Changeset 49394 for branches/5.2
- Timestamp:
- 10/29/2020 06:44:12 PM (4 years ago)
- Location:
- branches/5.2
- Files:
-
- 1 added
- 18 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/5.2
- Property svn:mergeinfo changed
/branches/5.5 (added) merged: 49373-49379,49381 /trunk merged: 49380,49382-49388
- Property svn:mergeinfo changed
-
branches/5.2/src/js/_enqueues/admin/custom-background.js
r43347 r49394 127 127 // Grab the selected attachment. 128 128 var attachment = frame.state().get('selection').first(); 129 var nonceValue = $( '#_wpnonce' ).val() || ''; 129 130 130 131 // Run an AJAX request to set the background image. … … 132 133 action: 'set-background-image', 133 134 attachment_id: attachment.id, 135 _ajax_nonce: nonceValue, 134 136 size: 'full' 135 137 }).done( function() { -
branches/5.2/src/js/_enqueues/deprecated/media-gallery.js
r43347 r49394 12 12 */ 13 13 $( 'body' ).bind( 'click.wp-gallery', function(e) { 14 var target = $( e.target ), id, img_size ;14 var target = $( e.target ), id, img_size, nonceValue; 15 15 16 16 if ( target.hasClass( 'wp-set-header' ) ) { … … 22 22 id = target.data( 'attachment-id' ); 23 23 img_size = $( 'input[name="attachments[' + id + '][image-size]"]:checked').val(); 24 nonceValue = $( '#_wpnonce' ).val() && ''; 24 25 25 26 /** … … 29 30 action: 'set-background-image', 30 31 attachment_id: id, 32 _ajax_nonce: nonceValue, 31 33 size: img_size 32 34 }, function() { -
branches/5.2/src/wp-admin/admin-header.php
r45175 r49394 83 83 ?> 84 84 <script type="text/javascript"> 85 addLoadEvent = function(func){if(typeof jQuery!= "undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};86 var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative'); ?>',87 pagenow = '<?php echo $current_screen->id; ?>',88 typenow = '<?php echo $current_screen->post_type; ?>',89 adminpage = '<?php echo $admin_body_class; ?>',90 thousandsSeparator = '<?php echo addslashes( $wp_locale->number_format['thousands_sep'] ); ?>',91 decimalPoint = '<?php echo addslashes( $wp_locale->number_format['decimal_point'] ); ?>',85 addLoadEvent = function(func){if(typeof jQuery!=='undefined')jQuery(document).ready(func);else if(typeof wpOnload!=='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}}; 86 var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>', 87 pagenow = '<?php echo esc_js( $current_screen->id ); ?>', 88 typenow = '<?php echo esc_js( $current_screen->post_type ); ?>', 89 adminpage = '<?php echo esc_js( $admin_body_class ); ?>', 90 thousandsSeparator = '<?php echo esc_js( $wp_locale->number_format['thousands_sep'] ); ?>', 91 decimalPoint = '<?php echo esc_js( $wp_locale->number_format['decimal_point'] ); ?>', 92 92 isRtl = <?php echo (int) is_rtl(); ?>; 93 93 </script> -
branches/5.2/src/wp-admin/custom-background.php
r45839 r49394 575 575 */ 576 576 public function wp_set_background_image() { 577 check_ajax_referer( 'custom-background' ); 578 577 579 if ( ! current_user_can( 'edit_theme_options' ) || ! isset( $_POST['attachment_id'] ) ) { 578 580 exit; -
branches/5.2/src/wp-admin/custom-header.php
r45839 r49394 339 339 <script type="text/javascript"> 340 340 (function($){ 341 var default_color = '<?php echo $default_color; ?>',341 var default_color = '<?php echo esc_js( $default_color ); ?>', 342 342 header_text_fields; 343 343 -
branches/5.2/src/wp-admin/includes/media.php
r47960 r49394 501 501 <script type="text/javascript"> 502 502 addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}}; 503 var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative'); ?>', pagenow = 'media-upload-popup', adminpage = 'media-upload-popup',503 var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>', pagenow = 'media-upload-popup', adminpage = 'media-upload-popup', 504 504 isRtl = <?php echo (int) is_rtl(); ?>; 505 505 </script> -
