*/
return 'IMG';
default:
return $tag_name;
}
}
/**
* Indicates if the currently matched tag contains the self-closing flag.
*
* No HTML elements ought to have the self-closing flag and for those, the self-closing
* flag will be ignored. For void elements this is benign because they "self close"
* automatically. For non-void HTML elements though problems will appear if someone
* intends to use a self-closing element in place of that element with an empty body.
* For HTML foreign elements and custom elements the self-closing flag determines if
* they self-close or not.
*
* This function does not determine if a tag is self-closing,
* but only if the self-closing flag is present in the syntax.
*
* @since 6.6.0 Subclassed for the HTML Processor.
*
* @return bool Whether the currently matched tag contains the self-closing flag.
*/
public function has_self_closing_flag() {
return $this->is_virtual() ? false : parent::has_self_closing_flag();
}
/**
* Returns the node name represented by the token.
*
* This matches the DOM API value `nodeName`. Some values
* are static, such as `#text` for a text node, while others
* are dynamically generated from the token itself.
*
* Dynamic names:
* - Uppercase tag name for tag matches.
* - `html` for DOCTYPE declarations.
*
* Note that if the Tag Processor is not matched on a token
* then this function will return `null`, either because it
* hasn't yet found a token or because it reached the end
* of the document without matching a token.
*
* @since 6.6.0 Subclassed for the HTML Processor.
*
* @return string|null Name of the matched token.
*/
public function get_token_name() {
return $this->is_virtual()
? $this->current_element->token->node_name
: parent::get_token_name();
}
/**
* Indicates the kind of matched token, if any.
*
* This differs from `get_token_name()` in that it always
* returns a static string indicating the type, whereas
* `get_token_name()` may return values derived from the
* token itself, such as a tag name or processing
* instruction tag.
*
* Possible values:
* - `#tag` when matched on a tag.
* - `#text` when matched on a text node.
* - `#cdata-section` when matched on a CDATA node.
* - `#comment` when matched on a comment.
* - `#doctype` when matched on a DOCTYPE declaration.
* - `#presumptuous-tag` when matched on an empty tag closer.
* - `#funky-comment` when matched on a funky comment.
*
* @since 6.6.0 Subclassed for the HTML Processor.
*
* @return string|null What kind of token is matched, or null.
*/
public function get_token_type() {
if ( $this->is_virtual() ) {
/*
* This logic comes from the Tag Processor.
*
* @todo It would be ideal not to repeat this here, but it's not clearly
* better to allow passing a token name to `get_token_type()`.
*/
$node_name = $this->current_element->token->node_name;
$starting_char = $node_name[0];
if ( 'A' <= $starting_char && 'Z' >= $starting_char ) {
return '#tag';
}
if ( 'html' === $node_name ) {
return '#doctype';
}
return $node_name;
}
return parent::get_token_type();
}
/**
* Returns the value of a requested attribute from a matched tag opener if that attribute exists.
*
* Example:
*
* $p = WP_HTML_Processor::create_fragment( '
Test
' );
* $p->next_token() === true;
* $p->get_attribute( 'data-test-id' ) === '14';
* $p->get_attribute( 'enabled' ) === true;
* $p->get_attribute( 'aria-label' ) === null;
*
* $p->next_tag() === false;
* $p->get_attribute( 'class' ) === null;
*
* @since 6.6.0 Subclassed for HTML Processor.
*
* @param string $name Name of attribute whose value is requested.
* @return string|true|null Value of attribute or `null` if not available. Boolean attributes return `true`.
*/
public function get_attribute( $name ) {
return $this->is_virtual() ? null : parent::get_attribute( $name );
}
/**
* Updates or creates a new attribute on the currently matched tag with the passed value.
*
* For boolean attributes special handling is provided:
* - When `true` is passed as the value, then only the attribute name is added to the tag.
* - When `false` is passed, the attribute gets removed if it existed before.
*
* For string attributes, the value is escaped using the `esc_attr` function.
*
* @since 6.6.0 Subclassed for the HTML Processor.
*
* @param string $name The attribute name to target.
* @param string|bool $value The new attribute value.
* @return bool Whether an attribute value was set.
*/
public function set_attribute( $name, $value ) {
return $this->is_virtual() ? false : parent::set_attribute( $name, $value );
}
/**
* Remove an attribute from the currently-matched tag.
*
* @since 6.6.0 Subclassed for HTML Processor.
*
* @param string $name The attribute name to remove.
* @return bool Whether an attribute was removed.
*/
public function remove_attribute( $name ) {
return $this->is_virtual() ? false : parent::remove_attribute( $name );
}
/**
* Gets lowercase names of all attributes matching a given prefix in the current tag.
*
* Note that matching is case-insensitive. This is in accordance with the spec:
*
* > There must never be two or more attributes on
* > the same start tag whose names are an ASCII
* > case-insensitive match for each other.
* - HTML 5 spec
*
* Example:
*
* $p = new WP_HTML_Tag_Processor( 'Test
' );
* $p->next_tag( array( 'class_name' => 'test' ) ) === true;
* $p->get_attribute_names_with_prefix( 'data-' ) === array( 'data-enabled', 'data-test-id' );
*
* $p->next_tag() === false;
* $p->get_attribute_names_with_prefix( 'data-' ) === null;
*
* @since 6.6.0 Subclassed for the HTML Processor.
*
* @see https://html.spec.whatwg.org/multipage/syntax.html#attributes-2:ascii-case-insensitive
*
* @param string $prefix Prefix of requested attribute names.
* @return array|null List of attribute names, or `null` when no tag opener is matched.
*/
public function get_attribute_names_with_prefix( $prefix ) {
return $this->is_virtual() ? null : parent::get_attribute_names_with_prefix( $prefix );
}
/**
* Adds a new class name to the currently matched tag.
*
* @since 6.6.0 Subclassed for the HTML Processor.
*
* @param string $class_name The class name to add.
* @return bool Whether the class was set to be added.
*/
public function add_class( $class_name ) {
return $this->is_virtual() ? false : parent::add_class( $class_name );
}
/**
* Removes a class name from the currently matched tag.
*
* @since 6.6.0 Subclassed for the HTML Processor.
*
* @param string $class_name The class name to remove.
* @return bool Whether the class was set to be removed.
*/
public function remove_class( $class_name ) {
return $this->is_virtual() ? false : parent::remove_class( $class_name );
}
/**
* Returns if a matched tag contains the given ASCII case-insensitive class name.
*
* @since 6.6.0 Subclassed for the HTML Processor.
*
* @param string $wanted_class Look for this CSS class name, ASCII case-insensitive.
* @return bool|null Whether the matched tag contains the given class name, or null if not matched.
*/
public function has_class( $wanted_class ) {
return $this->is_virtual() ? null : parent::has_class( $wanted_class );
}
/**
* Generator for a foreach loop to step through each class name for the matched tag.
*
* This generator function is designed to be used inside a "foreach" loop.
*
* Example:
*
* $p = WP_HTML_Processor::create_fragment( "" );
* $p->next_tag();
* foreach ( $p->class_list() as $class_name ) {
* echo "{$class_name} ";
* }
* // Outputs: "free
lang-en "
*
* @since 6.6.0 Subclassed for the HTML Processor.
*/
public function class_list() {
return $this->is_virtual() ? null : parent::class_list();
}
/**
* Returns the modifiable text for a matched token, or an empty string.
*
* Modifiable text is text content that may be read and changed without
* changing the HTML structure of the document around it. This includes
* the contents of `#text` nodes in the HTML as well as the inner
* contents of HTML comments, Processing Instructions, and others, even
* though these nodes aren't part of a parsed DOM tree. They also contain
* the contents of SCRIPT and STYLE tags, of TEXTAREA tags, and of any
* other section in an HTML document which cannot contain HTML markup (DATA).
*
* If a token has no modifiable text then an empty string is returned to
* avoid needless crashing or type errors. An empty string does not mean
* that a token has modifiable text, and a token with modifiable text may
* have an empty string (e.g. a comment with no contents).
