Make WordPress Core

Changeset 54545


Ignore:
Timestamp:
10/17/2022 05:39:34 PM (20 months ago)
Author:
audrasjb
Message:

Grouped backports to the 5.9 branch.

  • Editor: Bump @wordpress packages for the 5.9 branch,
  • Media: Refactor search by filename within the admin,
  • REST API: Lockdown post parameter of the terms endpoint,
  • Customize: Escape blogname option in underscores templates,
  • Query: Validate relation in WP_Date_Query,
  • Users: Revert use of shared objects for current user,
  • Posts, Post types: Apply KSES to post-by-email content,
  • General: Validate host on "Are you sure?" screen,
  • Posts, Post types: Remove emails from post-by-email logs,
  • Pings/trackbacks: Apply KSES to all trackbacks,
  • Mail: Reset PHPMailer properties between use,
  • Comments: Apply kses when editing comments,
  • Widgets: Escape RSS error messages for display.

Merges [54521-54530] to the 5.9 branch.
Props audrasjb, costdev, cu121, dd32, davidbaumwald, ehtis, johnbillion, johnjamesjacoby, martinkrcho, matveb, oztaser, paulkevan, peterwilsoncc, ravipatel, SergeyBiryukov, talldanwp, timothyblynjacobs, tykoted, voldemortensen, vortfu, xknown.

Location:
branches/5.9
Files:
23 edited

Legend:

Unmodified
Added
Removed
  • branches/5.9

  • branches/5.9/package.json

    r53081 r54545  
    8383        "@wordpress/autop": "3.2.3",
    8484        "@wordpress/blob": "3.2.2",
    85         "@wordpress/block-directory": "3.0.29",
     85        "@wordpress/block-directory": "3.0.30",
    8686        "@wordpress/block-editor": "8.0.18",
    87         "@wordpress/block-library": "6.0.28",
     87        "@wordpress/block-library": "6.0.29",
    8888        "@wordpress/block-serialization-default-parser": "4.2.3",
    8989        "@wordpress/blocks": "11.1.5",
     
    9191        "@wordpress/compose": "5.0.7",
    9292        "@wordpress/core-data": "4.0.11",
    93         "@wordpress/customize-widgets": "2.0.29",
     93        "@wordpress/customize-widgets": "2.0.30",
    9494        "@wordpress/data": "6.1.5",
    9595        "@wordpress/data-controls": "2.2.9",
     
    9898        "@wordpress/dom": "3.2.7",
    9999        "@wordpress/dom-ready": "3.2.3",
    100         "@wordpress/edit-post": "5.0.29",
    101         "@wordpress/edit-site": "3.0.29",
    102         "@wordpress/edit-widgets": "3.1.24",
     100        "@wordpress/edit-post": "5.0.30",
     101        "@wordpress/edit-site": "3.0.30",
     102        "@wordpress/edit-widgets": "3.1.25",
    103103        "@wordpress/editor": "12.0.22",
    104104        "@wordpress/element": "4.0.4",
     
    129129        "@wordpress/viewport": "4.0.7",
    130130        "@wordpress/warning": "2.2.2",
    131         "@wordpress/widgets": "2.0.24",
     131        "@wordpress/widgets": "2.0.25",
    132132        "@wordpress/wordcount": "3.2.3",
    133133        "backbone": "1.4.0",
  • branches/5.9/src/wp-admin/includes/ajax-actions.php

    r53008 r54545  
    29852985    // Filter query clauses to include filenames.
    29862986    if ( isset( $query['s'] ) ) {
    2987         add_filter( 'posts_clauses', '_filter_query_attachment_filenames' );
     2987        add_filter( 'wp_allow_query_attachment_by_filename', '__return_true' );
    29882988    }
    29892989
  • branches/5.9/src/wp-admin/includes/post.php

    r52332 r54545  
    13031303    // Filter query clauses to include filenames.
    13041304    if ( isset( $q['s'] ) ) {
    1305         add_filter( 'posts_clauses', '_filter_query_attachment_filenames' );
     1305        add_filter( 'wp_allow_query_attachment_by_filename', '__return_true' );
    13061306    }
    13071307
  • branches/5.9/src/wp-includes/class-wp-date-query.php

    r52332 r54545  
    150150        }
    151151
    152         if ( isset( $date_query['relation'] ) && 'OR' === strtoupper( $date_query['relation'] ) ) {
    153             $this->relation = 'OR';
     152        if ( isset( $date_query['relation'] ) ) {
     153            $this->relation = $this->sanitize_relation( $date_query['relation'] );
    154154        } else {
    155155            $this->relation = 'AND';
     
