本文整理汇总了PHP中send_nosniff_header函数的典型用法代码示例。如果您正苦于以下问题:PHP send_nosniff_header函数的具体用法?PHP send_nosniff_header怎么用?PHP send_nosniff_header使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了send_nosniff_header函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: ajax
function ajax($action)
{
define('DOING_AJAX', true);
if (empty($action)) {
return;
}
ini_set('html_errors', 0);
if (AJAXFLOW_NONCE) {
if (!wp_verify_nonce($action, $_REQUEST['_wpnonce'])) {
wp_die('Security check didn´t pass, please check _wpnonce!', AJAXFLOW_TAG);
}
}
$shortinit = apply_filters(AJAXFLOW_TAG . '_shortinit', false, $action);
if ($shortinit || isset($_REQUEST['shortinit']) && $_REQUEST['shortinit']) {
define('SHORTINIT', true);
}
require_once ABSPATH . '/wp-load.php';
header('Content-Type: text/html');
send_nosniff_header();
header('Cache-Control: no-cache');
header('Pragma: no-cache');
do_action(AJAXFLOW_TAG . '_shortinit_load');
if (is_user_logged_in()) {
do_action(AJAXFLOW_TAG . '_' . $action);
} else {
do_action(AJAXFLOW_TAG . '_nopriv_' . $action);
}
wp_die('Your ' . AJAXFLOW_TAG . ' call does not exists or exit is missing in action!', AJAXFLOW_TAG);
exit;
}示例2: send_headers
/**
* Update Headers for better security
*/
public static function send_headers($headers)
{
send_nosniff_header();
$headers['X-Frame-Options'] = 'SAMEORIGIN';
// http://engineeredweb.com/blog/2013/secure-site-clickjacking-x-frame-options/
$headers['X-XSS-Protection'] = '1; mode=block';
// https://kb.sucuri.net/warnings/hardening/headers-x-xss-protection
return $headers;
}示例3: wc_ajax_headers
/**
* Send headers for WC Ajax Requests
* @since 2.5.0
*/
private static function wc_ajax_headers()
{
send_origin_headers();
@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
@header('X-Robots-Tag: noindex');
send_nosniff_header();
nocache_headers();
status_header(200);
}示例4: json_template_redirect
function json_template_redirect()
{
// If this is not a request for json then bail
if (is_json_request()) {
// Set the appropriate header
header('Content-Type: application/json; charset=utf-8');
// Help prevent MIME-type confusion attacks in IE8+
send_nosniff_header();
}
return;
}示例5: essb_proccess_share_this_image
function essb_proccess_share_this_image()
{
$current_action = isset($_REQUEST['essb-image-share']) ? $_REQUEST['essb-image-share'] : '';
if ($current_action == "yes") {
define('DOING_AJAX', true);
send_nosniff_header();
header('Pragma: no-cache');
include_once ESSB3_PLUGIN_ROOT . 'lib/modules/social-image-share/essb-social-image-share-selected.php';
exit;
}
}示例6: zt_json_template_redirect
/**
* Redirect to a JSON representation of a post if the JSON query var is set.
*
* In order to power the SPA, a JSON representation of a post is needed. This function hooks into "template_redirect"
* and will use a JSON template to render a post when needed. Appending "?cspa-json=1" to a post or a post format
* archive will render the JSON template.
*
* @since 1.0.
*
* @return void
*/
function zt_json_template_redirect()
{
global $wp_query;
// If this is not a request for json then bail
if (!isset($wp_query->query_vars['zt-json']) || '1' !== $wp_query->query_vars['zt-json']) {
return;
}
// Set the appropriate header
header('Content-Type: application/json; charset=utf-8');
// Help prevent MIME-type confusion attacks in IE8+
send_nosniff_header();
// Render the template and stop execution
get_template_part('json', 'posts');
exit;
}示例7: bbp_do_ajax
/**
* Hooked to the 'bbp_template_redirect' action, this is bbPress's custom
* theme-side ajax handler.
