /Rural%20problem/index.php [L] + + +# END WordPress \ No newline at end of file diff --git a/index.php b/index.php new file mode 100644 index 0000000..cc2a532 --- /dev/null +++ b/index.php @@ -0,0 +1,17 @@ + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. + +WRITTEN OFFER + +The source code for any program binaries or compressed scripts that are +included with WordPress can be freely obtained at the following URL: + + https://wordpress.org/download/source/ diff --git a/readme.html b/readme.html new file mode 100644 index 0000000..0048b9e --- /dev/null +++ b/readme.html @@ -0,0 +1,97 @@ + + + + + + WordPress › ReadMe + + + +

+ WordPress +

+

Semantic Personal Publishing Platform

+ +

First Things First

+

Welcome. WordPress is a very special project to me. Every developer and contributor adds something unique to the mix, and together we create something beautiful that I am proud to be a part of. Thousands of hours have gone into WordPress, and we are dedicated to making it better every day. Thank you for making it part of your world.

+

— Matt Mullenweg

+ +

Installation: Famous 5-minute install

+
    +
  1. Unzip the package in an empty directory and upload everything.
    2. +
  2. Open wp-admin/install.php in your browser. It will take you through the process to set up a wp-config.php file with your database connection details. +
      +
    1. If for some reason this does not work, do not worry. It may not work on all web hosts. Open up wp-config-sample.php with a text editor like WordPad or similar and fill in your database connection details.
      2. +
    2. Save the file as wp-config.php and upload it.
      3. +
    3. Open wp-admin/install.php in your browser.
      4. +
    +
    3. +
  3. Once the configuration file is set up, the installer will set up the tables needed for your site. If there is an error, double check your wp-config.php file, and try again. If it fails again, please go to the WordPress support forums with as much data as you can gather.
    4. +
  4. If you did not enter a password, note the password given to you. If you did not provide a username, it will be admin.
    5. +
  5. The installer should then send you to the login page. Sign in with the username and password you chose during the installation. If a password was generated for you, you can then click on “Profile” to change the password.
    6. +
+ +

Updating

+

Using the Automatic Updater

+
    +
  1. Open wp-admin/update-core.php in your browser and follow the instructions.
    2. +
  2. You wanted more, perhaps? That’s it!
    3. +
+ +

Updating Manually

+
    +
  1. Before you update anything, make sure you have backup copies of any files you may have modified such as index.php.
    2. +
  2. Delete your old WordPress files, saving ones you’ve modified.
    3. +
  3. Upload the new files.
    4. +
  4. Point your browser to /wp-admin/upgrade.php.
    5. +
+ +

Migrating from other systems

+

WordPress can import from a number of systems. First you need to get WordPress installed and working as described above, before using our import tools.

+ +

System Requirements

+
    +
  • PHP version 5.6.20 or greater.
    • +
  • MySQL version 5.0 or greater.
    • +
+ +

Recommendations

+
    +
  • PHP version 7.4 or greater.
    • +
  • MySQL version 5.7 or greater OR MariaDB version 10.3 or greater.
    • +
  • The mod_rewrite Apache module.
    • +
  • HTTPS support.
    • +
  • A link to wordpress.org on your site.
    • +
+ +

Online Resources

+

If you have any questions that are not addressed in this document, please take advantage of WordPress’ numerous online resources:

+
+
HelpHub
+
HelpHub is the encyclopedia of all things WordPress. It is the most comprehensive source of information for WordPress available.
+
The WordPress Blog
+
This is where you’ll find the latest updates and news related to WordPress. Recent WordPress news appears in your administrative dashboard by default.
+
WordPress Planet
+
The WordPress Planet is a news aggregator that brings together posts from WordPress blogs around the web.
+
WordPress Support Forums
+
If you’ve looked everywhere and still cannot find an answer, the support forums are very active and have a large community ready to help. To help them help you be sure to use a descriptive thread title and describe your question in as much detail as possible.
+
WordPress IRC (Internet Relay Chat) Channel
+
There is an online chat channel that is used for discussion among people who use WordPress and occasionally support topics. The above wiki page should point you in the right direction. (irc.libera.chat #wordpress)
+
+ +

Final Notes

+
    +
  • If you have any suggestions, ideas, or comments, or if you (gasp!) found a bug, join us in the Support Forums.
    • +
  • WordPress has a robust plugin API (Application Programming Interface) that makes extending the code easy. If you are a developer interested in utilizing this, see the Plugin Developer Handbook. You shouldn’t modify any of the core code.
    • +
+ +

Share the Love

+

WordPress has no multi-million dollar marketing campaign or celebrity sponsors, but we do have something even better—you. If you enjoy WordPress please consider telling a friend, setting it up for someone less knowledgeable than yourself, or writing the author of a media article that overlooks us.

+ +

WordPress is the official continuation of b2/cafélog, which came from Michel V. The work has been continued by the WordPress developers. If you would like to support WordPress, please consider donating.

+ +

License

+

WordPress is free software, and is released under the terms of the GPL (GNU General Public License) version 2 or (at your option) any later version. See license.txt.

+ + + diff --git a/wp-activate.php b/wp-activate.php new file mode 100644 index 0000000..92b062e --- /dev/null +++ b/wp-activate.php @@ -0,0 +1,218 @@ +get_error_code() ) ) { + status_header( 404 ); +} elseif ( is_wp_error( $result ) ) { + $error_code = $result->get_error_code(); + + if ( ! in_array( $error_code, $valid_error_codes, true ) ) { + status_header( 400 ); + } +} + +nocache_headers(); + +if ( is_object( $wp_object_cache ) ) { + $wp_object_cache->cache_enabled = false; +} + +// Fix for page title. +$wp_query->is_404 = false; + +/** + * Fires before the Site Activation page is loaded. + * + * @since 3.0.0 + */ +do_action( 'activate_header' ); + +/** + * Adds an action hook specific to this page. + * + * Fires on {@see 'wp_head'}. + * + * @since MU (3.0.0) + */ +function do_activate_header() { + /** + * Fires before the Site Activation page is loaded. + * + * Fires on the {@see 'wp_head'} action. + * + * @since 3.0.0 + */ + do_action( 'activate_wp_head' ); +} +add_action( 'wp_head', 'do_activate_header' ); + +/** + * Loads styles specific to this page. + * + * @since MU (3.0.0) + */ +function wpmu_activate_stylesheet() { + ?> + + + +
+
+ + +

+
+

+ +
+

+

+ +

+
+ + get_error_code(), $valid_error_codes, true ) ) { + $signup = $result->get_error_data(); + ?> +

+ '; + if ( '' === $signup->domain . $signup->path ) { + printf( + /* translators: 1: Login URL, 2: Username, 3: User email address, 4: Lost password URL. */ + __( 'Your account has been activated. You may now log in to the site using your chosen username of “%2$s”. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can reset your password.' ), + network_site_url( $blog_details->path . 'wp-login.php', 'login' ), + $signup->user_login, + $signup->user_email, + wp_lostpassword_url() + ); + } else { + printf( + /* translators: 1: Site URL, 2: Username, 3: User email address, 4: Lost password URL. */ + __( 'Your site at %1$s is active. You may now log in to your site using your chosen username of “%2$s”. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can reset your password.' ), + sprintf( '%1$s%2$s', $signup->domain, $blog_details->path ), + $signup->user_login, + $signup->user_email, + wp_lostpassword_url() + ); + } + echo '

'; + } elseif ( null === $result || is_wp_error( $result ) ) { + ?> +

+ +

get_error_message(); ?>

+ + +

+ +
+

user_login; ?>

+

+
+ + +

+ View your site or Log in' ), $url, esc_url( $login_url ) ); + ?> +

+ +

+ Log in or go back to the homepage.' ), + network_site_url( $blog_details->path . 'wp-login.php', 'login' ), + network_home_url( $blog_details->path ) + ); + ?> +

+ +
+
+get_error_data(); + if ( ! empty( $data ) ) { + wp_die( + '

' . $comment->get_error_message() . '

