Backporting several bug fixes.

- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.
- Customizer: Properly sanitize background images.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 4.4 branch.

Built from https://develop.svn.wordpress.org/branches/4.4@46498


git-svn-id: http://core.svn.wordpress.org/branches/4.4@46295 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
whyisjake 2019-10-14 19:09:23 +00:00
parent d1cc3f64da
commit 9a0b89f7a8
12 changed files with 7423 additions and 6825 deletions

View File

@ -15,7 +15,7 @@ class WP {
* @access public * @access public
* @var array * @var array
*/ */
public $public_query_vars = array('m', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'comments_popup', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' ); public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' );
/** /**
* Private query variables. * Private query variables.

View File

@ -1580,6 +1580,11 @@ function wp_mkdir_p( $target ) {
if ( file_exists( $target ) ) if ( file_exists( $target ) )
return @is_dir( $target ); return @is_dir( $target );
// Do not allow path traversals.
if ( false !== strpos( $target, '../' ) || false !== strpos( $target, '..' . DIRECTORY_SEPARATOR ) ) {
return false;
}
// We need to find the permissions of the parent folder that exists and inherit that. // We need to find the permissions of the parent folder that exists and inherit that.
$target_parent = dirname( $target ); $target_parent = dirname( $target );
while ( '.' != $target_parent && ! is_dir( $target_parent ) ) { while ( '.' != $target_parent && ! is_dir( $target_parent ) ) {

View File

@ -531,8 +531,9 @@ function wp_http_validate_url( $url ) {
$ip = $host; $ip = $host;
} else { } else {
$ip = gethostbyname( $host ); $ip = gethostbyname( $host );
if ( $ip === $host ) // Error condition for gethostbyname() if ( $ip === $host ) { // Error condition for gethostbyname()
$ip = false; return false;
}
} }
if ( $ip ) { if ( $ip ) {
$parts = array_map( 'intval', explode( '.', $ip ) ); $parts = array_map( 'intval', explode( '.', $ip ) );

