Changeset 45015

Timestamp:

03/26/2019 10:25:47 PM (6 years ago)

Author:

SergeyBiryukov

Message:

Bootstrap/Load: Add support for JSONP requests to wp_die().

In addition to AJAX, XML-RPC, and JSON requests, wp_die() now handles JSONP requests correctly, returning information in the expected content type.

Props spacedmonkey, TimothyBlynJacobs.
Fixes #46025. See #44458.

Location:

trunk/src/wp-includes

Files:

• functions.php (modified) (2 diffs)
• load.php (modified) (1 diff)

trunk/src/wp-includes/functions.php

@@ -2990 +2990 @@
          */
         $function = apply_filters( 'wp_die_json_handler', '_json_wp_die_handler' );
+    } elseif ( wp_is_jsonp_request() ) {
+        /**
+         * Filters the callback for killing WordPress execution for JSONP requests.
+         *
+         * @since 5.2.0
+         *
+         * @param callable $function Callback function name.
+         */
+        $function = apply_filters( 'wp_die_jsonp_handler', '_jsonp_wp_die_handler' );
     } elseif ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) {
         /**
@@ -3243 +3252 @@
 
     echo wp_json_encode( $data );
+    if ( $r['exit'] ) {
+        die();
+    }
+}
+
+/**
+ * Kill WordPress execution and display JSONP message with error message.
+ *
+ * This is the handler for wp_die when processing JSONP requests.
+ *
+ * @since 5.2.0
+ * @access private
+ *
+ * @param string       $message Error message.
+ * @param string       $title   Optional. Error title. Default empty.
+ * @param string|array $args    Optional. Arguments to control behavior. Default empty array.
+ */
+function _jsonp_wp_die_handler( $message, $title = '', $args = array() ) {
+    list( $message, $title, $r ) = _wp_die_process_input( $message, $title, $args );
+
+    $data = array(
+        'code'              => $r['code'],
+        'message'           => $message,
+        'data'              => array(
+            'status' => $r['response'],
+        ),
+        'additional_errors' => $r['additional_errors'],
+    );
+
+    if ( ! headers_sent() ) {
+        header( 'Content-Type: application/javascript; charset=utf-8' );
+        header( 'X-Content-Type-Options: nosniff' );
+        header( 'X-Robots-Tag: noindex' );
+        if ( null !== $r['response'] ) {
+            status_header( $r['response'] );
+        }
+        nocache_headers();
+    }
+
+    $result         = wp_json_encode( $data );
+    $jsonp_callback = $_GET['_jsonp'];
+    echo '/**/' . $jsonp_callback . '(' . $result . ')';
     if ( $r['exit'] ) {
         die();

trunk/src/wp-includes/load.php

@@ -1502 +1502 @@
 
 }
+
+/**
+ * Checks whether current request is a JSONP request, or is expecting a JSONP response.
+ *
+ * @since 5.2.0
+ *
+ * @return bool True if JSONP request, false otherwise.
+ */
+function wp_is_jsonp_request() {
+    if ( ! isset( $_GET['_jsonp'] ) ) {
+        return false;
+    }
+
+    if ( ! function_exists( 'wp_check_jsonp_callback' ) ) {
+        require_once ABSPATH . WPINC . '/functions.php';
+    }
+
+    $jsonp_callback = $_GET['_jsonp'];
+    if ( ! wp_check_jsonp_callback( $jsonp_callback ) ) {
+        return false;
+    }
+
+    /** This filter is documented in wp-includes/rest-api/class-wp-rest-server.php */
+    $jsonp_enabled = apply_filters( 'rest_jsonp_enabled', true );
+
+    return $jsonp_enabled;
+
+}