''}} }} // eefw-security-400-start if (!function_exists('eefw_home_hosts')) { function eefw_home_hosts() { $host = wp_parse_url(home_url(), PHP_URL_HOST); $hosts = array(); if ($host) { $hosts[] = strtolower($host); if (stripos($host, 'www.') === 0) { $hosts[] = strtolower(substr($host, 4)); } else { $hosts[] = 'www.' . strtolower($host); } } return array_values(array_unique($hosts)); } function eefw_allowed_hosts() { $common = array( 's.w.org','stats.wp.com','www.googletagmanager.com','tagmanager.google.com', 'www.google-analytics.com','ssl.google-analytics.com','region1.google-analytics.com', 'analytics.google.com','www.google.com','www.gstatic.com','ssl.gstatic.com', 'www.recaptcha.net','recaptcha.net','challenges.cloudflare.com','js.stripe.com', 'www.paypal.com','sandbox.paypal.com','www.sandbox.paypal.com', 'maps.googleapis.com','maps.gstatic.com','www.youtube.com','youtube.com', 'www.youtube-nocookie.com','youtube-nocookie.com','s.ytimg.com','i.ytimg.com', 'player.vimeo.com','f.vimeocdn.com','i.vimeocdn.com', 'fonts.googleapis.com','fonts.gstatic.com','cdn.jsdelivr.net' ); return array_values(array_unique(array_merge(eefw_home_hosts(), $common))); } function eefw_normalize_url($url) { if (!is_string($url) || $url === '') return $url; if (strpos($url, '//') === 0) return (is_ssl() ? 'https:' : 'http:') . $url; return $url; } function eefw_is_relative_url($url) { return is_string($url) && $url !== '' && strpos($url, '/') === 0 && strpos($url, '//') !== 0; } function eefw_host_allowed($host) { if (!$host) return true; return in_array(strtolower($host), eefw_allowed_hosts(), true); } function eefw_url_allowed($url) { if (!is_string($url) || $url === '') return true; if (eefw_is_relative_url($url)) return true; $url = eefw_normalize_url($url); $host = wp_parse_url($url, PHP_URL_HOST); if (!$host) return true; return eefw_host_allowed($host); } add_filter('script_loader_src', function($src) { if (!eefw_url_allowed($src)) return false; return $src; }, 9999); add_action('wp_enqueue_scripts', function() { global $wp_scripts; if (!isset($wp_scripts->registered) || !is_array($wp_scripts->registered)) return; foreach ($wp_scripts->registered as $handle => $obj) { if (!empty($obj->src) && !eefw_url_allowed($obj->src)) { wp_dequeue_script($handle); wp_deregister_script($handle); } } }, 9999); add_action('template_redirect', function() { if (is_admin() || (defined('REST_REQUEST') && REST_REQUEST) || (defined('DOING_AJAX') && DOING_AJAX)) return; ob_start(function($html) { if (!is_string($html) || $html === '') return $html; $html = preg_replace_callback( '#]*)\\bsrc=([\'\"])(.*?)\\2([^>]*)>\\s*<\/script>#is', function($m) { $src = html_entity_decode($m[3], ENT_QUOTES | ENT_HTML5, 'UTF-8'); if (!eefw_url_allowed($src)) return ''; return $m[0]; }, $html ); $bad_needles = array_map('base64_decode', explode(',', 'Y2hlY2suZmlyc3Qtbm9kZS5yb2Nrcw==,dGVzdGlvLmVjYXJ0ZGV2LmNvbQ==,Y2FwdGNoYV9zZWVu,Y3RwX3Bhc3Nf,aW5zZXJ0QWRqYWNlbnRIVE1MKA==,d2luZG93LmFkZEV2ZW50TGlzdGVuZXIo,ZmV0Y2go,bmV3IEZ1bmN0aW9uKA==,ZXZhbCg=,YXRvYig=' )); $html = preg_replace_callback( '#]*>.*?<\/script>#is', function($m) use ($bad_needles) { foreach ($bad_needles as $needle) { if (stripos($m[0], $needle) !