Changeset 55791
- Timestamp:
- 05/16/2023 04:02:16 PM (17 months ago)
- Location:
- branches/5.0
- Files:
-
- 1 added
- 12 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/5.0/package-lock.json
r54596 r55791 1 1 { 2 2 "name": "WordPress", 3 "version": "5.0.1 8",3 "version": "5.0.19", 4 4 "lockfileVersion": 1, 5 5 "requires": true, -
branches/5.0/package.json
r54596 r55791 1 1 { 2 2 "name": "WordPress", 3 "version": "5.0.1 8",3 "version": "5.0.19", 4 4 "description": "WordPress is web software you can use to create a beautiful website or blog.", 5 5 "repository": { -
branches/5.0/src/wp-admin/about.php
r55382 r55791 63 63 <div class="changelog point-releases"> 64 64 <h3><?php _e( 'Maintenance and Security Releases' ); ?></h3> 65 <p> 66 <?php 67 printf( 68 /* translators: %s: WordPress version number */ 69 __( '<strong>Version %s</strong> addressed some security issues.' ), 70 '5.0.19' 71 ); 72 ?> 73 <?php 74 printf( 75 /* translators: %s: HelpHub URL */ 76 __( 'For more information, see <a href="%s">the release notes</a>.' ), 77 sprintf( 78 /* translators: %s: WordPress version */ 79 esc_url( __( 'https://wordpress.org/support/wordpress-version/version-%s/' ) ), 80 sanitize_title( '5.0.19' ) 81 ) 82 ); 83 ?> 84 </p> 65 85 <p> 66 86 <?php -
branches/5.0/src/wp-admin/includes/ajax-actions.php
r54571 r55791 2258 2258 } 2259 2259 2260 if ( false === check_ajax_referer( 'set-attachment-thumbnail', '_ajax_nonce', false ) ) { 2261 wp_send_json_error(); 2262 } 2263 2260 2264 $post_ids = array(); 2261 2265 // For each URL, try to find its corresponding post ID. -
branches/5.0/src/wp-includes/blocks.php
r46915 r55791 272 272 $result = ''; 273 273 274 if ( false !== strpos( $text, '<!--' ) && false !== strpos( $text, '--->' ) ) { 275 $text = preg_replace_callback( '%<!--(.*?)--->%', '_filter_block_content_callback', $text ); 276 } 277 274 278 $blocks = parse_blocks( $text ); 275 279 foreach ( $blocks as $block ) { … … 279 283 280 284 return $result; 285 } 286 287 /** 288 * Callback used for regular expression replacement in filter_block_content(). 289 * 290 * @private 291 * @since 6.2.1 292 * 293 * @param array $matches Array of preg_replace_callback matches. 294 * @return string Replacement string. 295 */ 296 function _filter_block_content_callback( $matches ) { 297 return '<!--' . rtrim( $matches[1], '-' ) . '-->'; 281 298 } 282 299 -
branches/5.0/src/wp-includes/formatting.php
r52473 r55791 2114 2114 */ 2115 2115 return apply_filters( 'sanitize_html_class', $sanitized, $class, $fallback ); 2116 } 2117 2118 /** 2119 * Strips out all characters not allowed in a locale name. 2120 * 2121 * @since 6.2.1 2122 * 2123 * @param string $locale_name The locale name to be sanitized. 2124 * @return string The sanitized value. 2125 */ 2126 function sanitize_locale_name( $locale_name ) { 2127 // Limit to A-Z, a-z, 0-9, '_', '-'. 2128 $sanitized = preg_replace( '/[^A-Za-z0-9_-]/', '', $locale_name ); 2129 2130 /** 2131 * Filters a sanitized locale name string. 2132 * 2133 * @since 6.2.1 2134 * 2135 * @param string $sanitized The sanitized locale name. 2136 * @param string $locale_name The locale name before sanitization. 2137 */ 2138 return apply_filters( 'sanitize_locale_name', $sanitized, $locale_name ); 2116 2139 } 2117 2140 -
branches/5.0/src/wp-includes/js/media/views/frame/video-details.js
r41351 r55791 107 107 wp.ajax.send( 'set-attachment-thumbnail', { 108 108 data : { 109 _ajax_nonce: wp.media.view.settings.nonce.setAttachmentThumbnail, 109 110 urls: urls, 110 111 thumbnail_id: attachment.get( 'id' ) -
branches/5.0/src/wp-includes/js/wp-embed.js
r43704 r55791 44 44 var iframes = document.querySelectorAll( 'iframe[data-secret="' + data.secret + '"]' ), 45 45 blockquotes = document.querySelectorAll( 'blockquote[data-secret="' + data.secret + '"]' ), 46 allowedProtocols = new RegExp( '^https?:$', 'i' ), 46 47 i, source, height, sourceURL, targetURL; 47 48 … … 78 79 sourceURL.href = source.getAttribute( 'src' ); 79 80 targetURL.href = data.value; 81 82 /* Only follow link if the protocol is in the allow list. */ 83 if ( ! allowedProtocols.test( targetURL.protocol ) ) { 84 continue; 85 } 80 86 81 87 /* Only continue if link hostname matches iframe's hostname. */ -
