Make WordPress Core

Changeset 58813


Ignore:
Timestamp:
07/27/2024 12:25:44 AM (2 months ago)
Author:
peterwilsoncc
Message:

General: Introduce wp_get_wp_version() to get unmodified version.

Introduces wp_get_wp_version() to get an unmodified value of $wp_version from wp-includes/version.php. Some plugins modify the global in an attempt to improve security through obscurity. This practice can cause errors in WordPress so the ability to get an unmodified version is needed.

Replaces instances within the code base in which version.php was required in order to get an unmodified value. script-loader.php is intentionally excluded from the replacements as the function is not always available to the file.

Props debarghyabanerjee, afragen, costdev.
See #61627.

Location:
trunk
Files:
1 added
11 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/credits.php

    r55988 r58813  
    2020function wp_credits( $version = '', $locale = '' ) {
    2121    if ( ! $version ) {
    22         // Include an unmodified $wp_version.
    23         require ABSPATH . WPINC . '/version.php';
    24 
    25         $version = $wp_version;
     22        $version = wp_get_wp_version();
    2623    }
    2724
  • trunk/src/wp-admin/includes/dashboard.php

    r57571 r58813  
    18201820
    18211821    if ( false === $response ) {
    1822         // Include an unmodified $wp_version.
    1823         require ABSPATH . WPINC . '/version.php';
    1824 
    18251822        $url     = 'http://api.wordpress.org/core/browse-happy/1.1/';
    18261823        $options = array(
    18271824            'body'       => array( 'useragent' => $_SERVER['HTTP_USER_AGENT'] ),
    1828             'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ),
     1825            'user-agent' => 'WordPress/' . wp_get_wp_version() . '; ' . home_url( '/' ),
    18291826        );
    18301827
  • trunk/src/wp-admin/includes/import.php

    r53794 r58813  
    137137 */
    138138function wp_get_popular_importers() {
    139     // Include an unmodified $wp_version.
    140     require ABSPATH . WPINC . '/version.php';
    141 
    142139    $locale            = get_user_locale();
    143     $cache_key         = 'popular_importers_' . md5( $locale . $wp_version );
     140    $cache_key         = 'popular_importers_' . md5( $locale . wp_get_wp_version() );
    144141    $popular_importers = get_site_transient( $cache_key );
    145142
     
    148145            array(
    149146                'locale'  => $locale,
    150                 'version' => $wp_version,
     147                'version' => wp_get_wp_version(),
    151148            ),
    152149            'http://api.wordpress.org/core/importers/1.1/'
    153150        );
    154         $options = array( 'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ) );
     151        $options = array( 'user-agent' => 'WordPress/' . wp_get_wp_version() . '; ' . home_url( '/' ) );
    155152
    156153        if ( wp_http_supports( array( 'ssl' ) ) ) {
  • trunk/src/wp-admin/includes/plugin-install.php

    r58409 r58813  
    101101 */
    102102function plugins_api( $action, $args = array() ) {
    103     // Include an unmodified $wp_version.
    104     require ABSPATH . WPINC . '/version.php';
    105 
    106103    if ( is_array( $args ) ) {
    107104        $args = (object) $args;
     
    119116
    120117    if ( ! isset( $args->wp_version ) ) {
    121         $args->wp_version = substr( $wp_version, 0, 3 ); // x.y
     118        $args->wp_version = substr( wp_get_wp_version(), 0, 3 ); // x.y
    122119    }
    123120
     
    169166        $http_args = array(
    170167            'timeout'    => 15,
    171             'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ),
     168            'user-agent' => 'WordPress/' . wp_get_wp_version() . '; ' . home_url( '/' ),
    172169        );
    173170        $request   = wp_remote_get( $url, $http_args );
  • trunk/src/wp-admin/includes/theme.php

    r58409 r58813  
    494494 */
    495495function themes_api( $action, $args = array() ) {
    496     // Include an unmodified $wp_version.
    497     require ABSPATH . WPINC . '/version.php';
    498 
    499496    if ( is_array( $args ) ) {
    500497        $args = (object) $args;
     
    512509
    513510    if ( ! isset( $args->wp_version ) ) {
    514         $args->wp_version = substr( $wp_version, 0, 3 ); // x.y
     511        $args->wp_version = substr( wp_get_wp_version(), 0, 3 ); // x.y
    515512    }
    516513
     
