summaryrefslogtreecommitdiffstats
path: root/wp-includes/pluggable.php
diff options
context:
space:
mode:
authordonncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36>2008-06-13 17:21:00 +0000
committerdonncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36>2008-06-13 17:21:00 +0000
commit12de05107e4c8b006bde6ee8916f34eb476d08da (patch)
tree123ee54ecd1f3f777373b7df54a4604012d43640 /wp-includes/pluggable.php
parente51c7a9ca4bfdb45fa3ec7334bd33871e78c68b1 (diff)
downloadwordpress-mu-12de05107e4c8b006bde6ee8916f34eb476d08da.tar.gz
wordpress-mu-12de05107e4c8b006bde6ee8916f34eb476d08da.tar.xz
wordpress-mu-12de05107e4c8b006bde6ee8916f34eb476d08da.zip
WP Merge with revision 8075
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1328 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-includes/pluggable.php')
-rw-r--r--wp-includes/pluggable.php274
1 files changed, 226 insertions, 48 deletions
diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index be7dda2..325f9d7 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -100,8 +100,10 @@ function get_currentuserinfo() {
return;
if ( ! $user = wp_validate_auth_cookie() ) {
- wp_set_current_user(0);
- return false;
+ if ( empty($_COOKIE[LOGGED_IN_COOKIE]) || !$user = wp_validate_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], 'logged_in') ) {
+ wp_set_current_user(0);
+ return false;
+ }
}
wp_set_current_user($user);
@@ -471,13 +473,22 @@ if ( !function_exists('wp_validate_auth_cookie') ) :
* @since 2.5
*
* @param string $cookie Optional. If used, will validate contents instead of cookie's
+ * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
* @return bool|int False if invalid cookie, User ID if valid.
*/
-function wp_validate_auth_cookie($cookie = '') {
+function wp_validate_auth_cookie($cookie = '', $scheme = 'auth') {
if ( empty($cookie) ) {
- if ( empty($_COOKIE[AUTH_COOKIE]) )
+ if ( is_ssl() ) {
+ $cookie_name = SECURE_AUTH_COOKIE;
+ $scheme = 'secure_auth';
+ } else {
+ $cookie_name = AUTH_COOKIE;
+ $scheme = 'auth';
+ }
+
+ if ( empty($_COOKIE[$cookie_name]) )
return false;
- $cookie = $_COOKIE[AUTH_COOKIE];
+ $cookie = $_COOKIE[$cookie_name];
}
$cookie_elements = explode('|', $cookie);
@@ -496,7 +507,7 @@ function wp_validate_auth_cookie($cookie = '') {
if ( $expired < time() )
return false;
- $key = wp_hash($username . '|' . $expiration);
+ $key = wp_hash($username . '|' . $expiration, $scheme);
$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
if ( $hmac != $hash )
@@ -520,17 +531,18 @@ if ( !function_exists('wp_generate_auth_cookie') ) :
*
* @param int $user_id User ID
* @param int $expiration Cookie expiration in seconds
+ * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
* @return string Authentication cookie contents
*/
-function wp_generate_auth_cookie($user_id, $expiration) {
+function wp_generate_auth_cookie($user_id, $expiration, $scheme = 'auth') {
$user = get_userdata($user_id);
- $key = wp_hash($user->user_login . '|' . $expiration);
+ $key = wp_hash($user->user_login . '|' . $expiration, $scheme);
$hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key);
$cookie = $user->user_login . '|' . $expiration . '|' . $hash;
- return apply_filters('auth_cookie', $cookie, $user_id, $expiration);
+ return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $scheme);
}
endif;
@@ -548,7 +560,7 @@ if ( !function_exists('wp_set_auth_cookie') ) :
