Make WordPress Core

Changeset 47974


Ignore:
Timestamp:
06/10/2020 06:42:10 PM (4 years ago)
Author:
whyisjake
Message:

General: Backport several commits for release.

  • Embeds: Ensure that the title attribute is set correctly on embeds.
  • Editor: Prevent HTML decoding on by setting the proper editor context.
  • Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
  • Themes: Ensure a broken theme name is returned properly.
  • Administration: Add a new filter to extend set-screen-option.

Merges [47947-47951] to the 4.6 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.

Location:
branches/4.6
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • branches/4.6

  • branches/4.6/src/wp-admin/includes/media.php

    r40461 r47974  
    28082808    if ( preg_match( '#^(audio|video)/#', $post->post_mime_type ) ) {
    28092809        echo ': ' . __( 'Displayed on attachment pages.' );
    2810     } ?></label>
    2811     <?php wp_editor( $post->post_content, 'attachment_content', $editor_args ); ?>
     2810    }
     2811
     2812    ?>
     2813    </label>
     2814    <?php wp_editor( format_to_edit( $post->post_content ), 'attachment_content', $editor_args ); ?>
    28122815
    28132816    </div>
  • branches/4.6/src/wp-admin/includes/misc.php

    r38024 r47974  
    437437                break;
    438438            default:
     439                if ( '_page' === substr( $option, -5 ) || 'layout_columns' === $option ) {
     440                    /**
     441                     * Filters a screen option value before it is set.
     442                     *
     443                     * The filter can also be used to modify non-standard [items]_per_page
     444                     * settings. See the parent function for a full list of standard options.
     445                     *
     446                     * Returning false to the filter will skip saving the current option.
     447                     *
     448                     * @since 2.8.0
     449                     * @since 5.4.2 Only applied to options ending with '_page',
     450                     *              or the 'layout_columns' option.
     451                     *
     452                     * @see set_screen_options()
     453                     *
     454                     * @param bool   $keep   Whether to save or skip saving the screen option value.
     455                     *                       Default false.
     456                     * @param string $option The option name.
     457                     * @param int    $value  The number of rows to use.
     458                     */
     459                    $value = apply_filters( 'set-screen-option', false, $option, $value ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
     460                }
    439461
    440462                /**
    441463                 * Filters a screen option value before it is set.
    442464                 *
    443                  * The filter can also be used to modify non-standard [items]_per_page
    444                  * settings. See the parent function for a full list of standard options.
     465                 * The dynamic portion of the hook, `$option`, refers to the option name.
    445466                 *
    446467                 * Returning false to the filter will skip saving the current option.
    447468                 *
    448                  * @since 2.8.0
     469                 * @since 5.4.2
    449470                 *
    450471                 * @see set_screen_options()
    451472                 *
    452                  * @param bool|int $value  Screen option value. Default false to skip.
    453                  * @param string   $option The option name.
    454                  * @param int      $value  The number of rows to use.
     473                 * @param bool   $keep   Whether to save or skip saving the screen option value.
     474                 *                       Default false.
     475                 * @param string $option The option name.
     476                 * @param int    $value  The number of rows to use.
    455477                 */
    456                 $value = apply_filters( 'set-screen-option', false, $option, $value );
     478                $value = apply_filters( "set_screen_option_{$option}", false, $option, $value );
    457479
    458480                if ( false === $value )
  • branches/4.6/src/wp-admin/themes.php

    r38071 r47974  
    323323    <?php foreach ( $broken_themes as $broken_theme ) : ?>
    324324        <tr>
    325             <td><?php echo $broken_theme->get( 'Name' ) ? $broken_theme->display( 'Name' ) : $broken_theme->get_stylesheet(); ?></td>
     325            <td><?php echo $broken_theme->get( 'Name' ) ? $broken_theme->display( 'Name' ) : esc_html( $broken_theme->get_stylesheet() ); ?></td>
    326326            <td><?php echo $broken_theme->errors()->get_error_message(); ?></td>
    327327            <?php
  • branches/4.6/src/wp-includes/pluggable.php

    r46496 r47974  
    12821282 **/
    12831283function wp_validate_redirect($location, $default = '') {
    1284     $location = trim( $location, " \t\n\r\0\x08\x0B" );
     1284    $location = wp_sanitize_redirect( trim( $location, " \t\n\r\0\x08\x0B" ) );
    12851285    // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
    12861286    if ( substr($location, 0, 2) == '//' )
Note: See TracChangeset for help on using the changeset viewer.