Changeset 55789
- Timestamp:
- 05/16/2023 03:59:15 PM (19 months ago)
- Location:
- branches/5.2
- Files:
-
- 1 added
- 12 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/5.2/package-lock.json
r54591 r55789 1 1 { 2 2 "name": "WordPress", 3 "version": "5.2.1 7",3 "version": "5.2.18", 4 4 "lockfileVersion": 1, 5 5 "requires": true, -
branches/5.2/package.json
r54591 r55789 1 1 { 2 2 "name": "WordPress", 3 "version": "5.2.1 7",3 "version": "5.2.18", 4 4 "description": "WordPress is open source software you can use to create a beautiful website, blog, or app.", 5 5 "repository": { -
branches/5.2/src/js/_enqueues/wp/embed.js
r43597 r55789 45 45 var iframes = document.querySelectorAll( 'iframe[data-secret="' + data.secret + '"]' ), 46 46 blockquotes = document.querySelectorAll( 'blockquote[data-secret="' + data.secret + '"]' ), 47 allowedProtocols = new RegExp( '^https?:$', 'i' ), 47 48 i, source, height, sourceURL, targetURL; 48 49 … … 79 80 sourceURL.href = source.getAttribute( 'src' ); 80 81 targetURL.href = data.value; 82 83 /* Only follow link if the protocol is in the allow list. */ 84 if ( ! allowedProtocols.test( targetURL.protocol ) ) { 85 continue; 86 } 81 87 82 88 /* Only continue if link hostname matches iframe's hostname. */ -
branches/5.2/src/js/media/views/frame/video-details.js
r43309 r55789 107 107 wp.ajax.send( 'set-attachment-thumbnail', { 108 108 data : { 109 _ajax_nonce: wp.media.view.settings.nonce.setAttachmentThumbnail, 109 110 urls: urls, 110 111 thumbnail_id: attachment.get( 'id' ) -
branches/5.2/src/wp-admin/about.php
r55380 r55789 51 51 <div class="changelog point-releases"> 52 52 <h3><?php _e( 'Maintenance and Security Releases' ); ?></h3> 53 <p> 54 <?php 55 printf( 56 /* translators: %s: WordPress version number */ 57 __( '<strong>Version %s</strong> addressed some security issues.' ), 58 '5.2.18' 59 ); 60 ?> 61 <?php 62 printf( 63 /* translators: %s: HelpHub URL */ 64 __( 'For more information, see <a href="%s">the release notes</a>.' ), 65 sprintf( 66 /* translators: %s: WordPress version */ 67 esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ), 68 sanitize_title( '5.2.18' ) 69 ) 70 ); 71 ?> 72 </p> 53 73 <p> 54 74 <?php -
branches/5.2/src/wp-admin/includes/ajax-actions.php
r54563 r55789 2517 2517 } 2518 2518 2519 if ( false === check_ajax_referer( 'set-attachment-thumbnail', '_ajax_nonce', false ) ) { 2520 wp_send_json_error(); 2521 } 2522 2519 2523 $post_ids = array(); 2520 2524 // For each URL, try to find its corresponding post ID. -
branches/5.2/src/wp-includes/blocks.php
r46901 r55789 272 272 $result = ''; 273 273 274 if ( false !== strpos( $text, '<!--' ) && false !== strpos( $text, '--->' ) ) { 275 $text = preg_replace_callback( '%<!--(.*?)--->%', '_filter_block_content_callback', $text ); 276 } 277 274 278 $blocks = parse_blocks( $text ); 275 279 foreach ( $blocks as $block ) { … … 279 283 280 284 return $result; 285 } 286 287 /** 288 * Callback used for regular expression replacement in filter_block_content(). 289 * 290 * @private 291 * @since 6.2.1 292 * 293 * @param array $matches Array of preg_replace_callback matches. 294 * @return string Replacement string. 295 */ 296 function _filter_block_content_callback( $matches ) { 297 return '<!--' . rtrim( $matches[1], '-' ) . '-->'; 281 298 } 282 299 -
branches/5.2/src/wp-includes/formatting.php
r52471 r55789 2367 2367 2368 2368 /** 2369 * Strips out all characters not allowed in a locale name. 2370 * 2371 * @since 6.2.1 2372 * 2373 * @param string $locale_name The locale name to be sanitized. 2374 * @return string The sanitized value. 2375 */ 2376 function sanitize_locale_name( $locale_name ) { 2377 // Limit to A-Z, a-z, 0-9, '_', '-'. 2378 $sanitized = preg_replace( '/[^A-Za-z0-9_-]/', '', $locale_name ); 2379 2380 /** 2381 * Filters a sanitized locale name string. 2382 * 2383 * @since 6.2.1 2384 * 2385 * @param string $sanitized The sanitized locale name. 2386 * @param string $locale_name The locale name before sanitization. 2387 */ 2388 return apply_filters( 'sanitize_locale_name', $sanitized, $locale_name ); 2389 } 2390 2391 /** 2369 2392 * Converts lone & characters into `&` (a.k.a. `&`) 2370 2393 * -