*
* @since 6.6.0 Subclassed for the HTML Processor.
*
* @return string
*/
public function get_modifiable_text() {
return $this->is_virtual() ? '' : parent::get_modifiable_text();
}
/**
* Indicates what kind of comment produced the comment node.
*
* Because there are different kinds of HTML syntax which produce
* comments, the Tag Processor tracks and exposes this as a type
* for the comment. Nominally only regular HTML comments exist as
* they are commonly known, but a number of unrelated syntax errors
* also produce comments.
*
* @see self::COMMENT_AS_ABRUPTLY_CLOSED_COMMENT
* @see self::COMMENT_AS_CDATA_LOOKALIKE
* @see self::COMMENT_AS_INVALID_HTML
* @see self::COMMENT_AS_HTML_COMMENT
* @see self::COMMENT_AS_PI_NODE_LOOKALIKE
*
* @since 6.6.0 Subclassed for the HTML Processor.
*
* @return string|null
*/
public function get_comment_type() {
return $this->is_virtual() ? null : parent::get_comment_type();
}
/**
* Removes a bookmark that is no longer needed.
*
* Releasing a bookmark frees up the small
* performance overhead it requires.
*
* @since 6.4.0
*
* @param string $bookmark_name Name of the bookmark to remove.
* @return bool Whether the bookmark already existed before removal.
*/
public function release_bookmark( $bookmark_name ) {
return parent::release_bookmark( "_{$bookmark_name}" );
}
/**
* Moves the internal cursor in the HTML Processor to a given bookmark's location.
*
* Be careful! Seeking backwards to a previous location resets the parser to the
* start of the document and reparses the entire contents up until it finds the
* sought-after bookmarked location.
*
* In order to prevent accidental infinite loops, there's a
* maximum limit on the number of times seek() can be called.
*
* @throws Exception When unable to allocate a bookmark for the next token in the input HTML document.
*
* @since 6.4.0
*
* @param string $bookmark_name Jump to the place in the document identified by this bookmark name.
* @return bool Whether the internal cursor was successfully moved to the bookmark's location.
*/
public function seek( $bookmark_name ) {
// Flush any pending updates to the document before beginning.
$this->get_updated_html();
$actual_bookmark_name = "_{$bookmark_name}";
$processor_started_at = $this->state->current_token
? $this->bookmarks[ $this->state->current_token->bookmark_name ]->start
: 0;
$bookmark_starts_at = $this->bookmarks[ $actual_bookmark_name ]->start;
$bookmark_length = $this->bookmarks[ $actual_bookmark_name ]->length;
$direction = $bookmark_starts_at > $processor_started_at ? 'forward' : 'backward';
/*
* If seeking backwards, it's possible that the sought-after bookmark exists within an element
* which has been closed before the current cursor; in other words, it has already been removed
* from the stack of open elements. This means that it's insufficient to simply pop off elements
* from the stack of open elements which appear after the bookmarked location and then jump to
* that location, as the elements which were open before won't be re-opened.
*
* In order to maintain consistency, the HTML Processor rewinds to the start of the document
* and reparses everything until it finds the sought-after bookmark.
*
* There are potentially better ways to do this: cache the parser state for each bookmark and
* restore it when seeking; store an immutable and idempotent register of where elements open
* and close.
*
* If caching the parser state it will be essential to properly maintain the cached stack of
* open elements and active formatting elements when modifying the document. This could be a
* tedious and time-consuming process as well, and so for now will not be performed.
*
* It may be possible to track bookmarks for where elements open and close, and in doing so
* be able to quickly recalculate breadcrumbs for any element in the document. It may even
* be possible to remove the stack of open elements and compute it on the fly this way.
* If doing this, the parser would need to track the opening and closing locations for all
* tokens in the breadcrumb path for any and all bookmarks. By utilizing bookmarks themselves
* this list could be automatically maintained while modifying the document. Finding the
* breadcrumbs would then amount to traversing that list from the start until the token
* being inspected. Once an element closes, if there are no bookmarks pointing to locations
* within that element, then all of these locations may be forgotten to save on memory use
* and computation time.
*/
if ( 'backward' === $direction ) {
/*
* Instead of clearing the parser state and starting fresh, calling the stack methods
* maintains the proper flags in the parser.
*/
foreach ( $this->state->stack_of_open_elements->walk_up() as $item ) {
if ( 'context-node' === $item->bookmark_name ) {
break;
}
$this->state->stack_of_open_elements->remove_node( $item );
}
foreach ( $this->state->active_formatting_elements->walk_up() as $item ) {
if ( 'context-node' === $item->bookmark_name ) {
break;
}
$this->state->active_formatting_elements->remove_node( $item );
}
parent::seek( 'context-node' );
$this->state->insertion_mode = WP_HTML_Processor_State::INSERTION_MODE_IN_BODY;
$this->state->frameset_ok = true;
$this->element_queue = array();
$this->current_element = null;
}
// When moving forwards, reparse the document until reaching the same location as the original bookmark.
if ( $bookmark_starts_at === $this->bookmarks[ $this->state->current_token->bookmark_name ]->start ) {
return true;
}
while ( $this->next_token() ) {
if ( $bookmark_starts_at === $this->bookmarks[ $this->state->current_token->bookmark_name ]->start ) {
while ( isset( $this->current_element ) && WP_HTML_Stack_Event::POP === $this->current_element->operation ) {
$this->current_element = array_shift( $this->element_queue );
}
return true;
}
}
return false;
}
/**
* Sets a bookmark in the HTML document.
*
* Bookmarks represent specific places or tokens in the HTML
* document, such as a tag opener or closer. When applying
* edits to a document, such as setting an attribute, the
* text offsets of that token may shift; the bookmark is
* kept updated with those shifts and remains stable unless
* the entire span of text in which the token sits is removed.
*
* Release bookmarks when they are no longer needed.
*
* Example:
*
* Surprising fact you may not know!
* ^ ^
* \-|-- this `H2` opener bookmark tracks the token
*
* Surprising fact you may no…
* ^ ^
* \-|-- it shifts with edits
*
* Bookmarks provide the ability to seek to a previously-scanned
* place in the HTML document. This avoids the need to re-scan
* the entire document.
*
* Example:
*
*
* ^^^^
* want to note this last item
*
* $p = new WP_HTML_Tag_Processor( $html );
* $in_list = false;
* while ( $p->next_tag( array( 'tag_closers' => $in_list ? 'visit' : 'skip' ) ) ) {
* if ( 'UL' === $p->get_tag() ) {
* if ( $p->is_tag_closer() ) {
* $in_list = false;
* $p->set_bookmark( 'resume' );
* if ( $p->seek( 'last-li' ) ) {
* $p->add_class( 'last-li' );
* }
* $p->seek( 'resume' );
* $p->release_bookmark( 'last-li' );
* $p->release_bookmark( 'resume' );
* } else {
* $in_list = true;
* }
* }
*
* if ( 'LI' === $p->get_tag() ) {
* $p->set_bookmark( 'last-li' );
* }
* }
*
* Bookmarks intentionally hide the internal string offsets
* to which they refer. They are maintained internally as
* updates are applied to the HTML document and therefore
* retain their "position" - the location to which they
* originally pointed. The inability to use bookmarks with
* functions like `substr` is therefore intentional to guard
* against accidentally breaking the HTML.
*
* Because bookmarks allocate memory and require processing
* for every applied update, they are limited and require
* a name. They should not be created with programmatically-made
* names, such as "li_{$index}" with some loop. As a general
* rule they should only be created with string-literal names
* like "start-of-section" or "last-paragraph".
*
* Bookmarks are a powerful tool to enable complicated behavior.
* Consider double-checking that you need this tool if you are
* reaching for it, as inappropriate use could lead to broken
* HTML structure or unwanted processing overhead.
*
* @since 6.4.0
*
* @param string $bookmark_name Identifies this particular bookmark.
* @return bool Whether the bookmark was successfully created.
