Changeset 56851
- Timestamp:
- 10/12/2023 02:25:18 PM (12 months ago)
- Location:
- branches/4.2/src
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/4.2/src/wp-admin/includes/ajax-actions.php
r55775 r56851 2800 2800 $shortcode = wp_unslash( $_POST['shortcode'] ); 2801 2801 2802 // Only process previews for media related shortcodes: 2803 $found_shortcodes = get_shortcode_tags_in_content( $shortcode ); 2804 $media_shortcodes = array( 2805 'audio', 2806 'embed', 2807 'playlist', 2808 'video', 2809 'gallery', 2810 ); 2811 2812 $other_shortcodes = array_diff( $found_shortcodes, $media_shortcodes ); 2813 2814 if ( ! empty( $other_shortcodes ) ) { 2815 wp_send_json_error(); 2816 } 2817 2802 2818 if ( ! empty( $_POST['post_ID'] ) ) { 2803 2819 $post = get_post( (int) $_POST['post_ID'] ); … … 2806 2822 // the embed shortcode requires a post 2807 2823 if ( ! $post || ! current_user_can( 'edit_post', $post->ID ) ) { 2808 if ( 'embed' === $shortcode) {2824 if ( in_array( 'embed', $found_shortcodes, true ) ) { 2809 2825 wp_send_json_error(); 2810 2826 } -
branches/4.2/src/wp-admin/includes/class-wp-comments-list-table.php
r32175 r56851 371 371 $this->user_can = current_user_can( 'edit_comment', $comment->comment_ID ); 372 372 373 $edit_post_cap = $post ? 'edit_post' : 'edit_posts'; 374 if ( 375 current_user_can( $edit_post_cap, $comment->comment_post_ID ) || 376 ( 377 empty( $post->post_password ) && 378 current_user_can( 'read_post', $comment->comment_post_ID ) 379 ) 380 ) { 381 // The user has access to the post 382 } else { 383 return false; 384 } 385 373 386 echo "<tr id='comment-$comment->comment_ID' class='$the_comment_class'>"; 374 387 $this->single_row_columns( $comment ); -
branches/4.2/src/wp-admin/includes/class-wp-list-table.php
r31513 r56851 610 610 $pending_phrase = sprintf( __( '%s pending' ), number_format( $pending_comments ) ); 611 611 612 $post_object = get_post( $post_id ); 613 $edit_post_cap = $post_object ? 'edit_post' : 'edit_posts'; 614 if ( 615 current_user_can( $edit_post_cap, $post_id ) || 616 ( 617 empty( $post_object->post_password ) && 618 current_user_can( 'read_post', $post_id ) 619 ) 620 ) { 621 // The user has access to the post and thus can see comments 622 } else { 623 return false; 624 } 625 612 626 if ( $pending_comments ) 613 627 echo '<strong>'; -
branches/4.2/src/wp-admin/includes/dashboard.php
r33358 r56851 787 787 788 788 echo '<div id="the-comment-list" data-wp-lists="list:comment">'; 789 foreach ( $comments as $comment ) 790 _wp_dashboard_recent_comments_row( $comment ); 789 foreach ( $comments as $comment ) { 790 $comment_post = get_post( $comment->comment_post_ID ); 791 if ( 792 current_user_can( 'edit_post', $comment->comment_post_ID ) || 793 ( 794 empty( $comment_post->post_password ) && 795 current_user_can( 'read_post', $comment->comment_post_ID ) 796 ) 797 ) { 798 _wp_dashboard_recent_comments_row( $comment ); 799 } 800 } 791 801 echo '</div>'; 792 802 -
branches/4.2/src/wp-includes/class-wp-theme.php
r39814 r56851 478 478 479 479 /** 480 * Perform reinitialization tasks. 481 * 482 * Prevents a callback from being injected during unserialization of an object. 483 * 484 * @return void 485 */ 486 public function __wakeup() { 487 if ( $this->parent && ! $this->parent instanceof self ) { 488 throw new UnexpectedValueException(); 489 } 490 if ( $this->headers && ! is_array( $this->headers ) ) { 491 throw new UnexpectedValueException(); 492 } 493 foreach ( $this->headers as $value ) { 494 if ( ! is_string( $value ) ) { 495 throw new UnexpectedValueException(); 496 } 497 } 498 $this->headers_sanitized = array(); 499 } 500 501 /** 480 502 * Adds theme data to cache. 