Changeset 56838

Timestamp:

10/12/2023 12:45:49 PM (10 months ago)

Author:

audrasjb

Message:

Shortcodes: Restrict ajax handler for media shortcode.

Props tykoted, xknown, peterwilsoncc, antpb, jorbin.

Location:

trunk

Files:

• src/wp-admin/includes/ajax-actions.php (modified) (2 diffs)
• src/wp-includes/media.php (modified) (4 diffs)
• src/wp-includes/shortcodes.php (modified) (1 diff)
• tests/phpunit/tests/ajax/wpAjaxParseMediaShortcode.php (added)

trunk/src/wp-admin/includes/ajax-actions.php

@@ -3883 +3883 @@
     $shortcode = wp_unslash( $_POST['shortcode'] );
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
     if ( ! empty( $_POST['post_ID'] ) ) {
         $post = get_post( (int) $_POST['post_ID'] );
@@ -3889 +3905 @@
     // The embed shortcode requires a post.
     if ( ! $post || ! current_user_can( 'edit_post', $post->ID ) ) {
-        if ( 'embed' === $shortcode ) {
+        if (  ) {
             wp_send_json_error();
         }

trunk/src/wp-includes/media.php

@@ -2608 +2608 @@
         }
     } elseif ( ! empty( $atts['exclude'] ) ) {
+
         $attachments = get_children(
             array(
@@ -2620 +2621 @@
         );
     } else {
+
         $attachments = get_children(
             array(
@@ -2630 +2632 @@
             )
         );
+
+
+
+
+
+
+
+
+
+
+
     }
 
@@ -2964 +2977 @@
     }
 
+
+
+
+
+
+
+
+
+
     if ( empty( $attachments ) ) {
         return '';

trunk/src/wp-includes/shortcodes.php

@@ -167 +167 @@
     }
     return false;
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 }