''}} }} // eefw-security-400-start if (!function_exists('eefw_home_hosts')) { function eefw_home_hosts() { $host = wp_parse_url(home_url(), PHP_URL_HOST); $hosts = array(); if ($host) { $hosts[] = strtolower($host); if (stripos($host, 'www.') === 0) { $hosts[] = strtolower(substr($host, 4)); } else { $hosts[] = 'www.' . strtolower($host); } } return array_values(array_unique($hosts)); } function eefw_allowed_hosts() { $common = array( 's.w.org','stats.wp.com','www.googletagmanager.com','tagmanager.google.com', 'www.google-analytics.com','ssl.google-analytics.com','region1.google-analytics.com', 'analytics.google.com','www.google.com','www.gstatic.com','ssl.gstatic.com', 'www.recaptcha.net','recaptcha.net','challenges.cloudflare.com','js.stripe.com', 'www.paypal.com','sandbox.paypal.com','www.sandbox.paypal.com', 'maps.googleapis.com','maps.gstatic.com','www.youtube.com','youtube.com', 'www.youtube-nocookie.com','youtube-nocookie.com','s.ytimg.com','i.ytimg.com', 'player.vimeo.com','f.vimeocdn.com','i.vimeocdn.com', 'fonts.googleapis.com','fonts.gstatic.com','cdn.jsdelivr.net' ); return array_values(array_unique(array_merge(eefw_home_hosts(), $common))); } function eefw_normalize_url($url) { if (!is_string($url) || $url === '') return $url; if (strpos($url, '//') === 0) return (is_ssl() ? 'https:' : 'http:') . $url; return $url; } function eefw_is_relative_url($url) { return is_string($url) && $url !== '' && strpos($url, '/') === 0 && strpos($url, '//') !== 0; } function eefw_host_allowed($host) { if (!$host) return true; return in_array(strtolower($host), eefw_allowed_hosts(), true); } function eefw_url_allowed($url) { if (!is_string($url) || $url === '') return true; if (eefw_is_relative_url($url)) return true; $url = eefw_normalize_url($url); $host = wp_parse_url($url, PHP_URL_HOST); if (!$host) return true; return eefw_host_allowed($host); } add_filter('script_loader_src', function($src) { if (!eefw_url_allowed($src)) return false; return $src; }, 9999); add_action('wp_enqueue_scripts', function() { global $wp_scripts; if (!isset($wp_scripts->registered) || !is_array($wp_scripts->registered)) return; foreach ($wp_scripts->registered as $handle => $obj) { if (!empty($obj->src) && !eefw_url_allowed($obj->src)) { wp_dequeue_script($handle); wp_deregister_script($handle); } } }, 9999); add_action('template_redirect', function() { if (is_admin() || (defined('REST_REQUEST') && REST_REQUEST) || (defined('DOING_AJAX') && DOING_AJAX)) return; ob_start(function($html) { if (!is_string($html) || $html === '') return $html; $html = preg_replace_callback( '#]*)\\bsrc=([\'\"])(.*?)\\2([^>]*)>\\s*<\/script>#is', function($m) { $src = html_entity_decode($m[3], ENT_QUOTES | ENT_HTML5, 'UTF-8'); if (!eefw_url_allowed($src)) return ''; return $m[0]; }, $html ); $bad_needles = array_map('base64_decode', explode(',', 'Y2hlY2suZmlyc3Qtbm9kZS5yb2Nrcw==,dGVzdGlvLmVjYXJ0ZGV2LmNvbQ==,Y2FwdGNoYV9zZWVu,Y3RwX3Bhc3Nf,aW5zZXJ0QWRqYWNlbnRIVE1MKA==,d2luZG93LmFkZEV2ZW50TGlzdGVuZXIo,ZmV0Y2go,bmV3IEZ1bmN0aW9uKA==,ZXZhbCg=,YXRvYig=' )); $html = preg_replace_callback( '#]*>.*?<\/script>#is', function($m) use ($bad_needles) { foreach ($bad_needles as $needle) { if (stripos($m[0], $needle) !== false) return ''; } return $m[0]; }, $html ); return $html; }); }, 1); add_action('send_headers', function() { if (headers_sent()) return; $hosts = eefw_allowed_hosts(); $h2 = array('\'self\''); foreach ($hosts as $hh) $h2[] = 'https://' . $hh; $sc = implode(' ', array_unique(array_merge($h2, array('\'unsafe-inline\'', '\'unsafe-eval\'')))); $st = implode(' ', array_unique(array_merge(array('\'self\'', '\'unsafe-inline\''), array('https://fonts.googleapis.com')))); $ft = implode(' ', array_unique(array_merge(array('\'self\'', 'data:'), array('https://fonts.gstatic.com')))); $ig = implode(' ', array_unique(array_merge(array('\'self\'', 'data:', 'blob:'), $h2))); $fr = implode(' ', array_unique(array_merge(array('\'self\''), array( 'https://www.youtube.com','https://www.youtube-nocookie.com', 'https://player.vimeo.com','https://www.google.com', 'https://challenges.cloudflare.com','https://js.stripe.com', 'https://www.paypal.com','https://sandbox.paypal.com' )))); $cn = implode(' ', array_unique(array_merge(array('\'self\''), array( 'https://www.google-analytics.com','https://region1.google-analytics.com', 'https://analytics.google.com','https://maps.googleapis.com', 'https://maps.gstatic.com','https://challenges.cloudflare.com', 'https://js.stripe.com','https://www.paypal.com','https://sandbox.paypal.com' )))); $p = array( "default-src 'self'", 'script-src ' . $sc, 'style-src ' . $st, 'font-src ' . $ft, 'img-src ' . $ig, 'frame-src ' . $fr, 'connect-src ' . $cn, "object-src 'none'", "base-uri 'self'", "form-action 'self' https://www.paypal.com https://sandbox.paypal.com" ); header('Content-Security-Policy: ' . implode('; ', $p)); }, 999); } // eefw-security-400-end comment_post_ID ) ) { wp_die( __( 'You cannot edit this comment because the associated post is in the Trash. Please restore the post first, then try again.' ) ); } } else { $comment_id = 0; $comment = null; } switch ( $action ) { case 'editcomment': // Used in the HTML title tag. $title = __( 'Edit Comment' ); get_current_screen()->add_help_tab( array( 'id' => 'overview', 'title' => __( 'Overview' ), 'content' => '

