Changeset 47633
- Timestamp:
- 04/29/2020 03:12:50 PM (5 years ago)
- Location:
- trunk
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/class-wp-customize-manager.php
r47550 r47633 2929 2929 */ 2930 2930 2931 // Prevent content filters from corrupting JSON in post_content. 2932 $has_kses = ( false !== has_filter( 'content_save_pre', 'wp_filter_post_kses' ) ); 2933 if ( $has_kses ) { 2934 kses_remove_filters(); 2935 } 2936 $has_targeted_link_rel_filters = ( false !== has_filter( 'content_save_pre', 'wp_targeted_link_rel' ) ); 2937 if ( $has_targeted_link_rel_filters ) { 2938 wp_remove_targeted_link_rel_filters(); 2939 } 2940 2941 // Note that updating a post with publish status will trigger WP_Customize_Manager::publish_changeset_values(). 2931 /* 2932 * Update the changeset post. The publish_customize_changeset action will cause the settings in the 2933 * changeset to be saved via WP_Customize_Setting::save(). Updating a post with publish status will 2934 * trigger WP_Customize_Manager::publish_changeset_values(). 2935 */ 2936 add_filter( 'wp_insert_post_data', array( $this, 'preserve_insert_changeset_post_content' ), 5, 3 ); 2942 2937 if ( $changeset_post_id ) { 2943 2938 if ( $args['autosave'] && 'auto-draft' !== get_post_status( $changeset_post_id ) ) { … … 2970 2965 } 2971 2966 } 2972 2973 // Restore removed content filters. 2974 if ( $has_kses ) { 2975 kses_init_filters(); 2976 } 2977 if ( $has_targeted_link_rel_filters ) { 2978 wp_init_targeted_link_rel_filters(); 2979 } 2967 remove_filter( 'wp_insert_post_data', array( $this, 'preserve_insert_changeset_post_content' ), 5 ); 2980 2968 2981 2969 $this->_changeset_data = null; // Reset so WP_Customize_Manager::changeset_data() will re-populate with updated contents. … … 2993 2981 2994 2982 return $response; 2983 } 2984 2985 /** 2986 * Preserve the initial JSON post_content passed to save into the post. 2987 * 2988 * This is needed to prevent KSES and other {@see 'content_save_pre'} filters 2989 * from corrupting JSON data. 2990 * 2991 * Note that WP_Customize_Manager::validate_setting_values() have already 2992 * run on the setting values being serialized as JSON into the post content 2993 * so it is pre-sanitized. 2994 * 2995 * Also, the sanitization logic is re-run through the respective 2996 * WP_Customize_Setting::sanitize() method when being read out of the 2997 * changeset, via WP_Customize_Manager::post_value(), and this sanitized 2998 * value will also be sent into WP_Customize_Setting::update() for 2999 * persisting to the DB. 3000 * 3001 * Multiple users can collaborate on a single changeset, where one user may 3002 * have the unfiltered_html capability but another may not. A user with 3003 * unfiltered_html may add a script tag to some field which needs to be kept 3004 * intact even when another user updates the changeset to modify another field 3005 * when they do not have unfiltered_html. 3006 * 3007 * @since 5.4.1 3008 * 3009 * @param array $data An array of slashed and processed post data. 3010 * @param array $postarr An array of sanitized (and slashed) but otherwise unmodified post data. 3011 * @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed post data as originally passed to wp_insert_post(). 3012 * @return array Filtered post data. 3013 */ 3014 public function preserve_insert_changeset_post_content( $data, $postarr, $unsanitized_postarr ) { 3015 if ( 3016 isset( $data['post_type'] ) && 3017 isset( $unsanitized_postarr['post_content'] ) && 3018 'customize_changeset' === $data['post_type'] || 3019 ( 3020 'revision' === $data['post_type'] && 3021 ! empty( $data['post_parent'] ) && 3022 'customize_changeset' === get_post_type( $data['post_parent'] ) 3023 ) 3024 ) { 3025 $data['post_content'] = $unsanitized_postarr['post_content']; 3026 } 3027 return $data; 2995 3028 } 2996 3029 -
trunk/src/wp-includes/post.php
