| 1 | <?php |
|---|
| 2 | // Load the WordPress Environment |
|---|
| 3 | // define( 'WP_DEBUG', true ); /* uncomment for debug mode */ |
|---|
| 4 | |
|---|
| 5 | |
|---|
| 6 | require('./wp-load.php'); |
|---|
| 7 | |
|---|
| 8 | /** |
|---|
| 9 | * Check if we have received a junk request, based on file extension. |
|---|
| 10 | * |
|---|
| 11 | * Use the 'wp_is_bad_request_extensions' filter to add or remove allowed file extensions. |
|---|
| 12 | * |
|---|
| 13 | * Use the 'wp_is_bad_request' filter to return the boolean value of a custom evaluation. |
|---|
| 14 | * |
|---|
| 15 | * As a 'best practice', plugin developers should utilize this function as a |
|---|
| 16 | * way to prevent running plugin code unnecessarily. |
|---|
| 17 | * |
|---|
| 18 | * @uses wp_get_mime_types() to retrieve list of mime types and file extensions. |
|---|
| 19 | * |
|---|
| 20 | * @author Robert D Payne <rpayne@rdptechsolutions.com> |
|---|
| 21 | * |
|---|
| 22 | * @param string $extension Extension of requested file |
|---|
| 23 | * @return bool True if the the HTTP request is considered junk, false otherwise |
|---|
| 24 | */ |
|---|
| 25 | function wp_is_bad_request($extension = '') { |
|---|
| 26 | $isBad = false; |
|---|
| 27 | |
|---|
| 28 | if(empty($extension)): |
|---|
| 29 | $url = (isset($_SERVER['REQUEST_URI']))? $_SERVER['REQUEST_URI'] : ''; |
|---|
| 30 | $url_parts = parse_url($url); |
|---|
| 31 | $path = (empty($url_parts["path"]))? '' : $url_parts["path"]; |
|---|
| 32 | $extension = pathinfo($path, PATHINFO_EXTENSION); |
|---|
| 33 | endif; |
|---|
| 34 | |
|---|
| 35 | |
|---|
| 36 | if(!empty($extension)): |
|---|
| 37 | $ext = strtolower($extension); |
|---|
| 38 | $mimes = apply_filters('wp_is_bad_request_extensions', wp_get_mime_types()) ; |
|---|
| 39 | $extList = array(); |
|---|
| 40 | |
|---|
| 41 | foreach ($mimes as $key => $value) { |
|---|
| 42 | $ak = explode('|', $key); |
|---|
| 43 | $extList = array_merge($extList,$ak) ; |
|---|
| 44 | } |
|---|
| 45 | |
|---|
| 46 | $isBad = in_array($ext, $extList); |
|---|
| 47 | endif; |
|---|
| 48 | |
|---|
| 49 | return apply_filters( 'wp_is_bad_request', $isBad); |
|---|
| 50 | }//is_bad_request |
|---|
| 51 | |
|---|
| 52 | |
|---|
| 53 | // allow HTTP requests for audio files |
|---|
| 54 | add_filter('wp_is_bad_request_extensions', 'rdp_mime_types_filter'); |
|---|
| 55 | function rdp_mime_types_filter($mimes){ |
|---|
| 56 | echo 'apply filter to allow HTTP requests for audio files'; |
|---|
| 57 | unset($mimes['mp3|m4a|m4b']); |
|---|
| 58 | unset($mimes['ra|ram']); |
|---|
| 59 | unset($mimes['wav']); |
|---|
| 60 | unset($mimes['ogg|oga']); |
|---|
| 61 | unset($mimes['mid|midi']); |
|---|
| 62 | unset($mimes['wma']); |
|---|
| 63 | unset($mimes['wax']); |
|---|
| 64 | unset($mimes['mka']); |
|---|
| 65 | return $mimes; |
|---|
| 66 | } |
|---|
| 67 | |
|---|
| 68 | echo "test: wp_is_bad_request()<br>"; |
|---|
| 69 | echo 'expected value: false<br>'; |
|---|
| 70 | $isBad = wp_is_bad_request(); |
|---|
| 71 | var_dump($isBad); |
|---|
| 72 | |
|---|
| 73 | // ico extension |
|---|
| 74 | echo "test: wp_is_bad_request('ico')<br>"; |
|---|
| 75 | echo 'expected value: true<br>'; |
|---|
| 76 | $isBad = wp_is_bad_request('ico'); |
|---|
| 77 | var_dump($isBad); |
|---|
| 78 | |
|---|
| 79 | // wav extension |
|---|
| 80 | echo "test: wp_is_bad_request('wav')<br>"; |
|---|
| 81 | echo 'expected value: false<br>'; |
|---|
| 82 | $isBad = wp_is_bad_request('wav'); |
|---|
| 83 | var_dump($isBad); |
|---|
| 84 | |
|---|
| 85 | |
|---|
| 86 | |
|---|
| 87 | |
|---|
| 88 | /** |
|---|
| 89 | * Don't load all of WordPress when handling a favicon.ico request. |
|---|
| 90 | * |
|---|
| 91 | * Instead, send the headers for a zero-length favicon and bail. |
|---|
| 92 | * |
|---|
| 93 | * @since 3.0.0 |
|---|
| 94 | */ |
|---|
| 95 | function wp_favicon_request_x() { |
|---|
| 96 | $isBad = wp_is_bad_request(); |
|---|
| 97 | if($isBad){ |
|---|
| 98 | header('Content-Type: image/vnd.microsoft.icon'); |
|---|
| 99 | exit; |
|---|
| 100 | } |
|---|
| 101 | } |
|---|