diff options
| -rw-r--r-- | src/wp-includes/comment.php | 14 | ||||
| -rw-r--r-- | src/wp-includes/date.php | 23 | ||||
| -rw-r--r-- | src/wp-includes/default-widgets.php | 4 | ||||
| -rw-r--r-- | src/wp-includes/functions.php | 12 | ||||
| -rw-r--r-- | src/wp-includes/pluggable.php | 2 | ||||
| -rw-r--r-- | src/wp-mail.php | 4 | ||||
| -rw-r--r-- | src/wp-trackback.php | 3 |
7 files changed, 55 insertions, 7 deletions
diff --git a/src/wp-includes/comment.php b/src/wp-includes/comment.php index c8984f0826..0c28a705e2 100644 --- a/src/wp-includes/comment.php +++ b/src/wp-includes/comment.php @@ -2200,6 +2200,16 @@ function wp_update_comment($commentarr) { if ( empty( $comment ) ) { return 0; } + + $filter_comment = false; + if ( ! has_filter( 'pre_comment_content', 'wp_filter_kses' ) ) { + $filter_comment = ! user_can( isset( $comment['user_id'] ) ? $comment['user_id'] : 0, 'unfiltered_html' ); + } + + if ( $filter_comment ) { + add_filter( 'pre_comment_content', 'wp_filter_kses' ); + } + // Escape data pulled from DB. $comment = wp_slash($comment); @@ -2210,6 +2220,10 @@ function wp_update_comment($commentarr) { $commentarr = wp_filter_comment( $commentarr ); + if ( $filter_comment ) { + remove_filter( 'pre_comment_content', 'wp_filter_kses' ); + } + // Now extract the merged array. $data = wp_unslash( $commentarr ); diff --git a/src/wp-includes/date.php b/src/wp-includes/date.php index 9869611e27..207fd937b5 100644 --- a/src/wp-includes/date.php +++ b/src/wp-includes/date.php @@ -141,8 +141,8 @@ class WP_Date_Query { */ public function __construct( $date_query, $default_column = 'post_date' ) { - if ( isset( $date_query['relation'] ) && 'OR' === strtoupper( $date_query['relation'] ) ) { - $this->relation = 'OR'; + if ( isset( $date_query['relation'] ) ) { + $this->relation = $this->sanitize_relation( $date_query['relation'] ); } else { $this->relation = 'AND'; } @@ -224,6 +224,9 @@ class WP_Date_Query { $this->validate_date_values( $queries ); } + // Sanitize the relation parameter. + $queries['relation'] = $this->sanitize_relation( $queries['relation'] ); + foreach ( $queries as $key => $q ) { if ( ! is_array( $q ) || in_array( $key, $this->time_keys, true ) ) { // This is a first-order query. Trust the values and sanitize when building SQL. @@ -1002,4 +1005,20 @@ class WP_Date_Query { return $wpdb->prepare( "DATE_FORMAT( $column, %s ) $compare %f", $format, $time ); } + + /** + * Sanitizes a 'relation' operator. + * + * @since 6.0.3 + * + * @param string $relation Raw relation key from the query argument. + * @return string Sanitized relation ('AND' or 'OR'). + */ + public function sanitize_relation( $relation ) { + if ( 'OR' === strtoupper( $relation ) ) { + return 'OR'; + } else { + return 'AND'; + } + } } diff --git a/src/wp-includes/default-widgets.php b/src/wp-includes/default-widgets.php index fb8a263c16..2e04864b5f 100644 --- a/src/wp-includes/default-widgets.php +++ b/src/wp-includes/default-widgets.php @@ -1018,7 +1018,7 @@ function wp_widget_rss_output( $rss, $args = array() ) { if ( is_wp_error($rss) ) { if ( is_admin() || current_user_can('manage_options') ) - echo '<p>' . sprintf( __('<strong>RSS Error</strong>: %s'), $rss->get_error_message() ) . '</p>'; + echo '<p>' . sprintf( __('<strong>RSS Error</strong>: %s'), esc_html( $rss->get_error_message() ) ) . '</p>'; return; } @@ -1128,7 +1128,7 @@ function wp_widget_rss_form( $args, $inputs = null ) { $args['show_date'] = isset( $args['show_date'] ) ? (int) $args['show_date'] : (int) $inputs['show_date']; if ( ! empty( $args['error'] ) ) { - echo '<p class="widget-error"><strong>' . sprintf( __( 'RSS Error: %s' ), $args['error'] ) . '</strong></p>'; + echo '<p class="widget-error"><strong>' . sprintf( __( 'RSS Error: %s' ), esc_html( $args['error'] ) ) . '</strong></p>'; } if ( $inputs['url'] ) : diff --git a/src/wp-includes/functions.php b/src/wp-includes/functions.php index 145733fb59..7099062a96 100644 --- a/src/wp-includes/functions.php +++ b/src/wp-includes/functions.php @@ -2434,8 +2434,16 @@ function wp_nonce_ays( $action ) { $html .= sprintf( __( "Do you really want to <a href='%s'>log out</a>?"), wp_logout_url( $redirect_to ) ); } else { $html = __( 'Are you sure you want to do this?' ); - if ( wp_get_referer() ) - $html .= "</p><p><a href='" . esc_url( remove_query_arg( 'updated', wp_get_referer() ) ) . "'>" . __( 'Please try again.' ) . "</a>"; + if ( wp_get_referer() ) { + $wp_http_referer = remove_query_arg( 'updated', wp_get_referer() ); + $wp_http_referer = wp_validate_redirect( esc_url_raw( $wp_http_referer ) ); + $html .= '</p><p>'; + $html .= sprintf( + '<a href="%s">%s</a>', + esc_url( $wp_http_referer ), + __( 'Please try again.' ) + ); + } } wp_die( $html, __( 'WordPress Failure Notice' ), 403 ); diff --git a/src/wp-includes/pluggable.php b/src/wp-includes/pluggable.php index 176b397d7c..b2f18c89ae 100644 --- a/src/wp-includes/pluggable.php +++ b/src/wp-includes/pluggable.php @@ -349,6 +349,8 @@ function wp_mail( $to, $subject, $message, $headers = '', $attachments = array() $phpmailer->ClearAttachments(); $phpmailer->ClearCustomHeaders(); $phpmailer->ClearReplyTos(); + $phpmailer->Body = ''; + $phpmailer->AltBody = ''; // From email and name // If we don't have a name from the input headers diff --git a/src/wp-mail.php b/src/wp-mail.php index aa062c6874..a0a0459f90 100644 --- a/src/wp-mail.php +++ b/src/wp-mail.php @@ -60,6 +60,9 @@ if( 0 === $count ) { wp_die( __('There doesn’t seem to be any new mail.') ); } +// Always run as an unauthenticated user. +wp_set_current_user( 0 ); + for ( $i = 1; $i <= $count; $i++ ) { $message = $pop3->get($i); @@ -125,7 +128,6 @@ for ( $i = 1; $i <= $count; $i++ ) { $author = trim($line); $author = sanitize_email($author); if ( is_email($author) ) { - echo '<p>' . sprintf(__('Author is %s'), $author) . '</p>'; $userdata = get_user_by('email', $author); if ( ! empty( $userdata ) ) { $post_author = $userdata->ID; diff --git a/src/wp-trackback.php b/src/wp-trackback.php index 3d211043eb..8fe5b087be 100644 --- a/src/wp-trackback.php +++ b/src/wp-trackback.php @@ -13,6 +13,9 @@ if (empty($wp)) { wp( array( 'tb' => '1' ) ); } +// Always run as an unauthenticated user. +wp_set_current_user( 0 ); + /** * Response to a trackback. * |