*/
public function set_bookmark( $bookmark_name ) {
return parent::set_bookmark( "_{$bookmark_name}" );
}
/**
* Checks whether a bookmark with the given name exists.
*
* @since 6.5.0
*
* @param string $bookmark_name Name to identify a bookmark that potentially exists.
* @return bool Whether that bookmark exists.
*/
public function has_bookmark( $bookmark_name ) {
return parent::has_bookmark( "_{$bookmark_name}" );
}
/*
* HTML Parsing Algorithms
*/
/**
* Closes a P element.
*
* @since 6.4.0
*
* @throws WP_HTML_Unsupported_Exception When encountering unsupported HTML input.
*
* @see https://html.spec.whatwg.org/#close-a-p-element
*/
private function close_a_p_element() {
$this->generate_implied_end_tags( 'P' );
$this->state->stack_of_open_elements->pop_until( 'P' );
}
/**
* Closes elements that have implied end tags.
*
* @since 6.4.0
*
* @see https://html.spec.whatwg.org/#generate-implied-end-tags
*
* @param string|null $except_for_this_element Perform as if this element doesn't exist in the stack of open elements.
*/
private function generate_implied_end_tags( $except_for_this_element = null ) {
$elements_with_implied_end_tags = array(
'DD',
'DT',
'LI',
'P',
);
$current_node = $this->state->stack_of_open_elements->current_node();
while (
$current_node && $current_node->node_name !== $except_for_this_element &&
in_array( $this->state->stack_of_open_elements->current_node(), $elements_with_implied_end_tags, true )
) {
$this->state->stack_of_open_elements->pop();
}
}
/**
* Closes elements that have implied end tags, thoroughly.
*
* See the HTML specification for an explanation why this is
* different from generating end tags in the normal sense.
*
* @since 6.4.0
*
* @see WP_HTML_Processor::generate_implied_end_tags
* @see https://html.spec.whatwg.org/#generate-implied-end-tags
*/
private function generate_implied_end_tags_thoroughly() {
$elements_with_implied_end_tags = array(
'DD',
'DT',
'LI',
'P',
);
while ( in_array( $this->state->stack_of_open_elements->current_node(), $elements_with_implied_end_tags, true ) ) {
$this->state->stack_of_open_elements->pop();
}
}
/**
* Reconstructs the active formatting elements.
*
* > This has the effect of reopening all the formatting elements that were opened
* > in the current body, cell, or caption (whichever is youngest) that haven't
* > been explicitly closed.
*
* @since 6.4.0
*
* @throws WP_HTML_Unsupported_Exception When encountering unsupported HTML input.
*
* @see https://html.spec.whatwg.org/#reconstruct-the-active-formatting-elements
*
* @return bool Whether any formatting elements needed to be reconstructed.
*/
private function reconstruct_active_formatting_elements() {
/*
* > If there are no entries in the list of active formatting elements, then there is nothing
* > to reconstruct; stop this algorithm.
*/
if ( 0 === $this->state->active_formatting_elements->count() ) {
return false;
}
$last_entry = $this->state->active_formatting_elements->current_node();
if (
/*
* > If the last (most recently added) entry in the list of active formatting elements is a marker;
* > stop this algorithm.
*/
'marker' === $last_entry->node_name ||
/*
* > If the last (most recently added) entry in the list of active formatting elements is an
* > element that is in the stack of open elements, then there is nothing to reconstruct;
* > stop this algorithm.
*/
$this->state->stack_of_open_elements->contains_node( $last_entry )
) {
return false;
}
$this->last_error = self::ERROR_UNSUPPORTED;
throw new WP_HTML_Unsupported_Exception( 'Cannot reconstruct active formatting elements when advancing and rewinding is required.' );
}
/**
* Runs the adoption agency algorithm.
*
* @since 6.4.0
*
* @throws WP_HTML_Unsupported_Exception When encountering unsupported HTML input.
*
* @see https://html.spec.whatwg.org/#adoption-agency-algorithm
*/
private function run_adoption_agency_algorithm() {
$budget = 1000;
$subject = $this->get_tag();
$current_node = $this->state->stack_of_open_elements->current_node();
if (
// > If the current node is an HTML element whose tag name is subject
$current_node && $subject === $current_node->node_name &&
// > the current node is not in the list of active formatting elements
! $this->state->active_formatting_elements->contains_node( $current_node )
) {
$this->state->stack_of_open_elements->pop();
return;
}
$outer_loop_counter = 0;
while ( $budget-- > 0 ) {
if ( $outer_loop_counter++ >= 8 ) {
return;
}
/*
* > Let formatting element be the last element in the list of active formatting elements that:
* > - is between the end of the list and the last marker in the list,
* > if any, or the start of the list otherwise,
* > - and has the tag name subject.
*/
$formatting_element = null;
foreach ( $this->state->active_formatting_elements->walk_up() as $item ) {
if ( 'marker' === $item->node_name ) {
break;
}
if ( $subject === $item->node_name ) {
$formatting_element = $item;
break;
}
}
// > If there is no such element, then return and instead act as described in the "any other end tag" entry above.
if ( null === $formatting_element ) {
$this->last_error = self::ERROR_UNSUPPORTED;
throw new WP_HTML_Unsupported_Exception( 'Cannot run adoption agency when "any other end tag" is required.' );
}
// > If formatting element is not in the stack of open elements, then this is a parse error; remove the element from the list, and return.
if ( ! $this->state->stack_of_open_elements->contains_node( $formatting_element ) ) {
$this->state->active_formatting_elements->remove_node( $formatting_element );
return;
}
// > If formatting element is in the stack of open elements, but the element is not in scope, then this is a parse error; return.
if ( ! $this->state->stack_of_open_elements->has_element_in_scope( $formatting_element->node_name ) ) {
return;
}
/*
* > Let furthest block be the topmost node in the stack of open elements that is lower in the stack
* > than formatting element, and is an element in the special category. There might not be one.
*/
$is_above_formatting_element = true;
$furthest_block = null;
foreach ( $this->state->stack_of_open_elements->walk_down() as $item ) {
if ( $is_above_formatting_element && $formatting_element->bookmark_name !== $item->bookmark_name ) {
continue;
}
if ( $is_above_formatting_element ) {
$is_above_formatting_element = false;
continue;
}
if ( self::is_special( $item->node_name ) ) {
$furthest_block = $item;
break;
}
}
/*
* > If there is no furthest block, then the UA must first pop all the nodes from the bottom of the
* > stack of open elements, from the current node up to and including formatting element, then
* > remove formatting element from the list of active formatting elements, and finally return.
*/
if ( null === $furthest_block ) {
foreach ( $this->state->stack_of_open_elements->walk_up() as $item ) {
$this->state->stack_of_open_elements->pop();
if ( $formatting_element->bookmark_name === $item->bookmark_name ) {
$this->state->active_formatting_elements->remove_node( $formatting_element );
return;
}
}
}
$this->last_error = self::ERROR_UNSUPPORTED;
throw new WP_HTML_Unsupported_Exception( 'Cannot extract common ancestor in adoption agency algorithm.' );
}
$this->last_error = self::ERROR_UNSUPPORTED;
throw new WP_HTML_Unsupported_Exception( 'Cannot run adoption agency when looping required.' );
}
/**
* Inserts an HTML element on the stack of open elements.
*
* @since 6.4.0
*
* @see https://html.spec.whatwg.org/#insert-a-foreign-element
*
* @param WP_HTML_Token $token Name of bookmark pointing to element in original input HTML.
*/
private function insert_html_element( $token ) {
$this->state->stack_of_open_elements->push( $token );
}
/*
* HTML Specification Helpers
*/
/**
* Returns whether an element of a given name is in the HTML special category.
*
* @since 6.4.0
*
* @see https://html.spec.whatwg.org/#special
*
* @param string $tag_name Name of element to check.
* @return bool Whether the element of the given name is in the special category.
