Backporting several bug fixes.
- Query: Remove the static query property. - HTTP API: Protect against hex interpretation. - Filesystem API: Prevent directory travelersals when creating new folders. - Administration: Ensure that admin referer nonce is valid. - REST API: Send a Vary: Origin header on GET requests. - Customizer: Properly sanitize background images. Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 4.4 branch. Built from https://develop.svn.wordpress.org/branches/4.4@46498 git-svn-id: http://core.svn.wordpress.org/branches/4.4@46295 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
whyisjake
parent
d1cc3f64da
commit
9a0b89f7a8
|
|
@ -15,7 +15,7 @@ class WP {
|
|||
* @access public
|
||||
* @var array
|
||||
*/
|
||||
public $public_query_vars = array('m', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'comments_popup', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' );
|
||||
public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' );
|
||||
|
||||
/**
|
||||
* Private query variables.
|
||||
|
|
|
|||
|
|
@ -1580,6 +1580,11 @@ function wp_mkdir_p( $target ) {
|
|||
if ( file_exists( $target ) )
|
||||
return @is_dir( $target );
|
||||
|
||||
// Do not allow path traversals.
|
||||
if ( false !== strpos( $target, '../' ) || false !== strpos( $target, '..' . DIRECTORY_SEPARATOR ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// We need to find the permissions of the parent folder that exists and inherit that.
|
||||
$target_parent = dirname( $target );
|
||||
while ( '.' != $target_parent && ! is_dir( $target_parent ) ) {
|
||||
|
|
|
|||
|
|
@ -531,8 +531,9 @@ function wp_http_validate_url( $url ) {
|
|||
$ip = $host;
|
||||
} else {
|
||||
$ip = gethostbyname( $host );
|
||||
if ( $ip === $host ) // Error condition for gethostbyname()
|
||||
$ip = false;
|
||||
if ( $ip === $host ) { // Error condition for gethostbyname()
|
||||
return false;
|
||||
}
|
||||
}
|
||||
if ( $ip ) {
|
||||
$parts = array_map( 'intval', explode( '.', $ip ) );
|
||||
|
|
|
|||
|
|
@ -1,4 +1,72 @@
|
|||
(function e(t,n,r){function s(o,u){if(!n[o]){if(!t[o]){var a=typeof require=="function"&&require;if(!u&&a)return a(o,!0);if(i)return i(o,!0);var f=new Error("Cannot find module '"+o+"'");throw f.code="MODULE_NOT_FOUND",f}var l=n[o]={exports:{}};t[o][0].call(l.exports,function(e){var n=t[o][1][e];return s(n?n:e)},l,l.exports,e,t,n,r)}return n[o].exports}var i=typeof require=="function"&&require;for(var o=0;o<r.length;o++)s(r[o]);return s})({1:[function(require,module,exports){
|
||||
/******/ (function(modules) { // webpackBootstrap
|
||||
/******/ // The module cache
|
||||
/******/ var installedModules = {};
|
||||
/******/
|
||||
/******/ // The require function
|
||||
/******/ function __webpack_require__(moduleId) {
|
||||
/******/
|
||||
/******/ // Check if module is in cache
|
||||
/******/ if(installedModules[moduleId]) {
|
||||
/******/ return installedModules[moduleId].exports;
|
||||
/******/ }
|
||||
/******/ // Create a new module (and put it into the cache)
|
||||
/******/ var module = installedModules[moduleId] = {
|
||||
/******/ i: moduleId,
|
||||
/******/ l: false,
|
||||
/******/ exports: {}
|
||||
/******/ };
|
||||
/******/
|
||||
/******/ // Execute the module function
|
||||
/******/ modules[moduleId].call(module.exports, module, module.exports, __webpack_require__);
|
||||
/******/
|
||||
/******/ // Flag the module as loaded
|
||||
/******/ module.l = true;
|
||||
/******/
|
||||
/******/ // Return the exports of the module
|
||||
/******/ return module.exports;
|
||||
/******/ }
|
||||
/******/
|
||||
/******/
|
||||
/******/ // expose the modules object (__webpack_modules__)
|
||||
/******/ __webpack_require__.m = modules;
|
||||
/******/
|
||||
/******/ // expose the module cache
|
||||
/******/ __webpack_require__.c = installedModules;
|
||||
/******/
|
||||
/******/ // define getter function for harmony exports
|
||||
/******/ __webpack_require__.d = function(exports, name, getter) {
|
||||
/******/ if(!__webpack_require__.o(exports, name)) {
|
||||
/******/ Object.defineProperty(exports, name, {
|
||||
/******/ configurable: false,
|
||||
/******/ enumerable: true,
|
||||
/******/ get: getter
|
||||
/******/ });
|
||||
/******/ }
|
||||
/******/ };
|
||||
/******/
|
||||
/******/ // getDefaultExport function for compatibility with non-harmony modules
|
||||
/******/ __webpack_require__.n = function(module) {
|
||||
/******/ var getter = module && module.__esModule ?