481 503 * … … 1236 1258 return strnatcasecmp( $a->display( 'Name', false, true ), $b->display( 'Name', false, true ) ); 1237 1259 } 1260 1261 private static function _check_headers_property_has_correct_type( $headers ) { 1262 if ( ! is_array( $headers ) ) { 1263 return false; 1264 } 1265 foreach ( $headers as $key => $value ) { 1266 if ( ! is_string( $key ) || ! is_string( $value ) ) { 1267 return false; 1268 } 1269 } 1270 return true; 1271 } 1238 1272 } -
branches/4.2/src/wp-includes/media.php
r55775 r56851 1011 1011 } 1012 1012 } elseif ( ! empty( $atts['exclude'] ) ) { 1013 $post_parent_id = $id; 1013 1014 $attachments = get_children( array( 'post_parent' => $id, 'exclude' => $atts['exclude'], 'post_status' => 'inherit', 'post_type' => 'attachment', 'post_mime_type' => 'image', 'order' => $atts['order'], 'orderby' => $atts['orderby'] ) ); 1014 1015 } else { 1016 $post_parent_id = $id; 1015 1017 $attachments = get_children( array( 'post_parent' => $id, 'post_status' => 'inherit', 'post_type' => 'attachment', 'post_mime_type' => 'image', 'order' => $atts['order'], 'orderby' => $atts['orderby'] ) ); 1018 } 1019 1020 if ( ! empty( $post_parent_id ) ) { 1021 $post_parent = get_post( $post_parent_id ); 1022 1023 // terminate the shortcode execution if user cannot read the post or password-protected 1024 if ( 1025 ( ! is_post_publicly_viewable( $post_parent->ID ) && ! current_user_can( 'read_post', $post_parent->ID ) ) 1026 || post_password_required( $post_parent ) ) { 1027 return ''; 1028 } 1016 1029 } 1017 1030 … … 1306 1319 } 1307 1320 1321 if ( ! empty( $args['post_parent'] ) ) { 1322 $post_parent = get_post( $id ); 1323 1324 // terminate the shortcode execution if user cannot read the post or password-protected 1325 if ( ! current_user_can( 'read_post', $post_parent->ID ) || post_password_required( $post_parent ) ) { 1326 return ''; 1327 } 1328 } 1329 1308 1330 if ( empty( $attachments ) ) { 1309 1331 return ''; -
branches/4.2/src/wp-includes/shortcodes.php
r34145 r56851 174 174 175 175 /** 176 * Search content for shortcodes and filter shortcodes through their hooks. 176 * Returns a list of registered shortcode names found in the given content. 177 * 178 * Example usage: 179 * 180 * get_shortcode_tags_in_content( '[audio src="file.mp3"][/audio] [foo] [gallery ids="1,2,3"]' ); 181 * // array( 'audio', 'gallery' ) 182 * 183 * @since 6.3.2 184 * 185 * @param string $content The content to check. 186 * @return string[] An array of registered shortcode names found in the content. 187 */ 188 function get_shortcode_tags_in_content( $content ) { 189 if ( false === strpos( $content, '[' ) ) { 190 return array(); 191 } 192 193 preg_match_all( '/' . get_shortcode_regex() . '/', $content, $matches, PREG_SET_ORDER ); 194 if ( empty( $matches ) ) { 195 return array(); 196 } 197 198 $tags = array(); 199 foreach ( $matches as $shortcode ) { 200 $tags[] = $shortcode[2]; 201 202 if ( ! empty( $shortcode[5] ) ) { 203 $deep_tags = get_shortcode_tags_in_content( $shortcode[5] ); 204 if ( ! empty( $deep_tags ) ) { 205 $tags = array_merge( $tags, $deep_tags ); 206 } 207 } 208 } 209 210 return $tags; 211 } 212 213 /** 214 * Searches content for shortcodes and filter shortcodes through their hooks. 177 215 * 178 216 * If there are no shortcode tags defined, then the content will be returned
Note: See TracChangeset
for help on using the changeset viewer.