r47611 r47633 3595 3595 global $wpdb; 3596 3596 3597 // Capture original pre-sanitized array for passing into filters. 3598 $unsanitized_postarr = $postarr; 3599 3597 3600 $user_id = get_current_user_id(); 3598 3601 … … 3919 3922 * 3920 3923 * @since 3.9.0 3924 * @since 5.4.1 `$unsanitized_postarr` argument added. 3921 3925 * 3922 * @param array $data An array of sanitized attachment post data. 3923 * @param array $postarr An array of unsanitized attachment post data. 3926 * @param array $data An array of slashed, sanitized, and processed attachment post data. 3927 * @param array $postarr An array of slashed and sanitized attachment post data, but not processed. 3928 * @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed attachment post data 3929 * as originally passed to wp_insert_post(). 3924 3930 */ 3925 $data = apply_filters( 'wp_insert_attachment_data', $data, $postarr );3931 $data = apply_filters( 'wp_insert_attachment_data', $data, $postarr, $unsanitized_postarr ); 3926 3932 } else { 3927 3933 /** … … 3929 3935 * 3930 3936 * @since 2.7.0 3937 * @since 5.4.1 `$unsanitized_postarr` argument added. 3931 3938 * 3932 * @param array $data An array of slashed post data. 3933 * @param array $postarr An array of sanitized, but otherwise unmodified post data. 3939 * @param array $data An array of slashed, sanitized, and processed post data. 3940 * @param array $postarr An array of sanitized (and slashed) but otherwise unmodified post data. 3941 * @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed post data as 3942 * originally passed to wp_insert_post(). 3934 3943 */ 3935 $data = apply_filters( 'wp_insert_post_data', $data, $postarr );3944 $data = apply_filters( 'wp_insert_post_data', $data, $postarr, $unsanitized_postarr ); 3936 3945 } 3937 3946 $data = wp_unslash( $data ); -
trunk/tests/phpunit/tests/customize/manager.php
r47198 r47633 1242 1242 1243 1243 /** 1244 * Test saving changeset post without Kses or other content_save_pre filters mutating content. 1245 * 1246 * @covers WP_Customize_Manager::save_changeset_post() 1247 */ 1248 public function test_save_changeset_post_without_kses_corrupting_json() { 1249 global $wp_customize; 1250 $lesser_admin_user_id = self::factory()->user->create( array( 'role' => 'administrator' ) ); 1251 1252 $uuid = wp_generate_uuid4(); 1253 $wp_customize = new WP_Customize_Manager( 1254 array( 1255 'changeset_uuid' => $uuid, 1256 ) 1257 ); 1258 1259 add_filter( 'map_meta_cap', array( $this, 'filter_map_meta_cap_to_disallow_unfiltered_html' ), 10, 2 ); 1260 kses_init(); 1261 add_filter( 'content_save_pre', 'capital_P_dangit' ); 1262 add_post_type_support( 'customize_changeset', 'revisions' ); 1263 1264 $options = array( 1265 'custom_html_1' => '<script>document.write(" Wordpress 1")</script>', 1266 'custom_html_2' => '<script>document.write(" Wordpress 2")</script>', 1267 'custom_html_3' => '<script>document.write(" Wordpress 3")</script>', 1268 ); 1269 1270 // Populate setting as user who can bypass content_save_pre filter. 1271 wp_set_current_user( self::$admin_user_id ); 1272 $wp_customize = $this->get_manager_for_testing_json_corruption_protection( $uuid ); 1273 $wp_customize->set_post_value( 'custom_html_1', $options['custom_html_1'] ); 1274 $wp_customize->save_changeset_post( 1275 array( 1276 'status' => 'draft', 1277 ) 1278 ); 1279 1280 // Populate setting as user who cannot bypass content_save_pre filter. 1281 wp_set_current_user( $lesser_admin_user_id ); 1282 $wp_customize = $this->get_manager_for_testing_json_corruption_protection( $uuid ); 1283 $wp_customize->set_post_value( 'custom_html_2', $options['custom_html_2'] ); 1284 $wp_customize->save_changeset_post( 1285 array( 1286 'autosave' => true, 1287 ) 1288 ); 1289 1290 /* 1291 * Ensure that the unsanitized value (the "POST data") is preserved in the autosave revision. 1292 * The value is sent through the sanitize function when it is read from the changeset. 1293 */ 1294 $autosave_revision = wp_get_post_autosave( $wp_customize->changeset_post_id(), get_current_user_id() ); 1295 $saved_data = json_decode( $autosave_revision->post_content, true ); 1296 $this->assertEquals( $options['custom_html_1'], $saved_data['custom_html_1']['value'] ); 1297 $this->assertEquals( $options['custom_html_2'], $saved_data['custom_html_2']['value'] ); 1298 1299 // Update post to discard autosave. 1300 $wp_customize->save_changeset_post( 1301 array( 1302 'status' => 'draft', 1303 ) 1304 ); 1305 1306 /* 1307 * Ensure that the unsanitized value (the "POST data") is preserved in the post content. 