Ticket #30503: 30503.patch
File 30503.patch, 43.0 KB (added by , 10 years ago) |
---|
-
src/wp-includes/pluggable.php
6 6 * @package WordPress 7 7 */ 8 8 9 if ( !function_exists( 'wp_set_current_user') ) :9 if ( !function_exists( 'wp_set_current_user' ) ) : 10 10 /** 11 11 * Changes the current user by ID or name. 12 12 * … … 23 23 * @param string $name User's username 24 24 * @return WP_User Current user User object 25 25 */ 26 function wp_set_current_user( $id, $name = '') {26 function wp_set_current_user( $id, $name = '' ) { 27 27 global $current_user; 28 28 29 29 if ( isset( $current_user ) && ( $current_user instanceof WP_User ) && ( $id == $current_user->ID ) ) … … 44 44 } 45 45 endif; 46 46 47 if ( !function_exists( 'wp_get_current_user') ) :47 if ( !function_exists( 'wp_get_current_user' ) ) : 48 48 /** 49 49 * Retrieve the current user object. 50 50 * … … 61 61 } 62 62 endif; 63 63 64 if ( !function_exists( 'get_currentuserinfo') ) :64 if ( !function_exists( 'get_currentuserinfo' ) ) : 65 65 /** 66 66 * Populate global variables with information about the currently logged in user. 67 67 * … … 124 124 } 125 125 endif; 126 126 127 if ( !function_exists( 'get_userdata') ) :127 if ( !function_exists( 'get_userdata' ) ) : 128 128 /** 129 129 * Retrieve user info by user ID. 130 130 * … … 138 138 } 139 139 endif; 140 140 141 if ( !function_exists( 'get_user_by') ) :141 if ( !function_exists( 'get_user_by' ) ) : 142 142 /** 143 143 * Retrieve user info by a given field 144 144 * … … 161 161 } 162 162 endif; 163 163 164 if ( !function_exists( 'cache_users') ) :164 if ( !function_exists( 'cache_users' ) ) : 165 165 /** 166 166 * Retrieve info for user lists to prevent multiple queries by get_userdata() 167 167 * … … 302 302 switch ( strtolower( $name ) ) { 303 303 // Mainly for legacy -- process a From: header if it's there 304 304 case 'from': 305 if ( strpos( $content, '<' ) !== false ) {305 if ( strpos( $content, '<' ) !== false ) { 306 306 // So... making my life hard again? 307 307 $from_name = substr( $content, 0, strpos( $content, '<' ) - 1 ); 308 308 $from_name = str_replace( '"', '', $from_name ); … … 434 434 } 435 435 436 436 if ( !empty( $bcc ) ) { 437 foreach ( (array) $bcc as $recipient ) {437 foreach ( (array) $bcc as $recipient ) { 438 438 try { 439 439 // Break $recipient into name and address parts if in the format "Foo <bar@baz.com>" 440 440 $recipient_name = ''; … … 495 495 $phpmailer->AddCustomHeader( sprintf( '%1$s: %2$s', $name, $content ) ); 496 496 } 497 497 498 if ( false !== stripos( $content_type, 'multipart' ) && ! empty( $boundary) )498 if ( false !== stripos( $content_type, 'multipart' ) && ! empty( $boundary ) ) 499 499 $phpmailer->AddCustomHeader( sprintf( "Content-Type: %s;\n\t boundary=\"%s\"", $content_type, $boundary ) ); 500 500 } 501 501 502 502 if ( !empty( $attachments ) ) { 503 503 foreach ( $attachments as $attachment ) { 504 504 try { 505 $phpmailer->AddAttachment( $attachment);505 $phpmailer->AddAttachment( $attachment ); 506 506 } catch ( phpmailerException $e ) { 507 507 continue; 508 508 } … … 527 527 } 528 528 endif; 529 529 530 if ( !function_exists( 'wp_authenticate') ) :530 if ( !function_exists( 'wp_authenticate' ) ) : 531 531 /** 532 532 * Checks a user's login information and logs them in if it checks out. 533 533 * … … 537 537 * @param string $password User's password 538 538 * @return WP_User|WP_Error WP_User object if login successful, otherwise WP_Error object. 539 539 */ 540 function wp_authenticate( $username, $password) {541 $username = sanitize_user( $username);542 $password = trim( $password);540 function wp_authenticate( $username, $password ) { 541 $username = sanitize_user( $username ); 542 $password = trim( $password ); 543 543 544 544 /** 545 545 * Filter the user to authenticate. … … 558 558 if ( $user == null ) { 559 559 // TODO what should the error message be? (Or would these even happen?) 560 560 // Only needed if all authentication handlers fail to return anything. 561 $user = new WP_Error('authentication_failed', __( '<strong>ERROR</strong>: Invalid username or incorrect password.'));561 $user = new WP_Error('authentication_failed', __( '<strong>ERROR</strong>: Invalid username or incorrect password.' ) ); 562 562 } 563 563 564 $ignore_codes = array( 'empty_username', 'empty_password');564 $ignore_codes = array( 'empty_username', 'empty_password' ); 565 565 566 if ( is_wp_error($user) && !in_array($user->get_error_code(), $ignore_codes) ) {566 if ( is_wp_error( $user ) && !in_array( $user->get_error_code(), $ignore_codes ) ) { 567 567 /** 568 568 * Fires after a user login has failed. 569 569 * … … 578 578 } 579 579 endif; 580 580 581 if ( !function_exists( 'wp_logout') ) :581 if ( !function_exists( 'wp_logout' ) ) : 582 582 /** 583 583 * Log the current user out. 584 584 * … … 597 597 } 598 598 endif; 599 599 600 if ( !function_exists( 'wp_validate_auth_cookie') ) :600 if ( !function_exists( 'wp_validate_auth_cookie' ) ) : 601 601 /** 602 602 * Validates authentication cookie. 603 603 * … … 613 613 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in 614 614 * @return bool|int False if invalid cookie, User ID if valid. 615 615 */ 616 function wp_validate_auth_cookie( $cookie = '', $scheme = '') {617 if ( ! $cookie_elements = wp_parse_auth_cookie( $cookie, $scheme) ) {616 function wp_validate_auth_cookie( $cookie = '', $scheme = '' ) { 617 if ( ! $cookie_elements = wp_parse_auth_cookie( $cookie, $scheme ) ) { 618 618 /** 619 619 * Fires if an authentication cookie is malformed. 620 620 * … … 652 652 return false; 653 653 } 654 654 655 $user = get_user_by( 'login', $username);655 $user = get_user_by( 'login', $username ); 656 656 if ( ! $user ) { 657 657 /** 658 658 * Fires if a bad username is entered in the user authentication process. … … 665 665 return false; 666 666 } 667 667 668 $pass_frag = substr( $user->user_pass, 8, 4);668 $pass_frag = substr( $user->user_pass, 8, 4 ); 669 669 670 670 $key = wp_hash( $username . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme ); 671 671 … … 710 710 } 711 711 endif; 712 712 713 if ( !function_exists( 'wp_generate_auth_cookie') ) :713 if ( !function_exists( 'wp_generate_auth_cookie' ) ) : 714 714 /** 715 715 * Generate authentication cookie contents. 716 716 * … … 723 723 * @return string Authentication cookie contents. Empty string if user does not exist. 724 724 */ 725 725 function wp_generate_auth_cookie( $user_id, $expiration, $scheme = 'auth', $token = '' ) { 726 $user = get_userdata( $user_id);726 $user = get_userdata( $user_id ); 727 727 if ( ! $user ) { 728 728 return ''; 729 729 } … … 733 733 $token = $manager->create( $expiration ); 734 734 } 735 735 736 $pass_frag = substr( $user->user_pass, 8, 4);736 $pass_frag = substr( $user->user_pass, 8, 4 ); 737 737 738 738 $key = wp_hash( $user->user_login . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme ); 739 739 … … 758 758 } 759 759 endif; 760 760 761 if ( !function_exists( 'wp_parse_auth_cookie') ) :761 if ( !function_exists( 'wp_parse_auth_cookie' ) ) : 762 762 /** 763 763 * Parse a cookie into its components 764 764 * … … 768 768 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in 769 769 * @return array Authentication cookie components 770 770 */ 771 function wp_parse_auth_cookie( $cookie = '', $scheme = '') {772 if ( empty( $cookie) ) {773 switch ( $scheme){771 function wp_parse_auth_cookie( $cookie = '', $scheme = '' ) { 772 if ( empty( $cookie ) ) { 773 switch ( $scheme ){ 774 774 case 'auth': 775 775 $cookie_name = AUTH_COOKIE; 776 776 break; … … 790 790 } 791 791 } 792 792 793 if ( empty( $_COOKIE[$cookie_name]) )793 if ( empty( $_COOKIE[$cookie_name] ) ) 794 794 return false; 795 795 $cookie = $_COOKIE[$cookie_name]; 796 796 } … … 806 806 } 807 807 endif; 808 808 809 if ( !function_exists( 'wp_set_auth_cookie') ) :809 if ( !function_exists( 'wp_set_auth_cookie' ) ) : 810 810 /** 811 811 * Sets the authentication cookies based on user ID. 812 812 * … … 821 821 * @param mixed $secure Whether the admin cookies should only be sent over HTTPS. 822 822 * Default is_ssl(). 823 823 */ 824 function wp_set_auth_cookie( $user_id, $remember = false, $secure = '') {824 function wp_set_auth_cookie( $user_id, $remember = false, $secure = '' ) { 825 825 if ( $remember ) { 826 826 /** 827 827 * Filter the duration of the authentication cookie expiration period. … … 915 915 */ 916 916 do_action( 'set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in' ); 917 917 918 setcookie( $auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);919 setcookie( $auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);920 setcookie( LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);918 setcookie( $auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true ); 919 setcookie( $auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true ); 920 setcookie( LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true ); 921 921 if ( COOKIEPATH != SITECOOKIEPATH ) 922 setcookie( LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);922 setcookie( LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true ); 923 923 } 924 924 endif; 925 925 926 if ( !function_exists( 'wp_clear_auth_cookie') ) :926 if ( !function_exists( 'wp_clear_auth_cookie' ) ) : 927 927 /** 928 928 * Removes all of the cookies associated with authentication. 929 929 * … … 958 958 } 959 959 endif; 960 960 961 if ( !function_exists( 'is_user_logged_in') ) :961 if ( !function_exists( 'is_user_logged_in' ) ) : 962 962 /** 963 963 * Checks if the current visitor is a logged in user. 964 964 * … … 976 976 } 977 977 endif; 978 978 979 if ( !function_exists( 'auth_redirect') ) :979 if ( !function_exists( 'auth_redirect' ) ) : 980 980 /** 981 981 * Checks if a user is logged in, if not it redirects them to the login page. 982 982 * … … 997 997 $secure = apply_filters( 'secure_auth_redirect', $secure ); 998 998 999 999 // If https is required and request is http, redirect 1000 if ( $secure && !is_ssl() && false !== strpos( $_SERVER['REQUEST_URI'], 'wp-admin') ) {1000 if ( $secure && !is_ssl() && false !== strpos( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) { 1001 1001 if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) { 1002 1002 wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) ); 1003 1003 exit(); … … 1031 1031 do_action( 'auth_redirect', $user_id ); 1032 1032 1033 1033 // If the user wants ssl but the session is not ssl, redirect. 1034 if ( !$secure && get_user_option('use_ssl', $user_id) && false !== strpos( $_SERVER['REQUEST_URI'], 'wp-admin') ) {1034 if ( !$secure && get_user_option('use_ssl', $user_id) && false !== strpos( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) { 1035 1035 if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) { 1036 1036 wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) ); 1037 1037 exit(); … … 1051 1051 1052 1052 $login_url = wp_login_url($redirect, true); 1053 1053 1054 wp_redirect( $login_url);1054 wp_redirect( $login_url ); 1055 1055 exit(); 1056 1056 } 1057 1057 endif; 1058 1058 1059 if ( !function_exists( 'check_admin_referer') ) :1059 if ( !function_exists( 'check_admin_referer' ) ) : 1060 1060 /** 1061 1061 * Makes sure that a user was referred from another admin page. 1062 1062 * … … 1067 1067 * @param string $action Action nonce 1068 1068 * @param string $query_arg where to look for nonce in $_REQUEST (since 2.5) 1069 1069 */ 1070 function check_admin_referer( $action = -1, $query_arg = '_wpnonce') {1070 function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) { 1071 1071 if ( -1 == $action ) 1072 1072 _doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2' ); 1073 1073 1074 $adminurl = strtolower( admin_url());1075 $referer = strtolower( wp_get_referer());1076 $result = isset( $_REQUEST[$query_arg]) ? wp_verify_nonce($_REQUEST[$query_arg], $action) : false;1077 if ( !