Changeset 49391 for branches/5.4
- Timestamp:
- 10/29/2020 06:39:14 PM (4 years ago)
- Location:
- branches/5.4
- Files:
-
- 1 added
- 18 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/5.4
- Property svn:mergeinfo changed
/branches/5.5 (added) merged: 49373-49379,49381 /trunk merged: 49380,49382-49388
- Property svn:mergeinfo changed
-
branches/5.4/src/js/_enqueues/admin/custom-background.js
r46800 r49391 127 127 // Grab the selected attachment. 128 128 var attachment = frame.state().get('selection').first(); 129 var nonceValue = $( '#_wpnonce' ).val() || ''; 129 130 130 131 // Run an AJAX request to set the background image. … … 132 133 action: 'set-background-image', 133 134 attachment_id: attachment.id, 135 _ajax_nonce: nonceValue, 134 136 size: 'full' 135 137 }).done( function() { -
branches/5.4/src/js/_enqueues/deprecated/media-gallery.js
r47164 r49391 12 12 */ 13 13 $( 'body' ).bind( 'click.wp-gallery', function(e) { 14 var target = $( e.target ), id, img_size ;14 var target = $( e.target ), id, img_size, nonceValue; 15 15 16 16 if ( target.hasClass( 'wp-set-header' ) ) { … … 22 22 id = target.data( 'attachment-id' ); 23 23 img_size = $( 'input[name="attachments[' + id + '][image-size]"]:checked').val(); 24 nonceValue = $( '#_wpnonce' ).val() && ''; 24 25 25 26 /** … … 29 30 action: 'set-background-image', 30 31 attachment_id: id, 32 _ajax_nonce: nonceValue, 31 33 size: img_size 32 34 }, function() { -
branches/5.4/src/wp-admin/admin-header.php
r47219 r49391 83 83 ?> 84 84 <script type="text/javascript"> 85 addLoadEvent = function(func){if(typeof jQuery!= "undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};86 var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative'); ?>',87 pagenow = '<?php echo $current_screen->id; ?>',88 typenow = '<?php echo $current_screen->post_type; ?>',89 adminpage = '<?php echo $admin_body_class; ?>',90 thousandsSeparator = '<?php echo addslashes( $wp_locale->number_format['thousands_sep'] ); ?>',91 decimalPoint = '<?php echo addslashes( $wp_locale->number_format['decimal_point'] ); ?>',85 addLoadEvent = function(func){if(typeof jQuery!=='undefined')jQuery(document).ready(func);else if(typeof wpOnload!=='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}}; 86 var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>', 87 pagenow = '<?php echo esc_js( $current_screen->id ); ?>', 88 typenow = '<?php echo esc_js( $current_screen->post_type ); ?>', 89 adminpage = '<?php echo esc_js( $admin_body_class ); ?>', 90 thousandsSeparator = '<?php echo esc_js( $wp_locale->number_format['thousands_sep'] ); ?>', 91 decimalPoint = '<?php echo esc_js( $wp_locale->number_format['decimal_point'] ); ?>', 92 92 isRtl = <?php echo (int) is_rtl(); ?>; 93 93 </script> -
branches/5.4/src/wp-admin/includes/class-custom-background.php
r47122 r49391 582 582 */ 583 583 public function wp_set_background_image() { 584 check_ajax_referer( 'custom-background' ); 585 584 586 if ( ! current_user_can( 'edit_theme_options' ) || ! isset( $_POST['attachment_id'] ) ) { 585 587 exit; -
branches/5.4/src/wp-admin/includes/class-custom-image-header.php
r47219 r49391 344 344 <script type="text/javascript"> 345 345 (function($){ 346 var default_color = '<?php echo $default_color; ?>',346 var default_color = '<?php echo esc_js( $default_color ); ?>', 347 347 header_text_fields; 348 348 -
branches/5.4/src/wp-admin/includes/media.php
r47954 r49391 532 532 <script type="text/javascript"> 533 533 addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}}; 534 var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative'); ?>', pagenow = 'media-upload-popup', adminpage = 'media-upload-popup',534 var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>', pagenow = 'media-upload-popup', adminpage = 'media-upload-popup', 535 535 isRtl = <?php echo (int) is_rtl(); ?>; 536 536 </script> -