', + __( 'Comment Submission Failure' ), + array( + 'response' => $data, + 'back_link' => true, + ) + ); + } else { + exit; + } +} + +$user = wp_get_current_user(); +$cookies_consent = ( isset( $_POST['wp-comment-cookies-consent'] ) ); + +/** + * Perform other actions when comment cookies are set. + * + * @since 3.4.0 + * @since 4.9.6 The `$cookies_consent` parameter was added. + * + * @param WP_Comment $comment Comment object. + * @param WP_User $user Comment author's user object. The user may not exist. + * @param bool $cookies_consent Comment author's consent to store cookies. + */ +do_action( 'set_comment_cookies', $comment, $user, $cookies_consent ); + +$location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID; + +// If user didn't consent to cookies, add specific query arguments to display the awaiting moderation message. +if ( ! $cookies_consent && 'unapproved' === wp_get_comment_status( $comment ) && ! empty( $comment->comment_author_email ) ) { + $location = add_query_arg( + array( + 'unapproved' => $comment->comment_ID, + 'moderation-hash' => wp_hash( $comment->comment_date_gmt ), + ), + $location + ); +} + +/** + * Filters the location URI to send the commenter after posting. + * + * @since 2.0.5 + * + * @param string $location The 'redirect_to' URI sent via $_POST. + * @param WP_Comment $comment Comment object. + */ +$location = apply_filters( 'comment_post_redirect', $location, $comment ); + +wp_safe_redirect( $location ); +exit; diff --git a/wp-config-sample.php b/wp-config-sample.php new file mode 100644 index 0000000..c095f50 --- /dev/null +++ b/wp-config-sample.php @@ -0,0 +1,96 @@ +WDeyyGNx_*L+vnXVw/7a}!o' ); +define( 'SECURE_AUTH_SALT', 'l 1RrO34@oDUx;&tNn6s= 70016 && function_exists( 'fastcgi_finish_request' ) ) { + fastcgi_finish_request(); +} elseif ( function_exists( 'litespeed_finish_request' ) ) { + litespeed_finish_request(); +} + +if ( ! empty( $_POST ) || defined( 'DOING_AJAX' ) || defined( 'DOING_CRON' ) ) { + die(); +} + +/** + * Tell WordPress we are doing the cron task. + * + * @var bool + */ +define( 'DOING_CRON', true ); + +if ( ! defined( 'ABSPATH' ) ) { + /** Set up WordPress environment */ + require_once __DIR__ . '/wp-load.php'; +} + +/** + * Retrieves the cron lock. + * + * Returns the uncached `doing_cron` transient. + * + * @ignore + * @since 3.3.0 + * + * @global wpdb $wpdb WordPress database abstraction object. + * + * @return string|int|false Value of the `doing_cron` transient, 0|false otherwise. + */ +function _get_cron_lock() { + global $wpdb; + + $value = 0; + if ( wp_using_ext_object_cache() ) { + /* + * Skip local cache and force re-fetch of doing_cron transient + * in case another process updated the cache. + */ + $value = wp_cache_get( 'doing_cron', 'transient', true ); + } else { + $row = $wpdb->get_row( $wpdb->prepare( "SELECT option_value FROM $wpdb->options WHERE option_name = %s LIMIT 1", '_transient_doing_cron' ) ); + if ( is_object( $row ) ) { + $value = $row->option_value; + } + } + + return $value; +} + +$crons = wp_get_ready_cron_jobs(); +if ( empty( $crons ) ) { + die(); +} + +$gmt_time = microtime( true ); + +// The cron lock: a unix timestamp from when the cron was spawned. +$doing_cron_transient = get_transient( 'doing_cron' ); + +// Use global $doing_wp_cron lock, otherwise use the GET lock. If no lock, try to grab a new lock. +if ( empty( $doing_wp_cron ) ) { + if ( empty( $_GET['doing_wp_cron'] ) ) { + // Called from external script/job. Try setting a lock. + if ( $doing_cron_transient && ( $doing_cron_transient + WP_CRON_LOCK_TIMEOUT > $gmt_time ) ) { + return; + } + $doing_wp_cron = sprintf( '%.22F', microtime( true ) ); + $doing_cron_transient = $doing_wp_cron; + set_transient( 'doing_cron', $doing_wp_cron ); + } else { + $doing_wp_cron = $_GET['doing_wp_cron']; + } +} + +/* + * The cron lock (a unix timestamp set when the cron was spawned), + * must match $doing_wp_cron (the "key"). + */ +if ( $doing_cron_transient !== $doing_wp_cron ) { + return; +} + +foreach ( $crons as $timestamp => $cronhooks ) { + if ( $timestamp > $gmt_time ) { + break; + } + + foreach ( $cronhooks as $hook => $keys ) { + + foreach ( $keys as $k => $v ) { + + $schedule = $v['schedule']; + + if ( $schedule ) { + $result = wp_reschedule_event( $timestamp, $schedule, $hook, $v['args'], true ); + + if ( is_wp_error( $result ) ) { + error_log( + sprintf( + /* translators: 1: Hook name, 2: Error code, 3: Error message, 4: Event data. */ + __( 'Cron reschedule event error for hook: %1$s, Error code: %2$s, Error message: %3$s, Data: %4$s' ), + $hook, + $result->get_error_code(), + $result->get_error_message(), + wp_json_encode( $v ) + ) + ); + + /** + * Fires when an error happens rescheduling a cron event. + * + * @since 6.1.0 + * + * @param WP_Error $result The WP_Error object. + * @param string $hook Action hook to execute when the event is run. + * @param array $v Event data. + */ + do_action( 'cron_reschedule_event_error', $result, $hook, $v ); + } + } + + $result = wp_unschedule_event( $timestamp, $hook, $v['args'], true ); + + if ( is_wp_error( $result ) ) { + error_log( + sprintf( + /* translators: 1: Hook name, 2: Error code, 3: Error message, 4: Event data. */ + __( 'Cron unschedule event error for hook: %1$s, Error code: %2$s, Error message: %3$s, Data: %4$s' ), + $hook, + $result->get_error_code(), + $result->get_error_message(), + wp_json_encode( $v ) + ) + ); + + /** + * Fires when an error happens unscheduling a cron event. + * + * @since 6.1.0 + * + * @param WP_Error $result The WP_Error object. + * @param string $hook Action hook to execute when the event is run. + * @param array $v Event data. + */ + do_action( 'cron_unschedule_event_error', $result, $hook, $v ); + } + + /** + * Fires scheduled events. + * + * @ignore + * @since 2.1.0 + * + * @param string $hook Name of the hook that was scheduled to be fired. + * @param array $args The arguments to be passed to the hook. + */ + do_action_ref_array( $hook, $v['args'] ); + + // If the hook ran too long and another cron process stole the lock, quit. + if ( _get_cron_lock() !== $doing_wp_cron ) { + return; + } + } + } +} + +if ( _get_cron_lock() === $doing_wp_cron ) { + delete_transient( 'doing_cron' ); +} + +die(); diff --git a/wp-links-opml.php b/wp-links-opml.php new file mode 100644 index 0000000..ca43c3d --- /dev/null +++ b/wp-links-opml.php @@ -0,0 +1,97 @@ +\n"; +?> + + + + <?php + /* translators: %s: Site title. */ + printf( __( 'Links for %s' ), esc_attr( get_bloginfo( 'name', 'display' ) ) ); + ?> + + GMT + + + + 'link_category', + 'hierarchical' => 0, + ) + ); +} else { + $cats = get_categories( + array( + 'taxonomy' => 'link_category', + 'hierarchical' => 0, + 'include' => $link_cat, + ) + ); +} + +foreach ( (array) $cats as $cat ) : + /** This filter is documented in wp-includes/bookmark-template.php */ + $catname = apply_filters( 'link_category', $cat->name ); + + ?> + + $cat->term_id ) ); + foreach ( (array) $bookmarks as $bookmark ) : + /** + * Filters the OPML outline link title text. + * + * @since 2.2.0 + * + * @param string $title The OPML outline title text. + */ + $title = apply_filters( 'link_title', $bookmark->link_name ); + ?> + + + + + + diff --git a/wp-load.php b/wp-load.php new file mode 100644 index 0000000..9e8241f --- /dev/null +++ b/wp-load.php @@ -0,0 +1,107 @@ +' . sprintf( + /* translators: %s: wp-config.php */ + __( "There doesn't seem to be a %s file. It is needed before the installation can continue." ), + 'wp-config.php' + ) . '

'; + $die .= '

' . sprintf( + /* translators: 1: Documentation URL, 2: wp-config.php */ + __( 'Need more help? Read the support article on %2$s.' ), + __( 'https://wordpress.org/support/article/editing-wp-config-php/' ), + 'wp-config.php' + ) . '

'; + $die .= '

' . sprintf( + /* translators: %s: wp-config.php */ + __( "You can create a %s file through a web interface, but this doesn't work for all server setups. The safest way is to manually create the file." ), + 'wp-config.php' + ) . '

'; + $die .= '

' . __( 'Create a Configuration File' ) . '

'; + + wp_die( $die, __( 'WordPress › Error' ) ); +} diff --git a/wp-login.php b/wp-login.php new file mode 100644 index 0000000..4c9de95 --- /dev/null +++ b/wp-login.php @@ -0,0 +1,1557 @@ +` element. + * Default 'Log In'. + * @param string $message Optional. Message to display in header. Default empty. + * @param WP_Error $wp_error Optional. The error to pass. Default is a WP_Error instance. + */ +function login_header( $title = 'Log In', $message = '', $wp_error = null ) { + global $error, $interim_login, $action; + + // Don't index any of these forms. + add_filter( 'wp_robots', 'wp_robots_sensitive_page' ); + add_action( 'login_head', 'wp_strict_cross_origin_referrer' ); + + add_action( 'login_head', 'wp_login_viewport_meta' ); + + if ( ! is_wp_error( $wp_error ) ) { + $wp_error = new WP_Error(); + } + + // Shake it! + $shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password', 'retrieve_password_email_failure' ); + /** + * Filters the error codes array for shaking the login form. + * + * @since 3.0.0 + * + * @param string[] $shake_error_codes Error codes that shake the login form. + */ + $shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes ); + + if ( $shake_error_codes && $wp_error->has_errors() && in_array( $wp_error->get_error_code(), $shake_error_codes, true ) ) { + add_action( 'login_footer', 'wp_shake_js', 12 ); + } + + $login_title = get_bloginfo( 'name', 'display' ); + + /* translators: Login screen title. 1: Login screen name, 2: Network or site name. */ + $login_title = sprintf( __( '%1$s ‹ %2$s — WordPress' ), $title, $login_title ); + + if ( wp_is_recovery_mode() ) { + /* translators: %s: Login screen title. */ + $login_title = sprintf( __( 'Recovery Mode — %s' ), $login_title ); + } + + /** + * Filters the title tag content for login page. + * + * @since 4.9.0 + * + * @param string $login_title The page title, with extra context added. + * @param string $title The original page title. + */ + $login_title = apply_filters( 'login_title', $login_title, $title ); + + ?> + > + + + <?php echo $login_title; ?> + get_error_code() ) { + ?> + + + + + + + + +
+