View File

@ -1,4 +1,72 @@
(function e(t,n,r){function s(o,u){if(!n[o]){if(!t[o]){var a=typeof require=="function"&&require;if(!u&&a)return a(o,!0);if(i)return i(o,!0);var f=new Error("Cannot find module '"+o+"'");throw f.code="MODULE_NOT_FOUND",f}var l=n[o]={exports:{}};t[o][0].call(l.exports,function(e){var n=t[o][1][e];return s(n?n:e)},l,l.exports,e,t,n,r)}return n[o].exports}var i=typeof require=="function"&&require;for(var o=0;o<r.length;o++)s(r[o]);return s})({1:[function(require,module,exports){ /******/ (function(modules) { // webpackBootstrap
/******/ // The module cache
/******/ var installedModules = {};
/******/
/******/ // The require function
/******/ function __webpack_require__(moduleId) {
/******/
/******/ // Check if module is in cache
/******/ if(installedModules[moduleId]) {
/******/ return installedModules[moduleId].exports;
/******/ }
/******/ // Create a new module (and put it into the cache)
/******/ var module = installedModules[moduleId] = {
/******/ i: moduleId,
/******/ l: false,
/******/ exports: {}
/******/ };
/******/
/******/ // Execute the module function
/******/ modules[moduleId].call(module.exports, module, module.exports, __webpack_require__);
/******/
/******/ // Flag the module as loaded
/******/ module.l = true;
/******/
/******/ // Return the exports of the module
/******/ return module.exports;
/******/ }
/******/
/******/
/******/ // expose the modules object (__webpack_modules__)
/******/ __webpack_require__.m = modules;
/******/
/******/ // expose the module cache
/******/ __webpack_require__.c = installedModules;
/******/
/******/ // define getter function for harmony exports
/******/ __webpack_require__.d = function(exports, name, getter) {
/******/ if(!__webpack_require__.o(exports, name)) {
/******/ Object.defineProperty(exports, name, {
/******/ configurable: false,
/******/ enumerable: true,
/******/ get: getter
/******/ });
/******/ }
/******/ };
/******/
/******/ // getDefaultExport function for compatibility with non-harmony modules
/******/ __webpack_require__.n = function(module) {
/******/ var getter = module && module.__esModule ?
/******/ function getDefault() { return module['default']; } :
/******/ function getModuleExports() { return module; };
/******/ __webpack_require__.d(getter, 'a', getter);
/******/ return getter;
/******/ };
/******/
/******/ // Object.prototype.hasOwnProperty.call
/******/ __webpack_require__.o = function(object, property) { return Object.prototype.hasOwnProperty.call(object, property); };
/******/
/******/ // __webpack_public_path__
/******/ __webpack_require__.p = "";
/******/
/******/ // Load entry module and return exports
/******/ return __webpack_require__(__webpack_require__.s = 0);
/******/ })
/************************************************************************/
/******/ ([
/* 0 */
/***/ (function(module, exports, __webpack_require__) {
var media = wp.media, var media = wp.media,
baseSettings = window._wpmejsSettings || {}, baseSettings = window._wpmejsSettings || {},
l10n = window._wpMediaViewsL10n || {}; l10n = window._wpMediaViewsL10n || {};
@ -205,83 +273,21 @@ wp.media.video = {
} }
}; };
media.model.PostMedia = require( './models/post-media.js' ); media.model.PostMedia = __webpack_require__( 1 );
media.controller.AudioDetails = require( './controllers/audio-details.js' ); media.controller.AudioDetails = __webpack_require__( 2 );
media.controller.VideoDetails = require( './controllers/video-details.js' ); media.controller.VideoDetails = __webpack_require__( 3 );
media.view.MediaFrame.MediaDetails = require( './views/frame/media-details.js' ); media.view.MediaFrame.MediaDetails = __webpack_require__( 4 );
media.view.MediaFrame.AudioDetails = require( './views/frame/audio-details.js' ); media.view.MediaFrame.AudioDetails = __webpack_require__( 5 );
media.view.MediaFrame.VideoDetails = require( './views/frame/video-details.js' ); media.view.MediaFrame.VideoDetails = __webpack_require__( 6 );
media.view.MediaDetails = require( './views/media-details.js' ); media.view.MediaDetails = __webpack_require__( 7 );
media.view.AudioDetails = require( './views/audio-details.js' ); media.view.AudioDetails = __webpack_require__( 8 );
media.view.VideoDetails = require( './views/video-details.js' ); media.view.VideoDetails = __webpack_require__( 9 );
},{"./controllers/audio-details.js":2,"./controllers/video-details.js":3,"./models/post-media.js":4,"./views/audio-details.js":5,"./views/frame/audio-details.js":6,"./views/frame/media-details.js":7,"./views/frame/video-details.js":8,"./views/media-details.js":9,"./views/video-details.js":10}],2:[function(require,module,exports){
