ata. ' . json_last_error_msg() ); /** * Filters the data provided by the user for global styles & settings. * * @since 6.1.0 * * @param WP_Theme_JSON_Data $theme_json Class to access and update the underlying data. */ $theme_json = apply_filters( 'wp_theme_json_data_user', new WP_Theme_JSON_Data( $config, 'custom' ) ); $config = $theme_json->get_data(); return new WP_Theme_JSON( $config, 'custom' ); } /* * Very important to verify that the flag isGlobalStylesUserThemeJSON is true. * If it's not true then the content was not escaped and is not safe. */ if ( is_array( $decoded_data ) && isset( $decoded_data['isGlobalStylesUserThemeJSON'] ) && $decoded_data['isGlobalStylesUserThemeJSON'] ) { unset( $decoded_data['isGlobalStylesUserThemeJSON'] ); $config = $decoded_data; } } /** This filter is documented in wp-includes/class-wp-theme-json-resolver.php */ $theme_json = apply_filters( 'wp_theme_json_data_user', new WP_Theme_JSON_Data( $config, 'custom' ) ); $config = $theme_json->get_data(); static::$user = new WP_Theme_JSON( $config, 'custom' ); return static::$user; } /** * Returns the data merged from multiple origins. * * There are four sources of data (origins) for a site: * * - default => WordPress * - blocks => each one of the blocks provides data for itself * - theme => the active theme * - custom => data provided by the user * * The custom's has higher priority than the theme's, the theme's higher than blocks', * and block's higher than default's. * * Unlike the getters * {@link https://developer.wordpress.org/reference/classes/wp_theme_json_resolver/get_core_data/ get_core_data}, * {@link https://developer.wordpress.org/reference/classes/wp_theme_json_resolver/get_theme_data/ get_theme_data}, * and {@link https://developer.wordpress.org/reference/classes/wp_theme_json_resolver/get_user_data/ get_user_data}, * this method returns data after it has been merged with the previous origins. * This means that if the same piece of data is declared in different origins * (default, blocks, theme, custom), the last origin overrides the previous. * * For example, if the user has set a background color * for the paragraph block, and the theme has done it as well, * the user preference wins. * * @since 5.8.0 * @since 5.9.0 Added user data, removed the `$settings` parameter, * added the `$origin` parameter. * @since 6.1.0 Added block data and generation of spacingSizes array. * @since 6.2.0 Changed ' $origin' parameter values to 'default', 'blocks', 'theme' or 'custom'. * * @param string $origin Optional. To what level should we merge data: 'default', 'blocks', 'theme' or 'custom'. * 'custom' is used as default value as well as fallback value if the origin is unknown. * @return WP_Theme_JSON */ public static function get_merged_data( $origin = 'custom' ) { if ( is_array( $origin ) ) { _deprecated_argument( __FUNCTION__, '5.9.0' ); } $result = new WP_Theme_JSON(); $result->merge( static::get_core_data() ); if ( 'default' === $origin ) { $result->set_spacing_sizes(); return $result; } $result->merge( static::get_block_data() ); if ( 'blocks' === $origin ) { return $result; } $result->merge( static::get_theme_data() ); if ( 'theme' === $origin ) { $result->set_spacing_sizes(); return $result; } $result->merge( static::get_user_data() ); $result->set_spacing_sizes(); return $result; } /** * Returns the ID of the custom post type * that stores user data. * * @since 5.9.0 * * @return integer|null */ public static function get_user_global_styles_post_id() { if ( null !