Make WordPress Core


Ignore:
Timestamp:
05/16/2023 03:21:39 PM (19 months ago)
Author:
audrasjb
Message:

Grouped backports to the 5.9 branch.

  • Media: Prevent CSRF setting attachment thumbnails.
  • Embeds: Add protocol validation for WordPress Embed code.
  • I18N: Introduce sanitization function for locale.
  • Editor: Ensure block comments are of a valid form.
  • Editor: Remove shortcode support from block templates.

Merges [55760-55764] to the 5.9 branch.
Props dd32, isabel_brison, martinkrcho, matveb, ocean90, paulkevan, peterwilsoncc, timothyblynjacobs, xknown, youknowriad.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/5.9/src/wp-includes/l10n.php

    r52394 r55774  
    148148
    149149    if ( ! empty( $_GET['wp_lang'] ) ) {
    150         $wp_lang = sanitize_text_field( $_GET['wp_lang'] );
     150        $wp_lang = sanitize_locale_name( wp_unslash( $_GET['wp_lang'] ) );
    151151    } elseif ( ! empty( $_COOKIE['wp_lang'] ) ) {
    152         $wp_lang = sanitize_text_field( $_COOKIE['wp_lang'] );
     152        $wp_lang = sanitize_locale_name( wp_unslash( $_COOKIE['wp_lang'] ) );
    153153    }
    154154
Note: See TracChangeset for help on using the changeset viewer.