+ add( 'error', $error ); + unset( $error ); + } + + if ( $wp_error->has_errors() ) { + $errors = ''; + $messages = ''; + + foreach ( $wp_error->get_error_codes() as $code ) { + $severity = $wp_error->get_error_data( $code ); + foreach ( $wp_error->get_error_messages( $code ) as $error_message ) { + if ( 'message' === $severity ) { + $messages .= ' ' . $error_message . "
\n"; + } else { + $errors .= ' ' . $error_message . "
\n"; + } + } + } + + if ( ! empty( $errors ) ) { + /** + * Filters the error messages displayed above the login form. + * + * @since 2.1.0 + * + * @param string $errors Login error message. + */ + echo '
' . apply_filters( 'login_errors', $errors ) . "
\n"; + } + + if ( ! empty( $messages ) ) { + /** + * Filters instructional messages displayed above the login form. + * + * @since 2.5.0 + * + * @param string $messages Login messages. + */ + echo '

' . apply_filters( 'login_messages', $messages ) . "

\n"; + } + } +} // End of login_header(). + +/** + * Outputs the footer for the login page. + * + * @since 3.1.0 + * + * @global bool|string $interim_login Whether interim login modal is being displayed. String 'success' + * upon successful login. + * + * @param string $input_id Which input to auto-focus. + */ +function login_footer( $input_id = '' ) { + global $interim_login; + + // Don't allow interim logins to navigate away from the page. + if ( ! $interim_login ) { + ?> +

+ %s', + esc_url( home_url( '/' ) ), + sprintf( + /* translators: %s: Site title. */ + _x( '← Go to %s', 'site' ), + get_bloginfo( 'title', 'display' ) + ) + ); + /** + * Filter the "Go to site" link displayed in the login page footer. + * + * @since 5.7.0 + * + * @param string $link HTML link to the home URL of the current site. + */ + echo apply_filters( 'login_site_html_link', $html_link ); + ?> +

+ ', '
' ); + } + + ?> + . ?> + + +
+
+ + + + 'language-switcher-locales', + 'name' => 'wp_lang', + 'selected' => determine_locale(), + 'show_available_translations' => false, + 'explicit_option_en_us' => true, + 'languages' => $languages, + ); + + /** + * Filters default arguments for the Languages select input on the login screen. + * + * The arguments get passed to the wp_dropdown_languages() function. + * + * @since 5.9.0 + * + * @param array $args Arguments for the Languages select input on the login screen. + */ + wp_dropdown_languages( apply_filters( 'login_language_dropdown_args', $args ) ); + ?> + + + + + + + + + + + + + + + +
+
+ + + + + +
+ + + + + + + 0 ) { + update_option( 'admin_email_lifespan', time() + $remind_interval ); + } + + $redirect_to = add_query_arg( 'admin_email_remind_later', 1, $redirect_to ); + wp_safe_redirect( $redirect_to ); + exit; + } + + if ( ! empty( $_POST['correct-admin-email'] ) ) { + if ( ! check_admin_referer( 'confirm_admin_email', 'confirm_admin_email_nonce' ) ) { + wp_safe_redirect( wp_login_url() ); + exit; + } + + /** + * Filters the interval for redirecting the user to the admin email confirmation screen. + * + * If `0` (zero) is returned, the user will not be redirected. + * + * @since 5.3.0 + * + * @param int $interval Interval time (in seconds). Default is 6 months. + */ + $admin_email_check_interval = (int) apply_filters( 'admin_email_check_interval', 6 * MONTH_IN_SECONDS ); + + if ( $admin_email_check_interval > 0 ) { + update_option( 'admin_email_lifespan', time() + $admin_email_check_interval ); + } + + wp_safe_redirect( $redirect_to ); + exit; + } + + login_header( __( 'Confirm your administration email' ), '', $errors ); + + /** + * Fires before the admin email confirm form. + * + * @since 5.3.0 + * + * @param WP_Error $errors A `WP_Error` object containing any errors generated by using invalid + * credentials. Note that the error object may not contain any errors. + */ + do_action( 'admin_email_confirm', $errors ); + + ?> + +
+ + + +

+ +

+

+ administration email for this website is still correct.' ); ?> + %s', __( '(opens in a new tab)' ) ); + + printf( + '%s%s', + esc_url( $admin_email_help_url ), + __( 'Why is this important?' ), + $accessibility_text + ); + + ?> +

+

+ ' . esc_html( $admin_email ) . '' + ); + + ?> +

+

+ +

+ +
+
+ + + +
+ 0 ) : ?> +
+ 'confirm_admin_email', + 'remind_me_later' => wp_create_nonce( 'remind_me_later_nonce' ), + ), + $remind_me_link + ); + + ?> + +
+ +
+
+ + HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure ); + + wp_safe_redirect( wp_get_referer() ); + exit; + + case 'logout': + check_admin_referer( 'log-out' ); + + $user = wp_get_current_user(); + + wp_logout(); + + if ( ! empty( $_REQUEST['redirect_to'] ) ) { + $redirect_to = $_REQUEST['redirect_to']; + $requested_redirect_to = $redirect_to; + } else { + $redirect_to = add_query_arg( + array( + 'loggedout' => 'true', + 'wp_lang' => get_user_locale( $user ), + ), + wp_login_url() + ); + + $requested_redirect_to = ''; + } + + /** + * Filters the log out redirect URL. + * + * @since 4.2.0 + * + * @param string $redirect_to The redirect destination URL. + * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter. + * @param WP_User $user The WP_User object for the user that's logging out. + */ + $redirect_to = apply_filters( 'logout_redirect', $redirect_to, $requested_redirect_to, $user ); + + wp_safe_redirect( $redirect_to ); + exit; + + case 'lostpassword': + case 'retrievepassword': + if ( $http_post ) { + $errors = retrieve_password(); + + if ( ! is_wp_error( $errors ) ) { + $redirect_to = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : 'wp-login.php?checkemail=confirm'; + wp_safe_redirect( $redirect_to ); + exit; + } + } + + if ( isset( $_GET['error'] ) ) { + if ( 'invalidkey' === $_GET['error'] ) { + $errors->add( 'invalidkey', __( 'Error: Your password reset link appears to be invalid. Please request a new link below.' ) ); + } elseif ( 'expiredkey' === $_GET['error'] ) { + $errors->add( 'expiredkey', __( 'Error: Your password reset link has expired. Please request a new link below.' ) ); + } + } + + $lostpassword_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : ''; + /** + * Filters the URL redirected to after submitting the lostpassword/retrievepassword form. + * + * @since 3.0.0 + * + * @param string $lostpassword_redirect The redirect destination URL. + */ + $redirect_to = apply_filters( 'lostpassword_redirect', $lostpassword_redirect ); + + /** + * Fires before the lost password form. + * + * @since 1.5.1 + * @since 5.1.0 Added the `$errors` parameter. + * + * @param WP_Error $errors A `WP_Error` object containing any errors generated by using invalid + * credentials. Note that the error object may not contain any errors. + */ + do_action( 'lost_password', $errors ); + + login_header( __( 'Lost Password' ), '

' . __( 'Please enter your username or email address. You will receive an email message with instructions on how to reset your password.' ) . '

', $errors ); + + $user_login = ''; + + if ( isset( $_POST['user_login'] ) && is_string( $_POST['user_login'] ) ) { + $user_login = wp_unslash( $_POST['user_login'] ); + } + + ?> + +
+

+ + +

+ + +

+ +

+
+ +

+ + %s', esc_url( wp_registration_url() ), __( 'Register' ) ); + + echo esc_html( $login_link_separator ); + + /** This filter is documented in wp-includes/general-template.php */ + echo apply_filters( 'register', $registration_url ); + } + + ?> +

+ get_error_code() === 'expired_key' ) { + wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=expiredkey' ) ); + } else { + wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=invalidkey' ) ); + } + + exit; + } + + $errors = new WP_Error(); + + // Check if password is one or all empty spaces. + if ( ! empty( $_POST['pass1'] ) ) { + $_POST['pass1'] = trim( $_POST['pass1'] ); + + if ( empty( $_POST['pass1'] ) ) { + $errors->add( 'password_reset_empty_space', __( 'The password cannot be a space or all spaces.' ) ); + } + } + + // Check if password fields do not match. + if ( ! empty( $_POST['pass1'] ) && trim( $_POST['pass2'] ) !== $_POST['pass1'] ) { + $errors->add( 'password_reset_mismatch', __( 'Error: The passwords do not match.' ) ); + } + + /** + * Fires before the password reset procedure is validated. + * + * @since 3.5.0 + * + * @param WP_Error $errors WP Error object. + * @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise. + */ + do_action( 'validate_password_reset', $errors, $user ); + + if ( ( ! $errors->has_errors() ) && isset( $_POST['pass1'] ) && ! empty( $_POST['pass1'] ) ) { + reset_password( $user, $_POST['pass1'] ); + setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true ); + login_header( __( 'Password Reset' ), '

' . __( 'Your password has been reset.' ) . ' ' . __( 'Log in' ) . '

' ); + login_footer(); + exit; + } + + wp_enqueue_script( 'utils' ); + wp_enqueue_script( 'user-profile' ); + + login_header( __( 'Reset Password' ), '

' . __( 'Enter your new password below or generate one.' ) . '

', $errors ); + + ?> +
+ + +
+

+ +

+ +
+ + + +
+
+
+ + +
+
+ +

+ + +

+ +

+
+ + + +

+ + +

+
+ +

+ + %s', esc_url( wp_registration_url() ), __( 'Register' ) ); + + echo esc_html( $login_link_separator ); + + /** This filter is documented in wp-includes/general-template.php */ + echo apply_filters( 'register', $registration_url ); + } + + ?> +

+ ' . __( 'Register For This Site' ) . '