branches/5.2/src/wp-includes/l10n.php
r45254 r55789 140 140 141 141 if ( ! empty( $_GET['wp_lang'] ) && ! empty( $GLOBALS['pagenow'] ) && 'wp-login.php' === $GLOBALS['pagenow'] ) { 142 $determined_locale = sanitize_ text_field( $_GET['wp_lang']);142 $determined_locale = sanitize_locale_name( wp_unslash( $_GET['wp_lang'] ) ); 143 143 } 144 144 -
branches/5.2/src/wp-includes/media.php
r45270 r55789 3584 3584 'captions' => ! apply_filters( 'disable_captions', '' ), 3585 3585 'nonce' => array( 3586 'sendToEditor' => wp_create_nonce( 'media-send-to-editor' ), 3586 'sendToEditor' => wp_create_nonce( 'media-send-to-editor' ), 3587 'setAttachmentThumbnail' => wp_create_nonce( 'set-attachment-thumbnail' ), 3587 3588 ), 3588 3589 'post' => array( -
branches/5.2/src/wp-includes/version.php
r54591 r55789 14 14 * @global string $wp_version 15 15 */ 16 $wp_version = '5.2.1 7-src';16 $wp_version = '5.2.18-src'; 17 17 18 18 /** -
branches/5.2/tests/phpunit/tests/ajax/Attachments.php
r44785 r55789 114 114 $this->assertEquals( $expected, $response['data'] ); 115 115 } 116 117 public function test_wp_ajax_set_attachment_thumbnail_success() { 118 // Become an administrator. 119 $post = $_POST; 120 $user_id = self::factory()->user->create( 121 array( 122 'role' => 'administrator', 123 'user_login' => 'user_36578_administrator', 124 'user_email' => 'user_36578_administrator@example.com', 125 ) 126 ); 127 wp_set_current_user( $user_id ); 128 $_POST = array_merge( $_POST, $post ); 129 130 // Upload the attachment itself. 131 $filename = DIR_TESTDATA . '/uploads/small-audio.mp3'; 132 $contents = file_get_contents( $filename ); 133 134 $upload = wp_upload_bits( wp_basename( $filename ), null, $contents ); 135 $attachment = $this->_make_attachment( $upload ); 136 137 // Upload the thumbnail. 138 $filename = DIR_TESTDATA . '/images/waffles.jpg'; 139 $contents = file_get_contents( $filename ); 140 141 $upload = wp_upload_bits( wp_basename( $filename ), null, $contents ); 142 $thumbnail = $this->_make_attachment( $upload ); 143 144 // Set up a default request. 145 $_POST['_ajax_nonce'] = wp_create_nonce( 'set-attachment-thumbnail' ); 146 $_POST['thumbnail_id'] = $thumbnail; 147 $_POST['urls'] = array( wp_get_attachment_url( $attachment ) ); 148 149 // Make the request. 150 try { 151 $this->_handleAjax( 'set-attachment-thumbnail' ); 152 } catch ( WPAjaxDieContinueException $e ) { 153 unset( $e ); 154 } 155 156 // Get the response. 157 $response = json_decode( $this->_last_response, true ); 158 159 // Ensure everything is correct. 160 $this->assertTrue( $response['success'] ); 161 } 162 163 public function test_wp_ajax_set_attachment_thumbnail_missing_nonce() { 164 // Become an administrator. 165 $post = $_POST; 166 $user_id = self::factory()->user->create( 167 array( 168 'role' => 'administrator', 169 'user_login' => 'user_36578_administrator', 170 'user_email' => 'user_36578_administrator@example.com', 171 ) 172 ); 173 wp_set_current_user( $user_id ); 174 $_POST = array_merge( $_POST, $post ); 175 176 // Upload the attachment itself. 177 $filename = DIR_TESTDATA . '/uploads/small-audio.mp3'; 178 $contents = file_get_contents( $filename ); 179 180 $upload = wp_upload_bits( wp_basename( $filename ), null, $contents ); 181 $attachment = $this->_make_attachment( $upload ); 182 183 // Upload the thumbnail. 184 $filename = DIR_TESTDATA . '/images/waffles.jpg'; 185 $contents = file_get_contents( $filename ); 186 187 $upload = wp_upload_bits( wp_basename( $filename ), null, $contents ); 188 $thumbnail = $this->_make_attachment( $upload ); 189 190 // Set up a default request. 191 $_POST['thumbnail_id'] = $thumbnail; 192 $_POST['urls'] = array( wp_get_attachment_url( $attachment ) ); 193 194 // Make the request. 195 try { 196 $this->_handleAjax( 'set-attachment-thumbnail' ); 197 } catch ( WPAjaxDieContinueException $e ) { 198 unset( $e ); 199 } 200 201 // Get the response. 202 $response = json_decode( $this->_last_response, true ); 203 204 // Check that success is false without sending nonce. 205 $this->assertFalse( $response['success'] ); 206 } 116 207 }
Note: See TracChangeset
for help on using the changeset viewer.