Make WordPress Core

Changeset 45456


Ignore:
Timestamp:
05/28/2019 02:42:24 AM (5 years ago)
Author:
azaozz
Message:

Script loader: prevent sorting of the load array in the query string when passing the script handles to load-scripts.php and load-styles.php.

Fixes #45346 #26886.

Location:
trunk/src
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/load-scripts.php

    r44237 r45456  
    1717$load = $_GET['load'];
    1818if ( is_array( $load ) ) {
     19    ksort( $load );
    1920    $load = implode( '', $load );
    2021}
  • trunk/src/wp-admin/load-styles.php

    r43580 r45456  
    2121$load = $_GET['load'];
    2222if ( is_array( $load ) ) {
     23    ksort( $load );
    2324    $load = implode( '', $load );
    2425}
     26
    2527$load = preg_replace( '/[^a-z0-9,_-]+/i', '', $load );
    2628$load = array_unique( explode( ',', $load ) );
  • trunk/src/wp-includes/script-loader.php

    r45448 r45456  
    24622462
    24632463        $concat = str_split( $concat, 128 );
    2464         $concat = 'load%5B%5D=' . implode( '&load%5B%5D=', $concat );
    2465 
    2466         $src = $wp_scripts->base_url . "/wp-admin/load-scripts.php?c={$zip}&" . $concat . '&ver=' . $wp_scripts->default_version;
     2464        $concatenated = '';
     2465
     2466        foreach ( $concat as $key => $chunk ) {
     2467            $concatenated .= "&load%5Bchunk_{$key}%5D={$chunk}";
     2468        }
     2469
     2470        $src = $wp_scripts->base_url . "/wp-admin/load-scripts.php?c={$zip}" . $concatenated . '&ver=' . $wp_scripts->default_version;
    24672471        echo "<script type='text/javascript' src='" . esc_attr( $src ) . "'></script>\n";
    24682472    }
     
    26322636
    26332637        $concat = str_split( $concat, 128 );
    2634         $concat = 'load%5B%5D=' . implode( '&load%5B%5D=', $concat );
    2635 
    2636         $href = $wp_styles->base_url . "/wp-admin/load-styles.php?c={$zip}&dir={$dir}&" . $concat . '&ver=' . $ver;
     2638        $concatenated = '';
     2639
     2640        foreach ( $concat as $key => $chunk ) {
     2641            $concatenated .= "&load%5Bchunk_{$key}%5D={$chunk}";
     2642        }
     2643
     2644        $href = $wp_styles->base_url . "/wp-admin/load-styles.php?c={$zip}&dir={$dir}" . $concatenated . '&ver=' . $ver;
    26372645        echo "<link rel='stylesheet' href='" . esc_attr( $href ) . "' type='text/css' media='all' />\n";
    26382646
Note: See TracChangeset for help on using the changeset viewer.