Make WordPress Core


Ignore:
Timestamp:
10/14/2019 07:14:31 PM (5 years ago)
Author:
whyisjake
Message:

Backporting several bug fixes.

  • Query: Remove the static query property.
  • HTTP API: Protect against hex interpretation.
  • Filesystem API: Prevent directory travelersals when creating new folders.
  • Administration: Ensure that admin referer nonce is valid.
  • REST API: Send a Vary: Origin header on GET requests.
  • Customizer: Properly sanitize background images.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 4.2 branch.

Location:
branches/4.2
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.2

  • branches/4.2/src/wp-includes/query.php

    r39961 r46500  
    14021402            , 'attachment_id'
    14031403            , 'name'
    1404             , 'static'
    14051404            , 'pagename'
    14061405            , 'page_id'
     
    16061605            // post is being queried.
    16071606            $this->is_single = true;
    1608         } elseif ( '' != $qv['static'] || '' != $qv['pagename'] || !empty($qv['page_id']) ) {
     1607        } elseif ( '' != $qv['pagename'] || !empty($qv['page_id']) ) {
    16091608            $this->is_page = true;
    16101609            $this->is_single = false;
Note: See TracChangeset for help on using the changeset viewer.