/**
* wp.media.controller.AudioDetails
*
* The controller for the Audio Details state
*
* @class
* @augments wp.media.controller.State
* @augments Backbone.Model
*/
var State = wp.media.controller.State,
l10n = wp.media.view.l10n,
AudioDetails;
AudioDetails = State.extend({ /***/ }),
defaults: { /* 1 */
id: 'audio-details', /***/ (function(module, exports) {
toolbar: 'audio-details',
title: l10n.audioDetailsTitle,
content: 'audio-details',
menu: 'audio-details',
router: false,
priority: 60
},
initialize: function( options ) {
this.media = options.media;
State.prototype.initialize.apply( this, arguments );
}
});
module.exports = AudioDetails;
},{}],3:[function(require,module,exports){
/**
* wp.media.controller.VideoDetails
*
* The controller for the Video Details state
*
* @class
* @augments wp.media.controller.State
* @augments Backbone.Model
*/
var State = wp.media.controller.State,
l10n = wp.media.view.l10n,
VideoDetails;
VideoDetails = State.extend({
defaults: {
id: 'video-details',
toolbar: 'video-details',
title: l10n.videoDetailsTitle,
content: 'video-details',
menu: 'video-details',
router: false,
priority: 60
},
initialize: function( options ) {
this.media = options.media;
State.prototype.initialize.apply( this, arguments );
}
});
module.exports = VideoDetails;
},{}],4:[function(require,module,exports){
/** /**
* wp.media.model.PostMedia * wp.media.model.PostMedia
* *
@ -323,121 +329,85 @@ var PostMedia = Backbone.Model.extend({
module.exports = PostMedia; module.exports = PostMedia;
},{}],5:[function(require,module,exports){
/***/ }),
/* 2 */
/***/ (function(module, exports) {
/** /**
* wp.media.view.AudioDetails * wp.media.controller.AudioDetails
*
* The controller for the Audio Details state
* *
* @class * @class
* @augments wp.media.view.MediaDetails * @augments wp.media.controller.State
* @augments wp.media.view.Settings.AttachmentDisplay * @augments Backbone.Model
* @augments wp.media.view.Settings
* @augments wp.media.View
* @augments wp.Backbone.View
* @augments Backbone.View
*/ */
var MediaDetails = wp.media.view.MediaDetails, var State = wp.media.controller.State,
AudioDetails;
AudioDetails = MediaDetails.extend({
className: 'audio-details',
template: wp.template('audio-details'),
setMedia: function() {
var audio = this.$('.wp-audio-shortcode');
if ( audio.find( 'source' ).length ) {
if ( audio.is(':hidden') ) {
audio.show();
}
this.media = MediaDetails.prepareSrc( audio.get(0) );
} else {
audio.hide();
this.media = false;
}
return this;
}
});
module.exports = AudioDetails;
},{}],6:[function(require,module,exports){
/**
* wp.media.view.MediaFrame.AudioDetails
*
* @class
* @augments wp.media.view.MediaFrame.MediaDetails
* @augments wp.media.view.MediaFrame.Select
* @augments wp.media.view.MediaFrame
* @augments wp.media.view.Frame
* @augments wp.media.View
* @augments wp.Backbone.View
* @augments Backbone.View
* @mixes wp.media.controller.StateMachine
*/
var MediaDetails = wp.media.view.MediaFrame.MediaDetails,
MediaLibrary = wp.media.controller.MediaLibrary,
l10n = wp.media.view.l10n, l10n = wp.media.view.l10n,
AudioDetails; AudioDetails;
AudioDetails = MediaDetails.extend({ AudioDetails = State.extend({
defaults: { defaults: {
id: 'audio', id: 'audio-details',
url: '',
menu: 'audio-details',
content: 'audio-details',
toolbar: 'audio-details', toolbar: 'audio-details',
type: 'link',
title: l10n.audioDetailsTitle, title: l10n.audioDetailsTitle,
priority: 120 content: 'audio-details',
menu: 'audio-details',
router: false,
priority: 60
}, },
initialize: function( options ) { initialize: function( options ) {
options.DetailsView = wp.media.view.AudioDetails; this.media = options.media;
options.cancelText = l10n.audioDetailsCancel; State.prototype.initialize.apply( this, arguments );
options.addText = l10n.audioAddSourceTitle;
MediaDetails.prototype.initialize.call( this, options );
},
bindHandlers: function() {
MediaDetails.prototype.bindHandlers.apply( this, arguments );
this.on( 'toolbar:render:replace-audio', this.renderReplaceToolbar, this );
this.on( 'toolbar:render:add-audio-source', this.renderAddSourceToolbar, this );
},
createStates: function() {
this.states.add([
new wp.media.controller.AudioDetails( {
media: this.media
} ),
new MediaLibrary( {
type: 'audio',
id: 'replace-audio',
title: l10n.audioReplaceTitle,
toolbar: 'replace-audio',
media: this.media,
menu: 'audio-details'
} ),
new MediaLibrary( {
type: 'audio',
