Changeset 57120
- Timestamp:
- 11/17/2023 01:27:23 PM (11 months ago)
- Location:
- trunk/src
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/includes/class-wp-comments-list-table.php
r56836 r57120 663 663 ) 664 664 ) { 665 // The user has access to the post 665 // The user has access to the post and thus can see comments. 666 666 } else { 667 667 return false; -
trunk/src/wp-admin/includes/class-wp-list-table.php
r56836 r57120 861 861 ) 862 862 ) { 863 // The user has access to the post and thus can see comments 863 // The user has access to the post and thus can see comments. 864 864 } else { 865 865 return false; -
trunk/src/wp-admin/includes/user.php
r56837 r57120 639 639 * @since 5.6.0 640 640 * @since 6.2.0 Allow insecure HTTP connections for the local environment. 641 * @since 6.3.2 Validates the success and reject URLs to prevent javascript pseudo protocolbeing executed.641 * @since 6.3.2 Validates the success and reject URLs to prevent `javascript` pseudo protocol from being executed. 642 642 * 643 643 * @param array $request { … … 701 701 702 702 /** 703 * Validates the redirect URL protocol scheme. The protocol can be anything except http and javascript.703 * Validates the redirect URL protocol scheme. The protocol can be anything except `http` and `javascript`. 704 704 * 705 705 * @since 6.3.2 706 706 * 707 * @param string $url - The redirect URL to be validated. 708 * 707 * @param string $url The redirect URL to be validated. 709 708 * @return true|WP_Error True if the redirect URL is valid, a WP_Error object otherwise. 710 709 */ … … 729 728 * @since 6.3.2 730 729 * 731 * @param string[] 732 * @param string 730 * @param string[] $bad_protocols Array of invalid protocols. 731 * @param string $url The redirect URL to be validated. 733 732 */ 734 $invalid_protocols = array_map( 'strtolower', apply_filters( 'wp_authorize_application_redirect_url_invalid_protocols', $bad_protocols, $url ) ); 733 $invalid_protocols = apply_filters( 'wp_authorize_application_redirect_url_invalid_protocols', $bad_protocols, $url ); 734 $invalid_protocols = array_map( 'strtolower', $invalid_protocols ); 735 735 736 736 $scheme = wp_parse_url( $url, PHP_URL_SCHEME ); … … 738 738 $is_local = 'local' === wp_get_environment_type(); 739 739 740 // validates if the proper URI format is applied to the $url740 // Validates if the proper URI format is applied to the URL. 741 741 if ( empty( $host ) || empty( $scheme ) || in_array( strtolower( $scheme ), $invalid_protocols, true ) ) { 742 742 return new WP_Error( -
trunk/src/wp-includes/blocks.php
r57066 r57120 1972 1972 /** 1973 1973 * Strips all HTML from the content of footnotes, and sanitizes the ID. 1974 * 1974 1975 * This function expects slashed data on the footnotes content. 1975 1976 * … … 1977 1978 * @since 6.3.2 1978 1979 * 1979 * @param string $footnotes JSON 1980 * @return string Filtered content without any HTML on the footnote content and with the sanitized id.1980 * @param string $footnotes JSON-encoded string of an array containing the content and ID of each footnote. 1981 * @return string Filtered content without any HTML on the footnote content and with the sanitized ID. 1981 1982 */ 1982 1983 function _wp_filter_post_meta_footnotes( $footnotes ) { … … 1998 1999 1999 2000 /** 2000 * Adds the filters to filter footnotes meta field.2001 * Adds the filters for footnotes meta field. 2001 2002 * 2002 2003 * @access private … … 2008 2009 2009 2010 /** 2010 * Removes the filters that filter footnotes meta field.2011 * Removes the filters for footnotes meta field. 2011 2012 * 2012 2013 * @access private … … 2018 2019 2019 2020 /** 2020 * Registers the filter of footnotes meta field if the user does not have unfiltered_htmlcapability.2021 * Registers the filter of footnotes meta field if the user does not have `unfiltered_html` capability. 