*/
public static function is_special( $tag_name ) {
$tag_name = strtoupper( $tag_name );
return (
'ADDRESS' === $tag_name ||
'APPLET' === $tag_name ||
'AREA' === $tag_name ||
'ARTICLE' === $tag_name ||
'ASIDE' === $tag_name ||
'BASE' === $tag_name ||
'BASEFONT' === $tag_name ||
'BGSOUND' === $tag_name ||
'BLOCKQUOTE' === $tag_name ||
'BODY' === $tag_name ||
'BR' === $tag_name ||
'BUTTON' === $tag_name ||
'CAPTION' === $tag_name ||
'CENTER' === $tag_name ||
'COL' === $tag_name ||
'COLGROUP' === $tag_name ||
'DD' === $tag_name ||
'DETAILS' === $tag_name ||
'DIR' === $tag_name ||
'DIV' === $tag_name ||
'DL' === $tag_name ||
'DT' === $tag_name ||
'EMBED' === $tag_name ||
'FIELDSET' === $tag_name ||
'FIGCAPTION' === $tag_name ||
'FIGURE' === $tag_name ||
'FOOTER' === $tag_name ||
'FORM' === $tag_name ||
'FRAME' === $tag_name ||
'FRAMESET' === $tag_name ||
'H1' === $tag_name ||
'H2' === $tag_name ||
'H3' === $tag_name ||
'H4' === $tag_name ||
'H5' === $tag_name ||
'H6' === $tag_name ||
'HEAD' === $tag_name ||
'HEADER' === $tag_name ||
'HGROUP' === $tag_name ||
'HR' === $tag_name ||
'HTML' === $tag_name ||
'IFRAME' === $tag_name ||
'IMG' === $tag_name ||
'INPUT' === $tag_name ||
'KEYGEN' === $tag_name ||
'LI' === $tag_name ||
'LINK' === $tag_name ||
'LISTING' === $tag_name ||
'MAIN' === $tag_name ||
'MARQUEE' === $tag_name ||
'MENU' === $tag_name ||
'META' === $tag_name ||
'NAV' === $tag_name ||
'NOEMBED' === $tag_name ||
'NOFRAMES' === $tag_name ||
'NOSCRIPT' === $tag_name ||
'OBJECT' === $tag_name ||
'OL' === $tag_name ||
'P' === $tag_name ||
'PARAM' === $tag_name ||
'PLAINTEXT' === $tag_name ||
'PRE' === $tag_name ||
'SCRIPT' === $tag_name ||
'SEARCH' === $tag_name ||
'SECTION' === $tag_name ||
'SELECT' === $tag_name ||
'SOURCE' === $tag_name ||
'STYLE' === $tag_name ||
'SUMMARY' === $tag_name ||
'TABLE' === $tag_name ||
'TBODY' === $tag_name ||
'TD' === $tag_name ||
'TEMPLATE' === $tag_name ||
'TEXTAREA' === $tag_name ||
'TFOOT' === $tag_name ||
'TH' === $tag_name ||
'THEAD' === $tag_name ||
'TITLE' === $tag_name ||
'TR' === $tag_name ||
'TRACK' === $tag_name ||
'UL' === $tag_name ||
'WBR' === $tag_name ||
'XMP' === $tag_name ||
// MathML.
'MI' === $tag_name ||
'MO' === $tag_name ||
'MN' === $tag_name ||
'MS' === $tag_name ||
'MTEXT' === $tag_name ||
'ANNOTATION-XML' === $tag_name ||
// SVG.
'FOREIGNOBJECT' === $tag_name ||
'DESC' === $tag_name ||
'TITLE' === $tag_name
);
}
/**
* Returns whether a given element is an HTML Void Element
*
* > area, base, br, col, embed, hr, img, input, link, meta, source, track, wbr
*
* @since 6.4.0
*
* @see https://html.spec.whatwg.org/#void-elements
*
* @param string $tag_name Name of HTML tag to check.
* @return bool Whether the given tag is an HTML Void Element.
*/
public static function is_void( $tag_name ) {
$tag_name = strtoupper( $tag_name );
return (
'AREA' === $tag_name ||
'BASE' === $tag_name ||
'BASEFONT' === $tag_name || // Obsolete but still treated as void.
'BGSOUND' === $tag_name || // Obsolete but still treated as void.
'BR' === $tag_name ||
'COL' === $tag_name ||
'EMBED' === $tag_name ||
'FRAME' === $tag_name ||
'HR' === $tag_name ||
'IMG' === $tag_name ||
'INPUT' === $tag_name ||
'KEYGEN' === $tag_name || // Obsolete but still treated as void.
'LINK' === $tag_name ||
'META' === $tag_name ||
'PARAM' === $tag_name || // Obsolete but still treated as void.
'SOURCE' === $tag_name ||
'TRACK' === $tag_name ||
'WBR' === $tag_name
);
}
/*
* Constants that would pollute the top of the class if they were found there.
*/
/**
* Indicates that the next HTML token should be parsed and processed.
*
* @since 6.4.0
*
* @var string
*/
const PROCESS_NEXT_NODE = 'process-next-node';
/**
* Indicates that the current HTML token should be reprocessed in the newly-selected insertion mode.
*
* @since 6.4.0
*
* @var string
*/
const REPROCESS_CURRENT_NODE = 'reprocess-current-node';
/**
* Indicates that the current HTML token should be processed without advancing the parser.
*
* @since 6.5.0
*
* @var string
*/
const PROCESS_CURRENT_NODE = 'process-current-node';
/**
* Indicates that the parser encountered unsupported markup and has bailed.
*
* @since 6.4.0
*
* @var string
*/
const ERROR_UNSUPPORTED = 'unsupported';
/**
* Indicates that the parser encountered more HTML tokens than it
* was able to process and has bailed.
*
* @since 6.4.0
*
* @var string
*/
const ERROR_EXCEEDED_MAX_BOOKMARKS = 'exceeded-max-bookmarks';
/**
* Unlock code that must be passed into the constructor to create this class.
*
* This class extends the WP_HTML_Tag_Processor, which has a public class
* constructor. Therefore, it's not possible to have a private constructor here.
*
* This unlock code is used to ensure that anyone calling the constructor is
* doing so with a full understanding that it's intended to be a private API.
*
* @access private
*/
const CONSTRUCTOR_UNLOCK_CODE = 'Use WP_HTML_Processor::create_fragment() instead of calling the class constructor directly.';
}
* @param string $url The request URL.
*/
'redirection' => apply_filters( 'http_request_redirection_count', 5, $url ),
/**
* Filters the version of the HTTP protocol used in a request.
*
* @since 2.7.0
* @since 5.1.0 The `$url` parameter was added.
*
* @param string $version Version of HTTP used. Accepts '1.0' and '1.1'. Default '1.0'.
* @param string $url The request URL.
*/
'httpversion' => apply_filters( 'http_request_version', '1.0', $url ),
/**
* Filters the user agent value sent with an HTTP request.
*
* @since 2.7.0
* @since 5.1.0 The `$url` parameter was added.
*
* @param string $user_agent WordPress user agent string.
* @param string $url The request URL.
*/
'user-agent' => apply_filters( 'http_headers_useragent', 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ), $url ),
/**
* Filters whether to pass URLs through wp_http_validate_url() in an HTTP request.
*
* @since 3.6.0
* @since 5.1.0 The `$url` parameter was added.
*
* @param bool $pass_url Whether to pass URLs through wp_http_validate_url(). Default false.
* @param string $url The request URL.
*/
'reject_unsafe_urls' => apply_filters( 'http_request_reject_unsafe_urls', false, $url ),
'blocking' => true,
'headers' => array(),
'cookies' => array(),
'body' => null,
'compress' => false,
'decompress' => true,
'sslverify' => true,
'sslcertificates' => ABSPATH . WPINC . '/certificates/ca-bundle.crt',
'stream' => false,
'filename' => null,
'limit_response_size' => null,
);
// Pre-parse for the HEAD checks.
$args = wp_parse_args( $args );
// By default, HEAD requests do not cause redirections.
if ( isset( $args['method'] ) && 'HEAD' === $args['method'] ) {
$defaults['redirection'] = 0;
}
$parsed_args = wp_parse_args( $args, $defaults );
/**
* Filters the arguments used in an HTTP request.