    563560        $http_args = array(
    564561            'timeout'    => 15,
    565             'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ),
     562            'user-agent' => 'WordPress/' . wp_get_wp_version() . '; ' . home_url( '/' ),
    566563        );
    567564        $request   = wp_remote_get( $url, $http_args );
  • trunk/src/wp-admin/includes/translation-install.php

    r58409 r58813  
    1818 */
    1919function translations_api( $type, $args = null ) {
    20     // Include an unmodified $wp_version.
    21     require ABSPATH . WPINC . '/version.php';
    22 
    2320    if ( ! in_array( $type, array( 'plugins', 'themes', 'core' ), true ) ) {
    2421        return new WP_Error( 'invalid_type', __( 'Invalid translation type.' ) );
     
    4744            'timeout' => 3,
    4845            'body'    => array(
    49                 'wp_version' => $wp_version,
     46                'wp_version' => wp_get_wp_version(),
    5047                'locale'     => get_locale(),
    5148                'version'    => $args['version'], // Version of plugin, theme or core.
     
    129126    }
    130127
    131     // Include an unmodified $wp_version.
    132     require ABSPATH . WPINC . '/version.php';
    133 
    134     $api = translations_api( 'core', array( 'version' => $wp_version ) );
     128    $api = translations_api( 'core', array( 'version' => wp_get_wp_version() ) );
    135129
    136130    if ( is_wp_error( $api ) || empty( $api['translations'] ) ) {
  • trunk/src/wp-admin/includes/update.php

    r58409 r58813  
    265265    }
    266266
    267     // Include an unmodified $wp_version.
    268     require ABSPATH . WPINC . '/version.php';
    269 
    270     $is_development_version = preg_match( '/alpha|beta|RC/', $wp_version );
     267    $is_development_version = preg_match( '/alpha|beta|RC/', wp_get_wp_version() );
    271268
    272269    if ( $is_development_version ) {
     
    855852 */
    856853function maintenance_nag() {
    857     // Include an unmodified $wp_version.
    858     require ABSPATH . WPINC . '/version.php';
    859854    global $upgrading;
    860855
     
    874869         */
    875870        $comparison = ! empty( $failed['critical'] ) ? '>=' : '>';
    876         if ( isset( $failed['attempted'] ) && version_compare( $failed['attempted'], $wp_version, $comparison ) ) {
     871        if ( isset( $failed['attempted'] ) && version_compare( $failed['attempted'], wp_get_wp_version(), $comparison ) ) {
    877872            $nag = true;
    878873        }
  • trunk/src/wp-includes/functions.php

    r58763 r58813  
    90079007    echo wp_kses_post( wp_get_admin_notice( $message, $args ) );
    90089008}
     9009
     9010/**
     9011 * Returns the current WordPress Version.
     9012 *
     9013 * Returns an unmodified version of `$wp_version`. Some plugins modify the
     9014 * global in an attempt to improve security through obscurity. This
     9015 * practice can cause errors in WordPress so the ability to get an
     9016 * unmodified version is needed.
     9017 *
     9018 * @since 6.7.0
     9019 *
     9020 * @return string The current WordPress Version.
     9021 */
     9022function wp_get_wp_version() {
     9023    require ABSPATH . WPINC . '/version.php';
     9024
     9025    return $wp_version;
     9026}
  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-pattern-directory-controller.php

    r56753 r58813  
    8888     */
    8989    public function get_items( $request ) {
    90         /*
    91          * Include an unmodified `$wp_version`, so the API can craft a response that's tailored to
    92          * it. Some plugins modify the version in a misguided attempt to improve security by
    93          * obscuring the version, which can cause invalid requests.
    94          */
    95         require ABSPATH . WPINC . '/version.php';
    96 
    9790        $valid_query_args = array(
    9891            'offset'   => true,
     
