General: Introduce `wp_get_wp_version()` to get unmodified version.

Introduces `wp_get_wp_version()` to get an unmodified value of `$wp_version` from `wp-includes/version.php`. Some plugins modify the global in an attempt to improve security through obscurity. This practice can cause errors in WordPress so the ability to get an unmodified version is needed.

Replaces instances within the code base in which `version.php` was required in order to get an unmodified value. `script-loader.php` is intentionally excluded from the replacements as the function is not always available to the file.

Props debarghyabanerjee, afragen, costdev.
See #61627.


Built from https://develop.svn.wordpress.org/trunk@58813


git-svn-id: http://core.svn.wordpress.org/trunk@58209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Peter Wilson 2024-07-27 00:27:16 +00:00
parent ee3beccbd1
commit dd21bf5f22
12 changed files with 55 additions and 69 deletions

View File

@ -19,10 +19,7 @@
*/ */
function wp_credits( $version = '', $locale = '' ) { function wp_credits( $version = '', $locale = '' ) {
if ( ! $version ) { if ( ! $version ) {
// Include an unmodified $wp_version. $version = wp_get_wp_version();
require ABSPATH . WPINC . '/version.php';
$version = $wp_version;
} }
if ( ! $locale ) { if ( ! $locale ) {

View File

@ -1819,13 +1819,10 @@ function wp_check_browser_version() {
$response = get_site_transient( 'browser_' . $key ); $response = get_site_transient( 'browser_' . $key );
if ( false === $response ) { if ( false === $response ) {
// Include an unmodified $wp_version.
require ABSPATH . WPINC . '/version.php';
$url = 'http://api.wordpress.org/core/browse-happy/1.1/'; $url = 'http://api.wordpress.org/core/browse-happy/1.1/';
$options = array( $options = array(
'body' => array( 'useragent' => $_SERVER['HTTP_USER_AGENT'] ), 'body' => array( 'useragent' => $_SERVER['HTTP_USER_AGENT'] ),
'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ), 'user-agent' => 'WordPress/' . wp_get_wp_version() . '; ' . home_url( '/' ),
); );
if ( wp_http_supports( array( 'ssl' ) ) ) { if ( wp_http_supports( array( 'ssl' ) ) ) {

View File

@ -136,22 +136,19 @@ function wp_import_handle_upload() {
* @return array Importers with metadata for each. * @return array Importers with metadata for each.
*/ */
function wp_get_popular_importers() { function wp_get_popular_importers() {
// Include an unmodified $wp_version.
require ABSPATH . WPINC . '/version.php';
$locale = get_user_locale(); $locale = get_user_locale();
$cache_key = 'popular_importers_' . md5( $locale . $wp_version ); $cache_key = 'popular_importers_' . md5( $locale . wp_get_wp_version() );
$popular_importers = get_site_transient( $cache_key ); $popular_importers = get_site_transient( $cache_key );
if ( ! $popular_importers ) { if ( ! $popular_importers ) {
$url = add_query_arg( $url = add_query_arg(
array( array(
'locale' => $locale, 'locale' => $locale,
'version' => $wp_version, 'version' => wp_get_wp_version(),
), ),
'http://api.wordpress.org/core/importers/1.1/' 'http://api.wordpress.org/core/importers/1.1/'
); );
$options = array( 'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ) ); $options = array( 'user-agent' => 'WordPress/' . wp_get_wp_version() . '; ' . home_url( '/' ) );
if ( wp_http_supports( array( 'ssl' ) ) ) { if ( wp_http_supports( array( 'ssl' ) ) ) {
$url = set_url_scheme( $url, 'https' ); $url = set_url_scheme( $url, 'https' );

View File

@ -100,9 +100,6 @@
* for more information on the make-up of possible return values depending on the value of `$action`. * for more information on the make-up of possible return values depending on the value of `$action`.
*/ */
function plugins_api( $action, $args = array() ) { function plugins_api( $action, $args = array() ) {
// Include an unmodified $wp_version.
require ABSPATH . WPINC . '/version.php';
if ( is_array( $args ) ) { if ( is_array( $args ) ) {
$args = (object) $args; $args = (object) $args;
} }
@ -118,7 +115,7 @@ function plugins_api( $action, $args = array() ) {
} }
if ( ! isset( $args->wp_version ) ) { if ( ! isset( $args->wp_version ) ) {
$args->wp_version = substr( $wp_version, 0, 3 ); // x.y $args->wp_version = substr( wp_get_wp_version(), 0, 3 ); // x.y
} }
/** /**
@ -168,7 +165,7 @@ function plugins_api( $action, $args = array() ) {
$http_args = array( $http_args = array(
'timeout' => 15, 'timeout' => 15,
'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ), 'user-agent' => 'WordPress/' . wp_get_wp_version() . '; ' . home_url( '/' ),
); );
$request = wp_remote_get( $url, $http_args ); $request = wp_remote_get( $url, $http_args );

View File

@ -493,9 +493,6 @@ function get_theme_feature_list( $api = true ) {
* for more information on the make-up of possible return objects depending on the value of `$action`. * for more information on the make-up of possible return objects depending on the value of `$action`.
*/ */
function themes_api( $action, $args = array() ) { function themes_api( $action, $args = array() ) {
// Include an unmodified $wp_version.
require ABSPATH . WPINC . '/version.php';
if ( is_array( $args ) ) { if ( is_array( $args ) ) {
$args = (object) $args; $args = (object) $args;
} }
@ -511,7 +508,7 @@ function themes_api( $action, $args = array() ) {
} }
if ( ! isset( $args->wp_version ) ) { if ( ! isset( $args->wp_version ) ) {
$args->wp_version = substr( $wp_version, 0, 3 ); // x.y $args->wp_version = substr( wp_get_wp_version(), 0, 3 ); // x.y
} }
/** /**
@ -562,7 +559,7 @@ function themes_api( $action, $args = array() ) {
$http_args = array( $http_args = array(
'timeout' => 15, 'timeout' => 15,
'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ), 'user-agent' => 'WordPress/' . wp_get_wp_version() . '; ' . home_url( '/' ),
); );
$request = wp_remote_get( $url, $http_args ); $request = wp_remote_get( $url, $http_args );

View File

@ -17,9 +17,6 @@
* @return array|WP_Error On success an associative array of translations, WP_Error on failure. * @return array|WP_Error On success an associative array of translations, WP_Error on failure.
*/ */
function translations_api( $type, $args = null ) { function translations_api( $type, $args = null ) {
// Include an unmodified $wp_version.
require ABSPATH . WPINC . '/version.php';
if ( ! in_array( $type, array( 'plugins', 'themes', 'core' ), true ) ) { if ( ! in_array( $type, array( 'plugins', 'themes', 'core' ), true ) ) {
return new WP_Error( 'invalid_type', __( 'Invalid translation type.' ) ); return new WP_Error( 'invalid_type', __( 'Invalid translation type.' ) );
} }
@ -46,7 +43,7 @@ function translations_api( $type, $args = null ) {
$options = array( $options = array(
'timeout' => 3, 'timeout' => 3,
'body' => array( 'body' => array(
'wp_version' => $wp_version, 'wp_version' => wp_get_wp_version(),
'locale' => get_locale(), 'locale' => get_locale(),
'version' => $args['version'], // Version of plugin, theme or core. 'version' => $args['version'], // Version of plugin, theme or core.
), ),
@ -128,10 +125,7 @@ function wp_get_available_translations() {
} }
} }
// Include an unmodified $wp_version. $api = translations_api( 'core', array( 'version' => wp_get_wp_version() ) );
require ABSPATH . WPINC . '/version.php';
$api = translations_api( 'core', array( 'version' => $wp_version ) );
if ( is_wp_error( $api ) || empty( $api['translations'] ) ) { if ( is_wp_error( $api ) || empty( $api['translations'] ) ) {
return array(); return array();

View File

@ -264,10 +264,7 @@ function core_update_footer( $msg = '' ) {
$cur->response = ''; $cur->response = '';
} }
// Include an unmodified $wp_version. $is_development_version = preg_match( '/alpha|beta|RC/', wp_get_wp_version() );
require ABSPATH . WPINC . '/version.php';
$is_development_version = preg_match( '/alpha|beta|RC/', $wp_version );
if ( $is_development_version ) { if ( $is_development_version ) {
return sprintf( return sprintf(
@ -854,8 +851,6 @@ function wp_theme_update_row( $theme_key, $theme ) {
* @return void|false * @return void|false
*/ */
function maintenance_nag() { function maintenance_nag() {
// Include an unmodified $wp_version.
require ABSPATH . WPINC . '/version.php';
global $upgrading; global $upgrading;
$nag = isset( $upgrading ); $nag = isset( $upgrading );
@ -873,7 +868,7 @@ function maintenance_nag() {
* This flag is cleared whenever a successful update occurs using Core_Upgrader. * This flag is cleared whenever a successful update occurs using Core_Upgrader.
*/ */
$comparison = ! empty( $failed['critical'] ) ? '>=' : '>'; $comparison = ! empty( $failed['critical'] ) ? '>=' : '>';
if ( isset( $failed['attempted'] ) && version_compare( $failed['attempted'], $wp_version, $comparison ) ) { if ( isset( $failed['attempted'] ) && version_compare( $failed['attempted'], wp_get_wp_version(), $comparison ) ) {
$nag = true; $nag = true;
} }
} }

View File

@ -9006,3 +9006,21 @@ function wp_admin_notice( $message, $args = array() ) {
echo wp_kses_post( wp_get_admin_notice( $message, $args ) ); echo wp_kses_post( wp_get_admin_notice( $message, $args ) );
} }
/**
* Returns the current WordPress Version.
*
* Returns an unmodified version of `$wp_version`. Some plugins modify the
* global in an attempt to improve security through obscurity. This
* practice can cause errors in WordPress so the ability to get an
* unmodified version is needed.
*
* @since 6.7.0
*
* @return string The current WordPress Version.
*/
function wp_get_wp_version() {
require ABSPATH . WPINC . '/version.php';
return $wp_version;
}

View File

@ -87,13 +87,6 @@ class WP_REST_Pattern_Directory_Controller extends WP_REST_Controller {
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/ */
public function get_items( $request ) { public function get_items( $request ) {
/*
* Include an unmodified `$wp_version`, so the API can craft a response that's tailored to
* it. Some plugins modify the version in a misguided attempt to improve security by
* obscuring the version, which can cause invalid requests.
*/
require ABSPATH . WPINC . '/version.php';
$valid_query_args = array( $valid_query_args = array(
'offset' => true, 'offset' => true,
'order' => true, 'order' => true,
@ -106,7 +99,7 @@ class WP_REST_Pattern_Directory_Controller extends WP_REST_Controller {
$query_args = array_intersect_key( $request->get_params(), $valid_query_args ); $query_args = array_intersect_key( $request->get_params(), $valid_query_args );
$query_args['locale'] = get_user_locale(); $query_args['locale'] = get_user_locale();
$query_args['wp-version'] = $wp_version; $query_args['wp-version'] = wp_get_wp_version();
$query_args['pattern-categories'] = isset( $request['category'] ) ? $request['category'] : false; $query_args['pattern-categories'] = isset( $request['category'] ) ? $request['category'] : false;
$query_args['pattern-keywords'] = isset( $request['keyword'] ) ? $request['keyword'] : false; $query_args['pattern-keywords'] = isset( $request['keyword'] ) ? $request['keyword'] : false;

View File

@ -684,7 +684,13 @@ function wp_scripts_get_suffix( $type = '' ) {
static $suffixes; static $suffixes;
if ( null === $suffixes ) { if ( null === $suffixes ) {
// Include an unmodified $wp_version. /*
* Include an unmodified $wp_version.
*
* Note: wp_get_wp_version() is not used here, as this file can be included
* via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case
* wp-includes/functions.php is not loaded.
*/
require ABSPATH . WPINC . '/version.php'; require ABSPATH . WPINC . '/version.php';
/* /*
@ -1522,7 +1528,13 @@ function wp_default_scripts( $scripts ) {
function wp_default_styles( $styles ) { function wp_default_styles( $styles ) {
global $editor_styles; global $editor_styles;
// Include an unmodified $wp_version. /*
* Include an unmodified $wp_version.
*
* Note: wp_get_wp_version() is not used here, as this file can be included
* via wp-admin/load-scripts.php or wp-admin/load-styles.php, in which case
* wp-includes/functions.php is not loaded.
*/
require ABSPATH . WPINC . '/version.php'; require ABSPATH . WPINC . '/version.php';
if ( ! defined( 'SCRIPT_DEBUG' ) ) { if ( ! defined( 'SCRIPT_DEBUG' ) ) {

View File

@ -31,22 +31,20 @@ function wp_version_check( $extra_stats = array(), $force_check = false ) {
return; return;
} }
// Include an unmodified $wp_version.
require ABSPATH . WPINC . '/version.php';
$php_version = PHP_VERSION; $php_version = PHP_VERSION;
$current = get_site_transient( 'update_core' ); $current = get_site_transient( 'update_core' );
$translations = wp_get_installed_translations( 'core' ); $translations = wp_get_installed_translations( 'core' );
// Invalidate the transient when $wp_version changes. // Invalidate the transient when $wp_version changes.
if ( is_object( $current ) && $wp_version !== $current->version_checked ) { if ( is_object( $current ) && wp_get_wp_version() !== $current->version_checked ) {
$current = false; $current = false;
} }
if ( ! is_object( $current ) ) { if ( ! is_object( $current ) ) {
$current = new stdClass(); $current = new stdClass();
$current->updates = array(); $current->updates = array();
$current->version_checked = $wp_version; $current->version_checked = wp_get_wp_version();
} }
if ( ! empty( $extra_stats ) ) { if ( ! empty( $extra_stats ) ) {
@ -95,7 +93,7 @@ function wp_version_check( $extra_stats = array(), $force_check = false ) {
$extensions = get_loaded_extensions(); $extensions = get_loaded_extensions();
sort( $extensions, SORT_STRING | SORT_FLAG_CASE ); sort( $extensions, SORT_STRING | SORT_FLAG_CASE );
$query = array( $query = array(
'version' => $wp_version, 'version' => wp_get_wp_version(),
'php' => $php_version, 'php' => $php_version,
'locale' => $locale, 'locale' => $locale,
'mysql' => $mysql_version, 'mysql' => $mysql_version,
@ -191,7 +189,7 @@ function wp_version_check( $extra_stats = array(), $force_check = false ) {
$options = array( $options = array(
'timeout' => $doing_cron ? 30 : 3, 'timeout' => $doing_cron ? 30 : 3,
'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ), 'user-agent' => 'WordPress/' . wp_get_wp_version() . '; ' . home_url( '/' ),
'headers' => array( 'headers' => array(
'wp_install' => $wp_install, 'wp_install' => $wp_install,
'wp_blog' => home_url( '/' ), 'wp_blog' => home_url( '/' ),
@ -266,7 +264,7 @@ function wp_version_check( $extra_stats = array(), $force_check = false ) {
$updates = new stdClass(); $updates = new stdClass();
$updates->updates = $offers; $updates->updates = $offers;
$updates->last_checked = time(); $updates->last_checked = time();
$updates->version_checked = $wp_version; $updates->version_checked = wp_get_wp_version();
if ( isset( $body['translations'] ) ) { if ( isset( $body['translations'] ) ) {
$updates->translations = $body['translations']; $updates->translations = $body['translations'];
@ -315,9 +313,6 @@ function wp_update_plugins( $extra_stats = array() ) {
return; return;
} }
// Include an unmodified $wp_version.
require ABSPATH . WPINC . '/version.php';
// If running blog-side, bail unless we've not checked in the last 12 hours. // If running blog-side, bail unless we've not checked in the last 12 hours.
if ( ! function_exists( 'get_plugins' ) ) { if ( ! function_exists( 'get_plugins' ) ) {
require_once ABSPATH . 'wp-admin/includes/plugin.php'; require_once ABSPATH . 'wp-admin/includes/plugin.php';
@ -423,7 +418,7 @@ function wp_update_plugins( $extra_stats = array() ) {
'locale' => wp_json_encode( $locales ), 'locale' => wp_json_encode( $locales ),
'all' => wp_json_encode( true ), 'all' => wp_json_encode( true ),
), ),
'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ), 'user-agent' => 'WordPress/' . wp_get_wp_version() . '; ' . home_url( '/' ),
); );
if ( $extra_stats ) { if ( $extra_stats ) {
@ -590,9 +585,6 @@ function wp_update_themes( $extra_stats = array() ) {
return; return;
} }
// Include an unmodified $wp_version.
require ABSPATH . WPINC . '/version.php';
$installed_themes = wp_get_themes(); $installed_themes = wp_get_themes();
$translations = wp_get_installed_translations( 'themes' ); $translations = wp_get_installed_translations( 'themes' );
@ -705,7 +697,7 @@ function wp_update_themes( $extra_stats = array() ) {
'translations' => wp_json_encode( $translations ), 'translations' => wp_json_encode( $translations ),
'locale' => wp_json_encode( $locales ), 'locale' => wp_json_encode( $locales ),
), ),
'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ), 'user-agent' => 'WordPress/' . wp_get_wp_version() . '; ' . home_url( '/' ),
); );
if ( $extra_stats ) { if ( $extra_stats ) {
@ -989,14 +981,11 @@ function wp_get_update_data() {
* @global string $wp_version The WordPress version string. * @global string $wp_version The WordPress version string.
*/ */
function _maybe_update_core() { function _maybe_update_core() {
// Include an unmodified $wp_version.
require ABSPATH . WPINC . '/version.php';
$current = get_site_transient( 'update_core' ); $current = get_site_transient( 'update_core' );
if ( isset( $current->last_checked, $current->version_checked ) if ( isset( $current->last_checked, $current->version_checked )
&& 12 * HOUR_IN_SECONDS > ( time() - $current->last_checked ) && 12 * HOUR_IN_SECONDS > ( time() - $current->last_checked )
&& $current->version_checked === $wp_version && wp_get_wp_version() === $current->version_checked
) { ) {
return; return;
} }

View File

@ -16,7 +16,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '6.7-alpha-58812'; $wp_version = '6.7-alpha-58813';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.