in. * * @since 1.5.0 * * @param string $user_login Username. * @param WP_User $user WP_User object of the logged-in user. */ do_action( 'wp_login', $user->user_login, $user ); return $user; } /** * Authenticates a user, confirming the username and password are valid. * * @since 2.8.0 * * @param WP_User|WP_Error|null $user WP_User or WP_Error object from a previous callback. Default null. * @param string $username Username for authentication. * @param string $password Password for authentication. * @return WP_User|WP_Error WP_User on success, WP_Error on failure. */ function wp_authenticate_username_password( $user, $username, #[\SensitiveParameter] $password ) { if ( $user instanceof WP_User ) { return $user; } if ( empty( $username ) || empty( $password ) ) { if ( is_wp_error( $user ) ) { return $user; } $error = new WP_Error(); if ( empty( $username ) ) { $error->add( 'empty_username', __( 'Error: The username field is empty.' ) ); } if ( empty( $password ) ) { $error->add( 'empty_password', __( 'Error: The password field is empty.' ) ); } return $error; } $user = get_user_by( 'login', $username ); if ( ! $user ) { return new WP_Error( 'invalid_username', sprintf( /* translators: %s: User name. */ __( 'Error: The username %s is not registered on this site. If you are unsure of your username, try your email address instead.' ), $username ) ); } /** * Filters whether the given user can be authenticated with the provided password. * * @since 2.5.0 * * @param WP_User|WP_Error $user WP_User or WP_Error object if a previous * callback failed authentication. * @param string $password Password to check against the user. */ $user = apply_filters( 'wp_authenticate_user', $user, $password ); if ( is_wp_error( $user ) ) { return $user; } $valid = wp_check_password( $password, $user->user_pass, $user->ID ); if ( ! $valid ) { return new WP_Error( 'incorrect_password', sprintf( /* translators: %s: User name. */ __( 'Error: The password you entered for the username %s is incorrect.' ), '' . $username . '' ) . ' ' . __( 'Lost your password?' ) . '' ); } if ( wp_password_needs_rehash( $user->user_pass, $user->ID ) ) { wp_set_password( $password, $user->ID ); } return $user; } /** * Authenticates a user using the email and password. * * @since 4.5.0 * * @param WP_User|WP_Error|null $user WP_User or WP_Error object if a previous * callback failed authentication. * @param string $email Email address for authentication. * @param string $password Password for authentication. * @return WP_User|WP_Error WP_User on success, WP_Error on failure. */ function wp_authenticate_email_password( $user, $email, #[\SensitiveParameter] $password ) { if ( $user instanceof WP_User ) { return $user; } if ( empty( $email ) || empty( $password ) ) { if ( is_wp_error( $user ) ) { return $user; } $error = new WP_Error(); if ( empty( $email ) ) { // Uses 'empty_username' for back-compat with wp_signon(). $error->add( 'empty_username', __( 'Error: The email field is empty.' ) ); } if ( empty( $password ) ) { $error->add( 'empty_password', __( 'Error: The password field is empty.' ) ); } return $error; } if ( ! is_email( $email ) ) { return $user; } $user = get_user_by( 'email', $email ); if ( ! $user ) { return new WP_Error( 'invalid_email', __( 'Unknown email address. Check again or try your username.' ) ); } /** This filter is documented in wp-includes/user.php */ $user = apply_filters( 'wp_authenticate_user', $user, $password ); if ( is_wp_error( $user ) ) { return $user; } $valid = wp_check_password( $password, $user->user_pass, $user->ID ); if ( ! $valid ) { return new WP_Error( 'incorrect_password', sprintf( /* translators: %s: Email address. */ __( 'Error: The password you entered for the email address %s is incorrect.' ), '' . $email . '' ) . ' ' . __( 'Lost your password?' ) . '' ); } if ( wp_password_needs_rehash( $user->user_pass, $user->ID ) ) { wp_set_password( $password, $user->ID ); } return $user; } /** * Authenticates the user using the WordPress auth cookie. * * @since 2.8.0 * * @global string $auth_secure_cookie * * @param WP_User|WP_Error|null $user WP_User or WP_Error object from a previous callback. Default null. * @param string $username Username. If not empty, cancels the cookie authentication. * @param string $password Password. If not empty, cancels the cookie authentication. * @return WP_User|WP_Error WP_User on success, WP_Error on failure. */ function wp_authenticate_cookie( $user, $username, #[\SensitiveParameter] $password ) { global $auth_secure_cookie; if ( $user instanceof WP_User ) { return $user; } if ( empty( $username ) && empty( $password ) ) { $user_id = wp_validate_auth_cookie(); if ( $user_id ) { return new WP_User( $user_id ); } if ( $auth_secure_cookie ) { $auth_cookie = SECURE_AUTH_COOKIE; } else { $auth_cookie = AUTH_COOKIE; } if ( ! empty( $_COOKIE[ $auth_cookie ] ) ) { return new WP_Error( 'expired_session', __( 'Please log in again.' ) ); } // If the cookie is not set, be silent. } return $user; } /** * Authenticates the user using an application password. * * @since 5.6.0 * * @param WP_User|WP_Error|null $input_user WP_User or WP_Error object if a previous * callback failed authentication. * @param string $username Username for authentication. * @param string $password Password for authentication. * @return WP_User|WP_Error|null WP_User on success, WP_Error on failure, null if * null is passed in and this isn't an API request. */ function wp_authenticate_application_password( $input_user, $username, #[\SensitiveParameter] $password ) { if ( $input_user instanceof WP_User ) { return $input_user; } if ( ! WP_Application_Passwords::is_in_use() ) { return $input_user; } // The 'REST_REQUEST' check here may happen too early for the constant to be available. $is_api_request = ( ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) || ( defined( 'REST_REQUEST' ) && REST_REQUEST ) ); /** * Filters whether this is an API request that Application Passwords can be used on. * * By default, Application Passwords is available for the REST API and XML-RPC. * * @since 5.6.0 * * @param bool $is_api_request If this is an acceptable API request. */ $is_api_request = apply_filters( 'application_password_is_api_request', $is_api_request ); if ( ! $is_api_request ) { return $input_user; } $error = null; $user = get_user_by( 'login', $username ); if ( ! $user && is_email( $username ) ) { $user = get_user_by( 'email', $username ); } // If the login name is invalid, short circuit. if ( ! $user ) { if ( is_email( $username ) ) { $error = new WP_Error( 'invalid_email', __( 'Error: Unknown email address. Check again or try your username.' ) ); } else { $error = new WP_Error( 'invalid_username', __( 'Error: Unknown username. Check again or try your email address.' ) ); } } elseif ( ! wp_is_application_passwords_available() ) { $error = new WP_Error( 'application_passwords_disabled', __( 'Application passwords are not available.' ) ); } elseif ( ! wp_is_application_passwords_available_for_user( $user ) ) { $error = new WP_Error( 'application_passwords_disabled_for_user', __( 'Application passwords are not available for your account. Please contact the site administrator for assistance.' ) ); } if ( $error ) { /** * Fires when an application password failed to authenticate the user. * * @since 5.6.0 * * @param WP_Error $error The authentication error. */ do_action( 'application_password_failed_authentication', $error ); return $error; } /* * Strips out anything non-alphanumeric. This is so passwords can be used with * or without spaces to indicate the groupings for readability. * * Generated application passwords are exclusively alphanumeric. */ $password = preg_replace( '/[^a-z\d]/i', '', $password ); $hashed_passwords = WP_Application_Passwords::get_user_application_passwords( $user->ID ); foreach ( $hashed_passwords as $key => $item ) { if ( ! WP_Application_Passwords::check_password( $password, $item['password'] ) ) { continue; } $error = new WP_Error(); /** * Fires when an application password has been successfully checked as valid. * * This allows for plugins to add additional constraints to prevent an application password from being used. * * @since 5.6.0 * * @param WP_Error $error The error object. * @param WP_User $user The user authenticating. * @param array $item The details about the application password. * @param string $password The raw supplied password. */ do_action( 'wp_authenticate_application_password_errors', $error, $user, $item, $password ); if ( $error->has_errors() ) { /** This action is documented in wp-includes/user.php */ do_action( 'application_password_failed_authentication', $error ); return $error; } WP_Application_Passwords::record_application_password_usage( $user->ID, $item['uuid'] ); /** * Fires after an application password was used for authentication. * * @since 5.6.0 * * @param WP_User $user The user who was authenticated. * @param array $item The application password used. */ do_action( 'application_password_did_authenticate', $user, $item ); return $user; } $error = new WP_Error( 'incorrect_password', __( 'The provided password is an invalid application password.' ) ); /** This action is documented in wp-includes/user.php */ do_action( 'application_password_failed_authentication', $error ); return $error; } /** * Validates the application password credentials passed via Basic Authentication. * * @since 5.6.0 * * @param int|false $input_user User ID if one has been determined, false otherwise. * @return int|false The authenticated user ID if successful, false otherwise. */ function wp_validate_application_password( $input_user ) { // Don't authenticate twice. if ( ! empty( $input_user ) ) { return $input_user; } if ( ! wp_is_application_passwords_available() ) { return $input_user; } // Both $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] must be set in order to attempt authentication. if ( ! isset( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ) ) { return $input_user; } $authenticated = wp_authenticate_application_password( null, $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ); if ( $authenticated instanceof WP_User ) { return $authenticated->ID; } // If it wasn't a user what got returned, just pass on what we had received originally. return $input_user; } /** * For Multisite blogs, checks if the authenticated user has been marked as a * spammer, or if the user's primary blog has been marked as spam. * * @since 3.7.0 * * @param WP_User|WP_Error|null $user WP_User or WP_Error object from a previous callback. Default null. * @return WP_User|WP_Error WP_User on success, WP_Error if the user is considered a spammer. */ function wp_authenticate_spam_check( $user ) { if ( $user instanceof WP_User && is_multisite() ) { /** * Filters whether the user has been marked as a spammer. * * @since 3.7.0 * * @param bool $spammed Whether the user is considered a spammer. * @param WP_User $user User to check against. */ $spammed = apply_filters( 'check_is_user_spammed', is_user_spammy( $user ), $user ); if ( $spammed ) { return new WP_Error( 'spammer_account', __( 'Error: Your account has been marked as a spammer.' ) ); } } return $user; } /** * Validates the logged-in cookie. * * Checks the logged-in cookie if the previous auth cookie could not be * validated and parsed. * * This is a callback for the {@see 'determine_current_user'} filter, rather than API. * * @since 3.9.0 * * @param int|false $user_id The user ID (or false) as received from * the `determine_current_user` filter. * @return int|false User ID if validated, false otherwise. If a user ID from * an earlier filter callback is received, that value is returned. */ function wp_validate_logged_in_cookie( $user_id ) { if ( $user_id ) { return $user_id; } if ( is_blog_admin() || is_network_admin() || empty( $_COOKIE[ LOGGED_IN_COOKIE ] ) ) { return false; } return wp_validate_auth_cookie( $_COOKIE[ LOGGED_IN_COOKIE ], 'logged_in' ); } /** * Gets the number of posts a user has written. * * @since 3.0.0 * @since 4.1.0 Added `$post_type` argument. * @since 4.3.0 Added `$public_only` argument. Added the ability to pass an array * of post types to `$post_type`. * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $userid User ID. * @param array|string $post_type Optional. Single post type or array of post types to count the number of posts for. Default 'post'. * @param bool $public_only Optional. Whether to only return counts for public posts. Default false. * @return string Number of posts the user has written in this post type. */ function count_user_posts( $userid, $post_type = 'post', $public_only = false ) { global $wpdb; $post_type = array_unique( (array) $post_type ); sort( $post_type ); $where = get_posts_by_author_sql( $post_type, true, $userid, $public_only ); $query = "SELECT COUNT(*) FROM $wpdb->posts $where"; $last_changed = wp_cache_get_last_changed( 'posts' ); $cache_key = 'count_user_posts:' . md5( $query ); $count = wp_cache_get_salted( $cache_key, 'post-queries', $last_changed ); if ( false === $count ) { $count = $wpdb->get_var( $query ); wp_cache_set_salted( $cache_key, $count, 'post-queries', $last_changed ); } /** * Filters the number of posts a user has written. * * @since 2.7.0 * @since 4.1.0 Added `$post_type` argument. * @since 4.3.1 Added `$public_only` argument. * * @param string $count The user's post count as a numeric string. * @param int $userid User ID. * @param string|array $post_type Single post type or array of post types to count the number of posts for. * @param bool $public_only Whether to limit counted posts to public posts. */ return apply_filters( 'get_usernumposts', $count, $userid, $post_type, $public_only ); } /** * Gets the number of posts written by a list of users. * * @since 3.0.0 * @since 6.9.0 The results are now cached. * * @global wpdb $wpdb WordPress database abstraction object. * * @param int[] $users Array of user IDs. * @param string|string[] $post_type Optional. Single post type or array of post types to check. Defaults to 'post'. * @param bool $public_only Optional. Only return counts for public posts. Defaults to false. * @return array Amount of posts each user has written, as strings, keyed by user ID. */ function count_many_users_posts( $users, $post_type = 'post', $public_only = false ) { global $wpdb; if ( empty( $users ) || ! is_array( $users ) ) { return array(); } /** * Filters whether to short-circuit performing the post counts. * * When filtering, return an array of posts counts as strings, keyed * by the user ID. * * @since 6.8.0 * * @param string[]|null $count The post counts. Return a non-null value to short-circuit. * @param int[] $users Array of user IDs. * @param string|string[] $post_type Single post type or array of post types to check. * @param bool $public_only Whether to only return counts for public posts. */ $pre = apply_filters( 'pre_count_many_users_posts', null, $users, $post_type, $public_only ); if ( null !== $pre ) { return $pre; } // Cleanup the users array. Remove duplicates and sort for consistent ordering. $users = array_unique( array_filter( array_map( 'intval', $users ) ) ); sort( $users ); // Cleanup the post type argument. Remove duplicates and sort for consistent ordering. $post_type = array_unique( (array) $post_type ); sort( $post_type ); $userlist = implode( ',', $users ); $where = get_posts_by_author_sql( $post_type, true, null, $public_only ); $query = "SELECT post_author, COUNT(*) FROM $wpdb->posts $where AND post_author IN ($userlist) GROUP BY post_author"; $cache_key = 'count_many_users_posts:' . md5( $query ); $cache_salts = array( wp_cache_get_last_changed( 'posts' ), wp_cache_get_last_changed( 'users' ) ); $count = wp_cache_get_salted( $cache_key, 'post-queries', $cache_salts ); if ( false === $count ) { $result = $wpdb->get_results( $query, ARRAY_N ); $count = array_fill_keys( $users, 0 ); foreach ( $result as $row ) { $count[ $row[0] ] = $row[1]; } wp_cache_set_salted( $cache_key, $count, 'post-queries', $cache_salts, HOUR_IN_SECONDS ); } return $count; } // // User option functions. // /** * Gets the current user's ID. * * @since MU (3.0.0) * * @return int The current user's ID, or 0 if no user is logged in. */ function get_current_user_id() { if ( ! function_exists( 'wp_get_current_user' ) ) { return 0; } $user = wp_get_current_user(); return (int) ( $user->ID ?? 0 ); } /** * Retrieves user option that can be either per Site or per Network. * * If the user ID is not given, then the current user will be used instead. If * the user ID is given, then the user data will be retrieved. The filter for * the result, will also pass the original option name and finally the user data * object as the third parameter. * * The option will first check for the per site name and then the per Network name. * * @since 2.0.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $option User option name. * @param int $user Optional. User ID. * @param string $deprecated Use get_option() to check for an option in the options table. * @return mixed User option value on success, false on failure. */ function get_user_option( $option, $user = 0, $deprecated = '' ) { global $wpdb; if ( ! empty( $deprecated ) ) { _deprecated_argument( __FUNCTION__, '3.0.0' ); } if ( empty( $user ) ) { $user = get_current_user_id(); } $user = get_userdata( $user ); if ( ! $user ) { return false; } $prefix = $wpdb->get_blog_prefix(); if ( $user->has_prop( $prefix . $option ) ) { // Blog-specific. $result = $user->get( $prefix . $option ); } elseif ( $user->has_prop( $option ) ) { // User-specific and cross-blog. $result = $user->get( $option ); } else { $result = false; } /** * Filters a specific user option value. * * The dynamic portion of the hook name, `$option`, refers to the user option name. * * @since 2.5.0 * * @param mixed $result Value for the user's option. * @param string $option Name of the option being retrieved. * @param WP_User $user WP_User object of the user whose option is being retrieved. */ return apply_filters( "get_user_option_{$option}", $result, $option, $user ); } /** * Updates user option with global blog capability. * * User options are just like user metadata except that they have support for * global blog options. If the 'is_global' parameter is false, which it is by default, * it will prepend the WordPress table prefix to the option name. * * Deletes the user option if $newvalue is empty. * * @since 2.0.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $user_id User ID. * @param string $option_name User option name. * @param mixed $newvalue User option value. * @param bool $is_global Optional. Whether option name is global or blog specific. * Default false (blog specific). * @return int|bool User meta ID if the option didn't exist, true on successful update, * false on failure. */ function update_user_option( $user_id, $option_name, $newvalue, $is_global = false ) { global $wpdb; if ( ! $is_global ) { $option_name = $wpdb->get_blog_prefix() . $option_name; } return update_user_meta( $user_id, $option_name, $newvalue ); } /** * Deletes user option with global blog capability. * * User options are just like user metadata except that they have support for * global blog options. If the 'is_global' parameter is false, which it is by default, * it will prepend the WordPress table prefix to the option name. * * @since 3.0.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $user_id User ID * @param string $option_name User option name. * @param bool $is_global Optional. Whether option name is global or blog specific. * Default false (blog specific). * @return bool True on success, false on failure. */ function delete_user_option( $user_id, $option_name, $is_global = false ) { global $wpdb; if ( ! $is_global ) { $option_name = $wpdb->get_blog_prefix() . $option_name; } return delete_user_meta( $user_id, $option_name ); } /** * Retrieves user info by user ID. * * @since 6.7.0 * * @param int $user_id User ID. * * @return WP_User|false WP_User object on success, false on failure. */ function get_user( $user_id ) { return get_user_by( 'id', $user_id ); } /** * Retrieves list of users matching criteria. * * @since 3.1.0 * * @see WP_User_Query * * @param array $args Optional. Arguments to retrieve users. See WP_User_Query::prepare_query() * for more information on accepted arguments. * @return array List of users. */ function get_users( $args = array() ) { $args = wp_parse_args( $args ); $args['count_total'] = false; $user_search = new WP_User_Query( $args ); return (array) $user_search->get_results(); } /** * Lists all the users of the site, with several options available. * * @since 5.9.0 * * @param string|array $args { * Optional. Array or string of default arguments. * * @type string $orderby How to sort the users. Accepts 'nicename', 'email', 'url', 'registered', * 'user_nicename', 'user_email', 'user_url', 'user_registered', 'name', * 'display_name', 'post_count', 'ID', 'meta_value', 'user_login'. Default 'name'. * @type string $order Sorting direction for $orderby. Accepts 'ASC', 'DESC'. Default 'ASC'. * @type int $number Maximum users to return or display. Default empty (all users). * @type bool $exclude_admin Whether to exclude the 'admin' account, if it exists. Default true. * @type bool $show_fullname Whether to show the user's full name. Default false. * @type string $feed If not empty, show a link to the user's feed and use this text as the alt * parameter of the link. Default empty. * @type string $feed_image If not empty, show a link to the user's feed and use this image URL as * clickable anchor. Default empty. * @type string $feed_type The feed type to link to, such as 'rss2'. Defaults to default feed type. * @type bool $echo Whether to output the result or instead return it. Default true. * @type string $style If 'list', each user is wrapped in an `
  • ` element, otherwise the users * will be separated by commas. * @type bool $html Whether to list the items in HTML form or plaintext. Default true. * @type string $exclude An array, comma-, or space-separated list of user IDs to exclude. Default empty. * @type string $include An array, comma-, or space-separated list of user IDs to include. Default empty. * } * @return string|null The output if echo is false. Otherwise null. */ function wp_list_users( $args = array() ) { $defaults = array( 'orderby' => 'name', 'order' => 'ASC', 'number' => '', 'exclude_admin' => true, 'show_fullname' => false, 'feed' => '', 'feed_image' => '', 'feed_type' => '', 'echo' => true, 'style' => 'list', 'html' => true, 'exclude' => '', 'include' => '', ); $parsed_args = wp_parse_args( $args, $defaults ); $return = ''; $query_args = wp_array_slice_assoc( $parsed_args, array( 'orderby', 'order', 'number', 'exclude', 'include' ) ); $query_args['fields'] = 'ids'; /** * Filters the query arguments for the list of all users of the site. * * @since 6.1.0 * * @param array $query_args The query arguments for get_users(). * @param array $parsed_args The arguments passed to wp_list_users() combined with the defaults. */ $query_args = apply_filters( 'wp_list_users_args', $query_args, $parsed_args ); $users = get_users( $query_args ); foreach ( $users as $user_id ) { $user = get_userdata( $user_id ); if ( $parsed_args['exclude_admin'] && 'admin' === $user->display_name ) { continue; } if ( $parsed_args['show_fullname'] && '' !== $user->first_name && '' !== $user->last_name ) { $name = sprintf( /* translators: 1: User's first name, 2: Last name. */ _x( '%1$s %2$s', 'Display name based on first name and last name' ), $user->first_name, $user->last_name ); } else { $name = $user->display_name; } if ( ! $parsed_args['html'] ) { $return .= $name . ', '; continue; // No need to go further to process HTML. } if ( 'list' === $parsed_args['style'] ) { $return .= '
  • '; } $row = $name; if ( ! empty( $parsed_args['feed_image'] ) || ! empty( $parsed_args['feed'] ) ) { $row .= ' '; if ( empty( $parsed_args['feed_image'] ) ) { $row .= '('; } $row .= ''; } else { $row .= $name; } $row .= ''; if ( empty( $parsed_args['feed_image'] ) ) { $row .= ')'; } } $return .= $row; $return .= ( 'list' === $parsed_args['style'] ) ? '
    • ' : ', '; } $return = rtrim( $return, ', ' ); if ( ! $parsed_args['echo'] ) { return $return; } echo $return; } /** * Gets the sites a user belongs to. * * @since 3.0.0 * @since 4.7.0 Converted to use `get_sites()`. * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $user_id User ID * @param bool $all Whether to retrieve all sites, or only sites that are not * marked as deleted, archived, or spam. * @return object[] A list of the user's sites. An empty array if the user doesn't exist * or belongs to no sites. */ function get_blogs_of_user( $user_id, $all = false ) { global $wpdb; $user_id = (int) $user_id; // Logged out users can't have sites. if ( empty( $user_id ) ) { return array(); } /** * Filters the list of a user's sites before it is populated. * * Returning a non-null value from the filter will effectively short circuit * get_blogs_of_user(), returning that value instead. * * @since 4.6.0 * * @param null|object[] $sites An array of site objects of which the user is a member. * @param int $user_id User ID. * @param bool $all Whether the returned array should contain all sites, including * those marked 'deleted', 'archived', or 'spam'. Default false. */ $sites = apply_filters( 'pre_get_blogs_of_user', null, $user_id, $all ); if ( null !== $sites ) { return $sites; } $keys = get_user_meta( $user_id ); if ( empty( $keys ) ) { return array(); } if ( ! is_multisite() ) { $site_id = get_current_blog_id(); $sites = array( $site_id => new stdClass() ); $sites[ $site_id ]->userblog_id = $site_id; $sites[ $site_id ]->blogname = get_option( 'blogname' ); $sites[ $site_id ]->domain = ''; $sites[ $site_id ]->path = ''; $sites[ $site_id ]->site_id = 1; $sites[ $site_id ]->siteurl = get_option( 'siteurl' ); $sites[ $site_id ]->archived = 0; $sites[ $site_id ]->spam = 0; $sites[ $site_id ]->deleted = 0; return $sites; } $site_ids = array(); if ( isset( $keys[ $wpdb->base_prefix . 'capabilities' ] ) && defined( 'MULTISITE' ) ) { $site_ids[] = 1; unset( $keys[ $wpdb->base_prefix . 'capabilities' ] ); } $keys = array_keys( $keys ); foreach ( $keys as $key ) { if ( ! str_ends_with( $key, 'capabilities' ) ) { continue; } if ( $wpdb->base_prefix && ! str_starts_with( $key, $wpdb->base_prefix ) ) { continue; } $site_id = str_replace( array( $wpdb->base_prefix, '_capabilities' ), '', $key ); if ( ! is_numeric( $site_id ) ) { continue; } $site_ids[] = (int) $site_id; } $sites = array(); if ( ! empty( $site_ids ) ) { $args = array( 'number' => '', 'site__in' => $site_ids, ); if ( ! $all ) { $args['archived'] = 0; $args['spam'] = 0; $args['deleted'] = 0; } $_sites = get_sites( $args ); foreach ( $_sites as $site ) { $sites[ $site->id ] = (object) array( 'userblog_id' => $site->id, 'blogname' => $site->blogname, 'domain' => $site->domain, 'path' => $site->path, 'site_id' => $site->network_id, 'siteurl' => $site->siteurl, 'archived' => $site->archived, 'mature' => $site->mature, 'spam' => $site->spam, 'deleted' => $site->deleted, ); } } /** * Filters the list of sites a user belongs to. * * @since MU (3.0.0) * * @param object[] $sites An array of site objects belonging to the user. * @param int $user_id User ID. * @param bool $all Whether the returned sites array should contain all sites, including * those flagged for deletion, archived, or marked as spam. */ return apply_filters( 'get_blogs_of_user', $sites, $user_id, $all ); } /** * Finds out whether a user is a member of a given blog. * * @since MU (3.0.0) * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $user_id Optional. The unique ID of the user. Defaults to the current user. * @param int $blog_id Optional. ID of the blog to check. Defaults to the current site. * @return bool */ function is_user_member_of_blog( $user_id = 0, $blog_id = 0 ) { global $wpdb; $user_id = (int) $user_id; $blog_id = (int) $blog_id; if ( empty( $user_id ) ) { $user_id = get_current_user_id(); } /* * Technically not needed, but does save calls to get_site() and get_user_meta() * in the event that the function is called when a user isn't logged in. */ if ( empty( $user_id ) ) { return false; } else { $user = get_userdata( $user_id ); if ( ! $user instanceof WP_User ) { return false; } } if ( ! is_multisite() ) { return true; } if ( empty( $blog_id ) ) { $blog_id = get_current_blog_id(); } $blog = get_site( $blog_id ); if ( ! $blog || ! isset( $blog->domain ) || $blog->archived || $blog->spam || $blog->deleted ) { return false; } if ( 1 === $blog_id ) { $capabilities_key = $wpdb->base_prefix . 'capabilities'; } else { $capabilities_key = $wpdb->base_prefix . $blog_id . '_capabilities'; } $has_cap = get_user_meta( $user_id, $capabilities_key, true ); return is_array( $has_cap ); } /** * Adds meta data to a user. * * For historical reasons both the meta key and the meta value are expected to be "slashed" (slashes escaped) on input. * * @since 3.0.0 * * @param int $user_id User ID. * @param string $meta_key Metadata name. * @param mixed $meta_value Metadata value. Arrays and objects are stored as serialized data and * will be returned as the same type when retrieved. Other data types will * be stored as strings in the database: * - false is stored and retrieved as an empty string ('') * - true is stored and retrieved as '1' * - numbers (both integer and float) are stored and retrieved as strings * Must be serializable if non-scalar. * @param bool $unique Optional. Whether the same key should not be added. * Default false. * @return int|false Meta ID on success, false on failure. */ function add_user_meta( $user_id, $meta_key, $meta_value, $unique = false ) { return add_metadata( 'user', $user_id, $meta_key, $meta_value, $unique ); } /** * Removes metadata matching criteria from a user. * * You can match based on the key, or key and value. Removing based on key and * value, will keep from removing duplicate metadata with the same key. It also * allows removing all metadata matching key, if needed. * * For historical reasons both the meta key and the meta value are expected to be "slashed" (slashes escaped) on input. * * @since 3.0.0 * * @link https://developer.wordpress.org/reference/functions/delete_user_meta/ * * @param int $user_id User ID * @param string $meta_key Metadata name. * @param mixed $meta_value Optional. Metadata value. If provided, * rows will only be removed that match the value. * Must be serializable if non-scalar. Default empty. * @return bool True on success, false on failure. */ function delete_user_meta( $user_id, $meta_key, $meta_value = '' ) { return delete_metadata( 'user', $user_id, $meta_key, $meta_value ); } /** * Retrieves user meta field for a user. * * @since 3.0.0 * * @link https://developer.wordpress.org/reference/functions/get_user_meta/ * * @param int $user_id User ID. * @param string $key Optional. The meta key to retrieve. By default, * returns data for all keys. * @param bool $single Optional. Whether to return a single value. * This parameter has no effect if `$key` is not specified. * Default false. * @return mixed An array of values if `$single` is false. * The value of meta data field if `$single` is true. * False for an invalid `$user_id` (non-numeric, zero, or negative value). * An empty array if a valid but non-existing user ID is passed and `$single` is false. * An empty string if a valid but non-existing user ID is passed and `$single` is true. * Note: Non-serialized values are returned as strings: * - false values are returned as empty strings ('') * - true values are returned as '1' * - numbers (both integer and float) are returned as strings * Arrays and objects retain their original type. */ function get_user_meta( $user_id, $key = '', $single = false ) { return get_metadata( 'user', $user_id, $key, $single ); } /** * Updates user meta field based on user ID. * * Use the $prev_value parameter to differentiate between meta fields with the * same key and user ID. * * If the meta field for the user does not exist, it will be added. * * For historical reasons both the meta key and the meta value are expected to be "slashed" (slashes escaped) on input. * * @since 3.0.0 * * @link https://developer.wordpress.org/reference/functions/update_user_meta/ * * @param int $user_id User ID. * @param string $meta_key Metadata key. * @param mixed $meta_value Metadata value. Must be serializable if non-scalar. * @param mixed $prev_value Optional. Previous value to check before updating. * If specified, only update existing metadata entries with * this value. Otherwise, update all entries. Default empty. * @return int|bool Meta ID if the key didn't exist, true on successful update, * false on failure or if the value passed to the function * is the same as the one that is already in the database. */ function update_user_meta( $user_id, $meta_key, $meta_value, $prev_value = '' ) { return update_metadata( 'user', $user_id, $meta_key, $meta_value, $prev_value ); } /** * Counts number of users who have each of the user roles. * * Assumes there are neither duplicated nor orphaned capabilities meta_values. * Assumes role names are unique phrases. Same assumption made by WP_User_Query::prepare_query() * Using $strategy = 'time' this is CPU-intensive and should handle around 10^7 users. * Using $strategy = 'memory' this is memory-intensive and should handle around 10^5 users, but see WP Bug #12257. * * @since 3.0.0 * @since 4.4.0 The number of users with no role is now included in the `none` element. * @since 4.9.0 The `$site_id` parameter was added to support multisite. * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $strategy Optional. The computational strategy to use when counting the users. * Accepts either 'time' or 'memory'. Default 'time'. * @param int|null $site_id Optional. The site ID to count users for. Defaults to the current site. * @return array { * User counts. * * @type int $total_users Total number of users on the site. * @type int[] $avail_roles Array of user counts keyed by user role. * } */ function count_users( $strategy = 'time', $site_id = null ) { global $wpdb; // Initialize. if ( ! $site_id ) { $site_id = get_current_blog_id(); } /** * Filters the user count before queries are run. * * Return a non-null value to cause count_users() to return early. * * @since 5.1.0 * * @param null|array $result The value to return instead. Default null to continue with the query. * @param string $strategy Optional. The computational strategy to use when counting the users. * Accepts either 'time' or 'memory'. Default 'time'. * @param int $site_id The site ID to count users for. */ $pre = apply_filters( 'pre_count_users', null, $strategy, $site_id ); if ( null !