enmi-conf.org: comparison wp/wp-includes/load.php

equal deleted inserted replaced

-:34716fd837a4
+:be944660c56a
 	$PHP_SELF = $_SERVER['PHP_SELF'];
 	if ( empty( $PHP_SELF ) ) {
 		$_SERVER['PHP_SELF'] = preg_replace( '/(\?.*)?$/', '', $_SERVER['REQUEST_URI'] );
 		$PHP_SELF            = $_SERVER['PHP_SELF'];
 	}
+	wp_populate_basic_auth_from_authorization_header();
+}
+/**
+* Populates the Basic Auth server details from the Authorization header.
+*
+* Some servers running in CGI or FastCGI mode don't pass the Authorization
+* header on to WordPress.  If it's been rewritten to the `HTTP_AUTHORIZATION` header,
+* fill in the proper $_SERVER variables instead.
+*
+* @since 5.6.0
+*/
+function wp_populate_basic_auth_from_authorization_header() {
+	// If we don't have anything to pull from, return early.
+	if ( ! isset( $_SERVER['HTTP_AUTHORIZATION'] ) && ! isset( $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] ) ) {
+		return;
+	}
+	// If either PHP_AUTH key is already set, do nothing.
+	if ( isset( $_SERVER['PHP_AUTH_USER'] ) || isset( $_SERVER['PHP_AUTH_PW'] ) ) {
+		return;
+	}
+	// From our prior conditional, one of these must be set.
+	$header = isset( $_SERVER['HTTP_AUTHORIZATION'] ) ? $_SERVER['HTTP_AUTHORIZATION'] : $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
+	// Test to make sure the pattern matches expected.
+	if ( ! preg_match( '%^Basic [a-z\d/+]*={0,2}$%i', $header ) ) {
+		return;
+	}
+	// Removing `Basic ` the token would start six characters in.
+	$token    = substr( $header, 6 );
+	$userpass = base64_decode( $token );
+	list( $user, $pass ) = explode( ':', $userpass );
+	// Now shove them in the proper keys where we're expecting later on.
+	$_SERVER['PHP_AUTH_USER'] = $user;
+	$_SERVER['PHP_AUTH_PW']   = $pass;
 }
 /**
 * Check for the required PHP version, and the MySQL extension or
 * a database drop-in.
 		header( 'Content-Type: text/html; charset=utf-8' );
 		printf( 'Your server is running PHP version %1$s but WordPress %2$s requires at least %3$s.', $php_version, $wp_version, $required_php_version );
 		exit( 1 );
 	}
-	if ( ! extension_loaded( 'mysql' ) && ! extension_loaded( 'mysqli' ) && ! extension_loaded( 'mysqlnd' ) && ! file_exists( WP_CONTENT_DIR . '/db.php' ) ) {
+	if ( ! extension_loaded( 'mysql' ) && ! extension_loaded( 'mysqli' ) && ! extension_loaded( 'mysqlnd' )
+		// This runs before default constants are defined, so we can't assume WP_CONTENT_DIR is set yet.
+		&& ( defined( 'WP_CONTENT_DIR' ) && ! file_exists( WP_CONTENT_DIR . '/db.php' )
+			|| ! file_exists( ABSPATH . 'wp-content/db.php' ) )
+	) {
 		require_once ABSPATH . WPINC . '/functions.php';
 		wp_load_translations_early();
 		$args = array(
 			'exit' => false,
 			'code' => 'mysql_not_found',
 * Retrieves the current environment type.
 *
 * The type can be set via the `WP_ENVIRONMENT_TYPE` global system variable,
 * or a constant of the same name.
 *
-* Possible values include 'local', 'development', 'staging', 'production'.
+* Possible values are 'local', 'development', 'staging', and 'production'.
 * If not set, the type defaults to 'production'.
 *
 * @since 5.5.0
 * @since 5.5.1 Added the 'local' type.
 * @since 5.5.1 Removed the ability to alter the list of types.
 	return true;
 }
 /**
+* Get the time elapsed so far during this PHP script.
