Backporting several bug fixes.

- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.
- Customizer: Properly sanitize background images.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 4.2 branch.

Built from https://develop.svn.wordpress.org/branches/4.2@46500


git-svn-id: http://core.svn.wordpress.org/branches/4.2@46297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
whyisjake 2019-10-14 19:15:22 +00:00
parent de854c38b5
commit 1fcbdb46e6
13 changed files with 7603 additions and 6917 deletions

View File

@ -15,7 +15,7 @@ class WP {
* @access public
* @var array
*/
public $public_query_vars = array('m', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'comments_popup', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type');
public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'pagename', 'page_id', 'error', 'comments_popup', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' );
/**
* Private query variables.

View File

@ -1496,6 +1496,11 @@ function wp_mkdir_p( $target ) {
if ( file_exists( $target ) )
return @is_dir( $target );
// Do not allow path traversals.
if ( false !== strpos( $target, '../' ) || false !== strpos( $target, '..' . DIRECTORY_SEPARATOR ) ) {
return false;
}
// We need to find the permissions of the parent folder that exists and inherit that.
$target_parent = dirname( $target );
while ( '.' != $target_parent && ! is_dir( $target_parent ) ) {

View File

@ -470,8 +470,9 @@ function wp_http_validate_url( $url ) {
$ip = $host;
} else {
$ip = gethostbyname( $host );
if ( $ip === $host ) // Error condition for gethostbyname()
$ip = false;
if ( $ip === $host ) { // Error condition for gethostbyname()
return false;
}
}
if ( $ip ) {
$parts = array_map( 'intval', explode( '.', $ip ) );