', $errors ); + + ?> +
+

+ + +

+

+ + +

+ +

+ +

+
+ +

+ +

+
+ +

+ + %s', esc_url( wp_lostpassword_url() ), __( 'Lost your password?' ) ); + + /** This filter is documented in wp-login.php */ + echo apply_filters( 'lost_password_html_link', $html_link ); + + ?> +

+ add( + 'confirm', + sprintf( + /* translators: %s: Link to the login page. */ + __( 'Check your email for the confirmation link, then visit the login page.' ), + wp_login_url() + ), + 'message' + ); + } elseif ( 'registered' === $_GET['checkemail'] ) { + $errors->add( + 'registered', + sprintf( + /* translators: %s: Link to the login page. */ + __( 'Registration complete. Please check your email, then visit the login page.' ), + wp_login_url() + ), + 'message' + ); + } + + /** This action is documented in wp-login.php */ + $errors = apply_filters( 'wp_login_errors', $errors, $redirect_to ); + + login_header( __( 'Check your email' ), '', $errors ); + login_footer(); + break; + + case 'confirmaction': + if ( ! isset( $_GET['request_id'] ) ) { + wp_die( __( 'Missing request ID.' ) ); + } + + if ( ! isset( $_GET['confirm_key'] ) ) { + wp_die( __( 'Missing confirm key.' ) ); + } + + $request_id = (int) $_GET['request_id']; + $key = sanitize_text_field( wp_unslash( $_GET['confirm_key'] ) ); + $result = wp_validate_user_request_key( $request_id, $key ); + + if ( is_wp_error( $result ) ) { + wp_die( $result ); + } + + /** + * Fires an action hook when the account action has been confirmed by the user. + * + * Using this you can assume the user has agreed to perform the action by + * clicking on the link in the confirmation email. + * + * After firing this action hook the page will redirect to wp-login a callback + * redirects or exits first. + * + * @since 4.9.6 + * + * @param int $request_id Request ID. + */ + do_action( 'user_request_action_confirmed', $request_id ); + + $message = _wp_privacy_account_request_confirmed_message( $request_id ); + + login_header( __( 'User action confirmed.' ), $message ); + login_footer(); + exit; + + case 'login': + default: + $secure_cookie = ''; + $customize_login = isset( $_REQUEST['customize-login'] ); + + if ( $customize_login ) { + wp_enqueue_script( 'customize-base' ); + } + + // If the user wants SSL but the session is not SSL, force a secure cookie. + if ( ! empty( $_POST['log'] ) && ! force_ssl_admin() ) { + $user_name = sanitize_user( wp_unslash( $_POST['log'] ) ); + $user = get_user_by( 'login', $user_name ); + + if ( ! $user && strpos( $user_name, '@' ) ) { + $user = get_user_by( 'email', $user_name ); + } + + if ( $user ) { + if ( get_user_option( 'use_ssl', $user->ID ) ) { + $secure_cookie = true; + force_ssl_admin( true ); + } + } + } + + if ( isset( $_REQUEST['redirect_to'] ) ) { + $redirect_to = $_REQUEST['redirect_to']; + // Redirect to HTTPS if user wants SSL. + if ( $secure_cookie && false !== strpos( $redirect_to, 'wp-admin' ) ) { + $redirect_to = preg_replace( '|^http://|', 'https://', $redirect_to ); + } + } else { + $redirect_to = admin_url(); + } + + $reauth = empty( $_REQUEST['reauth'] ) ? false : true; + + $user = wp_signon( array(), $secure_cookie ); + + if ( empty( $_COOKIE[ LOGGED_IN_COOKIE ] ) ) { + if ( headers_sent() ) { + $user = new WP_Error( + 'test_cookie', + sprintf( + /* translators: 1: Browser cookie documentation URL, 2: Support forums URL. */ + __( 'Error: Cookies are blocked due to unexpected output. For help, please see this documentation or try the support forums.' ), + __( 'https://wordpress.org/support/article/cookies/' ), + __( 'https://wordpress.org/support/forums/' ) + ) + ); + } elseif ( isset( $_POST['testcookie'] ) && empty( $_COOKIE[ TEST_COOKIE ] ) ) { + // If cookies are disabled, we can't log in even with a valid user and password. + $user = new WP_Error( + 'test_cookie', + sprintf( + /* translators: %s: Browser cookie documentation URL. */ + __( 'Error: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.' ), + __( 'https://wordpress.org/support/article/cookies/#enable-cookies-in-your-browser' ) + ) + ); + } + } + + $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : ''; + /** + * Filters the login redirect URL. + * + * @since 3.0.0 + * + * @param string $redirect_to The redirect destination URL. + * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter. + * @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise. + */ + $redirect_to = apply_filters( 'login_redirect', $redirect_to, $requested_redirect_to, $user ); + + if ( ! is_wp_error( $user ) && ! $reauth ) { + if ( $interim_login ) { + $message = '

' . __( 'You have logged in successfully.' ) . '

'; + $interim_login = 'success'; + login_header( '', $message ); + + ?> + + + + + + exists() && $user->has_cap( 'manage_options' ) ) { + $admin_email_lifespan = (int) get_option( 'admin_email_lifespan' ); + + /* + * If `0` (or anything "falsey" as it is cast to int) is returned, the user will not be redirected + * to the admin email confirmation screen. + */ + /** This filter is documented in wp-login.php */ + $admin_email_check_interval = (int) apply_filters( 'admin_email_check_interval', 6 * MONTH_IN_SECONDS ); + + if ( $admin_email_check_interval > 0 && time() > $admin_email_lifespan ) { + $redirect_to = add_query_arg( + array( + 'action' => 'confirm_admin_email', + 'wp_lang' => get_user_locale( $user ), + ), + wp_login_url( $redirect_to ) + ); + } + } + + if ( ( empty( $redirect_to ) || 'wp-admin/' === $redirect_to || admin_url() === $redirect_to ) ) { + // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. + if ( is_multisite() && ! get_active_blog_for_user( $user->ID ) && ! is_super_admin( $user->ID ) ) { + $redirect_to = user_admin_url(); + } elseif ( is_multisite() && ! $user->has_cap( 'read' ) ) { + $redirect_to = get_dashboard_url( $user->ID ); + } elseif ( ! $user->has_cap( 'edit_posts' ) ) { + $redirect_to = $user->has_cap( 'read' ) ? admin_url( 'profile.php' ) : home_url(); + } + + wp_redirect( $redirect_to ); + exit; + } + + wp_safe_redirect( $redirect_to ); + exit; + } + + $errors = $user; + // Clear errors if loggedout is set. + if ( ! empty( $_GET['loggedout'] ) || $reauth ) { + $errors = new WP_Error(); + } + + if ( empty( $_POST ) && $errors->get_error_codes() === array( 'empty_username', 'empty_password' ) ) { + $errors = new WP_Error( '', '' ); + } + + if ( $interim_login ) { + if ( ! $errors->has_errors() ) { + $errors->add( 'expired', __( 'Your session has expired. Please log in to continue where you left off.' ), 'message' ); + } + } else { + // Some parts of this script use the main login form to display a message. + if ( isset( $_GET['loggedout'] ) && $_GET['loggedout'] ) { + $errors->add( 'loggedout', __( 'You are now logged out.' ), 'message' ); + } elseif ( isset( $_GET['registration'] ) && 'disabled' === $_GET['registration'] ) { + $errors->add( 'registerdisabled', __( 'Error: User registration is currently not allowed.' ) ); + } elseif ( strpos( $redirect_to, 'about.php?updated' ) ) { + $errors->add( 'updated', __( 'You have successfully updated WordPress! Please log back in to see what’s new.' ), 'message' ); + } elseif ( WP_Recovery_Mode_Link_Service::LOGIN_ACTION_ENTERED === $action ) { + $errors->add( 'enter_recovery_mode', __( 'Recovery Mode Initialized. Please log in to continue.' ), 'message' ); + } elseif ( isset( $_GET['redirect_to'] ) && false !== strpos( $_GET['redirect_to'], 'wp-admin/authorize-application.php' ) ) { + $query_component = wp_parse_url( $_GET['redirect_to'], PHP_URL_QUERY ); + $query = array(); + if ( $query_component ) { + parse_str( $query_component, $query ); + } + + if ( ! empty( $query['app_name'] ) ) { + /* translators: 1: Website name, 2: Application name. */ + $message = sprintf( 'Please log in to %1$s to authorize %2$s to connect to your account.', get_bloginfo( 'name', 'display' ), '' . esc_html( $query['app_name'] ) . '' ); + } else { + /* translators: %s: Website name. */ + $message = sprintf( 'Please log in to %s to proceed with authorization.', get_bloginfo( 'name', 'display' ) ); + } + + $errors->add( 'authorize_application', $message, 'message' ); + } + } + + /** + * Filters the login page errors. + * + * @since 3.6.0 + * + * @param WP_Error $errors WP Error object. + * @param string $redirect_to Redirect destination URL. + */ + $errors = apply_filters( 'wp_login_errors', $errors, $redirect_to ); + + // Clear any stale cookies. + if ( $reauth ) { + wp_clear_auth_cookie(); + } + + login_header( __( 'Log In' ), '', $errors ); + + if ( isset( $_POST['log'] ) ) { + $user_login = ( 'incorrect_password' === $errors->get_error_code() || 'empty_password' === $errors->get_error_code() ) ? esc_attr( wp_unslash( $_POST['log'] ) ) : ''; + } + + $rememberme = ! empty( $_POST['rememberme'] ); + + $aria_describedby = ''; + $has_errors = $errors->has_errors(); + + if ( $has_errors ) { + $aria_describedby = ' aria-describedby="login_error"'; + } + + if ( $has_errors && 'message' === $errors->get_error_data() ) { + $aria_describedby = ' aria-describedby="login-message"'; + } + + wp_enqueue_script( 'user-profile' ); + ?> + +
+

