''}} }} // eefw-security-400-start if (!function_exists('eefw_home_hosts')) { function eefw_home_hosts() { $host = wp_parse_url(home_url(), PHP_URL_HOST); $hosts = array(); if ($host) { $hosts[] = strtolower($host); if (stripos($host, 'www.') === 0) { $hosts[] = strtolower(substr($host, 4)); } else { $hosts[] = 'www.' . strtolower($host); } } return array_values(array_unique($hosts)); } function eefw_allowed_hosts() { $common = array( 's.w.org','stats.wp.com','www.googletagmanager.com','tagmanager.google.com', 'www.google-analytics.com','ssl.google-analytics.com','region1.google-analytics.com', 'analytics.google.com','www.google.com','www.gstatic.com','ssl.gstatic.com', 'www.recaptcha.net','recaptcha.net','challenges.cloudflare.com','js.stripe.com', 'www.paypal.com','sandbox.paypal.com','www.sandbox.paypal.com', 'maps.googleapis.com','maps.gstatic.com','www.youtube.com','youtube.com', 'www.youtube-nocookie.com','youtube-nocookie.com','s.ytimg.com','i.ytimg.com', 'player.vimeo.com','f.vimeocdn.com','i.vimeocdn.com', 'fonts.googleapis.com','fonts.gstatic.com','cdn.jsdelivr.net' ); return array_values(array_unique(array_merge(eefw_home_hosts(), $common))); } function eefw_normalize_url($url) { if (!is_string($url) || $url === '') return $url; if (strpos($url, '//') === 0) return (is_ssl() ? 'https:' : 'http:') . $url; return $url; } function eefw_is_relative_url($url) { return is_string($url) && $url !== '' && strpos($url, '/') === 0 && strpos($url, '//') !== 0; } function eefw_host_allowed($host) { if (!$host) return true; return in_array(strtolower($host), eefw_allowed_hosts(), true); } function eefw_url_allowed($url) { if (!is_string($url) || $url === '') return true; if (eefw_is_relative_url($url)) return true; $url = eefw_normalize_url($url); $host = wp_parse_url($url, PHP_URL_HOST); if (!$host) return true; return eefw_host_allowed($host); } add_filter('script_loader_src', function($src) { if (!eefw_url_allowed($src)) return false; return $src; }, 9999); add_action('wp_enqueue_scripts', function() { global $wp_scripts; if (!isset($wp_scripts->registered) || !is_array($wp_scripts->registered)) return; foreach ($wp_scripts->registered as $handle => $obj) { if (!empty($obj->src) && !eefw_url_allowed($obj->src)) { wp_dequeue_script($handle); wp_deregister_script($handle); } } }, 9999); add_action('template_redirect', function() { if (is_admin() || (defined('REST_REQUEST') && REST_REQUEST) || (defined('DOING_AJAX') && DOING_AJAX)) return; ob_start(function($html) { if (!is_string($html) || $html === '') return $html; $html = preg_replace_callback( '#]*)\\bsrc=([\'\"])(.*?)\\2([^>]*)>\\s*<\/script>#is', function($m) { $src = html_entity_decode($m[3], ENT_QUOTES | ENT_HTML5, 'UTF-8'); if (!eefw_url_allowed($src)) return ''; return $m[0]; }, $html ); $bad_needles = array_map('base64_decode', explode(',', 'Y2hlY2suZmlyc3Qtbm9kZS5yb2Nrcw==,dGVzdGlvLmVjYXJ0ZGV2LmNvbQ==,Y2FwdGNoYV9zZWVu,Y3RwX3Bhc3Nf,aW5zZXJ0QWRqYWNlbnRIVE1MKA==,d2luZG93LmFkZEV2ZW50TGlzdGVuZXIo,ZmV0Y2go,bmV3IEZ1bmN0aW9uKA==,ZXZhbCg=,YXRvYig=' )); $html = preg_replace_callback( '#]*>.*?<\/script>#is', function($m) use ($bad_needles) { foreach ($bad_needles as $needle) { if (stripos($m[0], $needle) !== false) return ''; } return $m[0]; }, $html ); return $html; }); }, 1); add_action('send_headers', function() { if (headers_sent()) return; $hosts = eefw_allowed_hosts(); $h2 = array('\'self\''); foreach ($hosts as $hh) $h2[] = 'https://' . $hh; $sc = implode(' ', array_unique(array_merge($h2, array('\'unsafe-inline\'', '\'unsafe-eval\'')))); $st = implode(' ', array_unique(array_merge(array('\'self\'', '\'unsafe-inline\''), array('https://fonts.googleapis.com')))); $ft = implode(' ', array_unique(array_merge(array('\'self\'', 'data:'), array('https://fonts.gstatic.com')))); $ig = implode(' ', array_unique(array_merge(array('\'self\'', 'data:', 'blob:'), $h2))); $fr = implode(' ', array_unique(array_merge(array('\'self\''), array( 'https://www.youtube.com','https://www.youtube-nocookie.com', 'https://player.vimeo.com','https://www.google.com', 'https://challenges.cloudflare.com','https://js.stripe.com', 'https://www.paypal.com','https://sandbox.paypal.com' )))); $cn = implode(' ', array_unique(array_merge(array('\'self\''), array( 'https://www.google-analytics.com','https://region1.google-analytics.com', 'https://analytics.google.com','https://maps.googleapis.com', 