1<?php
  2/**
  3 * Canonical API to handle WordPress Redirecting
  4 *
  5 * Based on "Permalink Redirect" from Scott Yang and "Enforce www. Preference"
  6 * by Mark Jaquith
  7 *
  8 * @package WordPress
  9 * @since 2.3.0
 10 */
 11
 12/**
 13 * Redirects incoming links to the proper URL based on the site url.
 14 *
 15 * Search engines consider www.somedomain.com and somedomain.com to be two
 16 * different URLs when they both go to the same location. This SEO enhancement
 17 * prevents penalty for duplicate content by redirecting all incoming links to
 18 * one or the other.
 19 *
 20 * Prevents redirection for feeds, trackbacks, searches, and
 21 * admin URLs. Does not redirect on non-pretty-permalink-supporting IIS 7+,
 22 * page/post previews, WP admin, Trackbacks, robots.txt, favicon.ico, searches,
 23 * or on POST requests.
 24 *
 25 * Will also attempt to find the correct link when a user enters a URL that does
 26 * not exist based on exact WordPress query. Will instead try to parse the URL
 27 * or query in an attempt to figure the correct page to go to.
 28 *
 29 * @since 2.3.0
 30 *
 31 * @global WP_Rewrite $wp_rewrite WordPress rewrite component.
 32 * @global bool       $is_IIS
 33 * @global WP_Query   $wp_query   WordPress Query object.
 34 * @global wpdb       $wpdb       WordPress database abstraction object.
 35 * @global WP         $wp         Current WordPress environment instance.
 36 *
 37 * @param string $requested_url Optional. The URL that was requested, used to
 38 *                              figure if redirect is needed.
 39 * @param bool   $do_redirect   Optional. Redirect to the new URL.
 40 * @return string|void The string of the URL, if redirect needed.
 41 */
 42function redirect_canonical( $requested_url = null, $do_redirect = true ) {
 43	global $wp_rewrite, $is_IIS, $wp_query, $wpdb, $wp;
 44
 45	if ( isset( $_SERVER['REQUEST_METHOD'] ) && ! in_array( strtoupper( $_SERVER['REQUEST_METHOD'] ), array( 'GET', 'HEAD' ), true ) ) {
 46		return;
 47	}
 48
 49	/*
 50	 * If we're not in wp-admin and the post has been published and preview nonce
 51	 * is non-existent or invalid then no need for preview in query.
 52	 */
 53	if ( is_preview() && get_query_var( 'p' ) && 'publish' === get_post_status( get_query_var( 'p' ) ) ) {
 54		if ( ! isset( $_GET['preview_id'] )
 55			|| ! isset( $_GET['preview_nonce'] )
 56			|| ! wp_verify_nonce( $_GET['preview_nonce'], 'post_preview_' . (int) $_GET['preview_id'] )
 57		) {
 58			$wp_query->is_preview = false;
 59		}
 60	}
 61
 62	if ( is_admin() || is_search() || is_preview() || is_trackback() || is_favicon()
 63		|| ( $is_IIS && ! iis7_supports_permalinks() )
 64	) {
 65		return;
 66	}
 67
 68	if ( ! $requested_url && isset( $_SERVER['HTTP_HOST'] ) ) {
 69		// Build the URL in the address bar.
 70		$requested_url  = is_ssl() ? 'https://' : 'http://';
 71		$requested_url .= $_SERVER['HTTP_HOST'];
 72		$requested_url .= $_SERVER['REQUEST_URI'];
 73	}
 74
 75	$original = parse_url( $requested_url );
 76	if ( false === $original ) {
 77		return;
 78	}
 79
 80	// Notice fixing.
 81	$original += array(
 82		'host'   => '',
 83		'path'   => '',
 84		'query'  => '',
 85		'scheme' => '',
 86	);
 87
 88	$redirect     = $original;
 89	$redirect_url = false;
 90	$redirect_obj = false;
 91
 92	/*
 93	 * If the original URL ended with non-breaking spaces, they were almost
 94	 * certainly inserted by accident. Let's remove them, so the reader doesn't
 95	 * see a 404 error with no obvious cause.
 96	 */
 97	$redirect['path'] = preg_replace( '|(%C2%A0)+$|i', '', $redirect['path'] );
 98
 99	// It's not a preview, so remove it from URL.
100	if ( get_query_var( 'preview' ) ) {
101		$redirect['query'] = remove_query_arg( 'preview', $redirect['query'] );
102	}
103
104	$post_id = get_query_var( 'p' );
105
106	if ( is_feed() && $post_id ) {
107		$redirect_url = get_post_comments_feed_link( $post_id, get_query_var( 'feed' ) );
108		$redirect_obj = get_post( $post_id );
109
110		if ( $redirect_url ) {
111			$redirect['query'] = _remove_qs_args_if_not_in_url(
112				$redirect['query'],
113				array( 'p', 'page_id', 'attachment_id', 'pagename', 'name', 'post_type', 'feed' ),
114				$redirect_url
115			);
116
117			$redirect['path'] = parse_url( $redirect_url, PHP_URL_PATH );
118		}
119	}
120
121	if ( is_singular() && $wp_query->post_count < 1 && $post_id ) {
122
123		$vars = $wpdb->get_results( $wpdb->prepare( "SELECT post_type, post_parent FROM $wpdb->posts WHERE ID = %d", $post_id ) );
124
125		if ( ! empty( $vars[0] ) ) {
126			$vars = $vars[0];
127
128			if ( 'revision' === $vars->post_type && $vars->post_parent > 0 ) {
129				$post_id = $vars->post_parent;
130			}
131
132			$redirect_url = get_permalink( $post_id );
133			$redirect_obj = get_post( $post_id );
134
135			if ( $redirect_url ) {
136				$redirect['query'] = _remove_qs_args_if_not_in_url(
137					$redirect['query'],
138					array( 'p', 'page_id', 'attachment_id', 'pagename', 'name', 'post_type' ),
139					$redirect_url
140				);
141			}
142		}
143	}
144
145	// These tests give us a WP-generated permalink.
