WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
10/29/2020 06:50:55 PM (5 years ago)
Author:
whyisjake
Message:

General: WordPress updates

  • XML-RPC: Improve error messages for unprivileged users.
  • External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
  • Embeds: Disable embeds on deactivated Multisite sites.
  • Coding standards: Modify escaping functions to avoid potential false positives.
  • XML-RPC: Return error message if attachment ID is incorrect.
  • Upgrade/install: Improve logic check when determining installation status.
  • Meta: Sanitize meta key before checking protection status.
  • Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 5.0 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Location:
branches/5.0
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • branches/5.0

  • branches/5.0/tests/phpunit/tests/multisite/site.php

    r41883 r49396  
    444444
    445445        remove_action( 'make_ham_blog', array( $this, '_action_counter_cb' ), 10 );
     446    }
     447
     448    function test_content_from_spam_blog_is_not_available() {
     449        $spam_blog_id = self::factory()->blog->create();
     450        switch_to_blog( $spam_blog_id );
     451        $post_data      = array(
     452            'post_title'   => 'Hello World!',
     453            'post_content' => 'Hello world content',
     454        );
     455        $post_id        = self::factory()->post->create( $post_data );
     456        $post           = get_post( $post_id );
     457        $spam_permalink = site_url() . '/?p=' . $post->ID;
     458        $spam_embed_url = get_post_embed_url( $post_id );
     459
     460        restore_current_blog();
     461        $this->assertNotEmpty( $spam_permalink );
     462        $this->assertEquals( $post_data['post_title'], $post->post_title );
     463
     464        update_blog_status( $spam_blog_id, 'spam', 1 );
     465
     466        $post_id = self::factory()->post->create(
     467            array(
     468                'post_content' => "\n $spam_permalink \n",
     469            )
     470        );
     471        $post    = get_post( $post_id );
     472        $content = apply_filters( 'the_content', $post->post_content );
     473
     474        $this->assertNotContains( $post_data['post_title'], $content );
     475        $this->assertNotContains( "src=\"{$spam_embed_url}#?", $content );
    446476    }
    447477
Note: See TracChangeset for help on using the changeset viewer.