This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * WordPress Administration Template Header |
||
4 | * |
||
5 | * @package WordPress |
||
6 | * @subpackage Administration |
||
7 | */ |
||
8 | |||
9 | @header('Content-Type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset')); |
||
0 ignored issues
–
show
|
|||
10 | if ( ! defined( 'WP_ADMIN' ) ) |
||
11 | require_once( dirname( __FILE__ ) . '/admin.php' ); |
||
12 | |||
13 | /** |
||
14 | * In case admin-header.php is included in a function. |
||
15 | * |
||
16 | * @global string $title |
||
17 | * @global string $hook_suffix |
||
18 | * @global WP_Screen $current_screen |
||
19 | * @global WP_Locale $wp_locale |
||
20 | * @global string $pagenow |
||
21 | * @global string $update_title |
||
22 | * @global int $total_update_count |
||
23 | * @global string $parent_file |
||
24 | */ |
||
25 | global $title, $hook_suffix, $current_screen, $wp_locale, $pagenow, |
||
26 | $update_title, $total_update_count, $parent_file; |
||
27 | |||
28 | // Catch plugins that include admin-header.php before admin.php completes. |
||
29 | if ( empty( $current_screen ) ) |
||
30 | set_current_screen(); |
||
31 | |||
32 | get_admin_page_title(); |
||
33 | $title = esc_html( strip_tags( $title ) ); |
||
34 | |||
35 | View Code Duplication | if ( is_network_admin() ) { |
|
36 | /* translators: Network admin screen title. 1: Network name */ |
||
37 | $admin_title = sprintf( __( 'Network Admin: %s' ), esc_html( get_network()->site_name ) ); |
||
38 | } elseif ( is_user_admin() ) { |
||
39 | /* translators: User dashboard screen title. 1: Network name */ |
||
40 | $admin_title = sprintf( __( 'User Dashboard: %s' ), esc_html( get_network()->site_name ) ); |
||
41 | } else { |
||
42 | $admin_title = get_bloginfo( 'name' ); |
||
43 | } |
||
44 | |||
45 | if ( $admin_title == $title ) { |
||
46 | /* translators: Admin screen title. 1: Admin screen name */ |
||
47 | $admin_title = sprintf( __( '%1$s — WordPress' ), $title ); |
||
48 | } else { |
||
49 | /* translators: Admin screen title. 1: Admin screen name, 2: Network or site name */ |
||
50 | $admin_title = sprintf( __( '%1$s ‹ %2$s — WordPress' ), $title, $admin_title ); |
||
51 | } |
||
52 | |||
53 | /** |
||
54 | * Filters the title tag content for an admin page. |
||
55 | * |
||
56 | * @since 3.1.0 |
||
57 | * |
||
58 | * @param string $admin_title The page title, with extra context added. |
||
59 | * @param string $title The original page title. |
||
60 | */ |
||
61 | $admin_title = apply_filters( 'admin_title', $admin_title, $title ); |
||
62 | |||
63 | wp_user_settings(); |
||
64 | |||
65 | _wp_admin_html_begin(); |
||
66 | ?> |
||
67 | <title><?php echo $admin_title; ?></title> |
||
68 | <?php |
||
69 | |||
70 | wp_enqueue_style( 'colors' ); |
||
71 | wp_enqueue_style( 'ie' ); |
||
72 | wp_enqueue_script('utils'); |
||
73 | wp_enqueue_script( 'svg-painter' ); |
||
74 | |||
75 | $admin_body_class = preg_replace('/[^a-z0-9_-]+/i', '-', $hook_suffix); |
||
76 | ?> |
||
77 | <script type="text/javascript"> |
||
78 | addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}}; |
||
79 | var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative' ); ?>', |
||
80 | pagenow = '<?php echo $current_screen->id; ?>', |
||
