Make WordPress Core


Ignore:
Timestamp:
10/29/2020 06:39:14 PM (4 years ago)
Author:
whyisjake
Message:

General: WordPress updates

  • XML-RPC: Improve error messages for unprivileged users.
  • External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
  • Embeds: Disable embeds on deactivated Multisite sites.
  • Coding standards: Modify escaping functions to avoid potential false positives.
  • XML-RPC: Return error message if attachment ID is incorrect.
  • Upgrade/install: Improve logic check when determining installation status.
  • Meta: Sanitize meta key before checking protection status.
  • Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 5.4 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Location:
branches/5.4
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/5.4

  • branches/5.4/src/wp-admin/media-new.php

    r47198 r49391  
    7878
    7979    <script type="text/javascript">
    80     var post_id = <?php echo $post_id; ?>, shortform = 3;
     80    var post_id = <?php echo absint( $post_id ); ?>, shortform = 3;
    8181    </script>
    82     <input type="hidden" name="post_id" id="post_id" value="<?php echo $post_id; ?>" />
     82    <input type="hidden" name="post_id" id="post_id" value="<?php echo absint( $post_id ); ?>" />
    8383    <?php wp_nonce_field( 'media-form' ); ?>
    8484    <div id="media-items" class="hide-if-no-js"></div>
Note: See TracChangeset for help on using the changeset viewer.