Make WordPress Core


Ignore:
Timestamp:
10/17/2022 06:13:25 PM (18 months ago)
Author:
SergeyBiryukov
Message:

Grouped backports to the 5.0 branch.

  • Posts, Post types: Apply KSES to post-by-email content,
  • General: Validate host on "Are you sure?" screen,
  • Posts, Post types: Remove emails from post-by-email logs,
  • Media: Refactor search by filename within the admin,
  • Pings/trackbacks: Apply KSES to all trackbacks,
  • Comments: Apply kses when editing comments,
  • Customize: Escape blogname option in underscores templates,
  • REST API: Lockdown post parameter of the terms endpoint,
  • Mail: Reset PHPMailer properties between use,
  • Query: Validate relation in WP_Date_Query,
  • Widgets: Escape RSS error messages for display.

Merges [54521], [54522], [54523], [54524], [54525], [54526], [54527], [54528], [54529], [54530], [54541] to the 5.0 branch.
Props voldemortensen, johnbillion, paulkevan, peterwilsoncc, xknown, dd32, audrasjb, martinkrcho, vortfu, davidbaumwald, tykoted, timothyblynjacobs, johnjamesjacoby, ehtis, matveb, talldanwp.

Location:
branches/5.0
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/5.0

  • branches/5.0/src/wp-includes/post.php

    r52473 r54571  
    10191019/**
    10201020 * Determines whether a post type is registered.
    1021  * 
     1021 *
    10221022 * For more information on this and similar theme functions, check out
    1023  * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ 
     1023 * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/
    10241024 * Conditional Tags} article in the Theme Developer Handbook.
    10251025 *
     
    17791779    }
    17801780
    1781     return $post_type->publicly_queryable || ( $post_type->_builtin && $post_type->public );
     1781    if ( ! is_object( $post_type ) ) {
     1782        return false;
     1783    }
     1784
     1785    $is_viewable = $post_type->publicly_queryable || ( $post_type->_builtin && $post_type->public );
     1786
     1787    /**
     1788     * Filters whether a post type is considered "viewable".
     1789     *
     1790     * The returned filtered value must be a boolean type to ensure
     1791     * `is_post_type_viewable()` only returns a boolean. This strictness
     1792     * is by design to maintain backwards-compatibility and guard against
     1793     * potential type errors in PHP 8.1+. Non-boolean values (even falsey
     1794     * and truthy values) will result in the function returning false.
     1795     *
     1796     * @since 5.9.0
     1797     *
     1798     * @param bool         $is_viewable Whether the post type is "viewable" (strict type).
     1799     * @param WP_Post_Type $post_type   Post type object.
     1800     */
     1801    return true === apply_filters( 'is_post_type_viewable', $is_viewable, $post_type );
     1802}
     1803
     1804/**
     1805 * Determines whether a post status is considered "viewable".
     1806 *
     1807 * For built-in post statuses such as publish and private, the 'public' value will be evaluated.
     1808 * For all others, the 'publicly_queryable' value will be used.
     1809 *
     1810 * @since 5.7.0
     1811 * @since 5.9.0 Added `is_post_status_viewable` hook to filter the result.
     1812 *
     1813 * @param string|stdClass $post_status Post status name or object.
     1814 * @return bool Whether the post status should be considered viewable.
     1815 */
     1816function is_post_status_viewable( $post_status ) {
     1817    if ( is_scalar( $post_status ) ) {
     1818        $post_status = get_post_status_object( $post_status );
     1819
     1820        if ( ! $post_status ) {
     1821            return false;
     1822        }
     1823    }
     1824
     1825    if (
     1826        ! is_object( $post_status ) ||
     1827        $post_status->internal ||
     1828        $post_status->protected
     1829    ) {
     1830        return false;
     1831    }
     1832
     1833    $is_viewable = $post_status->publicly_queryable || ( $post_status->_builtin && $post_status->public );
     1834
     1835    /**
     1836     * Filters whether a post status is considered "viewable".
     1837     *
     1838     * The returned filtered value must be a boolean type to ensure
     1839     * `is_post_status_viewable()` only returns a boolean. This strictness
     1840     * is by design to maintain backwards-compatibility and guard against
     1841     * potential type errors in PHP 8.1+. Non-boolean values (even falsey
     1842     * and truthy values) will result in the function returning false.
     1843     *
     1844     * @since 5.9.0
     1845     *
     1846     * @param bool     $is_viewable Whether the post status is "viewable" (strict type).
     1847     * @param stdClass $post_status Post status object.
     1848     */
     1849    return true === apply_filters( 'is_post_status_viewable', $is_viewable, $post_status );
     1850}
     1851
     1852/**
     1853 * Determines whether a post is publicly viewable.
     1854 *
     1855 * Posts are considered publicly viewable if both the post status and post type
     1856 * are viewable.
     1857 *
     1858 * @since 5.7.0
     1859 *
     1860 * @param int|WP_Post|null $post Optional. Post ID or post object. Defaults to global $post.
     1861 * @return bool Whether the post is publicly viewable.
     1862 */
     1863function is_post_publicly_viewable( $post = null ) {
     1864    $post = get_post( $post );
     1865
     1866    if ( ! $post ) {
     1867        return false;
     1868    }
     1869
     1870    $post_type   = get_post_type( $post );
     1871    $post_status = get_post_status( $post );
     1872
     1873    return is_post_type_viewable( $post_type ) && is_post_status_viewable( $post_status );
    17821874}
    17831875
     
