Changeset 54566
- Timestamp:
- 10/17/2022 06:08:39 PM (2 years ago)
- Location:
- branches/4.7
- Files:
-
- 20 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/4.7
- Property svn:mergeinfo changed
/trunk merged: 54521-54530,54541
- Property svn:mergeinfo changed
-
branches/4.7/src/wp-admin/includes/ajax-actions.php
r45947 r54566 2410 2410 // Filter query clauses to include filenames. 2411 2411 if ( isset( $query['s'] ) ) { 2412 add_filter( ' posts_clauses', '_filter_query_attachment_filenames' );2412 add_filter( '' ); 2413 2413 } 2414 2414 -
branches/4.7/src/wp-admin/includes/post.php
r44056 r54566 1170 1170 // Filter query clauses to include filenames. 1171 1171 if ( isset( $q['s'] ) ) { 1172 add_filter( ' posts_clauses', '_filter_query_attachment_filenames' );1172 add_filter( '' ); 1173 1173 } 1174 1174 -
branches/4.7/src/wp-includes/class-wp-query.php
r47650 r54566 487 487 private $compat_methods = array( 'init_query_flags', 'parse_tax_query' ); 488 488 489 490 491 492 493 494 495 489 496 /** 490 497 * Resets query flags to false. … … 1345 1352 1346 1353 $like = $n . $wpdb->esc_like( $term ) . $n; 1347 $search .= $wpdb->prepare( "{$searchand}(({$wpdb->posts}.post_title $like_op %s) $andor_op ({$wpdb->posts}.post_excerpt $like_op %s) $andor_op ({$wpdb->posts}.post_content $like_op %s))", $like, $like, $like ); 1354 1355 if ( ! empty( $this->allow_query_attachment_by_filename ) ) { 1356 $search .= $wpdb->prepare( "{$searchand}(({$wpdb->posts}.post_title $like_op %s) $andor_op ({$wpdb->posts}.post_excerpt $like_op %s) $andor_op ({$wpdb->posts}.post_content $like_op %s) $andor_op (sq1.meta_value $like_op %s))", $like, $like, $like, $like ); 1357 } else { 1358 $search .= $wpdb->prepare( "{$searchand}(({$wpdb->posts}.post_title $like_op %s) $andor_op ({$wpdb->posts}.post_excerpt $like_op %s) $andor_op ({$wpdb->posts}.post_content $like_op %s))", $like, $like, $like ); 1359 } 1348 1360 $searchand = ' AND '; 1349 1361 } … … 1682 1694 $q = $this->fill_query_vars($q); 1683 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1684 1706 // Parse meta query 1685 1707 $this->meta_query = new WP_Meta_Query(); … … 2078 2100 } 2079 2101 2080 if ( ! empty( $this->tax_query->queries ) || !empty( $this->meta_query->queries) ) {2102 if ( ! ) ) { 2081 2103 $groupby = "{$wpdb->posts}.ID"; 2082 2104 } … … 2126 2148 } 2127 2149 $where .= $search . $whichauthor . $whichmimetype; 2150 2151 2152 2153 2128 2154 2129 2155 if ( ! empty( $this->meta_query->queries ) ) { -
branches/4.7/src/wp-includes/comment.php
r44847 r54566 2147 2147 } 2148 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2149 2158 // Escape data pulled from DB. 2150 2159 $comment = wp_slash($comment); … … 2156 2165 2157 2166 $commentarr = wp_filter_comment( $commentarr ); 2167 2168 2169 2170 2158 2171 2159 2172 // Now extract the merged array. -
branches/4.7/src/wp-includes/customize/class-wp-customize-header-image-control.php
r39145 r54566 104 104 105 105 <button type="button" class="choice thumbnail" 106 data-customize-image-value="{{ {data.header.url}}}"106 data-customize-image-value="{{}}" 107 107 data-customize-header-image-data="{{JSON.stringify(data.header)}}"> 108 108 <span class="screen-reader-text"><?php _e( 'Set image' ); ?></span> 109 <img src="{{ {data.header.thumbnail_url}}}" alt="{{{data.header.alt_text || data.header.description}}}">109 <img src="{{> 110 110 </button> 111 111 -
branches/4.7/src/wp-includes/customize/class-wp-customize-site-icon-control.php