146	if ( is_404() ) {
147
148		// Redirect ?page_id, ?p=, ?attachment_id= to their respective URLs.
149		$post_id = max( get_query_var( 'p' ), get_query_var( 'page_id' ), get_query_var( 'attachment_id' ) );
150
151		$redirect_post = $post_id ? get_post( $post_id ) : false;
152
153		if ( $redirect_post ) {
154			$post_type_obj = get_post_type_object( $redirect_post->post_type );
155
156			if ( $post_type_obj && $post_type_obj->public && 'auto-draft' !== $redirect_post->post_status ) {
157				$redirect_url = get_permalink( $redirect_post );
158				$redirect_obj = get_post( $redirect_post );
159
160				$redirect['query'] = _remove_qs_args_if_not_in_url(
161					$redirect['query'],
162					array( 'p', 'page_id', 'attachment_id', 'pagename', 'name', 'post_type' ),
163					$redirect_url
164				);
165			}
166		}
167
168		$year  = get_query_var( 'year' );
169		$month = get_query_var( 'monthnum' );
170		$day   = get_query_var( 'day' );
171
172		if ( $year && $month && $day ) {
173			$date = sprintf( '%04d-%02d-%02d', $year, $month, $day );
174
175			if ( ! wp_checkdate( $month, $day, $year, $date ) ) {
176				$redirect_url = get_month_link( $year, $month );
177
178				$redirect['query'] = _remove_qs_args_if_not_in_url(
179					$redirect['query'],
180					array( 'year', 'monthnum', 'day' ),
181					$redirect_url
182				);
183			}
184		} elseif ( $year && $month && $month > 12 ) {
185			$redirect_url = get_year_link( $year );
186
187			$redirect['query'] = _remove_qs_args_if_not_in_url(
188				$redirect['query'],
189				array( 'year', 'monthnum' ),
190				$redirect_url
191			);
192		}
193
194		// Strip off non-existing <!--nextpage--> links from single posts or pages.
195		if ( get_query_var( 'page' ) ) {
196			$post_id = 0;
197
198			if ( $wp_query->queried_object instanceof WP_Post ) {
199				$post_id = $wp_query->queried_object->ID;
200			} elseif ( $wp_query->post ) {
201				$post_id = $wp_query->post->ID;
202			}
203
204			if ( $post_id ) {
205				$redirect_url = get_permalink( $post_id );
206				$redirect_obj = get_post( $post_id );
207
208				$redirect['path']  = rtrim( $redirect['path'], (int) get_query_var( 'page' ) . '/' );
209				$redirect['query'] = remove_query_arg( 'page', $redirect['query'] );
210			}
211		}
212
213		if ( ! $redirect_url ) {
214			$redirect_url = redirect_guess_404_permalink();
215
216			if ( $redirect_url ) {
217				$redirect['query'] = _remove_qs_args_if_not_in_url(
218					$redirect['query'],
219					array( 'page', 'feed', 'p', 'page_id', 'attachment_id', 'pagename', 'name', 'post_type' ),
220					$redirect_url
221				);
222			}
223		}
224	} elseif ( is_object( $wp_rewrite ) && $wp_rewrite->using_permalinks() ) {
225
226		// Rewriting of old ?p=X, ?m=2004, ?m=200401, ?m=20040101.
227		if ( is_attachment()
228			&& ! array_diff( array_keys( $wp->query_vars ), array( 'attachment', 'attachment_id' ) )
229			&& ! $redirect_url
230		) {
231			if ( ! empty( $_GET['attachment_id'] ) ) {
232				$redirect_url = get_attachment_link( get_query_var( 'attachment_id' ) );
233				$redirect_obj = get_post( get_query_var( 'attachment_id' ) );
234
235				if ( $redirect_url ) {
236					$redirect['query'] = remove_query_arg( 'attachment_id', $redirect['query'] );
237				}
238			} else {
239				$redirect_url = get_attachment_link();
240				$redirect_obj = get_post();
241			}
242		} elseif ( is_single() && ! empty( $_GET['p'] ) && ! $redirect_url ) {
243			$redirect_url = get_permalink( get_query_var( 'p' ) );
244			$redirect_obj = get_post( get_query_var( 'p' ) );
245
246			if ( $redirect_url ) {
247				$redirect['query'] = remove_query_arg( array( 'p', 'post_type' ), $redirect['query'] );
248			}
249		} elseif ( is_single() && ! empty( $_GET['name'] ) && ! $redirect_url ) {
250			$redirect_url = get_permalink( $wp_query->get_queried_object_id() );
251			$redirect_obj = get_post( $wp_query->get_queried_object_id() );
252
253			if ( $redirect_url ) {
254				$redirect['query'] = remove_query_arg( 'name', $redirect['query'] );
255			}
256		} elseif ( is_page() && ! empty( $_GET['page_id'] ) && ! $redirect_url ) {
257			$redirect_url = get_permalink( get_query_var( 'page_id' ) );
258			$redirect_obj = get_post( get_query_var( 'page_id' ) );
259
260			if ( $redirect_url ) {
261				$redirect['query'] = remove_query_arg( 'page_id', $redirect['query'] );
262			}
263		} elseif ( is_page() && ! is_feed() && ! $redirect_url
264			&& 'page' === get_option( 'show_on_front' ) && get_queried_object_id() === (int) get_option( 'page_on_front' )
265		) {
266			$redirect_url = home_url( '/' );
267		} elseif ( is_home() && ! empty( $_GET['page_id'] ) && ! $redirect_url
268			&& 'page' === get_option( 'show_on_front' ) && get_query_var( 'page_id' ) === (int) get_option( 'page_for_posts' )
269		) {
270			$redirect_url = get_permalink( get_option( 'page_for_posts' ) );
271			$redirect_obj = get_post( get_option( 'page_for_posts' ) );
272
273			if ( $redirect_url ) {
274				$redirect['query'] = remove_query_arg( 'page_id', $redirect['query'] );
275			}
276		} elseif ( ! empty( $_GET['m'] ) && ( is_year() || is_month() || is_day() ) ) {
277			$m = get_query_var( 'm' );
278
279			switch ( strlen( $m ) ) {
280				case 4: // Yearly.
