Script Loader: Send a 400 Bad Request status code in `load-scripts.php` and `load-styles.php` if the required `load[]` parameter is not set.

Props compilenix.
Fixes #44108.
Built from https://develop.svn.wordpress.org/trunk@45731


git-svn-id: http://core.svn.wordpress.org/trunk@45542 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov 2019-08-03 22:17:57 +00:00
parent c377191858
commit 7dbc4d28e5
3 changed files with 13 additions and 9 deletions

View File

@ -14,6 +14,11 @@ if ( ! defined( 'ABSPATH' ) ) {
define( 'WPINC', 'wp-includes' );
$protocol = $_SERVER['SERVER_PROTOCOL'];
if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0' ) ) ) {
$protocol = 'HTTP/1.0';
}
$load = $_GET['load'];
if ( is_array( $load ) ) {
ksort( $load );
@ -24,6 +29,7 @@ $load = preg_replace( '/[^a-z0-9,_-]+/i', '', $load );
$load = array_unique( explode( ',', $load ) );
if ( empty( $load ) ) {
header( "$protocol 400 Bad Request" );
exit;
}
@ -40,10 +46,6 @@ wp_default_packages_vendor( $wp_scripts );
wp_default_packages_scripts( $wp_scripts );
if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) && stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) === $wp_version ) {
$protocol = $_SERVER['SERVER_PROTOCOL'];
if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0' ) ) ) {
$protocol = 'HTTP/1.0';
}
header( "$protocol 304 Not Modified" );
exit();
}

View File

@ -18,6 +18,11 @@ require( ABSPATH . 'wp-admin/includes/noop.php' );
require( ABSPATH . WPINC . '/script-loader.php' );
require( ABSPATH . WPINC . '/version.php' );
$protocol = $_SERVER['SERVER_PROTOCOL'];
if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0' ) ) ) {
$protocol = 'HTTP/1.0';
}
$load = $_GET['load'];
if ( is_array( $load ) ) {
ksort( $load );
@ -28,6 +33,7 @@ $load = preg_replace( '/[^a-z0-9,_-]+/i', '', $load );
$load = array_unique( explode( ',', $load ) );
if ( empty( $load ) ) {
header( "$protocol 400 Bad Request" );
exit;
}
@ -39,10 +45,6 @@ $wp_styles = new WP_Styles();
wp_default_styles( $wp_styles );
if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) && stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) === $wp_version ) {
$protocol = $_SERVER['SERVER_PROTOCOL'];
if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0' ) ) ) {
$protocol = 'HTTP/1.0';
}
header( "$protocol 304 Not Modified" );
exit();
}

View File

@ -13,7 +13,7 @@
*
* @global string $wp_version
*/
$wp_version = '5.3-alpha-45730';
$wp_version = '5.3-alpha-45731';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.