Changeset 46917
- Timestamp:
- 12/12/2019 06:53:18 PM (4 years ago)
- Location:
- branches/4.8
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/4.8
- Property svn:mergeinfo changed
/trunk merged: 46893,46895
- Property svn:mergeinfo changed
-
branches/4.8/src/wp-includes/kses.php
r46006 r46917 1386 1386 function wp_kses_bad_protocol_once($string, $allowed_protocols, $count = 1 ) { 1387 1387 $string = preg_replace( '/(�*58(?![;0-9])|�*3a(?![;a-f0-9]))/i', '$1;', $string ); 1388 $string2 = preg_split( '/:|�*58;|�*3a; /i', $string, 2 );1388 $string2 = preg_split( '/:|�*58;|�*3a;|:/i', $string, 2 ); 1389 1389 if ( isset($string2[1]) && ! preg_match('%/\?%', $string2[0]) ) { 1390 1390 $string = trim( $string2[1] ); -
branches/4.8/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
r40606 r46917 502 502 } 503 503 504 if ( ! empty( $request['sticky'] ) && ! current_user_can( $post_type->cap->edit_others_posts ) ) {504 if ( ! empty( $request['sticky'] ) && ! current_user_can( $post_type->cap->edit_others_posts ) && ! current_user_can( $post_type->cap->publish_posts ) ) { 505 505 return new WP_Error( 'rest_cannot_assign_sticky', __( 'Sorry, you are not allowed to make posts sticky.' ), array( 'status' => rest_authorization_required_code() ) ); 506 506 } … … 646 646 } 647 647 648 if ( ! empty( $request['sticky'] ) && ! current_user_can( $post_type->cap->edit_others_posts ) ) {648 if ( ! empty( $request['sticky'] ) && ! current_user_can( $post_type->cap->edit_others_posts ) && ! current_user_can( $post_type->cap->publish_posts ) ) { 649 649 return new WP_Error( 'rest_cannot_assign_sticky', __( 'Sorry, you are not allowed to make posts sticky.' ), array( 'status' => rest_authorization_required_code() ) ); 650 650 } … … 939 939 */ 940 940 protected function prepare_item_for_database( $request ) { 941 $prepared_post = new stdClass ;941 $prepared_post = new stdClass(); 942 942 943 943 // Post ID. -
branches/4.8/tests/phpunit/tests/kses.php
r46006 r46917 170 170 } 171 171 172 $bad_not_normalized = array( 173 'dummy:alert(1)', 174 'javascript:alert(1)', 175 'javascript&CoLon;alert(1)', 176 'javascript:alert(1);', 177 'javascript:alert(1);', 178 'javascript:alert(1);', 179 'javascript:alert(1);', 180 'jav ascript:alert(1);', 181 'javascript:javascript:alert(1);', 182 'javascript:javascript:alert(1);', 183 'javascript:javascript:alert(1);', 184 'javascript:javascript:alert(1);', 185 'javascript:alert(1)', 186 ); 187 foreach ( $bad_not_normalized as $k => $x ) { 188 $result = wp_kses_bad_protocol( $x, wp_allowed_protocols() ); 189 if ( ! empty( $result ) && 'alert(1);' !== $result && 'alert(1)' !== $result ) { 190 $this->fail( "wp_kses_bad_protocol failed on $k, $x. Result: $result" ); 191 } 192 } 193 172 194 $safe = array( 173 195 'dummy:alert(1)',
Note: See TracChangeset
for help on using the changeset viewer.