$result && !( -1 == $action && strpos($referer, $adminurl) === 0) ) {1078 wp_nonce_ays( $action);1074 $adminurl = strtolower( admin_url() ); 1075 $referer = strtolower( wp_get_referer() ); 1076 $result = isset( $_REQUEST[$query_arg] ) ? wp_verify_nonce( $_REQUEST[$query_arg], $action ) : false; 1077 if ( !$result && !( -1 == $action && strpos($referer, $adminurl) === 0 ) ) { 1078 wp_nonce_ays( $action ); 1079 1079 die(); 1080 1080 } 1081 1081 … … 1092 1092 } 1093 1093 endif; 1094 1094 1095 if ( !function_exists( 'check_ajax_referer') ) :1095 if ( !function_exists( 'check_ajax_referer' ) ) : 1096 1096 /** 1097 1097 * Verifies the AJAX request to prevent processing requests external of the blog. 1098 1098 * … … 1134 1134 } 1135 1135 endif; 1136 1136 1137 if ( !function_exists( 'wp_redirect') ) :1137 if ( !function_exists( 'wp_redirect' ) ) : 1138 1138 /** 1139 1139 * Redirects to another page. 1140 1140 * … … 1170 1170 if ( ! $location ) 1171 1171 return false; 1172 1172 1173 $location = wp_sanitize_redirect( $location);1173 $location = wp_sanitize_redirect( $location ); 1174 1174 1175 1175 if ( !$is_IIS && php_sapi_name() != 'cgi-fcgi' ) 1176 status_header( $status); // This causes problems on IIS and some FastCGI setups1176 status_header( $status ); // This causes problems on IIS and some FastCGI setups 1177 1177 1178 header( "Location: $location", true, $status);1178 header( "Location: $location", true, $status ); 1179 1179 1180 1180 return true; 1181 1181 } 1182 1182 endif; 1183 1183 1184 if ( !function_exists( 'wp_sanitize_redirect') ) :1184 if ( !function_exists( 'wp_sanitize_redirect' ) ) : 1185 1185 /** 1186 1186 * Sanitizes a URL for use in a redirect. 1187 1187 * … … 1189 1189 * 1190 1190 * @return string redirect-sanitized URL 1191 1191 **/ 1192 function wp_sanitize_redirect( $location) {1193 $location = preg_replace( '|[^a-z0-9-~+_.?#=&;,/:%!*]|i', '', $location);1194 $location = wp_kses_no_null( $location);1192 function wp_sanitize_redirect( $location ) { 1193 $location = preg_replace( '|[^a-z0-9-~+_.?#=&;,/:%!*]|i', '', $location ); 1194 $location = wp_kses_no_null( $location ); 1195 1195 1196 1196 // remove %0d and %0a from location 1197 $strip = array( '%0d', '%0a', '%0D', '%0A');1198 $location = _deep_replace( $strip, $location);1197 $strip = array( '%0d', '%0a', '%0D', '%0A' ); 1198 $location = _deep_replace( $strip, $location ); 1199 1199 return $location; 1200 1200 } 1201 1201 endif; 1202 1202 1203 if ( !function_exists( 'wp_safe_redirect') ) :1203 if ( !function_exists( 'wp_safe_redirect' ) ) : 1204 1204 /** 1205 1205 * Performs a safe (local) redirect, using wp_redirect(). 1206 1206 * … … 1216 1216 * 1217 1217 * @return void Does not return anything 1218 1218 **/ 1219 function wp_safe_redirect( $location, $status = 302) {1219 function wp_safe_redirect( $location, $status = 302 ) { 1220 1220 1221 1221 // Need to look at the URL the way it will end up in wp_redirect() 1222 $location = wp_sanitize_redirect( $location);1222 $location = wp_sanitize_redirect( $location ); 1223 1223 1224 $location = wp_validate_redirect( $location, admin_url());1224 $location = wp_validate_redirect( $location, admin_url() ); 1225 1225 1226 wp_redirect( $location, $status);1226 wp_redirect( $location, $status ); 1227 1227 } 1228 1228 endif; 1229 1229 1230 if ( !function_exists( 'wp_validate_redirect') ) :1230 if ( !function_exists( 'wp_validate_redirect' ) ) : 1231 1231 /** 1232 1232 * Validates a URL for use in a redirect. 1233 1233 * … … 1243 1243 * @param string $default The value to return if $location is not allowed 1244 1244 * @return string redirect-sanitized URL 1245 1245 **/ 1246 function wp_validate_redirect( $location, $default = '') {1246 function wp_validate_redirect( $location, $default = '' ) { 1247 1247 $location = trim( $location ); 1248 1248 // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//' 1249 if ( substr( $location, 0, 2) == '//' )1249 if ( substr( $location, 0, 2 ) == '//' ) 1250 1250 $location = 'http:' . $location; 1251 1251 1252 1252 // In php 5 parse_url may fail if the URL query part contains http://, bug #38143 1253 $test = ( $cut = strpos( $location, '?') ) ? substr( $location, 0, $cut ) : $location;1253 $test = ( $cut = strpos( $location, '?' ) ) ? substr( $location, 0, $cut ) : $location; 1254 1254 1255 $lp = parse_url( $test);1255 $lp = parse_url( $test ); 1256 1256 1257 1257 // Give up if malformed URL 1258 1258 if ( false === $lp ) 1259 1259 return $default; 1260 1260 1261 1261 // Allow only http and https schemes. No data:, etc. 1262 if ( isset( $lp['scheme']) && !('http' == $lp['scheme'] || 'https' == $lp['scheme']) )1262 if ( isset( $lp['scheme']) && !('http' == $lp['scheme'] || 'https' == $lp['scheme']) ) 1263 1263 return $default; 1264 1264 1265 1265 // Reject if scheme is set but host is not. This catches urls like https:host.com for which parse_url does not set the host field. 1266 if ( isset( $lp['scheme']) && !isset($lp['host']) )1266 if ( isset( $lp['scheme'] ) && !isset( $lp['host'] ) ) 1267 1267 return $default; 1268 1268 1269 $wpp = parse_url( home_url());1269 $wpp = parse_url( home_url() ); 1270 1270 1271 1271 /** 1272 1272 * Filter the whitelist of hosts to redirect to. … … 1276 1276 * @param array $hosts An array of allowed hosts. 1277 1277 * @param bool|string $host The parsed host; empty if not isset. 