diff -r 3d4e9c994f10 -r a86126ab1dd4 wp/wp-includes/class-wp.php --- a/wp/wp-includes/class-wp.php Tue Oct 22 16:11:46 2019 +0200 +++ b/wp/wp-includes/class-wp.php Tue Dec 15 13:49:49 2020 +0100 @@ -14,7 +14,7 @@ * @since 2.0.0 * @var string[] */ - public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' ); + public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'favicon', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' ); /** * Private query variables. @@ -90,7 +90,7 @@ * @param string $qv Query variable name. */ public function add_query_var( $qv ) { - if ( ! in_array( $qv, $this->public_query_vars ) ) { + if ( ! in_array( $qv, $this->public_query_vars, true ) ) { $this->public_query_vars[] = $qv; } } @@ -111,8 +111,8 @@ * * @since 2.3.0 * - * @param string $key Query variable name. - * @param mixed $value Query variable value. + * @param string $key Query variable name. + * @param mixed $value Query variable value. */ public function set_query_var( $key, $value ) { $this->query_vars[ $key ] = $value; @@ -126,7 +126,7 @@ * * @since 2.0.0 * - * @global WP_Rewrite $wp_rewrite + * @global WP_Rewrite $wp_rewrite WordPress rewrite component. * * @param array|string $extra_query_vars Set the extra query variables. */ @@ -173,10 +173,11 @@ $home_path = trim( parse_url( home_url(), PHP_URL_PATH ), '/' ); $home_path_regex = sprintf( '|^%s|i', preg_quote( $home_path, '|' ) ); - // Trim path info from the end and the leading home path from the - // front. For path info requests, this leaves us with the requesting - // filename, if any. For 404 requests, this leaves us with the - // requested permalink. + /* + * Trim path info from the end and the leading home path from the front. + * For path info requests, this leaves us with the requesting filename, if any. + * For 404 requests, this leaves us with the requested permalink. + */ $req_uri = str_replace( $pathinfo, '', $req_uri ); $req_uri = trim( $req_uri, '/' ); $req_uri = preg_replace( $home_path_regex, '', $req_uri ); @@ -189,7 +190,7 @@ $self = trim( $self, '/' ); // The requested permalink is in $pathinfo for path info requests and - // $req_uri for other requests. + // $req_uri for other requests. if ( ! empty( $pathinfo ) && ! preg_match( '|^.*' . $wp_rewrite->index . '$|', $pathinfo ) ) { $requested_path = $pathinfo; } else { @@ -206,7 +207,7 @@ // Look for matches. $request_match = $requested_path; if ( empty( $request_match ) ) { - // An empty request could only match against ^$ regex + // An empty request could only match against ^$ regex. if ( isset( $rewrite['$'] ) ) { $this->matched_rule = '$'; $query = $rewrite['$']; @@ -274,7 +275,7 @@ } /** - * Filters the query variables whitelist before processing. + * Filters the query variables allowed before processing. * * Allows (publicly allowed) query vars to be added, removed, or changed prior * to executing the query. Needed to allow custom rewrite rules using your own arguments @@ -282,7 +283,7 @@ * * @since 1.5.0 * - * @param string[] $public_query_vars The array of whitelisted query variable names. + * @param string[] $public_query_vars The array of allowed query variable names. */ $this->public_query_vars = apply_filters( 'query_vars', $this->public_query_vars ); @@ -323,7 +324,7 @@ } } - // Convert urldecoded spaces back into + + // Convert urldecoded spaces back into '+'. foreach ( get_taxonomies( array(), 'objects' ) as $taxonomy => $t ) { if ( $t->query_var && isset( $this->query_vars[ $t->query_var ] ) ) { $this->query_vars[ $t->query_var ] = str_replace( ' ', '+', $this->query_vars[ $t->query_var ] ); @@ -343,11 +344,11 @@ } } - // Limit publicly queried post_types to those that are publicly_queryable + // Limit publicly queried post_types to those that are 'publicly_queryable'. if ( isset( $this->query_vars['post_type'] ) ) { $queryable_post_types = get_post_types( array( 'publicly_queryable' => true ) ); if ( ! is_array( $this->query_vars['post_type'] ) ) { - if ( ! in_array( $this->query_vars['post_type'], $queryable_post_types ) ) { + if ( ! in_array( $this->query_vars['post_type'], $queryable_post_types, true ) ) { unset( $this->query_vars['post_type'] ); } } else { @@ -403,6 +404,10 @@ if ( is_user_logged_in() ) { $headers = array_merge( $headers, wp_get_nocache_headers() ); + } elseif ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) { + // Unmoderated comments are only visible for one minute via the moderation hash. + $headers['Expires'] = gmdate( 'D, d M Y H:i:s', time() + MINUTE_IN_SECONDS ); + $headers['Cache-Control'] = 'max-age=60, must-revalidate'; } if ( ! empty( $this->query_vars['error'] ) ) { $status = (int) $this->query_vars['error']; @@ -411,15 +416,15 @@ $headers = array_merge( $headers, wp_get_nocache_headers() ); } $headers['Content-Type'] = get_option( 'html_type' ) . '; charset=' . get_option( 'blog_charset' ); - } elseif ( in_array( $status, array( 403, 500, 502, 503 ) ) ) { + } elseif ( in_array( $status, array( 403, 500, 502, 503 ), true ) ) { $exit_required = true; } } elseif ( empty( $this->query_vars['feed'] ) ) { $headers['Content-Type'] = get_option( 'html_type' ) . '; charset=' . get_option( 'blog_charset' ); } else { - // Set the correct content type for feeds + // Set the correct content type for feeds. $type = $this->query_vars['feed']; - if ( 'feed' == $this->query_vars['feed'] ) { + if ( 'feed' === $this->query_vars['feed'] ) { $type = get_default_feed(); } $headers['Content-Type'] = feed_content_type( $type ) . '; charset=' . get_option( 'blog_charset' ); @@ -443,7 +448,7 @@ } if ( ! $wp_last_modified ) { - $wp_last_modified = date( 'D, d M Y H:i:s' ); + $wp_last_modified = gmdate( 'D, d M Y H:i:s' ); } $wp_last_modified .= ' GMT'; @@ -452,7 +457,7 @@ $headers['Last-Modified'] = $wp_last_modified; $headers['ETag'] = $wp_etag; - // Support for Conditional GET + // Support for conditional GET. if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ) { $client_etag = wp_unslash( $_SERVER['HTTP_IF_NONE_MATCH'] ); } else { @@ -460,10 +465,10 @@ } $client_last_modified = empty( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ? '' : trim( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ); - // If string is empty, return 0. If not, attempt to parse into a timestamp + // If string is empty, return 0. If not, attempt to parse into a timestamp. $client_modified_timestamp = $client_last_modified ? strtotime( $client_last_modified ) : 0; - // Make a timestamp for our most recent modification... + // Make a timestamp for our most recent modification.. $wp_modified_timestamp = strtotime( $wp_last_modified ); if ( ( $client_last_modified && $client_etag ) ? @@ -492,27 +497,19 @@ if ( isset( $headers['Last-Modified'] ) && false === $headers['Last-Modified'] ) { unset( $headers['Last-Modified'] ); - // In PHP 5.3+, make sure we are not sending a Last-Modified header. - if ( function_exists( 'header_remove' ) ) { - @header_remove( 'Last-Modified' ); - } else { - // In PHP 5.2, send an empty Last-Modified header, but only as a - // last resort to override a header already sent. #WP23021 - foreach ( headers_list() as $header ) { - if ( 0 === stripos( $header, 'Last-Modified' ) ) { - $headers['Last-Modified'] = ''; - break; - } - } + if ( ! headers_sent() ) { + header_remove( 'Last-Modified' ); } } - foreach ( (array) $headers as $name => $field_value ) { - @header( "{$name}: {$field_value}" ); + if ( ! headers_sent() ) { + foreach ( (array) $headers as $name => $field_value ) { + header( "{$name}: {$field_value}" ); + } } if ( $exit_required ) { - exit(); + exit; } /** @@ -550,11 +547,16 @@ * Filters the query string before parsing. * * @since 1.5.0 - * @deprecated 2.1.0 Use 'query_vars' or 'request' filters instead. + * @deprecated 2.1.0 Use {@see 'query_vars'} or {@see 'request'} filters instead. * * @param string $query_string The query string to modify. */ - $this->query_string = apply_filters( 'query_string', $this->query_string ); + $this->query_string = apply_filters_deprecated( + 'query_string', + array( $this->query_string ), + '2.1.0', + 'query_vars, request' + ); parse_str( $this->query_string, $this->query_vars ); } } @@ -568,14 +570,14 @@ * * @since 2.0.0 * - * @global WP_Query $wp_query + * @global WP_Query $wp_query WordPress Query object. * @global string $query_string Query string for the loop. - * @global array $posts The found posts. - * @global WP_Post|null $post The current post, if available. - * @global string $request The SQL statement for the request. - * @global int $more Only set, if single page or post. - * @global int $single If single page or post. Only set, if single page or post. - * @global WP_User $authordata Only set, if author archive. + * @global array $posts The found posts. + * @global WP_Post|null $post The current post, if available. + * @global string $request The SQL statement for the request. + * @global int $more Only set, if single page or post. + * @global int $single If single page or post. Only set, if single page or post. + * @global WP_User $authordata Only set, if author archive. */ public function register_globals() { global $wp_query; @@ -614,7 +616,7 @@ * * @since 2.0.0 * - * @global WP_Query $wp_the_query + * @global WP_Query $wp_the_query WordPress Query object. */ public function query_posts() { global $wp_the_query; @@ -625,19 +627,19 @@ /** * Set the Headers for 404, if nothing is found for requested URL. * - * Issue a 404 if a request doesn't match any posts and doesn't match - * any object (e.g. an existing-but-empty category, tag, author) and a 404 was not already - * issued, and if the request was not a search or the homepage. + * Issue a 404 if a request doesn't match any posts and doesn't match any object + * (e.g. an existing-but-empty category, tag, author) and a 404 was not already issued, + * and if the request was not a search or the homepage. * * Otherwise, issue a 200. * - * This sets headers after posts have been queried. handle_404() really means "handle status." + * This sets headers after posts have been queried. handle_404() really means "handle status". * By inspecting the result of querying posts, seemingly successful requests can be switched to * a 404 so that canonical redirection logic can kick in. * * @since 2.0.0 * - * @global WP_Query $wp_query + * @global WP_Query $wp_query WordPress Query object. */ public function handle_404() { global $wp_query; @@ -662,63 +664,69 @@ return; } - // Never 404 for the admin, robots, or if we found posts. - if ( is_admin() || is_robots() || $wp_query->posts ) { + $set_404 = true; - $success = true; + // Never 404 for the admin, robots, or favicon. + if ( is_admin() || is_robots() || is_favicon() ) { + $set_404 = false; + + // If posts were found, check for paged content. + } elseif ( $wp_query->posts ) { + $content_found = true; + if ( is_singular() ) { - $p = false; + $post = isset( $wp_query->post ) ? $wp_query->post : null; - if ( $wp_query->post instanceof WP_Post ) { - $p = clone $wp_query->post; + // Only set X-Pingback for single posts that allow pings. + if ( $post && pings_open( $post ) && ! headers_sent() ) { + header( 'X-Pingback: ' . get_bloginfo( 'pingback_url', 'display' ) ); } - // Only set X-Pingback for single posts that allow pings. - if ( $p && pings_open( $p ) ) { - @header( 'X-Pingback: ' . get_bloginfo( 'pingback_url', 'display' ) ); - } - - // check for paged content that exceeds the max number of pages + // Check for paged content that exceeds the max number of pages. $next = ''; - if ( $p && false !== strpos( $p->post_content, $next ) && ! empty( $this->query_vars['page'] ) ) { - $page = trim( $this->query_vars['page'], '/' ); - $success = (int) $page <= ( substr_count( $p->post_content, $next ) + 1 ); + if ( $post && ! empty( $this->query_vars['page'] ) ) { + // Check if content is actually intended to be paged. + if ( false !== strpos( $post->post_content, $next ) ) { + $page = trim( $this->query_vars['page'], '/' ); + $content_found = (int) $page <= ( substr_count( $post->post_content, $next ) + 1 ); + } else { + $content_found = false; + } } } - if ( $success ) { - status_header( 200 ); - return; + // The posts page does not support the pagination. + if ( $wp_query->is_posts_page && ! empty( $this->query_vars['page'] ) ) { + $content_found = false; + } + + if ( $content_found ) { + $set_404 = false; + } + + // We will 404 for paged queries, as no posts were found. + } elseif ( ! is_paged() ) { + $author = get_query_var( 'author' ); + + // Don't 404 for authors without posts as long as they matched an author on this site. + if ( is_author() && is_numeric( $author ) && $author > 0 && is_user_member_of_blog( $author ) + // Don't 404 for these queries if they matched an object. + || ( is_tag() || is_category() || is_tax() || is_post_type_archive() ) && get_queried_object() + // Don't 404 for these queries either. + || is_home() || is_search() || is_feed() + ) { + $set_404 = false; } } - // We will 404 for paged queries, as no posts were found. - if ( ! is_paged() ) { - - // Don't 404 for authors without posts as long as they matched an author on this site. - $author = get_query_var( 'author' ); - if ( is_author() && is_numeric( $author ) && $author > 0 && is_user_member_of_blog( $author ) ) { - status_header( 200 ); - return; - } - - // Don't 404 for these queries if they matched an object. - if ( ( is_tag() || is_category() || is_tax() || is_post_type_archive() ) && get_queried_object() ) { - status_header( 200 ); - return; - } - - // Don't 404 for these queries either. - if ( is_home() || is_search() || is_feed() ) { - status_header( 200 ); - return; - } + if ( $set_404 ) { + // Guess it's time to 404. + $wp_query->set_404(); + status_header( 404 ); + nocache_headers(); + } else { + status_header( 200 ); } - - // Guess it's time to 404. - $wp_query->set_404(); - status_header( 404 ); - nocache_headers(); } /**