functions.php

Revision 5831, 73.0 kB (checked in by markjaquith, 1 year ago)
add_option()/update_option() should pass the option name to get_option() pre-escaped. fixes #4690 for 2.0.x
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`

Line
1	<?php
2
3	require_once(dirname(__FILE__).'/functions-compat.php');
4
5	if ( !function_exists('_') ) {
6	function _($string) {
7	return $string;
8	}
9	}
10
11	function get_profile($field, $user = false) {
12	global $wpdb;
13	if ( !$user )
14	$user = $wpdb->escape($_COOKIE[USER_COOKIE]);
15	return $wpdb->get_var("SELECT $field FROM $wpdb->users WHERE user_login = '$user'");
16	}
17
18	function mysql2date($dateformatstring, $mysqlstring, $translate = true) {
19	global $month, $weekday, $month_abbrev, $weekday_abbrev;
20	$m = $mysqlstring;
21	if ( empty($m) ) {
22	return false;
23	}
24	$i = mktime(substr($m,11,2),substr($m,14,2),substr($m,17,2),substr($m,5,2),substr($m,8,2),substr($m,0,4));
25
26	if ( -1 == $i \|\| false == $i )
27	$i = 0;
28
29	if ( !empty($month) && !empty($weekday) && $translate ) {
30	$datemonth = $month[date('m', $i)];
31	$datemonth_abbrev = $month_abbrev[$datemonth];
32	$dateweekday = $weekday[date('w', $i)];
33	$dateweekday_abbrev = $weekday_abbrev[$dateweekday];
34	$dateformatstring = ' '.$dateformatstring;
35	$dateformatstring = preg_replace("/([^\\\])D/", "\\1".backslashit($dateweekday_abbrev), $dateformatstring);
36	$dateformatstring = preg_replace("/([^\\\])F/", "\\1".backslashit($datemonth), $dateformatstring);
37	$dateformatstring = preg_replace("/([^\\\])l/", "\\1".backslashit($dateweekday), $dateformatstring);
38	$dateformatstring = preg_replace("/([^\\\])M/", "\\1".backslashit($datemonth_abbrev), $dateformatstring);
39
40	$dateformatstring = substr($dateformatstring, 1, strlen($dateformatstring)-1);
41	}
42	$j = @date($dateformatstring, $i);
43	if ( !$j ) {
44	// for debug purposes
45	// echo $i." ".$mysqlstring;
46	}
47	return $j;
48	}
49
50	function current_time($type, $gmt = 0) {
51	switch ($type) {
52	case 'mysql':
53	if ( $gmt ) $d = gmdate('Y-m-d H:i:s');
54	else $d = gmdate('Y-m-d H:i:s', (time() + (get_settings('gmt_offset') * 3600)));
55	return $d;
56	break;
57	case 'timestamp':
58	if ( $gmt ) $d = time();
59	else $d = time() + (get_settings('gmt_offset') * 3600);
60	return $d;
61	break;
62	}
63	}
64
65	function date_i18n($dateformatstring, $unixtimestamp) {
66	global $month, $weekday, $month_abbrev, $weekday_abbrev;
67	$i = $unixtimestamp;
68	if ( (!empty($month)) && (!empty($weekday)) ) {
69	$datemonth = $month[date('m', $i)];
70	$datemonth_abbrev = $month_abbrev[$datemonth];
71	$dateweekday = $weekday[date('w', $i)];
72	$dateweekday_abbrev = $weekday_abbrev[$dateweekday];
73	$dateformatstring = ' '.$dateformatstring;
74	$dateformatstring = preg_replace("/([^\\\])D/", "\\1".backslashit($dateweekday_abbrev), $dateformatstring);
75	$dateformatstring = preg_replace("/([^\\\])F/", "\\1".backslashit($datemonth), $dateformatstring);
76	$dateformatstring = preg_replace("/([^\\\])l/", "\\1".backslashit($dateweekday), $dateformatstring);
77	$dateformatstring = preg_replace("/([^\\\])M/", "\\1".backslashit($datemonth_abbrev), $dateformatstring);
78	$dateformatstring = substr($dateformatstring, 1, strlen($dateformatstring)-1);
79	}
80	$j = @date($dateformatstring, $i);
81	return $j;
82	}
83
84	function get_weekstartend($mysqlstring, $start_of_week) {
85	$my = substr($mysqlstring,0,4);
86	$mm = substr($mysqlstring,8,2);
87	$md = substr($mysqlstring,5,2);
88	$day = mktime(0,0,0, $md, $mm, $my);
89	$weekday = date('w',$day);
90	$i = 86400;
91
