From cd2f52dda17231c5e9cbe0bb48369ecff4da396f Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Thu, 28 Jun 2018 02:37:26 +0000 Subject: [PATCH] Privacy: Make sure `wp_add_privacy_policy_content()` does not cause a fatal error by unintentionally flushing rewrite rules outside of the admin context. Add a `_doing_it_wrong()` message describing the correct usage of the function. Props kraftbj, azaozz, SergeyBiryukov, YuriV. Merges [43361], [43362], [43363] to the 4.9 branch. Fixes #44142. Built from https://develop.svn.wordpress.org/branches/4.9@43364 git-svn-id: http://core.svn.wordpress.org/branches/4.9@43192 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/misc.php | 16 ++++++++++++---- wp-admin/includes/plugin.php | 31 ++++++++++++++++++++++++++++--- wp-includes/version.php | 2 +- 3 files changed, 41 insertions(+), 8 deletions(-) diff --git a/wp-admin/includes/misc.php b/wp-admin/includes/misc.php index 6b466ed6cf..d03c1df57b 100644 --- a/wp-admin/includes/misc.php +++ b/wp-admin/includes/misc.php @@ -194,6 +194,8 @@ function insert_with_markers( $filename, $marker, $insertion ) { * @since 1.5.0 * * @global WP_Rewrite $wp_rewrite + * + * @return bool|null True on write success, false on failure. Null in multisite. */ function save_mod_rewrite_rules() { if ( is_multisite() ) @@ -201,8 +203,11 @@ function save_mod_rewrite_rules() { global $wp_rewrite; - $home_path = get_home_path(); - $htaccess_file = $home_path.'.htaccess'; + // Ensure get_home_path() is declared. + require_once( ABSPATH . 'wp-admin/includes/file.php' ); + + $home_path = get_home_path(); + $htaccess_file = $home_path . '.htaccess'; /* * If the file doesn't already exist check for write access to the directory @@ -226,7 +231,7 @@ function save_mod_rewrite_rules() { * * @global WP_Rewrite $wp_rewrite * - * @return bool True if web.config was updated successfully + * @return bool|null True on write success, false on failure. Null in multisite. */ function iis7_save_url_rewrite_rules(){ if ( is_multisite() ) @@ -234,7 +239,10 @@ function iis7_save_url_rewrite_rules(){ global $wp_rewrite; - $home_path = get_home_path(); + // Ensure get_home_path() is declared. + require_once( ABSPATH . 'wp-admin/includes/file.php' ); + + $home_path = get_home_path(); $web_config_file = $home_path . 'web.config'; // Using win_is_writable() instead of is_writable() because of a bug in Windows PHP diff --git a/wp-admin/includes/plugin.php b/wp-admin/includes/plugin.php index d794a8acc6..792b2a63d8 100644 --- a/wp-admin/includes/plugin.php +++ b/wp-admin/includes/plugin.php @@ -1898,15 +1898,17 @@ function plugin_sandbox_scrape( $plugin ) { } /** - * Helper function for adding content to the postbox shown when editing the privacy policy. + * Helper function for adding content to the Privacy Policy Guide. * * Plugins and themes should suggest text for inclusion in the site's privacy policy. * The suggested text should contain information about any functionality that affects user privacy, - * and will be shown in the Suggested Privacy Policy Content postbox. + * and will be shown on the Privacy Policy Guide screen. * * A plugin or theme can use this function multiple times as long as it will help to better present * the suggested policy content. For example modular plugins such as WooCommerse or Jetpack * can add or remove suggested content depending on the modules/extensions that are enabled. + * For more information see the Plugin Handbook: + * https://developer.wordpress.org/plugins/privacy/suggesting-text-for-the-site-privacy-policy/. * * Intended for use with the `'admin_init'` action. * @@ -1914,9 +1916,32 @@ function plugin_sandbox_scrape( $plugin ) { * * @param string $plugin_name The name of the plugin or theme that is suggesting content for the site's privacy policy. * @param string $policy_text The suggested content for inclusion in the policy. - * For more information see the Plugins Handbook https://developer.wordpress.org/plugins/. */ function wp_add_privacy_policy_content( $plugin_name, $policy_text ) { + if ( ! is_admin() ) { + _doing_it_wrong( + __FUNCTION__, + sprintf( + /* translators: %s: admin_init */ + __( 'The suggested privacy policy content should be added only in wp-admin by using the %s (or later) action.' ), + 'admin_init' + ), + '4.9.7' + ); + return; + } elseif ( ! doing_action( 'admin_init' ) && ! did_action( 'admin_init' ) ) { + _doing_it_wrong( + __FUNCTION__, + sprintf( + /* translators: %s: admin_init */ + __( 'The suggested privacy policy content should be added by using the %s (or later) action. Please see the inline documentation.' ), + 'admin_init' + ), + '4.9.7' + ); + return; + } + if ( ! class_exists( 'WP_Privacy_Policy_Content' ) ) { require_once( ABSPATH . 'wp-admin/includes/misc.php' ); } diff --git a/wp-includes/version.php b/wp-includes/version.php index e51209fa60..9fc27b79a4 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.9.7-alpha-43358'; +$wp_version = '4.9.7-alpha-43364'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.