Grouped backports to the 4.1 branch.
- Query: Improve sanitization within `WP_Tax_Query`. - Query: Improve sanitization within `WP_Meta_Query`. - Upgrade/Install: Avoid using `unserialize()` unnecessarily. - Formatting: Correctly encode ASCII characters in post slugs. Merges [52454-52457] to the 4.1 branch. Props vortfu, dd32, ehtis, zieladam, whyisjake, xknown, peterwilsoncc, desrosj, iandunn. Built from https://develop.svn.wordpress.org/branches/4.1@52482 git-svn-id: http://core.svn.wordpress.org/branches/4.1@52074 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
1478e4afde
commit
8b1b01229e
|
@ -1077,8 +1077,8 @@ function upgrade_280() {
|
|||
$start = 0;
|
||||
while( $rows = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options ORDER BY option_id LIMIT $start, 20" ) ) {
|
||||
foreach( $rows as $row ) {
|
||||
$value = $row->option_value;
|
||||
if ( !@unserialize( $value ) )
|
||||
$value = maybe_unserialize( $row->option_value );
|
||||
if ( $value === $row->option_value )
|
||||
$value = stripslashes( $value );
|
||||
if ( $value !== $row->option_value ) {
|
||||
update_option( $row->option_name, $value );
|
||||
|
|
|
@ -863,12 +863,14 @@ function wp_check_invalid_utf8( $string, $strip = false ) {
|
|||
* Encode the Unicode values to be used in the URI.
|
||||
*
|
||||
* @since 1.5.0
|
||||
* @since 5.8.3 Added the `encode_ascii_characters` parameter.
|
||||
*
|
||||
* @param string $utf8_string
|
||||
* @param int $length Max length of the string
|
||||
* @param bool $encode_ascii_characters Whether to encode ascii characters such as < " '
|
||||
* @return string String with Unicode encoded for URI.
|
||||
*/
|
||||
function utf8_uri_encode( $utf8_string, $length = 0 ) {
|
||||
function utf8_uri_encode( $utf8_string, $length = 0, $encode_ascii_characters = false ) {
|
||||
$unicode = '';
|
||||
$values = array();
|
||||
$num_octets = 1;
|
||||
|
@ -883,10 +885,14 @@ function utf8_uri_encode( $utf8_string, $length = 0 ) {
|
|||
$value = ord( $utf8_string[ $i ] );
|
||||
|
||||
if ( $value < 128 ) {
|
||||
if ( $length && ( $unicode_length >= $length ) )
|
||||
$char = chr( $value );
|
||||
$encoded_char = $encode_ascii_characters ? rawurlencode( $char ) : $char;
|
||||
$encoded_char_length = strlen( $encoded_char );
|
||||
if ( $length && ( $unicode_length + $encoded_char_length ) > $length ) {
|
||||
break;
|
||||
$unicode .= chr($value);
|
||||
$unicode_length++;
|
||||
}
|
||||
$unicode .= $encoded_char;
|
||||
$unicode_length += $encoded_char_length;
|
||||
} else {
|
||||
if ( count( $values ) == 0 ) $num_octets = ( $value < 224 ) ? 2 : 3;
|
||||
|
||||
|
|
|
@ -1501,7 +1501,7 @@ class WP_Meta_Query {
|
|||
$clause_compare = strtoupper( $clause['compare'] );
|
||||
$sibling_compare = strtoupper( $sibling['compare'] );
|
||||
if ( in_array( $clause_compare, $compatible_compares ) && in_array( $sibling_compare, $compatible_compares ) ) {
|
||||
$alias = $sibling['alias'];
|
||||
$alias = preg_replace( '/\W/', '_', $sibling['alias'] );
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -3783,7 +3783,7 @@ function _truncate_post_slug( $slug, $length = 200 ) {
|
|||
if ( $decoded_slug === $slug )
|
||||
$slug = substr( $slug, 0, $length );
|
||||
else
|
||||
$slug = utf8_uri_encode( $decoded_slug, $length );
|
||||
$slug = utf8_uri_encode( $decoded_slug, $length, true );
|
||||
}
|
||||
|
||||
return rtrim( $slug, '-' );
|
||||
|
|
|
@ -1146,7 +1146,7 @@ class WP_Tax_Query {
|
|||
|
||||
// The sibling must both have compatible operator to share its alias.
|
||||
if ( in_array( strtoupper( $sibling['operator'] ), $compatible_operators ) ) {
|
||||
$alias = $sibling['alias'];
|
||||
$alias = preg_replace( '/\W/', '_', $sibling['alias'] );
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -1176,7 +1176,11 @@ class WP_Tax_Query {
|
|||
return;
|
||||
}
|
||||
|
||||
if ( 'slug' === $query['field'] || 'name' === $query['field'] ) {
|
||||
$query['terms'] = array_unique( (array) $query['terms'] );
|
||||
} else {
|
||||
$query['terms'] = wp_parse_id_list( $query['terms'] );
|
||||
}
|
||||
|
||||
if ( is_taxonomy_hierarchical( $query['taxonomy'] ) && $query['include_children'] ) {
|
||||
$this->transform_query( $query, 'term_id' );
|
||||
|
|
Loading…
Reference in New Issue