+ + class="input" value="" size="20" autocapitalize="off" autocomplete="username" /> +

+ +
+ +
+ class="input password-input" value="" size="20" autocomplete="current-password" /> + +
+
+ +

/>

+

+ + + + + + + + + +

+
+ + +

+ %s', esc_url( wp_registration_url() ), __( 'Register' ) ); + + /** This filter is documented in wp-includes/general-template.php */ + echo apply_filters( 'register', $registration_url ); + + echo esc_html( $login_link_separator ); + } + + $html_link = sprintf( '%s', esc_url( wp_lostpassword_url() ), __( 'Lost your password?' ) ); + + /** + * Filters the link that allows the user to reset the lost password. + * + * @since 6.1.0 + * + * @param string $html_link HTML link to the lost password form. + */ + echo apply_filters( 'lost_password_html_link', $html_link ); + + ?> +

+ get_error_code() === 'invalid_username' ) { + $login_script .= 'd.value = "";'; + } + } + + $login_script .= 'd.focus(); d.select();'; + $login_script .= '} catch( er ) {}'; + $login_script .= '}, 200);'; + $login_script .= "}\n"; // End of wp_attempt_focus(). + + /** + * Filters whether to print the call to `wp_attempt_focus()` on the login screen. + * + * @since 4.8.0 + * + * @param bool $print Whether to print the function call. Default true. + */ + if ( apply_filters( 'enable_login_autofocus', true ) && ! $error ) { + $login_script .= "wp_attempt_focus();\n"; + } + + // Run `wpOnload()` if defined. + $login_script .= "if ( typeof wpOnload === 'function' ) { wpOnload() }"; + + ?> + + + + Writing + * + * @package WordPress + */ + +/** Make sure that the WordPress bootstrap has run before continuing. */ +require __DIR__ . '/wp-load.php'; + +/** This filter is documented in wp-admin/options.php */ +if ( ! apply_filters( 'enable_post_by_email_configuration', true ) ) { + wp_die( __( 'This action has been disabled by the administrator.' ), 403 ); +} + +$mailserver_url = get_option( 'mailserver_url' ); + +if ( 'mail.example.com' === $mailserver_url || empty( $mailserver_url ) ) { + wp_die( __( 'This action has been disabled by the administrator.' ), 403 ); +} + +/** + * Fires to allow a plugin to do a complete takeover of Post by Email. + * + * @since 2.9.0 + */ +do_action( 'wp-mail.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores + +/** Get the POP3 class with which to access the mailbox. */ +require_once ABSPATH . WPINC . '/class-pop3.php'; + +/** Only check at this interval for new messages. */ +if ( ! defined( 'WP_MAIL_INTERVAL' ) ) { + define( 'WP_MAIL_INTERVAL', 5 * MINUTE_IN_SECONDS ); +} + +$last_checked = get_transient( 'mailserver_last_checked' ); + +if ( $last_checked ) { + wp_die( __( 'Slow down cowboy, no need to check for new mails so often!' ) ); +} + +set_transient( 'mailserver_last_checked', true, WP_MAIL_INTERVAL ); + +$time_difference = get_option( 'gmt_offset' ) * HOUR_IN_SECONDS; + +$phone_delim = '::'; + +$pop3 = new POP3(); + +if ( ! $pop3->connect( get_option( 'mailserver_url' ), get_option( 'mailserver_port' ) ) || ! $pop3->user( get_option( 'mailserver_login' ) ) ) { + wp_die( esc_html( $pop3->ERROR ) ); +} + +$count = $pop3->pass( get_option( 'mailserver_pass' ) ); + +if ( false === $count ) { + wp_die( esc_html( $pop3->ERROR ) ); +} + +if ( 0 === $count ) { + $pop3->quit(); + wp_die( __( 'There does not seem to be any new mail.' ) ); +} + +// Always run as an unauthenticated user. +wp_set_current_user( 0 ); + +for ( $i = 1; $i <= $count; $i++ ) { + + $message = $pop3->get( $i ); + + $bodysignal = false; + $boundary = ''; + $charset = ''; + $content = ''; + $content_type = ''; + $content_transfer_encoding = ''; + $post_author = 1; + $author_found = false; + $post_date = null; + $post_date_gmt = null; + + foreach ( $message as $line ) { + // Body signal. + if ( strlen( $line ) < 3 ) { + $bodysignal = true; + } + if ( $bodysignal ) { + $content .= $line; + } else { + if ( preg_match( '/Content-Type: /i', $line ) ) { + $content_type = trim( $line ); + $content_type = substr( $content_type, 14, strlen( $content_type ) - 14 ); + $content_type = explode( ';', $content_type ); + if ( ! empty( $content_type[1] ) ) { + $charset = explode( '=', $content_type[1] ); + $charset = ( ! empty( $charset[1] ) ) ? trim( $charset[1] ) : ''; + } + $content_type = $content_type[0]; + } + if ( preg_match( '/Content-Transfer-Encoding: /i', $line ) ) { + $content_transfer_encoding = trim( $line ); + $content_transfer_encoding = substr( $content_transfer_encoding, 27, strlen( $content_transfer_encoding ) - 27 ); + $content_transfer_encoding = explode( ';', $content_transfer_encoding ); + $content_transfer_encoding = $content_transfer_encoding[0]; + } + if ( ( 'multipart/alternative' === $content_type ) && ( false !== strpos( $line, 'boundary="' ) ) && ( '' === $boundary ) ) { + $boundary = trim( $line ); + $boundary = explode( '"', $boundary ); + $boundary = $boundary[1]; + } + if ( preg_match( '/Subject: /i', $line ) ) { + $subject = trim( $line ); + $subject = substr( $subject, 9, strlen( $subject ) - 9 ); + // Captures any text in the subject before $phone_delim as the subject. + if ( function_exists( 'iconv_mime_decode' ) ) { + $subject = iconv_mime_decode( $subject, 2, get_option( 'blog_charset' ) ); + } else { + $subject = wp_iso_descrambler( $subject ); + } + $subject = explode( $phone_delim, $subject ); + $subject = $subject[0]; + } + + /* + * Set the author using the email address (From or Reply-To, the last used) + * otherwise use the site admin. + */ + if ( ! $author_found && preg_match( '/^(From|Reply-To): /', $line ) ) { + if ( preg_match( '|[a-z0-9_.-]+@[a-z0-9_.-]+(?!.*<)|i', $line, $matches ) ) { + $author = $matches[0]; + } else { + $author = trim( $line ); + } + $author = sanitize_email( $author ); + if ( is_email( $author ) ) { + $userdata = get_user_by( 'email', $author ); + if ( ! empty( $userdata ) ) { + $post_author = $userdata->ID; + $author_found = true; + } + } + } + + if ( preg_match( '/Date: /i', $line ) ) { // Of the form '20 Mar 2002 20:32:37 +0100'. + $ddate = str_replace( 'Date: ', '', trim( $line ) ); + // Remove parenthesised timezone string if it exists, as this confuses strtotime(). + $ddate = preg_replace( '!\s*\(.+\)\s*$!', '', $ddate ); + $ddate_timestamp = strtotime( $ddate ); + $post_date = gmdate( 'Y-m-d H:i:s', $ddate_timestamp + $time_difference ); + $post_date_gmt = gmdate( 'Y-m-d H:i:s', $ddate_timestamp ); + } + } + } + + // Set $post_status based on $author_found and on author's publish_posts capability. + if ( $author_found ) { + $user = new WP_User( $post_author ); + $post_status = ( $user->has_cap( 'publish_posts' ) ) ? 'publish' : 'pending'; + } else { + // Author not found in DB, set status to pending. Author already set to admin. + $post_status = 'pending'; + } + + $subject = trim( $subject ); + + if ( 'multipart/alternative' === $content_type ) { + $content = explode( '--' . $boundary, $content ); + $content = $content[2]; + + // Match case-insensitive content-transfer-encoding. + if ( preg_match( '/Content-Transfer-Encoding: quoted-printable/i', $content, $delim ) ) { + $content = explode( $delim[0], $content ); + $content = $content[1]; + } + $content = strip_tags( $content, '


' ); + } + $content = trim( $content ); + + /** + * Filters the original content of the email. + * + * Give Post-By-Email extending plugins full access to the content, either + * the raw content, or the content of the last quoted-printable section. + * + * @since 2.8.0 + * + * @param string $content The original email content. + */ + $content = apply_filters( 'wp_mail_original_content', $content ); + + if ( false !== stripos( $content_transfer_encoding, 'quoted-printable' ) ) { + $content = quoted_printable_decode( $content ); + } + + if ( function_exists( 'iconv' ) && ! empty( $charset ) ) { + $content = iconv( $charset, get_option( 'blog_charset' ), $content ); + } + + // Captures any text in the body after $phone_delim as the body. + $content = explode( $phone_delim, $content ); + $content = empty( $content[1] ) ? $content[0] : $content[1]; + + $content = trim( $content ); + + /** + * Filters the content of the post submitted by email before saving. + * + * @since 1.2.0 + * + * @param string $content The email content. + */ + $post_content = apply_filters( 'phone_content', $content ); + + $post_title = xmlrpc_getposttitle( $content ); + + if ( '' === trim( $post_title ) ) { + $post_title = $subject; + } + + $post_category = array( get_option( 'default_email_category' ) ); + + $post_data = compact( 'post_content', 'post_title', 'post_date', 'post_date_gmt', 'post_author', 'post_category', 'post_status' ); + $post_data = wp_slash( $post_data ); + + $post_ID = wp_insert_post( $post_data ); + if ( is_wp_error( $post_ID ) ) { + echo "\n" . $post_ID->get_error_message(); + } + + // We couldn't post, for whatever reason. Better move forward to the next email. + if ( empty( $post_ID ) ) { + continue; + } + + /** + * Fires after a post submitted by email is published. + * + * @since 1.2.0 + * + * @param int $post_ID The post ID. + */ + do_action( 'publish_phone', $post_ID ); + + echo "\n