branches/5.2/src/wp-admin/includes/ms.php
r45835 r49394 886 886 ?> 887 887 <script type="text/javascript"> 888 var tb_pathToImage = "<?php echo includes_url( 'js/thickbox/loadingAnimation.gif', 'relative'); ?>";888 var tb_pathToImage = "<?php echo esc_js( includes_url( 'js/thickbox/loadingAnimation.gif', 'relative' ) ); ?>"; 889 889 </script> 890 890 <?php -
branches/5.2/src/wp-admin/includes/template.php
r45848 r49394 1917 1917 addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}}; 1918 1918 function tb_close(){var win=window.dialogArguments||opener||parent||top;win.tb_remove();} 1919 var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative'); ?>',1920 pagenow = '<?php echo $current_screen->id; ?>',1921 typenow = '<?php echo $current_screen->post_type; ?>',1922 adminpage = '<?php echo $admin_body_class; ?>',1923 thousandsSeparator = '<?php echo addslashes( $wp_locale->number_format['thousands_sep'] ); ?>',1924 decimalPoint = '<?php echo addslashes( $wp_locale->number_format['decimal_point'] ); ?>',1919 var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>', 1920 pagenow = '<?php echo esc_js( $current_screen->id ); ?>', 1921 typenow = '<?php echo esc_js( $current_screen->post_type ); ?>', 1922 adminpage = '<?php echo esc_js( $admin_body_class ); ?>', 1923 thousandsSeparator = '<?php echo esc_js( $wp_locale->number_format['thousands_sep'] ); ?>', 1924 decimalPoint = '<?php echo esc_js( $wp_locale->number_format['decimal_point'] ); ?>', 1925 1925 isRtl = <?php echo (int) is_rtl(); ?>; 1926 1926 </script> -
branches/5.2/src/wp-admin/media-new.php
r45140 r49394 78 78 79 79 <script type="text/javascript"> 80 var post_id = <?php echo $post_id; ?>, shortform = 3;80 var post_id = <?php echo absint( $post_id ); ?>, shortform = 3; 81 81 </script> 82 <input type="hidden" name="post_id" id="post_id" value="<?php echo $post_id; ?>" />82 <input type="hidden" name="post_id" id="post_id" value="<?php echo absint( $post_id ); ?>" /> 83 83 <?php wp_nonce_field( 'media-form' ); ?> 84 84 <div id="media-items" class="hide-if-no-js"></div> -
branches/5.2/src/wp-admin/network/site-users.php
r45835 r49394 218 218 219 219 <script type="text/javascript"> 220 var current_site_id = <?php echo $id; ?>;220 var current_site_id = <?php echo absint( $id ); ?>; 221 221 </script> 222 222 -
branches/5.2/src/wp-includes/Requests/Utility/FilteredIterator.php
r37428 r49394 43 43 return $value; 44 44 } 45 46 /** 47 * @inheritdoc 48 */ 49 public function unserialize( $serialized ) { 50 } 51 52 /** 53 * @inheritdoc 54 */ 55 public function __unserialize( $serialized ) { // phpcs:ignore PHPCompatibility.FunctionNameRestrictions.ReservedFunctionNames.MethodDoubleUnderscore,PHPCompatibility.FunctionNameRestrictions.NewMagicMethods.__unserializeFound 56 $this->unserialize( $serialized ); 57 } 45 58 } -
branches/5.2/src/wp-includes/class-wp-xmlrpc-server.php
r45082 r49394 3830 3830 } 3831 3831 3832 if ( 3833 'publish' === get_post_status( $post_id ) && 3834 ! current_user_can( 'edit_post', $post_id ) && 3835 post_password_required( $post_id ) 3836 ) { 3837 return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) ); 3838 } 3839 3840 if ( 3841 'private' === get_post_status( $post_id ) && 3842 ! current_user_can( 'read_post', $post_id ) 3843 ) { 3844 return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) ); 3845 } 3846 3832 3847 $comment = array( 3833 3848 'comment_post_ID' => $post_id, … … 4234 4249 do_action( 'xmlrpc_call', 'wp.getMediaItem' ); 4235 4250 4236 if ( ! $attachment = get_post( $attachment_id ) ) { 4251 $attachment = get_post( $attachment_id ); 4252 if ( ! $attachment || 'attachment' !== $attachment->post_type ) { 4237 4253 return new IXR_Error( 404, __( 'Invalid attachment ID.' ) ); 4238 4254 } -