View File

@ -1,4 +1,72 @@
(function e(t,n,r){function s(o,u){if(!n[o]){if(!t[o]){var a=typeof require=="function"&&require;if(!u&&a)return a(o,!0);if(i)return i(o,!0);var f=new Error("Cannot find module '"+o+"'");throw f.code="MODULE_NOT_FOUND",f}var l=n[o]={exports:{}};t[o][0].call(l.exports,function(e){var n=t[o][1][e];return s(n?n:e)},l,l.exports,e,t,n,r)}return n[o].exports}var i=typeof require=="function"&&require;for(var o=0;o<r.length;o++)s(r[o]);return s})({1:[function(require,module,exports){
/******/ (function(modules) { // webpackBootstrap
/******/ // The module cache
/******/ var installedModules = {};
/******/
/******/ // The require function
/******/ function __webpack_require__(moduleId) {
/******/
/******/ // Check if module is in cache
/******/ if(installedModules[moduleId]) {
/******/ return installedModules[moduleId].exports;
/******/ }
/******/ // Create a new module (and put it into the cache)
/******/ var module = installedModules[moduleId] = {
/******/ i: moduleId,
/******/ l: false,
/******/ exports: {}
/******/ };
/******/
/******/ // Execute the module function
/******/ modules[moduleId].call(module.exports, module, module.exports, __webpack_require__);
/******/
/******/ // Flag the module as loaded
/******/ module.l = true;
/******/
/******/ // Return the exports of the module
/******/ return module.exports;
/******/ }
/******/
/******/
/******/ // expose the modules object (__webpack_modules__)
/******/ __webpack_require__.m = modules;
/******/
/******/ // expose the module cache
/******/ __webpack_require__.c = installedModules;
/******/
/******/ // define getter function for harmony exports
/******/ __webpack_require__.d = function(exports, name, getter) {
/******/ if(!__webpack_require__.o(exports, name)) {
/******/ Object.defineProperty(exports, name, {
/******/ configurable: false,
/******/ enumerable: true,
/******/ get: getter
/******/ });
/******/ }
/******/ };
/******/
/******/ // getDefaultExport function for compatibility with non-harmony modules
/******/ __webpack_require__.n = function(module) {
/******/ var getter = module && module.__esModule ?
/******/ function getDefault() { return module['default']; } :
/******/ function getModuleExports() { return module; };
/******/ __webpack_require__.d(getter, 'a', getter);
/******/ return getter;
/******/ };
/******/
/******/ // Object.prototype.hasOwnProperty.call
/******/ __webpack_require__.o = function(object, property) { return Object.prototype.hasOwnProperty.call(object, property); };
/******/
/******/ // __webpack_public_path__
/******/ __webpack_require__.p = "";
/******/
/******/ // Load entry module and return exports
/******/ return __webpack_require__(__webpack_require__.s = 0);
/******/ })
/************************************************************************/
/******/ ([
/* 0 */
/***/ (function(module, exports, __webpack_require__) {
/*globals wp, _ */
var media = wp.media,
@ -207,87 +275,21 @@ wp.media.video = {
}
};
media.model.PostMedia = require( './models/post-media.js' );
media.controller.AudioDetails = require( './controllers/audio-details.js' );
media.controller.VideoDetails = require( './controllers/video-details.js' );
media.view.MediaFrame.MediaDetails = require( './views/frame/media-details.js' );
media.view.MediaFrame.AudioDetails = require( './views/frame/audio-details.js' );
media.view.MediaFrame.VideoDetails = require( './views/frame/video-details.js' );
media.view.MediaDetails = require( './views/media-details.js' );
media.view.AudioDetails = require( './views/audio-details.js' );
media.view.VideoDetails = require( './views/video-details.js' );
media.model.PostMedia = __webpack_require__( 1 );
media.controller.AudioDetails = __webpack_require__( 2 );
media.controller.VideoDetails = __webpack_require__( 3 );
media.view.MediaFrame.MediaDetails = __webpack_require__( 4 );
media.view.MediaFrame.AudioDetails = __webpack_require__( 5 );
media.view.MediaFrame.VideoDetails = __webpack_require__( 6 );
media.view.MediaDetails = __webpack_require__( 7 );
media.view.AudioDetails = __webpack_require__( 8 );
media.view.VideoDetails = __webpack_require__( 9 );
},{"./controllers/audio-details.js":2,"./controllers/video-details.js":3,"./models/post-media.js":4,"./views/audio-details.js":5,"./views/frame/audio-details.js":6,"./views/frame/media-details.js":7,"./views/frame/video-details.js":8,"./views/media-details.js":9,"./views/video-details.js":10}],2:[function(require,module,exports){