|
||||
/******/ function getDefault() { return module['default']; } :
|
||||
/******/ function getModuleExports() { return module; };
|
||||
/******/ __webpack_require__.d(getter, 'a', getter);
|
||||
/******/ return getter;
|
||||
/******/ };
|
||||
/******/
|
||||
/******/ // Object.prototype.hasOwnProperty.call
|
||||
/******/ __webpack_require__.o = function(object, property) { return Object.prototype.hasOwnProperty.call(object, property); };
|
||||
/******/
|
||||
/******/ // __webpack_public_path__
|
||||
/******/ __webpack_require__.p = "";
|
||||
/******/
|
||||
/******/ // Load entry module and return exports
|
||||
/******/ return __webpack_require__(__webpack_require__.s = 0);
|
||||
/******/ })
|
||||
/************************************************************************/
|
||||
/******/ ([
|
||||
/* 0 */
|
||||
/***/ (function(module, exports, __webpack_require__) {
|
||||
|
||||
var media = wp.media,
|
||||
baseSettings = window._wpmejsSettings || {},
|
||||
l10n = window._wpMediaViewsL10n || {};
|
||||
|
|
@ -205,83 +273,21 @@ wp.media.video = {
|
|||
}
|
||||
};
|
||||
|
||||
media.model.PostMedia = require( './models/post-media.js' );
|
||||
media.controller.AudioDetails = require( './controllers/audio-details.js' );
|
||||
media.controller.VideoDetails = require( './controllers/video-details.js' );
|
||||
media.view.MediaFrame.MediaDetails = require( './views/frame/media-details.js' );
|
||||
media.view.MediaFrame.AudioDetails = require( './views/frame/audio-details.js' );
|
||||
media.view.MediaFrame.VideoDetails = require( './views/frame/video-details.js' );
|
||||
media.view.MediaDetails = require( './views/media-details.js' );
|
||||
media.view.AudioDetails = require( './views/audio-details.js' );
|
||||
media.view.VideoDetails = require( './views/video-details.js' );
|
||||
media.model.PostMedia = __webpack_require__( 1 );
|
||||
media.controller.AudioDetails = __webpack_require__( 2 );
|
||||
media.controller.VideoDetails = __webpack_require__( 3 );
|
||||
media.view.MediaFrame.MediaDetails = __webpack_require__( 4 );
|
||||
media.view.MediaFrame.AudioDetails = __webpack_require__( 5 );
|
||||
media.view.MediaFrame.VideoDetails = __webpack_require__( 6 );
|
||||
media.view.MediaDetails = __webpack_require__( 7 );
|
||||
media.view.AudioDetails = __webpack_require__( 8 );
|
||||
media.view.VideoDetails = __webpack_require__( 9 );
|
||||
|
||||
},{"./controllers/audio-details.js":2,"./controllers/video-details.js":3,"./models/post-media.js":4,"./views/audio-details.js":5,"./views/frame/audio-details.js":6,"./views/frame/media-details.js":7,"./views/frame/video-details.js":8,"./views/media-details.js":9,"./views/video-details.js":10}],2:[function(require,module,exports){
|
||||
/**
|
||||
* wp.media.controller.AudioDetails
|
||||
*
|
||||
* The controller for the Audio Details state
|
||||
*
|
||||
* @class
|
||||
* @augments wp.media.controller.State
|
||||
* @augments Backbone.Model
|
||||
*/
|
||||
var State = wp.media.controller.State,
|
||||
l10n = wp.media.view.l10n,
|
||||
AudioDetails;
|
||||
|
||||
AudioDetails = State.extend({
|
||||
defaults: {
|
||||
id: 'audio-details',
|
||||
toolbar: 'audio-details',
|
||||
title: l10n.audioDetailsTitle,
|
||||
content: 'audio-details',
|
||||
menu: 'audio-details',
|
||||
router: false,
|
||||
priority: 60
|
||||
},
|
||||
/***/ }),
|
||||
/* 1 */
|
||||
/***/ (function(module, exports) {
|
