Context Navigation

meta.php

Timestamp:

10/29/2020 06:54:29 PM (5 years ago)

Author:

whyisjake

Message:

General: WordPress updates

XML-RPC: Improve error messages for unprivileged users.
External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
Embeds: Disable embeds on deactivated Multisite sites.
Coding standards: Modify escaping functions to avoid potential false positives.
XML-RPC: Return error message if attachment ID is incorrect.
Upgrade/install: Improve logic check when determining installation status.
Meta: Sanitize meta key before checking protection status.
Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 4.8 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Location:

branches/4.8

Files:

branches/4.8
- Property svn:mergeinfo changed
  /branches/5.5 (added) merged: 49373-49379,49381
  /trunk merged: 49380,49382-49388

-                      r42913
+                      r49398
  * @return bool True if the key is protected, false otherwise.
  */
+function is_protected_meta( $meta_key, $meta_type = null ) {
+    $protected = ( '_' == $meta_key[0] );
+function is_protected_meta( $meta_key, $meta_type = '' ) {
+    $sanitized_key = preg_replace( "/[^\x20-\x7E\p{L}]/", '', $meta_key );
+    $protected     = strlen( $sanitized_key ) > 0 && ( '_' == $sanitized_key[0] );
     /**

Note: See TracChangeset for help on using the changeset viewer.

/branches/5.5 (added)	merged: 49373-49379,49381
/trunk	merged: 49380,49382-49388