+*
+* Uses REQUEST_TIME_FLOAT that appeared in PHP 5.4.0.
+*
+* @since 5.8.0
+*
+* @return float Seconds since the PHP script started.
+*/
+function timer_float() {
+	return microtime( true ) - $_SERVER['REQUEST_TIME_FLOAT'];
+}
+/**
 * Start the WordPress micro-timer.
 *
 * @since 0.71
 * @access private
 *
 	 *
 	 * This filter runs before it can be used by plugins. It is designed for
 	 * non-web run-times. Returning false causes the `WP_DEBUG` and related
 	 * constants to not be checked and the default PHP values for errors
 	 * will be used unless you take care to update them yourself.
+	 *
+	 * To use this filter you must define a `$wp_filter` global before
+	 * WordPress loads, usually in `wp-config.php`.
+	 *
+	 * Example:
+	 *
+	 *     $GLOBALS['wp_filter'] = array(
+	 *         'enable_wp_debug_mode_checks' => array(
+	 *             10 => array(
+	 *                 array(
+	 *                     'accepted_args' => 0,
+	 *                     'function'      => function() {
+	 *                         return false;
+	 *                     },
+	 *                 ),
+	 *             ),
+	 *         ),
+	 *     );
 	 *
 	 * @since 4.6.0
 	 *
 	 * @param bool $enable_debug_mode Whether to enable debug mode checks to occur. Default true.
 	 */
 function wp_start_object_cache() {
 	global $wp_filter;
 	static $first_init = true;
 	// Only perform the following checks once.
-	if ( $first_init ) {
+	/**
+	 * Filters whether to enable loading of the object-cache.php drop-in.
+	 *
+	 * This filter runs before it can be used by plugins. It is designed for non-web
+	 * run-times. If false is returned, object-cache.php will never be loaded.
+	 *
+	 * @since 5.8.0
+	 *
+	 * @param bool $enable_object_cache Whether to enable loading object-cache.php (if present).
+	 *                                    Default true.
+	 */
+	if ( $first_init && apply_filters( 'enable_loading_object_cache_dropin', true ) ) {
 		if ( ! function_exists( 'wp_cache_init' ) ) {
 			/*
 			 * This is the normal situation. First-run of this function. No
 			 * caching backend has been loaded.
 			 *
 /**
 * Determines whether we are currently on an endpoint that should be protected against WSODs.
 *
 * @since 5.2.0
 *
+* @global string $pagenow
+*
 * @return bool True if the current endpoint should be protected.
 */
 function is_protected_endpoint() {
 	// Protect login pages.
 	if ( isset( $GLOBALS['pagenow'] ) && 'wp-login.php' === $GLOBALS['pagenow'] ) {
 	 */
 	return apply_filters( 'wp_doing_cron', defined( 'DOING_CRON' ) && DOING_CRON );
 }
 /**
-* Check whether variable is a WordPress Error.
+* Checks whether the given variable is a WordPress Error.
 *
-* Returns true if $thing is an object of the WP_Error class.
+* Returns whether `$thing` is an instance of the `WP_Error` class.
 *
 * @since 2.1.0
 *
-* @param mixed $thing Check if unknown variable is a WP_Error object.
+* @param mixed $thing The variable to check.
-* @return bool True, if WP_Error. False, if not WP_Error.
+* @return bool Whether the variable is an instance of WP_Error.
 */
 function is_wp_error( $thing ) {
-	return ( $thing instanceof WP_Error );
+	$is_wp_error = ( $thing instanceof WP_Error );
+	if ( $is_wp_error ) {
+		/**
+		 * Fires when `is_wp_error()` is called and its parameter is an instance of `WP_Error`.
+		 *
+		 * @since 5.6.0
+		 *
+		 * @param WP_Error $thing The error object passed to `is_wp_error()`.
+		 */
+		do_action( 'is_wp_error_instance', $thing );
+	}
+	return $is_wp_error;
 }
 /**
 * Determines whether file modifications are allowed.