281					$redirect_url = get_year_link( $m );
282					break;
283				case 6: // Monthly.
284					$redirect_url = get_month_link( substr( $m, 0, 4 ), substr( $m, 4, 2 ) );
285					break;
286				case 8: // Daily.
287					$redirect_url = get_day_link( substr( $m, 0, 4 ), substr( $m, 4, 2 ), substr( $m, 6, 2 ) );
288					break;
289			}
290
291			if ( $redirect_url ) {
292				$redirect['query'] = remove_query_arg( 'm', $redirect['query'] );
293			}
294			// Now moving on to non ?m=X year/month/day links.
295		} elseif ( is_date() ) {
296			$year  = get_query_var( 'year' );
297			$month = get_query_var( 'monthnum' );
298			$day   = get_query_var( 'day' );
299
300			if ( is_day() && $year && $month && ! empty( $_GET['day'] ) ) {
301				$redirect_url = get_day_link( $year, $month, $day );
302
303				if ( $redirect_url ) {
304					$redirect['query'] = remove_query_arg( array( 'year', 'monthnum', 'day' ), $redirect['query'] );
305				}
306			} elseif ( is_month() && $year && ! empty( $_GET['monthnum'] ) ) {
307				$redirect_url = get_month_link( $year, $month );
308
309				if ( $redirect_url ) {
310					$redirect['query'] = remove_query_arg( array( 'year', 'monthnum' ), $redirect['query'] );
311				}
312			} elseif ( is_year() && ! empty( $_GET['year'] ) ) {
313				$redirect_url = get_year_link( $year );
314
315				if ( $redirect_url ) {
316					$redirect['query'] = remove_query_arg( 'year', $redirect['query'] );
317				}
318			}
319		} elseif ( is_author() && ! empty( $_GET['author'] )
320			&& is_string( $_GET['author'] ) && preg_match( '|^[0-9]+$|', $_GET['author'] )
321		) {
322			$author = get_userdata( get_query_var( 'author' ) );
323
324			if ( false !== $author
325				&& $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE $wpdb->posts.post_author = %d AND $wpdb->posts.post_status = 'publish' LIMIT 1", $author->ID ) )
326			) {
327				$redirect_url = get_author_posts_url( $author->ID, $author->user_nicename );
328				$redirect_obj = $author;
329
330				if ( $redirect_url ) {
331					$redirect['query'] = remove_query_arg( 'author', $redirect['query'] );
332				}
333			}
334		} elseif ( is_category() || is_tag() || is_tax() ) { // Terms (tags/categories).
335			$term_count = 0;
336
337			foreach ( $wp_query->tax_query->queried_terms as $tax_query ) {
338				if ( isset( $tax_query['terms'] ) && is_countable( $tax_query['terms'] ) ) {
339					$term_count += count( $tax_query['terms'] );
340				}
341			}
342
343			$obj = $wp_query->get_queried_object();
344
345			if ( $term_count <= 1 && ! empty( $obj->term_id ) ) {
346				$tax_url = get_term_link( (int) $obj->term_id, $obj->taxonomy );
347
348				if ( $tax_url && ! is_wp_error( $tax_url ) ) {
349					if ( ! empty( $redirect['query'] ) ) {
350						// Strip taxonomy query vars off the URL.
351						$qv_remove = array( 'term', 'taxonomy' );
352
353						if ( is_category() ) {
354							$qv_remove[] = 'category_name';
355							$qv_remove[] = 'cat';
356						} elseif ( is_tag() ) {
357							$qv_remove[] = 'tag';
358							$qv_remove[] = 'tag_id';
359						} else {
360							// Custom taxonomies will have a custom query var, remove those too.
361							$tax_obj = get_taxonomy( $obj->taxonomy );
362							if ( false !== $tax_obj->query_var ) {
363								$qv_remove[] = $tax_obj->query_var;
364							}
365						}
366
367						$rewrite_vars = array_diff( array_keys( $wp_query->query ), array_keys( $_GET ) );
368
369						// Check to see if all the query vars are coming from the rewrite, none are set via $_GET.
370						if ( ! array_diff( $rewrite_vars, array_keys( $_GET ) ) ) {
371							// Remove all of the per-tax query vars.
372							$redirect['query'] = remove_query_arg( $qv_remove, $redirect['query'] );
373
374							// Create the destination URL for this taxonomy.