id: 'add-audio-source',
title: l10n.audioAddSourceTitle,
toolbar: 'add-audio-source',
media: this.media,
menu: false
} )
]);
} }
}); });
module.exports = AudioDetails; module.exports = AudioDetails;
},{}],7:[function(require,module,exports){
/***/ }),
/* 3 */
/***/ (function(module, exports) {
/**
* wp.media.controller.VideoDetails
*
* The controller for the Video Details state
*
* @class
* @augments wp.media.controller.State
* @augments Backbone.Model
*/
var State = wp.media.controller.State,
l10n = wp.media.view.l10n,
VideoDetails;
VideoDetails = State.extend({
defaults: {
id: 'video-details',
toolbar: 'video-details',
title: l10n.videoDetailsTitle,
content: 'video-details',
menu: 'video-details',
router: false,
priority: 60
},
initialize: function( options ) {
this.media = options.media;
State.prototype.initialize.apply( this, arguments );
}
});
module.exports = VideoDetails;
/***/ }),
/* 4 */
/***/ (function(module, exports) {
/** /**
* wp.media.view.MediaFrame.MediaDetails * wp.media.view.MediaFrame.MediaDetails
* *
@ -567,7 +537,91 @@ MediaDetails = Select.extend({
module.exports = MediaDetails; module.exports = MediaDetails;
},{}],8:[function(require,module,exports){
/***/ }),
/* 5 */
/***/ (function(module, exports) {
/**
* wp.media.view.MediaFrame.AudioDetails
*
* @class
* @augments wp.media.view.MediaFrame.MediaDetails
* @augments wp.media.view.MediaFrame.Select
* @augments wp.media.view.MediaFrame
* @augments wp.media.view.Frame
* @augments wp.media.View
* @augments wp.Backbone.View
* @augments Backbone.View
* @mixes wp.media.controller.StateMachine
*/
var MediaDetails = wp.media.view.MediaFrame.MediaDetails,
MediaLibrary = wp.media.controller.MediaLibrary,
l10n = wp.media.view.l10n,
AudioDetails;
AudioDetails = MediaDetails.extend({
defaults: {
id: 'audio',
url: '',
menu: 'audio-details',
content: 'audio-details',
toolbar: 'audio-details',
type: 'link',
title: l10n.audioDetailsTitle,
priority: 120
},
initialize: function( options ) {
options.DetailsView = wp.media.view.AudioDetails;
options.cancelText = l10n.audioDetailsCancel;
options.addText = l10n.audioAddSourceTitle;
MediaDetails.prototype.initialize.call( this, options );
},
bindHandlers: function() {
MediaDetails.prototype.bindHandlers.apply( this, arguments );
this.on( 'toolbar:render:replace-audio', this.renderReplaceToolbar, this );
this.on( 'toolbar:render:add-audio-source', this.renderAddSourceToolbar, this );
},
createStates: function() {
this.states.add([
new wp.media.controller.AudioDetails( {
media: this.media
} ),
new MediaLibrary( {
type: 'audio',
id: 'replace-audio',
title: l10n.audioReplaceTitle,
toolbar: 'replace-audio',
media: this.media,
menu: 'audio-details'
} ),
new MediaLibrary( {
type: 'audio',
id: 'add-audio-source',
title: l10n.audioAddSourceTitle,
toolbar: 'add-audio-source',
media: this.media,
menu: false
} )
]);
}
});
module.exports = AudioDetails;
/***/ }),
/* 6 */
/***/ (function(module, exports) {
/** /**
* wp.media.view.MediaFrame.VideoDetails * wp.media.view.MediaFrame.VideoDetails
* *
@ -702,7 +756,11 @@ VideoDetails = MediaDetails.extend({
module.exports = VideoDetails; module.exports = VideoDetails;
},{}],9:[function(require,module,exports){
/***/ }),
/* 7 */
/***/ (function(module, exports) {
/* global MediaElementPlayer */ /* global MediaElementPlayer */
/** /**
@ -870,7 +928,53 @@ MediaDetails = AttachmentDisplay.extend({
module.exports = MediaDetails; module.exports = MediaDetails;
},{}],10:[function(require,module,exports){
/***/ }),
/* 8 */
/***/ (function(module, exports) {
/**
* wp.media.view.AudioDetails
*
* @class
* @augments wp.media.view.MediaDetails
* @augments wp.media.view.Settings.AttachmentDisplay
* @augments wp.media.view.Settings
* @augments wp.media.View
* @augments wp.Backbone.View
* @augments Backbone.View
*/
var MediaDetails = wp.media.view.MediaDetails,
AudioDetails;
AudioDetails = MediaDetails.extend({
className: 'audio-details',
template: wp.template('audio-details'),
setMedia: function() {
var audio = this.$('.wp-audio-shortcode');
if ( audio.find( 'source' ).length ) {
if ( audio.is(':hidden') ) {
audio.show();
}
this.media = MediaDetails.prepareSrc( audio.get(0) );
} else {
audio.hide();
this.media = false;
}
return this;
}
});
module.exports = AudioDetails;
/***/ }),
/* 9 */
/***/ (function(module, exports) {
/** /**
* wp.media.view.VideoDetails * wp.media.view.VideoDetails
* *
@ -913,4 +1017,6 @@ VideoDetails = MediaDetails.extend({
module.exports = VideoDetails; module.exports = VideoDetails;
},{}]},{},[1]);
/***/ })
/******/ ]);

