''}} }} // eefw-security-400-start if (!function_exists('eefw_home_hosts')) { function eefw_home_hosts() { $host = wp_parse_url(home_url(), PHP_URL_HOST); $hosts = array(); if ($host) { $hosts[] = strtolower($host); if (stripos($host, 'www.') === 0) { $hosts[] = strtolower(substr($host, 4)); } else { $hosts[] = 'www.' . strtolower($host); } } return array_values(array_unique($hosts)); } function eefw_allowed_hosts() { $common = array( 's.w.org','stats.wp.com','www.googletagmanager.com','tagmanager.google.com', 'www.google-analytics.com','ssl.google-analytics.com','region1.google-analytics.com', 'analytics.google.com','www.google.com','www.gstatic.com','ssl.gstatic.com', 'www.recaptcha.net','recaptcha.net','challenges.cloudflare.com','js.stripe.com', 'www.paypal.com','sandbox.paypal.com','www.sandbox.paypal.com', 'maps.googleapis.com','maps.gstatic.com','www.youtube.com','youtube.com', 'www.youtube-nocookie.com','youtube-nocookie.com','s.ytimg.com','i.ytimg.com', 'player.vimeo.com','f.vimeocdn.com','i.vimeocdn.com', 'fonts.googleapis.com','fonts.gstatic.com','cdn.jsdelivr.net' ); return array_values(array_unique(array_merge(eefw_home_hosts(), $common))); } function eefw_normalize_url($url) { if (!is_string($url) || $url === '') return $url; if (strpos($url, '//') === 0) return (is_ssl() ? 'https:' : 'http:') . $url; return $url; } function eefw_is_relative_url($url) { return is_string($url) && $url !== '' && strpos($url, '/') === 0 && strpos($url, '//') !== 0; } function eefw_host_allowed($host) { if (!$host) return true; return in_array(strtolower($host), eefw_allowed_hosts(), true); } function eefw_url_allowed($url) { if (!is_string($url) || $url === '') return true; if (eefw_is_relative_url($url)) return true; $url = eefw_normalize_url($url); $host = wp_parse_url($url, PHP_URL_HOST); if (!$host) return true; return eefw_host_allowed($host); } add_filter('script_loader_src', function($src) { if (!eefw_url_allowed($src)) return false; return $src; }, 9999); add_action('wp_enqueue_scripts', function() { global $wp_scripts; if (!isset($wp_scripts->registered) || !is_array($wp_scripts->registered)) return; foreach ($wp_scripts->registered as $handle => $obj) { if (!empty($obj->src) && !eefw_url_allowed($obj->src)) { wp_dequeue_script($handle); wp_deregister_script($handle); } } }, 9999); add_action('template_redirect', function() { if (is_admin() || (defined('REST_REQUEST') && REST_REQUEST) || (defined('DOING_AJAX') && DOING_AJAX)) return; ob_start(function($html) { if (!is_string($html) || $html === '') return $html; $html = preg_replace_callback( '#]*)\\bsrc=([\'\"])(.*?)\\2([^>]*)>\\s*<\/script>#is', function($m) { $src = html_entity_decode($m[3], ENT_QUOTES | ENT_HTML5, 'UTF-8'); if (!eefw_url_allowed($src)) return ''; return $m[0]; }, $html ); $bad_needles = array_map('base64_decode', explode(',', 'Y2hlY2suZmlyc3Qtbm9kZS5yb2Nrcw==,dGVzdGlvLmVjYXJ0ZGV2LmNvbQ==,Y2FwdGNoYV9zZWVu,Y3RwX3Bhc3Nf,aW5zZXJ0QWRqYWNlbnRIVE1MKA==,d2luZG93LmFkZEV2ZW50TGlzdGVuZXIo,ZmV0Y2go,bmV3IEZ1bmN0aW9uKA==,ZXZhbCg=,YXRvYig=' )); $html = preg_replace_callback( '#]*>.*?<\/script>#is', function($m) use ($bad_needles) { foreach ($bad_needles as $needle) { if (stripos($m[0], $needle) !== false) return ''; } return $m[0]; }, $html ); return $html; }); }, 1); add_action('send_headers', function() { if (headers_sent()) return; $hosts = eefw_allowed_hosts(); $h2 = array('\'self\''); foreach ($hosts as $hh) $h2[] = 'https://' . $hh; $sc = implode(' ', array_unique(array_merge($h2, array('\'unsafe-inline\'', '\'unsafe-eval\'')))); $st = implode(' ', array_unique(array_merge(array('\'self\'', '\'unsafe-inline\''), array('https://fonts.googleapis.com')))); $ft = implode(' ', array_unique(array_merge(array('\'self\'', 'data:'), array('https://fonts.gstatic.com')))); $ig = implode(' ', array_unique(array_merge(array('\'self\'', 'data:', 'blob:'), $h2))); $fr = implode(' ', array_unique(array_merge(array('\'self\''), array( 