375							$tax_url = parse_url( $tax_url );
376
377							if ( ! empty( $tax_url['query'] ) ) {
378								// Taxonomy accessible via ?taxonomy=...&term=... or any custom query var.
379								parse_str( $tax_url['query'], $query_vars );
380								$redirect['query'] = add_query_arg( $query_vars, $redirect['query'] );
381							} else {
382								// Taxonomy is accessible via a "pretty URL".
383								$redirect['path'] = $tax_url['path'];
384							}
385						} else {
386							// Some query vars are set via $_GET. Unset those from $_GET that exist via the rewrite.
387							foreach ( $qv_remove as $_qv ) {
388								if ( isset( $rewrite_vars[ $_qv ] ) ) {
389									$redirect['query'] = remove_query_arg( $_qv, $redirect['query'] );
390								}
391							}
392						}
393					}
394				}
395			}
396		} elseif ( is_single() && str_contains( $wp_rewrite->permalink_structure, '%category%' ) ) {
397			$category_name = get_query_var( 'category_name' );
398
399			if ( $category_name ) {
400				$category = get_category_by_path( $category_name );
401
402				if ( ! $category || is_wp_error( $category )
403					|| ! has_term( $category->term_id, 'category', $wp_query->get_queried_object_id() )
404				) {
405					$redirect_url = get_permalink( $wp_query->get_queried_object_id() );
406					$redirect_obj = get_post( $wp_query->get_queried_object_id() );
407				}
408			}
409		}
410
411		// Post paging.
412		if ( is_singular() && get_query_var( 'page' ) ) {
413			$page = get_query_var( 'page' );
414
415			if ( ! $redirect_url ) {
416				$redirect_url = get_permalink( get_queried_object_id() );
417				$redirect_obj = get_post( get_queried_object_id() );
418			}
419
420			if ( $page > 1 ) {
421				$redirect_url = trailingslashit( $redirect_url );
422
423				if ( is_front_page() ) {
424					$redirect_url .= user_trailingslashit( "$wp_rewrite->pagination_base/$page", 'paged' );
425				} else {
426					$redirect_url .= user_trailingslashit( $page, 'single_paged' );
427				}
428			}
429
430			$redirect['query'] = remove_query_arg( 'page', $redirect['query'] );
431		}
432
433		if ( get_query_var( 'sitemap' ) ) {
434			$redirect_url      = get_sitemap_url( get_query_var( 'sitemap' ), get_query_var( 'sitemap-subtype' ), get_query_var( 'paged' ) );
435			$redirect['query'] = remove_query_arg( array( 'sitemap', 'sitemap-subtype', 'paged' ), $redirect['query'] );
436		} elseif ( get_query_var( 'paged' ) || is_feed() || get_query_var( 'cpage' ) ) {
437			// Paging and feeds.
438			$paged = get_query_var( 'paged' );
439			$feed  = get_query_var( 'feed' );
440			$cpage = get_query_var( 'cpage' );
441
442			while ( preg_match( "#/$wp_rewrite->pagination_base/?[0-9]+?(/+)?$#", $redirect['path'] )
443				|| preg_match( '#/(comments/?)?(feed|rss2?|rdf|atom)(/+)?$#', $redirect['path'] )
444				|| preg_match( "#/{$wp_rewrite->comments_pagination_base}-[0-9]+(/+)?$#", $redirect['path'] )
445			) {
446				// Strip off any existing paging.
447				$redirect['path'] = preg_replace( "#/$wp_rewrite->pagination_base/?[0-9]+?(/+)?$#", '/', $redirect['path'] );
448				// Strip off feed endings.
449				$redirect['path'] = preg_replace( '#/(comments/?)?(feed|rss2?|rdf|atom)(/+|$)#', '/', $redirect['path'] );
450				// Strip off any existing comment paging.
451				$redirect['path'] = preg_replace( "#/{$wp_rewrite->comments_pagination_base}-[0-9]+?(/+)?$#", '/', $redirect['path'] );
452			}
453
454			$addl_path    = '';
455			$default_feed = get_default_feed();
456
457			if ( is_feed() && in_array( $feed, $wp_rewrite->feeds, true ) ) {
458				$addl_path = ! empty( $addl_path ) ? trailingslashit( $addl_path ) : '';
459
460				if ( ! is_singular() && get_query_var( 'withcomments' ) ) {
461					$addl_path .= 'comments/';
462				}
463
464				if ( ( 'rss' === $default_feed && 'feed' === $feed ) || 'rss' === $feed ) {
465					$format = ( 'rss2' === $default_feed ) ? '' : 'rss2';
466				} else {
467					$format = ( $default_feed === $feed || 'feed' === $feed ) ? '' : $feed;
468				}
469
470				$addl_path .= user_trailingslashit( 'feed/' . $format, 'feed' );
471
472				$redirect['query'] = remove_query_arg( 'feed', $redirect['query'] );
473			} elseif ( is_feed() && 'old' === $feed ) {
474				$old_feed_files = array(
475					'wp-atom.php'         => 'atom',
476					'wp-commentsrss2.php' => 'comments_rss2',
477					'wp-feed.php'         => $default_feed,
478					'wp-rdf.php'          => 'rdf',
479					'wp-rss.php'          => 'rss2',
480					'wp-rss2.php'         => 'rss2',
481				);
482
483				if ( isset( $old_feed_files[ basename( $redirect['path'] ) ] ) ) {
484					$redirect_url = get_feed_link( $old_feed_files[ basename( $redirect['path'] ) ] );
485
486					wp_redirect( $redirect_url, 301 );
487					die();
488				}
489			}
490
491			if ( $paged > 0 ) {
492				$redirect['query'] = remove_query_arg( 'paged', $redirect['query'] );
493
494				if ( ! is_feed() ) {
495					if ( ! is_single() ) {
496						$addl_path = ! empty( $addl_path ) ? trailingslashit( $addl_path ) : '';
497
498						if ( $paged > 1 ) {
499							$addl_path .= user_trailingslashit( "$wp_rewrite->pagination_base/$paged", 'paged' );
500						}
501					}
502				} elseif ( $paged > 1 ) {
503					$redirect['query'] = add_query_arg( 'paged', $paged, $redirect['query'] );
504				}
505			}
506
507			$default_comments_page = get_option( 'default_comments_page' );
508
509			if ( get_option( 'page_comments' )
510				&& ( 'newest' === $default_comments_page && $cpage > 0
511					|| 'newest' !== $default_comments_page && $cpage > 1 )
512			) {
513				$addl_path  = ( ! empty( $addl_path ) ? trailingslashit( $addl_path ) : '' );
514				$addl_path .= user_trailingslashit( $wp_rewrite->comments_pagination_base . '-' . $cpage, 'commentpaged' );
515
516				$redirect['query'] = remove_query_arg( 'cpage', $redirect['query'] );
517			}
518
519			// Strip off trailing /index.php/.