* @param int $user_id User ID
* @param bool $remember Whether to remember the user or not
*/
-function wp_set_auth_cookie($user_id, $remember = false) {
+function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
if ( $remember ) {
$expiration = $expire = time() + 1209600;
} else {
@@ -556,13 +568,27 @@ function wp_set_auth_cookie($user_id, $remember = false) {
$expire = 0;
}
- $cookie = wp_generate_auth_cookie($user_id, $expiration);
+ if ( '' === $secure )
+ $secure = is_ssl() ? true : false;
+
+ if ( $secure ) {
+ $auth_cookie_name = SECURE_AUTH_COOKIE;
+ $scheme = 'secure_auth';
+ } else {
+ $auth_cookie_name = AUTH_COOKIE;
+ $scheme = 'auth';
+ }
+
+ $auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
+ $logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
- do_action('set_auth_cookie', $cookie, $expire);
+ do_action('set_auth_cookie', $auth_cookie, $expire, $scheme);
+ do_action('set_auth_cookie', $logged_in_cookie, $expire, 'logged_in');
- setcookie(AUTH_COOKIE, $cookie, $expire, COOKIEPATH, COOKIE_DOMAIN);
+ setcookie($auth_cookie_name, $auth_cookie, $expire, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN, $secure);
+ setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN);
if ( COOKIEPATH != SITECOOKIEPATH )
- setcookie(AUTH_COOKIE, $cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN);
+ setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN);
}
endif;
@@ -573,8 +599,12 @@ if ( !function_exists('wp_clear_auth_cookie') ) :
* @since 2.5
*/
function wp_clear_auth_cookie() {
- setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
- setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
+ setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH . 'wp-admin', COOKIE_DOMAIN);
+ setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN);
+ setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH . 'wp-admin', COOKIE_DOMAIN);
+ setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN);
+ setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
+ setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
// Old cookies
setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
@@ -610,15 +640,38 @@ if ( !function_exists('auth_redirect') ) :
*/
function auth_redirect() {
// Checks if a user is logged in, if not redirects them to the login page
- if ( (!empty($_COOKIE[AUTH_COOKIE]) &&
- !wp_validate_auth_cookie($_COOKIE[AUTH_COOKIE])) ||
- (empty($_COOKIE[AUTH_COOKIE])) ) {
- nocache_headers();
- wp_clearcookie();
-
- wp_redirect(get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
- exit();
+
+ if ( is_ssl() || force_ssl_admin() )
+ $secure = true;
+ else
+ $secure = false;
+
+ // If https is required and request is http, redirect
+ if ( $secure && !is_ssl() ) {
+ if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
+ wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
+ exit();
+ } else {
+ wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
+ exit();
+ }
}
+
+ if ( wp_validate_auth_cookie() )
+ return; // The cookie is good so we're done
+
+ // The cookie is no good so force login
+ nocache_headers();
+
+ if ( is_ssl() )
+ $proto = 'https://';
+ else
+ $proto = 'http://';
+
+ $login_url = site_url( 'wp-login.php?redirect_to=' . urlencode($proto . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']), 'login' );
+
+ wp_redirect($login_url);
+ exit();
}
endif;