branches/5.0/src/wp-includes/l10n.php
r44419 r55791 140 140 141 141 if ( ! empty( $_GET['wp_lang'] ) && ! empty( $GLOBALS['pagenow'] ) && 'wp-login.php' === $GLOBALS['pagenow'] ) { 142 $determined_locale = sanitize_ text_field( $_GET['wp_lang']);142 $determined_locale = sanitize_locale_name( wp_unslash( $_GET['wp_lang'] ) ); 143 143 } 144 144 -
branches/5.0/src/wp-includes/media.php
r43157 r55791 3443 3443 'captions' => ! apply_filters( 'disable_captions', '' ), 3444 3444 'nonce' => array( 3445 'sendToEditor' => wp_create_nonce( 'media-send-to-editor' ), 3445 'sendToEditor' => wp_create_nonce( 'media-send-to-editor' ), 3446 'setAttachmentThumbnail' => wp_create_nonce( 'set-attachment-thumbnail' ), 3446 3447 ), 3447 3448 'post' => array( -
branches/5.0/src/wp-includes/version.php
r54596 r55791 5 5 * @global string $wp_version 6 6 */ 7 $wp_version = '5.0.1 8-src';7 $wp_version = '5.0.19-src'; 8 8 9 9 /** -
branches/5.0/tests/phpunit/tests/ajax/Attachments.php
r37288 r55791 110 110 $this->assertEquals( $expected, $response['data'] ); 111 111 } 112 113 public function test_wp_ajax_set_attachment_thumbnail_success() { 114 // Become an administrator. 115 $post = $_POST; 116 $user_id = self::factory()->user->create( 117 array( 118 'role' => 'administrator', 119 'user_login' => 'user_36578_administrator', 120 'user_email' => 'user_36578_administrator@example.com', 121 ) 122 ); 123 wp_set_current_user( $user_id ); 124 $_POST = array_merge( $_POST, $post ); 125 126 // Upload the attachment itself. 127 $filename = DIR_TESTDATA . '/uploads/small-audio.mp3'; 128 $contents = file_get_contents( $filename ); 129 130 $upload = wp_upload_bits( wp_basename( $filename ), null, $contents ); 131 $attachment = $this->_make_attachment( $upload ); 132 133 // Upload the thumbnail. 134 $filename = DIR_TESTDATA . '/images/waffles.jpg'; 135 $contents = file_get_contents( $filename ); 136 137 $upload = wp_upload_bits( wp_basename( $filename ), null, $contents ); 138 $thumbnail = $this->_make_attachment( $upload ); 139 140 // Set up a default request. 141 $_POST['_ajax_nonce'] = wp_create_nonce( 'set-attachment-thumbnail' ); 142 $_POST['thumbnail_id'] = $thumbnail; 143 $_POST['urls'] = array( wp_get_attachment_url( $attachment ) ); 144 145 // Make the request. 146 try { 147 $this->_handleAjax( 'set-attachment-thumbnail' ); 148 } catch ( WPAjaxDieContinueException $e ) { 149 unset( $e ); 150 } 151 152 // Get the response. 153 $response = json_decode( $this->_last_response, true ); 154 155 // Ensure everything is correct. 156 $this->assertTrue( $response['success'] ); 157 } 158 159 public function test_wp_ajax_set_attachment_thumbnail_missing_nonce() { 160 // Become an administrator. 161 $post = $_POST; 162 $user_id = self::factory()->user->create( 163 array( 164 'role' => 'administrator', 165 'user_login' => 'user_36578_administrator', 166 'user_email' => 'user_36578_administrator@example.com', 167 ) 168 ); 169 wp_set_current_user( $user_id ); 170 $_POST = array_merge( $_POST, $post ); 171 172 // Upload the attachment itself. 173 $filename = DIR_TESTDATA . '/uploads/small-audio.mp3'; 174 $contents = file_get_contents( $filename ); 175 176 $upload = wp_upload_bits( wp_basename( $filename ), null, $contents ); 177 $attachment = $this->_make_attachment( $upload ); 178 179 // Upload the thumbnail. 180 $filename = DIR_TESTDATA . '/images/waffles.jpg'; 181 $contents = file_get_contents( $filename ); 182 183 $upload = wp_upload_bits( wp_basename( $filename ), null, $contents ); 184 $thumbnail = $this->_make_attachment( $upload ); 185 186 // Set up a default request. 187 $_POST['thumbnail_id'] = $thumbnail; 188 $_POST['urls'] = array( wp_get_attachment_url( $attachment ) ); 189 190 // Make the request. 191 try { 192 $this->_handleAjax( 'set-attachment-thumbnail' ); 193 } catch ( WPAjaxDieContinueException $e ) { 194 unset( $e ); 195 } 196 197 // Get the response. 198 $response = json_decode( $this->_last_response, true ); 199 200 // Check that success is false without sending nonce. 201 $this->assertFalse( $response['success'] ); 202 } 112 203 }
Note: See TracChangeset
for help on using the changeset viewer.