Changeset 49393 for branches/5.3/src/wp-includes/embed.php

Timestamp:

10/29/2020 06:41:43 PM (5 years ago)

Author:

whyisjake

Message:

General: WordPress updates

• XML-RPC: Improve error messages for unprivileged users.
• External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
• Embeds: Disable embeds on deactivated Multisite sites.
• Coding standards: Modify escaping functions to avoid potential false positives.
• XML-RPC: Return error message if attachment ID is incorrect.
• Upgrade/install: Improve logic check when determining installation status.
• Meta: Sanitize meta key before checking protection status.
• Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 5.3 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Location:

branches/5.3

Files:

• . (modified) (1 prop)
• src/wp-includes/embed.php (modified) (1 diff)

branches/5.3/src/wp-includes/embed.php

@@ -605 +605 @@
         $site  = reset( $sites );
 
-        if ( $site && (int) $site->blog_id !== get_current_blog_id() ) {
+        // Do not allow embeds for deleted/archived/spam sites.
+        if ( ! empty( $site->deleted ) || ! empty( $site->spam ) || ! empty( $site->archived ) ) {
+            return false;
+        }
+
+        if ( $site && get_current_blog_id() !== (int) $site->blog_id ) {
             switch_to_blog( $site->blog_id );
             $switched_blog = true;