520			$redirect['path'] = preg_replace( '|/' . preg_quote( $wp_rewrite->index, '|' ) . '/?$|', '/', $redirect['path'] );
521			$redirect['path'] = user_trailingslashit( $redirect['path'] );
522
523			if ( ! empty( $addl_path )
524				&& $wp_rewrite->using_index_permalinks()
525				&& ! str_contains( $redirect['path'], '/' . $wp_rewrite->index . '/' )
526			) {
527				$redirect['path'] = trailingslashit( $redirect['path'] ) . $wp_rewrite->index . '/';
528			}
529
530			if ( ! empty( $addl_path ) ) {
531				$redirect['path'] = trailingslashit( $redirect['path'] ) . $addl_path;
532			}
533
534			$redirect_url = $redirect['scheme'] . '://' . $redirect['host'] . $redirect['path'];
535		}
536
537		if ( 'wp-register.php' === basename( $redirect['path'] ) ) {
538			if ( is_multisite() ) {
539				/** This filter is documented in wp-login.php */
540				$redirect_url = apply_filters( 'wp_signup_location', network_site_url( 'wp-signup.php' ) );
541			} else {
542				$redirect_url = wp_registration_url();
543			}
544
545			wp_redirect( $redirect_url, 301 );
546			die();
547		}
548	}
549
550	$is_attachment_redirect = false;
551
552	if ( is_attachment() && ! get_option( 'wp_attachment_pages_enabled' ) ) {
553		$attachment_id        = get_query_var( 'attachment_id' );
554		$attachment_post      = get_post( $attachment_id );
555		$attachment_parent_id = $attachment_post ? $attachment_post->post_parent : 0;
556		$attachment_url       = wp_get_attachment_url( $attachment_id );
557
558		if ( $attachment_url !== $redirect_url ) {
559			/*
560			 * If an attachment is attached to a post, it inherits the parent post's status.
561			 * Fetch the parent post to check its status later.
562			 */
563			if ( $attachment_parent_id ) {
564				$redirect_obj = get_post( $attachment_parent_id );
565			}
566
567			$redirect_url = $attachment_url;
568		}
569
570		$is_attachment_redirect = true;
571	}
572
573	$redirect['query'] = preg_replace( '#^\??&*?#', '', $redirect['query'] );
574
575	// Tack on any additional query vars.
576	if ( $redirect_url && ! empty( $redirect['query'] ) ) {
577		parse_str( $redirect['query'], $_parsed_query );
578		$redirect = parse_url( $redirect_url );
579
580		if ( ! empty( $_parsed_query['name'] ) && ! empty( $redirect['query'] ) ) {
581			parse_str( $redirect['query'], $_parsed_redirect_query );
582
583			if ( empty( $_parsed_redirect_query['name'] ) ) {
584				unset( $_parsed_query['name'] );
585			}
586		}
587
588		$_parsed_query = array_combine(
589			rawurlencode_deep( array_keys( $_parsed_query ) ),
590			rawurlencode_deep( array_values( $_parsed_query ) )
591		);
592
593		$redirect_url = add_query_arg( $_parsed_query, $redirect_url );
594	}
595
596	if ( $redirect_url ) {
597		$redirect = parse_url( $redirect_url );
598	}
599
600	// www.example.com vs. example.com
601	$user_home = parse_url( home_url() );
602
603	if ( ! empty( $user_home['host'] ) ) {
604		$redirect['host'] = $user_home['host'];
605	}
606
607	if ( empty( $user_home['path'] ) ) {
608		$user_home['path'] = '/';
609	}
610
611	// Handle ports.
612	if ( ! empty( $user_home['port'] ) ) {
613		$redirect['port'] = $user_home['port'];
614	} else {
615		unset( $redirect['port'] );
616	}
617
618	// Notice prevention after new parse_url( $redirect_url ) calls
619	$redirect += array(
620		'host'   => '',
621		'path'   => '',
622		'query'  => '',
623		'scheme' => '',
624	);
625
626	// Trailing /index.php.
627	$redirect['path'] = preg_replace( '|/' . preg_quote( $wp_rewrite->index, '|' ) . '/*?$|', '/', $redirect['path'] );
628
629	$punctuation_pattern = implode(
630		'|',
631		array_map(
632			'preg_quote',
633			array(
634				' ',
635				'%20',  // Space.