r40332 r54566 70 70 <img src="{{ data.attachment.sizes.full ? data.attachment.sizes.full.url : data.attachment.url }}" alt="<?php esc_attr_e( 'Preview as a browser icon' ); ?>"/> 71 71 </div> 72 <span class="browser-title" aria-hidden="true"><?php bloginfo( 'name'); ?></span>72 <span class="browser-title" aria-hidden="true"><?php ); ?></span> 73 73 </div> 74 74 <img class="app-icon-preview" src="{{ data.attachment.sizes.full ? data.attachment.sizes.full.url : data.attachment.url }}" alt="<?php esc_attr_e( 'Preview as an app icon' ); ?>"/> -
branches/4.7/src/wp-includes/date.php
r38768 r54566 152 152 */ 153 153 public function __construct( $date_query, $default_column = 'post_date' ) { 154 if ( isset( $date_query['relation'] ) && 'OR' === strtoupper( $date_query['relation'] )) {155 $this->relation = 'OR';154 if ( isset( $date_query['relation'] ) ) { 155 $this->relation = ; 156 156 } else { 157 157 $this->relation = 'AND'; … … 232 232 $this->validate_date_values( $queries ); 233 233 } 234 235 236 234 237 235 238 foreach ( $queries as $key => $q ) { … … 1015 1018 return $wpdb->prepare( "DATE_FORMAT( $column, %s ) $compare %f", $format, $time ); 1016 1019 } 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1017 1036 } -
branches/4.7/src/wp-includes/deprecated.php
r39051 r54566 3879 3879 return strcmp( $a->$_menu_item_sort_prop, $b->$_menu_item_sort_prop ); 3880 3880 } 3881 3882 3883 3884 3885 3886 3887 3888 3889 3890 3891 3892 3893 3894 3895 3896 3897 3898 -
branches/4.7/src/wp-includes/functions.php
r46495 r54566 2369 2369 if ( $type !== $real_mime ) { 2370 2370 /* 2371 * Everything else including image/* and application/*: 2371 * Everything else including image/* and application/*: 2372 2372 * If the real content type doesn't match the file extension, assume it's dangerous. 2373 2373 */ … … 2378 2378 } 2379 2379 2380 // The mime type must be allowed 2380 // The mime type must be allowed 2381 2381 if ( $type ) { 2382 2382 $allowed = get_allowed_mime_types(); … … 2650 2650 $html = __( 'Are you sure you want to do this?' ); 2651 2651 if ( wp_get_referer() ) { 2652 $html .= '</p><p>'; 2653 $html .= sprintf( '<a href="%s">%s</a>', 2654 esc_url( remove_query_arg( 'updated', wp_get_referer() ) ), 2652 $wp_http_referer = remove_query_arg( 'updated', wp_get_referer() ); 2653 $wp_http_referer = wp_validate_redirect( esc_url_raw( $wp_http_referer ) ); 2654 $html .= '</p><p>'; 2655 $html .= sprintf( 2656 '<a href="%s">%s</a>', 2657 esc_url( $wp_http_referer ), 2655 2658 __( 'Please try again.' ) 2656 2659 ); -
branches/4.7/src/wp-includes/media-template.php
r40367 r54566 1250 1250 <img id="preview-favicon" src="{{ data.url }}" alt="<?php esc_attr_e( 'Preview as a browser icon' ); ?>"/> 1251 1251 </div> 1252 <span class="browser-title" aria-hidden="true"><?php bloginfo( 'name'); ?></span>1252 <span class="browser-title" aria-hidden="true"><?php ); ?></span> 1253 1253 </div> 1254 1254 -
branches/4.7/src/wp-includes/pluggable.php
r47978 r54566 309 309 $phpmailer->ClearCustomHeaders(); 310 310 $phpmailer->ClearReplyTos(); 311 312 311 313 312 314 // From email and name -
branches/4.7/src/wp-includes/post.php
r52476 r54566 1632 1632 } 1633 1633 1634 return $post_type->publicly_queryable || ( $post_type->_builtin && $post_type->public ); 1634 if ( ! is_object( $post_type ) ) { 1635 return false; 1636 } 1637 1638 $is_viewable = $post_type->publicly_queryable || ( $post_type->_builtin && $post_type->public ); 1639 1640 /** 1641 * Filters whether a post type is considered "viewable". 1642 * 1643 * The returned filtered value must be a boolean type to ensure 1644 * `is_post_type_viewable()` only returns a boolean. This strictness 1645 * is by design to maintain backwards-compatibility and guard against 1646 * potential type errors in PHP 8.1+. Non-boolean values (even falsey 1647 * and truthy values) will result in the function returning false. 