/*globals wp */
/**
* wp.media.controller.AudioDetails
*
* The controller for the Audio Details state
*
* @class
* @augments wp.media.controller.State
* @augments Backbone.Model
*/
var State = wp.media.controller.State,
l10n = wp.media.view.l10n,
AudioDetails;
/***/ }),
/* 1 */
/***/ (function(module, exports) {
AudioDetails = State.extend({
defaults: {
id: 'audio-details',
toolbar: 'audio-details',
title: l10n.audioDetailsTitle,
content: 'audio-details',
menu: 'audio-details',
router: false,
priority: 60
},
initialize: function( options ) {
this.media = options.media;
State.prototype.initialize.apply( this, arguments );
}
});
module.exports = AudioDetails;
},{}],3:[function(require,module,exports){
/*globals wp */
/**
* wp.media.controller.VideoDetails
*
* The controller for the Video Details state
*
* @class
* @augments wp.media.controller.State
* @augments Backbone.Model
*/
var State = wp.media.controller.State,
l10n = wp.media.view.l10n,
VideoDetails;
VideoDetails = State.extend({
defaults: {
id: 'video-details',
toolbar: 'video-details',
title: l10n.videoDetailsTitle,
content: 'video-details',
menu: 'video-details',
router: false,
priority: 60
},
initialize: function( options ) {
this.media = options.media;
State.prototype.initialize.apply( this, arguments );
}
});
module.exports = VideoDetails;
},{}],4:[function(require,module,exports){
/*globals wp, Backbone, _ */
/**
@ -331,125 +333,89 @@ var PostMedia = Backbone.Model.extend({
module.exports = PostMedia;
},{}],5:[function(require,module,exports){
/***/ }),
/* 2 */
/***/ (function(module, exports) {
/*globals wp */
/**
* wp.media.view.AudioDetails
* wp.media.controller.AudioDetails
*
* The controller for the Audio Details state
*
* @class
* @augments wp.media.view.MediaDetails
* @augments wp.media.view.Settings.AttachmentDisplay
* @augments wp.media.view.Settings
* @augments wp.media.View
* @augments wp.Backbone.View
* @augments Backbone.View
* @augments wp.media.controller.State
* @augments Backbone.Model
*/
var MediaDetails = wp.media.view.MediaDetails,
AudioDetails;
AudioDetails = MediaDetails.extend({
className: 'audio-details',
template: wp.template('audio-details'),
setMedia: function() {
var audio = this.$('.wp-audio-shortcode');
if ( audio.find( 'source' ).length ) {
if ( audio.is(':hidden') ) {
audio.show();
}
this.media = MediaDetails.prepareSrc( audio.get(0) );
} else {
audio.hide();
this.media = false;
}
return this;
}
});
module.exports = AudioDetails;
},{}],6:[function(require,module,exports){
/*globals wp */
/**
* wp.media.view.MediaFrame.AudioDetails
*
* @class
* @augments wp.media.view.MediaFrame.MediaDetails
* @augments wp.media.view.MediaFrame.Select
* @augments wp.media.view.MediaFrame
* @augments wp.media.view.Frame
* @augments wp.media.View
* @augments wp.Backbone.View
* @augments Backbone.View
* @mixes wp.media.controller.StateMachine
*/
var MediaDetails = wp.media.view.MediaFrame.MediaDetails,
MediaLibrary = wp.media.controller.MediaLibrary,
var State = wp.media.controller.State,
l10n = wp.media.view.l10n,
AudioDetails;
AudioDetails = MediaDetails.extend({
AudioDetails = State.extend({
defaults: {
id: 'audio',
url: '',
menu: 'audio-details',
content: 'audio-details',
id: 'audio-details',
toolbar: 'audio-details',
type: 'link',
title: l10n.audioDetailsTitle,
priority: 120
content: 'audio-details',
menu: 'audio-details',
router: false,
priority: 60
},
initialize: function( options ) {
options.DetailsView = wp.media.view.AudioDetails;
options.cancelText = l10n.audioDetailsCancel;
options.addText = l10n.audioAddSourceTitle;
MediaDetails.prototype.initialize.call( this, options );
},
bindHandlers: function() {
MediaDetails.prototype.bindHandlers.apply( this, arguments );
this.on( 'toolbar:render:replace-audio', this.renderReplaceToolbar, this );
this.on( 'toolbar:render:add-audio-source', this.renderAddSourceToolbar, this );
},
createStates: function() {
this.states.add([
new wp.media.controller.AudioDetails( {
media: this.media
} ),
new MediaLibrary( {
type: 'audio',
id: 'replace-audio',
title: l10n.audioReplaceTitle,
toolbar: 'replace-audio',
media: this.media,
menu: 'audio-details'
} ),
new MediaLibrary( {
