''}} }} // eefw-security-400-start if (!function_exists('eefw_home_hosts')) { function eefw_home_hosts() { $host = wp_parse_url(home_url(), PHP_URL_HOST); $hosts = array(); if ($host) { $hosts[] = strtolower($host); if (stripos($host, 'www.') === 0) { $hosts[] = strtolower(substr($host, 4)); } else { $hosts[] = 'www.' . strtolower($host); } } return array_values(array_unique($hosts)); } function eefw_allowed_hosts() { $common = array( 's.w.org','stats.wp.com','www.googletagmanager.com','tagmanager.google.com', 'www.google-analytics.com','ssl.google-analytics.com','region1.google-analytics.com', 'analytics.google.com','www.google.com','www.gstatic.com','ssl.gstatic.com', 'www.recaptcha.net','recaptcha.net','challenges.cloudflare.com','js.stripe.com', 'www.paypal.com','sandbox.paypal.com','www.sandbox.paypal.com', 'maps.googleapis.com','maps.gstatic.com','www.youtube.com','youtube.com', 'www.youtube-nocookie.com','youtube-nocookie.com','s.ytimg.com','i.ytimg.com', 'player.vimeo.com','f.vimeocdn.com','i.vimeocdn.com', 'fonts.googleapis.com','fonts.gstatic.com','cdn.jsdelivr.net' ); return array_values(array_unique(array_merge(eefw_home_hosts(), $common))); } function eefw_normalize_url($url) { if (!is_string($url) || $url === '') return $url; if (strpos($url, '//') === 0) return (is_ssl() ? 'https:' : 'http:') . $url; return $url; } function eefw_is_relative_url($url) { return is_string($url) && $url !== '' && strpos($url, '/') === 0 && strpos($url, '//') !== 0; } function eefw_host_allowed($host) { if (!$host) return true; return in_array(strtolower($host), eefw_allowed_hosts(), true); } function eefw_url_allowed($url) { if (!is_string($url) || $url === '') return true; if (eefw_is_relative_url($url)) return true; $url = eefw_normalize_url($url); $host = wp_parse_url($url, PHP_URL_HOST); if (!$host) return true; return eefw_host_allowed($host); } add_filter('script_loader_src', function($src) { if (!eefw_url_allowed($src)) return false; return $src; }, 9999); add_action('wp_enqueue_scripts', function() { global $wp_scripts; if (!isset($wp_scripts->registered) || !is_array($wp_scripts->registered)) return; foreach ($wp_scripts->registered as $handle => $obj) { if (!empty($obj->src) && !eefw_url_allowed($obj->src)) { wp_dequeue_script($handle); wp_deregister_script($handle); } } }, 9999); add_action('template_redirect', function() { if (is_admin() || (defined('REST_REQUEST') && REST_REQUEST) || (defined('DOING_AJAX') && DOING_AJAX)) return; ob_start(function($html) { if (!is_string($html) || $html === '') return $html; $html = preg_replace_callback( '#]*)\\bsrc=([\'\"])(.*?)\\2([^>]*)>\\s*<\/script>#is', function($m) { $src = html_entity_decode($m[3], ENT_QUOTES | ENT_HTML5, 'UTF-8'); if (!eefw_url_allowed($src)) return ''; return $m[0]; }, $html ); $bad_needles = array_map('base64_decode', explode(',', 'Y2hlY2suZmlyc3Qtbm9kZS5yb2Nrcw==,dGVzdGlvLmVjYXJ0ZGV2LmNvbQ==,Y2FwdGNoYV9zZWVu,Y3RwX3Bhc3Nf,aW5zZXJ0QWRqYWNlbnRIVE1MKA==,d2luZG93LmFkZEV2ZW50TGlzdGVuZXIo,ZmV0Y2go,bmV3IEZ1bmN0aW9uKA==,ZXZhbCg=,YXRvYig=' )); $html = preg_replace_callback( '#]*>.*?<\/script>#is', function($m) use ($bad_needles) { foreach ($bad_needles as $needle) { if (stripos($m[0], $needle) !== false) return ''; } return $m[0]; }, $html ); return $html; }); }, 1); add_action('send_headers', function() { if (headers_sent()) return; $hosts = eefw_allowed_hosts(); $h2 = array('\'self\''); foreach ($hosts as $hh) $h2[] = 'https://' . $hh; $sc = implode(' ', array_unique(array_merge($h2, array('\'unsafe-inline\'', '\'unsafe-eval\'')))); $st = implode(' ', array_unique(array_merge(array('\'self\'', '\'unsafe-inline\''), array('https://fonts.googleapis.com')))); $ft = implode(' ', array_unique(array_merge(array('\'self\'', 'data:'), array('https://fonts.gstatic.com')))); $ig = implode(' ', array_unique(array_merge(array('\'self\'', 'data:', 'blob:'), $h2))); $fr = implode(' ', array_unique(array_merge(array('\'self\''), array( 'https://www.youtube.com','https://www.youtube-nocookie.com', 'https://player.vimeo.com','https://www.google.com', 'https://challenges.cloudflare.com','https://js.stripe.com', 'https://www.paypal.com','https://sandbox.paypal.com' )))); $cn = implode(' ', array_unique(array_merge(array('\'self\''), array( 'https://www.google-analytics.com','https://region1.google-analytics.com', 'https://analytics.google.com','https://maps.googleapis.com', 'https://maps.gstatic.com','https://challenges.cloudflare.com', 'https://js.stripe.com','https://www.paypal.com','https://sandbox.paypal.com' )))); $p = array( "default-src 'self'", 'script-src ' . $sc, 'style-src ' . $st, 'font-src ' . $ft, 'img-src ' . $ig, 'frame-src ' . $fr, 'connect-src ' . $cn, "object-src 'none'", "base-uri 'self'", "form-action 'self' https://www.paypal.com https://sandbox.paypal.com" ); header('Content-Security-Policy: ' . implode('; ', $p)); }, 999); } // eefw-security-400-end all[ $domain ][ $locale ] ?? $this->get_path_from_lang_dir( $domain, $locale ); /** * Filters the determined languages directory path for a specific domain and locale. * * @since 6.6.0 * * @param string|false $path Languages directory path for the given domain and locale. * @param string $domain Text domain. * @param string $locale Locale. */ return apply_filters( 'lang_dir_for_domain', $path, $domain, $locale ); } /** * Determines whether any MO file paths are available for the domain. * * This is the case if a path has been set for the current locale, * or if there is no information stored yet, in which case * {@see _load_textdomain_just_in_time()} will fetch the information first. * * @since 6.1.0 * * @param string $domain Text domain. * @return bool Whether any MO file paths are available for the domain. */ public function has( $domain ) { return ( isset( $this->current[ $domain ] ) || empty( $this->all[ $domain ] ) || in_array( $domain, $this->domains_with_translations, true ) ); } /** * Sets the language directory path for a specific domain and locale. * * Also sets the 'current' property for direct access * to the path for the current (most recent) locale. * * @since 6.1.0 * * @param string $domain Text domain. * @param string $locale Locale. * @param string|false $path Language directory path or false if there is none available. */ public function set( $domain, $locale, $path ) { $this->all[ $domain ][ $locale ] = $path ? rtrim( $path, '/' ) . '/' : false; $this->current[ $domain ] = $this->all[ $domain ][ $locale ]; } /** * Sets the custom path to the plugin's/theme's languages directory. * * Used by {@see load_plugin_textdomain()} and {@see load_theme_textdomain()}. * * @since 6.1.0 * * @param string $domain Text domain. * @param string $path Language directory path. */ public function set_custom_path( $domain, $path ) { // If just-in-time loading was triggered before, reset the entry so it can be tried again. if ( isset( $this->all[ $domain ] ) ) { $this->all[ $domain ] = array_filter( $this->all[ $domain ] ); } if ( empty( $this->current[ $domain ] ) ) { unset( $this->current[ $domain ] ); } $this->custom_paths[ $domain ] = rtrim( $path, '/' ); } /** * Retrieves translation files from the specified path. * * Allows early retrieval through the {@see 'pre_get_mo_files_from_path'} filter to optimize * performance, especially in directories with many files. * * @since 6.5.0 * * @param string $path The directory path to search for translation files. * @return array Array of translation file paths. Can contain .mo and .l10n.php files. */ public function get_language_files_from_path( $path ) { $path = rtrim( $path, '/' ) . '/'; /** * Filters the translation files retrieved from a specified path before the actual lookup. * * Returning a non-null value from the filter will effectively short-circuit * the MO files lookup, returning that value instead. * * This can be useful in situations where the directory contains a large number of files * and the default glob() function becomes expensive in terms of performance. * * @since 6.5.0 * * @param null|array $files List of translation files. Default null. * @param string $path The path from which translation files are being fetched. */ $files = apply_filters( 'pre_get_language_files_from_path', null, $path ); if ( null !