 *
 	if ( get_transient( 'scrape_key_' . $key ) !== $nonce ) {
 		echo "###### wp_scraping_result_start:$key ######";
 		echo wp_json_encode(
 			array(
 				'code'    => 'scrape_nonce_failure',
-				'message' => __( 'Scrape nonce check failed. Please try again.' ),
+				'message' => __( 'Scrape key check failed. Please try again.' ),
 			)
 		);
 		echo "###### wp_scraping_result_end:$key ######";
 		die();
 	}
 * @return bool True if `Accepts` or `Content-Type` headers contain `application/json`.
 *              False otherwise.
 */
 function wp_is_json_request() {
-	if ( isset( $_SERVER['HTTP_ACCEPT'] ) && false !== strpos( $_SERVER['HTTP_ACCEPT'], 'application/json' ) ) {
+	if ( isset( $_SERVER['HTTP_ACCEPT'] ) && wp_is_json_media_type( $_SERVER['HTTP_ACCEPT'] ) ) {
 		return true;
 	}
-	if ( isset( $_SERVER['CONTENT_TYPE'] ) && 'application/json' === $_SERVER['CONTENT_TYPE'] ) {
+	if ( isset( $_SERVER['CONTENT_TYPE'] ) && wp_is_json_media_type( $_SERVER['CONTENT_TYPE'] ) ) {
 		return true;
 	}
 	return false;
 	/** This filter is documented in wp-includes/rest-api/class-wp-rest-server.php */
 	$jsonp_enabled = apply_filters( 'rest_jsonp_enabled', true );
 	return $jsonp_enabled;
+}
+/**
+* Checks whether a string is a valid JSON Media Type.
+*
+* @since 5.6.0
+*
+* @param string $media_type A Media Type string to check.
+* @return bool True if string is a valid JSON Media Type.
+*/
+function wp_is_json_media_type( $media_type ) {
+	static $cache = array();
+	if ( ! isset( $cache[ $media_type ] ) ) {
+		$cache[ $media_type ] = (bool) preg_match( '/(^|\s|,)application\/([\w!#\$&-\^\.\+]+\+)?json(\+oembed)?($|\s|;|,)/i', $media_type );
+	}
+	return $cache[ $media_type ];
 }
 /**
 * Checks whether current request is an XML request, or is expecting an XML response.
 *
 		return true;
 	}
 	return false;
 }
+/**
+* Checks if this site is protected by HTTP Basic Auth.
+*
+* At the moment, this merely checks for the present of Basic Auth credentials. Therefore, calling
+* this function with a context different from the current context may give inaccurate results.
+* In a future release, this evaluation may be made more robust.
+*
+* Currently, this is only used by Application Passwords to prevent a conflict since it also utilizes
+* Basic Auth.
+*
+* @since 5.6.1
+*
+* @global string $pagenow The current page.
+*
+* @param string $context The context to check for protection. Accepts 'login', 'admin', and 'front'.
+*                        Defaults to the current context.
+* @return bool Whether the site is protected by Basic Auth.
+*/
+function wp_is_site_protected_by_basic_auth( $context = '' ) {
+	global $pagenow;
+	if ( ! $context ) {
+		if ( 'wp-login.php' === $pagenow ) {
+			$context = 'login';
+		} elseif ( is_admin() ) {
+			$context = 'admin';
+		} else {
+			$context = 'front';
+		}
+	}
+	$is_protected = ! empty( $_SERVER['PHP_AUTH_USER'] ) || ! empty( $_SERVER['PHP_AUTH_PW'] );
+	/**
+	 * Filters whether a site is protected by HTTP Basic Auth.
+	 *
+	 * @since 5.6.1
+	 *
+	 * @param bool $is_protected Whether the site is protected by Basic Auth.
+	 * @param string $context    The context to check for protection. One of 'login', 'admin', or 'front'.
+	 */
+	return apply_filters( 'wp_is_site_protected_by_basic_auth', $is_protected, $context );
+}

changeset 18	be944660c56a
parent 16	a86126ab1dd4
child 19	3d72ae0968f4