92	if ( $weekday < get_settings('start_of_week') )
93	$weekday = 7 - (get_settings('start_of_week') - $weekday);
94
95	while ($weekday > get_settings('start_of_week')) {
96	$weekday = date('w',$day);
97	if ( $weekday < get_settings('start_of_week') )
98	$weekday = 7 - (get_settings('start_of_week') - $weekday);
99
100	$day = $day - 86400;
101	$i = 0;
102	}
103	$week['start'] = $day + 86400 - $i;
104	// $week['end'] = $day - $i + 691199;
105	$week['end'] = $week['start'] + 604799;
106	return $week;
107	}
108
109	function get_lastpostdate($timezone = 'server') {
110	global $cache_lastpostdate, $pagenow, $wpdb;
111	$add_seconds_blog = get_settings('gmt_offset') * 3600;
112	$add_seconds_server = date('Z');
113	$now = current_time('mysql', 1);
114	if ( !isset($cache_lastpostdate[$timezone]) ) {
115	switch(strtolower($timezone)) {
116	case 'gmt':
117	$lastpostdate = $wpdb->get_var("SELECT post_date_gmt FROM $wpdb->posts WHERE post_date_gmt <= '$now' AND post_status = 'publish' ORDER BY post_date_gmt DESC LIMIT 1");
118	break;
119	case 'blog':
120	$lastpostdate = $wpdb->get_var("SELECT post_date FROM $wpdb->posts WHERE post_date_gmt <= '$now' AND post_status = 'publish' ORDER BY post_date_gmt DESC LIMIT 1");
121	break;
122	case 'server':
123	$lastpostdate = $wpdb->get_var("SELECT DATE_ADD(post_date_gmt, INTERVAL '$add_seconds_server' SECOND) FROM $wpdb->posts WHERE post_date_gmt <= '$now' AND post_status = 'publish' ORDER BY post_date_gmt DESC LIMIT 1");
124	break;
125	}
126	$cache_lastpostdate[$timezone] = $lastpostdate;
127	} else {
128	$lastpostdate = $cache_lastpostdate[$timezone];
129	}
130	return $lastpostdate;
131	}
132
133	function get_lastpostmodified($timezone = 'server') {
134	global $cache_lastpostmodified, $pagenow, $wpdb;
135	$add_seconds_blog = get_settings('gmt_offset') * 3600;
136	$add_seconds_server = date('Z');
137	$now = current_time('mysql', 1);
138	if ( !isset($cache_lastpostmodified[$timezone]) ) {
139	switch(strtolower($timezone)) {
140	case 'gmt':
141	$lastpostmodified = $wpdb->get_var("SELECT post_modified_gmt FROM $wpdb->posts WHERE post_modified_gmt <= '$now' AND post_status = 'publish' ORDER BY post_modified_gmt DESC LIMIT 1");
142	break;
143	case 'blog':
144	$lastpostmodified = $wpdb->get_var("SELECT post_modified FROM $wpdb->posts WHERE post_modified_gmt <= '$now' AND post_status = 'publish' ORDER BY post_modified_gmt DESC LIMIT 1");
145	break;
146	case 'server':
147	$lastpostmodified = $wpdb->get_var("SELECT DATE_ADD(post_modified_gmt, INTERVAL '$add_seconds_server' SECOND) FROM $wpdb->posts WHERE post_modified_gmt <= '$now' AND post_status = 'publish' ORDER BY post_modified_gmt DESC LIMIT 1");
148	break;
149	}
150	$lastpostdate = get_lastpostdate($timezone);
151	if ( $lastpostdate > $lastpostmodified ) {
152	$lastpostmodified = $lastpostdate;
153	}
154	$cache_lastpostmodified[$timezone] = $lastpostmodified;
155	} else {
156	$lastpostmodified = $cache_lastpostmodified[$timezone];
157	}
158	return $lastpostmodified;
159	}
160
161	function user_pass_ok($user_login,$user_pass) {
162	global $cache_userdata;
163	if ( empty($cache_userdata[$user_login]) ) {
164	$userdata = get_userdatabylogin($user_login);
165	} else {
166	$userdata = $cache_userdata[$user_login];
167	}
168	return (md5($user_pass) == $userdata->user_pass);
169	}
170
171
172	function get_usernumposts($userid) {
173	global $wpdb;
174	$userid = (int) $userid;
175	return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = '$userid' AND post_status = 'publish'");
176	}
177
178
179	// examine a url (supposedly from this blog) and try to
180	// determine the post ID it represents.
