Project-Pro/wingedit.pl
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Jacek Pyziak
2026-03-11 15:57:27 +01:00
parent 481271c972
commit b4b460fd21
10775 changed files with 2071579 additions and 26409 deletions
Download Patch File Download Diff File Expand all files Collapse all files

363
wp-content/plugins/wp-all-import/helpers/get_file_curl.php
View File

@@ -1,183 +1,256 @@
<?php
if ( ! function_exists('get_file_curl') ):
if ( ! function_exists( 'get_file_curl' ) ):
function get_file_curl($url, $fullpath, $to_variable = false, $iteration = false) {
if ( ! preg_match('%^(http|ftp)s?://%i', $url) ) return false;
function get_file_curl( $url, $fullpath, $to_variable = false, $iteration = false ) {
if ( ! preg_match( '%^(http|ftp)s?://%i', $url ) || pmxi_is_private_ip( $url ) ) {
return false;
}
$response = wp_remote_get($url);
$response = wp_remote_get( $url, array(
'timeout' => apply_filters( 'pmxi_file_download_timeout', 15 ),
'headers' => array(
'User-Agent' => 'WP All Import (version:'.PMXI_VERSION.')',
),
) );
if ( ! is_wp_error($response) and ( ! isset($response['response']['code']) or isset($response['response']['code']) and ! in_array($response['response']['code'], array(401, 403, 404))) )
{
if ( ! is_wp_error( $response ) and ( ! isset( $response['response']['code'] ) or isset( $response['response']['code'] ) and ! in_array( $response['response']['code'], array(
401,
403,
404
) ) ) ) {
$rawdata = wp_remote_retrieve_body( $response );
if (empty($rawdata))
{
$result = pmxi_curl_download($url, $fullpath, $to_variable);
if ( ! $result and $iteration === false)
{
$new_url = wp_all_import_translate_uri($url);
return ($new_url !== $url) ? get_file_curl($new_url, $fullpath, $to_variable, true) : $result;
if ( empty( $rawdata ) ) {
$result = pmxi_curl_download( $url, $fullpath, $to_variable );
if ( ! $result and $iteration === false ) {
$new_url = wp_all_import_translate_uri( $url );
return ( $new_url !== $url ) ? get_file_curl( $new_url, $fullpath, $to_variable, true ) : $result;
}
return $result;
}else{
if(preg_match( '%\W(svg)$%i', basename( $fullpath ))){
$rawdata = wp_all_import_sanitize_svg($rawdata, false);
}
}
// Ensure we don't have a .php extension as it's often blocked on hosts in the uploads folder.
$fullpath = str_replace( '.php', '.tmp', $fullpath );
if ( ! @file_put_contents( $fullpath, $rawdata ) ) {
$fp = fopen( $fullpath, 'w' );
// Ensure the file is actually open before trying to write.
if ( false !== $fp ) {
fwrite( $fp, $rawdata );
fclose( $fp );
}
}
if ( preg_match( '%\W(svg)$%i', basename( $fullpath ) ) or preg_match( '%\W(' . wp_all_import_supported_image_extensions() . ')$%i', basename( $fullpath ) ) and ( ! ( $image_info = apply_filters( 'pmxi_getimagesize', @getimagesize( $fullpath ), $fullpath ) ) or ! in_array( $image_info[2], wp_all_import_supported_image_types() ) ) ) {
$result = pmxi_curl_download( $url, $fullpath, $to_variable );
if ( ! $result and $iteration === false ) {
$new_url = wp_all_import_translate_uri( $url );
return ( $new_url !== $url ) ? get_file_curl( $new_url, $fullpath, $to_variable, true ) : $result;
}
return $result;
}
if ( ! @file_put_contents($fullpath, $rawdata) )
{
$fp = fopen($fullpath,'w');
fwrite($fp, $rawdata);
fclose($fp);
}
return ( $to_variable ) ? $rawdata : true;
} else {
$use_only_wp_http_api = apply_filters( 'wp_all_import_use_only_wp_http_api', false );
if ( preg_match('%\W(svg)$%i', basename($fullpath)) or preg_match('%\W(jpg|jpeg|gif|png|webp)$%i', basename($fullpath)) and ( ! ($image_info = apply_filters('pmxi_getimagesize', @getimagesize($fullpath), $fullpath)) or ! in_array($image_info[2], wp_all_import_supported_image_types()) ) )
{
$result = pmxi_curl_download($url, $fullpath, $to_variable);
if ( ! $result and $iteration === false)
{
$new_url = wp_all_import_translate_uri($url);
return ($new_url !== $url) ? get_file_curl($new_url, $fullpath, $to_variable, true) : $result;
if ( false == $use_only_wp_http_api ) {