*
* @since 2.3.0 bbPress (r4543)
*
* @return If not a bbPress ajax request
*/
function bbp_do_ajax()
{
// Bail if not an ajax request
if (!bbp_is_ajax()) {
return;
}
// Set WordPress core ajax constant
define('DOING_AJAX', true);
// Set the header content type
@header('Content-Type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
// Disable content sniffing in browsers that support it
send_nosniff_header();
// Perform custom bbPress ajax
do_action('bbp_ajax_' . $_REQUEST['action']);
// All done
die('0');
}示例8: define_ajax
/**
* Set BSR AJAX constant and headers.
* @access public
*/
public function define_ajax()
{
if (isset($_GET['bsr-ajax']) && !empty($_GET['bsr-ajax'])) {
// Define the WordPress "DOING_AJAX" constant.
if (!defined('DOING_AJAX')) {
define('DOING_AJAX', true);
}
// Prevent notices from breaking AJAX functionality.
if (!WP_DEBUG || WP_DEBUG && !WP_DEBUG_DISPLAY) {
@ini_set('display_errors', 0);
}
// Send the headers.
send_origin_headers();
@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
@header('X-Robots-Tag: noindex');
send_nosniff_header();
nocache_headers();
}
}示例9: endpoint
public function endpoint()
{
global $wp_query;
if (!isset($wp_query->query_vars[$this->endpoint])) {
return;
}
do_action('cornerstone_before_endpoint');
send_origin_headers();
if (empty($_REQUEST['action'])) {
die('0');
}
@header('X-Robots-Tag: noindex');
@header('Cornerstone: true');
send_nosniff_header();
nocache_headers();
$action = is_user_logged_in() ? 'cornerstone_endpoint_' : 'cornerstone_endpoint_nopriv_';
do_action($action . $_REQUEST['action']);
die('0');
}示例10: template_redirect
/**
* Handles AJAX response
*
* @since 6.3
* @access public
*/
public function template_redirect()
{
$theme_my_login = Theme_My_Login::get_object();
if (Theme_My_Login::is_tml_page() && isset($_GET['ajax'])) {
define('DOING_AJAX', true);
$instance =& $theme_my_login->get_instance();
$instance->set_option('default_action', !empty($theme_my_login->request_action) ? $theme_my_login->request_action : 'login');
$instance->set_option('gravatar_size', 75);
$instance->set_option('before_title', '<h2>');
$instance->set_option('after_title', '</h2>');
$data = $instance->display();
send_origin_headers();
@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
@header('X-Robots-Tag: noindex');
send_nosniff_header();
nocache_headers();
$x = new WP_Ajax_Response(array('what' => 'login', 'action' => $theme_my_login->request_action, 'data' => $theme_my_login->errors->get_error_code() ? $theme_my_login->errors : $data, 'supplemental' => array('html' => $data, 'success' => is_user_logged_in())));
$x->send();
exit;
}
}示例11: define_ajax
/**
* Set WC AJAX constant and headers.
*/
public static function define_ajax()
{
if (!empty($_GET['wc-ajax'])) {
if (!defined('DOING_AJAX')) {
define('DOING_AJAX', true);
}
if (!defined('WC_DOING_AJAX')) {
define('WC_DOING_AJAX', true);
}
// Turn off display_errors during AJAX events to prevent malformed JSON
if (!WP_DEBUG || WP_DEBUG && !WP_DEBUG_DISPLAY) {
@ini_set('display_errors', 0);
}
// Send headers like admin-ajax.php
send_origin_headers();
@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
@header('X-Robots-Tag: noindex');
send_nosniff_header();
nocache_headers();
}
}示例12: upload
public static function upload()
{
GFCommon::log_debug('GFAsyncUpload::upload(): Starting.');
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
status_header(404);
die;
}
header('Content-Type: text/html; charset=' . get_option('blog_charset'));
send_nosniff_header();
nocache_headers();
status_header(200);
// If the file is bigger than the server can accept then the form_id might not arrive.
// This might happen if the file is bigger than the max post size ini setting.
