Changeset 56838
- Timestamp:
- 10/12/2023 12:45:49 PM (12 months ago)
- Location:
- trunk
- Files:
-
- 1 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/includes/ajax-actions.php
r56549 r56838 3883 3883 $shortcode = wp_unslash( $_POST['shortcode'] ); 3884 3884 3885 // Only process previews for media related shortcodes: 3886 $found_shortcodes = get_shortcode_tags_in_content( $shortcode ); 3887 $media_shortcodes = array( 3888 'audio', 3889 'embed', 3890 'playlist', 3891 'video', 3892 'gallery', 3893 ); 3894 3895 $other_shortcodes = array_diff( $found_shortcodes, $media_shortcodes ); 3896 3897 if ( ! empty( $other_shortcodes ) ) { 3898 wp_send_json_error(); 3899 } 3900 3885 3901 if ( ! empty( $_POST['post_ID'] ) ) { 3886 3902 $post = get_post( (int) $_POST['post_ID'] ); … … 3889 3905 // The embed shortcode requires a post. 3890 3906 if ( ! $post || ! current_user_can( 'edit_post', $post->ID ) ) { 3891 if ( 'embed' === $shortcode) {3907 if ( in_array( 'embed', $found_shortcodes, true ) ) { 3892 3908 wp_send_json_error(); 3893 3909 } -
trunk/src/wp-includes/media.php
r56743 r56838 2608 2608 } 2609 2609 } elseif ( ! empty( $atts['exclude'] ) ) { 2610 $post_parent_id = $id; 2610 2611 $attachments = get_children( 2611 2612 array( … … 2620 2621 ); 2621 2622 } else { 2623 $post_parent_id = $id; 2622 2624 $attachments = get_children( 2623 2625 array( … … 2630 2632 ) 2631 2633 ); 2634 } 2635 2636 if ( ! empty( $post_parent_id ) ) { 2637 $post_parent = get_post( $post_parent_id ); 2638 2639 // terminate the shortcode execution if user cannot read the post or password-protected 2640 if ( 2641 ( ! is_post_publicly_viewable( $post_parent->ID ) && ! current_user_can( 'read_post', $post_parent->ID ) ) 2642 || post_password_required( $post_parent ) ) { 2643 return ''; 2644 } 2632 2645 } 2633 2646 … … 2964 2977 } 2965 2978 2979 if ( ! empty( $args['post_parent'] ) ) { 2980 $post_parent = get_post( $id ); 2981 2982 // terminate the shortcode execution if user cannot read the post or password-protected 2983 if ( ! current_user_can( 'read_post', $post_parent->ID ) || post_password_required( $post_parent ) ) { 2984 return ''; 2985 } 2986 } 2987 2966 2988 if ( empty( $attachments ) ) { 2967 2989 return ''; -
trunk/src/wp-includes/shortcodes.php
r56273 r56838 167 167 } 168 168 return false; 169 } 170 171 /** 172 * Returns a list of registered shortcode names found in the given content. 173 * 174 * Example usage: 175 * 176 * get_shortcode_tags_in_content( '[audio src="file.mp3"][/audio] [foo] [gallery ids="1,2,3"]' ); 177 * // array( 'audio', 'gallery' ) 178 * 179 * @since 6.3.2 180 * 181 * @param string $content The content to check. 182 * @return string[] An array of registered shortcode names found in the content. 183 */ 184 function get_shortcode_tags_in_content( $content ) { 185 if ( false === strpos( $content, '[' ) ) { 186 return array(); 187 } 188 189 preg_match_all( '/' . get_shortcode_regex() . '/', $content, $matches, PREG_SET_ORDER ); 190 if ( empty( $matches ) ) { 191 return array(); 192 } 193 194 $tags = array(); 195 foreach ( $matches as $shortcode ) { 196 $tags[] = $shortcode[2]; 197 198 if ( ! empty( $shortcode[5] ) ) { 199 $deep_tags = get_shortcode_tags_in_content( $shortcode[5] ); 200 if ( ! empty( $deep_tags ) ) { 201 $tags = array_merge( $tags, $deep_tags ); 202 } 203 } 204 } 205 206 return $tags; 169 207 } 170 208
Note: See TracChangeset
for help on using the changeset viewer.