| [ Index ] |
PHP Cross Reference of WordPress Trunk (Updated Daily) |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * Core HTTP Request API 4 * 5 * Standardizes the HTTP requests for WordPress. Handles cookies, gzip encoding and decoding, chunk 6 * decoding, if HTTP 1.1 and various other difficult HTTP protocol implementations. 7 * 8 * @package WordPress 9 * @subpackage HTTP 10 */ 11 12 /** 13 * Returns the initialized WP_Http Object 14 * 15 * @since 2.7.0 16 * @access private 17 * 18 * @return WP_Http HTTP Transport object. 19 */ 20 function _wp_http_get_object() { 21 static $http = null; 22 23 if ( is_null( $http ) ) { 24 $http = new WP_Http(); 25 } 26 return $http; 27 } 28 29 /** 30 * Retrieves the raw response from a safe HTTP request. 31 * 32 * This function is ideal when the HTTP request is being made to an arbitrary 33 * URL. The URL, and every URL it redirects to, are validated with wp_http_validate_url() 34 * to avoid Server Side Request Forgery attacks (SSRF). 35 * 36 * The only supported protocols are `http` and `https`. 37 * 38 * @since 3.6.0 39 * 40 * @see wp_remote_request() For more information on the response array format. 41 * @see WP_Http::request() For default arguments information. 42 * @see wp_http_validate_url() For more information about how the URL is validated. 43 * 44 * @link https://owasp.org/www-community/attacks/Server_Side_Request_Forgery 45 * 46 * @param string $url URL to retrieve. 47 * @param array $args Optional. Request arguments. Default empty array. 48 * See WP_Http::request() for information on accepted arguments. 49 * @return array|WP_Error The response or WP_Error on failure. 50 * See WP_Http::request() for information on return value. 51 */ 52 function wp_safe_remote_request( $url, $args = array() ) { 53 $args['reject_unsafe_urls'] = true; 54 $http = _wp_http_get_object(); 55 return $http->request( $url, $args ); 56 } 57 58 /** 59 * Retrieves the raw response from a safe HTTP request using the GET method. 60 * 61 * This function is ideal when the HTTP request is being made to an arbitrary 62 * URL. The URL, and every URL it redirects to, are validated with wp_http_validate_url() 63 * to avoid Server Side Request Forgery attacks (SSRF). 64 * 65 * The only supported protocols are `http` and `https`. 66 * 67 * @since 3.6.0 68 * 69 * @see wp_remote_request() For more information on the response array format. 70 * @see WP_Http::request() For default arguments information. 71 * @see wp_http_validate_url() For more information about how the URL is validated. 72 * 73 * @link https://owasp.org/www-community/attacks/Server_Side_Request_Forgery 74 * 75 * @param string $url URL to retrieve. 76 * @param array $args Optional. Request arguments. Default empty array. 77 * See WP_Http::request() for information on accepted arguments. 78 * @return array|WP_Error The response or WP_Error on failure. 79 * See WP_Http::request() for information on return value. 80 */ 81 function wp_safe_remote_get( $url, $args = array() ) { 82 $args['reject_unsafe_urls'] = true; 83 $http = _wp_http_get_object(); 84 return $http->get( $url, $args ); 85 } 86 87 /** 88 * Retrieves the raw response from a safe HTTP request using the POST method. 89 * 90 * This function is ideal when the HTTP request is being made to an arbitrary 91 * URL. The URL, and every URL it redirects to, are validated with wp_http_validate_url() 92 * to avoid Server Side Request Forgery attacks (SSRF). 93 * 94 * The only supported protocols are `http` and `https`. 95 * 96 * @since 3.6.0 97 * 98 * @see wp_remote_request() For more information on the response array format. 99 * @see WP_Http::request() For default arguments information. 100 * @see wp_http_validate_url() For more information about how the URL is validated. 101 * 102 * @link https://owasp.org/www-community/attacks/Server_Side_Request_Forgery 103 * 104 * @param string $url URL to retrieve. 