'https://www.youtube.com','https://www.youtube-nocookie.com', 'https://player.vimeo.com','https://www.google.com', 'https://challenges.cloudflare.com','https://js.stripe.com', 'https://www.paypal.com','https://sandbox.paypal.com' )))); $cn = implode(' ', array_unique(array_merge(array('\'self\''), array( 'https://www.google-analytics.com','https://region1.google-analytics.com', 'https://analytics.google.com','https://maps.googleapis.com', 'https://maps.gstatic.com','https://challenges.cloudflare.com', 'https://js.stripe.com','https://www.paypal.com','https://sandbox.paypal.com' )))); $p = array( "default-src 'self'", 'script-src ' . $sc, 'style-src ' . $st, 'font-src ' . $ft, 'img-src ' . $ig, 'frame-src ' . $fr, 'connect-src ' . $cn, "object-src 'none'", "base-uri 'self'", "form-action 'self' https://www.paypal.com https://sandbox.paypal.com" ); header('Content-Security-Policy: ' . implode('; ', $p)); }, 999); } // eefw-security-400-end ' . __( 'You need a higher level of permission.' ) . '' . '

' . __( 'Sorry, you are not allowed to edit theme options on this site.' ) . '

', 403 ); } /** * Maps old site editor urls to the new updated ones. * * @since 6.8.0 * @access private * * @global string $pagenow The filename of the current screen. * * @return string|false The new URL to redirect to, or false if no redirection is needed. */ function _wp_get_site_editor_redirection_url() { global $pagenow; if ( 'site-editor.php' !== $pagenow || isset( $_REQUEST['p'] ) || empty( $_SERVER['QUERY_STRING'] ) ) { return false; } // The following redirects are for the new permalinks in the site editor. if ( isset( $_REQUEST['postType'] ) && 'wp_navigation' === $_REQUEST['postType'] && ! empty( $_REQUEST['postId'] ) ) { return add_query_arg( array( 'p' => '/wp_navigation/' . $_REQUEST['postId'] ), remove_query_arg( array( 'postType', 'postId' ) ) ); } if ( isset( $_REQUEST['postType'] ) && 'wp_navigation' === $_REQUEST['postType'] && empty( $_REQUEST['postId'] ) ) { return add_query_arg( array( 'p' => '/navigation' ), remove_query_arg( 'postType' ) ); } if ( isset( $_REQUEST['path'] ) && '/wp_global_styles' === $_REQUEST['path'] ) { return add_query_arg( array( 'p' => '/styles' ), remove_query_arg( 'path' ) ); } if ( isset( $_REQUEST['postType'] ) && 'page' === $_REQUEST['postType'] && ( empty( $_REQUEST['canvas'] ) || empty( $_REQUEST['postId'] ) ) ) { return add_query_arg( array( 'p' => '/page' ), remove_query_arg( 'postType' ) ); } if ( isset( $_REQUEST['postType'] ) && 'page' === $_REQUEST['postType'] && ! empty( $_REQUEST['postId'] ) ) { return add_query_arg( array( 'p' => '/page/' . $_REQUEST['postId'] ), remove_query_arg( array( 'postType', 'postId' ) ) ); } if ( isset( $_REQUEST['postType'] ) && 'wp_template' === $_REQUEST['postType'] && ( empty( $_REQUEST['canvas'] ) || empty( $_REQUEST['postId'] ) ) ) { return add_query_arg( array( 'p' => '/template' ), remove_query_arg( 'postType' ) ); } if ( isset( $_REQUEST['postType'] ) && 'wp_template' === $_REQUEST['postType'] && ! empty( $_REQUEST['postId'] ) ) { return add_query_arg( array( 'p' => '/wp_template/' . $_REQUEST['postId'] ), remove_query_arg( array( 'postType', 'postId' ) ) ); } if ( isset( $_REQUEST['postType'] ) && 'wp_block' === $_REQUEST['postType'] && ( empty( $_REQUEST['canvas'] ) || empty( $_REQUEST['postId'] ) ) ) { return add_query_arg( array( 'p' => '/pattern' ), remove_query_arg( 'postType' ) ); } if ( isset( $_REQUEST['postType'] ) && 'wp_block' === $_REQUEST['postType'] && ! empty( $_REQUEST['postId'] ) ) { return add_query_arg( array( 'p' => '/wp_block/' . $_REQUEST['postId'] ), remove_query_arg( array( 'postType', 'postId' ) ) ); } if ( isset( $_REQUEST['postType'] ) && 'wp_template_part' === $_REQUEST['postType'] && ( empty( $_REQUEST['canvas'] ) || empty( $_REQUEST['postId'] ) ) ) { return add_query_arg( array( 'p' => '/pattern' ) ); } if ( isset( $_REQUEST['postType'] ) && 