2021 2022 * 2022 2023 * @access private … … 2031 2032 2032 2033 /** 2033 * Initializes footnotes meta field filterswhen imported data should be filtered.2034 * 2035 * This filter is the last being executed on force_filtered_html_on_import.2036 * If the input of the filter is true it means we are in an import situation and should2037 * enable kses, independently of the user capabilities. 2038 * So in that case we call _wp_footnotes_kses_init_filters;2034 * Initializes the filters for footnotes meta field when imported data should be filtered. 2035 * 2036 * This filter is the last one being executed on {@see 'force_filtered_html_on_import'}. 2037 * If the input of the filter is true, it means we are in an import situation and should 2038 * enable kses, independently of the user capabilities. So in that case we call 2039 * _wp_footnotes_kses_init_filters(). 2039 2040 * 2040 2041 * @access private … … 2045 2046 */ 2046 2047 function _wp_footnotes_force_filtered_html_on_import_filter( $arg ) { 2047 // force_filtered_html_on_import is truewe need to init the global styles kses filters.2048 // If `force_filtered_html_on_import` is true, we need to init the global styles kses filters. 2048 2049 if ( $arg ) { 2049 2050 _wp_footnotes_kses_init_filters(); -
trunk/src/wp-includes/media.php
r57053 r57120 2637 2637 $post_parent = get_post( $post_parent_id ); 2638 2638 2639 // terminate the shortcode execution if user cannot read the post or password-protected2640 if ( 2641 ( ! is_post_publicly_viewable( $post_parent->ID ) && ! current_user_can( 'read_post', $post_parent->ID ))2642 || post_password_required( $post_parent )) {2639 // Terminate the shortcode execution if the user cannot read the post or it is password-protected. 2640 if ( ! is_post_publicly_viewable( $post_parent->ID ) && ! current_user_can( 'read_post', $post_parent->ID ) 2641 || post_password_required( $post_parent ) 2642 ) { 2643 2643 return ''; 2644 2644 } … … 2980 2980 $post_parent = get_post( $id ); 2981 2981 2982 // terminate the shortcode execution if user cannot read the post or password-protected2982 // Terminate the shortcode execution if the user cannot read the post or it is password-protected. 2983 2983 if ( ! current_user_can( 'read_post', $post_parent->ID ) || post_password_required( $post_parent ) ) { 2984 2984 return ''; -
trunk/src/wp-includes/rest-api/class-wp-rest-server.php
r57012 r57120 468 468 469 469 /** 470 * Filters whether to send no cache headers on a REST API request.470 * Filters whether to send no-cache headers on a REST API request. 471 471 * 472 472 * @since 4.4.0 473 * @since 6.3.2 Moved the block to catch the filter added on rest_cookie_check_errors() from rest-api.php473 * @since 6.3.2 Moved the block to catch the filter added on rest_cookie_check_errors() from wp-includes/rest-api.php. 474 474 * 475 475 * @param bool $rest_send_nocache_headers Whether to send no-cache headers. … … 477 477 $send_no_cache_headers = apply_filters( 'rest_send_nocache_headers', is_user_logged_in() ); 478 478 479 // send no cache headers if the $send_no_cache_headers is true 480 // OR if the HTTP_X_HTTP_METHOD_OVERRIDE is used but resulted a 4x response code. 479 /* 480 * Send no-cache headers if $send_no_cache_headers is true, 481 * OR if the HTTP_X_HTTP_METHOD_OVERRIDE is used but resulted a 4xx response code. 482 */ 481 483 if ( $send_no_cache_headers || ( true === $method_overridden && strpos( $code, '4' ) === 0 ) ) { 482 484 foreach ( wp_get_nocache_headers() as $header => $header_value ) {
Note: See TracChangeset
for help on using the changeset viewer.