Changeset 55774
- Timestamp:
- 05/16/2023 03:21:39 PM (18 months ago)
- Location:
- branches/5.9
- Files:
-
- 1 added
- 13 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/5.9/package-lock.json
r54580 r55774 1 1 { 2 2 "name": "WordPress", 3 "version": "5.9. 5",3 "version": "5.9.6", 4 4 "lockfileVersion": 1, 5 5 "requires": true, -
branches/5.9/package.json
r54580 r55774 1 1 { 2 2 "name": "WordPress", 3 "version": "5.9. 5",3 "version": "5.9.6", 4 4 "description": "WordPress is open source software you can use to create a beautiful website, blog, or app.", 5 5 "repository": { -
branches/5.9/src/js/_enqueues/wp/embed.js
r52132 r55774 50 50 var iframes = document.querySelectorAll( 'iframe[data-secret="' + data.secret + '"]' ), 51 51 blockquotes = document.querySelectorAll( 'blockquote[data-secret="' + data.secret + '"]' ), 52 allowedProtocols = new RegExp( '^https?:$', 'i' ), 52 53 i, source, height, sourceURL, targetURL; 53 54 … … 84 85 sourceURL.href = source.getAttribute( 'src' ); 85 86 targetURL.href = data.value; 87 88 /* Only follow link if the protocol is in the allow list. */ 89 if ( ! allowedProtocols.test( targetURL.protocol ) ) { 90 continue; 91 } 86 92 87 93 /* Only continue if link hostname matches iframe's hostname. */ -
branches/5.9/src/js/media/views/frame/video-details.js
r43309 r55774 107 107 wp.ajax.send( 'set-attachment-thumbnail', { 108 108 data : { 109 _ajax_nonce: wp.media.view.settings.nonce.setAttachmentThumbnail, 109 110 urls: urls, 110 111 thumbnail_id: attachment.get( 'id' ) -
branches/5.9/src/wp-admin/about.php
r55373 r55774 43 43 <div class="column"> 44 44 <h2><?php _e( 'Maintenance and Security Releases' ); ?></h2> 45 <p> 46 <?php 47 printf( 48 /* translators: %s: WordPress version number. */ 49 __( '<strong>Version %s</strong> addressed some security issues.' ), 50 '5.9.6' 51 ); 52 ?> 53 <?php 54 printf( 55 /* translators: %s: HelpHub URL. */ 56 __( 'For more information, see <a href="%s">the release notes</a>.' ), 57 sprintf( 58 /* translators: %s: WordPress version. */ 59 esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ), 60 sanitize_title( '5.9.6' ) 61 ) 62 ); 63 ?> 64 </p> 45 65 <p> 46 66 <?php -
branches/5.9/src/wp-admin/includes/ajax-actions.php
r54545 r55774 2733 2733 } 2734 2734 2735 if ( false === check_ajax_referer( 'set-attachment-thumbnail', '_ajax_nonce', false ) ) { 2736 wp_send_json_error(); 2737 } 2738 2735 2739 $post_ids = array(); 2736 2740 // For each URL, try to find its corresponding post ID. -
branches/5.9/src/wp-includes/block-template.php
r52716 r55774 241 241 $content = wptexturize( $content ); 242 242 $content = convert_smilies( $content ); 243 $content = shortcode_unautop( $content );244 243 $content = wp_filter_content_tags( $content ); 245 $content = do_shortcode( $content );246 244 $content = str_replace( ']]>', ']]>', $content ); 247 245 -
branches/5.9/src/wp-includes/blocks.php
r53019 r55774 629 629 $result = ''; 630 630 631 if ( false !== strpos( $text, '<!--' ) && false !== strpos( $text, '--->' ) ) { 632 $text = preg_replace_callback( '%<!--(.*?)--->%', '_filter_block_content_callback', $text ); 633 } 634 631 635 $blocks = parse_blocks( $text ); 632 636 foreach ( $blocks as $block ) { … … 636 640 637 641 return $result; 642 } 643 644 /** 645 * Callback used for regular expression replacement in filter_block_content(). 646 * 647 * @private 648 * @since 6.2.1 649 * 650 * @param array $matches Array of preg_replace_callback matches. 651 * @return string Replacement string. 652 */ 653 function _filter_block_content_callback( $matches ) { 654 return '<!--' . rtrim( $matches[1], '-' ) . '-->'; 638 655 } 639 656 -
branches/5.9/src/wp-includes/formatting.php
r52464 r55774 2410 2410 2411 2411 /** 2412 * Strips out all characters not allowed in a locale name. 2413 * 2414 * @since 6.2.1 2415 * 2416 * @param string $locale_name The locale name to be sanitized. 2417 * @return string The sanitized value. 2418 */ 2419 function sanitize_locale_name( $locale_name ) { 2420 // Limit to A-Z, a-z, 0-9, '_', '-'. 2421 $sanitized = preg_replace( '/[^A-Za-z0-9_-]/', '', $locale_name ); 2422 2423 /** 2424 * Filters a sanitized locale name string. 2425 * 2426 * @since 6.2.1 2427 * 2428 * @param string $sanitized The sanitized locale name. 2429 * @param string $locale_name The locale name before sanitization. 2430 */ 2431 return apply_filters( 'sanitize_locale_name', $sanitized, $locale_name ); 2432 } 2433 2434 /** 2412 2435 * Converts lone & characters into `&` (a.k.a. `&`) 2413 2436 * -
