| Server IP : 192.158.238.246 / Your IP : 52.14.186.84 Web Server : LiteSpeed System : Linux uniform.iwebfusion.net 4.18.0-553.27.1.lve.1.el8.x86_64 #1 SMP Wed Nov 20 15:58:00 UTC 2024 x86_64 User : jenniferflocom ( 1321) PHP Version : 8.1.32 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /proc/4082427/root/home/jenniferflocom/public_html/wp-content/plugins/give/src/Helpers/ |
Upload File : |
<?php
namespace Give\Helpers;
/**
* Class Utils
*
* @package Give\Helpers
*/
class Utils
{
/**
* Extract query param from URL
*
* @since 2.7.0
*
* @param string $url
* @param string $queryParamName
* @param mixed $default
*
* @return string
*/
public static function getQueryParamFromURL($url, $queryParamName, $default = '')
{
$queryArgs = wp_parse_args(parse_url($url, PHP_URL_QUERY));
return isset($queryArgs[$queryParamName]) ? give_clean($queryArgs[$queryParamName]) : $default;
}
/**
* This function will change request url with other url.
*
* @since 2.7.0
*
* @param string $location Requested URL.
* @param string $url URL.
* @param array $removeArgs Remove extra query params.
* @param array $addArgs add extra query params.
*
* @return string
*/
public static function switchRequestedURL($location, $url, $addArgs = [], $removeArgs = [])
{
$queryString = [];
if ($index = strpos($location, '?')) {
$queryString = wp_parse_args(substr($location, strpos($location, '?') + 1));
}
if ($index = strpos($url, '?')) {
$queryString = array_merge($queryString, wp_parse_args(substr($url, strpos($url, '?') + 1)));
}
$url = add_query_arg(
$queryString,
$url
);
if ($removeArgs) {
foreach ($removeArgs as $name) {
$url = add_query_arg([$name => false], $url);
}
}
if ($addArgs) {
foreach ($addArgs as $name => $value) {
$url = add_query_arg([$name => $value], $url);
}
}
return esc_url_raw($url);
}
/**
* Remove giveDonationAction from URL.
*
* @since 2.7.0
*
* @param $url
*
* @return string
*/
public static function removeDonationAction($url)
{
return esc_url_raw( add_query_arg(['giveDonationAction' => false], $url) );
}
/**
* Determines whether a plugin is active.
*
* Only plugins installed in the plugins/ folder can be active.
*
* Plugins in the mu-plugins/ folder can't be "activated," so this function will
* return false for those plugins.
*
* For more information on this and similar theme functions, check out
* the {@link https://developer.wordpress.org/themes/basics/conditional-tags/
* Conditional Tags} article in the Theme Developer Handbook.
*
* @since 2.7.0
*
* @param string $plugin Path to the plugin file relative to the plugins directory.
*
* @return bool True, if in the active plugins list. False, not in the list.
*/
public static function isPluginActive($plugin)
{
if ( ! function_exists('is_plugin_active')) {
include_once ABSPATH . 'wp-admin/includes/plugin.php';
}
return is_plugin_active($plugin);
}
/**
* @since 3.17.2
*/
public static function removeBackslashes($data)
{
/**
* The stripslashes_deep() method removes only the first backslash occurrence from
* a given string, so we are using the ltrim() method to make sure we are removing
* all other occurrences. We need to remove these backslashes from the beginner of
* the input because attackers can use them to bypass the is_serialized() check.
*/
$data = stripslashes_deep($data);
$data = is_string($data) ? ltrim($data, '\\') : $data;
return $data;
}
/**
* The regular expression attempts to capture the basic structure of a serialized array
* or object. This is more robust than the is_serialized() function but still not perfect.
*
* @since 3.17.2
*/
public static function containsSerializedDataRegex($data): bool
{
if ( ! is_string($data)) {
return false;
}
$pattern = '/(a:\d+:\{.*\})|(O:\d+:"[^"]+":\{.*\})/';
return preg_match($pattern, $data) === 1;
}
/**
* @since 3.17.2
*/
public static function isSerialized($data): bool
{
$data = self::removeBackslashes($data);
if (is_serialized($data) || self::containsSerializedDataRegex($data)) {
return true;
}
return false;
}
/**
* @since 3.17.2
*/
public static function safeUnserialize($data)
{
$data = self::removeBackslashes($data);
/**
* We are setting the allowed_classes to false as a default to
* prevent the injection of objects that can run unwished code.
*
* From PHP docs:
* allowed_classes - Either an array of class names which should be accepted, false to accept no classes, or
* true to accept all classes. If this option is defined and unserialize() encounters an object of a class
* that isn't to be accepted, then the object will be instantiated as __PHP_Incomplete_Class instead. Omitting
* this option is the same as defining it as true: PHP will attempt to instantiate objects of any class.
*/
$unserializedData = @unserialize(trim($data), ['allowed_classes' => false]);
/*
* In case the passed string is not unserializeable, false is returned.
*
* @see https://www.php.net/manual/en/function.unserialize.php
*/
return ! $unserializedData && ! self::containsSerializedDataRegex($data) ? $data : $unserializedData;
}
/**
* Avoid insecure usage of `unserialize` when the data could be submitted by the user.
*
* @since 3.16.1
*
* @param string $data Data that might be unserialized.
*
* @return mixed Unserialized data can be any type.
*/
public static function maybeSafeUnserialize($data)
{
return self::isSerialized($data)
? self::safeUnserialize($data)
: $data;
}
}