@@ -633,7 +686,7 @@ if ( !function_exists('check_admin_referer') ) :
* @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
*/
function check_admin_referer($action = -1, $query_arg = '_wpnonce') {
- $adminurl = strtolower(get_option('siteurl')).'/wp-admin';
+ $adminurl = strtolower(admin_url());
$referer = strtolower(wp_get_referer());
$result = wp_verify_nonce($_REQUEST[$query_arg], $action);
if ( !$result && !(-1 == $action && strpos($referer, $adminurl) !== false) ) {
@@ -763,7 +816,7 @@ function wp_safe_redirect($location, $status = 302) {
$allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : '');
if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host'])) )
- $location = get_option('siteurl') . '/wp-admin/';
+ $location = admin_url();
wp_redirect($location, $status);
}
@@ -817,8 +870,8 @@ function wp_notify_postauthor($comment_id, $comment_type='') {
$subject = sprintf( __('[%1$s] Pingback: "%2$s"'), $blogname, $post->post_title );
}
$notify_message .= get_permalink($comment->comment_post_ID) . "#comments\r\n\r\n";
- $notify_message .= sprintf( __('Delete it: %s'), get_option('siteurl')."/wp-admin/comment.php?action=cdc&c=$comment_id" ) . "\r\n";
- $notify_message .= sprintf( __('Spam it: %s'), get_option('siteurl')."/wp-admin/comment.php?action=cdc&dt=spam&c=$comment_id" ) . "\r\n";
+ $notify_message .= sprintf( __('Delete it: %s'), admin_url("comment.php?action=cdc&c=$comment_id") ) . "\r\n";
+ $notify_message .= sprintf( __('Spam it: %s'), admin_url("comment.php?action=cdc&dt=spam&c=$comment_id") ) . "\r\n";
$wp_email = 'wordpress@' . preg_replace('#^www\.#', '', strtolower($_SERVER['SERVER_NAME']));
@@ -897,13 +950,13 @@ function wp_notify_moderator($comment_id) {
break;
}
- $notify_message .= sprintf( __('Approve it: %s'), get_option('siteurl')."/wp-admin/comment.php?action=mac&c=$comment_id" ) . "\r\n";
- $notify_message .= sprintf( __('Delete it: %s'), get_option('siteurl')."/wp-admin/comment.php?action=cdc&c=$comment_id" ) . "\r\n";
- $notify_message .= sprintf( __('Spam it: %s'), get_option('siteurl')."/wp-admin/comment.php?action=cdc&dt=spam&c=$comment_id" ) . "\r\n";
+ $notify_message .= sprintf( __('Approve it: %s'), admin_url("comment.php?action=mac&c=$comment_id") ) . "\r\n";
+ $notify_message .= sprintf( __('Delete it: %s'), admin_url("comment.php?action=cdc&c=$comment_id") ) . "\r\n";
+ $notify_message .= sprintf( __('Spam it: %s'), admin_url("comment.php?action=cdc&dt=spam&c=$comment_id") ) . "\r\n";
- $strCommentsPending = sprintf( __ngettext('%s comment', '%s comments', $comments_waiting), $comments_waiting );
- $notify_message .= sprintf( __('Currently %s are waiting for approval. Please visit the moderation panel:'), $strCommentsPending ) . "\r\n";
- $notify_message .= get_option('siteurl') . "/wp-admin/edit-comments.php?comment_status=moderated\r\n";
+ $notify_message .= sprintf( __ngettext('Currently %s comment is waiting for approval. Please visit the moderation panel:',
+ 'Currently %s comments are waiting for approval. Please visit the moderation panel:', $comments_waiting), number_format_i18n($comments_waiting) ) . "\r\n";
+ $notify_message .= admin_url("edit-comments.php?comment_status=moderated") . "\r\n";
$subject = sprintf( __('[%1$s] Please moderate: "%2$s"'), get_option('blogname'), $post->post_title );
$admin_email = get_option('admin_email');
@@ -943,7 +996,7 @@ function wp_new_user_notification($user_id, $plaintext_pass = '') {