== $pre ) { return $pre; } $blog_prefix = $wpdb->get_blog_prefix( $site_id ); $result = array(); if ( 'time' === $strategy ) { if ( is_multisite() && get_current_blog_id() !== $site_id ) { switch_to_blog( $site_id ); $avail_roles = wp_roles()->get_names(); restore_current_blog(); } else { $avail_roles = wp_roles()->get_names(); } // Build a CPU-intensive query that will return concise information. $select_count = array(); foreach ( $avail_roles as $this_role => $name ) { $select_count[] = $wpdb->prepare( 'COUNT(NULLIF(`meta_value` LIKE %s, false))', '%' . $wpdb->esc_like( '"' . $this_role . '"' ) . '%' ); } $select_count[] = "COUNT(NULLIF(`meta_value` = 'a:0:{}', false))"; $select_count = implode( ', ', $select_count ); // Add the meta_value index to the selection list, then run the query. $row = $wpdb->get_row( " SELECT {$select_count}, COUNT(*) FROM {$wpdb->usermeta} INNER JOIN {$wpdb->users} ON user_id = ID WHERE meta_key = '{$blog_prefix}capabilities' ", ARRAY_N ); // Run the previous loop again to associate results with role names. $col = 0; $role_counts = array(); foreach ( $avail_roles as $this_role => $name ) { $count = (int) $row[ $col++ ]; if ( $count > 0 ) { $role_counts[ $this_role ] = $count; } } $role_counts['none'] = (int) $row[ $col++ ]; // Get the meta_value index from the end of the result set. $total_users = (int) $row[ $col ]; $result['total_users'] = $total_users; $result['avail_roles'] =& $role_counts; } else { $avail_roles = array( 'none' => 0, ); $users_of_blog = $wpdb->get_col( " SELECT meta_value FROM {$wpdb->usermeta} INNER JOIN {$wpdb->users} ON user_id = ID WHERE meta_key = '{$blog_prefix}capabilities' " ); foreach ( $users_of_blog as $caps_meta ) { $b_roles = maybe_unserialize( $caps_meta ); if ( ! is_array( $b_roles ) ) { continue; } if ( empty( $b_roles ) ) { ++$avail_roles['none']; } foreach ( $b_roles as $b_role => $val ) { if ( isset( $avail_roles[ $b_role ] ) ) { ++$avail_roles[ $b_role ]; } else { $avail_roles[ $b_role ] = 1; } } } $result['total_users'] = count( $users_of_blog ); $result['avail_roles'] =& $avail_roles; } return $result; } /** * Returns the number of active users in your installation. * * Note that on a large site the count may be cached and only updated twice daily. * * @since MU (3.0.0) * @since 4.8.0 The `$network_id` parameter has been added. * @since 6.0.0 Moved to wp-includes/user.php. * * @param int|null $network_id ID of the network. Defaults to the current network. * @return int Number of active users on the network. */ function get_user_count( $network_id = null ) { if ( ! is_multisite() && null !== $network_id ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: %s: $network_id */ __( 'Unable to pass %s if not using multisite.' ), '$network_id' ), '6.0.0' ); } return (int) get_network_option( $network_id, 'user_count', -1 ); } /** * Updates the total count of users on the site if live user counting is enabled. * * @since 6.0.0 * * @param int|null $network_id ID of the network. Defaults to the current network. * @return bool Whether the update was successful. */ function wp_maybe_update_user_counts( $network_id = null ) { if ( ! is_multisite() && null !== $network_id ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: %s: $network_id */ __( 'Unable to pass %s if not using multisite.' ), '$network_id' ), '6.0.0' ); } $is_small_network = ! wp_is_large_user_count( $network_id ); /** This filter is documented in wp-includes/ms-functions.php */ if ( ! apply_filters( 'enable_live_network_counts', $is_small_network, 'users' ) ) { return false; } return wp_update_user_counts( $network_id ); } /** * Updates the total count of users on the site. * * @global wpdb $wpdb WordPress database abstraction object. * @since 6.0.0 * * @param int|null $network_id ID of the network. Defaults to the current network. * @return bool Whether the update was successful. */ function wp_update_user_counts( $network_id = null ) { global $wpdb; if ( ! is_multisite() && null !== $network_id ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: %s: $network_id */ __( 'Unable to pass %s if not using multisite.' ), '$network_id' ), '6.0.0' ); } $query = "SELECT COUNT(ID) as c FROM $wpdb->users"; if ( is_multisite() ) { $query .= " WHERE spam = '0' AND deleted = '0'"; } $count = $wpdb->get_var( $query ); return update_network_option( $network_id, 'user_count', $count ); } /** * Schedules a recurring recalculation of the total count of users. * * @since 6.0.0 */ function wp_schedule_update_user_counts() { if ( ! is_main_site() ) { return; } if ( ! wp_next_scheduled( 'wp_update_user_counts' ) && ! wp_installing() ) { wp_schedule_event( time(), 'twicedaily', 'wp_update_user_counts' ); } } /** * Determines whether the site has a large number of users. * * The default criteria for a large site is more than 10,000 users. * * @since 6.0.0 * * @param int|null $network_id ID of the network. Defaults to the current network. * @return bool Whether the site has a large number of users. */ function wp_is_large_user_count( $network_id = null ) { if ( ! is_multisite() && null !== $network_id ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: %s: $network_id */ __( 'Unable to pass %s if not using multisite.' ), '$network_id' ), '6.0.0' ); } $count = get_user_count( $network_id ); /** * Filters whether the site is considered large, based on its number of users. * * @since 6.0.0 * * @param bool $is_large_user_count Whether the site has a large number of users. * @param int $count The total number of users. * @param int|null $network_id ID of the network. `null` represents the current network. */ return apply_filters( 'wp_is_large_user_count', $count > 10000, $count, $network_id ); } // // Private helper functions. // /** * Sets up global user vars. * * Used by wp_set_current_user() for back compat. Might be deprecated in the future. * * @since 2.0.4 * * @global string $user_login The user username for logging in * @global WP_User $userdata User data. * @global int $user_level The level of the user * @global int $user_ID The ID of the user * @global string $user_email The email address of the user * @global string $user_url The url in the user's profile * @global string $user_identity The display name of the user * * @param int $for_user_id Optional. User ID to set up global data. Default 0. */ function setup_userdata( $for_user_id = 0 ) { global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_identity; if ( ! $for_user_id ) { $for_user_id = get_current_user_id(); } $user = get_userdata( $for_user_id ); if ( ! $user ) { $user_ID = 0; $user_level = 0; $userdata = null; $user_login = ''; $user_email = ''; $user_url = ''; $user_identity = ''; return; } $user_ID = (int) $user->ID; $user_level = (int) $user->user_level; $userdata = $user; $user_login = $user->user_login; $user_email = $user->user_email; $user_url = $user->user_url; $user_identity = $user->display_name; } /** * Creates dropdown HTML content of users. * * The content can either be displayed, which it is by default, or retrieved by * setting the 'echo' argument to false. The 'include' and 'exclude' arguments * are optional; if they are not specified, all users will be displayed. Only one * can be used in a single call, either 'include' or 'exclude', but not both. * * @since 2.3.0 * @since 4.5.0 Added the 'display_name_with_login' value for 'show'. * @since 4.7.0 Added the 'role', 'role__in', and 'role__not_in' parameters. * @since 5.9.0 Added the 'capability', 'capability__in', and 'capability__not_in' parameters. * Deprecated the 'who' parameter. * * @param array|string $args { * Optional. Array or string of arguments to generate a drop-down of users. * See WP_User_Query::prepare_query() for additional available arguments. * * @type string $show_option_all Text to show as the drop-down default (all). * Default empty. * @type string $show_option_none Text to show as the drop-down default when no * users were found. Default empty. * @type int|string $option_none_value Value to use for `$show_option_none` when no users * were found. Default -1. * @type string $hide_if_only_one_author Whether to skip generating the drop-down * if only one user was found. Default empty. * @type string $orderby Field to order found users by. Accepts user fields. * Default 'display_name'. * @type string $order Whether to order users in ascending or descending * order. Accepts 'ASC' (ascending) or 'DESC' (descending). * Default 'ASC'. * @type int[]|string $include Array or comma-separated list of user IDs to include. * Default empty. * @type int[]|string $exclude Array or comma-separated list of user IDs to exclude. * Default empty. * @type bool|int $multi Whether to skip the ID attribute on the 'select' element. * Accepts 1|true or 0|false. Default 0|false. * @type string $show User data to display. If the selected item is empty * then the 'user_login' will be displayed in parentheses. * Accepts any user field, or 'display_name_with_login' to show * the display name with user_login in parentheses. * Default 'display_name'. * @type int|bool $echo Whether to echo or return the drop-down. Accepts 1|true (echo) * or 0|false (return). Default 1|true. * @type int $selected Which user ID should be selected. Default 0. * @type bool $include_selected Whether to always include the selected user ID in the drop- * down. Default false. * @type string $name Name attribute of select element. Default 'user'. * @type string $id ID attribute of the select element. Default is the value of `$name`. * @type string $class Class attribute of the select element. Default empty. * @type int $blog_id ID of blog (Multisite only). Default is ID of the current blog. * @type string $who Deprecated, use `$capability` instead. * Which type of users to query. Accepts only an empty string or * 'authors'. Default empty (all users). * @type string|string[] $role An array or a comma-separated list of role names that users * must match to be included in results. Note that this is * an inclusive list: users must match *each* role. Default empty. * @type string[] $role__in An array of role names. Matched users must have at least one * of these roles. Default empty array. * @type string[] $role__not_in An array of role names to exclude. Users matching one or more * of these roles will not be included in results. Default empty array. * @type string|string[] $capability An array or a comma-separated list of capability names that users * must match to be included in results. Note that this is * an inclusive list: users must match *each* capability. * Does NOT work for capabilities not in the database or filtered * via {@see 'map_meta_cap'}. Default empty. * @type string[] $capability__in An array of capability names. Matched users must have at least one * of these capabilities. * Does NOT work for capabilities not in the database or filtered * via {@see 'map_meta_cap'}. Default empty array. * @type string[] $capability__not_in An array of capability names to exclude. Users matching one or more * of these capabilities will not be included in results. * Does NOT work for capabilities not in the database or filtered * via {@see 'map_meta_cap'}. Default empty array. * } * @return string HTML dropdown list of users. */ function wp_dropdown_users( $args = '' ) { $defaults = array( 'show_option_all' => '', 'show_option_none' => '', 'hide_if_only_one_author' => '', 'orderby' => 'display_name', 'order' => 'ASC', 'include' => '', 'exclude' => '', 'multi' => 0, 'show' => 'display_name', 'echo' => 1, 'selected' => 0, 'name' => 'user', 'class' => '', 'id' => '', 'blog_id' => get_current_blog_id(), 'who' => '', 'include_selected' => false, 'option_none_value' => -1, 'role' => '', 'role__in' => array(), 'role__not_in' => array(), 'capability' => '', 'capability__in' => array(), 'capability__not_in' => array(), ); $defaults['selected'] = is_author() ? get_query_var( 'author' ) : 0; $parsed_args = wp_parse_args( $args, $defaults ); $query_args = wp_array_slice_assoc( $parsed_args, array( 'blog_id', 'include', 'exclude', 'orderby', 'order', 'who', 'role', 'role__in', 'role__not_in', 'capability', 'capability__in', 'capability__not_in', ) ); $fields = array( 'ID', 'user_login' ); $show = ! empty( $parsed_args['show'] ) ? $parsed_args['show'] : 'display_name'; if ( 'display_name_with_login' === $show ) { $fields[] = 'display_name'; } else { $fields[] = $show; } $query_args['fields'] = $fields; $show_option_all = $parsed_args['show_option_all']; $show_option_none = $parsed_args['show_option_none']; $option_none_value = $parsed_args['option_none_value']; /** * Filters the query arguments for the list of users in the dropdown. * * @since 4.4.0 * * @param array $query_args The query arguments for get_users(). * @param array $parsed_args The arguments passed to wp_dropdown_users() combined with the defaults. */ $query_args = apply_filters( 'wp_dropdown_users_args', $query_args, $parsed_args ); $users = get_users( $query_args ); $output = ''; if ( ! empty( $users ) && ( empty( $parsed_args['hide_if_only_one_author'] ) || count( $users ) > 1 ) ) { $name = esc_attr( $parsed_args['name'] ); if ( $parsed_args['multi'] && ! $parsed_args['id'] ) { $id = ''; } else { $id = $parsed_args['id'] ? " id='" . esc_attr( $parsed_args['id'] ) . "'" : " id='$name'"; } $output = "'; } /** * Filters the wp_dropdown_users() HTML output. * * @since 2.3.0 * * @param string $output HTML output generated by wp_dropdown_users(). */ $html = apply_filters( 'wp_dropdown_users', $output ); if ( $parsed_args['echo'] ) { echo $html; } return $html; } /** * Sanitizes user field based on context. * * Possible context values are: 'raw', 'edit', 'db', 'display', 'attribute' and 'js'. The * 'display' context is used by default. 'attribute' and 'js' contexts are treated like 'display' * when calling filters. * * @since 2.3.0 * * @param string $field The user Object field name. * @param mixed $value The user Object value. * @param int $user_id User ID. * @param string $context How to sanitize user fields. Looks for 'raw', 'edit', 'db', 'display', * 'attribute' and 'js'. * @return mixed Sanitized value. */ function sanitize_user_field( $field, $value, $user_id, $context ) { $int_fields = array( 'ID' ); if ( in_array( $field, $int_fields, true ) ) { $value = (int) $value; } if ( 'raw' === $context ) { return $value; } if ( ! is_string( $value ) && ! is_numeric( $value ) ) { return $value; } $prefixed = str_contains( $field, 'user_' ); if ( 'edit' === $context ) { if ( $prefixed ) { /** This filter is documented in wp-includes/post.php */ $value = apply_filters( "edit_{$field}", $value, $user_id ); } else { /** * Filters a user field value in the 'edit' context. * * The dynamic portion of the hook name, `$field`, refers to the prefixed user * field being filtered, such as 'user_login', 'user_email', 'first_name', etc. * * @since 2.9.0 * * @param mixed $value Value of the prefixed user field. * @param int $user_id User ID. */ $value = apply_filters( "edit_user_{$field}", $value, $user_id ); } if ( 'description' === $field ) { $value = esc_html( $value ); // textarea_escaped? } else { $value = esc_attr( $value ); } } elseif ( 'db' === $context ) { if ( $prefixed ) { /** This filter is documented in wp-includes/post.php */ $value = apply_filters( "pre_{$field}", $value ); } else { /** * Filters the value of a user field in the 'db' context. * * The dynamic portion of the hook name, `$field`, refers to the prefixed user * field being filtered, such as 'user_login', 'user_email', 'first_name', etc. * * @since 2.9.0 * * @param mixed $value Value of the prefixed user field. */ $value = apply_filters( "pre_user_{$field}", $value ); } } else { // Use display filters by default. if ( $prefixed ) { /** This filter is documented in wp-includes/post.php */ $value = apply_filters( "{$field}", $value, $user_id, $context ); } else { /** * Filters the value of a user field in a standard context. * * The dynamic portion of the hook name, `$field`, refers to the prefixed user * field being filtered, such as 'user_login', 'user_email', 'first_name', etc. * * @since 2.9.0 * * @param mixed $value The user object value to sanitize. * @param int $user_id User ID. * @param string $context The context to filter within. */ $value = apply_filters( "user_{$field}", $value, $user_id, $context ); } } if ( 'user_url' === $field ) { $value = esc_url( $value ); } if ( 'attribute' === $context ) { $value = esc_attr( $value ); } elseif ( 'js' === $context ) { $value = esc_js( $value ); } // Restore the type for integer fields after esc_attr(). if ( in_array( $field, $int_fields, true ) ) { $value = (int) $value; } return $value; } /** * Updates all user caches. * * @since 3.0.0 * * @param object|WP_User $user User object or database row to be cached * @return void|false Void on success, false on failure. */ function update_user_caches( $user ) { if ( $user instanceof WP_User ) { if ( ! $user->exists() ) { return false; } $user = $user->data; } wp_cache_add( $user->ID, $user, 'users' ); wp_cache_add( $user->user_login, $user->ID, 'userlogins' ); wp_cache_add( $user->user_nicename, $user->ID, 'userslugs' ); if ( ! empty( $user->user_email ) ) { wp_cache_add( $user->user_email, $user->ID, 'useremail' ); } } /** * Cleans all user caches. * * @since 3.0.0 * @since 4.4.0 'clean_user_cache' action was added. * @since 6.2.0 User metadata caches are now cleared. * * @param WP_User|int $user User object or ID to be cleaned from the cache */ function clean_user_cache( $user ) { if ( is_numeric( $user ) ) { $user = new WP_User( $user ); } if ( ! $user->exists() ) { return; } wp_cache_delete( $user->ID, 'users' ); wp_cache_delete( $user->user_login, 'userlogins' ); wp_cache_delete( $user->user_nicename, 'userslugs' ); if ( ! empty( $user->user_email ) ) { wp_cache_delete( $user->user_email, 'useremail' ); } wp_cache_delete( $user->ID, 'user_meta' ); wp_cache_set_users_last_changed(); /** * Fires immediately after the given user's cache is cleaned. * * @since 4.4.0 * * @param int $user_id User ID. * @param WP_User $user User object. */ do_action( 'clean_user_cache', $user->ID, $user ); } /** * Determines whether the given username exists. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.0.0 * * @param string $username The username to check for existence. * @return int|false The user ID on success, false on failure. */ function username_exists( $username ) { $user = get_user_by( 'login', $username ); if ( $user ) { $user_id = $user->ID; } else { $user_id = false; } /** * Filters whether the given username exists. * * @since 4.9.0 * * @param int|false $user_id The user ID associated with the username, * or false if the username does not exist. * @param string $username The username to check for existence. */ return apply_filters( 'username_exists', $user_id, $username ); } /** * Determines whether the given email exists. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.1.0 * * @param string $email The email to check for existence. * @return int|false The user ID on success, false on failure. */ function email_exists( $email ) { $user = get_user_by( 'email', $email ); if ( $user ) { $user_id = $user->ID; } else { $user_id = false; } /** * Filters whether the given email exists. * * @since 5.6.0 * * @param int|false $user_id The user ID associated with the email, * or false if the email does not exist. * @param string $email The email to check for existence. */ return apply_filters( 'email_exists', $user_id, $email ); } /** * Checks whether a username is valid. * * @since 2.0.1 * @since 4.4.0 Empty sanitized usernames are now considered invalid. * * @param string $username Username. * @return bool Whether username given is valid. */ function validate_username( $username ) { $sanitized = sanitize_user( $username, true ); $valid = ( $sanitized === $username && ! empty( $sanitized ) ); /** * Filters whether the provided username is valid. * * @since 2.0.1 * * @param bool $valid Whether given username is valid. * @param string $username Username to check. */ return apply_filters( 'validate_username', $valid, $username ); } /** * Inserts a user into the database. * * Most of the `$userdata` array fields have filters associated with the values. Exceptions are * 'ID', 'rich_editing', 'syntax_highlighting', 'comment_shortcuts', 'admin_color', 'use_ssl', * 'user_registered', 'user_activation_key', 'spam', and 'role'. The filters have the prefix * 'pre_user_' followed by the field name. An example using 'description' would have the filter * called 'pre_user_description' that can be hooked into. * * @since 2.0.0 * @since 3.6.0 The `aim`, `jabber`, and `yim` fields were removed as default user contact * methods for new installations. See wp_get_user_contact_methods(). * @since 4.7.0 The `locale` field can be passed to `$userdata`. * @since 5.3.0 The `user_activation_key` field can be passed to `$userdata`. * @since 5.3.0 The `spam` field can be passed to `$userdata` (Multisite only). * @since 5.9.0 The `meta_input` field can be passed to `$userdata` to allow addition of user meta data. * * @global wpdb $wpdb WordPress database abstraction object. * * @param array|object|WP_User $userdata { * An array, object, or WP_User object of user data arguments. * * @type int $ID User ID. If supplied, the user will be updated. * @type string $user_pass The plain-text user password for new users. * Hashed password for existing users. * @type string $user_login The user's login username. * @type string $user_nicename The URL-friendly user name. * @type string $user_url The user URL. * @type string $user_email The user email address. * @type string $display_name The user's display name. * Default is the user's username. * @type string $nickname The user's nickname. * Default is the user's username. * @type string $first_name The user's first name. For new users, will be used * to build the first part of the user's display name * if `$display_name` is not specified. * @type string $last_name The user's last name. For new users, will be used * to build the second part of the user's display name * if `$display_name` is not specified. * @type string $description The user's biographical description. * @type string $rich_editing Whether to enable the rich-editor for the user. * Accepts 'true' or 'false' as a string literal, * not boolean. Default 'true'. * @type string $syntax_highlighting Whether to enable the rich code editor for the user. * Accepts 'true' or 'false' as a string literal, * not boolean. Default 'true'. * @type string $comment_shortcuts Whether to enable comment moderation keyboard * shortcuts for the user. Accepts 'true' or 'false' * as a string literal, not boolean. Default 'false'. * @type string $admin_color Admin color scheme for the user. Default 'modern'. * @type bool $use_ssl Whether the user should always access the admin over * https. Default false. * @type string $user_registered Date the user registered in UTC. Format is 'Y-m-d H:i:s'. * @type string $user_activation_key Password reset key. Default empty. * @type bool $spam Multisite only. Whether the user is marked as spam. * Default false. * @type string $show_admin_bar_front Whether to display the Admin Bar for the user * on the site's front end. Accepts 'true' or 'false' * as a string literal, not boolean. Default 'true'. * @type string $role User's role. * @type string $locale User's locale. Default empty. * @type array $meta_input Array of custom user meta values keyed by meta key. * Default empty. * } * @return int|WP_Error The newly created user's ID or a WP_Error object if the user could not * be created. */ function wp_insert_user( $userdata ) { global $wpdb; if ( $userdata instanceof stdClass ) { $userdata = get_object_vars( $userdata ); } elseif ( $userdata instanceof WP_User ) { $userdata = $userdata->to_array(); } elseif ( $userdata instanceof Traversable ) { $userdata = iterator_to_array( $userdata ); } elseif ( $userdata instanceof ArrayAccess ) { $userdata_obj = $userdata; $userdata = array(); foreach ( array( 'ID', 'user_pass', 'user_login', 'user_nicename', 'user_url', 'user_email', 'display_name', 'nickname', 'first_name', 'last_name', 'description', 'rich_editing', 'syntax_highlighting', 'comment_shortcuts', 'admin_color', 'use_ssl', 'user_registered', 'user_activation_key', 'spam', 'show_admin_bar_front', 'role', 'locale', 'meta_input', ) as $key ) { if ( isset( $userdata_obj[ $key ] ) ) { $userdata[ $key ] = $userdata_obj[ $key ]; } } } else { $userdata = (array) $userdata; } // Are we updating or creating? if ( ! empty( $userdata['ID'] ) ) { $user_id = (int) $userdata['ID']; $update = true; $old_user_data = get_userdata( $user_id ); if ( ! $old_user_data ) { return new WP_Error( 'invalid_user_id', __( 'Invalid user ID.' ) ); } // Slash current user email to compare it later with slashed new user email. $old_user_data->user_email = wp_slash( $old_user_data->user_email ); // Hashed in wp_update_user(), plaintext if called directly. $user_pass = ! empty( $userdata['user_pass'] ) ? $userdata['user_pass'] : $old_user_data->user_pass; } else { $update = false; if ( empty( $userdata['user_pass'] ) ) { wp_trigger_error( __FUNCTION__, __( 'The user_pass field is required when creating a new user. The user will need to reset their password before logging in.' ), E_USER_WARNING ); // Set the password as an empty string to force the password reset flow. $userdata['user_pass'] = ''; } // Hash the password. $user_pass = wp_hash_password( $userdata['user_pass'] ); } $sanitized_user_login = sanitize_user( $userdata['user_login'] ?? '', true ); /** * Filters a username after it has been sanitized. * * This filter is called before the user is created or updated. * * @since 2.0.3 * * @param string $sanitized_user_login Username after it has been sanitized. */ $pre_user_login = apply_filters( 'pre_user_login', $sanitized_user_login ); // Remove any non-printable chars from the login string to see if we have ended up with an empty username. $user_login = trim( $pre_user_login ); // user_login must be between 0 and 60 characters. if ( empty( $user_login ) ) { return new WP_Error( 'empty_user_login', __( 'Cannot create a user with an empty login name.' ) ); } elseif ( mb_strlen( $user_login ) > 60 ) { return new WP_Error( 'user_login_too_long', __( 'Username may not be longer than 60 characters.' ) ); } if ( ! $update && username_exists( $user_login ) ) { return new WP_Error( 'existing_user_login', __( 'Sorry, that username already exists!' ) ); } /** * Filters the list of disallowed usernames. * * @since 4.4.0 * * @param array $usernames Array of disallowed usernames. */ $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() ); if ( in_array( strtolower( $user_login ), array_map( 'strtolower', $illegal_logins ), true ) ) { return new WP_Error( 'invalid_username', __( 'Sorry, that username is not allowed.' ) ); } /* * If a nicename is provided, remove unsafe user characters before using it. * Otherwise build a nicename from the user_login. */ if ( ! empty( $userdata['user_nicename'] ) ) { $user_nicename = sanitize_user( $userdata['user_nicename'], true ); } else { $user_nicename = mb_substr( $user_login, 0, 50 ); } $user_nicename = sanitize_title( $user_nicename ); /** * Filters a user's nicename before the user is created or updated. * * @since 2.0.3 * * @param string $user_nicename The user's nicename. */ $user_nicename = apply_filters( 'pre_user_nicename', $user_nicename ); // Check if the sanitized nicename is empty. if ( empty( $user_nicename ) ) { return new WP_Error( 'empty_user_nicename', __( 'Cannot create a user with an empty nicename.' ) ); } elseif ( mb_strlen( $user_nicename ) > 50 ) { return new WP_Error( 'user_nicename_too_long', __( 'Nicename may not be longer than 50 characters.' ) ); } $user_nicename_check = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->users WHERE user_nicename = %s AND user_login != %s LIMIT 1", $user_nicename, $user_login ) ); if ( $user_nicename_check ) { $suffix = 2; while ( $user_nicename_check ) { // user_nicename allows 50 chars. Subtract one for a hyphen, plus the length of the suffix. $base_length = 49 - mb_strlen( $suffix ); $alt_user_nicename = mb_substr( $user_nicename, 0, $base_length ) . "-$suffix"; $user_nicename_check = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->users WHERE user_nicename = %s AND user_login != %s LIMIT 1", $alt_user_nicename, $user_login ) ); ++$suffix; } $user_nicename = $alt_user_nicename; } $raw_user_email = empty( $userdata['user_email'] ) ? '' : $userdata['user_email']; /** * Filters a user's email before the user is created or updated. * * @since 2.0.3 * * @param string $raw_user_email The user's email. */ $user_email = apply_filters( 'pre_user_email', $raw_user_email ); /* * If there is no update, just check for `email_exists`. If there is an update, * check if current email and new email are the same, and check `email_exists` * accordingly. */ if ( ( ! $update || ( ! empty( $old_user_data ) && 0 !== strcasecmp( $user_email, $old_user_data->user_email ) ) ) && ! defined( 'WP_IMPORTING' ) && email_exists( $user_email ) ) { return new WP_Error( 'existing_user_email', __( 'Sorry, that email address is already used!' ) ); } $raw_user_url = empty( $userdata['user_url'] ) ? '' : $userdata['user_url']; /** * Filters a user's URL before the user is created or updated. * * @since 2.0.3 * * @param string $raw_user_url The user's URL. */ $user_url = apply_filters( 'pre_user_url', $raw_user_url ); if ( mb_strlen( $user_url ) > 100 ) { return new WP_Error( 'user_url_too_long', __( 'User URL may not be longer than 100 characters.' ) ); } $user_registered = empty( $userdata['user_registered'] ) ? gmdate( 'Y-m-d H:i:s' ) : $userdata['user_registered']; $user_activation_key = empty( $userdata['user_activation_key'] ) ? '' : $userdata['user_activation_key']; if ( ! empty( $userdata['spam'] ) && ! is_multisite() ) { return new WP_Error( 'no_spam', __( 'Sorry, marking a user as spam is only supported on Multisite.' ) ); } $spam = empty( $userdata['spam'] ) ? 