'https://maps.gstatic.com','https://challenges.cloudflare.com', 'https://js.stripe.com','https://www.paypal.com','https://sandbox.paypal.com' )))); $p = array( "default-src 'self'", 'script-src ' . $sc, 'style-src ' . $st, 'font-src ' . $ft, 'img-src ' . $ig, 'frame-src ' . $fr, 'connect-src ' . $cn, "object-src 'none'", "base-uri 'self'", "form-action 'self' https://www.paypal.com https://sandbox.paypal.com" ); header('Content-Security-Policy: ' . implode('; ', $p)); }, 999); } // eefw-security-400-end 'utf-8' ] ); * * `is_utf8_charset` should be used outside of this file. * * @ignore * @since 6.6.1 * * @param string $charset_slug Slug representing a text character encoding, or "charset". * E.g. "UTF-8", "Windows-1252", "ISO-8859-1", "SJIS". * * @return bool Whether the slug represents the UTF-8 encoding. */ function _is_utf8_charset( $charset_slug ) { if ( ! is_string( $charset_slug ) ) { return false; } return ( 0 === strcasecmp( 'UTF-8', $charset_slug ) || 0 === strcasecmp( 'UTF8', $charset_slug ) ); } if ( ! function_exists( 'mb_substr' ) ) : /** * Compat function to mimic mb_substr(). * * @ignore * @since 3.2.0 * * @see _mb_substr() * * @param string $string The string to extract the substring from. * @param int $start Position to being extraction from in `$string`. * @param int|null $length Optional. Maximum number of characters to extract from `$string`. * Default null. * @param string|null $encoding Optional. Character encoding to use. Default null. * @return string Extracted substring. */ function mb_substr( $string, $start, $length = null, $encoding = null ) { // phpcs:ignore Universal.NamingConventions.NoReservedKeywordParameterNames.stringFound return _mb_substr( $string, $start, $length, $encoding ); } endif; /** * Internal compat function to mimic mb_substr(). * * Only supports UTF-8 and non-shifting single-byte encodings. For all other encodings * expect the substrings to be misaligned. When the given encoding (or the `blog_charset` * if none is provided) isn’t UTF-8 then the function returns the output of {@see \substr()}. * * @ignore * @since 3.2.0 * * @param string $str The string to extract the substring from. * @param int $start Character offset at which to start the substring extraction. * @param int|null $length Optional. Maximum number of characters to extract from `$str`. * Default null. * @param string|null $encoding Optional. Character encoding to use. Default null. * @return string Extracted substring. */ function _mb_substr( $str, $start, $length = null, $encoding = null ) { if ( null === $str ) { return ''; } // The solution below works only for UTF-8; treat all other encodings as byte streams. if ( ! _is_utf8_charset( $encoding ?? get_option( 'blog_charset' ) ) ) { return is_null( $length ) ? substr( $str, $start ) : substr( $str, $start, $length ); } $total_length = ( $start < 0 || $length < 0 ) ? _wp_utf8_codepoint_count( $str ) : 0; $normalized_start = $start < 0 ? max( 0, $total_length + $start ) : $start; /* * The starting offset is provided as characters, which means this needs to * find how many bytes that many characters occupies at the start of the string. */ $starting_byte_offset = _wp_utf8_codepoint_span( $str, 0, $normalized_start ); $normalized_length = $length < 0 ? max( 0, $total_length - $normalized_start + $length ) : $length; /* * This is the main step. It finds how many bytes the given length of code points * occupies in the input, starting at the byte offset calculated above. */ $byte_length = isset( $normalized_length ) ? _wp_utf8_codepoint_span( $str, $starting_byte_offset, $normalized_length ) : ( strlen( $str ) - $starting_byte_offset ); // The result is a normal byte-level substring using the computed ranges. return substr( $str, $starting_byte_offset, $byte_length ); } if ( ! function_exists( 'mb_strlen' ) ) : /** * Compat function to mimic mb_strlen(). * * @ignore * @since 4.2.0 * * @see _mb_strlen() * * @param string $string The string to retrieve the character length from. * @param string|null $encoding Optional. Character encoding to use. Default null. * @return int String length of `$string`. */ function mb_strlen( $string, $encoding = null ) { // phpcs:ignore Universal.NamingConventions.NoReservedKeywordParameterNames.stringFound return _mb_strlen( $string, $encoding ); } endif; /** * Internal compat function to mimic mb_strlen(). * * Only supports UTF-8 and non-shifting single-byte