*
* @since 2.7.0
*
* @param array $parsed_args An array of HTTP request arguments.
* @param string $url The request URL.
*/
$parsed_args = apply_filters( 'http_request_args', $parsed_args, $url );
// The transports decrement this, store a copy of the original value for loop purposes.
if ( ! isset( $parsed_args['_redirection'] ) ) {
$parsed_args['_redirection'] = $parsed_args['redirection'];
}
/**
* Filters the preemptive return value of an HTTP request.
*
* Returning a non-false value from the filter will short-circuit the HTTP request and return
* early with that value. A filter should return one of:
*
* - An array containing 'headers', 'body', 'response', 'cookies', and 'filename' elements
* - A WP_Error instance
* - boolean false to avoid short-circuiting the response
*
* Returning any other value may result in unexpected behavior.
*
* @since 2.9.0
*
* @param false|array|WP_Error $response A preemptive return value of an HTTP request. Default false.
* @param array $parsed_args HTTP request arguments.
* @param string $url The request URL.
*/
$pre = apply_filters( 'pre_http_request', false, $parsed_args, $url );
if ( false !== $pre ) {
return $pre;
}
if ( function_exists( 'wp_kses_bad_protocol' ) ) {
if ( $parsed_args['reject_unsafe_urls'] ) {
$url = wp_http_validate_url( $url );
}
if ( $url ) {
$url = wp_kses_bad_protocol( $url, array( 'http', 'https', 'ssl' ) );
}
}
$parsed_url = parse_url( $url );
if ( empty( $url ) || empty( $parsed_url['scheme'] ) ) {
$response = new WP_Error( 'http_request_failed', __( 'A valid URL was not provided.' ) );
/** This action is documented in wp-includes/class-wp-http.php */
do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url );
return $response;
}
if ( $this->block_request( $url ) ) {
$response = new WP_Error( 'http_request_not_executed', __( 'User has blocked requests through HTTP.' ) );
/** This action is documented in wp-includes/class-wp-http.php */
do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url );
return $response;
}
// If we are streaming to a file but no filename was given drop it in the WP temp dir
// and pick its name using the basename of the $url.
if ( $parsed_args['stream'] ) {
if ( empty( $parsed_args['filename'] ) ) {
$parsed_args['filename'] = get_temp_dir() . basename( $url );
}
// Force some settings if we are streaming to a file and check for existence
// and perms of destination directory.
$parsed_args['blocking'] = true;
if ( ! wp_is_writable( dirname( $parsed_args['filename'] ) ) ) {
$response = new WP_Error( 'http_request_failed', __( 'Destination directory for file streaming does not exist or is not writable.' ) );
/** This action is documented in wp-includes/class-wp-http.php */
do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url );
return $response;
}
}
if ( is_null( $parsed_args['headers'] ) ) {
$parsed_args['headers'] = array();
}
// WP allows passing in headers as a string, weirdly.
if ( ! is_array( $parsed_args['headers'] ) ) {
$processed_headers = WP_Http::processHeaders( $parsed_args['headers'] );
$parsed_args['headers'] = $processed_headers['headers'];
}
// Setup arguments.
$headers = $parsed_args['headers'];
$data = $parsed_args['body'];
$type = $parsed_args['method'];
$options = array(
'timeout' => $parsed_args['timeout'],
'useragent' => $parsed_args['user-agent'],
'blocking' => $parsed_args['blocking'],
'hooks' => new WP_HTTP_Requests_Hooks( $url, $parsed_args ),
);
// Ensure redirects follow browser behavior.
$options['hooks']->register( 'requests.before_redirect', array( static::class, 'browser_redirect_compatibility' ) );
// Validate redirected URLs.
if ( function_exists( 'wp_kses_bad_protocol' ) && $parsed_args['reject_unsafe_urls'] ) {
$options['hooks']->register( 'requests.before_redirect', array( static::class, 'validate_redirects' ) );
}
if ( $parsed_args['stream'] ) {
$options['filename'] = $parsed_args['filename'];
}
if ( empty( $parsed_args['redirection'] ) ) {
$options['follow_redirects'] = false;
} else {
$options['redirects'] = $parsed_args['redirection'];
}
// Use byte limit, if we can.
if ( isset( $parsed_args['limit_response_size'] ) ) {
$options['max_bytes'] = $parsed_args['limit_response_size'];
}
// If we've got cookies, use and convert them to WpOrg\Requests\Cookie.
if ( ! empty( $parsed_args['cookies'] ) ) {
$options['cookies'] = WP_Http::normalize_cookies( $parsed_args['cookies'] );
}
// SSL certificate handling.
if ( ! $parsed_args['sslverify'] ) {
$options['verify'] = false;
$options['verifyname'] = false;
} else {
$options['verify'] = $parsed_args['sslcertificates'];
}
// All non-GET/HEAD requests should put the arguments in the form body.
if ( 'HEAD' !== $type && 'GET' !== $type ) {
$options['data_format'] = 'body';
}
/**
* Filters whether SSL should be verified for non-local requests.
*
* @since 2.8.0
* @since 5.1.0 The `$url` parameter was added.
*
* @param bool|string $ssl_verify Boolean to control whether to verify the SSL connection
* or path to an SSL certificate.
* @param string $url The request URL.
*/
$options['verify'] = apply_filters( 'https_ssl_verify', $options['verify'], $url );
// Check for proxies.
$proxy = new WP_HTTP_Proxy();
if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) {
$options['proxy'] = new WpOrg\Requests\Proxy\Http( $proxy->host() . ':' . $proxy->port() );
if ( $proxy->use_authentication() ) {
$options['proxy']->use_authentication = true;
$options['proxy']->user = $proxy->username();
$options['proxy']->pass = $proxy->password();
}
}
// Avoid issues where mbstring.func_overload is enabled.
mbstring_binary_safe_encoding();
try {
$requests_response = WpOrg\Requests\Requests::request( $url, $headers, $data, $type, $options );
// Convert the response into an array.
$http_response = new WP_HTTP_Requests_Response( $requests_response, $parsed_args['filename'] );
$response = $http_response->to_array();
// Add the original object to the array.
$response['http_response'] = $http_response;
} catch ( WpOrg\Requests\Exception $e ) {
$response = new WP_Error( 'http_request_failed', $e->getMessage() );
}
reset_mbstring_encoding();
/**
* Fires after an HTTP API response is received and before the response is returned.
*
* @since 2.8.0
*
* @param array|WP_Error $response HTTP response or WP_Error object.
* @param string $context Context under which the hook is fired.
* @param string $class HTTP transport used.
* @param array $parsed_args HTTP request arguments.
* @param string $url The request URL.
*/
do_action( 'http_api_debug', $response, 'response', 'WpOrg\Requests\Requests', $parsed_args, $url );
if ( is_wp_error( $response ) ) {
return $response;
}
if ( ! $parsed_args['blocking'] ) {
return array(
'headers' => array(),
'body' => '',
'response' => array(
'code' => false,
'message' => false,
),
'cookies' => array(),
'http_response' => null,
);
}
/**
* Filters a successful HTTP API response immediately before the response is returned.
*
* @since 2.9.0
*
* @param array $response HTTP response.
* @param array $parsed_args HTTP request arguments.
* @param string $url The request URL.
*/
return apply_filters( 'http_response', $response, $parsed_args, $url );
}
/**
* Normalizes cookies for using in Requests.
*
* @since 4.6.0
*
* @param array $cookies Array of cookies to send with the request.
* @return WpOrg\Requests\Cookie\Jar Cookie holder object.