105 * @param array $args Optional. Request arguments. Default empty array. 106 * See WP_Http::request() for information on accepted arguments. 107 * @return array|WP_Error The response or WP_Error on failure. 108 * See WP_Http::request() for information on return value. 109 */ 110 function wp_safe_remote_post( $url, $args = array() ) { 111 $args['reject_unsafe_urls'] = true; 112 $http = _wp_http_get_object(); 113 return $http->post( $url, $args ); 114 } 115 116 /** 117 * Retrieves the raw response from a safe HTTP request using the HEAD method. 118 * 119 * This function is ideal when the HTTP request is being made to an arbitrary 120 * URL. The URL, and every URL it redirects to, are validated with wp_http_validate_url() 121 * to avoid Server Side Request Forgery attacks (SSRF). 122 * 123 * The only supported protocols are `http` and `https`. 124 * 125 * @since 3.6.0 126 * 127 * @see wp_remote_request() For more information on the response array format. 128 * @see WP_Http::request() For default arguments information. 129 * @see wp_http_validate_url() For more information about how the URL is validated. 130 * 131 * @link https://owasp.org/www-community/attacks/Server_Side_Request_Forgery 132 * 133 * @param string $url URL to retrieve. 134 * @param array $args Optional. Request arguments. Default empty array. 135 * See WP_Http::request() for information on accepted arguments. 136 * @return array|WP_Error The response or WP_Error on failure. 137 * See WP_Http::request() for information on return value. 138 */ 139 function wp_safe_remote_head( $url, $args = array() ) { 140 $args['reject_unsafe_urls'] = true; 141 $http = _wp_http_get_object(); 142 return $http->head( $url, $args ); 143 } 144 145 /** 146 * Performs an HTTP request and returns its response. 147 * 148 * There are other API functions available which abstract away the HTTP method: 149 * 150 * - Default 'GET' for wp_remote_get() 151 * - Default 'POST' for wp_remote_post() 152 * - Default 'HEAD' for wp_remote_head() 153 * 154 * Important: If the URL is user-controlled, use `wp_safe_remote_request()` instead. 155 * 156 * @since 2.7.0 157 * 158 * @see WP_Http::request() For information on default arguments. 159 * 160 * @param string $url URL to retrieve. 161 * @param array $args Optional. Request arguments. Default empty array. 162 * See WP_Http::request() for information on accepted arguments. 163 * @return array|WP_Error The response array or a WP_Error on failure. 164 * See WP_Http::request() for information on return value. 165 */ 166 function wp_remote_request( $url, $args = array() ) { 167 $http = _wp_http_get_object(); 168 return $http->request( $url, $args ); 169 } 170 171 /** 172 * Performs an HTTP request using the GET method and returns its response. 173 * 174 * Important: If the URL is user-controlled, use `wp_safe_remote_get()` instead. 175 * 176 * @since 2.7.0 177 * 178 * @see wp_remote_request() For more information on the response array format. 179 * @see WP_Http::request() For default arguments information. 180 * 181 * @param string $url URL to retrieve. 182 * @param array $args Optional. Request arguments. Default empty array. 183 * See WP_Http::request() for information on accepted arguments. 184 * @return array|WP_Error The response or WP_Error on failure. 185 * See WP_Http::request() for information on return value. 186 */ 187 function wp_remote_get( $url, $args = array() ) { 188 $http = _wp_http_get_object(); 189 return $http->get( $url, $args ); 190 } 191 192 /** 193 * Performs an HTTP request using the POST method and returns its response. 194 * 195 * Important: If the URL is user-controlled, use `wp_safe_remote_post()` instead. 196 * 197 * @since 2.7.0 198 * 199 * @see wp_remote_request() For more information on the response array format. 200 * @see WP_Http::request() For default arguments information. 201 * 202 * @param string $url URL to retrieve. 