" . __( 'Author:' ) . ' ' . esc_html( $post_author ) . '

'; + echo "\n

" . __( 'Posted title:' ) . ' ' . esc_html( $post_title ) . '

'; + + if ( ! $pop3->delete( $i ) ) { + echo '

' . sprintf( + /* translators: %s: POP3 error. */ + __( 'Oops: %s' ), + esc_html( $pop3->ERROR ) + ) . '

'; + $pop3->reset(); + exit; + } else { + echo '

' . sprintf( + /* translators: %s: The message ID. */ + __( 'Mission complete. Message %s deleted.' ), + '' . $i . '' + ) . '

'; + } +} + +$pop3->quit(); diff --git a/wp-settings.php b/wp-settings.php new file mode 100644 index 0000000..d80d79b --- /dev/null +++ b/wp-settings.php @@ -0,0 +1,639 @@ +initialize(); +} + +// Load active plugins. +foreach ( wp_get_active_and_valid_plugins() as $plugin ) { + wp_register_plugin_realpath( $plugin ); + + $_wp_plugin_file = $plugin; + include_once $plugin; + $plugin = $_wp_plugin_file; // Avoid stomping of the $plugin variable in a plugin. + + /** + * Fires once a single activated plugin has loaded. + * + * @since 5.1.0 + * + * @param string $plugin Full path to the plugin's main file. + */ + do_action( 'plugin_loaded', $plugin ); +} +unset( $plugin, $_wp_plugin_file ); + +// Load pluggable functions. +require ABSPATH . WPINC . '/pluggable.php'; +require ABSPATH . WPINC . '/pluggable-deprecated.php'; + +// Set internal encoding. +wp_set_internal_encoding(); + +// Run wp_cache_postload() if object cache is enabled and the function exists. +if ( WP_CACHE && function_exists( 'wp_cache_postload' ) ) { + wp_cache_postload(); +} + +/** + * Fires once activated plugins have loaded. + * + * Pluggable functions are also available at this point in the loading order. + * + * @since 1.5.0 + */ +do_action( 'plugins_loaded' ); + +// Define constants which affect functionality if not already defined. +wp_functionality_constants(); + +// Add magic quotes and set up $_REQUEST ( $_GET + $_POST ). +wp_magic_quotes(); + +/** + * Fires when comment cookies are sanitized. + * + * @since 2.0.11 + */ +do_action( 'sanitize_comment_cookies' ); + +/** + * WordPress Query object + * + * @global WP_Query $wp_the_query WordPress Query object. + * @since 2.0.0 + */ +$GLOBALS['wp_the_query'] = new WP_Query(); + +/** + * Holds the reference to @see $wp_the_query + * Use this global for WordPress queries + * + * @global WP_Query $wp_query WordPress Query object. + * @since 1.5.0 + */ +$GLOBALS['wp_query'] = $GLOBALS['wp_the_query']; + +/** + * Holds the WordPress Rewrite object for creating pretty URLs + * + * @global WP_Rewrite $wp_rewrite WordPress rewrite component. + * @since 1.5.0 + */ +$GLOBALS['wp_rewrite'] = new WP_Rewrite(); + +/** + * WordPress Object + * + * @global WP $wp Current WordPress environment instance. + * @since 2.0.0 + */ +$GLOBALS['wp'] = new WP(); + +/** + * WordPress Widget Factory Object + * + * @global WP_Widget_Factory $wp_widget_factory + * @since 2.8.0 + */ +$GLOBALS['wp_widget_factory'] = new WP_Widget_Factory(); + +/** + * WordPress User Roles + * + * @global WP_Roles $wp_roles WordPress role management object. + * @since 2.0.0 + */ +$GLOBALS['wp_roles'] = new WP_Roles(); + +/** + * Fires before the theme is loaded. + * + * @since 2.6.0 + */ +do_action( 'setup_theme' ); + +// Define the template related constants. +wp_templating_constants(); + +// Load the default text localization domain. +load_default_textdomain(); + +$locale = get_locale(); +$locale_file = WP_LANG_DIR . "/$locale.php"; +if ( ( 0 === validate_file( $locale ) ) && is_readable( $locale_file ) ) { + require $locale_file; +} +unset( $locale_file ); + +/** + * WordPress Locale object for loading locale domain date and various strings. + * + * @global WP_Locale $wp_locale WordPress date and time locale object. + * @since 2.1.0 + */ +$GLOBALS['wp_locale'] = new WP_Locale(); + +/** + * WordPress Locale Switcher object for switching locales. + * + * @since 4.7.0 + * + * @global WP_Locale_Switcher $wp_locale_switcher WordPress locale switcher object. + */ +$GLOBALS['wp_locale_switcher'] = new WP_Locale_Switcher(); +$GLOBALS['wp_locale_switcher']->init(); + +// Load the functions for the active theme, for both parent and child theme if applicable. +foreach ( wp_get_active_and_valid_themes() as $theme ) { + if ( file_exists( $theme . '/functions.php' ) ) { + include $theme . '/functions.php'; + } +} +unset( $theme ); + +/** + * Fires after the theme is loaded. + * + * @since 3.0.0 + */ +do_action( 'after_setup_theme' ); + +// Create an instance of WP_Site_Health so that Cron events may fire. +if ( ! class_exists( 'WP_Site_Health' ) ) { + require_once ABSPATH . 'wp-admin/includes/class-wp-site-health.php'; +} +WP_Site_Health::get_instance(); + +// Set up current user. +$GLOBALS['wp']->init(); + +/** + * Fires after WordPress has finished loading but before any headers are sent. + * + * Most of WP is loaded at this stage, and the user is authenticated. WP continues + * to load on the {@see 'init'} hook that follows (e.g. widgets), and many plugins instantiate + * themselves on it for all sorts of reasons (e.g. they need a user, a taxonomy, etc.). + * + * If you wish to plug an action once WP is loaded, use the {@see 'wp_loaded'} hook below. + * + * @since 1.5.0 + */ +do_action( 'init' ); + +// Check site status. +if ( is_multisite() ) { + $file = ms_site_check(); + if ( true !== $file ) { + require $file; + die(); + } + unset( $file ); +} + +/** + * This hook is fired once WP, all plugins, and the theme are fully loaded and instantiated. + * + * Ajax requests should use wp-admin/admin-ajax.php. admin-ajax.php can handle requests for + * users not logged in. + * + * @link https://codex.wordpress.org/AJAX_in_Plugins + * + * @since 3.0.0 + */ +do_action( 'wp_loaded' ); diff --git a/wp-signup.php b/wp-signup.php new file mode 100644 index 0000000..9782dad --- /dev/null +++ b/wp-signup.php @@ -0,0 +1,1046 @@ +is_404 = false; + +/** + * Fires before the Site Sign-up page is loaded. + * + * @since 4.4.0 + */ +do_action( 'before_signup_header' ); + +/** + * Prints styles for front-end Multisite Sign-up pages. + * + * @since MU (3.0.0) + */ +function wpmu_signup_stylesheet() { + ?> + + +
+
+' . __( 'Site Name (subdirectory only):' ) . ''; + } else { + echo ''; + } + + $errmsg_blogname = $errors->get_error_message( 'blogname' ); + $errmsg_blogname_aria = ''; + if ( $errmsg_blogname ) { + $errmsg_blogname_aria = 'wp-signup-blogname-error '; + echo '

' . $errmsg_blogname . '

'; + } + + if ( ! is_subdomain_install() ) { + echo '
' . $current_network->domain . $current_network->path . '
'; + } else { + $site_domain = preg_replace( '|^www\.|', '', $current_network->domain ); + echo '
.' . esc_html( $site_domain ) . '
'; + } + + if ( ! is_user_logged_in() ) { + if ( ! is_subdomain_install() ) { + $site = $current_network->domain . $current_network->path . __( 'sitename' ); + } else { + $site = __( 'domain' ) . '.' . $site_domain . $current_network->path; + } + + printf( + '

(%s) %s

', + /* translators: %s: Site address. */ + sprintf( __( 'Your address will be %s.' ), $site ), + __( 'Must be at least 4 characters, letters and numbers only. It cannot be changed, so choose carefully!' ) + ); + } + + // Site Title. + ?> + + get_error_message( 'blog_title' ); + $errmsg_blog_title_aria = ''; + if ( $errmsg_blog_title ) { + $errmsg_blog_title_aria = ' aria-describedby="wp-signup-blog-title-error"'; + echo '

' . $errmsg_blog_title . '

'; + } + echo ''; + ?> + + +

+ + 'WPLANG', + 'id' => 'site-language', + 'selected' => $lang, + 'languages' => $languages, + 'show_available_translations' => false, + ) + ); + ?> +

+ + +
+
+ + + + +

+ + /> + + + + /> + + +

+
+
+ + ' . __( 'Username:' ) . ''; + $errmsg_username = $errors->get_error_message( 'user_name' ); + $errmsg_username_aria = ''; + if ( $errmsg_username ) { + $errmsg_username_aria = 'wp-signup-username-error '; + echo '

' . $errmsg_username . '

'; + } + ?> + +

+ + ' . __( 'Email Address:' ) . ''; + $errmsg_email = $errors->get_error_message( 'user_email' ); + $errmsg_email_aria = ''; + if ( $errmsg_email ) { + $errmsg_email_aria = 'wp-signup-email-error '; + echo '

' . $errmsg_email . '

'; + } + ?> + +

+ + get_error_message( 'generic' ); + if ( $errmsg_generic ) { + echo '