*/
public static function normalize_cookies( $cookies ) {
$cookie_jar = new WpOrg\Requests\Cookie\Jar();
foreach ( $cookies as $name => $value ) {
if ( $value instanceof WP_Http_Cookie ) {
$attributes = array_filter(
$value->get_attributes(),
static function ( $attr ) {
return null !== $attr;
}
);
$cookie_jar[ $value->name ] = new WpOrg\Requests\Cookie( (string) $value->name, $value->value, $attributes, array( 'host-only' => $value->host_only ) );
} elseif ( is_scalar( $value ) ) {
$cookie_jar[ $name ] = new WpOrg\Requests\Cookie( (string) $name, (string) $value );
}
}
return $cookie_jar;
}
/**
* Match redirect behavior to browser handling.
*
* Changes 302 redirects from POST to GET to match browser handling. Per
* RFC 7231, user agents can deviate from the strict reading of the
* specification for compatibility purposes.
*
* @since 4.6.0
*
* @param string $location URL to redirect to.
* @param array $headers Headers for the redirect.
* @param string|array $data Body to send with the request.
* @param array $options Redirect request options.
* @param WpOrg\Requests\Response $original Response object.
*/
public static function browser_redirect_compatibility( $location, $headers, $data, &$options, $original ) {
// Browser compatibility.
if ( 302 === $original->status_code ) {
$options['type'] = WpOrg\Requests\Requests::GET;
}
}
/**
* Validate redirected URLs.
*
* @since 4.7.5
*
* @throws WpOrg\Requests\Exception On unsuccessful URL validation.
* @param string $location URL to redirect to.
*/
public static function validate_redirects( $location ) {
if ( ! wp_http_validate_url( $location ) ) {
throw new WpOrg\Requests\Exception( __( 'A valid URL was not provided.' ), 'wp_http.redirect_failed_validation' );
}
}
/**
* Tests which transports are capable of supporting the request.
*
* @since 3.2.0
* @deprecated 6.4.0 Use WpOrg\Requests\Requests::get_transport_class()
* @see WpOrg\Requests\Requests::get_transport_class()
*
* @param array $args Request arguments.
* @param string $url URL to request.
* @return string|false Class name for the first transport that claims to support the request.
* False if no transport claims to support the request.
*/
public function _get_first_available_transport( $args, $url = null ) {
$transports = array( 'curl', 'streams' );
/**
* Filters which HTTP transports are available and in what order.
*
* @since 3.7.0
* @deprecated 6.4.0 Use WpOrg\Requests\Requests::get_transport_class()
*
* @param string[] $transports Array of HTTP transports to check. Default array contains
* 'curl' and 'streams', in that order.
* @param array $args HTTP request arguments.
* @param string $url The URL to request.
*/
$request_order = apply_filters_deprecated( 'http_api_transports', array( $transports, $args, $url ), '6.4.0' );
// Loop over each transport on each HTTP request looking for one which will serve this request's needs.
foreach ( $request_order as $transport ) {
if ( in_array( $transport, $transports, true ) ) {
$transport = ucfirst( $transport );
}
$class = 'WP_Http_' . $transport;
// Check to see if this transport is a possibility, calls the transport statically.
if ( ! call_user_func( array( $class, 'test' ), $args, $url ) ) {
continue;
}
return $class;
}
return false;
}
/**
* Dispatches a HTTP request to a supporting transport.
*
* Tests each transport in order to find a transport which matches the request arguments.
* Also caches the transport instance to be used later.
*
* The order for requests is cURL, and then PHP Streams.
*
* @since 3.2.0
* @deprecated 5.1.0 Use WP_Http::request()
* @see WP_Http::request()
*
* @param string $url URL to request.
* @param array $args Request arguments.
* @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'.
* A WP_Error instance upon error.
*/
private function _dispatch_request( $url, $args ) {
static $transports = array();
$class = $this->_get_first_available_transport( $args, $url );
if ( ! $class ) {
return new WP_Error( 'http_failure', __( 'There are no HTTP transports available which can complete the requested request.' ) );
}
// Transport claims to support request, instantiate it and give it a whirl.
if ( empty( $transports[ $class ] ) ) {
$transports[ $class ] = new $class();
}
$response = $transports[ $class ]->request( $url, $args );
/** This action is documented in wp-includes/class-wp-http.php */
do_action( 'http_api_debug', $response, 'response', $class, $args, $url );
if ( is_wp_error( $response ) ) {
return $response;
}
/** This filter is documented in wp-includes/class-wp-http.php */
return apply_filters( 'http_response', $response, $args, $url );
}
/**
* Uses the POST HTTP method.
*
* Used for sending data that is expected to be in the body.
*
* @since 2.7.0
*
* @param string $url The request URL.
* @param string|array $args Optional. Override the defaults.
* @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'.
* A WP_Error instance upon error. See WP_Http::response() for details.
*/
public function post( $url, $args = array() ) {
$defaults = array( 'method' => 'POST' );
$parsed_args = wp_parse_args( $args, $defaults );
return $this->request( $url, $parsed_args );
}
/**
* Uses the GET HTTP method.
*
* Used for sending data that is expected to be in the body.
*
* @since 2.7.0
*
* @param string $url The request URL.
* @param string|array $args Optional. Override the defaults.
* @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'.
* A WP_Error instance upon error. See WP_Http::response() for details.
*/
public function get( $url, $args = array() ) {
$defaults = array( 'method' => 'GET' );
$parsed_args = wp_parse_args( $args, $defaults );
return $this->request( $url, $parsed_args );
}
/**
* Uses the HEAD HTTP method.
*
* Used for sending data that is expected to be in the body.
*
* @since 2.7.0
*
* @param string $url The request URL.
* @param string|array $args Optional. Override the defaults.
* @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'.
* A WP_Error instance upon error. See WP_Http::response() for details.
*/
public function head( $url, $args = array() ) {
$defaults = array( 'method' => 'HEAD' );
$parsed_args = wp_parse_args( $args, $defaults );
return $this->request( $url, $parsed_args );
}
/**
* Parses the responses and splits the parts into headers and body.
*
* @since 2.7.0
*
* @param string $response The full response string.
* @return array {
* Array with response headers and body.
*
* @type string $headers HTTP response headers.
* @type string $body HTTP response body.
* }
*/
public static function processResponse( $response ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid
$response = explode( "\r\n\r\n", $response, 2 );
return array(
'headers' => $response[0],
'body' => isset( $response[1] ) ? $response[1] : '',
);
}
/**
* Transforms header string into an array.
*
* @since 2.7.0
*
* @param string|array $headers The original headers. If a string is passed, it will be converted
* to an array. If an array is passed, then it is assumed to be
* raw header data with numeric keys with the headers as the values.
* No headers must be passed that were already processed.
* @param string $url Optional. The URL that was requested. Default empty.
* @return array {
* Processed string headers. If duplicate headers are encountered,
* then a numbered array is returned as the value of that header-key.
*
* @type array $response {
* @type int $code The response status code. Default 0.
* @type string $message The response message. Default empty.
* }
* @type array $newheaders The processed header data as a multidimensional array.
* @type WP_Http_Cookie[] $cookies If the original headers contain the 'Set-Cookie' key,
* an array containing `WP_Http_Cookie` objects is returned.
* }
*/
public static function processHeaders( $headers, $url = '' ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid
// Split headers, one per array element.
if ( is_string( $headers ) ) {
// Tolerate line terminator: CRLF = LF (RFC 2616 19.3).
$headers = str_replace( "\r\n", "\n", $headers );
/*
* Unfold folded header fields. LWS = [CRLF] 1*( SP | HT ) ,
* (RFC 2616 2.2).
*/
$headers = preg_replace( '/\n[ \t]/', ' ', $headers );
// Create the headers array.
$headers = explode( "\n", $headers );
}
$response = array(
'code' => 0,
'message' => '',
);
/*
* If a redirection has taken place, The headers for each page request may have been passed.
* In this case, determine the final HTTP header and parse from there.
