This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * Contains the main class. |
||
4 | * |
||
5 | * Responsible for the core plugin functionality. |
||
6 | * |
||
7 | * @package wp-hydra |
||
8 | */ |
||
9 | |||
10 | /** |
||
11 | * Main WP_Hydra class. |
||
12 | * |
||
13 | * Replaces the original domain with the current domain, where necessary. |
||
14 | * All of the magic is hooked upon WP_Hydra object initialization. |
||
15 | */ |
||
16 | class WP_Hydra { |
||
17 | |||
18 | /** |
||
19 | * Constructor. |
||
20 | * |
||
21 | * Hooks all of the domain replacement functionality. |
||
22 | * |
||
23 | * @access public |
||
24 | */ |
||
25 | public function __construct() { |
||
26 | // Modify domain where necessary. |
||
27 | add_filter( 'option_blogname', array( $this, 'setup_domain' ), 1 ); |
||
28 | add_filter( 'option_siteurl', array( $this, 'setup_domain' ), 1 ); |
||
29 | add_filter( 'option_home', array( $this, 'setup_domain' ), 1 ); |
||
30 | add_filter( 'stylesheet_uri', array( $this, 'setup_domain' ), 1 ); |
||
31 | add_filter( 'stylesheet_directory_uri', array( $this, 'setup_domain' ), 1 ); |
||
32 | add_filter( 'template_directory_uri', array( $this, 'setup_domain' ), 1 ); |
||
33 | add_filter( 'plugins_url', array( $this, 'setup_domain' ), 1 ); |
||
34 | |||
35 | // Replace various occurences. |
||
36 | add_filter( 'the_content', array( $this, 'setup_content' ) ); // In oost content. |
||
37 | add_filter( 'widget_text', array( $this, 'setup_content' ) ); // In Widget text. |
||
38 | add_filter( 'upload_dir', array( $this, 'setup_upload_dir' ) ); // In wp_upload_dir(). |
||
39 | |||
40 | // Allow developers to support multiple domains in fields that contain only a site URL. |
||
41 | add_filter( 'wp_hydra_domain', array( $this, 'setup_domain' ) ); |
||
42 | |||
43 | // Allow developers to support URLs with multiple domains in their content. |
||
44 | add_filter( 'wp_hydra_content', array( $this, 'setup_content' ) ); |
||
45 | } |
||
46 | |||
47 | /** |
||
48 | * Replaces original domain with current domain in simple fields. |
||
49 | * |
||
50 | * @access public |
||
51 | * |
||
52 | * @param string $url The current URL. |
||
53 | * @return string $url The URL with the (maybe) replaced domain. |
||
54 | */ |
||
55 | public function setup_domain( $url ) { |
||
56 | // Parse current URL. |
||
57 | $original_domain_parts = parse_url( $url ); |
||
58 | |||
59 | // If unable to retrieve the host, skip. |
||
60 | if ( empty( $original_domain_parts['host'] ) || ! isset( $_SERVER['HTTP_HOST'] ) ) { |
||
61 | return $url; |
||
62 | } |
||
63 | |||
64 | // Get original and current domain. |
||
65 | $original_domain = $original_domain_parts['host']; |
||
66 | $current_domain = $_SERVER['HTTP_HOST']; |
||
0 ignored issues
–
show
introduced
by
![]() |
|||
67 | |||
68 | // If original and current domain match, skip. |
||
69 | if ( $original_domain == $current_domain ) { |
||
70 | return $url; |
||
71 | } |
||
72 | |||
73 | return $this->replace_domain( $url, $original_domain, $current_domain ); |
||
74 | } |
||
75 | |||
76 | /** |
||
77 | * Replace the old domain with a new domain in a specific URL. |
||
78 | * |
||
79 | * @access protected |
||
80 | * |
||
81 | * @param string $url The current URL. |
||
82 | * @param string $old_domain The old domain. |
||
83 | * @param string $new_domain The new domain. |
||
84 | * @return string $url The new URL. |
||
85 | */ |
||
86 | protected function replace_domain( $url, $old_domain, $new_domain ) { |
||
87 | // Prepare original domain and current domain with the current protocol. |
||
88 | $protocols = array( 'http://', 'https://' ); |
||
89 | $current_protocol = ( $this->is_ssl() ? 'https' : 'http' ) . '://'; |
||
90 | |||
91 | foreach ( $protocols as $protocol ) { |
||
92 | $original_base = $protocol . $old_domain; |
||
93 | $new_base = $current_protocol . $new_domain; |
||
94 | |||
95 | // Replace original domain with current domain. |
||
96 | $url = str_replace( $original_base, $new_base, $url ); |
||
97 | } |
||
98 | |||
99 | return $url; |
||
100 | } |
||
101 | |||
102 | /** |
||
103 | * Replaces original domain with current domain in content. |
||
104 | * |
||
105 | * @access public |
||
106 | * |
||
107 | * @param string $content The current content with the original domain. |
||
108 | * @return string $content The content with the new domain. |
||
109 | */ |
||
110 | public function setup_content( $content ) { |
||
111 | // Get original home URL. |
||
112 | remove_filter( 'option_home', array( $this, 'setup_domain' ), 1 ); |
||
113 | $original_home = home_url( '/' ); |
||
114 | add_filter( 'option_home', array( $this, 'setup_domain' ), 1 ); |
||
115 | |||
116 | // Get current home URL. |
||
117 | $current_home = home_url( '/' ); |
||
118 | |||
119 | // Replace occurences of original URL with current home URL. |
||
120 | $content = str_replace( $original_home, $current_home, $content ); |
||
121 | |||
122 | return $content; |
||
123 | } |
||
124 | |||
125 | /** |
||
126 | * Replaces original domain with current domain in wp_upload_dir(). |
||
127 | * |
||
128 | * @access public |
||
129 | * |
||
130 | * @param array $upload_dir The current upload dir settings with the original domain. |
||
131 | * @return array $upload_dir The upload dir settings with the new domain. |
||
132 | */ |
||
133 | public function setup_upload_dir( $upload_dir ) { |
||
134 | // Keys of array element that we'll be updating. |
||
135 | $keys_to_update = array( |
||
136 | 'url', |
||
137 | 'baseurl', |
||
138 | ); |
||
139 | |||
140 | // Fix all targeted array elements. |
||
141 | foreach ( $keys_to_update as $key ) { |
||
142 | $upload_dir[ $key ] = apply_filters( 'wp_hydra_domain', $upload_dir[ $key ] ); |
||
143 | } |
||
144 | |||
145 | return $upload_dir; |
||
146 | } |
||
147 | |||
148 | /** |
||
149 | * Determine if SSL is used. |
||
150 | * |
||
151 | * @access public |
||
152 | * |
||
153 | * @return bool True if SSL, false if not used. |
||
154 | */ |
||
155 | public function is_ssl() { |
||
156 | return is_ssl(); |
||
157 | } |
||
158 | |||
159 | } |
||
160 |