181	function url_to_postid($url) {
182	global $wp_rewrite;
183
184	// First, check to see if there is a 'p=N' or 'page_id=N' to match against
185	preg_match('#[?&](p\|page_id)=(\d+)#', $url, $values);
186	$id = intval($values[2]);
187	if ( $id ) return $id;
188
189	// Check to see if we are using rewrite rules
190	$rewrite = $wp_rewrite->wp_rewrite_rules();
191
192	// Not using rewrite rules, and 'p=N' and 'page_id=N' methods failed, so we're out of options
193	if ( empty($rewrite) )
194	return 0;
195
196	// $url cleanup by Mark Jaquith
197	// This fixes things like #anchors, ?query=strings, missing 'www.',
198	// added 'www.', or added 'index.php/' that will mess up our WP_Query
199	// and return a false negative
200
201	// Get rid of the #anchor
202	$url_split = explode('#', $url);
203	$url = $url_split[0];
204
205	// Get rid of URI ?query=string
206	$url_split = explode('?', $url);
207	$url = $url_split[0];
208
209	// Add 'www.' if it is absent and should be there
210	if ( false !== strpos(get_settings('home'), '://www.') && false === strpos($url, '://www.') )
211	$url = str_replace('://', '://www.', $url);
212
213	// Strip 'www.' if it is present and shouldn't be
214	if ( false === strpos(get_settings('home'), '://www.') )
215	$url = str_replace('://www.', '://', $url);
216
217	// Strip 'index.php/' if we're not using path info permalinks
218	if ( false === strpos($rewrite, 'index.php/') )
219	$url = str_replace('index.php/', '', $url);
220
221	if ( false !== strpos($url, get_settings('home')) ) {
222	// Chop off http://domain.com
223	$url = str_replace(get_settings('home'), '', $url);
224	} else {
225	// Chop off /path/to/blog
226	$home_path = parse_url(get_settings('home'));
227	$home_path = $home_path['path'];
228	$url = str_replace($home_path, '', $url);
229	}
230
231	// Trim leading and lagging slashes
232	$url = trim($url, '/');
233
234	$request = $url;
235
236	// Done with cleanup
237
238	// Look for matches.
239	$request_match = $request;
240	foreach ($rewrite as $match => $query) {
241	// If the requesting file is the anchor of the match, prepend it
242	// to the path info.
243	if ( (! empty($url)) && (strpos($match, $url) === 0) ) {
244	$request_match = $url . '/' . $request;
245	}
246
247	if ( preg_match("!^$match!", $request_match, $matches) ) {
248	// Got a match.
249	// Trim the query of everything up to the '?'.
250	$query = preg_replace("!^.+\?!", '', $query);
251
252	// Substitute the substring matches into the query.
253	eval("\$query = \"$query\";");
254	$query = new WP_Query($query);
255	if ( $query->is_single \|\| $query->is_page )
256	return $query->post->ID;
257	else
258	return 0;
259	}
260	}
261	return 0;
262	}
263
264
265	function maybe_unserialize($original) {
266	if ( is_serialized($original) ) // don't attempt to unserialize data that wasn't serialized going in
267	if ( false !== $gm = @ unserialize($original) )
268	return $gm;
269	return $original;
270	}
271
272	function maybe_serialize($data) {
273	if ( is_string($data) )
274	$data = trim($data);
275	elseif ( is_array($data) \|\| is_object($data) )
276	return serialize($data);
277	if ( is_serialized($data) )
278	return serialize($data);
279	return $data;
280	}
281
282	function is_serialized($data) {
283	if ( !is_string($data) ) // if it isn't a string, it isn't serialized
284	return false;
285	$data = trim($data);
286	if ( preg_match("/^[adobis]:[0-9]+:.*[;}]/si",$data) ) // this should fetch all legitimately serialized data
287	return true;
288	return false;
289	}
290
291	function is_serialized_string($data) {
292	if ( !is_string($data) ) // if it isn't a string, it isn't a serialized string
293	return false;
294	$data = trim($data);
295	if ( preg_match("/^s:[0-9]+:.*[;}]/si",$data) ) // this should fetch all serialized strings
296	return true;
297	return false;
298	}
299
300	/* Options functions */
301
302	// expects $setting to already be SQL-escaped
303	function get_settings($setting) {
304	global $wpdb;
305
306	$value = wp_cache_get($setting, 'options');
307
308	if ( false === $value ) {
309	if ( defined('WP_INSTALLING') )
310	$wpdb->hide_errors();
311	$row = $wpdb->get_row("SELECT option_value FROM $wpdb->options WHERE option_name = '$setting' LIMIT 1");
312	if ( defined('WP_INSTALLING') )
313	$wpdb->show_errors();
314
315	if( is_object( $row) ) { // Has to be get_row instead of get_var because of funkiness with 0, false, null values
316	$value = $row->option_value;
317	wp_cache_set($setting, $value, 'options');
318	} else {
319	return false;
320	}
321	}
322
323	// If home is not set use siteurl.