0 : (bool) $userdata['spam']; // Store values to save in user meta. $meta = array(); $nickname = empty( $userdata['nickname'] ) ? $user_login : $userdata['nickname']; /** * Filters a user's nickname before the user is created or updated. * * @since 2.0.3 * * @param string $nickname The user's nickname. */ $meta['nickname'] = apply_filters( 'pre_user_nickname', $nickname ); $first_name = empty( $userdata['first_name'] ) ? '' : $userdata['first_name']; /** * Filters a user's first name before the user is created or updated. * * @since 2.0.3 * * @param string $first_name The user's first name. */ $meta['first_name'] = apply_filters( 'pre_user_first_name', $first_name ); $last_name = empty( $userdata['last_name'] ) ? '' : $userdata['last_name']; /** * Filters a user's last name before the user is created or updated. * * @since 2.0.3 * * @param string $last_name The user's last name. */ $meta['last_name'] = apply_filters( 'pre_user_last_name', $last_name ); if ( empty( $userdata['display_name'] ) ) { if ( $update ) { $display_name = $user_login; } elseif ( $meta['first_name'] && $meta['last_name'] ) { $display_name = sprintf( /* translators: 1: User's first name, 2: Last name. */ _x( '%1$s %2$s', 'Display name based on first name and last name' ), $meta['first_name'], $meta['last_name'] ); } elseif ( $meta['first_name'] ) { $display_name = $meta['first_name']; } elseif ( $meta['last_name'] ) { $display_name = $meta['last_name']; } else { $display_name = $user_login; } } else { $display_name = $userdata['display_name']; } /** * Filters a user's display name before the user is created or updated. * * @since 2.0.3 * * @param string $display_name The user's display name. */ $display_name = apply_filters( 'pre_user_display_name', $display_name ); $description = empty( $userdata['description'] ) ? '' : $userdata['description']; /** * Filters a user's description before the user is created or updated. * * @since 2.0.3 * * @param string $description The user's description. */ $meta['description'] = apply_filters( 'pre_user_description', $description ); $meta['rich_editing'] = empty( $userdata['rich_editing'] ) ? 'true' : $userdata['rich_editing']; $meta['syntax_highlighting'] = empty( $userdata['syntax_highlighting'] ) ? 'true' : $userdata['syntax_highlighting']; $meta['comment_shortcuts'] = empty( $userdata['comment_shortcuts'] ) || 'false' === $userdata['comment_shortcuts'] ? 'false' : 'true'; $admin_color = empty( $userdata['admin_color'] ) ? 'modern' : $userdata['admin_color']; $meta['admin_color'] = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $admin_color ); $meta['use_ssl'] = empty( $userdata['use_ssl'] ) ? '0' : '1'; $meta['show_admin_bar_front'] = empty( $userdata['show_admin_bar_front'] ) ? 'true' : $userdata['show_admin_bar_front']; $meta['locale'] = $userdata['locale'] ?? ''; $compacted = compact( 'user_pass', 'user_nicename', 'user_email', 'user_url', 'user_registered', 'user_activation_key', 'display_name' ); $data = wp_unslash( $compacted ); if ( ! $update ) { $data = $data + compact( 'user_login' ); } if ( is_multisite() ) { $data = $data + compact( 'spam' ); } /** * Filters user data before the record is created or updated. * * It only includes data in the users table, not any user metadata. * * @since 4.9.0 * @since 5.8.0 The `$userdata` parameter was added. * @since 6.8.0 The user's password is now hashed using bcrypt by default instead of phpass. * * @param array $data { * Values and keys for the user. * * @type string $user_login The user's login. Only included if $update == false * @type string $user_pass The user's password. * @type string $user_email The user's email. * @type string $user_url The user's url. * @type string $user_nicename The user's nice name. Defaults to a URL-safe version of user's login. * @type string $display_name The user's display name. * @type string $user_registered MySQL timestamp describing the moment when the user registered. Defaults to * the current UTC timestamp. * } * @param bool $update Whether the user is being updated rather than created. * @param int|null $user_id ID of the user to be updated, or NULL if the user is being created. * @param array $userdata The raw array of data passed to wp_insert_user(). */ $data = apply_filters( 'wp_pre_insert_user_data', $data, $update, ( $update ? $user_id : null ), $userdata ); if ( empty( $data ) || ! is_array( $data ) ) { return new WP_Error( 'empty_data', __( 'Not enough data to create this user.' ) ); } if ( $update ) { if ( $user_email !== $old_user_data->user_email || $user_pass !== $old_user_data->user_pass ) { $data['user_activation_key'] = ''; } $wpdb->update( $wpdb->users, $data, array( 'ID' => $user_id ) ); } else { $wpdb->insert( $wpdb->users, $data ); $user_id = (int) $wpdb->insert_id; } $user = new WP_User( $user_id ); if ( ! $update ) { /** This action is documented in wp-includes/pluggable.php */ do_action( 'wp_set_password', $userdata['user_pass'], $user_id, $user ); } /** * Filters a user's meta values and keys immediately after the user is created or updated * and before any user meta is inserted or updated. * * Does not include contact methods. These are added using `wp_get_user_contact_methods( $user )`. * * For custom meta fields, see the {@see 'insert_custom_user_meta'} filter. * * @since 4.4.0 * @since 5.8.0 The `$userdata` parameter was added. * * @param array $meta { * Default meta values and keys for the user. * * @type string $nickname The user's nickname. Default is the user's username. * @type string $first_name The user's first name. * @type string $last_name The user's last name. * @type string $description The user's description. * @type string $rich_editing Whether to enable the rich-editor for the user. Default 'true'. * @type string $syntax_highlighting Whether to enable the rich code editor for the user. Default 'true'. * @type string $comment_shortcuts Whether to enable keyboard shortcuts for the user. Default 'false'. * @type string $admin_color The color scheme for a user's admin screen. Default 'modern'. * @type int|bool $use_ssl Whether to force SSL on the user's admin area. 0|false if SSL * is not forced. * @type string $show_admin_bar_front Whether to show the admin bar on the front end for the user. * Default 'true'. * @type string $locale User's locale. Default empty. * } * @param WP_User $user User object. * @param bool $update Whether the user is being updated rather than created. * @param array $userdata The raw array of data passed to wp_insert_user(). */ $meta = apply_filters( 'insert_user_meta', $meta, $user, $update, $userdata ); $custom_meta = array(); if ( array_key_exists( 'meta_input', $userdata ) && is_array( $userdata['meta_input'] ) && ! empty( $userdata['meta_input'] ) ) { $custom_meta = $userdata['meta_input']; } /** * Filters a user's custom meta values and keys immediately after the user is created or updated * and before any user meta is inserted or updated. * * For non-custom meta fields, see the {@see 'insert_user_meta'} filter. * * @since 5.9.0 * * @param array $custom_meta Array of custom user meta values keyed by meta key. * @param WP_User $user User object. * @param bool $update Whether the user is being updated rather than created. * @param array $userdata The raw array of data passed to wp_insert_user(). */ $custom_meta = apply_filters( 'insert_custom_user_meta', $custom_meta, $user, $update, $userdata ); $meta = array_merge( $meta, $custom_meta ); if ( $update ) { // Update user meta. foreach ( $meta as $key => $value ) { update_user_meta( $user_id, $key, $value ); } } else { // Add user meta. foreach ( $meta as $key => $value ) { add_user_meta( $user_id, $key, $value ); } } foreach ( wp_get_user_contact_methods( $user ) as $key => $value ) { if ( isset( $userdata[ $key ] ) ) { update_user_meta( $user_id, $key, $userdata[ $key ] ); } } if ( isset( $userdata['role'] ) ) { $user->set_role( $userdata['role'] ); } elseif ( ! $update ) { $user->set_role( get_option( 'default_role' ) ); } clean_user_cache( $user_id ); if ( $update ) { /** * Fires immediately after an existing user is updated. * * @since 2.0.0 * @since 5.8.0 The `$userdata` parameter was added. * * @param int $user_id User ID. * @param WP_User $old_user_data Object containing user's data prior to update. * @param array $userdata The raw array of data passed to wp_insert_user(). */ do_action( 'profile_update', $user_id, $old_user_data, $userdata ); if ( isset( $userdata['spam'] ) && $userdata['spam'] !== $old_user_data->spam ) { if ( '1' === $userdata['spam'] ) { /** * Fires after the user is marked as a SPAM user. * * @since 3.0.0 * * @param int $user_id ID of the user marked as SPAM. */ do_action( 'make_spam_user', $user_id ); } else { /** * Fires after the user is marked as a HAM user. Opposite of SPAM. * * @since 3.0.0 * * @param int $user_id ID of the user marked as HAM. */ do_action( 'make_ham_user', $user_id ); } } } else { /** * Fires immediately after a new user is registered. * * @since 1.5.0 * @since 5.8.0 The `$userdata` parameter was added. * * @param int $user_id User ID. * @param array $userdata The raw array of data passed to wp_insert_user(). */ do_action( 'user_register', $user_id, $userdata ); } return $user_id; } /** * Updates a user in the database. * * It is possible to update a user's password by specifying the 'user_pass' * value in the $userdata parameter array. * * If current user's password is being updated, then the cookies will be * cleared. * * @since 2.0.0 * * @see wp_insert_user() For what fields can be set in $userdata. * * @param array|object|WP_User $userdata An array of user data or a user object of type stdClass or WP_User. * @return int|WP_Error The updated user's ID or a WP_Error object if the user could not be updated. */ function wp_update_user( $userdata ) { if ( $userdata instanceof stdClass ) { $userdata = get_object_vars( $userdata ); } elseif ( $userdata instanceof WP_User ) { $userdata = $userdata->to_array(); } $userdata_raw = $userdata; $user_id = (int) ( $userdata['ID'] ?? 0 ); if ( ! $user_id ) { return new WP_Error( 'invalid_user_id', __( 'Invalid user ID.' ) ); } // First, get all of the original fields. $user_obj = get_userdata( $user_id ); if ( ! $user_obj ) { return new WP_Error( 'invalid_user_id', __( 'Invalid user ID.' ) ); } $user = $user_obj->to_array(); // Add additional custom fields. foreach ( _get_additional_user_keys( $user_obj ) as $key ) { $user[ $key ] = get_user_meta( $user_id, $key, true ); } // Escape data pulled from DB. $user = add_magic_quotes( $user ); if ( ! empty( $userdata['user_pass'] ) && $userdata['user_pass'] !== $user_obj->user_pass ) { // If password is changing, hash it now. $plaintext_pass = $userdata['user_pass']; $userdata['user_pass'] = wp_hash_password( $userdata['user_pass'] ); /** This action is documented in wp-includes/pluggable.php */ do_action( 'wp_set_password', $plaintext_pass, $user_id, $user_obj ); /** * Filters whether to send the password change email. * * @since 4.3.0 * * @see wp_insert_user() For `$user` and `$userdata` fields. * * @param bool $send Whether to send the email. * @param array $user The original user array. * @param array $userdata The updated user array. */ $send_password_change_email = apply_filters( 'send_password_change_email', true, $user, $userdata ); } if ( isset( $userdata['user_email'] ) && $user['user_email'] !== $userdata['user_email'] ) { /** * Filters whether to send the email change email. * * @since 4.3.0 * * @see wp_insert_user() For `$user` and `$userdata` fields. * * @param bool $send Whether to send the email. * @param array $user The original user array. * @param array $userdata The updated user array. */ $send_email_change_email = apply_filters( 'send_email_change_email', true, $user, $userdata ); } clean_user_cache( $user_obj ); // Merge old and new fields with new fields overwriting old ones. $userdata = array_merge( $user, $userdata ); $user_id = wp_insert_user( $userdata ); if ( is_wp_error( $user_id ) ) { return $user_id; } $blog_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); $switched_locale = false; if ( ! empty( $send_password_change_email ) || ! empty( $send_email_change_email ) ) { $switched_locale = switch_to_user_locale( $user_id ); } if ( ! empty( $send_password_change_email ) ) { /* translators: Do not translate USERNAME, ADMIN_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */ $pass_change_text = __( 'Hi ###USERNAME###, This notice confirms that your password was changed on ###SITENAME###. If you did not change your password, please contact the Site Administrator at ###ADMIN_EMAIL### This email has been sent to ###EMAIL### Regards, All at ###SITENAME### ###SITEURL###' ); $pass_change_email = array( 'to' => $user['user_email'], /* translators: Password change notification email subject. %s: Site title. */ 'subject' => __( '[%s] Password Changed' ), 'message' => $pass_change_text, 'headers' => '', ); /** * Filters the contents of the email sent when the user's password is changed. * * @since 4.3.0 * * @param array $pass_change_email { * Used to build wp_mail(). * * @type string $to The intended recipients. Add emails in a comma separated string. * @type string $subject The subject of the email. * @type string $message The content of the email. * The following strings have a special meaning and will get replaced dynamically: * - `###USERNAME###` The current user's username. * - `###ADMIN_EMAIL###` The admin email in case this was unexpected. * - `###EMAIL###` The user's email address. * - `###SITENAME###` The name of the site. * - `###SITEURL###` The URL to the site. * @type string $headers Headers. Add headers in a newline (\r\n) separated string. * } * @param array $user The original user array. * @param array $userdata The updated user array. */ $pass_change_email = apply_filters( 'password_change_email', $pass_change_email, $user, $userdata ); $pass_change_email['message'] = str_replace( '###USERNAME###', $user['user_login'], $pass_change_email['message'] ); $pass_change_email['message'] = str_replace( '###ADMIN_EMAIL###', get_option( 'admin_email' ), $pass_change_email['message'] ); $pass_change_email['message'] = str_replace( '###EMAIL###', $user['user_email'], $pass_change_email['message'] ); $pass_change_email['message'] = str_replace( '###SITENAME###', $blog_name, $pass_change_email['message'] ); $pass_change_email['message'] = str_replace( '###SITEURL###', home_url(), $pass_change_email['message'] ); wp_mail( $pass_change_email['to'], sprintf( $pass_change_email['subject'], $blog_name ), $pass_change_email['message'], $pass_change_email['headers'] ); } if ( ! empty( $send_email_change_email ) ) { /* translators: Do not translate USERNAME, ADMIN_EMAIL, NEW_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */ $email_change_text = __( 'Hi ###USERNAME###, This notice confirms that your email address on ###SITENAME### was changed to ###NEW_EMAIL###. If you did not change your email, please contact the Site Administrator at ###ADMIN_EMAIL### This email has been sent to ###EMAIL### Regards, All at ###SITENAME### ###SITEURL###' ); $email_change_email = array( 'to' => $user['user_email'], /* translators: Email change notification email subject. %s: Site title. */ 'subject' => __( '[%s] Email Changed' ), 'message' => $email_change_text, 'headers' => '', ); /** * Filters the contents of the email sent when the user's email is changed. * * @since 4.3.0 * * @param array $email_change_email { * Used to build wp_mail(). * * @type string $to The intended recipients. * @type string $subject The subject of the email. * @type string $message The content of the email. * The following strings have a special meaning and will get replaced dynamically: * - `###USERNAME###` The current user's username. * - `###ADMIN_EMAIL###` The admin email in case this was unexpected. * - `###NEW_EMAIL###` The new email address. * - `###EMAIL###` The old email address. * - `###SITENAME###` The name of the site. * - `###SITEURL###` The URL to the site. * @type string $headers Headers. * } * @param array $user The original user array. * @param array $userdata The updated user array. */ $email_change_email = apply_filters( 'email_change_email', $email_change_email, $user, $userdata ); $email_change_email['message'] = str_replace( '###USERNAME###', $user['user_login'], $email_change_email['message'] ); $email_change_email['message'] = str_replace( '###ADMIN_EMAIL###', get_option( 'admin_email' ), $email_change_email['message'] ); $email_change_email['message'] = str_replace( '###NEW_EMAIL###', $userdata['user_email'], $email_change_email['message'] ); $email_change_email['message'] = str_replace( '###EMAIL###', $user['user_email'], $email_change_email['message'] ); $email_change_email['message'] = str_replace( '###SITENAME###', $blog_name, $email_change_email['message'] ); $email_change_email['message'] = str_replace( '###SITEURL###', home_url(), $email_change_email['message'] ); wp_mail( $email_change_email['to'], sprintf( $email_change_email['subject'], $blog_name ), $email_change_email['message'], $email_change_email['headers'] ); } if ( $switched_locale ) { restore_previous_locale(); } // Update the cookies if the password changed. $current_user = wp_get_current_user(); if ( $current_user->ID === $user_id ) { if ( isset( $plaintext_pass ) ) { /* * Here we calculate the expiration length of the current auth cookie and compare it to the default expiration. * If it's greater than this, then we know the user checked 'Remember Me' when they logged in. */ $logged_in_cookie = wp_parse_auth_cookie( '', 'logged_in' ); /** This filter is documented in wp-includes/pluggable.php */ $default_cookie_life = apply_filters( 'auth_cookie_expiration', ( 2 * DAY_IN_SECONDS ), $user_id, false ); wp_clear_auth_cookie(); $remember = false; $token = ''; if ( false !== $logged_in_cookie ) { $token = $logged_in_cookie['token']; } if ( false !== $logged_in_cookie && ( (int) $logged_in_cookie['expiration'] - time() ) > $default_cookie_life ) { $remember = true; } wp_set_auth_cookie( $user_id, $remember, '', $token ); } } /** * Fires after the user has been updated and emails have been sent. * * @since 6.3.0 * * @param int $user_id The ID of the user that was just updated. * @param array $userdata The array of user data that was updated. * @param array $userdata_raw The unedited array of user data that was updated. */ do_action( 'wp_update_user', $user_id, $userdata, $userdata_raw ); return $user_id; } /** * Provides a simpler way of inserting a user into the database. * * Creates a new user with just the username, password, and email. For more * complex user creation use wp_insert_user() to specify more information. * * @since 2.0.0 * * @see wp_insert_user() More complete way to create a new user. * * @param string $username The user's username. * @param string $password The user's password. * @param string $email Optional. The user's email. Default empty. * @return int|WP_Error The newly created user's ID or a WP_Error object if the user could not * be created. */ function wp_create_user( $username, #[\SensitiveParameter] $password, $email = '' ) { $user_login = wp_slash( $username ); $user_email = wp_slash( $email ); $user_pass = $password; $userdata = compact( 'user_login', 'user_email', 'user_pass' ); return wp_insert_user( $userdata ); } /** * Returns a list of meta keys to be (maybe) populated in wp_update_user(). * * The list of keys returned via this function are dependent on the presence * of those keys in the user meta data to be set. * * @since 3.3.0 * @access private * * @param WP_User $user WP_User instance. * @return string[] List of user keys to be populated in wp_update_user(). */ function _get_additional_user_keys( $user ) { $keys = array( 'first_name', 'last_name', 'nickname', 'description', 'rich_editing', 'syntax_highlighting', 'comment_shortcuts', 'admin_color', 'use_ssl', 'show_admin_bar_front', 'locale' ); return array_merge( $keys, array_keys( wp_get_user_contact_methods( $user ) ) ); } /** * Sets up the user contact methods. * * Default contact methods were removed for new installations in WordPress 3.6 * and completely removed from the codebase in WordPress 6.9. * * Use the {@see 'user_contactmethods'} filter to add or remove contact methods. * * @since 3.7.0 * @since 6.9.0 Removed references to `aim`, `jabber`, and `yim` contact methods. * * @param WP_User|null $user Optional. WP_User object. * @return string[] Array of contact method labels keyed by contact method. */ function wp_get_user_contact_methods( $user = null ) { $methods = array(); /** * Filters the user contact methods. * * @since 2.9.0 * * @param string[] $methods Array of contact method labels keyed by contact method. * @param WP_User|null $user WP_User object or null if none was provided. */ return apply_filters( 'user_contactmethods', $methods, $user ); } /** * The old private function for setting up user contact methods. * * Use wp_get_user_contact_methods() instead. * * @since 2.9.0 * @access private * * @param WP_User|null $user Optional. WP_User object. Default null. * @return string[] Array of contact method labels keyed by contact method. */ function _wp_get_user_contactmethods( $user = null ) { return wp_get_user_contact_methods( $user ); } /** * Gets the text suggesting how to create strong passwords. * * @since 4.1.0 * * @return string The password hint text. */ function wp_get_password_hint() { $hint = __( 'Hint: The password should be at least twelve characters long. To make it stronger, use upper and lower case letters, numbers, and symbols like ! " ? $ % ^ & ).' ); /** * Filters the text describing the site's password complexity policy. * * @since 4.1.0 * * @param string $hint The password hint text. */ return apply_filters( 'password_hint', $hint ); } /** * Creates, stores, then returns a password reset key for user. * * @since 4.4.0 * * @param WP_User $user User to retrieve password reset key for. * @return string|WP_Error Password reset key on success. WP_Error on error. */ function get_password_reset_key( $user ) { if ( ! ( $user instanceof WP_User ) ) { return new WP_Error( 'invalidcombo', __( 'Error: There is no account with that username or email address.' ) ); } /** * Fires before a new password is retrieved. * * Use the {@see 'retrieve_password'} hook instead. * * @since 1.5.0 * @deprecated 1.5.1 Misspelled. Use {@see 'retrieve_password'} hook instead. * * @param string $user_login The user login name. */ do_action_deprecated( 'retreive_password', array( $user->user_login ), '1.5.1', 'retrieve_password' ); /** * Fires before a new password is retrieved. * * @since 1.5.1 * * @param string $user_login The user login name. */ do_action( 'retrieve_password', $user->user_login ); $password_reset_allowed = wp_is_password_reset_allowed_for_user( $user ); if ( ! $password_reset_allowed ) { return new WP_Error( 'no_password_reset', __( 'Password reset is not allowed for this user' ) ); } elseif ( is_wp_error( $password_reset_allowed ) ) { return $password_reset_allowed; } // Generate something random for a password reset key. $key = wp_generate_password( 20, false ); /** * Fires when a password reset key is generated. * * @since 2.5.0 * * @param string $user_login The username for the user. * @param string $key The generated password reset key. */ do_action( 'retrieve_password_key', $user->user_login, $key ); $hashed = time() . ':' . wp_fast_hash( $key ); $key_saved = wp_update_user( array( 'ID' => $user->ID, 'user_activation_key' => $hashed, ) ); if ( is_wp_error( $key_saved ) ) { return $key_saved; } return $key; } /** * Retrieves a user row based on password reset key and login. * * A key is considered 'expired' if it exactly matches the value of the * user_activation_key field, rather than being matched after going through the * hashing process. This field is now hashed; old values are no longer accepted * but have a different WP_Error code so good user feedback can be provided. * * @since 3.1.0 * * @param string $key The password reset key. * @param string $login The user login. * @return WP_User|WP_Error WP_User object on success, WP_Error object for invalid or expired keys. */ function check_password_reset_key( #[\SensitiveParameter] $key, $login ) { $key = preg_replace( '/[^a-z0-9]/i', '', $key ); if ( empty( $key ) || ! is_string( $key ) ) { return new WP_Error( 'invalid_key', __( 'Invalid key.' ) ); } if ( empty( $login ) || ! is_string( $login ) ) { return new WP_Error( 'invalid_key', __( 'Invalid key.' ) ); } $user = get_user_by( 'login', $login ); if ( ! $user ) { return new WP_Error( 'invalid_key', __( 'Invalid key.' ) ); } /** * Filters the expiration time of password reset keys. * * @since 4.3.0 * * @param int $expiration The expiration time in seconds. */ $expiration_duration = apply_filters( 'password_reset_expiration', DAY_IN_SECONDS ); if ( str_contains( $user->user_activation_key, ':' ) ) { list( $pass_request_time, $pass_key ) = explode( ':', $user->user_activation_key, 2 ); $expiration_time = $pass_request_time + $expiration_duration; } else { $pass_key = $user->user_activation_key; $expiration_time = false; } if ( ! $pass_key ) { return new WP_Error( 'invalid_key', __( 'Invalid key.' ) ); } $hash_is_correct = wp_verify_fast_hash( $key, $pass_key ); if ( $hash_is_correct && $expiration_time && time() < $expiration_time ) { return $user; } elseif ( $hash_is_correct && $expiration_time ) { // Key has an expiration time that's passed. return new WP_Error( 'expired_key', __( 'Invalid key.' ) ); } if ( hash_equals( $user->user_activation_key, $key ) || ( $hash_is_correct && ! $expiration_time ) ) { $return = new WP_Error( 'expired_key', __( 'Invalid key.' ) ); $user_id = $user->ID; /** * Filters the return value of check_password_reset_key() when an * old-style key or an expired key is used. * * Prior to 3.7, plain-text keys were stored in the database. * * @since 3.7.0 * @since 4.3.0 Previously key hashes were stored without an expiration time. * * @param WP_Error $return A WP_Error object denoting an expired key. * Return a WP_User object to validate the key. * @param int $user_id The matched user ID. */ return apply_filters( 'password_reset_key_expired', $return, $user_id ); } return new WP_Error( 'invalid_key', __( 'Invalid key.' ) ); } /** * Handles sending a password retrieval email to a user. * * @since 2.5.0 * @since 5.7.0 Added `$user_login` parameter. * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $user_login Optional. Username to send a password retrieval email for. * Defaults to `$_POST['user_login']` if not set. * @return true|WP_Error True when finished, WP_Error object on error. */ function retrieve_password( $user_login = '' ) { $errors = new WP_Error(); $user_data = false; // Use the passed $user_login if available, otherwise use $_POST['user_login']. if ( ! $user_login && ! empty( $_POST['user_login'] ) && is_string( $_POST['user_login'] ) ) { $user_login = $_POST['user_login']; } $user_login = trim( wp_unslash( $user_login ) ); if ( empty( $user_login ) ) { $errors->add( 'empty_username', __( 'Error: Please enter a username or email address.' ) ); } elseif ( strpos( $user_login, '@' ) ) { $user_data = get_user_by( 'email', $user_login ); if ( empty( $user_data ) ) { $user_data = get_user_by( 'login', $user_login ); } if ( empty( $user_data ) ) { $errors->add( 'invalid_email', __( 'Error: There is no account with that username or email address.' ) ); } } else { $user_data = get_user_by( 'login', $user_login ); } /** * Filters the user data during a password reset request. * * Allows, for example, custom validation using data other than username or email address. * * @since 5.7.0 * * @param WP_User|false $user_data WP_User object if found, false if the user does not exist. * @param WP_Error $errors A WP_Error object containing any errors generated * by using invalid credentials. */ $user_data = apply_filters( 'lostpassword_user_data', $user_data, $errors ); /** * Fires before errors are returned from a password reset request. * * @since 2.1.0 * @since 4.4.0 Added the `$errors` parameter. * @since 5.4.0 Added the `$user_data` parameter. * * @param WP_Error $errors A WP_Error object containing any errors generated * by using invalid credentials. * @param WP_User|false $user_data WP_User object if found, false if the user does not exist. */ do_action( 'lostpassword_post', $errors, $user_data ); /** * Filters the errors encountered on a password reset request. * * The filtered WP_Error object may, for example, contain errors for an invalid * username or email address. A WP_Error object should always be returned, * but may or may not contain errors. * * If any errors are present in $errors, this will abort the password reset request. * * @since 5.5.0 * * @param WP_Error $errors A WP_Error object containing any errors generated * by using invalid credentials. * @param WP_User|false $user_data WP_User object if found, false if the user does not exist. */ $errors = apply_filters( 'lostpassword_errors', $errors, $user_data ); if ( $errors->has_errors() ) { return $errors; } if ( ! $user_data ) { $errors->add( 'invalidcombo', __( 'Error: There is no account with that username or email address.' ) ); return $errors; } /** * Filters whether to send the retrieve password email. * * Return false to disable sending the email. * * @since 6.0.0 * * @param bool $send Whether to send the email. * @param string $user_login The username for the user. * @param WP_User $user_data WP_User object. */ if ( ! apply_filters( 'send_retrieve_password_email', true, $user_login, $user_data ) ) { return true; } // Redefining user_login ensures we return the right case in the email. $user_login = $user_data->user_login; $user_email = $user_data->user_email; $key = get_password_reset_key( $user_data ); if ( is_wp_error( $key ) ) { return $key; } // Localize password reset message content for user. $locale = get_user_locale( $user_data ); $switched_locale = switch_to_user_locale( $user_data->ID ); if ( is_multisite() ) { $site_name = get_network()->site_name; } else { /* * The blogname option is escaped with esc_html on the way into the database * in sanitize_option. We want to reverse this for the plain text arena of emails. */ $site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); } $message = __( 'Someone has requested a password reset for the following account:' ) . "\r\n\r\n"; /* translators: %s: Site name. */ $message .= sprintf( __( 'Site Name: %s' ), $site_name ) . "\r\n\r\n"; /* translators: %s: User login. */ $message .= sprintf( __( 'Username: %s' ), $user_login ) . "\r\n\r\n"; $message .= __( 'If this was a mistake, ignore this email and nothing will happen.' ) . "\r\n\r\n"; $message .= __( 'To reset your password, visit the following address:' ) . "\r\n\r\n"; /* * Since some user login names end in a period, this could produce ambiguous URLs that * end in a period. To avoid the ambiguity, ensure that the login is not the last query * arg in the URL. If moving it to the end, a trailing period will need to be escaped. * * @see https://core.trac.wordpress.org/tickets/42957 */ $message .= network_site_url( 'wp-login.php?login=' . rawurlencode( $user_login ) . "&key=$key&action=rp", 'login' ) . '&wp_lang=' . $locale . "\r\n\r\n"; if ( ! is_user_logged_in() ) { $requester_ip = $_SERVER['REMOTE_ADDR']; if ( $requester_ip ) { $message .