1<?php 2/** 3 * WordPress Administration Bootstrap 4 * 5 * @package WordPress 6 * @subpackage Administration 7 */ 8 9/** 10 * In WordPress Administration Screens 11 * 12 * @since 2.3.2 13 */ 14if ( ! defined( 'WP_ADMIN' ) ) { 15 define( 'WP_ADMIN', true ); 16} 17 18if ( ! defined( 'WP_NETWORK_ADMIN' ) ) { 19 define( 'WP_NETWORK_ADMIN', false ); 20} 21 22if ( ! defined( 'WP_USER_ADMIN' ) ) { 23 define( 'WP_USER_ADMIN', false ); 24} 25 26if ( ! WP_NETWORK_ADMIN && ! WP_USER_ADMIN ) { 27 define( 'WP_BLOG_ADMIN', true ); 28} 29 30if ( isset( $_GET['import'] ) && ! defined( 'WP_LOAD_IMPORTERS' ) ) { 31 define( 'WP_LOAD_IMPORTERS', true ); 32} 33 34require_once dirname( __DIR__ ) . '/wp-load.php'; 35 36nocache_headers(); 37 38if ( get_option( 'db_upgraded' ) ) { 39 40 flush_rewrite_rules(); 41 update_option( 'db_upgraded', false ); 42 43 /** 44 * Fires on the next page load after a successful DB upgrade. 45 * 46 * @since 2.8.0 47 */ 48 do_action( 'after_db_upgrade' ); 49 50} elseif ( ! wp_doing_ajax() && empty( $_POST ) 51 && (int) get_option( 'db_version' ) !== $wp_db_version 52) { 53 54 if ( ! is_multisite() ) { 55 wp_redirect( admin_url( 'upgrade.php?_wp_http_referer=' . urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) ); 56 exit; 57 } 58 59 /** 60 * Filters whether to attempt to perform the multisite DB upgrade routine. 61 * 62 * In single site, the user would be redirected to wp-admin/upgrade.php. 63 * In multisite, the DB upgrade routine is automatically fired, but only 64 * when this filter returns true. 65 * 66 * If the network is 50 sites or less, it will run every time. Otherwise, 67 * it will throttle itself to reduce load. 68 * 69 * @since MU (3.0.0) 70 * 71 * @param bool $do_mu_upgrade Whether to perform the Multisite upgrade routine. Default true. 72 */ 73 if ( apply_filters( 'do_mu_upgrade', true ) ) { 74 $c = get_blog_count(); 75 76 /* 77 * If there are 50 or fewer sites, run every time. Otherwise, throttle to reduce load: 78 * attempt to do no more than threshold value, with some +/- allowed. 79 */ 80 if ( $c <= 50 || ( $c > 50 && mt_rand( 0, (int) ( $c / 50 ) ) === 1 ) ) { 81 require_once ABSPATH . WPINC . '/http.php'; 82 $response = wp_remote_get( 83 admin_url( 'upgrade.php?step=1' ), 84 array( 85 'timeout' => 120, 86 'httpversion' => '1.1', 87 ) 88 ); 89 /** This action is documented in wp-admin/network/upgrade.php */ 90 do_action( 'after_mu_upgrade', $response ); 91 unset( $response ); 92 } 93 unset( $c ); 94 } 95} 96 97require_once ABSPATH . 'wp-admin/includes/admin.php'; 98 99auth_redirect(); 100 101// Schedule Trash collection. 102if ( ! wp_next_scheduled( 'wp_scheduled_delete' ) && ! wp_installing() ) { 103 wp_schedule_event( time(), 'daily', 'wp_scheduled_delete' ); 104} 105 106// Schedule transient cleanup. 107if ( ! wp_next_scheduled( 'delete_expired_transients' ) && ! wp_installing() ) { 108 wp_schedule_event( time(), 'daily', 'delete_expired_transients' ); 109} 110 111set_screen_options(); 112 113$date_format = __( 'F j, Y' ); 114$time_format = __( 'g:i a' ); 115 116wp_enqueue_script( 'common' ); 117 118/** 119 * $pagenow is set in vars.php 120 * $wp_importers is sometimes set in wp-admin/includes/import.php 121 * The remaining variables are imported as globals elsewhere, declared as globals here 122 * 123 * @global string $pagenow 124 * @global array $wp_importers 125 * @global string $hook_suffix 126 * @global string $plugin_page 127 * @global string $typenow 128 * @global string $taxnow 129 */ 130global $pagenow, $wp_importers, $hook_suffix, $plugin_page, $typenow, $taxnow; 131 132$page_hook = null; 133 134$editing = false; 135 136if ( isset( $_GET['page'] ) ) { 137 $plugin_page = wp_unslash( $_GET['page'] ); 138 $plugin_page = plugin_basename( $plugin_page ); 139} 140 141if ( isset( $_REQUEST['post_type'] ) && post_type_exists( $_REQUEST['post_type'] ) ) { 142 $typenow = $_REQUEST['post_type']; 143} else { 144 $typenow = ''; 145} 146 147if ( isset( $_REQUEST['taxonomy'] ) && taxonomy_exists( $_REQUEST['taxonomy'] ) ) { 148 $taxnow = $_REQUEST['taxonomy']; 149} else { 150 $taxnow = ''; 151} 152 153if ( WP_NETWORK_ADMIN ) { 154 require ABSPATH . 'wp-admin/network/menu.php'; 155} elseif ( WP_USER_ADMIN ) { 156 require ABSPATH . 