1<?php
2/**
3 * WordPress Administration Bootstrap
4 *
5 * @package WordPress
6 * @subpackage Administration
7 */
8
9/**
10 * In WordPress Administration Screens
11 *
12 * @since 2.3.2
13 */
14if ( ! defined( 'WP_ADMIN' ) ) {
15	define( 'WP_ADMIN', true );
16}
17
18if ( ! defined( 'WP_NETWORK_ADMIN' ) ) {
19	define( 'WP_NETWORK_ADMIN', false );
20}
21
22if ( ! defined( 'WP_USER_ADMIN' ) ) {
23	define( 'WP_USER_ADMIN', false );
24}
25
26if ( ! WP_NETWORK_ADMIN && ! WP_USER_ADMIN ) {
27	define( 'WP_BLOG_ADMIN', true );
28}
29
30if ( isset( $_GET['import'] ) && ! defined( 'WP_LOAD_IMPORTERS' ) ) {
31	define( 'WP_LOAD_IMPORTERS', true );
32}
33
34require_once dirname( __DIR__ ) . '/wp-load.php';
35
36nocache_headers();
37
38if ( get_option( 'db_upgraded' ) ) {
39
40	flush_rewrite_rules();
41	update_option( 'db_upgraded', false );
42
43	/**
44	 * Fires on the next page load after a successful DB upgrade.
45	 *
46	 * @since 2.8.0
47	 */
48	do_action( 'after_db_upgrade' );
49
50} elseif ( ! wp_doing_ajax() && empty( $_POST )
51	&& (int) get_option( 'db_version' ) !== $wp_db_version
52) {
53
54	if ( ! is_multisite() ) {
55		wp_redirect( admin_url( 'upgrade.php?_wp_http_referer=' . urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) );
56		exit;
57	}
58
59	/**
60	 * Filters whether to attempt to perform the multisite DB upgrade routine.
61	 *
62	 * In single site, the user would be redirected to wp-admin/upgrade.php.
63	 * In multisite, the DB upgrade routine is automatically fired, but only
64	 * when this filter returns true.
65	 *
66	 * If the network is 50 sites or less, it will run every time. Otherwise,
67	 * it will throttle itself to reduce load.
68	 *
69	 * @since MU (3.0.0)
70	 *
71	 * @param bool $do_mu_upgrade Whether to perform the Multisite upgrade routine. Default true.
72	 */
73	if ( apply_filters( 'do_mu_upgrade', true ) ) {
74		$c = get_blog_count();
75
76		/*
77		 * If there are 50 or fewer sites, run every time. Otherwise, throttle to reduce load:
78		 * attempt to do no more than threshold value, with some +/- allowed.
79		 */
80		if ( $c <= 50 || ( $c > 50 && mt_rand( 0, (int) ( $c / 50 ) ) === 1 ) ) {
81			require_once ABSPATH . WPINC . '/http.php';
82			$response = wp_remote_get(
83				admin_url( 'upgrade.php?step=1' ),
84				array(
85					'timeout'     => 120,
86					'httpversion' => '1.1',
87				)
88			);
89			/** This action is documented in wp-admin/network/upgrade.php */
90			do_action( 'after_mu_upgrade', $response );
91			unset( $response );
92		}
93		unset( $c );
94	}
95}
96
97require_once ABSPATH . 'wp-admin/includes/admin.php';
98
99auth_redirect();
100
101// Schedule Trash collection.
102if ( ! wp_next_scheduled( 'wp_scheduled_delete' ) && ! wp_installing() ) {
103	wp_schedule_event( time(), 'daily', 'wp_scheduled_delete' );
104}
105
106// Schedule transient cleanup.
107if ( ! wp_next_scheduled( 'delete_expired_transients' ) && ! wp_installing() ) {
108	wp_schedule_event( time(), 'daily', 'delete_expired_transients' );
109}
110
111set_screen_options();
112
113$date_format = __( 'F j, Y' );
114$time_format = __( 'g:i a' );
115
116wp_enqueue_script( 'common' );
117
118/**
119 * $pagenow is set in vars.php
120 * $wp_importers is sometimes set in wp-admin/includes/import.php
121 * The remaining variables are imported as globals elsewhere, declared as globals here
122 *
123 * @global string $pagenow
124 * @global array  $wp_importers
125 * @global string $hook_suffix
126 * @global string $plugin_page
127 * @global string $typenow
128 * @global string $taxnow
129 */
130global $pagenow, $wp_importers, $hook_suffix, $plugin_page, $typenow, $taxnow;
131
132$page_hook = null;
133
134$editing = false;
135
136if ( isset( $_GET['page'] ) ) {
137	$plugin_page = wp_unslash( $_GET['page'] );
138	$plugin_page = plugin_basename( $plugin_page );
139}
140
141if ( isset( $_REQUEST['post_type'] ) && post_type_exists( $_REQUEST['post_type'] ) ) {
142	$typenow = $_REQUEST['post_type'];
143} else {
144	$typenow = '';
145}
146
147if ( isset( $_REQUEST['taxonomy'] ) && taxonomy_exists( $_REQUEST['taxonomy'] ) ) {
148	$taxnow = $_REQUEST['taxonomy'];
149} else {
150	$taxnow = '';
151}
152
153if ( WP_NETWORK_ADMIN ) {
154	require ABSPATH . 'wp-admin/network/menu.php';
155} elseif ( WP_USER_ADMIN ) {
156	require ABSPATH . 'wp-admin/user/menu.php';
157} else {
158	require ABSPATH . 'wp-admin/menu.php';
159}
160
161if ( current_user_can( 'manage_options' ) ) {
162	wp_raise_memory_limit( 'admin' );
163}
164
165/**
166 * Fires as an admin screen or script is being initialized.