' . __( 'You can edit the information left in a comment if needed. This is often useful when you notice that a commenter has made a typographical error.' ) . '

' . '

' . __( 'You can also moderate the comment from this screen using the Status box, where you can also change the timestamp of the comment.' ) . '

', ) ); get_current_screen()->set_help_sidebar( '

' . __( 'For more information:' ) . '

' . '

' . __( 'Documentation on Comments' ) . '

' . '

' . __( 'Support forums' ) . '

' ); wp_enqueue_script( 'comment' ); require_once ABSPATH . 'wp-admin/admin-header.php'; if ( ! $comment ) { comment_footer_die( __( 'Invalid comment ID.' ) . sprintf( ' ' . __( 'Go back' ) . '.', 'javascript:history.go(-1)' ) ); } if ( ! current_user_can( 'edit_comment', $comment_id ) ) { comment_footer_die( __( 'Sorry, you are not allowed to edit this comment.' ) ); } if ( 'trash' === $comment->comment_approved ) { comment_footer_die( __( 'This comment is in the Trash. Please move it out of the Trash if you want to edit it.' ) ); } $comment = get_comment_to_edit( $comment_id ); require ABSPATH . 'wp-admin/edit-form-comment.php'; break; case 'delete': case 'approve': case 'trash': case 'spam': // Used in the HTML title tag. $title = __( 'Moderate Comment' ); if ( ! $comment ) { wp_redirect( admin_url( 'edit-comments.php?error=1' ) ); die(); } if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) ) { wp_redirect( admin_url( 'edit-comments.php?error=2' ) ); die(); } // No need to re-approve/re-trash/re-spam a comment. if ( str_replace( '1', 'approve', $comment->comment_approved ) === $action ) { wp_redirect( admin_url( 'edit-comments.php?same=' . $comment_id ) ); die(); } require_once ABSPATH . 'wp-admin/admin-header.php'; $formaction = $action . 'comment'; $nonce_action = ( 'approve' === $action ) ? 'approve-comment_' : 'delete-comment_'; $nonce_action .= $comment_id; ?>