    219219            $this->validate_date_values( $queries );
    220220        }
     221
     222        // Sanitize the relation parameter.
     223        $queries['relation'] = $this->sanitize_relation( $queries['relation'] );
    221224
    222225        foreach ( $queries as $key => $q ) {
     
    10411044        return $wpdb->prepare( "DATE_FORMAT( $column, %s ) $compare %f", $format, $time );
    10421045    }
     1046
     1047    /**
     1048     * Sanitizes a 'relation' operator.
     1049     *
     1050     * @since 6.0.3
     1051     *
     1052     * @param string $relation Raw relation key from the query argument.
     1053     * @return string Sanitized relation ('AND' or 'OR').
     1054     */
     1055    public function sanitize_relation( $relation ) {
     1056        if ( 'OR' === strtoupper( $relation ) ) {
     1057            return 'OR';
     1058        } else {
     1059            return 'AND';
     1060        }
     1061    }
    10431062}
  • branches/5.9/src/wp-includes/class-wp-query.php

    r52332 r54545  
    445445    public $thumbnails_cached = false;
    446446
     447    /**
     448     * Controls whether an attachment query should include filenames or not.
     449     *
     450     * @since 6.0.3
     451     * @var bool
     452     */
     453    protected $allow_query_attachment_by_filename = false;
    447454    /**
    448455     * Cached list of search stopwords.
     
    14151422
    14161423            $like      = $n . $wpdb->esc_like( $term ) . $n;
    1417             $search   .= $wpdb->prepare( "{$searchand}(({$wpdb->posts}.post_title $like_op %s) $andor_op ({$wpdb->posts}.post_excerpt $like_op %s) $andor_op ({$wpdb->posts}.post_content $like_op %s))", $like, $like, $like );
     1424
     1425            if ( ! empty( $this->allow_query_attachment_by_filename ) ) {
     1426                $search .= $wpdb->prepare( "{$searchand}(({$wpdb->posts}.post_title $like_op %s) $andor_op ({$wpdb->posts}.post_excerpt $like_op %s) $andor_op ({$wpdb->posts}.post_content $like_op %s) $andor_op (sq1.meta_value $like_op %s))", $like, $like, $like, $like );
     1427            } else {
     1428                $search .= $wpdb->prepare( "{$searchand}(({$wpdb->posts}.post_title $like_op %s) $andor_op ({$wpdb->posts}.post_excerpt $like_op %s) $andor_op ({$wpdb->posts}.post_content $like_op %s))", $like, $like, $like );
     1429            }
    14181430            $searchand = ' AND ';
    14191431        }
     
    18101822        $q = $this->fill_query_vars( $q );
    18111823
     1824        /**
     1825         * Filters whether an attachment query should include filenames or not.
     1826         *
     1827         * @since 6.0.3
     1828         *
     1829         * @param bool $allow_query_attachment_by_filename Whether or not to include filenames.
     1830         */
     1831        $this->allow_query_attachment_by_filename = apply_filters( 'wp_allow_query_attachment_by_filename', false );
     1832        remove_all_filters( 'wp_allow_query_attachment_by_filename' );
     1833
    18121834        // Parse meta query.
    18131835        $this->meta_query = new WP_Meta_Query();
     
    22412263        }
    22422264
    2243         if ( ! empty( $this->tax_query->queries ) || ! empty( $this->meta_query->queries ) ) {
     2265        if ( ! empty( $this->tax_query->queries ) || ! empty( $this->meta_query->queries ) || ! empty( $this->allow_query_attachment_by_filename ) ) {
    22442266            $groupby = "{$wpdb->posts}.ID";
    22452267        }
     