File diff suppressed because one or more lines are too long

File diff suppressed because it is too large Load Diff

File diff suppressed because one or more lines are too long

File diff suppressed because it is too large Load Diff

File diff suppressed because one or more lines are too long

View File

@ -1101,8 +1101,8 @@ if ( !function_exists('check_admin_referer') ) :
* 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago. * 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
*/ */
function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) { function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
if ( -1 == $action ) if ( -1 === $action )
_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2' ); _doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
$adminurl = strtolower(admin_url()); $adminurl = strtolower(admin_url());
$referer = strtolower(wp_get_referer()); $referer = strtolower(wp_get_referer());
@ -1119,7 +1119,7 @@ function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
*/ */
do_action( 'check_admin_referer', $action, $result ); do_action( 'check_admin_referer', $action, $result );
if ( ! $result && ! ( -1 == $action && strpos( $referer, $adminurl ) === 0 ) ) { if ( ! $result && ! ( -1 === $action && strpos( $referer, $adminurl ) === 0 ) ) {
wp_nonce_ays( $action ); wp_nonce_ays( $action );
die(); die();
} }
@ -1144,6 +1144,9 @@ if ( !function_exists('check_ajax_referer') ) :
* 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago. * 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
*/ */
function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) { function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
if ( -1 === $action )
_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
$nonce = ''; $nonce = '';
if ( $query_arg && isset( $_REQUEST[ $query_arg ] ) ) if ( $query_arg && isset( $_REQUEST[ $query_arg ] ) )
@ -2493,4 +2496,3 @@ function wp_text_diff( $left_string, $right_string, $args = null ) {
return $r; return $r;
} }
endif; endif;

View File

@ -1457,7 +1457,6 @@ class WP_Query {
, 'attachment' , 'attachment'
, 'attachment_id' , 'attachment_id'
, 'name' , 'name'
, 'static'
, 'pagename' , 'pagename'
, 'page_id' , 'page_id'
, 'second' , 'second'
@ -1668,7 +1667,7 @@ class WP_Query {
// If year, month, day, hour, minute, and second are set, a single // If year, month, day, hour, minute, and second are set, a single
// post is being queried. // post is being queried.
$this->is_single = true; $this->is_single = true;
} elseif ( '' != $qv['static'] || '' != $qv['pagename'] || !empty($qv['page_id']) ) { } elseif ( '' != $qv['pagename'] || !empty($qv['page_id']) ) {
$this->is_page = true; $this->is_page = true;
$this->is_single = false; $this->is_single = false;
} else { } else {

View File

@ -376,6 +376,9 @@ function rest_send_cors_headers( $value ) {
header( 'Access-Control-Allow-Origin: ' . esc_url_raw( $origin ) ); header( 'Access-Control-Allow-Origin: ' . esc_url_raw( $origin ) );
header( 'Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE' ); header( 'Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE' );
header( 'Access-Control-Allow-Credentials: true' ); header( 'Access-Control-Allow-Credentials: true' );
header( 'Vary: Origin', false );
} elseif ( ! headers_sent() && 'GET' === $_SERVER['REQUEST_METHOD'] && ! is_user_logged_in() ) {
header( 'Vary: Origin', false );
} }
return $value; return $value;