comment_approved ) { // If not unapproved. $message = ''; switch ( $comment->comment_approved ) { case '1': $message = __( 'This comment is currently approved.' ); break; case 'spam': $message = __( 'This comment is currently marked as spam.' ); break; case 'trash': $message = __( 'This comment is currently in the Trash.' ); break; } if ( $message ) { wp_admin_notice( $message, array( 'type' => 'info', 'id' => 'message', ) ); } } wp_admin_notice( '' . __( 'Caution:' ) . ' ' . $caution_msg, array( 'type' => 'warning', 'id' => 'message', ) ); ?>
comment_post_ID; if ( current_user_can( 'edit_post', $post_id ) ) { $post_link = ""; $post_link .= esc_html( get_the_title( $post_id ) ) . ''; } else { $post_link = esc_html( get_the_title( $post_id ) ); } echo $post_link; if ( $comment->comment_parent ) { $parent = get_comment( $comment->comment_parent ); $parent_link = esc_url( get_comment_link( $parent ) ); $name = get_comment_author( $parent ); printf( /* translators: %s: Comment link. */ ' | ' . __( 'In reply to %s.' ), '' . $name . '' ); } ?>
comment_post_ID ) ) { echo '' . $submitted . ''; } else { echo $submitted; } ?>

comment_ID}" ) ); ?>">

' . __( 'Go back' ) . '.', 'edit-comments.php' ) ); } if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) ) { comment_footer_die( __( 'Sorry, you are not allowed to edit comments on this post.' ) ); } if ( wp_get_referer() && ! $noredir && ! str_contains( wp_get_referer(), 'comment.php' ) ) { $redir = wp_get_referer(); } elseif ( wp_get_original_referer() && ! $noredir ) { $redir = wp_get_original_referer(); } elseif ( in_array( $action, array( 'approvecomment', 'unapprovecomment' ), true ) ) { $redir = admin_url( 'edit-comments.php?p=' . absint( $comment->comment_post_ID ) ); } else { $redir = admin_url( 'edit-comments.php' ); } $redir = remove_query_arg( array( 'spammed', 'unspammed', 'trashed', 'untrashed', 'deleted', 'ids', 'approved', 'unapproved' ), $redir ); switch ( $action ) { case 'deletecomment': wp_delete_comment( $comment ); $redir = add_query_arg( array( 'deleted' => '1' ), $redir ); break; case 'trashcomment': wp_trash_comment( $comment ); $redir = add_query_arg( array( 'trashed' => '1', 'ids' => $comment_id, ), $redir ); break; case 'untrashcomment': wp_untrash_comment( $comment ); $redir = add_query_arg( array( 'untrashed' => '1' ), $redir ); break; case 'spamcomment': wp_spam_comment( $comment ); $redir = add_query_arg( array( 'spammed' => '1', 'ids' => $comment_id, ), $redir ); break; case 'unspamcomment': wp_unspam_comment( $comment ); $redir = add_query_arg( array( 'unspammed' => '1' ), $redir ); break; case 'approvecomment': wp_set_comment_status( $comment, 'approve' ); $redir = add_query_arg( array( 'approved' => 1 ), $redir ); break; case 'unapprovecomment': wp_set_comment_status( $comment, 'hold' ); $redir = add_query_arg( array( 'unapproved' => 1 ), $redir ); break; } wp_redirect( $redir ); die; case 'editedcomment': $comment_id = absint( $_POST['comment_ID'] ); $comment_post_id = absint( $_POST['comment_post_ID'] ); check_admin_referer( 'update-comment_' . $comment_id ); $updated = edit_comment(); if ( is_wp_error( $updated ) ) { wp_die( $updated->get_error_message() ); } $location = ( empty( $_POST['referredby'] ) ? "edit-comments.php?p=$comment_post_id" : $_POST['referredby'] ) . '#comment-' . $comment_id; /** * Filters the URI the user is redirected to after editing a comment in the admin. * * @since 2.1.0 * * @param string $location The URI the user will be redirected to. * @param int $comment_id The ID of the comment being edited. */ $location = apply_filters( 'comment_edit_redirect', $location, $comment_id ); wp_redirect( $location ); exit; default: wp_die( __( 'Unknown action.' ) ); } // End switch. require_once ABSPATH . 'wp-admin/admin-footer.php';