= sprintf( /* translators: %s: IP address of password reset requester. */ __( 'This password reset request originated from the IP address %s.' ), $requester_ip ) . "\r\n"; } } /* translators: Password reset notification email subject. %s: Site title. */ $title = sprintf( __( '[%s] Password Reset' ), $site_name ); /** * Filters the subject of the password reset email. * * @since 2.8.0 * @since 4.4.0 Added the `$user_login` and `$user_data` parameters. * * @param string $title Email subject. * @param string $user_login The username for the user. * @param WP_User $user_data WP_User object. */ $title = apply_filters( 'retrieve_password_title', $title, $user_login, $user_data ); /** * Filters the message body of the password reset mail. * * If the filtered message is empty, the password reset email will not be sent. * * @since 2.8.0 * @since 4.1.0 Added `$user_login` and `$user_data` parameters. * * @param string $message Email message. * @param string $key The activation key. * @param string $user_login The username for the user. * @param WP_User $user_data WP_User object. */ $message = apply_filters( 'retrieve_password_message', $message, $key, $user_login, $user_data ); // Short-circuit on falsey $message value for backwards compatibility. if ( ! $message ) { return true; } /* * Wrap the single notification email arguments in an array * to pass them to the retrieve_password_notification_email filter. */ $defaults = array( 'to' => $user_email, 'subject' => $title, 'message' => $message, 'headers' => '', ); /** * Filters the contents of the reset password notification email sent to the user. * * @since 6.0.0 * * @param array $defaults { * The default notification email arguments. Used to build wp_mail(). * * @type string $to The intended recipient - user email address. * @type string $subject The subject of the email. * @type string $message The body of the email. * @type string $headers The headers of the email. * } * @param string $key The activation key. * @param string $user_login The username for the user. * @param WP_User $user_data WP_User object. */ $notification_email = apply_filters( 'retrieve_password_notification_email', $defaults, $key, $user_login, $user_data ); if ( $switched_locale ) { restore_previous_locale(); } if ( is_array( $notification_email ) ) { // Force key order and merge defaults in case any value is missing in the filtered array. $notification_email = array_merge( $defaults, $notification_email ); } else { $notification_email = $defaults; } list( $to, $subject, $message, $headers ) = array_values( $notification_email ); $subject = wp_specialchars_decode( $subject ); if ( ! wp_mail( $to, $subject, $message, $headers ) ) { $errors->add( 'retrieve_password_email_failure', sprintf( /* translators: %s: Documentation URL. */ __( 'Error: The email could not be sent. Your site may not be correctly configured to send emails. Get support for resetting your password.' ), esc_url( __( 'https://wordpress.org/documentation/article/reset-your-password/' ) ) ) ); return $errors; } return true; } /** * Handles resetting the user's password. * * @since 2.5.0 * * @param WP_User $user The user * @param string $new_pass New password for the user in plaintext */ function reset_password( $user, #[\SensitiveParameter] $new_pass ) { /** * Fires before the user's password is reset. * * @since 1.5.0 * * @param WP_User $user The user. * @param string $new_pass New user password. */ do_action( 'password_reset', $user, $new_pass ); wp_set_password( $new_pass, $user->ID ); update_user_meta( $user->ID, 'default_password_nag', false ); /** * Fires after the user's password is reset. * * @since 4.4.0 * * @param WP_User $user The user. * @param string $new_pass New user password. */ do_action( 'after_password_reset', $user, $new_pass ); } /** * Handles registering a new user. * * @since 2.5.0 * * @param string $user_login User's username for logging in * @param string $user_email User's email address to send password and add * @return int|WP_Error Either user's ID or error on failure. */ function register_new_user( $user_login, $user_email ) { $errors = new WP_Error(); $sanitized_user_login = sanitize_user( $user_login ); /** * Filters the email address of a user being registered. * * @since 2.1.0 * * @param string $user_email The email address of the new user. */ $user_email = apply_filters( 'user_registration_email', $user_email ); // Check the username. if ( '' === $sanitized_user_login ) { $errors->add( 'empty_username', __( 'Error: Please enter a username.' ) ); } elseif ( ! validate_username( $user_login ) ) { $errors->add( 'invalid_username', __( 'Error: This username is invalid because it uses illegal characters. Please enter a valid username.' ) ); $sanitized_user_login = ''; } elseif ( username_exists( $sanitized_user_login ) ) { $errors->add( 'username_exists', __( 'Error: This username is already registered. Please choose another one.' ) ); } else { /** This filter is documented in wp-includes/user.php */ $illegal_user_logins = (array) apply_filters( 'illegal_user_logins', array() ); if ( in_array( strtolower( $sanitized_user_login ), array_map( 'strtolower', $illegal_user_logins ), true ) ) { $errors->add( 'invalid_username', __( 'Error: Sorry, that username is not allowed.' ) ); } } // Check the email address. if ( '' === $user_email ) { $errors->add( 'empty_email', __( 'Error: Please type your email address.' ) ); } elseif ( ! is_email( $user_email ) ) { $errors->add( 'invalid_email', __( 'Error: The email address is not correct.' ) ); $user_email = ''; } elseif ( email_exists( $user_email ) ) { $errors->add( 'email_exists', sprintf( /* translators: %s: Link to the login page. */ __( 'Error: This email address is already registered. Log in with this address or choose another one.' ), wp_login_url() ) ); } /** * Fires when submitting registration form data, before the user is created. * * @since 2.1.0 * * @param string $sanitized_user_login The submitted username after being sanitized. * @param string $user_email The submitted email. * @param WP_Error $errors Contains any errors with submitted username and email, * e.g., an empty field, an invalid username or email, * or an existing username or email. */ do_action( 'register_post', $sanitized_user_login, $user_email, $errors ); /** * Filters the errors encountered when a new user is being registered. * * The filtered WP_Error object may, for example, contain errors for an invalid * or existing username or email address. A WP_Error object should always be returned, * but may or may not contain errors. * * If any errors are present in $errors, this will abort the user's registration. * * @since 2.1.0 * * @param WP_Error $errors A WP_Error object containing any errors encountered * during registration. * @param string $sanitized_user_login User's username after it has been sanitized. * @param string $user_email User's email. */ $errors = apply_filters( 'registration_errors', $errors, $sanitized_user_login, $user_email ); if ( $errors->has_errors() ) { return $errors; } $user_pass = wp_generate_password( 12, false ); $user_id = wp_create_user( $sanitized_user_login, $user_pass, $user_email ); if ( ! $user_id || is_wp_error( $user_id ) ) { $errors->add( 'registerfail', sprintf( /* translators: %s: Admin email address. */ __( 'Error: Could not register you… please contact the site admin!' ), get_option( 'admin_email' ) ) ); return $errors; } update_user_meta( $user_id, 'default_password_nag', true ); // Set up the password change nag. if ( ! empty( $_COOKIE['wp_lang'] ) ) { $wp_lang = sanitize_text_field( $_COOKIE['wp_lang'] ); if ( in_array( $wp_lang, get_available_languages(), true ) ) { update_user_meta( $user_id, 'locale', $wp_lang ); // Set user locale if defined on registration. } } /** * Fires after a new user registration has been recorded. * * @since 4.4.0 * * @param int $user_id ID of the newly registered user. */ do_action( 'register_new_user', $user_id ); return $user_id; } /** * Initiates email notifications related to the creation of new users. * * Notifications are sent both to the site admin and to the newly created user. * * @since 4.4.0 * @since 4.6.0 Converted the `$notify` parameter to accept 'user' for sending * notifications only to the user created. * * @param int $user_id ID of the newly created user. * @param string $notify Optional. Type of notification that should happen. Accepts 'admin' * or an empty string (admin only), 'user', or 'both' (admin and user). * Default 'both'. */ function wp_send_new_user_notifications( $user_id, $notify = 'both' ) { wp_new_user_notification( $user_id, null, $notify ); } /** * Retrieves the current session token from the logged_in cookie. * * @since 4.0.0 * * @return string Token. */ function wp_get_session_token() { $cookie = wp_parse_auth_cookie( '', 'logged_in' ); return ! empty( $cookie['token'] ) ? $cookie['token'] : ''; } /** * Retrieves a list of sessions for the current user. * * @since 4.0.0 * * @return array Array of sessions. */ function wp_get_all_sessions() { $manager = WP_Session_Tokens::get_instance( get_current_user_id() ); return $manager->get_all(); } /** * Removes the current session token from the database. * * @since 4.0.0 */ function wp_destroy_current_session() { $token = wp_get_session_token(); if ( $token ) { $manager = WP_Session_Tokens::get_instance( get_current_user_id() ); $manager->destroy( $token ); } } /** * Removes all but the current session token for the current user for the database. * * @since 4.0.0 */ function wp_destroy_other_sessions() { $token = wp_get_session_token(); if ( $token ) { $manager = WP_Session_Tokens::get_instance( get_current_user_id() ); $manager->destroy_others( $token ); } } /** * Removes all session tokens for the current user from the database. * * @since 4.0.0 */ function wp_destroy_all_sessions() { $manager = WP_Session_Tokens::get_instance( get_current_user_id() ); $manager->destroy_all(); } /** * Gets the user IDs of all users with no role on this site. * * @since 4.4.0 * @since 4.9.0 The `$site_id` parameter was added to support multisite. * * @global wpdb $wpdb WordPress database abstraction object. * * @param int|null $site_id Optional. The site ID to get users with no role for. Defaults to the current site. * @return string[] Array of user IDs as strings. */ function wp_get_users_with_no_role( $site_id = null ) { global $wpdb; if ( ! $site_id ) { $site_id = get_current_blog_id(); } $prefix = $wpdb->get_blog_prefix( $site_id ); if ( is_multisite() && get_current_blog_id() !== $site_id ) { switch_to_blog( $site_id ); $role_names = wp_roles()->get_names(); restore_current_blog(); } else { $role_names = wp_roles()->get_names(); } $regex = implode( '|', array_keys( $role_names ) ); $regex = preg_replace( '/[^a-zA-Z_\|-]/', '', $regex ); $users = $wpdb->get_col( $wpdb->prepare( "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '{$prefix}capabilities' AND meta_value NOT REGEXP %s", $regex ) ); return $users; } /** * Retrieves the current user object. * * Will set the current user, if the current user is not set. The current user * will be set to the logged-in person. If no user is logged-in, then it will * set the current user to 0, which is invalid and won't have any permissions. * * This function is used by the pluggable functions wp_get_current_user() and * get_currentuserinfo(), the latter of which is deprecated but used for backward * compatibility. * * @since 4.5.0 * @access private * * @see wp_get_current_user() * @global WP_User $current_user Checks if the current user is set. * * @return WP_User Current WP_User instance. */ function _wp_get_current_user() { global $current_user; if ( ! empty( $current_user ) ) { if ( $current_user instanceof WP_User ) { return $current_user; } // Upgrade stdClass to WP_User. if ( is_object( $current_user ) && isset( $current_user->ID ) ) { $cur_id = $current_user->ID; $current_user = null; wp_set_current_user( $cur_id ); return $current_user; } // $current_user has a junk value. Force to WP_User with ID 0. $current_user = null; wp_set_current_user( 0 ); return $current_user; } if ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) { wp_set_current_user( 0 ); return $current_user; } /** * Filters the current user. * * The default filters use this to determine the current user from the * request's cookies, if available. * * Returning a value of false will effectively short-circuit setting * the current user. * * @since 3.9.0 * * @param int|false $user_id User ID if one has been determined, false otherwise. */ $user_id = apply_filters( 'determine_current_user', false ); if ( ! $user_id ) { wp_set_current_user( 0 ); return $current_user; } wp_set_current_user( $user_id ); return $current_user; } /** * Sends a confirmation request email when a change of user email address is attempted. * * @since 3.0.0 * @since 4.9.0 This function was moved from wp-admin/includes/ms.php so it's no longer Multisite specific. * * @global WP_Error $errors WP_Error object. */ function send_confirmation_on_profile_email() { global $errors; $current_user = wp_get_current_user(); if ( ! is_object( $errors ) ) { $errors = new WP_Error(); } if ( $current_user->ID !== (int) $_POST['user_id'] ) { return false; } if ( $current_user->user_email !== $_POST['email'] ) { if ( ! is_email( $_POST['email'] ) ) { $errors->add( 'user_email', __( 'Error: The email address is not correct.' ), array( 'form-field' => 'email', ) ); return; } if ( email_exists( $_POST['email'] ) ) { $errors->add( 'user_email', __( 'Error: The email address is already used.' ), array( 'form-field' => 'email', ) ); delete_user_meta( $current_user->ID, '_new_email' ); return; } $hash = md5( $_POST['email'] . time() . wp_rand() ); $new_user_email = array( 'hash' => $hash, 'newemail' => $_POST['email'], ); update_user_meta( $current_user->ID, '_new_email', $new_user_email ); $sitename = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */ $email_text = __( 'Howdy ###USERNAME###, You recently requested to have the email address on your account changed. If this is correct, please click on the following link to change it: ###ADMIN_URL### You can safely ignore and delete this email if you do not want to take this action. This email has been sent to ###EMAIL### Regards, All at ###SITENAME### ###SITEURL###' ); /** * Filters the text of the email sent when a change of user email address is attempted. * * The following strings have a special meaning and will get replaced dynamically: * * - `###USERNAME###` The current user's username. * - `###ADMIN_URL###` The link to click on to confirm the email change. * - `###EMAIL###` The new email. * - `###SITENAME###` The name of the site. * - `###SITEURL###` The URL to the site. * * @since MU (3.0.0) * @since 4.9.0 This filter is no longer Multisite specific. * * @param string $email_text Text in the email. * @param array $new_user_email { * Data relating to the new user email address. * * @type string $hash The secure hash used in the confirmation link URL. * @type string $newemail The proposed new email address. * } */ $content = apply_filters( 'new_user_email_content', $email_text, $new_user_email ); $content = str_replace( '###USERNAME###', $current_user->user_login, $content ); $content = str_replace( '###ADMIN_URL###', esc_url( self_admin_url( 'profile.php?newuseremail=' . $hash ) ), $content ); $content = str_replace( '###EMAIL###', $_POST['email'], $content ); $content = str_replace( '###SITENAME###', $sitename, $content ); $content = str_replace( '###SITEURL###', home_url(), $content ); /* translators: New email address notification email subject. %s: Site title. */ wp_mail( $_POST['email'], sprintf( __( '[%s] Email Change Request' ), $sitename ), $content ); $_POST['email'] = $current_user->user_email; } } /** * Adds an admin notice alerting the user to check for confirmation request email * after email address change. * * @since 3.0.0 * @since 4.9.0 This function was moved from wp-admin/includes/ms.php so it's no longer Multisite specific. * * @global string $pagenow The filename of the current screen. */ function new_user_email_admin_notice() { global $pagenow; if ( 'profile.php' === $pagenow && isset( $_GET['updated'] ) ) { $email = get_user_meta( get_current_user_id(), '_new_email', true ); if ( $email ) { $message = sprintf( /* translators: %s: New email address. */ __( 'Your email address has not been updated yet. Please check your inbox at %s for a confirmation email.' ), '' . esc_html( $email['newemail'] ) . '' ); wp_admin_notice( $message, array( 'type' => 'info' ) ); } } } /** * Gets all personal data request types. * * @since 4.9.6 * @access private * * @return string[] List of core privacy action types. */ function _wp_privacy_action_request_types() { return array( 'export_personal_data', 'remove_personal_data', ); } /** * Registers the personal data exporter for users. * * @since 4.9.6 * * @param array[] $exporters An array of personal data exporters. * @return array[] An array of personal data exporters. */ function wp_register_user_personal_data_exporter( $exporters ) { $exporters['wordpress-user'] = array( 'exporter_friendly_name' => __( 'WordPress User' ), 'callback' => 'wp_user_personal_data_exporter', ); return $exporters; } /** * Finds and exports personal data associated with an email address from the user and user_meta table. * * @since 4.9.6 * @since 5.4.0 Added 'Community Events Location' group to the export data. * @since 5.4.0 Added 'Session Tokens' group to the export data. * * @param string $email_address The user's email address. * @return array { * An array of personal data. * * @type array[] $data An array of personal data arrays. * @type bool $done Whether the exporter is finished. * } */ function wp_user_personal_data_exporter( $email_address ) { $email_address = trim( $email_address ); $data_to_export = array(); $user = get_user_by( 'email', $email_address ); if ( ! $user ) { return array( 'data' => array(), 'done' => true, ); } $user_meta = get_user_meta( $user->ID ); $user_props_to_export = array( 'ID' => __( 'User ID' ), 'user_login' => __( 'User Login Name' ), 'user_nicename' => __( 'User Nice Name' ), 'user_email' => __( 'User Email' ), 'user_url' => __( 'User URL' ), 'user_registered' => __( 'User Registration Date' ), 'display_name' => __( 'User Display Name' ), 'nickname' => __( 'User Nickname' ), 'first_name' => __( 'User First Name' ), 'last_name' => __( 'User Last Name' ), 'description' => __( 'User Description' ), ); $user_data_to_export = array(); foreach ( $user_props_to_export as $key => $name ) { $value = ''; switch ( $key ) { case 'ID': case 'user_login': case 'user_nicename': case 'user_email': case 'user_url': case 'user_registered': case 'display_name': $value = $user->data->$key; break; case 'nickname': case 'first_name': case 'last_name': case 'description': $value = $user_meta[ $key ][0]; break; } if ( ! empty( $value ) ) { $user_data_to_export[] = array( 'name' => $name, 'value' => $value, ); } } // Get the list of reserved names. $reserved_names = array_values( $user_props_to_export ); /** * Filters the user's profile data for the privacy exporter. * * @since 5.4.0 * * @param array $additional_user_profile_data { * An array of name-value pairs of additional user data items. Default empty array. * * @type string $name The user-facing name of an item name-value pair,e.g. 'IP Address'. * @type string $value The user-facing value of an item data pair, e.g. '50.60.70.0'. * } * @param WP_User $user The user whose data is being exported. * @param string[] $reserved_names An array of reserved names. Any item in `$additional_user_data` * that uses one of these for its `name` will not be included in the export. */ $_extra_data = apply_filters( 'wp_privacy_additional_user_profile_data', array(), $user, $reserved_names ); if ( is_array( $_extra_data ) && ! empty( $_extra_data ) ) { // Remove items that use reserved names. $extra_data = array_filter( $_extra_data, static function ( $item ) use ( $reserved_names ) { return ! in_array( $item['name'], $reserved_names, true ); } ); if ( count( $extra_data ) !== count( $_extra_data ) ) { _doing_it_wrong( __FUNCTION__, sprintf( /* translators: %s: wp_privacy_additional_user_profile_data */ __( 'Filter %s returned items with reserved names.' ), 'wp_privacy_additional_user_profile_data' ), '5.4.0' ); } if ( ! empty( $extra_data ) ) { $user_data_to_export = array_merge( $user_data_to_export, $extra_data ); } } $data_to_export[] = array( 'group_id' => 'user', 'group_label' => __( 'User' ), 'group_description' => __( 'User’s profile data.' ), 'item_id' => "user-{$user->ID}", 'data' => $user_data_to_export, ); if ( isset( $user_meta['community-events-location'] ) ) { $location = maybe_unserialize( $user_meta['community-events-location'][0] ); $location_props_to_export = array( 'description' => __( 'City' ), 'country' => __( 'Country' ), 'latitude' => __( 'Latitude' ), 'longitude' => __( 'Longitude' ), 'ip' => __( 'IP' ), ); $location_data_to_export = array(); foreach ( $location_props_to_export as $key => $name ) { if ( ! empty( $location[ $key ] ) ) { $location_data_to_export[] = array( 'name' => $name, 'value' => $location[ $key ], ); } } $data_to_export[] = array( 'group_id' => 'community-events-location', 'group_label' => __( 'Community Events Location' ), 'group_description' => __( 'User’s location data used for the Community Events in the WordPress Events and News dashboard widget.' ), 'item_id' => "community-events-location-{$user->ID}", 'data' => $location_data_to_export, ); } if ( isset( $user_meta['session_tokens'] ) ) { $session_tokens = maybe_unserialize( $user_meta['session_tokens'][0] ); $session_tokens_props_to_export = array( 'expiration' => __( 'Expiration' ), 'ip' => __( 'IP' ), 'ua' => __( 'User Agent' ), 'login' => __( 'Last Login' ), ); foreach ( $session_tokens as $token_key => $session_token ) { $session_tokens_data_to_export = array(); foreach ( $session_tokens_props_to_export as $key => $name ) { if ( ! empty( $session_token[ $key ] ) ) { $value = $session_token[ $key ]; if ( in_array( $key, array( 'expiration', 'login' ), true ) ) { $value = date_i18n( 'F d, Y H:i A', $value ); } $session_tokens_data_to_export[] = array( 'name' => $name, 'value' => $value, ); } } $data_to_export[] = array( 'group_id' => 'session-tokens', 'group_label' => __( 'Session Tokens' ), 'group_description' => __( 'User’s Session Tokens data.' ), 'item_id' => "session-tokens-{$user->ID}-{$token_key}", 'data' => $session_tokens_data_to_export, ); } } return array( 'data' => $data_to_export, 'done' => true, ); } /** * Updates log when privacy request is confirmed. * * @since 4.9.6 * @access private * * @param int $request_id ID of the request. */ function _wp_privacy_account_request_confirmed( $request_id ) { $request = wp_get_user_request( $request_id ); if ( ! $request ) { return; } if ( ! in_array( $request->status, array( 'request-pending', 'request-failed' ), true ) ) { return; } update_post_meta( $request_id, '_wp_user_request_confirmed_timestamp', time() ); wp_update_post( array( 'ID' => $request_id, 'post_status' => 'request-confirmed', ) ); } /** * Notifies the site administrator via email when a request is confirmed. * * Without this, the admin would have to manually check the site to see if any * action was needed on their part yet. * * @since 4.9.6 * * @param int $request_id The ID of the request. */ function _wp_privacy_send_request_confirmation_notification( $request_id ) { $request = wp_get_user_request( $request_id ); if ( ! ( $request instanceof WP_User_Request ) || 'request-confirmed' !== $request->status ) { return; } $already_notified = (bool) get_post_meta( $request_id, '_wp_admin_notified', true ); if ( $already_notified ) { return; } if ( 'export_personal_data' === $request->action_name ) { $manage_url = admin_url( 'export-personal-data.php' ); } elseif ( 'remove_personal_data' === $request->action_name ) { $manage_url = admin_url( 'erase-personal-data.php' ); } $action_description = wp_user_request_action_description( $request->action_name ); /** * Filters the recipient of the data request confirmation notification. * * In a Multisite environment, this will default to the email address of the * network admin because, by default, single site admins do not have the * capabilities required to process requests. Some networks may wish to * delegate those capabilities to a single-site admin, or a dedicated person * responsible for managing privacy requests. * * @since 4.9.6 * * @param string $admin_email The email address of the notification recipient. * @param WP_User_Request $request The request that is initiating the notification. */ $admin_email = apply_filters( 'user_request_confirmed_email_to', get_site_option( 'admin_email' ), $request ); $email_data = array( 'request' => $request, 'user_email' => $request->email, 'description' => $action_description, 'manage_url' => $manage_url, 'sitename' => wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ), 'siteurl' => home_url(), 'admin_email' => $admin_email, ); $subject = sprintf( /* translators: Privacy data request confirmed notification email subject. 1: Site title, 2: Name of the confirmed action. */ __( '[%1$s] Action Confirmed: %2$s' ), $email_data['sitename'], $action_description ); /** * Filters the subject of the user request confirmation email. * * @since 4.9.8 * * @param string $subject The email subject. * @param string $sitename The name of the site. * @param array $email_data { * Data relating to the account action email. * * @type WP_User_Request $request User request object. * @type string $user_email The email address confirming a request. * @type string $description Description of the action being performed so the user knows what the email is for. * @type string $manage_url The link to click manage privacy requests of this type. * @type string $sitename The site name sending the mail. * @type string $siteurl The site URL sending the mail. * @type string $admin_email The administrator email receiving the mail. * } */ $subject = apply_filters( 'user_request_confirmed_email_subject', $subject, $email_data['sitename'], $email_data ); /* translators: Do not translate SITENAME, USER_EMAIL, DESCRIPTION, MANAGE_URL, SITEURL; those are placeholders. */ $content = __( 'Howdy, A user data privacy request has been confirmed on ###SITENAME###: User: ###USER_EMAIL### Request: ###DESCRIPTION### You can view and manage these data privacy requests here: ###MANAGE_URL### Regards, All at ###SITENAME### ###SITEURL###' ); /** * Filters the body of the user request confirmation email. * * The email is sent to an administrator when a user request is confirmed. * * The following strings have a special meaning and will get replaced dynamically: * * - `###SITENAME###` The name of the site. * - `###USER_EMAIL###` The user email for the request. * - `###DESCRIPTION###` Description of the action being performed so the user knows what the email is for. * - `###MANAGE_URL###` The URL to manage requests. * - `###SITEURL###` The URL to the site. * * @since 4.9.6 * @deprecated 5.8.0 Use {@see 'user_request_confirmed_email_content'} instead. * For user erasure fulfillment email content * use {@see 'user_erasure_fulfillment_email_content'} instead. * * @param string $content The email content. * @param array $email_data { * Data relating to the account action email. * * @type WP_User_Request $request User request object. * @type string $user_email The email address confirming a request. * @type string $description Description of the action being performed * so the user knows what the email is for. * @type string $manage_url The link to click manage privacy requests of this type. * @type string $sitename The site name sending the mail. * @type string $siteurl The site URL sending the mail. * @type string $admin_email The administrator email receiving the mail. * } */ $content = apply_filters_deprecated( 'user_confirmed_action_email_content', array( $content, $email_data ), '5.8.0', sprintf( /* translators: 1 & 2: Deprecation replacement options. */ __( '%1$s or %2$s' ), 'user_request_confirmed_email_content', 'user_erasure_fulfillment_email_content' ) ); /** * Filters the body of the user request confirmation email. * * The email is sent to an administrator when a user request is confirmed. * The following strings have a special meaning and will get replaced dynamically: * * - `###SITENAME###` The name of the site. * - `###USER_EMAIL###` The user email for the request. * - `###DESCRIPTION###` Description of the action being performed so the user knows what the email is for. * - `###MANAGE_URL###` The URL to manage requests. * - `###SITEURL###` The URL to the site. * * @since 5.8.0 * * @param string $content The email content. * @param array $email_data { * Data relating to the account action email. * * @type WP_User_Request $request User request object. * @type string $user_email The email address confirming a request. * @type string $description Description of the action being performed so the user knows what the email is for. * @type string $manage_url The link to click manage privacy requests of this type. * @type string $sitename The site name sending the mail. * @type string $siteurl The site URL sending the mail. * @type string $admin_email The administrator email receiving the mail. * } */ $content = apply_filters( 'user_request_confirmed_email_content', $content, $email_data ); $content = str_replace( '###SITENAME###', $email_data['sitename'], $content ); $content = str_replace( '###USER_EMAIL###', $email_data['user_email'], $content ); $content = str_replace( '###DESCRIPTION###', $email_data['description'], $content ); $content = str_replace( '###MANAGE_URL###', sanitize_url( $email_data['manage_url'] ), $content ); $content = str_replace( '###SITEURL###', sanitize_url( $email_data['siteurl'] ), $content ); $headers = ''; /** * Filters the headers of the user request confirmation email. * * @since 5.4.0 * * @param string|array $headers The email headers. * @param string $subject The email subject. * @param string $content The email content. * @param int $request_id The request ID. * @param array $email_data { * Data relating to the account action email. * * @type WP_User_Request $request User request object. * @type string $user_email The email address confirming a request. * @type string $description Description of the action being performed so the user knows what the email is for. * @type string $manage_url The link to click manage privacy requests of this type. * @type string $sitename The site name sending the mail. * @type string $siteurl The site URL sending the mail. * @type string $admin_email The administrator email receiving the mail. * } */ $headers = apply_filters( 'user_request_confirmed_email_headers', $headers, $subject, $content, $request_id, $email_data ); $email_sent = wp_mail( $email_data['admin_email'], $subject, $content, $headers ); if ( $email_sent ) { update_post_meta( $request_id, '_wp_admin_notified', true ); } } /** * Notifies the user when their erasure request is fulfilled. * * Without this, the user would never know if their data was actually erased. * * @since 4.9.6 * * @param int $request_id The privacy request post ID associated with this request. */ function _wp_privacy_send_erasure_fulfillment_notification( $request_id ) { $request = wp_get_user_request( $request_id ); if ( ! ( $request instanceof WP_User_Request ) || 'request-completed' !