167 *
168 * Note, this does not just run on user-facing admin screens.
169 * It runs on admin-ajax.php and admin-post.php as well.
170 *
171 * This is roughly analogous to the more general {@see 'init'} hook, which fires earlier.
172 *
173 * @since 2.5.0
174 */
175do_action( 'admin_init' );
176
177if ( isset( $plugin_page ) ) {
178	if ( ! empty( $typenow ) ) {
179		$the_parent = $pagenow . '?post_type=' . $typenow;
180	} else {
181		$the_parent = $pagenow;
182	}
183
184	$page_hook = get_plugin_page_hook( $plugin_page, $the_parent );
185	if ( ! $page_hook ) {
186		$page_hook = get_plugin_page_hook( $plugin_page, $plugin_page );
187
188		// Back-compat for plugins using add_management_page().
189		if ( empty( $page_hook ) && 'edit.php' === $pagenow && get_plugin_page_hook( $plugin_page, 'tools.php' ) ) {
190			// There could be plugin specific params on the URL, so we need the whole query string.
191			if ( ! empty( $_SERVER['QUERY_STRING'] ) ) {
192				$query_string = $_SERVER['QUERY_STRING'];
193			} else {
194				$query_string = 'page=' . $plugin_page;
195			}
196			wp_redirect( admin_url( 'tools.php?' . $query_string ) );
197			exit;
198		}
199	}
200	unset( $the_parent );
201}
202
203$hook_suffix = '';
204if ( isset( $page_hook ) ) {
205	$hook_suffix = $page_hook;
206} elseif ( isset( $plugin_page ) ) {
207	$hook_suffix = $plugin_page;
208} elseif ( isset( $pagenow ) ) {
209	$hook_suffix = $pagenow;
210}
211
212set_current_screen();
213
214// Handle plugin admin pages.
215if ( isset( $plugin_page ) ) {
216	if ( $page_hook ) {
217		/**
218		 * Fires before a particular screen is loaded.
219		 *
220		 * The load-* hook fires in a number of contexts. This hook is for plugin screens
221		 * where a callback is provided when the screen is registered.
222		 *
223		 * The dynamic portion of the hook name, `$page_hook`, refers to a mixture of plugin
224		 * page information including:
225		 * 1. The page type. If the plugin page is registered as a submenu page, such as for
226		 *    Settings, the page type would be 'settings'. Otherwise the type is 'toplevel'.
227		 * 2. A separator of '_page_'.
228		 * 3. The plugin basename minus the file extension.
229		 *
230		 * Together, the three parts form the `$page_hook`. Citing the example above,
231		 * the hook name used would be 'load-settings_page_pluginbasename'.
232		 *
233		 * @see get_plugin_page_hook()
234		 *
235		 * @since 2.1.0
236		 */
237		do_action( "load-{$page_hook}" ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
238		if ( ! isset( $_GET['noheader'] ) ) {
239			require_once ABSPATH . 'wp-admin/admin-header.php';
240		}
241
242		/**
243		 * Used to call the registered callback for a plugin screen.
244		 *
245		 * This hook uses a dynamic hook name, `$page_hook`, which refers to a mixture of plugin
246		 * page information including:
247		 * 1. The page type. If the plugin page is registered as a submenu page, such as for
248		 *    Settings, the page type would be 'settings'. Otherwise the type is 'toplevel'.
249		 * 2. A separator of '_page_'.
250		 * 3. The plugin basename minus the file extension.
251		 *
252		 * Together, the three parts form the `$page_hook`. Citing the example above,
253		 * the hook name used would be 'settings_page_pluginbasename'.
254		 *
255		 * @see get_plugin_page_hook()
256		 *
257		 * @since 1.5.0
258		 */
259		do_action( $page_hook );
260	} else {
261		if ( validate_file( $plugin_page ) ) {
262			wp_die( __( 'Invalid plugin page.' ) );
263		}
264
265		if ( ! ( file_exists( WP_PLUGIN_DIR . "/$plugin_page" ) && is_file( WP_PLUGIN_DIR . "/$plugin_page" ) )
266			&& ! ( file_exists( WPMU_PLUGIN_DIR . "/$plugin_page" ) && is_file( WPMU_PLUGIN_DIR . "/$plugin_page" ) )
267		) {
268			/* translators: %s: Admin page generated by a plugin. */
269			wp_die( sprintf( __( 'Cannot load %s.' ), htmlentities( $plugin_page ) ) );
270		}
271
272		/**
273		 * Fires before a particular screen is loaded.
