Make WordPress Core

Changeset 47962 for branches/3.7/src


Ignore:
Timestamp:
06/10/2020 06:15:48 PM (5 years ago)
Author:
whyisjake
Message:

General: Backport several commits for release.

Embeds: Ensure that the title attribute is set correctly on embeds.
Editor: Prevent HTML decoding on by setting the proper editor context.
Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
Themes: Ensure a broken theme name is returned properly.
Administration: Add a new filter to extend set-screen-option.

Merges [47947-47951] to the 3.7 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.

Location:
branches/3.7
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • branches/3.7

  • branches/3.7/src

  • branches/3.7/src/wp-admin/includes/media.php

    r40470 r47962  
    24082408
    24092409    <label for="content"><strong><?php _e( 'Description' ); ?></strong></label>
    2410     <?php wp_editor( $post->post_content, 'attachment_content', $editor_args ); ?>
     2410    <?php wp_editor( format_to_edit( $post->post_content ), 'attachment_content', $editor_args ); ?>
    24112411
    24122412    </div>
  • branches/3.7/src/wp-admin/includes/misc.php

    r25796 r47962  
    391391                break;
    392392            default:
    393                 $value = apply_filters('set-screen-option', false, $option, $value);
     393                if ( '_page' === substr( $option, -5 ) || 'layout_columns' === $option ) {
     394                    /**
     395                     * Filters a screen option value before it is set.
     396                     *
     397                     * The filter can also be used to modify non-standard [items]_per_page
     398                     * settings. See the parent function for a full list of standard options.
     399                     *
     400                     * Returning false to the filter will skip saving the current option.
     401                     *
     402                     * @since 2.8.0
     403                     * @since 5.4.2 Only applied to options ending with '_page',
     404                     *              or the 'layout_columns' option.
     405                     *
     406                     * @see set_screen_options()
     407                     *
     408                     * @param bool   $keep   Whether to save or skip saving the screen option value.
     409                     *                       Default false.
     410                     * @param string $option The option name.
     411                     * @param int    $value  The number of rows to use.
     412                     */
     413                    $value = apply_filters( 'set-screen-option', false, $option, $value ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
     414                }
     415
     416                /**
     417                 * Filter a screen option value before it is set.
     418                 *
     419                 * The dynamic portion of the hook, `$option`, refers to the option name.
     420                 *
     421                 * Returning false to the filter will skip saving the current option.
     422                 *
     423                 * @since 5.4.2
     424                 *
     425                 * @see set_screen_options()
     426                 *
     427                 * @param bool   $keep   Whether to save or skip saving the screen option value.
     428                 *                       Default false.
     429                 * @param string $option The option name.
     430                 * @param int    $value  The number of rows to use.
     431                 */
     432                $value = apply_filters( "set_screen_option_{$option}", false, $option, $value );
     433
    394434                if ( false === $value )
    395435                    return;
  • branches/3.7/src/wp-admin/themes.php

    r25679 r47962  
    309309        echo "
    310310        <tr>
    311              <td>" . $broken_theme->get('Name') ."</td>
     311             <td><?php echo $broken_theme->get( 'Name' ) ? $broken_theme->display( 'Name' ) : esc_html( $broken_theme->get_stylesheet() ); ?></td>
    312312             <td>" . $broken_theme->errors()->get_error_message() . "</td>
    313313        </tr>";
  • branches/3.7/src/wp-includes/pluggable.php

    r46505 r47962  
    930930 **/
    931931function wp_sanitize_redirect($location) {
    932     $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!]|i', '', $location);
     932    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!@]|i', '', $location);
    933933    $location = wp_kses_no_null($location);
    934934
     
    987987 **/
    988988function wp_validate_redirect($location, $default = '') {
    989     $location = trim( $location, " \t\n\r\0\x08\x0B" );
     989    $location = wp_sanitize_redirect( trim( $location, " \t\n\r\0\x08\x0B" ) );
    990990    // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
    991991    if ( substr($location, 0, 2) == '//' )
Note: See TracChangeset for help on using the changeset viewer.