Make WordPress Core


Ignore:
Timestamp:
10/17/2022 06:11:47 PM (2 years ago)
Author:
SergeyBiryukov
Message:

Grouped backports to the 4.9 branch.

  • Posts, Post types: Apply KSES to post-by-email content,
  • General: Validate host on "Are you sure?" screen,
  • Posts, Post types: Remove emails from post-by-email logs,
  • Media: Refactor search by filename within the admin,
  • Pings/trackbacks: Apply KSES to all trackbacks,
  • Comments: Apply kses when editing comments,
  • Customize: Escape blogname option in underscores templates,
  • REST API: Lockdown post parameter of the terms endpoint,
  • Mail: Reset PHPMailer properties between use,
  • Query: Validate relation in WP_Date_Query,
  • Widgets: Escape RSS error messages for display.

Merges [54521], [54522], [54523], [54524], [54525], [54526], [54527], [54528], [54529], [54530], [54541] to the 4.9 branch.
Props voldemortensen, johnbillion, paulkevan, peterwilsoncc, xknown, dd32, audrasjb, martinkrcho, vortfu, davidbaumwald, tykoted, timothyblynjacobs, johnjamesjacoby, ehtis, matveb, talldanwp.

Location:
branches/4.9
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.9

  • branches/4.9/src/wp-includes/class-wp-query.php

    r47648 r54569  
    438438    private $compat_methods = array( 'init_query_flags', 'parse_tax_query' );
    439439
     440    /**
     441     * Controls whether an attachment query should include filenames or not.
     442     *
     443     * @since 6.0.3
     444     * @var bool
     445     */
     446    protected $allow_query_attachment_by_filename = false;
    440447    /**
    441448     * Resets query flags to false.
     
    12991306
    13001307            $like = $n . $wpdb->esc_like( $term ) . $n;
    1301             $search .= $wpdb->prepare( "{$searchand}(({$wpdb->posts}.post_title $like_op %s) $andor_op ({$wpdb->posts}.post_excerpt $like_op %s) $andor_op ({$wpdb->posts}.post_content $like_op %s))", $like, $like, $like );
     1308
     1309            if ( ! empty( $this->allow_query_attachment_by_filename ) ) {
     1310                $search .= $wpdb->prepare( "{$searchand}(({$wpdb->posts}.post_title $like_op %s) $andor_op ({$wpdb->posts}.post_excerpt $like_op %s) $andor_op ({$wpdb->posts}.post_content $like_op %s) $andor_op (sq1.meta_value $like_op %s))", $like, $like, $like, $like );
     1311            } else {
     1312                $search .= $wpdb->prepare( "{$searchand}(({$wpdb->posts}.post_title $like_op %s) $andor_op ({$wpdb->posts}.post_excerpt $like_op %s) $andor_op ({$wpdb->posts}.post_content $like_op %s))", $like, $like, $like );
     1313            }
    13021314            $searchand = ' AND ';
    13031315        }
     
    16351647        $q = $this->fill_query_vars($q);
    16361648
     1649        /**
     1650         * Filters whether an attachment query should include filenames or not.
     1651         *
     1652         * @since 6.0.3
     1653         *
     1654         * @param bool $allow_query_attachment_by_filename Whether or not to include filenames.
     1655         */
     1656        $this->allow_query_attachment_by_filename = apply_filters( 'wp_allow_query_attachment_by_filename', false );
     1657        remove_all_filters( 'wp_allow_query_attachment_by_filename' );
     1658
    16371659        // Parse meta query
    16381660        $this->meta_query = new WP_Meta_Query();
     
    20392061        }
    20402062
    2041         if ( !empty( $this->tax_query->queries ) || !empty( $this->meta_query->queries ) ) {
     2063        if ( ! empty( $this->tax_query->queries ) || ! empty( $this->meta_query->queries ) || ! empty( $this->allow_query_attachment_by_filename ) ) {
    20422064            $groupby = "{$wpdb->posts}.ID";
    20432065        }
     
    21112133        }
    21122134        $where .= $search . $whichauthor . $whichmimetype;
     2135
     2136        if ( ! empty( $this->allow_query_attachment_by_filename ) ) {
     2137            $join .= " LEFT JOIN {$wpdb->postmeta} AS sq1 ON ( {$wpdb->posts}.ID = sq1.post_id AND sq1.meta_key = '_wp_attached_file' )";
     2138        }
    21132139
    21142140        if ( ! empty( $this->meta_query->queries ) ) {
Note: See TracChangeset for help on using the changeset viewer.