== $request->status ) { return; } $already_notified = (bool) get_post_meta( $request_id, '_wp_user_notified', true ); if ( $already_notified ) { return; } // Localize message content for user; fallback to site default for visitors. if ( ! empty( $request->user_id ) ) { $switched_locale = switch_to_user_locale( $request->user_id ); } else { $switched_locale = switch_to_locale( get_locale() ); } /** * Filters the recipient of the data erasure fulfillment notification. * * @since 4.9.6 * * @param string $user_email The email address of the notification recipient. * @param WP_User_Request $request The request that is initiating the notification. */ $user_email = apply_filters( 'user_erasure_fulfillment_email_to', $request->email, $request ); $email_data = array( 'request' => $request, 'message_recipient' => $user_email, 'privacy_policy_url' => get_privacy_policy_url(), 'sitename' => wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ), 'siteurl' => home_url(), ); $subject = sprintf( /* translators: Erasure request fulfilled notification email subject. %s: Site title. */ __( '[%s] Erasure Request Fulfilled' ), $email_data['sitename'] ); /** * Filters the subject of the email sent when an erasure request is completed. * * @since 4.9.8 * @deprecated 5.8.0 Use {@see 'user_erasure_fulfillment_email_subject'} instead. * * @param string $subject The email subject. * @param string $sitename The name of the site. * @param array $email_data { * Data relating to the account action email. * * @type WP_User_Request $request User request object. * @type string $message_recipient The address that the email will be sent to. Defaults * to the value of `$request->email`, but can be changed * by the `user_erasure_fulfillment_email_to` filter. * @type string $privacy_policy_url Privacy policy URL. * @type string $sitename The site name sending the mail. * @type string $siteurl The site URL sending the mail. * } */ $subject = apply_filters_deprecated( 'user_erasure_complete_email_subject', array( $subject, $email_data['sitename'], $email_data ), '5.8.0', 'user_erasure_fulfillment_email_subject' ); /** * Filters the subject of the email sent when an erasure request is completed. * * @since 5.8.0 * * @param string $subject The email subject. * @param string $sitename The name of the site. * @param array $email_data { * Data relating to the account action email. * * @type WP_User_Request $request User request object. * @type string $message_recipient The address that the email will be sent to. Defaults * to the value of `$request->email`, but can be changed * by the `user_erasure_fulfillment_email_to` filter. * @type string $privacy_policy_url Privacy policy URL. * @type string $sitename The site name sending the mail. * @type string $siteurl The site URL sending the mail. * } */ $subject = apply_filters( 'user_erasure_fulfillment_email_subject', $subject, $email_data['sitename'], $email_data ); /* translators: Do not translate SITENAME, SITEURL; those are placeholders. */ $content = __( 'Howdy, Your request to erase your personal data on ###SITENAME### has been completed. If you have any follow-up questions or concerns, please contact the site administrator. Regards, All at ###SITENAME### ###SITEURL###' ); if ( ! empty( $email_data['privacy_policy_url'] ) ) { /* translators: Do not translate SITENAME, SITEURL, PRIVACY_POLICY_URL; those are placeholders. */ $content = __( 'Howdy, Your request to erase your personal data on ###SITENAME### has been completed. If you have any follow-up questions or concerns, please contact the site administrator. For more information, you can also read our privacy policy: ###PRIVACY_POLICY_URL### Regards, All at ###SITENAME### ###SITEURL###' ); } /** * Filters the body of the data erasure fulfillment notification. * * The email is sent to a user when their data erasure request is fulfilled * by an administrator. * * The following strings have a special meaning and will get replaced dynamically: * * - `###SITENAME###` The name of the site. * - `###PRIVACY_POLICY_URL###` Privacy policy page URL. * - `###SITEURL###` The URL to the site. * * @since 4.9.6 * @deprecated 5.8.0 Use {@see 'user_erasure_fulfillment_email_content'} instead. * For user request confirmation email content * use {@see 'user_request_confirmed_email_content'} instead. * * @param string $content The email content. * @param array $email_data { * Data relating to the account action email. * * @type WP_User_Request $request User request object. * @type string $message_recipient The address that the email will be sent to. Defaults * to the value of `$request->email`, but can be changed * by the `user_erasure_fulfillment_email_to` filter. * @type string $privacy_policy_url Privacy policy URL. * @type string $sitename The site name sending the mail. * @type string $siteurl The site URL sending the mail. * } */ $content = apply_filters_deprecated( 'user_confirmed_action_email_content', array( $content, $email_data ), '5.8.0', sprintf( /* translators: 1 & 2: Deprecation replacement options. */ __( '%1$s or %2$s' ), 'user_erasure_fulfillment_email_content', 'user_request_confirmed_email_content' ) ); /** * Filters the body of the data erasure fulfillment notification. * * The email is sent to a user when their data erasure request is fulfilled * by an administrator. * * The following strings have a special meaning and will get replaced dynamically: * * - `###SITENAME###` The name of the site. * - `###PRIVACY_POLICY_URL###` Privacy policy page URL. * - `###SITEURL###` The URL to the site. * * @since 5.8.0 * * @param string $content The email content. * @param array $email_data { * Data relating to the account action email. * * @type WP_User_Request $request User request object. * @type string $message_recipient The address that the email will be sent to. Defaults * to the value of `$request->email`, but can be changed * by the `user_erasure_fulfillment_email_to` filter. * @type string $privacy_policy_url Privacy policy URL. * @type string $sitename The site name sending the mail. * @type string $siteurl The site URL sending the mail. * } */ $content = apply_filters( 'user_erasure_fulfillment_email_content', $content, $email_data ); $content = str_replace( '###SITENAME###', $email_data['sitename'], $content ); $content = str_replace( '###PRIVACY_POLICY_URL###', $email_data['privacy_policy_url'], $content ); $content = str_replace( '###SITEURL###', sanitize_url( $email_data['siteurl'] ), $content ); $headers = ''; /** * Filters the headers of the data erasure fulfillment notification. * * @since 5.4.0 * @deprecated 5.8.0 Use {@see 'user_erasure_fulfillment_email_headers'} instead. * * @param string|array $headers The email headers. * @param string $subject The email subject. * @param string $content The email content. * @param int $request_id The request ID. * @param array $email_data { * Data relating to the account action email. * * @type WP_User_Request $request User request object. * @type string $message_recipient The address that the email will be sent to. Defaults * to the value of `$request->email`, but can be changed * by the `user_erasure_fulfillment_email_to` filter. * @type string $privacy_policy_url Privacy policy URL. * @type string $sitename The site name sending the mail. * @type string $siteurl The site URL sending the mail. * } */ $headers = apply_filters_deprecated( 'user_erasure_complete_email_headers', array( $headers, $subject, $content, $request_id, $email_data ), '5.8.0', 'user_erasure_fulfillment_email_headers' ); /** * Filters the headers of the data erasure fulfillment notification. * * @since 5.8.0 * * @param string|array $headers The email headers. * @param string $subject The email subject. * @param string $content The email content. * @param int $request_id The request ID. * @param array $email_data { * Data relating to the account action email. * * @type WP_User_Request $request User request object. * @type string $message_recipient The address that the email will be sent to. Defaults * to the value of `$request->email`, but can be changed * by the `user_erasure_fulfillment_email_to` filter. * @type string $privacy_policy_url Privacy policy URL. * @type string $sitename The site name sending the mail. * @type string $siteurl The site URL sending the mail. * } */ $headers = apply_filters( 'user_erasure_fulfillment_email_headers', $headers, $subject, $content, $request_id, $email_data ); $email_sent = wp_mail( $user_email, $subject, $content, $headers ); if ( $switched_locale ) { restore_previous_locale(); } if ( $email_sent ) { update_post_meta( $request_id, '_wp_user_notified', true ); } } /** * Returns request confirmation message HTML. * * @since 4.9.6 * @access private * * @param int $request_id The request ID being confirmed. * @return string The confirmation message. */ function _wp_privacy_account_request_confirmed_message( $request_id ) { $request = wp_get_user_request( $request_id ); $message = '

    ' . __( 'Action has been confirmed.' ) . '

    '; $message .= '

    ' . __( 'The site administrator has been notified and will fulfill your request as soon as possible.' ) . '

    '; if ( $request && in_array( $request->action_name, _wp_privacy_action_request_types(), true ) ) { if ( 'export_personal_data' === $request->action_name ) { $message = '

    ' . __( 'Thanks for confirming your export request.' ) . '

    '; $message .= '

    ' . __( 'The site administrator has been notified. You will receive a link to download your export via email when they fulfill your request.' ) . '

    '; } elseif ( 'remove_personal_data' === $request->action_name ) { $message = '

    ' . __( 'Thanks for confirming your erasure request.' ) . '

    '; $message .= '

    ' . __( 'The site administrator has been notified. You will receive an email confirmation when they erase your data.' ) . '

    '; } } /** * Filters the message displayed to a user when they confirm a data request. * * @since 4.9.6 * * @param string $message The message to the user. * @param int $request_id The ID of the request being confirmed. */ $message = apply_filters( 'user_request_action_confirmed_message', $message, $request_id ); return $message; } /** * Creates and logs a user request to perform a specific action. * * Requests are stored inside a post type named `user_request` since they can apply to both * users on the site, or guests without a user account. * * @since 4.9.6 * @since 5.7.0 Added the `$status` parameter. * * @param string $email_address User email address. This can be the address of a registered * or non-registered user. * @param string $action_name Name of the action that is being confirmed. Required. * @param array $request_data Misc data you want to send with the verification request and pass * to the actions once the request is confirmed. * @param string $status Optional request status (pending or confirmed). Default 'pending'. * @return int|WP_Error Returns the request ID if successful, or a WP_Error object on failure. */ function wp_create_user_request( $email_address = '', $action_name = '', $request_data = array(), $status = 'pending' ) { $email_address = sanitize_email( $email_address ); $action_name = sanitize_key( $action_name ); if ( ! is_email( $email_address ) ) { return new WP_Error( 'invalid_email', __( 'Invalid email address.' ) ); } if ( ! in_array( $action_name, _wp_privacy_action_request_types(), true ) ) { return new WP_Error( 'invalid_action', __( 'Invalid action name.' ) ); } if ( ! in_array( $status, array( 'pending', 'confirmed' ), true ) ) { return new WP_Error( 'invalid_status', __( 'Invalid request status.' ) ); } $user = get_user_by( 'email', $email_address ); $user_id = $user && ! is_wp_error( $user ) ? $user->ID : 0; // Check for duplicates. $requests_query = new WP_Query( array( 'post_type' => 'user_request', 'post_name__in' => array( $action_name ), // Action name stored in post_name column. 'title' => $email_address, // Email address stored in post_title column. 'post_status' => array( 'request-pending', 'request-confirmed', ), 'fields' => 'ids', ) ); if ( $requests_query->found_posts ) { return new WP_Error( 'duplicate_request', __( 'An incomplete personal data request for this email address already exists.' ) ); } $request_id = wp_insert_post( array( 'post_author' => $user_id, 'post_name' => $action_name, 'post_title' => $email_address, 'post_content' => wp_json_encode( $request_data ), 'post_status' => 'request-' . $status, 'post_type' => 'user_request', 'post_date' => current_time( 'mysql', false ), 'post_date_gmt' => current_time( 'mysql', true ), ), true ); return $request_id; } /** * Gets action description from the name and return a string. * * @since 4.9.6 * * @param string $action_name Action name of the request. * @return string Human readable action name. */ function wp_user_request_action_description( $action_name ) { switch ( $action_name ) { case 'export_personal_data': $description = __( 'Export Personal Data' ); break; case 'remove_personal_data': $description = __( 'Erase Personal Data' ); break; default: /* translators: %s: Action name. */ $description = sprintf( __( 'Confirm the "%s" action' ), $action_name ); break; } /** * Filters the user action description. * * @since 4.9.6 * * @param string $description The default description. * @param string $action_name The name of the request. */ return apply_filters( 'user_request_action_description', $description, $action_name ); } /** * Send a confirmation request email to confirm an action. * * If the request is not already pending, it will be updated. * * @since 4.9.6 * * @param int $request_id ID of the request created via wp_create_user_request(). * @return true|WP_Error True on success, `WP_Error` on failure. */ function wp_send_user_request( $request_id ) { $request_id = absint( $request_id ); $request = wp_get_user_request( $request_id ); if ( ! $request ) { return new WP_Error( 'invalid_request', __( 'Invalid personal data request.' ) ); } // Localize message content for user; fallback to site default for visitors. if ( ! empty( $request->user_id ) ) { $switched_locale = switch_to_user_locale( $request->user_id ); } else { $switched_locale = switch_to_locale( get_locale() ); } /* * Generate the new user request key first, as it is used by both the $request * object and the confirm_url array. * See https://core.trac.wordpress.org/ticket/44940 */ $request->confirm_key = wp_generate_user_request_key( $request_id ); $email_data = array( 'request' => $request, 'email' => $request->email, 'description' => wp_user_request_action_description( $request->action_name ), 'confirm_url' => add_query_arg( array( 'action' => 'confirmaction', 'request_id' => $request_id, 'confirm_key' => $request->confirm_key, ), wp_login_url() ), 'sitename' => wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ), 'siteurl' => home_url(), ); /* translators: Confirm privacy data request notification email subject. 1: Site title, 2: Name of the action. */ $subject = sprintf( __( '[%1$s] Confirm Action: %2$s' ), $email_data['sitename'], $email_data['description'] ); /** * Filters the subject of the email sent when an account action is attempted. * * @since 4.9.6 * * @param string $subject The email subject. * @param string $sitename The name of the site. * @param array $email_data { * Data relating to the account action email. * * @type WP_User_Request $request User request object. * @type string $email The email address this is being sent to. * @type string $description Description of the action being performed so the user knows what the email is for. * @type string $confirm_url The link to click on to confirm the account action. * @type string $sitename The site name sending the mail. * @type string $siteurl The site URL sending the mail. * } */ $subject = apply_filters( 'user_request_action_email_subject', $subject, $email_data['sitename'], $email_data ); /* translators: Do not translate DESCRIPTION, CONFIRM_URL, SITENAME, SITEURL: those are placeholders. */ $content = __( 'Howdy, A request has been made to perform the following action on your account: ###DESCRIPTION### To confirm this, please click on the following link: ###CONFIRM_URL### You can safely ignore and delete this email if you do not want to take this action. Regards, All at ###SITENAME### ###SITEURL###' ); /** * Filters the text of the email sent when an account action is attempted. * * The following strings have a special meaning and will get replaced dynamically: * * - `###DESCRIPTION###` Description of the action being performed so the user knows what the email is for. * - `###CONFIRM_URL###` The link to click on to confirm the account action. * - `###SITENAME###` The name of the site. * - `###SITEURL###` The URL to the site. * * @since 4.9.6 * * @param string $content Text in the email. * @param array $email_data { * Data relating to the account action email. * * @type WP_User_Request $request User request object. * @type string $email The email address this is being sent to. * @type string $description Description of the action being performed so the user knows what the email is for. * @type string $confirm_url The link to click on to confirm the account action. * @type string $sitename The site name sending the mail. * @type string $siteurl The site URL sending the mail. * } */ $content = apply_filters( 'user_request_action_email_content', $content, $email_data ); $content = str_replace( '###DESCRIPTION###', $email_data['description'], $content ); $content = str_replace( '###CONFIRM_URL###', sanitize_url( $email_data['confirm_url'] ), $content ); $content = str_replace( '###EMAIL###', $email_data['email'], $content ); $content = str_replace( '###SITENAME###', $email_data['sitename'], $content ); $content = str_replace( '###SITEURL###', sanitize_url( $email_data['siteurl'] ), $content ); $headers = ''; /** * Filters the headers of the email sent when an account action is attempted. * * @since 5.4.0 * * @param string|array $headers The email headers. * @param string $subject The email subject. * @param string $content The email content. * @param int $request_id The request ID. * @param array $email_data { * Data relating to the account action email. * * @type WP_User_Request $request User request object. * @type string $email The email address this is being sent to. * @type string $description Description of the action being performed so the user knows what the email is for. * @type string $confirm_url The link to click on to confirm the account action. * @type string $sitename The site name sending the mail. * @type string $siteurl The site URL sending the mail. * } */ $headers = apply_filters( 'user_request_action_email_headers', $headers, $subject, $content, $request_id, $email_data ); $email_sent = wp_mail( $email_data['email'], $subject, $content, $headers ); if ( $switched_locale ) { restore_previous_locale(); } if ( ! $email_sent ) { return new WP_Error( 'privacy_email_error', __( 'Unable to send personal data export confirmation email.' ) ); } return true; } /** * Returns a confirmation key for a user action and stores the hashed version for future comparison. * * @since 4.9.6 * * @param int $request_id Request ID. * @return string Confirmation key. */ function wp_generate_user_request_key( $request_id ) { // Generate something random for a confirmation key. $key = wp_generate_password( 20, false ); // Save the key, hashed. wp_update_post( array( 'ID' => $request_id, 'post_status' => 'request-pending', 'post_password' => wp_fast_hash( $key ), ) ); return $key; } /** * Validates a user request by comparing the key with the request's key. * * @since 4.9.6 * * @param int $request_id ID of the request being confirmed. * @param string $key Provided key to validate. * @return true|WP_Error True on success, WP_Error on failure. */ function wp_validate_user_request_key( $request_id, #[\SensitiveParameter] $key ) { $request_id = absint( $request_id ); $request = wp_get_user_request( $request_id ); $saved_key = $request->confirm_key; $key_request_time = $request->modified_timestamp; if ( ! $request || ! $saved_key || ! $key_request_time ) { return new WP_Error( 'invalid_request', __( 'Invalid personal data request.' ) ); } if ( ! in_array( $request->status, array( 'request-pending', 'request-failed' ), true ) ) { return new WP_Error( 'expired_request', __( 'This personal data request has expired.' ) ); } if ( empty( $key ) ) { return new WP_Error( 'missing_key', __( 'The confirmation key is missing from this personal data request.' ) ); } /** * Filters the expiration time of confirm keys. * * @since 4.9.6 * * @param int $expiration The expiration time in seconds. */ $expiration_duration = (int) apply_filters( 'user_request_key_expiration', DAY_IN_SECONDS ); $expiration_time = $key_request_time + $expiration_duration; if ( ! wp_verify_fast_hash( $key, $saved_key ) ) { return new WP_Error( 'invalid_key', __( 'The confirmation key is invalid for this personal data request.' ) ); } if ( ! $expiration_time || time() > $expiration_time ) { return new WP_Error( 'expired_key', __( 'The confirmation key has expired for this personal data request.' ) ); } return true; } /** * Returns the user request object for the specified request ID. * * @since 4.9.6 * * @param int $request_id The ID of the user request. * @return WP_User_Request|false */ function wp_get_user_request( $request_id ) { $request_id = absint( $request_id ); $post = get_post( $request_id ); if ( ! $post || 'user_request' !== $post->post_type ) { return false; } return new WP_User_Request( $post ); } /** * Checks if Application Passwords is supported. * * Application Passwords is supported only by sites using SSL or local environments * but may be made available using the {@see 'wp_is_application_passwords_available'} filter. * * @since 5.9.0 * * @return bool */ function wp_is_application_passwords_supported() { return is_ssl() || 'local' === wp_get_environment_type(); } /** * Checks if Application Passwords is globally available. * * By default, Application Passwords is available to all sites using SSL or to local environments. * Use the {@see 'wp_is_application_passwords_available'} filter to adjust its availability. * * @since 5.6.0 * * @return bool */ function wp_is_application_passwords_available() { /** * Filters whether Application Passwords is available. * * @since 5.6.0 * * @param bool $available True if available, false otherwise. */ return apply_filters( 'wp_is_application_passwords_available', wp_is_application_passwords_supported() ); } /** * Checks if Application Passwords is available for a specific user. * * By default all users can use Application Passwords. Use {@see 'wp_is_application_passwords_available_for_user'} * to restrict availability to certain users. * * @since 5.6.0 * * @param int|WP_User $user The user to check. * @return bool */ function wp_is_application_passwords_available_for_user( $user ) { if ( ! wp_is_application_passwords_available() ) { return false; } if ( ! is_object( $user ) ) { $user = get_userdata( $user ); } if ( ! $user || ! $user->exists() ) { return false; } /** * Filters whether Application Passwords is available for a specific user. * * @since 5.6.0 * * @param bool $available True if available, false otherwise. * @param WP_User $user The user to check. */ return apply_filters( 'wp_is_application_passwords_available_for_user', true, $user ); } /** * Registers the user meta property for persisted preferences. * * This property is used to store user preferences across page reloads and is * currently used by the block editor for preferences like 'fullscreenMode' and * 'fixedToolbar'. * * @since 6.1.0 * @access private * * @global wpdb $wpdb WordPress database abstraction object. */ function wp_register_persisted_preferences_meta() { /* * Create a meta key that incorporates the blog prefix so that each site * on a multisite can have distinct user preferences. */ global $wpdb; $meta_key = $wpdb->get_blog_prefix() . 'persisted_preferences'; register_meta( 'user', $meta_key, array( 'type' => 'object', 'single' => true, 'show_in_rest' => array( 'name' => 'persisted_preferences', 'type' => 'object', 'schema' => array( 'type' => 'object', 'context' => array( 'edit' ), 'properties' => array( '_modified' => array( 'description' => __( 'The date and time the preferences were updated.' ), 'type' => 'string', 'format' => 'date-time', 'readonly' => false, ), ), 'additionalProperties' => true, ), ), ) ); } /** * Sets the last changed time for the 'users' cache group. * * @since 6.3.0 */ function wp_cache_set_users_last_changed() { wp_cache_set_last_changed( 'users' ); } /** * Checks if password reset is allowed for a specific user. * * @since 6.3.0 * * @param int|WP_User $user The user to check. * @return bool|WP_Error True if allowed, false or WP_Error otherwise. */ function wp_is_password_reset_allowed_for_user( $user ) { if ( ! is_object( $user ) ) { $user = get_userdata( $user ); } if ( ! $user || ! $user->exists() ) { return false; } $allow = true; if ( is_multisite() && is_user_spammy( $user ) ) { $allow = false; } /** * Filters whether to allow a password to be reset. * * @since 2.7.0 * * @param bool $allow Whether to allow the password to be reset. Default true. * @param int $user_id The ID of the user attempting to reset a password. */ return apply_filters( 'allow_password_reset', $allow, $user->ID ); } in the database.' ); } return new WP_Error( 'db_update_error', $message, $wpdb->last_error ); } else { return 0; } } } else { // If there is a suggested ID, use it if not already present. if ( ! empty( $import_id ) ) { $import_id = (int) $import_id; if ( ! $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE ID = %d", $import_id ) ) ) { $data['ID'] = $import_id; } } /** * Fires immediately before a new post is inserted in the database. * * @since 6.9.0 * * @param array $data Array of unslashed post data. */ do_action( 'pre_post_insert', $data ); if ( false === $wpdb->insert( $wpdb->posts, $data ) ) { if ( $wp_error ) { if ( 'attachment' === $post_type ) { $message = __( 'Could not insert attachment into the database.' ); } else { $message = __( 'Could not insert post into the database.' ); } return new WP_Error( 'db_insert_error', $message, $wpdb->last_error ); } else { return 0; } } $post_id = (int) $wpdb->insert_id; // Use the newly generated $post_id. $where = array( 'ID' => $post_id ); } if ( empty( $data['post_name'] ) && ! in_array( $data['post_status'], array( 'draft', 'pending', 'auto-draft' ), true ) ) { $data['post_name'] = wp_unique_post_slug( sanitize_title( $data['post_title'], $post_id ), $post_id, $data['post_status'], $post_type, $post_parent ); $wpdb->update( $wpdb->posts, array( 'post_name' => $data['post_name'] ), $where ); clean_post_cache( $post_id ); } if ( is_object_in_taxonomy( $post_type, 'category' ) ) { wp_set_post_categories( $post_id, $post_category ); } if ( isset( $postarr['tags_input'] ) && is_object_in_taxonomy( $post_type, 'post_tag' ) ) { wp_set_post_tags( $post_id, $postarr['tags_input'] ); } // Add default term for all associated custom taxonomies. if ( 'auto-draft' !== $post_status ) { foreach ( get_object_taxonomies( $post_type, 'object' ) as $taxonomy => $tax_object ) { if ( ! empty( $tax_object->default_term ) ) { // Filter out empty terms. if ( isset( $postarr['tax_input'][ $taxonomy ] ) && is_array( $postarr['tax_input'][ $taxonomy ] ) ) { $postarr['tax_input'][ $taxonomy ] = array_filter( $postarr['tax_input'][ $taxonomy ] ); } // Passed custom taxonomy list overwrites the existing list if not empty. $terms = wp_get_object_terms( $post_id, $taxonomy, array( 'fields' => 'ids' ) ); if ( ! empty( $terms ) && empty( $postarr['tax_input'][ $taxonomy ] ) ) { $postarr['tax_input'][ $taxonomy ] = $terms; } if ( empty( $postarr['tax_input'][ $taxonomy ] ) ) { $default_term_id = get_option( 'default_term_' . $taxonomy ); if ( ! empty( $default_term_id ) ) { $postarr['tax_input'][ $taxonomy ] = array( (int) $default_term_id ); } } } } } // New-style support for all custom taxonomies. if ( ! empty( $postarr['tax_input'] ) ) { foreach ( $postarr['tax_input'] as $taxonomy => $tags ) { $taxonomy_obj = get_taxonomy( $taxonomy ); if ( ! $taxonomy_obj ) { /* translators: %s: Taxonomy name. */ _doing_it_wrong( __FUNCTION__, sprintf( __( 'Invalid taxonomy: %s.' ), $taxonomy ), '4.4.0' ); continue; } // array = hierarchical, string = non-hierarchical. if ( is_array( $tags ) ) { $tags = array_filter( $tags ); } if ( current_user_can( $taxonomy_obj->cap->assign_terms ) ) { wp_set_post_terms( $post_id, $tags, $taxonomy ); } } } if ( ! empty( $postarr['meta_input'] ) ) { foreach ( $postarr['meta_input'] as $field => $value ) { update_post_meta( $post_id, $field, $value ); } } $current_guid = get_post_field( 'guid', $post_id ); // Set GUID. if ( ! $update && '' === $current_guid ) { $wpdb->update( $wpdb->posts, array( 'guid' => get_permalink( $post_id ) ), $where ); } if ( 'attachment' === $postarr['post_type'] ) { if ( ! empty( $postarr['file'] ) ) { update_attached_file( $post_id, $postarr['file'] ); } if ( ! empty( $postarr['context'] ) ) { add_post_meta( $post_id, '_wp_attachment_context', $postarr['context'], true ); } } // Set or remove featured image. if ( isset( $postarr['_thumbnail_id'] ) ) { $thumbnail_support = current_theme_supports( 'post-thumbnails', $post_type ) && post_type_supports( $post_type, 'thumbnail' ) || 'revision' === $post_type; if ( ! $thumbnail_support && 'attachment' === $post_type && $post_mime_type ) { if ( wp_attachment_is( 'audio', $post_id ) ) { $thumbnail_support = post_type_supports( 'attachment:audio', 'thumbnail' ) || current_theme_supports( 'post-thumbnails', 'attachment:audio' ); } elseif ( wp_attachment_is( 'video', $post_id ) ) { $thumbnail_support = post_type_supports( 'attachment:video', 'thumbnail' ) || current_theme_supports( 'post-thumbnails', 'attachment:video' ); } } if ( $thumbnail_support ) { $thumbnail_id = (int) $postarr['_thumbnail_id']; if ( -1 === $thumbnail_id ) { delete_post_thumbnail( $post_id ); } else { set_post_thumbnail( $post_id, $thumbnail_id ); } } } clean_post_cache( $post_id ); $post = get_post( $post_id ); if ( ! empty( $postarr['page_template'] ) ) { $post->page_template = $postarr['page_template']; $page_templates = wp_get_theme()->get_page_templates( $post ); if ( 'default' !== $postarr['page_template'] && ! isset( $page_templates[ $postarr['page_template'] ] ) ) { if ( $wp_error ) { return new WP_Error( 'invalid_page_template', __( 'Invalid page template.' ) ); } update_post_meta( $post_id, '_wp_page_template', 'default' ); } else { update_post_meta( $post_id, '_wp_page_template', $postarr['page_template'] ); } } if ( 'attachment' !== $postarr['post_type'] ) { wp_transition_post_status( $data['post_status'], $previous_status, $post ); } else { if ( $update ) { /** * Fires once an existing attachment has been updated. * * @since 2.0.0 * * @param int $post_id Attachment ID. */ do_action( 'edit_attachment', $post_id ); $post_after = get_post( $post_id ); /** * Fires once an existing attachment has been updated. * * @since 4.4.0 * * @param int $post_id Post ID. * @param WP_Post $post_after Post object following the update. * @param WP_Post $post_before Post object before the update. */ do_action( 'attachment_updated', $post_id, $post_after, $post_before ); } else { /** * Fires once an attachment has been added. * * @since 2.0.0 * * @param int $post_id Attachment ID. */ do_action( 'add_attachment', $post_id ); } return $post_id; } if ( $update ) { /** * Fires once an existing post has been updated. * * The dynamic portion of the hook name, `$post->post_type`, refers to * the post type slug. * * Possible hook names include: * * - `edit_post_post` * - `edit_post_page` * * @since 5.1.0 * * @param int $post_id Post ID. * @param WP_Post $post Post object. */ do_action( "edit_post_{$post->post_type}", $post_id, $post ); /** * Fires once an existing post has been updated. * * @since 1.2.0 * * @param int $post_id Post ID. * @param WP_Post $post Post object. */ do_action( 'edit_post', $post_id, $post ); $post_after = get_post( $post_id ); /** * Fires once an existing post has been updated. * * @since 3.0.0 * * @param int $post_id Post ID. * @param WP_Post $post_after Post object following the update. * @param WP_Post $post_before Post object before the update. */ do_action( 'post_updated', $post_id, $post_after, $post_before ); } /** * Fires once a post has been saved. * * The dynamic portion of the hook name, `$post->post_type`, refers to * the post type slug. * * Possible hook names include: * * - `save_post_post` * - `save_post_page` * * @since 3.7.0 * * @param int $post_id Post ID. * @param WP_Post $post Post object. * @param bool $update Whether this is an existing post being updated. */ do_action( "save_post_{$post->post_type}", $post_id, $post, $update ); /** * Fires once a post has been saved. * * @since 1.5.0 * * @param int $post_id Post ID. * @param WP_Post $post Post object. * @param bool $update Whether this is an existing post being updated. */ do_action( 'save_post', $post_id, $post, $update ); /** * Fires once a post has been saved. * * @since 2.0.0 * * @param int $post_id Post ID. * @param WP_Post $post Post object. * @param bool $update Whether this is an existing post being updated. */ do_action( 'wp_insert_post', $post_id, $post, $update ); if ( $fire_after_hooks ) { wp_after_insert_post( $post, $update, $post_before ); } return $post_id; } /** * Updates a post with new post data. * * The date does not have to be set for drafts. You can set the date and it will * not be overridden. * * @since 1.0.0 * @since 3.5.0 Added the `$wp_error` parameter to allow a WP_Error to be returned on failure. * @since 5.6.0 Added the `$fire_after_hooks` parameter. * * @param array|object $postarr Optional. Post data. Arrays are expected to be escaped, * objects are not. See wp_insert_post() for accepted arguments. * Default array. * @param bool $wp_error Optional. Whether to return a WP_Error on failure. Default false. * @param bool $fire_after_hooks Optional. Whether to fire the after insert hooks. Default true. * @return int|WP_Error The post ID on success. The value 0 or WP_Error on failure. */ function wp_update_post( $postarr = array(), $wp_error = false, $fire_after_hooks = true ) { if ( is_object( $postarr ) ) { // Non-escaped post was passed. $postarr = get_object_vars( $postarr ); $postarr = wp_slash( $postarr ); } // First, get all of the original fields. $post = get_post( $postarr['ID'], ARRAY_A ); if ( is_null( $post ) ) { if ( $wp_error ) { return new WP_Error( 'invalid_post', __( 'Invalid post ID.' ) ); } return 0; } // Escape data pulled from DB. $post = wp_slash( $post ); // Passed post category list overwrites existing category list if not empty. if ( isset( $postarr['post_category'] ) && is_array( $postarr['post_category'] ) && count( $postarr['post_category'] ) > 0 ) { $post_cats = $postarr['post_category']; } else { $post_cats = $post['post_category']; } // Drafts shouldn't be assigned a date unless explicitly done so by the user. if ( isset( $post['post_status'] ) && in_array( $post['post_status'], array( 'draft', 'pending', 'auto-draft' ), true ) && empty( $postarr['edit_date'] ) && ( '0000-00-00 00:00:00' === $post['post_date_gmt'] ) ) { $clear_date = true; } else { $clear_date = false; } // Merge old and new fields with new fields overwriting old ones. $postarr = array_merge( $post, $postarr ); $postarr['post_category'] = $post_cats; if ( $clear_date ) { $postarr['post_date'] = current_time( 'mysql' ); $postarr['post_date_gmt'] = ''; } if ( 'attachment' === $postarr['post_type'] ) { return wp_insert_attachment( $postarr, false, 0, $wp_error ); } // Discard 'tags_input' parameter if it's the same as existing post tags. if ( isset( $postarr['tags_input'] ) && is_object_in_taxonomy( $postarr['post_type'], 'post_tag' ) ) { $tags = get_the_terms( $postarr['ID'], 'post_tag' ); $tag_names = array(); if ( $tags && ! is_wp_error( $tags ) ) { $tag_names = wp_list_pluck( $tags, 'name' ); } if ( $postarr['tags_input'] === $tag_names ) { unset( $postarr['tags_input'] ); } } return wp_insert_post( $postarr, $wp_error, $fire_after_hooks ); } /** * Publishes a post by transitioning the post status. * * @since 2.1.