From d9932631e67cae0ef970d2785150364337bba9e9 Mon Sep 17 00:00:00 2001 From: desrosj Date: Thu, 6 Jan 2022 18:17:12 +0000 Subject: [PATCH] Grouped backports to the 4.7 branch. - Query: Improve sanitization within `WP_Tax_Query`. - Query: Improve sanitization within `WP_Meta_Query`. - Upgrade/Install: Avoid using `unserialize()` unnecessarily. - Formatting: Correctly encode ASCII characters in post slugs. Merges [52454-52457] to the 4.7 branch. Props vortfu, dd32, ehtis, zieladam, whyisjake, xknown, peterwilsoncc, desrosj, iandunn. Built from https://develop.svn.wordpress.org/branches/4.7@52476 git-svn-id: http://core.svn.wordpress.org/branches/4.7@52068 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/upgrade.php | 4 ++-- wp-includes/class-wp-meta-query.php | 2 +- wp-includes/class-wp-tax-query.php | 8 ++++++-- wp-includes/formatting.php | 17 +++++++++++------ wp-includes/post.php | 2 +- 5 files changed, 21 insertions(+), 12 deletions(-) diff --git a/wp-admin/includes/upgrade.php b/wp-admin/includes/upgrade.php index 94a122509c..fc36668455 100644 --- a/wp-admin/includes/upgrade.php +++ b/wp-admin/includes/upgrade.php @@ -1245,8 +1245,8 @@ function upgrade_280() { $start = 0; while( $rows = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options ORDER BY option_id LIMIT $start, 20" ) ) { foreach ( $rows as $row ) { - $value = $row->option_value; - if ( !@unserialize( $value ) ) + $value = maybe_unserialize( $row->option_value ); + if ( $value === $row->option_value ) $value = stripslashes( $value ); if ( $value !== $row->option_value ) { update_option( $row->option_name, $value ); diff --git a/wp-includes/class-wp-meta-query.php b/wp-includes/class-wp-meta-query.php index 4019912019..7977591bd4 100644 --- a/wp-includes/class-wp-meta-query.php +++ b/wp-includes/class-wp-meta-query.php @@ -717,7 +717,7 @@ class WP_Meta_Query { $clause_compare = strtoupper( $clause['compare'] ); $sibling_compare = strtoupper( $sibling['compare'] ); if ( in_array( $clause_compare, $compatible_compares ) && in_array( $sibling_compare, $compatible_compares ) ) { - $alias = $sibling['alias']; + $alias = preg_replace( '/\W/', '_', $sibling['alias'] ); break; } } diff --git a/wp-includes/class-wp-tax-query.php b/wp-includes/class-wp-tax-query.php index 9bff196f28..d6ada70dce 100644 --- a/wp-includes/class-wp-tax-query.php +++ b/wp-includes/class-wp-tax-query.php @@ -543,7 +543,7 @@ class WP_Tax_Query { // The sibling must both have compatible operator to share its alias. if ( in_array( strtoupper( $sibling['operator'] ), $compatible_operators ) ) { - $alias = $sibling['alias']; + $alias = preg_replace( '/\W/', '_', $sibling['alias'] ); break; } } @@ -573,7 +573,11 @@ class WP_Tax_Query { return; } - $query['terms'] = array_unique( (array) $query['terms'] ); + if ( 'slug' === $query['field'] || 'name' === $query['field'] ) { + $query['terms'] = array_unique( (array) $query['terms'] ); + } else { + $query['terms'] = wp_parse_id_list( $query['terms'] ); + } if ( is_taxonomy_hierarchical( $query['taxonomy'] ) && $query['include_children'] ) { $this->transform_query( $query, 'term_id' ); diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index a8a32ca0de..bd8ac6af04 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -1070,12 +1070,14 @@ function wp_check_invalid_utf8( $string, $strip = false ) { * Encode the Unicode values to be used in the URI. * * @since 1.5.0 + * @since 5.8.3 Added the `encode_ascii_characters` parameter. * - * @param string $utf8_string - * @param int $length Max length of the string + * @param string $utf8_string String to encode. + * @param int $length Max length of the string + * @param bool $encode_ascii_characters Whether to encode ascii characters such as < " ' * @return string String with Unicode encoded for URI. */ -function utf8_uri_encode( $utf8_string, $length = 0 ) { +function utf8_uri_encode( $utf8_string, $length = 0, $encode_ascii_characters = false ) { $unicode = ''; $values = array(); $num_octets = 1; @@ -1090,11 +1092,14 @@ function utf8_uri_encode( $utf8_string, $length = 0 ) { $value = ord( $utf8_string[ $i ] ); if ( $value < 128 ) { - if ( $length && ( $unicode_length >= $length ) ) { + $char = chr( $value ); + $encoded_char = $encode_ascii_characters ? rawurlencode( $char ) : $char; + $encoded_char_length = strlen( $encoded_char ); + if ( $length && ( $unicode_length + $encoded_char_length ) > $length ) { break; } - $unicode .= chr( $value ); - $unicode_length++; + $unicode .= $encoded_char; + $unicode_length += $encoded_char_length; } else { if ( count( $values ) == 0 ) { if ( $value < 224 ) { diff --git a/wp-includes/post.php b/wp-includes/post.php index cdae951e69..b41dcaf6e6 100644 --- a/wp-includes/post.php +++ b/wp-includes/post.php @@ -3817,7 +3817,7 @@ function _truncate_post_slug( $slug, $length = 200 ) { if ( $decoded_slug === $slug ) $slug = substr( $slug, 0, $length ); else - $slug = utf8_uri_encode( $decoded_slug, $length ); + $slug = utf8_uri_encode( $decoded_slug, $length, true ); } return rtrim( $slug, '-' );