203 * @param array $args Optional. Request arguments. Default empty array. 204 * See WP_Http::request() for information on accepted arguments. 205 * @return array|WP_Error The response or WP_Error on failure. 206 * See WP_Http::request() for information on return value. 207 */ 208 function wp_remote_post( $url, $args = array() ) { 209 $http = _wp_http_get_object(); 210 return $http->post( $url, $args ); 211 } 212 213 /** 214 * Performs an HTTP request using the HEAD method and returns its response. 215 * 216 * Important: If the URL is user-controlled, use `wp_safe_remote_head()` instead. 217 * 218 * @since 2.7.0 219 * 220 * @see wp_remote_request() For more information on the response array format. 221 * @see WP_Http::request() For default arguments information. 222 * 223 * @param string $url URL to retrieve. 224 * @param array $args Optional. Request arguments. Default empty array. 225 * See WP_Http::request() for information on accepted arguments. 226 * @return array|WP_Error The response or WP_Error on failure. 227 * See WP_Http::request() for information on return value. 228 */ 229 function wp_remote_head( $url, $args = array() ) { 230 $http = _wp_http_get_object(); 231 return $http->head( $url, $args ); 232 } 233 234 /** 235 * Retrieves only the headers from the raw response. 236 * 237 * @since 2.7.0 238 * @since 4.6.0 Return value changed from an array to an WpOrg\Requests\Utility\CaseInsensitiveDictionary instance. 239 * 240 * @see \WpOrg\Requests\Utility\CaseInsensitiveDictionary 241 * 242 * @param array|WP_Error $response HTTP response. 243 * @return \WpOrg\Requests\Utility\CaseInsensitiveDictionary|array The headers of the response, or empty array 244 * if incorrect parameter given. 245 */ 246 function wp_remote_retrieve_headers( $response ) { 247 if ( is_wp_error( $response ) || ! isset( $response['headers'] ) ) { 248 return array(); 249 } 250 251 return $response['headers']; 252 } 253 254 /** 255 * Retrieves a single header by name from the raw response. 256 * 257 * @since 2.7.0 258 * 259 * @param array|WP_Error $response HTTP response. 260 * @param string $header Header name to retrieve value from. 261 * @return array|string The header(s) value(s). Array if multiple headers with the same name are retrieved. 262 * Empty string if incorrect parameter given, or if the header doesn't exist. 263 */ 264 function wp_remote_retrieve_header( $response, $header ) { 265 if ( is_wp_error( $response ) || ! isset( $response['headers'] ) ) { 266 return ''; 267 } 268 269 return $response['headers'][ $header ] ?? ''; 270 } 271 272 /** 273 * Retrieves only the response code from the raw response. 274 * 275 * Will return an empty string if incorrect parameter value is given. 276 * 277 * @since 2.7.0 278 * 279 * @param array|WP_Error $response HTTP response. 280 * @return int|string The response code as an integer. Empty string if incorrect parameter given. 281 */ 282 function wp_remote_retrieve_response_code( $response ) { 283 if ( is_wp_error( $response ) || ! isset( $response['response'] ) || ! is_array( $response['response'] ) ) { 284 return ''; 285 } 286 287 return $response['response']['code']; 288 } 289 290 /** 291 * Retrieves only the response message from the raw response. 292 * 293 * Will return an empty string if incorrect parameter value is given. 294 * 295 * @since 2.7.0 296 * 297 * @param array|WP_Error $response HTTP response. 298 * @return string The response message. Empty string if incorrect parameter given. 299 */ 300 function wp_remote_retrieve_response_message( $response ) { 301 if ( is_wp_error( $response ) || ! isset( $response['response'] ) || ! is_array( $response['response'] ) ) { 302 return ''; 303 } 304 305 return $response['response']['message']; 306 } 307 308 /** 309 * Retrieves only the body from the raw response. 310 * 311 * @since 2.7.0 312 * 313 * @param array|WP_Error $response HTTP response. 