WordPress.org

Make WordPress Core


Ignore:
Timestamp:
10/14/2019 06:16:02 PM (2 years ago)
Author:
whyisjake
Message:

Backporting several bug fixes.

  • Query: Remove the static query property.
  • HTTP API: Protect against hex interpretation.
  • Filesystem API: Prevent directory travelersals when creating new folders.
  • Administration: Ensure that admin referer nonce is valid.
  • REST API: Send a Vary: Origin header on GET requests.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 5.1 branch.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/5.1/src/wp-includes/class-wp-query.php

    r44518 r46490  
    530530            'attachment_id',
    531531            'name',
    532             'static',
    533532            'pagename',
    534533            'page_id',
     
    794793            // post is being queried.
    795794            $this->is_single = true;
    796         } elseif ( '' != $qv['static'] || '' != $qv['pagename'] || ! empty( $qv['page_id'] ) ) {
     795        } elseif ( '' != $qv['pagename'] || ! empty( $qv['page_id'] ) ) {
    797796            $this->is_page   = true;
    798797            $this->is_single = false;
Note: See TracChangeset for help on using the changeset viewer.