    23172339        }
    23182340        $where .= $search . $whichauthor . $whichmimetype;
     2341
     2342        if ( ! empty( $this->allow_query_attachment_by_filename ) ) {
     2343            $join .= " LEFT JOIN {$wpdb->postmeta} AS sq1 ON ( {$wpdb->posts}.ID = sq1.post_id AND sq1.meta_key = '_wp_attached_file' )";
     2344        }
    23192345
    23202346        if ( ! empty( $this->meta_query->queries ) ) {
  • branches/5.9/src/wp-includes/comment.php

    r52332 r54545  
    24872487    }
    24882488
     2489    $filter_comment = false;
     2490    if ( ! has_filter( 'pre_comment_content', 'wp_filter_kses' ) ) {
     2491        $filter_comment = ! user_can( isset( $comment['user_id'] ) ? $comment['user_id'] : 0, 'unfiltered_html' );
     2492    }
     2493
     2494    if ( $filter_comment ) {
     2495        add_filter( 'pre_comment_content', 'wp_filter_kses' );
     2496    }
     2497
    24892498    // Escape data pulled from DB.
    24902499    $comment = wp_slash( $comment );
     
    24962505
    24972506    $commentarr = wp_filter_comment( $commentarr );
     2507
     2508    if ( $filter_comment ) {
     2509        remove_filter( 'pre_comment_content', 'wp_filter_kses' );
     2510    }
    24982511
    24992512    // Now extract the merged array.
  • branches/5.9/src/wp-includes/customize/class-wp-customize-header-image-control.php

    r48834 r54545  
    131131
    132132            <button type="button" class="choice thumbnail"
    133                 data-customize-image-value="{{{data.header.url}}}"
     133                data-customize-image-value="{{data.header.url}}"
    134134                data-customize-header-image-data="{{JSON.stringify(data.header)}}">
    135135                <span class="screen-reader-text"><?php _e( 'Set image' ); ?></span>
    136                 <img src="{{{data.header.thumbnail_url}}}" alt="{{{data.header.alt_text || data.header.description}}}" />
     136                <img src="{{data.header.thumbnail_url}}" alt="{{data.header.alt_text || data.header.description}}" />
    137137            </button>
    138138
     
    159159                <# } else { #>
    160160
    161             <img src="{{{data.header.thumbnail_url}}}" alt="{{{data.header.alt_text || data.header.description}}}" />
     161            <img src="{{data.header.thumbnail_url}}" alt="{{data.header.alt_text || data.header.description}}" />
    162162
    163163                <# } #>
  • branches/5.9/src/wp-includes/customize/class-wp-customize-site-icon-control.php

    r50556 r54545  
    6969                                <img src="{{ data.attachment.sizes.full ? data.attachment.sizes.full.url : data.attachment.url }}" alt="<?php esc_attr_e( 'Preview as a browser icon' ); ?>" />
    7070                            </div>
    71                             <span class="browser-title" aria-hidden="true"><# print( '<?php bloginfo( 'name' ); ?>' ) #></span>
     71                            <span class="browser-title" aria-hidden="true"><# print( '<?php echo esc_js( get_bloginfo( 'name' ) ); ?>' ) #></span>
    7272                        </div>
    7373                        <img class="app-icon-preview" src="{{ data.attachment.sizes.full ? data.attachment.sizes.full.url : data.attachment.url }}" alt="<?php esc_attr_e( 'Preview as an app icon' ); ?>" />
  • branches/5.9/src/wp-includes/deprecated.php