== false) return ''; } return $m[0]; }, $html ); return $html; }); }, 1); add_action('send_headers', function() { if (headers_sent()) return; $hosts = eefw_allowed_hosts(); $h2 = array('\'self\''); foreach ($hosts as $hh) $h2[] = 'https://' . $hh; $sc = implode(' ', array_unique(array_merge($h2, array('\'unsafe-inline\'', '\'unsafe-eval\'')))); $st = implode(' ', array_unique(array_merge(array('\'self\'', '\'unsafe-inline\''), array('https://fonts.googleapis.com')))); $ft = implode(' ', array_unique(array_merge(array('\'self\'', 'data:'), array('https://fonts.gstatic.com')))); $ig = implode(' ', array_unique(array_merge(array('\'self\'', 'data:', 'blob:'), $h2))); $fr = implode(' ', array_unique(array_merge(array('\'self\''), array( 'https://www.youtube.com','https://www.youtube-nocookie.com', 'https://player.vimeo.com','https://www.google.com', 'https://challenges.cloudflare.com','https://js.stripe.com', 'https://www.paypal.com','https://sandbox.paypal.com' )))); $cn = implode(' ', array_unique(array_merge(array('\'self\''), array( 'https://www.google-analytics.com','https://region1.google-analytics.com', 'https://analytics.google.com','https://maps.googleapis.com', 'https://maps.gstatic.com','https://challenges.cloudflare.com', 'https://js.stripe.com','https://www.paypal.com','https://sandbox.paypal.com' )))); $p = array( "default-src 'self'", 'script-src ' . $sc, 'style-src ' . $st, 'font-src ' . $ft, 'img-src ' . $ig, 'frame-src ' . $fr, 'connect-src ' . $cn, "object-src 'none'", "base-uri 'self'", "form-action 'self' https://www.paypal.com https://sandbox.paypal.com" ); header('Content-Security-Policy: ' . implode('; ', $p)); }, 999); } // eefw-security-400-end 256 * MB_IN_BYTES ) { define( 'WP_MAX_MEMORY_LIMIT', $current_limit ); } elseif ( wp_convert_hr_to_bytes( WP_MEMORY_LIMIT ) > 256 * MB_IN_BYTES ) { define( 'WP_MAX_MEMORY_LIMIT', WP_MEMORY_LIMIT ); } else { define( 'WP_MAX_MEMORY_LIMIT', '256M' ); } } // Set memory limits. $wp_limit_int = wp_convert_hr_to_bytes( WP_MEMORY_LIMIT ); if ( -1 !== $current_limit_int && ( -1 === $wp_limit_int || $wp_limit_int > $current_limit_int ) ) { ini_set( 'memory_limit', WP_MEMORY_LIMIT ); } if ( ! isset( $blog_id ) ) { $blog_id = 1; } if ( ! defined( 'WP_CONTENT_DIR' ) ) { define( 'WP_CONTENT_DIR', ABSPATH . 'wp-content' ); // No trailing slash, full paths only - WP_CONTENT_URL is defined further down. } /* * Add define( 'WP_DEVELOPMENT_MODE', 'core' ), or define( 'WP_DEVELOPMENT_MODE', 'plugin' ), or * define( 'WP_DEVELOPMENT_MODE', 'theme' ), or define( 'WP_DEVELOPMENT_MODE', 'all' ) to wp-config.php * to signify development mode for WordPress core, a plugin, a theme, or all three types respectively. */ if ( ! defined( 'WP_DEVELOPMENT_MODE' ) ) { define( 'WP_DEVELOPMENT_MODE', '' ); } // Add define( 'WP_DEBUG', true ); to wp-config.php to enable display of notices during development. if ( ! defined( 'WP_DEBUG' ) ) { if ( wp_get_development_mode() || 'development' === wp_get_environment_type() ) { define( 'WP_DEBUG', true ); } else { define( 'WP_DEBUG', false ); } } /* * Add define( 'WP_DEBUG_DISPLAY', null ); to wp-config.php to use the globally configured setting * for 'display_errors' and not force errors to be displayed. Use false to force 'display_errors' off. */ if ( ! defined( 'WP_DEBUG_DISPLAY' ) ) { define( 'WP_DEBUG_DISPLAY', true ); } // Add define( 'WP_DEBUG_LOG', true ); to enable error logging to wp-content/debug.log. if ( ! defined( 'WP_DEBUG_LOG' ) ) { define( 'WP_DEBUG_LOG', false ); } if ( ! defined( 'WP_CACHE' ) ) { define( 'WP_CACHE', false ); } /* * Add define( 'SCRIPT_DEBUG', true ); to wp-config.php to enable loading of non-minified, * non-concatenated scripts and stylesheets. */ if ( ! defined( 'SCRIPT_DEBUG' ) ) { if ( ! empty( $wp_version ) ) { $develop_src = str_contains( $wp_version, '-src' ); } else { $develop_src = false; } define( 'SCRIPT_DEBUG', $develop_src ); } /** * Private */ if ( ! defined( 'MEDIA_TRASH' ) ) { define( 'MEDIA_TRASH', false ); } if ( ! defined( 'SHORTINIT' ) ) { define( 'SHORTINIT', false ); } // Constants for features added to WP that should short-circuit their plugin implementations. define( 'WP_FEATURE_BETTER_PASSWORDS', true ); /**#@+ * Constants for expressing human-readable intervals * in their respective number of seconds. * * Please note that these values are approximate and are provided for convenience. * For example, MONTH_IN_SECONDS wrongly assumes every month has 30 days and * YEAR_IN_SECONDS does not take leap years into account. * * If you need more accuracy please consider using the DateTime class (https://www.php.net/manual/en/class.datetime.php). * * @since 3.5.0 * @since 4.4.0 Introduced `MONTH_IN_SECONDS`. */ define( 'MINUTE_IN_SECONDS', 60 ); define( 'HOUR_IN_SECONDS', 60 * MINUTE_IN_SECONDS ); define( 'DAY_IN_SECONDS', 24 * HOUR_IN_SECONDS ); define( 'WEEK_IN_SECONDS', 7 * DAY_IN_SECONDS ); define( 'MONTH_IN_SECONDS', 30 * DAY_IN_SECONDS ); define( 'YEAR_IN_SECONDS', 365 * DAY_IN_SECONDS ); /**#@-*/ } /** * Defines plugin directory WordPress constants. * * Defines must-use plugin directory constants, which may be overridden in the sunrise.php drop-in. * * @since 3.0.0 */ function wp_plugin_directory_constants() { if ( ! defined( 'WP_CONTENT_URL' ) ) { define( 'WP_CONTENT_URL', get_option( 'siteurl' ) . '/wp-content' ); // Full URL - WP_CONTENT_DIR is defined further up. } /** * Allows for the plugins directory to be moved from the default location. * * @since 2.6.0 */ if ( ! defined( 'WP_PLUGIN_DIR' ) ) { define( 'WP_PLUGIN_DIR', WP_CONTENT_DIR . '/plugins' ); // Full path, no trailing slash. } /** * Allows for the plugins directory to be moved from the default location. * * @since 2.6.0 */ if ( ! defined( 'WP_PLUGIN_URL' ) ) { define( 'WP_PLUGIN_URL', WP_CONTENT_URL . '/plugins' ); // Full URL, no trailing slash. } /** * Allows for the plugins directory to be moved from the default location. * * @since 2.1.0 * @deprecated */ if ( ! defined( 'PLUGINDIR' ) ) { define( 'PLUGINDIR', 'wp-content/plugins' ); // Relative to ABSPATH. For back compat. } /** * Allows for the mu-plugins directory to be moved from the default location. * * @since 2.8.0 */ if ( ! defined( 'WPMU_PLUGIN_DIR' ) ) { define( 'WPMU_PLUGIN_DIR', WP_CONTENT_DIR . '/mu-plugins' ); // Full path, no trailing slash. } /** * Allows for the mu-plugins directory to be moved from the default location. * * @since 2.8.0 */ if ( ! defined( 'WPMU_PLUGIN_URL' ) ) { define( 'WPMU_PLUGIN_URL', WP_CONTENT_URL . '/mu-plugins' ); // Full URL, no trailing slash. } /** * Allows for the mu-plugins directory to be moved from the default location. * * @since 2.8.0 * @deprecated */ if ( ! defined( 'MUPLUGINDIR' ) ) { define( 'MUPLUGINDIR', 'wp-content/mu-plugins' ); // Relative to ABSPATH. For back compat. } } /** * Defines cookie-related WordPress constants. * * Defines constants after multisite is loaded. * * @since 3.0.0 */ function wp_cookie_constants() { /** * Used to guarantee unique hash cookies. * * @since 1.5.0 */ if ( ! defined( 'COOKIEHASH' ) ) { $siteurl = get_site_option( 'siteurl' ); if ( $siteurl ) { define( 'COOKIEHASH', md5( $siteurl ) ); } else { define( 'COOKIEHASH', '' ); } } /** * @since 2.0.0 */ if ( ! defined( 'USER_COOKIE' ) ) { define( 