type: 'audio',
id: 'add-audio-source',
title: l10n.audioAddSourceTitle,
toolbar: 'add-audio-source',
media: this.media,
menu: false
} )
]);
this.media = options.media;
State.prototype.initialize.apply( this, arguments );
}
});
module.exports = AudioDetails;
},{}],7:[function(require,module,exports){
/***/ }),
/* 3 */
/***/ (function(module, exports) {
/*globals wp */
/**
* wp.media.controller.VideoDetails
*
* The controller for the Video Details state
*
* @class
* @augments wp.media.controller.State
* @augments Backbone.Model
*/
var State = wp.media.controller.State,
l10n = wp.media.view.l10n,
VideoDetails;
VideoDetails = State.extend({
defaults: {
id: 'video-details',
toolbar: 'video-details',
title: l10n.videoDetailsTitle,
content: 'video-details',
menu: 'video-details',
router: false,
priority: 60
},
initialize: function( options ) {
this.media = options.media;
State.prototype.initialize.apply( this, arguments );
}
});
module.exports = VideoDetails;
/***/ }),
/* 4 */
/***/ (function(module, exports) {
/*globals wp */
/**
@ -581,7 +547,93 @@ MediaDetails = Select.extend({
module.exports = MediaDetails;
},{}],8:[function(require,module,exports){
/***/ }),
/* 5 */
/***/ (function(module, exports) {
/*globals wp */
/**
* wp.media.view.MediaFrame.AudioDetails
*
* @class
* @augments wp.media.view.MediaFrame.MediaDetails
* @augments wp.media.view.MediaFrame.Select
* @augments wp.media.view.MediaFrame
* @augments wp.media.view.Frame
* @augments wp.media.View
* @augments wp.Backbone.View
* @augments Backbone.View
* @mixes wp.media.controller.StateMachine
*/
var MediaDetails = wp.media.view.MediaFrame.MediaDetails,
MediaLibrary = wp.media.controller.MediaLibrary,
l10n = wp.media.view.l10n,
AudioDetails;
AudioDetails = MediaDetails.extend({
defaults: {
id: 'audio',
url: '',
menu: 'audio-details',
content: 'audio-details',
toolbar: 'audio-details',
type: 'link',
title: l10n.audioDetailsTitle,
priority: 120
},
initialize: function( options ) {
options.DetailsView = wp.media.view.AudioDetails;
options.cancelText = l10n.audioDetailsCancel;
options.addText = l10n.audioAddSourceTitle;
MediaDetails.prototype.initialize.call( this, options );
},
bindHandlers: function() {
MediaDetails.prototype.bindHandlers.apply( this, arguments );
this.on( 'toolbar:render:replace-audio', this.renderReplaceToolbar, this );
this.on( 'toolbar:render:add-audio-source', this.renderAddSourceToolbar, this );
},
createStates: function() {
this.states.add([
new wp.media.controller.AudioDetails( {
media: this.media
} ),
new MediaLibrary( {
type: 'audio',
id: 'replace-audio',
title: l10n.audioReplaceTitle,
toolbar: 'replace-audio',
media: this.media,
menu: 'audio-details'
} ),
new MediaLibrary( {
type: 'audio',
id: 'add-audio-source',
title: l10n.audioAddSourceTitle,
toolbar: 'add-audio-source',
media: this.media,
menu: false
} )
]);
}
});
module.exports = AudioDetails;
/***/ }),
/* 6 */
/***/ (function(module, exports) {
/*globals wp, _ */
/**
@ -718,7 +770,11 @@ VideoDetails = MediaDetails.extend({
module.exports = VideoDetails;
},{}],9:[function(require,module,exports){
/***/ }),
/* 7 */
/***/ (function(module, exports) {
/*global wp, jQuery, _, MediaElementPlayer */
/**
@ -886,7 +942,55 @@ MediaDetails = AttachmentDisplay.extend({
module.exports = MediaDetails;
},{}],10:[function(require,module,exports){
/***/ }),
/* 8 */
/***/ (function(module, exports) {
/*globals wp */
/**
* wp.media.view.AudioDetails
*
* @class
* @augments wp.media.view.MediaDetails
* @augments wp.media.view.Settings.AttachmentDisplay
* @augments wp.media.view.Settings
* @augments wp.media.View
* @augments wp.Backbone.View
* @augments Backbone.View
*/
var MediaDetails = wp.media.view.MediaDetails,
AudioDetails;
AudioDetails = MediaDetails.extend({
className: 'audio-details',
template: wp.template('audio-details'),
setMedia: function() {
var audio = this.$('.wp-audio-shortcode');
if ( audio.find( 'source' ).length ) {
if ( audio.is(':hidden') ) {
audio.show();
}
this.media = MediaDetails.prepareSrc( audio.get(0) );
} else {
audio.hide();
this.media = false;
}
return this;
}
});
module.exports = AudioDetails;
/***/ }),
/* 9 */
/***/ (function(module, exports) {
/*globals wp */
/**
@ -931,4 +1035,6 @@ VideoDetails = MediaDetails.extend({
module.exports = VideoDetails;
},{}]},{},[1]);
/***/ })
/******/ ]);