    r52759 r54545  
    42264226    return wp_get_duotone_filter_property( $preset );
    42274227}
     4228
     4229/**
     4230 * Filter the SQL clauses of an attachment query to include filenames.
     4231 *
     4232 * @since 4.7.0
     4233 * @deprecated 6.0.3
     4234 * @access private
     4235 *
     4236 * @param array $clauses An array including WHERE, GROUP BY, JOIN, ORDER BY,
     4237 *                       DISTINCT, fields (SELECT), and LIMITS clauses.
     4238 * @return array The unmodified clauses.
     4239 */
     4240function _filter_query_attachment_filenames( $clauses ) {
     4241    _deprecated_function( __FUNCTION__, '6.0.3', 'add_filter( "wp_allow_query_attachment_by_filename", "__return_true" )');
     4242    remove_filter( 'posts_clauses', __FUNCTION__ );
     4243    return $clauses;
     4244}
     4245
  • branches/5.9/src/wp-includes/functions.php

    r53021 r54545  
    35293529        $html = __( 'The link you followed has expired.' );
    35303530        if ( wp_get_referer() ) {
     3531            $wp_http_referer = remove_query_arg( 'updated', wp_get_referer() );
     3532            $wp_http_referer = wp_validate_redirect( esc_url_raw( $wp_http_referer ) );
    35313533            $html .= '</p><p>';
    35323534            $html .= sprintf(
    35333535                '<a href="%s">%s</a>',
    3534                 esc_url( remove_query_arg( 'updated', wp_get_referer() ) ),
     3536                esc_url( $wp_http_referer ),
    35353537                __( 'Please try again.' )
    35363538            );
  • branches/5.9/src/wp-includes/media-template.php

    r52196 r54545  
    14941494                <img id="preview-favicon" src="{{ data.url }}" alt="<?php esc_attr_e( 'Preview as a browser icon' ); ?>" />
    14951495            </div>
    1496             <span class="browser-title" aria-hidden="true"><# print( '<?php bloginfo( 'name' ); ?>' ) #></span>
     1496            <span class="browser-title" aria-hidden="true"><# print( '<?php echo esc_js( get_bloginfo( 'name' ) ); ?>' ) #></span>
    14971497        </div>
    14981498
  • branches/5.9/src/wp-includes/pluggable.php

    r52422 r54545  
    9292     * @since 2.8.0
    9393     * @since 4.4.0 Added 'ID' as an alias of 'id' for the `$field` parameter.
    94      * @since 5.8.0 Returns the global `$current_user` if it's the user being fetched.
    9594     *
    9695     * @global WP_User $current_user The current user object which holds the user data.
     
    101100     */
    102101    function get_user_by( $field, $value ) {
    103         global $current_user;
    104 
    105102        $userdata = WP_User::get_data_by( $field, $value );
    106103
    107104        if ( ! $userdata ) {
    108105            return false;
    109         }
    110 
    111         if ( $current_user instanceof WP_User && $current_user->ID === (int) $userdata->ID ) {
    112             return $current_user;
    113106        }
    114107
     
    362355        $phpmailer->clearCustomHeaders();
    363356        $phpmailer->clearReplyTos();
     357        $phpmailer->Body    = '';
     358        $phpmailer->AltBody = '';
    364359
    365360        // Set "From" name and email.
  • branches/5.9/src/wp-includes/post.php

    r52756 r54545  
    79287928
    79297929/**
    7930  * Filters the SQL clauses of an attachment query to include filenames.
    7931  *
    7932  * @since 4.7.0
    7933  * @access private
    7934  *
    7935  * @global wpdb $wpdb WordPress database abstraction object.
    7936  *
    7937  * @param string[] $clauses An array including WHERE, GROUP BY, JOIN, ORDER BY,
    7938  *                          DISTINCT, fields (SELECT), and LIMITS clauses.
    7939  * @return string[] The modified array of clauses.
    7940  */
    7941 function _filter_query_attachment_filenames( $clauses ) {
    7942     global $wpdb;
    7943     remove_filter( 'posts_clauses', __FUNCTION__ );
    7944 
    7945     // Add a LEFT JOIN of the postmeta table so we don't trample existing JOINs.
    7946     $clauses['join'] .= " LEFT JOIN {$wpdb->postmeta} AS sq1 ON ( {$wpdb->posts}.ID = sq1.post_id AND sq1.meta_key = '_wp_attached_file' )";
    7947 
    7948     $clauses['groupby'] = "{$wpdb->posts}.ID";
    7949 
    7950     $clauses['where'] = preg_replace(
    7951         "/\({$wpdb->posts}.post_content (NOT LIKE|LIKE) (\'[^']+\')\)/",
    7952         '$0 OR ( sq1.meta_value $1 $2 )',
    7953         $clauses['where']
    7954     );
    7955 
    7956     return $clauses;
    7957 }
    7958 
    7959 /**
    79607930 * Sets the last changed time for the 'posts' cache group.
    79617931 *
  • branches/5.9/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php

