Get WordPress

Make WordPress Core

Changeset 56850

Timestamp:
10/12/2023 02:21:47 PM (10 months ago)
Author:
davidbaumwald
Message:

Grouped backports to the 4.1 branch.

  • Comments: Prevent users who can not see a post from seeing comments on it.
  • Shortcodes: Restrict ajax handler for media shortcode.
  • Prevent unintended behavior when certain objects are unserialized.

Merges [56835], [56836], and [56838] to the 4.1 branch.
Props xknown, jorbin, joehoyle, peterwilsoncc, ehtis, tykoted, antpb.

Location:
branches/4.1/src
Files:
7 edited

Legend:

Unmodified
Added
Removed

  • branches/4.1/src/wp-admin/includes/ajax-actions.php

    r55772 r56850  
    829829        wp_die( 0 );
    830830    }
    831    
     831
    832832    if ( ! current_user_can( $tax->cap->assign_terms ) ) {
    833833        wp_die( -1 );
     
    27682768    }
    27692769
    2770     setup_postdata( $post );
    2771     $shortcode = do_shortcode( wp_unslash( $_POST['shortcode'] ) );
     2770    $shortcode = wp_unslash( $_POST['shortcode'] );
     2771
     2772    // Only process previews for media related shortcodes:
     2773    $found_shortcodes = get_shortcode_tags_in_content( $shortcode );
     2774    $media_shortcodes = array(
     2775        'audio',
     2776        'embed',
     2777        'playlist',
     2778        'video',
     2779        'gallery',
     2780    );
     2781
     2782    $other_shortcodes = array_diff( $found_shortcodes, $media_shortcodes );
     2783
     2784    if ( ! empty( $other_shortcodes ) ) {
     2785        wp_send_json_error();
     2786    }
     2787
     2788    if ( ! empty( $_POST['post_ID'] ) ) {
     2789        $post = get_post( (int) $_POST['post_ID'] );
     2790    }
     2791
     2792    // the embed shortcode requires a post
     2793    if ( ! $post || ! current_user_can( 'edit_post', $post->ID ) ) {
     2794        if ( in_array( 'embed', $found_shortcodes, true ) ) {
     2795            wp_send_json_error();
     2796        }
     2797    } else {
     2798        setup_postdata( $post );
     2799    }
    27722800
    27732801    if ( empty( $shortcode ) ) {
     
    28362864    } else {
    28372865        $sessions->destroy_all();
    2838         /* translators: 1: User's display name. */ 
     2866        /* translators: 1: User's display name. */
    28392867        $message = sprintf( __( '%s has been logged out.' ), $user->display_name );
    28402868    }

  • branches/4.1/src/wp-admin/includes/class-wp-comments-list-table.php

    r32176 r56850  
    363363        $this->user_can = current_user_can( 'edit_comment', $comment->comment_ID );
    364364
     365
     366
     367
     368
     369
     370
     371
     372
     373
     374
     375
     376
     377
    365378        echo "<tr id='comment-$comment->comment_ID' class='$the_comment_class'>";
    366379        $this->single_row_columns( $comment );

  • branches/4.1/src/wp-admin/includes/class-wp-list-table.php

    r30679 r56850  
    574574        $pending_phrase = sprintf( __( '%s pending' ), number_format( $pending_comments ) );
    575575
     576
     577
     578
     579
     580
     581
     582
     583
     584
     585
     586
     587
     588
     589
    576590        if ( $pending_comments )
    577591            echo '<strong>';

  • branches/4.1/src/wp-admin/includes/dashboard.php

    r33375 r56850  
    779779
    780780        echo '<div id="the-comment-list" data-wp-lists="list:comment">';
    781         foreach ( $comments as $comment )
    782             _wp_dashboard_recent_comments_row( $comment );
     781        foreach ( $comments as $comment ) {
     782            $comment_post = get_post( $comment->comment_post_ID );
     783            if (
     784                current_user_can( 'edit_post', $comment->comment_post_ID ) ||
     785                (
     786                    empty( $comment_post->post_password ) &&
     787                    current_user_can( 'read_post', $comment->comment_post_ID )
     788                )
     789            ) {
     790                _wp_dashboard_recent_comments_row( $comment );
     791            }
     792        }
    783793        echo '</div>';
    784794

  • branches/4.1/src/wp-includes/class-wp-theme.php

    r39815 r56850  
    478478
    479479    /**
     480
     481
     482
     483
     484
     485
     486
     487
     488
     489
     490
     491
     492
     493
     494
     495
     496
     497
     498
     499
     500
     501
    480502     * Adds theme data to cache.
    481503     *
     
    12331255        return strnatcasecmp( $a->display( 'Name', false, true ), $b->display( 'Name', false, true ) );
    12341256    }
     1257
     1258
     1259
     1260
     1261
     1262
     1263
     1264
     1265
     1266
     1267
     1268
    12351269}

  • branches/4.1/src/wp-includes/media.php

    r55772 r56850  
    975975        }
    976976    } elseif ( ! empty( $atts['exclude'] ) ) {
     977
    977978        $attachments = get_children( array( 'post_parent' => $id, 'exclude' => $atts['exclude'], 'post_status' => 'inherit', 'post_type' => 'attachment', 'post_mime_type' => 'image', 'order' => $atts['order'], 'orderby' => $atts['orderby'] ) );
    978979    } else {
     980
    979981        $attachments = get_children( array( 'post_parent' => $id, 'post_status' => 'inherit', 'post_type' => 'attachment', 'post_mime_type' => 'image', 'order' => $atts['order'], 'orderby' => $atts['orderby'] ) );
     982
     983
     984
     985
     986
     987
     988
     989
     990
     991
     992
    980993    }
    981994
     
    12691282    }
    12701283
     1284
     1285
     1286
     1287
     1288
     1289
     1290
     1291
     1292
    12711293    if ( empty( $attachments ) ) {
    12721294        return '';

  • branches/4.1/src/wp-includes/shortcodes.php

    r34146 r56850  
    171171
    172172/**
    173  * Search content for shortcodes and filter shortcodes through their hooks.
     173 * Returns a list of registered shortcode names found in the given content.
     174 *
     175 * Example usage:
     176 *
     177 *     get_shortcode_tags_in_content( '[audio src="file.mp3"][/audio] [foo] [gallery ids="1,2,3"]' );
     178 *     // array( 'audio', 'gallery' )
     179 *
     180 * @since 6.3.2
     181 *
     182 * @param string $content The content to check.
     183 * @return string[] An array of registered shortcode names found in the content.
     184 */
     185function get_shortcode_tags_in_content( $content ) {
     186    if ( false === strpos( $content, '[' ) ) {
     187        return array();
     188    }
     189
     190    preg_match_all( '/' . get_shortcode_regex() . '/', $content, $matches, PREG_SET_ORDER );
     191    if ( empty( $matches ) ) {
     192        return array();
     193    }
     194
     195    $tags = array();
     196    foreach ( $matches as $shortcode ) {
     197        $tags[] = $shortcode[2];
     198
     199        if ( ! empty( $shortcode[5] ) ) {
     200            $deep_tags = get_shortcode_tags_in_content( $shortcode[5] );
     201            if ( ! empty( $deep_tags ) ) {
     202                $tags = array_merge( $tags, $deep_tags );
     203            }
     204        }
     205    }
     206
     207    return $tags;
     208}
     209
     210/**
     211 * Searches content for shortcodes and filter shortcodes through their hooks.
    174212 *
    175213 * If there are no shortcode tags defined, then the content will be returned
Note: See TracChangeset for help on using the changeset viewer.