Changeset 56880
- Timestamp:
- 10/12/2023 03:09:08 PM (13 months ago)
- Location:
- branches/5.5
- Files:
-
- 16 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/5.5
- Property svn:mergeinfo changed
/trunk merged: 56833-56836,56838
- Property svn:mergeinfo changed
-
branches/5.5/src/wp-admin/includes/ajax-actions.php
r55782 r56880 3767 3767 $shortcode = wp_unslash( $_POST['shortcode'] ); 3768 3768 3769 // Only process previews for media related shortcodes: 3770 $found_shortcodes = get_shortcode_tags_in_content( $shortcode ); 3771 $media_shortcodes = array( 3772 'audio', 3773 'embed', 3774 'playlist', 3775 'video', 3776 'gallery', 3777 ); 3778 3779 $other_shortcodes = array_diff( $found_shortcodes, $media_shortcodes ); 3780 3781 if ( ! empty( $other_shortcodes ) ) { 3782 wp_send_json_error(); 3783 } 3784 3769 3785 if ( ! empty( $_POST['post_ID'] ) ) { 3770 3786 $post = get_post( (int) $_POST['post_ID'] ); … … 3773 3789 // The embed shortcode requires a post. 3774 3790 if ( ! $post || ! current_user_can( 'edit_post', $post->ID ) ) { 3775 if ( 'embed' === $shortcode) {3791 if ( in_array( 'embed', $found_shortcodes, true ) ) { 3776 3792 wp_send_json_error(); 3777 3793 } -
branches/5.5/src/wp-admin/includes/class-wp-comments-list-table.php
r48670 r56880 614 614 } 615 615 $this->user_can = current_user_can( 'edit_comment', $comment->comment_ID ); 616 617 $edit_post_cap = $post ? 'edit_post' : 'edit_posts'; 618 if ( 619 current_user_can( $edit_post_cap, $comment->comment_post_ID ) || 620 ( 621 empty( $post->post_password ) && 622 current_user_can( 'read_post', $comment->comment_post_ID ) 623 ) 624 ) { 625 // The user has access to the post 626 } else { 627 return false; 628 } 616 629 617 630 echo "<tr id='comment-$comment->comment_ID' class='$the_comment_class'>"; -
branches/5.5/src/wp-admin/includes/class-wp-list-table.php
r48867 r56880 698 698 $pending_comments_number 699 699 ); 700 701 $post_object = get_post( $post_id ); 702 $edit_post_cap = $post_object ? 'edit_post' : 'edit_posts'; 703 if ( 704 current_user_can( $edit_post_cap, $post_id ) || 705 ( 706 empty( $post_object->post_password ) && 707 current_user_can( 'read_post', $post_id ) 708 ) 709 ) { 710 // The user has access to the post and thus can see comments 711 } else { 712 return false; 713 } 700 714 701 715 if ( ! $approved_comments && ! $pending_comments ) { -
branches/5.5/src/wp-admin/includes/dashboard.php
r49275 r56880 1043 1043 echo '<ul id="the-comment-list" data-wp-lists="list:comment">'; 1044 1044 foreach ( $comments as $comment ) { 1045 _wp_dashboard_recent_comments_row( $comment ); 1045 1046 $comment_post = get_post( $comment->comment_post_ID ); 1047 if ( 1048 current_user_can( 'edit_post', $comment->comment_post_ID ) || 1049 ( 1050 empty( $comment_post->post_password ) && 1051 current_user_can( 'read_post', $comment->comment_post_ID ) 1052 ) 1053 ) { 1054 _wp_dashboard_recent_comments_row( $comment ); 1055 } 1046 1056 } 1047 1057 echo '</ul>'; -
branches/5.5/src/wp-includes/Requests/Hooks.php
r46586 r56880 66 66 return true; 67 67 } 68 69 public function __wakeup() { 70 throw new \LogicException( __CLASS__ . ' should never be unserialized' ); 71 } 68 72 } -
branches/5.5/src/wp-includes/Requests/IRI.php
r46586 r56880 704 704 } 705 705 706 public function __wakeup() { 707 $class_props = get_class_vars( __CLASS__ ); 708 $string_props = array( 'scheme', 'iuserinfo', 'ihost', 'port', 'ipath', 'iquery', 'ifragment' ); 709 $array_props = array( 'normalization' ); 710 foreach ( $class_props as $prop => $default_value ) { 711 if ( in_array( $prop, $string_props, true ) && ! is_string( $this->$prop ) ) { 712 throw new UnexpectedValueException(); 713 } elseif ( in_array( $prop, $array_props, true ) && ! is_array( $this->$prop ) ) { 714 throw new UnexpectedValueException(); 715 } 716 $this->$prop = null; 717 } 718 } 719 706 720 /** 707 721 * Set the entire IRI. Returns true on success, false on failure (if there -
