Make WordPress Core

Changeset 43364


Ignore:
Timestamp:
06/16/2018 01:11:57 PM (6 years ago)
Author:
SergeyBiryukov
Message:

Privacy: Make sure wp_add_privacy_policy_content() does not cause a fatal error by unintentionally flushing rewrite rules outside of the admin context.

Add a _doing_it_wrong() message describing the correct usage of the function.

Props kraftbj, azaozz, SergeyBiryukov, YuriV.
Merges [43361], [43362], [43363] to the 4.9 branch.
Fixes #44142.

Location:
branches/4.9
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/4.9

  • branches/4.9/src/wp-admin/includes/misc.php

    r43351 r43364  
    195195 *
    196196 * @global WP_Rewrite $wp_rewrite
     197 *
     198 * @return bool|null True on write success, false on failure. Null in multisite.
    197199 */
    198200function save_mod_rewrite_rules() {
     
    202204    global $wp_rewrite;
    203205
    204     $home_path = get_home_path();
    205     $htaccess_file = $home_path.'.htaccess';
     206    // Ensure get_home_path() is declared.
     207    require_once( ABSPATH . 'wp-admin/includes/file.php' );
     208
     209    $home_path     = get_home_path();
     210    $htaccess_file = $home_path . '.htaccess';
    206211
    207212    /*
     
    227232 * @global WP_Rewrite $wp_rewrite
    228233 *
    229  * @return bool True if web.config was updated successfully
     234 * @return bool|null True on write success, false on failure. Null in multisite.
    230235 */
    231236function iis7_save_url_rewrite_rules(){
     
    235240    global $wp_rewrite;
    236241
    237     $home_path = get_home_path();
     242    // Ensure get_home_path() is declared.
     243    require_once( ABSPATH . 'wp-admin/includes/file.php' );
     244
     245    $home_path       = get_home_path();
    238246    $web_config_file = $home_path . 'web.config';
    239247
  • branches/4.9/src/wp-admin/includes/plugin.php

    r43115 r43364  
    18991899
    19001900/**
    1901  * Helper function for adding content to the postbox shown when editing the privacy policy.
     1901 * Helper function for adding content to the Privacy Policy Guide.
    19021902 *
    19031903 * Plugins and themes should suggest text for inclusion in the site's privacy policy.
    19041904 * The suggested text should contain information about any functionality that affects user privacy,
    1905  * and will be shown in the Suggested Privacy Policy Content postbox.
     1905 * and will be shown on the Privacy Policy Guide screen.
    19061906 *
    19071907 * A plugin or theme can use this function multiple times as long as it will help to better present
    19081908 * the suggested policy content. For example modular plugins such as WooCommerse or Jetpack
    19091909 * can add or remove suggested content depending on the modules/extensions that are enabled.
     1910 * For more information see the Plugin Handbook:
     1911 * https://developer.wordpress.org/plugins/privacy/suggesting-text-for-the-site-privacy-policy/.
    19101912 *
    19111913 * Intended for use with the `'admin_init'` action.
     
    19151917 * @param string $plugin_name The name of the plugin or theme that is suggesting content for the site's privacy policy.
    19161918 * @param string $policy_text The suggested content for inclusion in the policy.
    1917  *                            For more information see the Plugins Handbook https://developer.wordpress.org/plugins/.
    19181919 */
    19191920function wp_add_privacy_policy_content( $plugin_name, $policy_text ) {
     1921    if ( ! is_admin() ) {
     1922        _doing_it_wrong(
     1923            __FUNCTION__,
     1924            sprintf(
     1925                /* translators: %s: admin_init */
     1926                __( 'The suggested privacy policy content should be added only in wp-admin by using the %s (or later) action.' ),
     1927                '<code>admin_init</code>'
     1928            ),
     1929            '4.9.7'
     1930        );
     1931        return;
     1932    } elseif ( ! doing_action( 'admin_init' ) && ! did_action( 'admin_init' ) ) {
     1933        _doing_it_wrong(
     1934            __FUNCTION__,
     1935            sprintf(
     1936                /* translators: %s: admin_init */
     1937                __( 'The suggested privacy policy content should be added by using the %s (or later) action. Please see the inline documentation.' ),
     1938                '<code>admin_init</code>'
     1939            ),
     1940            '4.9.7'
     1941        );
     1942        return;
     1943    }
     1944
    19201945    if ( ! class_exists( 'WP_Privacy_Policy_Content' ) ) {
    19211946        require_once( ABSPATH . 'wp-admin/includes/misc.php' );
Note: See TracChangeset for help on using the changeset viewer.