$curl = pmxi_curl_download( $url, $fullpath, $to_variable );
if ( $curl === false and $iteration === false ) {
$new_url = wp_all_import_translate_uri( $url );
return ( $new_url !== $url ) ? get_file_curl( $new_url, $fullpath, $to_variable, true ) : ( is_wp_error( $response ) ? $response : false );
}
return $result;
return ( $curl === false ) ? ( is_wp_error( $response ) ? $response : false ) : $curl;
}
return ($to_variable) ? $rawdata : true;
}
else
{
$use_only_wp_http_api = apply_filters('wp_all_import_use_only_wp_http_api', false);
if ( false == $use_only_wp_http_api ){
$curl = pmxi_curl_download($url, $fullpath, $to_variable);
if ($curl === false and $iteration === false)
{
$new_url = wp_all_import_translate_uri($url);
return ($new_url !== $url) ? get_file_curl($new_url, $fullpath, $to_variable, true) : ( is_wp_error($response) ? $response : false );
}
return ($curl === false) ? ( is_wp_error($response) ? $response : false ) : $curl;
}
return $response;
return $response;
}
}
endif;
if ( ! function_exists('pmxi_curl_download') ) {
if ( ! function_exists( 'pmxi_is_private_ip' ) ) {
function pmxi_is_private_ip( $url ) {
function pmxi_curl_download($url, $fullpath, $to_variable){
$url_components = parse_url( $url );
$host = $url_components['host'] ?? '';
$is_private_ip = false;
if ( ! function_exists('curl_version') ) return false;
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$rawdata = curl_exec_follow($ch);
$result = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close ($ch);
if ( empty($rawdata) ) return false;
if (!@file_put_contents($fullpath, $rawdata)){
$fp = fopen($fullpath,'w');
fwrite($fp, $rawdata);
fclose($fp);
if ( empty( $host ) ) {
return false;
}
if ( preg_match('%\W(jpg|jpeg|gif|png|webp)$%i', basename($fullpath)) and ( ! ($image_info = apply_filters('pmxi_getimagesize', @getimagesize($fullpath), $fullpath)) or ! in_array($image_info[2], wp_all_import_supported_image_types()))) {
return false;
}
$resolved_ip = gethostbyname( $host );
$local_ip = gethostbyname( php_uname( 'n' ) );
return ($result == 200) ? (($to_variable) ? $rawdata : true) : false;
$private_ranges = [
'10.0.0.0|10.255.255.255',
'172.16.0.0|172.31.255.255',
'192.168.0.0|192.168.255.255',
'169.254.0.0|169.254.255.255', // link-local
'127.0.0.0|127.255.255.255', // loopback
];
$long_ip = ip2long( $resolved_ip );
foreach ( $private_ranges as $range ) {
list( $start, $end ) = explode( '|', $range );
if ( $long_ip >= ip2long( $start ) && $long_ip <= ip2long( $end ) ) {
$is_private_ip = true;
}
}
if ( $resolved_ip !== $local_ip && filter_var( $resolved_ip, FILTER_VALIDATE_IP ) && $is_private_ip ) {
return ! apply_filters( 'http_request_host_is_external', false, $host, $url );
}
return false;
}
}
if ( ! function_exists('curl_exec_follow') ):
if ( ! function_exists( 'pmxi_curl_download' ) ) {
function curl_exec_follow($ch, &$maxredirect = null) {
$mr = $maxredirect === null ? 5 : intval($maxredirect);
function pmxi_curl_download( $url, $fullpath, $to_variable ) {
if ( ! function_exists( 'curl_version' ) ) {
return false;
}
if (ini_get('open_basedir') == '' && ini_get('safe_mode' == 'Off')) {
if ( pmxi_is_private_ip( $url ) ) {
return false;
}
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, $mr > 0);
curl_setopt($ch, CURLOPT_MAXREDIRS, $mr);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$ch = curl_init( $url );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt( $ch, CURLOPT_HEADER, true );
curl_setopt( $ch, CURLOPT_NOBODY, true );
curl_setopt( $ch, CURLOPT_TIMEOUT, apply_filters( 'pmxi_file_download_timeout', 15 ));
} else {
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
$header = curl_exec( $ch );
$finalUrl = curl_getinfo( $ch, CURLINFO_EFFECTIVE_URL );
curl_close( $ch );
if ($mr > 0)
{
$original_url = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
$newurl = $original_url;
$url_data = parse_url($newurl);
if ( pmxi_is_private_ip( $finalUrl ) ) {
return false;
}
if (!empty($url_data['user']) and !empty($url_data['pass'])){