$message = sprintf(__('Username: %s'), $user_login) . "\r\n";
$message .= sprintf(__('Password: %s'), $plaintext_pass) . "\r\n";
- $message .= get_option('siteurl') . "/wp-login.php\r\n";
+ $message .= site_url("wp-login.php", 'login') . "\r\n";
wp_mail($user_email, sprintf(__('[%s] Your username and password'), get_option('blogname')), $message);
@@ -1050,23 +1103,56 @@ if ( !function_exists('wp_salt') ) :
*
* @return string Salt value from either 'SECRET_KEY' or 'secret' option
*/
-function wp_salt() {
+function wp_salt($scheme = 'auth') {
global $wp_default_secret_key;
$secret_key = '';
if ( defined('SECRET_KEY') && ('' != SECRET_KEY) && ( $wp_default_secret_key != SECRET_KEY) )
$secret_key = SECRET_KEY;
- if ( defined('SECRET_SALT') ) {
- $salt = SECRET_SALT;
- } else {
- $salt = get_option('secret');
- if ( empty($salt) ) {
- $salt = wp_generate_password();
- update_option('secret', $salt);
+ if ( 'auth' == $scheme ) {
+ if ( defined('AUTH_KEY') && ('' != AUTH_KEY) && ( $wp_default_secret_key != AUTH_KEY) )
+ $secret_key = AUTH_KEY;
+
+ if ( defined('AUTH_SALT') ) {
+ $salt = AUTH_SALT;
+ } elseif ( defined('SECRET_SALT') ) {
+ $salt = SECRET_SALT;
+ } else {
+ $salt = get_option('auth_salt');
+ if ( empty($salt) ) {
+ $salt = wp_generate_password();
+ update_option('auth_salt', $salt);
+ }
+ }
+ } elseif ( 'secure_auth' == $scheme ) {
+ if ( defined('SECURE_AUTH_KEY') && ('' != SECURE_AUTH_KEY) && ( $wp_default_secret_key != SECURE_AUTH_KEY) )
+ $secret_key = SECURE_AUTH_KEY;
+
+ if ( defined('SECURE_AUTH_SALT') ) {
+ $salt = SECRET_AUTH_SALT;
+ } else {
+ $salt = get_option('secure_auth_salt');
+ if ( empty($salt) ) {
+ $salt = wp_generate_password();
+ update_option('secure_auth_salt', $salt);
+ }
+ }
+ } elseif ( 'logged_in' == $scheme ) {
+ if ( defined('LOGGED_IN_KEY') && ('' != LOGGED_IN_KEY) && ( $wp_default_secret_key != LOGGED_IN_KEY) )
+ $secret_key = LOGGED_IN_KEY;
+
+ if ( defined('LOGGED_IN_SALT') ) {
+ $salt = LOGGED_IN_SALT;
+ } else {
+ $salt = get_option('logged_in_salt');
+ if ( empty($salt) ) {
+ $salt = wp_generate_password();
+ update_option('logged_in_salt', $salt);
+ }
}
}
- return apply_filters('salt', $secret_key . $salt);
+ return apply_filters('salt', $secret_key . $salt, $scheme);
}
endif;
@@ -1080,8 +1166,8 @@ if ( !function_exists('wp_hash') ) :
* @param string $data Plain text to hash
* @return string Hash of $data
*/
-function wp_hash($data) {
- $salt = wp_salt();
+function wp_hash($data, $scheme = 'auth') {
+ $salt = wp_salt($scheme);
return hash_hmac('md5', $data, $salt);
}
@@ -1250,8 +1336,26 @@ function get_avatar( $id_or_email, $size = '96', $default = '' ) {
$email = $id_or_email;
}
- if ( empty($default) )
- $default = "http://www.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=$size"; // ad516503a11cd5ca435acc9bb6523536 == md5('unknown@gravatar.com')
+ if ( empty($default) ) {
+ $avatar_default = get_option('avatar_default');
+ if ( empty($avatar_default) )
+ $default = 'mystery';
+ else
+ $default = $avatar_default;
+ }
+
+ if ( 'custom' == $default )
+ $default = add_query_arg( 's', $size, $defaults[$avatar_default][1] );
+ elseif ( 'mystery' == $default )
+ $default = "http://www.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s={$size}"; // ad516503a11cd5ca435acc9bb6523536 == md5('unknown@gravatar.com')
+ elseif ( 'blank' == $default )