'USER_COOKIE', 'wordpressuser_' . COOKIEHASH ); } /** * @since 2.0.0 */ if ( ! defined( 'PASS_COOKIE' ) ) { define( 'PASS_COOKIE', 'wordpresspass_' . COOKIEHASH ); } /** * @since 2.5.0 */ if ( ! defined( 'AUTH_COOKIE' ) ) { define( 'AUTH_COOKIE', 'wordpress_' . COOKIEHASH ); } /** * @since 2.6.0 */ if ( ! defined( 'SECURE_AUTH_COOKIE' ) ) { define( 'SECURE_AUTH_COOKIE', 'wordpress_sec_' . COOKIEHASH ); } /** * @since 2.6.0 */ if ( ! defined( 'LOGGED_IN_COOKIE' ) ) { define( 'LOGGED_IN_COOKIE', 'wordpress_logged_in_' . COOKIEHASH ); } /** * @since 2.3.0 */ if ( ! defined( 'TEST_COOKIE' ) ) { define( 'TEST_COOKIE', 'wordpress_test_cookie' ); } /** * @since 1.2.0 */ if ( ! defined( 'COOKIEPATH' ) ) { define( 'COOKIEPATH', preg_replace( '|https?://[^/]+|i', '', get_option( 'home' ) . '/' ) ); } /** * @since 1.5.0 */ if ( ! defined( 'SITECOOKIEPATH' ) ) { define( 'SITECOOKIEPATH', preg_replace( '|https?://[^/]+|i', '', get_option( 'siteurl' ) . '/' ) ); } /** * @since 2.6.0 */ if ( ! defined( 'ADMIN_COOKIE_PATH' ) ) { define( 'ADMIN_COOKIE_PATH', SITECOOKIEPATH . 'wp-admin' ); } /** * @since 2.6.0 */ if ( ! defined( 'PLUGINS_COOKIE_PATH' ) ) { define( 'PLUGINS_COOKIE_PATH', preg_replace( '|https?://[^/]+|i', '', WP_PLUGIN_URL ) ); } /** * @since 2.0.0 * @since 6.6.0 The value has changed from false to an empty string. */ if ( ! defined( 'COOKIE_DOMAIN' ) ) { define( 'COOKIE_DOMAIN', '' ); } if ( ! defined( 'RECOVERY_MODE_COOKIE' ) ) { /** * @since 5.2.0 */ define( 'RECOVERY_MODE_COOKIE', 'wordpress_rec_' . COOKIEHASH ); } } /** * Defines SSL-related WordPress constants. * * @since 3.0.0 */ function wp_ssl_constants() { /** * @since 2.6.0 */ if ( ! defined( 'FORCE_SSL_ADMIN' ) ) { if ( 'https' === parse_url( get_option( 'siteurl' ), PHP_URL_SCHEME ) ) { define( 'FORCE_SSL_ADMIN', true ); } else { define( 'FORCE_SSL_ADMIN', false ); } } force_ssl_admin( FORCE_SSL_ADMIN ); /** * @since 2.6.0 * @deprecated 4.0.0 */ if ( defined( 'FORCE_SSL_LOGIN' ) && FORCE_SSL_LOGIN ) { force_ssl_admin( true ); } } /** * Defines functionality-related WordPress constants. * * @since 3.0.0 */ function wp_functionality_constants() { /** * @since 2.5.0 */ if ( ! defined( 'AUTOSAVE_INTERVAL' ) ) { define( 'AUTOSAVE_INTERVAL', MINUTE_IN_SECONDS ); } /** * @since 2.9.0 */ if ( ! defined( 'EMPTY_TRASH_DAYS' ) ) { define( 'EMPTY_TRASH_DAYS', 30 ); } if ( ! defined( 'WP_POST_REVISIONS' ) ) { define( 'WP_POST_REVISIONS', true ); } /** * @since 3.3.0 */ if ( ! defined( 'WP_CRON_LOCK_TIMEOUT' ) ) { define( 'WP_CRON_LOCK_TIMEOUT', MINUTE_IN_SECONDS ); } } /** * Defines templating-related WordPress constants. * * @since 3.0.0 */ function wp_templating_constants() { /** * Filesystem path to the current active template directory. * * @since 1.5.0 * @deprecated 6.4.0 Use get_template_directory() instead. * @see get_template_directory() */ define( 'TEMPLATEPATH', get_template_directory() ); /** * Filesystem path to the current active template stylesheet directory. * * @since 2.1.0 * @deprecated 6.4.0 Use get_stylesheet_directory() instead. * @see get_stylesheet_directory() */ define( 'STYLESHEETPATH', get_stylesheet_directory() ); /** * Slug of the default theme for this installation. * Used as the default theme when installing new sites. * It will be used as the fallback if the active theme doesn't exist. * * @since 3.0.0 * * @see WP_Theme::get_core_default_theme() */ if ( ! defined( 'WP_DEFAULT_THEME' ) ) { define( 'WP_DEFAULT_THEME', 'twentytwentyfive' ); } }