branches/5.4/src/wp-admin/includes/ms.php
r47219 r49391 841 841 ?> 842 842 <script type="text/javascript"> 843 var tb_pathToImage = "<?php echo includes_url( 'js/thickbox/loadingAnimation.gif', 'relative'); ?>";843 var tb_pathToImage = "<?php echo esc_js( includes_url( 'js/thickbox/loadingAnimation.gif', 'relative' ) ); ?>"; 844 844 </script> 845 845 <?php -
branches/5.4/src/wp-admin/includes/template.php
r47233 r49391 1970 1970 addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}}; 1971 1971 function tb_close(){var win=window.dialogArguments||opener||parent||top;win.tb_remove();} 1972 var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative'); ?>',1973 pagenow = '<?php echo $current_screen->id; ?>',1974 typenow = '<?php echo $current_screen->post_type; ?>',1975 adminpage = '<?php echo $admin_body_class; ?>',1976 thousandsSeparator = '<?php echo addslashes( $wp_locale->number_format['thousands_sep'] ); ?>',1977 decimalPoint = '<?php echo addslashes( $wp_locale->number_format['decimal_point'] ); ?>',1972 var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>', 1973 pagenow = '<?php echo esc_js( $current_screen->id ); ?>', 1974 typenow = '<?php echo esc_js( $current_screen->post_type ); ?>', 1975 adminpage = '<?php echo esc_js( $admin_body_class ); ?>', 1976 thousandsSeparator = '<?php echo esc_js( $wp_locale->number_format['thousands_sep'] ); ?>', 1977 decimalPoint = '<?php echo esc_js( $wp_locale->number_format['decimal_point'] ); ?>', 1978 1978 isRtl = <?php echo (int) is_rtl(); ?>; 1979 1979 </script> -
branches/5.4/src/wp-admin/media-new.php
r47198 r49391 78 78 79 79 <script type="text/javascript"> 80 var post_id = <?php echo $post_id; ?>, shortform = 3;80 var post_id = <?php echo absint( $post_id ); ?>, shortform = 3; 81 81 </script> 82 <input type="hidden" name="post_id" id="post_id" value="<?php echo $post_id; ?>" />82 <input type="hidden" name="post_id" id="post_id" value="<?php echo absint( $post_id ); ?>" /> 83 83 <?php wp_nonce_field( 'media-form' ); ?> 84 84 <div id="media-items" class="hide-if-no-js"></div> -
branches/5.4/src/wp-admin/network/site-users.php
r47198 r49391 218 218 219 219 <script type="text/javascript"> 220 var current_site_id = <?php echo $id; ?>;220 var current_site_id = <?php echo absint( $id ); ?>; 221 221 </script> 222 222 -
branches/5.4/src/wp-includes/Requests/Utility/FilteredIterator.php
r46586 r49391 43 43 return $value; 44 44 } 45 46 /** 47 * @inheritdoc 48 */ 49 public function unserialize( $serialized ) { 50 } 51 52 /** 53 * @inheritdoc 54 */ 55 public function __unserialize( $serialized ) { // phpcs:ignore PHPCompatibility.FunctionNameRestrictions.ReservedFunctionNames.MethodDoubleUnderscore,PHPCompatibility.FunctionNameRestrictions.NewMagicMethods.__unserializeFound 56 $this->unserialize( $serialized ); 57 } 45 58 } -
branches/5.4/src/wp-includes/class-wp-xmlrpc-server.php
r47233 r49391 3880 3880 } 3881 3881 3882 if ( 3883 'publish' === get_post_status( $post_id ) && 3884 ! current_user_can( 'edit_post', $post_id ) && 3885 post_password_required( $post_id ) 3886 ) { 3887 return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) ); 3888 } 3889 3890 if ( 3891 'private' === get_post_status( $post_id ) && 3892 ! current_user_can( 'read_post', $post_id ) 3893 ) { 3894 return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) ); 3895 } 3896 3882 3897 $comment = array( 3883 3898 'comment_post_ID' => $post_id, … … 4293 4308 4294 4309 $attachment = get_post( $attachment_id ); 4295 if ( ! $attachment ) {4310 if ( ! $attachment || 'attachment' !== $attachment->post_type ) { 4296 4311 return new IXR_Error( 404, __( 'Invalid attachment ID.' ) ); 4297 4312 } -