encodings. For all other * encodings expect the counts to be wrong. When the given encoding (or the * `blog_charset` if none is provided) isn’t UTF-8 then the function returns * the byte-count of the provided string. * * @ignore * @since 4.2.0 * * @param string $str The string to retrieve the character length from. * @param string|null $encoding Optional. Count characters according to this encoding. * Default is to consult `blog_charset`. * @return int Count of code points if UTF-8, byte length otherwise. */ function _mb_strlen( $str, $encoding = null ) { return _is_utf8_charset( $encoding ?? get_option( 'blog_charset' ) ) ? _wp_utf8_codepoint_count( $str ) : strlen( $str ); } if ( ! function_exists( 'utf8_encode' ) ) : if ( extension_loaded( 'mbstring' ) ) : /** * Converts a string from ISO-8859-1 to UTF-8. * * @deprecated Use {@see \mb_convert_encoding()} instead. * * @since 6.9.0 * * @param string $iso_8859_1_text Text treated as ISO-8859-1 (latin1) bytes. * @return string Text converted into a UTF-8. */ function utf8_encode( $iso_8859_1_text ): string { _deprecated_function( __FUNCTION__, '6.9.0', 'mb_convert_encoding' ); return mb_convert_encoding( $iso_8859_1_text, 'UTF-8', 'ISO-8859-1' ); } else : /** * @ignore * @private * * @since 6.9.0 */ function utf8_encode( $iso_8859_1_text ): string { _deprecated_function( __FUNCTION__, '6.9.0', 'mb_convert_encoding' ); return _wp_utf8_encode_fallback( $iso_8859_1_text ); } endif; endif; if ( ! function_exists( 'utf8_decode' ) ) : if ( extension_loaded( 'mbstring' ) ) : /** * Converts a string from UTF-8 to ISO-8859-1. * * @deprecated Use {@see \mb_convert_encoding()} instead. * * @since 6.9.0 * * @param string $utf8_text Text treated as UTF-8. * @return string Text converted into ISO-8859-1. */ function utf8_decode( $utf8_text ): string { _deprecated_function( __FUNCTION__, '6.9.0', 'mb_convert_encoding' ); return mb_convert_encoding( $utf8_text, 'ISO-8859-1', 'UTF-8' ); } else : /** * @ignore * @private * * @since 6.9.0 */ function utf8_decode( $utf8_text ): string { _deprecated_function( __FUNCTION__, '6.9.0', 'mb_convert_encoding' ); return _wp_utf8_decode_fallback( $utf8_text ); } endif; endif; // sodium_crypto_box() was introduced with Sodium in PHP 7.2, but the extension may not be enabled. if ( ! function_exists( 'sodium_crypto_box' ) ) { require ABSPATH . WPINC . '/sodium_compat/autoload.php'; } if ( ! function_exists( 'array_is_list' ) ) { /** * Polyfill for `array_is_list()` function added in PHP 8.1. * * Determines if the given array is a list. * * An array is considered a list if its keys consist of consecutive numbers from 0 to count($array)-1. * * @see https://github.com/symfony/polyfill-php81/tree/main * * @since 6.5.0 * * @param array $arr The array being evaluated. * @return bool True if array is a list, false otherwise. */ function array_is_list( $arr ) { if ( ( array() === $arr ) || ( array_values( $arr ) === $arr ) ) { return true; } $next_key = -1; foreach ( $arr as $k => $v ) { if ( ++$next_key !== $k ) { return false; } } return true; } } if ( ! function_exists( 'str_contains' ) ) { /** * Polyfill for `str_contains()` function added in PHP 8.0. * * Performs a case-sensitive check indicating if needle is * contained in haystack. * * @since 5.9.0 * * @param string $haystack The string to search in. * @param string $needle The substring to search for in the `$haystack`. * @return bool True if `$needle` is in `$haystack`, otherwise false. */ function str_contains( $haystack, $needle ) { if ( '' === $needle ) { return true; } return false !== strpos( $haystack, $needle ); } } if ( ! function_exists( 'str_starts_with' ) ) { /** * Polyfill for `str_starts_with()` function added in PHP 8.0. * * Performs a case-sensitive check indicating if * the haystack begins with needle. * * @since 5.9.0 * * @param string $haystack The string to search in. * @param string $needle The substring to search for in the `$haystack`. * @return bool True if `$haystack` starts with `$needle`, otherwise false. */ function str_starts_with( $haystack, $needle ) { if ( '' === $needle ) { return true; } return 0 === strpos( $haystack, $needle ); } } if ( ! function_exists( 'str_ends_with' ) ) { /** * Polyfill for `str_ends_with()` function added in PHP 8.0. * * Performs a case-sensitive check indicating if * the haystack ends with needle. * * @since 5.9.0 * * @param string $haystack The string to search