<?php

[0] Fix | Delete

[1] Fix | Delete

/*

[2] Fix | Delete

* Disable error reporting.

[3] Fix | Delete

*

[4] Fix | Delete

* Set this to error_reporting( -1 ) for debugging.

[5] Fix | Delete

*/

[6] Fix | Delete

error_reporting( 0 );

[7] Fix | Delete

[8] Fix | Delete

// Set ABSPATH for execution.

[9] Fix | Delete

if ( ! defined( 'ABSPATH' ) ) {

[10] Fix | Delete

define( 'ABSPATH', dirname( __DIR__ ) . '/' );

[11] Fix | Delete

}

[12] Fix | Delete

[13] Fix | Delete

define( 'WPINC', 'wp-includes' );

[14] Fix | Delete

define( 'WP_CONTENT_DIR', ABSPATH . 'wp-content' );

[15] Fix | Delete

[16] Fix | Delete

require ABSPATH . 'wp-admin/includes/noop.php';

[17] Fix | Delete

require ABSPATH . WPINC . '/theme.php';

[18] Fix | Delete

require ABSPATH . WPINC . '/class-wp-theme-json-resolver.php';

[19] Fix | Delete

require ABSPATH . WPINC . '/global-styles-and-settings.php';

[20] Fix | Delete

require ABSPATH . WPINC . '/script-loader.php';

[21] Fix | Delete

require ABSPATH . WPINC . '/version.php';

[22] Fix | Delete

[23] Fix | Delete

$protocol = $_SERVER['SERVER_PROTOCOL'];

[24] Fix | Delete

if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0', 'HTTP/3' ), true ) ) {

[25] Fix | Delete

$protocol = 'HTTP/1.0';

[26] Fix | Delete

}

[27] Fix | Delete

[28] Fix | Delete

$load = $_GET['load'];

[29] Fix | Delete

if ( is_array( $load ) ) {

[30] Fix | Delete

ksort( $load );

[31] Fix | Delete

$load = implode( '', $load );

[32] Fix | Delete

}

[33] Fix | Delete

[34] Fix | Delete

$load = preg_replace( '/[^a-z0-9,_-]+/i', '', $load );

[35] Fix | Delete

$load = array_unique( explode( ',', $load ) );

[36] Fix | Delete

[37] Fix | Delete

if ( empty( $load ) ) {

[38] Fix | Delete

header( "$protocol 400 Bad Request" );

[39] Fix | Delete

exit;

[40] Fix | Delete

}

[41] Fix | Delete

[42] Fix | Delete

$rtl = ( isset( $_GET['dir'] ) && 'rtl' === $_GET['dir'] );

[43] Fix | Delete

$expires_offset = 31536000; // 1 year.

[44] Fix | Delete

$out = '';

[45] Fix | Delete

[46] Fix | Delete

$wp_styles = new WP_Styles();

[47] Fix | Delete

wp_default_styles( $wp_styles );

[48] Fix | Delete

[49] Fix | Delete

$etag = "WP:{$wp_version};";

[50] Fix | Delete

[51] Fix | Delete

foreach ( $load as $handle ) {

[52] Fix | Delete

if ( ! array_key_exists( $handle, $wp_styles->registered ) ) {

[53] Fix | Delete

continue;

[54] Fix | Delete

}

[55] Fix | Delete

[56] Fix | Delete

$ver = $wp_styles->registered[ $handle ]->ver ? $wp_styles->registered[ $handle ]->ver : $wp_version;

[57] Fix | Delete

$etag .= "{$handle}:{$ver};";

[58] Fix | Delete

}

[59] Fix | Delete

[60] Fix | Delete

/*

[61] Fix | Delete

* This is not intended to be cryptographically secure, just a fast way to get

[62] Fix | Delete

* a fixed length string based on the script versions. As this file does not

[63] Fix | Delete

* load the full WordPress environment, it is not possible to use the salted

[64] Fix | Delete

* wp_hash() function.

[65] Fix | Delete

*/

[66] Fix | Delete

$etag = 'W/"' . md5( $etag ) . '"';

[67] Fix | Delete

[68] Fix | Delete

if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) && stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) === $etag ) {

[69] Fix | Delete

header( "$protocol 304 Not Modified" );

[70] Fix | Delete

exit;

[71] Fix | Delete

}

[72] Fix | Delete

[73] Fix | Delete

foreach ( $load as $handle ) {

[74] Fix | Delete

if ( ! array_key_exists( $handle, $wp_styles->registered ) ) {

[75] Fix | Delete

continue;

[76] Fix | Delete

}

[77] Fix | Delete

[78] Fix | Delete

$style = $wp_styles->registered[ $handle ];

[79] Fix | Delete

[80] Fix | Delete

if ( empty( $style->src ) ) {

[81] Fix | Delete

continue;

[82] Fix | Delete

}

[83] Fix | Delete

[84] Fix | Delete

$path = ABSPATH . $style->src;

[85] Fix | Delete

[86] Fix | Delete

if ( $rtl && ! empty( $style->extra['rtl'] ) ) {

[87] Fix | Delete

// All default styles have fully independent RTL files.

[88] Fix | Delete

$path = str_replace( '.min.css', '-rtl.min.css', $path );

[89] Fix | Delete

}

[90] Fix | Delete

[91] Fix | Delete

$content = get_file( $path ) . "\n";

[92] Fix | Delete

[93] Fix | Delete

// Note: str_starts_with() is not used here, as wp-includes/compat.php is not loaded in this file.

[94] Fix | Delete

if ( 0 === strpos( $style->src, '/' . WPINC . '/css/' ) ) {

[95] Fix | Delete

$content = str_replace( '../images/', '../' . WPINC . '/images/', $content );

[96] Fix | Delete

$content = str_replace( '../js/tinymce/', '../' . WPINC . '/js/tinymce/', $content );

[97] Fix | Delete

$content = str_replace( '../fonts/', '../' . WPINC . '/fonts/', $content );

[98] Fix | Delete

$out .= $content;

[99] Fix | Delete

} else {

[100] Fix | Delete

$out .= str_replace( '../images/', 'images/', $content );

[101] Fix | Delete

}

[102] Fix | Delete

}

[103] Fix | Delete

[104] Fix | Delete

header( "Etag: $etag" );

[105] Fix | Delete

header( 'Content-Type: text/css; charset=UTF-8' );

[106] Fix | Delete

header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + $expires_offset ) . ' GMT' );

[107] Fix | Delete

header( "Cache-Control: public, max-age=$expires_offset" );

[108] Fix | Delete

[109] Fix | Delete

echo $out;

[110] Fix | Delete

exit;

[111] Fix | Delete