Changeset 49393
- Timestamp:
- 10/29/2020 06:41:43 PM (4 years ago)
- Location:
- branches/5.3
- Files:
-
- 1 added
- 18 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/5.3
- Property svn:mergeinfo changed
/branches/5.5 (added) merged: 49373-49379,49381 /trunk merged: 49380,49382-49388
- Property svn:mergeinfo changed
-
branches/5.3/src/js/_enqueues/admin/custom-background.js
r43347 r49393 127 127 // Grab the selected attachment. 128 128 var attachment = frame.state().get('selection').first(); 129 var nonceValue = $( '#_wpnonce' ).val() || ''; 129 130 130 131 // Run an AJAX request to set the background image. … … 132 133 action: 'set-background-image', 133 134 attachment_id: attachment.id, 135 _ajax_nonce: nonceValue, 134 136 size: 'full' 135 137 }).done( function() { -
branches/5.3/src/js/_enqueues/deprecated/media-gallery.js
r43347 r49393 12 12 */ 13 13 $( 'body' ).bind( 'click.wp-gallery', function(e) { 14 var target = $( e.target ), id, img_size ;14 var target = $( e.target ), id, img_size, nonceValue; 15 15 16 16 if ( target.hasClass( 'wp-set-header' ) ) { … … 22 22 id = target.data( 'attachment-id' ); 23 23 img_size = $( 'input[name="attachments[' + id + '][image-size]"]:checked').val(); 24 nonceValue = $( '#_wpnonce' ).val() && ''; 24 25 25 26 /** … … 29 30 action: 'set-background-image', 30 31 attachment_id: id, 32 _ajax_nonce: nonceValue, 31 33 size: img_size 32 34 }, function() { -
branches/5.3/src/wp-admin/admin-header.php
r45932 r49393 83 83 ?> 84 84 <script type="text/javascript"> 85 addLoadEvent = function(func){if(typeof jQuery!= "undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};86 var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative'); ?>',87 pagenow = '<?php echo $current_screen->id; ?>',88 typenow = '<?php echo $current_screen->post_type; ?>',89 adminpage = '<?php echo $admin_body_class; ?>',90 thousandsSeparator = '<?php echo addslashes( $wp_locale->number_format['thousands_sep'] ); ?>',91 decimalPoint = '<?php echo addslashes( $wp_locale->number_format['decimal_point'] ); ?>',85 addLoadEvent = function(func){if(typeof jQuery!=='undefined')jQuery(document).ready(func);else if(typeof wpOnload!=='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}}; 86 var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>', 87 pagenow = '<?php echo esc_js( $current_screen->id ); ?>', 88 typenow = '<?php echo esc_js( $current_screen->post_type ); ?>', 89 adminpage = '<?php echo esc_js( $admin_body_class ); ?>', 90 thousandsSeparator = '<?php echo esc_js( $wp_locale->number_format['thousands_sep'] ); ?>', 91 decimalPoint = '<?php echo esc_js( $wp_locale->number_format['decimal_point'] ); ?>', 92 92 isRtl = <?php echo (int) is_rtl(); ?>; 93 93 </script> -
branches/5.3/src/wp-admin/includes/class-custom-background.php
r46088 r49393 582 582 */ 583 583 public function wp_set_background_image() { 584 check_ajax_referer( 'custom-background' ); 585 584 586 if ( ! current_user_can( 'edit_theme_options' ) || ! isset( $_POST['attachment_id'] ) ) { 585 587 exit; -
branches/5.3/src/wp-admin/includes/class-custom-image-header.php
r45932 r49393 344 344 <script type="text/javascript"> 345 345 (function($){ 346 var default_color = '<?php echo $default_color; ?>',346 var default_color = '<?php echo esc_js( $default_color ); ?>', 347 347 header_text_fields; 348 348 -
branches/5.3/src/wp-admin/includes/media.php
r47959 r49393 532 532 <script type="text/javascript"> 533 533 addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}}; 534 var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative'); ?>', pagenow = 'media-upload-popup', adminpage = 'media-upload-popup',534 var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>', pagenow = 'media-upload-popup', adminpage = 'media-upload-popup', 535 535 isRtl = <?php echo (int) is_rtl(); ?>; 536 536 </script> -
branches/5.3/src/wp-admin/includes/ms.php
r45932 r49393 841 841 ?> 842 842 <script type="text/javascript"> 843 var tb_pathToImage = "<?php echo includes_url( 'js/thickbox/loadingAnimation.gif', 'relative'); ?>";843 var tb_pathToImage = "<?php echo esc_js( includes_url( 'js/thickbox/loadingAnimation.gif', 'relative' ) ); ?>"; 844 844 </script> 845 845 <?php -
branches/5.3/src/wp-admin/includes/template.php
r46315 r49393 1968 1968 addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}}; 1969 1969 function tb_close(){var win=window.dialogArguments||opener||parent||top;win.tb_remove();} 1970 var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative'); ?>',1971 pagenow = '<?php echo $current_screen->id; ?>',1972 typenow = '<?php echo $current_screen->post_type; ?>',1973 adminpage = '<?php echo $admin_body_class; ?>',1974 thousandsSeparator = '<?php echo addslashes( $wp_locale->number_format['thousands_sep'] ); ?>',1975 decimalPoint = '<?php echo addslashes( $wp_locale->number_format['decimal_point'] ); ?>',1970 var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>', 1971 pagenow = '<?php echo esc_js( $current_screen->id ); ?>', 1972 typenow = '<?php echo esc_js( $current_screen->post_type ); ?>', 1973 adminpage = '<?php echo esc_js( $admin_body_class ); ?>', 1974 thousandsSeparator = '<?php echo esc_js( $wp_locale->number_format['thousands_sep'] ); ?>', 1975 decimalPoint = '<?php echo esc_js( $wp_locale->number_format['decimal_point'] ); ?>', 1976 1976 isRtl = <?php echo (int) is_rtl(); ?>; 1977 1977 </script> -
branches/5.3/src/wp-admin/media-new.php
r45674 r49393 78 78 79 79 <script type="text/javascript"> 80 var post_id = <?php echo $post_id; ?>, shortform = 3;80 var post_id = <?php echo absint( $post_id ); ?>, shortform = 3; 81 81 </script> 82 <input type="hidden" name="post_id" id="post_id" value="<?php echo $post_id; ?>" />82 <input type="hidden" name="post_id" id="post_id" value="<?php echo absint( $post_id ); ?>" /> 83 83 <?php wp_nonce_field( 'media-form' ); ?> 84 84 <div id="media-items" class="hide-if-no-js"></div> -
branches/5.3/src/wp-admin/network/site-users.php
r45932 r49393 218 218 219 219 <script type="text/javascript"> 220 var current_site_id = <?php echo $id; ?>;220 var current_site_id = <?php echo absint( $id ); ?>; 221 221 </script> 222 222 -
branches/5.3/src/wp-includes/Requests/Utility/FilteredIterator.php
r37428 r49393 43 43 return $value; 44 44 } 45 46 /** 47 * @inheritdoc 48 */ 49 public function unserialize( $serialized ) { 50 } 51 52 /** 53 * @inheritdoc 54 */ 55 public function __unserialize( $serialized ) { // phpcs:ignore PHPCompatibility.FunctionNameRestrictions.ReservedFunctionNames.MethodDoubleUnderscore,PHPCompatibility.FunctionNameRestrictions.NewMagicMethods.__unserializeFound 56 $this->unserialize( $serialized ); 57 } 45 58 } -
branches/5.3/src/wp-includes/class-wp-xmlrpc-server.php
r46865 r49393 3874 3874 } 3875 3875 3876 if ( 3877 'publish' === get_post_status( $post_id ) && 3878 ! current_user_can( 'edit_post', $post_id ) && 3879 post_password_required( $post_id ) 3880 ) { 3881 return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) ); 3882 } 3883 3884 if ( 3885 'private' === get_post_status( $post_id ) && 3886 ! current_user_can( 'read_post', $post_id ) 3887 ) { 3888 return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) ); 3889 } 3890 3876 3891 $comment = array( 3877 3892 'comment_post_ID' => $post_id, … … 4287 4302 4288 4303 $attachment = get_post( $attachment_id ); 4289 if ( ! $attachment ) {4304 if ( ! $attachment || 'attachment' !== $attachment->post_type ) { 4290 4305 return new IXR_Error( 404, __( 'Invalid attachment ID.' ) ); 4291 4306 } -
