General: Backport several commits for release.
- Embeds: Ensure that the title attribute is set correctly on embeds. - Editor: Prevent HTML decoding on by setting the proper editor context. - Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters. - Themes: Ensure a broken theme name is returned properly. - Administration: Add a new filter to extend set-screen-option. Merges [47947-47951] to the 4.2 branch. Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake. Built from https://develop.svn.wordpress.org/branches/4.2@47970 git-svn-id: http://core.svn.wordpress.org/branches/4.2@47741 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
7fb64672ce
commit
426696ba21
|
@ -2724,8 +2724,11 @@ function edit_form_image_editor( $post ) {
|
||||||
<label for="content"><strong><?php _e( 'Description' ); ?></strong><?php
|
<label for="content"><strong><?php _e( 'Description' ); ?></strong><?php
|
||||||
if ( preg_match( '#^(audio|video)/#', $post->post_mime_type ) ) {
|
if ( preg_match( '#^(audio|video)/#', $post->post_mime_type ) ) {
|
||||||
echo ': ' . __( 'Displayed on attachment pages.' );
|
echo ': ' . __( 'Displayed on attachment pages.' );
|
||||||
} ?></label>
|
}
|
||||||
<?php wp_editor( $post->post_content, 'attachment_content', $editor_args ); ?>
|
|
||||||
|
?>
|
||||||
|
</label>
|
||||||
|
<?php wp_editor( format_to_edit( $post->post_content ), 'attachment_content', $editor_args ); ?>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<?php
|
<?php
|
||||||
|
|
|
@ -405,24 +405,46 @@ function set_screen_options() {
|
||||||
return;
|
return;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
if ( '_page' === substr( $option, -5 ) || 'layout_columns' === $option ) {
|
||||||
|
/**
|
||||||
|
* Filters a screen option value before it is set.
|
||||||
|
*
|
||||||
|
* The filter can also be used to modify non-standard [items]_per_page
|
||||||
|
* settings. See the parent function for a full list of standard options.
|
||||||
|
*
|
||||||
|
* Returning false to the filter will skip saving the current option.
|
||||||
|
*
|
||||||
|
* @since 2.8.0
|
||||||
|
* @since 5.4.2 Only applied to options ending with '_page',
|
||||||
|
* or the 'layout_columns' option.
|
||||||
|
*
|
||||||
|
* @see set_screen_options()
|
||||||
|
*
|
||||||
|
* @param bool $keep Whether to save or skip saving the screen option value.
|
||||||
|
* Default false.
|
||||||
|
* @param string $option The option name.
|
||||||
|
* @param int $value The number of rows to use.
|
||||||
|
*/
|
||||||
|
$value = apply_filters( 'set-screen-option', false, $option, $value ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Filter a screen option value before it is set.
|
* Filter a screen option value before it is set.
|
||||||
*
|
*
|
||||||
* The filter can also be used to modify non-standard [items]_per_page
|
* The dynamic portion of the hook, `$option`, refers to the option name.
|
||||||
* settings. See the parent function for a full list of standard options.
|
|
||||||
*
|
*
|
||||||
* Returning false to the filter will skip saving the current option.
|
* Returning false to the filter will skip saving the current option.
|
||||||
*
|
*
|
||||||
* @since 2.8.0
|
* @since 5.4.2
|
||||||
*
|
*
|
||||||
* @see set_screen_options()
|
* @see set_screen_options()
|
||||||
*
|
*
|
||||||
* @param bool|int $value Screen option value. Default false to skip.
|
* @param bool $keep Whether to save or skip saving the screen option value.
|
||||||
* @param string $option The option name.
|
* Default false.
|
||||||
* @param int $value The number of rows to use.
|
* @param string $option The option name.
|
||||||
|
* @param int $value The number of rows to use.
|
||||||
*/
|
*/
|
||||||
$value = apply_filters( 'set-screen-option', false, $option, $value );
|
$value = apply_filters( "set_screen_option_{$option}", false, $option, $value );
|
||||||
|
|
||||||
if ( false === $value )
|
if ( false === $value )
|
||||||
return;
|
return;
|
||||||
|
|
|
@ -286,7 +286,7 @@ $can_delete = current_user_can( 'delete_themes' );
|
||||||
</tr>
|
</tr>
|
||||||
<?php foreach ( $broken_themes as $broken_theme ) : ?>
|
<?php foreach ( $broken_themes as $broken_theme ) : ?>
|
||||||
<tr>
|
<tr>
|
||||||
<td><?php echo $broken_theme->get( 'Name' ) ? $broken_theme->display( 'Name' ) : $broken_theme->get_stylesheet(); ?></td>
|
<td><?php echo $broken_theme->get( 'Name' ) ? $broken_theme->display( 'Name' ) : esc_html( $broken_theme->get_stylesheet() ); ?></td>
|
||||||
<td><?php echo $broken_theme->errors()->get_error_message(); ?></td>
|
<td><?php echo $broken_theme->errors()->get_error_message(); ?></td>
|
||||||
<?php
|
<?php
|
||||||
if ( $can_delete ) {
|
if ( $can_delete ) {
|
||||||
|
|
|
@ -1226,7 +1226,7 @@ function wp_sanitize_redirect($location) {
|
||||||
){1,40} # ...one or more times
|
){1,40} # ...one or more times
|
||||||
)/x';
|
)/x';
|
||||||
$location = preg_replace_callback( $regex, '_wp_sanitize_utf8_in_redirect', $location );
|
$location = preg_replace_callback( $regex, '_wp_sanitize_utf8_in_redirect', $location );
|
||||||
$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()]|i', '', $location);
|
$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()@]|i', '', $location);
|
||||||
$location = wp_kses_no_null($location);
|
$location = wp_kses_no_null($location);
|
||||||
|
|
||||||
// remove %0d and %0a from location
|
// remove %0d and %0a from location
|
||||||
|
@ -1293,7 +1293,7 @@ if ( !function_exists('wp_validate_redirect') ) :
|
||||||
* @return string redirect-sanitized URL
|
* @return string redirect-sanitized URL
|
||||||
**/
|
**/
|
||||||
function wp_validate_redirect($location, $default = '') {
|
function wp_validate_redirect($location, $default = '') {
|
||||||
$location = trim( $location, " \t\n\r\0\x08\x0B" );
|
$location = wp_sanitize_redirect( trim( $location, " \t\n\r\0\x08\x0B" ) );
|
||||||
// browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
|
// browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
|
||||||
if ( substr($location, 0, 2) == '//' )
|
if ( substr($location, 0, 2) == '//' )
|
||||||
$location = 'http:' . $location;
|
$location = 'http:' . $location;
|
||||||
|
|
Loading…
Reference in New Issue