Changeset 56846
- Timestamp:
- 10/12/2023 01:27:29 PM (12 months ago)
- Location:
- branches/6.3
- Files:
-
- 4 edited
- 1 copied
Legend:
- Unmodified
- Added
- Removed
-
branches/6.3
-
branches/6.3/src/wp-admin/includes/ajax-actions.php
r56245 r56846 3883 3883 $shortcode = wp_unslash( $_POST['shortcode'] ); 3884 3884 3885 // Only process previews for media related shortcodes: 3886 $found_shortcodes = get_shortcode_tags_in_content( $shortcode ); 3887 $media_shortcodes = array( 3888 'audio', 3889 'embed', 3890 'playlist', 3891 'video', 3892 'gallery', 3893 ); 3894 3895 $other_shortcodes = array_diff( $found_shortcodes, $media_shortcodes ); 3896 3897 if ( ! empty( $other_shortcodes ) ) { 3898 wp_send_json_error(); 3899 } 3900 3885 3901 if ( ! empty( $_POST['post_ID'] ) ) { 3886 3902 $post = get_post( (int) $_POST['post_ID'] ); … … 3889 3905 // The embed shortcode requires a post. 3890 3906 if ( ! $post || ! current_user_can( 'edit_post', $post->ID ) ) { 3891 if ( 'embed' === $shortcode) {3907 if ( in_array( 'embed', $found_shortcodes, true ) ) { 3892 3908 wp_send_json_error(); 3893 3909 } -
branches/6.3/src/wp-includes/media.php
r56429 r56846 2606 2606 } 2607 2607 } elseif ( ! empty( $atts['exclude'] ) ) { 2608 $post_parent_id = $id; 2608 2609 $attachments = get_children( 2609 2610 array( … … 2618 2619 ); 2619 2620 } else { 2621 $post_parent_id = $id; 2620 2622 $attachments = get_children( 2621 2623 array( … … 2628 2630 ) 2629 2631 ); 2632 } 2633 2634 if ( ! empty( $post_parent_id ) ) { 2635 $post_parent = get_post( $post_parent_id ); 2636 2637 // terminate the shortcode execution if user cannot read the post or password-protected 2638 if ( 2639 ( ! is_post_publicly_viewable( $post_parent->ID ) && ! current_user_can( 'read_post', $post_parent->ID ) ) 2640 || post_password_required( $post_parent ) ) { 2641 return ''; 2642 } 2630 2643 } 2631 2644 … … 2962 2975 } 2963 2976 2977 if ( ! empty( $args['post_parent'] ) ) { 2978 $post_parent = get_post( $id ); 2979 2980 // terminate the shortcode execution if user cannot read the post or password-protected 2981 if ( ! current_user_can( 'read_post', $post_parent->ID ) || post_password_required( $post_parent ) ) { 2982 return ''; 2983 } 2984 } 2985 2964 2986 if ( empty( $attachments ) ) { 2965 2987 return ''; -
branches/6.3/src/wp-includes/shortcodes.php
r56214 r56846 167 167 } 168 168 return false; 169 } 170 171 /** 172 * Returns a list of registered shortcode names found in the given content. 173 * 174 * Example usage: 175 * 176 * get_shortcode_tags_in_content( '[audio src="file.mp3"][/audio] [foo] [gallery ids="1,2,3"]' ); 177 * // array( 'audio', 'gallery' ) 178 * 179 * @since 6.3.2 180 * 181 * @param string $content The content to check. 182 * @return string[] An array of registered shortcode names found in the content. 183 */ 184 function get_shortcode_tags_in_content( $content ) { 185 if ( false === strpos( $content, '[' ) ) { 186 return array(); 187 } 188 189 preg_match_all( '/' . get_shortcode_regex() . '/', $content, $matches, PREG_SET_ORDER ); 190 if ( empty( $matches ) ) { 191 return array(); 192 } 193 194 $tags = array(); 195 foreach ( $matches as $shortcode ) { 196 $tags[] = $shortcode[2]; 197 198 if ( ! empty( $shortcode[5] ) ) { 199 $deep_tags = get_shortcode_tags_in_content( $shortcode[5] ); 200 if ( ! empty( $deep_tags ) ) { 201 $tags = array_merge( $tags, $deep_tags ); 202 } 203 } 204 } 205 206 return $tags; 169 207 } 170 208
Note: See TracChangeset
for help on using the changeset viewer.