WP_Error( 'invalid_format', __( 'Invalid cookie format.' ) ); } return $parts; } /** * Generates the recovery mode cookie value. * * The cookie is a base64 encoded string with the following format: * * recovery_mode|iat|rand|signature * * Where "recovery_mode" is a constant string, * iat is the time the cookie was generated at, * rand is a randomly generated password that is also used as a session identifier * and signature is an hmac of the preceding 3 parts. * * @since 5.2.0 * * @return string Generated cookie content. */ private function generate_cookie() { $to_sign = sprintf( 'recovery_mode|%s|%s', time(), wp_generate_password( 20, false ) ); $signed = $this->recovery_mode_hash( $to_sign ); return base64_encode( sprintf( '%s|%s', $to_sign, $signed ) ); } /** * Gets a form of `wp_hash()` specific to Recovery Mode. * * We cannot use `wp_hash()` because it is defined in `pluggable.php` which is not loaded until after plugins are loaded, * which is too late to verify the recovery mode cookie. * * This tries to use the `AUTH` salts first, but if they aren't valid specific salts will be generated and stored. * * @since 5.2.0 * * @param string $data Data to hash. * @return string|false The hashed $data, or false on failure. */ private function recovery_mode_hash( $data ) { $default_keys = array_unique( array( 'put your unique phrase here', /* * translators: This string should only be translated if wp-config-sample.php is localized. * You can check the localized release package or * https://i18n.svn.wordpress.org//branches//dist/wp-config-sample.php */ __( 'put your unique phrase here' ), ) ); if ( ! defined( 'AUTH_KEY' ) || in_array( AUTH_KEY, $default_keys, true ) ) { $auth_key = get_site_option( 'recovery_mode_auth_key' ); if ( ! $auth_key ) { if ( ! function_exists( 'wp_generate_password' ) ) { require_once ABSPATH . WPINC . '/pluggable.php'; } $auth_key = wp_generate_password( 64, true, true ); update_site_option( 'recovery_mode_auth_key', $auth_key ); } } else { $auth_key = AUTH_KEY; } if ( ! defined( 'AUTH_SALT' ) || in_array( AUTH_SALT, $default_keys, true ) || AUTH_SALT === $auth_key ) { $auth_salt = get_site_option( 'recovery_mode_auth_salt' ); if ( ! $auth_salt ) { if ( ! function_exists( 'wp_generate_password' ) ) { require_once ABSPATH . WPINC . '/pluggable.php'; } $auth_salt = wp_generate_password( 64, true, true ); update_site_option( 'recovery_mode_auth_salt', $auth_salt ); } } else { $auth_salt = AUTH_SALT; } $secret = $auth_key . $auth_salt; return hash_hmac( 'sha1', $data, $secret ); } } a list. The returned attributes will * only contain the attributes in the $pairs list. * * If the $atts list has unsupported attributes, then they will be ignored and * removed from the final returned list. * * @since 2.5.0 * * @param array $pairs Entire list of supported attributes and their defaults. * @param array $atts User defined attributes in shortcode tag. * @param string $shortcode Optional. The name of the shortcode, provided for context to enable filtering * @return array Combined and filtered attribute list. */ function shortcode_atts( $pairs, $atts, $shortcode = '' ) { $atts = (array) $atts; $out = array(); foreach ( $pairs as $name => $default ) { if ( array_key_exists( $name, $atts ) ) { $out[ $name ] = $atts[ $name ]; } else { $out[ $name ] = $default; } } if ( $shortcode ) { /** * Filters shortcode attributes. * * If the third parameter of the shortcode_atts() function is present then this filter is available. * The third parameter, $shortcode, is the name of the shortcode. * * @since 3.6.0 * @since 4.4.0 Added the `$shortcode` parameter. * * @param array $out The output array of shortcode attributes. * @param array $pairs The supported attributes and their defaults. * @param array $atts The user defined shortcode attributes. * @param string $shortcode The shortcode name. */ $out = apply_filters( "shortcode_atts_{$shortcode}", $out, $pairs, $atts, $shortcode ); } return $out; } /** * Removes all shortcode tags from the given content. * * @since 2.5.0 * * @global array $shortcode_tags * * @param string $content Content to remove shortcode tags. * @return string Content without shortcode tags. */ function strip_shortcodes( $content ) { global $shortcode_tags; if ( ! str_contains( $content, '[' ) ) { return $content; } if ( empty( $shortcode_tags ) || ! is_array( $shortcode_tags ) ) { return $content; } // Find all registered tag names in $content. preg_match_all( '@\[([^<>&/\[\]\x00-\x20=]++)@', $content, $matches ); $tags_to_remove = array_keys( $shortcode_tags ); /** * Filters the list of shortcode tags to remove from the content. * * @since 4.7.0 * * @param array $tags_to_remove Array of shortcode tags to remove. * @param string $content Content shortcodes are being removed from. */ $tags_to_remove = apply_filters( 'strip_shortcodes_tagnames', $tags_to_remove, $content ); $tagnames = array_intersect( $tags_to_remove, $matches[1] ); if ( empty( $tagnames ) ) { return $content; } $content = do_shortcodes_in_html_tags( $content, true, $tagnames ); $pattern = get_shortcode_regex( $tagnames ); $content = preg_replace_callback( "/$pattern/", 'strip_shortcode_tag', $content ); // Always restore square braces so we don't break things like