branches/5.5/src/wp-includes/Requests/Session.php
r46586 r56880 228 228 } 229 229 230 public function __wakeup() { 231 throw new \LogicException( __CLASS__ . ' should never be unserialized' ); 232 } 233 230 234 /** 231 235 * Merge a request's data with the default data -
branches/5.5/src/wp-includes/class-wp-block-patterns-registry.php
r48365 r56880 123 123 } 124 124 125 public function __wakeup() { 126 if ( ! $this->registered_patterns ) { 127 return; 128 } 129 if ( ! is_array( $this->registered_patterns ) ) { 130 throw new UnexpectedValueException(); 131 } 132 foreach ( $this->registered_patterns as $value ) { 133 if ( ! is_array( $value ) ) { 134 throw new UnexpectedValueException(); 135 } 136 } 137 $this->registered_patterns_outside_init = array(); 138 } 139 125 140 /** 126 141 * Utility method to retrieve the main instance of the class. -
branches/5.5/src/wp-includes/class-wp-block-type-registry.php
r48629 r56880 156 156 } 157 157 158 public function __wakeup() { 159 if ( ! $this->registered_block_types ) { 160 return; 161 } 162 if ( ! is_array( $this->registered_block_types ) ) { 163 throw new UnexpectedValueException(); 164 } 165 foreach ( $this->registered_block_types as $value ) { 166 if ( ! $value instanceof WP_Block_Type ) { 167 throw new UnexpectedValueException(); 168 } 169 } 170 } 171 158 172 /** 159 173 * Utility method to retrieve the main instance of the class. -
branches/5.5/src/wp-includes/class-wp-theme.php
r48590 r56880 676 676 677 677 /** 678 * Perform reinitialization tasks. 679 * 680 * Prevents a callback from being injected during unserialization of an object. 681 * 682 * @return void 683 */ 684 public function __wakeup() { 685 if ( $this->parent && ! $this->parent instanceof self ) { 686 throw new UnexpectedValueException(); 687 } 688 if ( $this->headers && ! is_array( $this->headers ) ) { 689 throw new UnexpectedValueException(); 690 } 691 foreach ( $this->headers as $value ) { 692 if ( ! is_string( $value ) ) { 693 throw new UnexpectedValueException(); 694 } 695 } 696 $this->headers_sanitized = array(); 697 } 698 699 /** 678 700 * Adds theme data to cache. 679 701 * … … 1659 1681 return strnatcasecmp( $a->name_translated, $b->name_translated ); 1660 1682 } 1683 1684 private static function _check_headers_property_has_correct_type( $headers ) { 1685 if ( ! is_array( $headers ) ) { 1686 return false; 1687 } 1688 foreach ( $headers as $key => $value ) { 1689 if ( ! is_string( $key ) || ! is_string( $value ) ) { 1690 return false; 1691 } 1692 } 1693 return true; 1694 } 1661 1695 } -
branches/5.5/src/wp-includes/media.php
r55782 r56880 2231 2231 } 2232 2232 } elseif ( ! empty( $atts['exclude'] ) ) { 2233 $post_parent_id = $id; 2233 2234 $attachments = get_children( 2234 2235 array( … … 2243 2244 ); 2244 2245 } else { 2246 $post_parent_id = $id; 2245 2247 $attachments = get_children( 2246 2248 array( … … 2253 2255 ) 2254 2256 ); 2257 } 2258 2259 if ( ! empty( $post_parent_id ) ) { 2260 $post_parent = get_post( $post_parent_id ); 2261 2262 // terminate the shortcode execution if user cannot read the post or password-protected 2263 if ( 2264 ( ! is_post_publicly_viewable( $post_parent->ID ) && ! current_user_can( 'read_post', $post_parent->ID ) ) 2265 || post_password_required( $post_parent ) ) { 2266 return ''; 2267 } 2255 2268 } 2256 2269 … … 2581 2594 } 2582 2595 2596 if ( ! empty( $args['post_parent'] ) ) { 2597 $post_parent = get_post( $id ); 2598 2599 // terminate the shortcode execution if user cannot read the post or password-protected 2600 if ( ! current_user_can( 'read_post', $post_parent->ID ) || post_password_required( $post_parent ) ) { 2601 return ''; 2602 } 2603 } 2604 2583 2605 if ( empty( $attachments ) ) { 2584 2606 return ''; -
branches/5.5/src/wp-includes/rest-api.php
r48883 r56880 998 998 999 999 if ( ! $result ) { 1000 add_filter( 'rest_send_nocache_headers', '__return_true', 20 ); 1000 1001 return new WP_Error( 'rest_cookie_invalid_nonce', __( 'Cookie nonce is invalid' ), array( 'status' => 403 ) ); 1001 1002 } -