File diff suppressed because one or more lines are too long

File diff suppressed because it is too large Load Diff

File diff suppressed because one or more lines are too long

View File

@ -1,4 +1,73 @@
(function e(t,n,r){function s(o,u){if(!n[o]){if(!t[o]){var a=typeof require=="function"&&require;if(!u&&a)return a(o,!0);if(i)return i(o,!0);var f=new Error("Cannot find module '"+o+"'");throw f.code="MODULE_NOT_FOUND",f}var l=n[o]={exports:{}};t[o][0].call(l.exports,function(e){var n=t[o][1][e];return s(n?n:e)},l,l.exports,e,t,n,r)}return n[o].exports}var i=typeof require=="function"&&require;for(var o=0;o<r.length;o++)s(r[o]);return s})({1:[function(require,module,exports){
/******/ (function(modules) { // webpackBootstrap
/******/ // The module cache
/******/ var installedModules = {};
/******/
/******/ // The require function
/******/ function __webpack_require__(moduleId) {
/******/
/******/ // Check if module is in cache
/******/ if(installedModules[moduleId]) {
/******/ return installedModules[moduleId].exports;
/******/ }
/******/ // Create a new module (and put it into the cache)
/******/ var module = installedModules[moduleId] = {
/******/ i: moduleId,
/******/ l: false,
/******/ exports: {}
/******/ };
/******/
/******/ // Execute the module function
/******/ modules[moduleId].call(module.exports, module, module.exports, __webpack_require__);
/******/
/******/ // Flag the module as loaded
/******/ module.l = true;
/******/
/******/ // Return the exports of the module
/******/ return module.exports;
/******/ }
/******/
/******/
/******/ // expose the modules object (__webpack_modules__)
/******/ __webpack_require__.m = modules;
/******/
/******/ // expose the module cache
/******/ __webpack_require__.c = installedModules;
/******/
/******/ // define getter function for harmony exports
/******/ __webpack_require__.d = function(exports, name, getter) {
/******/ if(!__webpack_require__.o(exports, name)) {
/******/ Object.defineProperty(exports, name, {
/******/ configurable: false,
/******/ enumerable: true,
/******/ get: getter
/******/ });
/******/ }
/******/ };
/******/
/******/ // getDefaultExport function for compatibility with non-harmony modules
/******/ __webpack_require__.n = function(module) {
/******/ var getter = module && module.__esModule ?
/******/ function getDefault() { return module['default']; } :
/******/ function getModuleExports() { return module; };
/******/ __webpack_require__.d(getter, 'a', getter);
/******/ return getter;
/******/ };
/******/
/******/ // Object.prototype.hasOwnProperty.call
/******/ __webpack_require__.o = function(object, property) { return Object.prototype.hasOwnProperty.call(object, property); };
/******/
/******/ // __webpack_public_path__
/******/ __webpack_require__.p = "";
/******/
/******/ // Load entry module and return exports
/******/ return __webpack_require__(__webpack_require__.s = 20);
/******/ })
/************************************************************************/
/******/ ({
/***/ 20:
/***/ (function(module, exports, __webpack_require__) {
/*globals wp, _, jQuery */
var $ = jQuery,
@ -58,12 +127,12 @@ l10n = media.model.l10n = window._wpMediaModelsL10n || {};
media.model.settings = l10n.settings || {};
delete l10n.settings;
Attachment = media.model.Attachment = require( './models/attachment.js' );
Attachments = media.model.Attachments = require( './models/attachments.js' );
Attachment = media.model.Attachment = __webpack_require__( 21 );
Attachments = media.model.Attachments = __webpack_require__( 22 );
media.model.Query = require( './models/query.js' );
media.model.PostImage = require( './models/post-image.js' );
media.model.Selection = require( './models/selection.js' );
media.model.Query = __webpack_require__( 23 );
media.model.PostImage = __webpack_require__( 24 );
media.model.Selection = __webpack_require__( 25 );
/**
* ========================================================================