636				'!',
637				'%21',  // Exclamation mark.
638				'"',
639				'%22',  // Double quote.
640				"'",
641				'%27',  // Single quote.
642				'(',
643				'%28',  // Opening bracket.
644				')',
645				'%29',  // Closing bracket.
646				',',
647				'%2C',  // Comma.
648				'.',
649				'%2E',  // Period.
650				';',
651				'%3B',  // Semicolon.
652				'{',
653				'%7B',  // Opening curly bracket.
654				'}',
655				'%7D',  // Closing curly bracket.
656				'%E2%80%9C', // Opening curly quote.
657				'%E2%80%9D', // Closing curly quote.
658			)
659		)
660	);
661
662	// Remove trailing spaces and end punctuation from the path.
663	$redirect['path'] = preg_replace( "#($punctuation_pattern)+$#", '', $redirect['path'] );
664
665	if ( ! empty( $redirect['query'] ) ) {
666		// Remove trailing spaces and end punctuation from certain terminating query string args.
667		$redirect['query'] = preg_replace( "#((^|&)(p|page_id|cat|tag)=[^&]*?)($punctuation_pattern)+$#", '$1', $redirect['query'] );
668
669		// Clean up empty query strings.
670		$redirect['query'] = trim( preg_replace( '#(^|&)(p|page_id|cat|tag)=?(&|$)#', '&', $redirect['query'] ), '&' );
671
672		// Redirect obsolete feeds.
673		$redirect['query'] = preg_replace( '#(^|&)feed=rss(&|$)#', '$1feed=rss2$2', $redirect['query'] );
674
675		// Remove redundant leading ampersands.
676		$redirect['query'] = preg_replace( '#^\??&*?#', '', $redirect['query'] );
677	}
678
679	// Strip /index.php/ when we're not using PATHINFO permalinks.
680	if ( ! $wp_rewrite->using_index_permalinks() ) {
681		$redirect['path'] = str_replace( '/' . $wp_rewrite->index . '/', '/', $redirect['path'] );
682	}
683
684	// Trailing slashes.
685	if ( is_object( $wp_rewrite ) && $wp_rewrite->using_permalinks()
686		&& ! $is_attachment_redirect
687		&& ! is_404() && ( ! is_front_page() || is_front_page() && get_query_var( 'paged' ) > 1 )
688	) {
689		$user_ts_type = '';
690
691		if ( get_query_var( 'paged' ) > 0 ) {
692			$user_ts_type = 'paged';
693		} else {
694			foreach ( array( 'single', 'category', 'page', 'day', 'month', 'year', 'home' ) as $type ) {
695				$func = 'is_' . $type;
696				if ( call_user_func( $func ) ) {
697					$user_ts_type = $type;
698					break;
699				}
700			}
701		}
702
703		$redirect['path'] = user_trailingslashit( $redirect['path'], $user_ts_type );
704	} elseif ( is_front_page() ) {
705		$redirect['path'] = trailingslashit( $redirect['path'] );
706	}
707
708	// Remove trailing slash for robots.txt or sitemap requests.
709	if ( is_robots()
710		|| ! empty( get_query_var( 'sitemap' ) ) || ! empty( get_query_var( 'sitemap-stylesheet' ) )
711	) {
712		$redirect['path'] = untrailingslashit( $redirect['path'] );
713	}
714
715	// Strip multiple slashes out of the URL.
716	if ( str_contains( $redirect['path'], '//' ) ) {
717		$redirect['path'] = preg_replace( '|/+|', '/', $redirect['path'] );
718	}
719
720	// Always trailing slash the Front Page URL.
721	if ( trailingslashit( $redirect['path'] ) === trailingslashit( $user_home['path'] ) ) {
722		$redirect['path'] = trailingslashit( $redirect['path'] );
723	}
724
725	$original_host_low = strtolower( $original['host'] );
726	$redirect_host_low = strtolower( $redirect['host'] );
727
728	/*
729	 * Ignore differences in host capitalization, as this can lead to infinite redirects.
730	 * Only redirect no-www <=> yes-www.
731	 */
732	if ( $original_host_low === $redirect_host_low
733		|| ( 'www.' . $original_host_low !== $redirect_host_low
734			&& 'www.' . $redirect_host_low !== $original_host_low )
735	) {
736		$redirect['host'] = $original['host'];
737	}
738
739	$compare_original = array( $original['host'], $original['path'] );
740
741	if ( ! empty( $original['port'] ) ) {
742		$compare_original[] = $original['port'];
743	}
744
745	if ( ! empty( $original['query'] ) ) {
746		$compare_original[] = $original['query'];
747	}
748
749	$compare_redirect = array( $redirect['host'], $redirect['path'] );
750
751	if ( ! empty( $redirect['port'] ) ) {
752		$compare_redirect[] = $redirect['port'];
753	}
754
755	if ( ! empty( $redirect['query'] ) ) {
756		$compare_redirect[] = $redirect['query'];
757	}
758
759	if ( $compare_original !== $compare_redirect ) {
760		$redirect_url = $redirect['scheme'] . '://' . $redirect['host'];
761
762		if ( ! empty( $redirect['port'] ) ) {
763			$redirect_url .= ':' . $redirect['port'];
764		}
765
766		$redirect_url .= $redirect['path'];
767
768		if ( ! empty( $redirect['query'] ) ) {
769			$redirect_url .= '?' . $redirect['query'];
770		}
771	}
772
773	if ( ! $redirect_url || $redirect_url === $requested_url ) {
774		return;
775	}
776
777	// Hex-encoded octets are case-insensitive.
