From dc03144cd718ff6b75b05454c3b1f6b08223b8ec Mon Sep 17 00:00:00 2001 From: desrosj Date: Thu, 6 Jan 2022 18:19:21 +0000 Subject: [PATCH] Grouped backports to the 4.4 branch. - Query: Improve sanitization within `WP_Tax_Query`. - Query: Improve sanitization within `WP_Meta_Query`. - Upgrade/Install: Avoid using `unserialize()` unnecessarily. - Formatting: Correctly encode ASCII characters in post slugs. Merges [52454-52457] to the 4.4 branch. Props vortfu, dd32, ehtis, zieladam, whyisjake, xknown, peterwilsoncc, desrosj, iandunn. Built from https://develop.svn.wordpress.org/branches/4.4@52479 git-svn-id: http://core.svn.wordpress.org/branches/4.4@52071 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/upgrade.php | 4 ++-- wp-includes/class-wp-meta-query.php | 2 +- wp-includes/class-wp-tax-query.php | 8 ++++++-- wp-includes/formatting.php | 19 ++++++++++++------- wp-includes/post.php | 2 +- 5 files changed, 22 insertions(+), 13 deletions(-) diff --git a/wp-admin/includes/upgrade.php b/wp-admin/includes/upgrade.php index 3281eda4cc..03501252f5 100644 --- a/wp-admin/includes/upgrade.php +++ b/wp-admin/includes/upgrade.php @@ -1216,8 +1216,8 @@ function upgrade_280() { $start = 0; while( $rows = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options ORDER BY option_id LIMIT $start, 20" ) ) { foreach ( $rows as $row ) { - $value = $row->option_value; - if ( !@unserialize( $value ) ) + $value = maybe_unserialize( $row->option_value ); + if ( $value === $row->option_value ) $value = stripslashes( $value ); if ( $value !== $row->option_value ) { update_option( $row->option_name, $value ); diff --git a/wp-includes/class-wp-meta-query.php b/wp-includes/class-wp-meta-query.php index d9419e7a42..2cdd80d16d 100644 --- a/wp-includes/class-wp-meta-query.php +++ b/wp-includes/class-wp-meta-query.php @@ -713,7 +713,7 @@ class WP_Meta_Query { $clause_compare = strtoupper( $clause['compare'] ); $sibling_compare = strtoupper( $sibling['compare'] ); if ( in_array( $clause_compare, $compatible_compares ) && in_array( $sibling_compare, $compatible_compares ) ) { - $alias = $sibling['alias']; + $alias = preg_replace( '/\W/', '_', $sibling['alias'] ); break; } } diff --git a/wp-includes/class-wp-tax-query.php b/wp-includes/class-wp-tax-query.php index 356b69292c..1107164e50 100644 --- a/wp-includes/class-wp-tax-query.php +++ b/wp-includes/class-wp-tax-query.php @@ -543,7 +543,7 @@ class WP_Tax_Query { // The sibling must both have compatible operator to share its alias. if ( in_array( strtoupper( $sibling['operator'] ), $compatible_operators ) ) { - $alias = $sibling['alias']; + $alias = preg_replace( '/\W/', '_', $sibling['alias'] ); break; } } @@ -573,7 +573,11 @@ class WP_Tax_Query { return; } - $query['terms'] = array_unique( (array) $query['terms'] ); + if ( 'slug' === $query['field'] || 'name' === $query['field'] ) { + $query['terms'] = array_unique( (array) $query['terms'] ); + } else { + $query['terms'] = wp_parse_id_list( $query['terms'] ); + } if ( is_taxonomy_hierarchical( $query['taxonomy'] ) && $query['include_children'] ) { $this->transform_query( $query, 'term_id' ); diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index 784ae435bf..fe56cf825d 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -1064,12 +1064,14 @@ function wp_check_invalid_utf8( $string, $strip = false ) { * Encode the Unicode values to be used in the URI. * * @since 1.5.0 + * @since 5.8.3 Added the `encode_ascii_characters` parameter. * - * @param string $utf8_string - * @param int $length Max length of the string + * @param string $utf8_string String to encode. + * @param int $length Max length of the string + * @param bool $encode_ascii_characters Whether to encode ascii characters such as < " ' * @return string String with Unicode encoded for URI. */ -function utf8_uri_encode( $utf8_string, $length = 0 ) { +function utf8_uri_encode( $utf8_string, $length = 0, $encode_ascii_characters = false ) { $unicode = ''; $values = array(); $num_octets = 1; @@ -1084,11 +1086,14 @@ function utf8_uri_encode( $utf8_string, $length = 0 ) { $value = ord( $utf8_string[ $i ] ); if ( $value < 128 ) { - if ( $length && ( $unicode_length >= $length ) ) { + $char = chr( $value ); + $encoded_char = $encode_ascii_characters ? rawurlencode( $char ) : $char; + $encoded_char_length = strlen( $encoded_char ); + if ( $length && ( $unicode_length + $encoded_char_length ) > $length ) { break; } - $unicode .= chr( $value ); - $unicode_length++; + $unicode .= $encoded_char; + $unicode_length += $encoded_char_length; } else { if ( count( $values ) == 0 ) { if ( $value < 224 ) { @@ -4848,4 +4853,4 @@ function _wp_441_dashboard_display_configure_links_css() { #dashboard-widgets .hndle .postbox-title-action { float: right; line-height: 1.2; } '; } -add_action( 'admin_print_styles-index.php', '_wp_441_dashboard_display_configure_links_css' ); \ No newline at end of file +add_action( 'admin_print_styles-index.php', '_wp_441_dashboard_display_configure_links_css' ); diff --git a/wp-includes/post.php b/wp-includes/post.php index 68cf68d2cd..43771986ff 100644 --- a/wp-includes/post.php +++ b/wp-includes/post.php @@ -3688,7 +3688,7 @@ function _truncate_post_slug( $slug, $length = 200 ) { if ( $decoded_slug === $slug ) $slug = substr( $slug, 0, $length ); else - $slug = utf8_uri_encode( $decoded_slug, $length ); + $slug = utf8_uri_encode( $decoded_slug, $length, true ); } return rtrim( $slug, '-' );