== static::$user_custom_post_type_id ) { return static::$user_custom_post_type_id; } $user_cpt = static::get_user_data_from_wp_global_styles( wp_get_theme(), true ); if ( array_key_exists( 'ID', $user_cpt ) ) { static::$user_custom_post_type_id = $user_cpt['ID']; } return static::$user_custom_post_type_id; } /** * Determines whether the active theme has a theme.json file. * * @since 5.8.0 * @since 5.9.0 Added a check in the parent theme. * @deprecated 6.2.0 Use wp_theme_has_theme_json() instead. * * @return bool */ public static function theme_has_support() { _deprecated_function( __METHOD__, '6.2.0', 'wp_theme_has_theme_json()' ); return wp_theme_has_theme_json(); } /** * Builds the path to the given file and checks that it is readable. * * If it isn't, returns an empty string, otherwise returns the whole file path. * * @since 5.8.0 * @since 5.9.0 Adapted to work with child themes, added the `$template` argument. * * @param string $file_name Name of the file. * @param bool $template Optional. Use template theme directory. Default false. * @return string The whole file path or empty if the file doesn't exist. */ protected static function get_file_path_from_theme( $file_name, $template = false ) { $path = $template ? get_template_directory() : get_stylesheet_directory(); $candidate = $path . '/' . $file_name; return is_readable( $candidate ) ? $candidate : ''; } /** * Cleans the cached data so it can be recalculated. * * @since 5.8.0 * @since 5.9.0 Added the `$user`, `$user_custom_post_type_id`, * and `$i18n_schema` variables to reset. * @since 6.1.0 Added the `$blocks` and `$blocks_cache` variables * to reset. */ public static function clean_cached_data() { static::$core = null; static::$blocks = null; static::$blocks_cache = array( 'core' => array(), 'blocks' => array(), 'theme' => array(), 'user' => array(), ); static::$theme = null; static::$user = null; static::$user_custom_post_type_id = null; static::$i18n_schema = null; } /** * Returns an array of all nested JSON files within a given directory. * * @since 6.2.0 * * @param string $dir The directory to recursively iterate and list files of. * @return array The merged array. */ private static function recursively_iterate_json( $dir ) { $nested_files = new RecursiveIteratorIterator( new RecursiveDirectoryIterator( $dir ) ); $nested_json_files = iterator_to_array( new RegexIterator( $nested_files, '/^.+\.json$/i', RecursiveRegexIterator::GET_MATCH ) ); return $nested_json_files; } /** * Returns the style variations defined by the theme. * * @since 6.0.0 * @since 6.2.0 Returns parent theme variations if theme is a child. * * @return array */ public static function get_style_variations() { $variation_files = array(); $variations = array(); $base_directory = get_stylesheet_directory() . '/styles'; $template_directory = get_template_directory() . '/styles'; if ( is_dir( $base_directory ) ) { $variation_files = static::recursively_iterate_json( $base_directory ); } if ( is_dir( $template_directory ) && $template_directory !== $base_directory ) { $variation_files_parent = static::recursively_iterate_json( $template_directory ); // If the child and parent variation file basename are the same, only include the child theme's. foreach ( $variation_files_parent as $parent_path => $parent ) { foreach ( $variation_files as $child_path => $child ) { if ( basename( $parent_path ) === basename( $child_path ) ) { unset( $variation_files_parent[ $parent_path ] ); } } } $variation_files = array_merge( $variation_files, $variation_files_parent ); } ksort( $variation_files ); foreach ( $variation_files as $path => $file ) { $decoded_file = wp_json_file_decode( $path, array( 'associative' => true ) ); if ( is_array( $decoded_file ) ) { $translated = static::translate( $decoded_file, wp_get_theme()->get( 'TextDomain' ) ); $variation = ( new WP_Theme_JSON( $translated ) )->get_raw_data(); if ( empty( $variation['title'] ) ) { $variation['title'] = basename( $path, '.json' ); } $variations[] = $variation; } } return $variations; } } by self::verify_ssl_certificate(). 