// Validation in the browser reduces the risk of this happening.
if (!isset($_REQUEST['form_id'])) {
GFCommon::log_debug('GFAsyncUpload::upload(): File upload aborted because the form_id was not found. The file may have been bigger than the max post size ini setting.');
self::die_error(500, __('Failed to upload file.', 'gravityforms'));
}
$form_id = absint($_REQUEST['form_id']);
$form_unique_id = rgpost('gform_unique_id');
$form = GFAPI::get_form($form_id);
if (empty($form) || !$form['is_active']) {
die;
}
if (rgar($form, 'requireLogin')) {
if (!is_user_logged_in()) {
die;
}
check_admin_referer('gform_file_upload_' . $form_id, '_gform_file_upload_nonce_' . $form_id);
}
if (!ctype_alnum($form_unique_id)) {
die;
}
$target_dir = GFFormsModel::get_upload_path($form_id) . DIRECTORY_SEPARATOR . 'tmp' . DIRECTORY_SEPARATOR;
if (!is_dir($target_dir)) {
if (!wp_mkdir_p($target_dir)) {
GFCommon::log_debug("GFAsyncUpload::upload(): Couldn't create the tmp folder: " . $target_dir);
self::die_error(500, __('Failed to upload file.', 'gravityforms'));
}
}
$time = current_time('mysql');
$y = substr($time, 0, 4);
$m = substr($time, 5, 2);
//adding index.html files to all subfolders
if (!file_exists(GFFormsModel::get_upload_root() . '/index.html')) {
GFForms::add_security_files();
} else {
if (!file_exists(GFFormsModel::get_upload_path($form_id) . '/index.html')) {
GFCommon::recursive_add_index_file(GFFormsModel::get_upload_path($form_id));
} else {
if (!file_exists(GFFormsModel::get_upload_path($form_id) . "/{$y}/index.html")) {
GFCommon::recursive_add_index_file(GFFormsModel::get_upload_path($form_id) . "/{$y}");
} else {
GFCommon::recursive_add_index_file(GFFormsModel::get_upload_path($form_id) . "/{$y}/{$m}");
}
}
}
if (!file_exists($target_dir . '/index.html')) {
GFCommon::recursive_add_index_file($target_dir);
}
$uploaded_filename = $_FILES['file']['name'];
$file_name = isset($_REQUEST['name']) ? $_REQUEST['name'] : '';
$field_id = rgpost('field_id');
$field_id = absint($field_id);
$field = GFFormsModel::get_field($form, $field_id);
if (empty($field) || GFFormsModel::get_input_type($field) != 'fileupload') {
die;
}
$file_name = sanitize_file_name($file_name);
$uploaded_filename = sanitize_file_name($uploaded_filename);
$allowed_extensions = !empty($field->allowedExtensions) ? GFCommon::clean_extensions(explode(',', strtolower($field->allowedExtensions))) : array();
$max_upload_size_in_bytes = $field->maxFileSize > 0 ? $field->maxFileSize * 1048576 : wp_max_upload_size();
$max_upload_size_in_mb = $max_upload_size_in_bytes / 1048576;
if ($_FILES['file']['size'] > 0 && $_FILES['file']['size'] > $max_upload_size_in_bytes) {
self::die_error(104, sprintf(__('File exceeds size limit. Maximum file size: %dMB', 'gravityforms'), $max_upload_size_in_mb));
}
if (GFCommon::file_name_has_disallowed_extension($file_name) || GFCommon::file_name_has_disallowed_extension($uploaded_filename)) {
GFCommon::log_debug("GFAsyncUpload::upload(): Illegal file extension: {$file_name}");
self::die_error(104, __('The uploaded file type is not allowed.', 'gravityforms'));
}
if (!empty($allowed_extensions)) {
if (!GFCommon::match_file_extension($file_name, $allowed_extensions) || !GFCommon::match_file_extension($uploaded_filename, $allowed_extensions)) {
GFCommon::log_debug("GFAsyncUpload::upload(): The uploaded file type is not allowed: {$file_name}");
self::die_error(104, sprintf(__('The uploaded file type is not allowed. Must be one of the following: %s', 'gravityforms'), strtolower($field['allowedExtensions'])));
}
}
$whitelisting_disabled = apply_filters('gform_file_upload_whitelisting_disabled', false);
if (empty($allowed_extensions) && !$whitelisting_disabled) {
// Whitelist the file type
$valid_uploaded_filename = GFCommon::check_type_and_ext($_FILES['file'], $uploaded_filename);
if (is_wp_error($valid_uploaded_filename)) {
self::die_error($valid_uploaded_filename->get_error_code(), $valid_uploaded_filename->get_error_message());
}
$valid_file_name = GFCommon::check_type_and_ext($_FILES['file'], $file_name);
if (is_wp_error($valid_uploaded_filename)) {
self::die_error($valid_file_name->get_error_code(), $valid_file_name->get_error_message());
}
}
$tmp_file_name = $form_unique_id . '_input_' . $field_id . '_' . $file_name;
$tmp_file_name = sanitize_file_name($tmp_file_name);
//.........这里部分代码省略.........
