Make WordPress Core


Ignore:
Timestamp:
10/17/2022 06:10:19 PM (2 years ago)
Author:
SergeyBiryukov
Message:

Grouped backports to the 4.8 branch.

  • Posts, Post types: Apply KSES to post-by-email content,
  • General: Validate host on "Are you sure?" screen,
  • Posts, Post types: Remove emails from post-by-email logs,
  • Media: Refactor search by filename within the admin,
  • Pings/trackbacks: Apply KSES to all trackbacks,
  • Comments: Apply kses when editing comments,
  • Customize: Escape blogname option in underscores templates,
  • REST API: Lockdown post parameter of the terms endpoint,
  • Mail: Reset PHPMailer properties between use,
  • Query: Validate relation in WP_Date_Query,
  • Widgets: Escape RSS error messages for display.

Merges [54521], [54522], [54523], [54524], [54525], [54526], [54527], [54528], [54529], [54530], [54541] to the 4.8 branch.
Props voldemortensen, johnbillion, paulkevan, peterwilsoncc, xknown, dd32, audrasjb, martinkrcho, vortfu, davidbaumwald, tykoted, timothyblynjacobs, johnjamesjacoby, ehtis, matveb, talldanwp.

Location:
branches/4.8
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.8

  • branches/4.8/src/wp-includes/post.php

    r52475 r54568  
    16321632    }
    16331633
    1634     return $post_type->publicly_queryable || ( $post_type->_builtin && $post_type->public );
     1634    if ( ! is_object( $post_type ) ) {
     1635        return false;
     1636    }
     1637
     1638    $is_viewable = $post_type->publicly_queryable || ( $post_type->_builtin && $post_type->public );
     1639
     1640    /**
     1641     * Filters whether a post type is considered "viewable".
     1642     *
     1643     * The returned filtered value must be a boolean type to ensure
     1644     * `is_post_type_viewable()` only returns a boolean. This strictness
     1645     * is by design to maintain backwards-compatibility and guard against
     1646     * potential type errors in PHP 8.1+. Non-boolean values (even falsey
     1647     * and truthy values) will result in the function returning false.
     1648     *
     1649     * @since 5.9.0
     1650     *
     1651     * @param bool         $is_viewable Whether the post type is "viewable" (strict type).
     1652     * @param WP_Post_Type $post_type   Post type object.
     1653     */
     1654    return true === apply_filters( 'is_post_type_viewable', $is_viewable, $post_type );
     1655}
     1656
     1657/**
     1658 * Determines whether a post status is considered "viewable".
     1659 *
     1660 * For built-in post statuses such as publish and private, the 'public' value will be evaluated.
     1661 * For all others, the 'publicly_queryable' value will be used.
     1662 *
     1663 * @since 5.7.0
     1664 * @since 5.9.0 Added `is_post_status_viewable` hook to filter the result.
     1665 *
     1666 * @param string|stdClass $post_status Post status name or object.
     1667 * @return bool Whether the post status should be considered viewable.
     1668 */
     1669function is_post_status_viewable( $post_status ) {
     1670    if ( is_scalar( $post_status ) ) {
     1671        $post_status = get_post_status_object( $post_status );
     1672
     1673        if ( ! $post_status ) {
     1674            return false;
     1675        }
     1676    }
     1677
     1678    if (
     1679        ! is_object( $post_status ) ||
     1680        $post_status->internal ||
     1681        $post_status->protected
     1682    ) {
     1683        return false;
     1684    }
     1685
     1686    $is_viewable = $post_status->publicly_queryable || ( $post_status->_builtin && $post_status->public );
     1687
     1688    /**
     1689     * Filters whether a post status is considered "viewable".
     1690     *
     1691     * The returned filtered value must be a boolean type to ensure
     1692     * `is_post_status_viewable()` only returns a boolean. This strictness
     1693     * is by design to maintain backwards-compatibility and guard against
     1694     * potential type errors in PHP 8.1+. Non-boolean values (even falsey
     1695     * and truthy values) will result in the function returning false.
     1696     *
     1697     * @since 5.9.0
     1698     *
     1699     * @param bool     $is_viewable Whether the post status is "viewable" (strict type).
     1700     * @param stdClass $post_status Post status object.
     1701     */
     1702    return true === apply_filters( 'is_post_status_viewable', $is_viewable, $post_status );
     1703}
     1704
     1705/**
     1706 * Determines whether a post is publicly viewable.
     1707 *
     1708 * Posts are considered publicly viewable if both the post status and post type
     1709 * are viewable.
     1710 *
     1711 * @since 5.7.0
     1712 *
     1713 * @param int|WP_Post|null $post Optional. Post ID or post object. Defaults to global $post.
     1714 * @return bool Whether the post is publicly viewable.
     1715 */
     1716function is_post_publicly_viewable( $post = null ) {
     1717    $post = get_post( $post );
     1718
     1719    if ( ! $post ) {
     1720        return false;
     1721    }
     1722
     1723    $post_type   = get_post_type( $post );
     1724    $post_status = get_post_status( $post );
     1725
     1726    return is_post_type_viewable( $post_type ) && is_post_status_viewable( $post_status );
    16351727}
    16361728
     
    62426334    return $post_name;
    62436335}
    6244 
    6245 /**
    6246  * Filter the SQL clauses of an attachment query to include filenames.
    6247  *
    6248  * @since 4.7.0
    6249  * @access private
    6250  *
    6251  * @global wpdb $wpdb WordPress database abstraction object.
    6252  *
    6253  * @param array $clauses An array including WHERE, GROUP BY, JOIN, ORDER BY,
    6254  *                       DISTINCT, fields (SELECT), and LIMITS clauses.
    6255  * @return array The modified clauses.
    6256  */
    6257 function _filter_query_attachment_filenames( $clauses ) {
    6258     global $wpdb;
    6259     remove_filter( 'posts_clauses', __FUNCTION__ );
    6260 
    6261     // Add a LEFT JOIN of the postmeta table so we don't trample existing JOINs.
    6262     $clauses['join'] .= " LEFT JOIN {$wpdb->postmeta} AS sq1 ON ( {$wpdb->posts}.ID = sq1.post_id AND sq1.meta_key = '_wp_attached_file' )";
    6263 
    6264     $clauses['groupby'] = "{$wpdb->posts}.ID";
    6265 
    6266     $clauses['where'] = preg_replace(
    6267         "/\({$wpdb->posts}.post_content (NOT LIKE|LIKE) (\'[^']+\')\)/",
    6268         "$0 OR ( sq1.meta_value $1 $2 )",
    6269         $clauses['where'] );
    6270 
    6271     return $clauses;
    6272 }
Note: See TracChangeset for help on using the changeset viewer.