274		 *
275		 * The load-* hook fires in a number of contexts. This hook is for plugin screens
276		 * where the file to load is directly included, rather than the use of a function.
277		 *
278		 * The dynamic portion of the hook name, `$plugin_page`, refers to the plugin basename.
279		 *
280		 * @see plugin_basename()
281		 *
282		 * @since 1.5.0
283		 */
284		do_action( "load-{$plugin_page}" ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
285
286		if ( ! isset( $_GET['noheader'] ) ) {
287			require_once ABSPATH . 'wp-admin/admin-header.php';
288		}
289
290		if ( file_exists( WPMU_PLUGIN_DIR . "/$plugin_page" ) ) {
291			include WPMU_PLUGIN_DIR . "/$plugin_page";
292		} else {
293			include WP_PLUGIN_DIR . "/$plugin_page";
294		}
295	}
296
297	require_once ABSPATH . 'wp-admin/admin-footer.php';
298
299	exit;
300} elseif ( isset( $_GET['import'] ) ) {
301
302	$importer = $_GET['import'];
303
304	if ( ! current_user_can( 'import' ) ) {
305		wp_die( __( 'Sorry, you are not allowed to import content into this site.' ) );
306	}
307
308	if ( validate_file( $importer ) ) {
309		wp_redirect( admin_url( 'import.php?invalid=' . $importer ) );
310		exit;
311	}
312
313	if ( ! isset( $wp_importers[ $importer ] ) || ! is_callable( $wp_importers[ $importer ][2] ) ) {
314		wp_redirect( admin_url( 'import.php?invalid=' . $importer ) );
315		exit;
316	}
317
318	/**
319	 * Fires before an importer screen is loaded.
320	 *
321	 * The dynamic portion of the hook name, `$importer`, refers to the importer slug.
322	 *
323	 * @since 3.5.0
324	 */
325	do_action( "load-importer-{$importer}" ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
326
327	$parent_file  = 'tools.php';
328	$submenu_file = 'import.php';
329	$title        = __( 'Import' );
330
331	if ( ! isset( $_GET['noheader'] ) ) {
332		require_once ABSPATH . 'wp-admin/admin-header.php';
333	}
334
335	require_once ABSPATH . 'wp-admin/includes/upgrade.php';
336
337	define( 'WP_IMPORTING', true );
338
339	/**
340	 * Whether to filter imported data through kses on import.
341	 *
342	 * Multisite uses this hook to filter all data through kses by default,
343	 * as a super administrator may be assisting an untrusted user.
344	 *
345	 * @since 3.1.0
346	 *
347	 * @param bool $force Whether to force data to be filtered through kses. Default false.
348	 */
349	if ( apply_filters( 'force_filtered_html_on_import', false ) ) {
350		kses_init_filters();  // Always filter imported data with kses on multisite.
351	}
352
353	call_user_func( $wp_importers[ $importer ][2] );
354
355	require_once ABSPATH . 'wp-admin/admin-footer.php';
356
357	// Make sure rules are flushed.
358	flush_rewrite_rules( false );
359
360	exit;
361} else {
362	/**
363	 * Fires before a particular screen is loaded.
364	 *
365	 * The load-* hook fires in a number of contexts. This hook is for core screens.
366	 *
367	 * The dynamic portion of the hook name, `$pagenow`, is a global variable
368	 * referring to the filename of the current page, such as 'admin.php',
369	 * 'post-new.php' etc. A complete hook for the latter would be
370	 * 'load-post-new.php'.
371	 *
372	 * @since 2.1.0
373	 */
374	do_action( "load-{$pagenow}" ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
375
376	/*
377	 * The following hooks are fired to ensure backward compatibility.
378	 * In all other cases, 'load-' . $pagenow should be used instead.
379	 */
380	if ( 'page' === $typenow ) {
381		if ( 'post-new.php' === $pagenow ) {
382			do_action( 'load-page-new.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
383		} elseif ( 'post.php' === $pagenow ) {
384			do_action( 'load-page.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
385		}
386	} elseif ( 'edit-tags.php' === $pagenow ) {
387		if ( 'category' === $taxnow ) {
388			do_action( 'load-categories.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
389		} elseif ( 'link_category' === $taxnow ) {
390			do_action( 'load-edit-link-categories.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
391		}
392	} elseif ( 'term.php' === $pagenow ) {
393		do_action( 'load-edit-tags.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
394	}
395}
396
397if ( ! empty( $_REQUEST['action'] ) ) {
398	$action = $_REQUEST['action'];
399
400	/**
401	 * Fires when an 'action' request variable is sent.
402	 *
403	 * The dynamic portion of the hook name, `$action`, refers to
404	 * the action derived from the `GET` or `POST` request.
405	 *
406	 * @since 2.6.0
407	 */
408	do_action( "admin_action_{$action}" );
409}
410