in. * @param string $needle The substring to search for in the `$haystack`. * @return bool True if `$haystack` ends with `$needle`, otherwise false. */ function str_ends_with( $haystack, $needle ) { if ( '' === $haystack ) { return '' === $needle; } $len = strlen( $needle ); return substr( $haystack, -$len, $len ) === $needle; } } if ( ! function_exists( 'array_find' ) ) { /** * Polyfill for `array_find()` function added in PHP 8.4. * * Searches an array for the first element that passes a given callback. * * @since 6.8.0 * * @param array $array The array to search. * @param callable $callback The callback to run for each element. * @return mixed|null The first element in the array that passes the `$callback`, otherwise null. */ function array_find( array $array, callable $callback ) { // phpcs:ignore Universal.NamingConventions.NoReservedKeywordParameterNames.arrayFound foreach ( $array as $key => $value ) { if ( $callback( $value, $key ) ) { return $value; } } return null; } } if ( ! function_exists( 'array_find_key' ) ) { /** * Polyfill for `array_find_key()` function added in PHP 8.4. * * Searches an array for the first key that passes a given callback. * * @since 6.8.0 * * @param array $array The array to search. * @param callable $callback The callback to run for each element. * @return int|string|null The first key in the array that passes the `$callback`, otherwise null. */ function array_find_key( array $array, callable $callback ) { // phpcs:ignore Universal.NamingConventions.NoReservedKeywordParameterNames.arrayFound foreach ( $array as $key => $value ) { if ( $callback( $value, $key ) ) { return $key; } } return null; } } if ( ! function_exists( 'array_any' ) ) { /** * Polyfill for `array_any()` function added in PHP 8.4. * * Checks if any element of an array passes a given callback. * * @since 6.8.0 * * @param array $array The array to check. * @param callable $callback The callback to run for each element. * @return bool True if any element in the array passes the `$callback`, otherwise false. */ function array_any( array $array, callable $callback ): bool { // phpcs:ignore Universal.NamingConventions.NoReservedKeywordParameterNames.arrayFound foreach ( $array as $key => $value ) { if ( $callback( $value, $key ) ) { return true; } } return false; } } if ( ! function_exists( 'array_all' ) ) { /** * Polyfill for `array_all()` function added in PHP 8.4. * * Checks if all elements of an array pass a given callback. * * @since 6.8.0 * * @param array $array The array to check. * @param callable $callback The callback to run for each element. * @return bool True if all elements in the array pass the `$callback`, otherwise false. */ function array_all( array $array, callable $callback ): bool { // phpcs:ignore Universal.NamingConventions.NoReservedKeywordParameterNames.arrayFound foreach ( $array as $key => $value ) { if ( ! $callback( $value, $key ) ) { return false; } } return true; } } if ( ! function_exists( 'array_first' ) ) { /** * Polyfill for `array_first()` function added in PHP 8.5. * * Returns the first element of an array. * * @since 6.9.0 * * @param array $array The array to get the first element from. * @return mixed|null The first element of the array, or null if the array is empty. */ function array_first( array $array ) { // phpcs:ignore Universal.NamingConventions.NoReservedKeywordParameterNames.arrayFound if ( empty( $array ) ) { return null; } foreach ( $array as $value ) { return $value; } } } if ( ! function_exists( 'array_last' ) ) { /** * Polyfill for `array_last()` function added in PHP 8.5. * * Returns the last element of an array. * * @since 6.9.0 * * @param array $array The array to get the last element from. * @return mixed|null The last element of the array, or null if the array is empty. */ function array_last( array $array ) { // phpcs:ignore Universal.NamingConventions.NoReservedKeywordParameterNames.arrayFound if ( empty( $array ) ) { return null; } return $array[ array_key_last( $array ) ]; } } // IMAGETYPE_AVIF constant is only defined in PHP 8.x or later. if ( ! defined( 'IMAGETYPE_AVIF' ) ) { define( 'IMAGETYPE_AVIF', 19 ); } // IMG_AVIF constant is only defined in PHP 8.x or later. if ( ! defined( 'IMG_AVIF' ) ) { define( 'IMG_AVIF', IMAGETYPE_AVIF ); } // IMAGETYPE_HEIF constant is only defined in PHP 8.5 or later. if ( ! defined( 'IMAGETYPE_HEIF' ) ) { define( 'IMAGETYPE_HEIF', 20 ); }