314 * @return string The body of the response. Empty string if no body or incorrect parameter given. 315 */ 316 function wp_remote_retrieve_body( $response ) { 317 if ( is_wp_error( $response ) || ! isset( $response['body'] ) ) { 318 return ''; 319 } 320 321 return $response['body']; 322 } 323 324 /** 325 * Retrieves only the cookies from the raw response. 326 * 327 * @since 4.4.0 328 * 329 * @param array|WP_Error $response HTTP response. 330 * @return WP_Http_Cookie[] An array of `WP_Http_Cookie` objects from the response. 331 * Empty array if there are none, or the response is a WP_Error. 332 */ 333 function wp_remote_retrieve_cookies( $response ) { 334 if ( is_wp_error( $response ) || empty( $response['cookies'] ) ) { 335 return array(); 336 } 337 338 return $response['cookies']; 339 } 340 341 /** 342 * Retrieves a single cookie by name from the raw response. 343 * 344 * @since 4.4.0 345 * 346 * @param array|WP_Error $response HTTP response. 347 * @param string $name The name of the cookie to retrieve. 348 * @return WP_Http_Cookie|string The `WP_Http_Cookie` object, or empty string 349 * if the cookie is not present in the response. 350 */ 351 function wp_remote_retrieve_cookie( $response, $name ) { 352 $cookies = wp_remote_retrieve_cookies( $response ); 353 354 if ( empty( $cookies ) ) { 355 return ''; 356 } 357 358 foreach ( $cookies as $cookie ) { 359 if ( $cookie->name === $name ) { 360 return $cookie; 361 } 362 } 363 364 return ''; 365 } 366 367 /** 368 * Retrieves a single cookie's value by name from the raw response. 369 * 370 * @since 4.4.0 371 * 372 * @param array|WP_Error $response HTTP response. 373 * @param string $name The name of the cookie to retrieve. 374 * @return string The value of the cookie, or empty string 375 * if the cookie is not present in the response. 376 */ 377 function wp_remote_retrieve_cookie_value( $response, $name ) { 378 $cookie = wp_remote_retrieve_cookie( $response, $name ); 379 380 if ( ! ( $cookie instanceof WP_Http_Cookie ) ) { 381 return ''; 382 } 383 384 return $cookie->value; 385 } 386 387 /** 388 * Determines if there is an HTTP Transport that can process this request. 389 * 390 * @since 3.2.0 391 * 392 * @param array $capabilities Array of capabilities to test or a wp_remote_request() $args array. 393 * @param string $url Optional. If given, will check if the URL requires SSL and adds 394 * that requirement to the capabilities array. 395 * 396 * @return bool 397 */ 398 function wp_http_supports( $capabilities = array(), $url = null ) { 399 $capabilities = wp_parse_args( $capabilities ); 400 401 $count = count( $capabilities ); 402 403 // If we have a numeric $capabilities array, spoof a wp_remote_request() associative $args array. 404 if ( $count && count( array_filter( array_keys( $capabilities ), 'is_numeric' ) ) === $count ) { 405 $capabilities = array_combine( array_values( $capabilities ), array_fill( 0, $count, true ) ); 406 } 407 408 if ( $url && ! isset( $capabilities['ssl'] ) ) { 409 $scheme = parse_url( $url, PHP_URL_SCHEME ); 410 if ( 'https' === $scheme || 'ssl' === $scheme ) { 411 $capabilities['ssl'] = true; 412 } 413 } 414 415 return WpOrg\Requests\Requests::has_capabilities( $capabilities ); 416 } 417 418 /** 419 * Gets the HTTP Origin of the current request. 420 * 421 * @since 3.4.0 422 * 423 * @return string URL of the origin. Empty string if no origin. 424 */ 425 function get_http_origin() { 426 $origin = ''; 427 if ( ! empty( $_SERVER['HTTP_ORIGIN'] ) ) { 428 $origin = $_SERVER['HTTP_ORIGIN']; 429 } 430 431 /** 432 * Changes the origin of an HTTP request. 433 * 434 * @since 3.4.0 435 * 436 * @param string $origin The HTTP origin for the request. 437 */ 438 return apply_filters( 'http_origin', $origin ); 439 } 440 441 /** 442 * Retrieves list of allowed HTTP origins. 