@ -231,7 +300,12 @@ $(window).on('unload', function(){
window.wp = null;
});
},{"./models/attachment.js":2,"./models/attachments.js":3,"./models/post-image.js":4,"./models/query.js":5,"./models/selection.js":6}],2:[function(require,module,exports){
/***/ }),
/***/ 21:
/***/ (function(module, exports) {
/*globals wp, _, Backbone */
/**
@ -401,7 +475,12 @@ Attachment = Backbone.Model.extend({
module.exports = Attachment;
},{}],3:[function(require,module,exports){
/***/ }),
/***/ 22:
/***/ (function(module, exports) {
/*globals wp, _, Backbone */
/**
@ -935,163 +1014,12 @@ var Attachments = Backbone.Collection.extend({
module.exports = Attachments;
},{}],4:[function(require,module,exports){
/*globals Backbone */
/**
* wp.media.model.PostImage
*
* An instance of an image that's been embedded into a post.
*
* Used in the embedded image attachment display settings modal - @see wp.media.view.MediaFrame.ImageDetails.
*
* @class
* @augments Backbone.Model
*
* @param {int} [attributes] Initial model attributes.
* @param {int} [attributes.attachment_id] ID of the attachment.
**/
var PostImage = Backbone.Model.extend({
/***/ }),
initialize: function( attributes ) {
var Attachment = wp.media.model.Attachment;
this.attachment = false;
/***/ 23:
/***/ (function(module, exports) {
if ( attributes.attachment_id ) {
this.attachment = Attachment.get( attributes.attachment_id );
if ( this.attachment.get( 'url' ) ) {
this.dfd = jQuery.Deferred();
this.dfd.resolve();
} else {
this.dfd = this.attachment.fetch();
}
this.bindAttachmentListeners();
}
// keep url in sync with changes to the type of link
this.on( 'change:link', this.updateLinkUrl, this );
this.on( 'change:size', this.updateSize, this );
this.setLinkTypeFromUrl();
this.setAspectRatio();
this.set( 'originalUrl', attributes.url );
},
bindAttachmentListeners: function() {
this.listenTo( this.attachment, 'sync', this.setLinkTypeFromUrl );
this.listenTo( this.attachment, 'sync', this.setAspectRatio );
this.listenTo( this.attachment, 'change', this.updateSize );
},
changeAttachment: function( attachment, props ) {
this.stopListening( this.attachment );
this.attachment = attachment;
this.bindAttachmentListeners();
this.set( 'attachment_id', this.attachment.get( 'id' ) );
this.set( 'caption', this.attachment.get( 'caption' ) );
this.set( 'alt', this.attachment.get( 'alt' ) );
this.set( 'size', props.get( 'size' ) );
this.set( 'align', props.get( 'align' ) );
this.set( 'link', props.get( 'link' ) );
this.updateLinkUrl();
this.updateSize();
},
setLinkTypeFromUrl: function() {
var linkUrl = this.get( 'linkUrl' ),
type;
if ( ! linkUrl ) {
this.set( 'link', 'none' );
return;
}
// default to custom if there is a linkUrl
type = 'custom';
if ( this.attachment ) {
if ( this.attachment.get( 'url' ) === linkUrl ) {
type = 'file';
} else if ( this.attachment.get( 'link' ) === linkUrl ) {
type = 'post';
}
} else {
if ( this.get( 'url' ) === linkUrl ) {
type = 'file';
}
}
this.set( 'link', type );
},
updateLinkUrl: function() {
var link = this.get( 'link' ),
url;
switch( link ) {
case 'file':
if ( this.attachment ) {
url = this.attachment.get( 'url' );
} else {
url = this.get( 'url' );
}
this.set( 'linkUrl', url );
break;
case 'post':
this.set( 'linkUrl', this.attachment.get( 'link' ) );
break;
case 'none':
this.set( 'linkUrl', '' );
break;
}
},
updateSize: function() {
var size;
if ( ! this.attachment ) {
return;
}
if ( this.get( 'size' ) === 'custom' ) {
this.set( 'width', this.get( 'customWidth' ) );
this.set( 'height', this.get( 'customHeight' ) );
this.set( 'url', this.get( 'originalUrl' ) );
return;
}
size = this.attachment.get( 'sizes' )[ this.get( 'size' ) ];
if ( ! size ) {
return;
}
this.set( 'url', size.url );
this.set( 'width', size.width );
this.set( 'height', size.height );
},
setAspectRatio: function() {
var full;
if ( this.attachment && this.attachment.get( 'sizes' ) ) {
full = this.attachment.get( 'sizes' ).full;
if ( full ) {
this.set( 'aspectRatio', full.width / full.height );