778	if ( str_contains( $requested_url, '%' ) ) {
779		if ( ! function_exists( 'lowercase_octets' ) ) {
780			/**
781			 * Converts the first hex-encoded octet match to lowercase.
782			 *
783			 * @since 3.1.0
784			 * @ignore
785			 *
786			 * @param array $matches Hex-encoded octet matches for the requested URL.
787			 * @return string Lowercased version of the first match.
788			 */
789			function lowercase_octets( $matches ) {
790				return strtolower( $matches[0] );
791			}
792		}
793
794		$requested_url = preg_replace_callback( '|%[a-fA-F0-9][a-fA-F0-9]|', 'lowercase_octets', $requested_url );
795	}
796
797	if ( $redirect_obj instanceof WP_Post ) {
798		$post_status_obj = get_post_status_object( get_post_status( $redirect_obj ) );
799		/*
800		 * Unset the redirect object and URL if they are not readable by the user.
801		 * This condition is a little confusing as the condition needs to pass if
802		 * the post is not readable by the user. That's why there are ! (not) conditions
803		 * throughout.
804		 */
805		if (
806			// Private post statuses only redirect if the user can read them.
807			! (
808				$post_status_obj->private &&
809				current_user_can( 'read_post', $redirect_obj->ID )
810			) &&
811			// For other posts, only redirect if publicly viewable.
812			! is_post_publicly_viewable( $redirect_obj )
813		) {
814			$redirect_obj = false;
815			$redirect_url = false;
816		}
817	}
818
819	/**
820	 * Filters the canonical redirect URL.
821	 *
822	 * Returning false to this filter will cancel the redirect.
823	 *
824	 * @since 2.3.0
825	 *
826	 * @param string $redirect_url  The redirect URL.
827	 * @param string $requested_url The requested URL.
828	 */
829	$redirect_url = apply_filters( 'redirect_canonical', $redirect_url, $requested_url );
830
831	// Yes, again -- in case the filter aborted the request.
832	if ( ! $redirect_url || strip_fragment_from_url( $redirect_url ) === strip_fragment_from_url( $requested_url ) ) {
833		return;
834	}
835
836	if ( $do_redirect ) {
837		// Protect against chained redirects.
838		if ( ! redirect_canonical( $redirect_url, false ) ) {
839			wp_redirect( $redirect_url, 301 );
840			exit;
841		} else {
842			// Debug.
843			// die("1: $redirect_url<br />2: " . redirect_canonical( $redirect_url, false ) );
844			return;
845		}
846	} else {
847		return $redirect_url;
848	}
849}
850
851/**
852 * Removes arguments from a query string if they are not present in a URL
853 * DO NOT use this in plugin code.
854 *
855 * @since 3.4.0
856 * @access private
857 *
858 * @param string $query_string
859 * @param array  $args_to_check
860 * @param string $url
861 * @return string The altered query string
862 */
863function _remove_qs_args_if_not_in_url( $query_string, array $args_to_check, $url ) {
864	$parsed_url = parse_url( $url );
865
866	if ( ! empty( $parsed_url['query'] ) ) {
867		parse_str( $parsed_url['query'], $parsed_query );
868
869		foreach ( $args_to_check as $qv ) {
870			if ( ! isset( $parsed_query[ $qv ] ) ) {
871				$query_string = remove_query_arg( $qv, $query_string );
872			}
873		}
874	} else {
875		$query_string = remove_query_arg( $args_to_check, $query_string );
876	}
877
878	return $query_string;
879}
880
881/**
882 * Strips the #fragment from a URL, if one is present.
883 *
884 * @since 4.4.0
885 *
886 * @param string $url The URL to strip.
887 * @return string The altered URL.
888 */
889function strip_fragment_from_url( $url ) {
890	$parsed_url = wp_parse_url( $url );
891
892	if ( ! empty( $parsed_url['host'] ) ) {
893		$url = '';
894
895		if ( ! empty( $parsed_url['scheme'] ) ) {
896			$url = $parsed_url['scheme'] . ':';
897		}
898
899		$url .= '//' . $parsed_url['host'];
900
901		if ( ! empty( $parsed_url['port'] ) ) {
902			$url .= ':' . $parsed_url['port'];
903		}
904
905		if ( ! empty( $parsed_url['path'] ) ) {
906			$url .= $parsed_url['path'];
907		}
908
909		if ( ! empty( $parsed_url['query'] ) ) {
910			$url .= '?' . $parsed_url['query'];
911		}
912	}
913
914	return $url;
915}
916
917/**
918 * Attempts to guess the correct URL for a 404 request based on query vars.
919 *
920 * @since 2.3.0
921 *
922 * @global wpdb $wpdb WordPress database abstraction object.
923 *
924 * @return string|false The correct URL if one is found. False on failure.
925 */
926function redirect_guess_404_permalink() {
927	global $wpdb;
928
929	/**
930	 * Filters whether to attempt to guess a redirect URL for a 404 request.
931	 *
932	 * Returning a false value from the filter will disable the URL guessing
933	 * and return early without performing a redirect.
934	 *
935	 * @since 5.5.0
936	 *
937	 * @param bool $do_redirect_guess Whether to attempt to guess a redirect URL
938	 *                                for a 404 request. Default true.
939	 */
940	if ( false === apply_filters( 'do_redirect_guess_404_permalink', true ) ) {
941		return false;
942	}
943
944	/**
945	 * Short-circuits the redirect URL guessing for 404 requests.