||||
|
||||
initialize: function( options ) {
|
||||
this.media = options.media;
|
||||
State.prototype.initialize.apply( this, arguments );
|
||||
}
|
||||
});
|
||||
|
||||
module.exports = AudioDetails;
|
||||
|
||||
},{}],3:[function(require,module,exports){
|
||||
/**
|
||||
* wp.media.controller.VideoDetails
|
||||
*
|
||||
* The controller for the Video Details state
|
||||
*
|
||||
* @class
|
||||
* @augments wp.media.controller.State
|
||||
* @augments Backbone.Model
|
||||
*/
|
||||
var State = wp.media.controller.State,
|
||||
l10n = wp.media.view.l10n,
|
||||
VideoDetails;
|
||||
|
||||
VideoDetails = State.extend({
|
||||
defaults: {
|
||||
id: 'video-details',
|
||||
toolbar: 'video-details',
|
||||
title: l10n.videoDetailsTitle,
|
||||
content: 'video-details',
|
||||
menu: 'video-details',
|
||||
router: false,
|
||||
priority: 60
|
||||
},
|
||||
|
||||
initialize: function( options ) {
|
||||
this.media = options.media;
|
||||
State.prototype.initialize.apply( this, arguments );
|
||||
}
|
||||
});
|
||||
|
||||
module.exports = VideoDetails;
|
||||
|
||||
},{}],4:[function(require,module,exports){
|
||||
/**
|
||||
* wp.media.model.PostMedia
|
||||
*
|
||||
|
|
@ -323,121 +329,85 @@ var PostMedia = Backbone.Model.extend({
|
|||
|
||||
module.exports = PostMedia;
|
||||
|
||||
},{}],5:[function(require,module,exports){
|
||||
|
||||
/***/ }),
|
||||
/* 2 */
|
||||
/***/ (function(module, exports) {
|
||||
|
||||
/**
|
||||
* wp.media.view.AudioDetails
|
||||
* wp.media.controller.AudioDetails
|
||||
*
|
||||
* The controller for the Audio Details state
|
||||
*
|
||||
* @class
|
||||
* @augments wp.media.view.MediaDetails
|
||||
* @augments wp.media.view.Settings.AttachmentDisplay
|
||||
* @augments wp.media.view.Settings
|
||||
* @augments wp.media.View
|
||||
* @augments wp.Backbone.View
|
||||
* @augments Backbone.View
|
||||
* @augments wp.media.controller.State
|
||||
* @augments Backbone.Model
|
||||
*/
|
||||
var MediaDetails = wp.media.view.MediaDetails,
|
||||
AudioDetails;
|
||||
|
||||
AudioDetails = MediaDetails.extend({
|
||||
className: 'audio-details',
|
||||
template: wp.template('audio-details'),
|
||||
|
||||
setMedia: function() {
|
||||
var audio = this.$('.wp-audio-shortcode');
|
||||
|
||||
if ( audio.find( 'source' ).length ) {
|
||||
if ( audio.is(':hidden') ) {
|
||||
audio.show();
|
||||
}
|
||||
this.media = MediaDetails.prepareSrc( audio.get(0) );
|
||||
} else {
|
||||
audio.hide();
|
||||
this.media = false;
|
||||
}
|
||||
|
||||
return this;
|
||||
}
|
||||
});
|
||||
|
||||
module.exports = AudioDetails;
|
||||
|
||||
},{}],6:[function(require,module,exports){
|
||||
/**
|
||||
* wp.media.view.MediaFrame.AudioDetails
|
||||
*
|
||||
* @class
|
||||
* @augments wp.media.view.MediaFrame.MediaDetails
|
||||
* @augments wp.media.view.MediaFrame.Select
|
||||
* @augments wp.media.view.MediaFrame
|
||||
* @augments wp.media.view.Frame
|
||||
* @augments wp.media.View
|
||||
* @augments wp.Backbone.View
|
||||
* @augments Backbone.View
|
||||
* @mixes wp.media.controller.StateMachine
|
||||
*/
|
||||
var MediaDetails = wp.media.view.MediaFrame.MediaDetails,
|
||||
MediaLibrary = wp.media.controller.MediaLibrary,
|
||||
|
||||
var State = wp.media.controller.State,
|
||||
l10n = wp.media.view.l10n,
|
||||
AudioDetails;
|
||||
|
||||
AudioDetails = MediaDetails.extend({
|
||||
AudioDetails = State.extend({
|
||||
defaults: {