443 * 444 * @since 3.4.0 445 * 446 * @return string[] Array of origin URLs. 447 */ 448 function get_allowed_http_origins() { 449 $admin_origin = parse_url( admin_url() ); 450 $home_origin = parse_url( home_url() ); 451 452 // @todo Preserve port? 453 $allowed_origins = array_unique( 454 array( 455 'http://' . $admin_origin['host'], 456 'https://' . $admin_origin['host'], 457 'http://' . $home_origin['host'], 458 'https://' . $home_origin['host'], 459 ) 460 ); 461 462 /** 463 * Changes the origin types allowed for HTTP requests. 464 * 465 * @since 3.4.0 466 * 467 * @param string[] $allowed_origins Array of allowed HTTP origins. 468 */ 469 return apply_filters( 'allowed_http_origins', $allowed_origins ); 470 } 471 472 /** 473 * Determines if the HTTP origin is an authorized one. 474 * 475 * @since 3.4.0 476 * 477 * @param string|null $origin Origin URL. If not provided, the value of get_http_origin() is used. 478 * @return string Origin URL if allowed, empty string if not. 479 */ 480 function is_allowed_http_origin( $origin = null ) { 481 $origin_arg = $origin; 482 483 if ( null === $origin ) { 484 $origin = get_http_origin(); 485 } 486 487 if ( $origin && ! in_array( $origin, get_allowed_http_origins(), true ) ) { 488 $origin = ''; 489 } 490 491 /** 492 * Changes the allowed HTTP origin result. 493 * 494 * @since 3.4.0 495 * 496 * @param string $origin Origin URL if allowed, empty string if not. 497 * @param string $origin_arg Original origin string passed into is_allowed_http_origin function. 498 */ 499 return apply_filters( 'allowed_http_origin', $origin, $origin_arg ); 500 } 501 502 /** 503 * Sends Access-Control-Allow-Origin and related headers if the current request 504 * is from an allowed origin. 505 * 506 * If the request is an OPTIONS request, the script exits with either access 507 * control headers sent, or a 403 response if the origin is not allowed. For 508 * other request methods, you will receive a return value. 509 * 510 * @since 3.4.0 511 * 512 * @return string|false Returns the origin URL if headers are sent. Returns false 513 * if headers are not sent. 514 */ 515 function send_origin_headers() { 516 $origin = get_http_origin(); 517 518 if ( is_allowed_http_origin( $origin ) ) { 519 header( 'Access-Control-Allow-Origin: ' . $origin ); 520 header( 'Access-Control-Allow-Credentials: true' ); 521 if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) { 522 exit; 523 } 524 return $origin; 525 } 526 527 if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) { 528 status_header( 403 ); 529 exit; 530 } 531 532 return false; 533 } 534 535 /** 536 * Validates a URL as safe for use in the HTTP API. 537 * 538 * The only supported protocols are `http` and `https`. 539 * 540 * Examples of URLs that are considered unsafe: 541 * 542 * - `ftp://example.com/caniload.php` - Invalid protocol - only http and https are allowed. 543 * - `http:///example.com/caniload.php` - Malformed URL. 544 * - `http://user:pass@example.com/caniload.php` - Login information. 545 * - `http://example.invalid/caniload.php` - Invalid hostname, as the IP cannot be looked up in DNS. 546 * 547 * Examples of URLs that are considered unsafe by default but can be allowed with filters: 548 * 549 * - `http://192.168.0.1/caniload.php` - IP address from LAN network. 550 * This can be changed with the {@see 'http_request_host_is_external'} filter. 551 * - `http://198.143.164.252:81/caniload.php` - By default, only ports 80, 443, and 8080 are allowed. 552 * This can be changed with the {@see 'http_allowed_safe_ports'} filter. 553 * 554 * @since 3.5.2 555 * 556 * @param string $url Request URL. 557 * @return string|false Returns false if the URL is not safe, or the original URL if it is safe. 558 */ 559 function wp_http_validate_url( $url ) { 560 if ( ! is_string( $url ) || '' === $url || is_numeric( $url ) ) { 561 return false; 562 } 563 564 $original_url = $url; 565 $url = wp_kses_bad_protocol( $url, array( 'http', 'https' ) ); 566 if ( ! $url || strtolower( $url ) !