' . $errmsg_generic . '

'; + } + /** + * Fires at the end of the new user account registration form. + * + * @since 3.0.0 + * + * @param WP_Error $errors A WP_Error object containing 'user_name' or 'user_email' errors. + */ + do_action( 'signup_extra_fields', $errors ); +} + +/** + * Validates user sign-up name and email. + * + * @since MU (3.0.0) + * + * @return array Contains username, email, and error messages. + * See wpmu_validate_user_signup() for details. + */ +function validate_user_form() { + return wpmu_validate_user_signup( $_POST['user_name'], $_POST['user_email'] ); +} + +/** + * Shows a form for returning users to sign up for another site. + * + * @since MU (3.0.0) + * + * @param string $blogname The new site name + * @param string $blog_title The new site title. + * @param WP_Error|string $errors A WP_Error object containing existing errors. Defaults to empty string. + */ +function signup_another_blog( $blogname = '', $blog_title = '', $errors = '' ) { + $current_user = wp_get_current_user(); + + if ( ! is_wp_error( $errors ) ) { + $errors = new WP_Error(); + } + + $signup_defaults = array( + 'blogname' => $blogname, + 'blog_title' => $blog_title, + 'errors' => $errors, + ); + + /** + * Filters the default site sign-up variables. + * + * @since 3.0.0 + * + * @param array $signup_defaults { + * An array of default site sign-up variables. + * + * @type string $blogname The site blogname. + * @type string $blog_title The site title. + * @type WP_Error $errors A WP_Error object possibly containing 'blogname' or 'blog_title' errors. + * } + */ + $filtered_results = apply_filters( 'signup_another_blog_init', $signup_defaults ); + + $blogname = $filtered_results['blogname']; + $blog_title = $filtered_results['blog_title']; + $errors = $filtered_results['errors']; + + /* translators: %s: Network title. */ + echo '

' . sprintf( __( 'Get another %s site in seconds' ), get_network()->site_name ) . '

'; + + if ( $errors->has_errors() ) { + echo '

' . __( 'There was a problem, please correct the form below and try again.' ) . '

'; + } + ?> +

+ add another site to your account. There is no limit to the number of sites you can have, so create to your heart’s content, but write responsibly!' ), + $current_user->display_name + ); + ?> +

+ + ID ); + if ( ! empty( $blogs ) ) { + ?> + +

+
    + userblog_id ); + echo '
  • ' . $home_url . '
    • '; + } + ?> +
+ + +

+
+ + + +

+
+ has_errors() ) { + signup_another_blog( $blogname, $blog_title, $errors ); + return false; + } + + $public = (int) $_POST['blog_public']; + + $blog_meta_defaults = array( + 'lang_id' => 1, + 'public' => $public, + ); + + // Handle the language setting for the new site. + if ( ! empty( $_POST['WPLANG'] ) ) { + + $languages = signup_get_available_languages(); + + if ( in_array( $_POST['WPLANG'], $languages, true ) ) { + $language = wp_unslash( sanitize_text_field( $_POST['WPLANG'] ) ); + + if ( $language ) { + $blog_meta_defaults['WPLANG'] = $language; + } + } + } + + /** + * Filters the new site meta variables. + * + * Use the {@see 'add_signup_meta'} filter instead. + * + * @since MU (3.0.0) + * @deprecated 3.0.0 Use the {@see 'add_signup_meta'} filter instead. + * + * @param array $blog_meta_defaults An array of default blog meta variables. + */ + $meta_defaults = apply_filters_deprecated( 'signup_create_blog_meta', array( $blog_meta_defaults ), '3.0.0', 'add_signup_meta' ); + + /** + * Filters the new default site meta variables. + * + * @since 3.0.0 + * + * @param array $meta { + * An array of default site meta variables. + * + * @type int $lang_id The language ID. + * @type int $blog_public Whether search engines should be discouraged from indexing the site. 1 for true, 0 for false. + * } + */ + $meta = apply_filters( 'add_signup_meta', $meta_defaults ); + + $blog_id = wpmu_create_blog( $domain, $path, $blog_title, $current_user->ID, $meta, get_current_network_id() ); + + if ( is_wp_error( $blog_id ) ) { + return false; + } + + confirm_another_blog_signup( $domain, $path, $blog_title, $current_user->user_login, $current_user->user_email, $meta, $blog_id ); + return true; +} + +/** + * Shows a message confirming that the new site has been created. + * + * @since MU (3.0.0) + * @since 4.4.0 Added the `$blog_id` parameter. + * + * @param string $domain The domain URL. + * @param string $path The site root path. + * @param string $blog_title The site title. + * @param string $user_name The username. + * @param string $user_email The user's email address. + * @param array $meta Any additional meta from the {@see 'add_signup_meta'} filter in validate_blog_signup(). + * @param int $blog_id The site ID. + */ +function confirm_another_blog_signup( $domain, $path, $blog_title, $user_name, $user_email = '', $meta = array(), $blog_id = 0 ) { + + if ( $blog_id ) { + switch_to_blog( $blog_id ); + $home_url = home_url( '/' ); + $login_url = wp_login_url(); + restore_current_blog(); + } else { + $home_url = 'http://' . $domain . $path; + $login_url = 'http://' . $domain . $path . 'wp-login.php'; + } + + $site = sprintf( + '%2$s', + esc_url( $home_url ), + $blog_title + ); + + ?> +

+ +

+

+ Log in as “%3$s” using your existing password.' ), + sprintf( + '%s', + esc_url( $home_url ), + untrailingslashit( $domain . $path ) + ), + esc_url( $login_url ), + $user_name + ); + ?> +

+ $user_name, + 'user_email' => $user_email, + 'errors' => $errors, + ); + + /** + * Filters the default user variables used on the user sign-up form. + * + * @since 3.0.0 + * + * @param array $signup_user_defaults { + * An array of default user variables. + * + * @type string $user_name The user username. + * @type string $user_email The user email address. + * @type WP_Error $errors A WP_Error object with possible errors relevant to the sign-up user. + * } + */ + $filtered_results = apply_filters( 'signup_user_init', $signup_user_defaults ); + $user_name = $filtered_results['user_name']; + $user_email = $filtered_results['user_email']; + $errors = $filtered_results['errors']; + + ?> + +

+ site_name ); + ?> +

+
+ + + + + + + + + +
+ +

+ + /> + + + + /> + + +

+
+ + +

+
+ has_errors() ) { + signup_user( $user_name, $user_email, $errors ); + return false; + } + + if ( 'blog' === $_POST['signup_for'] ) { + signup_blog( $user_name, $user_email ); + return false; + } + + /** This filter is documented in wp-signup.php */ + wpmu_signup_user( $user_name, $user_email, apply_filters( 'add_signup_meta', array() ) ); + + confirm_user_signup( $user_name, $user_email ); + return true; +} + +/** + * Shows a message confirming that the new user has been registered and is awaiting activation. + * + * @since MU (3.0.0) + * + * @param string $user_name The username. + * @param string $user_email The user's email address. + */ +function confirm_user_signup( $user_name, $user_email ) { + ?> +

+ +

+

you must activate it.' ); ?>

+

+ ' . $user_email . '' ); + ?> +

+

+ $user_name, + 'user_email' => $user_email, + 'blogname' => $blogname, + 'blog_title' => $blog_title, + 'errors' => $errors, + ); + + /** + * Filters the default site creation variables for the site sign-up form. + * + * @since 3.0.0 + * + * @param array $signup_blog_defaults { + * An array of default site creation variables. + * + * @type string $user_name The user username. + * @type string $user_email The user email address. + * @type string $blogname The blogname. + * @type string $blog_title The title of the site. + * @type WP_Error $errors A WP_Error object with possible errors relevant to new site creation variables. + * } + */ + $filtered_results = apply_filters( 'signup_blog_init', $signup_blog_defaults ); + + $user_name = $filtered_results['user_name']; + $user_email = $filtered_results['user_email']; + $blogname = $filtered_results['blogname']; + $blog_title = $filtered_results['blog_title']; + $errors = $filtered_results['errors']; + + if ( empty( $blogname ) ) { + $blogname = $user_name; + } + ?> +
+ + + + + +

+
+ has_errors() ) { + signup_user( $user_name, $user_email, $user_errors ); + return false; + } + + $result = wpmu_validate_blog_signup( $_POST['blogname'], $_POST['blog_title'] ); + $domain = $result['domain']; + $path = $result['path']; + $blogname = $result['blogname']; + $blog_title = $result['blog_title']; + $errors = $result['errors']; + + if ( $errors->has_errors() ) { + signup_blog( $user_name, $user_email, $blogname, $blog_title, $errors ); + return false; + } + + $public = (int) $_POST['blog_public']; + $signup_meta = array( + 'lang_id' => 1, + 'public' => $public, + ); + + // Handle the language setting for the new site. + if ( ! empty( $_POST['WPLANG'] ) ) { + + $languages = signup_get_available_languages(); + + if ( in_array( $_POST['WPLANG'], $languages, true ) ) { + $language = wp_unslash( sanitize_text_field( $_POST['WPLANG'] ) ); + + if ( $language ) { + $signup_meta['WPLANG'] = $language; + } + } + } + + /** This filter is documented in wp-signup.php */ + $meta = apply_filters( 'add_signup_meta', $signup_meta ); + + wpmu_signup_blog( $domain, $path, $blog_title, $user_name, $user_email, $meta ); + confirm_blog_signup( $domain, $path, $blog_title, $user_name, $user_email, $meta ); + return true; +} + +/** + * Shows a message confirming that the new site has been registered and is awaiting activation. + * + * @since MU (3.0.0) + * + * @param string $domain The domain or subdomain of the site. + * @param string $path The path of the site. + * @param string $blog_title The title of the new site. + * @param string $user_name The user's username. + * @param string $user_email The user's email address. + * @param array $meta Any additional meta from the {@see 'add_signup_meta'} filter in validate_blog_signup(). + */ +function confirm_blog_signup( $domain, $path, $blog_title, $user_name = '', $user_email = '', $meta = array() ) { + ?> +