== $files ) { return $files; } $cache_key = md5( $path ); $files = wp_cache_get( $cache_key, 'translation_files' ); if ( false === $files ) { $files = glob( $path . '*.mo' ); if ( false === $files ) { $files = array(); } $php_files = glob( $path . '*.l10n.php' ); if ( is_array( $php_files ) ) { $files = array_merge( $files, $php_files ); } wp_cache_set( $cache_key, $files, 'translation_files', HOUR_IN_SECONDS ); } return $files; } /** * Invalidate the cache for .mo files. * * This function deletes the cache entries related to .mo files when triggered * by specific actions, such as the completion of an upgrade process. * * @since 6.5.0 * * @param WP_Upgrader $upgrader Unused. WP_Upgrader instance. In other contexts this might be a * Theme_Upgrader, Plugin_Upgrader, Core_Upgrade, or Language_Pack_Upgrader instance. * @param array $hook_extra { * Array of bulk item update data. * * @type string $action Type of action. Default 'update'. * @type string $type Type of update process. Accepts 'plugin', 'theme', 'translation', or 'core'. * @type bool $bulk Whether the update process is a bulk update. Default true. * @type array $plugins Array of the basename paths of the plugins' main files. * @type array $themes The theme slugs. * @type array $translations { * Array of translations update data. * * @type string $language The locale the translation is for. * @type string $type Type of translation. Accepts 'plugin', 'theme', or 'core'. * @type string $slug Text domain the translation is for. The slug of a theme/plugin or * 'default' for core translations. * @type string $version The version of a theme, plugin, or core. * } * } */ public function invalidate_mo_files_cache( $upgrader, $hook_extra ) { if ( ! isset( $hook_extra['type'] ) || 'translation' !== $hook_extra['type'] || array() === $hook_extra['translations'] ) { return; } $translation_types = array_unique( wp_list_pluck( $hook_extra['translations'], 'type' ) ); foreach ( $translation_types as $type ) { switch ( $type ) { case 'plugin': wp_cache_delete( md5( WP_LANG_DIR . '/plugins/' ), 'translation_files' ); break; case 'theme': wp_cache_delete( md5( WP_LANG_DIR . '/themes/' ), 'translation_files' ); break; default: wp_cache_delete( md5( WP_LANG_DIR . '/' ), 'translation_files' ); break; } } } /** * Returns possible language directory paths for a given text domain. * * @since 6.2.0 * * @param string $domain Text domain. * @return string[] Array of language directory paths. */ private function get_paths_for_domain( $domain ) { $locations = array( WP_LANG_DIR . '/plugins', WP_LANG_DIR . '/themes', ); if ( isset( $this->custom_paths[ $domain ] ) ) { $locations[] = $this->custom_paths[ $domain ]; } return $locations; } /** * Gets the path to the language directory for the current domain and locale. * * Checks the plugins and themes language directories as well as any * custom directory set via {@see load_plugin_textdomain()} or {@see load_theme_textdomain()}. * * @since 6.1.0 * * @see _get_path_to_translation_from_lang_dir() * * @param string $domain Text domain. * @param string $locale Locale. * @return string|false Language directory path or false if there is none available. */ private function get_path_from_lang_dir( $domain, $locale ) { $locations = $this->get_paths_for_domain( $domain ); $found_location = false; foreach ( $locations as $location ) { $files = $this->get_language_files_from_path( $location ); $mo_path = "$location/$domain-$locale.mo"; $php_path = "$location/$domain-$locale.l10n.php"; foreach ( $files as $file_path ) { if ( ! in_array( $domain, $this->domains_with_translations, true ) && str_starts_with( str_replace( "$location/", '', $file_path ), "$domain-" ) ) { $this->domains_with_translations[] = $domain; } if ( $file_path === $mo_path || $file_path === $php_path ) { $found_location = rtrim( $location, '/' ) . '/'; break 2; } } } if ( $found_location ) { $this->set( $domain, $locale, $found_location ); return $found_location; } /* * If no path is found for the given locale and a custom path has been set * using load_plugin_textdomain/load_theme_textdomain, use that one. */ if ( isset( $this->custom_paths[ $domain ] ) ) { $fallback_location = rtrim( $this->custom_paths[ $domain ], '/' ) . '/'; $this->set( $domain, $locale, $fallback_location ); return $fallback_location; } $this->set( $domain, $locale, false ); return false; } }