User: Invalidate user_activation_key on password update.
Query: Ensure that only a single post can be returned on date/time based queries. Cache API: Ensure proper escaping around the stats method in the cache API. Formatting: Expand `sanitize_file_name` to have better support for utf8 characters. Brings the changes in [47634], [47635], [47637], and [47638] to the 4.4 branch. Props: batmoo, ehti, nickdaugherty, peterwilsoncc, sergeybiryukov, sstoqnov, westi, whyisjake, whyisjake, xknown. git-svn-id: https://develop.svn.wordpress.org/branches/4.4@47653 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Jake Spurlock
parent
69cacb4930
commit
63cc1a6ee9
@ -691,7 +691,7 @@ class WP_Object_Cache {
|
||||
echo "</p>";
|
||||
echo '<ul>';
|
||||
foreach ($this->cache as $group => $cache) {
|
||||
echo "<li><strong>Group:</strong> $group - ( " . number_format( strlen( serialize( $cache ) ) / KB_IN_BYTES, 2 ) . 'k )</li>';
|
||||
echo '<li><strong>Group:</strong> ' . esc_html( $group ) . ' - ( ' . number_format( strlen( serialize( $cache ) ) / KB_IN_BYTES, 2 ) . 'k )</li>';
|
||||
}
|
||||
echo '</ul>';
|
||||
}
|
||||
|
||||
@ -1375,6 +1375,24 @@ function remove_accents( $string ) {
|
||||
function sanitize_file_name( $filename ) {
|
||||
$filename_raw = $filename;
|
||||
$special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", "%", "+", chr(0));
|
||||
|
||||
// Check for support for utf8 in the installed PCRE library once and store the result in a static.
|
||||
static $utf8_pcre = null;
|
||||
if ( ! isset( $utf8_pcre ) ) {
|
||||
// phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
|
||||
$utf8_pcre = @preg_match( '/^./u', 'a' );
|
||||
}
|
||||
|
||||
if ( ! seems_utf8( $filename ) ) {
|
||||
$_ext = pathinfo( $filename, PATHINFO_EXTENSION );
|
||||
$_name = pathinfo( $filename, PATHINFO_FILENAME );
|
||||
$filename = sanitize_title_with_dashes( $_name ) . '.' . $_ext;
|
||||
}
|
||||
|
||||
if ( $utf8_pcre ) {
|
||||
$filename = preg_replace( "#\x{00a0}#siu", ' ', $filename );
|
||||
}
|
||||
|
||||
/**
|
||||
* Filter the list of characters to remove from a filename.
|
||||
*
|
||||
@ -1384,7 +1402,6 @@ function sanitize_file_name( $filename ) {
|
||||
* @param string $filename_raw Filename as it was passed into sanitize_file_name().
|
||||
*/
|
||||
$special_chars = apply_filters( 'sanitize_file_name_chars', $special_chars, $filename_raw );
|
||||
$filename = preg_replace( "#\x{00a0}#siu", ' ', $filename );
|
||||
$filename = str_replace( $special_chars, '', $filename );
|
||||
$filename = str_replace( array( '%20', '+' ), '-', $filename );
|
||||
$filename = preg_replace( '/[\r\n\t -]+/', '-', $filename );
|
||||
|
||||
@ -1663,10 +1663,6 @@ class WP_Query {
|
||||
$this->is_single = true;
|
||||
} elseif ( $qv['p'] ) {
|
||||
$this->is_single = true;
|
||||
} elseif ( ('' !== $qv['hour']) && ('' !== $qv['minute']) &&('' !== $qv['second']) && ('' != $qv['year']) && ('' != $qv['monthnum']) && ('' != $qv['day']) ) {
|
||||
// If year, month, day, hour, minute, and second are set, a single
|
||||
// post is being queried.
|
||||
$this->is_single = true;
|
||||
} elseif ( '' != $qv['pagename'] || !empty($qv['page_id']) ) {
|
||||
$this->is_page = true;
|
||||
$this->is_single = false;
|
||||
|
||||
@ -1497,7 +1497,7 @@ function wp_insert_user( $userdata ) {
|
||||
$data = wp_unslash( $compacted );
|
||||
|
||||
if ( $update ) {
|
||||
if ( $user_email !== $old_user_data->user_email ) {
|
||||
if ( $user_email !== $old_user_data->user_email || $user_pass !== $old_user_data->user_pass ) {
|
||||
$data['user_activation_key'] = '';
|
||||
}
|
||||
$wpdb->update( $wpdb->users, $data, compact( 'ID' ) );
|
||||
|
||||
@ -67,4 +67,20 @@ class Tests_Formatting_SanitizeFileName extends WP_UnitTestCase {
|
||||
// Test a filenames that becomes extensionless.
|
||||
$this->assertEquals( 'no-extension', sanitize_file_name( '_.no-extension' ) );
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider data_wp_filenames
|
||||
*/
|
||||
function test_replaces_invalid_utf8_characters( $input, $expected ) {
|
||||
$this->assertEquals( $expected, sanitize_file_name( $input ) );
|
||||
}
|
||||
|
||||
function data_wp_filenames() {
|
||||
return array(
|
||||
array( urldecode( '%B1myfile.png' ), 'myfile.png' ),
|
||||
array( urldecode( '%B1myfile' ), 'myfile' ),
|
||||
array( 'demo bar.png', 'demo-bar.png' ),
|
||||
array( 'demo' . json_decode( '"\u00a0"' ) . 'bar.png', 'demo-bar.png' ),
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@ -902,7 +902,7 @@ class Tests_User extends WP_UnitTestCase {
|
||||
$this->assertWPError( $u );
|
||||
}
|
||||
|
||||
function test_changing_email_invalidates_password_reset_key() {
|
||||
public function test_changing_email_invalidates_password_reset_key() {
|
||||
global $wpdb;
|
||||
|
||||
$user = $this->author;
|
||||
@ -934,6 +934,26 @@ class Tests_User extends WP_UnitTestCase {
|
||||
$this->assertEmpty( $user->user_activation_key );
|
||||
}
|
||||
|
||||
public function test_changing_password_invalidates_password_reset_key() {
|
||||
global $wpdb;
|
||||
|
||||
$user = $this->author;
|
||||
$wpdb->update( $wpdb->users, array( 'user_activation_key' => 'key' ), array( 'ID' => $user->ID ) );
|
||||
clean_user_cache( $user );
|
||||
|
||||
$user = get_userdata( $user->ID );
|
||||
$this->assertEquals( 'key', $user->user_activation_key );
|
||||
|
||||
$userdata = array(
|
||||
'ID' => $user->ID,
|
||||
'user_pass' => 'password',
|
||||
);
|
||||
wp_update_user( $userdata );
|
||||
|
||||
$user = get_userdata( $user->ID );
|
||||
$this->assertEmpty( $user->user_activation_key );
|
||||
}
|
||||
|
||||
public function test_search_users_login() {
|
||||
$users = get_users( array( 'search' => 'user1', 'fields' => 'ID' ) );
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user