Make WordPress Core


Ignore:
Timestamp:
10/17/2022 06:11:47 PM (20 months ago)
Author:
SergeyBiryukov
Message:

Grouped backports to the 4.9 branch.

  • Posts, Post types: Apply KSES to post-by-email content,
  • General: Validate host on "Are you sure?" screen,
  • Posts, Post types: Remove emails from post-by-email logs,
  • Media: Refactor search by filename within the admin,
  • Pings/trackbacks: Apply KSES to all trackbacks,
  • Comments: Apply kses when editing comments,
  • Customize: Escape blogname option in underscores templates,
  • REST API: Lockdown post parameter of the terms endpoint,
  • Mail: Reset PHPMailer properties between use,
  • Query: Validate relation in WP_Date_Query,
  • Widgets: Escape RSS error messages for display.

Merges [54521], [54522], [54523], [54524], [54525], [54526], [54527], [54528], [54529], [54530], [54541] to the 4.9 branch.
Props voldemortensen, johnbillion, paulkevan, peterwilsoncc, xknown, dd32, audrasjb, martinkrcho, vortfu, davidbaumwald, tykoted, timothyblynjacobs, johnjamesjacoby, ehtis, matveb, talldanwp.

Location:
branches/4.9
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.9

  • branches/4.9/src/wp-includes/post.php

    r52474 r54569  
    17061706    }
    17071707
    1708     return $post_type->publicly_queryable || ( $post_type->_builtin && $post_type->public );
     1708    if ( ! is_object( $post_type ) ) {
     1709        return false;
     1710    }
     1711
     1712    $is_viewable = $post_type->publicly_queryable || ( $post_type->_builtin && $post_type->public );
     1713
     1714    /**
     1715     * Filters whether a post type is considered "viewable".
     1716     *
     1717     * The returned filtered value must be a boolean type to ensure
     1718     * `is_post_type_viewable()` only returns a boolean. This strictness
     1719     * is by design to maintain backwards-compatibility and guard against
     1720     * potential type errors in PHP 8.1+. Non-boolean values (even falsey
     1721     * and truthy values) will result in the function returning false.
     1722     *
     1723     * @since 5.9.0
     1724     *
     1725     * @param bool         $is_viewable Whether the post type is "viewable" (strict type).
     1726     * @param WP_Post_Type $post_type   Post type object.
     1727     */
     1728    return true === apply_filters( 'is_post_type_viewable', $is_viewable, $post_type );
     1729}
     1730
     1731/**
     1732 * Determines whether a post status is considered "viewable".
     1733 *
     1734 * For built-in post statuses such as publish and private, the 'public' value will be evaluated.
     1735 * For all others, the 'publicly_queryable' value will be used.
     1736 *
     1737 * @since 5.7.0
     1738 * @since 5.9.0 Added `is_post_status_viewable` hook to filter the result.
     1739 *
     1740 * @param string|stdClass $post_status Post status name or object.
     1741 * @return bool Whether the post status should be considered viewable.
     1742 */
     1743function is_post_status_viewable( $post_status ) {
     1744    if ( is_scalar( $post_status ) ) {
     1745        $post_status = get_post_status_object( $post_status );
     1746
     1747        if ( ! $post_status ) {
     1748            return false;
     1749        }
     1750    }
     1751
     1752    if (
     1753        ! is_object( $post_status ) ||
     1754        $post_status->internal ||
     1755        $post_status->protected
     1756    ) {
     1757        return false;
     1758    }
     1759
     1760    $is_viewable = $post_status->publicly_queryable || ( $post_status->_builtin && $post_status->public );
     1761
     1762    /**
     1763     * Filters whether a post status is considered "viewable".
     1764     *
     1765     * The returned filtered value must be a boolean type to ensure
     1766     * `is_post_status_viewable()` only returns a boolean. This strictness
     1767     * is by design to maintain backwards-compatibility and guard against
     1768     * potential type errors in PHP 8.1+. Non-boolean values (even falsey
     1769     * and truthy values) will result in the function returning false.
     1770     *
     1771     * @since 5.9.0
     1772     *
     1773     * @param bool     $is_viewable Whether the post status is "viewable" (strict type).
     1774     * @param stdClass $post_status Post status object.
     1775     */
     1776    return true === apply_filters( 'is_post_status_viewable', $is_viewable, $post_status );
     1777}
     1778
     1779/**
     1780 * Determines whether a post is publicly viewable.
     1781 *
     1782 * Posts are considered publicly viewable if both the post status and post type
     1783 * are viewable.
     1784 *
     1785 * @since 5.7.0
     1786 *
     1787 * @param int|WP_Post|null $post Optional. Post ID or post object. Defaults to global $post.
     1788 * @return bool Whether the post is publicly viewable.
     1789 */
     1790function is_post_publicly_viewable( $post = null ) {
     1791    $post = get_post( $post );
     1792
     1793    if ( ! $post ) {
     1794        return false;
     1795    }
     1796
     1797    $post_type   = get_post_type( $post );
     1798    $post_status = get_post_status( $post );
     1799
     1800    return is_post_type_viewable( $post_type ) && is_post_status_viewable( $post_status );
    17091801}
    17101802
     
    64566548    return $post_name;
    64576549}
    6458 
    6459 /**
    6460  * Filter the SQL clauses of an attachment query to include filenames.
    6461  *
    6462  * @since 4.7.0
    6463  * @access private
    6464  *
    6465  * @global wpdb $wpdb WordPress database abstraction object.
    6466  *
    6467  * @param array $clauses An array including WHERE, GROUP BY, JOIN, ORDER BY,
    6468  *                       DISTINCT, fields (SELECT), and LIMITS clauses.
    6469  * @return array The modified clauses.
    6470  */
    6471 function _filter_query_attachment_filenames( $clauses ) {
    6472     global $wpdb;
    6473     remove_filter( 'posts_clauses', __FUNCTION__ );
    6474 
    6475     // Add a LEFT JOIN of the postmeta table so we don't trample existing JOINs.
    6476     $clauses['join'] .= " LEFT JOIN {$wpdb->postmeta} AS sq1 ON ( {$wpdb->posts}.ID = sq1.post_id AND sq1.meta_key = '_wp_attached_file' )";
    6477 
    6478     $clauses['groupby'] = "{$wpdb->posts}.ID";
    6479 
    6480     $clauses['where'] = preg_replace(
    6481         "/\({$wpdb->posts}.post_content (NOT LIKE|LIKE) (\'[^']+\')\)/",
    6482         "$0 OR ( sq1.meta_value $1 $2 )",
    6483         $clauses['where'] );
    6484 
    6485     return $clauses;
    6486 }
Note: See TracChangeset for help on using the changeset viewer.