return;
}
}
this.set( 'aspectRatio', this.get( 'customWidth' ) / this.get( 'customHeight' ) );
}
});
module.exports = PostImage;
},{}],5:[function(require,module,exports){
/*globals wp, _ */
/**
@ -1401,7 +1329,173 @@ Query = Attachments.extend({
module.exports = Query;
},{}],6:[function(require,module,exports){
/***/ }),
/***/ 24:
/***/ (function(module, exports) {
/*globals Backbone */
/**
* wp.media.model.PostImage
*
* An instance of an image that's been embedded into a post.
*
* Used in the embedded image attachment display settings modal - @see wp.media.view.MediaFrame.ImageDetails.
*
* @class
* @augments Backbone.Model
*
* @param {int} [attributes] Initial model attributes.
* @param {int} [attributes.attachment_id] ID of the attachment.
**/
var PostImage = Backbone.Model.extend({
initialize: function( attributes ) {
var Attachment = wp.media.model.Attachment;
this.attachment = false;
if ( attributes.attachment_id ) {
this.attachment = Attachment.get( attributes.attachment_id );
if ( this.attachment.get( 'url' ) ) {
this.dfd = jQuery.Deferred();
this.dfd.resolve();
} else {
this.dfd = this.attachment.fetch();
}
this.bindAttachmentListeners();
}
// keep url in sync with changes to the type of link
this.on( 'change:link', this.updateLinkUrl, this );
this.on( 'change:size', this.updateSize, this );
this.setLinkTypeFromUrl();
this.setAspectRatio();
this.set( 'originalUrl', attributes.url );
},
bindAttachmentListeners: function() {
this.listenTo( this.attachment, 'sync', this.setLinkTypeFromUrl );
this.listenTo( this.attachment, 'sync', this.setAspectRatio );
this.listenTo( this.attachment, 'change', this.updateSize );
},
changeAttachment: function( attachment, props ) {
this.stopListening( this.attachment );
this.attachment = attachment;
this.bindAttachmentListeners();
this.set( 'attachment_id', this.attachment.get( 'id' ) );
this.set( 'caption', this.attachment.get( 'caption' ) );
this.set( 'alt', this.attachment.get( 'alt' ) );
this.set( 'size', props.get( 'size' ) );
this.set( 'align', props.get( 'align' ) );
this.set( 'link', props.get( 'link' ) );
this.updateLinkUrl();
this.updateSize();
},
setLinkTypeFromUrl: function() {
var linkUrl = this.get( 'linkUrl' ),
type;
if ( ! linkUrl ) {
this.set( 'link', 'none' );
return;
}
// default to custom if there is a linkUrl
type = 'custom';
if ( this.attachment ) {
if ( this.attachment.get( 'url' ) === linkUrl ) {
type = 'file';
} else if ( this.attachment.get( 'link' ) === linkUrl ) {
type = 'post';
}
} else {
if ( this.get( 'url' ) === linkUrl ) {
type = 'file';
}
}
this.set( 'link', type );
},
updateLinkUrl: function() {
var link = this.get( 'link' ),
url;
switch( link ) {
case 'file':
if ( this.attachment ) {
url = this.attachment.get( 'url' );
} else {
url = this.get( 'url' );
}
this.set( 'linkUrl', url );
break;
case 'post':
this.set( 'linkUrl', this.attachment.get( 'link' ) );
break;
case 'none':
this.set( 'linkUrl', '' );
break;
}
},
updateSize: function() {
var size;
if ( ! this.attachment ) {
return;
}
if ( this.get( 'size' ) === 'custom' ) {
this.set( 'width', this.get( 'customWidth' ) );
this.set( 'height', this.get( 'customHeight' ) );
this.set( 'url', this.get( 'originalUrl' ) );
return;
}
size = this.attachment.get( 'sizes' )[ this.get( 'size' ) ];
if ( ! size ) {
return;
}
this.set( 'url', size.url );
this.set( 'width', size.width );
this.set( 'height', size.height );
},
setAspectRatio: function() {
var full;
if ( this.attachment && this.attachment.get( 'sizes' ) ) {
full = this.attachment.get( 'sizes' ).full;
if ( full ) {
this.set( 'aspectRatio', full.width / full.height );
return;
}
}
this.set( 'aspectRatio', this.get( 'customWidth' ) / this.get( 'customHeight' ) );
}
});
module.exports = PostImage;
/***/ }),
/***/ 25:
/***/ (function(module, exports) {
/*globals wp, _ */
/**
@ -1500,4 +1594,7 @@ Selection = Attachments.extend({
module.exports = Selection;
},{}]},{},[1]);
/***/ })
/******/ });

