Make WordPress Core


Ignore:
Timestamp:
10/29/2020 06:39:14 PM (4 years ago)
Author:
whyisjake
Message:

General: WordPress updates

  • XML-RPC: Improve error messages for unprivileged users.
  • External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
  • Embeds: Disable embeds on deactivated Multisite sites.
  • Coding standards: Modify escaping functions to avoid potential false positives.
  • XML-RPC: Return error message if attachment ID is incorrect.
  • Upgrade/install: Improve logic check when determining installation status.
  • Meta: Sanitize meta key before checking protection status.
  • Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 5.4 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Location:
branches/5.4
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/5.4

  • branches/5.4/tests/phpunit/tests/functions.php

    r47122 r49391  
    255255            $this->assertFalse( is_serialized( $case ), "Test data: $case" );
    256256        }
     257    }
     258
     259    /**
     260     * @dataProvider data_serialize_deserialize_objects
     261     */
     262    function test_deserialize_request_utility_filtered_iterator_objects( $value ) {
     263        $serialized = maybe_serialize( $value );
     264        if ( is_array( $value ) ) {
     265            $deserialized = unserialize( $serialized );
     266            $this->assertNotEquals( reset( $value )->count(), reset( $deserialized )->count() );
     267        } elseif ( get_class( $value ) === 'Requests_Utility_FilteredIterator' ) {
     268            $this->assertNotEquals( $value->count(), unserialize( $serialized )->count() );
     269        } else {
     270            $this->assertEquals( $value->count(), unserialize( $serialized )->count() );
     271        }
     272    }
     273
     274    function data_serialize_deserialize_objects() {
     275        return array(
     276            array( new Requests_Utility_FilteredIterator( array( 1 ), 'md5' ) ),
     277            array( new Requests_Utility_FilteredIterator( array( 1, 2 ), 'sha1' ) ),
     278            array( new ArrayIterator( array( 1, 2, 3 ) ) ),
     279            array( array( new Requests_Utility_FilteredIterator( array( 1 ), 'md5' ) ) ),
     280        );
    257281    }
    258282
Note: See TracChangeset for help on using the changeset viewer.