|
||||
id: 'audio',
|
||||
url: '',
|
||||
menu: 'audio-details',
|
||||
content: 'audio-details',
|
||||
id: 'audio-details',
|
||||
toolbar: 'audio-details',
|
||||
type: 'link',
|
||||
title: l10n.audioDetailsTitle,
|
||||
priority: 120
|
||||
title: l10n.audioDetailsTitle,
|
||||
content: 'audio-details',
|
||||
menu: 'audio-details',
|
||||
router: false,
|
||||
priority: 60
|
||||
},
|
||||
|
||||
initialize: function( options ) {
|
||||
options.DetailsView = wp.media.view.AudioDetails;
|
||||
options.cancelText = l10n.audioDetailsCancel;
|
||||
options.addText = l10n.audioAddSourceTitle;
|
||||
|
||||
MediaDetails.prototype.initialize.call( this, options );
|
||||
},
|
||||
|
||||
bindHandlers: function() {
|
||||
MediaDetails.prototype.bindHandlers.apply( this, arguments );
|
||||
|
||||
this.on( 'toolbar:render:replace-audio', this.renderReplaceToolbar, this );
|
||||
this.on( 'toolbar:render:add-audio-source', this.renderAddSourceToolbar, this );
|
||||
},
|
||||
|
||||
createStates: function() {
|
||||
this.states.add([
|
||||
new wp.media.controller.AudioDetails( {
|
||||
media: this.media
|
||||
} ),
|
||||
|
||||
new MediaLibrary( {
|
||||
type: 'audio',
|
||||
id: 'replace-audio',
|
||||
title: l10n.audioReplaceTitle,
|
||||
toolbar: 'replace-audio',
|
||||
media: this.media,
|
||||
menu: 'audio-details'
|
||||
} ),
|
||||
|
||||
new MediaLibrary( {
|
||||
type: 'audio',
|
||||
id: 'add-audio-source',
|
||||
title: l10n.audioAddSourceTitle,
|
||||
toolbar: 'add-audio-source',
|
||||
media: this.media,
|
||||
menu: false
|
||||
} )
|
||||
]);
|
||||
this.media = options.media;
|
||||
State.prototype.initialize.apply( this, arguments );
|
||||
}
|
||||
});
|
||||
|
||||
module.exports = AudioDetails;
|
||||
|
||||
},{}],7:[function(require,module,exports){
|
||||
|
||||
/***/ }),
|
||||
/* 3 */
|
||||
/***/ (function(module, exports) {
|
||||
|
||||
/**
|
||||
* wp.media.controller.VideoDetails
|
||||
*
|
||||
* The controller for the Video Details state
|
||||
*
|
||||
* @class
|
||||
* @augments wp.media.controller.State
|
||||
* @augments Backbone.Model
|
||||
*/
|
||||
var State = wp.media.controller.State,
|
||||
l10n = wp.media.view.l10n,
|
||||
VideoDetails;
|
||||
|
||||
VideoDetails = State.extend({
|
||||
defaults: {
|
||||
id: 'video-details',
|
||||
toolbar: 'video-details',
|
||||
title: l10n.videoDetailsTitle,
|
||||
content: 'video-details',
|
||||
menu: 'video-details',
|
||||
router: false,
|
||||
priority: 60
|
||||
},
|
||||
|
||||
initialize: function( options ) {
|
||||
this.media = options.media;
|
||||
State.prototype.initialize.apply( this, arguments );
|
||||
}
|
||||
});
|
||||
|
||||
module.exports = VideoDetails;
|
||||
|
||||
|
||||
/***/ }),
|
||||
/* 4 */
|
||||
/***/ (function(module, exports) {
|
||||
|
||||
/**
|
||||
* wp.media.view.MediaFrame.MediaDetails
|
||||
*
|
||||
|
|
@ -567,7 +537,91 @@ MediaDetails = Select.extend({
|
|||
|
||||
module.exports = MediaDetails;
|
||||
|
||||
},{}],8:[function(require,module,exports){
|
||||
|
||||
/***/ }),
|
||||
/* 5 */
|
||||
/***/ (function(module, exports) {
|
||||
|
||||
/**
|
||||
* wp.media.view.MediaFrame.AudioDetails
|
||||
*
|
||||
* @class
|
||||
* @augments wp.media.view.MediaFrame.MediaDetails
|
||||
* @augments wp.media.view.MediaFrame.Select
|
||||
* @augments wp.media.view.MediaFrame
|
||||
* @augments wp.media.view.Frame
|
||||
* @augments wp.media.View
|
||||