*/
for ( $i = count( $headers ) - 1; $i >= 0; $i-- ) {
if ( ! empty( $headers[ $i ] ) && ! str_contains( $headers[ $i ], ':' ) ) {
$headers = array_splice( $headers, $i );
break;
}
}
$cookies = array();
$newheaders = array();
foreach ( (array) $headers as $tempheader ) {
if ( empty( $tempheader ) ) {
continue;
}
if ( ! str_contains( $tempheader, ':' ) ) {
$stack = explode( ' ', $tempheader, 3 );
$stack[] = '';
list( , $response['code'], $response['message']) = $stack;
continue;
}
list($key, $value) = explode( ':', $tempheader, 2 );
$key = strtolower( $key );
$value = trim( $value );
if ( isset( $newheaders[ $key ] ) ) {
if ( ! is_array( $newheaders[ $key ] ) ) {
$newheaders[ $key ] = array( $newheaders[ $key ] );
}
$newheaders[ $key ][] = $value;
} else {
$newheaders[ $key ] = $value;
}
if ( 'set-cookie' === $key ) {
$cookies[] = new WP_Http_Cookie( $value, $url );
}
}
// Cast the Response Code to an int.
$response['code'] = (int) $response['code'];
return array(
'response' => $response,
'headers' => $newheaders,
'cookies' => $cookies,
);
}
/**
* Takes the arguments for a ::request() and checks for the cookie array.
*
* If it's found, then it upgrades any basic name => value pairs to WP_Http_Cookie instances,
* which are each parsed into strings and added to the Cookie: header (within the arguments array).
* Edits the array by reference.
*
* @since 2.8.0
*
* @param array $r Full array of args passed into ::request()
*/
public static function buildCookieHeader( &$r ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid
if ( ! empty( $r['cookies'] ) ) {
// Upgrade any name => value cookie pairs to WP_HTTP_Cookie instances.
foreach ( $r['cookies'] as $name => $value ) {
if ( ! is_object( $value ) ) {
$r['cookies'][ $name ] = new WP_Http_Cookie(
array(
'name' => $name,
'value' => $value,
)
);
}
}
$cookies_header = '';
foreach ( (array) $r['cookies'] as $cookie ) {
$cookies_header .= $cookie->getHeaderValue() . '; ';
}
$cookies_header = substr( $cookies_header, 0, -2 );
$r['headers']['cookie'] = $cookies_header;
}
}
/**
* Decodes chunk transfer-encoding, based off the HTTP 1.1 specification.
*
* Based off the HTTP http_encoding_dechunk function.
*
* @link https://tools.ietf.org/html/rfc2616#section-19.4.6 Process for chunked decoding.
*
* @since 2.7.0
*
* @param string $body Body content.
* @return string Chunked decoded body on success or raw body on failure.
*/
public static function chunkTransferDecode( $body ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid
// The body is not chunked encoded or is malformed.
if ( ! preg_match( '/^([0-9a-f]+)[^\r\n]*\r\n/i', trim( $body ) ) ) {
return $body;
}
$parsed_body = '';
// We'll be altering $body, so need a backup in case of error.
$body_original = $body;
while ( true ) {
$has_chunk = (bool) preg_match( '/^([0-9a-f]+)[^\r\n]*\r\n/i', $body, $match );
if ( ! $has_chunk || empty( $match[1] ) ) {
return $body_original;
}
$length = hexdec( $match[1] );
$chunk_length = strlen( $match[0] );
// Parse out the chunk of data.
$parsed_body .= substr( $body, $chunk_length, $length );
// Remove the chunk from the raw data.
$body = substr( $body, $length + $chunk_length );
// End of the document.
if ( '0' === trim( $body ) ) {
return $parsed_body;
}
}
}
/**
* Determines whether an HTTP API request to the given URL should be blocked.
*
* Those who are behind a proxy and want to prevent access to certain hosts may do so. This will
* prevent plugins from working and core functionality, if you don't include `api.wordpress.org`.
*
* You block external URL requests by defining `WP_HTTP_BLOCK_EXTERNAL` as true in your `wp-config.php`
* file and this will only allow localhost and your site to make requests. The constant
* `WP_ACCESSIBLE_HOSTS` will allow additional hosts to go through for requests. The format of the
* `WP_ACCESSIBLE_HOSTS` constant is a comma separated list of hostnames to allow, wildcard domains
* are supported, eg `*.wordpress.org` will allow for all subdomains of `wordpress.org` to be contacted.
*
* @since 2.8.0
*
* @link https://core.trac.wordpress.org/ticket/8927 Allow preventing external requests.
* @link https://core.trac.wordpress.org/ticket/14636 Allow wildcard domains in WP_ACCESSIBLE_HOSTS
*
* @param string $uri URI of url.
* @return bool True to block, false to allow.
*/
public function block_request( $uri ) {
// We don't need to block requests, because nothing is blocked.
if ( ! defined( 'WP_HTTP_BLOCK_EXTERNAL' ) || ! WP_HTTP_BLOCK_EXTERNAL ) {
return false;
}
$check = parse_url( $uri );
if ( ! $check ) {
return true;
}
$home = parse_url( get_option( 'siteurl' ) );
// Don't block requests back to ourselves by default.
if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] === $check['host'] ) ) {
/**
* Filters whether to block local HTTP API requests.
*
* A local request is one to `localhost` or to the same host as the site itself.
*
* @since 2.8.0
*
* @param bool $block Whether to block local requests. Default false.
*/
return apply_filters( 'block_local_requests', false );
}
if ( ! defined( 'WP_ACCESSIBLE_HOSTS' ) ) {
return true;
}
static $accessible_hosts = null;
static $wildcard_regex = array();
if ( null === $accessible_hosts ) {
$accessible_hosts = preg_split( '|,\s*|', WP_ACCESSIBLE_HOSTS );
if ( str_contains( WP_ACCESSIBLE_HOSTS, '*' ) ) {
$wildcard_regex = array();
foreach ( $accessible_hosts as $host ) {
$wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) );
}
$wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i';
}
}
if ( ! empty( $wildcard_regex ) ) {
return ! preg_match( $wildcard_regex, $check['host'] );
} else {
return ! in_array( $check['host'], $accessible_hosts, true ); // Inverse logic, if it's in the array, then don't block it.
}
}
/**
* Used as a wrapper for PHP's parse_url() function that handles edgecases in < PHP 5.4.7.
*
* @deprecated 4.4.0 Use wp_parse_url()
* @see wp_parse_url()
*
* @param string $url The URL to parse.
* @return bool|array False on failure; Array of URL components on success;
* See parse_url()'s return values.
*/
protected static function parse_url( $url ) {
_deprecated_function( __METHOD__, '4.4.0', 'wp_parse_url()' );
return wp_parse_url( $url );
}
/**
* Converts a relative URL to an absolute URL relative to a given URL.
*
* If an Absolute URL is provided, no processing of that URL is done.
*
* @since 3.4.0
*
* @param string $maybe_relative_path The URL which might be relative.
* @param string $url The URL which $maybe_relative_path is relative to.
* @return string An Absolute URL, in a failure condition where the URL cannot be parsed, the relative URL will be returned.
*/
public static function make_absolute_url( $maybe_relative_path, $url ) {
if ( empty( $url ) ) {
return $maybe_relative_path;
}
$url_parts = wp_parse_url( $url );
if ( ! $url_parts ) {
return $maybe_relative_path;
}
$relative_url_parts = wp_parse_url( $maybe_relative_path );
if ( ! $relative_url_parts ) {
return $maybe_relative_path;
}
// Check for a scheme on the 'relative' URL.
if ( ! empty( $relative_url_parts['scheme'] ) ) {
return $maybe_relative_path;
}
$absolute_path = $url_parts['scheme'] . '://';
// Schemeless URLs will make it this far, so we check for a host in the relative URL
// and convert it to a protocol-URL.
if ( isset( $relative_url_parts['host'] ) ) {
$absolute_path .= $relative_url_parts['host'];
if ( isset( $relative_url_parts['port'] ) ) {
$absolute_path .= ':' . $relative_url_parts['port'];
}
} else {
$absolute_path .= $url_parts['host'];
if ( isset( $url_parts['port'] ) ) {
$absolute_path .= ':' . $url_parts['port'];
}
}
// Start off with the absolute URL path.