'capture_peer_cert' => $ssl_verify, 'SNI_enabled' => true, 'cafile' => $parsed_args['sslcertificates'], 'allow_self_signed' => ! $ssl_verify, ), ) ); $timeout = (int) floor( $parsed_args['timeout'] ); $utimeout = 0; if ( $timeout !== (int) $parsed_args['timeout'] ) { $utimeout = 1000000 * $parsed_args['timeout'] % 1000000; } $connect_timeout = max( $timeout, 1 ); // Store error number. $connection_error = null; // Store error string. $connection_error_str = null; if ( ! WP_DEBUG ) { // In the event that the SSL connection fails, silence the many PHP warnings. if ( $secure_transport ) { $error_reporting = error_reporting( 0 ); } if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged $handle = @stream_socket_client( 'tcp://' . $proxy->host() . ':' . $proxy->port(), $connection_error, $connection_error_str, $connect_timeout, STREAM_CLIENT_CONNECT, $context ); } else { // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged $handle = @stream_socket_client( $connect_host . ':' . $parsed_url['port'], $connection_error, $connection_error_str, $connect_timeout, STREAM_CLIENT_CONNECT, $context ); } if ( $secure_transport ) { error_reporting( $error_reporting ); } } else { if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { $handle = stream_socket_client( 'tcp://' . $proxy->host() . ':' . $proxy->port(), $connection_error, $connection_error_str, $connect_timeout, STREAM_CLIENT_CONNECT, $context ); } else { $handle = stream_socket_client( $connect_host . ':' . $parsed_url['port'], $connection_error, $connection_error_str, $connect_timeout, STREAM_CLIENT_CONNECT, $context ); } } if ( false === $handle ) { // SSL connection failed due to expired/invalid cert, or, OpenSSL configuration is broken. if ( $secure_transport && 0 === $connection_error && '' === $connection_error_str ) { return new WP_Error( 'http_request_failed', __( 'The SSL certificate for the host could not be verified.' ) ); } return new WP_Error( 'http_request_failed', $connection_error . ': ' . $connection_error_str ); } // Verify that the SSL certificate is valid for this request. if ( $secure_transport && $ssl_verify && ! $proxy->is_enabled() ) { if ( ! self::verify_ssl_certificate( $handle, $parsed_url['host'] ) ) { return new WP_Error( 'http_request_failed', __( 'The SSL certificate for the host could not be verified.' ) ); } } stream_set_timeout( $handle, $timeout, $utimeout ); if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { // Some proxies require full URL in this field. $request_path = $url; } else { $request_path = $parsed_url['path'] . ( isset( $parsed_url['query'] ) ? '?' . $parsed_url['query'] : '' ); } $headers = strtoupper( $parsed_args['method'] ) . ' ' . $request_path . ' HTTP/' . $parsed_args['httpversion'] . "\r\n"; $include_port_in_host_header = ( ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) || ( 'http' === $parsed_url['scheme'] && 80 !== $parsed_url['port'] ) || ( 'https' === $parsed_url['scheme'] && 443 !== $parsed_url['port'] ) ); if ( $include_port_in_host_header ) { $headers .= 'Host: ' . $parsed_url['host'] . ':' . $parsed_url['port'] . "\r\n"; } else { $headers .= 'Host: ' . $parsed_url['host'] . "\r\n"; } if ( isset( $parsed_args['user-agent'] ) ) { $headers .= 'User-agent: ' . $parsed_args['user-agent'] . "\r\n"; } if ( is_array( $parsed_args['headers'] ) ) { foreach ( (array) $parsed_args['headers'] as $header => $header_value ) { $headers .= $header . ': ' . $header_value . "\r\n"; } } else { $headers .= $parsed_args['headers']; } if ( $proxy->use_authentication() ) { $headers .= $proxy->authentication_header() . "\r\n"; } $headers .= "\r\n"; if ( ! is_null( $parsed_args['body'] ) ) { $headers .