946	 *
947	 * Returning a non-null value from the filter will effectively short-circuit
948	 * the URL guessing, returning the passed value instead.
949	 *
950	 * @since 5.5.0
951	 *
952	 * @param null|string|false $pre Whether to short-circuit guessing the redirect for a 404.
953	 *                               Default null to continue with the URL guessing.
954	 */
955	$pre = apply_filters( 'pre_redirect_guess_404_permalink', null );
956	if ( null !== $pre ) {
957		return $pre;
958	}
959
960	if ( get_query_var( 'name' ) ) {
961		$publicly_viewable_statuses   = array_filter( get_post_stati(), 'is_post_status_viewable' );
962		$publicly_viewable_post_types = array_filter( get_post_types( array( 'exclude_from_search' => false ) ), 'is_post_type_viewable' );
963
964		/**
965		 * Filters whether to perform a strict guess for a 404 redirect.
966		 *
967		 * Returning a truthy value from the filter will redirect only exact post_name matches.
968		 *
969		 * @since 5.5.0
970		 *
971		 * @param bool $strict_guess Whether to perform a strict guess. Default false (loose guess).
972		 */
973		$strict_guess = apply_filters( 'strict_redirect_guess_404_permalink', false );
974
975		if ( $strict_guess ) {
976			$where = $wpdb->prepare( 'post_name = %s', get_query_var( 'name' ) );
977		} else {
978			$where = $wpdb->prepare( 'post_name LIKE %s', $wpdb->esc_like( get_query_var( 'name' ) ) . '%' );
979		}
980
981		// If any of post_type, year, monthnum, or day are set, use them to refine the query.
982		if ( get_query_var( 'post_type' ) ) {
983			if ( is_array( get_query_var( 'post_type' ) ) ) {
984				$post_types = array_intersect( get_query_var( 'post_type' ), $publicly_viewable_post_types );
985				if ( empty( $post_types ) ) {
986					return false;
987				}
988				$where .= " AND post_type IN ('" . join( "', '", esc_sql( get_query_var( 'post_type' ) ) ) . "')";
989			} else {
990				if ( ! in_array( get_query_var( 'post_type' ), $publicly_viewable_post_types, true ) ) {
991					return false;
992				}
993				$where .= $wpdb->prepare( ' AND post_type = %s', get_query_var( 'post_type' ) );
994			}
995		} else {
996			$where .= " AND post_type IN ('" . implode( "', '", esc_sql( $publicly_viewable_post_types ) ) . "')";
997		}
998
999		if ( get_query_var( 'year' ) ) {
1000			$where .= $wpdb->prepare( ' AND YEAR(post_date) = %d', get_query_var( 'year' ) );
1001		}
1002		if ( get_query_var( 'monthnum' ) ) {
1003			$where .= $wpdb->prepare( ' AND MONTH(post_date) = %d', get_query_var( 'monthnum' ) );
1004		}
1005		if ( get_query_var( 'day' ) ) {
1006			$where .= $wpdb->prepare( ' AND DAYOFMONTH(post_date) = %d', get_query_var( 'day' ) );
1007		}
1008
1009		// phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
1010		$post_id = $wpdb->get_var( "SELECT ID FROM $wpdb->posts WHERE $where AND post_status IN ('" . implode( "', '", esc_sql( $publicly_viewable_statuses ) ) . "')" );
1011
1012		if ( ! $post_id ) {
1013			return false;
1014		}
1015
1016		if ( get_query_var( 'feed' ) ) {
1017			return get_post_comments_feed_link( $post_id, get_query_var( 'feed' ) );
1018		} elseif ( get_query_var( 'page' ) > 1 ) {
1019			return trailingslashit( get_permalink( $post_id ) ) . user_trailingslashit( get_query_var( 'page' ), 'single_paged' );
1020		} else {
1021			return get_permalink( $post_id );
1022		}
1023	}
1024
1025	return false;
1026}
1027
1028/**
1029 * Redirects a variety of shorthand URLs to the admin.
1030 *
1031 * If a user visits example.com/admin, they'll be redirected to /wp-admin.
1032 * Visiting /login redirects to /wp-login.php, and so on.
1033 *
1034 * @since 3.4.0
1035 *
1036 * @global WP_Rewrite $wp_rewrite WordPress rewrite component.
1037 */
1038function wp_redirect_admin_locations() {
1039	global $wp_rewrite;
1040
1041	if ( ! ( is_404() && $wp_rewrite->using_permalinks() ) ) {
1042		return;
1043	}
1044
1045	$admins = array(
1046		home_url( 'wp-admin', 'relative' ),
1047		home_url( 'dashboard', 'relative' ),
1048		home_url( 'admin', 'relative' ),
1049		site_url( 'dashboard', 'relative' ),
1050		site_url( 'admin', 'relative' ),
1051	);
1052
1053	if ( in_array( untrailingslashit( $_SERVER['REQUEST_URI'] ), $admins, true ) ) {
1054		wp_redirect( admin_url() );
1055		exit;
1056	}
1057
1058	$logins = array(
1059		home_url( 'wp-login.php', 'relative' ),
1060		home_url( 'login.php', 'relative' ),
1061		home_url( 'login', 'relative' ),
1062		site_url( 'login', 'relative' ),
1063	);
1064
1065	if ( in_array( untrailingslashit( $_SERVER['REQUEST_URI'] ), $logins, true ) ) {
1066		wp_redirect( wp_login_url() );
1067		exit;
1068	}
1069}
1070