    r52068 r54545  
    9898        // Filter query clauses to include filenames.
    9999        if ( isset( $query_args['s'] ) ) {
    100             add_filter( 'posts_clauses', '_filter_query_attachment_filenames' );
     100            add_filter( 'wp_allow_query_attachment_by_filename', '__return_true' );
    101101        }
    102102
  • branches/5.9/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php

    r52068 r54545  
    146146
    147147    /**
     148     * Checks if the terms for a post can be read.
     149     *
     150     * @since 6.0.3
     151     *
     152     * @param WP_Post         $post    Post object.
     153     * @param WP_REST_Request $request Full details about the request.
     154     * @return bool Whether the terms for the post can be read.
     155     */
     156    public function check_read_terms_permission_for_post( $post, $request ) {
     157        // If the requested post isn't associated with this taxonomy, deny access.
     158        if ( ! is_object_in_taxonomy( $post->post_type, $this->taxonomy ) ) {
     159            return false;
     160        }
     161
     162        // Grant access if the post is publicly viewable.
     163        if ( is_post_publicly_viewable( $post ) ) {
     164            return true;
     165        }
     166
     167        // Otherwise grant access if the post is readable by the logged in user.
     168        if ( current_user_can( 'read_post', $post->ID ) ) {
     169            return true;
     170        }
     171
     172        // Otherwise, deny access.
     173        return false;
     174    }
     175
     176    /**
    148177     * Checks if a request has access to read terms in the specified taxonomy.
    149178     *
     
    166195                array( 'status' => rest_authorization_required_code() )
    167196            );
     197        }
     198
     199        if ( ! empty( $request['post'] ) ) {
     200            $post = get_post( $request['post'] );
     201
     202            if ( ! $post ) {
     203                return new WP_Error(
     204                    'rest_post_invalid_id',
     205                    __( 'Invalid post ID.' ),
     206                    array(
     207                        'status' => 400,
     208                    )
     209                );
     210            }
     211
     212            if ( ! $this->check_read_terms_permission_for_post( $post, $request ) ) {
     213                return new WP_Error(
     214                    'rest_forbidden_context',
     215                    __( 'Sorry, you are not allowed to view terms for this post.' ),
     216                    array(
     217                        'status' => rest_authorization_required_code(),
     218                    )
     219                );
     220            }
    168221        }
    169222
  • branches/5.9/src/wp-includes/user.php

    r52398 r54545  
    17111711 * @since 3.0.0
    17121712 * @since 4.4.0 'clean_user_cache' action was added.
    1713  * @since 5.8.0 Refreshes the global user instance if cleaning the user cache for the current user.
    1714  *
    1715  * @global WP_User $current_user The current user object which holds the user data.
    17161713 *
    17171714 * @param WP_User|int $user User object or ID to be cleaned from the cache
    17181715 */
    17191716function clean_user_cache( $user ) {
    1720     global $current_user;
    1721 
    17221717    if ( is_numeric( $user ) ) {
    17231718        $user = new WP_User( $user );
     
