Changeset 46493 for branches/4.9/src/wp-includes/pluggable.php

Timestamp:

10/14/2019 06:38:34 PM (8 weeks ago)

Author:

whyisjake

Message:

Backporting several bug fixes.

• Query: Remove the static query property.
• HTTP API: Protect against hex interpretation.
• Filesystem API: Prevent directory travelersals when creating new folders.
• Administration: Ensure that admin referer nonce is valid.
• REST API: Send a Vary: Origin header on GET requests.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 5.0 branch.

File:

• branches/4.9/src/wp-includes/pluggable.php (modified) (3 diffs)

branches/4.9/src/wp-includes/pluggable.php

@@ -1080 +1080 @@
  */
 function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
-    if ( -1 == $action )
+    if ( -1 === $action )
         _doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
 
@@ -1098 +1098 @@
     do_action( 'check_admin_referer', $action, $result );
 
-    if ( ! $result && ! ( -1 == $action && strpos( $referer, $adminurl ) === 0 ) ) {
+    if ( ! $result && ! ( -1 === $action && strpos( $referer, $adminurl ) === 0 ) ) {
         wp_nonce_ays( $action );
         die();
@@ -2646 +2646 @@
 }
 endif;
-