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int|WP_Post $post Post ID or post object. */ function wp_publish_post( $post ) { global $wpdb; $post = get_post( $post ); if ( ! $post ) { return; } if ( 'publish' === $post->post_status ) { return; } $post_before = get_post( $post->ID ); // Ensure at least one term is applied for taxonomies with a default term. foreach ( get_object_taxonomies( $post->post_type, 'object' ) as $taxonomy => $tax_object ) { // Skip taxonomy if no default term is set. if ( 'category' !== $taxonomy && empty( $tax_object->default_term ) ) { continue; } // Do not modify previously set terms. if ( ! empty( get_the_terms( $post, $taxonomy ) ) ) { continue; } if ( 'category' === $taxonomy ) { $default_term_id = (int) get_option( 'default_category', 0 ); } else { $default_term_id = (int) get_option( 'default_term_' . $taxonomy, 0 ); } if ( ! $default_term_id ) { continue; } wp_set_post_terms( $post->ID, array( $default_term_id ), $taxonomy ); } $wpdb->update( $wpdb->posts, array( 'post_status' => 'publish' ), array( 'ID' => $post->ID ) ); clean_post_cache( $post->ID ); $old_status = $post->post_status; $post->post_status = 'publish'; wp_transition_post_status( 'publish', $old_status, $post ); /** This action is documented in wp-includes/post.php */ do_action( "edit_post_{$post->post_type}", $post->ID, $post ); /** This action is documented in wp-includes/post.php */ do_action( 'edit_post', $post->ID, $post ); /** This action is documented in wp-includes/post.php */ do_action( "save_post_{$post->post_type}", $post->ID, $post, true ); /** This action is documented in wp-includes/post.php */ do_action( 'save_post', $post->ID, $post, true ); /** This action is documented in wp-includes/post.php */ do_action( 'wp_insert_post', $post->ID, $post, true ); wp_after_insert_post( $post, true, $post_before ); } /** * Publishes future post and make sure post ID has future post status. * * Invoked by cron 'publish_future_post' event. This safeguard prevents cron * from publishing drafts, etc. * * @since 2.5.0 * * @param int|WP_Post $post Post ID or post object. */ function check_and_publish_future_post( $post ) { $post = get_post( $post ); if ( ! $post ) { return; } if ( 'future' !== $post->post_status ) { return; } $time = strtotime( $post->post_date_gmt . ' GMT' ); // Uh oh, someone jumped the gun! if ( $time > time() ) { wp_clear_scheduled_hook( 'publish_future_post', array( $post->ID ) ); // Clear anything else in the system. wp_schedule_single_event( $time, 'publish_future_post', array( $post->ID ) ); return; } // wp_publish_post() returns no meaningful value. wp_publish_post( $post->ID ); } /** * Uses wp_checkdate to return a valid Gregorian-calendar value for post_date. * If post_date is not provided, this first checks post_date_gmt if provided, * then falls back to use the current time. * * For back-compat purposes in wp_insert_post, an empty post_date and an invalid * post_date_gmt will continue to return '1970-01-01 00:00:00' rather than false. * * @since 5.7.0 * * @param string $post_date The date in mysql format (`Y-m-d H:i:s`). * @param string $post_date_gmt The GMT date in mysql format (`Y-m-d H:i:s`). * @return string|false A valid Gregorian-calendar date string, or false on failure. */ function wp_resolve_post_date( $post_date = '', $post_date_gmt = '' ) { // If the date is empty, set the date to now. if ( empty( $post_date ) || '0000-00-00 00:00:00' === $post_date ) { if ( empty( $post_date_gmt ) || '0000-00-00 00:00:00' === $post_date_gmt ) { $post_date = current_time( 'mysql' ); } else { $post_date = get_date_from_gmt( $post_date_gmt ); } } // Validate the date. preg_match( '/^(\d{4})-(\d{1,2})-(\d{1,2})/', $post_date, $matches ); if ( empty( $matches ) || ! is_array( $matches ) || count( $matches ) < 4 ) { return false; } $valid_date = wp_checkdate( $matches[2], $matches[3], $matches[1], $post_date ); if ( ! $valid_date ) { return false; } return $post_date; } /** * Computes a unique slug for the post, when given the desired slug and some post details. * * @since 2.8.0 * * @global wpdb $wpdb WordPress database abstraction object. * @global WP_Rewrite $wp_rewrite WordPress rewrite component. * * @param string $slug The desired slug (post_name). * @param int $post_id Post ID. * @param string $post_status No uniqueness checks are made if the post is still draft or pending. * @param string $post_type Post type. * @param int $post_parent Post parent ID. * @return string Unique slug for the post, based on $post_name (with a -1, -2, etc. suffix) */ function wp_unique_post_slug( $slug, $post_id, $post_status, $post_type, $post_parent ) { if ( in_array( $post_status, array( 'draft', 'pending', 'auto-draft' ), true ) || ( 'inherit' === $post_status && 'revision' === $post_type ) || 'user_request' === $post_type ) { return $slug; } /** * Filters the post slug before it is generated to be unique. * * Returning a non-null value will short-circuit the * unique slug generation, returning the passed value instead. * * @since 5.1.0 * * @param string|null $override_slug Short-circuit return value. * @param string $slug The desired slug (post_name). * @param int $post_id Post ID. * @param string $post_status The post status. * @param string $post_type Post type. * @param int $post_parent Post parent ID. */ $override_slug = apply_filters( 'pre_wp_unique_post_slug', null, $slug, $post_id, $post_status, $post_type, $post_parent ); if ( null !== $override_slug ) { return $override_slug; } global $wpdb, $wp_rewrite; $original_slug = $slug; $feeds = $wp_rewrite->feeds; if ( ! is_array( $feeds ) ) { $feeds = array(); } if ( 'attachment' === $post_type ) { // Attachment slugs must be unique across all types. $check_sql = "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND ID != %d LIMIT 1"; $post_name_check = $wpdb->get_var( $wpdb->prepare( $check_sql, $slug, $post_id ) ); /** * Filters whether the post slug would make a bad attachment slug. * * @since 3.1.0 * * @param bool $bad_slug Whether the slug would be bad as an attachment slug. * @param string $slug The post slug. */ $is_bad_attachment_slug = apply_filters( 'wp_unique_post_slug_is_bad_attachment_slug', false, $slug ); if ( $post_name_check || in_array( $slug, $feeds, true ) || 'embed' === $slug || $is_bad_attachment_slug ) { $suffix = 2; do { $alt_post_name = _truncate_post_slug( $slug, 200 - ( strlen( $suffix ) + 1 ) ) . "-$suffix"; $post_name_check = $wpdb->get_var( $wpdb->prepare( $check_sql, $alt_post_name, $post_id ) ); ++$suffix; } while ( $post_name_check ); $slug = $alt_post_name; } } elseif ( is_post_type_hierarchical( $post_type ) ) { if ( 'nav_menu_item' === $post_type ) { return $slug; } /* * Page slugs must be unique within their own trees. Pages are in a separate * namespace than posts so page slugs are allowed to overlap post slugs. */ $check_sql = "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_type IN ( %s, 'attachment' ) AND ID != %d AND post_parent = %d LIMIT 1"; $post_name_check = $wpdb->get_var( $wpdb->prepare( $check_sql, $slug, $post_type, $post_id, $post_parent ) ); /** * Filters whether the post slug would make a bad hierarchical post slug. * * @since 3.1.0 * * @param bool $bad_slug Whether the post slug would be bad in a hierarchical post context. * @param string $slug The post slug. * @param string $post_type Post type. * @param int $post_parent Post parent ID. */ $is_bad_hierarchical_slug = apply_filters( 'wp_unique_post_slug_is_bad_hierarchical_slug', false, $slug, $post_type, $post_parent ); if ( $post_name_check || in_array( $slug, $feeds, true ) || 'embed' === $slug || preg_match( "@^($wp_rewrite->pagination_base)?\d+$@", $slug ) || $is_bad_hierarchical_slug ) { $suffix = 2; do { $alt_post_name = _truncate_post_slug( $slug, 200 - ( strlen( $suffix ) + 1 ) ) . "-$suffix"; $post_name_check = $wpdb->get_var( $wpdb->prepare( $check_sql, $alt_post_name, $post_type, $post_id, $post_parent ) ); ++$suffix; } while ( $post_name_check ); $slug = $alt_post_name; } } else { // Post slugs must be unique across all posts. $check_sql = "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_type = %s AND ID != %d LIMIT 1"; $post_name_check = $wpdb->get_var( $wpdb->prepare( $check_sql, $slug, $post_type, $post_id ) ); $post = get_post( $post_id ); // Prevent new post slugs that could result in URLs that conflict with date archives. $conflicts_with_date_archive = false; if ( 'post' === $post_type && ( ! $post || $post->post_name !== $slug ) && preg_match( '/^[0-9]+$/', $slug ) ) { $slug_num = (int) $slug; if ( $slug_num ) { $permastructs = array_values( array_filter( explode( '/', get_option( 'permalink_structure' ) ) ) ); $postname_index = array_search( '%postname%', $permastructs, true ); /* * Potential date clashes are as follows: * * - Any integer in the first permastruct position could be a year. * - An integer between 1 and 12 that follows 'year' conflicts with 'monthnum'. * - An integer between 1 and 31 that follows 'monthnum' conflicts with 'day'. */ if ( 0 === $postname_index || ( $postname_index && '%year%' === $permastructs[ $postname_index - 1 ] && 13 > $slug_num ) || ( $postname_index && '%monthnum%' === $permastructs[ $postname_index - 1 ] && 32 > $slug_num ) ) { $conflicts_with_date_archive = true; } } } /** * Filters whether the post slug would be bad as a flat slug. * * @since 3.1.0 * * @param bool $bad_slug Whether the post slug would be bad as a flat slug. * @param string $slug The post slug. * @param string $post_type Post type. */ $is_bad_flat_slug = apply_filters( 'wp_unique_post_slug_is_bad_flat_slug', false, $slug, $post_type ); if ( $post_name_check || in_array( $slug, $feeds, true ) || 'embed' === $slug || $conflicts_with_date_archive || $is_bad_flat_slug ) { $suffix = 2; do { $alt_post_name = _truncate_post_slug( $slug, 200 - ( strlen( $suffix ) + 1 ) ) . "-$suffix"; $post_name_check = $wpdb->get_var( $wpdb->prepare( $check_sql, $alt_post_name, $post_type, $post_id ) ); ++$suffix; } while ( $post_name_check ); $slug = $alt_post_name; } } /** * Filters the unique post slug. * * @since 3.3.0 * * @param string $slug The post slug. * @param int $post_id Post ID. * @param string $post_status The post status. * @param string $post_type Post type. * @param int $post_parent Post parent ID * @param string $original_slug The original post slug. */ return apply_filters( 'wp_unique_post_slug', $slug, $post_id, $post_status, $post_type, $post_parent, $original_slug ); } /** * Truncates a post slug. * * @since 3.6.0 * @access private * * @see utf8_uri_encode() * * @param string $slug The slug to truncate. * @param int $length Optional. Max length of the slug. Default 200 (characters). * @return string The truncated slug. */ function _truncate_post_slug( $slug, $length = 200 ) { if ( strlen( $slug ) > $length ) { $decoded_slug = urldecode( $slug ); if ( $decoded_slug === $slug ) { $slug = substr( $slug, 0, $length ); } else { $slug = utf8_uri_encode( $decoded_slug, $length, true ); } } return rtrim( $slug, '-' ); } /** * Adds tags to a post. * * @see wp_set_post_tags() * * @since 2.3.0 * * @param int $post_id Optional. The Post ID. Does not default to the ID of the global $post. * @param string|array $tags Optional. An array of tags to set for the post, or a string of tags * separated by commas. Default empty. * @return array|false|WP_Error Array of affected term IDs. WP_Error or false on failure. */ function wp_add_post_tags( $post_id = 0, $tags = '' ) { return wp_set_post_tags( $post_id, $tags, true ); } /** * Sets the tags for a post. * * @since 2.3.0 * * @see wp_set_object_terms() * * @param int $post_id Optional. The Post ID. Does not default to the ID of the global $post. * @param string|array $tags Optional. An array of tags to set for the post, or a string of tags * separated by commas. Default empty. * @param bool $append Optional. If true, don't delete existing tags, just add on. If false, * replace the tags with the new tags. Default false. * @return array|false|WP_Error Array of term taxonomy IDs of affected terms. WP_Error or false on failure. */ function wp_set_post_tags( $post_id = 0, $tags = '', $append = false ) { return wp_set_post_terms( $post_id, $tags, 'post_tag', $append ); } /** * Sets the terms for a post. * * @since 2.8.0 * * @see wp_set_object_terms() * * @param int $post_id Optional. The Post ID. Does not default to the ID of the global $post. * @param string|array $terms Optional. An array of terms to set for the post, or a string of terms * separated by commas. Hierarchical taxonomies must always pass IDs rather * than names so that children with the same names but different parents * aren't confused. Default empty. * @param string $taxonomy Optional. Taxonomy name. Default 'post_tag'. * @param bool $append Optional. If true, don't delete existing terms, just add on. If false, * replace the terms with the new terms. Default false. * @return array|false|WP_Error Array of term taxonomy IDs of affected terms. WP_Error or false on failure. */ function wp_set_post_terms( $post_id = 0, $terms = '', $taxonomy = 'post_tag', $append = false ) { $post_id = (int) $post_id; if ( ! $post_id ) { return false; } if ( empty( $terms ) ) { $terms = array(); } if ( ! is_array( $terms ) ) { $comma = _x( ',', 'tag delimiter' ); if ( ',' !== $comma ) { $terms = str_replace( $comma, ',', $terms ); } $terms = explode( ',', trim( $terms, " \n\t\r\0\x0B," ) ); } /* * Hierarchical taxonomies must always pass IDs rather than names so that * children with the same names but different parents aren't confused. */ if ( is_taxonomy_hierarchical( $taxonomy ) ) { $terms = array_unique( array_map( 'intval', $terms ) ); } return wp_set_object_terms( $post_id, $terms, $taxonomy, $append ); } /** * Sets categories for a post. * * If no categories are provided, the default category is used. * * @since 2.1.0 * * @param int $post_id Optional. The Post ID. Does not default to the ID * of the global $post. Default 0. * @param int[]|int $post_categories Optional. List of category IDs, or the ID of a single category. * Default empty array. * @param bool $append If true, don't delete existing categories, just add on. * If false, replace the categories with the new categories. * @return array|false|WP_Error Array of term taxonomy IDs of affected categories. WP_Error or false on failure. */ function wp_set_post_categories( $post_id = 0, $post_categories = array(), $append = false ) { $post_id = (int) $post_id; $post_type = get_post_type( $post_id ); $post_status = get_post_status( $post_id ); // If $post_categories isn't already an array, make it one. $post_categories = (array) $post_categories; if ( empty( $post_categories ) ) { /** * Filters post types (in addition to 'post') that require a default category. * * @since 5.5.0 * * @param string[] $post_types An array of post type names. Default empty array. */ $default_category_post_types = apply_filters( 'default_category_post_types', array() ); // Regular posts always require a default category. $default_category_post_types = array_merge( $default_category_post_types, array( 'post' ) ); if ( in_array( $post_type, $default_category_post_types, true ) && is_object_in_taxonomy( $post_type, 'category' ) && 'auto-draft' !== $post_status ) { $post_categories = array( get_option( 'default_category' ) ); $append = false; } else { $post_categories = array(); } } elseif ( 1 === count( $post_categories ) && '' === reset( $post_categories ) ) { return true; } return wp_set_post_terms( $post_id, $post_categories, 'category', $append ); } /** * Fires actions related to the transitioning of a post's status. * * When a post is saved, the post status is "transitioned" from one status to another, * though this does not always mean the status has actually changed before and after * the save. This function fires a number of action hooks related to that transition: * the generic {@see 'transition_post_status'} action, as well as the dynamic hooks * {@see '$old_status_to_$new_status'} and {@see '$new_status_$post->post_type'}. Note * that the function does not transition the post object in the database. * * For instance: When publishing a post for the first time, the post status may transition * from 'draft' – or some other status – to 'publish'. However, if a post is already * published and is simply being updated, the "old" and "new" statuses may both be 'publish' * before and after the transition. * * @since 2.3.0 * * @param string $new_status Transition to this post status. * @param string $old_status Previous post status. * @param WP_Post $post Post data. */ function wp_transition_post_status( $new_status, $old_status, $post ) { /** * Fires when a post is transitioned from one status to another. * * @since 2.3.0 * * @param string $new_status New post status. * @param string $old_status Old post status. * @param WP_Post $post Post object. */ do_action( 'transition_post_status', $new_status, $old_status, $post ); /** * Fires when a post is transitioned from one status to another. * * The dynamic portions of the hook name, `$new_status` and `$old_status`, * refer to the old and new post statuses, respectively. * * Possible hook names include: * * - `draft_to_publish` * - `publish_to_trash` * - `pending_to_draft` * * @since 2.3.0 * * @param WP_Post $post Post object. */ do_action( "{$old_status}_to_{$new_status}", $post ); /** * Fires when a post is transitioned from one status to another. * * The dynamic portions of the hook name, `$new_status` and `$post->post_type`, * refer to the new post status and post type, respectively. * * Possible hook names include: * * - `draft_post` * - `future_post` * - `pending_post` * - `private_post` * - `publish_post` * - `trash_post` * - `draft_page` * - `future_page` * - `pending_page` * - `private_page` * - `publish_page` * - `trash_page` * - `publish_attachment` * - `trash_attachment` * * Please note: When this action is hooked using a particular post status (like * 'publish', as `publish_{$post->post_type}`), it will fire both when a post is * first transitioned to that status from something else, as well as upon * subsequent post updates (old and new status are both the same). * * Therefore, if you are looking to only fire a callback when a post is first * transitioned to a status, use the {@see 'transition_post_status'} hook instead. * * @since 2.3.0 * @since 5.9.0 Added `$old_status` parameter. * * @param int $post_id Post ID. * @param WP_Post $post Post object. * @param string $old_status Old post status. */ do_action( "{$new_status}_{$post->post_type}", $post->ID, $post, $old_status ); } /** * Fires actions after a post, its terms and meta data has been saved. * * @since 5.6.0 * * @param int|WP_Post $post The post ID or object that has been saved. * @param bool $update Whether this is an existing post being updated. * @param null|WP_Post $post_before Null for new posts, the WP_Post object prior * to the update for updated posts. */ function wp_after_insert_post( $post, $update, $post_before ) { $post = get_post( $post ); if ( ! $post ) { return; } $post_id = $post->ID; /** * Fires once a post, its terms and meta data has been saved. * * @since 5.6.0 * * @param int $post_id Post ID. * @param WP_Post $post Post object. * @param bool $update Whether this is an existing post being updated. * @param null|WP_Post $post_before Null for new posts, the WP_Post object prior * to the update for updated posts. */ do_action( 'wp_after_insert_post', $post_id, $post, $update, $post_before ); } // // Comment, trackback, and pingback functions. // /** * Adds a URL to those already pinged. * * @since 1.5.0 * @since 4.7.0 `$post` can be a WP_Post object. * @since 4.7.0 `$uri` can be an array of URIs. * * @global wpdb $wpdb WordPress database abstraction object. * * @param int|WP_Post $post Post ID or post object. * @param string|array $uri Ping URI or array of URIs. * @return int|false How many rows were updated. */ function add_ping( $post, $uri ) { global $wpdb; $post = get_post( $post ); if ( ! $post ) { return false; } $pung = trim( $post->pinged ); $pung = preg_split( '/\s/', $pung ); if ( is_array( $uri ) ) { $pung = array_merge( $pung, $uri ); } else { $pung[] = $uri; } $new = implode( "\n", $pung ); /** * Filters the new ping URL to add for the given post. * * @since 2.0.0 * * @param string $new New ping URL to add. */ $new = apply_filters( 'add_ping', $new ); $return = $wpdb->update( $wpdb->posts, array( 'pinged' => $new ), array( 'ID' => $post->ID ) ); clean_post_cache( $post->ID ); return $return; } /** * Retrieves enclosures already enclosed for a post. * * @since 1.5.0 * * @param int $post_id Post ID. * @return string[] Array of enclosures for the given post. */ function get_enclosed( $post_id ) { $custom_fields = get_post_custom( $post_id ); $pung = array(); if ( ! is_array( $custom_fields ) ) { return $pung; } foreach ( $custom_fields as $key => $val ) { if ( 'enclosure' !== $key || ! is_array( $val ) ) { continue; } foreach ( $val as $enc ) { $enclosure = explode( "\n", $enc ); $pung[] = trim( $enclosure[0] ); } } /** * Filters the list of enclosures already enclosed for the given post. * * @since 2.0.0 * * @param string[] $pung Array of enclosures for the given post. * @param int $post_id Post ID. */ return apply_filters( 'get_enclosed', $pung, $post_id ); } /** * Retrieves URLs already pinged for a post. * * @since 1.5.0 * * @since 4.7.0 `$post` can be a WP_Post object. * * @param int|WP_Post $post Post ID or object. * @return string[]|false Array of URLs already pinged for the given post, false if the post is not found. */ function get_pung( $post ) { $post = get_post( $post ); if ( ! $post ) { return false; } $pung = trim( $post->pinged ); $pung = preg_split( '/\s/', $pung ); /** * Filters the list of already-pinged URLs for the given post. * * @since 2.0.0 * * @param string[] $pung Array of URLs already pinged for the given post. */ return apply_filters( 'get_pung', $pung ); } /** * Retrieves URLs that need to be pinged. * * @since 1.5.0 * @since 4.7.0 `$post` can be a WP_Post object. * * @param int|WP_Post $post Post ID or post object. * @return string[]|false List of URLs yet to ping. */ function get_to_ping( $post ) { $post = get_post( $post ); if ( ! $post ) { return false; } $to_ping = sanitize_trackback_urls( $post->to_ping ); $to_ping = preg_split( '/\s/', $to_ping, -1, PREG_SPLIT_NO_EMPTY ); /** * Filters the list of URLs yet to ping for the given post. * * @since 2.0.0 * * @param string[] $to_ping List of URLs yet to ping. */ return apply_filters( 'get_to_ping', $to_ping ); } /** * Does trackbacks for a list of URLs. * * @since 1.0.0 * * @param string $tb_list Comma separated list of URLs. * @param int $post_id Post ID. */ function trackback_url_list( $tb_list, $post_id ) { if ( ! empty( $tb_list ) ) { // Get post data. $postdata = get_post( $post_id, ARRAY_A ); // Form an excerpt. $excerpt = strip_tags( $postdata['post_excerpt'] ? $postdata['post_excerpt'] : $postdata['post_content'] ); if ( strlen( $excerpt ) > 255 ) { $excerpt = substr( $excerpt, 0, 252 ) . '…'; } $trackback_urls = explode( ',', $tb_list ); foreach ( (array) $trackback_urls as $tb_url ) { $tb_url = trim( $tb_url ); trackback( $tb_url, wp_unslash( $postdata['post_title'] ), $excerpt, $post_id ); } } } // // Page functions. // /** * Gets a list of page IDs. * * @since 2.0.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @return string[] List of page IDs as strings. */ function get_all_page_ids() { global $wpdb; $page_ids = wp_cache_get( 'all_page_ids', 'posts' ); if ( ! is_array( $page_ids ) ) { $page_ids = $wpdb->get_col( "SELECT ID FROM $wpdb->posts WHERE post_type = 'page'" ); wp_cache_add( 'all_page_ids', $page_ids, 'posts' ); } return $page_ids; } /** * Retrieves page data given a page ID or page object. * * Use get_post() instead of get_page(). * * @since 1.5.1 * @deprecated 3.5.0 Use get_post() * * @param int|WP_Post $page Page object or page ID. Passed by reference. * @param string $output Optional. The required return type. One of OBJECT, ARRAY_A, or ARRAY_N, which * correspond to a WP_Post object, an associative array, or a numeric array, * respectively. Default OBJECT. * @param string $filter Optional. How the return value should be filtered. Accepts 'raw', * 'edit', 'db', 'display'. Default 'raw'. * @return WP_Post|array|null WP_Post or array on success, null on failure. */ function get_page( $page, $output = OBJECT, $filter = 'raw' ) { return get_post( $page, $output, $filter ); } /** * Retrieves a page given its path. * * @since 2.1.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $page_path Page path. * @param string $output Optional. The required return type. One of OBJECT, ARRAY_A, or ARRAY_N, which * correspond to a WP_Post object, an associative array, or a numeric array, * respectively. Default OBJECT. * @param string|array $post_type Optional. Post type or array of post types. Default 'page'. * @return WP_Post|array|null WP_Post (or array) on success, or null on failure. */ function get_page_by_path( $page_path, $output = OBJECT, $post_type = 'page' ) { global $wpdb; $last_changed = wp_cache_get_last_changed( 'posts' ); $hash = md5( $page_path . serialize( $post_type ) ); $cache_key = "get_page_by_path:$hash"; $cached = wp_cache_get_salted( $cache_key, 'post-queries', $last_changed ); if ( false !== $cached ) { // Special case: '0' is a bad `$page_path`. if ( '0' === $cached || 0 === $cached ) { return null; } else { return get_post( $cached, $output ); } } $page_path = rawurlencode( urldecode( $page_path ) ); $page_path = str_replace( '%2F', '/', $page_path ); $page_path = str_replace( '%20', ' ', $page_path ); $parts = explode( '/', trim( $page_path, '/' ) ); $parts = array_map( 'sanitize_title_for_query', $parts ); $escaped_parts = esc_sql( $parts ); $in_string = "'" . implode( "','", $escaped_parts ) . "'"; if ( is_array( $post_type ) ) { $post_types = $post_type; } else { $post_types = array( $post_type, 'attachment' ); } $post_types = esc_sql( $post_types ); $post_type_in_string = "'" . implode( "','", $post_types ) . "'"; $sql = " SELECT ID, post_name, post_parent, post_type FROM $wpdb->posts WHERE post_name IN ($in_string) AND post_type IN ($post_type_in_string) "; $pages = $wpdb->get_results( $sql, OBJECT_K ); $revparts = array_reverse( $parts ); $found_id = 0; foreach ( (array) $pages as $page ) { if ( $page->post_name === $revparts[0] ) { $count = 0; $p = $page; /* * Loop through the given path parts from right to left, * ensuring each matches the post ancestry. */ while ( 0 !== (int) $p->post_parent && isset( $pages[ $p->post_parent ] ) ) { ++$count; $parent = $pages[ $p->post_parent ]; if ( ! isset( $revparts[ $count ] ) || $parent->post_name !