'wp-admin/user/menu.php'; 157} else { 158 require ABSPATH . 'wp-admin/menu.php'; 159} 160 161if ( current_user_can( 'manage_options' ) ) { 162 wp_raise_memory_limit( 'admin' ); 163} 164 165/** 166 * Fires as an admin screen or script is being initialized. 167 * 168 * Note, this does not just run on user-facing admin screens. 169 * It runs on admin-ajax.php and admin-post.php as well. 170 * 171 * This is roughly analogous to the more general {@see 'init'} hook, which fires earlier. 172 * 173 * @since 2.5.0 174 */ 175do_action( 'admin_init' ); 176 177if ( isset( $plugin_page ) ) { 178 if ( ! empty( $typenow ) ) { 179 $the_parent = $pagenow . '?post_type=' . $typenow; 180 } else { 181 $the_parent = $pagenow; 182 } 183 184 $page_hook = get_plugin_page_hook( $plugin_page, $the_parent ); 185 if ( ! $page_hook ) { 186 $page_hook = get_plugin_page_hook( $plugin_page, $plugin_page ); 187 188 // Back-compat for plugins using add_management_page(). 189 if ( empty( $page_hook ) && 'edit.php' === $pagenow && get_plugin_page_hook( $plugin_page, 'tools.php' ) ) { 190 // There could be plugin specific params on the URL, so we need the whole query string. 191 if ( ! empty( $_SERVER['QUERY_STRING'] ) ) { 192 $query_string = $_SERVER['QUERY_STRING']; 193 } else { 194 $query_string = 'page=' . $plugin_page; 195 } 196 wp_redirect( admin_url( 'tools.php?' . $query_string ) ); 197 exit; 198 } 199 } 200 unset( $the_parent ); 201} 202 203$hook_suffix = ''; 204if ( isset( $page_hook ) ) { 205 $hook_suffix = $page_hook; 206} elseif ( isset( $plugin_page ) ) { 207 $hook_suffix = $plugin_page; 208} elseif ( isset( $pagenow ) ) { 209 $hook_suffix = $pagenow; 210} 211 212set_current_screen(); 213 214// Handle plugin admin pages. 215if ( isset( $plugin_page ) ) { 216 if ( $page_hook ) { 217 /** 218 * Fires before a particular screen is loaded. 219 * 220 * The load-* hook fires in a number of contexts. This hook is for plugin screens 221 * where a callback is provided when the screen is registered. 222 * 223 * The dynamic portion of the hook name, `$page_hook`, refers to a mixture of plugin 224 * page information including: 225 * 1. The page type. If the plugin page is registered as a submenu page, such as for 226 * Settings, the page type would be 'settings'. Otherwise the type is 'toplevel'. 227 * 2. A separator of '_page_'. 228 * 3. The plugin basename minus the file extension. 229 * 230 * Together, the three parts form the `$page_hook`. Citing the example above, 231 * the hook name used would be 'load-settings_page_pluginbasename'. 232 * 233 * @see get_plugin_page_hook() 234 * 235 * @since 2.1.0 236 */ 237 do_action( "load-{$page_hook}" ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores 238 if ( ! isset( $_GET['noheader'] ) ) { 239 require_once ABSPATH . 'wp-admin/admin-header.php'; 240 } 241 242 /** 243 * Used to call the registered callback for a plugin screen. 244 * 245 * This hook uses a dynamic hook name, `$page_hook`, which refers to a mixture of plugin 246 * page information including: 247 * 1. The page type. If the plugin page is registered as a submenu page, such as for 248 * Settings, the page type would be 'settings'. Otherwise the type is 'toplevel'. 249 * 2. A separator of '_page_'. 250 * 3. The plugin basename minus the file extension. 251 * 252 * Together, the three parts form the `$page_hook`. Citing the example above, 253 * the hook name used would be 'settings_page_pluginbasename'. 254 * 255 * @see get_plugin_page_hook() 256 * 257 * @since 1.5.0 258 */ 259 do_action( $page_hook ); 260 } else { 261 if ( validate_file( $plugin_page ) ) { 262 wp_die( __( 'Invalid plugin page.' ) ); 263 } 264 265 if ( ! ( file_exists( WP_PLUGIN_DIR . "/$plugin_page" ) && is_file( WP_PLUGIN_DIR . "/$plugin_page" ) ) 266 && ! ( file_exists( WPMU_PLUGIN_DIR . "/$plugin_page" ) && is_file( WPMU_PLUGIN_DIR . "/$plugin_page" ) ) 267 ) { 268 /* translators: %s: Admin page generated by a plugin. */ 269 wp_die( sprintf( __( 'Cannot load %s.' ), htmlentities( $plugin_page ) ) ); 270 } 271 272 /** 273 * Fires before a particular screen is loaded. 274 * 275 * The load-* hook fires in a number of contexts. This hook is for plugin screens 276 * where the file to load is directly included, rather than the use of a function. 