    20452137 * Sticky posts should remain at the top of The Loop. If the post ID is not
    20462138 * given, then The Loop ID for the current post will be used.
    2047  * 
     2139 *
    20482140 * For more information on this and similar theme functions, check out
    2049  * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ 
     2141 * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/
    20502142 * Conditional Tags} article in the Theme Developer Handbook.
    2051  * 
     2143 *
    20522144 * @since 2.7.0
    20532145 *
     
    50275119/**
    50285120 * Determines whether an attachment URI is local and really an attachment.
    5029  * 
     5121 *
    50305122 * For more information on this and similar theme functions, check out
    5031  * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ 
     5123 * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/
    50325124 * Conditional Tags} article in the Theme Developer Handbook.
    5033  * 
     5125 *
    50345126 * @since 2.0.0
    50355127 *
     
    55285620/**
    55295621 * Determines whether an attachment is an image.
    5530  * 
     5622 *
    55315623 * For more information on this and similar theme functions, check out
    5532  * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ 
     5624 * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/
    55335625 * Conditional Tags} article in the Theme Developer Handbook.
    55345626 *
     
    65406632
    65416633/**
    6542  * Filter the SQL clauses of an attachment query to include filenames.
    6543  *
    6544  * @since 4.7.0
    6545  * @access private
    6546  *
    6547  * @global wpdb $wpdb WordPress database abstraction object.
    6548  *
    6549  * @param array $clauses An array including WHERE, GROUP BY, JOIN, ORDER BY,
    6550  *                       DISTINCT, fields (SELECT), and LIMITS clauses.
    6551  * @return array The modified clauses.
    6552  */
    6553 function _filter_query_attachment_filenames( $clauses ) {
    6554     global $wpdb;
    6555     remove_filter( 'posts_clauses', __FUNCTION__ );
    6556 
    6557     // Add a LEFT JOIN of the postmeta table so we don't trample existing JOINs.
    6558     $clauses['join'] .= " LEFT JOIN {$wpdb->postmeta} AS sq1 ON ( {$wpdb->posts}.ID = sq1.post_id AND sq1.meta_key = '_wp_attached_file' )";
    6559 
    6560     $clauses['groupby'] = "{$wpdb->posts}.ID";
    6561 
    6562     $clauses['where'] = preg_replace(
    6563         "/\({$wpdb->posts}.post_content (NOT LIKE|LIKE) (\'[^']+\')\)/",
    6564         "$0 OR ( sq1.meta_value $1 $2 )",
    6565         $clauses['where'] );
    6566 
    6567     return $clauses;
    6568 }
    6569 
    6570 /**
    65716634 * Sets the last changed time for the 'posts' cache group.
    65726635 *
Note: See TracChangeset for help on using the changeset viewer.