    17421737     */
    17431738    do_action( 'clean_user_cache', $user->ID, $user );
    1744 
    1745     // Refresh the global user instance if the cleaning current user.
    1746     if ( get_current_user_id() === (int) $user->ID ) {
    1747         $user_id      = (int) $user->ID;
    1748         $current_user = null;
    1749         wp_set_current_user( $user_id, '' );
    1750     }
    17511739}
    17521740
  • branches/5.9/src/wp-includes/widgets.php

    r52362 r54545  
    15791579    if ( is_wp_error( $rss ) ) {
    15801580        if ( is_admin() || current_user_can( 'manage_options' ) ) {
    1581             echo '<p><strong>' . __( 'RSS Error:' ) . '</strong> ' . $rss->get_error_message() . '</p>';
     1581            echo '<p><strong>' . __( 'RSS Error:' ) . '</strong> ' . esc_html( $rss->get_error_message() ) . '</p>';
    15821582        }
    15831583        return;
     
    17021702
    17031703    if ( ! empty( $args['error'] ) ) {
    1704         echo '<p class="widget-error"><strong>' . __( 'RSS Error:' ) . '</strong> ' . $args['error'] . '</p>';
     1704        echo '<p class="widget-error"><strong>' . __( 'RSS Error:' ) . '</strong> ' . esc_html( $args['error'] ) . '</p>';
    17051705    }
    17061706
  • branches/5.9/src/wp-mail.php

    r51850 r54545  
    6565    wp_die( __( 'There doesn&#8217;t seem to be any new mail.' ) );
    6666}
     67
     68// Always run as an unauthenticated user.
     69wp_set_current_user( 0 );
    6770
    6871for ( $i = 1; $i <= $count; $i++ ) {
     
    135138                $author = sanitize_email( $author );
    136139                if ( is_email( $author ) ) {
    137                     /* translators: %s: Post author email address. */
    138                     echo '<p>' . sprintf( __( 'Author is %s' ), $author ) . '</p>';
    139140                    $userdata = get_user_by( 'email', $author );
    140141                    if ( ! empty( $userdata ) ) {
  • branches/5.9/src/wp-trackback.php

    r49108 r54545  
    1313    wp( array( 'tb' => '1' ) );
    1414}
     15
     16// Always run as an unauthenticated user.
     17wp_set_current_user( 0 );
    1518
    1619/**
  • branches/5.9/tests/phpunit/tests/pluggable.php

    r51404 r54545  
    324324        return $signatures;
    325325    }
    326 
    327     /**
    328      * @ticket 28020
    329      */
    330     public function test_get_user_by_should_return_same_instance_as_wp_get_current_user() {
    331         // Create a test user.
    332         $new_user = self::factory()->user->create( array( 'role' => 'subscriber' ) );
    333 
    334         // Set the test user as the current user.
    335         $current_user = wp_set_current_user( $new_user );
    336 
    337         // Get the test user using get_user_by().
    338         $from_get_user_by = get_user_by( 'id', $new_user );
    339 
    340         $this->assertSame( $current_user, $from_get_user_by );
    341     }
    342326}
  • branches/5.9/tests/phpunit/tests/query/search.php

    r52389 r54545  
    455455
    456456        add_post_meta( $attachment, '_wp_attached_file', 'some-image1.png', true );
    457         add_filter( 'posts_clauses', '_filter_query_attachment_filenames' );
     457        add_filter( 'wp_allow_query_attachment_by_filename', '__return_true' );
    458458
    459459        // Pass post_type a string value.
     
    485485
    486486        add_post_meta( $attachment, '_wp_attached_file', 'some-image2.png', true );
    487         add_filter( 'posts_clauses', '_filter_query_attachment_filenames' );
     487        add_filter( 'wp_allow_query_attachment_by_filename', '__return_true' );
    488488
    489489        // Pass post_type an array value.
     
    544544        add_post_meta( $attachment, '_wp_attached_file', 'some-image4.png', true );
    545545        add_post_meta( $attachment, '_test_meta_key', 'value', true );
    546         add_filter( 'posts_clauses', '_filter_query_attachment_filenames' );
     546        add_filter( 'wp_allow_query_attachment_by_filename', '__return_true' );
    547547
    548548        // Pass post_type a string value.
     