= $parsed_args['body']; } fwrite( $handle, $headers ); if ( ! $parsed_args['blocking'] ) { stream_set_blocking( $handle, 0 ); fclose( $handle ); return array( 'headers' => array(), 'body' => '', 'response' => array( 'code' => false, 'message' => false, ), 'cookies' => array(), ); } $response = ''; $body_started = false; $keep_reading = true; $block_size = 4096; if ( isset( $parsed_args['limit_response_size'] ) ) { $block_size = min( $block_size, $parsed_args['limit_response_size'] ); } // If streaming to a file setup the file handle. if ( $parsed_args['stream'] ) { if ( ! WP_DEBUG ) { $stream_handle = @fopen( $parsed_args['filename'], 'w+' ); } else { $stream_handle = fopen( $parsed_args['filename'], 'w+' ); } if ( ! $stream_handle ) { return new WP_Error( 'http_request_failed', sprintf( /* translators: 1: fopen(), 2: File name. */ __( 'Could not open handle for %1$s to %2$s.' ), 'fopen()', $parsed_args['filename'] ) ); } $bytes_written = 0; while ( ! feof( $handle ) && $keep_reading ) { $block = fread( $handle, $block_size ); if ( ! $body_started ) { $response .= $block; if ( strpos( $response, "\r\n\r\n" ) ) { $processed_response = WP_Http::processResponse( $response ); $body_started = true; $block = $processed_response['body']; unset( $response ); $processed_response['body'] = ''; } } $this_block_size = strlen( $block ); if ( isset( $parsed_args['limit_response_size'] ) && ( $bytes_written + $this_block_size ) > $parsed_args['limit_response_size'] ) { $this_block_size = ( $parsed_args['limit_response_size'] - $bytes_written ); $block = substr( $block, 0, $this_block_size ); } $bytes_written_to_file = fwrite( $stream_handle, $block ); if ( $bytes_written_to_file !== $this_block_size ) { fclose( $handle ); fclose( $stream_handle ); return new WP_Error( 'http_request_failed', __( 'Failed to write request to temporary file.' ) ); } $bytes_written += $bytes_written_to_file; $keep_reading = ( ! isset( $parsed_args['limit_response_size'] ) || $bytes_written < $parsed_args['limit_response_size'] ); } fclose( $stream_handle ); } else { $header_length = 0; while ( ! feof( $handle ) && $keep_reading ) { $block = fread( $handle, $block_size ); $response .= $block; if ( ! $body_started && strpos( $response, "\r\n\r\n" ) ) { $header_length = strpos( $response, "\r\n\r\n" ) + 4; $body_started = true; } $keep_reading = ( ! $body_started || ! isset( $parsed_args['limit_response_size'] ) || strlen( $response ) < ( $header_length + $parsed_args['limit_response_size'] ) ); } $processed_response = WP_Http::processResponse( $response ); unset( $response ); } fclose( $handle ); $processed_headers = WP_Http::processHeaders( $processed_response['headers'], $url ); $response = array( 'headers' => $processed_headers['headers'], // Not yet processed. 'body' => null, 'response' => $processed_headers['response'], 'cookies' => $processed_headers['cookies'], 'filename' => $parsed_args['filename'], ); // Handle redirects. $redirect_response = WP_Http::handle_redirects( $url, $parsed_args, $response ); if ( false !== $redirect_response ) { return $redirect_response; } // If the body was chunk encoded, then decode it. if ( ! empty( $processed_response['body'] ) && isset( $processed_headers['headers']['transfer-encoding'] ) && 'chunked' === $processed_headers['headers']['transfer-encoding'] ) { $processed_response['body'] = WP_Http::chunkTransferDecode( $processed_response['body'] ); } if ( true === $parsed_args['decompress'] && true === WP_Http_Encoding::should_decode( $processed_headers['headers'] ) ) { $processed_response['body'] = WP_Http_Encoding::decompress( $processed_response['body'] ); } if ( isset( $parsed_args['limit_response_size'] ) && strlen( $processed_response['body'] ) > $parsed_args['limit_response_size'] ) { $processed_response['body'] = substr( $processed_response['body'], 0, $parsed_args['limit_response_size'] ); } $response['body'] = $processed_response['body']; return $response; } /** * Verifies the received SSL certificate against its Common Names and subjectAltName fields. * * PHP's SSL verifications only verify that it's a valid Certificate, it doesn't verify if * the certificate is valid for the hostname which was requested. * This function verifies the requested hostname against certificate's subjectAltName field, * if that is empty, or contains no DNS entries, a fallback to the Common Name field is used. * * IP Address support is included if the request is being made to an IP address. * * @since 3.7.0 * * @param resource $stream The PHP Stream which the SSL request is being made over * @param string $host The hostname being requested * @return bool If the certificate presented in $stream is valid for $host */ public static function verify_ssl_certificate( $stream, $host ) { $context_options = stream_context_get_options( $stream ); if ( empty( $context_options['ssl']['peer_certificate'] ) ) { return false; } $cert = openssl_x509_parse( $context_options['ssl']['peer_certificate'] ); if ( ! $cert ) { return false; } /* * If the request is being made to an IP address, we'll validate against IP fields * in the cert (if they exist) */ $host_type = ( WP_Http::is_ip_address( $host ) ? 'ip' : 'dns' ); $certificate_hostnames = array(); if ( ! empty( $cert['extensions']['subjectAltName'] ) ) { $match_against = preg_split( '/,\s*/', $cert['extensions']['subjectAltName'] ); foreach ( $match_against as $match ) { list( $match_type, $match_host ) = explode( ':', $match ); if ( strtolower( trim( $match_type ) ) === $host_type ) { // IP: or DNS: $certificate_hostnames[] = strtolower( trim( $match_host ) ); } } } elseif ( ! empty( $cert['subject']['CN'] ) ) { // Only use the CN when the certificate includes no subjectAltName extension. $certificate_hostnames[] = strtolower( $cert['subject']['CN'] ); } // Exact hostname/IP matches. if ( in_array( strtolower( $host ), $certificate_hostnames, true ) ) { return true; } // IP's can't be wildcards, Stop processing. if ( 'ip' === $host_type ) { return false; } // Test to see if the domain is at least 2 deep for wildcard support. if ( substr_count( $host, '.' ) < 2 ) { return false; } // Wildcard subdomains certs (*.example.com) are valid for a.example.com but not a.b.example.com. $wildcard_host = preg_replace( '/^[^.]+\./', '*.', $host ); return in_array( strtolower( $wildcard_host ), $certificate_hostnames, true ); } /** * Determines whether this class can be used for retrieving a URL. * * @since 2.7.0 * @since 3.7.0 Combined with the fsockopen transport and switched to stream_socket_client(). * * @param array $args Optional. Array of request arguments. Default empty array. * @return bool False means this class can not be used, true means it can. */ public static function test( $args = array() ) { if ( ! function_exists( 'stream_socket_client' ) ) { return false; } $is_ssl = isset( $args['ssl'] ) && $args['ssl']; if ( $is_ssl ) { if ( ! extension_loaded( 'openssl' ) ) { return false; } if ( ! function_exists( 'openssl_x509_parse' ) ) { return false; } } /** * Filters whether streams can be used as a transport for retrieving a URL. * * @since 2.7.0 * * @param bool $use_class Whether the class can be used. Default true. * @param array $args Request arguments. */ return apply_filters( 'use_streams_transport', true, $args ); } } /** * Deprecated HTTP Transport method which used fsockopen. * * This class is not used, and is included for backward compatibility only. * All code should make use of WP_Http directly through its API. * * @see WP_HTTP::request * * @since 2.7.0 * @deprecated 3.7.0 Please use WP_HTTP::request() directly */ class WP_HTTP_Fsockopen extends WP_Http_Streams { // For backward compatibility for users who are using the class directly. }