* @augments wp.Backbone.View
|
||||
* @augments Backbone.View
|
||||
* @mixes wp.media.controller.StateMachine
|
||||
*/
|
||||
var MediaDetails = wp.media.view.MediaFrame.MediaDetails,
|
||||
MediaLibrary = wp.media.controller.MediaLibrary,
|
||||
|
||||
l10n = wp.media.view.l10n,
|
||||
AudioDetails;
|
||||
|
||||
AudioDetails = MediaDetails.extend({
|
||||
defaults: {
|
||||
id: 'audio',
|
||||
url: '',
|
||||
menu: 'audio-details',
|
||||
content: 'audio-details',
|
||||
toolbar: 'audio-details',
|
||||
type: 'link',
|
||||
title: l10n.audioDetailsTitle,
|
||||
priority: 120
|
||||
},
|
||||
|
||||
initialize: function( options ) {
|
||||
options.DetailsView = wp.media.view.AudioDetails;
|
||||
options.cancelText = l10n.audioDetailsCancel;
|
||||
options.addText = l10n.audioAddSourceTitle;
|
||||
|
||||
MediaDetails.prototype.initialize.call( this, options );
|
||||
},
|
||||
|
||||
bindHandlers: function() {
|
||||
MediaDetails.prototype.bindHandlers.apply( this, arguments );
|
||||
|
||||
this.on( 'toolbar:render:replace-audio', this.renderReplaceToolbar, this );
|
||||
this.on( 'toolbar:render:add-audio-source', this.renderAddSourceToolbar, this );
|
||||
},
|
||||
|
||||
createStates: function() {
|
||||
this.states.add([
|
||||
new wp.media.controller.AudioDetails( {
|
||||
media: this.media
|
||||
} ),
|
||||
|
||||
new MediaLibrary( {
|
||||
type: 'audio',
|
||||
id: 'replace-audio',
|
||||
title: l10n.audioReplaceTitle,
|
||||
toolbar: 'replace-audio',
|
||||
media: this.media,
|
||||
menu: 'audio-details'
|
||||
} ),
|
||||
|
||||
new MediaLibrary( {
|
||||
type: 'audio',
|
||||
id: 'add-audio-source',
|
||||
title: l10n.audioAddSourceTitle,
|
||||
toolbar: 'add-audio-source',
|
||||
media: this.media,
|
||||
menu: false
|
||||
} )
|
||||
]);
|
||||
}
|
||||
});
|
||||
|
||||
module.exports = AudioDetails;
|
||||
|
||||
|
||||
/***/ }),
|
||||
/* 6 */
|
||||
/***/ (function(module, exports) {
|
||||
|
||||
/**
|
||||
* wp.media.view.MediaFrame.VideoDetails
|
||||
*
|
||||
|
|
@ -702,7 +756,11 @@ VideoDetails = MediaDetails.extend({
|
|||
|
||||
module.exports = VideoDetails;
|
||||
|
||||
},{}],9:[function(require,module,exports){
|
||||
|
||||
/***/ }),
|
||||
/* 7 */
|
||||
/***/ (function(module, exports) {
|
||||
|
||||
/* global MediaElementPlayer */
|
||||
|
||||
/**
|
||||
|
|
@ -870,7 +928,53 @@ MediaDetails = AttachmentDisplay.extend({
|
|||
|
||||
module.exports = MediaDetails;
|
||||
|
||||
},{}],10:[function(require,module,exports){
|
||||
|
||||
/***/ }),
|
||||
/* 8 */
|
||||
/***/ (function(module, exports) {
|
||||
|
||||
/**
|
||||
* wp.media.view.AudioDetails
|
||||
*
|
||||
* @class
|
||||
* @augments wp.media.view.MediaDetails
|
||||
* @augments wp.media.view.Settings.AttachmentDisplay
|
||||
* @augments wp.media.view.Settings
|
||||
* @augments wp.media.View
|
||||
* @augments wp.Backbone.View
|
||||
* @augments Backbone.View
|
||||
*/
|
||||
var MediaDetails = wp.media.view.MediaDetails,
|
||||
AudioDetails;
|
||||
|
||||
AudioDetails = MediaDetails.extend({
|
||||
className: 'audio-details',
|
||||
template: wp.template('audio-details'),
|
||||
|
||||
setMedia: function() {
|
||||
var audio = this.$('.wp-audio-shortcode');
|
||||
|
||||
if ( audio.find( 'source' ).length ) {
|
||||
if ( audio.is(':hidden') ) {
|
||||
audio.show();
|
||||
}
|
||||
this.media = MediaDetails.prepareSrc( audio.get(0) );
|
||||
} else {
|
||||
