Changeset 56862 for branches/4.7/src/wp-includes/rest-api.php

Timestamp:

10/12/2023 02:48:17 PM (19 months ago)

Author:

davidbaumwald

Message:

Grouped backports to the 4.7 branch.

• Comments: Prevent users who can not see a post from seeing comments on it.
• Shortcodes: Restrict media shortcode ajax to certain type.
• REST API: Ensure no-cache headers are sent when methods are overridden.
• REST API: Limit search_columns for users without list_users.
• Prevent unintended behavior when certain objects are unserialized.

Merges [56834], [56835], [56836], [56838], and [56840] to the 4.7 branch.
Props xknown, jorbin, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis, tykoted, antpb, rmccue.

File:

• branches/4.7/src/wp-includes/rest-api.php (modified) (1 diff)

branches/4.7/src/wp-includes/rest-api.php

@@ -726 +726 @@
 
     if ( ! $result ) {
+        add_filter( 'rest_send_nocache_headers', '__return_true', 20 );
         return new WP_Error( 'rest_cookie_invalid_nonce', __( 'Cookie nonce is invalid' ), array( 'status' => 403 ) );
     }