$path = ! empty( $url_parts['path'] ) ? $url_parts['path'] : '/';
// If it's a root-relative path, then great.
if ( ! empty( $relative_url_parts['path'] ) && '/' === $relative_url_parts['path'][0] ) {
$path = $relative_url_parts['path'];
// Else it's a relative path.
} elseif ( ! empty( $relative_url_parts['path'] ) ) {
// Strip off any file components from the absolute path.
$path = substr( $path, 0, strrpos( $path, '/' ) + 1 );
// Build the new path.
$path .= $relative_url_parts['path'];
// Strip all /path/../ out of the path.
while ( strpos( $path, '../' ) > 1 ) {
$path = preg_replace( '![^/]+/\.\./!', '', $path );
}
// Strip any final leading ../ from the path.
$path = preg_replace( '!^/(\.\./)+!', '', $path );
}
// Add the query string.
if ( ! empty( $relative_url_parts['query'] ) ) {
$path .= '?' . $relative_url_parts['query'];
}
// Add the fragment.
if ( ! empty( $relative_url_parts['fragment'] ) ) {
$path .= '#' . $relative_url_parts['fragment'];
}
return $absolute_path . '/' . ltrim( $path, '/' );
}
/**
* Handles an HTTP redirect and follows it if appropriate.
*
* @since 3.7.0
*
* @param string $url The URL which was requested.
* @param array $args The arguments which were used to make the request.
* @param array $response The response of the HTTP request.
* @return array|false|WP_Error An HTTP API response array if the redirect is successfully followed,
* false if no redirect is present, or a WP_Error object if there's an error.
*/
public static function handle_redirects( $url, $args, $response ) {
// If no redirects are present, or, redirects were not requested, perform no action.
if ( ! isset( $response['headers']['location'] ) || 0 === $args['_redirection'] ) {
return false;
}
// Only perform redirections on redirection http codes.
if ( $response['response']['code'] > 399 || $response['response']['code'] < 300 ) {
return false;
}
// Don't redirect if we've run out of redirects.
if ( $args['redirection']-- <= 0 ) {
return new WP_Error( 'http_request_failed', __( 'Too many redirects.' ) );
}
$redirect_location = $response['headers']['location'];
// If there were multiple Location headers, use the last header specified.
if ( is_array( $redirect_location ) ) {
$redirect_location = array_pop( $redirect_location );
}
$redirect_location = WP_Http::make_absolute_url( $redirect_location, $url );
// POST requests should not POST to a redirected location.
if ( 'POST' === $args['method'] ) {
if ( in_array( $response['response']['code'], array( 302, 303 ), true ) ) {
$args['method'] = 'GET';
}
}
// Include valid cookies in the redirect process.
if ( ! empty( $response['cookies'] ) ) {
foreach ( $response['cookies'] as $cookie ) {
if ( $cookie->test( $redirect_location ) ) {
$args['cookies'][] = $cookie;
}
}
}
return wp_remote_request( $redirect_location, $args );
}
/**
* Determines if a specified string represents an IP address or not.
*
* This function also detects the type of the IP address, returning either
* '4' or '6' to represent an IPv4 and IPv6 address respectively.
* This does not verify if the IP is a valid IP, only that it appears to be
* an IP address.
*
* @link http://home.deds.nl/~aeron/regex/ for IPv6 regex.
*
* @since 3.7.0
*
* @param string $maybe_ip A suspected IP address.
* @return int|false Upon success, '4' or '6' to represent an IPv4 or IPv6 address, false upon failure.
*/
public static function is_ip_address( $maybe_ip ) {
if ( preg_match( '/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $maybe_ip ) ) {
return 4;
}
if ( str_contains( $maybe_ip, ':' ) && preg_match( '/^(((?=.*(::))(?!.*\3.+\3))\3?|([\dA-F]{1,4}(\3|:\b|$)|\2))(?4){5}((?4){2}|(((2[0-4]|1\d|[1-9])?\d|25[0-5])\.?\b){4})$/i', trim( $maybe_ip, ' []' ) ) ) {
return 6;
}
return false;
}
}
roxy->use_authentication() ) {
$headers .= $proxy->authentication_header() . "\r\n";
}
$headers .= "\r\n";
if ( ! is_null( $parsed_args['body'] ) ) {
$headers .= $parsed_args['body'];
}
fwrite( $handle, $headers );
if ( ! $parsed_args['blocking'] ) {
stream_set_blocking( $handle, 0 );
fclose( $handle );
return array(
'headers' => array(),
'body' => '',
'response' => array(
'code' => false,
'message' => false,
),
'cookies' => array(),
);
}
$response = '';
$body_started = false;
$keep_reading = true;
$block_size = 4096;
if ( isset( $parsed_args['limit_response_size'] ) ) {
$block_size = min( $block_size, $parsed_args['limit_response_size'] );
}
// If streaming to a file setup the file handle.
if ( $parsed_args['stream'] ) {
if ( ! WP_DEBUG ) {
$stream_handle = @fopen( $parsed_args['filename'], 'w+' );
} else {
$stream_handle = fopen( $parsed_args['filename'], 'w+' );
}
if ( ! $stream_handle ) {
return new WP_Error(
'http_request_failed',
sprintf(
/* translators: 1: fopen(), 2: File name. */
__( 'Could not open handle for %1$s to %2$s.' ),
'fopen()',
$parsed_args['filename']
)
);
}
$bytes_written = 0;
while ( ! feof( $handle ) && $keep_reading ) {
$block = fread( $handle, $block_size );
if ( ! $body_started ) {
$response .= $block;
if ( strpos( $response, "\r\n\r\n" ) ) {
$processed_response = WP_Http::processResponse( $response );
$body_started = true;
$block = $processed_response['body'];
unset( $response );
$processed_response['body'] = '';
}
}
$this_block_size = strlen( $block );
if ( isset( $parsed_args['limit_response_size'] )
&& ( $bytes_written + $this_block_size ) > $parsed_args['limit_response_size']
) {
$this_block_size = ( $parsed_args['limit_response_size'] - $bytes_written );
$block = substr( $block, 0, $this_block_size );
}
$bytes_written_to_file = fwrite( $stream_handle, $block );
if ( $bytes_written_to_file !== $this_block_size ) {
fclose( $handle );
fclose( $stream_handle );
return new WP_Error( 'http_request_failed', __( 'Failed to write request to temporary file.' ) );
}
$bytes_written += $bytes_written_to_file;
$keep_reading = (
! isset( $parsed_args['limit_response_size'] )
|| $bytes_written < $parsed_args['limit_response_size']
);
}
fclose( $stream_handle );
} else {
$header_length = 0;
while ( ! feof( $handle ) && $keep_reading ) {
$block = fread( $handle, $block_size );
$response .= $block;
if ( ! $body_started && strpos( $response, "\r\n\r\n" ) ) {
$header_length = strpos( $response, "\r\n\r\n" ) + 4;
$body_started = true;
}
$keep_reading = (
! $body_started
|| ! isset( $parsed_args['limit_response_size'] )
|| strlen( $response ) < ( $header_length + $parsed_args['limit_response_size'] )
);
}
$processed_response = WP_Http::processResponse( $response );
unset( $response );
}
fclose( $handle );
$processed_headers = WP_Http::processHeaders( $processed_response['headers'], $url );
$response = array(
'headers' => $processed_headers['headers'],
// Not yet processed.
'body' => null,
'response' => $processed_headers['response'],
'cookies' => $processed_headers['cookies'],
'filename' => $parsed_args['filename'],
);
// Handle redirects.
$redirect_response = WP_Http::handle_redirects( $url, $parsed_args, $response );
if ( false !== $redirect_response ) {
return $redirect_response;
}
// If the body was chunk encoded, then decode it.
if ( ! empty( $processed_response['body'] )
&& isset( $processed_headers['headers']['transfer-encoding'] )
&& 'chunked' === $processed_headers['headers']['transfer-encoding']
) {
$processed_response['body'] = WP_Http::chunkTransferDecode( $processed_response['body'] );
}
if ( true ==