277 * 278 * The dynamic portion of the hook name, `$plugin_page`, refers to the plugin basename. 279 * 280 * @see plugin_basename() 281 * 282 * @since 1.5.0 283 */ 284 do_action( "load-{$plugin_page}" ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores 285 286 if ( ! isset( $_GET['noheader'] ) ) { 287 require_once ABSPATH . 'wp-admin/admin-header.php'; 288 } 289 290 if ( file_exists( WPMU_PLUGIN_DIR . "/$plugin_page" ) ) { 291 include WPMU_PLUGIN_DIR . "/$plugin_page"; 292 } else { 293 include WP_PLUGIN_DIR . "/$plugin_page"; 294 } 295 } 296 297 require_once ABSPATH . 'wp-admin/admin-footer.php'; 298 299 exit; 300} elseif ( isset( $_GET['import'] ) ) { 301 302 $importer = $_GET['import']; 303 304 if ( ! current_user_can( 'import' ) ) { 305 wp_die( __( 'Sorry, you are not allowed to import content into this site.' ) ); 306 } 307 308 if ( validate_file( $importer ) ) { 309 wp_redirect( admin_url( 'import.php?invalid=' . $importer ) ); 310 exit; 311 } 312 313 if ( ! isset( $wp_importers[ $importer ] ) || ! is_callable( $wp_importers[ $importer ][2] ) ) { 314 wp_redirect( admin_url( 'import.php?invalid=' . $importer ) ); 315 exit; 316 } 317 318 /** 319 * Fires before an importer screen is loaded. 320 * 321 * The dynamic portion of the hook name, `$importer`, refers to the importer slug. 322 * 323 * @since 3.5.0 324 */ 325 do_action( "load-importer-{$importer}" ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores 326 327 $parent_file = 'tools.php'; 328 $submenu_file = 'import.php'; 329 $title = __( 'Import' ); 330 331 if ( ! isset( $_GET['noheader'] ) ) { 332 require_once ABSPATH . 'wp-admin/admin-header.php'; 333 } 334 335 require_once ABSPATH . 'wp-admin/includes/upgrade.php'; 336 337 define( 'WP_IMPORTING', true ); 338 339 /** 340 * Whether to filter imported data through kses on import. 341 * 342 * Multisite uses this hook to filter all data through kses by default, 343 * as a super administrator may be assisting an untrusted user. 344 * 345 * @since 3.1.0 346 * 347 * @param bool $force Whether to force data to be filtered through kses. Default false. 348 */ 349 if ( apply_filters( 'force_filtered_html_on_import', false ) ) { 350 kses_init_filters(); // Always filter imported data with kses on multisite. 351 } 352 353 call_user_func( $wp_importers[ $importer ][2] ); 354 355 require_once ABSPATH . 'wp-admin/admin-footer.php'; 356 357 // Make sure rules are flushed. 358 flush_rewrite_rules( false ); 359 360 exit; 361} else { 362 /** 363 * Fires before a particular screen is loaded. 364 * 365 * The load-* hook fires in a number of contexts. This hook is for core screens. 366 * 367 * The dynamic portion of the hook name, `$pagenow`, is a global variable 368 * referring to the filename of the current page, such as 'admin.php', 369 * 'post-new.php' etc. A complete hook for the latter would be 370 * 'load-post-new.php'. 371 * 372 * @since 2.1.0 373 */ 374 do_action( "load-{$pagenow}" ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores 375 376 /* 377 * The following hooks are fired to ensure backward compatibility. 378 * In all other cases, 'load-' . $pagenow should be used instead. 379 */ 380 if ( 'page' === $typenow ) { 381 if ( 'post-new.php' === $pagenow ) { 382 do_action( 'load-page-new.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores 383 } elseif ( 'post.php' === $pagenow ) { 384 do_action( 'load-page.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores 385 } 386 } elseif ( 'edit-tags.php' === $pagenow ) { 387 if ( 'category' === $taxnow ) { 388 do_action( 'load-categories.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores 389 } elseif ( 'link_category' === $taxnow ) { 390 do_action( 'load-edit-link-categories.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores 391 } 392 } elseif ( 'term.php' === $pagenow ) { 393 do_action( 'load-edit-tags.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores 394 } 395} 396 397if ( ! empty( $_REQUEST['action'] ) ) { 398 $action = $_REQUEST['action']; 399 400 /** 401 * Fires when an 'action' request variable is sent. 402 * 403 * The dynamic portion of the hook name, `$action`, refers to 404 * the action derived from the `GET` or `POST` request. 405 * 406 * @since 2.6.0 407 */ 408 do_action( "admin_action_{$action}" ); 409} 410