Context Navigation

Changeset 46490

Timestamp:

10/14/2019 06:16:02 PM (6 years ago)

Author:

whyisjake

Message:

Backporting several bug fixes.

Location:

branches/5.1

Files:

-                      r44518
+                      r46490
             'attachment_id',
             'name',
-            'static',
             'pagename',
             'page_id',
 …
             // post is being queried.
             $this->is_single = true;
         } elseif ( '' != $qv['static'] || '' != $qv['pagename'] || ! empty( $qv['page_id'] ) ) {
+        } elseif ( '' != $qv['pagename'] || ! empty( $qv['page_id'] ) ) {
             $this->is_page   = true;
             $this->is_single = false;

r44048	r46490
15	15	* @var string[]
16	16	*/
17		public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', '~~static', '~~pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' );
	17	public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' );
18	18
19	19	/**

-                      r44831
+                      r46490
     if ( file_exists( $target ) ) {
         return @is_dir( $target );
+    }
+    // Do not allow path traversals.
+    if ( false !== strpos( $target, '../' ) || false !== strpos( $target, '..' . DIRECTORY_SEPARATOR ) ) {
+        return false;
+    }

r42894	r46490
556	556	$ip = gethostbyname( $host );
557	557	if ( $ip === $host ) { // Error condition for gethostbyname()
558		~~$ip =~~ false;
	558	return false;
559	559	}
560	560	}

-                      r45973
+                      r46490
      */
     function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
         if ( -1 == $action ) {
+        if ( -1 === $action ) {
             _doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
+        }
 …
         do_action( 'check_admin_referer', $action, $result );
         if ( ! $result && ! ( -1 == $action && strpos( $referer, $adminurl ) === 0 ) ) {
+        if ( ! $result && ! ( -1 === $action && strpos( $referer, $adminurl ) === 0 ) ) {
             wp_nonce_ays( $action );
             die();

-                      r44698
+                      r46490
         header( 'Access-Control-Allow-Methods: OPTIONS, GET, POST, PUT, PATCH, DELETE' );
         header( 'Access-Control-Allow-Credentials: true' );
+        header( 'Vary: Origin' );
+        header( 'Vary: Origin', false );
+    } elseif ( ! headers_sent() && 'GET' === $_SERVER['REQUEST_METHOD'] && ! is_user_logged_in() ) {
+        header( 'Vary: Origin', false );
+    }

-                      r43571
+                      r46490
+    }
+    public function test_check_admin_referer_with_default_action_as_string_not_doing_it_wrong() {
+        // A valid nonce needs to be set so the check doesn't die()
+        $_REQUEST['_wpnonce'] = wp_create_nonce( '-1' );
+        $result               = check_admin_referer( '-1' );
+        $this->assertSame( 1, $result );
+        unset( $_REQUEST['_wpnonce'] );
+    }
     /**
      * @ticket 36361

Note: See TracChangeset for help on using the changeset viewer.