1278 1278 */ 1279 $allowed_hosts = ( array) apply_filters( 'allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : '' );1279 $allowed_hosts = ( array ) apply_filters( 'allowed_redirect_hosts', array( $wpp['host'] ), isset($lp['host'] ) ? $lp['host'] : '' ); 1280 1280 1281 if ( isset( $lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host'])) )1281 if ( isset( $lp['host'] ) && ( !in_array( $lp['host'], $allowed_hosts ) && $lp['host'] != strtolower( $wpp['host'] ) ) ) 1282 1282 $location = $default; 1283 1283 1284 1284 return $location; 1285 1285 } 1286 1286 endif; 1287 1287 1288 if ( ! function_exists( 'wp_notify_postauthor') ) :1288 if ( ! function_exists( 'wp_notify_postauthor' ) ) : 1289 1289 /** 1290 1290 * Notify an author (and/or others) of a comment/trackback/pingback on a post. 1291 1291 * … … 1371 1371 $emails = array_flip( $emails ); 1372 1372 } 1373 1373 1374 $comment_author_domain = @gethostbyaddr( $comment->comment_author_IP);1374 $comment_author_domain = @gethostbyaddr( $comment->comment_author_IP ); 1375 1375 1376 1376 // The blogname option is escaped with esc_html on the way into the database in sanitize_option 1377 1377 // we want to reverse this for the plain text arena of emails. 1378 $blogname = wp_specialchars_decode( get_option('blogname'), ENT_QUOTES);1378 $blogname = wp_specialchars_decode( get_option('blogname'), ENT_QUOTES ); 1379 1379 1380 1380 switch ( $comment->comment_type ) { 1381 1381 case 'trackback': 1382 1382 $notify_message = sprintf( __( 'New trackback on your post "%s"' ), $post->post_title ) . "\r\n"; 1383 1383 /* translators: 1: website name, 2: author IP, 3: author domain */ 1384 $notify_message .= sprintf( __( 'Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";1384 $notify_message .= sprintf( __( 'Website: %1$s (IP: %2$s , %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; 1385 1385 $notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n"; 1386 1386 $notify_message .= sprintf( __( 'Comment: %s' ), $comment->comment_content ) . "\r\n\r\n"; 1387 1387 $notify_message .= __( 'You can see all trackbacks on this post here:' ) . "\r\n"; 1388 1388 /* translators: 1: blog name, 2: post title */ 1389 $subject = sprintf( __( '[%1$s] Trackback: "%2$s"'), $blogname, $post->post_title );1389 $subject = sprintf( __( '[%1$s] Trackback: "%2$s"' ), $blogname, $post->post_title ); 1390 1390 break; 1391 1391 case 'pingback': 1392 1392 $notify_message = sprintf( __( 'New pingback on your post "%s"' ), $post->post_title ) . "\r\n"; 1393 1393 /* translators: 1: comment author, 2: author IP, 3: author domain */ 1394 $notify_message .= sprintf( __( 'Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";1394 $notify_message .= sprintf( __( 'Website: %1$s (IP: %2$s , %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; 1395 1395 $notify_message .= sprintf( __( 'URL: %s' ), $comment->comment_author_url ) . "\r\n"; 1396 1396 $notify_message .= sprintf( __( 'Comment: %s' ), $comment->comment_content ) . "\r\n\r\n"; 1397 1397 $notify_message .= __( 'You can see all pingbacks on this post here:' ) . "\r\n"; 1398 1398 /* translators: 1: blog name, 2: post title */ 1399 $subject = sprintf( __( '[%1$s] Pingback: "%2$s"'), $blogname, $post->post_title );1399 $subject = sprintf( __( '[%1$s] Pingback: "%2$s"' ), $blogname, $post->post_title ); 1400 1400 break; 1401 1401 default: // Comments 1402 1402 $notify_message = sprintf( __( 'New comment on your post "%s"' ), $post->post_title ) . "\r\n"; … … 1408 1408 $notify_message .= sprintf( __('Comment: %s' ), $comment->comment_content ) . "\r\n\r\n"; 1409 1409 $notify_message .= __( 'You can see all comments on this post here:' ) . "\r\n"; 1410 1410 /* translators: 1: blog name, 2: post title */ 1411 $subject = sprintf( __( '[%1$s] Comment: "%2$s"'), $blogname, $post->post_title );1411 $subject = sprintf( __( '[%1$s] Comment: "%2$s"' ), $blogname, $post->post_title ); 1412 1412 break; 1413 1413 } 1414 $notify_message .= get_permalink( $comment->comment_post_ID) . "#comments\r\n\r\n";1415 $notify_message .= sprintf( __( 'Permalink: %s'), get_comment_link( $comment_id ) ) . "\r\n";1414 $notify_message .= get_permalink( $comment->comment_post_I D) . "#comments\r\n\r\n"; 1415 $notify_message .= sprintf( __( 'Permalink: %s' ), get_comment_link( $comment_id ) ) . "\r\n"; 1416 1416 1417 1417 if ( user_can( $post->post_author, 'edit_comment', $comment_id ) ) { 1418 1418 if ( EMPTY_TRASH_DAYS ) 1419 $notify_message .= sprintf( __( 'Trash it: %s'), admin_url("comment.php?action=trash&c=$comment_id") ) . "\r\n";1419 $notify_message .= sprintf( __( 'Trash it: %s' ), admin_url( "comment.php?action=trash&c=$comment_id" ) ) . "\r\n"; 1420 1420 else 1421 $notify_message .= sprintf( __( 'Delete it: %s'), admin_url("comment.php?action=delete&c=$comment_id") ) . "\r\n";1422 $notify_message .= sprintf( __( 'Spam it: %s'), admin_url("comment.php?action=spam&c=$comment_id") ) . "\r\n";1421 $notify_message .= sprintf( __( 'Delete it: %s' ), admin_url( "comment.php?action=delete&c=$comment_id" ) ) . "\r\n"; 1422 $notify_message .= sprintf( __( 'Spam it: %s' ), admin_url( "comment.php?action=spam&c=$comment_id" ) ) . "\r\n"; 1423 1423 } 1424 1424 1425 $wp_email = 'wordpress@' . preg_replace( '#^www\.#', '', strtolower($_SERVER['SERVER_NAME']));1425 $wp_email = 'wordpress@' . preg_replace( '#^www\.#', '', strtolower( $_SERVER['SERVER_NAME'] ) ); 1426 1426 1427 1427 if ( '' == $comment->comment_author ) { 1428 1428 $from = "From: \"$blogname\" <$wp_email>"; … … 1437 1437 $message_headers = "$from\n" 1438 1438 . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n"; 1439 1439 1440 if ( isset( $reply_to) )1440 if ( isset( $reply_to ) ) 1441 1441 $message_headers .= $reply_to . "\n"; 1442 1442 1443 1443 /** … … 1478 1478 } 1479 1479 endif; 1480 1480 1481 if ( !function_exists( 'wp_notify_moderator') ) :1481 if ( !function_exists( 'wp_notify_moderator' ) ) : 1482 1482 /** 1483 1483 * Notifies the moderator of the blog about a new comment that is awaiting approval. 