Make WordPress Core

Changeset 38476 for branches/4.6


Ignore:
Timestamp:
08/31/2016 06:43:21 PM (8 years ago)
Author:
jeremyfelt
Message:

Post Thumbnails: Prevent post thumbnail previews from spilling into other images.

After [38118], when previewing a page with a secondary loop, all post
thumbnails would be filtered to display the post thumbnail for the
page being previewed. This ensures _wp_preview_post_thumbnail_filter()
is only applied if the $post_id of the post meta being filtered is
equal to the post or page being previewed.

Merge of [38433] to the 4.6 branch.

Props swissspidy, joemcgill.
Fixes #37697.

Location:
branches/4.6
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/4.6

  • branches/4.6/src/wp-includes/revision.php

    r38118 r38476  
    595595    }
    596596
    597     if ( empty( $_REQUEST['_thumbnail_id'] ) || $post->ID != $post_id || '_thumbnail_id' != $meta_key || 'revision' == $post->post_type ) {
     597    if ( empty( $_REQUEST['_thumbnail_id'] ) ||
     598         empty( $_REQUEST['preview_id'] ) ||
     599         $post->ID != $post_id ||
     600         '_thumbnail_id' != $meta_key ||
     601         'revision' == $post->post_type ||
     602         $post_id != $_REQUEST['preview_id']
     603    ) {
    598604        return $value;
    599605    }
  • branches/4.6/tests/phpunit/tests/post/thumbnails.php

    r38264 r38476  
    243243        $GLOBALS['post'] = self::$post;
    244244        $_REQUEST['_thumbnail_id'] = self::$attachment_id;
     245        $_REQUEST['preview_id'] = self::$post->ID;
    245246
    246247        $result = _wp_preview_post_thumbnail_filter( '', self::$post->ID, '_thumbnail_id' );
     248
     249        // Clean up.
     250        $GLOBALS['post'] = $old_post;
     251        unset( $_REQUEST['_thumbnail_id'] );
     252        unset( $_REQUEST['preview_id'] );
     253
    247254        $this->assertEquals( self::$attachment_id, $result );
    248 
     255    }
     256
     257    /**
     258     * @ticket 37697
     259     */
     260    function test__wp_preview_post_thumbnail_filter_secondary_post() {
     261        $old_post = isset( $GLOBALS['post'] ) ? $GLOBALS['post'] : null;
     262
     263        $secondary_post = self::factory()->post->create( array(
     264                'post_stauts' => 'publish',
     265            )
     266        );
     267
     268        $GLOBALS['post'] = self::$post;
     269        $_REQUEST['_thumbnail_id'] = self::$attachment_id;
     270        $_REQUEST['preview_id'] = $secondary_post;
     271
     272        $result = _wp_preview_post_thumbnail_filter( '', self::$post->ID, '_thumbnail_id' );
     273
     274        // Clean up.
     275        $GLOBALS['post'] = $old_post;
    249276        unset( $_REQUEST['_thumbnail_id'] );
    250         if ( null === $old_post ) {
    251             unset( $GLOBALS['post'] );
    252         } else {
    253             $GLOBALS['post'] = $old_post;
    254         }
     277        unset( $_REQUEST['preview_id'] );
     278
     279        $this->assertEmpty( $result );
    255280    }
    256281
Note: See TracChangeset for help on using the changeset viewer.