Changeset 58813 for trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-pattern-directory-controller.php

Timestamp:

07/27/2024 12:25:44 AM (21 months ago)

Author:

peterwilsoncc

Message:

General: Introduce wp_get_wp_version() to get unmodified version.

Introduces wp_get_wp_version() to get an unmodified value of $wp_version from wp-includes/version.php. Some plugins modify the global in an attempt to improve security through obscurity. This practice can cause errors in WordPress so the ability to get an unmodified version is needed.

Replaces instances within the code base in which version.php was required in order to get an unmodified value. script-loader.php is intentionally excluded from the replacements as the function is not always available to the file.

Props debarghyabanerjee, afragen, costdev.
See #61627.

File:

• trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-pattern-directory-controller.php (modified) (2 diffs)

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-pattern-directory-controller.php

@@ -88 +88 @@
      */
     public function get_items( $request ) {
-        /*
-         * Include an unmodified `$wp_version`, so the API can craft a response that's tailored to
-         * it. Some plugins modify the version in a misguided attempt to improve security by
-         * obscuring the version, which can cause invalid requests.
-         */
-        require ABSPATH . WPINC . '/version.php';
-
         $valid_query_args = array(
             'offset'   => true,
@@ -107 +100 @@
 
         $query_args['locale']             = get_user_locale();
-        $query_args['wp-version']         = $wp_version;
+        $query_args['wp-version']         = wp_get_wp_version();
         $query_args['pattern-categories'] = isset( $request['category'] ) ? $request['category'] : false;
         $query_args['pattern-keywords']   = isset( $request['keyword'] ) ? $request['keyword'] : false;