1484 1484 * … … 1489 1489 * @param int $comment_id Comment ID 1490 1490 * @return bool Always returns true 1491 1491 */ 1492 function wp_notify_moderator( $comment_id) {1492 function wp_notify_moderator( $comment_id ) { 1493 1493 global $wpdb; 1494 1494 1495 1495 if ( 0 == get_option( 'moderation_notify' ) ) 1496 1496 return true; 1497 1497 1498 $comment = get_comment( $comment_id);1499 $post = get_post( $comment->comment_post_ID);1498 $comment = get_comment( $comment_id ); 1499 $post = get_post( $comment->comment_post_ID ); 1500 1500 $user = get_userdata( $post->post_author ); 1501 1501 // Send to the administration and to the post author if the author can modify the comment. 1502 1502 $emails = array( get_option( 'admin_email' ) ); … … 1505 1505 $emails[] = $user->user_email; 1506 1506 } 1507 1507 1508 $comment_author_domain = @gethostbyaddr( $comment->comment_author_IP);1509 $comments_waiting = $wpdb->get_var( "SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'");1508 $comment_author_domain = @gethostbyaddr( $comment->comment_author_IP ); 1509 $comments_waiting = $wpdb->get_var( "SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'" ); 1510 1510 1511 1511 // The blogname option is escaped with esc_html on the way into the database in sanitize_option 1512 1512 // we want to reverse this for the plain text arena of emails. 1513 $blogname = wp_specialchars_decode( get_option('blogname'), ENT_QUOTES);1513 $blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); 1514 1514 1515 1515 switch ( $comment->comment_type ) { 1516 1516 case 'trackback': 1517 $notify_message = sprintf( __( 'A new trackback on the post "%s" is waiting for your approval'), $post->post_title ) . "\r\n";1518 $notify_message .= get_permalink( $comment->comment_post_ID) . "\r\n\r\n";1519 $notify_message .= sprintf( __( 'Website : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";1520 $notify_message .= sprintf( __( 'URL : %s'), $comment->comment_author_url ) . "\r\n";1521 $notify_message .= __( 'Trackback excerpt: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";1517 $notify_message = sprintf( __( 'A new trackback on the post "%s" is waiting for your approval' ), $post->post_title ) . "\r\n"; 1518 $notify_message .= get_permalink( $comment->comment_post_ID ) . "\r\n\r\n"; 1519 $notify_message .= sprintf( __( 'Website : %1$s (IP: %2$s , %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; 1520 $notify_message .= sprintf( __( 'URL : %s' ), $comment->comment_author_url ) . "\r\n"; 1521 $notify_message .= __( 'Trackback excerpt: ' ) . "\r\n" . $comment->comment_content . "\r\n\r\n"; 1522 1522 break; 1523 1523 case 'pingback': 1524 $notify_message = sprintf( __( 'A new pingback on the post "%s" is waiting for your approval'), $post->post_title ) . "\r\n";1525 $notify_message .= get_permalink( $comment->comment_post_ID) . "\r\n\r\n";1526 $notify_message .= sprintf( __( 'Website : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";1527 $notify_message .= sprintf( __( 'URL : %s'), $comment->comment_author_url ) . "\r\n";1528 $notify_message .= __( 'Pingback excerpt: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";1524 $notify_message = sprintf( __( 'A new pingback on the post "%s" is waiting for your approval' ), $post->post_title ) . "\r\n"; 1525 $notify_message .= get_permalink( $comment->comment_post_ID ) . "\r\n\r\n"; 1526 $notify_message .= sprintf( __( 'Website : %1$s (IP: %2$s , %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; 1527 $notify_message .= sprintf( __( 'URL : %s' ), $comment->comment_author_url ) . "\r\n"; 1528 $notify_message .= __( 'Pingback excerpt: ' ) . "\r\n" . $comment->comment_content . "\r\n\r\n"; 1529 1529 break; 1530 1530 default: // Comments 1531 $notify_message = sprintf( __( 'A new comment on the post "%s" is waiting for your approval'), $post->post_title ) . "\r\n";1532 $notify_message .= get_permalink( $comment->comment_post_ID) . "\r\n\r\n";1533 $notify_message .= sprintf( __( 'Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";1534 $notify_message .= sprintf( __( 'E-mail : %s'), $comment->comment_author_email ) . "\r\n";1535 $notify_message .= sprintf( __( 'URL : %s'), $comment->comment_author_url ) . "\r\n";1536 $notify_message .= sprintf( __( 'Whois : http://whois.arin.net/rest/ip/%s'), $comment->comment_author_IP ) . "\r\n";1537 $notify_message .= __( 'Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";1531 $notify_message = sprintf( __( 'A new comment on the post "%s" is waiting for your approval' ), $post->post_title ) . "\r\n"; 1532 $notify_message .= get_permalink( $comment->comment_post_ID ) . "\r\n\r\n"; 1533 $notify_message .= sprintf( __( 'Author : %1$s (IP: %2$s , %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; 1534 $notify_message .= sprintf( __( 'E-mail : %s' ), $comment->comment_author_email ) . "\r\n"; 1535 $notify_message .= sprintf( __( 'URL : %s' ), $comment->comment_author_url ) . "\r\n"; 1536 $notify_message .= sprintf( __( 'Whois : http://whois.arin.net/rest/ip/%s' ), $comment->comment_author_IP ) . "\r\n"; 1537 $notify_message .= __( 'Comment: ' ) . "\r\n" . $comment->comment_content . "\r\n\r\n"; 1538 1538 break; 1539 1539 } 1540 1540 1541 $notify_message .= sprintf( __( 'Approve it: %s'), admin_url("comment.php?action=approve&c=$comment_id") ) . "\r\n";1541 $notify_message .= sprintf( __( 'Approve it: %s' ), admin_url( "comment.php?action=approve&c=$comment_id" ) ) . "\r\n"; 1542 1542 if ( EMPTY_TRASH_DAYS ) 1543 $notify_message .= sprintf( __( 'Trash it: %s'), admin_url("comment.php?action=trash&c=$comment_id") ) . "\r\n";1543 $notify_message .= sprintf( __( 'Trash it: %s' ), admin_url( "comment.php?action=trash&c=$comment_id" ) ) . "\r\n"; 1544 1544 else 1545 $notify_message .= sprintf( __( 'Delete it: %s'), admin_url("comment.php?action=delete&c=$comment_id") ) . "\r\n";1546 $notify_message .= sprintf( __( 'Spam it: %s'), admin_url("comment.php?action=spam&c=$comment_id") ) . "\r\n";1545 $notify_message .