== strtolower( $original_url ) ) { 567 return false; 568 } 569 570 $parsed_url = parse_url( $url ); 571 if ( ! $parsed_url || empty( $parsed_url['host'] ) ) { 572 return false; 573 } 574 575 if ( isset( $parsed_url['user'] ) || isset( $parsed_url['pass'] ) ) { 576 return false; 577 } 578 579 if ( false !== strpbrk( $parsed_url['host'], ':#?[]' ) ) { 580 return false; 581 } 582 583 $parsed_home = parse_url( get_option( 'home' ) ); 584 $same_host = isset( $parsed_home['host'] ) && strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] ); 585 $host = trim( $parsed_url['host'], '.' ); 586 587 if ( ! $same_host ) { 588 if ( preg_match( '#^(([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)\.){3}([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)$#', $host ) ) { 589 $ip = $host; 590 } else { 591 $ip = gethostbyname( $host ); 592 if ( $ip === $host ) { // Error condition for gethostbyname(). 593 return false; 594 } 595 } 596 if ( $ip ) { 597 $parts = array_map( 'intval', explode( '.', $ip ) ); 598 if ( 127 === $parts[0] || 10 === $parts[0] || 0 === $parts[0] 599 || ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] ) 600 || ( 192 === $parts[0] && 168 === $parts[1] ) 601 ) { 602 // If host appears local, reject unless specifically allowed. 603 /** 604 * Checks if HTTP request is external or not. 605 * 606 * Allows to change and allow external requests for the HTTP request. 607 * 608 * @since 3.6.0 609 * 610 * @param bool $external Whether HTTP request is external or not. 611 * @param string $host Host name of the requested URL. 612 * @param string $url Requested URL. 613 */ 614 if ( ! apply_filters( 'http_request_host_is_external', false, $host, $url ) ) { 615 return false; 616 } 617 } 618 } 619 } 620 621 if ( empty( $parsed_url['port'] ) ) { 622 return $url; 623 } 624 625 $port = $parsed_url['port']; 626 627 /** 628 * Controls the list of ports considered safe in HTTP API. 629 * 630 * Allows to change and allow external requests for the HTTP request. 631 * 632 * @since 5.9.0 633 * 634 * @param int[] $allowed_ports Array of integers for valid ports. Default allowed ports 635 * are 80, 443, and 8080. 636 * @param string $host Host name of the requested URL. 637 * @param string $url Requested URL. 638 */ 639 $allowed_ports = apply_filters( 'http_allowed_safe_ports', array( 80, 443, 8080 ), $host, $url ); 640 if ( is_array( $allowed_ports ) && in_array( $port, $allowed_ports, true ) ) { 641 return $url; 642 } 643 644 if ( $parsed_home && $same_host && isset( $parsed_home['port'] ) && $parsed_home['port'] === $port ) { 645 return $url; 646 } 647 648 return false; 649 } 650 651 /** 652 * Marks allowed redirect hosts safe for HTTP requests as well. 653 * 654 * Attached to the {@see 'http_request_host_is_external'} filter. 655 * 656 * @since 3.6.0 657 * 658 * @param bool $is_external 659 * @param string $host 660 * @return bool 661 */ 662 function allowed_http_request_hosts( $is_external, $host ) { 663 if ( ! $is_external && wp_validate_redirect( 'http://' . $host ) ) { 664 $is_external = true; 665 } 666 return $is_external; 667 } 668 669 /** 670 * Adds any domain in a multisite installation for safe HTTP requests to the 671 * allowed list. 672 * 673 * Attached to the {@see 'http_request_host_is_external'} filter. 674 * 675 * @since 3.6.0 676 * 677 * @global wpdb $wpdb WordPress database abstraction object. 678 * 679 * @param bool $is_external 680 * @param string $host 681 * @return bool 682 */ 683 function ms_allowed_http_request_hosts( $is_external, $host ) { 684 global $wpdb; 685 static $queried = array(); 686 if ( $is_external ) { 687 return $is_external; 688 } 689 if ( get_network()->domain === $host ) { 690 return true; 691 } 692 if ( isset( $queried[ $host ] ) ) { 693 return $queried[ $host ]; 694 } 695 $queried[ $host ] = (bool) $wpdb->get_var( $wpdb->prepare( "SELECT domain FROM $wpdb->blogs WHERE domain = %s LIMIT 1", $host ) ); 696 return $queried[ $host ]; 697 } 698 699 /** 700 * A wrapper for PHP's parse_url() function that handles consistency in the return values 701 * across PHP versions. 