branches/5.9/src/wp-includes/l10n.php
r52394 r55774 148 148 149 149 if ( ! empty( $_GET['wp_lang'] ) ) { 150 $wp_lang = sanitize_ text_field( $_GET['wp_lang']);150 $wp_lang = sanitize_locale_name( wp_unslash( $_GET['wp_lang'] ) ); 151 151 } elseif ( ! empty( $_COOKIE['wp_lang'] ) ) { 152 $wp_lang = sanitize_ text_field( $_COOKIE['wp_lang']);152 $wp_lang = sanitize_locale_name( wp_unslash( $_COOKIE['wp_lang'] ) ); 153 153 } 154 154 -
branches/5.9/src/wp-includes/media.php
r53006 r55774 4389 4389 'captions' => ! apply_filters( 'disable_captions', '' ), 4390 4390 'nonce' => array( 4391 'sendToEditor' => wp_create_nonce( 'media-send-to-editor' ), 4391 'sendToEditor' => wp_create_nonce( 'media-send-to-editor' ), 4392 'setAttachmentThumbnail' => wp_create_nonce( 'set-attachment-thumbnail' ), 4392 4393 ), 4393 4394 'post' => array( -
branches/5.9/src/wp-includes/version.php
r54580 r55774 17 17 * @global string $wp_version 18 18 */ 19 $wp_version = '5.9. 5-src';19 $wp_version = '5.9.6-src'; 20 20 21 21 /** -
branches/5.9/tests/phpunit/tests/ajax/Attachments.php
r51870 r55774 115 115 $this->assertSame( $expected, $response['data'] ); 116 116 } 117 118 public function test_wp_ajax_set_attachment_thumbnail_success() { 119 // Become an administrator. 120 $post = $_POST; 121 $user_id = self::factory()->user->create( 122 array( 123 'role' => 'administrator', 124 'user_login' => 'user_36578_administrator', 125 'user_email' => 'user_36578_administrator@example.com', 126 ) 127 ); 128 wp_set_current_user( $user_id ); 129 $_POST = array_merge( $_POST, $post ); 130 131 // Upload the attachment itself. 132 $filename = DIR_TESTDATA . '/uploads/small-audio.mp3'; 133 $contents = file_get_contents( $filename ); 134 135 $upload = wp_upload_bits( wp_basename( $filename ), null, $contents ); 136 $attachment = $this->_make_attachment( $upload ); 137 138 // Upload the thumbnail. 139 $filename = DIR_TESTDATA . '/images/waffles.jpg'; 140 $contents = file_get_contents( $filename ); 141 142 $upload = wp_upload_bits( wp_basename( $filename ), null, $contents ); 143 $thumbnail = $this->_make_attachment( $upload ); 144 145 // Set up a default request. 146 $_POST['_ajax_nonce'] = wp_create_nonce( 'set-attachment-thumbnail' ); 147 $_POST['thumbnail_id'] = $thumbnail; 148 $_POST['urls'] = array( wp_get_attachment_url( $attachment ) ); 149 150 // Make the request. 151 try { 152 $this->_handleAjax( 'set-attachment-thumbnail' ); 153 } catch ( WPAjaxDieContinueException $e ) { 154 unset( $e ); 155 } 156 157 // Get the response. 158 $response = json_decode( $this->_last_response, true ); 159 160 // Ensure everything is correct. 161 $this->assertTrue( $response['success'] ); 162 } 163 164 public function test_wp_ajax_set_attachment_thumbnail_missing_nonce() { 165 // Become an administrator. 166 $post = $_POST; 167 $user_id = self::factory()->user->create( 168 array( 169 'role' => 'administrator', 170 'user_login' => 'user_36578_administrator', 171 'user_email' => 'user_36578_administrator@example.com', 172 ) 173 ); 174 wp_set_current_user( $user_id ); 175 $_POST = array_merge( $_POST, $post ); 176 177 // Upload the attachment itself. 178 $filename = DIR_TESTDATA . '/uploads/small-audio.mp3'; 179 $contents = file_get_contents( $filename ); 180 181 $upload = wp_upload_bits( wp_basename( $filename ), null, $contents ); 182 $attachment = $this->_make_attachment( $upload ); 183 184 // Upload the thumbnail. 185 $filename = DIR_TESTDATA . '/images/waffles.jpg'; 186 $contents = file_get_contents( $filename ); 187 188 $upload = wp_upload_bits( wp_basename( $filename ), null, $contents ); 189 $thumbnail = $this->_make_attachment( $upload ); 190 191 // Set up a default request. 192 $_POST['thumbnail_id'] = $thumbnail; 193 $_POST['urls'] = array( wp_get_attachment_url( $attachment ) ); 194 195 // Make the request. 196 try { 197 $this->_handleAjax( 'set-attachment-thumbnail' ); 198 } catch ( WPAjaxDieContinueException $e ) { 199 unset( $e ); 200 } 201 202 // Get the response. 203 $response = json_decode( $this->_last_response, true ); 204 205 // Check that success is false without sending nonce. 206 $this->assertFalse( $response['success'] ); 207 } 117 208 }
Note: See TracChangeset
for help on using the changeset viewer.