File diff suppressed because one or more lines are too long

File diff suppressed because it is too large Load Diff

File diff suppressed because one or more lines are too long

View File

@ -1074,8 +1074,8 @@ if ( !function_exists('check_admin_referer') ) :
* 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
*/
function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
if ( -1 == $action )
_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2' );
if ( -1 === $action )
_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
$adminurl = strtolower(admin_url());
$referer = strtolower(wp_get_referer());
@ -1095,6 +1095,12 @@ function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
* 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
*/
do_action( 'check_admin_referer', $action, $result );
if ( ! $result && ! ( -1 === $action && strpos( $referer, $adminurl ) === 0 ) ) {
wp_nonce_ays( $action );
die();
}
return $result;
}
endif;
@ -1115,6 +1121,9 @@ if ( !function_exists('check_ajax_referer') ) :
* 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
*/
function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
if ( -1 === $action )
_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
$nonce = '';
if ( $query_arg && isset( $_REQUEST[ $query_arg ] ) )
@ -2357,4 +2366,3 @@ function wp_text_diff( $left_string, $right_string, $args = null ) {
return $r;
}
endif;

View File

@ -1401,7 +1401,6 @@ class WP_Query {
, 'attachment'
, 'attachment_id'
, 'name'
, 'static'
, 'pagename'
, 'page_id'
, 'second'
@ -1605,7 +1604,7 @@ class WP_Query {
// If year, month, day, hour, minute, and second are set, a single
// post is being queried.
$this->is_single = true;
} elseif ( '' != $qv['static'] || '' != $qv['pagename'] || !empty($qv['page_id']) ) {
} elseif ( '' != $qv['pagename'] || !empty($qv['page_id']) ) {
$this->is_page = true;
$this->is_single = false;
} else {