= sprintf( __( 'Delete it: %s' ), admin_url( "comment.php?action=delete&c=$comment_id" ) ) . "\r\n"; 1546 $notify_message .= sprintf( __( 'Spam it: %s' ), admin_url( "comment.php?action=spam&c=$comment_id" ) ) . "\r\n"; 1547 1547 1548 $notify_message .= sprintf( _n( 'Currently %s comment is waiting for approval. Please visit the moderation panel:',1549 'Currently %s comments are waiting for approval. Please visit the moderation panel:', $comments_waiting ), number_format_i18n($comments_waiting) ) . "\r\n";1550 $notify_message .= admin_url( "edit-comments.php?comment_status=moderated") . "\r\n";1548 $notify_message .= sprintf( _n( 'Currently %s comment is waiting for approval. Please visit the moderation panel:', 1549 'Currently %s comments are waiting for approval. Please visit the moderation panel:', $comments_waiting ), number_format_i18n( $comments_waiting ) ) . "\r\n"; 1550 $notify_message .= admin_url( "edit-comments.php?comment_status=moderated" ) . "\r\n"; 1551 1551 1552 $subject = sprintf( __( '[%1$s] Please moderate: "%2$s"'), $blogname, $post->post_title );1552 $subject = sprintf( __( '[%1$s] Please moderate: "%2$s"' ), $blogname, $post->post_title ); 1553 1553 $message_headers = ''; 1554 1554 1555 1555 /** … … 1600 1600 } 1601 1601 endif; 1602 1602 1603 if ( !function_exists( 'wp_password_change_notification') ) :1603 if ( !function_exists( 'wp_password_change_notification' ) ) : 1604 1604 /** 1605 1605 * Notify the blog admin of a user changing password, normally via email. 1606 1606 * … … 1612 1612 // send a copy of password change notification to the admin 1613 1613 // but check to see if it's the admin whose password we're changing, and skip this 1614 1614 if ( 0 !== strcasecmp( $user->user_email, get_option( 'admin_email' ) ) ) { 1615 $message = sprintf( __('Password Lost and Changed for user: %s'), $user->user_login) . "\r\n";1615 $message = sprintf( __( 'Password Lost and Changed for user: %s' ), $user->user_login ) . "\r\n"; 1616 1616 // The blogname option is escaped with esc_html on the way into the database in sanitize_option 1617 1617 // we want to reverse this for the plain text arena of emails. 1618 $blogname = wp_specialchars_decode( get_option('blogname'), ENT_QUOTES);1619 wp_mail( get_option('admin_email'), sprintf(__('[%s] Password Lost/Changed'), $blogname), $message);1618 $blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); 1619 wp_mail( get_option( 'admin_email' ), sprintf( __( '[%s] Password Lost/Changed' ), $blogname ), $message ); 1620 1620 } 1621 1621 } 1622 1622 endif; 1623 1623 1624 if ( !function_exists( 'wp_new_user_notification') ) :1624 if ( !function_exists( 'wp_new_user_notification' ) ) : 1625 1625 /** 1626 1626 * Email login credentials to a newly-registered user. 1627 1627 * … … 1632 1632 * @param int $user_id User ID. 1633 1633 * @param string $plaintext_pass Optional. The user's plaintext password. Default empty. 1634 1634 */ 1635 function wp_new_user_notification( $user_id, $plaintext_pass = '') {1635 function wp_new_user_notification( $user_id, $plaintext_pass = '' ) { 1636 1636 $user = get_userdata( $user_id ); 1637 1637 1638 1638 // The blogname option is escaped with esc_html on the way into the database in sanitize_option 1639 1639 // we want to reverse this for the plain text arena of emails. 1640 $blogname = wp_specialchars_decode( get_option('blogname'), ENT_QUOTES);1640 $blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); 1641 1641 1642 $message = sprintf( __('New user registration on your site %s:'), $blogname) . "\r\n\r\n";1643 $message .= sprintf( __('Username: %s'), $user->user_login) . "\r\n\r\n";1644 $message .= sprintf( __('E-mail: %s'), $user->user_email) . "\r\n";1642 $message = sprintf( __( 'New user registration on your site %s:' ), $blogname ) . "\r\n\r\n"; 1643 $message .= sprintf( __( 'Username: %s' ), $user->user_login ) . "\r\n\r\n"; 1644 $message .= sprintf( __( 'E-mail: %s' ), $user->user_email ) . "\r\n"; 1645 1645 1646 @wp_mail( get_option('admin_email'), sprintf(__('[%s] New User Registration'), $blogname), $message);1646 @wp_mail( get_option( 'admin_email' ), sprintf( __( '[%s] New User Registration' ), $blogname ), $message ); 1647 1647 1648 if ( empty( $plaintext_pass) )1648 if ( empty( $plaintext_pass ) ) 1649 1649 return; 1650 1650 1651 $message = sprintf( __('Username: %s'), $user->user_login) . "\r\n";1652 $message .= sprintf( __('Password: %s'), $plaintext_pass) . "\r\n";1651 $message = sprintf( __( 'Username: %s' ), $user->user_login ) . "\r\n"; 1652 $message .= sprintf( __( 'Password: %s' ), $plaintext_pass ) . "\r\n"; 1653 1653 $message .= wp_login_url() . "\r\n"; 1654 1654 1655 wp_mail( $user->user_email, sprintf(__('[%s] Your username and password'), $blogname), $message);1655 wp_mail( $user->user_email, sprintf( __( '[%s] Your username and password' ), $blogname ), $message ); 1656 1656 1657 1657 } 1658 1658 endif; 1659 1659 1660 if ( !function_exists( 'wp_nonce_tick') ) :1660 if ( !function_exists( 'wp_nonce_tick' ) ) : 1661 1661 /** 1662 1662 * Get the time-dependent variable for nonce creation. 1663 1663 * … … 1682 1682 } 1683 1683 endif; 1684 1684 1685 if ( !function_exists( 'wp_verify_nonce') ) :1685 if ( !function_exists( 'wp_verify_nonce' ) ) : 1686 1686 /** 1687 1687 * Verify that correct nonce was used with time limit. 1688 1688 * … … 1695 1695 * @param string|int $action Should give context to what is taking place and be the same when nonce was created. 1696 1696 * @return bool Whether the nonce check passed or failed. 