1308 * The value is sent through the sanitize function when it is read from the changeset. 1309 */ 1310 $wp_customize = $this->get_manager_for_testing_json_corruption_protection( $uuid ); 1311 $saved_data = json_decode( get_post( $wp_customize->changeset_post_id() )->post_content, true ); 1312 $this->assertEquals( $options['custom_html_1'], $saved_data['custom_html_1']['value'] ); 1313 $this->assertEquals( $options['custom_html_2'], $saved_data['custom_html_2']['value'] ); 1314 1315 /* 1316 * Ensure that the unsanitized value (the "POST data") is preserved in the revisions' content. 1317 * The value is sent through the sanitize function when it is read from the changeset. 1318 */ 1319 $revisions = wp_get_post_revisions( $wp_customize->changeset_post_id() ); 1320 $revision = array_shift( $revisions ); 1321 $saved_data = json_decode( $revision->post_content, true ); 1322 $this->assertEquals( $options['custom_html_1'], $saved_data['custom_html_1']['value'] ); 1323 $this->assertEquals( $options['custom_html_2'], $saved_data['custom_html_2']['value'] ); 1324 1325 /* 1326 * Now when publishing the changeset, the unsanitized values will be read from the changeset 1327 * and sanitized according to the capabilities of the users who originally updated each 1328 * setting in the changeset to begin with. 1329 */ 1330 wp_set_current_user( $lesser_admin_user_id ); 1331 $wp_customize = $this->get_manager_for_testing_json_corruption_protection( $uuid ); 1332 $wp_customize->set_post_value( 'custom_html_3', $options['custom_html_3'] ); 1333 $wp_customize->save_changeset_post( 1334 array( 1335 'status' => 'publish', 1336 ) 1337 ); 1338 1339 // User saved as one who can bypass content_save_pre filter. 1340 $this->assertContains( '<script>', get_option( 'custom_html_1' ) ); 1341 $this->assertContains( 'Wordpress', get_option( 'custom_html_1' ) ); // phpcs:ignore WordPress.WP.CapitalPDangit.Misspelled 1342 1343 // User saved as one who cannot bypass content_save_pre filter. 1344 $this->assertNotContains( '<script>', get_option( 'custom_html_2' ) ); 1345 $this->assertContains( 'WordPress', get_option( 'custom_html_2' ) ); 1346 1347 // User saved as one who also cannot bypass content_save_pre filter. 1348 $this->assertNotContains( '<script>', get_option( 'custom_html_3' ) ); 1349 $this->assertContains( 'WordPress', get_option( 'custom_html_3' ) ); 1350 } 1351 1352 /** 1353 * Get a manager for testing JSON corruption protection. 1354 * 1355 * @param string $uuid UUID. 1356 * @return WP_Customize_Manager Manager. 1357 */ 1358 private function get_manager_for_testing_json_corruption_protection( $uuid ) { 1359 global $wp_customize; 1360 $wp_customize = new WP_Customize_Manager( 1361 array( 1362 'changeset_uuid' => $uuid, 1363 ) 1364 ); 1365 for ( $i = 0; $i < 5; $i++ ) { 1366 $wp_customize->add_setting( 1367 sprintf( 'custom_html_%d', $i ), 1368 array( 1369 'type' => 'option', 1370 'sanitize_callback' => array( $this, 'apply_content_save_pre_filters_if_not_main_admin_user' ), 1371 ) 1372 ); 1373 } 1374 return $wp_customize; 1375 } 1376 1377 /** 1378 * Sanitize content with Kses if the current user is not the main admin. 1379 * 1380 * @since 5.2.? 1381 * 1382 * @param string $content Content to sanitize. 1383 * @return string Sanitized content. 1384 */ 1385 public function apply_content_save_pre_filters_if_not_main_admin_user( $content ) { 1386 if ( get_current_user_id() !== self::$admin_user_id ) { 1387 $content = apply_filters( 'content_save_pre', $content ); 1388 } 1389 return $content; 1390 } 1391 1392 /** 1393 * Filter map_meta_cap to disallow unfiltered_html. 1394 * 1395 * @since 5.2.? 1396 * 1397 * @param array $caps User's capabilities. 1398 * @param string $cap Requested cap. 1399 * @return array Caps. 1400 */ 1401 public function filter_map_meta_cap_to_disallow_unfiltered_html( $caps, $cap ) { 1402 if ( 'unfiltered_html' === $cap ) { 1403 $caps = array( 'do_not_allow' ); 1404 } 1405 return $caps; 1406 } 1407 1408 /** 1244 1409 * Call count for customize_changeset_save_data filter. 1245 1410 *
Note: See TracChangeset
for help on using the changeset viewer.