branches/5.5/src/wp-includes/rest-api/class-wp-rest-server.php
r48576 r56880 282 282 283 283 /** 284 * Send nocache headers on authenticated requests.285 *286 * @since 4.4.0287 *288 * @param bool $rest_send_nocache_headers Whether to send no-cache headers.289 */290 $send_no_cache_headers = apply_filters( 'rest_send_nocache_headers', is_user_logged_in() );291 if ( $send_no_cache_headers ) {292 foreach ( wp_get_nocache_headers() as $header => $header_value ) {293 if ( empty( $header_value ) ) {294 $this->remove_header( $header );295 } else {296 $this->send_header( $header, $header_value );297 }298 }299 }300 301 /**302 284 * Filters whether the REST API is enabled. 303 285 * … … 365 347 * header. 366 348 */ 349 $method_overridden = false; 367 350 if ( isset( $_GET['_method'] ) ) { 368 351 $request->set_method( $_GET['_method'] ); 369 352 } elseif ( isset( $_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'] ) ) { 370 353 $request->set_method( $_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'] ); 354 $method_overridden = true; 371 355 } 372 356 … … 426 410 */ 427 411 $served = apply_filters( 'rest_pre_serve_request', false, $result, $request, $this ); 412 413 /** 414 * Filters whether to send nocache headers on a REST API request. 415 * 416 * @since 4.4.0 417 * @since 6.x.x Moved the block to catch the filter added on rest_cookie_check_errors() from rest-api.php 418 * 419 * @param bool $rest_send_nocache_headers Whether to send no-cache headers. 420 */ 421 $send_no_cache_headers = apply_filters( 'rest_send_nocache_headers', is_user_logged_in() ); 422 423 // send no cache headers if the $send_no_cache_headers is true 424 // OR if the HTTP_X_HTTP_METHOD_OVERRIDE is used but resulted a 4xx response code. 425 if ( $send_no_cache_headers || ( true === $method_overridden && strpos( $code, '4' ) === 0 ) ) { 426 foreach ( wp_get_nocache_headers() as $header => $header_value ) { 427 if ( empty( $header_value ) ) { 428 $this->remove_header( $header ); 429 } else { 430 $this->send_header( $header, $header_value ); 431 } 432 } 433 } 428 434 429 435 if ( ! $served ) { -
branches/5.5/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
r48526 r56880 303 303 304 304 if ( ! empty( $prepared_args['search'] ) ) { 305 if ( ! current_user_can( 'list_users' ) ) { 306 $prepared_args['search_columns'] = array( 'ID', 'user_login', 'user_nicename', 'display_name' ); 307 } 305 308 $prepared_args['search'] = '*' . $prepared_args['search'] . '*'; 306 309 } -
branches/5.5/src/wp-includes/shortcodes.php
r48590 r56880 161 161 162 162 /** 163 * Search content for shortcodes and filter shortcodes through their hooks. 163 * Returns a list of registered shortcode names found in the given content. 164 * 165 * Example usage: 166 * 167 * get_shortcode_tags_in_content( '[audio src="file.mp3"][/audio] [foo] [gallery ids="1,2,3"]' ); 168 * // array( 'audio', 'gallery' ) 169 * 170 * @since 6.3.2 171 * 172 * @param string $content The content to check. 173 * @return string[] An array of registered shortcode names found in the content. 174 */ 175 function get_shortcode_tags_in_content( $content ) { 176 if ( false === strpos( $content, '[' ) ) { 177 return array(); 178 } 179 180 preg_match_all( '/' . get_shortcode_regex() . '/', $content, $matches, PREG_SET_ORDER ); 181 if ( empty( $matches ) ) { 182 return array(); 183 } 184 185 $tags = array(); 186 foreach ( $matches as $shortcode ) { 187 $tags[] = $shortcode[2]; 188 189 if ( ! empty( $shortcode[5] ) ) { 190 $deep_tags = get_shortcode_tags_in_content( $shortcode[5] ); 191 if ( ! empty( $deep_tags ) ) { 192 $tags = array_merge( $tags, $deep_tags ); 193 } 194 } 195 } 196 197 return $tags; 198 } 199 200 /** 201 * Searches content for shortcodes and filter shortcodes through their hooks. 164 202 * 165 203 * This function is an alias for do_shortcode().
Note: See TracChangeset
for help on using the changeset viewer.