81 | typenow = '<?php echo $current_screen->post_type; ?>', |
||
82 | adminpage = '<?php echo $admin_body_class; ?>', |
||
83 | thousandsSeparator = '<?php echo addslashes( $wp_locale->number_format['thousands_sep'] ); ?>', |
||
84 | decimalPoint = '<?php echo addslashes( $wp_locale->number_format['decimal_point'] ); ?>', |
||
85 | isRtl = <?php echo (int) is_rtl(); ?>; |
||
86 | </script> |
||
87 | <meta name="viewport" content="width=device-width,initial-scale=1.0"> |
||
88 | <?php |
||
89 | |||
90 | /** |
||
91 | * Enqueue scripts for all admin pages. |
||
92 | * |
||
93 | * @since 2.8.0 |
||
94 | * |
||
95 | * @param string $hook_suffix The current admin page. |
||
96 | */ |
||
97 | do_action( 'admin_enqueue_scripts', $hook_suffix ); |
||
98 | |||
99 | /** |
||
100 | * Fires when styles are printed for a specific admin page based on $hook_suffix. |
||
101 | * |
||
102 | * @since 2.6.0 |
||
103 | */ |
||
104 | do_action( "admin_print_styles-{$hook_suffix}" ); |
||
105 | |||
106 | /** |
||
107 | * Fires when styles are printed for all admin pages. |
||
108 | * |
||
109 | * @since 2.6.0 |
||
110 | */ |
||
111 | do_action( 'admin_print_styles' ); |
||
112 | |||
113 | /** |
||
114 | * Fires when scripts are printed for a specific admin page based on $hook_suffix. |
||
115 | * |
||
116 | * @since 2.1.0 |
||
117 | */ |
||
118 | do_action( "admin_print_scripts-{$hook_suffix}" ); |
||
119 | |||
120 | /** |
||
121 | * Fires when scripts are printed for all admin pages. |
||
122 | * |
||
123 | * @since 2.1.0 |
||
124 | */ |
||
125 | do_action( 'admin_print_scripts' ); |
||
126 | |||
127 | /** |
||
128 | * Fires in head section for a specific admin page. |
||
129 | * |
||
130 | * The dynamic portion of the hook, `$hook_suffix`, refers to the hook suffix |
||
131 | * for the admin page. |
||
132 | * |
||
133 | * @since 2.1.0 |
||
134 | */ |
||
135 | do_action( "admin_head-{$hook_suffix}" ); |
||
136 | |||
137 | /** |
||
138 | * Fires in head section for all admin pages. |
||
139 | * |
||
140 | * @since 2.1.0 |
||
141 | */ |
||
142 | do_action( 'admin_head' ); |
||
143 | |||
144 | if ( get_user_setting('mfold') == 'f' ) |
||
145 | $admin_body_class .= ' folded'; |
||
146 | |||
147 | if ( !get_user_setting('unfold') ) |
||
148 | $admin_body_class .= ' auto-fold'; |
||
149 | |||
150 | if ( is_admin_bar_showing() ) |
||
151 | $admin_body_class .= ' admin-bar'; |
||
152 | |||
153 | if ( is_rtl() ) |
||
154 | $admin_body_class .= ' rtl'; |
||
155 | |||
156 | if ( $current_screen->post_type ) |
||
157 | $admin_body_class .= ' post-type-' . $current_screen->post_type; |
||
158 | |||
159 | if ( $current_screen->taxonomy ) |
||
160 | $admin_body_class .= ' taxonomy-' . $current_screen->taxonomy; |
||
161 | |||
162 | $admin_body_class .= ' branch-' . str_replace( array( '.', ',' ), '-', floatval( get_bloginfo( 'version' ) ) ); |
||
163 | $admin_body_class .= ' version-' . str_replace( '.', '-', preg_replace( '/^([.0-9]+).*/', '$1', get_bloginfo( 'version' ) ) ); |
||
164 | $admin_body_class .= ' admin-color-' . sanitize_html_class( get_user_option( 'admin_color' ), 'fresh' ); |
||
165 | $admin_body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_user_locale() ) ) ); |
||
166 | |||
167 | if ( wp_is_mobile() ) |
||
168 | $admin_body_class .= ' mobile'; |
||