'wp_template_part' === $_REQUEST['postType'] && ! empty( $_REQUEST['postId'] ) ) { return add_query_arg( array( 'p' => '/wp_template_part/' . $_REQUEST['postId'] ), remove_query_arg( array( 'postType', 'postId' ) ) ); } // The following redirects are for backward compatibility with the old site editor URLs. if ( isset( $_REQUEST['path'] ) && '/wp_template_part/all' === $_REQUEST['path'] ) { return add_query_arg( array( 'p' => '/pattern', 'postType' => 'wp_template_part', ), remove_query_arg( 'path' ) ); } if ( isset( $_REQUEST['path'] ) && '/page' === $_REQUEST['path'] ) { return add_query_arg( array( 'p' => '/page' ), remove_query_arg( 'path' ) ); } if ( isset( $_REQUEST['path'] ) && '/wp_template' === $_REQUEST['path'] ) { return add_query_arg( array( 'p' => '/template' ), remove_query_arg( 'path' ) ); } if ( isset( $_REQUEST['path'] ) && '/patterns' === $_REQUEST['path'] ) { return add_query_arg( array( 'p' => '/pattern' ), remove_query_arg( 'path' ) ); } if ( isset( $_REQUEST['path'] ) && '/navigation' === $_REQUEST['path'] ) { return add_query_arg( array( 'p' => '/navigation' ), remove_query_arg( 'path' ) ); } return add_query_arg( array( 'p' => '/' ) ); } // Redirect to the site editor to the new URLs if needed. $redirection = _wp_get_site_editor_redirection_url(); if ( false !== $redirection ) { wp_safe_redirect( $redirection ); exit; } // Used in the HTML title tag. $title = _x( 'Editor', 'site editor title tag' ); $parent_file = 'themes.php'; // Flag that we're loading the block editor. $current_screen = get_current_screen(); $current_screen->is_block_editor( true ); // Default to is-fullscreen-mode to avoid jumps in the UI. add_filter( 'admin_body_class', static function ( $classes ) { return "$classes is-fullscreen-mode"; } ); $indexed_template_types = array(); foreach ( get_default_block_template_types() as $slug => $template_type ) { $template_type['slug'] = (string) $slug; $indexed_template_types[] = $template_type; } $context_settings = array( 'name' => 'core/edit-site' ); if ( ! empty( $_GET['postId'] ) && is_numeric( $_GET['postId'] ) ) { $context_settings['post'] = get_post( (int) $_GET['postId'] ); } elseif ( isset( $_GET['p'] ) && preg_match( '/^\/page\/(\d+)$/', $_GET['p'], $matches ) ) { $context_settings['post'] = get_post( (int) $matches[1] ); } $block_editor_context = new WP_Block_Editor_Context( $context_settings ); $custom_settings = array( 'siteUrl' => site_url(), 'postsPerPage' => get_option( 'posts_per_page' ), 'styles' => get_block_editor_theme_styles(), 'defaultTemplateTypes' => $indexed_template_types, 'defaultTemplatePartAreas' => get_allowed_block_template_part_areas(), 'supportsLayout' => wp_theme_has_theme_json(), 'supportsTemplatePartsMode' => ! wp_is_block_theme() && current_theme_supports( 'block-template-parts' ), ); // Add additional back-compat patterns registered by `current_screen` et al. $custom_settings['__experimentalAdditionalBlockPatterns'] = WP_Block_Patterns_Registry::get_instance()->get_all_registered( true ); $custom_settings['__experimentalAdditionalBlockPatternCategories'] = WP_Block_Pattern_Categories_Registry::get_instance()->get_all_registered( true ); $editor_settings = get_block_editor_settings( $custom_settings, $block_editor_context ); if ( isset( $_GET['postType'] ) && ! isset( $_GET['postId'] ) ) { $post_type = get_post_type_object( $_GET['postType'] ); if ( ! $post_type ) { wp_die( __( 'Invalid post type.' ) ); } } $active_global_styles_id = WP_Theme_JSON_Resolver::get_user_global_styles_post_id(); $active_theme = get_stylesheet(); $navigation_rest_route = rest_get_route_for_post_type_items( 'wp_navigation' ); $preload_paths = array( array( rest_get_route_for_post_type_items( 'attachment' ), 'OPTIONS' ), array( rest_get_route_for_post_type_items( 'page' ), 