702 * 703 * Across various PHP versions, schemeless URLs containing a ":" in the query 704 * are being handled inconsistently. This function works around those differences. 705 * 706 * @since 4.4.0 707 * @since 4.7.0 The `$component` parameter was added for parity with PHP's `parse_url()`. 708 * 709 * @link https://www.php.net/manual/en/function.parse-url.php 710 * 711 * @param string $url The URL to parse. 712 * @param int $component The specific component to retrieve. Use one of the PHP 713 * predefined constants to specify which one. 714 * Defaults to -1 (= return all parts as an array). 715 * @return mixed False on parse failure; Array of URL components on success; 716 * When a specific component has been requested: null if the component 717 * doesn't exist in the given URL; a string or - in the case of 718 * PHP_URL_PORT - integer when it does. See parse_url()'s return values. 719 */ 720 function wp_parse_url( $url, $component = -1 ) { 721 $to_unset = array(); 722 $url = (string) $url; 723 724 if ( str_starts_with( $url, '//' ) ) { 725 $to_unset[] = 'scheme'; 726 $url = 'placeholder:' . $url; 727 } elseif ( str_starts_with( $url, '/' ) ) { 728 $to_unset[] = 'scheme'; 729 $to_unset[] = 'host'; 730 $url = 'placeholder://placeholder' . $url; 731 } 732 733 $parts = parse_url( $url ); 734 735 if ( false === $parts ) { 736 // Parsing failure. 737 return $parts; 738 } 739 740 // Remove the placeholder values. 741 foreach ( $to_unset as $key ) { 742 unset( $parts[ $key ] ); 743 } 744 745 return _get_component_from_parsed_url_array( $parts, $component ); 746 } 747 748 /** 749 * Retrieves a specific component from a parsed URL array. 750 * 751 * @internal 752 * 753 * @since 4.7.0 754 * @access private 755 * 756 * @link https://www.php.net/manual/en/function.parse-url.php 757 * 758 * @param array|false $url_parts The parsed URL. Can be false if the URL failed to parse. 759 * @param int $component The specific component to retrieve. Use one of the PHP 760 * predefined constants to specify which one. 761 * Defaults to -1 (= return all parts as an array). 762 * @return mixed False on parse failure; Array of URL components on success; 763 * When a specific component has been requested: null if the component 764 * doesn't exist in the given URL; a string or - in the case of 765 * PHP_URL_PORT - integer when it does. See parse_url()'s return values. 766 */ 767 function _get_component_from_parsed_url_array( $url_parts, $component = -1 ) { 768 if ( -1 === $component ) { 769 return $url_parts; 770 } 771 772 $key = _wp_translate_php_url_constant_to_key( $component ); 773 if ( false !== $key && is_array( $url_parts ) && isset( $url_parts[ $key ] ) ) { 774 return $url_parts[ $key ]; 775 } else { 776 return null; 777 } 778 } 779 780 /** 781 * Translates a PHP_URL_* constant to the named array keys PHP uses. 782 * 783 * @internal 784 * 785 * @since 4.7.0 786 * @access private 787 * 788 * @link https://www.php.net/manual/en/url.constants.php 789 * 790 * @param int $constant PHP_URL_* constant. 791 * @return string|false The named key or false. 792 */ 793 function _wp_translate_php_url_constant_to_key( $constant ) { 794 $translation = array( 795 PHP_URL_SCHEME => 'scheme', 796 PHP_URL_HOST => 'host', 797 PHP_URL_PORT => 'port', 798 PHP_URL_USER => 'user', 799 PHP_URL_PASS => 'pass', 800 PHP_URL_PATH => 'path', 801 PHP_URL_QUERY => 'query', 802 PHP_URL_FRAGMENT => 'fragment', 803 ); 804 805 if ( isset( $translation[ $constant ] ) ) { 806 return $translation[ $constant ]; 807 } else { 808 return false; 809 } 810 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated : Sat May 2 08:20:14 2026 | Cross-referenced by PHPXref |