1697 1697 */ 1698 function wp_verify_nonce( $nonce, $action = -1) {1698 function wp_verify_nonce( $nonce, $action = -1 ) { 1699 1699 $user = wp_get_current_user(); 1700 1700 $uid = (int) $user->ID; 1701 1701 if ( ! $uid ) { … … 1718 1718 $i = wp_nonce_tick(); 1719 1719 1720 1720 // Nonce generated 0-12 hours ago 1721 $expected = substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );1721 $expected = substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 ); 1722 1722 if ( hash_equals( $expected, $nonce ) ) { 1723 1723 return 1; 1724 1724 } … … 1734 1734 } 1735 1735 endif; 1736 1736 1737 if ( !function_exists( 'wp_create_nonce') ) :1737 if ( !function_exists( 'wp_create_nonce' ) ) : 1738 1738 /** 1739 1739 * Creates a cryptographic token tied to a specific action, user, and window of time. 1740 1740 * … … 1743 1743 * @param string $action Scalar value to add context to the nonce. 1744 1744 * @return string The token. 1745 1745 */ 1746 function wp_create_nonce( $action = -1) {1746 function wp_create_nonce( $action = -1 ) { 1747 1747 $user = wp_get_current_user(); 1748 1748 $uid = (int) $user->ID; 1749 1749 if ( ! $uid ) { … … 1758 1758 } 1759 1759 endif; 1760 1760 1761 if ( !function_exists( 'wp_salt') ) :1761 if ( !function_exists( 'wp_salt' ) ) : 1762 1762 /** 1763 1763 * Get salt to add to hashes. 1764 1764 * … … 1862 1862 } 1863 1863 endif; 1864 1864 1865 if ( !function_exists( 'wp_hash') ) :1865 if ( !function_exists( 'wp_hash' ) ) : 1866 1866 /** 1867 1867 * Get hash of given string. 1868 1868 * … … 1871 1871 * @param string $data Plain text to hash 1872 1872 * @return string Hash of $data 1873 1873 */ 1874 function wp_hash( $data, $scheme = 'auth') {1875 $salt = wp_salt( $scheme);1874 function wp_hash( $data, $scheme = 'auth' ) { 1875 $salt = wp_salt( $scheme ); 1876 1876 1877 return hash_hmac( 'md5', $data, $salt);1877 return hash_hmac( 'md5', $data, $salt ); 1878 1878 } 1879 1879 endif; 1880 1880 1881 if ( !function_exists( 'wp_hash_password') ) :1881 if ( !function_exists( 'wp_hash_password' ) ) : 1882 1882 /** 1883 1883 * Create a hash (encrypt) of a plain text password. 1884 1884 * … … 1893 1893 * @param string $password Plain text user password to hash 1894 1894 * @return string The hash string of the password 1895 1895 */ 1896 function wp_hash_password( $password) {1896 function wp_hash_password( $password ) { 1897 1897 global $wp_hasher; 1898 1898 1899 if ( empty( $wp_hasher) ) {1900 require_once( ABSPATH . WPINC . '/class-phpass.php' );1899 if ( empty( $wp_hasher ) ) { 1900 require_once( ABSPATH . WPINC . '/class-phpass.php' ); 1901 1901 // By default, use the portable hash from phpass 1902 $wp_hasher = new PasswordHash( 8, true);1902 $wp_hasher = new PasswordHash( 8, true ); 1903 1903 } 1904 1904 1905 1905 return $wp_hasher->HashPassword( trim( $password ) ); 1906 1906 } 1907 1907 endif; 1908 1908 1909 if ( !function_exists( 'wp_check_password') ) :1909 if ( !function_exists( 'wp_check_password' ) ) : 1910 1910 /** 1911 1911 * Checks the plaintext password against the encrypted Password. 1912 1912 * … … 1928 1928 * @param string $hash Hash of the user's password to check against. 1929 1929 * @return bool False, if the $password does not match the hashed password 1930 1930 */ 1931 function wp_check_password( $password, $hash, $user_id = '') {1931 function wp_check_password( $password, $hash, $user_id = '' ) { 1932 1932 global $wp_hasher; 1933 1933 1934 1934 // If the hash is still md5... 1935 if ( strlen( $hash) <= 32 ) {1935 if ( strlen( $hash ) <= 32 ) { 1936 1936 $check = hash_equals( $hash, md5( $password ) ); 1937 1937 if ( $check && $user_id ) { 1938 1938 // Rehash using new hash. 1939 wp_set_password( $password, $user_id);1940 $hash = wp_hash_password( $password);1939 wp_set_password( $password, $user_id ); 1940 $hash = wp_hash_password( $password ); 1941 1941 } 1942 1942 1943 1943 /** … … 1955 1955 1956 1956 // If the stored hash is longer than an MD5, presume the 1957 1957 // new style phpass portable hash. 1958 if ( empty( $wp_hasher) ) {1959 require_once( ABSPATH . WPINC . '/class-phpass.php' );1958 if ( empty( $wp_hasher ) ) { 1959 require_once( ABSPATH . WPINC . '/class-phpass.php' ); 1960 1960 // By default, use the portable hash from phpass 1961 $wp_hasher = new PasswordHash( 8, true);1961 $wp_hasher = new PasswordHash( 8, true ); 1962 1962 } 1963 1963 1964 $check = $wp_hasher->CheckPassword( $password, $hash);1964 $check = $wp_hasher->CheckPassword( $password, $hash ); 1965 1965 1966 1966 /** This filter is documented in wp-includes/pluggable.php */ 1967 1967 return apply_filters( 'check_password', $check, $password, $hash, $user_id ); 1968 1968 } 1969 1969 endif; 1970 1970 1971 if ( !function_exists( 'wp_generate_password') ) :1971 if ( !function_exists( 'wp_generate_password' ) ) : 1972 1972 /** 1973 1973 * Generates a random password drawn from the defined set of characters. 1974 1974 * … … 1989 1989 1990 1990 $password = ''; 1991 1991 for ( $i = 0; $i < $length; $i++ ) { 1992 $password .= substr( $chars, wp_rand(0, strlen($chars) - 1), 1);1992 $password .= substr( $chars, wp_rand( 0, strlen( $chars ) - 1 ), 1 ); 1993 1993 } 1994 1994 1995 1995 /** … … 2003 2003 } 2004 2004 endif; 2005 2005 2006 if ( !function_exists( 'wp_rand') ) :2006 if ( !function_exists( 'wp_rand' ) ) : 2007 2007 /** 2008 2008 * Generates a random number 2009 2009 * … … 2018 2018 2019 2019 // Reset $rnd_value after 14 uses 2020 2020 // 32(md5) + 40(sha1) + 40(sha1) / 8 = 14 random numbers from $rnd_value 2021 if ( strlen( $rnd_value) < 8 ) {2021 if ( strlen( $rnd_value ) < 8 ) { 2022 2022 if ( defined( 'WP_SETUP_CONFIG' ) ) 2023 2023 static $seed = ''; 2024 2024 else 2025 $seed = get_transient( 'random_seed');2026 $rnd_value = md5( uniqid( microtime() . mt_rand(), true ) . $seed );2027 $rnd_value .= sha1( $rnd_value);2028 $rnd_value .= sha1( $rnd_value . $seed);2029 $seed = md5( $seed . $rnd_value);2025 $seed = get_transient( 'random_seed' ); 2026 $rnd_value = md5( uniqid( microtime() . mt_rand(), true ) . $seed ); 2027 $rnd_value .= sha1( $rnd_value ); 2028 $rnd_value .