示例13: http_headers
/**
* Sets various HTTP headers related to Content-Type and browser caching.
*
* Most of this class method is derived from {@link WP::send_headers()}.
*
* @since 1.9.0
*/
protected function http_headers()
{
// Set up some additional headers if not on a directory page
// this is done b/c BP uses pseudo-pages.
if (!bp_is_directory()) {
global $wp_query;
$wp_query->is_404 = false;
status_header(200);
}
// Set content-type.
@header('Content-Type: text/xml; charset=' . get_option('blog_charset'), true);
send_nosniff_header();
// Cache-related variables.
$last_modified = mysql2date('D, d M Y H:i:s O', bp_activity_get_last_updated(), false);
$modified_timestamp = strtotime($last_modified);
$etag = md5($last_modified);
// Set cache-related headers.
@header('Last-Modified: ' . $last_modified);
@header('Pragma: no-cache');
@header('ETag: ' . '"' . $etag . '"');
// First commit of BuddyPress! (Easter egg).
@header('Expires: Tue, 25 Mar 2008 17:13:55 GMT');
// Get ETag from supported user agents.
if (isset($_SERVER['HTTP_IF_NONE_MATCH'])) {
$client_etag = wp_unslash($_SERVER['HTTP_IF_NONE_MATCH']);
// Remove quotes from ETag.
$client_etag = trim($client_etag, '"');
// Strip suffixes from ETag if they exist (eg. "-gzip").
$etag_suffix_pos = strpos($client_etag, '-');
if (!empty($etag_suffix_pos)) {
$client_etag = substr($client_etag, 0, $etag_suffix_pos);
}
// No ETag found.
} else {
$client_etag = false;
}
// Get client last modified timestamp from supported user agents.
$client_last_modified = empty($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? '' : trim($_SERVER['HTTP_IF_MODIFIED_SINCE']);
$client_modified_timestamp = $client_last_modified ? strtotime($client_last_modified) : 0;
// Set 304 status if feed hasn't been updated since last fetch.
if ($client_last_modified && $client_etag ? $client_modified_timestamp >= $modified_timestamp && $client_etag == $etag : $client_modified_timestamp >= $modified_timestamp || $client_etag == $etag) {
$status = 304;
} else {
$status = false;
}
// If feed hasn't changed as reported by the user agent, set 304 status header.
if (!empty($status)) {
status_header($status);
// Cached response, so stop now!
if ($status == 304) {
exit;
}
}
}示例14: _action_frontend_init_ajax
/**
* Generate and output ajax response for related posts API call.
* NOTE: Calls exit() to end all further processing after payload has been outputed.
*
* @param array $excludes array of post_ids to exclude
* @uses send_nosniff_header, self::get_for_post_id, get_the_ID
* @return null
*/
protected function _action_frontend_init_ajax(array $excludes)
{
define('DOING_AJAX', true);
header('Content-type: application/json; charset=utf-8');
// JSON can only be UTF-8
send_nosniff_header();
$related_posts = $this->get_for_post_id(get_the_ID(), array('exclude_post_ids' => $excludes));
$options = $this->get_options();
$response = array('version' => self::VERSION, 'show_thumbnails' => (bool) $options['show_thumbnails'], 'items' => array());
if (count($related_posts) == $options['size']) {
$response['items'] = $related_posts;
}
echo json_encode($response);
exit;
}示例15: ajax_response
/**
* Our own Ajax response, avoiding calling admin-ajax
*/
function ajax_response()
{
// Only proceed if the url query has a key of "Infinity"
if (!self::got_infinity()) {
return false;
}
// This should already be defined below, but make sure.
if (!defined('DOING_AJAX')) {
define('DOING_AJAX', true);
}
@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
send_nosniff_header();
/**
* Fires at the end of the Infinite Scroll Ajax response.
*
* @module infinite-scroll
*
* @since 2.0.0
*/
do_action('custom_ajax_infinite_scroll');
die('0');
}