169 | |||
170 | if ( is_multisite() ) |
||
171 | $admin_body_class .= ' multisite'; |
||
172 | |||
173 | if ( is_network_admin() ) |
||
174 | $admin_body_class .= ' network-admin'; |
||
175 | |||
176 | $admin_body_class .= ' no-customize-support no-svg'; |
||
177 | |||
178 | ?> |
||
179 | </head> |
||
180 | <?php |
||
181 | /** |
||
182 | * Filters the CSS classes for the body tag in the admin. |
||
183 | * |
||
184 | * This filter differs from the {@see 'post_class'} and {@see 'body_class'} filters |
||
185 | * in two important ways: |
||
186 | * |
||
187 | * 1. `$classes` is a space-separated string of class names instead of an array. |
||
188 | * 2. Not all core admin classes are filterable, notably: wp-admin, wp-core-ui, |
||
189 | * and no-js cannot be removed. |
||
190 | * |
||
191 | * @since 2.3.0 |
||
192 | * |
||
193 | * @param string $classes Space-separated list of CSS classes. |
||
194 | */ |
||
195 | $admin_body_classes = apply_filters( 'admin_body_class', '' ); |
||
196 | ?> |
||
197 | <body class="wp-admin wp-core-ui no-js <?php echo $admin_body_classes . ' ' . $admin_body_class; ?>"> |
||
198 | <script type="text/javascript"> |
||
199 | document.body.className = document.body.className.replace('no-js','js'); |
||
200 | </script> |
||
201 | |||
202 | <?php |
||
203 | // Make sure the customize body classes are correct as early as possible. |
||
204 | if ( current_user_can( 'customize' ) ) { |
||
205 | wp_customize_support_script(); |
||
206 | } |
||
207 | ?> |
||
208 | |||
209 | <div id="wpwrap"> |
||
210 | <?php require(ABSPATH . 'wp-admin/menu-header.php'); ?> |
||
211 | <div id="wpcontent"> |
||
212 | |||
213 | <?php |
||
214 | /** |
||
215 | * Fires at the beginning of the content section in an admin page. |
||
216 | * |
||
217 | * @since 3.0.0 |
||
218 | */ |
||
219 | do_action( 'in_admin_header' ); |
||
220 | ?> |
||
221 | |||
222 | <div id="wpbody" role="main"> |
||
223 | <?php |
||
224 | unset($title_class, $blog_name, $total_update_count, $update_title); |
||
225 | |||
226 | $current_screen->set_parentage( $parent_file ); |
||
227 | |||
228 | ?> |
||
229 | |||
230 | <div id="wpbody-content" aria-label="<?php esc_attr_e('Main content'); ?>" tabindex="0"> |
||
231 | <?php |
||
232 | |||
233 | $current_screen->render_screen_meta(); |
||
234 | |||
235 | if ( is_network_admin() ) { |
||
236 | /** |
||
237 | * Prints network admin screen notices. |
||
238 | * |
||
239 | * @since 3.1.0 |
||
240 | */ |
||
241 | do_action( 'network_admin_notices' ); |
||
242 | } elseif ( is_user_admin() ) { |
||
243 | /** |
||
244 | * Prints user admin screen notices. |
||
245 | * |
||
246 | * @since 3.1.0 |
||
247 | */ |
||
248 | do_action( 'user_admin_notices' ); |
||
249 | } else { |
||
250 | /** |
||
251 | * Prints admin screen notices. |
||
252 | * |
||
253 | * @since 3.1.0 |
||
254 | */ |
||
255 | do_action( 'admin_notices' ); |
||
256 | } |
||
257 | |||
258 | /** |
||
259 | * Prints generic admin screen notices. |
||
260 | * |
||
261 | * @since 3.1.0 |
||
262 | */ |
||
263 | do_action( 'all_admin_notices' ); |
||
264 | |||
265 | if ( $parent_file == 'options-general.php' ) |
||
266 | require(ABSPATH . 'wp-admin/options-head.php'); |
||
267 |
If you suppress an error, we recommend checking for the error condition explicitly: