Grouped backports to the 4.4 branch.
- Query: Improve sanitization within `WP_Tax_Query`. - Query: Improve sanitization within `WP_Meta_Query`. - Upgrade/Install: Avoid using `unserialize()` unnecessarily. - Formatting: Correctly encode ASCII characters in post slugs. Merges [52454-52457] to the 4.4 branch. Props vortfu, dd32, ehtis, zieladam, whyisjake, xknown, peterwilsoncc, desrosj, iandunn. Built from https://develop.svn.wordpress.org/branches/4.4@52479 git-svn-id: http://core.svn.wordpress.org/branches/4.4@52071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
fac990ebab
commit
dc03144cd7
|
@ -1216,8 +1216,8 @@ function upgrade_280() {
|
||||||
$start = 0;
|
$start = 0;
|
||||||
while( $rows = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options ORDER BY option_id LIMIT $start, 20" ) ) {
|
while( $rows = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options ORDER BY option_id LIMIT $start, 20" ) ) {
|
||||||
foreach ( $rows as $row ) {
|
foreach ( $rows as $row ) {
|
||||||
$value = $row->option_value;
|
$value = maybe_unserialize( $row->option_value );
|
||||||
if ( !@unserialize( $value ) )
|
if ( $value === $row->option_value )
|
||||||
$value = stripslashes( $value );
|
$value = stripslashes( $value );
|
||||||
if ( $value !== $row->option_value ) {
|
if ( $value !== $row->option_value ) {
|
||||||
update_option( $row->option_name, $value );
|
update_option( $row->option_name, $value );
|
||||||
|
|
|
@ -713,7 +713,7 @@ class WP_Meta_Query {
|
||||||
$clause_compare = strtoupper( $clause['compare'] );
|
$clause_compare = strtoupper( $clause['compare'] );
|
||||||
$sibling_compare = strtoupper( $sibling['compare'] );
|
$sibling_compare = strtoupper( $sibling['compare'] );
|
||||||
if ( in_array( $clause_compare, $compatible_compares ) && in_array( $sibling_compare, $compatible_compares ) ) {
|
if ( in_array( $clause_compare, $compatible_compares ) && in_array( $sibling_compare, $compatible_compares ) ) {
|
||||||
$alias = $sibling['alias'];
|
$alias = preg_replace( '/\W/', '_', $sibling['alias'] );
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -543,7 +543,7 @@ class WP_Tax_Query {
|
||||||
|
|
||||||
// The sibling must both have compatible operator to share its alias.
|
// The sibling must both have compatible operator to share its alias.
|
||||||
if ( in_array( strtoupper( $sibling['operator'] ), $compatible_operators ) ) {
|
if ( in_array( strtoupper( $sibling['operator'] ), $compatible_operators ) ) {
|
||||||
$alias = $sibling['alias'];
|
$alias = preg_replace( '/\W/', '_', $sibling['alias'] );
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -573,7 +573,11 @@ class WP_Tax_Query {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ( 'slug' === $query['field'] || 'name' === $query['field'] ) {
|
||||||
$query['terms'] = array_unique( (array) $query['terms'] );
|
$query['terms'] = array_unique( (array) $query['terms'] );
|
||||||
|
} else {
|
||||||
|
$query['terms'] = wp_parse_id_list( $query['terms'] );
|
||||||
|
}
|
||||||
|
|
||||||
if ( is_taxonomy_hierarchical( $query['taxonomy'] ) && $query['include_children'] ) {
|
if ( is_taxonomy_hierarchical( $query['taxonomy'] ) && $query['include_children'] ) {
|
||||||
$this->transform_query( $query, 'term_id' );
|
$this->transform_query( $query, 'term_id' );
|
||||||
|
|
|
@ -1064,12 +1064,14 @@ function wp_check_invalid_utf8( $string, $strip = false ) {
|
||||||
* Encode the Unicode values to be used in the URI.
|
* Encode the Unicode values to be used in the URI.
|
||||||
*
|
*
|
||||||
* @since 1.5.0
|
* @since 1.5.0
|
||||||
|
* @since 5.8.3 Added the `encode_ascii_characters` parameter.
|
||||||
*
|
*
|
||||||
* @param string $utf8_string
|
* @param string $utf8_string String to encode.
|
||||||
* @param int $length Max length of the string
|
* @param int $length Max length of the string
|
||||||
|
* @param bool $encode_ascii_characters Whether to encode ascii characters such as < " '
|
||||||
* @return string String with Unicode encoded for URI.
|
* @return string String with Unicode encoded for URI.
|
||||||
*/
|
*/
|
||||||
function utf8_uri_encode( $utf8_string, $length = 0 ) {
|
function utf8_uri_encode( $utf8_string, $length = 0, $encode_ascii_characters = false ) {
|
||||||
$unicode = '';
|
$unicode = '';
|
||||||
$values = array();
|
$values = array();
|
||||||
$num_octets = 1;
|
$num_octets = 1;
|
||||||
|
@ -1084,11 +1086,14 @@ function utf8_uri_encode( $utf8_string, $length = 0 ) {
|
||||||
$value = ord( $utf8_string[ $i ] );
|
$value = ord( $utf8_string[ $i ] );
|
||||||
|
|
||||||
if ( $value < 128 ) {
|
if ( $value < 128 ) {
|
||||||
if ( $length && ( $unicode_length >= $length ) ) {
|
$char = chr( $value );
|
||||||
|
$encoded_char = $encode_ascii_characters ? rawurlencode( $char ) : $char;
|
||||||
|
$encoded_char_length = strlen( $encoded_char );
|
||||||
|
if ( $length && ( $unicode_length + $encoded_char_length ) > $length ) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
$unicode .= chr( $value );
|
$unicode .= $encoded_char;
|
||||||
$unicode_length++;
|
$unicode_length += $encoded_char_length;
|
||||||
} else {
|
} else {
|
||||||
if ( count( $values ) == 0 ) {
|
if ( count( $values ) == 0 ) {
|
||||||
if ( $value < 224 ) {
|
if ( $value < 224 ) {
|
||||||
|
|
|
@ -3688,7 +3688,7 @@ function _truncate_post_slug( $slug, $length = 200 ) {
|
||||||
if ( $decoded_slug === $slug )
|
if ( $decoded_slug === $slug )
|
||||||
$slug = substr( $slug, 0, $length );
|
$slug = substr( $slug, 0, $length );
|
||||||
else
|
else
|
||||||
$slug = utf8_uri_encode( $decoded_slug, $length );
|
$slug = utf8_uri_encode( $decoded_slug, $length, true );
|
||||||
}
|
}
|
||||||
|
|
||||||
return rtrim( $slug, '-' );
|
return rtrim( $slug, '-' );
|
||||||
|
|
Loading…
Reference in New Issue