Changeset 56846

Timestamp:

10/12/2023 01:27:29 PM (10 months ago)

Author:

audrasjb

Message:

Shortcodes: Restrict ajax handler for media shortcode.

Props tykoted, xknown, peterwilsoncc, antpb, jorbin.
Merges [56838] to the 6.3 branch.

Location:

branches/6.3

Files:

• . (modified) (1 prop)
• src/wp-admin/includes/ajax-actions.php (modified) (2 diffs)
• src/wp-includes/media.php (modified) (4 diffs)
• src/wp-includes/shortcodes.php (modified) (1 diff)
• tests/phpunit/tests/ajax/wpAjaxParseMediaShortcode.php (copied) (copied from trunk/tests/phpunit/tests/ajax/wpAjaxParseMediaShortcode.php)

branches/6.3/src/wp-admin/includes/ajax-actions.php

@@ -3883 +3883 @@
     $shortcode = wp_unslash( $_POST['shortcode'] );
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
     if ( ! empty( $_POST['post_ID'] ) ) {
         $post = get_post( (int) $_POST['post_ID'] );
@@ -3889 +3905 @@
     // The embed shortcode requires a post.
     if ( ! $post || ! current_user_can( 'edit_post', $post->ID ) ) {
-        if ( 'embed' === $shortcode ) {
+        if (  ) {
             wp_send_json_error();
         }

branches/6.3/src/wp-includes/media.php

@@ -2606 +2606 @@
         }
     } elseif ( ! empty( $atts['exclude'] ) ) {
+
         $attachments = get_children(
             array(
@@ -2618 +2619 @@
         );
     } else {
+
         $attachments = get_children(
             array(
@@ -2628 +2630 @@
             )
         );
+
+
+
+
+
+
+
+
+
+
+
     }
 
@@ -2962 +2975 @@
     }
 
+
+
+
+
+
+
+
+
+
     if ( empty( $attachments ) ) {
         return '';

branches/6.3/src/wp-includes/shortcodes.php

@@ -167 +167 @@
     }
     return false;
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 }