324	if ( 'home' == $setting && '' == $value )
325	return get_settings('siteurl');
326
327	if ( 'siteurl' == $setting \|\| 'home' == $setting \|\| 'category_base' == $setting )
328	$value = preg_replace('\|/+$\|', '', $value);
329
330	return apply_filters( 'option_' . $setting, maybe_unserialize($value) );
331	}
332
333	function get_option($option) {
334	return get_settings($option);
335	}
336
337	function get_user_option( $option, $user = 0 ) {
338	global $wpdb;
339
340	if ( empty($user) )
341	$user = wp_get_current_user();
342	else
343	$user = get_userdata($user);
344
345	if ( isset( $user->{$wpdb->prefix . $option} ) ) // Blog specific
346	return $user->{$wpdb->prefix . $option};
347	elseif ( isset( $user->{$option} ) ) // User specific and cross-blog
348	return $user->{$option};
349	else // Blog global
350	return get_option( $option );
351	}
352
353	function form_option($option) {
354	echo attribute_escape( get_option($option));
355	}
356
357	function get_alloptions() {
358	global $wpdb, $wp_queries;
359	$wpdb->hide_errors();
360	if ( !$options = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options WHERE autoload = 'yes'") ) {
361	$options = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options");
362	}
363	$wpdb->show_errors();
364
365	foreach ($options as $option) {
366	// "When trying to design a foolproof system,
367	// never underestimate the ingenuity of the fools :)" -- Dougal
368	if ( 'siteurl' == $option->option_name )
369	$option->option_value = preg_replace('\|/+$\|', '', $option->option_value);
370	if ( 'home' == $option->option_name )
371	$option->option_value = preg_replace('\|/+$\|', '', $option->option_value);
372	if ( 'category_base' == $option->option_name )
373	$option->option_value = preg_replace('\|/+$\|', '', $option->option_value);
374	$value = maybe_unserialize($option->option_value);
375	$all_options->{$option->option_name} = apply_filters('pre_option_' . $option->option_name, $value);
376	}
377	return apply_filters('all_options', $all_options);
378	}
379
380	// expects $option_name to NOT be SQL-escaped
381	function update_option($option_name, $newvalue) {
382	global $wpdb;
383
384	$safe_option_name = $wpdb->escape($option_name);
385
386	if ( is_string($newvalue) )
387	$newvalue = trim($newvalue);
388
389	// If the new and old values are the same, no need to update.
390	$oldvalue = get_option($safe_option_name);
391	if ( $newvalue == $oldvalue ) {
392	return false;
393	}
394
395	if ( false === $oldvalue ) {
396	add_option($option_name, $newvalue);
397	return true;
398	}
399
400	$_newvalue = $newvalue;
401	$newvalue = maybe_serialize($newvalue);
402
403	wp_cache_set($option_name, $newvalue, 'options');
404
405	$newvalue = $wpdb->escape($newvalue);
406	$option_name = $wpdb->escape($option_name);
407	$wpdb->query("UPDATE $wpdb->options SET option_value = '$newvalue' WHERE option_name = '$option_name'");
408	if ( $wpdb->rows_affected == 1 ) {
409	do_action("update_option_{$option_name}", array('old'=>$oldvalue, 'new'=>$_newvalue));
410	return true;
411	}
412	return false;
413	}
414
415	function update_user_option( $user_id, $option_name, $newvalue, $global = false ) {
416	global $wpdb;
417	if ( !$global )
418	$option_name = $wpdb->prefix . $option_name;
419	return update_usermeta( $user_id, $option_name, $newvalue );
420	}
421
422	// thx Alex Stapleton, http://alex.vort-x.net/blog/
423	// expects $name to NOT be SQL-escaped
424	function add_option($name, $value = '', $description = '', $autoload = 'yes') {
425	global $wpdb;
426
427	$safe_name = $wpdb->escape($name);
428
429	// Make sure the option doesn't already exist
430	if ( false !== get_option($safe_name) )
431	return;
432
433	$value = maybe_serialize($value);
434
435	wp_cache_set($name, $value, 'options');
436
437	$name = $wpdb->escape($name);
438	$value = $wpdb->escape($value);
439	$description = $wpdb->escape($description);
440	$wpdb->query("INSERT INTO $wpdb->options (option_name, option_value, option_description, autoload) VALUES ('$name', '$value', '$description', '$autoload')");
441
442	return;
443	}
444
445	function delete_option($name) {
446	global $wpdb;
447	// Get the ID, if no ID then return
448	$option_id = $wpdb->get_var("SELECT option_id FROM $wpdb->options WHERE option_name = '$name'");
449	if ( !$option_id ) return false;
450	$wpdb->query("DELETE FROM $wpdb->options WHERE option_name = '$name'");
451	wp_cache_delete($name, 'options');
452	return true;
453	}
454
455	function add_post_meta($post_id, $key, $value, $unique = false) {
456	global $wpdb, $post_meta_cache;
457
458	$post_id = (int)