1648 * 1649 * @since 5.9.0 1650 * 1651 * @param bool $is_viewable Whether the post type is "viewable" (strict type). 1652 * @param WP_Post_Type $post_type Post type object. 1653 */ 1654 return true === apply_filters( 'is_post_type_viewable', $is_viewable, $post_type ); 1655 } 1656 1657 /** 1658 * Determines whether a post status is considered "viewable". 1659 * 1660 * For built-in post statuses such as publish and private, the 'public' value will be evaluated. 1661 * For all others, the 'publicly_queryable' value will be used. 1662 * 1663 * @since 5.7.0 1664 * @since 5.9.0 Added `is_post_status_viewable` hook to filter the result. 1665 * 1666 * @param string|stdClass $post_status Post status name or object. 1667 * @return bool Whether the post status should be considered viewable. 1668 */ 1669 function is_post_status_viewable( $post_status ) { 1670 if ( is_scalar( $post_status ) ) { 1671 $post_status = get_post_status_object( $post_status ); 1672 1673 if ( ! $post_status ) { 1674 return false; 1675 } 1676 } 1677 1678 if ( 1679 ! is_object( $post_status ) || 1680 $post_status->internal || 1681 $post_status->protected 1682 ) { 1683 return false; 1684 } 1685 1686 $is_viewable = $post_status->publicly_queryable || ( $post_status->_builtin && $post_status->public ); 1687 1688 /** 1689 * Filters whether a post status is considered "viewable". 1690 * 1691 * The returned filtered value must be a boolean type to ensure 1692 * `is_post_status_viewable()` only returns a boolean. This strictness 1693 * is by design to maintain backwards-compatibility and guard against 1694 * potential type errors in PHP 8.1+. Non-boolean values (even falsey 1695 * and truthy values) will result in the function returning false. 1696 * 1697 * @since 5.9.0 1698 * 1699 * @param bool $is_viewable Whether the post status is "viewable" (strict type). 1700 * @param stdClass $post_status Post status object. 1701 */ 1702 return true === apply_filters( 'is_post_status_viewable', $is_viewable, $post_status ); 1703 } 1704 1705 /** 1706 * Determines whether a post is publicly viewable. 1707 * 1708 * Posts are considered publicly viewable if both the post status and post type 1709 * are viewable. 1710 * 1711 * @since 5.7.0 1712 * 1713 * @param int|WP_Post|null $post Optional. Post ID or post object. Defaults to global $post. 1714 * @return bool Whether the post is publicly viewable. 1715 */ 1716 function is_post_publicly_viewable( $post = null ) { 1717 $post = get_post( $post ); 1718 1719 if ( ! $post ) { 1720 return false; 1721 } 1722 1723 $post_type = get_post_type( $post ); 1724 $post_status = get_post_status( $post ); 1725 1726 return is_post_type_viewable( $post_type ) && is_post_status_viewable( $post_status ); 1635 1727 } 1636 1728 … … 6235 6327 return $post_name; 6236 6328 } 6237 6238 /**6239 * Filter the SQL clauses of an attachment query to include filenames.6240 *6241 * @since 4.7.06242 * @access private6243 *6244 * @global wpdb $wpdb WordPress database abstraction object.6245 *6246 * @param array $clauses An array including WHERE, GROUP BY, JOIN, ORDER BY,6247 * DISTINCT, fields (SELECT), and LIMITS clauses.6248 * @return array The modified clauses.6249 */6250 function _filter_query_attachment_filenames( $clauses ) {6251 global $wpdb;6252 remove_filter( 'posts_clauses', __FUNCTION__ );6253 6254 // Add a LEFT JOIN of the postmeta table so we don't trample existing JOINs.6255 $clauses['join'] .= " LEFT JOIN {$wpdb->postmeta} AS sq1 ON ( {$wpdb->posts}.ID = sq1.post_id AND sq1.meta_key = '_wp_attached_file' )";6256 6257 $clauses['groupby'] = "{$wpdb->posts}.ID";6258 6259 $clauses['where'] = preg_replace(6260 "/\({$wpdb->posts}.post_content (NOT LIKE|LIKE) (\'[^']+\')\)/",6261 "$0 OR ( sq1.meta_value $1 $2 )",6262 $clauses['where'] );6263 6264 return $clauses;6265 } -
branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php
r39629 r54566 50 50 // Filter query clauses to include filenames. 51 51 if ( isset( $query_args['s'] ) ) { 52 add_filter( ' posts_clauses', '_filter_query_attachment_filenames' );52 add_filter( '' ); 53 53 } 54 54 -
branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
r40427 r54566 134 134 135 135 /** 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 136 165 * Checks if a request has access to read terms in the specified taxonomy. 137 166 * … … 144 173 public function get_items_permissions_check( $request ) { 145 174 $tax_obj = get_taxonomy( $this->taxonomy ); 175 146 176 if ( ! $tax_obj || ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) { 147 177 return false; 148 178 } 179 149 180 if ( 'edit' === $request['context'] && ! current_user_can( $tax_obj->cap->edit_terms ) ) { 150 return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit terms in this taxonomy.' ), array( 'status' => rest_authorization_required_code() ) ); 151 } 181 return new WP_Error( 182 'rest_forbidden_context', 183 __( 'Sorry, you are not allowed to edit terms in this taxonomy.' ), 184 array( 'status' => rest_authorization_required_code() ) 185 ); 186 } 187 188 if ( ! empty( $request['post'] ) ) { 189 $post = get_post( $request['post'] ); 190 191 if ( ! $post ) { 192 return new WP_Error( 193 'rest_post_invalid_id', 194 __( 'Invalid post ID.' ), 195 array( 196 'status' => 400, 197 ) 198 ); 199 } 200 201 if ( ! $this->check_read_terms_permission_for_post( $post, $request ) ) { 202 return new WP_Error( 203 'rest_forbidden_context', 204 __( 'Sorry, you are not allowed to view terms for this post.' ), 205 array( 206 'status' => rest_authorization_required_code(), 207 ) 208 ); 209 } 210 } 211 152 212 return true; 153 213 } -
branches/4.7/src/wp-includes/widgets.php
r39311 r54566 1234 1234 if ( is_wp_error($rss) ) { 1235 1235 if ( is_admin() || current_user_can('manage_options') ) 1236 echo '<p><strong>' . __( 'RSS Error:' ) . '</strong> ' . $rss->get_error_message() . '</p>';1236 echo '<p><strong>' . __( 'RSS Error:' ) . '</strong> ' . ) . '</p>'; 1237 1237 return; 1238 1238 } … … 1343 1343 1344 1344 if ( ! empty( $args['error'] ) ) { 1345 echo '<p class="widget-error"><strong>' . __( 'RSS Error:' ) . '</strong> ' . $args['error']. '</p>';1345 echo '<p class="widget-error"><strong>' . __( 'RSS Error:' ) . '</strong> ' . . '</p>'; 1346 1346 } 1347 1347 -
branches/4.7/src/wp-mail.php
r39773 r54566 60 60 wp_die( __('There doesn’t seem to be any new mail.') ); 61 61 } 62 63 64 62 65 63 66 for ( $i = 1; $i <= $count; $i++ ) { … … 125 128 $author = sanitize_email($author); 126 129 if ( is_email($author) ) { 127 /* translators: Post author email address */128 echo '<p>' . sprintf(__('Author is %s'), $author) . '</p>';129 130 $userdata = get_user_by('email', $author); 130 131 if ( ! empty( $userdata ) ) { -
branches/4.7/src/wp-trackback.php
r38791 r54566 13 13 wp( array( 'tb' => '1' ) ); 14 14 } 15 16 17 15 18 16 19 /** -
branches/4.7/tests/phpunit/tests/query/search.php