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY );
curl_setopt($ch, CURLOPT_USERPWD, $url_data['user']. ":" . $url_data['pass']);
$newurl = $url_data['scheme'] . '://' . $url_data['host'];
if (!empty($url_data['port'])){
$newurl .= ':' . $url_data['port'];
}
$newurl .= $url_data['path'];
if (!empty($url_data['query']))
{
$newurl .= '?' . $url_data['query'];
}
}
$ch = curl_init( $finalUrl );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
$rawdata = curl_exec( $ch );
$result = curl_getinfo( $ch, CURLINFO_HTTP_CODE );
curl_close( $ch );
$rch = curl_copy_handle($ch);
curl_setopt($rch, CURLOPT_HEADER, true);
curl_setopt($rch, CURLOPT_NOBODY, true);
curl_setopt($rch, CURLOPT_FORBID_REUSE, false);
if ( empty( $rawdata ) ) {
return false;
}
do
{
curl_setopt($rch, CURLOPT_URL, $newurl);
$header = curl_exec($rch);
if (curl_errno($rch)) {
$code = 0;
} else {
$code = curl_getinfo($rch, CURLINFO_HTTP_CODE);
if ($code == 301 || $code == 302) {
preg_match('/Location:(.*?)\n/', $header, $matches);
$newurl = trim(array_pop($matches));
// if no scheme is present then the new url is a
// relative path and thus needs some extra care
if(!preg_match("/^https?:/i", $newurl)){
$newurl = $original_url . $newurl;
}
} else {
$code = 0;
}
}
} while ($code && --$mr);
curl_close($rch);
if (!$mr)
{
if ($maxredirect !== null)
$maxredirect = 0;
return false;
}
curl_setopt($ch, CURLOPT_URL, $newurl);
}
}
return curl_exec($ch);
if(preg_match( '%\W(svg)$%i', basename( $fullpath ))){
$rawdata = wp_all_import_sanitize_svg($rawdata, false);
}
$fp = fopen( $fullpath, 'w' );
if ( false !== $fp ) {
fwrite( $fp, $rawdata );
fclose( $fp );
}
if ( preg_match( '%\\.(' . wp_all_import_supported_image_extensions() . ')$%i', basename( $fullpath ) ) && ( ! ( $image_info = apply_filters( 'pmxi_getimagesize', @getimagesize( $fullpath ), $fullpath ) ) || ! in_array( $image_info[2], wp_all_import_supported_image_types() ) ) ) {
return false;
}
return ( $result == 200 ) ? ( ( $to_variable ) ? $rawdata : true ) : false;
}
}
if ( ! function_exists( 'curl_exec_follow' ) ):
function curl_exec_follow( $ch, &$maxredirect = null ) {
$mr = $maxredirect === null ? 5 : intval( $maxredirect );
if ( ini_get( 'open_basedir' ) == '' && ini_get( 'safe_mode' == 'Off' ) ) {
curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, $mr > 0 );
curl_setopt( $ch, CURLOPT_MAXREDIRS, $mr );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false );
} else {
curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, false );
if ( $mr > 0 ) {
$original_url = curl_getinfo( $ch, CURLINFO_EFFECTIVE_URL );
$newurl = $original_url;
$url_data = parse_url( $newurl );
if ( ! empty( $url_data['user'] ) and ! empty( $url_data['pass'] ) ) {
curl_setopt( $ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY );
curl_setopt( $ch, CURLOPT_USERPWD, $url_data['user'] . ":" . $url_data['pass'] );
$newurl = $url_data['scheme'] . '://' . $url_data['host'];
if ( ! empty( $url_data['port'] ) ) {
$newurl .= ':' . $url_data['port'];
}
$newurl .= $url_data['path'];
if ( ! empty( $url_data['query'] ) ) {
$newurl .= '?' . $url_data['query'];
}
}
$rch = curl_copy_handle( $ch );
curl_setopt( $rch, CURLOPT_HEADER, true );
curl_setopt( $rch, CURLOPT_NOBODY, true );
curl_setopt( $rch, CURLOPT_FORBID_REUSE, false );
do {
curl_setopt( $rch, CURLOPT_URL, $newurl );
$header = curl_exec( $rch );
if ( curl_errno( $rch ) ) {
$code = 0;
} else {
$code = curl_getinfo( $rch, CURLINFO_HTTP_CODE );
if ( $code == 301 || $code == 302 ) {
preg_match( '/Location:(.*?)\n/', $header, $matches );
$newurl = trim( array_pop( $matches ) );
// if no scheme is present then the new url is a
// relative path and thus needs some extra care
if ( ! preg_match( "/^https?:/i", $newurl ) ) {
$newurl = $original_url . $newurl;
}
} else {
$code = 0;
}
}
} while ( $code && -- $mr );
curl_close( $rch );
if ( ! $mr ) {
if ( $maxredirect !== null ) {
$maxredirect = 0;
}
return false;
}
curl_setopt( $ch, CURLOPT_URL, $newurl );
}
}
return curl_exec( $ch );
}
endif;