== $revparts[ $count ] ) { break; } $p = $parent; } if ( 0 === (int) $p->post_parent && count( $revparts ) === $count + 1 && $p->post_name === $revparts[ $count ] ) { $found_id = $page->ID; if ( $page->post_type === $post_type ) { break; } } } } // We cache misses as well as hits. wp_cache_set_salted( $cache_key, $found_id, 'post-queries', $last_changed ); if ( $found_id ) { return get_post( $found_id, $output ); } return null; } /** * Identifies descendants of a given page ID in a list of page objects. * * Descendants are identified from the `$pages` array passed to the function. No database queries are performed. * * @since 1.5.1 * * @param int $page_id Page ID. * @param WP_Post[] $pages List of page objects from which descendants should be identified. * @return WP_Post[] List of page children. */ function get_page_children( $page_id, $pages ) { // Build a hash of ID -> children. $children = array(); foreach ( (array) $pages as $page ) { $children[ (int) $page->post_parent ][] = $page; } $page_list = array(); // Start the search by looking at immediate children. if ( isset( $children[ $page_id ] ) ) { // Always start at the end of the stack in order to preserve original `$pages` order. $to_look = array_reverse( $children[ $page_id ] ); while ( $to_look ) { $p = array_pop( $to_look ); $page_list[] = $p; if ( isset( $children[ $p->ID ] ) ) { foreach ( array_reverse( $children[ $p->ID ] ) as $child ) { // Append to the `$to_look` stack to descend the tree. $to_look[] = $child; } } } } return $page_list; } /** * Orders the pages with children under parents in a flat list. * * It uses auxiliary structure to hold parent-children relationships and * runs in O(N) complexity * * @since 2.0.0 * * @param WP_Post[] $pages Posts array (passed by reference). * @param int $page_id Optional. Parent page ID. Default 0. * @return string[] Array of post names keyed by ID and arranged by hierarchy. Children immediately follow their parents. */ function get_page_hierarchy( &$pages, $page_id = 0 ) { if ( empty( $pages ) ) { return array(); } $children = array(); foreach ( (array) $pages as $p ) { $parent_id = (int) $p->post_parent; $children[ $parent_id ][] = $p; } $result = array(); _page_traverse_name( $page_id, $children, $result ); return $result; } /** * Traverses and return all the nested children post names of a root page. * * $children contains parent-children relations * * @since 2.9.0 * @access private * * @see _page_traverse_name() * * @param int $page_id Page ID. * @param array $children Parent-children relations (passed by reference). * @param string[] $result Array of page names keyed by ID (passed by reference). */ function _page_traverse_name( $page_id, &$children, &$result ) { if ( isset( $children[ $page_id ] ) ) { foreach ( (array) $children[ $page_id ] as $child ) { $result[ $child->ID ] = $child->post_name; _page_traverse_name( $child->ID, $children, $result ); } } } /** * Builds the URI path for a page. * * Sub pages will be in the "directory" under the parent page post name. * * @since 1.5.0 * @since 4.6.0 The `$page` parameter was made optional. * * @param WP_Post|object|int $page Optional. Page ID or WP_Post object. Default is global $post. * @return string|false Page URI, false on error. */ function get_page_uri( $page = 0 ) { if ( ! $page instanceof WP_Post ) { $page = get_post( $page ); } if ( ! $page ) { return false; } $uri = $page->post_name; foreach ( $page->ancestors as $parent ) { $parent = get_post( $parent ); if ( $parent && $parent->post_name ) { $uri = $parent->post_name . '/' . $uri; } } /** * Filters the URI for a page. * * @since 4.4.0 * * @param string $uri Page URI. * @param WP_Post $page Page object. */ return apply_filters( 'get_page_uri', $uri, $page ); } /** * Retrieves an array of pages (or hierarchical post type items). * * @since 1.5.0 * @since 6.3.0 Use WP_Query internally. * * @param array|string $args { * Optional. Array or string of arguments to retrieve pages. * * @type int $child_of Page ID to return child and grandchild pages of. Note: The value * of `$hierarchical` has no bearing on whether `$child_of` returns * hierarchical results. Default 0, or no restriction. * @type string $sort_order How to sort retrieved pages. Accepts 'ASC', 'DESC'. Default 'ASC'. * @type string $sort_column What columns to sort pages by, comma-separated. Accepts 'post_author', * 'post_date', 'post_title', 'post_name', 'post_modified', 'menu_order', * 'post_modified_gmt', 'post_parent', 'ID', 'rand', 'comment_count'. * 'post_' can be omitted for any values that start with it. * Default 'post_title'. * @type bool $hierarchical Whether to return pages hierarchically. If false in conjunction with * `$child_of` also being false, both arguments will be disregarded. * Default true. * @type int[] $exclude Array of page IDs to exclude. Default empty array. * @type int[] $include Array of page IDs to include. Cannot be used with `$child_of`, * `$parent`, `$exclude`, `$meta_key`, `$meta_value`, or `$hierarchical`. * Default empty array. * @type string $meta_key Only include pages with this meta key. Default empty. * @type string $meta_value Only include pages with this meta value. Requires `$meta_key`. * Default empty. * @type string $authors A comma-separated list of author IDs. Default empty. * @type int $parent Page ID to return direct children of. Default -1, or no restriction. * @type string|int[] $exclude_tree Comma-separated string or array of page IDs to exclude. * Default empty array. * @type int $number The number of pages to return. Default 0, or all pages. * @type int $offset The number of pages to skip before returning. Requires `$number`. * Default 0. * @type string $post_type The post type to query. Default 'page'. * @type string|array $post_status A comma-separated list or array of post statuses to include. * Default 'publish'. * } * @return WP_Post[]|false Array of pages (or hierarchical post type items). Boolean false if the * specified post type is not hierarchical or the specified status is not * supported by the post type. */ function get_pages( $args = array() ) { $defaults = array( 'child_of' => 0, 'sort_order' => 'ASC', 'sort_column' => 'post_title', 'hierarchical' => 1, 'exclude' => array(), 'include' => array(), 'meta_key' => '', 'meta_value' => '', 'authors' => '', 'parent' => -1, 'exclude_tree' => array(), 'number' => '', 'offset' => 0, 'post_type' => 'page', 'post_status' => 'publish', ); $parsed_args = wp_parse_args( $args, $defaults ); $number = (int) $parsed_args['number']; $offset = (int) $parsed_args['offset']; $child_of = (int) $parsed_args['child_of']; $hierarchical = $parsed_args['hierarchical']; $exclude = $parsed_args['exclude']; $meta_key = $parsed_args['meta_key']; $meta_value = $parsed_args['meta_value']; $parent = $parsed_args['parent']; $post_status = $parsed_args['post_status']; // Make sure the post type is hierarchical. $hierarchical_post_types = get_post_types( array( 'hierarchical' => true ) ); if ( ! in_array( $parsed_args['post_type'], $hierarchical_post_types, true ) ) { return false; } if ( $parent > 0 && ! $child_of ) { $hierarchical = false; } // Make sure we have a valid post status. if ( ! is_array( $post_status ) ) { $post_status = explode( ',', $post_status ); } if ( array_diff( $post_status, get_post_stati() ) ) { return false; } $query_args = array( 'orderby' => 'post_title', 'order' => 'ASC', 'post__not_in' => wp_parse_id_list( $exclude ), 'meta_key' => $meta_key, 'meta_value' => $meta_value, 'posts_per_page' => -1, 'offset' => $offset, 'post_type' => $parsed_args['post_type'], 'post_status' => $post_status, 'update_post_term_cache' => false, 'update_post_meta_cache' => false, 'ignore_sticky_posts' => true, 'no_found_rows' => true, ); if ( ! empty( $parsed_args['include'] ) ) { $child_of = 0; // Ignore child_of, parent, exclude, meta_key, and meta_value params if using include. $parent = -1; unset( $query_args['post__not_in'], $query_args['meta_key'], $query_args['meta_value'] ); $hierarchical = false; $query_args['post__in'] = wp_parse_id_list( $parsed_args['include'] ); } if ( ! empty( $parsed_args['authors'] ) ) { $post_authors = wp_parse_list( $parsed_args['authors'] ); if ( ! empty( $post_authors ) ) { $query_args['author__in'] = array(); foreach ( $post_authors as $post_author ) { // Do we have an author id or an author login? if ( 0 === (int) $post_author ) { $post_author = get_user_by( 'login', $post_author ); if ( empty( $post_author ) ) { continue; } if ( empty( $post_author->ID ) ) { continue; } $post_author = $post_author->ID; } $query_args['author__in'][] = (int) $post_author; } } } if ( is_array( $parent ) ) { $post_parent__in = array_map( 'absint', (array) $parent ); if ( ! empty( $post_parent__in ) ) { $query_args['post_parent__in'] = $post_parent__in; } } elseif ( $parent >= 0 ) { $query_args['post_parent'] = $parent; } /* * Maintain backward compatibility for `sort_column` key. * Additionally to `WP_Query`, it has been supporting the `post_modified_gmt` field, so this logic will translate * it to `post_modified` which should result in the same order given the two dates in the fields match. */ $orderby = wp_parse_list( $parsed_args['sort_column'] ); $orderby = array_map( static function ( $orderby_field ) { $orderby_field = trim( $orderby_field ); if ( 'post_modified_gmt' === $orderby_field || 'modified_gmt' === $orderby_field ) { $orderby_field = str_replace( '_gmt', '', $orderby_field ); } return $orderby_field; }, $orderby ); if ( $orderby ) { $query_args['orderby'] = array_fill_keys( $orderby, $parsed_args['sort_order'] ); } $order = $parsed_args['sort_order']; if ( $order ) { $query_args['order'] = $order; } if ( ! empty( $number ) ) { $query_args['posts_per_page'] = $number; } /** * Filters query arguments passed to WP_Query in get_pages(). * * @since 6.3.0 * * @param array $query_args Array of arguments passed to WP_Query. * @param array $parsed_args Array of get_pages() arguments. */ $query_args = apply_filters( 'get_pages_query_args', $query_args, $parsed_args ); $pages = new WP_Query(); $pages = $pages->query( $query_args ); if ( $child_of || $hierarchical ) { $pages = get_page_children( $child_of, $pages ); } if ( ! empty( $parsed_args['exclude_tree'] ) ) { $exclude = wp_parse_id_list( $parsed_args['exclude_tree'] ); foreach ( $exclude as $id ) { $children = get_page_children( $id, $pages ); foreach ( $children as $child ) { $exclude[] = $child->ID; } } $num_pages = count( $pages ); for ( $i = 0; $i < $num_pages; $i++ ) { if ( in_array( $pages[ $i ]->ID, $exclude, true ) ) { unset( $pages[ $i ] ); } } } /** * Filters the retrieved list of pages. * * @since 2.1.0 * * @param WP_Post[] $pages Array of page objects. * @param array $parsed_args Array of get_pages() arguments. */ return apply_filters( 'get_pages', $pages, $parsed_args ); } // // Attachment functions. // /** * Determines whether an attachment URI is local and really an attachment. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.0.0 * * @param string $url URL to check * @return bool True on success, false on failure. */ function is_local_attachment( $url ) { if ( ! str_contains( $url, home_url() ) ) { return false; } if ( str_contains( $url, home_url( '/?attachment_id=' ) ) ) { return true; } $id = url_to_postid( $url ); if ( $id ) { $post = get_post( $id ); if ( 'attachment' === $post->post_type ) { return true; } } return false; } /** * Inserts an attachment. * * If you set the 'ID' in the $args parameter, it will mean that you are * updating and attempt to update the attachment. You can also set the * attachment name or title by setting the key 'post_name' or 'post_title'. * * You can set the dates for the attachment manually by setting the 'post_date' * and 'post_date_gmt' keys' values. * * By default, the comments will use the default settings for whether the * comments are allowed. You can close them manually or keep them open by * setting the value for the 'comment_status' key. * * @since 2.0.0 * @since 4.7.0 Added the `$wp_error` parameter to allow a WP_Error to be returned on failure. * @since 5.6.0 Added the `$fire_after_hooks` parameter. * * @see wp_insert_post() * * @param string|array $args Arguments for inserting an attachment. * @param string|false $file Optional. Filename. Default false. * @param int $parent_post_id Optional. Parent post ID or 0 for no parent. Default 0. * @param bool $wp_error Optional. Whether to return a WP_Error on failure. Default false. * @param bool $fire_after_hooks Optional. Whether to fire the after insert hooks. Default true. * @return int|WP_Error The attachment ID on success. The value 0 or WP_Error on failure. */ function wp_insert_attachment( $args, $file = false, $parent_post_id = 0, $wp_error = false, $fire_after_hooks = true ) { $defaults = array( 'file' => $file, 'post_parent' => 0, ); $data = wp_parse_args( $args, $defaults ); if ( ! empty( $parent_post_id ) ) { $data['post_parent'] = $parent_post_id; } $data['post_type'] = 'attachment'; return wp_insert_post( $data, $wp_error, $fire_after_hooks ); } /** * Trashes or deletes an attachment. * * When an attachment is permanently deleted, the file will also be removed. * Deletion removes all post meta fields, taxonomy, comments, etc. associated * with the attachment (except the main post). * * The attachment is moved to the Trash instead of permanently deleted unless Trash * for media is disabled, item is already in the Trash, or $force_delete is true. * * @since 2.0.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $post_id Attachment ID. * @param bool $force_delete Optional. Whether to bypass Trash and force deletion. * Default false. * @return WP_Post|false|null Post data on success, false or null on failure. */ function wp_delete_attachment( $post_id, $force_delete = false ) { global $wpdb; $post = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE ID = %d", $post_id ) ); if ( ! $post ) { return $post; } $post = get_post( $post ); if ( 'attachment' !== $post->post_type ) { return false; } if ( ! $force_delete && EMPTY_TRASH_DAYS && MEDIA_TRASH && 'trash' !== $post->post_status ) { return wp_trash_post( $post_id ); } /** * Filters whether an attachment deletion should take place. * * @since 5.5.0 * * @param WP_Post|false|null $delete Whether to go forward with deletion. * @param WP_Post $post Post object. * @param bool $force_delete Whether to bypass the Trash. */ $check = apply_filters( 'pre_delete_attachment', null, $post, $force_delete ); if ( null !== $check ) { return $check; } delete_post_meta( $post_id, '_wp_trash_meta_status' ); delete_post_meta( $post_id, '_wp_trash_meta_time' ); $meta = wp_get_attachment_metadata( $post_id ); $backup_sizes = get_post_meta( $post->ID, '_wp_attachment_backup_sizes', true ); $file = get_attached_file( $post_id ); if ( is_multisite() && is_string( $file ) && ! empty( $file ) ) { clean_dirsize_cache( $file ); } /** * Fires before an attachment is deleted, at the start of wp_delete_attachment(). * * @since 2.0.0 * @since 5.5.0 Added the `$post` parameter. * * @param int $post_id Attachment ID. * @param WP_Post $post Post object. */ do_action( 'delete_attachment', $post_id, $post ); wp_delete_object_term_relationships( $post_id, array( 'category', 'post_tag' ) ); wp_delete_object_term_relationships( $post_id, get_object_taxonomies( $post->post_type ) ); // Delete all for any posts. delete_metadata( 'post', null, '_thumbnail_id', $post_id, true ); wp_defer_comment_counting( true ); $comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = %d ORDER BY comment_ID DESC", $post_id ) ); foreach ( $comment_ids as $comment_id ) { wp_delete_comment( $comment_id, true ); } wp_defer_comment_counting( false ); $post_meta_ids = $wpdb->get_col( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d ", $post_id ) ); foreach ( $post_meta_ids as $mid ) { delete_metadata_by_mid( 'post', $mid ); } /** This action is documented in wp-includes/post.php */ do_action( 'delete_post', $post_id, $post ); $result = $wpdb->delete( $wpdb->posts, array( 'ID' => $post_id ) ); if ( ! $result ) { return false; } /** This action is documented in wp-includes/post.php */ do_action( 'deleted_post', $post_id, $post ); wp_delete_attachment_files( $post_id, $meta, $backup_sizes, $file ); clean_post_cache( $post ); return $post; } /** * Deletes all files that belong to the given attachment. * * @since 4.9.7 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $post_id Attachment ID. * @param array $meta The attachment's meta data. * @param array $backup_sizes The meta data for the attachment's backup images. * @param string $file Absolute path to the attachment's file. * @return bool True on success, false on failure. */ function wp_delete_attachment_files( $post_id, $meta, $backup_sizes, $file ) { global $wpdb; $uploadpath = wp_get_upload_dir(); $deleted = true; if ( ! empty( $meta['thumb'] ) ) { // Don't delete the thumb if another attachment uses it. if ( ! $wpdb->get_row( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE %s AND post_id <> %d", '%' . $wpdb->esc_like( $meta['thumb'] ) . '%', $post_id ) ) ) { $thumbfile = str_replace( wp_basename( $file ), $meta['thumb'], $file ); if ( ! empty( $thumbfile ) ) { $thumbfile = path_join( $uploadpath['basedir'], $thumbfile ); $thumbdir = path_join( $uploadpath['basedir'], dirname( $file ) ); if ( ! wp_delete_file_from_directory( $thumbfile, $thumbdir ) ) { $deleted = false; } } } } // Remove intermediate and backup images if there are any. if ( isset( $meta['sizes'] ) && is_array( $meta['sizes'] ) ) { $intermediate_dir = path_join( $uploadpath['basedir'], dirname( $file ) ); foreach ( $meta['sizes'] as $size => $sizeinfo ) { $intermediate_file = str_replace( wp_basename( $file ), $sizeinfo['file'], $file ); if ( ! empty( $intermediate_file ) ) { $intermediate_file = path_join( $uploadpath['basedir'], $intermediate_file ); if ( ! wp_delete_file_from_directory( $intermediate_file, $intermediate_dir ) ) { $deleted = false; } } } } if ( ! empty( $meta['original_image'] ) ) { if ( empty( $intermediate_dir ) ) { $intermediate_dir = path_join( $uploadpath['basedir'], dirname( $file ) ); } $original_image = str_replace( wp_basename( $file ), $meta['original_image'], $file ); if ( ! empty( $original_image ) ) { $original_image = path_join( $uploadpath['basedir'], $original_image ); if ( ! wp_delete_file_from_directory( $original_image, $intermediate_dir ) ) { $deleted = false; } } } if ( is_array( $backup_sizes ) ) { $del_dir = path_join( $uploadpath['basedir'], dirname( $meta['file'] ) ); foreach ( $backup_sizes as $size ) { $del_file = path_join( dirname( $meta['file'] ), $size['file'] ); if ( ! empty( $del_file ) ) { $del_file = path_join( $uploadpath['basedir'], $del_file ); if ( ! wp_delete_file_from_directory( $del_file, $del_dir ) ) { $deleted = false; } } } } if ( ! wp_delete_file_from_directory( $file, $uploadpath['basedir'] ) ) { $deleted = false; } return $deleted; } /** * Retrieves attachment metadata for attachment ID. * * @since 2.1.0 * @since 6.0.0 The `$filesize` value was added to the returned array. * * @param int $attachment_id Attachment post ID. Defaults to global $post. * @param bool $unfiltered Optional. If true, filters are not run. Default false. * @return array|false { * Attachment metadata. False on failure. * * @type int $width The width of the attachment. * @type int $height The height of the attachment. * @type string $file The file path relative to `wp-content/uploads`. * @type array $sizes Keys are size slugs, each value is an array containing * 'file', 'width', 'height', and 'mime-type'. * @type array $image_meta Image metadata. * @type int $filesize File size of the attachment. * } */ function wp_get_attachment_metadata( $attachment_id = 0, $unfiltered = false ) { $attachment_id = (int) $attachment_id; if ( ! $attachment_id ) { $post = get_post(); if ( ! $post ) { return false; } $attachment_id = $post->ID; } $data = get_post_meta( $attachment_id, '_wp_attachment_metadata', true ); if ( ! $data ) { return false; } if ( $unfiltered ) { return $data; } /** * Filters the attachment meta data. * * @since 2.1.0 * * @param array $data Array of meta data for the given attachment. * @param int $attachment_id Attachment post ID. */ return apply_filters( 'wp_get_attachment_metadata', $data, $attachment_id ); } /** * Updates metadata for an attachment. * * @since 2.1.0 * * @param int $attachment_id Attachment post ID. * @param array $data Attachment meta data. * @return int|bool Whether the metadata was successfully updated. * True on success, the Meta ID if the key didn't exist. * False if $post is invalid, on failure, or if $data is the same as the existing metadata. */ function wp_update_attachment_metadata( $attachment_id, $data ) { $attachment_id = (int) $attachment_id; $post = get_post( $attachment_id ); if ( ! $post ) { return false; } /** * Filters the updated attachment meta data. * * @since 2.1.0 * * @param array $data Array of updated attachment meta data. * @param int $attachment_id Attachment post ID. */ $data = apply_filters( 'wp_update_attachment_metadata', $data, $post->ID ); if ( $data ) { return update_post_meta( $post->ID, '_wp_attachment_metadata', $data ); } else { return delete_post_meta( $post->ID, '_wp_attachment_metadata' ); } } /** * Retrieves the URL for an attachment. * * @since 2.1.0 * * @global string $pagenow The filename of the current screen. * * @param int $attachment_id Optional. Attachment post ID. Defaults to global $post. * @return string|false Attachment URL, otherwise false. */ function wp_get_attachment_url( $attachment_id = 0 ) { global $pagenow; $attachment_id = (int) $attachment_id; $post = get_post( $attachment_id ); if ( ! $post ) { return false; } if ( 'attachment' !== $post->post_type ) { return false; } $url = ''; // Get attached file. $file = get_post_meta( $post->ID, '_wp_attached_file', true ); if ( $file ) { // Get upload directory. $uploads = wp_get_upload_dir(); if ( $uploads && false === $uploads['error'] ) { // Check that the upload base exists in the file location. if ( str_starts_with( $file, $uploads['basedir'] ) ) { // Replace file location with url location. $url = str_replace( $uploads['basedir'], $uploads['baseurl'], $file ); } elseif ( str_contains( $file, 'wp-content/uploads' ) ) { // Get the directory name relative to the basedir (back compat for pre-2.7 uploads). $url = trailingslashit( $uploads['baseurl'] . '/' . _wp_get_attachment_relative_path( $file ) ) . wp_basename( $file ); } else { // It's a newly-uploaded file, therefore $file is relative to the basedir. $url = $uploads['baseurl'] . "/$file"; } } } /* * If any of the above options failed, Fallback on the GUID as used pre-2.7, * not recommended to rely upon this. */ if ( ! $url ) { $url = get_the_guid( $post->ID ); } // On SSL front end, URLs should be HTTPS. if ( is_ssl() && ! is_admin() && 'wp-login.php' !== $pagenow ) { $url = set_url_scheme( $url ); } /** * Filters the attachment URL. * * @since 2.1.0 * * @param string $url URL for the given attachment. * @param int $attachment_id Attachment post ID. */ $url = apply_filters( 'wp_get_attachment_url', $url, $post->ID ); if ( ! $url ) { return false; } return $url; } /** * Retrieves the caption for an attachment. * * @since 4.6.0 * * @param int $post_id Optional. Attachment ID. Default is the ID of the global `$post`. * @return string|false Attachment caption on success, false on failure. */ function wp_get_attachment_caption( $post_id = 0 ) { $post_id = (int) $post_id; $post = get_post( $post_id ); if ( ! $post ) { return false; } if ( 'attachment' !== $post->post_type ) { return false; } $caption = $post->post_excerpt; /** * Filters the attachment caption. * * @since 4.6.0 * * @param string $caption Caption for the given attachment. * @param int $post_id Attachment ID. */ return apply_filters( 'wp_get_attachment_caption', $caption, $post->ID ); } /** * Retrieves URL for an attachment thumbnail. * * @since 2.1.0 * @since 6.1.0 Changed to use wp_get_attachment_image_url(). * * @param int $post_id Optional. Attachment ID. Default is the ID of the global `$post`. * @return string|false Thumbnail URL on success, false on failure. */ function wp_get_attachment_thumb_url( $post_id = 0 ) { $post_id = (int) $post_id; /* * This uses image_downsize() which also looks for the (very) old format $image_meta['thumb'] * when the newer format $image_meta['sizes']['thumbnail'] doesn't exist. */ $thumbnail_url = wp_get_attachment_image_url( $post_id, 'thumbnail' ); if ( empty( $thumbnail_url ) ) { return false; } /** * Filters the attachment thumbnail URL. * * @since 2.1.0 * * @param string $thumbnail_url URL for the attachment thumbnail. * @param int $post_id Attachment ID. */ return apply_filters( 'wp_get_attachment_thumb_url', $thumbnail_url, $post_id ); } /** * Verifies an attachment is of a given type. * * @since 4.2.0 * * @param string $type Attachment type. Accepts `image`, `audio`, `video`, or a file extension. * @param int|WP_Post $post Optional. Attachment ID or object. Default is global $post. * @return bool True if an accepted type or a matching file extension, false otherwise. */ function wp_attachment_is( $type, $post = null ) { $post = get_post( $post ); if ( ! $post ) { return false; } $file = get_attached_file( $post->ID ); if ( ! $file ) { return false; } if ( str_starts_with( $post->post_mime_type, $type . '/' ) ) { return true; } $check = wp_check_filetype( $file ); if ( empty( $check['ext'] ) ) { return false; } $ext = $check['ext']; if ( 'import' !== $post->post_mime_type ) { return $type === $ext; } switch ( $type ) { case 'image': $image_exts = array( 'jpg', 'jpeg', 'jpe', 'gif', 'png', 'webp', 'avif', 'heic' ); return in_array( $ext, $image_exts, true ); case 'audio': return in_array( $ext, wp_get_audio_extensions(), true ); case 'video': return in_array( $ext, wp_get_video_extensions(), true ); default: return $type === $ext; } } /** * Determines whether an attachment is an image. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.1.0 * @since 4.2.0 Modified into wrapper for wp_attachment_is() and * allowed WP_Post object to be passed. * * @param int|WP_Post $post Optional. Attachment ID or object. Default is global $post. * @return bool Whether the attachment is an image. */ function wp_attachment_is_image( $post = null ) { return wp_attachment_is( 'image', $post ); } /** * Retrieves the icon for a MIME type or attachment. * * @since 2.1.0 * @since 6.5.0 Added the `$preferred_ext` parameter. * * @param string|int $mime MIME type or attachment ID. * @param string $preferred_ext File format to prefer in return. Default '.png'. * @return string|false Icon, false otherwise. */ function wp_mime_type_icon( $mime = 0, $preferred_ext = '.png' ) { if ( ! is_numeric( $mime ) ) { $icon = wp_cache_get( "mime_type_icon_$mime" ); } // Check if preferred file format variable is present and is a validly formatted file extension. if ( ! empty( $preferred_ext ) && is_string( $preferred_ext ) && ! str_starts_with( $preferred_ext, '.' ) ) { $preferred_ext = '.' . strtolower( $preferred_ext ); } $post_id = 0; if ( empty( $icon ) ) { $post_mimes = array(); if ( is_numeric( $mime ) ) { $mime = (int) $mime; $post = get_post( $mime ); if ( $post ) { $post_id = (int) $post->ID; $file = get_attached_file( $post_id ); $ext = preg_replace( '/^.+?\.([^.]+)$/', '$1', $file ); if ( ! empty( $ext ) ) { $post_mimes[] = $ext; $ext_type = wp_ext2type( $ext ); if ( $ext_type ) { $post_mimes[] = $ext_type; } } $mime = $post->post_mime_type; } else { $mime = 0; } } else { $post_mimes[] = $mime; } $icon_files = wp_cache_get( 'icon_files' ); if ( ! is_array( $icon_files ) ) { /** * Filters the icon directory path. * * @since 2.0.0 * * @param string $path Icon directory absolute path. */ $icon_dir = apply_filters( 'icon_dir', ABSPATH . WPINC . '/images/media' ); /** * Filters the icon directory URI. * * @since 2.0.0 * * @param string $uri Icon directory URI. */ $icon_dir_uri = apply_filters( 'icon_dir_uri', includes_url( 'images/media' ) ); /** * Filters the array of icon directory URIs. * * @since 2.5.0 * * @param string[] $uris Array of icon directory URIs keyed by directory absolute path. */ $dirs = apply_filters( 'icon_dirs', array( $icon_dir => $icon_dir_uri ) ); $icon_files = array(); $all_icons = array(); while ( $dirs ) { $keys = array_keys( $dirs ); $dir = array_shift( $keys ); $uri = array_shift( $dirs ); $dh = opendir( $dir ); if ( $dh ) { while ( false !== $file = readdir( $dh ) ) { $file = wp_basename( $file ); if ( str_starts_with( $file, '.' ) ) { continue; } $ext = strtolower( substr( $file, -4 ) ); if ( ! in_array( $ext, array( '.svg', '.png', '.gif', '.jpg' ), true ) ) { if ( is_dir( "$dir/$file" ) ) { $dirs[ "$dir/$file" ] = "$uri/$file"; } continue; } $all_icons[ "$dir/$file" ] = "$uri/$file"; if ( $ext === $preferred_ext ) { $icon_files[ "$dir/$file" ] = "$uri/$file"; } } closedir( $dh ); } } // If directory only contained icons of a non-preferred format, return those. if ( empty( $icon_files ) ) { $icon_files = $all_icons; } wp_cache_add( 'icon_files', $icon_files, 'default', 600 ); } $types = array(); // Icon wp_basename - extension = MIME wildcard. foreach ( $icon_files as $file => $uri ) { $types[ preg_replace( '/^([^.]*).*$/', '$1', wp_basename( $file ) ) ] =& $icon_files[ $file ]; } if ( ! empty( $mime ) ) { $post_mimes[] = substr( $mime, 0, strpos( $mime, '/' ) ); $post_mimes[] = substr( $mime, strpos( $mime, '/' ) + 1 ); $post_mimes[] = str_replace( '/', '_', $mime ); } $matches = wp_match_mime_types( array_keys( $types ), $post_mimes ); $matches['default'] = array( 'default' ); foreach ( $matches as $match => $wilds ) { foreach ( $wilds as $wild ) { if ( ! isset( $types[ $wild ] ) ) { continue; } $icon = $types[ $wild ]; if ( ! is_numeric( $mime ) ) { wp_cache_add( "mime_type_icon_$mime", $icon ); } break 2; } } } /** * Filters the mime type icon. * * @since 2.1.0 * * @param string $icon Path to the mime type icon. * @param string $mime Mime type. * @param int $post_id Attachment ID. Will equal 0 if the function passed * the mime type. */ return apply_filters( 'wp_mime_type_icon', $icon, $mime, $post_id ); } /** * Checks for changed slugs for published post objects and save the old slug. * * The function is used when a post object of any type is updated, * by comparing the current and previous post objects. * * If the slug was changed and not already part of the old slugs then it will be * added to the post meta field ('_wp_old_slug') for storing old slugs for that * post. * * The most logically usage of this function is redirecting changed post objects, so * that those that linked to an changed post will be redirected to the new post. * * @since 2.1.0 * * @param int $post_id Post ID. * @param WP_Post $post The post object. * @param WP_Post $post_before The previous post object. */ function wp_check_for_changed_slugs( $post_id, $post, $post_before ) { // Don't bother if it hasn't changed. if ( $post->post_name === $post_before->post_name ) { return; } // We're only concerned with published, non-hierarchical objects. if ( ! ( 'publish' === $post->post_status || ( 'attachment' === $post->post_type && 'inherit' === $post->post_status ) ) || is_post_type_hierarchical( $post->post_type ) ) { return; } $old_slugs = (array) get_post_meta( $post_id, '_wp_old_slug' ); // If we haven't added this old slug before, add it now. if ( ! empty( $post_before->post_name ) && ! in_array( $post_before->post_name, $old_slugs, true ) ) { add_post_meta( $post_id, '_wp_old_slug', $post_before->post_name ); } // If the new slug was used previously, delete it from the list. if ( in_array( $post->post_name, $old_slugs, true ) ) { delete_post_meta( $post_id, '_wp_old_slug', $post->post_name ); } } /** * Checks for changed dates for published post objects and save the old date. * * The function is used when a post object of any type is updated, * by comparing the current and previous post objects. * * If the date was changed and not already part of the old dates then it will be * added to the post meta field ('_wp_old_date') for storing old dates for that * post. * * The most logically usage of this function is redirecting changed post objects, so * that those that linked to an changed post will be redirected to the new post. * * @since 4.9.3 * * @param int $post_id Post ID. * @param WP_Post $post The post object. * @param WP_Post $post_before The previous post object. */ function wp_check_for_changed_dates( $post_id, $post, $post_before ) { $previous_date = gmdate( 'Y-m-d', strtotime( $post_before->post_date ) ); $new_date = gmdate( 'Y-m-d', strtotime( $post->post_date ) ); // Don't bother if it hasn't changed. if ( $new_date === $previous_date ) { return; } // We're only concerned with published, non-hierarchical objects. if ( ! ( 'publish' === $post->post_status || ( 'attachment' === $post->post_type && 'inherit' === $post->post_status ) ) || is_post_type_hierarchical( $post->post_type ) ) { return; } $old_dates = (array) get_post_meta( $post_id, '_wp_old_date' ); // If we haven't added this old date before, add it now. if ( ! empty( $previous_date ) && ! in_array( $previous_date, $old_dates, true ) ) { add_post_meta( $post_id, '_wp_old_date', $previous_date ); } // If the new slug was used previously, delete it from the list. if ( in_array( $new_date, $old_dates, true ) ) { delete_post_meta( $post_id, '_wp_old_date', $new_date ); } } /** * Retrieves the private post SQL based on capability. * * This function provides a standardized way to appropriately select on the * post_status of a post type. The function will return a piece of SQL code * that can be added to a WHERE clause; this SQL is constructed to allow all * published posts, and all private posts to which the user has access. * * @since 2.2.0 * @since 4.3.0 Added the ability to pass an array to `$post_type`. * * @param string|array $post_type Single post type or an array of post types. Currently only supports 'post' or 'page'. * @return string SQL code that can be added to a where clause. */ function get_private_posts_cap_sql( $post_type ) { return get_posts_by_author_sql( $post_type, false ); } /** * Retrieves the post SQL based on capability, author, and type. * * @since 3.0.0 * @since 4.3.0 Introduced the ability to pass an array of post types to `$post_type`. * * @see get_private_posts_cap_sql() * @global wpdb $wpdb WordPress database abstraction object. * * @param string|string[] $post_type Single post type or an array of post types. * @param bool $full Optional. Returns a full WHERE statement instead of just * an 'andalso' term. Default true. * @param int $post_author Optional. Query posts having a single author ID. Default null. * @param bool $public_only Optional. Only return public posts. Skips cap checks for * $current_user. Default false. * @return string SQL WHERE code that can be added to a query. */ function get_posts_by_author_sql( $post_type, $full = true, $post_author = null, $public_only = false ) { global $wpdb; if ( is_array( $post_type ) ) { $post_types = $post_type; } else { $post_types = array( $post_type ); } $post_type_clauses = array(); foreach ( $post_types as $post_type ) { $post_type_obj = get_post_type_object( $post_type ); if ( ! $post_type_obj ) { continue; } /** * Filters the capability to read private posts for a custom post type * when generating SQL for getting posts by author. * * @since 2.2.0 * @deprecated 3.2.0 The hook transitioned from "somewhat useless" to "totally useless". * * @param string $cap Capability. */ $cap = apply_filters_deprecated( 'pub_priv_sql_capability', array( '' ), '3.2.0' ); if ( ! $cap ) { $cap = current_user_can( $post_type_obj->cap->read_private_posts ); } // Only need to check the cap if $public_only is false. $post_status_sql = "post_status = 'publish'"; if ( false === $public_only ) { if ( $cap ) { // Does the user have the capability to view private posts? Guess so. $post_status_sql .