r38844 r54566 371 371 372 372 add_post_meta( $attachment, '_wp_attached_file', 'some-image1.png', true ); 373 add_filter( ' posts_clauses', '_filter_query_attachment_filenames' );373 add_filter( '' ); 374 374 375 375 // Pass post_type a string value. … … 397 397 398 398 add_post_meta( $attachment, '_wp_attached_file', 'some-image2.png', true ); 399 add_filter( ' posts_clauses', '_filter_query_attachment_filenames' );399 add_filter( '' ); 400 400 401 401 // Pass post_type an array value. … … 448 448 add_post_meta( $attachment, '_wp_attached_file', 'some-image4.png', true ); 449 449 add_post_meta( $attachment, '_test_meta_key', 'value', true ); 450 add_filter( ' posts_clauses', '_filter_query_attachment_filenames' );450 add_filter( '' ); 451 451 452 452 // Pass post_type a string value. … … 484 484 485 485 add_post_meta( $attachment, '_wp_attached_file', 'some-image5.png', true ); 486 add_filter( ' posts_clauses', '_filter_query_attachment_filenames' );486 add_filter( '' ); 487 487 488 488 // Pass post_type a string value. … … 507 507 * @ticket 22744 508 508 */ 509 public function test_filter_query_attachment_filenames_unhooks_itself() { 510 add_filter( 'posts_clauses', '_filter_query_attachment_filenames' ); 511 512 apply_filters( 'posts_clauses', array( 513 'where' => '', 514 'groupby' => '', 515 'join' => '', 516 'orderby' => '', 517 'distinct' => '', 518 'fields' => '', 519 'limit' => '', 520 ) ); 521 522 $result = has_filter( 'posts_clauses', '_filter_query_attachment_filenames' ); 523 524 $this->assertFalse( $result ); 509 public function test_wp_query_removes_filter_wp_allow_query_attachment_by_filename() { 510 $attachment = self::factory()->post->create( 511 array( 512 'post_type' => 'attachment', 513 'post_status' => 'publish', 514 'post_title' => 'bar foo', 515 'post_content' => 'foo bar', 516 'post_excerpt' => 'This post has foo', 517 ) 518 ); 519 520 add_post_meta( $attachment, '_wp_attached_file', 'some-image1.png', true ); 521 add_filter( 'wp_allow_query_attachment_by_filename', '__return_true' ); 522 523 $q = new WP_Query( 524 array( 525 's' => 'image1', 526 'fields' => 'ids', 527 'post_type' => 'attachment', 528 'post_status' => 'inherit', 529 ) 530 ); 531 532 $this->assertSame( array( $attachment ), $q->posts ); 533 534 /* 535 * WP_Query should have removed the wp_allow_query_attachment_by_filename filter 536 * and thus not match the attachment created above 537 */ 538 $q->get_posts(); 539 $this->assertEmpty( $q->posts ); 525 540 } 526 541 -
branches/4.7/tests/phpunit/tests/rest-api/rest-comments-controller.php
r40114 r54566 2563 2563 'author_name' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2564 2564 'author_user_agent' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2565 2565 2566 ), array( 2566 2567 'content' => array( … … 2570 2571 'author_name' => 'div strong', 2571 2572 'author_user_agent' => 'div strong', 2573 2572 2574 ) ); 2573 2575 } else { … … 2577 2579 'author_name' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2578 2580 'author_user_agent' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2581 2579 2582 ), array( 2580 2583 'content' => array( … … 2584 2587 'author_name' => 'div strong', 2585 2588 'author_user_agent' => 'div strong', 2589 2586 2590 ) ); 2587 2591 } … … 2595 2599 'author_name' => '\\\&\\\ & &invalid; < < &lt;', 2596 2600 'author_user_agent' => '\\\&\\\ & &invalid; < < &lt;', 2601 2597 2602 ), array( 2598 2603 'content' => array( … … 2602 2607 'author_name' => '\\\&\\\ & &invalid; < < &lt;', 2603 2608 'author_user_agent' => '\\\&\\\ & &invalid; < < &lt;', 2609 2604 2610 ) ); 2605 2611 } … … 2612 2618 'author_name' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2613 2619 'author_user_agent' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2620 2614 2621 ), array( 2615 2622 'content' => array( … … 2619 2626 'author_name' => 'div strong', 2620 2627 'author_user_agent' => 'div strong', 2628 2621 2629 ) ); 2622 2630 }
Note: See TracChangeset
for help on using the changeset viewer.