Changeset 46497
- Timestamp:
- 10/14/2019 07:06:04 PM (4 years ago)
- Location:
- branches/4.5
- Files:
-
- 9 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/4.5
- Property svn:mergeinfo changed
/trunk merged: 46474-46478,46483,46485
- Property svn:mergeinfo changed
-
branches/4.5/src/wp-includes/class-wp.php
r44059 r46497 16 16 * @var array 17 17 */ 18 public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' );18 public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' ); 19 19 20 20 /** -
branches/4.5/src/wp-includes/functions.php
r43993 r46497 1602 1602 if ( file_exists( $target ) ) 1603 1603 return @is_dir( $target ); 1604 1605 // Do not allow path traversals. 1606 if ( false !== strpos( $target, '../' ) || false !== strpos( $target, '..' . DIRECTORY_SEPARATOR ) ) { 1607 return false; 1608 } 1604 1609 1605 1610 // We need to find the permissions of the parent folder that exists and inherit that. -
branches/4.5/src/wp-includes/http.php
r42912 r46497 536 536 } else { 537 537 $ip = gethostbyname( $host ); 538 if ( $ip === $host ) // Error condition for gethostbyname() 539 $ip = false; 538 if ( $ip === $host ) { // Error condition for gethostbyname() 539 return false; 540 } 540 541 } 541 542 if ( $ip ) { -
branches/4.5/src/wp-includes/pluggable.php
r45980 r46497 1045 1045 */ 1046 1046 function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) { 1047 if ( -1 == $action )1048 _doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2 ' );1047 if ( -1 === $action ) 1048 _doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' ); 1049 1049 1050 1050 $adminurl = strtolower(admin_url()); … … 1063 1063 do_action( 'check_admin_referer', $action, $result ); 1064 1064 1065 if ( ! $result && ! ( -1 == $action && strpos( $referer, $adminurl ) === 0 ) ) {1065 if ( ! $result && ! ( -1 === $action && strpos( $referer, $adminurl ) === 0 ) ) { 1066 1066 wp_nonce_ays( $action ); 1067 1067 die(); … … 1088 1088 */ 1089 1089 function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) { 1090 if ( -1 === $action ) 1091 _doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' ); 1092 1090 1093 $nonce = ''; 1091 1094 … … 2448 2451 } 2449 2452 endif; 2450 -
branches/4.5/src/wp-includes/query.php
r39958 r46497 1412 1412 , 'attachment_id' 1413 1413 , 'name' 1414 , 'static'1415 1414 , 'pagename' 1416 1415 , 'page_id' … … 1628 1627 // post is being queried. 1629 1628 $this->is_single = true; 1630 } elseif ( '' != $qv[' static'] || '' != $qv['pagename'] || !empty($qv['page_id']) ) {1629 } elseif ( '' != $qv['pagename'] || !empty($qv['page_id']) ) { 1631 1630 $this->is_page = true; 1632 1631 $this->is_single = false; -
branches/4.5/src/wp-includes/rest-api.php
r36947 r46497 396 396 header( 'Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE' ); 397 397 header( 'Access-Control-Allow-Credentials: true' ); 398 header( 'Vary: Origin', false ); 399 } elseif ( ! headers_sent() && 'GET' === $_SERVER['REQUEST_METHOD'] && ! is_user_logged_in() ) { 400 header( 'Vary: Origin', false ); 398 401 } 399 402 -
branches/4.5/tests/phpunit/tests/auth.php
r36617 r46497 142 142 } 143 143 144 public function test_check_admin_referer_with_default_action_as_string_not_doing_it_wrong() { 145 // A valid nonce needs to be set so the check doesn't die() 146 $_REQUEST['_wpnonce'] = wp_create_nonce( '-1' ); 147 $result = check_admin_referer( '-1' ); 148 $this->assertSame( 1, $result ); 149 150 unset( $_REQUEST['_wpnonce'] ); 151 } 152 144 153 /** 145 154 * @ticket 24030 … … 152 161 153 162 $this->assertEquals( $count, did_action( $this->nonce_failure_hook ) ); 163 } 164 165 /** 166 * @ticket 36361 167 */ 168 public function test_check_admin_referer_with_no_action_triggers_doing_it_wrong() { 169 $this->setExpectedIncorrectUsage( 'check_admin_referer' ); 170 171 // A valid nonce needs to be set so the check doesn't die() 172 $_REQUEST['_wpnonce'] = wp_create_nonce( -1 ); 173 $result = check_admin_referer(); 174 $this->assertSame( 1, $result ); 175 176 unset( $_REQUEST['_wpnonce'] ); 177 } 178 179 /** 180 * @ticket 36361 181 */ 182 public function test_check_ajax_referer_with_no_action_triggers_doing_it_wrong() { 183 $this->setExpectedIncorrectUsage( 'check_ajax_referer' ); 184 185 // A valid nonce needs to be set so the check doesn't die() 186 $_REQUEST['_wpnonce'] = wp_create_nonce( -1 ); 187 $result = check_ajax_referer(); 188 $this->assertSame( 1, $result ); 189 190 unset( $_REQUEST['_wpnonce'] ); 154 191 } 155 192 -
branches/4.5/tests/phpunit/tests/query/vars.php
r36048 r46497 17 17 do_action( 'init' ); 18 18 19 $this->assertEquals( array( 19 $this->assertEquals( 20 array( 20 21 21 // Static public query vars: 22 'm', 23 'p', 24 'posts', 25 'w', 26 'cat', 27 'withcomments', 28 'withoutcomments', 29 's', 30 'search', 31 'exact', 32 'sentence', 33 'calendar', 34 'page', 35 'paged', 36 'more', 37 'tb', 38 'pb', 39 'author', 40 'order', 41 'orderby', 42 'year', 43 'monthnum', 44 'day', 45 'hour', 46 'minute', 47 'second', 48 'name', 49 'category_name', 50 'tag', 51 'feed', 52 'author_name', 53 'static', 54 'pagename', 55 'page_id', 56 'error', 57 'attachment', 58 'attachment_id', 59 'subpost', 60 'subpost_id', 61 'preview', 62 'robots', 63 'taxonomy', 64 'term', 65 'cpage', 66 'post_type', 67 'embed', 22 // Static public query vars: 23 'm', 24 'p', 25 'posts', 26 'w', 27 'cat', 28 'withcomments', 29 'withoutcomments', 30 's', 31 'search', 32 'exact', 33 'sentence', 34 'calendar', 35 'page', 36 'paged', 37 'more', 38 'tb', 39 'pb', 40 'author', 41 'order', 42 'orderby', 43 'year', 44 'monthnum', 45 'day', 46 'hour', 47 'minute', 48 'second', 49 'name', 50 'category_name', 51 'tag', 52 'feed', 53 'author_name', 54 'pagename', 55 'page_id', 56 'error', 57 'attachment', 58 'attachment_id', 59 'subpost', 60 'subpost_id', 61 'preview', 62 'robots', 63 'taxonomy', 64 'term', 65 'cpage', 66 'post_type', 67 'embed', 68 68 69 // Dynamically added public query vars:70 'post_format',71 'rest_route',69 // Dynamically added public query vars: 70 'post_format', 71 'rest_route', 72 72 73 ), $wp->public_query_vars, 'Care should be taken when introducing new public query vars. See https://core.trac.wordpress.org/ticket/35115' ); 73 ), 74 $wp->public_query_vars, 75 'Care should be taken when introducing new public query vars. See https://core.trac.wordpress.org/ticket/35115' 76 ); 74 77 } 75 78
Note: See TracChangeset
for help on using the changeset viewer.