= sha1( $rnd_value . $seed ); 2029 $seed = md5( $seed . $rnd_value ); 2030 2030 if ( ! defined( 'WP_SETUP_CONFIG' ) ) 2031 set_transient( 'random_seed', $seed);2031 set_transient( 'random_seed', $seed ); 2032 2032 } 2033 2033 2034 2034 // Take the first 8 digits for our value 2035 $value = substr( $rnd_value, 0, 8);2035 $value = substr( $rnd_value, 0, 8 ); 2036 2036 2037 2037 // Strip the first eight, leaving the remainder for the next call to wp_rand(). 2038 $rnd_value = substr( $rnd_value, 8);2038 $rnd_value = substr( $rnd_value, 8 ); 2039 2039 2040 $value = abs( hexdec($value));2040 $value = abs( hexdec( $value ) ); 2041 2041 2042 2042 // Some misconfigured 32bit environments (Entropy PHP, for example) truncate integers larger than PHP_INT_MAX to PHP_INT_MAX rather than overflowing them to floats. 2043 2043 $max_random_number = 3000000000 === 2147483647 ? (float) "4294967295" : 4294967295; // 4294967295 = 0xffffffff … … 2046 2046 if ( $max != 0 ) 2047 2047 $value = $min + ( $max - $min + 1 ) * $value / ( $max_random_number + 1 ); 2048 2048 2049 return abs( intval($value));2049 return abs( intval( $value ) ); 2050 2050 } 2051 2051 endif; 2052 2052 2053 if ( !function_exists( 'wp_set_password') ) :2053 if ( !function_exists( 'wp_set_password' ) ) : 2054 2054 /** 2055 2055 * Updates the user's password with a new encrypted one. 2056 2056 * … … 2072 2072 global $wpdb; 2073 2073 2074 2074 $hash = wp_hash_password( $password ); 2075 $wpdb->update( $wpdb->users, array('user_pass' => $hash, 'user_activation_key' => ''), array('ID' => $user_id) );2075 $wpdb->update( $wpdb->users, array( 'user_pass' => $hash, 'user_activation_key' => '' ), array( 'ID' => $user_id ) ); 2076 2076 2077 wp_cache_delete( $user_id, 'users');2077 wp_cache_delete( $user_id, 'users' ); 2078 2078 } 2079 2079 endif; 2080 2080 … … 2091 2091 * @return string `<img>` tag for the user's avatar. 2092 2092 */ 2093 2093 function get_avatar( $id_or_email, $size = '96', $default = '', $alt = false ) { 2094 if ( ! get_option( 'show_avatars') )2094 if ( ! get_option( 'show_avatars' ) ) 2095 2095 return false; 2096 2096 2097 if ( false === $alt )2097 if ( false === $alt ) 2098 2098 $safe_alt = ''; 2099 2099 else 2100 2100 $safe_alt = esc_attr( $alt ); 2101 2101 2102 if ( !is_numeric( $size) )2102 if ( !is_numeric( $size ) ) 2103 2103 $size = '96'; 2104 2104 2105 2105 $email = ''; 2106 if ( is_numeric( $id_or_email) ) {2106 if ( is_numeric( $id_or_email ) ) { 2107 2107 $id = (int) $id_or_email; 2108 $user = get_userdata( $id);2108 $user = get_userdata( $id ); 2109 2109 if ( $user ) 2110 2110 $email = $user->user_email; 2111 } elseif ( is_object( $id_or_email) ) {2111 } elseif ( is_object( $id_or_email ) ) { 2112 2112 // No avatar for pingbacks or trackbacks 2113 2113 2114 2114 /** … … 2124 2124 2125 2125 if ( ! empty( $id_or_email->user_id ) ) { 2126 2126 $id = (int) $id_or_email->user_id; 2127 $user = get_userdata( $id);2127 $user = get_userdata( $id ); 2128 2128 if ( $user ) 2129 2129 $email = $user->user_email; 2130 2130 } … … 2136 2136 } 2137 2137 2138 2138 if ( empty($default) ) { 2139 $avatar_default = get_option( 'avatar_default');2140 if ( empty( $avatar_default) )2139 $avatar_default = get_option( 'avatar_default' ); 2140 if ( empty( $avatar_default ) ) 2141 2141 $default = 'mystery'; 2142 2142 else 2143 2143 $default = $avatar_default; 2144 2144 } 2145 2145 2146 if ( !empty( $email) )2146 if ( !empty( $email ) ) 2147 2147 $email_hash = md5( strtolower( trim( $email ) ) ); 2148 2148 2149 2149 if ( is_ssl() ) { 2150 2150 $host = 'https://secure.gravatar.com'; 2151 2151 } else { 2152 if ( !empty( $email) )2152 if ( !empty( $email ) ) 2153 2153 $host = sprintf( "http://%d.gravatar.com", ( hexdec( $email_hash[0] ) % 2 ) ); 2154 2154 else 2155 2155 $host = 'http://0.gravatar.com'; … … 2159 2159 $default = "$host/avatar/ad516503a11cd5ca435acc9bb6523536?s={$size}"; // ad516503a11cd5ca435acc9bb6523536 == md5('unknown@gravatar.com') 2160 2160 elseif ( 'blank' == $default ) 2161 2161 $default = $email ? 'blank' : includes_url( 'images/blank.gif' ); 2162 elseif ( !empty( $email) && 'gravatar_default' == $default )2162 elseif ( !empty( $email ) && 'gravatar_default' == $default ) 2163 2163 $default = ''; 2164 2164 elseif ( 'gravatar_default' == $default ) 2165 2165 $default = "$host/avatar/?s={$size}"; 2166 elseif ( empty( $email) )2166 elseif ( empty( $email ) ) 2167 2167 $default = "$host/avatar/?d=$default&s={$size}"; 2168 elseif ( strpos( $default, 'http://') === 0 )2168 elseif ( strpos( $default, 'http://' ) === 0 ) 2169 2169 $default = add_query_arg( 's', $size, $default ); 2170 2170 2171 if ( !empty( $email) ) {2171 if ( !empty( $email ) ) { 2172 2172 $out = "$host/avatar/"; 2173 2173 $out .= $email_hash; 2174 2174 $out .= '?s='.$size; 2175 2175 $out .= '&d=' . urlencode( $default ); 2176 2176 2177 $rating = get_option( 'avatar_rating');2177 $rating = get_option( 'avatar_rating' ); 2178 2178 if ( !empty( $rating ) ) 2179 2179 $out .= "&r={$rating}"; 2180 2180 … … 2235 2235 if ( !class_exists( 'WP_Text_Diff_Renderer_Table' ) ) 2236 2236 require( ABSPATH . WPINC . '/wp-diff.php' ); 2237 2237 2238 $left_string = normalize_whitespace( $left_string);2239 $right_string = normalize_whitespace( $right_string);2238 $left_string = normalize_whitespace( $left_string ); 2239 $right_string = normalize_whitespace( $right_string ); 2240 2240 2241 $left_lines = explode( "\n", $left_string);2242 $right_lines = explode( "\n", $right_string);2243 $text_diff = new Text_Diff( $left_lines, $right_lines);2241 $left_lines = explode( "\n", $left_string ); 2242 $right_lines = explode( "\n", $right_string ); 2243 $text_diff = new Text_Diff( $left_lines, $right_lines ); 2244 2244 $renderer = new WP_Text_Diff_Renderer_Table( $args ); 2245 $diff = $renderer->render( $text_diff);2245 $diff = $renderer->render( $text_diff ); 2246 2246 2247 2247 if ( !$diff ) 2248 2248 return '';