    107100
    108101        $query_args['locale']             = get_user_locale();
    109         $query_args['wp-version']         = $wp_version;
     102        $query_args['wp-version']         = wp_get_wp_version();
    110103        $query_args['pattern-categories'] = isset( $request['category'] ) ? $request['category'] : false;
    111104        $query_args['pattern-keywords']   = isset( $request['keyword'] ) ? $request['keyword'] : false;
  • trunk/src/wp-includes/script-loader.php

    r58800 r58813  
    685685
    686686    if ( null === $suffixes ) {
    687         // Include an unmodified $wp_version.
     687        /*
     688         * Include an unmodified $wp_version.
     689         *
     690         * Note: wp_get_wp_version() is not used here, as this file can be included
     691         * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case
     692         * wp-includes/functions.php is not loaded.
     693         */
    688694        require ABSPATH . WPINC . '/version.php';
    689695
     
    15231529    global $editor_styles;
    15241530
    1525     // Include an unmodified $wp_version.
     1531    /*
     1532     * Include an unmodified $wp_version.
     1533     *
     1534     * Note: wp_get_wp_version() is not used here, as this file can be included
     1535     * via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case
     1536     * wp-includes/functions.php is not loaded.
     1537     */
    15261538    require ABSPATH . WPINC . '/version.php';
    15271539
  • trunk/src/wp-includes/update.php

    r58409 r58813  
    3232    }
    3333
    34     // Include an unmodified $wp_version.
    35     require ABSPATH . WPINC . '/version.php';
    3634    $php_version = PHP_VERSION;
    3735
     
    4038
    4139    // Invalidate the transient when $wp_version changes.
    42     if ( is_object( $current ) && $wp_version !== $current->version_checked ) {
     40    if ( is_object( $current ) && wp_get_wp_version() !== $current->version_checked ) {
    4341        $current = false;
    4442    }
     
    4745        $current                  = new stdClass();
    4846        $current->updates         = array();
    49         $current->version_checked = $wp_version;
     47        $current->version_checked = wp_get_wp_version();
    5048    }
    5149
     
    9694    sort( $extensions, SORT_STRING | SORT_FLAG_CASE );
    9795    $query = array(
    98         'version'            => $wp_version,
     96        'version'            => wp_get_wp_version(),
    9997        'php'                => $php_version,
    10098        'locale'             => $locale,
     
    192190    $options = array(
    193191        'timeout'    => $doing_cron ? 30 : 3,
    194         'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ),
     192        'user-agent' => 'WordPress/' . wp_get_wp_version() . '; ' . home_url( '/' ),
    195193        'headers'    => array(
    196194            'wp_install' => $wp_install,
     
    267265    $updates->updates         = $offers;
    268266    $updates->last_checked    = time();
    269     $updates->version_checked = $wp_version;
     267    $updates->version_checked = wp_get_wp_version();
    270268
    271269    if ( isset( $body['translations'] ) ) {
     
    315313        return;
    316314    }
    317 
    318     // Include an unmodified $wp_version.
    319     require ABSPATH . WPINC . '/version.php';
    320315
    321316    // If running blog-side, bail unless we've not checked in the last 12 hours.
     
    424419            'all'          => wp_json_encode( true ),
    425420        ),
    426         'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ),
     421        'user-agent' => 'WordPress/' . wp_get_wp_version() . '; ' . home_url( '/' ),
    427422    );
    428423
     
    591586    }
    592587
    593     // Include an unmodified $wp_version.
    594     require ABSPATH . WPINC . '/version.php';
    595 
    596588    $installed_themes = wp_get_themes();
    597589    $translations     = wp_get_installed_translations( 'themes' );
     
    706698            'locale'       => wp_json_encode( $locales ),
    707699        ),
    708         'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ),
     700        'user-agent' => 'WordPress/' . wp_get_wp_version() . '; ' . home_url( '/' ),
    709701    );
    710702
     
    990982 */
    991983function _maybe_update_core() {
    992     // Include an unmodified $wp_version.
    993     require ABSPATH . WPINC . '/version.php';
    994 
    995984    $current = get_site_transient( 'update_core' );
    996985
    997986    if ( isset( $current->last_checked, $current->version_checked )
    998987        && 12 * HOUR_IN_SECONDS > ( time() - $current->last_checked )
    999         && $current->version_checked === $wp_version
     988        && wp_get_wp_version() === $current->version_checked
    1000989    ) {
    1001990        return;
Note: See TracChangeset for help on using the changeset viewer.