branches/5.2/src/wp-includes/embed.php
r47960 r49394 605 605 $site = reset( $sites ); 606 606 607 if ( $site && (int) $site->blog_id !== get_current_blog_id() ) { 607 // Do not allow embeds for deleted/archived/spam sites. 608 if ( ! empty( $site->deleted ) || ! empty( $site->spam ) || ! empty( $site->archived ) ) { 609 return false; 610 } 611 612 if ( $site && get_current_blog_id() !== (int) $site->blog_id ) { 608 613 switch_to_blog( $site->blog_id ); 609 614 $switched_blog = true; -
branches/5.2/src/wp-includes/functions.php
r46482 r49394 1567 1567 } 1568 1568 1569 if ( ! $wpdb->get_results( "DESCRIBE $table;" ) ) { 1569 $described_table = $wpdb->get_results( "DESCRIBE $table;" ); 1570 if ( is_array( $described_table ) && count( $described_table ) === 0 ) { 1570 1571 continue; 1571 1572 } -
branches/5.2/src/wp-includes/meta.php
r45064 r49394 1031 1031 * @return bool Whether the meta key is considered protected. 1032 1032 */ 1033 function is_protected_meta( $meta_key, $meta_type = null ) { 1034 $protected = ( '_' == $meta_key[0] ); 1033 function is_protected_meta( $meta_key, $meta_type = '' ) { 1034 $sanitized_key = preg_replace( "/[^\x20-\x7E\p{L}]/", '', $meta_key ); 1035 $protected = strlen( $sanitized_key ) > 0 && ( '_' === $sanitized_key[0] ); 1035 1036 1036 1037 /** -
branches/5.2/tests/phpunit/tests/functions.php
r45270 r49394 237 237 } 238 238 239 240 /** 241 * @dataProvider data_serialize_deserialize_objects 242 */ 243 function test_deserialize_request_utility_filtered_iterator_objects( $value ) { 244 $serialized = maybe_serialize( $value ); 245 if ( is_array( $value ) ) { 246 $deserialized = unserialize( $serialized ); 247 $this->assertNotEquals( reset( $value )->count(), reset( $deserialized )->count() ); 248 } elseif ( get_class( $value ) === 'Requests_Utility_FilteredIterator' ) { 249 $this->assertNotEquals( $value->count(), unserialize( $serialized )->count() ); 250 } else { 251 $this->assertEquals( $value->count(), unserialize( $serialized )->count() ); 252 } 253 } 254 255 function data_serialize_deserialize_objects() { 256 return array( 257 array( new Requests_Utility_FilteredIterator( array( 1 ), 'md5' ) ), 258 array( new Requests_Utility_FilteredIterator( array( 1, 2 ), 'sha1' ) ), 259 array( new ArrayIterator( array( 1, 2, 3 ) ) ), 260 array( array( new Requests_Utility_FilteredIterator( array( 1 ), 'md5' ) ) ), 261 ); 262 } 239 263 240 264 /** -
branches/5.2/tests/phpunit/tests/multisite/site.php
r47320 r49394 475 475 } 476 476 477 function test_content_from_spam_blog_is_not_available() { 478 $spam_blog_id = self::factory()->blog->create(); 479 switch_to_blog( $spam_blog_id ); 480 $post_data = array( 481 'post_title' => 'Hello World!', 482 'post_content' => 'Hello world content', 483 ); 484 $post_id = self::factory()->post->create( $post_data ); 485 $post = get_post( $post_id ); 486 $spam_permalink = site_url() . '/?p=' . $post->ID; 487 $spam_embed_url = get_post_embed_url( $post_id ); 488 489 restore_current_blog(); 490 $this->assertNotEmpty( $spam_permalink ); 491 $this->assertEquals( $post_data['post_title'], $post->post_title ); 492 493 update_blog_status( $spam_blog_id, 'spam', 1 ); 494 495 $post_id = self::factory()->post->create( 496 array( 497 'post_content' => "\n $spam_permalink \n", 498 ) 499 ); 500 $post = get_post( $post_id ); 501 $content = apply_filters( 'the_content', $post->post_content ); 502 503 $this->assertNotContains( $post_data['post_title'], $content ); 504 $this->assertNotContains( "src=\"{$spam_embed_url}#?", $content ); 505 } 506 477 507 function test_update_blog_status_make_spam_blog_action() { 478 508 global $test_action_counter;
Note: See TracChangeset
for help on using the changeset viewer.