Script Loader: Send a 400 Bad Request status code in `load-scripts.php` and `load-styles.php` if the required `load[]` parameter is not set.
Props compilenix. Fixes #44108. Built from https://develop.svn.wordpress.org/trunk@45731 git-svn-id: http://core.svn.wordpress.org/trunk@45542 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov
parent
c377191858
commit
7dbc4d28e5
|
|
@ -14,6 +14,11 @@ if ( ! defined( 'ABSPATH' ) ) {
|
|||
|
||||
define( 'WPINC', 'wp-includes' );
|
||||
|
||||
$protocol = $_SERVER['SERVER_PROTOCOL'];
|
||||
if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0' ) ) ) {
|
||||
$protocol = 'HTTP/1.0';
|
||||
}
|
||||
|
||||
$load = $_GET['load'];
|
||||
if ( is_array( $load ) ) {
|
||||
ksort( $load );
|
||||
|
|
@ -24,6 +29,7 @@ $load = preg_replace( '/[^a-z0-9,_-]+/i', '', $load );
|
|||
$load = array_unique( explode( ',', $load ) );
|
||||
|
||||
if ( empty( $load ) ) {
|
||||
header( "$protocol 400 Bad Request" );
|
||||
exit;
|
||||
}
|
||||
|
||||
|
|
@ -40,10 +46,6 @@ wp_default_packages_vendor( $wp_scripts );
|
|||
wp_default_packages_scripts( $wp_scripts );
|
||||
|
||||
if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) && stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) === $wp_version ) {
|
||||
$protocol = $_SERVER['SERVER_PROTOCOL'];
|
||||
if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0' ) ) ) {
|
||||
$protocol = 'HTTP/1.0';
|
||||
}
|
||||
header( "$protocol 304 Not Modified" );
|
||||
exit();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,6 +18,11 @@ require( ABSPATH . 'wp-admin/includes/noop.php' );
|
|||
require( ABSPATH . WPINC . '/script-loader.php' );
|
||||
require( ABSPATH . WPINC . '/version.php' );
|
||||
|
||||
$protocol = $_SERVER['SERVER_PROTOCOL'];
|
||||
if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0' ) ) ) {
|
||||
$protocol = 'HTTP/1.0';
|
||||
}
|
||||
|
||||
$load = $_GET['load'];
|
||||
if ( is_array( $load ) ) {
|
||||
ksort( $load );
|
||||
|
|
@ -28,6 +33,7 @@ $load = preg_replace( '/[^a-z0-9,_-]+/i', '', $load );
|
|||
$load = array_unique( explode( ',', $load ) );
|
||||
|
||||
if ( empty( $load ) ) {
|
||||
header( "$protocol 400 Bad Request" );
|
||||
exit;
|
||||
}
|
||||
|
||||
|
|
@ -39,10 +45,6 @@ $wp_styles = new WP_Styles();
|
|||
wp_default_styles( $wp_styles );
|
||||
|
||||
if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) && stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) === $wp_version ) {
|
||||
$protocol = $_SERVER['SERVER_PROTOCOL'];
|
||||
if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0' ) ) ) {
|
||||
$protocol = 'HTTP/1.0';
|
||||
}
|
||||
header( "$protocol 304 Not Modified" );
|
||||
exit();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '5.3-alpha-45730';
|
||||
$wp_version = '5.3-alpha-45731';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
|
|
|||
Loading…
Reference in New Issue