Make WordPress Core


Ignore:
Timestamp:
10/17/2022 06:11:47 PM (20 months ago)
Author:
SergeyBiryukov
Message:

Grouped backports to the 4.9 branch.

  • Posts, Post types: Apply KSES to post-by-email content,
  • General: Validate host on "Are you sure?" screen,
  • Posts, Post types: Remove emails from post-by-email logs,
  • Media: Refactor search by filename within the admin,
  • Pings/trackbacks: Apply KSES to all trackbacks,
  • Comments: Apply kses when editing comments,
  • Customize: Escape blogname option in underscores templates,
  • REST API: Lockdown post parameter of the terms endpoint,
  • Mail: Reset PHPMailer properties between use,
  • Query: Validate relation in WP_Date_Query,
  • Widgets: Escape RSS error messages for display.

Merges [54521], [54522], [54523], [54524], [54525], [54526], [54527], [54528], [54529], [54530], [54541] to the 4.9 branch.
Props voldemortensen, johnbillion, paulkevan, peterwilsoncc, xknown, dd32, audrasjb, martinkrcho, vortfu, davidbaumwald, tykoted, timothyblynjacobs, johnjamesjacoby, ehtis, matveb, talldanwp.

Location:
branches/4.9
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.9

  • branches/4.9/tests/phpunit/tests/query/search.php

    r38844 r54569  
    371371
    372372        add_post_meta( $attachment, '_wp_attached_file', 'some-image1.png', true );
    373         add_filter( 'posts_clauses', '_filter_query_attachment_filenames' );
     373        add_filter( 'wp_allow_query_attachment_by_filename', '__return_true' );
    374374
    375375        // Pass post_type a string value.
     
    397397
    398398        add_post_meta( $attachment, '_wp_attached_file', 'some-image2.png', true );
    399         add_filter( 'posts_clauses', '_filter_query_attachment_filenames' );
     399        add_filter( 'wp_allow_query_attachment_by_filename', '__return_true' );
    400400
    401401        // Pass post_type an array value.
     
    448448        add_post_meta( $attachment, '_wp_attached_file', 'some-image4.png', true );
    449449        add_post_meta( $attachment, '_test_meta_key', 'value', true );
    450         add_filter( 'posts_clauses', '_filter_query_attachment_filenames' );
     450        add_filter( 'wp_allow_query_attachment_by_filename', '__return_true' );
    451451
    452452        // Pass post_type a string value.
     
    484484
    485485        add_post_meta( $attachment, '_wp_attached_file', 'some-image5.png', true );
    486         add_filter( 'posts_clauses', '_filter_query_attachment_filenames' );
     486        add_filter( 'wp_allow_query_attachment_by_filename', '__return_true' );
    487487
    488488        // Pass post_type a string value.
     
    507507     * @ticket 22744
    508508     */
    509     public function test_filter_query_attachment_filenames_unhooks_itself() {
    510         add_filter( 'posts_clauses', '_filter_query_attachment_filenames' );
    511 
    512         apply_filters( 'posts_clauses', array(
    513             'where'    => '',
    514             'groupby'  => '',
    515             'join'     => '',
    516             'orderby'  => '',
    517             'distinct' => '',
    518             'fields'   => '',
    519             'limit'    => '',
    520         ) );
    521 
    522         $result = has_filter( 'posts_clauses', '_filter_query_attachment_filenames' );
    523 
    524         $this->assertFalse( $result );
     509    public function test_wp_query_removes_filter_wp_allow_query_attachment_by_filename() {
     510        $attachment = self::factory()->post->create(
     511            array(
     512                'post_type'    => 'attachment',
     513                'post_status'  => 'publish',
     514                'post_title'   => 'bar foo',
     515                'post_content' => 'foo bar',
     516                'post_excerpt' => 'This post has foo',
     517            )
     518        );
     519
     520        add_post_meta( $attachment, '_wp_attached_file', 'some-image1.png', true );
     521        add_filter( 'wp_allow_query_attachment_by_filename', '__return_true' );
     522
     523        $q = new WP_Query(
     524            array(
     525                's'           => 'image1',
     526                'fields'      => 'ids',
     527                'post_type'   => 'attachment',
     528                'post_status' => 'inherit',
     529            )
     530        );
     531
     532        $this->assertSame( array( $attachment ), $q->posts );
     533
     534        /*
     535         * WP_Query should have removed the wp_allow_query_attachment_by_filename filter
     536         * and thus not match the attachment created above
     537         */
     538        $q->get_posts();
     539        $this->assertEmpty( $q->posts );
    525540    }
    526541
Note: See TracChangeset for help on using the changeset viewer.