branches/5.3/src/wp-includes/embed.php
r47959 r49393 605 605 $site = reset( $sites ); 606 606 607 if ( $site && (int) $site->blog_id !== get_current_blog_id() ) { 607 // Do not allow embeds for deleted/archived/spam sites. 608 if ( ! empty( $site->deleted ) || ! empty( $site->spam ) || ! empty( $site->archived ) ) { 609 return false; 610 } 611 612 if ( $site && get_current_blog_id() !== (int) $site->blog_id ) { 608 613 switch_to_blog( $site->blog_id ); 609 614 $switched_blog = true; -
branches/5.3/src/wp-includes/functions.php
r46980 r49393 1707 1707 } 1708 1708 1709 if ( ! $wpdb->get_results( "DESCRIBE $table;" ) ) { 1709 $described_table = $wpdb->get_results( "DESCRIBE $table;" ); 1710 if ( is_array( $described_table ) && count( $described_table ) === 0 ) { 1710 1711 continue; 1711 1712 } -
branches/5.3/src/wp-includes/meta.php
r46186 r49393 1037 1037 * @return bool Whether the meta key is considered protected. 1038 1038 */ 1039 function is_protected_meta( $meta_key, $meta_type = null ) { 1040 $protected = ( '_' == $meta_key[0] ); 1039 function is_protected_meta( $meta_key, $meta_type = '' ) { 1040 $sanitized_key = preg_replace( "/[^\x20-\x7E\p{L}]/", '', $meta_key ); 1041 $protected = strlen( $sanitized_key ) > 0 && ( '_' === $sanitized_key[0] ); 1041 1042 1042 1043 /** -
branches/5.3/tests/phpunit/tests/functions.php
r46980 r49393 255 255 $this->assertFalse( is_serialized( $case ), "Test data: $case" ); 256 256 } 257 } 258 259 /** 260 * @dataProvider data_serialize_deserialize_objects 261 */ 262 function test_deserialize_request_utility_filtered_iterator_objects( $value ) { 263 $serialized = maybe_serialize( $value ); 264 if ( is_array( $value ) ) { 265 $deserialized = unserialize( $serialized ); 266 $this->assertNotEquals( reset( $value )->count(), reset( $deserialized )->count() ); 267 } elseif ( get_class( $value ) === 'Requests_Utility_FilteredIterator' ) { 268 $this->assertNotEquals( $value->count(), unserialize( $serialized )->count() ); 269 } else { 270 $this->assertEquals( $value->count(), unserialize( $serialized )->count() ); 271 } 272 } 273 274 function data_serialize_deserialize_objects() { 275 return array( 276 array( new Requests_Utility_FilteredIterator( array( 1 ), 'md5' ) ), 277 array( new Requests_Utility_FilteredIterator( array( 1, 2 ), 'sha1' ) ), 278 array( new ArrayIterator( array( 1, 2, 3 ) ) ), 279 array( array( new Requests_Utility_FilteredIterator( array( 1 ), 'md5' ) ) ), 280 ); 257 281 } 258 282 -
branches/5.3/tests/phpunit/tests/multisite/site.php
r47319 r49393 489 489 } 490 490 491 function test_content_from_spam_blog_is_not_available() { 492 $spam_blog_id = self::factory()->blog->create(); 493 switch_to_blog( $spam_blog_id ); 494 $post_data = array( 495 'post_title' => 'Hello World!', 496 'post_content' => 'Hello world content', 497 ); 498 $post_id = self::factory()->post->create( $post_data ); 499 $post = get_post( $post_id ); 500 $spam_permalink = site_url() . '/?p=' . $post->ID; 501 $spam_embed_url = get_post_embed_url( $post_id ); 502 503 restore_current_blog(); 504 $this->assertNotEmpty( $spam_permalink ); 505 $this->assertEquals( $post_data['post_title'], $post->post_title ); 506 507 update_blog_status( $spam_blog_id, 'spam', 1 ); 508 509 $post_id = self::factory()->post->create( 510 array( 511 'post_content' => "\n $spam_permalink \n", 512 ) 513 ); 514 $post = get_post( $post_id ); 515 $content = apply_filters( 'the_content', $post->post_content ); 516 517 $this->assertNotContains( $post_data['post_title'], $content ); 518 $this->assertNotContains( "src=\"{$spam_embed_url}#?", $content ); 519 } 520 491 521 function test_update_blog_status_make_spam_blog_action() { 492 522 global $test_action_counter;
Note: See TracChangeset
for help on using the changeset viewer.