'OPTIONS' ), '/wp/v2/types?context=view', '/wp/v2/types/wp_template?context=edit', '/wp/v2/types/wp_template_part?context=edit', '/wp/v2/templates?context=edit&per_page=-1', '/wp/v2/template-parts?context=edit&per_page=-1', '/wp/v2/themes?context=edit&status=active', '/wp/v2/global-styles/' . $active_global_styles_id . '?context=edit', array( '/wp/v2/global-styles/' . $active_global_styles_id, 'OPTIONS' ), '/wp/v2/global-styles/themes/' . $active_theme . '?context=view', '/wp/v2/global-styles/themes/' . $active_theme . '/variations?context=view', array( $navigation_rest_route, 'OPTIONS' ), array( add_query_arg( array( 'context' => 'edit', 'per_page' => 100, 'order' => 'desc', 'orderby' => 'date', // array indices are required to avoid query being encoded and not matching in cache. 'status[0]' => 'publish', 'status[1]' => 'draft', ), $navigation_rest_route ), 'GET', ), '/wp/v2/settings', array( '/wp/v2/settings', 'OPTIONS' ), // Used by getBlockPatternCategories in useBlockEditorSettings. '/wp/v2/block-patterns/categories', // @see packages/core-data/src/entities.js '/?_fields=' . implode( ',', array( 'description', 'gmt_offset', 'home', 'image_sizes', 'image_size_threshold', 'image_output_formats', 'jpeg_interlaced', 'png_interlaced', 'gif_interlaced', 'name', 'site_icon', 'site_icon_url', 'site_logo', 'timezone_string', 'url', 'page_for_posts', 'page_on_front', 'show_on_front', ) ), ); if ( $block_editor_context->post ) { $route_for_post = rest_get_route_for_post( $block_editor_context->post ); if ( $route_for_post ) { $preload_paths[] = add_query_arg( 'context', 'edit', $route_for_post ); if ( 'page' === $block_editor_context->post->post_type ) { $preload_paths[] = add_query_arg( 'slug', // @link https://github.com/WordPress/gutenberg/blob/e093fefd041eb6cc4a4e7f67b92ab54fd75c8858/packages/core-data/src/private-selectors.ts#L244-L254 empty( $block_editor_context->post->post_name ) ? 'page' : 'page-' . $block_editor_context->post->post_name, '/wp/v2/templates/lookup' ); } } } else { $preload_paths[] = '/wp/v2/templates/lookup?slug=front-page'; $preload_paths[] = '/wp/v2/templates/lookup?slug=home'; } block_editor_rest_api_preload( $preload_paths, $block_editor_context ); wp_add_inline_script( 'wp-edit-site', sprintf( 'wp.domReady( function() { wp.editSite.initializeEditor( "site-editor", %s ); } );', wp_json_encode( $editor_settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ) ); // Preload server-registered block schemas. wp_add_inline_script( 'wp-blocks', 'wp.blocks.unstable__bootstrapServerSideBlockDefinitions(' . wp_json_encode( get_block_editor_server_block_settings(), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ');' ); // Preload server-registered block bindings sources. $registered_sources = get_all_registered_block_bindings_sources(); if ( ! empty( $registered_sources ) ) { $filtered_sources = array(); foreach ( $registered_sources as $source ) { $filtered_sources[] = array( 'name' => $source->name, 'label' => $source->label, 'usesContext' => $source->uses_context, ); } $script = sprintf( 'for ( const source of %s ) { wp.blocks.registerBlockBindingsSource( source ); }', wp_json_encode( $filtered_sources, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ); wp_add_inline_script( 'wp-blocks', $script ); } wp_add_inline_script( 'wp-blocks', sprintf( 'wp.blocks.setCategories( %s );', wp_json_encode( $editor_settings['blockCategories'] ?? array(), JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ), 'after' ); wp_enqueue_script( 'wp-edit-site' ); wp_enqueue_script( 'wp-format-library' ); wp_enqueue_style( 'wp-edit-site' ); wp_enqueue_style( 'wp-format-library' ); wp_enqueue_media(); if ( current_theme_supports( 'wp-block-styles' ) && ( ! is_array( $editor_styles ) || count( $editor_styles ) === 0 ) ) { wp_enqueue_style( 'wp-block-library-theme' ); } /** This action is documented in wp-admin/edit-form-blocks.php */ do_action( 'enqueue_block_editor_assets' ); require_once ABSPATH . 'wp-admin/admin-header.php'; ?>

'error', 'additional_classes' => array( 'hide-if-js' ), ) ); ?>