branches/5.4/src/wp-includes/embed.php
r47953 r49391 613 613 $sites = get_sites( $qv ); 614 614 $site = reset( $sites ); 615 616 // Do not allow embeds for deleted/archived/spam sites. 617 if ( ! empty( $site->deleted ) || ! empty( $site->spam ) || ! empty( $site->archived ) ) { 618 return false; 619 } 615 620 616 621 if ( $site && get_current_blog_id() !== (int) $site->blog_id ) { -
branches/5.4/src/wp-includes/functions.php
r47839 r49391 1743 1743 } 1744 1744 1745 if ( ! $wpdb->get_results( "DESCRIBE $table;" ) ) { 1745 $described_table = $wpdb->get_results( "DESCRIBE $table;" ); 1746 if ( is_array( $described_table ) && count( $described_table ) === 0 ) { 1746 1747 continue; 1747 1748 } -
branches/5.4/src/wp-includes/meta.php
r47390 r49391 1046 1046 */ 1047 1047 function is_protected_meta( $meta_key, $meta_type = '' ) { 1048 $protected = ( '_' == $meta_key[0] ); 1048 $sanitized_key = preg_replace( "/[^\x20-\x7E\p{L}]/", '', $meta_key ); 1049 $protected = strlen( $sanitized_key ) > 0 && ( '_' === $sanitized_key[0] ); 1049 1050 1050 1051 /** -
branches/5.4/tests/phpunit/tests/functions.php
r47122 r49391 255 255 $this->assertFalse( is_serialized( $case ), "Test data: $case" ); 256 256 } 257 } 258 259 /** 260 * @dataProvider data_serialize_deserialize_objects 261 */ 262 function test_deserialize_request_utility_filtered_iterator_objects( $value ) { 263 $serialized = maybe_serialize( $value ); 264 if ( is_array( $value ) ) { 265 $deserialized = unserialize( $serialized ); 266 $this->assertNotEquals( reset( $value )->count(), reset( $deserialized )->count() ); 267 } elseif ( get_class( $value ) === 'Requests_Utility_FilteredIterator' ) { 268 $this->assertNotEquals( $value->count(), unserialize( $serialized )->count() ); 269 } else { 270 $this->assertEquals( $value->count(), unserialize( $serialized )->count() ); 271 } 272 } 273 274 function data_serialize_deserialize_objects() { 275 return array( 276 array( new Requests_Utility_FilteredIterator( array( 1 ), 'md5' ) ), 277 array( new Requests_Utility_FilteredIterator( array( 1, 2 ), 'sha1' ) ), 278 array( new ArrayIterator( array( 1, 2, 3 ) ) ), 279 array( array( new Requests_Utility_FilteredIterator( array( 1 ), 'md5' ) ) ), 280 ); 257 281 } 258 282 -
branches/5.4/tests/phpunit/tests/multisite/site.php
r47318 r49391 489 489 } 490 490 491 function test_content_from_spam_blog_is_not_available() { 492 $spam_blog_id = self::factory()->blog->create(); 493 switch_to_blog( $spam_blog_id ); 494 $post_data = array( 495 'post_title' => 'Hello World!', 496 'post_content' => 'Hello world content', 497 ); 498 $post_id = self::factory()->post->create( $post_data ); 499 $post = get_post( $post_id ); 500 $spam_permalink = site_url() . '/?p=' . $post->ID; 501 $spam_embed_url = get_post_embed_url( $post_id ); 502 503 restore_current_blog(); 504 $this->assertNotEmpty( $spam_permalink ); 505 $this->assertEquals( $post_data['post_title'], $post->post_title ); 506 507 update_blog_status( $spam_blog_id, 'spam', 1 ); 508 509 $post_id = self::factory()->post->create( 510 array( 511 'post_content' => "\n $spam_permalink \n", 512 ) 513 ); 514 $post = get_post( $post_id ); 515 $content = apply_filters( 'the_content', $post->post_content ); 516 517 $this->assertNotContains( $post_data['post_title'], $content ); 518 $this->assertNotContains( "src=\"{$spam_embed_url}#?", $content ); 519 } 520 491 521 function test_update_blog_status_make_spam_blog_action() { 492 522 global $test_action_counter;
Note: See TracChangeset
for help on using the changeset viewer.