Make WordPress Core


Ignore:
Timestamp:
07/07/2021 12:04:53 AM (4 years ago)
Author:
peterwilsoncc
Message:

Block Editor: Update packages with latest fixes for 5.8 RC2

Includes the following fixes:

  • Query Block: Type validation of WP_Query parameters.

Props ntsekouras, stevehenty, peterwilsoncc, desrosj.
Merges [51362] to the 5.8 branch.
Fixes #53397.

Location:
branches/5.8
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/5.8

  • branches/5.8/src/wp-includes/blocks.php

    r51315 r51363  
    10481048
    10491049    if ( isset( $block->context['query'] ) ) {
    1050         if ( isset( $block->context['query']['postType'] ) ) {
    1051             $query['post_type'] = $block->context['query']['postType'];
     1050        if ( ! empty( $block->context['query']['postType'] ) ) {
     1051            $post_type_param = $block->context['query']['postType'];
     1052            if ( is_post_type_viewable( $post_type_param ) ) {
     1053                $query['post_type'] = $post_type_param;
     1054            }
    10521055        }
    10531056        if ( isset( $block->context['query']['sticky'] ) && ! empty( $block->context['query']['sticky'] ) ) {
     
    10591062            }
    10601063        }
    1061         if ( isset( $block->context['query']['exclude'] ) ) {
    1062             $query['post__not_in'] = array_merge( $query['post__not_in'], $block->context['query']['exclude'] );
    1063         }
    1064         if ( isset( $block->context['query']['perPage'] ) ) {
    1065             $query['offset']         = ( $block->context['query']['perPage'] * ( $page - 1 ) ) + $block->context['query']['offset'];
    1066             $query['posts_per_page'] = $block->context['query']['perPage'];
    1067         }
    1068         if ( isset( $block->context['query']['categoryIds'] ) ) {
    1069             $query['category__in'] = $block->context['query']['categoryIds'];
    1070         }
    1071         if ( isset( $block->context['query']['tagIds'] ) ) {
    1072             $query['tag__in'] = $block->context['query']['tagIds'];
    1073         }
    1074         if ( isset( $block->context['query']['order'] ) ) {
     1064        if ( ! empty( $block->context['query']['exclude'] ) ) {
     1065            $excluded_post_ids     = array_map( 'intval', $block->context['query']['exclude'] );
     1066            $excluded_post_ids     = array_filter( $excluded_post_ids );
     1067            $query['post__not_in'] = array_merge( $query['post__not_in'], $excluded_post_ids );
     1068        }
     1069        if (
     1070            isset( $block->context['query']['perPage'] ) &&
     1071            is_numeric( $block->context['query']['perPage'] )
     1072        ) {
     1073            $per_page = absint( $block->context['query']['perPage'] );
     1074            $offset   = 0;
     1075
     1076            if (
     1077                isset( $block->context['query']['offset'] ) &&
     1078                is_numeric( $block->context['query']['offset'] )
     1079            ) {
     1080                $offset = absint( $block->context['query']['offset'] );
     1081            }
     1082
     1083            $query['offset']         = ( $per_page * ( $page - 1 ) ) + $offset;
     1084            $query['posts_per_page'] = $per_page;
     1085        }
     1086        if ( ! empty( $block->context['query']['categoryIds'] ) ) {
     1087            $term_ids              = array_map( 'intval', $block->context['query']['categoryIds'] );
     1088            $term_ids              = array_filter( $term_ids );
     1089            $query['category__in'] = $term_ids;
     1090        }
     1091        if ( ! empty( $block->context['query']['tagIds'] ) ) {
     1092            $term_ids         = array_map( 'intval', $block->context['query']['tagIds'] );
     1093            $term_ids         = array_filter( $term_ids );
     1094            $query['tag__in'] = $term_ids;
     1095        }
     1096        if (
     1097            isset( $block->context['query']['order'] ) &&
     1098                in_array( strtoupper( $block->context['query']['order'] ), array( 'ASC', 'DESC' ), true )
     1099        ) {
    10751100            $query['order'] = strtoupper( $block->context['query']['order'] );
    10761101        }
     
    10781103            $query['orderby'] = $block->context['query']['orderBy'];
    10791104        }
    1080         if ( isset( $block->context['query']['author'] ) ) {
    1081             $query['author'] = $block->context['query']['author'];
    1082         }
    1083         if ( isset( $block->context['query']['search'] ) ) {
     1105        if (
     1106            isset( $block->context['query']['author'] ) &&
     1107            (int) $block->context['query']['author'] > 0
     1108        ) {
     1109            $query['author'] = (int) $block->context['query']['author'];
     1110        }
     1111        if ( ! empty( $block->context['query']['search'] ) ) {
    10841112            $query['s'] = $block->context['query']['search'];
    10851113        }
Note: See TracChangeset for help on using the changeset viewer.