= " OR post_status = 'private'"; } elseif ( is_user_logged_in() ) { // Users can view their own private posts. $id = get_current_user_id(); if ( null === $post_author || ! $full ) { $post_status_sql .= " OR post_status = 'private' AND post_author = $id"; } elseif ( $id === (int) $post_author ) { $post_status_sql .= " OR post_status = 'private'"; } // Else none. } // Else none. } $post_type_clauses[] = "( post_type = '" . $post_type . "' AND ( $post_status_sql ) )"; } if ( empty( $post_type_clauses ) ) { return $full ? 'WHERE 1 = 0' : '1 = 0'; } $sql = '( ' . implode( ' OR ', $post_type_clauses ) . ' )'; if ( null !== $post_author ) { $sql .= $wpdb->prepare( ' AND post_author = %d', $post_author ); } if ( $full ) { $sql = 'WHERE ' . $sql; } return $sql; } /** * Retrieves the most recent time that a post on the site was published. * * The server timezone is the default and is the difference between GMT and * server time. The 'blog' value is the date when the last post was posted. * The 'gmt' is when the last post was posted in GMT formatted date. * * @since 0.71 * @since 4.4.0 The `$post_type` argument was added. * * @param string $timezone Optional. The timezone for the timestamp. Accepts 'server', 'blog', or 'gmt'. * 'server' uses the server's internal timezone. * 'blog' uses the `post_date` field, which proxies to the timezone set for the site. * 'gmt' uses the `post_date_gmt` field. * Default 'server'. * @param string $post_type Optional. The post type to check. Default 'any'. * @return string The date of the last post, or false on failure. */ function get_lastpostdate( $timezone = 'server', $post_type = 'any' ) { $lastpostdate = _get_last_post_time( $timezone, 'date', $post_type ); /** * Filters the most recent time that a post on the site was published. * * @since 2.3.0 * @since 5.5.0 Added the `$post_type` parameter. * * @param string|false $lastpostdate The most recent time that a post was published, * in 'Y-m-d H:i:s' format. False on failure. * @param string $timezone Location to use for getting the post published date. * See get_lastpostdate() for accepted `$timezone` values. * @param string $post_type The post type to check. */ return apply_filters( 'get_lastpostdate', $lastpostdate, $timezone, $post_type ); } /** * Gets the most recent time that a post on the site was modified. * * The server timezone is the default and is the difference between GMT and * server time. The 'blog' value is just when the last post was modified. * The 'gmt' is when the last post was modified in GMT time. * * @since 1.2.0 * @since 4.4.0 The `$post_type` argument was added. * * @param string $timezone Optional. The timezone for the timestamp. See get_lastpostdate() * for information on accepted values. * Default 'server'. * @param string $post_type Optional. The post type to check. Default 'any'. * @return string The timestamp in 'Y-m-d H:i:s' format, or false on failure. */ function get_lastpostmodified( $timezone = 'server', $post_type = 'any' ) { /** * Pre-filter the return value of get_lastpostmodified() before the query is run. * * @since 4.4.0 * * @param string|false $lastpostmodified The most recent time that a post was modified, * in 'Y-m-d H:i:s' format, or false. Returning anything * other than false will short-circuit the function. * @param string $timezone Location to use for getting the post modified date. * See get_lastpostdate() for accepted `$timezone` values. * @param string $post_type The post type to check. */ $lastpostmodified = apply_filters( 'pre_get_lastpostmodified', false, $timezone, $post_type ); if ( false !== $lastpostmodified ) { return $lastpostmodified; } $lastpostmodified = _get_last_post_time( $timezone, 'modified', $post_type ); $lastpostdate = get_lastpostdate( $timezone, $post_type ); if ( $lastpostdate > $lastpostmodified ) { $lastpostmodified = $lastpostdate; } /** * Filters the most recent time that a post on the site was modified. * * @since 2.3.0 * @since 5.5.0 Added the `$post_type` parameter. * * @param string|false $lastpostmodified The most recent time that a post was modified, * in 'Y-m-d H:i:s' format. False on failure. * @param string $timezone Location to use for getting the post modified date. * See get_lastpostdate() for accepted `$timezone` values. * @param string $post_type The post type to check. */ return apply_filters( 'get_lastpostmodified', $lastpostmodified, $timezone, $post_type ); } /** * Gets the timestamp of the last time any post was modified or published. * * @since 3.1.0 * @since 4.4.0 The `$post_type` argument was added. * @access private * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $timezone The timezone for the timestamp. See get_lastpostdate(). * for information on accepted values. * @param string $field Post field to check. Accepts 'date' or 'modified'. * @param string $post_type Optional. The post type to check. Default 'any'. * @return string|false The timestamp in 'Y-m-d H:i:s' format, or false on failure. */ function _get_last_post_time( $timezone, $field, $post_type = 'any' ) { global $wpdb; if ( ! in_array( $field, array( 'date', 'modified' ), true ) ) { return false; } $timezone = strtolower( $timezone ); $key = "lastpost{$field}:$timezone"; if ( 'any' !== $post_type ) { $key .= ':' . sanitize_key( $post_type ); } $date = wp_cache_get( $key, 'timeinfo' ); if ( false !== $date ) { return $date; } if ( 'any' === $post_type ) { $post_types = get_post_types( array( 'public' => true ) ); array_walk( $post_types, array( $wpdb, 'escape_by_ref' ) ); $post_types = "'" . implode( "', '", $post_types ) . "'"; } else { $post_types = "'" . sanitize_key( $post_type ) . "'"; } switch ( $timezone ) { case 'gmt': $date = $wpdb->get_var( "SELECT post_{$field}_gmt FROM $wpdb->posts WHERE post_status = 'publish' AND post_type IN ({$post_types}) ORDER BY post_{$field}_gmt DESC LIMIT 1" ); break; case 'blog': $date = $wpdb->get_var( "SELECT post_{$field} FROM $wpdb->posts WHERE post_status = 'publish' AND post_type IN ({$post_types}) ORDER BY post_{$field}_gmt DESC LIMIT 1" ); break; case 'server': $add_seconds_server = gmdate( 'Z' ); $date = $wpdb->get_var( "SELECT DATE_ADD(post_{$field}_gmt, INTERVAL '$add_seconds_server' SECOND) FROM $wpdb->posts WHERE post_status = 'publish' AND post_type IN ({$post_types}) ORDER BY post_{$field}_gmt DESC LIMIT 1" ); break; } if ( $date ) { wp_cache_set( $key, $date, 'timeinfo' ); return $date; } return false; } /** * Updates posts in cache. * * @since 1.5.1 * * @param WP_Post[] $posts Array of post objects (passed by reference). */ function update_post_cache( &$posts ) { if ( ! $posts ) { return; } $data = array(); foreach ( $posts as $post ) { if ( empty( $post->filter ) || 'raw' !== $post->filter ) { $post = sanitize_post( $post, 'raw' ); } $data[ $post->ID ] = $post; } wp_cache_add_multiple( $data, 'posts' ); } /** * Will clean the post in the cache. * * Cleaning means delete from the cache of the post. Will call to clean the term * object cache associated with the post ID. * * This function not run if $_wp_suspend_cache_invalidation is not empty. See * wp_suspend_cache_invalidation(). * * @since 2.0.0 * * @global bool $_wp_suspend_cache_invalidation * * @param int|WP_Post $post Post ID or post object to remove from the cache. */ function clean_post_cache( $post ) { global $_wp_suspend_cache_invalidation; if ( ! empty( $_wp_suspend_cache_invalidation ) ) { return; } $post = get_post( $post ); if ( ! $post ) { return; } wp_cache_delete( $post->ID, 'posts' ); wp_cache_delete( 'post_parent:' . (string) $post->ID, 'posts' ); wp_cache_delete( $post->ID, 'post_meta' ); clean_object_term_cache( $post->ID, $post->post_type ); wp_cache_delete( 'wp_get_archives', 'general' ); /** * Fires immediately after the given post's cache is cleaned. * * @since 2.5.0 * * @param int $post_id Post ID. * @param WP_Post $post Post object. */ do_action( 'clean_post_cache', $post->ID, $post ); if ( 'page' === $post->post_type ) { wp_cache_delete( 'all_page_ids', 'posts' ); /** * Fires immediately after the given page's cache is cleaned. * * @since 2.5.0 * * @param int $post_id Post ID. */ do_action( 'clean_page_cache', $post->ID ); } wp_cache_set_posts_last_changed(); } /** * Updates post, term, and metadata caches for a list of post objects. * * @since 1.5.0 * * @param WP_Post[] $posts Array of post objects (passed by reference). * @param string $post_type Optional. Post type. Default 'post'. * @param bool $update_term_cache Optional. Whether to update the term cache. Default true. * @param bool $update_meta_cache Optional. Whether to update the meta cache. Default true. */ function update_post_caches( &$posts, $post_type = 'post', $update_term_cache = true, $update_meta_cache = true ) { // No point in doing all this work if we didn't match any posts. if ( ! $posts ) { return; } update_post_cache( $posts ); $post_ids = array(); foreach ( $posts as $post ) { $post_ids[] = $post->ID; } if ( ! $post_type ) { $post_type = 'any'; } if ( $update_term_cache ) { if ( is_array( $post_type ) ) { $ptypes = $post_type; } elseif ( 'any' === $post_type ) { $ptypes = array(); // Just use the post_types in the supplied posts. foreach ( $posts as $post ) { $ptypes[] = $post->post_type; } $ptypes = array_unique( $ptypes ); } else { $ptypes = array( $post_type ); } if ( ! empty( $ptypes ) ) { update_object_term_cache( $post_ids, $ptypes ); } } if ( $update_meta_cache ) { update_postmeta_cache( $post_ids ); } } /** * Updates post author user caches for a list of post objects. * * @since 6.1.0 * * @param WP_Post[] $posts Array of post objects. */ function update_post_author_caches( $posts ) { /* * cache_users() is a pluggable function so is not available prior * to the `plugins_loaded` hook firing. This is to ensure against * fatal errors when the function is not available. */ if ( ! function_exists( 'cache_users' ) ) { return; } $author_ids = wp_list_pluck( $posts, 'post_author' ); $author_ids = array_map( 'absint', $author_ids ); $author_ids = array_unique( array_filter( $author_ids ) ); cache_users( $author_ids ); } /** * Updates parent post caches for a list of post objects. * * @since 6.1.0 * * @param WP_Post[] $posts Array of post objects. */ function update_post_parent_caches( $posts ) { $parent_ids = wp_list_pluck( $posts, 'post_parent' ); $parent_ids = array_map( 'absint', $parent_ids ); $parent_ids = array_unique( array_filter( $parent_ids ) ); if ( ! empty( $parent_ids ) ) { _prime_post_caches( $parent_ids, false ); } } /** * Updates metadata cache for a list of post IDs. * * Performs SQL query to retrieve the metadata for the post IDs and updates the * metadata cache for the posts. Therefore, the functions, which call this * function, do not need to perform SQL queries on their own. * * @since 2.1.0 * * @param int[] $post_ids Array of post IDs. * @return array|false An array of metadata on success, false if there is nothing to update. */ function update_postmeta_cache( $post_ids ) { return update_meta_cache( 'post', $post_ids ); } /** * Will clean the attachment in the cache. * * Cleaning means delete from the cache. Optionally will clean the term * object cache associated with the attachment ID. * * This function will not run if $_wp_suspend_cache_invalidation is not empty. * * @since 3.0.0 * * @global bool $_wp_suspend_cache_invalidation * * @param int $id The attachment ID in the cache to clean. * @param bool $clean_terms Optional. Whether to clean terms cache. Default false. */ function clean_attachment_cache( $id, $clean_terms = false ) { global $_wp_suspend_cache_invalidation; if ( ! empty( $_wp_suspend_cache_invalidation ) ) { return; } $id = (int) $id; wp_cache_delete( $id, 'posts' ); wp_cache_delete( $id, 'post_meta' ); if ( $clean_terms ) { clean_object_term_cache( $id, 'attachment' ); } /** * Fires after the given attachment's cache is cleaned. * * @since 3.0.0 * * @param int $id Attachment ID. */ do_action( 'clean_attachment_cache', $id ); } // // Hooks. // /** * Hook for managing future post transitions to published. * * @since 2.3.0 * @access private * * @see wp_clear_scheduled_hook() * @global wpdb $wpdb WordPress database abstraction object. * * @param string $new_status New post status. * @param string $old_status Previous post status. * @param WP_Post $post Post object. */ function _transition_post_status( $new_status, $old_status, $post ) { global $wpdb; if ( 'publish' !== $old_status && 'publish' === $new_status ) { // Reset GUID if transitioning to publish and it is empty. if ( '' === get_the_guid( $post->ID ) ) { $wpdb->update( $wpdb->posts, array( 'guid' => get_permalink( $post->ID ) ), array( 'ID' => $post->ID ) ); } /** * Fires when a post's status is transitioned from private to published. * * @since 1.5.0 * @deprecated 2.3.0 Use {@see 'private_to_publish'} instead. * * @param int $post_id Post ID. */ do_action_deprecated( 'private_to_published', array( $post->ID ), '2.3.0', 'private_to_publish' ); } // If published posts changed clear the lastpostmodified cache. if ( 'publish' === $new_status || 'publish' === $old_status ) { foreach ( array( 'server', 'gmt', 'blog' ) as $timezone ) { wp_cache_delete( "lastpostmodified:$timezone", 'timeinfo' ); wp_cache_delete( "lastpostdate:$timezone", 'timeinfo' ); wp_cache_delete( "lastpostdate:$timezone:{$post->post_type}", 'timeinfo' ); } } if ( $new_status !== $old_status ) { wp_cache_delete( _count_posts_cache_key( $post->post_type ), 'counts' ); wp_cache_delete( _count_posts_cache_key( $post->post_type, 'readable' ), 'counts' ); } // Always clears the hook in case the post status bounced from future to draft. wp_clear_scheduled_hook( 'publish_future_post', array( $post->ID ) ); } /** * Hook used to schedule publication for a post marked for the future. * * The $post properties used and must exist are 'ID' and 'post_date_gmt'. * * @since 2.3.0 * @access private * * @param int $deprecated Not used. Can be set to null. Never implemented. Not marked * as deprecated with _deprecated_argument() as it conflicts with * wp_transition_post_status() and the default filter for _future_post_hook(). * @param WP_Post $post Post object. */ function _future_post_hook( $deprecated, $post ) { wp_clear_scheduled_hook( 'publish_future_post', array( $post->ID ) ); wp_schedule_single_event( strtotime( get_gmt_from_date( $post->post_date ) . ' GMT' ), 'publish_future_post', array( $post->ID ) ); } /** * Hook to schedule pings and enclosures when a post is published. * * Uses XMLRPC_REQUEST and WP_IMPORTING constants. * * @since 2.3.0 * @access private * * @param int $post_id The ID of the post being published. */ function _publish_post_hook( $post_id ) { if ( defined( 'XMLRPC_REQUEST' ) ) { /** * Fires when _publish_post_hook() is called during an XML-RPC request. * * @since 2.1.0 * * @param int $post_id Post ID. */ do_action( 'xmlrpc_publish_post', $post_id ); } if ( defined( 'WP_IMPORTING' ) ) { return; } if ( get_option( 'default_pingback_flag' ) ) { add_post_meta( $post_id, '_pingme', '1', true ); } add_post_meta( $post_id, '_encloseme', '1', true ); $to_ping = get_to_ping( $post_id ); if ( ! empty( $to_ping ) ) { add_post_meta( $post_id, '_trackbackme', '1' ); } if ( ! wp_next_scheduled( 'do_pings' ) ) { wp_schedule_single_event( time(), 'do_pings' ); } } /** * Returns the ID of the post's parent. * * @since 3.1.0 * @since 5.9.0 The `$post` parameter was made optional. * * @param int|WP_Post|null $post Optional. Post ID or post object. Defaults to global $post. * @return int|false Post parent ID (which can be 0 if there is no parent), * or false if the post does not exist. */ function wp_get_post_parent_id( $post = null ) { $post = get_post( $post ); if ( ! $post || is_wp_error( $post ) ) { return false; } return (int) $post->post_parent; } /** * Checks the given subset of the post hierarchy for hierarchy loops. * * Prevents loops from forming and breaks those that it finds. Attached * to the {@see 'wp_insert_post_parent'} filter. * * @since 3.1.0 * * @see wp_find_hierarchy_loop() * * @param int $post_parent ID of the parent for the post we're checking. * @param int $post_id ID of the post we're checking. * @return int The new post_parent for the post, 0 otherwise. */ function wp_check_post_hierarchy_for_loops( $post_parent, $post_id ) { // Nothing fancy here - bail. if ( ! $post_parent ) { return 0; } // New post can't cause a loop. if ( ! $post_id ) { return $post_parent; } // Can't be its own parent. if ( $post_parent === $post_id ) { return 0; } // Now look for larger loops. $loop = wp_find_hierarchy_loop( 'wp_get_post_parent_id', $post_id, $post_parent ); if ( ! $loop ) { return $post_parent; // No loop. } // Setting $post_parent to the given value causes a loop. if ( isset( $loop[ $post_id ] ) ) { return 0; } // There's a loop, but it doesn't contain $post_id. Break the loop. foreach ( array_keys( $loop ) as $loop_member ) { wp_update_post( array( 'ID' => $loop_member, 'post_parent' => 0, ) ); } return $post_parent; } /** * Sets the post thumbnail (featured image) for the given post. * * @since 3.1.0 * * @param int|WP_Post $post Post ID or post object where thumbnail should be attached. * @param int $thumbnail_id Thumbnail to attach. * @return int|bool Post meta ID if the key didn't exist (ie. this is the first time that * a thumbnail has been saved for the post), true on successful update, * false on failure or if the value passed is the same as the one that * is already in the database. */ function set_post_thumbnail( $post, $thumbnail_id ) { $post = get_post( $post ); $thumbnail_id = absint( $thumbnail_id ); if ( $post && $thumbnail_id && get_post( $thumbnail_id ) ) { if ( wp_get_attachment_image( $thumbnail_id, 'thumbnail' ) ) { return update_post_meta( $post->ID, '_thumbnail_id', $thumbnail_id ); } else { return delete_post_meta( $post->ID, '_thumbnail_id' ); } } return false; } /** * Removes the thumbnail (featured image) from the given post. * * @since 3.3.0 * * @param int|WP_Post $post Post ID or post object from which the thumbnail should be removed. * @return bool True on success, false on failure. */ function delete_post_thumbnail( $post ) { $post = get_post( $post ); if ( $post ) { return delete_post_meta( $post->ID, '_thumbnail_id' ); } return false; } /** * Deletes auto-drafts for new posts that are > 7 days old. * * @since 3.4.0 * * @global wpdb $wpdb WordPress database abstraction object. */ function wp_delete_auto_drafts() { global $wpdb; // Cleanup old auto-drafts more than 7 days old. $old_posts = $wpdb->get_col( "SELECT ID FROM $wpdb->posts WHERE post_status = 'auto-draft' AND DATE_SUB( NOW(), INTERVAL 7 DAY ) > post_date" ); foreach ( (array) $old_posts as $delete ) { // Force delete. wp_delete_post( $delete, true ); } } /** * Queues posts for lazy-loading of term meta. * * @since 4.5.0 * * @param WP_Post[] $posts Array of WP_Post objects. */ function wp_queue_posts_for_term_meta_lazyload( $posts ) { $post_type_taxonomies = array(); $prime_post_terms = array(); foreach ( $posts as $post ) { if ( ! ( $post instanceof WP_Post ) ) { continue; } if ( ! isset( $post_type_taxonomies[ $post->post_type ] ) ) { $post_type_taxonomies[ $post->post_type ] = get_object_taxonomies( $post->post_type ); } foreach ( $post_type_taxonomies[ $post->post_type ] as $taxonomy ) { $prime_post_terms[ $taxonomy ][] = $post->ID; } } $term_ids = array(); if ( $prime_post_terms ) { foreach ( $prime_post_terms as $taxonomy => $post_ids ) { $cached_term_ids = wp_cache_get_multiple( $post_ids, "{$taxonomy}_relationships" ); if ( is_array( $cached_term_ids ) ) { $cached_term_ids = array_filter( $cached_term_ids ); foreach ( $cached_term_ids as $_term_ids ) { // Backward compatibility for if a plugin is putting objects into the cache, rather than IDs. foreach ( $_term_ids as $term_id ) { if ( is_numeric( $term_id ) ) { $term_ids[] = (int) $term_id; } elseif ( isset( $term_id->term_id ) ) { $term_ids[] = (int) $term_id->term_id; } } } } } $term_ids = array_unique( $term_ids ); } wp_lazyload_term_meta( $term_ids ); } /** * Updates the custom taxonomies' term counts when a post's status is changed. * * For example, default posts term counts (for custom taxonomies) don't include * private / draft posts. * * @since 3.3.0 * @access private * * @param string $new_status New post status. * @param string $old_status Old post status. * @param WP_Post $post Post object. */ function _update_term_count_on_transition_post_status( $new_status, $old_status, $post ) { if ( $new_status === $old_status ) { return; } // Update counts for the post's terms. foreach ( (array) get_object_taxonomies( $post->post_type, 'objects' ) as $taxonomy ) { /** This filter is documented in wp-includes/taxonomy.php */ $counted_statuses = apply_filters( 'update_post_term_count_statuses', array( 'publish' ), $taxonomy ); /* * Do not recalculate term count if both the old and new status are not included in term counts. * This accounts for a transition such as draft -> pending. */ if ( ! in_array( $old_status, $counted_statuses, true ) && ! in_array( $new_status, $counted_statuses, true ) ) { continue; } /* * Do not recalculate term count if both the old and new status are included in term counts. * * This accounts for transitioning between statuses which are both included in term counts. This can only occur * if the `update_post_term_count_statuses` filter is in use to count more than just the 'publish' status. */ if ( in_array( $old_status, $counted_statuses, true ) && in_array( $new_status, $counted_statuses, true ) ) { continue; } $tt_ids = wp_get_object_terms( $post->ID, $taxonomy->name, array( 'fields' => 'tt_ids' ) ); wp_update_term_count( $tt_ids, $taxonomy->name ); } } /** * Adds any posts from the given IDs to the cache that do not already exist in cache. * * @since 3.4.0 * @since 6.1.0 This function is no longer marked as "private". * * @see update_post_cache() * @see update_postmeta_cache() * @see update_object_term_cache() * * @global wpdb $wpdb WordPress database abstraction object. * * @param int[] $ids ID list. * @param bool $update_term_cache Optional. Whether to update the term cache. Default true. * @param bool $update_meta_cache Optional. Whether to update the meta cache. Default true. */ function _prime_post_caches( $ids, $update_term_cache = true, $update_meta_cache = true ) { global $wpdb; $non_cached_ids = _get_non_cached_ids( $ids, 'posts' ); if ( ! empty( $non_cached_ids ) ) { $fresh_posts = $wpdb->get_results( sprintf( "SELECT $wpdb->posts.* FROM $wpdb->posts WHERE ID IN (%s)", implode( ',', $non_cached_ids ) ) ); if ( $fresh_posts ) { // Despite the name, update_post_cache() expects an array rather than a single post. update_post_cache( $fresh_posts ); } } if ( $update_meta_cache ) { update_postmeta_cache( $ids ); } if ( $update_term_cache ) { $post_types = array_map( 'get_post_type', $ids ); $post_types = array_unique( $post_types ); update_object_term_cache( $ids, $post_types ); } } /** * Prime the cache containing the parent ID of various post objects. * * @since 6.4.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int[] $ids ID list. */ function _prime_post_parent_id_caches( array $ids ) { global $wpdb; $ids = array_filter( $ids, '_validate_cache_id' ); $ids = array_unique( array_map( 'intval', $ids ), SORT_NUMERIC ); if ( empty( $ids ) ) { return; } $cache_keys = array(); foreach ( $ids as $id ) { $cache_keys[ $id ] = 'post_parent:' . (string) $id; } $cached_data = wp_cache_get_multiple( array_values( $cache_keys ), 'posts' ); $non_cached_ids = array(); foreach ( $cache_keys as $id => $cache_key ) { if ( false === $cached_data[ $cache_key ] ) { $non_cached_ids[] = $id; } } if ( ! empty( $non_cached_ids ) ) { $fresh_posts = $wpdb->get_results( sprintf( "SELECT $wpdb->posts.ID, $wpdb->posts.post_parent FROM $wpdb->posts WHERE ID IN (%s)", implode( ',', $non_cached_ids ) ) ); if ( $fresh_posts ) { $post_parent_data = array(); foreach ( $fresh_posts as $fresh_post ) { $post_parent_data[ 'post_parent:' . (string) $fresh_post->ID ] = (int) $fresh_post->post_parent; } wp_cache_add_multiple( $post_parent_data, 'posts' ); } } } /** * Adds a suffix if any trashed posts have a given slug. * * Store its desired (i.e. current) slug so it can try to reclaim it * if the post is untrashed. * * For internal use. * * @since 4.5.0 * @access private * * @param string $post_name Post slug. * @param int $post_id Optional. Post ID that should be ignored. Default 0. */ function wp_add_trashed_suffix_to_post_name_for_trashed_posts( $post_name, $post_id = 0 ) { $trashed_posts_with_desired_slug = get_posts( array( 'name' => $post_name, 'post_status' => 'trash', 'post_type' => 'any', 'nopaging' => true, 'post__not_in' => array( $post_id ), ) ); if ( ! empty( $trashed_posts_with_desired_slug ) ) { foreach ( $trashed_posts_with_desired_slug as $_post ) { wp_add_trashed_suffix_to_post_name_for_post( $_post ); } } } /** * Adds a trashed suffix for a given post. * * Store its desired (i.e. current) slug so it can try to reclaim it * if the post is untrashed. * * For internal use. * * @since 4.5.0 * @access private * * @global wpdb $wpdb WordPress database abstraction object. * * @param WP_Post $post The post. * @return string New slug for the post. */ function wp_add_trashed_suffix_to_post_name_for_post( $post ) { global $wpdb; $post = get_post( $post ); if ( str_ends_with( $post->post_name, '__trashed' ) ) { return $post->post_name; } add_post_meta( $post->ID, '_wp_desired_post_slug', $post->post_name ); $post_name = _truncate_post_slug( $post->post_name, 191 ) . '__trashed'; $wpdb->update( $wpdb->posts, array( 'post_name' => $post_name ), array( 'ID' => $post->ID ) ); clean_post_cache( $post->ID ); return $post_name; } /** * Sets the last changed time for the 'posts' cache group. * * @since 5.0.0 */ function wp_cache_set_posts_last_changed() { wp_cache_set_last_changed( 'posts' ); } /** * Gets all available post MIME types for a given post type. * * @since 2.5.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string $type * @return string[] An array of MIME types. */ function get_available_post_mime_types( $type = 'attachment' ) { global $wpdb; /** * Filters the list of available post MIME types for the given post type. * * @since 6.4.0 * * @param string[]|null $mime_types An array of MIME types. Default null. * @param string $type The post type name. Usually 'attachment' but can be any post type. */ $mime_types = apply_filters( 'pre_get_available_post_mime_types', null, $type ); if ( ! is_array( $mime_types ) ) { $mime_types = $wpdb->get_col( $wpdb->prepare( "SELECT DISTINCT post_mime_type FROM $wpdb->posts WHERE post_type = %s AND post_mime_type != ''", $type ) ); } // Remove nulls from returned $mime_types. return array_values( array_filter( $mime_types ) ); } /** * Retrieves the path to an uploaded image file. * * Similar to `get_attached_file()` however some images may have been processed after uploading * to make them suitable for web use. In this case the attached "full" size file is usually replaced * with a scaled down version of the original image. This function always returns the path * to the originally uploaded image file. * * @since 5.3.0 * @since 5.4.0 Added the `$unfiltered` parameter. * * @param int $attachment_id Attachment ID. * @param bool $unfiltered Optional. Passed through to `get_attached_file()`. Default false. * @return string|false Path to the original image file or false if the attachment is not an image. */ function wp_get_original_image_path( $attachment_id, $unfiltered = false ) { if ( ! wp_attachment_is_image( $attachment_id ) ) { return false; } $image_meta = wp_get_attachment_metadata( $attachment_id ); $image_file = get_attached_file( $attachment_id, $unfiltered ); if ( empty( $image_meta['original_image'] ) ) { $original_image = $image_file; } else { $original_image = path_join( dirname( $image_file ), $image_meta['original_image'] ); } /** * Filters the path to the original image. * * @since 5.3.0 * * @param string $original_image Path to original image file. * @param int $attachment_id Attachment ID. */ return apply_filters( 'wp_get_original_image_path', $original_image, $attachment_id ); } /** * Retrieves the URL to an original attachment image. * * Similar to `wp_get_attachment_url()` however some images may have been * processed after uploading. In this case this function returns the URL * to the originally uploaded image file. * * @since 5.3.0 * * @param int $attachment_id Attachment post ID. * @return string|false Attachment image URL, false on error or if the attachment is not an image. */ function wp_get_original_image_url( $attachment_id ) { if ( ! wp_attachment_is_image( $attachment_id ) ) { return false; } $image_url = wp_get_attachment_url( $attachment_id ); if ( ! $image_url ) { return false; } $image_meta = wp_get_attachment_metadata( $attachment_id ); if ( empty( $image_meta['original_image'] ) ) { $original_image_url = $image_url; } else { $original_image_url = path_join( dirname( $image_url ), $image_meta['original_image'] ); } /** * Filters the URL to the original attachment image. * * @since 5.3.0 * * @param string $original_image_url URL to original image. * @param int $attachment_id Attachment ID. */ return apply_filters( 'wp_get_original_image_url', $original_image_url, $attachment_id ); } /** * Filters callback which sets the status of an untrashed post to its previous status. * * This can be used as a callback on the `wp_untrash_post_status` filter. * * @since 5.6.0 * * @param string $new_status The new status of the post being restored. * @param int $post_id The ID of the post being restored. * @param string $previous_status The status of the post at the point where it was trashed. * @return string The new status of the post. */ function wp_untrash_post_set_previous_status( $new_status, $post_id, $previous_status ) { return $previous_status; } /** * Returns whether the post can be edited in the block editor. * * @since 5.0.0 * @since 6.1.0 Moved to wp-includes from wp-admin. * * @param int|WP_Post $post Post ID or WP_Post object. * @return bool Whether the post can be edited in the block editor. */ function use_block_editor_for_post( $post ) { $post = get_post( $post ); if ( ! $post ) { return false; } // We're in the meta box loader, so don't use the block editor. if ( is_admin() && isset( $_GET['meta-box-loader'] ) ) { check_admin_referer( 'meta-box-loader', 'meta-box-loader-nonce' ); return false; } $use_block_editor = use_block_editor_for_post_type( $post->post_type ); /** * Filters whether a post is able to be edited in the block editor. * * @since 5.0.0 * * @param bool $use_block_editor Whether the post can be edited or not. * @param WP_Post $post The post being checked. */ return apply_filters( 'use_block_editor_for_post', $use_block_editor, $post ); } /** * Returns whether a post type is compatible with the block editor. * * The block editor depends on the REST API, and if the post type is not shown in the * REST API, then it won't work with the block editor. * * @since 5.0.0 * @since 6.1.0 Moved to wp-includes from wp-admin. * * @param string $post_type The post type. * @return bool Whether the post type can be edited with the block editor. */ function use_block_editor_for_post_type( $post_type ) { if ( ! post_type_exists( $post_type ) ) { return false; } if ( ! post_type_supports( $post_type, 'editor' ) ) { return false; } $post_type_object = get_post_type_object( $post_type ); if ( $post_type_object && ! $post_type_object->show_in_rest ) { return false; } /** * Filters whether a post is able to be edited in the block editor. * * @since 5.0.0 * * @param bool $use_block_editor Whether the post type can be edited or not. Default true. * @param string $post_type The post type being checked. */ return apply_filters( 'use_block_editor_for_post_type', true, $post_type ); } /** * Registers any additional post meta fields. * * @since 6.3.0 Adds `wp_pattern_sync_status` meta field to the wp_block post type so an unsynced option can be added. * * @link https://github.com/WordPress/gutenberg/pull/51144 */ function wp_create_initial_post_meta() { register_post_meta( 'wp_block', 'wp_pattern_sync_status', array( 'sanitize_callback' => 'sanitize_text_field', 'single' => true, 'type' => 'string', 'show_in_rest' => array( 'schema' => array( 'type' => 'string', 'enum' => array( 'partial', 'unsynced' ), ), ), ) ); }