Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-11-14 14:45:45 +01:00
Code Issues Projects Releases Wiki Activity

Backporting several bug fixes.

Browse Source 
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 5.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.9@46493


git-svn-id: http://core.svn.wordpress.org/branches/4.9@46290 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
whyisjake 2019-10-14 18:39:28 +00:00
parent 0df80b099e
commit ca7629305c
6 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
wp-includes/class-wp-query.php
View File

@ -529,7 +529,6 @@ class WP_Query {
, 'attachment' , 'attachment'
, 'attachment_id' , 'attachment_id'
, 'name' , 'name'
, 'static'
, 'pagename' , 'pagename'
, 'page_id' , 'page_id'
, 'second' , 'second'
@ -764,7 +763,7 @@ class WP_Query {
// If year, month, day, hour, minute, and second are set, a single // If year, month, day, hour, minute, and second are set, a single
// post is being queried. // post is being queried.
$this->is_single = true; $this->is_single = true;
} elseif ( '' != $qv['static'] || '' != $qv['pagename'] || !empty($qv['page_id']) ) { } elseif ( '' != $qv['pagename'] || !empty($qv['page_id']) ) {
$this->is_page = true; $this->is_page = true;
$this->is_single = false; $this->is_single = false;
} else { } else {

2
wp-includes/class-wp.php
View File

@ -14,7 +14,7 @@ class WP {
* @since 2.0.0 * @since 2.0.0
* @var array * @var array
*/ */
public $public_query_vars = array('m', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' ); public $public_query_vars = array( 'm', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'pagename', 'page_id', 'error', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type', 'embed' );
/** /**
* Private query variables. * Private query variables.

5
wp-includes/functions.php
View File

@ -1613,6 +1613,11 @@ function wp_mkdir_p( $target ) {
if ( file_exists( $target ) ) if ( file_exists( $target ) )
return @is_dir( $target ); return @is_dir( $target );
// Do not allow path traversals.
if ( false !== strpos( $target, '../' ) || false !== strpos( $target, '..' . DIRECTORY_SEPARATOR ) ) {
return false;
}
// We need to find the permissions of the parent folder that exists and inherit that. // We need to find the permissions of the parent folder that exists and inherit that.
$target_parent = dirname( $target ); $target_parent = dirname( $target );
while ( '.' != $target_parent && ! is_dir( $target_parent ) && dirname( $target_parent ) !== $target_parent ) { while ( '.' != $target_parent && ! is_dir( $target_parent ) && dirname( $target_parent ) !== $target_parent ) {

5
wp-includes/http.php
View File

@ -541,8 +541,9 @@ function wp_http_validate_url( $url ) {
$ip = $host; $ip = $host;
} else { } else {
$ip = gethostbyname( $host ); $ip = gethostbyname( $host );
if ( $ip === $host ) // Error condition for gethostbyname() if ( $ip === $host ) { // Error condition for gethostbyname()
$ip = false; return false;
}
} }
if ( $ip ) { if ( $ip ) {
$parts = array_map( 'intval', explode( '.', $ip ) ); $parts = array_map( 'intval', explode( '.', $ip ) );

5
wp-includes/pluggable.php
View File

@ -1079,7 +1079,7 @@ if ( !function_exists('check_admin_referer') ) :
* 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago. * 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
*/ */
function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) { function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
if ( -1 == $action ) if ( -1 === $action )
_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' ); _doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
$adminurl = strtolower(admin_url()); $adminurl = strtolower(admin_url());
@ -1097,7 +1097,7 @@ function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
*/ */
do_action( 'check_admin_referer', $action, $result ); do_action( 'check_admin_referer', $action, $result );
if ( ! $result && ! ( -1 == $action && strpos( $referer, $adminurl ) === 0 ) ) { if ( ! $result && ! ( -1 === $action && strpos( $referer, $adminurl ) === 0 ) ) {
wp_nonce_ays( $action ); wp_nonce_ays( $action );
die(); die();
} }
@ -2645,4 +2645,3 @@ function wp_text_diff( $left_string, $right_string, $args = null ) {
return $r; return $r;
} }
endif; endif;

4
wp-includes/rest-api.php
View File

@ -544,7 +544,9 @@ function rest_send_cors_headers( $value ) {
header( 'Access-Control-Allow-Origin: ' . $origin ); header( 'Access-Control-Allow-Origin: ' . $origin );
header( 'Access-Control-Allow-Methods: OPTIONS, GET, POST, PUT, PATCH, DELETE' ); header( 'Access-Control-Allow-Methods: OPTIONS, GET, POST, PUT, PATCH, DELETE' );
header( 'Access-Control-Allow-Credentials: true' ); header( 'Access-Control-Allow-Credentials: true' );
header( 'Vary: Origin' ); header( 'Vary: Origin', false );
} elseif ( ! headers_sent() && 'GET' === $_SERVER['REQUEST_METHOD'] && ! is_user_logged_in() ) {
header( 'Vary: Origin', false );
} }
return $value; return $value;