+ $default = includes_url('images/blank.gif');
+ elseif ( !empty($email) && 'gravatar_default' == $default )
+ $default = '';
+ elseif ( 'gravatar_default' == $default )
+ $default = "http://www.gravatar.com/avatar/s={$size}";
+ elseif ( empty($email) )
+ $default = "http://www.gravatar.com/avatar/?d=$default&amp;s={$size}";
if ( !empty($email) ) {
$out = 'http://www.gravatar.com/avatar/';
@@ -1360,4 +1464,78 @@ function wp_login($username, $password, $deprecated = '') {
}
endif;
+if ( !function_exists( 'wp_text_diff' ) ) :
+/**
+ * wp_text_diff() - compares two strings and outputs a human readable HTML representation of their difference
+ *
+ * Basically a wrapper for man diff(1)
+ *
+ * Must accept an optional third parameter, $args @see wp_parse_args()
+ * (string) title: optional. If present, titles the diff in a manner compatible with the output
+ *
+ * Must return the empty string if the two compared strings are found to be equivalent according to whatever metric
+ *
+ * @since 2.6
+ * @uses Text_Diff
+ * @uses WP_Text_Diff_Renderer_Table
+ *
+ * @param string $left_string "old" (left) version of string
+ * @param string $right_string "new" (right) version of string
+ * @param string|array $args @see wp_parse_args()
+ * @return string human readable HTML of string differences. Empty string if strings are equivalent
+ */
+function wp_text_diff( $left_string, $right_string, $args = null ) {
+ $defaults = array( 'title' => '', 'title_left' => '', 'title_right' => '' );
+ $args = wp_parse_args( $args, $defaults );
+
+ // PEAR Text_Diff is lame; it includes things from include_path rather than it's own path.
+ // Not sure of the ramifications of disttributing modified code.
+ ini_set('include_path', '.' . PATH_SEPARATOR . ABSPATH . WPINC );
+
+ if ( !class_exists( 'WP_Text_Diff_Renderer_Table' ) )
+ require( ABSPATH . WPINC . '/wp-diff.php' );
+
+ // Normalize whitespace
+ $left_string = trim($left_string);
+ $right_string = trim($right_string);
+ $left_string = str_replace("\r", "\n", $left_string);
+ $right_string = str_replace("\r", "\n", $right_string);
+ $left_string = preg_replace( array( '/\n+/', '/[ \t]+/' ), array( "\n", ' ' ), $left_string );
+ $right_string = preg_replace( array( '/\n+/', '/[ \t]+/' ), array( "\n", ' ' ), $right_string );
+
+ $left_lines = split("\n", $left_string);
+ $right_lines = split("\n", $right_string);
+
+ $text_diff = new Text_Diff($left_lines, $right_lines);
+ $renderer = new WP_Text_Diff_Renderer_Table();
+ $diff = $renderer->render($text_diff);
+
+ ini_restore('include_path');
+
+ if ( !$diff )
+ return '';
+
+ $r = "<table class='diff'>\n";
+ $r .= "<col class='ltype' /><col class='content' /><col class='ltype' /><col class='content' />";
+
+ if ( $args['title'] || $args['title_left'] || $args['title_right'] )
+ $r .= "<thead>";
+ if ( $args['title'] )
+ $r .= "<tr class='diff-title'><th colspan='4'>$args[title]</th></tr>\n";
+ if ( $args['title_left'] || $args['title_right'] ) {
+ $r .= "<tr class='diff-sub-title'>\n";
+ $r .= "\t<td></td><th>$args[title_left]</th>\n";
+ $r .= "\t<td></td><th>$args[title_right]</th>\n";
+ $r .= "</tr>\n";
+ }
+ if ( $args['title'] || $args['title_left'] || $args['title_right'] )
+ $r .= "</thead>\n";
+
+ $r .= "<tbody>\n$diff\n</tbody>\n";
+ $r .= "</table>";
+
+ return $r;
+}
+endif;
+
?>
generated by cgit (git 2.34.1) at 2024-06-22 19:15:08 +0000