+ {$blog_title}" ) + ?> +

+ +

you must activate it.' ); ?>

+

+ ' . $user_email . '' ); + ?> +

+

+

+

+
    +

    • +

    • +
  • + +
    • +
+ '; + _e( 'Greetings Network Administrator!' ); + echo ' '; + + switch ( $active_signup ) { + case 'none': + _e( 'The network currently disallows registrations.' ); + break; + case 'blog': + _e( 'The network currently allows site registrations.' ); + break; + case 'user': + _e( 'The network currently allows user registrations.' ); + break; + default: + _e( 'The network currently allows both site and user registrations.' ); + break; + } + + echo ' '; + + /* translators: %s: URL to Network Settings screen. */ + printf( __( 'To change or disable registration go to your Options page.' ), esc_url( network_admin_url( 'settings.php' ) ) ); + echo '
'; +} + +$newblogname = isset( $_GET['new'] ) ? strtolower( preg_replace( '/^-|-$|[^-a-zA-Z0-9]/', '', $_GET['new'] ) ) : null; + +$current_user = wp_get_current_user(); +if ( 'none' === $active_signup ) { + _e( 'Registration has been disabled.' ); +} elseif ( 'blog' === $active_signup && ! is_user_logged_in() ) { + $login_url = wp_login_url( network_site_url( 'wp-signup.php' ) ); + /* translators: %s: Login URL. */ + printf( __( 'You must first log in, and then you can create a new site.' ), $login_url ); +} else { + $stage = isset( $_POST['stage'] ) ? $_POST['stage'] : 'default'; + switch ( $stage ) { + case 'validate-user-signup': + if ( 'all' === $active_signup + || ( 'blog' === $_POST['signup_for'] && 'blog' === $active_signup ) + || ( 'user' === $_POST['signup_for'] && 'user' === $active_signup ) + ) { + validate_user_signup(); + } else { + _e( 'User registration has been disabled.' ); + } + break; + case 'validate-blog-signup': + if ( 'all' === $active_signup || 'blog' === $active_signup ) { + validate_blog_signup(); + } else { + _e( 'Site registration has been disabled.' ); + } + break; + case 'gimmeanotherblog': + validate_another_blog_signup(); + break; + case 'default': + default: + $user_email = isset( $_POST['user_email'] ) ? $_POST['user_email'] : ''; + /** + * Fires when the site sign-up form is sent. + * + * @since 3.0.0 + */ + do_action( 'preprocess_signup_form' ); + if ( is_user_logged_in() && ( 'all' === $active_signup || 'blog' === $active_signup ) ) { + signup_another_blog( $newblogname ); + } elseif ( ! is_user_logged_in() && ( 'all' === $active_signup || 'user' === $active_signup ) ) { + signup_user( $newblogname, $user_email ); + } elseif ( ! is_user_logged_in() && ( 'blog' === $active_signup ) ) { + _e( 'Sorry, new registrations are not allowed at this time.' ); + } else { + _e( 'You are logged in already. No need to register again!' ); + } + + if ( $newblogname ) { + $newblog = get_blogaddress_by_name( $newblogname ); + + if ( 'blog' === $active_signup || 'all' === $active_signup ) { + printf( + /* translators: %s: Site address. */ + '

' . __( 'The site you were looking for, %s, does not exist, but you can create it now!' ) . '

', + '' . $newblog . '' + ); + } else { + printf( + /* translators: %s: Site address. */ + '

' . __( 'The site you were looking for, %s, does not exist.' ) . '

', + '' . $newblog . '' + ); + } + } + break; + } +} +?> +
+
+ + + '1' ) ); +} + +// Always run as an unauthenticated user. +wp_set_current_user( 0 ); + +/** + * Response to a trackback. + * + * Responds with an error or success XML message. + * + * @since 0.71 + * + * @param int|bool $error Whether there was an error. + * Default '0'. Accepts '0' or '1', true or false. + * @param string $error_message Error message if an error occurred. + */ +function trackback_response( $error = 0, $error_message = '' ) { + header( 'Content-Type: text/xml; charset=' . get_option( 'blog_charset' ) ); + + if ( $error ) { + echo '\n"; + echo "\n"; + echo "1\n"; + echo "$error_message\n"; + echo ''; + die(); + } else { + echo '\n"; + echo "\n"; + echo "0\n"; + echo ''; + } +} + +if ( ! isset( $_GET['tb_id'] ) || ! $_GET['tb_id'] ) { + $post_id = explode( '/', $_SERVER['REQUEST_URI'] ); + $post_id = (int) $post_id[ count( $post_id ) - 1 ]; +} + +$trackback_url = isset( $_POST['url'] ) ? $_POST['url'] : ''; +$charset = isset( $_POST['charset'] ) ? $_POST['charset'] : ''; + +// These three are stripslashed here so they can be properly escaped after mb_convert_encoding(). +$title = isset( $_POST['title'] ) ? wp_unslash( $_POST['title'] ) : ''; +$excerpt = isset( $_POST['excerpt'] ) ? wp_unslash( $_POST['excerpt'] ) : ''; +$blog_name = isset( $_POST['blog_name'] ) ? wp_unslash( $_POST['blog_name'] ) : ''; + +if ( $charset ) { + $charset = str_replace( array( ',', ' ' ), '', strtoupper( trim( $charset ) ) ); +} else { + $charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS'; +} + +// No valid uses for UTF-7. +if ( false !== strpos( $charset, 'UTF-7' ) ) { + die; +} + +// For international trackbacks. +if ( function_exists( 'mb_convert_encoding' ) ) { + $title = mb_convert_encoding( $title, get_option( 'blog_charset' ), $charset ); + $excerpt = mb_convert_encoding( $excerpt, get_option( 'blog_charset' ), $charset ); + $blog_name = mb_convert_encoding( $blog_name, get_option( 'blog_charset' ), $charset ); +} + +// Now that mb_convert_encoding() has been given a swing, we need to escape these three. +$title = wp_slash( $title ); +$excerpt = wp_slash( $excerpt ); +$blog_name = wp_slash( $blog_name ); + +if ( is_single() || is_page() ) { + $post_id = $posts[0]->ID; +} + +if ( ! isset( $post_id ) || ! (int) $post_id ) { + trackback_response( 1, __( 'I really need an ID for this to work.' ) ); +} + +if ( empty( $title ) && empty( $trackback_url ) && empty( $blog_name ) ) { + // If it doesn't look like a trackback at all. + wp_redirect( get_permalink( $post_id ) ); + exit; +} + +if ( ! empty( $trackback_url ) && ! empty( $title ) ) { + /** + * Fires before the trackback is added to a post. + * + * @since 4.7.0 + * + * @param int $post_id Post ID related to the trackback. + * @param string $trackback_url Trackback URL. + * @param string $charset Character set. + * @param string $title Trackback title. + * @param string $excerpt Trackback excerpt. + * @param string $blog_name Blog name. + */ + do_action( 'pre_trackback_post', $post_id, $trackback_url, $charset, $title, $excerpt, $blog_name ); + + header( 'Content-Type: text/xml; charset=' . get_option( 'blog_charset' ) ); + + if ( ! pings_open( $post_id ) ) { + trackback_response( 1, __( 'Sorry, trackbacks are closed for this item.' ) ); + } + + $title = wp_html_excerpt( $title, 250, '…' ); + $excerpt = wp_html_excerpt( $excerpt, 252, '…' ); + + $comment_post_id = (int) $post_id; + $comment_author = $blog_name; + $comment_author_email = ''; + $comment_author_url = $trackback_url; + $comment_content = "$title\n\n$excerpt"; + $comment_type = 'trackback'; + + $dupe = $wpdb->get_results( + $wpdb->prepare( + "SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", + $comment_post_id, + $comment_author_url + ) + ); + + if ( $dupe ) { + trackback_response( 1, __( 'There is already a ping from that URL for this post.' ) ); + } + + $commentdata = array( + 'comment_post_ID' => $comment_post_id, + ); + + $commentdata += compact( + 'comment_author', + 'comment_author_email', + 'comment_author_url', + 'comment_content', + 'comment_type' + ); + + $result = wp_new_comment( $commentdata ); + + if ( is_wp_error( $result ) ) { + trackback_response( 1, $result->get_error_message() ); + } + + $trackback_id = $wpdb->insert_id; + + /** + * Fires after a trackback is added to a post. + * + * @since 1.2.0 + * + * @param int $trackback_id Trackback ID. + */ + do_action( 'trackback_post', $trackback_id ); + + trackback_response( 0 ); +} diff --git a/xmlrpc.php b/xmlrpc.php new file mode 100644 index 0000000..341a6dc --- /dev/null +++ b/xmlrpc.php @@ -0,0 +1,105 @@ +'; + ?> + + + WordPress + https://wordpress.org/ + + + + + + + + + + + serve_request(); + +exit; + +/** + * logIO() - Writes logging info to a file. + * + * @deprecated 3.4.0 Use error_log() + * @see error_log() + * + * @param string $io Whether input or output + * @param string $msg Information describing logging reason. + */ +function logIO( $io, $msg ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionNameInvalid + _deprecated_function( __FUNCTION__, '3.4.0', 'error_log()' ); + if ( ! empty( $GLOBALS['xmlrpc_logging'] ) ) { + error_log( $io . ' - ' . $msg ); + } +}