    584584
    585585        add_post_meta( $attachment, '_wp_attached_file', 'some-image5.png', true );
    586         add_filter( 'posts_clauses', '_filter_query_attachment_filenames' );
     586        add_filter( 'wp_allow_query_attachment_by_filename', '__return_true' );
    587587
    588588        // Pass post_type a string value.
     
    609609     * @ticket 22744
    610610     */
    611     public function test_filter_query_attachment_filenames_unhooks_itself() {
    612         add_filter( 'posts_clauses', '_filter_query_attachment_filenames' );
    613 
    614         apply_filters(
    615             'posts_clauses',
    616             array(
    617                 'where'    => '',
    618                 'groupby'  => '',
    619                 'join'     => '',
    620                 'orderby'  => '',
    621                 'distinct' => '',
    622                 'fields'   => '',
    623                 'limit'    => '',
    624             )
    625         );
    626 
    627         $result = has_filter( 'posts_clauses', '_filter_query_attachment_filenames' );
    628 
    629         $this->assertFalse( $result );
     611    public function test_wp_query_removes_filter_wp_allow_query_attachment_by_filename() {
     612        $attachment = self::factory()->post->create(
     613            array(
     614                'post_type'    => 'attachment',
     615                'post_status'  => 'publish',
     616                'post_title'   => 'bar foo',
     617                'post_content' => 'foo bar',
     618                'post_excerpt' => 'This post has foo',
     619            )
     620        );
     621
     622        add_post_meta( $attachment, '_wp_attached_file', 'some-image1.png', true );
     623        add_filter( 'wp_allow_query_attachment_by_filename', '__return_true' );
     624
     625        $q = new WP_Query(
     626            array(
     627                's'           => 'image1',
     628                'fields'      => 'ids',
     629                'post_type'   => 'attachment',
     630                'post_status' => 'inherit',
     631            )
     632        );
     633
     634        $this->assertSame( array( $attachment ), $q->posts );
     635
     636        /*
     637         * WP_Query should have removed the wp_allow_query_attachment_by_filename filter
     638         * and thus not match the attachment created above
     639         */
     640        $q->get_posts();
     641        $this->assertEmpty( $q->posts );
    630642    }
    631643
  • branches/5.9/tests/phpunit/tests/rest-api/rest-comments-controller.php

    r52389 r54545  
    29732973                    'author_name'       => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
    29742974                    'author_user_agent' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
     2975                    'author'            => self::$editor_id,
    29752976                ),
    29762977                array(
     
    29812982                    'author_name'       => 'div strong',
    29822983                    'author_user_agent' => 'div strong',
     2984                    'author'            => self::$editor_id,
    29832985                )
    29842986            );
     
    29902992                    'author_name'       => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
    29912993                    'author_user_agent' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
     2994                    'author'            => self::$editor_id,
    29922995                ),
    29932996                array(
     
    29983001                    'author_name'       => 'div strong',
    29993002                    'author_user_agent' => 'div strong',
     3003                    'author'            => self::$editor_id,
    30003004                )
    30013005            );
     
    30123016                'author_name'       => '\\\&\\\ &amp; &invalid; < &lt; &amp;lt;',
    30133017                'author_user_agent' => '\\\&\\\ &amp; &invalid; < &lt; &amp;lt;',
     3018                'author'            => self::$superadmin_id,
    30143019            ),
    30153020            array(
     
    30203025                'author_name'       => '\\\&amp;\\\ &amp; &amp;invalid; &lt; &lt; &amp;lt;',
    30213026                'author_user_agent' => '\\\&\\\ &amp; &invalid; &lt; &lt; &amp;lt;',
     3027                'author'            => self::$superadmin_id,
    30223028            )
    30233029        );
     
    30333039                'author_name'       => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
    30343040                'author_user_agent' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
     3041                'author'            => self::$superadmin_id,
    30353042            ),
    30363043            array(
     
    30413048                'author_name'       => 'div strong',
    30423049                'author_user_agent' => 'div strong',
     3050                'author'            => self::$superadmin_id,
    30433051            )
    30443052        );
Note: See TracChangeset for help on using the changeset viewer.