audio.hide();
|
||||
this.media = false;
|
||||
}
|
||||
|
||||
return this;
|
||||
}
|
||||
});
|
||||
|
||||
module.exports = AudioDetails;
|
||||
|
||||
|
||||
/***/ }),
|
||||
/* 9 */
|
||||
/***/ (function(module, exports) {
|
||||
|
||||
/**
|
||||
* wp.media.view.VideoDetails
|
||||
*
|
||||
|
|
@ -913,4 +1017,6 @@ VideoDetails = MediaDetails.extend({
|
|||
|
||||
module.exports = VideoDetails;
|
||||
|
||||
},{}]},{},[1]);
|
||||
|
||||
/***/ })
|
||||
/******/ ]);
|
||||
File diff suppressed because one or more lines are too long
File diff suppressed because it is too large
Load Diff
File diff suppressed because one or more lines are too long
File diff suppressed because it is too large
Load Diff
File diff suppressed because one or more lines are too long
|
|
@ -1101,8 +1101,8 @@ if ( !function_exists('check_admin_referer') ) :
|
|||
* 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
|
||||
*/
|
||||
function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
|
||||
if ( -1 == $action )
|
||||
_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2' );
|
||||
if ( -1 === $action )
|
||||
_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
|
||||
|
||||
$adminurl = strtolower(admin_url());
|
||||
$referer = strtolower(wp_get_referer());
|
||||
|
|
@ -1119,7 +1119,7 @@ function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
|
|||
*/
|
||||
do_action( 'check_admin_referer', $action, $result );
|
||||
|
||||
if ( ! $result && ! ( -1 == $action && strpos( $referer, $adminurl ) === 0 ) ) {
|
||||
if ( ! $result && ! ( -1 === $action && strpos( $referer, $adminurl ) === 0 ) ) {
|
||||
wp_nonce_ays( $action );
|
||||
die();
|
||||
}
|
||||
|
|
@ -1144,6 +1144,9 @@ if ( !function_exists('check_ajax_referer') ) :
|
|||
* 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
|
||||
*/
|
||||
function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
|
||||
if ( -1 === $action )
|
||||
_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
|
||||
|
||||
$nonce = '';
|
||||
|
||||
if ( $query_arg && isset( $_REQUEST[ $query_arg ] ) )
|
||||
|
|
@ -2493,4 +2496,3 @@ function wp_text_diff( $left_string, $right_string, $args = null ) {
|
|||
return $r;
|
||||
}
|
||||
endif;
|
||||
|
||||
|
|
|
|||
|
|
@ -1457,7 +1457,6 @@ class WP_Query {
|
|||
, 'attachment'
|
||||
, 'attachment_id'
|
||||
, 'name'
|
||||
, 'static'
|
||||
, 'pagename'
|
||||
, 'page_id'
|
||||
, 'second'
|
||||
|
|
@ -1668,7 +1667,7 @@ class WP_Query {
|
|||
// If year, month, day, hour, minute, and second are set, a single
|
||||
// post is being queried.
|
||||
$this->is_single = true;
|
||||
} elseif ( '' != $qv['static'] || '' != $qv['pagename'] || !empty($qv['page_id']) ) {
|
||||
} elseif ( '' != $qv['pagename'] || !empty($qv['page_id']) ) {
|
||||
$this->is_page = true;
|
||||
$this->is_single = false;
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -376,6 +376,9 @@ function rest_send_cors_headers( $value ) {
|
|||
header( 'Access-Control-Allow-Origin: ' . esc_url_raw( $origin ) );
|
||||
header( 'Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE' );
|
||||
header( 'Access-Control-Allow-Credentials: true' );
|
||||
header( 'Vary: Origin', false );
|
||||
} elseif ( ! headers_sent() && 'GET' === $_SERVER['REQUEST_METHOD'] && ! is_user_logged_in() ) {
|
||||
header( 'Vary: Origin', false );
|
||||
}
|
||||
|
||||
return $value;
|
||||
|
|
|
|||
Loading…
Reference in New Issue