Backporting several bug fixes.
- Query: Remove the static query property. - HTTP API: Protect against hex interpretation. - Filesystem API: Prevent directory travelersals when creating new folders. - Administration: Ensure that admin referer nonce is valid. - REST API: Send a Vary: Origin header on GET requests. Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 4.7 branch. Built from https://develop.svn.wordpress.org/branches/4.7@46495 git-svn-id: http://core.svn.wordpress.org/branches/4.7@46292 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
1f06c6044e
commit
8e914c079d
|
@ -582,7 +582,6 @@ class WP_Query {
|
|||
, 'attachment'
|
||||
, 'attachment_id'
|
||||
, 'name'
|
||||
, 'static'
|
||||
, 'pagename'
|
||||
, 'page_id'
|
||||
, 'second'
|
||||
|
@ -811,7 +810,7 @@ class WP_Query {
|
|||
// If year, month, day, hour, minute, and second are set, a single
|
||||
// post is being queried.
|
||||
$this->is_single = true;
|
||||
} elseif ( '' != $qv['static'] || '' != $qv['pagename'] || !empty($qv['page_id']) ) {
|
||||
} elseif ( '' != $qv['pagename'] || !empty($qv['page_id']) ) {
|
||||
$this->is_page = true;
|
||||
$this->is_single = false;
|
||||
} else {
|
||||
|
@ -3048,7 +3047,15 @@ class WP_Query {
|
|||
*/
|
||||
$this->found_posts = $wpdb->get_var( apply_filters_ref_array( 'found_posts_query', array( 'SELECT FOUND_ROWS()', &$this ) ) );
|
||||
} else {
|
||||
$this->found_posts = count( $this->posts );
|
||||
if ( is_array( $this->posts ) ) {
|
||||
$this->found_posts = count( $this->posts );
|
||||
} else {
|
||||
if ( null === $this->posts ) {
|
||||
$this->found_posts = 0;
|
||||
} else {
|
||||
$this->found_posts = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -15,7 +15,7 @@ class WP {
|
|||
* @access public
|
||||
* @var array
|
||||
*/
|
||||
public $public_query_vars = array('m', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' );
|
||||
public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' );
|
||||
|
||||
/**
|
||||
* Private query variables.
|
||||
|
|
|
@ -1608,6 +1608,11 @@ function wp_mkdir_p( $target ) {
|
|||
if ( file_exists( $target ) )
|
||||
return @is_dir( $target );
|
||||
|
||||
// Do not allow path traversals.
|
||||
if ( false !== strpos( $target, '../' ) || false !== strpos( $target, '..' . DIRECTORY_SEPARATOR ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// We need to find the permissions of the parent folder that exists and inherit that.
|
||||
$target_parent = dirname( $target );
|
||||
while ( '.' != $target_parent && ! is_dir( $target_parent ) ) {
|
||||
|
|
|
@ -541,8 +541,9 @@ function wp_http_validate_url( $url ) {
|
|||
$ip = $host;
|
||||
} else {
|
||||
$ip = gethostbyname( $host );
|
||||
if ( $ip === $host ) // Error condition for gethostbyname()
|
||||
$ip = false;
|
||||
if ( $ip === $host ) { // Error condition for gethostbyname()
|
||||
return false;
|
||||
}
|
||||
}
|
||||
if ( $ip ) {
|
||||
$parts = array_map( 'intval', explode( '.', $ip ) );
|
||||
|
|
|
@ -1055,7 +1055,7 @@ if ( !function_exists('check_admin_referer') ) :
|
|||
* 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
|
||||
*/
|
||||
function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
|
||||
if ( -1 == $action )
|
||||
if ( -1 === $action )
|
||||
_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
|
||||
|
||||
$adminurl = strtolower(admin_url());
|
||||
|
@ -1073,7 +1073,7 @@ function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
|
|||
*/
|
||||
do_action( 'check_admin_referer', $action, $result );
|
||||
|
||||
if ( ! $result && ! ( -1 == $action && strpos( $referer, $adminurl ) === 0 ) ) {
|
||||
if ( ! $result && ! ( -1 === $action && strpos( $referer, $adminurl ) === 0 ) ) {
|
||||
wp_nonce_ays( $action );
|
||||
die();
|
||||
}
|
||||
|
@ -2518,4 +2518,3 @@ function wp_text_diff( $left_string, $right_string, $args = null ) {
|
|||
return $r;
|
||||
}
|
||||
endif;
|
||||
|
||||
|
|
|
@ -528,7 +528,9 @@ function rest_send_cors_headers( $value ) {
|
|||
header( 'Access-Control-Allow-Origin: ' . esc_url_raw( $origin ) );
|
||||
header( 'Access-Control-Allow-Methods: OPTIONS, GET, POST, PUT, PATCH, DELETE' );
|
||||
header( 'Access-Control-Allow-Credentials: true' );
|
||||
header( 'Vary: Origin' );
|
||||
header( 'Vary: Origin', false );
|
||||
} elseif ( ! headers_sent() && 'GET' === $_SERVER['REQUEST_METHOD'] && ! is_user_logged_in() ) {
|
||||
header( 'Vary: Origin', false );
|
||||
}
|
||||
|
||||
return $value;
|
||||
|
|
Loading…
Reference in New Issue